Commit 6300cd3a authored by buttle's avatar buttle

Changed session to store _id

parent 94e3f797
......@@ -31,7 +31,7 @@ babel = Babel(app)
csrf = CSRFProtect()
csrf.init_app(app)
app.config['APP_VERSION'] = 17
app.config['APP_VERSION'] = 18
app.config['SCHEMA_VERSION'] = 9
app.config['RESERVED_SLUGS'] = ['static', 'admin', 'admins', 'user', 'users', 'form', 'forms', 'site', 'sites']
......
......@@ -47,14 +47,14 @@
</tr>
</thead>
<!-- Keep the data TD on one line! -->
{% for entry in form.entries %}
<tr>
<td id="row_{{ loop.index }}" style="border-right: 1px solid #ccc;">
<td id="row_{{ loop.index }}" style="border-right: 1px solid #ccc; border-left: 1px solid #ccc;">
<i class="fa fa-ban delete-row" aria-hidden="true"></i>
</td>
{% for field in fieldIndex %}
<!-- Keep this TD on one line! -->
<td class="{{ fieldName }}" style="border-right: 1px solid #ccc;">{{ entry[field['name']] }}</td>
<td style="border-right: 1px solid #ccc;">{{ entry[field['name']] }}</td>
{% endfor %}
</tr>
{% endfor %}
......@@ -112,7 +112,7 @@ $(document).ready(function() {
$('#formEntries tbody').on('click', '.undo-delete-row', function () {
var $row_number=$(this).parent('td').attr('id');
console.log($(this).parents('td').attr('id'));
//console.log($(this).parents('td').attr('id'));
if (!($row_number in deletedEntries)) {
return;
......
......@@ -45,9 +45,13 @@ def before_request():
g.isAdmin=False
if '/static' in request.path:
return
g.siteName=Site().siteName
if 'username' in session:
g.current_user=User(hostname=Site().hostname, username=session['username'])
site=Site()
g.siteName=site.siteName
if 'user_id' in session:
g.current_user=User(_id=session["user_id"])
if g.current_user and g.current_user.hostname != site.hostname:
g.current_user=None
return
if g.current_user and g.current_user.isRootUser():
g.isRootUser=True
if g.current_user and g.current_user.isAdmin():
......@@ -355,8 +359,10 @@ def set_field_condition(_id):
if fieldType == "number":
try:
queriedForm.fieldConditions[request.form['field_name']]={
"type": fieldType,
"condition": int(request.form['condition'])}
"type": fieldType,
"condition": int(request.form['condition'])
}
queriedForm.expired=queriedForm.hasExpired()
queriedForm.save()
except:
......@@ -664,7 +670,7 @@ def delete_entry(_id):
queriedForm.expired=False
queriedForm.save()
queriedForm.addLog(gettext("Deleted and entry"))
queriedForm.addLog(gettext("Deleted an entry"))
return json.dumps({'deleted': True})
@app.route('/forms/undo-delete-entry/<string:_id>', methods=['POST'])
......@@ -870,11 +876,12 @@ def login():
if 'username' in request.form and 'password' in request.form:
user=User(hostname=Site().hostname, username=request.form['username'], blocked=False)
if user and verifyPassword(request.form['password'], user.data['password']):
session['username']=user.username
session["user_id"]=str(user._id)
if not user.data['validatedEmail']:
return redirect(make_url_for('user_settings', username=user.username))
else:
return redirect(make_url_for('my_forms'))
session["user_id"]=None
flash(gettext("Bad credentials"), 'warning')
return redirect(make_url_for('index'))
......@@ -883,7 +890,7 @@ def login():
@app.route('/site/logout', methods=['GET', 'POST'])
@login_required
def logout():
session['username']=None
session["user_id"]=None
return redirect(make_url_for('index'))
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment