Merge branch 'adminpage' into 'master'

Added in a admin page and auth checks See merge request benjamyn/shoplist2!1
2020-01-29 11:56:55 +11:00 · 2020-01-29 11:56:55 +11:00 · 30cc797ba1
commit 30cc797ba1
parent 853089f3b5 40242afa36
5 changed files with 168 additions and 54 deletions
--- a/shop.py
+++ b/shop.py
@ -1,4 +1,4 @@
-from flask import Flask, render_template, make_response, request, redirect, url_for, session
+from flask import Flask, render_template, make_response, request, redirect, url_for, session, abort
 from pprint import pprint
 import mysql.connector
 import configparser
@ -37,7 +37,7 @@ def runQuery(query):
    mydb = dbConnect()
    c = mydb.cursor()
    c.execute(query)
-    if "select" in query.lower():
+    if query.lower().startswith("select"):
        ret = c.fetchall()
    else:
        ret = []
@ -66,7 +66,20 @@ def getItem(rowID):
 def unGetItem(rowID):
    query = f"UPDATE SHOPLIST set gotten = 0 where id = {rowID}"
    runQuery(query)
 def get_users(username=None):
    if username == None:
        #return all users
        query = "select username, admin from USERS"
        return runQuery(query)
    query = f"select username, admin from USERS where username like '{username}'"
    return runQuery(query)
 def add_user(userData):
    username = userData["username"]
    password = userData["password"]
    query = f"insert into USERS (username, password, admin) values ('{username}', md5('{password}'), False)"
    runQuery(query)
 app = Flask(__name__)
@ -80,7 +93,7 @@ def index():
        return render_template("auth.html", data=data)
    query = readFromDB()
-    data = {"title":"Shopping List", "results":query}
+    data = {"title": "Shopping List", "results": query, "username": session["username"]}
    for device in MOBILES:
        if device in request.user_agent.platform:
            return render_template('mobile.html', data=data)
@ -103,17 +116,42 @@ def handle_data():
        unGetItem(request.form["ungot"])
    if "loginform" in request.form:
-        query = "select id, username from USERS where username = '%s' and password = md5('%s')" % (request.form["username"].lower(), request.form["password"])
+        query = "select id, username, admin from USERS where username = '%s' and password = md5('%s')" % (request.form["username"].lower(), request.form["password"])
        res = runQuery(query)
        if len(res) != 0:
            session["id"] = res[0][0]
            session["username"] = res[0][1]
            session["isAdmin"] = res[0][2]
    if "newuser" in request.form:
        #first check if the user exists
        usrCheck = get_users(request.form["username"])
        print(usrCheck)
        if len(usrCheck) != 0:
            return "Username Exists"
        userData = {"username": request.form["username"], "password": request.form["password"]}
        add_user(userData)
        return redirect(url_for("admin"))
    if "logout" in request.form:
        session.clear()
    return redirect(url_for('index'))
@app.route("/admin")
 def admin():
    if session.get('id') is None:
        data = {"title":"Login"}
        return render_template("auth.html", data=data)
    elif session.get('isAdmin') == 0:
        return redirect(url_for("index"))
    #get a list of users
    userList = get_users()
    data = {"users": userList}
    return render_template("admin.html", data=data)
 if __name__ == '__main__':
    doesTableExist()
    app.run(host="0.0.0.0")
--- a/static/css/main.css
+++ b/static/css/main.css
@ -37,5 +37,6 @@ aside {
 body {
    background-color: #2a2a2a;
    color: azure;
 }
--- a/templates/admin.html
+++ b/templates/admin.html
@ -0,0 +1,61 @@
 {% include "header.html" %}
 <body>
    <h1 class="text-center">LIST USERS</h1>
    <div class="container">
        <table class="table table-striped table-dark table-hover">
            <thead>
                <tr>
                    <th scope="col">Username</th>
                    <th scope="col">Admin</th>
                    <th scope="col">Change Password</th>
                </tr>
            </thead>
            <tbody>
                {% for x in data["users"] %}
                <tr scope="row">
                    <td>{{x[0]}}</td>
                    <td>{% if x[1] == 1 %} Yes {% else %} No {% endif %}</td>
                    <td> Implement later </td>
                </tr>
                {% endfor %}
            </tbody>
        </table>
    </div>
    <hr>
    <h1 class="text-center">ADD NEW USERS</h1>
    <div class="container">
        <form class="loginform"  action="/post" method="POST">
            <div class="form-group row">
                <label for="addbox" class="col-sm-2 col-form-label" >Username</label>
                <div class="col-sm-10">
                    <input type=text class="form-control" id="addbox" type="text" name="username" />
                </div>
            </div>
            <div class="form-group row">
                <label for="addbox" class="col-sm-2 col-form-label" >Password</label>
                    <div class="col-sm-10">
                        <input class="form-control" id="addbox" type="password" name="password"/>
