-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.py
309 lines (255 loc) · 11.2 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
import werkzeug
from flask import Flask, render_template, redirect, url_for, flash, request
from flask_ckeditor import CKEditor
from flask_bootstrap import Bootstrap
from werkzeug.security import generate_password_hash, check_password_hash
from flask_sqlalchemy import SQLAlchemy
from flask_login import UserMixin, login_user, LoginManager, login_required, current_user, logout_user
from forms import RegisterForm, LoginForm, EditForm, AdminForm, ResetPassword, ChangePassword, AnnouncementForm
from functools import wraps
from flask import abort
import os
from players import Players
# Initiate the flask app with bootstrap and wtf forms
# Secret key is stored in environ variable in heroku as well as pycharm
app = Flask(__name__)
app.config['SECRET_KEY'] = os.environ.get("SECRET_KEY")
ckeditor = CKEditor(app)
Bootstrap(app)
# CONNECT TO DB from Heroku
uri = os.environ.get("DATABASE_URL")
if uri and uri.startswith("postgres://"):
uri = uri.replace("postgres://", "postgresql://", 1)
app.config['SQLALCHEMY_DATABASE_URI'] = uri
# CONNECT TO DB from Pycharm
# app.config['SQLALCHEMY_DATABASE_URI'] = os.environ.get("DATABASE_URL", "sqlite:///club.db")
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
db = SQLAlchemy(app)
# Use login manager to find current user status and authenticate
login_manager = LoginManager()
login_manager.init_app(app)
# Create admin-only decorator
def admin_only(f):
@wraps(f)
def decorated_function(*args, **kwargs):
# If id is not 1 then return abort with 403 error
if current_user.id != 1:
return abort(403)
# Otherwise continue with the route function
return f(*args, **kwargs)
return decorated_function
# CONFIGURE TABLES
class User(UserMixin, db.Model):
__tablename__ = "players"
id = db.Column(db.Integer, primary_key=True)
email = db.Column(db.String(100), unique=True)
password = db.Column(db.String(100))
name = db.Column(db.String(100), nullable=False)
address = db.Column(db.String(250))
dress_size = db.Column(db.String(100))
dob = db.Column(db.String(100))
passport = db.Column(db.String(100))
strength = db.Column(db.Text)
weakness = db.Column(db.Text)
improvements = db.Column(db.Text)
class Announcement(db.Model):
__tablename__ = "announcement"
id = db.Column(db.Integer, primary_key=True)
title = db.Column(db.String(250), unique=True, nullable=False)
body = db.Column(db.Text, nullable=False)
# db.create_all()
@login_manager.user_loader
def load_user(user_id):
return User.query.get(int(user_id))
@app.route('/')
def home():
return render_template("index.html")
@app.route('/batcc')
def batcc():
return render_template("batcc.html")
@app.route('/login', methods=["GET", "POST"])
def login():
login_form = LoginForm()
if login_form.validate_on_submit():
email = login_form.email.data
password = login_form.password.data
user = User.query.filter_by(email=email).first()
# Use flash messages to make login interactive
if user:
if check_password_hash(user.password, password):
login_user(user)
if user.name == "Administrator":
return redirect(url_for('admin_page'))
else:
return redirect(url_for('player_profile', player_id=user.id))
else:
flash('Invalid password provided')
return redirect(url_for('login'))
else:
flash('Invalid user provided')
return redirect(url_for('login'))
return render_template("login.html", form=login_form)
@app.route('/logout')
def logout():
logout_user()
return redirect(url_for('home'))
@app.route('/register', methods=["GET", "POST"])
def register():
register_form = RegisterForm()
if register_form.validate_on_submit():
if User.query.filter_by(email=register_form.email.data).first():
# User already exists
flash("You've already signed up with that email, log in instead!")
