uploads get directly linked with user ID

app.py

@@ -83,7 +83,7 @@ class User(db.Model):
     @classmethod
     def authorize_or_redirect(cls, admin=True):
         if (admin and "admin" not in session) or "user" not in session:
-            return redirect(url_for("accounts_create"))
+            return redirect(url_for("login"))
         else:
             return None
 
@@ -91,7 +91,7 @@ class User(db.Model):
 class Chemical(db.Model):
     query: db.Query
     id = db.Column(db.Integer, primary_key=True)
-    person_name = db.Column(db.String, nullable=False)
+    person_id = db.Column(db.Integer, nullable=False)
     standard_grp = db.Column(db.String, nullable=False)
     # all fields after here are included in the database
     chemical_db_id = db.Column(db.String)
@@ -140,11 +140,13 @@ def handler_403(msg):
 
 
 # Admin routes
-@app.route('/admin')
+@app.route('/dashboard')
 def admin_root():
-    if login := User.authorize_or_redirect():
-        return login
+    if 'admin' in session:
         return render_template("admin.html", user=session.get("admin"))
+    if 'user' in session:
+        return render_template("user.html", user=session.get("user"))
+    return User.authorize_or_redirect(admin=False) or ""
 
 
 @app.route('/accounts/create', methods=['GET', 'POST'])
@@ -165,7 +167,7 @@ def accounts_create():
             # because the IDE complains about type mismatches
             form = {} | request.form
             form['password'] = User.generate_password(pw)
-            form['admin'] = (True if form['admin'] == 'y' else False)
+            form['admin'] = (True if form.get('admin') == 'y' else False)
             form.pop('reconfirm')
             user = User(**form)
             db.session.add(user)
@@ -191,9 +193,7 @@ def accounts_edit():
 
 
 @app.route('/accounts/view/<int:id>')
-def accounts_edit_admin(id):
-    if login := User.authorize_or_redirect(admin=True):
-        return login
+def accounts_view(id):
     user = User.query.filter_by(id=id).one_or_404()
     return render_template("account_view.html", user=object_as_dict(user))
 
@@ -234,18 +234,19 @@ def home():
 def chemical_create():
     if not session.get('admin'):
         abort(403)
+    user = User.query.filter_by(username=session.get('user')).one_or_404()
     if request.method == "POST":
-        form = ChemicalForm(**request.form)
+        form = ChemicalForm(**(request.form | {"person_id": user.id}))
         if form.validate():
             new_chemical = Chemical(**form.data)
             db.session.add(new_chemical)
             db.session.commit()
-            return render_template("create_chemical.html", form=ChemicalForm(), success=True)
+            return render_template("create_chemical.html", form=ChemicalForm(), user=object_as_dict(user), success=True)
         else:
             return render_template("create_chemical.html", form=form, invalid=True), 400
     else:
-        form = ChemicalForm()
-        return render_template("create_chemical.html", form=form)
+        form = ChemicalForm(person_id=user.id)
+        return render_template("create_chemical.html", form=form, user=object_as_dict(user))
 
 
 @app.route("/chemical/<int:id>/update", methods=['GET', 'POST'])
@@ -339,6 +340,7 @@ app.config['MAX_CONTENT_LENGTH'] = 3 * 1000 * 1000
 def batch_add_request():
     if not session.get('admin'):
         abort(403)
+    user = User.query.filter_by(username=session.get('user')).one_or_404()
     if request.method == "POST":
         if "input" not in request.files or request.files["input"].filename == '':
             return render_template("batchadd.html", invalid="Blank file included")
@@ -357,7 +359,8 @@ def batch_add_request():
                 cleanup()
                 return render_template("batchadd.html", invalid=error)
             else:
-                chemicals = [Chemical(**result) for result in results]
+                chemicals = [Chemical(**result, person_id=user.id)
+                             for result in results]
                 db.session.add_all(chemicals)
                 db.session.commit()
                 cleanup()

