junikimm717
/
walker-database
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

added non-admin users

master
Juni Kim 2 years ago
parent
04351dc5cf
commit
cce2ee1bc1
6 changed files with 238 additions and 32 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 107
      app.py
  2. 51
      migrations/versions/282564545160_changed_user_schema.py
  3. 51
      templates/account_edit.html
  4. 34
      templates/account_view.html
  5. 4
      templates/base.html
  6. 23
      templates/register.html

107
app.py
View File

@ -26,6 +26,16 @@ migrate = Migrate()
db.init_app(app) db.init_app(app)
migrate.init_app(app, db) migrate.init_app(app, db)
# Helper Methods
def object_as_dict(obj):
return {c.key: getattr(obj, c.key)
for c in inspect(obj).mapper.column_attrs}
# Model Forms
BaseModelForm = model_form_factory(FlaskForm) BaseModelForm = model_form_factory(FlaskForm)
@ -35,10 +45,19 @@ class ModelForm(BaseModelForm):
return db.session return db.session
class Admin(db.Model):
class User(db.Model):
id = db.Column(db.Integer, primary_key=True) id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String, unique=True, nullable=False) username = db.Column(db.String, unique=True, nullable=False)
email = db.Column(db.String, unique=True, nullable=False)
name = db.Column(db.String, unique=True, nullable=False)
password = db.Column(db.String, nullable=False) password = db.Column(db.String, nullable=False)
institution = db.Column(db.String, unique=True, nullable=False)
position = db.Column(db.String, unique=True, nullable=False)
admin = db.Column(db.Boolean)
# for type annotations
query: db.Query query: db.Query
@classmethod @classmethod
@ -47,31 +66,28 @@ class Admin(db.Model):
@classmethod @classmethod
def authenticate(cls, username: str, pw: str): def authenticate(cls, username: str, pw: str):
user = Admin.query.filter_by(username=username).one_or_none()
user = User.query.filter_by(username=username).one_or_none()
if user and bcrypt.checkpw(pw, user.password): if user and bcrypt.checkpw(pw, user.password):
session['admin'] = user.username
session['user'] = user.username
if user.admin:
session['admin'] = user.username
return user return user
else: else:
return None return None
@classmethod @classmethod
def exists(cls):
user = Admin.query.first()
def admin_exists(cls):
user = User.query.filter_by(admin=True).first()
return True if user else False return True if user else False
@classmethod @classmethod
def authorize(cls):
if "admin" not in session:
return redirect(url_for("admin_login"))
def authorize_or_redirect(cls, admin=True):
if (admin and "admin" not in session) or "user" not in session:
return redirect(url_for("accounts_create"))
else: else:
return None return None
def object_as_dict(obj):
return {c.key: getattr(obj, c.key)
for c in inspect(obj).mapper.column_attrs}
class Chemical(db.Model): class Chemical(db.Model):
query: db.Query query: db.Query
id = db.Column(db.Integer, primary_key=True) id = db.Column(db.Integer, primary_key=True)
@ -126,15 +142,15 @@ def handler_403(msg):
# Admin routes # Admin routes
@app.route('/admin') @app.route('/admin')
def admin_root(): def admin_root():
if login := Admin.authorize():
if login := User.authorize_or_redirect():
return login return login
return render_template("admin.html", user=session.get("admin")) return render_template("admin.html", user=session.get("admin"))
@app.route('/admin/create', methods=['GET', 'POST'])
def admin_create():
if Admin.exists():
if login := Admin.authorize():
@app.route('/accounts/create', methods=['GET', 'POST'])
def accounts_create():
if User.admin_exists():
if login := User.authorize_or_redirect():
return login return login
if request.method == "GET": if request.method == "GET":
return render_template("register.html") return render_template("register.html")
@ -143,21 +159,51 @@ def admin_create():
'username'), request.form.get('password') 'username'), request.form.get('password')
if username is None or pw is None: if username is None or pw is None:
return render_template("register.html", fail="Invalid Input.") return render_template("register.html", fail="Invalid Input.")
elif db.session.execute(db.select(Admin).filter_by(username=username)).fetchone():
elif db.session.execute(db.select(User).filter_by(username=username)).fetchone():
return render_template("register.html", fail="Username already exists.") return render_template("register.html", fail="Username already exists.")
else: else:
db.session.add(
Admin(username=username, password=Admin.generate_password(pw)))
# because the IDE complains about type mismatches
form = {} | request.form
form['password'] = User.generate_password(pw)
form['admin'] = (True if form['admin'] == 'y' else False)
form.pop('reconfirm')
user = User(**form)
db.session.add(user)
db.session.commit() db.session.commit()
return render_template("register.html", success=True) return render_template("register.html", success=True)
@app.route('/admin/login', methods=['GET', 'POST'])
def admin_login():
@app.route('/accounts/edit', methods=['GET', 'POST'])
def accounts_edit():
if login := User.authorize_or_redirect(admin=False):
return login
user = User.query.filter_by(username=session.get('user')).one_or_404()
if request.method == "GET":
return render_template("account_edit.html", user=object_as_dict(user))
else:
dct = object_as_dict(user)
# update all of the changes
for key in request.form:
if key in dct:
setattr(user, key, request.form[key])
db.session.commit()
return render_template("account_edit.html", user=object_as_dict(user), success=True)
@app.route('/accounts/view/<int:id>')
def accounts_edit_admin(id):
if login := User.authorize_or_redirect(admin=True):
return login
user = User.query.filter_by(id=id).one_or_404()
return render_template("account_view.html", user=object_as_dict(user))
@app.route('/accounts/login', methods=['GET', 'POST'])
def login():
if request.method == "POST": if request.method == "POST":
username, pw = request.form.get( username, pw = request.form.get(
'username', ''), request.form.get('password', '') 'username', ''), request.form.get('password', '')
if Admin.authenticate(username, pw):
if User.authenticate(username, pw):
return render_template("login.html", success=True) return render_template("login.html", success=True)
else: else:
return render_template("login.html", fail="Could not authenticate.") return render_template("login.html", fail="Could not authenticate.")
@ -165,19 +211,21 @@ def admin_login():
return render_template("login.html") return render_template("login.html")
@app.route('/admin/logout', methods=['GET'])
def admin_logout():
@app.route('/accounts/logout', methods=['GET'])
def logout():
if "admin" in session: if "admin" in session:
session.pop('admin') session.pop('admin')
if "user" in session:
session.pop('user')
return redirect(url_for('home')) return redirect(url_for('home'))
@app.route("/") @app.route("/")
def home(): def home():
if Admin.exists():
if User.admin_exists():
return render_template("index.html") return render_template("index.html")
else: else:
return redirect(url_for("admin_create"))
return redirect(url_for("accounts_create"))
# Routes for CRUD operations on chemicals # Routes for CRUD operations on chemicals
@ -318,9 +366,10 @@ def batch_add_request():
return render_template("batchadd.html") return render_template("batchadd.html")
# regular users can batch search.
@app.route("/chemical/batch", methods=["GET", "POST"]) @app.route("/chemical/batch", methods=["GET", "POST"])
def batch_query_request(): def batch_query_request():
if not session.get('admin'):
if not session.get('user'):
abort(403) abort(403)
if request.method == "POST": if request.method == "POST":
if "input" not in request.files or request.files["input"].filename == '': if "input" not in request.files or request.files["input"].filename == '':

