diff --git a/participate.py b/participate.py index 347d115..3152b6d 100755 --- a/participate.py +++ b/participate.py @@ -296,6 +296,32 @@ def save_turn(role_id, day, start, end): return False return True +def update_turn_by_id(turn_id, role_id, wday, start, end): + """ Update turn with provided data """ + check_turn = Tetawebapp_turns.query.filter_by(id=turn_id).count() + if check_turn == 0: + # User does not exist + print "[+] User does not exist" + return False + turn = Tetawebapp_turns.query.filter_by(id=turn_id).first() + setattr(turn, 'role_id', role_id) + setattr(turn, 'wday', wday) + setattr(turn, 'start_time', start) + setattr(turn, 'end_time', end) + try: + db.session.add(turn) + commit = db.session.commit() + except Exception as e: + db.session.rollback() + print "[+] Error at update_turn:" + print "------------------------------" + print "%s" % e.message + print "------------------------------" + return False + if commit != None: + return False + return True + def drop_turn(turn_id): """ Delete staff turn """ try: @@ -480,13 +506,19 @@ def account_by_id(ID): if session['is_admin']: page = str(request.url_rule) menu = get_menu(page) - user = Tetawebapp_users.query.filter_by(id=ID).first() + message = "ID de l'utilisateur non conforme" + staffers = Tetawebapp_users.query.filter_by(is_admin=0).order_by(Tetawebapp_users.name).all() + user_id = int(ID.encode('utf-8')) + user = Tetawebapp_users.query.filter_by(id=user_id).first() return render_template('account_by_id.html', menu=menu, user=user) # User is not admin return render_template('login_or_register.html', message="Utilisateur ou mot de passe invalide") except AttributeError: # User is not logged in return render_template('login_or_register.html', message="Utilisateur ou mot de passe invalide") + except ValueError: + # ID is not an integer + return render_template('list_users.html', menu=menu, staffers=staffers, message=message) @app.route("/account/update/", methods=['GET', 'POST']) @check_session @@ -502,20 +534,23 @@ def update_account_by_id(ID): name = request.form.get('name').encode('utf-8') phone = request.form.get('phone').encode('utf-8') diet = request.form.get('diet').encode('utf-8') - if update_user_by_id(ID, login, password, confirm, name, phone, diet): + message = "ID de l'utilisateur non conforme" + staffers = Tetawebapp_users.query.filter_by(is_admin=0).order_by(Tetawebapp_users.name).all() + user_id = int(ID.encode('utf-8')) + if update_user_by_id(user_id, login, password, confirm, name, phone, diet): user = Tetawebapp_users.query.filter_by(id=ID).first() message = check_user_info() else: message = "Erreur lors de l'enregistrement des données." - return render_template('account_by_id.html', - menu=menu, - user=user, - message=message) + return render_template('account_by_id.html', menu=menu, user=user,message=message) # User is not admin return render_template('login_or_register.html', message="Utilisateur ou mot de passe invalide") except AttributeError: # User is not logged in return render_template('login_or_register.html', message="Utilisateur ou mot de passe invalide") + except ValueError: + # ID is not an integer + return render_template('list_users.html', menu=menu, staffers=staffers, message=message) @app.route("/account/delete/", methods=['GET', 'POST']) @check_session @@ -524,17 +559,22 @@ def delete_account(ID): try: if session['is_admin']: message = "Erreur lors de la suppression.".decode('utf-8') - if delete_user(ID): - message = '' page = str(request.url_rule) menu = get_menu(page) staffers = Tetawebapp_users.query.filter_by(is_admin=0).order_by(Tetawebapp_users.name).all() + user_id = int(ID.encode('utf-8')) + if delete_user(user_id): + message = '' + staffers = Tetawebapp_users.query.filter_by(is_admin=0).order_by(Tetawebapp_users.name).all() return render_template('list_users.html', menu=menu, staffers=staffers, message=message) # User is not admin return render_template('login_or_register.html', message="Utilisateur ou mot de passe invalide") except AttributeError: # User is not logged in return render_template('login_or_register.html', message="Utilisateur ou mot de passe invalide") + except ValueError: + # ID is not an