commit cfb958f3740955b46b2c2b14bb2d2b90138df0d8
parent b5caa4bf2c0e525bc021555523af8e76b5bff892
Author: Friedel Schön <[email protected]>
Date: Fri, 15 Apr 2022 21:35:45 +0200
Merging dev_2 -> devb
Diffstat:
10 files changed, 170 insertions(+), 24 deletions(-)
diff --git a/pgmles/forms.py b/pgmles/forms.py
@@ -79,3 +79,12 @@ class PostForm(FlaskForm): # redundant
title = StringField('Title', validators=[ DataRequired() ])
content = TextAreaField('Content', validators=[ DataRequired() ])
submit = SubmitField('Post')
+
+class SearchForm(FlaskForm):
+ username = StringField('Username', validators=[
+ DataRequired(), Length(min=2, max=20)])
+ submit = SubmitField('Search')
+
+class PermissionForm(FlaskForm):
+ type = SelectField('Type', choices=[('client', 'Klant'), ('teacher', 'Leraar'), ('admin', 'Administrator')])
+ submit = SubmitField('Update')
diff --git a/pgmles/models.py b/pgmles/models.py
@@ -1,7 +1,6 @@
from datetime import datetime
from flask_login import UserMixin
-from flask_sqlalchemy import SQLAlchemy
from .server import db, login_manager
diff --git a/pgmles/routes.py b/pgmles/routes.py
@@ -1,12 +1,12 @@
import os
import secrets
-from flask import flash, redirect, render_template, request, url_for
+from flask import flash, redirect, render_template, request, url_for, abort
from flask_login import current_user, login_required, login_user, logout_user
from PIL import Image
from .server import app, bcrypt, calendar, db
-from .forms import LoginForm, NewCourseForm, RegistrationForm, SubscribeForm, UnsubscribeForm, UpdateAccountForm
+from .forms import LoginForm, NewCourseForm, PermissionForm, RegistrationForm, SearchForm, SubscribeForm, UnsubscribeForm, UpdateAccountForm
from .models import Course, CourseMember, User
@@ -90,14 +90,22 @@ def account():
image_file = url_for('static', filename='profile_pics/' + current_user.image_file)
return render_template('account.html', calendar=calendar, title='Account', image_file=image_file, form=form)
[email protected]("/admin")
-def admin():
+
[email protected]("/course_overview")
+@login_required
+def course_overview():
+ if current_user.type != "admin" and current_user.type != "teacher":
+ abort(403)
courses = Course.query.all()
- return render_template('admin.html', calendar=calendar, title='Administration Page', courses=courses)
+ type = current_user.type
+ return render_template('course_overview.html', calendar=calendar, title='Administration Page', courses=courses, type=type)
[email protected]("/admin/new_course", methods=[ 'GET', 'POST' ])
[email protected]("/course_overview/new_course", methods=['GET', 'POST'])
+@login_required
def new_course():
+ if current_user.type != "admin" and current_user.type != "teacher":
+ abort(403)
form = NewCourseForm()
form.teacher_id.choices = [ (g.id, g.username) for g in User.query.filter_by(type='teacher') ]
if form.validate_on_submit():
@@ -108,8 +116,12 @@ def new_course():
return redirect(url_for('admin'))
return render_template('new_course.html', calendar=calendar, title='New Course', form=form)
[email protected]("/admin/update/<int:course_id>", methods=[ 'GET', 'POST' ])
-def update_lang(course_id):
+
[email protected]("/course_overview/course_update/<int:course_id>", methods=['GET', 'POST'])
+@login_required
+def update_course(course_id):
+ if current_user.type != "admin" and current_user.type != "teacher":
+ abort(403)
form = NewCourseForm()
form.teacher_id.choices = [ (g.id, g.username) for g in User.query.filter_by(type='teacher') ]
course = Course.query.get_or_404(course_id)
@@ -123,7 +135,7 @@ def update_lang(course_id):
course.location = form.location.data
db.session.commit()
flash('The course has been updated!', 'success')
- return redirect(url_for('admin'))
+ return redirect(url_for('course_overview'))
elif request.method == 'GET':
