1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
# -*- coding: utf-8 -*-
import sqlite3
#all the imports
from flask import Flask, request, session, g, redirect, url_for, \
abort, render_template, flash, _app_ctx_stack
from functools import wraps
import hashlib
from docutils import core
from docutils.writers.html4css1 import Writer
from datetime import datetime
def rstify(string):
w = Writer()
result = core.publish_parts(string, writer=w)['fragment']
return result
# configuration
app = Flask(__name__)
app.config.from_envvar('CONF')
@app.template_filter('format_date')
def format_date(datetime_string, format="%a %d %b %Y"):
if not datetime_string:
return ""
return datetime.strptime(datetime_string[:-1],
"%Y-%m-%dT%H:%M:%S").strftime(format)
def query_db(query, args=(), one=False):
cur = g.db.execute(query, args)
rv = cur.fetchone() if one else cur.fetchall()
cur.close()
return rv
@app.before_request
def before_request():
conn = sqlite3.connect(app.config['DATABASE'])
conn.row_factory = sqlite3.Row
g.db = conn
@app.teardown_appcontext
def close_db_connection(exception):
"""Closes the database again at the end of the request."""
g.db.close()
def login_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if 'user_name' not in session:
return redirect(url_for('login', next=request.url))
return f(*args, **kwargs)
return decorated_function
@app.route('/')
@app.route('/news/')
@login_required
def list_news():
news = query_db("SELECT * FROM news LEFT JOIN users ON news.user_id = users.id")
return render_template("news/list.html", news=news)
@app.route('/news/add/', methods=['GET', 'POST'])
@login_required
def add_news():
if request.method == 'POST':
content = request.form['content']
content_cache = rstify(content)
cur = g.db.execute("INSERT INTO news "
"('title', 'content', 'user_id', 'content_cache') "
"VALUES (?, ?, ?, ?)",
(request.form['title'], content,
session['user_id'], content_cache))
news_id = cur.lastrowid
g.db.commit()
return redirect(url_for('show_news', news_id=news_id))
elif request.method == 'GET':
return render_template("news/add.html")
@app.route('/news/<int:news_id>/', methods=['GET', 'POST'])
@login_required
def show_news(news_id):
news = query_db("SELECT * FROM news LEFT JOIN users ON news.user_id = users.id "
"WHERE news.id = ?", (news_id,), True)
if request.method == 'GET':
comments = query_db("SELECT * FROM comments LEFT JOIN users "
"ON comments.user_id = users.id "
"WHERE comments.news_id = ?", (news_id,))
return render_template("news/show.html", news=news, comments=comments)
elif request.method == 'POST':
user_id = session['user_id']
content = request.form['content']
content_cache = rstify(content)
g.db.execute("INSERT INTO comments "
"('user_id', 'content', 'news_id', 'content_cache') "
"VALUES (?, ?, ?, ?)", (user_id, content, news_id, content_cache))
g.db.commit()
return redirect(url_for('show_news', news_id=news_id))
@app.route('/news/<int:news_id>/edit', methods=['GET', 'POST'])
@login_required
def edit_news(news_id):
if request.method == 'GET':
news = query_db("SELECT * from news WHERE news.id = ?", (news_id,), True)
if news["user_id"] == session['user_id']:
return render_template('news/add.html', news=news)
elif request.method == 'POST':
title = request.form['title']
content = request.form['content']
content_cache = rstify(content)
g.db.execute("UPDATE news SET 'title'=?, 'content'=?, 'content_cache'=? "
"WHERE news.id =?",
(title, content, content_cache, news_id))
g.db.commit()
return redirect(url_for('show_news', news_id=news_id))
@app.route('/login/', methods=['GET', 'POST'])
def login():
if 'user_name' in session:
return redirect(url_for('list_news'))
error = None
if request.method == 'POST':
username = request.form['username']
password = hashlib.md5(request.form['password']).hexdigest();
user = query_db('select * from users where name = ?', (username,), True)
if user:
if user['password'] == password:
session['user_name'] = user['name']
session['user_id'] = user['id']
return redirect(url_for('list_news'))
else:
error = u'Mot de passe incorrect'
else:
error = u'Utilisateur non enregistré'
return render_template('login.html', error=error)
@app.route('/logout/')
@login_required
def logout():
session.pop('user_name', None)
session.pop('user_id', None)
return redirect(url_for('login'))
if __name__=="__main__":
app.run()
|
