[pwp.git] / app / views.py

from flask import render_template, flash, redirect, session, url_for, request, g, abort
from flask_login import login_user, logout_user, current_user, login_required
from app import app, lm, tools
from .forms import LoginForm, RegisterForm, UpdateForm, PwForm, SearchForm, DeleteForm, PortfolioForm, AlbumForm
from .models import User, Portfolio, Album, AccessRight, Role, MyAnonymous
from werkzeug.security import generate_password_hash, check_password_hash
import datetime, os
from config import SESSION_TIMEOUT

class DBException(Exception):
    pass

@app.before_request
def before_request():
    session.permanent = True
    app.permanent_session_lifetime = datetime.timedelta(minutes=SESSION_TIMEOUT)
    session.modified = True
    g.user = current_user
    g.searchForm = SearchForm(prefix="sf")
    g.deleteform = DeleteForm(prefix="df")

@lm.user_loader
def load_user(id):
    return User.query.get(int(id))

@app.route('/')
@app.route('/index')
def index():
    user = g.user
    return render_template('index.html',
                           title='Home',
                           user=user)

@app.route('/login', methods=['GET', 'POST'])
def login():
    if g.user is not None and g.user.is_authenticated:
        return redirect(request.referrer)#redirect(url_for('index'))
    form = LoginForm()
    if form.validate_on_submit():
        user = User.query.filter_by(username=form.username.data).first()
        if user is None:
            flash('Unknown username. Please try again or register.')
        else:
            app.logger.info("db-pwd: %s form-pwd: %s" % (user.password, form.password.data))
            if check_password_hash(user.password, form.password.data):
                app.logger.info("Login: %s" % user)
                login_user(user, remember=False)
                next = request.args.get('next')
                if next is not None:
                    if not tools.is_safe_url(next):
                        return abort(400)
                    req = next.rsplit('/', 1)
                    app.logger.info("%s:%s" % (req[0], req[1]))
                    if req[0] == '/user' and req[1] != user.name:
                        next = "%s/%s" % (req[0], user.username)
                app.logger.info("Login: %s next: %s" % (user, next))
                return redirect(next or url_for('index'))
            else:
                flash('Username or password is wrong. Please try again')
    return render_template('login.html', 
                           title='Sign In',
                           form=form)

@app.route('/logout')
def logout():
    logout_user()
    return redirect(url_for('index'))

@app.route('/album/<int:id>', methods =['GET', 'DELETE'])
def getAlbum(id):
    if request.method == 'GET':
        return "<h1>Get album # %s</h1>" % id
    else:
        return 'Album #' + str(id) + " deleted"

@app.route('/albums', methods =['GET'])
def getAlbums():
    user = current_user
    app.logger.info("user: %s" % user)
    query = tools.DBQuery()
#    if user.is_anonymous:
#        return "<h1>(au)Get all albums: %s</h1>" % dir(user)
#    else:
    u = load_user(user.get_id())
    if u is None:
        u = MyAnonymous()
        a = query.get_albums_for_user(u)
    else:
        a = query.get_albums_for_user(u, True, True)
    albums = []
    for album in a:
#        if not user.is_anonymous:
        acl = query.get_acl(user, album)
#        else:
#            acl = Role.read
        if acl is not None:
            albums.append({'album': album, 'acl': acl})
        app.logger.info("albums: %s" % a)
        app.logger.info(tools.dump(albums))
    return "<h1>(nu)Get all albums</h1><pre>%s</pre>" % albums

@app.route('/album', methods =['GET', 'POST'])
@login_required
def album():
    user = g.user
    form = AlbumForm(prefix="pf")
    if form.validate_on_submit():
        u = load_user(user.get_id())
        try:
            query = tools.DBQuery()
            portfolios = query.get_portfolios(u)
            new_album = Album(name=form.name.data, public=form.public.data, visible=form.visible.data, portfolio_id=portfolios[0].id)
            db.session.add(new_album)
            db.session.commit()
            app.logger.warning("Created album: %s" % new_album)
        except DBException as ex:
            db.session.rollback()
            flash(ex)
        except exc.IntegrityError as ex:
            db.session.rollback()
            flash('Create album failed: %s' % ex)
        except Exception as ex:
            db.session.rollback()
            flash("Unknown error {0}".format(ex))
        return redirect(request.referrer)
    return render_template('album.html',
                           title='Create Album', 
                           user=user, 
                           form=form)

