commit 5b02977ae9ef7f7720996e62efac2145ebdca65d
parent c26c604e9f9283186b0d0298bb42528f7f21ab18
Author: gerco <[email protected]>
Date: Fri, 15 Apr 2022 17:17:17 +0200
Shielded the pages, permissions added for different users
Diffstat:
10 files changed, 266 insertions(+), 122 deletions(-)
diff --git a/pgmles/forms.py b/pgmles/forms.py
@@ -95,3 +95,12 @@ class PostForm(FlaskForm): # redundant
title = StringField('Title', validators=[DataRequired()])
content = TextAreaField('Content', validators=[DataRequired()])
submit = SubmitField('Post')
+
+class SearchForm(FlaskForm):
+ username = StringField('Username', validators=[
+ DataRequired(), Length(min=2, max=20)])
+ submit = SubmitField('Search')
+
+class PermissionForm(FlaskForm):
+ type = SelectField('Type', choices=[('client', 'Klant'), ('teacher', 'Leraar'), ('admin', 'Administrator')])
+ submit = SubmitField('Update')
+\ No newline at end of file
diff --git a/pgmles/routes.py b/pgmles/routes.py
@@ -6,8 +6,7 @@ from flask_login import current_user, login_required, login_user, logout_user
from PIL import Image
from . import app, bcrypt, calendar, db
-from .forms import (LanguageForm, LoginForm, PostForm, RegistrationForm,
- SubscribeForm, UnsubscribeForm, UpdateAccountForm, NewCourseForm)
+from .forms import (LoginForm, RegistrationForm, SubscribeForm, UnsubscribeForm, UpdateAccountForm, NewCourseForm, SearchForm, PermissionForm)
from .models import Course, CourseMember, User
@@ -104,13 +103,21 @@ def account():
return render_template('account.html', calendar=calendar, title='Account', image_file=image_file, form=form)
[email protected]("/admin")
-def admin():
[email protected]("/course_overview")
+@login_required
+def course_overview():
+ if not(current_user.type == "admin" or current_user.type == "teacher"):
+ abort(403)
courses = Course.query.all()
- return render_template('admin.html', calendar=calendar, title='Administration Page', courses=courses)
+ type = current_user.type
+ return render_template('course_overview.html', calendar=calendar, title='Administration Page', courses=courses, type=type)
[email protected]("/admin/new_course", methods=['GET', 'POST'])
+
[email protected]("/course_overview/new_course", methods=['GET', 'POST'])
+@login_required
def new_course():
+ if not(current_user.type == "admin" or current_user.type == "teacher"):
+ abort(403)
form = NewCourseForm()
form.teacher_id.choices = [(g.id, g.username) for g in User.query.filter_by(type='teacher')]
if form.validate_on_submit():
@@ -124,8 +131,11 @@ def new_course():
return render_template('new_course.html', calendar=calendar, title='New Course', form=form)
[email protected]("/admin/update/<int:course_id>", methods=['GET', 'POST'])
-def update_lang(course_id):
[email protected]("/course_overview/course_update/<int:course_id>", methods=['GET', 'POST'])
+@login_required
+def update_course(course_id):
+ if not(current_user.type == "admin" or current_user.type == "teacher"):
+ abort(403)
form = NewCourseForm()
form.teacher_id.choices = [(g.id, g.username) for g in User.query.filter_by(type='teacher')]
course = Course.query.get_or_404(course_id)
@@ -139,7 +149,7 @@ def update_lang(course_id):
course.location = form.location.data
db.session.commit()
flash('The course has been updated!', 'success')
- return redirect(url_for('admin'))
+ return redirect(url_for('course_overview'))
elif request.method == 'GET':
form.name.data = course.name
form.description.data = course.description
@@ -148,7 +158,7 @@ def update_lang(course_id):
form.start.data = course.start
form.end.data = course.end
form.location.data = course.location
- return render_template('update_lang.html', calendar=calendar, form=form, legend='Update Language')
+ return render_template('update_course.html', calendar=calendar, form=form, legend='Update Language')
@app.route("/course/<int:course_id>", methods=['GET', 'POST'])
@@ -178,8 +188,52 @@ def course(course_id):
return render_template('course.html', calendar=calendar, title=course.name, course=course, form=form, form2=form2, show=not subscribed, teachers=teachers)
@app.route("/delete_course/<int:course_id>", methods=['GET','POST'])
+@login_required
def delete_course(course_id):
+ if not(current_user.type == "admin"):
+ abort(403)
course = Course.query.get_or_404(course_id)
