Begins to treat the user upgrade issue

Sam Redmond · Sam Redmond · commit 7e0b956ac3f6 · 2013-11-29T03:28:42.000-08:00
diff --git a/app/models.py b/app/models.py
@@ -2,6 +2,7 @@
 import bcrypt
 ROLE_USER = 0
 ROLE_ADMIN = 1
+ROLE_SUPER = 2
 
 #Tutors are in the 'left' column, subjects are in the 'right'
 tutorsSubjects = db.Table('tutorsSubjects',
@@ -32,7 +33,7 @@ class User(db.Model):
     last_logged_in = db.Column(db.DateTime)
 
     #Administrative
-    role = db.Column(db.SmallInteger, default = ROLE_USER)
+    role = db.Column(db.SmallInteger, default = ROLE_SUPER)
     
     #Requests Made
     requests = db.relationship('Request', backref = 'author')
diff --git a/app/templates/admin.html b/app/templates/admin.html
@@ -1,6 +1,6 @@
 {% extends "layout.html" %}
 {% block content %}
-{% if g.user.role == 1 %}	
+{% if g.user.role > 0 %}	
 <h2>Users</h2>
 <div class="accordion" id="accordionusers">
 	{% for u in users %}
diff --git a/app/templates/layout.html b/app/templates/layout.html
@@ -120,9 +120,12 @@
               <li><a href="/">Home</a></li>
               <li><a href={{ url_for('learn') }}>Learn</a></li>
               <li><a href={{ url_for('teach') }}>Teach</a></li>
-              {% if g.user.role == 1 %}
+              {% if g.user.role > 0 %}
               <li><a href={{ url_for('admin') }}>Admin</a></li>
               {% endif %}
+              {% if g.user.role > 1 %}
+              <li><a href={{ url_for('manage_users') }}>Manage</a></li>
+              {% endif %}
               <li class="dropdown">
                 <a href={{ url_for('teach') }} class="dropdown-toggle" data-toggle="dropdown">Me<b class="caret"></b></a>
                 <ul class="dropdown-menu">
diff --git a/app/templates/learn.html b/app/templates/learn.html
@@ -2,10 +2,13 @@
 {% block content %}
 <h2>Learning</h2>
 <p>
-	If you need help, you're in the right place. We're glad you want to learn! You came to the right place. Here at the Math &amp; Science Help Center, our goal is to help <em>you</em> with math and/or science. Simply tell us what you need help with by filling out the form below. When you submit your information, your request will be added to a queue. Everyone (especially tutors) can see all requests at any time, and hopefully you'll soon be contacted by a tutor who is ready to help you. If you're not contacted within, say, a week, email me at sam.redmond@menloschool.org and I'll personally help you out.
+	If you need help with math or science, you're in the right place. We're glad you want to learn! Sometimes the hardest part can be seeking help from others. Here at the Math &amp; Science Help Center, our goal is to help <em>you</em> with math and/or science. 
 </p>
 <p>
-	In order for this interaction to be effective, you need to really describe the problem you're having. The more information you tell us, the better we can prepare to help you. Really go for it on the optional questions. 
+	Fill out the form below to submit a request for help. All tutors who are able to help will receive a notification, and hopefully you'll soon be contacted by a tutor who is ready to help you. If you're not contacted within a week, email me at sam.redmond@menloschool.org and I'll personally help you out.
+</p>
+<p>
+	In order to maximize the chance that this request succeeds, you need to really describe the problem you're facing. Add as much detail as possible. The more information you tell us, the better we can prepare to help you. The optional questions in particular give you the chance to tell us vital information. 
 </p>
 <div id="alert" class="alert alert-error alert-block hidden">
 		<button type="button" class="close" data-dismiss="alert">&times;</button>
@@ -22,7 +25,7 @@ <h2>Learning</h2>
 		<input class="hidden" id="subj_title" name="subj_title">
 	</fieldset>
 	<fieldset>
-		<legend>Specific Challenge <small>Select One</small></legend>
+		<legend>Issue Category<small> Select One</small></legend>
 		<p>In general, we categorize assistance into three categories - homework help, studying for a test, and working on a long-term project.</p>
     	<label class="radio">
 		  <input type="radio" name="issue" id="hw" value="hw" checked="checked">
@@ -43,7 +46,7 @@ <h2>Learning</h2>
 		</label>
 	</fieldset>
 	<fieldset>
-		<legend>Additional Information</legend>
+		<legend>Required Information</legend>
 		<div id="title-control-group" class="control-group">
 			<label class="control-label" for="title">Title</label>
 			<div class="controls">
diff --git a/app/templates/manage_users.html b/app/templates/manage_users.html
@@ -0,0 +1,37 @@
+{% extends "layout.html" %}
+{% block content %}
+{% if g.user.role == 2 %}
+<h2>Change User Roles.<small> The blue button indicates the user's old role.</small></h2>
+{%- macro radio(user_id, current_role=0) -%}
+<div class="btn-group" data-toggle="buttons-radio">
+{% if current_role == 0 %}
+	<button type="button" class="btn btn-info active">0</button>
+	<button type="button" class="btn">1</button>
+	<button type="button" class="btn">2</button>
+{% elif current_role == 1 %}
+	<button type="button" class="btn">0</button>
+	<button type="button" class="btn btn-info active">1</button>
+	<button type="button" class="btn">2</button>
+{% elif current_role == 2 %}
+	<button type="button" class="btn">0</button>
+	<button type="button" class="btn">1</button>
+	<button type="button" class="btn btn-info active">2</button>
+{% endif %}
+</div>
+{%- endmacro %}
+<form action="" name="manage_users" method="post">
+	{% for u in users %}
+	<div class="well well-small">
+		{{ u.first_name }} {{ u.last_name }}
+		{{ radio(u.id, current_role = u.role) }}
+	</div>
+	{% endfor %}
+	<button type="submit" class="btn btn-primary btn-large">Submit Changes</button>
+</form>
+
+{% else %}
+<div class="alert alert-error">
+	<strong>Error!</strong> OFF LIMITS.
+</div>
+{% endif %}
+{% endblock %}
diff --git a/app/views.py b/app/views.py
@@ -10,6 +10,8 @@
 