@app.route('/portfolio/<int:id>', methods =['GET', 'DELETE'])
def getPortfolio(id):
    if request.method == 'GET':
        return "<h1>Get portfolio # %s</h1>" % id
    else:
        return 'Portfolio #' + str(id) + " deleted"

@app.route('/portfolios', methods =['GET'])
def getPortfolios():
    return "<h1>Get all portfolios</h1>"

@app.route('/portfolio', methods =['GET', 'POST'])
@login_required
def portfolio():
    user = g.user
    form = PortfolioForm(prefix="pf")
    if form.validate_on_submit():
        pass
    return render_template('portfolio.html',
                           title='Create Portfolio', 
                           user=user, 
                           form=form)

@app.route('/user/<username>', methods=['GET', 'POST'])
@login_required
def user(username):
    form = UpdateForm(prefix="uf")
    pwform = PwForm(prefix="pf")
    deleteform = g.deleteform
    referrer = request.referrer
    if form.update.data and form.validate_on_submit():
        try:
            uname=form.username.data
            email=form.email.data
            name=form.name.data
            user = User.query.filter_by(username=username).first()
            if uname != username:
                u = User.query.filter_by(username=uname).first()
                if u is not None:
                    raise DBException("%s: Username exist" % uname)
                user.username = uname
                referrer = "/user/%s" % user.username
            if email != user.email:
                e = User.query.filter_by(email=email).first()
                if e is not None:
                    raise DBException("%s: Email exist" % email)
                user.email = email
            if name != user.name:
                user.name = name
        except DBException as ex:
            db.session.rollback()
            flash("{0}".format(ex))
            app.logger.warning("Update user failed: {0}".format(ex))
        except exc.IntegrityError as ex:
            db.session.rollback()
            flash("Update user failed: {0}".format(ex))
            app.logger.warning("Update user failed: {0}".format(ex))
        except Exception as ex:
            db.session.rollback()
            flash("Unknown error {0}".format(ex))
            app.logger.warning("Update user failed: Unknown error {0}".format(ex))
        else:
            try:
                db.session.commit()
                login_user(user, remember=False)
                app.logger.warning("Updated user: %s" % user)
                flash("Userdata successfully updated")
            except exc.IntegrityError as ex:
                db.session.rollback()
                flash("Update user failed: {0}".format(ex))
            except Exception as ex:
                db.session.rollback()
                flash("Unknown error {0}".format(ex))
        return redirect(referrer)
    elif pwform.pwchange.data and pwform.validate_on_submit():
        user = User.query.filter_by(username=username).first()
        if pwform.password.data == pwform.passwordchk.data and check_password_hash(user.password, pwform.passwordcur.data):
            hashed_password = generate_password_hash(pwform.password.data, method='sha256')
            user.password = hashed_password
            try:
                db.session.commit()
                login_user(user, remember=False)
                app.logger.warning("Updated user - password: %s" % user)
                flash("Password successfully changed")
            except exc.IntegrityError as ex:
                db.session.rollback()
                flash("Update user failed: {0}".format(ex))
            except Exception as ex:
                db.session.rollback()
                flash("Unknown error {0}".format(ex))
        else:
            flash('Current password does not match or password different from password check')
        return redirect(referrer)
    else:
        user = User.query.filter_by(username=username).first()
        if user is None:
            flash('User %s not found.' % username)
            return redirect(url_for('index'))
        app.logger.info("Show profile: %s" % user)
        query = tools.DBQuery()
        portfolios = query.get_portfolios(user)
        private = []
        for p in portfolios:
            albums = query.get_albums(p)
            p.set_user_count(len(query.get_users(p)))
            a1 = []
            for a in albums:
                a.set_user_count(len(query.get_users(a)))
                a1.append(a)
            pf = {'portfolio': p, 'albums': a1}
            private.append(pf)
        a = query.get_albums_for_user(user)
        app.logger.info("Albums: %s" % a)
        albums = []
        for album in a:
            acl = query.get_acl(user, album)
            app.logger.info("Album: %s -> acl: %s" % (album, acl))
            if acl is not None:
                albums.append({'album': album, 'acl': acl})
        return render_template('user.html',
                               title='Profile', 
                               user=user, 
                               form=form, 
                               pwform=pwform,
                               deleteform=deleteform,  
                               private=private, 
                               albums=albums)

