X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=main.py;h=2ab60f8ef8d201050e36a9d8f48836b775b75bf8;hb=a2d3a797375c6e14889d89b975ee32e3068926b6;hp=298c72128be38b151d44df9f58a7d72f21df63d2;hpb=92f3176d2fca9034c05c8efd145c0cd0e7b81928;p=cavote.git diff --git a/main.py b/main.py index 298c721..2ab60f8 100755 --- a/main.py +++ b/main.py @@ -50,7 +50,7 @@ def valid_login(username, password): return query_db('select * from users where email = ? and password = ?', [username, password], one=True) def connect_user(user): - session['user'] = user # :KLUDGE:maethor:120528: Stoquer toute la ligne de la table users dans la session, c'est un peu crade… + session['user'] = user # :KLUDGE:maethor:120528: Stoquer toute la ligne de la table users dans la session, c'est un peu crade #session['user']['id'] = user['id'] #session['user']['name'] = user['name'] #session['user']['email'] = user['email'] @@ -90,7 +90,7 @@ def password_lost(): if user is None: flash('Cet utilisateur n\'existe pas !', 'error') else: - # :TODO:maethor:120528: Générer la clé, la mettre dans la base de données et envoyer le mail + # :TODO:maethor:120528: Generer la cle, la mettre dans la base de données et envoyer le mail flash(u"Un mail a été envoyé à " + user['email'], 'info') return render_template('password_lost.html') @@ -109,13 +109,13 @@ def login_key(userid, key): # User settings @app.route('/user/') -def show_user(userid): +def user(userid): if int(userid) != session.get('user').get('id'): abort(401) - return render_template('show_user.html') + return render_template('user.html') @app.route('/user/settings/', methods=['GET', 'POST']) -def user_settings(userid): +def user_edit(userid): if int(userid) != session.get('user').get('id'): abort(401) if request.method == 'POST': @@ -125,7 +125,7 @@ def user_settings(userid): disconnect_user() # :TODO:maethor:120528: Maybe useless, but this is simple way to refresh session :D flash(u'Votre profil a été mis à jour !', 'success') return redirect(url_for('login')) - return render_template('user_settings.html') + return render_template('user_edit.html') @app.route('/user/password/', methods=['GET', 'POST']) def user_password(userid): @@ -139,20 +139,21 @@ def user_password(userid): flash(u'Votre mot de passe a été mis à jour.', 'success') else: flash(u'Les mots de passe sont différents.', 'error') - return render_template('user_settings.html') + return render_template('user_edit.html') #------------ # User admin -@app.route('/users/admin/list') +@app.route('/admin/users') def admin_users(): if not session.get('user').get('is_admin'): abort(401) - users = query_db('select * from users order by id desc') + users = query_db('select *, roles.name as rolename from (select *, name as username from users join user_role on id=id_user order by id desc) join roles on id_role=roles.id') + # :TODO:maethor:20120530: Find a way to reduce the dict return render_template('admin_users.html', users=users) -@app.route('/users/admin/add', methods=['GET', 'POST']) -def add_user(): +@app.route('/admin/users/add', methods=['GET', 'POST']) +def admin_user_add(): if not session.get('user').get('is_admin'): abort(401) if request.method == 'POST': @@ -165,25 +166,36 @@ def add_user(): g.db.execute('insert into users (email, name, organization, password, is_admin) values (?, ?, ?, ?, ?)', [request.form['email'], request.form['username'], request.form['organization'], password, admin]) g.db.commit() - # :TODO:maethor:120528: Send mail - flash(u'Le nouvel utilisateur a été créé avec succès', 'success') - return redirect(url_for('home')) + user = query_db('select * from users where email = ?', [request.form["email"]], one=True) + if user: + for role in request.form.getlist('roles'): + # :TODO:maethor:120528: Check if this role exist + if query_db('select id from roles where id = ?', role, one=True) is None: + abort(401) + g.db.execute('insert into user_role values (?, ?)', [user['id'], role]) + g.db.commit() + # :TODO:maethor:120528: Send mail + flash(u'Le nouvel utilisateur a été créé avec succès', 'success') + return redirect(url_for('admin_users')) + else: + flash(u'Une erreur s\'est produite.', 'error') else: flash(u"Vous devez spécifier une adresse email.", 'error') - return render_template('add_user.html') + groups = query_db('select * from roles where system=0') + return render_template('admin_user_new.html', groups=groups) #------------- # Roles admin -@app.route('/roles') -def show_roles(): +@app.route('/admin/roles') +def admin_roles(): if not session.get('user').get('is_admin'): abort(401) roles = query_db('select * from roles') - return render_template('show_roles.html', roles=roles) + return render_template('admin_roles.html', roles=roles) -@app.route('/roles/admin/add', methods=['POST']) -def add_role(): +@app.route('/admin/roles/add', methods=['POST']) +def admin_role_add(): if not session.get('user').get('is_admin'): abort(401) if request.method == 'POST': @@ -192,10 +204,10 @@ def add_role(): g.db.commit() else: flash(u"Vous devez spécifier un nom.", "error") - return redirect(url_for('show_roles')) + return