il y a 10 ans · 6be75afe5c
--- a/main.py
+++ b/main.py
@@ -235,7 +235,10 @@ def user_password(userid):
 
				 def admin_users():
			
 
				     if not session.get('user').get('is_admin'):
			
 
				         abort(401)
			
 
				-    tuples = query_db('select *, groups.name as groupname from (select *, id as userid, name as username from users join user_group on id=id_user order by id desc) join groups on id_group=groups.id')
			
 
				+    tuples = query_db('select *, groups.name as groupname \
			
 
				+                       from (select *, id as userid, name as username \
			
 
				+                         from users join user_group on id=id_user order by id desc) \
			
 
				+                       join groups on id_group=groups.id')
			
 
				     users = dict()
			
 
				     for t in tuples:
			
 
				         if t['userid'] in users:
			
@@ -263,7 +266,8 @@ def admin_user_add():
 
				                         if 'admin' in request.form.keys():
			
 
				                             admin = 1
			
 
				                         key = 'v%s' % keygen()
			
 
				-                        g.db.execute('insert into users (email, openid, name, organization, password, is_admin, key) values (?, ?, ?, ?, ?, ?, ?)',
			
 
				+                        g.db.execute('insert into users (email, openid, name, organization, password, is_admin, key) \
			
 
				+                                      values (?, ?, ?, ?, ?, ?, ?)',
			
 
				                                 [request.form['email'],
			
 
				                                     request.form['openid'],
			
 
				                                     request.form['username'],
			
@@ -347,7 +351,9 @@ def admin_user_edit(iduser):
 
				                             g.db.execute('insert into user_group values (?, ?)', [user['id'], group['id']])
			
 
				                             g.db.commit()
			
 
				                 user = query_db('select * from users where id = ?', [iduser], one=True)
			
 
				-                user['groups'] = query_db('select groups.* from groups join user_group on groups.id = user_group.id_group where id_user = ?', [iduser])
			
 
				+                user['groups'] = query_db('select groups.* from groups \
			
 
				+                                           join user_group on groups.id = user_group.id_group \
			
 
				+                                           where id_user = ?', [iduser])
			
 
				                 flash(u'Le profil a été mis à jour !', 'success')
			
 
				             else:
			
 
				                 flash(u'Le nom ' + request.form['name'] + u' est déjà pris ! Veuillez en choisir un autre.', 'error')
			
@@ -374,7 +380,11 @@ def admin_user_del(iduser):
 
				 def admin_groups():
			
 
				     if not session.get('user').get('is_admin'):
			
 
				         abort(401)
			
 
				-    groups = query_db('select groups.*, count(user_group.id_user) as nb_users from (select groups.*, count(votes.id) as nb_votes from groups left join votes on votes.id_group = groups.id group by groups.id) as groups left join user_group on user_group.id_group = groups.id group by groups.id')
			
 
				+    groups = query_db('select groups.*, count(user_group.id_user) as nb_users \
			
 
				+                       from (select groups.*, count(votes.id) as nb_votes \
			
 
				+                         from groups left join votes on votes.id_group = groups.id \
			
 
				+                         group by groups.id) as groups \
			
 
				+                       left join user_group on user_group.id_group = groups.id group by groups.id')
			
 
				     return render_template('admin_groups.html', groups=groups)
			
 
				 
			
 
				 @app.route('/admin/groups/add', methods=['POST'])
			
@@ -409,11 +419,20 @@ def admin_group_del(idgroup):
 
				 def votes(votes):
			
 
				     today = date.today()
			
 
				     active_button = votes
			
 
				-    max_votes ='select id_group, count(*) as max_votes from user_group group by id_group'
			
 
				-    basequery = 'select votes.*, max_votes from votes left join (' + max_votes + ') as max_votes on votes.id_group = max_votes.id_group'
			
 
				-    nb_votes = 'select id_vote, count(*) as nb_votes from (select id_user, id_vote from user_choice join choices on id_choice = choices.id group by id_user, id_vote) group by id_vote'
			
 
				-    basequery = 'select * from (' + basequery + ') left join (' + nb_votes + ') on id = id_vote'
			
 
				-    basequery = 'select *, votes.id as voteid, groups.name as groupname from (' + basequery + ') as votes join groups on groups.id = id_group where is_open=1 and is_hidden=0'
			
 
				+    max_votes = 'select id_group, count(*) as max_votes from user_group group by id_group'
			
 
				+    basequery = 'select votes.*, max_votes from votes \
			
 
				+                 left join (' + max_votes + ') as max_votes on votes.id_group = max_votes.id_group'
			
 
				+    nb_votes = 'select id_vote, count(*) as nb_votes \
			
 
				+                from (select id_user, id_vote \
			
 
				+                  from user_choice \
			
 
				+                  join choices on id_choice = choices.id \
			
 
				+                  group by id_user, id_vote) \
			
 
				+                group by id_vote'
			
