uploads get directly linked with user ID

2 years ago · bdce561209
7 changed files with 79 additions and 47 deletions
--- a/app.py
+++ b/app.py
@ -83,7 +83,7 @@ class User(db.Model):
    @classmethod
    def authorize_or_redirect(cls, admin=True):
        if (admin and "admin" not in session) or "user" not in session:
-            return redirect(url_for("accounts_create"))
+            return redirect(url_for("login"))
        else:
            return None

@ -91,7 +91,7 @@ class User(db.Model):
 class Chemical(db.Model):
    query: db.Query
    id = db.Column(db.Integer, primary_key=True)
-    person_name = db.Column(db.String, nullable=False)
+    person_id = db.Column(db.Integer, nullable=False)
    standard_grp = db.Column(db.String, nullable=False)
    # all fields after here are included in the database
    chemical_db_id = db.Column(db.String)
@ -140,11 +140,13 @@ def handler_403(msg):


 # Admin routes
-@app.route('/admin')
+@app.route('/dashboard')
 def admin_root():
-    if login := User.authorize_or_redirect():
-        return login
-    return render_template("admin.html", user=session.get("admin"))
+    if 'admin' in session:
+        return render_template("admin.html", user=session.get("admin"))
+    if 'user' in session:
+        return render_template("user.html", user=session.get("user"))
+    return User.authorize_or_redirect(admin=False) or ""


@app.route('/accounts/create', methods=['GET', 'POST'])
@ -165,7 +167,7 @@ def accounts_create():
            # because the IDE complains about type mismatches
            form = {} | request.form
            form['password'] = User.generate_password(pw)
-            form['admin'] = (True if form['admin'] == 'y' else False)
+            form['admin'] = (True if form.get('admin') == 'y' else False)
            form.pop('reconfirm')
            user = User(**form)
            db.session.add(user)
@ -191,9 +193,7 @@ def accounts_edit():


@app.route('/accounts/view/<int:id>')
-def accounts_edit_admin(id):
-    if login := User.authorize_or_redirect(admin=True):
-        return login
+def accounts_view(id):
    user = User.query.filter_by(id=id).one_or_404()
    return render_template("account_view.html", user=object_as_dict(user))

@ -234,18 +234,19 @@ def home():
 def chemical_create():
    if not session.get('admin'):
        abort(403)
+    user = User.query.filter_by(username=session.get('user')).one_or_404()
    if request.method == "POST":
-        form = ChemicalForm(**request.form)
+        form = ChemicalForm(**(request.form | {"person_id": user.id}))
        if form.validate():
            new_chemical = Chemical(**form.data)
            db.session.add(new_chemical)
            db.session.commit()
-            return render_template("create_chemical.html", form=ChemicalForm(), success=True)
+            return render_template("create_chemical.html", form=ChemicalForm(), user=object_as_dict(user), success=True)
        else:
            return render_template("create_chemical.html", form=form, invalid=True), 400
    else:
-        form = ChemicalForm()
-        return render_template("create_chemical.html", form=form)
+        form = ChemicalForm(person_id=user.id)
+        return render_template("create_chemical.html", form=form, user=object_as_dict(user))