 PASSWORD_CHARS = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+?'
 NEW_PASSWORD_LENGTH = 13;
+ISSUE_MAP = {'hw':'Homework', 'proj': 'Project', 'test': 'Test'}
+
 
 @lm.user_loader
 def load_user(id):
@@ -55,7 +57,7 @@ def login():
         
         user = User.query.filter_by(email = email).first()
         if user is None:
-            flash('The email "{0}" is not stored in our databases.'.format(email))
+            flash('The email "{0}" is not stored in our database.'.format(email))
             return redirect(url_for('login'))
 
         if not user.verify_password(password):
@@ -174,12 +176,47 @@ def learn():
     if request.method=='POST': #Looking at the page
         info = request.form
 
+        '''
+        Server-side validation, in case bad data slips through
+        Possible Errors:
+            Invalid class selected
+            'Other' issue selected but nothing filled in
+            Nothing in the 'title' section
+            Nothing in the 'specific challenge' section
+        '''
         subj = Subject.query.filter_by(title=info['subj_title']).first()
-        if subj != None:
+        if subj == None:
+            flash("Invalid subject selected. Please leave page source alone.");
+            return redirect(url_for('learn'))
+        else:
             now = datetime.utcnow()
-            req = Request(title=info['title'],
-                issue=info['issue'],
-                body=info['challenge'],
+            issue=info['issue']
+            title=info['title']
+            body=info['challenge']
+
+            if issue == 'other':
+                elaboration=info['elaboration']
+                if elaboration == "" or elaboration == None:
+                    flash("Somehow, a blank issue type elaboration bypassed client-side validation :( Please leave page source and JS alone.");
+                    return redirect(url_for('learn'))
+                issue_str = elaboration
+            elif issue not in ISSUE_MAP:
+                flash("Somehow, an invalid issue type bypassed client-side validation :( Please leave page source and JS alone.");
+                return redirect(url_for('learn'))
+            else:
+                issue_str = ISSUE_MAP[issue]
+
+
+            if title == "" or title == None: #Remember, different browsers handle blank strings differently
+                flash("Somehow, an empty title bypassed client-side validation :( Please leave page source and JS alone.");
+                return redirect(url_for('learn'))
+            if body == "" or body == None:
+                flash("Somehow, a blank body bypassed client-side validation :( Please leave page source and JS alone.");
+                return redirect(url_for('learn'))
+
+            req = Request(title=title,
+                issue=issue_str,
+                body=body,
                 extra_requests=info['requests'],
                 availability=info['availability'],
                 additional=info['additional_comments'],
@@ -216,6 +253,21 @@ def admin():
         requests=Request.query.all(),
         subjects=Subject.query.all())
 
+@app.route('/manage_users', methods=['GET', 'POST'])
+@login_required
+def manage_users():
+    if request.method == 'POST':
+        pass
+    else:
+        if g.user.role < 2:
+            flash("You don't have the proper clearance to see this webpage.")
+            return render_template('me.html',
+                title="Me")
+        return render_template('manage_users.html',
+            users = User.query.all(),
+            title="Manage Users")
+
+
 @app.route('/termsconditions')
 def terms_and_conditions():
     return render_template('termsconditions.html',
