[pwp.git] / app / views.py

from flask import render_template, flash, redirect, session, url_for, request, g, abort
from flask_login import login_user, logout_user, current_user, login_required
from app import app, lm, tools, db
from .forms import LoginForm, RegisterForm, UpdateForm, PwForm, SearchForm, DeleteForm, PortfolioForm, AlbumForm
from .models import User, Portfolio, Album, AccessRight, Role, MyAnonymous
from werkzeug.security import generate_password_hash, check_password_hash
import datetime, os
from config import SESSION_TIMEOUT

class DBException(Exception):
    pass

@app.before_request
def before_request():
    session.permanent = True
    app.permanent_session_lifetime = datetime.timedelta(minutes=SESSION_TIMEOUT)
    session.modified = True
    g.user = current_user
    g.searchForm = SearchForm(prefix="sf")
    g.deleteform = DeleteForm(prefix="df")

@lm.user_loader
def load_user(id):
    return User.query(id=id)[0]

@app.route('/')
@app.route('/index')
def index():
    user = g.user
    return render_template('index.html',
                           title='Home',
                           user=user)

@app.route('/login', methods=['GET', 'POST'])
def login():
    if g.user is not None and g.user.is_authenticated:
        return redirect(request.referrer)#redirect(url_for('index'))
    form = LoginForm()
    if form.validate_on_submit():
        user = User.query(username=form.username.data)[0]
        if user is None:
            flash('Unknown username. Please try again or register.')
        else:
            if check_password_hash(user.password, form.password.data):
                app.logger.info("Login: %s" % user)
                login_user(user, remember=False)
                g.user = user
                user.addObserver(db)
                next = request.args.get('next')
                if next is not None:
                    if not tools.is_safe_url(next):
                        return abort(400)
                    req = next.rsplit('/', 1)
                    app.logger.info("%s:%s" % (req[0], req[1]))
                    if req[0] == '/user' and req[1] != user.name:
                        next = "%s/%s" % (req[0], user.username)
                app.logger.info("Login: %s next: %s" % (user, next))
                return redirect(next or url_for('index'))
            else:
                flash('Username or password is wrong. Please try again')
    return render_template('login.html', 
                           title='Sign In',
                           form=form)

@app.route('/logout')
def logout():
    logout_user()
    return redirect(url_for('index'))

@app.route('/album/<int:id>', methods =['GET', 'DELETE'])
def getAlbum(id):
    if request.method == 'GET':
        return "<h1>Get album # %s</h1>" % id
    else:
        return 'Album #' + str(id) + " deleted"

@app.route('/albums', methods =['GET'])
def getAlbums():
    user = current_user
    app.logger.info("user: %s" % user)
    query = tools.DBQuery()
#    if user.is_anonymous:
#        return "<h1>(au)Get all albums: %s</h1>" % dir(user)
#    else:
    u = load_user(user.get_id())
    if u is None:
        u = MyAnonymous()
        a = query.get_albums_for_user(u)
    else:
        a = query.get_albums_for_user(u, True, True)
    albums = []
    for album in a:
#        if not user.is_anonymous:
        acl = query.get_acl(user, album)
#        else:
#            acl = Role.read
        if acl is not None:
            albums.append({'album': album, 'acl': acl})
        app.logger.info("albums: %s" % a)
        app.logger.info(tools.dump(albums))
    return "<h1>(nu)Get all albums</h1><pre>%s</pre>" % albums

@app.route('/album', methods =['GET', 'POST'])
@login_required
def album():
    user = g.user
    form = AlbumForm(prefix="pf")
    if form.validate_on_submit():
        u = load_user(user.get_id())
        try:
            query = tools.DBQuery()
            portfolios = query.get_portfolios(u)
            new_album = Album(name=form.name.data, public=form.public.data, visible=form.visible.data, portfolio_id=portfolios[0].id)
            db.store(new_album)
            app.logger.warning("Created album: %s" % new_album)
        except DBException as ex:
            flash(ex)
        except Exception as ex:
            flash('Create album failed: %s' % ex)
#        except Exception as ex:
#            flash("Unknown error {0}".format(ex))
        return redirect(request.referrer)
    return render_template('album.html',
                           title='Create Album', 
                           user=user, 
                           form=form)

