With unregistered user (fixes #1 )

app/forms.py

@@ -1,7 +1,8 @@
 from datetime import datetime, timedelta
+from flask import session
 from flask.ext.login import current_user
 from flask_wtf import Form
-from wtforms import SelectField, DateTimeField, validators, SubmitField, HiddenField
+from wtforms import SelectField, DateTimeField, validators, SubmitField, StringField
 from models import User, Location
 from utils import euro
 
@@ -33,3 +34,24 @@ class OrderItemForm(Form):
 
     def populate(self, location):
         self.product_id.choices = [(i.id, (i.name + ": " + euro(i.price))) for i in location.products]
+
+
+class AnonOrderItemForm(OrderItemForm):
+    name = StringField('Name', validators=[validators.required()])
+
+    def populate(self, location):
+        OrderItemForm.populate(self, location)
+        if self.name.data is None:
+            self.name.data = session.get('anon_name', None)
+
+    def validate(self):
+        rv = OrderForm.validate(self)
+        if not rv:
+            return False
+
+        # check if we have a user with this name
+        user = User.query.filter_by(username=self.name.data).first()
+        if user is not None:
+            self.name.errors.append('Name already in use')
+            return False
+        return True

app/models.py

@@ -80,6 +80,7 @@ class Order(db.Model):
     location_id = db.Column(db.Integer, db.ForeignKey('location.id'))
     starttime = db.Column(db.DateTime)
     stoptime = db.Column(db.DateTime)
+    public = db.Column(db.Boolean, default=True)
     items = db.relationship('OrderItem', backref='order', lazy='dynamic')
 
     def configure(self, courrier, location, starttime, stoptime):
@@ -94,13 +95,13 @@ class Order(db.Model):
     def group_by_user(self):
         group = defaultdict(list)
         for item in self.items:
-            group[item.user_id] += [item.product]
+            group[item.get_name()] += [item.product]
         return group
 
     def group_by_user_pay(self):
         group = defaultdict(int)
         for item in self.items:
-            group[item.user] += item.product.price
+            group[item.get_name()] += item.product.price
         return group
 
 class OrderItem(db.Model):
@@ -108,20 +109,26 @@ class OrderItem(db.Model):
     user_id = db.Column(db.Integer, db.ForeignKey('user.id'))
     order_id = db.Column(db.Integer, db.ForeignKey('order.id'))
     product_id = db.Column(db.Integer, db.ForeignKey('product.id'))
+    name = db.Column(db.String(120))
 
     def configure(self, user, order, product):
         self.user = user
         self.order = order
         self.product = product
 
-    def __repr__(self):
+    def get_name(self):
-        return 'OrderItem'
+        if self.user_id is not None and self.user_id > 0:
+            return self.user.username
+        return self.name
 
-    def can_delete(self, order_id, user_id):
+    def __repr__(self):
-        if self.user_id != user_id:
+        return 'Order %d: %s wants %s' % (self.order_id, self.get_name(), self.product.name)
-            return False
+
+    def can_delete(self, order_id, user_id, name):
         if int(self.order_id) != int(order_id):
             return False
         if self.order.stoptime and self.order.stoptime < datetime.now():
             return False
+        if self.user_id == user_id or self.name == name:
             return True
+        return False

app/templates/home.html

@@ -5,4 +5,14 @@
     <h2>Welcome to FoodBot</h2>
     <h3>This is the home page for FoodBot</h3>
   </div>
+  <div class="row">
+    <div class="col-md-4">
+        <h3>Open orders:</h3>
+        <ul>
+            {% for order in orders %}
+                <li><a href="{{ url_for('order_bp.order', id=order.id) }}">{{ order.location.name }}-{{ order.stoptime }}</a></li>
+            {% endfor %}
+        </ul>
+    </div>
+  </div>
 {% endblock %}

app/templates/home_loggedin.html

@@ -1,14 +0,0 @@
-{% extends "home.html" %}
-{% block container %}
-{{ super() }}
-<div class="row">
-    <div class="col-md-4">
-        <h3>Open orders:</h3>
-    <ul>
-        {% for order in orders %}
-            <li><a href="{{ url_for('order_bp.order', id=order.id) }}">{{ order.location.name }}-{{ order.stoptime }}</a></li>
-        {% endfor %}
-    </ul>
-    </div>
-</div>
-{% endblock %}

app/templates/order.html

@@ -10,7 +10,7 @@
             <a class="btn btn-danger" href="{{ url_for('.close_order', id=order.id) }}">Close</a><br/>
         {%- endif %}</h3>
         Courrier: {{ order.courrier.username }}
-        {% if order.courrier == None %}
+        {% if order.courrier == None and not current_user.is_anonymous() %}
             <a href="{{ url_for('.volunteer', id=order.id) }}" class="btn btn-primary">Volunteer</a>
         {% endif %}
         <br/>
@@ -20,12 +20,12 @@
         Total price: {{ total_price|euro }}
         <h3>Orders</h3>
         {% for item in order.items %}
-            {{ item.user.username }} - {{ item.product.name }} - {{ item.product.price|euro }}
+            {{ item.get_name() }} - {{ item.product.name }} - {{ item.product.price|euro }}
-            {% if item.can_delete(order.id, current_user.id) -%}<a href="{{ url_for('.delete_item', order_id=order.id, item_id=item.id) }}"><span class="glyphicon glyphicon-remove"></span></a>{%- endif %}<br/>
+            {% if item.can_delete(order.id, current_user.id, session.get('anon_name', '')) -%}<a href="{{ url_for('.delete_item', order_id=order.id, item_id=item.id) }}"><span class="glyphicon glyphicon-remove"></span></a>{%- endif %}<br/>
         {% endfor %}
         <h3>Debts</h3>
         {% for key, value in total_payments.items() %}
-            {{ key.username }} - {{ value|euro }}<br/>
+            {{ key }} - {{ value|euro }}<br/>
         {% endfor %}
     </div>
     <div class="col-md-push-1 col-md-4">

