Chris/devopsexam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

For Private page, add feature 'take note'

Browse Source 
This makes this app much more meaningful. For this feature, a new database table is added. More complicated logics are also needed, for example, we use hash(user ID + timestamp + note contant) as the unique id of each note (it's necessary when we try to delete a note)
This commit is contained in:
XD-DENG
2017-07-03 22:34:58 +08:00
parent 8ff8bb625c
commit c072aa771d
8 changed files with 150 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
app.py
View File

@@ -1,5 +1,6 @@
from flask import Flask, session, url_for, redirect, render_template, request, abort, flash
from database import list_users, verify, delete_user_from_db, add_user
from database import read_note_from_db, write_note_into_db, delete_note_from_db, match_user_id_with_note_id
app = Flask(__name__)
app.config.from_object('config')
@@ -10,6 +11,10 @@ app.config.from_object('config')
def FUN_401(error):
return render_template("page_401.html"), 401
@app.errorhandler(403)
def FUN_403(error):
return render_template("page_403.html"), 403
@app.errorhandler(404)
def FUN_404(error):
return render_template("page_404.html"), 404
@@ -33,7 +38,12 @@ def FUN_public():
@app.route("/private/")
def FUN_private():
if "current_user" in session.keys():
return render_template("private_page.html")
notes_list = read_note_from_db(session['current_user'])
notes_table = zip([x[0] for x in notes_list],\
[x[1] for x in notes_list],\
[x[2] for x in notes_list],\
["/delete_note/" + x[0] for x in notes_list])
return render_template("private_page.html", notes = notes_table)
else:
return abort(401)
@@ -53,6 +63,26 @@ def FUN_admin():
@app.route("/write_note", methods = ["POST"])
def FUN_write_note():
text_to_write = request.form.get("text_note_to_take")
write_note_into_db(session['current_user'], text_to_write)
return(redirect(url_for("FUN_private")))
@app.route("/delete_note/<note_id>", methods = ["GET"])
def FUN_delete_note(note_id):
if session.get("current_user", None) == match_user_id_with_note_id(note_id): # Ensure the current user is NOT operating on other users' note.
delete_note_from_db(note_id)
else:
return abort(401)
return(redirect(url_for("FUN_private")))
@app.route("/login", methods = ["POST"])
def FUN_login():
id_submitted = request.form.get("id").upper()