diff --git a/server.py b/server.py index be77537..50f2346 100644 --- a/server.py +++ b/server.py @@ -202,7 +202,7 @@ def page_home(): se non sei loggato reindirizza alla pagina del login, se sei loggato effettua il logout e dopo reindirizza al login""" if 'username' not in session: - return abort(403) + return redirect(url_for('page_login')) else: return redirect(url_for('page_dashboard')) @@ -245,7 +245,7 @@ def page_dashboard(): conteggioutenti = dict() for ente in enti: conteggioutenti[ente.nomeente] = Impiegato.query.join(Servizio).join(Ente).filter_by(eid=ente.eid).count() - return render_template("dashboard.htm", pagetype="main", user=session["username"], + return render_template("dashboard.htm", pagetype="main", user=session.get("username"), conteggioutenti=conteggioutenti, conteggioservizi=conteggioservizi, goldfish=goldfish) @@ -258,7 +258,7 @@ def page_ente_add(): if 'username' not in session: return abort(403) if request.method == 'GET': - return render_template("ente/add.htm", pagetype="ente", user=session["username"]) + return render_template("ente/add.htm", pagetype="ente", user=session.get("username")) else: nuovoent = Ente(request.form['nomeente'], request.form['nomebreveente']) db.session.add(nuovoent) @@ -290,7 +290,7 @@ def page_ente_list(): if 'username' not in session: return abort(403) enti = Ente.query.all() - return render_template("ente/list.htm", enti=enti, pagetype="ente", user=session["username"]) + return render_template("ente/list.htm", enti=enti, pagetype="ente", user=session.get("username")) @app.route('/ente_show/', methods=['GET', 'POST']) @@ -299,7 +299,7 @@ def page_ente_show(eid): return abort(403) if request.method == "GET": ente = Ente.query.get_or_404(eid) - return render_template("ente/show.htm", ente=ente, user=session["username"]) + return render_template("ente/show.htm", ente=ente, user=session.get("username")) else: ente = Ente.query.get_or_404(eid) ente.nomeente = request.form["nomeente"] @@ -318,7 +318,7 @@ def page_serv_add(): return abort(403) if request.method == 'GET': enti = Ente.query.all() - return render_template("servizio/add.htm", enti=enti, pagetype="serv", user=session["username"]) + return render_template("servizio/add.htm", enti=enti, pagetype="serv", user=session.get("username")) else: nuovoserv = Servizio(request.form['eid'], request.form['nomeservizio'], request.form['locazione']) db.session.add(nuovoserv) @@ -347,7 +347,7 @@ def page_serv_list(): if 'username' not in session: return abort(403) serv = Servizio.query.join(Ente).all() - return render_template("servizio/list.htm", serv=serv, pagetype="serv", user=session["username"]) + return render_template("servizio/list.htm", serv=serv, pagetype="serv", user=session.get("username")) @app.route('/serv_list/') @@ -356,7 +356,7 @@ def page_serv_list_plus(eid): if 'username' not in session: return abort(403) serv = Servizio.query.join(Ente).filter_by(eid=eid).all() - return render_template("servizio/list.htm", serv=serv, pagetype="serv", user=session["username"]) + return render_template("servizio/list.htm", serv=serv, pagetype="serv", user=session.get("username")) @app.route('/serv_show/', methods=['GET', 'POST']) @@ -366,7 +366,7 @@ def page_serv_show(sid): if request.method == "GET": serv = Servizio.query.get_or_404(sid) enti = Ente.query.all() - return render_template("servizio/show.htm", serv=serv, enti=enti, user=session["username"]) + return render_template("servizio/show.htm", serv=serv, enti=enti, user=session.get("username")) else: serv = Servizio.query.get_or_404(sid) serv.eid = request.form["eid"] @@ -386,7 +386,7 @@ def page_imp_add(): return abort(403) if request.method == 'GET': servizi = Servizio.query.join(Ente).all() - return render_template("impiegato/add.htm", servizi=servizi, pagetype="imp", user=session["username"]) + return render_template("impiegato/add.htm", servizi=servizi, pagetype="imp", user=session.get("username")) else: nuovoimp = Impiegato(request.form['sid'], request.form['nomeimpiegato'], request.form['username'], request.form['passwd'],) @@ -411,7 +411,7 @@ def page_imp_list(): if 'username' not in session: return abort(403) impiegati = Impiegato.query.join(Servizio).join(Ente).all() - return render_template("impiegato/list.htm", impiegati=impiegati, pagetype="imp", user=session["username"]) + return render_template("impiegato/list.htm", impiegati=impiegati, pagetype="imp", user=session.get("username")) @app.route('/imp_list/') @@ -420,7 +420,7 @@ def page_imp_list_plus(sid): if 'username' not in session: return abort(403) impiegati = Impiegato.query.join(Servizio).filter_by(sid=sid).join(Ente).all() - return render_template("impiegato/list.htm", impiegati=impiegati, user=session["username"]) + return render_template("impiegato/list.htm", impiegati=impiegati, user=session.get("username")) @app.route('/imp_show/', methods=['GET', 'POST']) @@ -432,7 +432,7 @@ def page_imp_show(iid): if request.method == "GET": imp = Impiegato.query.get_or_404(iid) servizi = Servizio.query.all() - return render_template("impiegato/show.htm", imp=imp, servizi=servizi, user=session["username"]) + return render_template("impiegato/show.htm", imp=imp, servizi=servizi, user=session.get("username")) else: imp = Impiegato.query.get_or_404(iid) imp.sid = request.form["sid"] @@ -458,7 +458,7 @@ def page_disp_add(): reti = Rete.query.all() impiegati = Impiegato.query.all() return render_template("dispositivo/add.htm", impiegati=impiegati, opzioni=opzioni, reti=reti, - pagetype="dev", user=session["username"], serial=serial) + pagetype="dev", user=session.get("username"), serial=serial) else: if request.form["inv_ced"]: try: @@ -519,7 +519,7 @@ def page_disp_list(): accessi.append([FakeAccesso(dispositivo)]) else: accessi.append(accesso) - return render_template("dispositivo/list.htm", accessi=accessi, pagetype="disp", user=session["username"]) + return render_template("dispositivo/list.htm", accessi=accessi, pagetype="disp", user=session.get("username")) @app.route('/disp_details/') @@ -530,7 +530,7 @@ def page_disp_details(did): disp = Dispositivo.query.filter_by(did=did).first_or_404() accessi = Accesso.query.filter_by(did=did).all() return render_template("dispositivo/details.htm", disp=disp, accessi=accessi, pagetype="disp", - user=session["username"]) + user=session.get("username")) @app.route('/disp_show/', methods=['GET', 'POST']) @@ -545,7 +545,7 @@ def page_disp_show(did): "Server", "Stampante di rete", "Switch", "Telefono IP", "Monitor", "Scanner", "Stampante locale"] reti = Rete.query.all() return render_template("dispositivo/show.htm", dispositivo=disp, accessi=accessi, impiegati=impiegati, - pagetype="disp", user=session["username"], opzioni=opzioni, reti=reti) + pagetype="disp", user=session.get("username"), opzioni=opzioni, reti=reti) else: if request.form["inv_ced"]: try: @@ -594,7 +594,7 @@ def page_net_add(): if 'username' not in session: return abort(403) if request.method == 'GET': - return render_template("net/add.htm", pagetype="net", user=session["username"]) + return render_template("net/add.htm", pagetype="net", user=session.get("username")) else: try: int(request.form["subnet"]) @@ -631,7 +631,7 @@ def page_net_list(): if 'username' not in session: return abort(403) reti = Rete.query.all() - return render_template("net/list.htm", reti=reti, pagetype="net", user=session["username"]) + return render_template("net/list.htm", reti=reti, pagetype="net", user=session.get("username")) @app.route('/net_details/') @@ -642,7 +642,7 @@ def page_net_details(nid): dispositivi = Dispositivo.query.join(Rete).filter_by(nid=nid).all() subnet = subnet_to_string(net.subnet) return render_template("net/details.htm", net=net, subnet=subnet, dispositivi=dispositivi, pagetype="net", - user=session["username"]) + user=session.get("username")) @app.route('/net_show/', methods=['GET', 'POST']) @@ -651,7 +651,7 @@ def page_net_show(nid): return abort(403) if request.method == 'GET': net = Rete.query.filter_by(nid=nid).first_or_404() - return render_template("net/show.htm", net=net, pagetype="net", user=session["username"]) + return render_template("net/show.htm", net=net, pagetype="net", user=session.get("username")) else: net = Rete.query.filter_by(nid=nid).first_or_404() net.nome = request.form['nome'] @@ -670,7 +670,7 @@ def page_user_list(): if 'username' not in session: return abort(403) utenti = User.query.all() - return render_template("user/list.htm", utenti=utenti, pagetype="user", user=session["username"]) + return render_template("user/list.htm", utenti=utenti, pagetype="user", user=session.get("username")) @app.route('/user_del/') @@ -699,7 +699,7 @@ def page_user_add(): if 'username' not in session: return abort(403) if request.method == 'GET': - return render_template("user/add.htm", pagetype="user", user=session["username"]) + return render_template("user/add.htm", pagetype="user", user=session.get("username")) else: p = bytes(request.form["passwd"], encoding="utf-8") cenere = bcrypt.hashpw(p, bcrypt.gensalt()) @@ -717,14 +717,14 @@ def page_query(): if 'username' not in session: return abort(403) if request.method == 'GET': - return render_template("query.htm", user=session["username"], pagetype="query") + return render_template("query.htm", user=session.get("username"), pagetype="query") else: try: result = db.engine.execute("SELECT" + request.form["query"] + ";") except Exception as e: - return render_template("query.htm", query=request.form["query"], error=repr(e), user=session["username"], + return render_template("query.htm", query=request.form["query"], error=repr(e), user=session.get("username"), pagetype="query") - return render_template("query.htm", query=request.form["query"], result=result, user=session["username"], + return render_template("query.htm", query=request.form["query"], result=result, user=session.get("username"), pagetype="query") @@ -733,7 +733,7 @@ def page_smecds(): """Pagina che visualizza i credits del sito""" if 'username' not in session: return abort(403) - return render_template("smecds.htm", pagetype="main", user=session["username"]) + return render_template("smecds.htm", pagetype="main", user=session.get("username")) @app.route('/pheesh') @@ -768,22 +768,22 @@ def page_pheesh(): for obj in utenti: random.seed(hash(obj.username)) pesci.append(Pesce(obj.username, 1.5, 0.1, f"/user_list")) - return render_template("pheesh.htm", user=session["username"], pheesh=pesci, footer=False) + return render_template("pheesh.htm", user=session.get("username"), pheesh=pesci, footer=False) @app.errorhandler(403) def page_403(_): - return render_template('403.htm', user=session["username"]) + return render_template('403.htm', user=session.get("username")) @app.errorhandler(404) def page_404(_): - return render_template('404.htm', user=session["username"]) + return render_template('404.htm', user=session.get("username")) @app.errorhandler(500) def page_500(e): - return render_template('500.htm', e=e, user=session["username"]) + return render_template('500.htm', e=e, user=session.get("username")) if __name__ == "__main__":