routes.py (9476B) download
1import os
2import secrets
3
4from flask import abort, flash, redirect, render_template, request, url_for
5from flask_login import current_user, login_required, login_user, logout_user
6from PIL import Image
7
8from . import app, bcrypt, calendar, db
9from .forms import (LoginForm, RegistrationForm, SubscribeForm, UnsubscribeForm, UpdateAccountForm, NewCourseForm, SearchForm, PermissionForm)
10from .models import Course, CourseMember, User
11
12
13@app.route("/")
14def index():
15 courses = Course.query.all()
16 subscriptions = []
17 teachers = [[teacher.id, teacher.username] for teacher in User.query.filter_by(type='teacher')]
18 if current_user.is_authenticated:
19 subscriptions = [cm.course_id for cm in CourseMember.query.filter_by(
20 user_id=current_user.id)]
21# for coursemember in members:
22# course[] = Course.id
23 return render_template('index.html', calendar=calendar, courses=courses, subs=subscriptions, teachers=teachers)
24
25
26@app.route("/about")
27def about():
28 return render_template('about.html', calendar=calendar, title='About')
29
30
31@app.route("/register", methods=['GET', 'POST'])
32def register():
33 if current_user.is_authenticated:
34 return redirect('/')
35 form = RegistrationForm()
36 if form.validate_on_submit():
37 hashed_password = bcrypt.generate_password_hash(
38 form.password.data).decode('utf-8')
39 user = User(username=form.username.data,
40 email=form.email.data, password=hashed_password)
41 db.session.add(user)
42 db.session.commit()
43 flash('Your account has been created! You are now able to log in', 'success')
44 return redirect(url_for('login'))
45 return render_template('register.html', calendar=calendar, title='Register', form=form)
46
47
48@app.route("/login", methods=['GET', 'POST'])
49def login():
50 if current_user.is_authenticated:
51 return redirect('/')
52 form = LoginForm()
53 if form.validate_on_submit():
54 user = User.query.filter_by(email=form.email.data).first()
55 if user and bcrypt.check_password_hash(user.password, form.password.data):
56 login_user(user, remember=form.remember.data)
57 next_page = request.args.get('next')
58 return redirect(next_page) if next_page else redirect('/')
59 else:
60 flash('Login Unsuccessful. Please check email and password', 'danger')
61 return render_template('login.html', calendar=calendar, title='Login', form=form)
62
63
64@app.route("/logout")
65def logout():
66 logout_user()
67 return redirect('/')
68
69
70def save_picture(form_picture):
71 random_hex = secrets.token_hex(8)
72 _, f_ext = os.path.splitext(form_picture.filename)
73 picture_fn = random_hex + f_ext
74 picturepath = os.path.join(
75 app.root_path, 'static/profile_pics', picture_fn)
76
77 output_size = (125, 125)
78 i = Image.open(form_picture)
79 i.thumbnail(output_size)
80 i.save(picturepath)
81
82 return picture_fn
83
84
85@app.route("/account", methods=['GET', 'POST'])
86@login_required
87def account():
88 form = UpdateAccountForm()
89 if form.validate_on_submit():
90 if form.picture.data:
91 picture_file = save_picture(form.picture.data)
92 current_user.image_file = picture_file
93 current_user.username = form.username.data
94 current_user.email = form.email.data
95 db.session.commit()
96 flash('Your account has been updated!', 'success')
97 return redirect(url_for('account'))
98 elif request.method == 'GET':
99 form.username.data = current_user.username
100 form.email.data = current_user.email
101 image_file = url_for(
102 'static', filename='profile_pics/' + current_user.image_file)
103 return render_template('account.html', calendar=calendar, title='Account', image_file=image_file, form=form)
104
105
106@app.route("/course_overview")
107@login_required
108def course_overview():
109 if not(current_user.type == "admin" or current_user.type == "teacher"):
110 abort(403)
111 courses = Course.query.all()
112 type = current_user.type
113 return render_template('course_overview.html', calendar=calendar, title='Administration Page', courses=courses, type=type)
114
115
116@app.route("/course_overview/new_course", methods=['GET', 'POST'])
117@login_required
118def new_course():
119 if not(current_user.type == "admin" or current_user.type == "teacher"):
120 abort(403)
121 form = NewCourseForm()
122 form.teacher_id.choices = [(g.id, g.username) for g in User.query.filter_by(type='teacher')]
123 if form.validate_on_submit():
124 course = Course(name=form.name.data, description=form.description.data,\
125 teacher_id=form.teacher_id.data, weekday=form.weekday.data,\
126 start=form.start.data, end=form.end.data, location=form.location.data)
