def load_logged_in_user(): """ If a user id is stored in the session, load the user object from the database into ``g.user``. This will be executed everytime a route (app-instance) is called upon! """ user_id = session.get('user_id') if user_id is None: g.user = None else: # logged-in user's profile: g.user = get_db().execute('SELECT * FROM user WHERE id = ?', (user_id, )).fetchone() # logged-in user's samples' details: g.samples = get_db().execute( 'SELECT s.id, author_id, samplename, fabricated, location, previously, description' ' FROM sample s JOIN user u ON s.author_id = u.id' # join tables to link (id in user) and (author_id in post) to get username ' WHERE u.id = ?' ' ORDER BY registered DESC', (user_id, )).fetchall() g.samples = [dict(s) for s in g.samples] # logged-in user's co-authored samples' details: g.cosamples = get_db().execute( 'SELECT s.id, author_id, samplename, fabricated, location, previously, description' ' FROM sample s JOIN user u ON s.author_id = u.id' # join tables to link (id in user) and (author_id in post) to get username ' WHERE s.co_authors LIKE ?' ' ORDER BY registered DESC', ('%%%s%%' % g.user['username'], )).fetchall() g.cosamples = [dict(x) for x in g.cosamples] # ALL approved users' clearances: g.userlist = get_db().execute( 'SELECT u.id, username, measurement, instrument, analysis' ' FROM user u WHERE u.status = ?' ' ORDER BY id DESC', ('approved', )).fetchall() g.userlist = [dict(x) for x in g.userlist] # print("USER CREDENTIALS: %s" %g.userlist) # Certain clearances required for queue-list access: if g.user['instrument'] and g.user['measurement']: # Queue list: g.qumlist = get_db().execute( 'SELECT u.username FROM qum q JOIN user u ON q.people_id = u.id ORDER BY q.id ASC' ).fetchall() g.qumlist = [dict(x) for x in g.qumlist] g.qumlist = [x['username'] for x in g.qumlist] # Only first in line is allowed to run the measurement: try: session['run_clearance'] = bool( g.qumlist[0] == g.user['username']) except (IndexError): session['run_clearance'] = False
def usersamples_access(): '''Create people session (cookie) here ''' sname = request.args.get('sname') db = get_db() try: sample_cv = db.execute( 'SELECT s.id, author_id, samplename, fabricated, location, previously, description, registered, co_authors, history' ' FROM sample s JOIN user u ON s.author_id = u.id' ' WHERE s.samplename = ?', (sname, )).fetchone() sample_cv = dict(sample_cv) # convert sqlite3.row into dictionary sample_owner = db.execute( 'SELECT u.id, username' ' FROM sample s JOIN user u ON s.author_id = u.id' ' WHERE s.samplename = ?', (sname, )).fetchone() sample_owner = dict( sample_owner) # convert sqlite3.row into dictionary session['people'] = sample_owner['username'] saved = bool(sname in lisample(session['people'])) # saved? message = "Accessing Sample %s owned by %s" % (sname, session['people']) except: session['people'] = [] sample_cv = [] message = "Consult ABC" # print('sample cv: %s' %sample_cv) return jsonify(sample_cv=sample_cv, message=message, saved=saved)
def login(): """Log in a registered user by adding the user id to the session.""" if request.method == 'POST': username = request.form['username'] password = request.form['password'] db = get_db() error = None user = db.execute('SELECT * FROM user WHERE username = ?', (username, )).fetchone() if user is None: error = 'Incorrect username.' elif not check_password_hash(user['password'], password): error = 'Incorrect password.' elif user['status'].upper() != 'APPROVED': error = 'Awaiting Approval...' if error is None: # store the user id in a new session and return to the index session.clear() session['user_id'] = user['id'] session['user_name'] = user['username'] print("Logged-in Successfully!") return redirect(url_for('index')) print(error) flash(error) return render_template('auth/login.html')
def usersamples_update(): sname = request.args.get('sname') loc = request.args.get('loc') dob = request.args.get('dob') description = request.args.get('description') coauthors = request.args.get('coauthors') prev = request.args.get('prev') history = request.args.get('history') ownerpassword = request.args.get('ownerpassword') db = get_db() try: people = db.execute('SELECT password FROM user WHERE username = ?', (session['people'], )).fetchone() if check_password_hash(people['password'], ownerpassword): db.execute( 'UPDATE sample SET location = ?, fabricated = ?, description = ?, co_authors = ?, previously = ?, history = ? WHERE samplename = ?', ( loc, dob, description, coauthors, prev, history, sname, )) db.commit() message = "Sample %s has been successfully updated!" % (sname) else: message = 'PASSWORD NOT VALID' except: message = "Check sample parameters" print(message) return jsonify(message=message)
def index(): """Show all the posts, most recent first.""" db = get_db() posts = db.execute('SELECT p.id, title, body, created, author_id, username' ' FROM post p JOIN user u ON p.author_id = u.id' ' ORDER BY created DESC').fetchall() return render_template('blog/index.html', posts=posts)
def usersamples_update(): sname = request.args.get('sname') loc = request.args.get('loc') dob = request.args.get('dob') description = request.args.get('description') coauthors = request.args.get('coauthors') prev = request.args.get('prev') history = request.args.get('history') db = get_db() try: db.execute( 'UPDATE sample SET location = ?, fabricated = ?, description = ?, co_authors = ?, previously = ?, history = ? WHERE samplename = ?', ( loc, dob, description, coauthors, prev, history, sname, )) db.commit() message = "Sample %s has been successfully updated!" % (sname) except: message = "Check sample parameters" return jsonify(message=message)
