# LibreVax is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
# You should have received a copy of the GNU General Public License along with LibreVax. If not, see <https://www.gnu.org/licenses/>.
-from flask import Flask, render_template, request, session, redirect, g
+from flask import Flask, render_template, request, session, redirect, send_file, g
from urllib.parse import urlencode
from datetime import datetime
import json, sqlite3
@app.route("/")
def index():
try:
- if((ret:=problem())!="go"):
- return ret
cursor=get_db().cursor()
(ok, mc)=multicenter.read(cursor, session["mid"])
if(not ok):
if(not ok):
raise exception(pat)
return render_template("index.html", center=mc, patient=pat)
+ except KeyError as e:
+ return redirect("/login")
except Exception as e:
raise(e)
return render_template("error.html", data=e)
@app.get("/admin")
def admin(msg=None):
+ if((ret:=problem())!="go"):
+ return ret
cursor=get_db().cursor()
(ok, mc)=multicenter.list(cursor)
if(not ok):
@app.post("/newuser")
def newuser():
+ if((ret:=problem())!="go"):
+ return ret
try:
cursor=get_db().cursor()
if(auth.new(cursor, request.form["user"], request.form["pwd"], request.form["auth"])):
@app.post("/changepass")
def changepass():
+ if((ret:=problem())!="go"):
+ return ret
try:
cursor=get_db().cursor()
if("user" in request.form.keys()):
- if(auth.change(cursor, request.form["user"], request.form["new"])):
+ if(auth.changePass(cursor, request.form["user"], request.form["new"])):
return admin(msg="Password changed")
else:
return admin(msg="Incorrect Password")
elif(request.form["new"]==request.form["check"]):
user=request.form.get("user", session["user"])
- if(auth.change(cursor, user, request.form["new"], request.form["old"])):
+ if(auth.changePass(cursor, user, request.form["new"], request.form["old"])):
return admin(msg="Password changed")
else:
return admin(msg="Incorrect Password")
@app.post("/changeauth")
def changeauth():
+ if((ret:=problem())!="go"):
+ return ret
try:
cursor=get_db().cursor()
if(g.auth==auth.auth.ALL and "user" in request.form.keys() and "auth" in request.form.keys()):
@app.post("/deluser")
def deluser():
+ if((ret:=problem())!="go"):
+ return ret
try:
cursor=get_db().cursor()
if("user" in request.form.keys()):
raise(e)
return render_template("error.html", data=e)
+@app.get("/dump")
+def dump(msg=None):
+ if((ret:=problem())!="go"):
+ return ret
+ try:
+ if(g.user!="admin"):
+ raise PermissionError
+ return send_file("data/database.db", as_attachment=True, download_name="backup-"+str(datetime.now())+".db")
+ except PermissionError as e:
+ return render_template("error.html", data="Access Denied")
+ except Exception as e:
+ raise(e)
+ return render_template("error.html", data=e)
+
def get_db():
db=getattr(g, "_database", None)
if db is None:
if(auth.access()==auth.auth.ALL):
return "go"
else:
- return redirect("/login")
+ return render_template("error.html", data="Access denied")
@app.template_filter("format_date")
def format_date(date):