1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
from flask import Blueprint, request, session, render_template, redirect, url_for, abort
from user_agents import parse as user_agent
from .umbrellas import Umbrellas
from .admin_log import AdminLog
from .users import Users
from .exceptions import *
from .config import *
bp = Blueprint("admin", __name__, url_prefix="/admin")
db = Umbrellas(DATABASE_PATH)
users = Users(DATABASE_PATH)
admin_log = AdminLog(ADMIN_LOG_PATH)
@bp.before_request
def check_privilege():
# only clients who have obtained a session and sent it in the Cookie header
# will have a decryptable username here
if "username" not in session:
return redirect(url_for("auth.auth", action="login"))
username = session["username"]
user = users.find(username) # under normal circumstances it must exist
if user["role"] != "admin":
abort(403)
@bp.route("/")
def index():
umbrellas = db.read()
# count # of umbrellas in each status
status_count = {
status: len([u for u in umbrellas if u["status"] == status])
for status in ("available", "lent", "overdue")
}
return render_template(
"admin/index.html",
umbrellas=len(umbrellas),
available=status_count["available"],
lent=status_count["lent"],
overdue=status_count["overdue"],
mobile=user_agent(request.user_agent.string).is_mobile,
)
@bp.route("/umbrellas")
def umbrellas():
umbrellas = db.read()
edit = request.args.get("edit")
error = request.args.get("error")
template = (
"admin/umbrellas_mobile.html"
if user_agent(request.user_agent.string).is_mobile
else "admin/umbrellas_desktop.html"
)
return render_template(
template,
umbrellas=umbrellas,
edit=int(edit) if edit is not None and edit.isnumeric() else None,
error=error,
)
@bp.route("/umbrellas/edit", methods=["POST"])
def umbrellas_edit():
data = {}
for key in [
"id",
"status",
"tenant_name",
"tenant_id",
"tenant_phone",
"lent_at",
]:
data[key] = request.form.get(key)
try:
diff = db.update(data)
except UmbrellaValueError as e:
# invalid field is in `e.message`.
return redirect(
"{0}?edit={1}&error={2}".format(
url_for("admin.umbrellas"), request.form.get("id"), e.message
)
)
except UmbrellaNotFoundError:
abort(400)
for column, value_pair in diff.items():
past, new = value_pair
admin_log.log(
"ADMIN_MODIFY_DB",
{
"admin_name": session["username"],
"id": data["id"],
"column": column,
"past_value": past,
"new_value": new,
},
)
return redirect(url_for("admin.umbrellas"))
@bp.route("/logs")
def logs():
logs = admin_log.read()
return render_template("admin/logs.html", logs=logs)
|
