X-Git-Url: http://git.cyclocoop.org/?p=cavote.git;a=blobdiff_plain;f=main.py;h=bff42a018d94c9d87586a810251feed88a4d2e7f;hp=7ff598f5599512e9accaf350ad90aae470b45556;hb=e39a423e56697a035ea099e1f0ab4af1917a5d9e;hpb=09d46c3c1c476da11f48f953d257c9fc6e31b8cd diff --git a/main.py b/main.py index 7ff598f..bff42a0 100755 --- a/main.py +++ b/main.py @@ -207,15 +207,41 @@ def del_role(idrole): def show_votes(votes): today = date.today() if votes == 'all': - votes = query_db('select title, description, date_begin, date_end from votes order by id desc') + votes = query_db('select * from votes order by id desc') elif votes == 'archive': - votes = query_db('select title, description, date_begin, date_end from votes where date_end < (?) order by id desc', [today]) + votes = query_db('select * from votes where date_end < (?) order by id desc', [today]) elif votes == 'current': - votes = query_db('select title, description, date_begin, date_end from votes where date_end >= (?) order by id desc', [today]) + votes = query_db('select * from votes where date_end >= (?) order by id desc', [today]) else: abort(404) return render_template('show_votes.html', votes=votes) +#------ +# Vote + +def can_see_vote(idvote, iduser=-1): + user = query_db('select * from users where id=?', [iduser], one=True) + vote = query_db('select * from votes where id=?', [idvote], one=True) + if user is None and not vote.is_public: + return False + return True # :TODO:maethor:20120529: Check others things + +def can_vote(idvote, iduser=-1): + if not can_see_vote(idvote, iduser): + return False + return True # :TODO:maethor:20120529: Check others things + +@app.route('/vote/') +def show_vote(idvote): + vote = query_db('select * from votes where id=?', [idvote], one=True) + if vote is None: + abort(404) + if can_see_vote(idvote, session.get('user').get('id')): + choices = query_db('select * from choices where id_vote=?', [idvote]) + return render_template('vote.html', vote=vote, choices=choices, can_vote=can_vote(idvote, session.get('user').get('id'))) + flash('Vous n\'avez pas le droit de voir ce vote, désolé.') + return(url_for('home')) + #------------- # Votes admin @@ -272,7 +298,7 @@ def edit_vote(voteid): if 'public' in request.form.keys(): public = 1 isopen = 0 - if request.form['status'] == 'Ouvert': + if request.form['status'] == 'Ouvert': # :TODO:maethor:20120529: Check if there is at least 2 choices before isopen = 1 g.db.execute('update votes set title = ?, description = ?, category = ?, is_transparent = ?, is_public = ?, is_open = ? where id = ?', [request.form['title'], request.form['description'], request.form['category'], transparent, public, isopen, voteid])