redirect(url_for('admin_roles')) -@app.route('/roles/admin/delete/') -def del_role(idrole): +@app.route('/admin/roles/delete/') +def admin_role_del(idrole): if not session.get('user').get('is_admin'): abort(401) role = query_db('select * from roles where id = ?', [idrole], one=True) @@ -205,13 +217,13 @@ def del_role(idrole): abort(401) g.db.execute('delete from roles where id = ?', [idrole]) g.db.commit() - return redirect(url_for('show_roles')) + return redirect(url_for('admin_roles')) #------------ # Votes list @app.route('/votes/') -def show_votes(votes): +def votes(votes): today = date.today() active_button = votes basequery = 'select *, roles.name as rolename from votes join roles on roles.id=votes.id_role where is_open=1' @@ -223,7 +235,7 @@ def show_votes(votes): votes = query_db(basequery + ' and date_end >= (?) order by id desc', [today]) else: abort(404) - return render_template('show_votes.html', votes=votes, active_button=active_button) + return render_template('votes.html', votes=votes, active_button=active_button) #------ # Vote @@ -241,7 +253,7 @@ def can_vote(idvote, iduser=-1): return True # :TODO:maethor:20120529: Check others things @app.route('/vote/') -def show_vote(idvote): +def vote(idvote): vote = query_db('select *, roles.name as rolename from votes join roles on roles.id=votes.id_role where votes.id=?', [idvote], one=True) if vote is None: abort(404) @@ -255,15 +267,15 @@ def show_vote(idvote): #------------- # Votes admin -@app.route('/votes/admin/list') +@app.route('/admin/votes/list') def admin_votes(): if not session.get('user').get('is_admin'): abort(401) votes = query_db('select *, roles.name as rolename from votes join roles on roles.id=votes.id_role order by id desc') return render_template('admin_votes.html', votes=votes) -@app.route('/votes/admin/add', methods=['GET', 'POST']) -def add_vote(): +@app.route('/admin/votes/add', methods=['GET', 'POST']) +def admin_vote_add(): if not session.get('user').get('is_admin'): abort(401) if request.method == 'POST': @@ -292,14 +304,14 @@ def add_vote(): return redirect(url_for('home')) else: flash(u"Le vote a été créé", 'info') - return redirect(url_for('edit_vote', voteid=vote['id'])) + return redirect(url_for('admin_vote_edit', voteid=vote['id'])) else: flash(u'Vous devez spécifier un titre.', 'error') groups = query_db('select * from roles') - return render_template('new_vote.html', groups=groups) + return render_template('admin_vote_new.html', groups=groups) -@app.route('/votes/admin/edit/', methods=['GET', 'POST']) -def edit_vote(voteid): +@app.route('/admin/votes/edit/', methods=['GET', 'POST']) +def admin_vote_edit(voteid): if not session.get('user').get('is_admin'): abort(401) vote = query_db('select * from votes where id = ?', [voteid], one=True) @@ -329,10 +341,10 @@ def edit_vote(voteid): vote['duration'] = 15 group = query_db('select name from roles where id = ?', [vote['id_role']], one=True) choices = query_db('select * from choices where id_vote = ?', [voteid]) - return render_template('edit_vote.html', vote=vote, group=group, choices=choices) + return render_template('admin_vote_edit.html', vote=vote, group=group, choices=choices) -@app.route('/votes/admin/addchoice/', methods=['POST']) -def add_choice(voteid): +@app.route('/admin/votes/addchoice/', methods=['POST']) +def admin_vote_addchoice(voteid): if not session.get('user').get('is_admin'): abort(401) vote = query_db('select * from votes where id = ?', [voteid], one=True) @@ -340,10 +352,10 @@ def add_choice(voteid): abort(404) g.db.execute('insert into choices (name, id_vote) values (?, ?)', [request.form['title'], voteid]) g.db.commit() - return redirect(url_for('edit_vote', voteid=voteid)) + return redirect(url_for('admin_vote_edit', voteid=voteid)) -@app.route('/votes/admin/editchoice//', methods=['POST', 'DELETE']) -def edit_choice(voteid, choiceid): +@app.route('/admin/votes/editchoice//', methods=['POST', 'DELETE']) +def admin_vote_editchoice(voteid, choiceid): if not session.get('user').get('is_admin'): abort(401) choice = query_db('select * from choices where id = ? and id_vote = ?', [choiceid, voteid], one=True) @@ -355,10 +367,10 @@ def edit_choice(voteid, choiceid): elif request.method == 'DELETE': # :COMMENT:maethor:20120528: I can't find how to use it from template g.db.execute('delete from choices where id = ? and id_vote = ?', [choiceid, voteid]) g.db.commt() - return redirect(url_for('edit_vote', voteid=voteid)) + return redirect(url_for('admin_vote_edit', voteid=voteid)) -@app.route('/votes/admin/deletechoice//') -def delete_choice(voteid, choiceid): +@app.route('/admin/votes/deletechoice//') +def admin_vote_deletechoice(voteid, choiceid): if not session.get('user').get('is_admin'): abort(401) choice = query_db('select * from choices where id = ? and id_vote = ?', [choiceid, voteid], one=True) @@ -366,7 +378,7 @@ def delete_choice(voteid, choiceid): abort(404) g.db.execute('delete from choices where id = ? and id_vote = ?', [choiceid, voteid]) g.db.commit() - return redirect(url_for('edit_vote', voteid=voteid)) + return redirect(url_for('admin_vote_edit', voteid=voteid)) #------ # Main