@app.route('/register', methods=['GET', 'POST'])
def register():
    form = RegisterForm()
    if form.validate_on_submit():
        if form.password.data == form.passwordchk.data:
            try:
                username=form.username.data
                email=form.email.data
                u = User.query.filter_by(username=username).first()
                if u:
                    raise DBException("%s: Username exist" % username)
                e = User.query.filter_by(email=email).first()
                if e:
                    raise DBException("%s: Email exist" % email)
                hashed_password = generate_password_hash(form.password.data, method='sha256')
                new_user = User(name=form.name.data, username=form.username.data, email=form.email.data, password=hashed_password)
            except DBException as ex:
                db.session.rollback()
                flash(ex)
            except exc.IntegrityError as ex:
                db.session.rollback()
                flash('Create user failed: %s' % ex)
            except Exception as ex:
                db.session.rollback()
                flash("Unknown error {0}".format(ex))
            else:
                try:
                    portfolio = Portfolio(name = new_user.name, owner = new_user)
                    db.session.add(portfolio)
                    new_user.portfolios.append(portfolio)
                    db.session.add(new_user)
                    acl = AccessRight(right = Role.read, user = new_user)
                    db.session.add(acl)
                    acl = AccessRight(right = Role.write, user = new_user)
                    db.session.add(acl)
                    acl = AccessRight(right = Role.admin, user = new_user)
                    db.session.add(acl)
                    db.session.commit()
                    app.logger.warning("Registered: %s" % new_user)
                    flash("You have been registered with username: " + form.username.data + os.linesep)
                    flash("Default Portfolio: " + portfolio.name)
                    return redirect(url_for('login'))
                except exc.IntegrityError as ex:
                    db.session.rollback()
                    flash('Create user failed: %s' % ex)
                except Exception as ex:
                    db.session.rollback()
                    flash("Unknown error {0}".format(ex))
        else:
            flash('Password did not match password check')
    return render_template('register.html',
                           title='Register',
                           form=form)

@app.route('/resetpwd')
def resetpwd():
    return '<h1>resetpwd</h1>'

@app.route('/search', methods=['POST'])
def search():
    form = g.searchForm
    if form.validate_on_submit():
        token = form.token.data
        flash("Search: " + token)
    return redirect(request.referrer)

