WMGZON/controllers/web/user.py

""" The user controller to manage all of the user related endpoints
    in the web app
"""
from flask import Blueprint

from flask import render_template, redirect, request, session, flash, url_for
from controllers.database.user import UserController
from models.users.customer import Customer
from models.users.seller import Seller
from models.users.user import User
from utils.user_utils import is_role
from hashlib import sha512

# Blueprint to append user endpoints to
blueprint = Blueprint("users", __name__, url_prefix="/users")

ROLES = [
    "Customer",
    "Seller",
    "Admin"
]


@blueprint.context_processor
def roles_list():
    """ Places a list of all the available roles in the
        users context
    """
    return dict(roles=ROLES)


# LOGIN FUNCTIONALITY
@blueprint.route('/login')
def display_login():
    """ Function responsible for delivering the Login page for the site """
    return render_template('index.html', content="login.html")


@blueprint.post('/login')
def login():
    """ Function to handle the backend processing of a login request """
    database = UserController()
    user = database.read(request.form['username'])
    error = None

    # No user found
    if user is None:
        error = "No user found with the username " + request.form['username']
        flash(error, 'warning')
        return redirect(url_for('main.users.login'))

    # Incorrect Password
    if sha512(request.form['password'].encode()).hexdigest() != user.password:
        error = "Incorrect Password"
        flash(error, 'warning')
        return redirect(url_for('main.users.login'))

    session['user_id'] = user.id
    return redirect(url_for('main.index'))


# SIGNUP FUNCTIONALITY
@blueprint.route('/update/<int:id>')
def display_update(id: int):
    """ Function responsible for delivering the Update User page
        for the site
    """
    db = UserController()
    user = db.read_id(id)

    return render_template(
        'index.html',
        content="user.html",
        updating_user=user
    )


@blueprint.post('/update/<int:id>')
def update(id: int):
    """ Function to handle the backend processing of a signup request """
    if not is_role("Admin"):
        flash("You must be logged in an admin to update users!", "error")
        return redirect(url_for('main.index'))

    user = User(
        request.form['username'],
        "",  # Password
        request.form['firstname'],
        request.form['lastname'],
        request.form['email'],
        request.form['phone'],
        request.form['role'],
    )

    user.id = id

    db = UserController()
    checking_user = db.read(user.username)

    # User with this new username is already taken
    if checking_user is not None and checking_user.id != user.id:
        flash(
            f"User with the username {user.username} already exists!",
            "warning"
        )
        return redirect(url_for('main.users.display_update', id=id))

    # Invalid role submitted
    if user.role not in ROLES:
        flash(
            f"Selected role, {user.role}, is not valid!",
            "warning"
        )
        return redirect(url_for('main.users.display_update', id=id))

    db.update(user)

    return redirect(url_for('main.admin.users'))


# SIGN OUT FUNCTIONALITY
@blueprint.route('/logout')
def logout():
    """ Function responsible for handling logouts from the site """
    # Clear the current user from the session if they are logged in
    session.pop('user_id', None)
    return redirect(url_for('main.index'))


# SIGNUP FUNCTIONALITY
@blueprint.route('/signup')
def display_signup():
    """ Function responsible for delivering the Signup page for the site """
    return render_template('index.html', content="signup.html")


@blueprint.post('/signup')
def signup():
    """ Function to handle the backend processing of a signup request """
    database = UserController()

    # User already exists
    if database.read(request.form['username']) is not None:
        error = "User, " + request.form['username'] + " already exists"
        flash(error, 'warning')
        return redirect(url_for('main.users.signup'))

    # Signup as Seller or Customer
    if request.form.get('seller'):
        user = Seller(
            request.form['username'],
            # Hashed as soon as it is recieved on the backend
            sha512(request.form['password'].encode()).hexdigest(),
            request.form['firstname'],
            request.form['lastname'],
            request.form['email'],
            "123"
        )
    else:
        user = Customer(
            request.form['username'],
            # Hashed as soon as it is recieved on the backend
            sha512(request.form['password'].encode()).hexdigest(),
            request.form['firstname'],
            request.form['lastname'],
            request.form['email'],
            "123"
        )

    database.create(user)
    # Code 307 Preserves the original request (POST)
    return redirect(url_for('main.users.login'), code=307)


