1 files changed, 19 insertions, 15 deletions

diff --git a/famille.py b/famille.py
index 6445c7e..a0ae07e 100644
--- a/famille.py
+++ b/famille.py
@@ -4,6 +4,7 @@ from flask import Flask, request, session, g, redirect, url_for, render_template
 from functools import wraps
 import hashlib
 from pytz import timezone
+import pytz
 from docutils import core
 from docutils.writers.html4css1 import Writer
 from datetime import datetime
@@ -191,12 +192,12 @@ def edit_news(news_id):
     metadata = get_metadata()
     news = Table('news', metadata, autoload = True)
     if request.method == 'GET':
-        stmt = select([news]).where(news.c.id = news_id)
+        stmt = select([news]).where(news.c.id == news_id)
         news = query_db(stmt, True)
         if news["user_id"] == session['user_id']:
             return render_template('news/add.html', news=news)
     elif request.method == 'POST':
-        stmt = news.update().where(news.c.id = news_id).\
+        stmt = news.update().where(news.c.id == news_id).\
             values(title = request.form['title'],
                    content_cache = rstify(request.form['content']),
                    content = request.form['content'])
@@ -210,18 +211,20 @@ def edit_news(news_id):
 def view_user(user_id):
     metadata = get_metadata()
     users = Table('users', metadata, autoload = True)
-    stmt = select([users]).where(users.c.id = user_id)
+    stmt = select([users]).where(users.c.id == user_id)
     user = query_db(stmt, True)
     return render_template("user/show.html", user=user)
 
 @app.route('/user/edit/', methods=['GET', 'POST'])
 @login_required
 def edit_user():
-    db = get_db()
+    metadata = get_metadata()
+    users = Table('users', metadata, autoload = True)
+    g.timezone = pytz.common_timezones
     if request.method == 'GET':
-        user = query_db(db, 'SELECT * FROM users WHERE id= ?',
-                        (session['user_id'],), True)
-        user = {k: user[k] for k in user.keys() if user[k]}
+        stmt = select([users]).where(users.c.id == session['user_id'])
+        user = query_db(stmt, True)
+        user = {k: v for k, v  in user.items() if v}
         return render_template("user/edit.html", user=user)
     elif request.method == 'POST':
         result = {}
@@ -234,14 +237,15 @@ def edit_user():
                                        error=error)
         except KeyError:
             pass
-        args = tuple(request.form[key] for key in \
-                     ['email', 'phone', 'birthday', 'nameday', 'address_line1', \
-                     'address_line2', 'address_city_line', 'timezone'])
-        args += ("notify" in request.form, session['user_id'])
-        sqlstr = "UPDATE users SET email= ?, phone=?, birthday=?, nameday=?," \
-        "address_line1=?, address_line2=?, address_city_line=?, timezone=?, notify=? " \
-        "where id=?"
-        db.execute(sqlstr, args)
+        fields = ['email', 'phone', 'birthday', 'nameday', 'address_line1', \
+                  'address_line2', 'address_city_line', 'timezone']
+        update_values = {k: request.form[k] for k in fields}
+        if "notify" in request.form:
+            update_values['notify'] = True
+        stmt = users.update().where(users.c.id == session['user_id']).\
+            values(update_values)
+        db = db_session()
+        db.execute(stmt)
         db.commit()
         session["timezone"] = request.form["timezone"]
         return redirect(url_for('view_user', user_id=session['user_id']))