db.session.delete(course)
db.session.commit()
- return redirect(url_for('index'))
-\ No newline at end of file
+ return redirect(url_for('index'))
+
[email protected]("/admin")
+@login_required
+def admin():
+ if not(current_user.type == "admin"):
+ abort(403)
+ courses = Course.query.all()
+ return render_template('admin.html', calendar=calendar, courses=courses)
+
[email protected]("/permissions", methods=['GET','POST'])
+@login_required
+def permissions():
+ if not(current_user.type == "admin"):
+ abort(403)
+ form = SearchForm()
+ if form.validate_on_submit():
+ user = User.query.filter_by(username=form.username.data).first()
+ if user == None:
+ flash(f'No user found in the database with username: {form.username.data}', 'danger')
+ else:
+ flash(f'Username found in the database with username: {form.username.data}', 'success')
+ return redirect(url_for('updatePermissions', user_id= user.id))
+ return render_template('permissions.html', calendar=calendar, form=form)
+
[email protected]("/permissions/update/<int:user_id>", methods=['GET','POST'])
+@login_required
+def updatePermissions(user_id):
+ if not(current_user.type == "admin"):
+ abort(403)
+ form = PermissionForm()
+ user = User.query.filter_by(id=user_id).first()
+ image_file = url_for(
+ 'static', filename='profile_pics/' + user.image_file)
+ if form.validate_on_submit():
+ user.type = form.type.data
+ db.session.commit()
+ flash(f'The permissions for user: {user.username} have been set to {user.type}', 'success')
+ return redirect(url_for('permissions'))
+ elif request.method == 'GET':
+ form.type.data = user.type
+ return render_template('updatepermissions.html', calendar=calendar, form=form, user=user, image_file=image_file)
diff --git a/pgmles/site.db b/pgmles/site.db
Binary files differ.
diff --git a/pgmles/templates/admin.html b/pgmles/templates/admin.html
@@ -1,12 +1,13 @@
{% extends "layout.html" %}
{% block content %}
<a class="btn btn-secondary btn-sm mt-1 mb-1" href="{{ url_for('new_course') }}">New Course</a>
- {% for course in courses %}
+<a class="btn btn-secondary btn-sm mt-1 mb-1" href="{{ url_for('permissions') }}">Permissions</a>
+{% for course in courses %}
<article class="media content-section">
<div class="media-body">
<h2><a class="article-title" href="{{url_for('course', course_id=course.id)}}">{{course.name}}</a></h2>
<div>
- <a class="btn btn-secondary btn-sm mt-1 mb-1" href="{{ url_for('update_lang', course_id = course.id) }}">Update</a>
+ <a class="btn btn-secondary btn-sm mt-1 mb-1" href="{{ url_for('update_course', course_id = course.id) }}">Update</a>
<button type="button" class="btn btn-danger btn-sm m-1" data-toggle="modal" data-target="#deleteModal">Delete</button>
</div>
</div>
diff --git a/pgmles/templates/course_overview.html b/pgmles/templates/course_overview.html
@@ -0,0 +1,15 @@
+{% extends "layout.html" %}
+{% block content %}
+{% for course in courses %}
+ {% if current_user.id == course.teacher_id%}
+ <article class="media content-section">
+ <div class="media-body">
+ <h2><a class="article-title" href="{{url_for('course', course_id=course.id)}}">{{course.name}}</a></h2>
+ <div>
+ <a class="btn btn-secondary btn-sm mt-1 mb-1" href="{{ url_for('update_course', course_id = course.id) }}">Update</a>
+ </div>
+ </div>
+ </article>
+ {% endif %}
+{% endfor %}
+{% endblock content %}
diff --git a/pgmles/templates/layout.html b/pgmles/templates/layout.html
@@ -28,11 +28,16 @@
<div class="navbar-nav mr-auto">
<a class="nav-item nav-link" href="{{ '/' }}">Home</a>
<a class="nav-item nav-link" href="{{ '/' }}">About</a>
+ {% if current_user.type == "teacher" %}
+ <a class="nav-item nav-link" href="{{ url_for('course_overview') }}">Course overview</a>
+ {% endif %}
+ {% if current_user.type == "admin" %}
+ <a class="nav-item nav-link" href="{{ url_for('admin') }}">Admin</a>
+ {% endif %}
</div>
<!-- Navbar Right Side -->
<div class="navbar-nav">
- {% if current_user.is_authenticated %}
- <a class="nav-item nav-link" href="{{ url_for('admin') }}">Admin Page</a>
+ {% if current_user.is_authenticated %}
<a class="nav-item nav-link" href="{{ url_for('account') }}">Account</a>
<a class="nav-item nav-link" href="{{ url_for('logout') }}">Logout</a>
{% else %}
diff --git a/pgmles/templates/permissions.html b/pgmles/templates/permissions.html
