From 5185b44df4afa40c07338b62985bf393fd6ab53a Mon Sep 17 00:00:00 2001
From: Arvind Khadri <arvindkhadri@gmail.com>
Date: Fri, 4 Apr 2014 22:42:18 +0530
Subject: [PATCH] Fix: A user who owns a sweet can edit the sweet, after
 logging in to sweet store.  Admin can edit sweets of
 others. Adding new bootstrap and changing icons to
 glyphicons, re-styled login.html to adapt to the changes in
 bootstrap. /login now allows users to login too.

FIXME: macro of jinja templates is an alternative to underscore
templates. Refactor show_posts.html to use macros.

Comments:
---
 swtr.py                     |   77 ++++++++++++++++++++++++++++++++-----------
 templates/layout.html       |    7 ++--
 templates/login.html        |   26 ++++++++++-----
 templates/show_entries.html |    2 +-
 templates/show_posts.html   |   46 +++++++++++++++++++++++++-
 5 files changed, 127 insertions(+), 31 deletions(-)

diff --git a/swtr.py b/swtr.py
index ca1e720..34b099b 100644
--- a/swtr.py
+++ b/swtr.py
@@ -53,6 +53,7 @@ app.jinja_env.filters['len'] = len
 
 def validateSweet(payload):
     for i in payload:
+        print i
         try:
             if len(i['who']) and len(i['what']) and len(i['where']) and\
                len(i['how']) and len(i['created']):
@@ -96,7 +97,8 @@ def internal_error(e):
 def show_entries():
     print 'request:'
     print request.method
-    res = g.collection.find().sort('_id',direction=-1)
+    print session
+    res = g.collection.find().sort('_id', direction=-1)
     entries = make_list(res)
     return render_template('show_entries.html', entries=entries)
 
@@ -129,12 +131,15 @@ def addSweets():
         try:
             payload = [{'who': request.form['who'], 'what': request.form['what'],
                     'where': request.form['where'], 'how': request.form['how']}]
+            print payload
         except:
             try:
                 payload = request.json
             except:
                 payload = json.loads(request.data)
 
+    if type(payload) is dict:
+        payload = [payload]
 
     valid = validateSweet(payload)
     if not valid:
@@ -161,12 +166,34 @@ def addSweets():
 def login():
     error = None
     if request.method == 'POST':
+        db = g.connection[app.config['DATABASE']]
+        collection = db['sweet_users']
+        for i in collection.find():
+            if i['user'] == request.form['username'] and i['key'] == request.form['password']:
+                session['logged_in'] = True
+                session['username'] = request.form['username']
+                flash('You were logged in')
+                res = g.collection.find({'who': request.form['username']})
+
+                if res.count() < 1:
+                    return render_template('show_entries.html', entries=[])
+                swt_list = []
+                for swt in res:
+                    _id = swt['_id']
+                    del(swt['_id'])
+                    swt['id'] = str(_id)
+                    swt_list.append(swt)
+                return render_template('show_entries.html', entries=swt_list)
+            else:
+                pass
+
         if request.form['username'] != app.config['USERNAME']:
             error = 'Invalid username'
         elif request.form['password'] != app.config['PASSWORD']:
             error = 'Invalid password'
         else:
             session['logged_in'] = True
+            session['isAdmin'] = True
             flash('You were logged in')
             return redirect(url_for('show_entries'))
     return render_template('login.html', error=error)
@@ -234,29 +261,39 @@ def return_database_entry(post_id):
 
 
 
-@app.route('/posts/<post_id>',methods=['GET'])
+@app.route('/posts/<post_id>', methods=['GET', 'POST'])
 def show_specific_entry(post_id):
-    try:
-        res = g.collection.find({'_id':ObjectId(post_id)})
-        if(res.count() > 0):
-            #entries = make_list(res)
-            entries = []
-            for i in res:
-                _id = i['_id']
-                del(i['_id'])
-                i['id'] = _id
-                entries.append(i)
-            return render_template('show_posts.html', entries=entries, str=str)
-        else:
+    if request.method == 'GET':
+        try:
+            res = g.collection.find({'_id': ObjectId(post_id)})
+            if(res.count() > 0):
+                #entries = make_list(res)
+                entries = []
+                for i in res:
+                    _id = i['_id']
+                    del(i['_id'])
+                    i['id'] = _id
+                    entries.append(i)
+                return render_template('show_posts.html', entries=entries, str=str)
+            else:
+                abort(404)
+        except InvalidId:
+            abort(404)
+    else:
+        how = {}
+        for item in request.form:
+            how[item] = request.form[item]
+        try:
+            g.collection.update({'_id': ObjectId(post_id)}, {"$set":{'how':how}})
+            response = make_response()
+            return response
+        except:
             abort(404)
-    except InvalidId:
-        abort(404)
-
 
 @app.route('/posts/delete/', methods=['POST'])
 def delete_post():
     try:
-        g.collection.remove({'_id':ObjectId(request.form['post_id'])})
+        g.collection.remove({'_id': ObjectId(request.form['post_id'])})
         return jsonify(status='ok')
     except:
         abort(500)
@@ -264,6 +301,8 @@ def delete_post():
 @app.route('/logout')
 def logout():
     session.pop('logged_in', None)
+    session.pop('username', None)
+    session.pop('isAdmin', None)
     flash('You were logged out')
     return redirect(url_for('show_entries'))
 
@@ -312,7 +351,7 @@ def user(user_id='all'):
         return render_template("users.html", users=users)
 