@app.route('/portfolio/<int:id>', methods =['GET', 'DELETE'])
def getPortfolio(id):
    if request.method == 'GET':
        return "<h1>Get portfolio # %s</h1>" % id
    else:
        return 'Portfolio #' + str(id) + " deleted"

@app.route('/portfolios', methods =['GET'])
def getPortfolios():
    return "<h1>Get all portfolios</h1>"

@app.route('/portfolio', methods =['GET', 'POST'])
@login_required
def portfolio():
    user = g.user
    form = PortfolioForm(prefix="pf")
    if form.validate_on_submit():
        pass
    return render_template('portfolio.html',
                           title='Create Portfolio', 
                           user=user, 
                           form=form)

@app.route('/user/<username>', methods=['GET', 'POST'])
@login_required
def user(username):
    form = UpdateForm(prefix="uf")
    pwform = PwForm(prefix="pf")
    deleteform = g.deleteform
    referrer = request.referrer
    if form.update.data and form.validate_on_submit():
        try:
            uname=form.username.data
            email=form.email.data
            name=form.name.data
            user = User.query(username=username)[0]
            if uname != username:
                u = User.query(username=uname)[0]
                if u is not None:
                    raise DBException("%s: Username exist" % uname)
                user.username = uname
                referrer = "/user/%s" % user.username
            if email != user.email:
                e = User.query(email=email)[0]
                if e is not None:
                    raise DBException("%s: Email exist" % email)
                user.email = email
            if name != user.name:
                user.name = name
        except DBException as ex:
            user.rollback()
            flash("{0}".format(ex))
            app.logger.warning("Update user failed: {0}".format(ex))
        except Exception as ex:
            user.rollback()
            flash("Update user failed: {0}".format(ex))
            app.logger.warning("Update user failed: {0}".format(ex))
#        except Exception as ex:
#            db.rollback()
#            flash("Unknown error {0}".format(ex))
#            app.logger.warning("Update user failed: Unknown error {0}".format(ex))
        else:
            try:
                user.commit()
                login_user(user, remember=False)
                app.logger.warning("Updated user: %s" % user)
                flash("Userdata successfully updated")
            except Exception as ex:
                flash("Update user failed: {0}".format(ex))
#            except Exception as ex:
#                flash("Unknown error {0}".format(ex))
        return redirect(referrer)
    elif pwform.pwchange.data and pwform.validate_on_submit():
        user = User.query(username=username)[0]
        if pwform.password.data == pwform.passwordchk.data and check_password_hash(user.password, pwform.passwordcur.data):
            hashed_password = generate_password_hash(pwform.password.data, method='sha256')
            user.password = hashed_password
            try:
                user.commit()
                login_user(user, remember=False)
                app.logger.warning("Updated user - password: %s" % user)
                flash("Password successfully changed")
            except Exception as ex:
                flash("Update user failed: {0}".format(ex))
#            except Exception as ex:
#                flash("Unknown error {0}".format(ex))
        else:
            flash('Current password does not match or password different from password check')
        return redirect(referrer)
    else:
        user = User.query(username=username)[0]
        if user is None:
            flash('User %s not found.' % username)
            return redirect(url_for('index'))
        app.logger.info("Show profile: %s" % user)
        query = tools.DBQuery()
        portfolios = query.get_portfolios(user)
        app.logger.info("Portfolios: {0}".format(portfolios))
        private = []
        for p in portfolios:
            albums = query.get_albums(p)
            #p.set_user_count(len(query.get_users(p)))
            p.set_user_count(1)
            a1 = []
            for a in albums:
                a.set_user_count(len(query.get_users(a)))
                a1.append(a)
            pf = {'portfolio': p, 'albums': a1}
            private.append(pf)
        a = query.get_albums_for_user(user)
        app.logger.info("Albums: %s" % a)
        albums = []
        for album in a:
            acl = query.get_acl(user, album)
            app.logger.info("Album: %s -> acl: %s" % (album, acl))
            if acl is not None:
                albums.append({'album': album, 'acl': acl})
        return render_template('user.html',
                               title='Profile', 
                               user=user, 
                               form=form, 
                               pwform=pwform,
                               deleteform=deleteform,  
                               private=private, 
                               albums=albums)