@@ -0,0 +1,27 @@
+{% extends "layout.html" %}
+{% block content %}
+ <h1>Update permissions</h1>
+ <div class="content-section">
+ <form method="POST" action="">
+ {{ form.hidden_tag() }}
+ <fieldset class="form-group">
+ <legend class="border-bottom mb-4">Search</legend>
+ <div class="form-group">
+ {{ form.username.label(class="form-control-label") }}
+ {% if form.username.errors %}
+ {{ form.username(class="form-control form-control-lg is-invalid") }}
+ <div class="invalid-feedback">
+ {% for error in form.username.errors %}
+ <span>{{ error }}</span>
+ {% endfor %}
+ </div>
+ {% else %}
+ {{ form.username(class="form-control form-control-lg") }}
+ {% endif %}
+ </div>
+ </fieldset>
+ <div class="form-group">
+ {{ form.submit(class="btn btn-outline-info") }}
+ </div>
+ </div>
+{% endblock content %}
diff --git a/pgmles/templates/update_course.html b/pgmles/templates/update_course.html
@@ -0,0 +1,106 @@
+{% extends "layout.html" %}
+{% block content %}
+<div class="content-section">
+ <form method="POST" action="">
+ {{ form.hidden_tag() }}
+ <fieldset class="form-group">
+ <legend class="border-bottom mb-4">{{ legend }}</legend>
+ <div class="form-group">
+ {{ form.name.label(class="form-control-label") }}
+ {% if form.name.errors %}
+ {{ form.name(class="form-control form-control-lg is-invalid") }}
+ <div class="invalid-feedback">
+ {% for error in form.name.errors %}
+ <span>{{ error }}</span>
+ {% endfor %}
+ </div>
+ {% else %}
+ {{ form.name(class="form-control form-control-lg") }}
+ {% endif %}
+ </div>
+ <div class="form-group">
+ {{ form.description.label(class="form-control-label") }}
+ {% if form.description.errors %}
+ {{ form.description(class="form-control form-control-lg is-invalid") }}
+ <div class="invalid-feedback">
+ {% for error in form.description.errors %}
+ <span>{{ error }}</span>
+ {% endfor %}
+ </div>
+ {% else %}
+ {{ form.description(class="form-control form-control-lg") }}
+ {% endif %}
+ </div>
+ <div class="form-group">
+ {{ form.teacher_id.label(class="form-control-label") }}
+ {% if form.teacher_id.errors %}
+ {{ form.teacher_id(class="form-control form-control-lg is-invalid") }}
+ <div class="invalid-feedback">
+ {% for error in form.teacher_id.errors %}
+ <span>{{ error }}</span>
+ {% endfor %}
+ </div>
+ {% else %}
+ {{ form.teacher_id(class="form-control form-control-lg") }}
+ {% endif %}
+ </div>
+ <div class="form-group">
+ {{ form.weekday.label(class="form-control-label") }}
+ {% if form.weekday.errors %}
+ {{ form.weekday(class="form-control form-control-lg is-invalid") }}
+ <div class="invalid-feedback">
+ {% for error in form.weekday.errors %}
+ <span>{{ error }}</span>
+ {% endfor %}
+ </div>
+ {% else %}
+ {{ form.weekday(class="form-control form-control-lg") }}
+ {% endif %}
+ </div>
+ <div class="form-group">
+ {{ form.start.label(class="form-control-label") }}
+ {% if form.start.errors %}
+ {{ form.start(class="form-control form-control-lg is-invalid") }}
+ <div class="invalid-feedback">
+ {% for error in form.start.errors %}
+ <span>{{ error }}</span>
+ {% endfor %}
+ </div>
+ {% else %}
+ {{ form.start(class="form-control form-control-lg") }}
+ {% endif %}
+ </div>
+ <div class="form-group">
+ {{ form.end.label(class="form-control-label") }}
+ {% if form.end.errors %}
+ {{ form.end(class="form-control form-control-lg is-invalid") }}
+ <div class="invalid-feedback">
+ {% for error in form.end.errors %}
+ <span>{{ error }}</span>
+ {% endfor %}
+ </div>
+ {% else %}
+ {{ form.end(class="form-control form-control-lg") }}
+ {% endif %}
+ </div>
+ <div class="form-group">
+ {{ form.location.label(class="form-control-label") }}
+ {% if form.location.errors %}
+ {{ form.location(class="form-control form-control-lg is-invalid") }}
+ <div class="invalid-feedback">
+ {% for error in form.location.errors %}
+ <span>{{ error }}</span>
+ {% endfor %}
+ </div>
+ {% else %}
+ {{ form.location(class="form-control form-control-lg") }}
+ {% endif %}
+ </div>
+ </div>
+ </fieldset>
+ <div class="form-group">
+ {{ form.submit(class="btn btn-outline-info") }}
+ </div>
+ </form>
+</div>
+{% endblock content %}
diff --git a/pgmles/templates/update_lang.html b/pgmles/templates/update_lang.html
@@ -1,106 +0,0 @@
-{% extends "layout.html" %}