@app.route('/admin')
#@login_required
def admin():
    try:
        if g.user is not None and g.user.is_admin:
            app.logger.warning("Enter Admin area: %s" % g.user)
            return render_template('admin.html',
                                    title='Administration')
    except AttributeError:
        pass
    app.logger.critical("Tried to enter Admin area: %s" % g.user)
    return redirect(request.referrer)#redirect(url_for('index'))
Commit	Line	Data
e5424f29 MR	1	from flask import render_template, flash, redirect, session, url_for, request, g, abort
	2	from flask_login import login_user, logout_user, current_user, login_required
	3	from app import app, lm, tools
	4	from .forms import LoginForm, RegisterForm, UpdateForm, PwForm, SearchForm, DeleteForm, PortfolioForm, AlbumForm
	5	from .models import User, Portfolio, Album, AccessRight, Role, MyAnonymous
	6	from werkzeug.security import generate_password_hash, check_password_hash
	7	import datetime, os
	8	from config import SESSION_TIMEOUT
	9
	10	class DBException(Exception):
	11	pass
	12
	13	@app.before_request
	14	def before_request():
	15	session.permanent = True
	16	app.permanent_session_lifetime = datetime.timedelta(minutes=SESSION_TIMEOUT)
	17	session.modified = True
	18	g.user = current_user
	19	g.searchForm = SearchForm(prefix="sf")
	20	g.deleteform = DeleteForm(prefix="df")
	21
	22	@lm.user_loader
	23	def load_user(id):
	24	return User.query.get(int(id))
	25
	26	@app.route('/')
	27	@app.route('/index')
	28	def index():
	29	user = g.user
	30	return render_template('index.html',
	31	title='Home',
	32	user=user)
	33
	34	@app.route('/login', methods=['GET', 'POST'])
	35	def login():
	36	if g.user is not None and g.user.is_authenticated:
	37	return redirect(request.referrer)#redirect(url_for('index'))
	38	form = LoginForm()
	39	if form.validate_on_submit():
	40	user = User.query.filter_by(username=form.username.data).first()
	41	if user is None:
	42	flash('Unknown username. Please try again or register.')
	43	else:
	44	app.logger.info("db-pwd: %s form-pwd: %s" % (user.password, form.password.data))
	45	if check_password_hash(user.password, form.password.data):
	46	app.logger.info("Login: %s" % user)
	47	login_user(user, remember=False)
	48	next = request.args.get('next')
	49	if next is not None:
	50	if not tools.is_safe_url(next):
	51	return abort(400)
	52	req = next.rsplit('/', 1)
	53	app.logger.info("%s:%s" % (req[0], req[1]))
	54	if req[0] == '/user' and req[1] != user.name:
	55	next = "%s/%s" % (req[0], user.username)
	56	app.logger.info("Login: %s next: %s" % (user, next))
	57	return redirect(next or url_for('index'))
	58	else:
	59	flash('Username or password is wrong. Please try again')
	60	return render_template('login.html',
	61	title='Sign In',
	62	form=form)
	63
	64	@app.route('/logout')
65	def logout():
66	logout_user()
67	return redirect(url_for('index'))
68
69	@app.route('/album/<int:id>', methods =['GET', 'DELETE'])
70	def getAlbum(id):
71	if request.method == 'GET':
72	return "<h1>Get album # %s</h1>" % id
73	else:
74	return 'Album #' + str(id) + " deleted"
75
76	@app.route('/albums', methods =['GET'])
77	def getAlbums():
78	user = current_user
79	app.logger.info("user: %s" % user)
80	query = tools.DBQuery()
81	# if user.is_anonymous:
82	# return "<h1>(au)Get all albums: %s</h1>" % dir(user)
83	# else:
84	u = load_user(user.get_id())
85	if u is None:
86	u = MyAnonymous()
87	a = query.get_albums_for_user(u)
88	else:
89	a = query.get_albums_for_user(u, True, True)
90	albums = []
91	for album in a:
92	# if not user.is_anonymous:
93	acl = query.get_acl(user, album)
94	# else:
95	# acl = Role.read
96	if acl is not None:
97	albums.append({'album': album, 'acl': acl})
98	app.logger.info("albums: %s" % a)
99	app.logger.info(tools.dump(albums))
100	return "<h1>(nu)Get all albums</h1><pre>%s</pre>" % albums
101
102	@app.route('/album', methods =['GET', 'POST'])
103	@login_required
104	def album():
