X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=main.py;h=c26c2cb171165085ec3fcfed02db7efb5ab86073;hb=f42b7613c22add2650031ac5fa04065d82393436;hp=fdb1de4a6dd7431a65eee2fe5d5d27bf52c046fc;hpb=cadc3894e85527dd5c0688287f8a60638113bae6;p=cavote.git diff --git a/main.py b/main.py index fdb1de4..c26c2cb 100755 --- a/main.py +++ b/main.py @@ -4,19 +4,20 @@ from flask import Flask, request, session, g, redirect, url_for, abort, \ render_template, flash import sqlite3 -from datetime import date +from datetime import date, timedelta +from contextlib import closing +import locale +locale.setlocale(locale.LC_ALL, '') DATABASE = '/tmp/cavote.db' SECRET_KEY = '{J@uRKO,xO-PK7B,jF?>iHbxLasF9s#zjOoy=+:' DEBUG = True -USERNAME = 'admin' -PASSWORD = 'admin' app = Flask(__name__) app.config.from_object(__name__) def connect_db(): - return sqlite3.connect(app.config['DATABASE']) + return sqlite3.connect(app.config['DATABASE']) @app.before_request def before_request(): @@ -26,45 +27,247 @@ def before_request(): def teardown_request(exception): g.db.close() -@app.route('/admin/votes') -def show_votes(): - cur = g.db.execute('select title, description from votes order by id desc') - votes = [dict(title=row[0], description=row[1]) for row in cur.fetchall()] - return render_template('show_votes.html', votes=votes) +@app.route('/') +def home(): + return render_template('index.html') -@app.route('/admin/vote/add', methods=['POST']) -def add_vote(): - if not session.get('logged_in'): - abort(401) - g.db.execute('insert into votes (title, description) values (?, ?)', - [request.form['title'], request.form['description']]) - g.db.commit() - flash('New entry was successfully posted') - return redirect(url_for('show_votes')) +def query_db(query, args=(), one=False): + cur = g.db.execute(query, args) + rv = [dict((cur.description[idx][0], value) + for idx, value in enumerate(row)) for row in cur.fetchall()] + return (rv[0] if rv else None) if one else rv + +def init_db(): + with closing(connect_db()) as db: + with app.open_resource('schema.sql') as f: + db.cursor().executescript(f.read()) + db.commit() + +#---------------- +# Login / Logout + +def valid_login(username, password): + return query_db('select * from users where email = ? and password = ?', [username, password], one=True) + +def connect_user(user): + session['user'] = user # :KLUDGE:maethor:120528: Stoquer toute la ligne de la table users dans la session, c'est un peu crade… + #session['user']['id'] = user['id'] + #session['user']['name'] = user['name'] + #session['user']['email'] = user['email'] + #session['user']['organization'] = user['organization'] + #if user['is_admin'] == 1: + # session['user']['is_admin'] = True + +def disconnect_user(): + session.pop('user', None) @app.route('/login', methods=['GET', 'POST']) def login(): - error = None if request.method == 'POST': - if request.form['username'] != app.config['USERNAME']: - error = 'Invalid username' - elif request.form['password'] != app.config['PASSWORD']: - error = 'Invalid password' + user = valid_login(request.form['username'], request.form['password']) + if user is None: + flash('Invalid username/password', 'error') else: - session['logged_in'] = True - flash('You were logged in') - return redirect(url_for('show_votes')) - return render_template('login.html', error=error) + connect_user(user) + flash('You were logged in', 'success') + return redirect(url_for('home')) + return render_template('login.html') @app.route('/logout') def logout(): - session.pop('logged_in', None) - flash('You were logged out') - return redirect(url_for('show_votes')) + disconnect_user() + flash('You were logged out', 'info') + return redirect(url_for('home')) + +#----------------- +# Change password + +@app.route('/password/lost', methods=['GET', 'POST']) +def password_lost(): + info = None + if request.method == 'POST': + user = query_db('select * from users where email = ?', [request.form['email']], one=True) + if user is None: + flash('Cet utilisateur n\'existe pas !', 'error') + else: + # :TODO:maethor:120528: Générer la clé, la mettre dans la base de données et envoyer le mail + flash(u"Un mail a été envoyé à " + user['email'], 'info') + return render_template('password_lost.html') +@app.route('/login//') +def login_key(userid, key): + user = query_db('select * from users where id = ? and key = ?', [userid, key], one=True) + if user is None or key == "invalid": + abort(404) + else: + connect_user(user) + # :TODO:maethor:120528: Remplacer la clé pour qu'elle ne puisse plus être utilisée (invalid) + flash(u"Veuillez mettre à jour votre mot de passe", 'info') + return redirect(url_for('user_password'), userid=user['userid']) +#--------------- +# User settings + +@app.route('/user/') +def show_user(userid): + if int(userid) != session.get('user').get('id'): + abort(401) + return render_template('show_user.html') + +@app.route('/user/settings/', methods=['GET', 'POST']) +def user_settings(userid): + if int(userid) != session.get('user').get('id'): + abort(401) + if request.method == 'POST': + g.db.execute('update users set email = ?, name = ?, organization = ? where id = ?', + [request.form['email'], request.form['name'], request.form['organization'], session['user']['id']]) + g.db.commit() + disconnect_user() # :TODO:maethor:120528: Maybe useless, but this is simple way to refresh session :D + flash(u'Votre profil a été mis à jour !', 'success') + return redirect(url_for('login')) + return render_template('user_settings.html') + +@app.route('/user/password/', methods=['GET', 