-{% block content %}
-<div class="content-section">
- <form method="POST" action="">
- {{ form.hidden_tag() }}
- <fieldset class="form-group">
- <legend class="border-bottom mb-4">{{ legend }}</legend>
- <div class="form-group">
- {{ form.name.label(class="form-control-label") }}
- {% if form.name.errors %}
- {{ form.name(class="form-control form-control-lg is-invalid") }}
- <div class="invalid-feedback">
- {% for error in form.name.errors %}
- <span>{{ error }}</span>
- {% endfor %}
- </div>
- {% else %}
- {{ form.name(class="form-control form-control-lg") }}
- {% endif %}
- </div>
- <div class="form-group">
- {{ form.description.label(class="form-control-label") }}
- {% if form.description.errors %}
- {{ form.description(class="form-control form-control-lg is-invalid") }}
- <div class="invalid-feedback">
- {% for error in form.description.errors %}
- <span>{{ error }}</span>
- {% endfor %}
- </div>
- {% else %}
- {{ form.description(class="form-control form-control-lg") }}
- {% endif %}
- </div>
- <div class="form-group">
- {{ form.teacher_id.label(class="form-control-label") }}
- {% if form.teacher_id.errors %}
- {{ form.teacher_id(class="form-control form-control-lg is-invalid") }}
- <div class="invalid-feedback">
- {% for error in form.teacher_id.errors %}
- <span>{{ error }}</span>
- {% endfor %}
- </div>
- {% else %}
- {{ form.teacher_id(class="form-control form-control-lg") }}
- {% endif %}
- </div>
- <div class="form-group">
- {{ form.weekday.label(class="form-control-label") }}
- {% if form.weekday.errors %}
- {{ form.weekday(class="form-control form-control-lg is-invalid") }}
- <div class="invalid-feedback">
- {% for error in form.weekday.errors %}
- <span>{{ error }}</span>
- {% endfor %}
- </div>
- {% else %}
- {{ form.weekday(class="form-control form-control-lg") }}
- {% endif %}
- </div>
- <div class="form-group">
- {{ form.start.label(class="form-control-label") }}
- {% if form.start.errors %}
- {{ form.start(class="form-control form-control-lg is-invalid") }}
- <div class="invalid-feedback">
- {% for error in form.start.errors %}
- <span>{{ error }}</span>
- {% endfor %}
- </div>
- {% else %}
- {{ form.start(class="form-control form-control-lg") }}
- {% endif %}
- </div>
- <div class="form-group">
- {{ form.end.label(class="form-control-label") }}
- {% if form.end.errors %}
- {{ form.end(class="form-control form-control-lg is-invalid") }}
- <div class="invalid-feedback">
- {% for error in form.end.errors %}
- <span>{{ error }}</span>
- {% endfor %}
- </div>
- {% else %}
- {{ form.end(class="form-control form-control-lg") }}
- {% endif %}
- </div>
- <div class="form-group">
- {{ form.location.label(class="form-control-label") }}
- {% if form.location.errors %}
- {{ form.location(class="form-control form-control-lg is-invalid") }}
- <div class="invalid-feedback">
- {% for error in form.location.errors %}
- <span>{{ error }}</span>
- {% endfor %}
- </div>
- {% else %}
- {{ form.location(class="form-control form-control-lg") }}
- {% endif %}
- </div>
- </div>
- </fieldset>
- <div class="form-group">
- {{ form.submit(class="btn btn-outline-info") }}
- </div>
- </form>
-</div>
-{% endblock content %}
diff --git a/pgmles/templates/updatepermissions.html b/pgmles/templates/updatepermissions.html
@@ -0,0 +1,32 @@
+{% extends "layout.html" %}
+{% block content %}
+ <div class="media">
+ <img class="rounded-circle account-img" src="{{ image_file }}">
+ <div class="media-body">
+ <h2 class="account-heading">{{ user.username }}</h2>
+ <p class="text-secondary">{{ user.email }}</p>
+ </div>
+ </div>
+ <form method="POST" action="">
+ {{ form.hidden_tag() }}
+ <fieldset class="form-group">
+ <legend class="border-bottom mb-4">Permission Update</legend>
+ <div class="form-group">
+ {{ form.type.label(class="form-control-label") }}
+ {% if form.type.errors %}
+ {{ form.type(class="form-control form-control-lg is-invalid") }}
+ <div class="invalid-feedback">
+ {% for error in form.type.errors %}
+ <span>{{ error }}</span>
+ {% endfor %}
+ </div>
+ {% else %}
+ {{ form.type(class="form-control form-control-lg") }}
+ {% endif %}
+ </div>
+ </fieldset>
+ <div class="form-group">
+ {{ form.submit(class="btn btn-outline-info") }}
+ </div>
+ </form>
+{% endblock content %}
+\ No newline at end of file