 
				+    basequery = 'select * from (' + basequery + ') \
			
 
				+                 left join (' + nb_votes + ') on id = id_vote'
			
 
				+    basequery = 'select *, votes.id as voteid, groups.name as groupname from (' + basequery + ') as votes \
			
 
				+                 join groups on groups.id = id_group \
			
 
				+                 where is_open=1 and is_hidden=0'
			
 
				     if votes == 'all':
			
 
				         votes = query_db(basequery + ' order by date_end')
			
 
				     elif votes == 'archive':
			
@@ -421,8 +440,12 @@ def votes(votes):
 
				     elif votes == 'current':
			
 
				         votes = query_db(basequery + ' and is_terminated=0 order by date_end')
			
 
				     elif votes == 'waiting':
			
 
				-        basequery = 'select votes.* from user_group join (' + basequery + ') as votes on votes.id_group = user_group.id_group where user_group.id_user = ?'
			
 
				-        already_voted = 'select id_vote from user_choice join choices on user_choice.id_choice = choices.id where id_user = ?'
			
 
				+        basequery = 'select votes.* from user_group \
			
 
				+                     join (' + basequery + ') as votes on votes.id_group = user_group.id_group \
			
 
				+                     where user_group.id_user = ?'
			
 
				+        already_voted = 'select id_vote from user_choice \
			
 
				+                         join choices on user_choice.id_choice = choices.id \
			
 
				+                         where id_user = ?'
			
 
				         votes = query_db(basequery + ' and votes.id not in (' + already_voted + ') and is_terminated=0', [get_userid(), get_userid()])
			
 
				     else:
			
 
				         abort(404)
			
@@ -459,12 +482,17 @@ def can_vote(idvote, iduser=-1):
 
				     return False
			
 
				 
			
 
				 def has_voted(idvote, iduser=-1):
			
 
				-    vote = query_db('select * from user_choice join choices on id_choice=choices.id where id_vote = ? and id_user = ?', [idvote, iduser], one=True)
			
 
				+    vote = query_db('select * from user_choice \
			
 
				+                     join choices on id_choice=choices.id \
			
 
				+                     where id_vote = ? and id_user = ?', [idvote, iduser], one=True)
			
 
				     return (vote is not None)
			
 
				 
			
 
				 @app.route('/vote/<idvote>', methods=['GET', 'POST'])
			
 
				 def vote(idvote):
			
 
				-    vote = query_db('select votes.*, groups.name as groupname, users.name as author from votes join groups on groups.id=votes.id_group join users on users.id=votes.id_author where votes.id=?', [idvote], one=True)
			
 
				+    vote = query_db('select votes.*, groups.name as groupname, users.name as author from votes \
			
 
				+                     join groups on groups.id=votes.id_group \
			
 
				+                     join users on users.id=votes.id_author \
			
 
				+                     where votes.id=?', [idvote], one=True)
			
 
				     if vote is None:
			
 
				         abort(404)
			
 
				     if can_see_vote(idvote, get_userid()):
			
@@ -486,7 +514,11 @@ def vote(idvote):
 
				                             g.db.commit()
			
 
				             else:
			
 
				                 abort(401)
			
 
				-        tuples = query_db('select choiceid, choicename, users.id as userid, users.name as username from (select choices.id as choiceid, choices.name as choicename, id_user as userid from choices join user_choice on choices.id = user_choice.id_choice where id_vote = ?) join users on userid = users.id', [idvote])
			
 
				+        tuples = query_db('select choiceid, choicename, users.id as userid, users.name as username \
			
 
				+                           from (select choices.id as choiceid, choices.name as choicename, id_user as userid \
			
 
				+                             from choices join user_choice on choices.id = user_choice.id_choice \
			
 
				+                             where id_vote = ?) \
			
 
				+                           join users on userid = users.id', [idvote])
			
 
				         users = dict()
			
 
				         for t in tuples:
			
 
				             if t['userid'] in users:
			
@@ -496,14 +528,20 @@ def vote(idvote):
 
				                 users[t['userid']]['userid'] = t['userid']
			
 
				                 users[t['userid']]['username'] = t['username']
			
 
				                 users[t['userid']]['choices'] = [t['choiceid']]
			
 
				-        choices = query_db('select choices.name, choices.id, choices.name, choices.id_vote, count(id_choice) as nb from choices left join user_choice on id_choice = choices.id where id_vote = ? group by id_choice, name, id_vote order by id', [idvote])
			
 
				+        choices = query_db('select choices.name, choices.id, choices.name, choices.id_vote, count(id_choice) as nb \
			
 
				+                            from choices left join user_choice on id_choice = choices.id where id_vote = ? \
			
 
				+                            group by id_choice, name, id_vote order by id', [idvote])
			
 
				         attachments = query_db('select * from attachments where id_vote=?', [idvote])
			
 
				         tmp = query_db('select id_group, count(*) as nb from user_group where id_group = ? group by id_group', [vote['id_group']], one=True)
			
 
				         if tmp is None:
			
 
				             vote['percent'] = 0
			
 
				         else:
			
 
				             vote['max_votes'] = tmp['nb']
			
