def after_login():
if is_authenticated(request) and is_staff(request):
return redirect("/dashboard/report/")
elif is_authenticated(request) and not is_staff(request):
return redirect("/dashboard/products/")
else:
return redirect("/login/")
def customer_account_manage_address():
if is_authenticated(request) and not is_staff(request):
form = AccountAddressChange()
if request.method == "GET":
user = get_user(request)
form.address.data = user.get_address_line()
form.city.data = user.get_address_city()
form.country.data = user.get_country()
form.postal.data = user.get_address_postal()
return render_template(
"pages/customer_pages/account_settings_address.html",
form=form,
staff=is_staff(request),
user=user)
elif request.method == "POST" and form.validate_on_submit():
c_user = get_user(request)
user_list = dat_loader.load_data("Users")["data"]
for user in user_list:
if user.get_id() == c_user.get_id():
user.set_address(form.address.data, form.postal.data,
form.country.data, form.city.data)
dat_loader.write_data("Users", user_list, False)
return redirect("/dashboard/account/")
else:
return redirect("/dashboard/account/")
elif is_authenticated(request) and is_staff(request):
return abort(403)
else:
return redirect("/login/")
def new_ticket():
if is_authenticated(request) and not is_staff(request):
form = NewTicketForm()
if request.method == "GET":
return render_template("pages/customer_pages/ticket_create.html",
staff=is_staff(request),
user=get_user(request),
form=form)
elif request.method == "POST" and form.validate_on_submit():
user = get_user(request)
ticket_dat = dat_loader.load_data("Tickets")
messages = []
ticket_id = ticket_dat["id"]
ticket_list = ticket_dat["data"]
files = form.files.data
uploaded_files = []
if files[0].filename != "":
for x in files:
try:
uploaded_files.append(upload(x, False, user))
except ValueError:
return abort(400)
m_obj = Message(user, uploaded_files, form.description.data)
messages.append(m_obj)
t_obj = Ticket(ticket_id, user, form.subject.data, messages)
ticket_list.append(t_obj)
dat_loader.write_data("Tickets", ticket_list)
return redirect("/dashboard/support/")
elif is_authenticated(request) and is_staff(request):
return abort(403)
else:
return redirect("/login/")
def user_deactivate():
if is_authenticated(request) and is_staff(request):
user_list = dat_loader.load_data("Users")["data"]
dat = request.get_json(force=True)
for user in user_list:
if user.get_id() == int(dat["id"]):
user_list.remove(user)
dat_loader.write_data("Users", user_list)
return jsonify({"success": "true"})
elif is_authenticated(request) and not is_staff(request):
return abort(403)
else:
return redirect("/login/")
def user_management():
if is_authenticated(request) and is_staff(request):
user_list = dat_loader.load_data("Users")["data"]
results = []
for user in user_list:
if isinstance(user, Customer):
results.append(user)
return render_template("pages/staff_pages/user_management.html",
users=results,
user=get_user(request),
staff=is_staff(request))
elif is_authenticated(request) and not is_staff(request):
return abort(403)
else:
return redirect("/login/")
def user_account_management():
if is_authenticated(request):
return render_template("pages/account_settings.html",
staff=is_staff(request),
user=get_user(request))
else:
return redirect("/login/")
def inventory_change(id):
if is_authenticated(request) and is_staff(request):
update_form = CreateProduct()
if request.method == "POST":
products = dat_loader.load_data("Products")["data"]
for product in products:
if product.get_id() == id:
product.set_title(update_form.title.data)
product.set_cost_price(update_form.cost_price.data)
product.retail_price = update_form.retail_price.data
product.set_description(update_form.description.data)
product.stock = int(update_form.stock.data)
dat_loader.write_data("Products", products, False)
return redirect("/dashboard/inventory/")
else:
products = dat_loader.load_data("Products")["data"]
for product in products:
if product.get_id() == id:
update_form.title.data = product.get_title()
update_form.cost_price.data = product.get_cost_price()
update_form.retail_price.data = product.retail_price
update_form.description.data = product.get_description()
update_form.stock.data = product.stock
