luke-else/WMGZON
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

#10 Cleaned up user alteration code. Stopped user being able to add arbitrary roles. Stopped logged in user from changing when updaing a given user account.

Browse Source
This commit is contained in:
Luke Else 2024-02-14 22:13:34 +00:00
parent 3b8be99e15
commit bbb4ed50fc
4 changed files with 38 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
controllers/database/user.py
View File

@ -63,9 +63,11 @@ class UserController(DatabaseController):
return self.convert_type(self.get_one(query, params)) return self.convert_type(self.get_one(query, params))
def read_all(self) -> list[User] | None: def read_all(self, username: str = "") -> list[User] | None:
params = [] params = [
query = """ SELECT * FROM Users """ "%" + username + "%"
]
query = """ SELECT * FROM Users WHERE Username like ? """
return self.get_many(query, params) return self.get_many(query, params)

20
controllers/web/admin.py
View File

@ -2,7 +2,7 @@
in the web app in the web app
""" """
from flask import render_template, Blueprint, redirect, url_for, flash from flask import render_template, Blueprint, redirect, url_for, flash, request
from controllers.database.user import UserController from controllers.database.user import UserController
from controllers.database.product import ProductController from controllers.database.product import ProductController
@ -34,7 +34,14 @@ def users():
""" Endpoint responsible for managing a users permissions """ """ Endpoint responsible for managing a users permissions """
# Get all users to create admin table on frontend # Get all users to create admin table on frontend
db = UserController() db = UserController()
users = db.read_all()
search = request.args.get('search')
# Don't try submitting a None Type
if not search:
search = ""
users = db.read_all(search)
return render_template("index.html", content="admin.html", users=users) return render_template("index.html", content="admin.html", users=users)
@ -44,9 +51,14 @@ def products():
""" Endpoint responsible for managing products on the site """ """ Endpoint responsible for managing products on the site """
# Get all products to create admin table on frontend # Get all products to create admin table on frontend
db = ProductController() db = ProductController()
products = db.read_all()
print(len(products)) search = request.args.get('search')
# Don't try submitting a None Type
if not search:
search = ""
products = db.read_all("", search)
return render_template( return render_template(
"index.html", "index.html",

10
controllers/web/user.py
View File

@ -68,7 +68,7 @@ def display_update(id: int):
db = UserController() db = UserController()
user = db.read_id(id) user = db.read_id(id)
return render_template('index.html', content="user.html", user=user) return render_template('index.html', content="user.html", updating_user=user)
@blueprint.post('/update/<int:id>') @blueprint.post('/update/<int:id>')
@ -101,6 +101,14 @@ def update(id: int):
) )
return redirect(url_for('main.users.display_update', id=id)) return redirect(url_for('main.users.display_update', id=id))
# Invalid role submitted
if user.role not in ROLES:
flash(
f"Selected role, {user.role}, is not valid!",
"warning"
)
return redirect(url_for('main.users.display_update', id=id))
db.update(user) db.update(user)
return redirect(url_for('main.admin.users')) return redirect(url_for('main.admin.users'))

16
templates/user.html
View File

@ -2,26 +2,26 @@
<div id="form-wrapper"> <div id="form-wrapper">
<h2>Update User</h2> <h2>Update User</h2>
{% if user != None %} {% if updating_user != None %}
<form class="input-form" action="{{ url_for('main.users.update', id=user.id) }}" method="POST"> <form class="input-form" action="{{ url_for('main.users.update', id=updating_user.id) }}" method="POST">
<div class="form-row"> <div class="form-row">
<input type="text" id="firstname" name="firstname" placeholder="First Name" value="{{user.firstName}}" required> <input type="text" id="firstname" name="firstname" placeholder="First Name" value="{{updating_user.firstName}}" required>
<input type="text" id="lastname" name="lastname" placeholder="Last Name" value="{{user.lastName}}" required> <input type="text" id="lastname" name="lastname" placeholder="Last Name" value="{{updating_user.lastName}}" required>
</div> </div>
<div class="form-row"> <div class="form-row">
<input type="text" id="username" name="username" placeholder="Username" value="{{user.username}}" required> <input type="text" id="username" name="username" placeholder="Username" value="{{updating_user.username}}" required>
<input type="email" id="email" name="email" placeholder="Email Address" value="{{user.email}}" required> <input type="email" id="email" name="email" placeholder="Email Address" value="{{updating_user.email}}" required>
</div> </div>
<div class="form-row"> <div class="form-row">
<input type="tel" id="phone" name="phone" placeholder="Telephone Number" value="{{user.phone}}" required> <input type="tel" id="phone" name="phone" placeholder="Telephone Number" value="{{updating_user.phone}}" required>
</div> </div>
<div class="form-row"> <div class="form-row">
<select name="role" id="role"> <select name="role" id="role">
{% for role in roles %} {% for role in roles %}
{% if role == user.role %} {% if role == updating_user.role %}
<option value="{{role}}" selected>{{role}}</option> <option value="{{role}}" selected>{{role}}</option>
{% else %} {% else %}
<option value="{{role}}">{{role}}</option> <option value="{{role}}">{{role}}</option>