@app.route('/register', methods=['GET', 'POST'])
def register():
    form = RegisterForm()
    if form.validate_on_submit():
        if form.password.data == form.passwordchk.data:
            try:
                username=form.username.data
                email=form.email.data
                u = User.query.filter_by(username=username).first()
                if u:
                    raise DBException("%s: Username exist" % username)
                e = User.query.filter_by(email=email).first()
                if e:
                    raise DBException("%s: Email exist" % email)
                hashed_password = generate_password_hash(form.password.data, method='sha256')
                new_user = User(name=form.name.data, username=form.username.data, email=form.email.data, password=hashed_password)
            except DBException as ex:
                flash(ex)
            except Exception as ex:
                flash('Create user failed: %s' % ex)
#            except Exception as ex:
#                flash("Unknown error {0}".format(ex))
            else:
                try:
                    portfolio = Portfolio(name = new_user.name, owner = new_user)
                    #db.session.add(portfolio)
                    new_user.portfolios.append(portfolio)
                    #db.session.add(new_user)
                    acl = AccessRight(right = Role.read, user = new_user)
                    #db.session.add(acl)
                    acl = AccessRight(right = Role.write, user = new_user)
                    #db.session.add(acl)
                    acl = AccessRight(right = Role.admin, user = new_user)
                    #db.session.add(acl)
                    #db.session.commit()
                    app.logger.warning("Registered: %s" % new_user)
                    flash("You have been registered with username: " + form.username.data + os.linesep)
                    flash("Default Portfolio: " + portfolio.name)
                    return redirect(url_for('login'))
                except Exception as ex:
                    flash('Create user failed: %s' % ex)
                except Exception as ex:
                    flash("Unknown error {0}".format(ex))
        else:
            flash('Password did not match password check')
    return render_template('register.html',
                           title='Register',
                           form=form)

@app.route('/resetpwd')
def resetpwd():
    return '<h1>resetpwd</h1>'

@app.route('/search', methods=['POST'])
def search():
    form = g.searchForm
    if form.validate_on_submit():
        token = form.token.data
        flash("Search: " + token)
    return redirect(request.referrer)