return render_template(
"pages/staff_pages/update_inventory.html",
product=product,
form=update_form,
user=get_user(request),
staff=is_staff(request))
else:
return redirect("/login/")
def user_account_validate_password():
if is_authenticated(request):
dat = request.get_json(force=True)
c_user = get_user(request)
user_list = dat_loader.load_data("Users")["data"]
counter = 0
for user in user_list:
if user.get_id() == c_user.get_id():
if user.Check_password(
dat["current"]) and dat["new"] == dat["confirm"]:
return jsonify({"success": "true"})
elif not user.Check_password(dat["current"]):
return jsonify({
"success": "false",
"message": "Current password incorrect"
})
else:
return jsonify({
"success": "false",
"message": "New passwords do not match"
})
else:
counter += 1
if counter == len(user_list):
return abort(404)
else:
return abort(403)
def view_orders():
if is_authenticated(request) and not is_staff(request):
user = get_user(request)
results = []
order_list = dat_loader.load_data("Orders")["data"]
delivered = None
if request.args.get("delivered") is None:
for x in order_list:
if x.get_customer_id() == user.get_id():
results.append(x)
results.reverse()
results.sort(key=lambda order: order.is_shipped())
results.sort(key=lambda order: not order.is_delivered())
results.reverse()
elif request.args.get("delivered") == "false":
delivered = False
for x in order_list:
if x.is_shipped() and not x.is_delivered(
) and x.get_customer_id() == user.get_id():
results.append(x)
results.reverse()
elif request.args.get("delivered") == "true":
delivered = True
for x in order_list:
if x.is_delivered() and x.get_customer_id() == user.get_id():
results.append(x)
results.reverse()
return render_template("pages/customer_pages/view_orders.html",
orders=results,
user=user,
delivered=delivered)
else:
return redirect("/login/")
def delete_product(id):
if is_authenticated(request) and is_staff(request):
products = dat_loader.load_data("Products")["data"]
for product in products:
if product.get_id() == id:
products.remove(product)
dat_loader.write_data("Products", products)
return redirect("/dashboard/inventory/")
def view_inventory():
if is_authenticated(request) and is_staff(request):
products = dat_loader.load_data("Products")["data"]
return render_template("pages/staff_pages/view_inventory.html",
products=products,
count=len(products),
user=get_user(request),
staff=is_staff(request))
else:
return redirect("/login/")
def ticket_close():
if is_authenticated(request):
data = request.json
ticket_id = int(data["id"])
ticket_list = dat_loader.load_data("Tickets")["data"]
for ticket in ticket_list:
if ticket.get_id() == ticket_id:
ticket.close()
dat_loader.write_data("Tickets", ticket_list, False)
return jsonify({"success": "true"})
else:
return abort(403)
def dashboard_view_products_details(id):
if is_authenticated(request) and not is_staff(request):
refresh_session(request)
products = dat_loader.load_data("Products")["data"]
for product in products:
if product.get_id() == id:
return render_template(
"pages/customer_pages/products_details.html",
product=product,
user=get_user(request),
staff=is_staff(request))
return abort(404)
def get_file(id):
file_list = dat_loader.load_data("Files")["data"]
if len(file_list) == 0:
abort(404)
counter = 0
for x in file_list:
if x.get_id() == id and isinstance(x, Photo):
return send_file(x.get_file_path())
elif x.get_id() == id and is_authenticated(request) and isinstance(
x, Attached_File):
user = get_user(request)
ticket_list = dat_loader.load_data("Tickets")["data"]
m_list = []
for ticket in ticket_list:
if ticket.created_by.get_id() == user.get_id():
m_list += ticket.get_messages()
f_list = []
for message in m_list:
m1_list = message.get_files()
for file in m1_list:
f_list.append(file)
if x.get_uploaded_by().get_id() == user.get_id() or isinstance(
user, Staff):
return send_file(x.get_file_path())
else:
count = 0
for file in f_list:
if file.get_id() == x.get_id():
return send_file(x.get_file_path())
else:
count += 1
if count == len(f_list):
return abort(403)
elif x.get_id() == id and not is_authenticated(request) and isinstance(
x, Attached_File):
return abort(403)
else:
counter += 1
if counter == len(file_list):
return abort(404)
def get_file(id):
