def delete_file(name, filename):
"""
This page will delete a file from the database and uploads folder.
"""
# Check if the user is logged in before allowing to delete files.
error = valid_user(name)
if error is None:
file = Upload.query.filter_by(filename=filename).first()
if file and file.userid == name:
# Delete the file from the upload folder if it exists.
filepath = os.path.join(app.config['UPLOAD_FOLDER'], filename)
if os.path.isfile(filepath):
os.remove(filepath)
# Delete the upload object from the database.
fdb.session.delete(file)
fdb.session.commit()
flash('File was deleted successfully.')
return redirect(url_for('entries', name=name))
else:
error = "Specified file does not exist."
# If an error occurs, display the error and
# redirect to the appropriate page.
display(error)
if 'logged_in' in session:
return redirect(url_for('entries', name=session['logged_in']))
else:
return redirect(url_for('login'))
def change_theme(name):
"""
This page will allow the user to change the appearance of their blog.
"""
# Check if the user is logged in before allowing to change theme.
error = valid_user(name)
if error is None:
if request.method == 'POST':
new_theme = request.form['theme']
user_instance = get_user(name)
# Change the user's theme, change the theme in browser and
# store the changed theme in the user database.
user_instance.theme = session['theme'] = new_theme
udb.session.commit()
flash('Theme changed to %s.' % new_theme.lower())
return redirect(url_for('change_theme', name=name))
return render_template('theme.html', username=name, theme=session['theme'])
# If an error occurs, display the error and
# redirect to the appropriate page.
display(error)
if 'logged_in' in session:
return redirect(url_for('upload', name=session['logged_in']))
else:
return redirect(url_for('login'))
def upload(name):
"""
This page allows a user to upload a text or image file.
"""
error = valid_user(name)
if error is None:
if request.method == 'POST':
file = request.files['file']
if file and valid_file(file.filename):
# Sanitize the filename, save the file to the uploads
# folder, and add the file and owner info to the file database.
filename = secure_filename(file.filename)
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
file_instance = Upload(name, filename)
flash('File was uploaded successfully.')
return redirect(url_for('files', name=name))
else:
flash("Invalid filename or file type.")
return render_template('upload.html')
# If an error occurs, display the error and
# redirect to the appropriate page.
display(error)
if 'logged_in' in session:
return redirect(url_for('upload', name=session['logged_in']))
else:
return redirect(url_for('login'))
def delete_entry(name, id):
"""
This page will delete an entry from the database.
"""
# Check if the user is logged in before allowing to delete files.
error = valid_user(name)
if error is None:
entry_instance = Entry.query.filter_by(id=id, userid=name).first()
if entry_instance and entry_instance.userid == name:
# Delete the entry from the database if it exists.
edb.session.delete(entry_instance)
edb.session.commit()
flash('Entry was deleted successfully.')
return redirect(url_for('entries', name=name))
else:
error = "Specified entry does not exist."
# If an error occurs, display the error and
# redirect to the appropriate page.
display(error)
if 'logged_in' in session:
return redirect(url_for('entries', name=session['logged_in']))
else:
return redirect(url_for('login'))
def upload(name):
"""
This page allows a user to upload a text or image file.
"""
error = valid_user(name)
if error is None:
if request.method == 'POST':
file = request.files['file']
if file and valid_file(file.filename):
# Sanitize the filename, save the file to the uploads
# folder, and add the file and owner info to the file database.
filename = secure_filename(file.filename)
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
file_instance = Upload(name, filename)
flash('File was uploaded successfully.')
return redirect(url_for('files', name=name))
else:
flash("Invalid filename or file type.")
return render_template('upload.html')
# If an error occurs, display the error and
# redirect to the appropriate page.
display(error)
if 'logged_in' in session:
return redirect(url_for('upload', name=session['logged_in']))
else:
return redirect(url_for('login'))
def upload(name):
"""
This page allows a user to upload a text or image file.
"""
# Refuse access if posting is disabled for the user.
if "posting_enabled" in session and session['posting_enabled'] == False:
error = "Access denied."
display(error)
if 'logged_in' in session:
return redirect(url_for('entries', name=session['logged_in']))
else:
return redirect(url_for('login'))
# Check if the user is logged in before allowing to upload files.
error = valid_user(name)
if error is None:
if request.method == 'POST':
file = request.files['file']
if file and valid_file(file.filename):
# Sanitize the filename, save the file to the uploads
# folder, and add the file and owner info to the file database.
old_filename = filename = secure_filename(file.filename)
filetype = filename.rsplit('.', 1)[1].lower()
# Prevents duplicate filenames by appending (1), (2), etc.
# e.g. if two "images.jpg" are uploaded, the second one would
# become "images(1).jpg".
x = 0
while os.path.isfile(os.path.join(app.config['UPLOAD_FOLDER'], filename)):
x += 1
filename = ("%s(%s).%s" % (old_filename.rsplit('.', 1)[0], x, filetype))
# Save the file to the uploads folder.
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
file_instance = Upload(name, filename, filetype)
# Insert the upload object into the database.
fdb.session.add(file_instance)
fdb.session.commit()
flash('File was uploaded successfully.')
return redirect(url_for('entries', name=name))
else:
flash("Invalid filename or file type.")
return render_template('upload.html', username=name, theme=session['theme'])
# If an error occurs, display the error and
# redirect to the appropriate page.
display(error)
if 'logged_in' in session:
return redirect(url_for('upload', name=session['logged_in']))
else:
return redirect(url_for('login'))
def files(name):
"""
This page presents a user's uploaded files, and allows
the user to download them individually.
"""
error = valid_user(name)
if error is None:
uploads = [dict(userid=f.userid, filename=f.filename) \
for f in Upload.query.all()]
return render_template('files.html', username=name, uploads=uploads)
# If an error occurs, display the error and
# redirect to the appropriate page.
display(error)
if 'logged_in' in session:
return redirect(url_for('files', name=session['logged_in']))
else:
return redirect(url_for('login'))
def files(name):
"""
This page presents a user's uploaded files, and allows
the user to download them individually.
"""
error = valid_user(name)
if error is None:
uploads = [dict(userid=f.userid, filename=f.filename) \
for f in Upload.query.all()]
return render_template('files.html', username=name, uploads=uploads)
# If an error occurs, display the error and
# redirect to the appropriate page.
display(error)
if 'logged_in' in session:
return redirect(url_for('files', name=session['logged_in']))
else:
return redirect(url_for('login'))
def uploaded_file(name, filename):
"""
This page will fetch a given file from the uploads folder,
provided the user has privileges to access the file.
"""
error = valid_user(name)
if error is None:
if has_file_access(session['logged_in'], filename):
return send_from_directory(app.config['UPLOAD_FOLDER'], filename)
else:
error = "Access denied."
# If an error occurs, display the error and
# redirect to the appropriate page.
display(error)
if 'logged_in' in session:
return redirect(url_for('files', name=session['logged_in']))
else:
return redirect(url_for('login'))
def uploaded_file(name, filename):
"""
This page will fetch a given file from the uploads folder,
provided the user has privileges to access the file.
"""
error = valid_user(name)
if error is None:
if has_file_access(session['logged_in'], filename):
return send_from_directory(app.config['UPLOAD_FOLDER'], filename)
else:
error = "Access denied."
# If an error occurs, display the error and
# redirect to the appropriate page.
display(error)
if 'logged_in' in session:
return redirect(url_for('files', name=session['logged_in']))
else:
return redirect(url_for('login'))
def authenticate(self):
if valid_user():
self.verify_user(valid_user())
else:
self.new_user()
