108 lines
3.2 KiB
Python
108 lines
3.2 KiB
Python
from flask import Flask, session, url_for, redirect, render_template, request, abort, flash
|
|
from database import list_users, verify, delete_user_from_db, add_user
|
|
|
|
app = Flask(__name__)
|
|
app.config.from_object('config')
|
|
|
|
|
|
|
|
@app.errorhandler(401)
|
|
def FUN_401(error):
|
|
return render_template("page_401.html"), 401
|
|
|
|
@app.errorhandler(404)
|
|
def FUN_404(error):
|
|
return render_template("page_404.html"), 404
|
|
|
|
@app.errorhandler(405)
|
|
def FUN_405(error):
|
|
return render_template("page_405.html"), 405
|
|
|
|
|
|
|
|
|
|
|
|
@app.route("/")
|
|
def FUN_root():
|
|
return render_template("index.html")
|
|
|
|
@app.route("/public/")
|
|
def FUN_public():
|
|
return render_template("public_page.html")
|
|
|
|
@app.route("/private/")
|
|
def FUN_private():
|
|
if "current_user" in session.keys():
|
|
return render_template("private_page.html")
|
|
else:
|
|
return abort(401)
|
|
|
|
@app.route("/admin/")
|
|
def FUN_admin():
|
|
if session.get("current_user", None) == "ADMIN":
|
|
user_list = list_users()
|
|
user_table = zip(range(1, len(user_list)+1),\
|
|
user_list,\
|
|
[x + y for x,y in zip(["/delete_user/"] * len(user_list), user_list)])
|
|
return render_template("admin.html", users = user_table)
|
|
else:
|
|
return abort(401)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@app.route("/login", methods = ["POST"])
|
|
def FUN_login():
|
|
id_submitted = request.form.get("id").upper()
|
|
if (id_submitted in list_users()) and verify(id_submitted, request.form.get("pw")):
|
|
session['current_user'] = id_submitted
|
|
|
|
return(redirect(url_for("FUN_root")))
|
|
|
|
@app.route("/logout/")
|
|
def FUN_logout():
|
|
session.pop("current_user", None)
|
|
return(redirect(url_for("FUN_root")))
|
|
|
|
@app.route("/delete_user/<id>/", methods = ['GET'])
|
|
def FUN_delete_user(id):
|
|
if session.get("current_user", None) == "ADMIN":
|
|
if id == "ADMIN": # ADMIN account can't be deleted.
|
|
return abort(403)
|
|
delete_user_from_db(id)
|
|
return(redirect(url_for("FUN_admin")))
|
|
else:
|
|
return abort(401)
|
|
|
|
@app.route("/add_user", methods = ["POST"])
|
|
def FUN_add_user():
|
|
if session.get("current_user", None) == "ADMIN":
|
|
|
|
# before we add the user, we need to ensure this is doesn't exsit in database. We also need to ensure the id is valid.
|
|
if request.form.get('id').upper() in list_users():
|
|
user_list = list_users()
|
|
user_table = zip(range(1, len(user_list)+1),\
|
|
user_list,\
|
|
[x + y for x,y in zip(["/delete_user/"] * len(user_list), user_list)])
|
|
return(render_template("admin.html", id_is_duplicated = True, users = user_table))
|
|
if " " in request.form.get('id'):
|
|
user_list = list_users()
|
|
user_table = zip(range(1, len(user_list)+1),\
|
|
user_list,\
|
|
[x + y for x,y in zip(["/delete_user/"] * len(user_list), user_list)])
|
|
return(render_template("admin.html", id_is_invalid = True, users = user_table))
|
|
else:
|
|
add_user(request.form.get('id'), request.form.get('pw'))
|
|
return(redirect(url_for("FUN_admin")))
|
|
else:
|
|
return abort(401)
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
|
app.run(debug=True, host="0.0.0.0")
|