file_list = dat_loader.load_data("Files")["data"]
if len(file_list) == 0:
abort(404)
counter = 0
for x in file_list:
if x.get_id() == id and isinstance(x, Photo):
return send_file(x.get_file_path())
elif x.get_id() == id and is_authenticated(request) and isinstance(
x, Attached_File):
user = get_user(request)
if x.get_uploaded_by().get_id() == user.get_id() or isinstance(
user, Staff):
return send_file(x.get_file_path())
else:
return abort(403)
elif x.get_id() == id and not is_authenticated(request) and isinstance(
x, Attached_File):
return abort(403)
else:
counter += 1
if counter == len(file_list):
return abort(404)
def delete_product(id):
if is_authenticated(request) and is_staff(request):
products = dat_loader.load_data("Products")["data"]
cart_list = dat_loader.load_data("Carts")["data"]
for product in products:
if product.get_id() == id:
for cart in cart_list:
cart_items = cart.get_items()
for item in cart_items:
if item.product.get_id() == id:
cart.remove_item(id)
dat_loader.write_data("Carts", cart_list, False)
products.remove(product)
dat_loader.write_data("Products", products)
return redirect("/dashboard/inventory/")
def orders_detail(id):
if is_authenticated(request) and not is_staff(request):
order_list = dat_loader.load_data("Orders")["data"]
counter = 0
for x in order_list:
if x.get_id() == id:
return render_template(
"pages/customer_pages/view_orders_detail.html",
order=x,
user=get_user(request))
else:
counter += 1
if len(order_list) == counter:
return abort(404)
else:
return redirect("/login/")
def cart_api_delete():
if is_authenticated(request) and not is_staff(request):
json_dat = request.get_json(force=True)
cart_list = dat_loader.load_data("Carts")["data"]
user = get_user(request)
counter = 0
for cart in cart_list:
if cart.get_user() == user.get_id():
product_id = int(json_dat["id"])
cart.remove_item(product_id)
dat_loader.write_data("Carts", cart_list, False)
return Response(status=200)
else:
counter += 1
if counter == len(cart_list):
return abort(500)
def cart_api_confirm():
domain_name = "http://127.0.0.1:5000"
if is_authenticated(request) and not is_staff(request):
json_dat = request.get_json(force=True)
cart_list = dat_loader.load_data("Carts")["data"]
user = get_user(request)
counter = 0
for cart in cart_list:
if cart.get_user() == user.get_id():
for x in json_dat:
q = int(x["quantity"])
product_id = int(x["id"])
cart.update_item(product_id, q)
dat_loader.write_data("Carts", cart_list, False)
item_list = cart.get_items()
stripe_items = []
for item in item_list:
product = item.product
item_img_list = []
img_url = domain_name + product.pic_link
item_img_list.append(img_url)
item_price = int(float(product.retail_price) * 100)
item_dict = {
"name": product.get_title(),
"description": product.get_description()[:100],
"images": item_img_list,
"amount": item_price,
"currency": "sgd",
"quantity": item.quantity
}
stripe_items.append(item_dict)
stripe.api_key = app.config["STRIPE_SECRET"]
session = stripe.checkout.Session.create(
payment_method_types=["card"],
line_items=stripe_items,
success_url=domain_name + "/api-service/payment/success/",
cancel_url=domain_name + "/checkout/cart/",
)
json_response = {"status": "ok", "id": session["id"]}
return jsonify(json_response)
else:
counter += 1
if counter == len(cart_list):
return abort(500)
else:
return abort(403)
def inventory_validate():
if is_authenticated(request) and is_staff(request):
dat = request.json
product_list = dat_loader.load_data("Products")["data"]
p_list = []
for product in product_list:
p_list.append(product.get_title())
if dat["data"].strip() in p_list:
return jsonify({
"success":
"false",
"message":
"New product's name matches existing product"
})
else:
return jsonify({"success": "true"})
else:
return abort(403)
def customer_account_manage_pass():
if is_authenticated(request):
form = AccountPasswordChange()
if request.method == "GET":
return render_template("pages/account_settings_password.html",
staff=is_staff(request),
user=get_user(request),
form=form)
elif request.method == "POST" and form.validate_on_submit():
c_user = get_user(request)
user_list = dat_loader.load_data("Users")["data"]
for user in user_list:
if user.get_id() == c_user.get_id():
user.Change_password(form.n_pass.data)
dat_loader.write_data("Users", user_list, False)