 
				-            tmp = query_db('select id_vote, count(*) as nb from (select id_user, id_vote from user_choice join choices on id_choice = choices.id group by id_user, id_vote) where id_vote = ? group by id_vote', [idvote], one=True)
			
 
				+            tmp = query_db('select id_vote, count(*) as nb \
			
 
				+                            from (select id_user, id_vote from user_choice \
			
 
				+                              join choices on id_choice = choices.id \
			
 
				+                              group by id_user, id_vote) \
			
 
				+                            where id_vote = ? group by id_vote', [idvote], one=True)
			
 
				             if tmp is None:
			
 
				                 vote['percent'] = 0
			
 
				                 vote['nb_votes'] = 0
			
@@ -532,7 +570,9 @@ def vote_deletechoices(idvote, iduser):
 
				 def admin_votes():
			
 
				     if not session.get('user').get('is_admin'):
			
 
				         abort(401)
			
 
				-    votes = query_db('select *, votes.id as voteid, groups.name as groupname from votes join groups on groups.id=votes.id_group where is_hidden=0 order by id desc')
			
 
				+    votes = query_db('select *, votes.id as voteid, groups.name as groupname from votes \
			
 
				+                      join groups on groups.id=votes.id_group \
			
 
				+                      where is_hidden=0 order by id desc')
			
 
				     return render_template('admin_votes.html', votes=votes, today=date.today().strftime("%Y-%m-%d"))
			
 
				 
			
 
				 @app.route('/admin/votes/add', methods=['GET', 'POST'])
			
@@ -556,8 +596,11 @@ def admin_vote_add():
 
				                 group = query_db('select id from groups where name = ?', [request.form['group']], one=True)
			
 
				                 if group is None:
			
 
				                     group[id] = 1
			
 
				-                g.db.execute('insert into votes (title, description, category, date_begin, date_end, is_transparent, is_public, is_multiplechoice, id_group, id_author) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)',
			
 
				-                        [request.form['title'], request.form['description'], request.form['category'], date_begin, date_end, transparent, public, multiplechoice, group['id'], session['user']['id']])
			
 
				+                g.db.execute('insert into votes (title, description, category, \
			
 
				+                              date_begin, date_end, is_transparent, is_public, is_multiplechoice, id_group, id_author) \
			
 
				+                              values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)',
			
 
				+                        [ request.form['title'], request.form['description'], request.form['category']
			
 
				+                        , date_begin, date_end, transparent, public, multiplechoice, group['id'], session['user']['id'] ])
			
 
				                 g.db.commit()
			
 
				                 vote = query_db('select * from votes where title = ? and date_begin = ? order by id desc',
			
 
				                         [request.form['title'], date_begin], one=True)
			
@@ -605,7 +648,9 @@ def admin_vote_edit(voteid):
 
				                     isopen = 1
			
 
				                     previousvote = query_db('select id, is_open, id_group from votes where id = ?', [voteid], one=True)
			
 
				                     if previousvote is None or previousvote['is_open'] == 0:
			
 
				-                        users_to_vote = query_db('select users.email, users.name from users join user_group on users.id=user_group.id_user where user_group.id_group = ?', [previousvote['id_group']])
			
 
				+                        users_to_vote = query_db('select users.email, users.name from users \
			
 
				+                                                  join user_group on users.id=user_group.id_user \
			
 
				+                                                  where user_group.id_group = ?', [previousvote['id_group']])
			
 
				                         for user in users_to_vote:
			
 
				                             link = request.url_root + url_for('vote', idvote=voteid)
			
 
				                             BODY = string.join((
			
@@ -632,7 +677,11 @@ def admin_vote_edit(voteid):
 
				                 isterminated = 1
			
 
				                 if vote['is_open']:
			
 
				                     isopen = 1
			
 
				-            g.db.execute('update votes set title = ?, description = ?, category = ?, is_transparent = ?, is_public = ?, is_open = ?, is_terminated = ?, date_end = ?, reminder_last_days = ? where id = ?', [request.form['title'], request.form['description'], request.form['category'], transparent, public, isopen, isterminated, date_end, request.form['reminder'], voteid])
			
 
				+            g.db.execute('update votes set title = ?, description = ?, category = ?, \
			
 
				+                          is_transparent = ?, is_public = ?, is_open = ?, is_terminated = ?, \
			
 
				+                          date_end = ?, reminder_last_days = ? where id = ?',
			
 
				+                          [ request.form['title'], request.form['description'], request.form['category']
			
 
				+                          , transparent, public, isopen, isterminated, date_end, request.form['reminder'], voteid ])
			
 
				             g.db.commit()
			
 
				             vote = query_db('select * from votes where id = ?', [voteid], one=True)
			
 
				             flash(u"Le vote a bien été mis à jour.", "success")