From bdce561209c081cdbbf15a5ac7b903ea8ecf46fd Mon Sep 17 00:00:00 2001
From: Juni Kim <junikimm717@gmail.com>
Date: Sat, 20 May 2023 18:11:07 -0400
Subject: [PATCH] uploads get directly linked with user ID

---
 app.py                       | 33 ++++++++++++-----------
 static/upload.txt            |  6 ++---
 templates/admin.html         |  5 ++++
 templates/base.html          | 52 ++++++++++++++++++------------------
 templates/user.html          | 17 ++++++++++++
 templates/view_chemical.html | 11 +++++++-
 validate.py                  |  2 --
 7 files changed, 79 insertions(+), 47 deletions(-)
 create mode 100644 templates/user.html

diff --git a/app.py b/app.py
index b27881f..06d50c2 100755
--- a/app.py
+++ b/app.py
@@ -83,7 +83,7 @@ class User(db.Model):
     @classmethod
     def authorize_or_redirect(cls, admin=True):
         if (admin and "admin" not in session) or "user" not in session:
-            return redirect(url_for("accounts_create"))
+            return redirect(url_for("login"))
         else:
             return None
 
@@ -91,7 +91,7 @@ class User(db.Model):
 class Chemical(db.Model):
     query: db.Query
     id = db.Column(db.Integer, primary_key=True)
-    person_name = db.Column(db.String, nullable=False)
+    person_id = db.Column(db.Integer, nullable=False)
     standard_grp = db.Column(db.String, nullable=False)
     # all fields after here are included in the database
     chemical_db_id = db.Column(db.String)
@@ -140,11 +140,13 @@ def handler_403(msg):
 
 
 # Admin routes
-@app.route('/admin')
+@app.route('/dashboard')
 def admin_root():
-    if login := User.authorize_or_redirect():
-        return login
-    return render_template("admin.html", user=session.get("admin"))
+    if 'admin' in session:
+        return render_template("admin.html", user=session.get("admin"))
+    if 'user' in session:
+        return render_template("user.html", user=session.get("user"))
+    return User.authorize_or_redirect(admin=False) or ""
 
 
 @app.route('/accounts/create', methods=['GET', 'POST'])
@@ -165,7 +167,7 @@ def accounts_create():
             # because the IDE complains about type mismatches
             form = {} | request.form
             form['password'] = User.generate_password(pw)
-            form['admin'] = (True if form['admin'] == 'y' else False)
+            form['admin'] = (True if form.get('admin') == 'y' else False)
             form.pop('reconfirm')
             user = User(**form)
             db.session.add(user)
@@ -191,9 +193,7 @@ def accounts_edit():
 
 
 @app.route('/accounts/view/<int:id>')
-def accounts_edit_admin(id):
-    if login := User.authorize_or_redirect(admin=True):
-        return login
+def accounts_view(id):
     user = User.query.filter_by(id=id).one_or_404()
     return render_template("account_view.html", user=object_as_dict(user))
 
@@ -234,18 +234,19 @@ def home():
 def chemical_create():
     if not session.get('admin'):
         abort(403)
+    user = User.query.filter_by(username=session.get('user')).one_or_404()
     if request.method == "POST":
-        form = ChemicalForm(**request.form)
+        form = ChemicalForm(**(request.form | {"person_id": user.id}))
         if form.validate():
             new_chemical = Chemical(**form.data)
             db.session.add(new_chemical)
             db.session.commit()
-            return render_template("create_chemical.html", form=ChemicalForm(), success=True)
+            return render_template("create_chemical.html", form=ChemicalForm(), user=object_as_dict(user), success=True)
         else:
             return render_template("create_chemical.html", form=form, invalid=True), 400
     else:
-        form = ChemicalForm()
-        return render_template("create_chemical.html", form=form)
+        form = ChemicalForm(person_id=user.id)
+        return render_template("create_chemical.html", form=form, user=object_as_dict(user))
 