@app.route('/admin')
#@login_required
def admin():
    try:
        if g.user is not None and g.user.is_admin:
            app.logger.warning("Enter Admin area: %s" % g.user)
            return render_template('admin.html',
                                    title='Administration')
    except AttributeError:
        pass
    app.logger.critical("Tried to enter Admin area: %s" % g.user)
    return redirect(request.referrer)#redirect(url_for('index'))
Commit	Line	Data
e5424f29 MR	1	from flask import render_template, flash, redirect, session, url_for, request, g, abort
e5424f29 MR	2	from flask_login import login_user, logout_user, current_user, login_required
fc01a3eb	3	from app import app, lm, tools, db
e5424f29 MR	4	from .forms import LoginForm, RegisterForm, UpdateForm, PwForm, SearchForm, DeleteForm, PortfolioForm, AlbumForm
	5	from .models import User, Portfolio, Album, AccessRight, Role, MyAnonymous
	6	from werkzeug.security import generate_password_hash, check_password_hash
	7	import datetime, os
	8	from config import SESSION_TIMEOUT
	9
	10	class DBException(Exception):
	11	pass
	12
	13	@app.before_request
	14	def before_request():
	15	session.permanent = True
	16	app.permanent_session_lifetime = datetime.timedelta(minutes=SESSION_TIMEOUT)
	17	session.modified = True
	18	g.user = current_user
	19	g.searchForm = SearchForm(prefix="sf")
	20	g.deleteform = DeleteForm(prefix="df")
	21
	22	@lm.user_loader
	23	def load_user(id):
fc01a3eb	24	return User.query(id=id)[0]
e5424f29 MR	25
	26	@app.route('/')
	27	@app.route('/index')
	28	def index():
	29	user = g.user
	30	return render_template('index.html',
	31	title='Home',
	32	user=user)
	33
	34	@app.route('/login', methods=['GET', 'POST'])
	35	def login():
	36	if g.user is not None and g.user.is_authenticated:
	37	return redirect(request.referrer)#redirect(url_for('index'))
	38	form = LoginForm()
	39	if form.validate_on_submit():
fc01a3eb	40	user = User.query(username=form.username.data)[0]
e5424f29 MR	41	if user is None:
	42	flash('Unknown username. Please try again or register.')
	43	else:
e5424f29 MR	44	if check_password_hash(user.password, form.password.data):
	45	app.logger.info("Login: %s" % user)
	46	login_user(user, remember=False)
fc01a3eb MR	47	g.user = user
fc01a3eb MR	48	user.addObserver(db)
e5424f29 MR	49	next = request.args.get('next')
	50	if next is not None:
	51	if not tools.is_safe_url(next):
	52	return abort(400)
	53	req = next.rsplit('/', 1)
	54	app.logger.info("%s:%s" % (req[0], req[1]))
	55	if req[0] == '/user' and req[1] != user.name:
	56	next = "%s/%s" % (req[0], user.username)
	57	app.logger.info("Login: %s next: %s" % (user, next))
	58	return redirect(next or url_for('index'))
	59	else:
	60	flash('Username or password is wrong. Please try again')
	61	return render_template('login.html',
	62	title='Sign In',
	63	form=form)
	64
	65	@app.route('/logout')
	66	def logout():
	67	logout_user()
	68	return redirect(url_for('index'))
	69
	70	@app.route('/album/<int:id>', methods =['GET', 'DELETE'])
	71	def getAlbum(id):
	72	if request.method == 'GET':
	73	return "<h1>Get album # %s</h1>" % id
	74	else:
	75	return 'Album #' + str(id) + " deleted"
	76
	77	@app.route('/albums', methods =['GET'])
	78	def getAlbums():
	79	user = current_user
	80	app.logger.info("user: %s" % user)
	81	query = tools.DBQuery()
	82	# if user.is_anonymous:
	83	# return "<h1>(au)Get all albums: %s</h1>" % dir(user)
	84	# else:
	85	u = load_user(user.get_id())
	86	if u is None:
	87	u = MyAnonymous()
	88	a = query.get_albums_for_user(u)
	89	else:
	90	a = query.get_albums_for_user(u, True, True)
	91	albums = []
	92	for album in a:
	93	# if not user.is_anonymous:
	94	acl = query.get_acl(user, album)
	95	# else:
	96	# acl = Role.read
	97	if acl is not None:
	98	albums.append({'album': album, 'acl': acl})
	99	app.logger.info("albums: %s" % a)
	100	app.logger.info(tools.dump(albums))
	101	return "<h1>(nu)Get all albums</h1><pre>%s</pre>" % albums
	102
	103	@app.route('/album', methods =['GET', 'POST'])
	104	@login_required
	105	def album():
	106	user = g.user
	107	form = AlbumForm(prefix="pf")
	108	if form.validate_on_submit():