integer + return render_template('list_users.html', menu=menu, staffers=staffers, message=message) @app.route("/turns", methods=['GET', 'POST']) @check_session @@ -596,25 +636,52 @@ def add_turn(): @app.route("/turn/", methods=['GET', 'POST']) @check_session -def update_turn_by_id(ID): - +def turn_by_id(ID): + try: + if session['is_admin']: + page = str(request.url_rule) + menu = get_menu(page) + roles = Tetawebapp_roles.query.order_by(Tetawebapp_roles.id).all() + days = ['Jeudi', 'Vendredi', 'Samedi', 'Dimanche'] + message = 'ID du tour de staff non conforme' + turns = Tetawebapp_turns.query.join(Tetawebapp_roles, Tetawebapp_turns.role_id==Tetawebapp_roles.id).add_columns(Tetawebapp_roles.role).order_by(Tetawebapp_turns.role_id).all() + turn_id = int(ID.encode('utf-8')) + turn = Tetawebapp_turns.query.filter_by(id=ID).first() + return render_template('turn_by_id.html', menu=menu, page=page, turn=turn, roles=roles, days=days) + except AttributeError: + # User is not logged in + return render_template('login_or_register.html', message="Utilisateur ou mot de passe invalide") + except ValueError: + # ID is not an integer + return render_template('list_turns.html', menu=menu, page=page, turns=turns, message=message) - -#~ @app.route("/turn/update/", methods=['GET', 'POST']) -#~ @check_session -#~ def update_turn(ID): - #~ """ Update given staff turn """ - #~ try: - #~ if session['is_admin']: - #~ page = str(request.url_rule) - #~ menu = get_menu(page) - #~ turn = Tetawebapp_turns.query.filter_by(id=ID).join(Tetawebapp_roles, Tetawebapp_turns.role_id==Tetawebapp_roles.id).add_columns(Tetawebapp_roles.role).order_by(Tetawebapp_turns.role_id).all() - #~ return render_template('update_turn.html', menu=menu, page=page, turn=turn) - #~ # User is not admin - #~ return render_template('login_or_register.html', message="Utilisateur ou mot de passe invalide") - #~ except AttributeError: - #~ # User is not logged in - #~ return render_template('login_or_register.html', message="Utilisateur ou mot de passe invalide") +@app.route("/turn/update/", methods=['GET', 'POST']) +@check_session +def update_turn(ID): + """ Update given staff turn """ + try: + role_id = request.form.get('role_id').encode('utf-8') + day = request.form.get('day').encode('utf-8') + start = request.form.get('start').encode('utf-8') + end = request.form.get('end').encode('utf-8') + if session['is_admin']: + page = str(request.url_rule) + menu = get_menu(page) + turns = Tetawebapp_turns.query.join(Tetawebapp_roles, Tetawebapp_turns.role_id==Tetawebapp_roles.id).add_columns(Tetawebapp_roles.role).order_by(Tetawebapp_turns.role_id).all() + message = "Erreur lors de l'enregistrement.".decode('utf-8') + turn_id = int(ID.encode('utf-8')) + if update_turn_by_id(turn_id, role_id, day, start, end): + turns = Tetawebapp_turns.query.join(Tetawebapp_roles, Tetawebapp_turns.role_id==Tetawebapp_roles.id).add_columns(Tetawebapp_roles.role).order_by(Tetawebapp_turns.role_id).all() + message = '' + return render_template('list_turns.html', menu=menu, page=page, turns=turns, message=message) + # User is not admin + return render_template('login_or_register.html', message="Utilisateur ou mot de passe invalide") + except AttributeError as e: + # User is not logged in + return render_template('login_or_register.html', message="Utilisateur ou mot de passe invalide") + except ValueError: + # ID is not an integer + return render_template('list_turns.html', menu=menu, page=page, turns=turns, message=message) @app.route("/turn/delete/", methods=['GET', 'POST']) @check_session @@ -626,7 +693,8 @@ def delete_turn(ID): page = str(request.url_rule) menu = get_menu(page) turns = Tetawebapp_turns.query.join(Tetawebapp_roles, Tetawebapp_turns.role_id==Tetawebapp_roles.id).add_columns(Tetawebapp_roles.role).order_by(Tetawebapp_turns.role_id).all() - if drop_turn(ID): + turn_id = int(ID.encode('utf-8')) + if drop_turn(turn_id): message = '' turns = Tetawebapp_turns.query.join(Tetawebapp_roles, Tetawebapp_turns.role_id==Tetawebapp_roles.id).add_columns(Tetawebapp_roles.role).order_by(Tetawebapp_turns.role_id).all() return render_template('list_turns.html', menu=menu, turns=turns, message=message) @@ -636,116 +704,9 @@ def delete_turn(ID): except AttributeError: # User is not logged in return render_template('login_or_register.html', message="Utilisateur ou mot de passe invalide") - - - - - - - - - - -@app.route("/basics", methods=['GET', 'POST']) -@check_session -def basics(): - """ Basics page """ - page = str(request.url_rule) - menu = get_menu(page) - return render_template('basics.html', menu=menu) - -@app.route("/inputs", methods=['GET', 'POST']) -@check_session -def inputs(): - """ Show the input collection """ - page = str(request.url_rule) - menu = get_menu(page) - return render_template('inputs.html', menu=menu) - -@app.route("/ajax", methods=['GET', 'POST']) -@check_session -def ajax(): - """ Propose various AJAX tests """ - page = str(request.url_rule) - menu = get_menu(page) - return render_template('ajax.html', menu=menu) - -@app.route("/database", methods=['GET', 'POST']) -@check_session -def database(): - """ A blah on using databases """ - page = str(request.url_rule) - menu = get_menu(page) - return render_template('database.html', menu=menu) - -@app.route("/todo", methods=['GET', 'POST']) -@check_session -def todo(): - """ The famous TODO list """ - page = str(request.url_rule) - menu = get_menu(page) - return render_template('todo.html', menu=menu) - -######################################################################## -# AJAX routes -######################################################################## - -@app.route("/get_html_from_ajax", methods=['GET', 'POST']) -@check_session -def get_html_from_ajax(): - """ Return HTML code to an AJAX request - It may generate a 404 http error for testing purpose """ - if int(random.random()*10) % 2: - # Randomly generate 404 HTTP response - return render_template('error.html'), 404 - return render_template('ajax_html.html') - -@app.route("/get_value_from_ajax", methods=['GET', 'POST']) -@check_session -def get_value_from_ajax(): - """ Return a randomly generated value to an AJAX request - It may return an error code for testing purpose """ - err_code = 'TETA_ERR' - RND = int(random.random()*10) - if RND % 2: - # Randomly generate error - return err_code - return str(RND) - -@app.route("/set_value_from_ajax/", methods=['GET', 'POST']) -@check_session -def set_value_from_ajax(value): - """ Accept a value from an AJAX request - It may return an error code for testing purpose """ - err_code = 'TETA_ERR' - if value != 'We Make Porn': - return 'True' - return err_code - -@app.route("/upload", methods=['POST']) -@check_session -def upload(): - """ Save a file from AJAX request - Files are saved in UPLOADED_FILES_DEST (see config.local.py) """ - err_code = 'TETA_ERR' - RND = int(random.random()*10) - if RND % 2: - # Randomly generate error - print err_code - return err_code - uploaded_files = [] - if len(request.files) > 0 and request.files['files']: - uploaded_files = request.files.getlist("files") - print "Uploaded files:" - for f in uploaded_files: - print ' [+] %s [%s]' % (f.filename, f.content_type) - # Before saving you should: - # - Secure the filename - # - Check file size - # - Check content type - f.save(os.path.join(app.config['UPLOADED_FILES_DEST'], f.filename)) - f.close() - return "OK" + except ValueError: + # ID is not an integer + return render_template('list_turns.html', menu=menu, page=page, turns=turns, message=message) ######################################################################## # Main diff --git a/static/scripts/participate.js b/static/scripts/participate.js index b4b5fde..5d9538b 100644 --- a/static/scripts/participate.js +++ b/static/scripts/participate.js @@ -54,7 +54,7 @@ function save_turn() { alert("Heure de début invalide.\n\nVeuillez respecter le format HH:MM:SS"); return false; } - if (! regTime.test(end)){ + if (! regTime.test(end) || s_end[0] > 23 || s_end[1] > 59 || s_end[2] > 59){ alert("Heure de fin invalide.\n\nVeuillez respecter le format HH:MM:SS"); return false; } diff --git a/templates/ajax.html b/templates/ajax.html deleted file mode 100644 index 99d9fc1..0000000 --- a/templates/ajax.html +++ /dev/null @@ -1,49 +0,0 @@ -{% extends "index.html" %} -{% block title %}Ajax{% endblock %} - {% block main %} -
-
-