 
 @app.route("/chemical/<int:id>/update", methods=['GET', 'POST'])
@@ -339,6 +340,7 @@ app.config['MAX_CONTENT_LENGTH'] = 3 * 1000 * 1000
 def batch_add_request():
     if not session.get('admin'):
         abort(403)
+    user = User.query.filter_by(username=session.get('user')).one_or_404()
     if request.method == "POST":
         if "input" not in request.files or request.files["input"].filename == '':
             return render_template("batchadd.html", invalid="Blank file included")
@@ -357,7 +359,8 @@ def batch_add_request():
                 cleanup()
                 return render_template("batchadd.html", invalid=error)
             else:
-                chemicals = [Chemical(**result) for result in results]
+                chemicals = [Chemical(**result, person_id=user.id)
+                             for result in results]
                 db.session.add_all(chemicals)
                 db.session.commit()
                 cleanup()
diff --git a/static/upload.txt b/static/upload.txt
index 558c856..96c375e 100644
--- a/static/upload.txt
+++ b/static/upload.txt
@@ -1,3 +1,3 @@
-metabolite_name	formula	person_name	mass	final_mz	final_rt	final_adduct	standard_grp	msms_detected	inchikey	chemical_db_id	library	pubchem_cid	pubmed_refcount	standard_class	inchikey14	adduct	detected_adducts	adduct_calc_mz	msms_purity
-Folic Acid	C11H15N2O8P	Tei Kim	441.1397	442.1470	36.8	M+H	Endogenous	Yes	OVBPIULPVIDEAO-LBPRGKRZSA-N	HRELC_00003	IROA_MSMLS_Library_Plate01	135398658	17654	Endogenous_metabolite	OVBPIULPVIDEAO	M+H	M+H	NA	0.968
-Omethoate	C5H12NO4PS	Tei Kim	213.022466	214.029776	32.74	M+H	Endogenous	Yes	PZXOQEXFMJCDPG-UHFFFAOYSA-N	HRELC_00835	Restek_Mix1	14210	98	Pesticides	PZXOQEXFMJCDPG	M+H	M+H	214.0297	0.968
+metabolite_name	formula	mass	final_mz	final_rt	final_adduct	standard_grp	msms_detected	inchikey	chemical_db_id	library	pubchem_cid	pubmed_refcount	standard_class	inchikey14	adduct	detected_adducts	adduct_calc_mz	msms_purity
+Folic Acid	C11H15N2O8P	441.1397	442.1470	36.8	M+H	Endogenous	Yes	OVBPIULPVIDEAO-LBPRGKRZSA-N	HRELC_00003	IROA_MSMLS_Library_Plate01	135398658	17654	Endogenous_metabolite	OVBPIULPVIDEAO	M+H	M+H	NA	0.968
+Omethoate	C5H12NO4PS	213.022466	214.029776	32.74	M+H	Endogenous	Yes	PZXOQEXFMJCDPG-UHFFFAOYSA-N	HRELC_00835	Restek_Mix1	14210	98	Pesticides	PZXOQEXFMJCDPG	M+H	M+H	214.0297	0.968
diff --git a/templates/admin.html b/templates/admin.html
index 0645cfb..2ea4d67 100644
--- a/templates/admin.html
+++ b/templates/admin.html
@@ -7,6 +7,11 @@
     <h1>Admin Dashboard</h1>
     <article>
         <p>Logged in as {{user}}</p>
+        <a href="{{url_for('accounts_edit')}}">
+            <button>
+                Edit your profile
+            </button>
+        </a>
         <a href="{{url_for('chemical_create')}}">
             <button>
                 Add a Chemical
diff --git a/templates/base.html b/templates/base.html
index 4028ce4..8a5bf32 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -1,29 +1,29 @@
 <!DOCTYPE html>
 <html lang="en">
-	<head>
-		<meta charset="UTF-8" />
-		<meta http-equiv="X-UA-Compatible" content="IE=edge" />
-		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
-		<title>DWalker Website</title>
-		<meta
-			name="description"
-			content="A website for aggregating and searching exposome data"
-		/>
-		<link rel="stylesheet" href="https://cdn.simplecss.org/simple.min.css" />