                    </div>
                    <div class="form-group" style="padding-top: 10px; padding-left: 10px;">
                        <input class="btn btn-secondary" id="logbtn" type="submit" name="newuser" value="Create new account" />
                    </div>
            </div>
        </form>
        <div id="logout" style="padding-top: 3px;">
            <a href="/">
                <button onclick="window.location='admin'" class="btn btn-secondary"><i style="padding-top: 3px;"
                        class="material-icons">
                        home
                    </i></button></a>
        </div>
    </div>
    <!-- jQuery library -->
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
    <!-- Popper JS -->
    <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
    <!-- Latest compiled JavaScript -->
    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js"></script>
 </body>
 </html>
--- a/templates/index.html
+++ b/templates/index.html
@ -1,29 +1,39 @@
 {% include "header.html" %}
-    <body>
+
-        <h1 class="container" style="text-align: center">{{ data["title"] }}</h1>
+<body>
-        <!-- <aside> -->
+    <h1 class="container" style="text-align: center">{{ data["title"] }}, {{data["username"].title()}}</h1>
-        <div id="addForm">
+    <!-- <aside> -->
-            {% include "addForm.html" %}
+    <div id="addForm">
        {% include "addForm.html" %}
    </div>
    </div>
    <!-- </aside> -->
    <div class="container">
        {% include "list.html" %}
    </div>
    <div id="logout">
        <form action="/post" method="POST">
            <button type="submit" name="logout" class="btn btn-secondary"><i style="padding-top: 3px;"
                    class="material-icons">
                    exit_to_app
                </i></button>
        </form>
        <div style="padding-top: 3px;">
            <a href="admin">
                <button onclick="window.location='admin'" class="btn btn-secondary"><i style="padding-top: 3px;"
                        class="material-icons">
                        vpn_key
                    </i></button></a>
        </div>
    </div>
-        <!-- </aside> -->
+    <!-- jQuery library -->
-        <div class="container" >
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
            {% include "list.html" %}
        </div>
        <div id="logout">
            <form action="/post" method="POST">
                <button  type="submit" name="logout" class="btn btn-secondary"><i style="padding-top: 3px;" class="material-icons">
                    exit_to_app
                    </i></button>
            </form>
        </div>
        <!-- jQuery library -->
        <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
-        <!-- Popper JS -->
+    <!-- Popper JS -->
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
    <!-- Latest compiled JavaScript -->
    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js"></script>
 </body>
        <!-- Latest compiled JavaScript -->
        <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js"></script> 
    </body>
 </html>
--- a/templates/list.html
+++ b/templates/list.html
@ -1,27 +1,31 @@
 <table class="table table-striped table-dark table-hover">
-    <thead class="">
+  <thead class="">
-            <tr>
+    <tr>
-              <th scope="col">Item</th>
+      <th scope="col">Item</th>
-              <th scope="col">Requester</th>
+      <th scope="col">Requester</th>
-              <th scope="col">Gottem?</th>
+      <th scope="col">Gottem?</th>
-              <th scope="col">Remove</th>
+      <th scope="col">Remove</th>
-            </tr>
+    </tr>
-{% for x in data["results"] %}
+  </thead>
-<tbody>
+  <tbody>
-<tr scope="row" id="row-{{x[0]}}">
+    {% for x in data["results"] %}
-<td>{{x[1]}}</td>
+    <tr scope="row" id="row-{{x[0]}}">
-<td>{{x[3].title()}}</td>
+      <td>{{x[1]}}</td>
-
+      <td>{{x[3].title()}}</td>
-<td> {% if x[2] == 0 %}
+      <td> {% if x[2] == 0 %}
-        <form><button class="btn btn-secondary" type="submit" formaction="/post" formmethod="POST" name="got" value="{{x[0]}}">No</button></form>
+        <form><button class="btn btn-secondary" type="submit" formaction="/post" formmethod="POST" name="got"
-     {% else %}
+            value="{{x[0]}}">No</button></form>
-     <form><button class="btn btn-secondary" type="submit" formaction="/post" formmethod="POST" name="ungot" value="{{x[0]}}">Yes</button></form>
+        {% else %}
-     {% endif %}</td>
+        <form><button class="btn btn-secondary" type="submit" formaction="/post" formmethod="POST" name="ungot"
-<td><form>
+            value="{{x[0]}}">Yes</button></form>
-<button class="btn btn-secondary" type="submit" formaction="/post" formmethod="POST" name="rem" value="{{x[0]}}">Remove</button>
+        {% endif %}</td>
-</form>
+      <td>
-</td>
+        <form>
-</tr>
+          <button class="btn btn-secondary" type="submit" formaction="/post" formmethod="POST" name="rem"
-{% endfor %}
+            value="{{x[0]}}">Remove</button>
-</tbody>
+        </form>
      </td>
    </tr>
    {% endfor %}
  </tbody>
 </table>