better structure

2020-04-30 22:38:33 +02:00 · 2020-04-30 22:38:33 +02:00 · 033ccda95f
commit 033ccda95f
parent 0d8946bf56
2 changed files with 92 additions and 73 deletions
--- a/list.tpl
+++ b/list.tpl
@ -1,11 +1,6 @@
 <h2>Liste</h2>
 <ul>
-% for user in mongodb_database['users'].find():
+% for item in data:
-    <li>{{user}}</li>
+    <li>{{item}}</li>
 % end
 </ul>
 <ul>
 % for form in mongodb_database['forms'].find():
    <li>{{form}}</li>
 % end
 </ul>
--- a/main.py
+++ b/main.py
@ -112,17 +112,19 @@ def submission ():
    else:
        response.status = 400
        return 'Le jeton d’autentification est requis'
    if 'mail' in request.forms:
        from_address = request.forms.getunicode('mail')
    else:
-        response.status = 400
+        #response.status = 400
-        return 'Le mail est requis'
+        #return 'Le mail est requis'
        from_address = ''
    try:
        form = mongodb_database['forms'].find({'token': token})[0]
    except IndexError as e:
        response.status = 400
-        return 'L’authentification a échouée'
+        return 'Le formulaire est introuvable'
    try:
        subject_fields = fill_fields(request, get_fields(form['subject']))
@ -141,8 +143,9 @@ def submission ():
    # Redirection
    #redirect(success_redirect_default)
    origin = request.headers.get('origin')
-    return 'Mail envoyé !' + ('Retour au <a href="{}">formulaire de contact</a>'.format(origin) if origin else '')
+    return '<p>Mail envoyé !</p>' + ('<p>Retour au <a href="{}">formulaire de contact</a></p>'.format(origin) if origin else '')
 ##################################################### Helpers ############################################$
 def get_fields (string):
    """ Parse the string looking for template elements and create an array with template to fill and their default values. None if mandatory. """
    result = {}
@ -187,6 +190,26 @@ def send_mail(from_address, to, subject, content):
        return False
    return True
 def login(request):
    """
    Check if user is admin or simple user. Return a disct with _privilege key. dict is also a user if _privilege == 1
    Privileges : 0=admin 1=loggedIn 1000=guest
    """
    if 'admin_pass' in request.forms and request.forms['admin_pass'] == admin_password:
        return {'_privilege':0}
    if 'token' in request.forms:
        token = request.forms.getunicode('token')
        try:
            user = mongodb_database['users'].find({'token': token})[0]
            user['_privilege'] = 1
            return user
        except IndexError as e:
            pass
    return {'_privilege': 1000} # anonymous
 ##################################################### Forms ############################################$
@app.post('/form')
@app.post('/form/')
@ -214,18 +237,10 @@ def create_form ():
        response.status = 400
        return 'Le champs « adresse » est requis'
-    # Getting auth token
+    user = login(request)
-    if 'token' in request.forms:
+    if user['_privilege'] > 1:
        token = request.forms.getunicode('token')
    else:
        response.status = 400
-        return 'Le jeton d’autentification n’a pas été envoyé'
+        return 'Privilèges insufisants'
    try:
        user = mongodb_database['users'].find({'token': token})[0]
    except IndexError as e:
        response.status = 400
        return 'L’authentification a échouée'
    # TODO limit the insertion rate
    token = ''.join(random.sample(token_chars, token_len))
@ -239,29 +254,67 @@ def create_form ():
    return 'Créé : ' + token
-
+@app.post('/form/list')
-
+@app.post('/form/list/')
-##################################################### Admin ############################################$
+def list_forms ():
-@app.post('/admin/list')
+    user = login(request)
-@app.post('/admin/list/')
+    if user['_privilege'] == 0:
-def admin_list ():
+        filt = {}
-    if not ('admin_pass' in request.forms and request.forms['admin_pass'] == admin_password):
+    elif user['_privilege'] == 1:
        filt = {'user_id': user['_id']}
    else:
        response.status = 400
-        return 'Le champs « admin_pass » est requis'
+        return 'Privilèges insufisants'
-    return bottle.template("list.tpl", mongodb_database=mongodb_database)
+    return bottle.template("list.tpl", data=mongodb_database['forms'].find(filt))
@app.delete('/form/<token>')
@app.delete('/form/<token>/')
 def delete_form(token):
    # If admin or form owner
    user = login(request)
    if user['_privilege'] > 1:
        response.status = 400
        return 'Privilèges insufisants'
    # Actually delete
    try:
        form = mongodb_database['forms'].find({'token':token })[0]
    except IndexError as e:
        response.status = 400
        return 'Le token n’est pas valide'
    if user['_privilege'] == 0 or (form['user_id'] == user['_id']):
        mongodb_database['forms'].delete_one({
            'token': token,
        })
        return 'Supprimé ' + token
    response.status = 400
    return 'Privilèges insufisants'
 ##################################################### Users ############################################$
@app.post('/user/list')
@app.post('/user/list/')
 def list_users ():
    user = login(request)
    if user['_privilege'] > 0:
        response.status = 400
        return 'Privilèges insufisants'
    return bottle.template("list.tpl", data=mongodb_database['users'].find())
@app.put('/user/<username>')
@app.put('/user/<username>/')
 def create_user (username):
-    if not ('admin_pass' in request.forms and request.forms['admin_pass'] == admin_password):
+    user = login(request)
    if user['_privilege'] > 0:
        response.status = 400
-        return 'Le champs « admin_pass » est requis'
+        return 'Privilèges insufisants'
    try:
        mongodb_database['users'].find({'username': username})[0]
        return 'L’utilisateur existe déjà'
    except IndexError as e:
        pass
        inserted = mongodb_database['users'].insert_one({
            'username': username,
            'token': ''.join(random.sample(token_chars, token_len))
@ -272,9 +325,10 @@ def create_user (username):
@app.delete('/user/<username>')
@app.delete('/user/<username>/')
 def delete_user (username):
-    if not ('admin_pass' in request.forms and request.forms['admin_pass'] == admin_password):
+    user = login(request)
    if user['_privilege'] > 0:
        response.status = 400
-        return 'Le champs « admin_pass » est requis'
+        return 'Privilèges insufisants'
    try:
        mongodb_database['users'].find({'username': username})[0]
    except IndexError as e:
@ -286,37 +340,7 @@ def delete_user (username):
    return 'Supprimé ' + username
-@app.delete('/form/<token>')
+##################################################### Bottle stuff ############################################$
@app.delete('/form/<token>/')
 def delete_form(token):
    # If admin or form owner
    admin = False
    if 'admin_pass' in request.forms and request.forms['admin_pass'] == admin_password:
        admin = True
    user_token = False
    if 'token' in request.forms:
        try:
            user = mongodb_database['users'].find({'token':request.forms['token']})[0]
            user_token = True
        except IndexError as e:
            pass
    # Actually delete
    try:
        form = mongodb_database['forms'].find({'token':token })[0]
    except IndexError as e:
        response.status = 400
        return 'Le token n’est pas valide'
    if (user_token and form['user_id'] == user['_id']) or admin:
        mongodb_database['forms'].delete_one({
            'token': token,
        })
        return 'Supprimé ' + token
    response.status = 400
    return 'Vous n’avez pas les droits pour supprimer ce formulaire'
 class StripPathMiddleware(object):
    '''