-	</head>
-	<body>
-		<header>
-			<nav>
-				<a href="{{ url_for('home') }}">Home</a>
-                <a href="{{ url_for('search') }}">Search</a>
-                {% if session.admin %}
-                    <a href="{{ url_for('admin_root') }}">Admin</a>
-                    <a href="{{ url_for('logout') }}">Logout</a>
-                {% else %}
-                    <a href="{{ url_for('login') }}">Login</a>
-                {% endif %}
-			</nav>
-		</header>
-		<main>{% block content %} {% endblock %}</main>
-	</body>
+  <head>
+    <meta charset="UTF-8" />
+    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>DWalker Website</title>
+    <meta
+    name="description"
+    content="A website for aggregating and searching exposome data"
+    />
+    <link rel="stylesheet" href="https://cdn.simplecss.org/simple.min.css" />
+  </head>
+  <body>
+    <header>
+      <nav>
+        <a href="{{ url_for('home') }}">Home</a>
+        <a href="{{ url_for('search') }}">Search</a>
+        {% if session.user %}
+        <a href="{{ url_for('admin_root') }}">Dashboard</a>
+        <a href="{{ url_for('logout') }}">Logout</a>
+        {% else %}
+        <a href="{{ url_for('login') }}">Login</a>
+        {% endif %}
+      </nav>
+    </header>
+    <main>{% block content %} {% endblock %}</main>
+  </body>
 </html>
diff --git a/templates/user.html b/templates/user.html
new file mode 100644
index 0000000..9a1fd3c
--- /dev/null
+++ b/templates/user.html
@@ -0,0 +1,17 @@
+{% extends "base.html" %}
+{% block content %}
+<h1>Regular User Dashboard</h1>
+<article>
+  <p>Logged in as {{user}}</p>
+  <a href="{{url_for('batch_query_request')}}">
+    <button>
+      Batch Search Chemicals
+    </button>
+  </a>
+  <a href="{{url_for('accounts_edit')}}">
+    <button>
+      Edit your profile
+    </button>
+  </a>
+</article>
+{% endblock %}
diff --git a/templates/view_chemical.html b/templates/view_chemical.html
index 6b95b83..b27756e 100644
--- a/templates/view_chemical.html
+++ b/templates/view_chemical.html
@@ -15,6 +15,14 @@
 <table>
     {% for k,v in chemical.items() %}
     <tr>
+      {% if k == "person_id" %}
+        <td>
+            <strong>{{k}}</strong>
+        </td>
+        <td>
+          <a href="{{url_for('accounts_view', id=v)}}">User ID {{v}}</a>
+        </td>
+      {% else %}
         <td>
             <strong>{{k}}</strong>
         </td>
@@ -23,8 +31,9 @@
             {{ v }}
             {% endif %}
         </td>
+      {% endif %}
     </tr>
     {% endfor %}
 </table>
 
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/validate.py b/validate.py
index e331792..c4a1029 100755
--- a/validate.py
+++ b/validate.py
@@ -8,7 +8,6 @@ _required_fields = [
     # the "str" type means that this field can be any valid string.
     ("metabolite_name",     "str"),
     ("formula",             "str"),
-    ("person_name",         "str"),
     # any field labeled a "float" needs to have a value in decimal notation.
     ("mass",                "float"),
 
@@ -16,7 +15,6 @@ _required_fields = [
     ("final_rt",            "float"),
     ("final_adduct",        "str"),
     ("standard_grp",        "str"),
-    ("person_name",         "str"),
     ("msms_detected",       "yesno"),  # Value can either be "Yes" or "No"
     ("inchikey",            "str"),
 ]