# DELETE USER FUNCTIONALITY
@blueprint.post('/delete/<int:id>')
def delete(id: int):
    """ Function responsible for deleting users from the site """
    if not is_role("Admin"):
        flash("You must be logged in an admin to remove users!", "error")
        return redirect(url_for('main.index'))

    db = UserController()
    db.delete(id)
    return redirect(url_for('main.admin.users'))
Updated line endings to be in line with UNIX style 2024-01-28 11:59:04 +00:00			`""" The user controller to manage all of the user related endpoints`
			`in the web app`
			`"""`
			`from flask import Blueprint`

REFACTOR: Changes all raw url's to url_fors 2024-02-13 23:15:32 +00:00			`from flask import render_template, redirect, request, session, flash, url_for`
Updated line endings to be in line with UNIX style 2024-01-28 11:59:04 +00:00			`from controllers.database.user import UserController`
			`from models.users.customer import Customer`
			`from models.users.seller import Seller`
#10 Added ability to update user details 2024-02-14 21:59:31 +00:00			`from models.users.user import User`
#10 Added ability for users to be removed from the site. 2024-02-13 22:48:23 +00:00			`from utils.user_utils import is_role`
Updated line endings to be in line with UNIX style 2024-01-28 11:59:04 +00:00			`from hashlib import sha512`

			`# Blueprint to append user endpoints to`
REFACTOR: Changes all raw url's to url_fors 2024-02-13 23:15:32 +00:00			`blueprint = Blueprint("users", __name__, url_prefix="/users")`
Updated line endings to be in line with UNIX style 2024-01-28 11:59:04 +00:00
#10 Added ability to update user details 2024-02-14 21:59:31 +00:00			`ROLES = [`
			`"Customer",`
			`"Seller",`
			`"Admin"`
			`]`


			`@blueprint.context_processor`
			`def roles_list():`
			`""" Places a list of all the available roles in the`
			`users context`
			`"""`
			`return dict(roles=ROLES)`

Updated line endings to be in line with UNIX style 2024-01-28 11:59:04 +00:00
			`# LOGIN FUNCTIONALITY`
			`@blueprint.route('/login')`
			`def display_login():`
			`""" Function responsible for delivering the Login page for the site """`
			`return render_template('index.html', content="login.html")`


			`@blueprint.post('/login')`
			`def login():`
			`""" Function to handle the backend processing of a login request """`
			`database = UserController()`
			`user = database.read(request.form['username'])`
			`error = None`

			`# No user found`
			`if user is None:`
			`error = "No user found with the username " + request.form['username']`
			`flash(error, 'warning')`
REFACTOR: Changes all raw url's to url_fors 2024-02-13 23:15:32 +00:00			`return redirect(url_for('main.users.login'))`
Updated line endings to be in line with UNIX style 2024-01-28 11:59:04 +00:00
			`# Incorrect Password`
			`if sha512(request.form['password'].encode()).hexdigest() != user.password:`
			`error = "Incorrect Password"`
			`flash(error, 'warning')`
REFACTOR: Changes all raw url's to url_fors 2024-02-13 23:15:32 +00:00			`return redirect(url_for('main.users.login'))`
Updated line endings to be in line with UNIX style 2024-01-28 11:59:04 +00:00
			`session['user_id'] = user.id`
REFACTOR: Changes all raw url's to url_fors 2024-02-13 23:15:32 +00:00			`return redirect(url_for('main.index'))`
Updated line endings to be in line with UNIX style 2024-01-28 11:59:04 +00:00

#10 Added ability to update user details 2024-02-14 21:59:31 +00:00			`# SIGNUP FUNCTIONALITY`
			`@blueprint.route('/update/<int:id>')`
			`def display_update(id: int):`
			`""" Function responsible for delivering the Update User page`
			`for the site`
			`"""`
			`db = UserController()`
			`user = db.read_id(id)`

CHORE: Fixed pep8 test failure 2024-02-14 22:14:42 +00:00			`return render_template(`
			`'index.html',`
			`content="user.html",`
			`updating_user=user`
			`)`
#10 Added ability to update user details 2024-02-14 21:59:31 +00:00

			`@blueprint.post('/update/<int:id>')`
			`def update(id: int):`
			`""" Function to handle the backend processing of a signup request """`
			`if not is_role("Admin"):`
			`flash("You must be logged in an admin to update users!", "error")`
			`return redirect(url_for('main.index'))`