@app.route("/chemical/<int:id>/update", methods=['GET', 'POST'])
@ -339,6 +340,7 @@ app.config['MAX_CONTENT_LENGTH'] = 3 * 1000 * 1000
 def batch_add_request():
    if not session.get('admin'):
        abort(403)
+    user = User.query.filter_by(username=session.get('user')).one_or_404()
    if request.method == "POST":
        if "input" not in request.files or request.files["input"].filename == '':
            return render_template("batchadd.html", invalid="Blank file included")
@ -357,7 +359,8 @@ def batch_add_request():
                cleanup()
                return render_template("batchadd.html", invalid=error)
            else:
-                chemicals = [Chemical(**result) for result in results]
+                chemicals = [Chemical(**result, person_id=user.id)
+                             for result in results]
                db.session.add_all(chemicals)
                db.session.commit()
                cleanup()
--- a/static/upload.txt
+++ b/static/upload.txt
@ -1,3 +1,3 @@
-metabolite_name	formula	person_name	mass	final_mz	final_rt	final_adduct	standard_grp	msms_detected	inchikey	chemical_db_id	library	pubchem_cid	pubmed_refcount	standard_class	inchikey14	adduct	detected_adducts	adduct_calc_mz	msms_purity
-Folic Acid	C11H15N2O8P	Tei Kim	441.1397	442.1470	36.8	M+H	Endogenous	Yes	OVBPIULPVIDEAO-LBPRGKRZSA-N	HRELC_00003	IROA_MSMLS_Library_Plate01	135398658	17654	Endogenous_metabolite	OVBPIULPVIDEAO	M+H	M+H	NA	0.968
-Omethoate	C5H12NO4PS	Tei Kim	213.022466	214.029776	32.74	M+H	Endogenous	Yes	PZXOQEXFMJCDPG-UHFFFAOYSA-N	HRELC_00835	Restek_Mix1	14210	98	Pesticides	PZXOQEXFMJCDPG	M+H	M+H	214.0297	0.968
+metabolite_name	formula	mass	final_mz	final_rt	final_adduct	standard_grp	msms_detected	inchikey	chemical_db_id	library	pubchem_cid	pubmed_refcount	standard_class	inchikey14	adduct	detected_adducts	adduct_calc_mz	msms_purity
+Folic Acid	C11H15N2O8P	441.1397	442.1470	36.8	M+H	Endogenous	Yes	OVBPIULPVIDEAO-LBPRGKRZSA-N	HRELC_00003	IROA_MSMLS_Library_Plate01	135398658	17654	Endogenous_metabolite	OVBPIULPVIDEAO	M+H	M+H	NA	0.968
+Omethoate	C5H12NO4PS	213.022466	214.029776	32.74	M+H	Endogenous	Yes	PZXOQEXFMJCDPG-UHFFFAOYSA-N	HRELC_00835	Restek_Mix1	14210	98	Pesticides	PZXOQEXFMJCDPG	M+H	M+H	214.0297	0.968
--- a/templates/admin.html
+++ b/templates/admin.html
@ -7,6 +7,11 @@
    <h1>Admin Dashboard</h1>
    <article>
        <p>Logged in as {{user}}</p>
+        <a href="{{url_for('accounts_edit')}}">
+            <button>
+                Edit your profile
+            </button>
+        </a>
        <a href="{{url_for('chemical_create')}}">
            <button>
                Add a Chemical
--- a/templates/base.html
+++ b/templates/base.html
@ -1,29 +1,29 @@
 <!DOCTYPE html>
 <html lang="en">
-	<head>
-		<meta charset="UTF-8" />
-		<meta http-equiv="X-UA-Compatible" content="IE=edge" />
-		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
-		<title>DWalker Website</title>
-		<meta
-			name="description"
-			content="A website for aggregating and searching exposome data"
-		/>
-		<link rel="stylesheet" href="https://cdn.simplecss.org/simple.min.css" />
-	</head>
-	<body>
-		<header>
-			<nav>
-				<a href="{{ url_for('home') }}">Home</a>
-                <a href="{{ url_for('search') }}">Search</a>
-                {% if session.admin %}
-                    <a href="{{ url_for('admin_root') }}">Admin</a>
-                    <a href="{{ url_for('logout') }}">Logout</a>
-                {% else %}
-                    <a href="{{ url_for('login') }}">Login</a>
-                {% endif %}
-			</nav>
-		</header>
-		<main>{% block content %} {% endblock %}</main>
-	</body>
+  <head>
+    <meta charset="UTF-8" />
+    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>DWalker Website</title>
+    <meta
+    name="description"
+    content="A website for aggregating and searching exposome data"
+    />
+    <link rel="stylesheet" href="https://cdn.simplecss.org/simple.min.css" />
+  </head>
+  <body>
+    <header>
+      <nav>
+        <a href="{{ url_for('home') }}">Home</a>
+        <a href="{{ url_for('search') }}">Search</a>
+        {% if session.user %}
+        <a href="{{ url_for('admin_root') }}">Dashboard</a>
+        <a href="{{ url_for('logout') }}">Logout</a>
+        {% else %}
+        <a href="{{ url_for('login') }}">Login</a>
+        {% endif %}
+      </nav>
+    </header>
+    <main>{% block content %} {% endblock %}</main>
+  </body>
 </html>
--- a/templates/user.html
+++ b/templates/user.html
@ -0,0 +1,17 @@
+{% extends "base.html" %}
+{% block content %}
+<h1>Regular User Dashboard</h1>
+<article>
+  <p>Logged in as {{user}}</p>
+  <a href="{{url_for('batch_query_request')}}">
+    <button>
+      Batch Search Chemicals
+    </button>
+  </a>
+  <a href="{{url_for('accounts_edit')}}">
+    <button>
+      Edit your profile
+    </button>
+  </a>
+</article>
+{% endblock %}
--- a/templates/view_chemical.html
+++ b/templates/view_chemical.html
@ -15,6 +15,14 @@
 <table>
    {% for k,v in chemical.items() %}
    <tr>
+      {% if k == "person_id" %}
+        <td>
+            <strong>{{k}}</strong>
+        </td>
+        <td>
+          <a href="{{url_for('accounts_view', id=v)}}">User ID {{v}}</a>
+        </td>
+      {% else %}
        <td>
            <strong>{{k}}</strong>
        </td>
@ -23,8 +31,9 @@
            {{ v }}
            {% endif %}
        </td>
+      {% endif %}
    </tr>
    {% endfor %}
 </table>

-{% endblock %}
+{% endblock %}
--- a/validate.py
+++ b/validate.py
@ -8,7 +8,6 @@ _required_fields = [
    # the "str" type means that this field can be any valid string.
    ("metabolite_name",     "str"),
    ("formula",             "str"),
-    ("person_name",         "str"),
    # any field labeled a "float" needs to have a value in decimal notation.
    ("mass",                "float"),

@ -16,7 +15,6 @@ _required_fields = [
    ("final_rt",            "float"),
    ("final_adduct",        "str"),
    ("standard_grp",        "str"),
-    ("person_name",         "str"),
    ("msms_detected",       "yesno"),  # Value can either be "Yes" or "No"
    ("inchikey",            "str"),
 ]