static/upload.txt

@@ -1,3 +1,3 @@
-metabolite_name	formula	person_name	mass	final_mz	final_rt	final_adduct	standard_grp	msms_detected	inchikey	chemical_db_id	library	pubchem_cid	pubmed_refcount	standard_class	inchikey14	adduct	detected_adducts	adduct_calc_mz	msms_purity
-Folic Acid	C11H15N2O8P	Tei Kim	441.1397	442.1470	36.8	M+H	Endogenous	Yes	OVBPIULPVIDEAO-LBPRGKRZSA-N	HRELC_00003	IROA_MSMLS_Library_Plate01	135398658	17654	Endogenous_metabolite	OVBPIULPVIDEAO	M+H	M+H	NA	0.968
-Omethoate	C5H12NO4PS	Tei Kim	213.022466	214.029776	32.74	M+H	Endogenous	Yes	PZXOQEXFMJCDPG-UHFFFAOYSA-N	HRELC_00835	Restek_Mix1	14210	98	Pesticides	PZXOQEXFMJCDPG	M+H	M+H	214.0297	0.968
+metabolite_name	formula	mass	final_mz	final_rt	final_adduct	standard_grp	msms_detected	inchikey	chemical_db_id	library	pubchem_cid	pubmed_refcount	standard_class	inchikey14	adduct	detected_adducts	adduct_calc_mz	msms_purity
+Folic Acid	C11H15N2O8P	441.1397	442.1470	36.8	M+H	Endogenous	Yes	OVBPIULPVIDEAO-LBPRGKRZSA-N	HRELC_00003	IROA_MSMLS_Library_Plate01	135398658	17654	Endogenous_metabolite	OVBPIULPVIDEAO	M+H	M+H	NA	0.968
+Omethoate	C5H12NO4PS	213.022466	214.029776	32.74	M+H	Endogenous	Yes	PZXOQEXFMJCDPG-UHFFFAOYSA-N	HRELC_00835	Restek_Mix1	14210	98	Pesticides	PZXOQEXFMJCDPG	M+H	M+H	214.0297	0.968

templates/admin.html

@@ -7,6 +7,11 @@
     <h1>Admin Dashboard</h1>
     <article>
         <p>Logged in as {{user}}</p>
+        <a href="{{url_for('accounts_edit')}}">
+            <button>
+                Edit your profile
+            </button>
+        </a>
         <a href="{{url_for('chemical_create')}}">
             <button>
                 Add a Chemical

templates/base.html

@@ -16,8 +16,8 @@
       <nav>
         <a href="{{ url_for('home') }}">Home</a>
         <a href="{{ url_for('search') }}">Search</a>
-                {% if session.admin %}
-                    <a href="{{ url_for('admin_root') }}">Admin</a>
+        {% if session.user %}
+        <a href="{{ url_for('admin_root') }}">Dashboard</a>
         <a href="{{ url_for('logout') }}">Logout</a>
         {% else %}
         <a href="{{ url_for('login') }}">Login</a>

templates/user.html

@@ -0,0 +1,17 @@
+{% extends "base.html" %}
+{% block content %}
+<h1>Regular User Dashboard</h1>
+<article>
+  <p>Logged in as {{user}}</p>
+  <a href="{{url_for('batch_query_request')}}">
+    <button>
+      Batch Search Chemicals
+    </button>
+  </a>
+  <a href="{{url_for('accounts_edit')}}">
+    <button>
+      Edit your profile
+    </button>
+  </a>
+</article>
+{% endblock %}

templates/view_chemical.html

@@ -15,6 +15,14 @@
 <table>
     {% for k,v in chemical.items() %}
     <tr>
+      {% if k == "person_id" %}
+        <td>
+            <strong>{{k}}</strong>
+        </td>
+        <td>
+          <a href="{{url_for('accounts_view', id=v)}}">User ID {{v}}</a>
+        </td>
+      {% else %}
         <td>
             <strong>{{k}}</strong>
         </td>
@@ -23,6 +31,7 @@
             {{ v }}
             {% endif %}
         </td>
+      {% endif %}
     </tr>
     {% endfor %}
 </table>

validate.py

@@ -8,7 +8,6 @@ _required_fields = [
     # the "str" type means that this field can be any valid string.
     ("metabolite_name",     "str"),
     ("formula",             "str"),
-    ("person_name",         "str"),
     # any field labeled a "float" needs to have a value in decimal notation.
     ("mass",                "float"),
 
@@ -16,7 +15,6 @@ _required_fields = [
     ("final_rt",            "float"),
     ("final_adduct",        "str"),
     ("standard_grp",        "str"),
-    ("person_name",         "str"),
     ("msms_detected",       "yesno"),  # Value can either be "Yes" or "No"
     ("inchikey",            "str"),
 ]