105	user = g.user
106	form = AlbumForm(prefix="pf")
107	if form.validate_on_submit():
108	u = load_user(user.get_id())
109	try:
110	query = tools.DBQuery()
111	portfolios = query.get_portfolios(u)
112	new_album = Album(name=form.name.data, public=form.public.data, visible=form.visible.data, portfolio_id=portfolios[0].id)
113	db.session.add(new_album)
114	db.session.commit()
115	app.logger.warning("Created album: %s" % new_album)
116	except DBException as ex:
117	db.session.rollback()
118	flash(ex)
119	except exc.IntegrityError as ex:
120	db.session.rollback()
121	flash('Create album failed: %s' % ex)
122	except Exception as ex:
123	db.session.rollback()
124	flash("Unknown error {0}".format(ex))
125	return redirect(request.referrer)
126	return render_template('album.html',
127	title='Create Album',
128	user=user,
129	form=form)
130
131	@app.route('/portfolio/<int:id>', methods =['GET', 'DELETE'])
132	def getPortfolio(id):
133	if request.method == 'GET':
134	return "<h1>Get portfolio # %s</h1>" % id
135	else:
136	return 'Portfolio #' + str(id) + " deleted"
137
138	@app.route('/portfolios', methods =['GET'])
139	def getPortfolios():
140	return "<h1>Get all portfolios</h1>"
141
142	@app.route('/portfolio', methods =['GET', 'POST'])
143	@login_required
144	def portfolio():
145	user = g.user
146	form = PortfolioForm(prefix="pf")
147	if form.validate_on_submit():
148	pass
149	return render_template('portfolio.html',
150	title='Create Portfolio',
151	user=user,
152	form=form)
153
154	@app.route('/user/<username>', methods=['GET', 'POST'])
155	@login_required
156	def user(username):
157	form = UpdateForm(prefix="uf")
158	pwform = PwForm(prefix="pf")
159	deleteform = g.deleteform
160	referrer = request.referrer
161	if form.update.data and form.validate_on_submit():
162	try:
163	uname=form.username.data
164	email=form.email.data
165	name=form.name.data
166	user = User.query.filter_by(username=username).first()
167	if uname != username:
168	u = User.query.filter_by(username=uname).first()
169	if u is not None:
170	raise DBException("%s: Username exist" % uname)
171	user.username = uname
172	referrer = "/user/%s" % user.username
173	if email != user.email:
174	e = User.query.filter_by(email=email).first()
175	if e is not None:
176	raise DBException("%s: Email exist" % email)
177	user.email = email
178	if name != user.name:
179	user.name = name
180	except DBException as ex:
181	db.session.rollback()
182	flash("{0}".format(ex))
183	app.logger.warning("Update user failed: {0}".format(ex))
184	except exc.IntegrityError as ex:
185	db.session.rollback()
186	flash("Update user failed: {0}".format(ex))
187	app.logger.warning("Update user failed: {0}".format(ex))
188	except Exception as ex:
189	db.session.rollback()
190	flash("Unknown error {0}".format(ex))
191	app.logger.warning("Update user failed: Unknown error {0}".format(ex))
192	else:
193	try:
194	db.session.commit()
195	login_user(user, remember=False)
196	app.logger.warning("Updated user: %s" % user)
197	flash("Userdata successfully updated")
198	except exc.IntegrityError as ex:
199	db.session.rollback()
200	flash("Update user failed: {0}".format(ex))
201	except Exception as ex:
202	db.session.rollback()
203	flash("Unknown error {0}".format(ex))
204	return redirect(referrer)
205	elif pwform.pwchange.data and pwform.validate_on_submit():
206	user = User.query.filter_by(username=username).first()
207	if pwform.password.data == pwform.passwordchk.data and check_password_hash(user.password, pwform.passwordcur.data):
208	hashed_password = generate_password_hash(pwform.password.data, method='sha256')
209	user.password = hashed_password
210	try:
211	db.session.commit()
212	login_user(user, remember=False)
213	app.logger.warning("Updated user - password: %s" % user)
214	flash("Password successfully changed")
215	except exc.IntegrityError as ex:
216	db.session.rollback()
217	flash("Update user failed: {0}".format(ex))
218	except Exception as ex:
219	db.session.rollback()
220	flash("Unknown error {0}".format(ex))
221	else:
222	flash('Current password does not match or password different from password check')
223	return redirect(referrer)
224	else:
225	user = User.query.filter_by(username=username).first()
226	if user is None:
227	flash('User %s not found.' % username)
228	return redirect(url_for('index'))
229	app.logger.info("Show profile: %s" % user)
230	query = tools.DBQuery()
231	portfolios = query.get_portfolios(user)
232	private = []
233	for p in portfolios:
234	albums = query.get_albums(p)
235	p.set_user_count(len(query.get_users(p)))
236	a1 = []
237	for a in albums:
238	a.set_user_count(len(query.get_users(a)))
239	a1.append(a)
240	pf = {'portfolio': p, 'albums': a1}
241	private.append(pf)
242	a = query.get_albums_for_user(user)
243	app.logger.info("Albums: %s" % a)
244	albums = []
245	for album in a:
246	acl = query.get_acl(user, album)
247	app.logger.info("Album: %s -> acl: %s" % (album, acl))
248	if acl is not None:
249	albums.append({'album': album, 'acl': acl})
250	return render_template('user.html',
251	title='Profile',
252	user=user,
253	form=form,
254	pwform=pwform,
255	deleteform=deleteform,
256	private=private,
257	albums=albums)
258
259	@app.route('/register', methods=['GET', 'POST'])
260	def register():
261	form = RegisterForm()
262	if form.validate_on_submit():
263	if form.password.data == form.passwordchk.data:
264	try:
265	username=form.username.data
266	email=form.email.data
267	u = User.query.filter_by(username=username).first()
268	if u:
269	raise DBException("%s: Username exist" % username)
270	e = User.query.filter_by(email=email).first()
271	if e:
272	raise DBException("%s: Email exist" % email)
273	hashed_password = generate_password_hash(form.password.data, method='sha256')
274	new_user = User(name=form.name.data, username=form.username.data, email=form.email.data, password=hashed_password)
275	except DBException as ex:
276	db.session.rollback()
277	flash(ex)
278	except exc.IntegrityError as ex:
279	db.session.rollback()
280	flash('Create user failed: %s' % ex)
281	except Exception as ex:
282	db.session.rollback()
283	flash("Unknown error {0}".format(ex))
284	else:
285	try:
286	portfolio = Portfolio(name = new_user.name, owner = new_user)
287	db.session.add(portfolio)
288	new_user.portfolios.append(portfolio)
289	db.session.add(new_user)
290	acl = AccessRight(right = Role.read, user = new_user)
291	db.session.add(acl)
292	acl = AccessRight(right = Role.write, user = new_user)
293	db.session.add(acl)
294	acl = AccessRight(right = Role.admin, user = new_user)
295	db.session.add(acl)
296	db.session.commit()
297	app.logger.warning("Registered: %s" % new_user)
298	flash("You have been registered with username: " + form.username.data + os.linesep)
299	flash("Default Portfolio: " + portfolio.name)
300	return redirect(url_for('login'))
301	except exc.IntegrityError as ex:
302	db.session.rollback()
303	flash('Create user failed: %s' % ex)
304	except Exception as ex:
305	db.session.rollback()
306	flash("Unknown error {0}".format(ex))
307	else:
308	flash('Password did not match password check')
309	return render_template('register.html',
310	title='Register',
311	form=form)
312
313	@app.route('/resetpwd')
314	def resetpwd():
315	return '<h1>resetpwd</h1>'
316
317	@app.route('/search', methods=['POST'])
318	def search():
319	form = g.searchForm
320	if form.validate_on_submit():
321	token = form.token.data
322	flash("Search: " + token)
323	return redirect(request.referrer)
324
325	@app.route('/admin')
326	#@login_required
327	def admin():
328	try:
329	if g.user is not None and g.user.is_admin:
330	app.logger.warning("Enter Admin area: %s" % g.user)
331	return render_template('admin.html',
332	title='Administration')
333	except AttributeError:
334	pass
335	app.logger.critical("Tried to enter Admin area: %s" % g.user)
336	return redirect(request.referrer)#redirect(url_for('index'))
337
338