Home Explore Help
Sign In
FFDN
/
Cavote
4
0
Fork 0
Files Issues 2 Pull Requests 0
Tree: 00a6f73a96
Branches Tags
Cavote
/
main.py

main.py 7.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218 
  1. #!/usr/bin/env python
    2. 

  2. # -*- coding: utf-8 -*-
    3. 

  3. 

  4. from flask import Flask, request, session, g, redirect, url_for, abort, \
    5. 

  5.     render_template, flash
    6. 

  6. import sqlite3
    7. 

  7. from datetime import date, timedelta
    8. 

  8. from contextlib import closing
    9. 

  9. import locale
    10. 

  10. locale.setlocale(locale.LC_ALL, '')
    11. 

  11. 

  12. DATABASE = '/tmp/cavote.db'
    13. 

  13. SECRET_KEY = '{J@uRKO,xO-PK7B,jF?>iHbxLasF9s#zjOoy=+:'
    14. 

  14. DEBUG = True
    15. 

  15. 

  16. app = Flask(__name__)
    17. 

  17. app.config.from_object(__name__)
    18. 

  18. 

  19. def connect_db():
    20. 

  20.     return sqlite3.connect(app.config['DATABASE'])
    21. 

  21. 

  22. @app.before_request
    23. 

  23. def before_request():
    24. 

  24.     g.db = connect_db()
    25. 

  25. 

  26. @app.teardown_request
    27. 

  27. def teardown_request(exception):
    28. 

  28.     g.db.close()
    29. 

  29. 

  30. @app.route('/')
    31. 

  31. def home():
    32. 

  32.     return render_template('index.html')
    33. 

  33. 

  34. def query_db(query, args=(), one=False):
    35. 

  35.     cur = g.db.execute(query, args)
    36. 

  36.     rv = [dict((cur.description[idx][0], value)
    37. 

  37.         for idx, value in enumerate(row)) for row in cur.fetchall()]
    38. 

  38.     return (rv[0] if rv else None) if one else rv
    39. 

  39. 

  40. def init_db():
    41. 

  41.     with closing(connect_db()) as db:
    42. 

  42.         with app.open_resource('schema.sql') as f:
    43. 

  43.             db.cursor().executescript(f.read())
    44. 

  44.         db.commit()
    45. 

  45. 

  46. #----------------
    47. 

  47. # Login / Logout
    48. 

  48. 

  49. def valid_login(username, password):
    50. 

  50.     return query_db('select * from users where email = ? and password = ?', [username, password], one=True)
    51. 

  51. 

  52. def connect_user(user):
    53. 

  53.     session['userid'] = user['id']
    54. 

  54.     session['username'] = user['name']
    55. 

  55.     session['email'] = user['email']
    56. 

  56.     session['organization'] = user['organization']
    57. 

  57.     if user['is_admin'] == 1:
    58. 

  58.         session['is_admin'] = True
    59. 

  59. 

  60. def disconnect_user():
    61. 

  61.     session.pop('username', None)
    62. 

  62.     session.pop('is_admin', None)
    63. 

  63. 

  64. @app.route('/login', methods=['GET', 'POST'])
    65. 

  65. def login():
    66. 

  66.     if request.method == 'POST':
    67. 

  67.         user = valid_login(request.form['username'], request.form['password'])
    68. 

  68.         if user is None:
    69. 

  69.             flash('Invalid username/password', 'error')
    70. 

  70.         else:
    71. 

  71.             connect_user(user)
    72. 

  72.             flash('You were logged in', 'success')
    73. 

  73.             return redirect(url_for('home'))
    74. 

  74.     return render_template('login.html')
    75. 

  75. 

  76. @app.route('/logout')
    77. 

  77. def logout():
    78. 

  78.     disconnect_user()
    79. 

  79.     flash('You were logged out', 'info')
    80. 

  80.     return redirect(url_for('home'))
    81. 

  81. 

  82. #-----------------
    83. 

  83. # Change password
    84. 

  84. 

  85. @app.route('/password/lost', methods=['GET', 'POST'])
    86. 

  86. def password_lost():
    87. 

  87.     info = None
    88. 

  88.     if request.method == 'POST':
    89. 

  89.         user = query_db('select * from users where email = ?', [request.form['email']], one=True)
    90. 

  90.         if user is None:
    91. 

  91.             flash('Cet utilisateur n\'existe pas !', 'error')
    92. 

  92.         else:
    93. 

  93.             # :TODO:maethor:120528: Générer la clé, la mettre dans la base de données et envoyer le mail
    94. 

  94.             flash(u"Un mail a été envoyé à " + user['email'], 'info')
    95. 

  95.     return render_template('password_lost.html')
    96. 

  96. 

  97. @app.route('/login/<userid>/<key>')
    98. 

  98. def login_key(userid, key):
    99. 

  99.     user = query_db('select * from users where id = ? and key = ?', [userid, key], one=True)
    100. 

  100.     if user is None:
    101. 

  101.         abort(404)
    102. 

  102.     else:
    103. 

  103.         connect_user(user)
    104. 

  104.         # :TODO:maethor:120528: Remplacer la clé pour qu'elle ne puisse plus être utilisée
    105. 

  105.         flash(u"Veuillez mettre à jour votre mot de passe", 'info')
    106. 

  106.         return redirect(url_for('user_password'), userid=user['userid'])
    107. 

  107. 

  108. #---------------
    109. 

  109. # User settings
    110. 

  110. 

  111. @app.route('/user/<userid>')
    112. 

  112. def show_user(userid):
    113. 

  113.     if int(userid) != session.get('userid'):
    114. 

  114.         abort(401)
    115. 

  115.     return render_template('show_user.html')
    116. 

  116. 

