Skip to content

Commit

Permalink
added redirects to login page if user tries to view invitations or hi…
Browse files Browse the repository at this point in the history 
…story
  • Loading branch information
@tinabeans
tinabeans committed Mar 28, 2012
1 parent 9e11cd2 commit 96170da
Showing 1 changed file with 22 additions and 1 deletion.
23 changes: 22 additions & 1 deletion index.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -726,6 +726,10 @@ def grabInvitationInfo(invitation):

@app.route('/invitations/')
def showInvitations():

if 'userId' not in flask.session:
flask.flash('Log in to view invitations.')
return flask.redirect('login?' + urllib.urlencode({'redirectURL' : '/invitations/'}))

# grab all the sent invitations
invitationsSent = list(db.invitations.find({'hostId' : flask.session['userId']}))
Expand All @@ -746,6 +750,12 @@ def showInvitations():

@app.route('/invitations/<id>')
def showInvitation(id):

if 'userId' not in flask.session:
flask.flash('Log in to view invitations.')
return flask.redirect('login?' + urllib.urlencode({'redirectURL' : '/invitations/' + id}))

# TODO: check if this invite belongs to the person who's logged in

invitation = db.invitations.find_one({'_id' : ObjectId(id)})

Expand Down Expand Up @@ -1106,6 +1116,10 @@ def doStuffWithStuffFromTornado():

@app.route('/history/')
def showHistory():

if 'userId' not in flask.session:
flask.flash('Log in to view history.')
return flask.redirect('login?' + urllib.urlencode({'redirectURL' : '/history/'}))

# need to find all invitations where hostId or one of the inviteeIds matches the current logged-in user
allHotpots = list(db.invitations.find({'hostId' : flask.session['userId'], 'itsHappening' : True})) + list(db.invitations.find({'inviteeIds' : flask.session['userId'], 'itsHappening' : True}))
Expand All @@ -1117,13 +1131,20 @@ def showHistory():
if hotpot['datetime'] < time.time():
pastHotpot = grabInvitationInfo(hotpot)
pastHotpots.append(pastHotpot)


# just send the ones from the past to the template
return render_template('history.html', hotpots=pastHotpots)


@app.route('/history/<id>')
def showSingleHistory(id):

if 'userId' not in flask.session:
flask.flash('Log in to view history.')
return flask.redirect('login?' + urllib.urlencode({'redirectURL' : '/history/' + id}))

# TODO: check if this history belongs to the person who's logged in

hotpot = grabInvitationInfo(db.invitations.find_one({'_id' : ObjectId(id)}))

# grab meal info
Expand Down

0 comments on commit 96170da

Please sign in to comment.