51
migrations/versions/282564545160_changed_user_schema.py
View File

@ -0,0 +1,51 @@
"""changed user schema
Revision ID: 282564545160
Revises: 1a0a82192181
Create Date: 2023-05-20 16:07:52.967576
"""
from alembic import op
import sqlalchemy as sa
# revision identifiers, used by Alembic.
revision = '282564545160'
down_revision = '1a0a82192181'
branch_labels = None
depends_on = None
def upgrade():
# ### commands auto generated by Alembic - please adjust! ###
op.create_table('user',
sa.Column('id', sa.Integer(), nullable=False),
sa.Column('username', sa.String(), nullable=False),
sa.Column('email', sa.String(), nullable=False),
sa.Column('name', sa.String(), nullable=False),
sa.Column('password', sa.String(), nullable=False),
sa.Column('institution', sa.String(), nullable=False),
sa.Column('position', sa.String(), nullable=False),
sa.Column('admin', sa.Boolean(), nullable=True),
sa.PrimaryKeyConstraint('id'),
sa.UniqueConstraint('email'),
sa.UniqueConstraint('institution'),
sa.UniqueConstraint('name'),
sa.UniqueConstraint('position'),
sa.UniqueConstraint('username')
)
op.drop_table('admin')
# ### end Alembic commands ###
def downgrade():
# ### commands auto generated by Alembic - please adjust! ###
op.create_table('admin',
sa.Column('id', sa.INTEGER(), nullable=False),
sa.Column('username', sa.VARCHAR(), nullable=False),
sa.Column('password', sa.VARCHAR(), nullable=False),
sa.PrimaryKeyConstraint('id'),
sa.UniqueConstraint('username')
)
op.drop_table('user')
# ### end Alembic commands ###