	109	u = load_user(user.get_id())
	110	try:
	111	query = tools.DBQuery()
	112	portfolios = query.get_portfolios(u)
113	new_album = Album(name=form.name.data, public=form.public.data, visible=form.visible.data, portfolio_id=portfolios[0].id)
fc01a3eb	114	db.store(new_album)
e5424f29 MR	115	app.logger.warning("Created album: %s" % new_album)
e5424f29 MR	116	except DBException as ex:
e5424f29	117	flash(ex)
e5424f29	118	except Exception as ex:
fc01a3eb MR	119	flash('Create album failed: %s' % ex)
	120	# except Exception as ex:
	121	# flash("Unknown error {0}".format(ex))
e5424f29 MR	122	return redirect(request.referrer)
	123	return render_template('album.html',
	124	title='Create Album',
	125	user=user,
	126	form=form)
	127
	128	@app.route('/portfolio/<int:id>', methods =['GET', 'DELETE'])
	129	def getPortfolio(id):
	130	if request.method == 'GET':
	131	return "<h1>Get portfolio # %s</h1>" % id
	132	else:
	133	return 'Portfolio #' + str(id) + " deleted"
	134
	135	@app.route('/portfolios', methods =['GET'])
	136	def getPortfolios():
	137	return "<h1>Get all portfolios</h1>"
	138
	139	@app.route('/portfolio', methods =['GET', 'POST'])
	140	@login_required
	141	def portfolio():
	142	user = g.user
	143	form = PortfolioForm(prefix="pf")
	144	if form.validate_on_submit():
	145	pass
	146	return render_template('portfolio.html',
	147	title='Create Portfolio',
	148	user=user,
	149	form=form)
	150
	151	@app.route('/user/<username>', methods=['GET', 'POST'])
	152	@login_required
	153	def user(username):
	154	form = UpdateForm(prefix="uf")
	155	pwform = PwForm(prefix="pf")
	156	deleteform = g.deleteform
	157	referrer = request.referrer
	158	if form.update.data and form.validate_on_submit():
	159	try:
	160	uname=form.username.data
	161	email=form.email.data
	162	name=form.name.data
fc01a3eb	163	user = User.query(username=username)[0]
e5424f29	164	if uname != username:
fc01a3eb	165	u = User.query(username=uname)[0]
e5424f29 MR	166	if u is not None:
	167	raise DBException("%s: Username exist" % uname)
	168	user.username = uname
	169	referrer = "/user/%s" % user.username
	170	if email != user.email:
fc01a3eb	171	e = User.query(email=email)[0]
e5424f29 MR	172	if e is not None:
	173	raise DBException("%s: Email exist" % email)
	174	user.email = email
	175	if name != user.name:
	176	user.name = name
	177	except DBException as ex:
fc01a3eb	178	user.rollback()
e5424f29 MR	179	flash("{0}".format(ex))
e5424f29 MR	180	app.logger.warning("Update user failed: {0}".format(ex))
fc01a3eb MR	181	except Exception as ex:
fc01a3eb MR	182	user.rollback()
e5424f29 MR	183	flash("Update user failed: {0}".format(ex))
e5424f29 MR	184	app.logger.warning("Update user failed: {0}".format(ex))
fc01a3eb MR	185	# except Exception as ex:
	186	# db.rollback()
	187	# flash("Unknown error {0}".format(ex))
	188	# app.logger.warning("Update user failed: Unknown error {0}".format(ex))
e5424f29 MR	189	else:
e5424f29 MR	190	try:
fc01a3eb	191	user.commit()
e5424f29 MR	192	login_user(user, remember=False)
	193	app.logger.warning("Updated user: %s" % user)
	194	flash("Userdata successfully updated")
e5424f29	195	except Exception as ex:
fc01a3eb MR	196	flash("Update user failed: {0}".format(ex))
	197	# except Exception as ex:
	198	# flash("Unknown error {0}".format(ex))
e5424f29 MR	199	return redirect(referrer)
e5424f29 MR	200	elif pwform.pwchange.data and pwform.validate_on_submit():
fc01a3eb	201	user = User.query(username=username)[0]
e5424f29 MR	202	if pwform.password.data == pwform.passwordchk.data and check_password_hash(user.password, pwform.passwordcur.data):
	203	hashed_password = generate_password_hash(pwform.password.data, method='sha256')
	204	user.password = hashed_password
	205	try:
fc01a3eb	206	user.commit()
e5424f29 MR	207	login_user(user, remember=False)
	208	app.logger.warning("Updated user - password: %s" % user)
	209	flash("Password successfully changed")
e5424f29	210	except Exception as ex:
fc01a3eb MR	211	flash("Update user failed: {0}".format(ex))
	212	# except Exception as ex:
	213	# flash("Unknown error {0}".format(ex))
e5424f29 MR	214	else:
	215	flash('Current password does not match or password different from password check')
	216	return redirect(referrer)
	217	else:
fc01a3eb	218	user = User.query(username=username)[0]
e5424f29 MR	219	if user is None:
	220	flash('User %s not found.' % username)
	221	return redirect(url_for('index'))
	222	app.logger.info("Show profile: %s" % user)
	223	query = tools.DBQuery()
	224	portfolios = query.get_portfolios(user)
fc01a3eb	225	app.logger.info("Portfolios: {0}".format(portfolios))
e5424f29 MR	226	private = []
	227	for p in portfolios:
	228	albums = query.get_albums(p)
fc01a3eb MR	229	#p.set_user_count(len(query.get_users(p)))
fc01a3eb MR	230	p.set_user_count(1)
e5424f29 MR	231	a1 = []
	232	for a in albums:
	233	a.set_user_count(len(query.get_users(a)))
	234	a1.append(a)
	235	pf = {'portfolio': p, 'albums': a1}
	236	private.append(pf)
	237	a = query.get_albums_for_user(user)
	238	app.logger.info("Albums: %s" % a)
	239	albums = []
	240	for album in a:
	241	acl = query.get_acl(user, album)
	242	app.logger.info("Album: %s -> acl: %s" % (album, acl))
	243	if acl is not None:
	244	albums.append({'album': album, 'acl': acl})
	245	return render_template('user.html',
	246	title='Profile',
	247	user=user,
	248	form=form,
	249	pwform=pwform,
	250	deleteform=deleteform,
	251	private=private,
	252	albums=albums)
	253
	254	@app.route('/register', methods=['GET', 'POST'])
	255	def register():
	256	form = RegisterForm()
	257	if form.validate_on_submit():
	258	if form.password.data == form.passwordchk.data:
	259	try:
	260	username=form.username.data
	261	email=form.email.data
	262	u = User.query.filter_by(username=username).first()
	263	if u:
	264	raise DBException("%s: Username exist" % username)
	265	e = User.query.filter_by(email=email).first()
	266	if e:
	267	raise DBException("%s: Email exist" % email)
	268	hashed_password = generate_password_hash(form.password.data, method='sha256')
	269	new_user = User(name=form.name.data, username=form.username.data, email=form.email.data, password=hashed_password)
	270	except DBException as ex:
e5424f29	271	flash(ex)
e5424f29	272	except Exception as ex:
fc01a3eb MR	273	flash('Create user failed: %s' % ex)
	274	# except Exception as ex:
	275	# flash("Unknown error {0}".format(ex))
e5424f29 MR	276	else:
	277	try:
	278	portfolio = Portfolio(name = new_user.name, owner = new_user)
fc01a3eb	279	#db.session.add(portfolio)
e5424f29	280	new_user.portfolios.append(portfolio)
fc01a3eb	281	#db.session.add(new_user)
e5424f29	282	acl = AccessRight(right = Role.read, user = new_user)
fc01a3eb	283	#db.session.add(acl)
e5424f29	284	acl = AccessRight(right = Role.write, user = new_user)
fc01a3eb	285	#db.session.add(acl)
e5424f29	286	acl = AccessRight(right = Role.admin, user = new_user)
fc01a3eb MR	287	#db.session.add(acl)
fc01a3eb MR	288	#db.session.commit()
e5424f29 MR	289	app.logger.warning("Registered: %s" % new_user)
	290	flash("You have been registered with username: " + form.username.data + os.linesep)
	291	flash("Default Portfolio: " + portfolio.name)
	292	return redirect(url_for('login'))
fc01a3eb	293	except Exception as ex:
e5424f29 MR	294	flash('Create user failed: %s' % ex)
e5424f29 MR	295	except Exception as ex:
e5424f29 MR	296	flash("Unknown error {0}".format(ex))
	297	else:
	298	flash('Password did not match password check')
	299	return render_template('register.html',
	300	title='Register',
	301	form=form)
	302
	303	@app.route('/resetpwd')
	304	def resetpwd():
	305	return '<h1>resetpwd</h1>'
	306
	307	@app.route('/search', methods=['POST'])
	308	def search():
	309	form = g.searchForm
	310	if form.validate_on_submit():
	311	token = form.token.data
	312	flash("Search: " + token)
	313	return redirect(request.referrer)
	314
	315	@app.route('/admin')
	316	#@login_required
	317	def admin():
	318	try:
	319	if g.user is not None and g.user.is_admin:
	320	app.logger.warning("Enter Admin area: %s" % g.user)
	321	return render_template('admin.html',
	322	title='Administration')
	323	except AttributeError:
	324	pass
	325	app.logger.critical("Tried to enter Admin area: %s" % g.user)
	326	return redirect(request.referrer)#redirect(url_for('index'))
	327
	328