da
/
website


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180
							
"""
Authentication module
"""

import hashlib
import hmac

from datetime import datetime
from flask_login import login_required, current_user
from flask_menu import Menu, register_menu
from flask import render_template, request, flash, Blueprint, redirect, url_for
from app.models import User, Page, Ballot, Priority, Question, Option, Vote, Code
from app import db


BLUEPRINT = Blueprint(
    'vote',
    __name__,
    template_folder='templates'
)

@register_menu(BLUEPRINT, 'vote', 'Vote')
@login_required
@BLUEPRINT.route("/")
def main():
    """Ballots overview"""
    ballots = Ballot.query.all()

    return render_template(
        'main.j2',
        ballots=ballots,
    )


@login_required
@BLUEPRINT.route("/codes")
def codes():
    """codes overview"""
    code = Code.query.order_by(Code.expire_date.desc()).first()
    users = User.query.all()

    return render_template(
        'vote/codes.j2',
        users=users,
        code=code,
    )


@BLUEPRINT.route('/create', methods=["GET", "POST"])
@login_required
def create():
    """Creating ballot"""
    if request.method == 'POST':
        ballot = Ballot()
        print(request.form)
        ballot.name = request.form['name']
        ballot.description = request.form['description']
        ballot.user_id = current_user.id

        start_at = "%s %s" % (request.form['start_at_date'], request.form['start_at_time'])
        ballot.start_at = datetime.strptime(start_at, "%Y-%m-%d %H:%M")
        end_at = "%s %s" % (request.form['end_at_date'], request.form['end_at_time'])
        ballot.end_at = datetime.strptime(end_at, "%Y-%m-%d %H:%M")

        db.session.add(ballot)
        db.session.commit()

        flash('Page "%s" successfully created' % ballot.name, 'success')
        return redirect(url_for('vote.view', ballot_id=ballot.id))

    priorities = Priority.query.all()

    return render_template(
        'vote/create.j2',
        priorities=priorities
    )


@BLUEPRINT.route('/<int:ballot_id>', methods=["GET", "POST"])
@login_required
def view(ballot_id):
    """View ballot"""
    ballot = Ballot.query.get(ballot_id)
    if request.method == 'POST':
        option = Option()
        option.question_id = request.form['question_id']
        option.name = request.form['name']

        db.session.add(option)
        db.session.commit()

    return render_template(
        'vote/view.j2',
        ballot=ballot,
    )


@BLUEPRINT.route('/<int:ballot_id>/add_question', methods=["GET", "POST"])
@login_required
def add_question(ballot_id):
    """Add question to ballot"""
    ballot = Ballot.query.get(ballot_id)
    if request.method == 'POST':
        question = Question()
        question.ballot_id = ballot.id
        question.name = request.form['name']
        question.description = request.form['description']
        question.combined_approval_voting = 'combined_approval_voting' in request.form

        db.session.add(question)
        db.session.commit()

        if question.combined_approval_voting:
            options = ['Voor', 'Tegen', 'Onthouden']
            for option_name in options:
                option = Option()
                option.question_id = question.id
                option.name = option_name

                db.session.add(option)

            db.session.commit()
        return redirect(url_for('vote.view', ballot_id=ballot.id))

    return render_template(
        'vote/add_question.j2',
        ballot=ballot,
    )


@BLUEPRINT.route('/public/')
def public_index():
    """View list of votes"""
    ballots = Ballot.query.all()

    return render_template(
        'vote/public/index.j2',
        ballots=ballots,
    )


@BLUEPRINT.route('/public/<int:ballot_id>', methods=["GET", "POST"])
def public_view(ballot_id):
    """Vote and view results of ballot"""
    ballot = Ballot.query.get(ballot_id)

    if request.method == 'POST':
        security_code = request.form['security_code']
        code = Code.query.order_by(Code.expire_date.desc()).first()
        user_id = None
        for user in User.query.all():
            if security_code == code.get_digest(user.id):
                user_id = user.id

        if user_id is not None:
            for question_id, option_id in request.form.items():
                if question_id == 'security_code':
                    continue
                question = Question.query.get(question_id)
                if question.has_voten(user_id):
                    flash('Je hebt al gestemd.', 'warning')
                    return redirect(url_for('vote.view', ballot_id=ballot.id))

                option = question.options.filter(Option.id == option_id).first()

                vote = Vote()
                vote.option_id = option.id
                vote.user_id = user_id
                db.session.add(vote)

            db.session.commit()
            flash('Succesvol gestemd.', 'success')
        else:
            flash('Fout in veiligheids code.', 'warning')

    return render_template(
        'vote/public/view.j2',
        ballot=ballot,
    )