return redirect("/dashboard/account/")
else:
return redirect("/login/")
def cart_api_add():
if is_authenticated(request) and not is_staff(request):
cart_list = dat_loader.load_data("Carts")["data"]
user = get_user(request)
counter = 0
form = AddCart()
if form.validate_on_submit():
for cart in cart_list:
if cart.get_user() == user.get_id():
product_id = int(form.id.data)
quantity = form.quantity.data
cart.add_item(product_id, quantity)
else:
counter += 1
if counter == len(cart_list):
return abort(500)
dat_loader.write_data("Carts", cart_list, False)
return redirect("/dashboard/products/")
def view_cart():
if is_authenticated(request) and not is_staff(request):
cart_list = dat_loader.load_data("Carts")["data"]
user = get_user(request)
counter = 0
for cart in cart_list:
if cart.get_user() == user.get_id():
return render_template("pages/customer_pages/view_cart.html",
cart_total=cart.get_total(),
user=get_user(request),
cart_items=cart.get_items(),
cart_size=len(cart.get_items()))
else:
counter += 1
if counter == len(cart_list):
return abort(500)
else:
return redirect("/login/")
def login():
if is_authenticated(request):
return redirect("/dashboard/")
else:
form = LoginForm()
if request.method == "GET":
form.username.data = ""
form.password.data = ""
return render_template("home/login.html", form=form)
elif request.method == "POST" and form.validate_on_submit():
username = form.username.data.lower()
password = form.password.data
user_list = dat_loader.load_data("Users")["data"]
counter = 0
for user in user_list:
if isinstance(
user, Customer
) and user.email == username and user.Check_password(password):
s = Session(user)
s_dat = dat_loader.load_data("Session")["data"]
s_dat.append(s)
dat_loader.write_data("Session", s_dat, False)
resp = make_response(redirect("/dashboard/"))
resp.set_cookie("userID",
str(user.get_id()),
httponly=True)
resp.set_cookie("sessionID", s.get_id(), httponly=True)
return resp
elif isinstance(user, Staff) and user.get_staff_id(
) == username and user.Check_password(password):
s = Session(user)
s_dat = dat_loader.load_data("Session")["data"]
s_dat.append(s)
dat_loader.write_data("Session", s_dat, False)
resp = make_response(redirect("/dashboard/"))
resp.set_cookie("userID",
str(user.get_id()),
httponly=True)
resp.set_cookie("sessionID", s.get_id(), httponly=True)
return resp
else:
counter += 1
else:
return abort(400)
def get_tickets():
if is_authenticated(request):
ticket_list = dat_loader.load_data("Tickets")["data"]
user = get_user(request)
results = []
if request.args.get("closed") is None:
for ticket in ticket_list:
if ticket.get_staff_usr_id() == user.get_id(
) or ticket.created_by.get_id() == user.get_id():
results.append(ticket)
results.reverse()
results.sort(key=lambda ticket_obj: ticket_obj.is_closed())
return render_template("pages/support_ticket.html",
staff=is_staff(request),
user=user,
tickets=results,
closed=None)
elif request.args.get("closed") == "true":
for ticket in ticket_list:
if ticket.get_staff_usr_id() == user.get_id(
) and ticket.is_closed() or ticket.created_by.get_id(
) == user.get_id() and ticket.is_closed():
results.append(ticket)
results.reverse()
return render_template("pages/support_ticket.html",
staff=is_staff(request),
user=user,
tickets=results,
closed=True)
elif request.args.get("closed") == "false":
for ticket in ticket_list:
if ticket.get_staff_usr_id() == user.get_id(
) and not ticket.is_closed() or ticket.created_by.get_id(
) == user.get_id() and not ticket.is_closed():
results.append(ticket)
results.reverse()
return render_template("pages/support_ticket.html",
staff=is_staff(request),
user=user,
tickets=results,
closed=False)
else:
return redirect("/dashboard/support/")
def ticket_detail(id):
if is_authenticated(request):
user = get_user(request)
form = NewMessageForm()
ticket_list = dat_loader.load_data("Tickets")["data"]
if request.method == "GET":
count = 0
for ticket in ticket_list:
if ticket.get_id() == id:
if ticket.get_staff_usr_id() == user.get_id(
) or ticket.created_by.get_id() == user.get_id():
return render_template("pages/ticket_detail.html",
ticket=ticket,
user=user,
staff=is_staff(request),
form=form)
else:
return abort(403)
else:
count += 1
if count == len(ticket_list):
