import os from flask import ( Blueprint, render_template, flash, request, url_for, redirect, abort, send_from_directory, current_app) from werkzeug.utils import secure_filename from calender.auth import login_required from calender.db import get_db bp = Blueprint('calender', __name__) ALLOWED_EXTENSIONS = {'png', 'jpg', 'jpeg', 'gif', 'webm', 'mp4', 'bmp'} # Todo admin interface for managing submit, comments, submission date @bp.route('/') def index(): db = get_db() posts = db.execute( 'SELECT p.id, title, body, created, nickname, file, chosen, type' ' FROM post p' ' ORDER BY created DESC' ).fetchall() # noinspection PyUnresolvedReferences return render_template('calender/index.html', posts=posts) @bp.route('/admin') @login_required def admin(): db = get_db() posts = db.execute( 'SELECT p.id, title, body, created, nickname, file, chosen, type' ' FROM post p' ' ORDER BY created DESC' ).fetchall() # noinspection PyUnresolvedReferences return render_template('calender/admin.html', posts=posts) @bp.route('/create', methods=('GET', 'POST')) # @login_required def create(): if request.method == 'POST': title = request.form['title'] nickname = request.form['nickname'] body = request.form['body'] # check if the post request has the file part if 'file' not in request.files: flash('No file part') return redirect(request.url) file = request.files['file'] # if user does not select file, browser also # submit an empty part without filename if file.filename == '': flash('No selected file') return redirect(request.url) error = None if not title: error = 'Title is required.' if error is not None: flash(error) else: if file and allowed_file(file.filename): file_type = check_file_type(file.filename) filename = secure_filename(file.filename) file.save(os.path.join(current_app.config['UPLOAD_FOLDER'], filename)) db = get_db() db.execute( 'INSERT INTO post (title, body, nickname, file, chosen, type)' ' VALUES (?, ?, ?, ?, ?, ?)', (title, body, nickname, url_for('calender.uploaded_file', filename=filename), False, file_type) ) db.commit() # return redirect(url_for('calender.uploaded_file',filename=filename)) return redirect(url_for('calender.index')) return render_template('calender/create.html') def get_post(id, check_author=True): post = get_db().execute( 'SELECT p.id, title, body, created, nickname, file, chosen, type' ' FROM post p' ' WHERE p.id = ?', (id,) ).fetchone() if post is None: abort(404, "Post id {0} doesn't exist.".format(id)) # if check_author and post['author_id'] != g.user['id']: # abort(403) return post @bp.route('//update', methods=('GET', 'POST')) @login_required def update(id): post = get_post(id) if request.method == 'POST': title = request.form['title'] nickname = request.form['nickname'] body = request.form['body'] if request.form.get('chosen') is None: chosen = 0 else: chosen = 1 error = None if not title: error = 'Title is required.' if error is not None: flash(error) else: db = get_db() db.execute( 'UPDATE post SET title = ?, body = ?, nickname = ?, chosen = ?' ' WHERE id = ?', (title, body, nickname, chosen, id) ) db.commit() return redirect(url_for('calender.index')) return render_template('calender/update.html', post=post) @bp.route('//delete', methods=('POST',)) @login_required def delete(id): get_post(id) db = get_db() db.execute('DELETE FROM post WHERE id = ?', (id,)) db.commit() return redirect(url_for('calender.index')) def allowed_file(filename): return '.' in filename and \ filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS def check_file_type(filename): if filename.rsplit('.', 1)[1].lower() in ['webm', 'mp4']: return 'video' else: return 'image' @bp.route('/uploads/') def uploaded_file(filename): return send_from_directory(current_app.config['UPLOAD_FOLDER'], filename)