			`user = User(`
			`request.form['username'],`
			`"", # Password`
			`request.form['firstname'],`
			`request.form['lastname'],`
			`request.form['email'],`
			`request.form['phone'],`
			`request.form['role'],`
			`)`

			`user.id = id`

			`db = UserController()`
			`checking_user = db.read(user.username)`

			`# User with this new username is already taken`
			`if checking_user is not None and checking_user.id != user.id:`
			`flash(`
			`f"User with the username {user.username} already exists!",`
			`"warning"`
			`)`
			`return redirect(url_for('main.users.display_update', id=id))`
CHORE: Fixed pep8 test failure 2024-02-14 22:14:42 +00:00
#10 Cleaned up user alteration code. Stopped user being able to add arbitrary roles. Stopped logged in user from changing when updaing a given user account. 2024-02-14 22:13:34 +00:00			`# Invalid role submitted`
			`if user.role not in ROLES:`
			`flash(`
			`f"Selected role, {user.role}, is not valid!",`
			`"warning"`
			`)`
			`return redirect(url_for('main.users.display_update', id=id))`
#10 Added ability to update user details 2024-02-14 21:59:31 +00:00
			`db.update(user)`

			`return redirect(url_for('main.admin.users'))`


			`# SIGN OUT FUNCTIONALITY`
			`@blueprint.route('/logout')`
			`def logout():`
			`""" Function responsible for handling logouts from the site """`
			`# Clear the current user from the session if they are logged in`
			`session.pop('user_id', None)`
			`return redirect(url_for('main.index'))`


Updated line endings to be in line with UNIX style 2024-01-28 11:59:04 +00:00			`# SIGNUP FUNCTIONALITY`
			`@blueprint.route('/signup')`
			`def display_signup():`
			`""" Function responsible for delivering the Signup page for the site """`
			`return render_template('index.html', content="signup.html")`


			`@blueprint.post('/signup')`
			`def signup():`
			`""" Function to handle the backend processing of a signup request """`
			`database = UserController()`

			`# User already exists`
			`if database.read(request.form['username']) is not None:`
			`error = "User, " + request.form['username'] + " already exists"`
			`flash(error, 'warning')`
REFACTOR: Changes all raw url's to url_fors 2024-02-13 23:15:32 +00:00			`return redirect(url_for('main.users.signup'))`
Updated line endings to be in line with UNIX style 2024-01-28 11:59:04 +00:00
			`# Signup as Seller or Customer`
			`if request.form.get('seller'):`
			`user = Seller(`
			`request.form['username'],`
			`# Hashed as soon as it is recieved on the backend`
			`sha512(request.form['password'].encode()).hexdigest(),`
			`request.form['firstname'],`
			`request.form['lastname'],`
			`request.form['email'],`
			`"123"`
			`)`
			`else:`
			`user = Customer(`
			`request.form['username'],`
			`# Hashed as soon as it is recieved on the backend`
			`sha512(request.form['password'].encode()).hexdigest(),`
			`request.form['firstname'],`
			`request.form['lastname'],`
			`request.form['email'],`
			`"123"`
			`)`

			`database.create(user)`
			`# Code 307 Preserves the original request (POST)`
REFACTOR: Changes all raw url's to url_fors 2024-02-13 23:15:32 +00:00			`return redirect(url_for('main.users.login'), code=307)`
Updated line endings to be in line with UNIX style 2024-01-28 11:59:04 +00:00

#10 Added ability for users to be removed from the site. 2024-02-13 22:48:23 +00:00			`# DELETE USER FUNCTIONALITY`
			`@blueprint.post('/delete/<int:id>')`
			`def delete(id: int):`
			`""" Function responsible for deleting users from the site """`
			`if not is_role("Admin"):`
			`flash("You must be logged in an admin to remove users!", "error")`
REFACTOR: Changes all raw url's to url_fors 2024-02-13 23:15:32 +00:00			`return redirect(url_for('main.index'))`
#10 Added ability for users to be removed from the site. 2024-02-13 22:48:23 +00:00
			`db = UserController()`
			`db.delete(id)`
REFACTOR: Changes all raw url's to url_fors 2024-02-13 23:15:32 +00:00			`return redirect(url_for('main.admin.users'))`