def get_post(id, check_author=True): """Get a post and its author by id. Checks that the id exists and optionally that the current user is the author. :param id: id of post to get :param check_author: require the current user to be the author :return: the post with author information :raise 404: if a post with the given id doesn't exist :raise 403: if the current user isn't the author """ post = get_db().execute( 'SELECT p.id, title, body, created, author_id, username' ' FROM post p JOIN user u ON p.author_id = u.id' ' WHERE p.id = ?', (id,) ).fetchone() if post is None: abort(404, "Post id {0} doesn't exist.".format(id)) if check_author and post['author_id'] != g.user['id']: abort(403) return post
def register(): """Register a new user. Validates that the username is not already taken. Hashes the password for security. """ if request.method == 'POST': username = request.form['username'] password = request.form['password'] userstatus = 'pending' db = get_db() error = None if not username: error = 'Username is required.' elif not password: error = 'Password is required.' elif db.execute('SELECT id FROM user WHERE username = ?', (username, )).fetchone() is not None: error = 'User {0} is already registered.'.format(username) if error is None: # the name is available, store it in the database and go to the login page db.execute( 'INSERT INTO user (username, password, status) VALUES (?, ?, ?)', (username, generate_password_hash(password), userstatus)) db.commit() return redirect(url_for('auth.login')) flash(error) return render_template('auth/register.html')
def load_logged_in_user(): """If a user id is stored in the session, load the user object from the database into ``g.user``.""" user_id = session.get('user_id') if user_id is None: g.user = None else: g.user = get_db().execute('SELECT * FROM user WHERE id = ?', (user_id, )).fetchone()
def all_measurequm_out(): try: db = get_db() db.execute('DELETE FROM qum WHERE people_id = ?', (g.user['id'], )) db.commit() message = "Queued-out successfully" except: message = "You may have queued-out already" return jsonify(message=message)
def all_measurequm_in(): try: db = get_db() db.execute('INSERT INTO qum (people_id) VALUES (?)', (g.user['id'], )) db.commit() message = "Queued-in successfully" except: message = "You may have queued-in already" return jsonify(message=message)
def delete(id): """Delete a post. Ensures that the post exists and that the logged in user is the author of the post. """ get_post(id) db = get_db() db.execute('DELETE FROM post WHERE id = ?', (id,)) db.commit() return redirect(url_for('blog.index'))
def char_cwsweep_resetdata(): ownerpassword = request.args.get('ownerpassword') truncateafter = int(request.args.get('truncateafter')) db = get_db() people = db.execute('SELECT password FROM user WHERE username = ?', (session['people'], )).fetchone() if check_password_hash(people['password'], ownerpassword): message = M_cwsweep[session['user_name']].resetdata(truncateafter) else: message = 'PASSWORD NOT VALID' return jsonify(message=message)
def posts(): """Show all the posts, most recent first.""" db = get_db() posts = db.execute( 'SELECT p.id, title, body, created, author_id, username' ' FROM post p JOIN user u ON p.author_id = u.id' # join tables to link (id in user) and (author_id in post) to get username ' ORDER BY modified DESC' # ordered by modified ).fetchall() # JSON-Serialization: posts = [dict(p) for p in posts] # if (g.user['id'] == p['author_id'])] # convert sqlite3.row into list of dictionaries if g.user is None: guserid = g.user else: guserid = g.user['id'] return jsonify(posts=posts,guserid=guserid)
def create(): """Create a new post for the current user.""" if request.method == 'POST': title = request.form['title'] body = request.form['body'] error = None if not title: error = 'Title is required.' if error is not None: flash(error) else: db = get_db() db.execute( 'INSERT INTO post (title, body, author_id)' ' VALUES (?, ?, ?)', (title, body, g.user['id'])) db.commit() return redirect(url_for('blog.index')) return render_template('blog/create.html')
def update(id): """Update a post if the current user is the author.""" post = get_post(id) if request.method == 'POST': title = request.form['title'] body = request.form['body'] error = None if not title: error = 'Title is required.' if error is not None: flash(error) else: db = get_db() db.execute('UPDATE post SET title = ?, body = ? WHERE id = ?', (title, body, id)) db.commit() return redirect(url_for('blog.index')) return render_template('blog/update.html', post=post)
def login(): """Log in a registered user by adding the user id to the session.""" if request.method == 'POST': username = request.form['username'] password = request.form['password'] db = get_db() error = None user = db.execute('SELECT * FROM user WHERE username = ?', (username, )).fetchone() if user is None: error = 'Incorrect username.' elif not check_password_hash(user['password'], password): error = 'Incorrect password.' elif user['status'].upper() != 'APPROVED': error = 'Awaiting Approval...' if error is None: # store the user's credentials in a new SESSION (Cookies) and return to the index session.clear() session['user_id'] = user['id'] session['user_name'] = user['username'] session['user_status'] = user['status'] session['user_measurement'] = user['measurement'] session['user_instrument'] = user['instrument'] session['user_analysis'] = user['analysis'] # measurement related: session['c_fresp_structure'] = [] session['run_clearance'] = False session['int_clearance'] = False session['bdr_clearance'] = False session['people'] = None print("%s has logged-in Successfully!" % session['user_name']) return redirect(url_for('index')) print(error) flash(error) return render_template('auth/login.html')
def usersamples_register(): sname = request.args.get('sname') dob = request.args.get('dob') loc = request.args.get('loc') prev = request.args.get('prev') description = request.args.get('description') db = get_db() try: db.execute( 'INSERT INTO sample (author_id, samplename, fabricated, location, previously, description)' ' VALUES (?, ?, ?, ?, ?, ?)', ( g.user['id'], sname, dob, loc, prev, description, )) db.commit() message = "Sample %s added to the database!" % (sname) except: message = "Check sample registration" return jsonify(message=message)