initial commit

app.py

@@ -0,0 +1,106 @@
+from flask import Flask, session, url_for, redirect, render_template, request, abort, flash
+from database import list_users, verify, delete_user_from_db, add_user
+
+app = Flask(__name__)
+app.config.from_object('config')
+
+
+
+@app.errorhandler(401)
+def FUN_401(error):
+    return render_template("page_401.html"), 401
+
+@app.errorhandler(404)
+def FUN_404(error):
+    return render_template("page_404.html"), 404
+
+@app.errorhandler(405)
+def FUN_405(error):
+    return render_template("page_405.html"), 405
+
+
+
+
+
+@app.route("/")
+def FUN_root():
+    return render_template("index.html")
+
+@app.route("/public/")
+def FUN_public():
+    return render_template("public_page.html")
+
+@app.route("/private/")
+def FUN_private():
+    if "current_user" in session.keys():
+        return render_template("private_page.html")
+    else:
+        return abort(401)
+
+
+
+
+
+@app.route("/admin/")
+def FUN_admin():
+    if session.get("current_user", None) == "ADMIN":
+        user_list = list_users()
+        user_table = zip(range(1, len(user_list)+1),\
+                        user_list,\
+                        [x + y for x,y in zip(["/delete_user/"] * len(user_list), user_list)])
+        return render_template("admin.html", users = user_table)
+    else:
+        return abort(401)
+
+
+
+
+
+
+@app.route("/login", methods = ["POST"])
+def FUN_login():
+    id_submitted = request.form.get("id").upper()
+    if (id_submitted in list_users()) and verify(id_submitted, request.form.get("pw")):
+        session['current_user'] = id_submitted
+    
+    return(redirect(url_for("FUN_root")))
+
+@app.route("/logout/")
+def FUN_logout():
+    session.pop("current_user", None)
+    return(redirect(url_for("FUN_root")))
+
+@app.route("/delete_user/<id>/", methods = ['GET'])
+def FUN_delete_user(id):
+    if session.get("current_user", None) == "ADMIN":
+        if id == "ADMIN": # ADMIN account can't be deleted.
+            return abort(403)
+        delete_user_from_db(id)
+        return(redirect(url_for("FUN_admin")))
+    else:
+        return abort(401)
+
+@app.route("/add_user", methods = ["POST"])
+def FUN_add_user():
+    if session.get("current_user", None) == "ADMIN":
+
+        # before we add the user, we need to ensure this is doesn't exsit in database.
+        if request.form.get('id').upper() in list_users():
+            user_list = list_users()
+            user_table = zip(range(1, len(user_list)+1),\
+                            user_list,\
+                            [x + y for x,y in zip(["/delete_user/"] * len(user_list), user_list)])
+            return(render_template("admin.html", id_is_duplicated = True, users = user_table))
+        else:
+            add_user(request.form.get('id'), request.form.get('pw'))
+            return(redirect(url_for("FUN_admin")))
+    else:
+        return abort(401)
+
+
+
+
+
+
+if __name__ == "__main__":
+    app.run(debug=True, port = 9000, host="0.0.0.0")