127 db.session.add(course)
128 db.session.commit()
129 flash('The course has been created!', 'success')
130 return redirect(url_for('admin'))
131 return render_template('new_course.html', calendar=calendar, title='New Course', form=form)
132
133
134@app.route("/course_overview/course_update/<int:course_id>", methods=['GET', 'POST'])
135@login_required
136def update_course(course_id):
137 if not(current_user.type == "admin" or current_user.type == "teacher"):
138 abort(403)
139 form = NewCourseForm()
140 form.teacher_id.choices = [(g.id, g.username) for g in User.query.filter_by(type='teacher')]
141 course = Course.query.get_or_404(course_id)
142 if form.validate_on_submit():
143 course.name = form.name.data
144 course.description = form.description.data
145 course.teacher_id = form.teacher_id.data
146 course.weekday = form.weekday.data
147 course.start = form.start.data
148 course.end = form.end.data
149 course.location = form.location.data
150 db.session.commit()
151 flash('The course has been updated!', 'success')
152 return redirect(url_for('course_overview'))
153 elif request.method == 'GET':
154 form.name.data = course.name
155 form.description.data = course.description
156 form.teacher_id.data = course.teacher_id
157 form.weekday.data = course.weekday
158 form.start.data = course.start
159 form.end.data = course.end
160 form.location.data = course.location
161 return render_template('update_course.html', calendar=calendar, form=form, legend='Update Language')
162
163
164@app.route("/course/<int:course_id>", methods=['GET', 'POST'])
165def course(course_id):
166 form = SubscribeForm()
167 form2 = UnsubscribeForm()
168 teachers = [[teacher.id, teacher.username] for teacher in User.query.filter_by(type='teacher')]
169 subscribed = None
170 if current_user.is_authenticated:
171 subscribed = CourseMember.query.filter_by(
172 user_id=current_user.id, course_id=course_id).first()
173
174 if form.validate_on_submit() and not subscribed:
175 course = CourseMember(user_id=current_user.id, course_id=course_id)
176 db.session.add(course)
177 db.session.commit()
178 flash('You have subscribed to this course!', 'success')
179 return redirect(url_for('account'))
180
181 if form2.validate_on_submit() and subscribed:
182 db.session.delete(subscribed)
183 db.session.commit()
184 flash('You been have Unsubscribed to this course!', 'success')
185 return redirect(url_for('account'))
186
187 course = Course.query.get_or_404(course_id)
188 return render_template('course.html', calendar=calendar, title=course.name, course=course, form=form, form2=form2, show=not subscribed, teachers=teachers)
189
190@app.route("/delete_course/<int:course_id>", methods=['GET','POST'])
191@login_required
192def delete_course(course_id):
193 if not(current_user.type == "admin"):
194 abort(403)
195 course = Course.query.get_or_404(course_id)
196 db.session.delete(course)
197 db.session.commit()
198 return redirect(url_for('index'))
199
200@app.route("/admin")
201@login_required
202def admin():
203 if not(current_user.type == "admin"):
204 abort(403)
205 courses = Course.query.all()
206 return render_template('admin.html', calendar=calendar, courses=courses)
207
208@app.route("/permissions", methods=['GET','POST'])
209@login_required
210def permissions():
211 if not(current_user.type == "admin"):
212 abort(403)
213 form = SearchForm()
214 if form.validate_on_submit():
215 user = User.query.filter_by(username=form.username.data).first()
216 if user == None:
217 flash(f'No user found in the database with username: {form.username.data}', 'danger')
218 else:
219 flash(f'Username found in the database with username: {form.username.data}', 'success')
220 return redirect(url_for('updatePermissions', user_id= user.id))
221 return render_template('permissions.html', calendar=calendar, form=form)
222
223@app.route("/permissions/update/<int:user_id>", methods=['GET','POST'])
224@login_required
225def updatePermissions(user_id):
226 if not(current_user.type == "admin"):
227 abort(403)
228 form = PermissionForm()
229 user = User.query.filter_by(id=user_id).first()
230 image_file = url_for(
231 'static', filename='profile_pics/' + user.image_file)
232 if form.validate_on_submit():
233 user.type = form.type.data
234 db.session.commit()
235 flash(f'The permissions for user: {user.username} have been set to {user.type}', 'success')
236 return redirect(url_for('permissions'))
237 elif request.method == 'GET':
238 form.type.data = user.type
239 return render_template('updatepermissions.html', calendar=calendar, form=form, user=user, image_file=image_file)