Get HTML response from AJAX

-

Click the refresh button to get the HTML response.

-

The response may randomly be a voluntary error so you should try it more than once.

- Refresh: -
-
-

Upload files with AJAX

-

Select files to upload

-

The response may randomly be a voluntary error so you should try it more than once.

- Upload files: -
- - - -
-
-
-
-
-
-
-
-

Set value via AJAX

-

Send value to the application.

-

If value is empty or is "We Make Porn" (case sensitive), an error is raised.

- - -
-
-

Get value from AJAX

-

Get a random value from the application.

-

Randomly raises a voluntary error so you should try it more than once.

- - -
-
- {% endblock %} diff --git a/templates/ajax_html.html b/templates/ajax_html.html deleted file mode 100644 index 2829abc..0000000 --- a/templates/ajax_html.html +++ /dev/null @@ -1,24 +0,0 @@ -

This is the title

-dummy pic -

- Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore - et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut - aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum - dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui - officia deserunt mollit anim id est laborum. Lorem ipsum dolor sit amet, consectetur adipiscing elit, - sed do eiusmod tempor incididunt ut labore -

-

This link will lead to an error page

-

- et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut - aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum - dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui - officia desers unt mollit anim id est laborum. -

-

- Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore - et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut - aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum - dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui - officia deserunt mollit anim id est laborum. -

diff --git a/templates/articles.html b/templates/articles.html deleted file mode 100644 index bcb1d6a..0000000 --- a/templates/articles.html +++ /dev/null @@ -1,12 +0,0 @@ -{% extends "index.html" %} -{% block title %}Articles{% endblock %} - {% block main %} -
-

Informations personnelles

-

- Please select your article -

-
-
-
- {% endblock %} diff --git a/templates/articles_by_id.html b/templates/articles_by_id.html deleted file mode 100644 index b17b68c..0000000 --- a/templates/articles_by_id.html +++ /dev/null @@ -1,65 +0,0 @@ -{% extends "index.html" %} -{% block title %}Articles{% endblock %} - {% block main %} -
-

Article #{{ ID }}

- dummy pic -

- Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore - et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut - aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum - dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui - officia deserunt mollit anim id est laborum. Lorem ipsum dolor sit amet, consectetur adipiscing elit, - sed do eiusmod tempor incididunt ut labore -

-

This link will lead to an error page

-

- et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut - aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum - dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui - officia desers unt mollit anim id est laborum. -

-
    -
  • plop
    • -
  • plap
    • -
  • plip
    • -
-
    -
  1. plop
    2. -
  2. plap
    3. -
  3. plip
    4. -
-

- Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore - et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut - aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum - dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui - officia deserunt mollit anim id est laborum. -

-
-
-

Another disposition

- dummy pic -

- Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore - et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut - aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum - dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui - officia deserunt mollit anim id est laborum. Lorem ipsum dolor sit amet, consectetur adipiscing elit, - sed do eiusmod tempor incididunt ut labore -

-

- et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut - aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum - dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui - officia deserunt mollit anim id est laborum. -

-

- Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore - et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut - aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum - dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui - officia deserunt mollit anim id est laborum. -

-
- {% endblock %} diff --git a/templates/basics.html b/templates/basics.html deleted file mode 100644 index 941399f..0000000 --- a/templates/basics.html +++ /dev/null @@ -1,68 +0,0 @@ -{% extends "index.html" %} -{% block title %}Basics{% endblock %} - {% block main %} -
-

Basics

-

- Thanks to Python/Flask with TetaWebApp most of the output things come to life via - Jinja2 HTML templates - and is 100% HTML5 ready©. -

-

- Colors and fonts are managed from separated CSS files letting you easily - change the default theme to your favorite colors and icon set. -