 
-@app.route('/authenticate', methods=['POST','GET'])
+@app.route('/authenticate', methods=['POST', 'GET'])
 def authenticate():
     if request.method == "POST":
         response = make_response()
diff --git a/templates/layout.html b/templates/layout.html
index c5d368e..64bdbaf 100644
--- a/templates/layout.html
+++ b/templates/layout.html
@@ -3,7 +3,10 @@
   <head>
     <title>SWeeT Store</title>
     <link rel=stylesheet type=text/css href="{{ url_for('static', filename='css/style.css') }}">
-    <link rel=stylesheet type=text/css href="{{ url_for('static', filename='css/bootstrap.min.css') }}">
+    <link rel=stylesheet type=text/css href="//netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css">
+    <script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
+    <script src="//netdna.bootstrapcdn.com/bootstrap/3.1.1/js/bootstrap.min.js"></script>
+    <script type="text/javascript" src="//underscorejs.org/underscore-min.js"></script>
     {% block head %}{% endblock %}
   </head>
   <body>
@@ -26,7 +29,7 @@
         {% block body %}{% endblock %}
       </div>
     </div>
-    <script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
+    <!-- <script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script> -->
     <!--script>window.jQuery || document.write('<script src="{{ url_for('static', filename='js/jquery-1.9.1.min.js')}}"><\/script>')</script-->
   </body>
 </html>
diff --git a/templates/login.html b/templates/login.html
index 6f70bb7..d7d1da8 100644
--- a/templates/login.html
+++ b/templates/login.html
@@ -2,13 +2,23 @@
 {% block body %}
   <h2>Login</h2>
   {% if error %}<p class=error><strong>Error:</strong> {{ error }}{% endif %}
-  <form action="{{ url_for('login') }}" method=post>
-    <dl>
-      <dt>Username:
-      <dd><input type=text name=username>
-      <dt>Password:
-      <dd><input type=password name=password>
-      <dd><input type=submit value=Login>
-    </dl>
+  <form class="form-horizontal" role="form" action="{{ url_for('login') }}" method=post>
+    <div class="form-group">
+      <label for="username" class="col-sm-2 control-label">Username</label>
+      <div class="col-sm-10">
+        <input type="text" class="form-control" name="username" id="username" placeholder="murugan">
+      </div>
+    </div>
+    <div class="form-group">
+      <label for="password" class="col-sm-2 control-label">Password</label>
+      <div class="col-sm-10">
+        <input type="password" class="form-control" id="password" name="password" placeholder="Password">
+      </div>
+    </div>
+    <div class="form-group">
+      <div class="col-sm-offset-2 col-sm-10">
+        <button type="submit" class="btn btn-default">Sign in</button>
+      </div>
+    </div>
   </form>
 {% endblock %}
diff --git a/templates/show_entries.html b/templates/show_entries.html
index 2a579be..cffaad3 100644
--- a/templates/show_entries.html
+++ b/templates/show_entries.html
@@ -18,7 +18,7 @@
           <small>created: {{entry.created }} UTC</small>
         {% endif %}
         <a class="pull-right" href={{ "/posts/" + entry.id }}>
-          <i class="icon-share-alt"></i>
+          <i class="glyphicon glyphicon-share-alt"></i>
         </a>
       </li>
 			{% endif %}
diff --git a/templates/show_posts.html b/templates/show_posts.html
index 9517827..525b3b4 100644
--- a/templates/show_posts.html
+++ b/templates/show_posts.html
@@ -13,6 +13,15 @@
     }
     return false;
   }
+  function editPost(entry) {
+  t = _.template($("#editTemplate").html());
+  $(".modal-body").append(t(items=entry));
+  $("input").each(function(item) {
+    $(this).val(entry[$(this).attr('for')]);
+
+  }, this);
+  $("#editModal").modal();
+  }
 </script>
 <ul class="entries">
   {% for entry in entries %}
@@ -20,11 +29,46 @@
       @<b>{{ entry.who }}</b>
       <b>#{{ entry.what }}</b> /{{ entry.where }} {{ entry.how|safe }}
       {% if session.logged_in %}
+      {% if session.isAdmin or session.username == entry.who %}
+      <button class="right btn btn-sm btn-default" onclick='editPost({{entry.how|tojson|safe}})'>
+        <i class="glyphicon glyphicon-edit"></i>
+      </button>
       <a class="pull-right" href="#" onclick='deletePost({{entry.id|string|tojson|safe}})'>
-        <i class="icon-trash"></i>
+        <i class="glyphicon glyphicon-trash"></i>
       </a>
       {% endif %}
+      {% endif %}
     </li>
 	{% endfor %}
 </ul>
+
+<div class="modal fade" id="editModal" tabindex="-1" role="dialog" aria-labelledby="ModalLabel" aria-hidden="true">
+  <div class="modal-dialog modal-lg">
+    <div class="modal-content">
+      <div class="modal-header">
+        <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
+        <h4 class="modal-title">Edit SWeeT</h4>
+      </div>
+      <div class="modal-body row">
+
+      </div>
+      <div class="modal-footer">
+        <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
+      </div>
+    </div><!-- /.modal-content -->
+  </div><!-- /.modal-dialog -->
+</div><!-- /.modal -->
+
+<script type="text/template" id="editTemplate">
+<form action="" method="post">
+  <% _.each(items, function(item, key) { %>
+    <div class="input-group col-md-12">
+  <label> <%= key %> </label>
+    <input name=<%= key %>  for=<%= key %> class="form-control" type="text"> </input>
+  </div>
+  </br>
+    <% }) %>
+    <button class="btn btn-default" type="submit">Save</button>
+</form>
+</script>
 {% endblock %}
-- 
1.7.10.4