return redirect(url_for('login'))
# Create new user and login the new user
new_user = User(
email=register_form.email.data,
password=werkzeug.security.generate_password_hash(register_form.password.data, method='pbkdf2:sha256',
salt_length=8),
name=register_form.name.data.title(),
address=register_form.address.data,
dress_size=register_form.dress_size.data,
dob=register_form.dob.data,
passport=register_form.passport.data,
strength=register_form.strength.data,
weakness=register_form.weakness.data,
improvements=register_form.improvements.data,
)
db.session.add(new_user)
db.session.commit()
login_user(new_user)
return redirect(url_for('player_profile', player_id=new_user.id))
return render_template("register.html", form=register_form)
@app.route('/player_profile/<player_id>', methods=["GET", "POST"])
@login_required
def player_profile(player_id):
# Give user the privilege to change password through a wtf change_password_form
change_password_form = ChangePassword()
# Find the player entry from the database
player = User.query.filter_by(id=player_id).first()
# Create a Players object and get the filename of the player image
players = Players()
player_image = players.get_image_file(player.name)
# Code to change password
if change_password_form.validate_on_submit():
new_password = change_password_form.password.data
current_user.password = werkzeug.security.generate_password_hash(new_password, method='pbkdf2:sha256',
salt_length=8)
db.session.commit()
logout_user()
return redirect(url_for('login'))
return render_template("player_profile.html", player=player, form=change_password_form, current_user=current_user,
player_image=player_image)
@app.route('/edit_profile', methods=["GET", "POST"])
@login_required
def edit_profile():
# Allow the user to edit certain parts from his profile
edit_form = EditForm(
name=current_user.name,
address=current_user.address,
dress_size=current_user.dress_size,
passport=current_user.passport,
strength=current_user.strength,
weakness=current_user.weakness,
improvements=current_user.improvements,
)
# Prefill the edit form with the current values
if edit_form.validate_on_submit():
current_user.address = edit_form.address.data
current_user.name = edit_form.name.data
current_user.dress_size = edit_form.dress_size.data
current_user.passport = edit_form.passport.data
current_user.strength = edit_form.strength.data
current_user.weakness = edit_form.weakness.data
current_user.improvements = edit_form.improvements.data
db.session.commit()
return redirect(url_for('player_profile', player_id=current_user.id))
return render_template("edit_profile.html", form=edit_form)
@app.route('/admin_page', methods=["GET", "POST"])
@admin_only
def admin_page():
# Create a admin password reset form
reset_password_form = ResetPassword()
# Query for all users to display the users in admin page
all_players = User.query.all()
# Reset password code
if reset_password_form.validate_on_submit():
name = reset_password_form.name.data
req_player = User.query.filter_by(name=name).first()
if req_player:
req_player.password = werkzeug.security.generate_password_hash("Batcc1234", method='pbkdf2:sha256',
salt_length=8)
db.session.commit()
flash('Password reset to Batcc1234')
else:
flash('User not found')
return redirect(url_for('admin_page'))
return render_template("admin_page.html", players=all_players, form=reset_password_form)
@app.route('/admin_edit/<player_id>', methods=["GET", "POST"])
@admin_only
def admin_edit(player_id):
# After click on player from admin page, allow admin to update certain fields in the player profile
req_player = User.query.filter_by(id=player_id).first()
print(req_player.name)
admin_form = AdminForm(
name=req_player.name,
strength=req_player.strength,
weakness=req_player.weakness,
improvements=req_player.improvements,
)
if admin_form.validate_on_submit():
req_player.name = admin_form.name.data
req_player.strength = admin_form.strength.data
req_player.weakness = admin_form.weakness.data
req_player.improvements = admin_form.improvements.data
db.session.commit()
return redirect(url_for('player_profile', player_id=req_player.id))
return render_template("admin_edit.html", form=admin_form)
@app.route('/batcc_falcons', methods=["GET", "POST"])
def batcc_falcons():
# Get all falcon player album with name list and image list from the Player class
falcon_players = Players()
falcon_players.get_falcons()
return render_template("batcc_falcons.html", players=falcon_players.player_list, images=falcon_players.image_list,
number_players=falcon_players.number_players)
@app.route('/batcc_lions', methods=["GET", "POST"])
def batcc_lions():
# Get all lion player album with name list and image list from the Player class
lion_players = Players()
lion_players.get_lions()
return render_template("batcc_lions.html", players=lion_players.player_list, images=lion_players.image_list,
number_players=lion_players.number_players)
@app.route('/scheduler')
def scheduler():
# Excel based scheduler
return render_template("scheduler1.html")
@app.route('/announcements')
def announcements():
all_announcements = Announcement.query.all()
return render_template("announcements.html", announcements=all_announcements)
@app.route('/make_announcement', methods=["GET", "POST"])
@admin_only
def make_announcement():
announcement_form = AnnouncementForm()
if announcement_form.validate_on_submit():
new_announcement = Announcement(
title=announcement_form.title.data,
body=announcement_form.body.data
)
db.session.add(new_announcement)
db.session.commit()
return redirect(url_for('announcements'))
return render_template("make_announcement.html", form=announcement_form)
@app.route("/delete_announcement/<int:announcement_id>")
@admin_only
def delete_announcement(announcement_id):
announcement_to_delete = Announcement.query.get(announcement_id)
db.session.delete(announcement_to_delete)
db.session.commit()
return redirect(url_for('announcements'))
@app.route("/show_announcement/<int:announcement_id>", methods=["GET", "POST"])
def show_announcement(announcement_id):
requested_announcement = Announcement.query.get(announcement_id)
return render_template("show_announcement.html", announcement=requested_announcement)
if __name__ == "__main__":
app.run(debug=True)