'POST']) +def user_password(userid): + if int(userid) != session.get('user').get('id'): + abort(401) + if request.method == 'POST': + if request.form['password'] == request.form['password2']: + # :TODO:maethor:120528: Chiffrer le mot de passe ! + g.db.execute('update users set password = ? where id = ?', [request.form['password'], session['user']['id']]) + g.db.commit() + flash(u'Votre mot de passe a été mis à jour.', 'success') + else: + flash(u'Les mots de passe sont différents.', 'error') + return render_template('user_settings.html') + +#------------ +# User admin + +@app.route('/users/admin/add', methods=['GET', 'POST']) +def add_user(): + if not session.get('user').get('is_admin'): + abort(401) + if request.method == 'POST': + if request.form['email']: + # :TODO:maethor:120528: Check fields + password = "toto" # :TODO:maethor:120528: Generate password + admin = 0 + if 'admin' in request.form.keys(): + admin = 1 + g.db.execute('insert into users (email, name, organization, password, is_admin) values (?, ?, ?, ?, ?)', + [request.form['email'], request.form['username'], request.form['organization'], password, admin]) + g.db.commit() + # :TODO:maethor:120528: Send mail + flash(u'Le nouvel utilisateur a été créé avec succès', 'success') + return redirect(url_for('home')) + else: + flash(u"Vous devez spécifier une adresse email.", 'error') + return render_template('add_user.html') + +#------------ +# Votes list + +@app.route('/votes/') +def show_votes(votes): + today = date.today() + if votes == 'all': + votes = query_db('select title, description, date_begin, date_end from votes order by id desc') + elif votes == 'archive': + votes = query_db('select title, description, date_begin, date_end from votes where date_end < (?) order by id desc', [today]) + elif votes == 'current': + votes = query_db('select title, description, date_begin, date_end from votes where date_end >= (?) order by id desc', [today]) + else: + abort(404) + return render_template('show_votes.html', votes=votes) + +#------------- +# Votes admin + +@app.route('/votes/admin/add', methods=['GET', 'POST']) +def add_vote(): + if not session.get('user').get('is_admin'): + abort(401) + if request.method == 'POST': + if request.form['title']: + date_begin = date.today() + date_end = date.today() + timedelta(days=int(request.form['days'])) + transparent = 0 + public = 0 + multiplechoice = 0 + if 'transparent' in request.form.keys(): + transparent = 1 + if 'public' in request.form.keys(): + public = 1 + if 'multiplechoice' in request.form.keys(): + multiplechoice = 1 + g.db.execute('insert into votes (title, description, date_begin, date_end, is_transparent, is_public, is_multiplechoice) values (?, ?, ?, ?, ?, ?, ?)', + [request.form['title'], request.form['description'], date_begin, date_end, transparent, public, multiplechoice]) + g.db.commit() + vote = query_db('select * from votes where title = ? and date_begin = ? order by id desc', + [request.form['title'], date_begin], one=True) # :DEBUG:maethor:20120528: Bug possible car le titre n'est pas unique + if vote is None: + flash(u'Une erreur est survenue !', 'error') + return redirect(url_for('home')) + else: + flash(u"Le vote a été créé", 'info') + return redirect(url_for('edit_vote', voteid=vote['id'])) + else: + flash(u'Vous devez spécifier un titre.', 'error') + return render_template('new_vote.html') + +@app.route('/votes/admin/edit/', methods=['GET', 'POST']) +def edit_vote(voteid): + if not session.get('user').get('is_admin'): + abort(401) + vote = query_db('select * from votes where id = ?', [voteid], one=True) + if vote is None: + abort(404) + #if request.method == 'POST': + # :TODO:maethor:20120528 + choices = query_db('select * from choices where id_vote = ?', [voteid]) + return render_template('edit_vote.html', vote=vote, choices=choices) + +@app.route('/votes/admin/addchoice/', methods=['POST']) +def add_choice(voteid): + if not session.get('user').get('is_admin'): + abort(401) + vote = query_db('select * from votes where id = ?', [voteid], one=True) + if vote is None: + abort(404) + g.db.execute('insert into choices (name, id_vote) values (?, ?)', [request.form['title'], voteid]) + g.db.commit() + return redirect(url_for('edit_vote', voteid=voteid)) + +@app.route('/votes/admin/editchoice//', methods=['POST', 'DELETE']) +def edit_choice(voteid, choiceid): + if not session.get('user').get('is_admin'): + abort(401) + choice = query_db('select * from choices where id = ? and id_vote = ?', [choiceid, voteid], one=True) + if choice is None: + abort(404) + if request.method == 'POST': + g.db.execute('update choices set name=? where id = ? and id_vote = ?', [request.form['title'], choiceid, voteid]) + g.db.commit() + elif request.method == 'DELETE': # :COMMENT:maethor:20120528: I can't find how to use it from template + g.db.execute('delete from choices where id = ? and id_vote = ?', [choiceid, voteid]) + g.db.commt() + return redirect(url_for('edit_vote', voteid=voteid)) + +@app.route('/votes/admin/deletechoice//') +def delete_choice(voteid, choiceid): + if not session.get('user').get('is_admin'): + abort(401) + choice = query_db('select * from choices where id = ? and id_vote = ?', [choiceid, voteid], one=True) + if choice is None: + abort(404) + g.db.execute('delete from choices where id = ? and id_vote = ?', [choiceid, voteid]) + g.db.commit() + return redirect(url_for('edit_vote', voteid=voteid)) + +#------ +# Main if __name__ == '__main__': app.run() -