- 
-/*
-* Here are the font definitions.
-* You can modify it or create your own and make it loaded
-* after this one in the HTML header section of the index.html
-* template file.
-*/
-
-@font-face {
-	font-family: "Roboto Condensed";
-	font-style: normal;
-	font-weight: 400;
-	src: var(--font-normal);
-}
-
-@font-face {
-	font-family: "Roboto Condensed";
-	font-style: normal;
-	font-weight: 700;
-	src: var(--font-bold);
-}
-
- 
-/*
-* Here are the base color scheme and icon set.
-* You can modify it or create your own using the same variables
-* and make it loaded after this one but before the fonts.css in
-* the HTML header section of the index.html template file.
-*/
-:root {
-    --coloured-bg: #FF5D00;
-    --light-coloured-bg: #FFB387;
-    --clear-bg: #E5E5E5;
-    --mid-bg: #BBBBBB;
-    --dark-bg: #2B2B2B;
-    --dark-border: #888888;
-    --text-color: #555555;
-    --white: #FFFFFF;
-    --black: #000000;
-    --font-normal: url("/static/fonts/RobotoCondensed-Regular.ttf") format("truetype");
-    --font-bold: url("/static/fonts/RobotoCondensed-Bold.ttf") format("truetype");
-    --banner-logo: url(/static/images/logo.png);
-    --add_icon: url(/static/images/add.png);
-    --edit_icon: url(/static/images/edit.png);
-    --login_icon: url(/static/images/login.png);
-    --logout_icon: url(/static/images/logout.png);
-    --refresh_icon: url(/static/images/refresh.png);
-    --save_icon: url(/static/images/save.png);
-    --search_icon: url(/static/images/search.png);
-    --trash_icon: url(/static/images/trash.png);
-}
-
-
- {% endblock %} diff --git a/templates/database.html b/templates/database.html deleted file mode 100644 index df73b8a..0000000 --- a/templates/database.html +++ /dev/null @@ -1,12 +0,0 @@ -{% extends "index.html" %} -{% block title %}Database{% endblock %} - {% block main %} -
-

Accessing database

-

- Even if using Flask-SQLAlchemy to retrieve data - stored in Postgres databases is the recommended way to use TetaWebApp, - you're free to use the database connector that suits your need. -

-
- {% endblock %} diff --git a/templates/inputs.html b/templates/inputs.html deleted file mode 100644 index 9059bc8..0000000 --- a/templates/inputs.html +++ /dev/null @@ -1,53 +0,0 @@ -{% extends "index.html" %} -{% block title %}Inputs{% endblock %} - {% block main %} -
-

The input collection

-

- Have a look to the input collection: -

- - -
- -
- - -
- -
- - - - - - - - - -
- - -
-
- 
-#!/bin/sh
-# This is code sample
-while [ 1 ]
-do
-  echo "Tits or GTFO !"
-  sleep .1
-done
-
-
- {% endblock %} diff --git a/templates/login.html b/templates/login.html deleted file mode 100644 index 0b5aa17..0000000 --- a/templates/login.html +++ /dev/null @@ -1,18 +0,0 @@ -{% extends "index.html" %} -{% block title %}Login{% endblock %} -{% block nav %}{% endblock %} -{% block main %} - - {% if message != '' %} - 
{{ message }}
- {% endif %} -
-
- Login: - Password: - -
-
-{% endblock %} diff --git a/templates/todo.html b/templates/todo.html deleted file mode 100644 index 9d576c8..0000000 --- a/templates/todo.html +++ /dev/null @@ -1,18 +0,0 @@ -{% extends "index.html" %} -{% block title %}TODO{% endblock %} - {% block main %} -
-

TODO list

-
    -
  • Basic menu management
    • -
  • Installation wizard
    • -
  • Back office for basic content management
    • -
  • Basic Ajax support
    • -
  • Session management
    • -
  • File upload
    • -
  • Basic documentation
    • -
  • Horizontal navbar
    • -
  • License
    • -
-
- {% endblock %} diff --git a/templates/turn_by_id.html b/templates/turn_by_id.html new file mode 100644 index 0000000..23e5dc6 --- /dev/null +++ b/templates/turn_by_id.html @@ -0,0 +1,30 @@ +{% extends "index.html" %} +{% block title %}Mise à jour du tour de staff{% endblock %} + {% block main %} +
+

Tour de staff:

+
+
+
+
+
+ +
+
+ {% endblock %} diff --git a/templates/update_turn.html b/templates/update_turn.html deleted file mode 100644 index 463226e..0000000 --- a/templates/update_turn.html +++ /dev/null @@ -1,22 +0,0 @@ -{% extends "index.html" %} -{% block title %}Nouveau tour de staff{% endblock %} - {% block main %} -
-

Miuse à jour du tour de staff

-
-
-
-
-
- -
-
- {% endblock %}