return abort(404)
elif request.method == "POST" and form.validate_on_submit():
for ticket in ticket_list:
if ticket.get_id() == int(form.id.data):
files = form.files.data
uploaded_files = []
if files[0].filename != "":
for x in files:
try:
uploaded_files.append(upload(x, False, user))
except ValueError:
return abort(400)
m1 = Message(user, uploaded_files, None)
else:
m1 = Message(user, [], form.message.data)
ticket.add_new_reply(m1)
dat_loader.write_data("Tickets", ticket_list, False)
return redirect(
url_for("ticket_detail", id=ticket.get_id()))
else:
return redirect("/login/")
def order_api_create():
if is_authenticated(request) and not is_staff(request):
cart_list = dat_loader.load_data("Carts")["data"]
user = get_user(request)
counter = 0
for cart in cart_list:
if cart.get_user() == user.get_id():
item_list = cart.get_items()
sale_dat = dat_loader.load_data("Sales")
sale_id = sale_dat["id"]
sale_list = sale_dat["data"]
order_sales = []
total = 0
product_list = dat_loader.load_data("Products")["data"]
for item in item_list:
product = item.product
for obj in product_list:
if obj.get_id() == product.get_id():
obj.stock -= int(item.quantity)
s = Sale(sale_id, product, item.quantity, time.time())
sale_id += 1
sale_list.append(s)
order_sales.append(s)
total += float(s.sub_total)
cart.clear()
order_dat = dat_loader.load_data("Orders")
order_id = order_dat["id"]
order_list = order_dat["data"]
o = Order(order_id, order_sales, str(round(total, 2)), user,
time.time())
order_list.append(o)
dat_loader.write_data("Sales", sale_list)
dat_loader.write_data("Orders", order_list)
dat_loader.write_data("Products", product_list, False)
dat_loader.write_data("Carts", cart_list, False)
return redirect("/dashboard/orders/")
else:
counter += 1
if counter == len(cart_list):
return abort(500)
else:
return abort(403)
def user_account_update_email():
if is_authenticated(request):
dat = request.get_json(force=True)
c_user = get_user(request)
user_list = dat_loader.load_data("Users")["data"]
e_list = []
for user in user_list:
e_list.append(user.email)
counter = 0
email_regex = re.compile(
r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)")
for user in user_list:
if user.get_id() == c_user.get_id():
if dat["data"] in e_list:
return jsonify({
"success":
"false",
"message":
"Your email address cannot match with a existing user"
})
elif email_regex.fullmatch(dat["data"]):
user.email = dat["data"]
dat_loader.write_data("Users", user_list, False)
return jsonify({
"success": "true",
"new_email": user.email
})
else:
return jsonify({
"success": "false",
"message": "Invalid email address"
})
else:
counter += 1
if counter == len(user_list):
return abort(404)
else:
return abort(403)
def dashboard_view_products():
if is_authenticated(request) and not is_staff(request):
refresh_session(request)
query = request.args.get("search")
if query is None:
products = dat_loader.load_data("Products")["data"]
return render_template("pages/customer_pages/products.html",
products=products,
user=get_user(request),
staff=is_staff(request))
else:
products = dat_loader.load_data("Products")["data"]
search_results = []
for product in products:
if query.upper() in product.get_title().upper() or query.upper(
) in product.get_description().upper():
search_results.append(product)
return render_template("pages/customer_pages/search_products.html",
products=search_results,
user=get_user(request),
staff=is_staff(request))
else:
return redirect("/login/")
def add_inventory():
if is_authenticated(request) and is_staff(request):
form = CreateProduct()
upload_image = FileUploadForm()
if request.method == "GET":
return render_template("pages/staff_pages/add_inventory.html",
form=form,
upload_image=upload_image,
user=get_user(request),
staff=is_staff(request))
elif request.method == "POST":
image = upload_image.file.data
image_link = upload(image)
products = dat_loader.load_data("Products")["data"]
products_id = dat_loader.load_data("Products")["id"]
new_product = Product(products_id,
form.title.data, form.description.data,
int(form.stock.data), form.retail_price.data,
form.cost_price.data, image_link)
products.append(new_product)
dat_loader.write_data("Products", products)
return redirect("/dashboard/inventory/")
else:
return redirect("/login/")