  117. @app.route('/user/settings/<userid>', methods=['GET', 'POST'])
    118. 

  118. def user_settings(userid):
    119. 

  119.     if int(userid) != session.get('userid'):
    120. 

  120.         abort(401)
    121. 

  121.     if request.method == 'POST':
    122. 

  122.         g.db.execute('update users set email = ?, name = ?, organization = ? where id = ?',
    123. 

  123.                 [request.form['email'], request.form['name'], request.form['organization'], session['userid']])
    124. 

  124.         g.db.commit()
    125. 

  125.         disconnect_user() # :TODO:maethor:120528: Maybe useless, but this is simple way to refresh session :D
    126. 

  126.         flash(u'Votre profil a été mis à jour !', 'success')
    127. 

  127.         return redirect(url_for('login'))
    128. 

  128.     return render_template('user_settings.html')
    129. 

  129. 

  130. @app.route('/user/password/<userid>', methods=['GET', 'POST'])
    131. 

  131. def user_password(userid):
    132. 

  132.     if int(userid) != session.get('userid'):
    133. 

  133.         abort(401)
    134. 

  134.     if request.method == 'POST':
    135. 

  135.         if request.form['password'] == request.form['password2']:
    136. 

  136.             # :TODO:maethor:120528: Chiffrer le mot de passe !
    137. 

  137.             g.db.execute('update users set password = ? where id = ?', [request.form['password'], session['userid']])
    138. 

  138.             g.db.commit()
    139. 

  139.             flash(u'Votre mot de passe a été mis à jour.', 'success')
    140. 

  140.         else:
    141. 

  141.             flash(u'Les mots de passe sont différents.', 'error')
    142. 

  142.     return render_template('user_settings.html')
    143. 

  143. 

  144. #------------
    145. 

  145. # User admin
    146. 

  146. 

  147. @app.route('/users/admin/add', methods=['GET', 'POST'])
    148. 

  148. def add_user():
    149. 

  149.     if not session.get('is_admin'):
    150. 

  150.         abort(401)
    151. 

  151.     if request.method == 'POST':
    152. 

  152.         if request.form['email']:
    153. 

  153.             # :TODO:maethor:120528: Check fields
    154. 

  154.             password = "toto" # :TODO:maethor:120528: Generate password
    155. 

  155.             admin = 0
    156. 

  156.             if 'admin' in request.form.keys():
    157. 

  157.                 admin = 1
    158. 

  158.             g.db.execute('insert into users (email, name, organization, password, is_admin) values (?, ?, ?, ?, ?)',
    159. 

  159.                     [request.form['email'], request.form['username'], request.form['organization'], password, admin])
    160. 

  160.             g.db.commit()
    161. 

  161.             # :TODO:maethor:120528: Send mail
    162. 

  162.             flash(u'Le nouvel utilisateur a été créé avec succès', 'success')
    163. 

  163.             return redirect(url_for('home'))
    164. 

  164.         else:
    165. 

  165.             flash(u"Vous devez spécifier une adresse email.", 'error')
    166. 

  166.     return render_template('add_user.html')
    167. 

  167. 

  168. #------------
    169. 

  169. # Votes list
    170. 

  170. 

  171. @app.route('/votes/<votes>')
    172. 

  172. def show_votes(votes):
    173. 

  173.     today = date.today()
    174. 

  174.     if votes == 'all':
    175. 

  175.         votes = query_db('select title, description, date_begin, date_end from votes order by id desc')
    176. 

  176.     elif votes == 'archive':
    177. 

  177.         votes = query_db('select title, description, date_begin, date_end from votes where date_end < (?) order by id desc', [today])
    178. 

  178.     elif votes == 'current':
    179. 

  179.         votes = query_db('select title, description, date_begin, date_end from votes where date_end >= (?) order by id desc', [today])
    180. 

  180.     else:
    181. 

  181.         abort(404)
    182. 

  182.     return render_template('show_votes.html', votes=votes)
    183. 

  183. 

  184. #-------------
    185. 

  185. # Votes admin
    186. 

  186. 

  187. @app.route('/votes/admin/add', methods=['GET', 'POST'])
    188. 

  188. def add_vote():
    189. 

  189.     if not session.get('is_admin'):
    190. 

  190.         abort(401)
    191. 

  191.     if request.method == 'POST':
    192. 

  192.         if request.form['title']:
    193. 

  193.             date_begin = date.today()
    194. 

  194.             date_end = date.today() + timedelta(days=int(request.form['days']))
    195. 

  195.             transparent = 0
    196. 

  196.             public = 0
    197. 

  197.             multiplechoice = 0
    198. 

  198.             if 'transparent' in request.form.keys():
    199. 

  199.                 transparent = 1
    200. 

  200.             if 'public' in request.form.keys():
    201. 

  201.                 public = 1
    202. 

  202.             if 'multiplechoice' in request.form.keys():
    203. 

  203.                 multiplechoice = 1
    204. 

  204.             g.db.execute('insert into votes (title, description, date_begin, date_end, is_transparent, is_public, is_multiplechoice) values (?, ?, ?, ?, ?, ?, ?)',
    205. 

  205.                     [request.form['title'], request.form['description'], date_begin, date_end, transparent, public, multiplechoice])
    206. 

  206.             g.db.commit()
    207. 

  207.             flash('New entry was successfully posted', 'info')
    208. 

  208.             return redirect(url_for('home'))
    209. 

  209.         else:
    210. 

  210.             flash(u'Vous devez spécifier un titre.', 'error')
    211. 

  211.     return render_template('new_vote.html')
    212. 

  212. 

  213. #------
    214. 

  214. # Main
    215. 

  215. 

  216. if __name__ == '__main__':
    217. 

  217.     app.run()
    218. 

  218.