51
templates/account_edit.html
View File

@ -0,0 +1,51 @@
{% extends "base.html" %}
{% block content %}
<h1>Edit Account Profile</h1>
<table>
<tr>
<td>Id</td>
<td>{{user.id}}</td>
</tr>
<tr>
<td>Username</td>
<td>{{user.username}}</td>
</tr>
<tr>
<td>Admin</td>
<td>{% if user.admin %} Yes {% else %} False {% endif %}</td>
</tr>
</table>
<form method="post">
<label for="name">Name:</label>
<input id="name" name="name" type="text" required="required"
value="{{user.name | safe}}">
<br>
<label for="email">Email:</label>
<input id="email" name="email" type="text" required="required"
value="{{user.email | safe}}">
<br>
<label for="institution">Institution:</label>
<input id="institution" name="institution" type="text"
required="required"
value="{{user.institution |
safe}}">
<br>
<label for="position">Position:</label>
<input id="position" name="position" type="text" required="required"
value="{{user.position
| safe}}">
<br>
<br>
<input type="submit" value="Submit" id="submit">
</form>
{% if success %}
<p style="color:darkgreen">Edits Successful!</p>
{% elif fail %}
<p style="color:darkred">Edits Failed. Please try again. {{fail}}</p>
{% endif %}
{% endblock %}

34
templates/account_view.html
View File

@ -0,0 +1,34 @@
{% extends "base.html" %}
{% block content %}
<h1>View User</h1>
<table>
<tr>
<td>Id</td>
<td>{{user.id}}</td>
</tr>
<tr>
<td>Username</td>
<td>{{user.username | safe}}</td>
</tr>
<tr>
<td>Admin</td>
<td>{% if user.admin %} Yes {% else %} False {% endif %}</td>
</tr>
<tr>
<td>Name</td>
<td>{{user.name | safe}}</td>
</tr>
<tr>
<td>Email</td>
<td>{{user.email | safe}}</td>
</tr>
<tr>
<td>Institution</td>
<td>{{user.institution | safe}}</td>
</tr>
<tr>
<td>Position</td>
<td>{{user.position | safe}}</td>
</tr>
</table>
{% endblock %}

4
templates/base.html
View File

@ -18,9 +18,9 @@
<a href="{{ url_for('search') }}">Search</a> <a href="{{ url_for('search') }}">Search</a>
{% if session.admin %} {% if session.admin %}
<a href="{{ url_for('admin_root') }}">Admin</a> <a href="{{ url_for('admin_root') }}">Admin</a>
<a href="{{ url_for('admin_logout') }}">Logout</a>
<a href="{{ url_for('logout') }}">Logout</a>
{% else %} {% else %}
<a href="{{ url_for('admin_login') }}">Login</a>
<a href="{{ url_for('login') }}">Login</a>
{% endif %} {% endif %}
</nav> </nav>
</header> </header>

23
templates/register.html
View File

@ -28,6 +28,27 @@
<label for="username">Username:</label> <label for="username">Username:</label>
<input id="username" name="username" type="text" required="required"> <input id="username" name="username" type="text" required="required">
<br> <br>
<label for="name">Name:</label>
<input id="name" name="name" type="text" required="required">
<br>
<label for="email">Email:</label>
<input id="email" name="email" type="text" required="required">
<br>
<label for="institution">Institution:</label>
<input id="institution" name="institution" type="text" required="required">
<br>
<label for="position">Position:</label>
<input id="position" name="position" type="text" required="required">
<br>
<label for="admin">Admin:</label>
<input id="admin" name="admin" type="checkbox" value="y">
<br>
<label for="password">Password:</label> <label for="password">Password:</label>
<input id="password" name="password" type="password" required="required"> <input id="password" name="password" type="password" required="required">
<br> <br>
@ -41,4 +62,4 @@
{% elif fail %} {% elif fail %}
<p style="color:darkred">Login Failed. Please try again. {{fail}}</p> <p style="color:darkred">Login Failed. Please try again. {{fail}}</p>
{% endif %} {% endif %}
{% endblock %}
{% endblock %}
Write Preview
Loading…
Cancel
Save