placewise/app.py at main · PixelCode01/placewise · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
import os
from flask import Flask, redirect, url_for, flash, g, abort, send_from_directory
from flask_login import LoginManager, login_required, current_user
from database import init_db, get_db

app = Flask(__name__)
app.config['SECRET_KEY'] = os.environ.get('SECRET_KEY', 'placewisekey')
app.config['UPLOAD_FOLDER'] = os.path.join(os.path.dirname(__file__), 'static', 'uploads')
app.config['MAX_CONTENT_LENGTH'] = 5 * 1024 * 1024  # 5mb

# create upload folder if not there
os.makedirs(app.config['UPLOAD_FOLDER'], exist_ok=True)

login_manager = LoginManager()
login_manager.init_app(app)
login_manager.login_view = 'auth.login'
login_manager.login_message = 'Please log in to access this page.'
login_manager.login_message_category = 'warning'


# user object for flask-login session
class User:
    def __init__(self, id, username, role, is_active=True):
        self.id = id
        self.username = username
        self.role = role
        self._is_active = is_active

    def is_authenticated(self):
        return True

    def is_active(self):
        return self._is_active

    def is_anonymous(self):
        return False

    def get_id(self):
        return str(self.id) + ':' + self.role


@login_manager.user_loader
def load_user(user_id):
    parts = user_id.split(':')
    if len(parts) != 2:
        return None
    uid, role = int(parts[0]), parts[1]
    db = get_db()

    if role == 'admin':
        row = db.execute('SELECT id, username, is_active FROM admin WHERE id = ?', (uid,)).fetchone()
        if row:
            return User(row['id'], row['username'], 'admin', bool(row['is_active']))
    elif role == 'company':
        row = db.execute('SELECT id, company_name, is_active FROM company WHERE id = ?', (uid,)).fetchone()
        if row:
            return User(row['id'], row['company_name'], 'company', bool(row['is_active']))
    elif role == 'student':
        row = db.execute('SELECT id, name, is_active FROM student WHERE id = ?', (uid,)).fetchone()
        if row:
            return User(row['id'], row['name'], 'student', bool(row['is_active']))

    return None


@login_manager.unauthorized_handler
def unauthorized():
    flash('You need to log in first.', 'warning')
    return redirect(url_for('auth.login'))


from routes.auth import auth_bp
from routes.admin import admin_bp
from routes.company import company_bp
from routes.student import student_bp

app.register_blueprint(auth_bp)
app.register_blueprint(admin_bp, url_prefix='/admin')
app.register_blueprint(company_bp, url_prefix='/company')
app.register_blueprint(student_bp, url_prefix='/student')


@app.route('/')
def index():
    return redirect(url_for('auth.login'))

@app.route('/uploads/<filename>')
@login_required
def uploaded_file(filename):
    db = get_db()

    if current_user.role == 'admin':
        row = db.execute('SELECT 1 FROM student WHERE resume_path = ?', (filename,)).fetchone()
        if row:
            return send_from_directory(app.config['UPLOAD_FOLDER'], filename)
        abort(404)

    if current_user.role == 'student':
        row = db.execute(
            'SELECT 1 FROM student WHERE id = ? AND resume_path = ?',
            (current_user.id, filename)
        ).fetchone()
        if row:
            return send_from_directory(app.config['UPLOAD_FOLDER'], filename)
        abort(403)

    if current_user.role == 'company':
        row = db.execute(
            '''
            SELECT 1
            FROM application a
            JOIN student s ON s.id = a.student_id
            JOIN placement_drive pd ON pd.id = a.drive_id
            WHERE pd.company_id = ? AND s.resume_path = ?
            LIMIT 1
            ''',
            (current_user.id, filename)
        ).fetchone()
        if row:
            return send_from_directory(app.config['UPLOAD_FOLDER'], filename)
        abort(403)

    abort(403)

@app.route('/favicon.ico')
def favicon():
    import urllib.parse
    return app.response_class(b"", content_type="image/x-icon")


@app.teardown_appcontext
def close_connection(exception):
    db = g.pop('db', None)
    if db is not None:
        db.close()


if __name__ == '__main__':
    with app.app_context():
        init_db()
    app.run(debug=os.environ.get('FLASK_DEBUG') == '1', port=5000)