form.name.data = course.name
form.description.data = course.description
@@ -159,9 +171,53 @@ def course(course_id):
course = Course.query.get_or_404(course_id)
return render_template('course.html', calendar=calendar, title=course.name, course=course, form=form, form2=form2, show=not subscribed, teachers=teachers)
[email protected]("/delete_course/<int:course_id>", methods=['GET', 'POST'])
[email protected]("/delete_course/<int:course_id>", methods=['GET','POST'])
+@login_required
def delete_course(course_id):
+ if current_user.type != "admin":
+ abort(403)
course = Course.query.get_or_404(course_id)
db.session.delete(course)
db.session.commit()
return redirect(url_for('index'))
+
[email protected]("/admin")
+@login_required
+def admin():
+ if current_user.type != "admin":
+ abort(403)
+ courses = Course.query.all()
+ return render_template('admin.html', calendar=calendar, courses=courses)
+
[email protected]("/permissions", methods=['GET','POST'])
+@login_required
+def permissions():
+ if current_user.type != "admin":
+ abort(403)
+ form = SearchForm()
+ if form.validate_on_submit():
+ user = User.query.filter_by(username=form.username.data).first()
+ if user == None:
+ flash(f'No user found in the database with username: {form.username.data}', 'danger')
+ else:
+ flash(f'Username found in the database with username: {form.username.data}', 'success')
+ return redirect(url_for('updatePermissions', user_id= user.id))
+ return render_template('permissions.html', calendar=calendar, form=form)
+
[email protected]("/permissions/update/<int:user_id>", methods=['GET','POST'])
+@login_required
+def updatePermissions(user_id):
+ if current_user.type != "admin":
+ abort(403)
+ form = PermissionForm()
+ user = User.query.filter_by(id=user_id).first()
+ image_file = url_for(
+ 'static', filename='profile_pics/' + user.image_file)
+ if form.validate_on_submit():
+ user.type = form.type.data
+ db.session.commit()
+ flash(f'The permissions for user: {user.username} have been set to {user.type}', 'success')
+ return redirect(url_for('permissions'))
+ elif request.method == 'GET':
+ form.type.data = user.type
+ return render_template('updatepermissions.html', calendar=calendar, form=form, user=user, image_file=image_file)
diff --git a/pgmles/site.db b/pgmles/site.db
Binary files differ.
diff --git a/pgmles/templates/admin.html b/pgmles/templates/admin.html
@@ -1,13 +1,15 @@
{% extends "layout.html" %}
{% block content %}
- <a class="btn btn-secondary btn-sm mt-1 mb-1" href="{{ url_for('new_course') }}">New Course</a>
- {% for course in courses %}
- <article class="media content-section">
- <div class="media-body">
- <h2><a class="article-title" href="{{ url_for('course', course_id=course.id) }}">{{course.name}}</a></h2>
- <div>
- <a class="btn btn-secondary btn-sm mt-1 mb-1" href="{{ url_for('update_lang', course_id = course.id) }}">Update</a>
- <button type="button" class="btn btn-danger btn-sm m-1" data-toggle="modal" data-target="#deleteModal">Delete</button>
+<a class="btn btn-secondary btn-sm mt-1 mb-1" href="{{ url_for('new_course') }}">New Course</a>
+<a class="btn btn-secondary btn-sm mt-1 mb-1" href="{{ url_for('permissions') }}">Permissions</a>
+{% for course in courses %}
+ <article class="media content-section">
+ <div class="media-body">
+ <h2><a class="article-title" href="{{url_for('course', course_id=course.id)}}">{{course.name}}</a></h2>
+ <div>
+ <a class="btn btn-secondary btn-sm mt-1 mb-1" href="{{ url_for('update_course', course_id = course.id) }}">Update</a>
+ <button type="button" class="btn btn-danger btn-sm m-1" data-toggle="modal" data-target="#deleteModal">Delete</button>
+ </div>
</div>
</div>
</article>
diff --git a/pgmles/templates/course_overview.html b/pgmles/templates/course_overview.html
@@ -0,0 +1,15 @@
+{% extends "layout.html" %}
+{% block content %}
+{% for course in courses %}
+ {% if current_user.id == course.teacher_id%}
+ <article class="media content-section">
+ <div class="media-body">
+ <h2><a class="article-title" href="{{url_for('course', course_id=course.id)}}">{{course.name}}</a></h2>
+ <div>
+ <a class="btn btn-secondary btn-sm mt-1 mb-1" href="{{ url_for('update_course', course_id = course.id) }}">Update</a>
+ </div>
+ </div>
+ </article>
+ {% endif %}
+{% endfor %}
+{% endblock content %}
diff --git a/pgmles/templates/layout.html b/pgmles/templates/layout.html
@@ -26,13 +26,18 @@
</button>
<div class="collapse navbar-collapse" id="navbarToggle">
<div class="navbar-nav mr-auto">
- <a class="nav-item nav-link" href="/">Home</a>
- <a class="nav-item nav-link" href="/">About</a>
+ <a class="nav-item nav-link" href="{{ '/' }}">Home</a>
+ <a class="nav-item nav-link" href="{{ '/' }}">About</a>
+ {% if current_user.type == "teacher" %}
+ <a class="nav-item nav-link" href="{{ url_for('course_overview') }}">Course overview</a>
+ {% endif %}
+ {% if current_user.type == "admin" %}
+ <a class="nav-item nav-link" href="{{ url_for('admin') }}">Admin</a>
+ {% endif %}
</div>
<!-- Navbar Right Side -->
<div class="navbar-nav">
- {% if current_user.is_authenticated %}
- <a class="nav-item nav-link" href="{{ url_for('admin') }}">Admin Page</a>
+ {% if current_user.is_authenticated %}
<a class="nav-item nav-link" href="{{ url_for('account') }}">Account</a>
<a class="nav-item nav-link" href="{{ url_for('logout') }}">Logout</a>
{% else %}
diff --git a/pgmles/templates/permissions.html b/pgmles/templates/permissions.html
@@ -0,0 +1,27 @@
+{% extends "layout.html" %}
+{% block content %}
+ <h1>Update permissions</h1>
+ <div class="content-section">
+ <form method="POST" action="">
+ {{ form.hidden_tag() }}
+ <fieldset class="form-group">
+ <legend class="border-bottom mb-4">Search</legend>
+ <div class="form-group">
+ {{ form.username.label(class="form-control-label") }}
+ {% if form.username.errors %}
+ {{ form.username(class="form-control form-control-lg is-invalid") }}
+ <div class="invalid-feedback">
+ {% for error in form.username.errors %}
+ <span>{{ error }}</span>
+ {% endfor %}
+ </div>
+ {% else %}
+ {{ form.username(class="form-control form-control-lg") }}
+ {% endif %}
+ </div>
+ </fieldset>
+ <div class="form-group">
+ {{ form.submit(class="btn btn-outline-info") }}
+ </div>
+ </div>
+{% endblock content %}
diff --git a/pgmles/templates/update_course.html b/pgmles/templates/update_course.html
@@ -42,7 +42,7 @@
</div>
{% else %}
{{ form.teacher_id(class="form-control form-control-lg") }}
- {% endif %}
+ {% endif %}
</div>
<div class="form-group">
{{ form.weekday.label(class="form-control-label") }}
diff --git a/pgmles/templates/updatepermissions.html b/pgmles/templates/updatepermissions.html
@@ -0,0 +1,32 @@
+{% extends "layout.html" %}
+{% block content %}
+ <div class="media">
+ <img class="rounded-circle account-img" src="{{ image_file }}">
+ <div class="media-body">
+ <h2 class="account-heading">{{ user.username }}</h2>
+ <p class="text-secondary">{{ user.email }}</p>
+ </div>
+ </div>
+ <form method="POST" action="">
+ {{ form.hidden_tag() }}
+ <fieldset class="form-group">
+ <legend class="border-bottom mb-4">Permission Update</legend>
+ <div class="form-group">
+ {{ form.type.label(class="form-control-label") }}
+ {% if form.type.errors %}
+ {{ form.type(class="form-control form-control-lg is-invalid") }}
+ <div class="invalid-feedback">
+ {% for error in form.type.errors %}
+ <span>{{ error }}</span>
+ {% endfor %}
+ </div>
+ {% else %}
+ {{ form.type(class="form-control form-control-lg") }}
+ {% endif %}
+ </div>
+ </fieldset>
+ <div class="form-group">
+ {{ form.submit(class="btn btn-outline-info") }}
+ </div>
+ </form>
+{% endblock content %}
+\ No newline at end of file