app/templates/orders.html

@@ -12,9 +12,11 @@
                 {% endfor %}
             </ul>
         </div>
+    {% if not current_user.is_anonymous() %}
         <div class="col-md-push-1 col-md-6">
                 {{ wtf.quick_form(form, action=url_for('.order_create'), button_map={'submit_button': 'primary'}, form_type='horizontal') }}
         </div>
+    {% endif %}
         </div>
     </div>
 {% endblock %}

app/utils.py

@@ -1,6 +1,8 @@
 from flask import render_template
 
 from app import app
+from login import login_manager
+
 __author__ = 'feliciaan'
 
 @app.template_filter('euro')
@@ -15,3 +17,21 @@ def handle404(e):
 @app.errorhandler(401)
 def handle401(e):
     return render_template('errors/401.html'), 401
+
+class AnonymouseUser:
+    def is_active(self):
+        return False
+
+    def is_authenticated(self):
+        return False
+
+    def is_anonymous(self):
+        return True
+
+    def is_admin(self):
+        return False
+
+    def get_id(self):
+        return None
+
+login_manager.anonymous_user = AnonymouseUser

app/views/__init__.py

@@ -12,10 +12,7 @@ import views.order
 
 @app.route('/')
 def home():
-   if not current_user.is_anonymous():
+    return render_template('home.html', orders=views.order.get_orders())
-        orders = Order.query.filter((Order.stoptime > datetime.now()) | (Order.stoptime == None)).all()
-        return render_template('home_loggedin.html', orders=orders)
-   return render_template('home.html')
 
 
 @app.route('/about/')

app/views/order.py

@@ -1,22 +1,22 @@
 __author__ = 'feliciaan'
-from flask import url_for, render_template, abort, redirect, Blueprint, flash
+from flask import url_for, render_template, abort, redirect, Blueprint, flash, session
 from flask.ext.login import current_user, login_required
 import random
 from datetime import datetime
 
 from app import app, db
 from models import Order, OrderItem
-from forms import OrderItemForm, OrderForm
+from forms import OrderItemForm, OrderForm, AnonOrderItemForm
 
 order_bp = Blueprint('order_bp', 'order')
 
 @order_bp.route('/')
-@login_required
 def orders():
-    orders = Order.query.filter((Order.stoptime > datetime.now()) | (Order.stoptime == None)).all()
+    orderForm = None
+    if not current_user.is_anonymous():
         orderForm = OrderForm()
         orderForm.populate()
-    return render_template('orders.html', orders=orders, form=orderForm)
+    return render_template('orders.html', orders=get_orders(), form=orderForm)
 
 
 @order_bp.route('/create', methods=['GET', 'POST'])
@@ -35,41 +35,52 @@ def order_create():
 
 
 @order_bp.route('/<id>')
-@login_required
 def order(id):
     order = Order.query.filter(Order.id == id).first()
-    if order is not None:
+    if order is None:
+        abort(404)
+    form = None
+    if not current_user.is_anonymous():
         form = OrderItemForm()
+    else:
+        form = AnonOrderItemForm()
     form.populate(order.location)
     total_price = sum([o.product.price for o in order.items])
     total_payments = order.group_by_user_pay()
     return render_template('order.html', order=order, form=form, total_price=total_price, total_payments=total_payments)
-    return abort(404)
 
 
 @order_bp.route('/<id>/create', methods=['GET', 'POST'])
-@login_required
 def order_item_create(id):
     order = Order.query.filter(Order.id == id).first()
-    if order is not None:
+    if order is None:
+        abort(404)
+    form = None
+    if not current_user.is_anonymous():
         form = OrderItemForm()
+    else:
+        form = AnonOrderItemForm()
     form.populate(order.location)
     if form.validate_on_submit():
         item = OrderItem()
         form.populate_obj(item)
         item.order_id = id
+        if not current_user.is_anonymous():
             item.user_id = current_user.id
+        else:
+            session['anon_name'] = item.name
         db.session.add(item)
         db.session.commit()
         return redirect(url_for('.order', id=id))
     return render_template('order_form.html', form=form, url=url_for(".order_item_create", id=id))
-    return abort(404)
 
 @order_bp.route('/<order_id>/<item_id>/delete')
-@login_required
 def delete_item(order_id, item_id):
     item = OrderItem.query.filter(OrderItem.id == item_id).first()
-    if item.can_delete(order_id, current_user.id):
+    id = None
+    if not current_user.is_anonymous():
+        id = current_user.id
+    if item.can_delete(order_id, id, session.get('anon_name', '')):
         db.session.delete(item)
         db.session.commit()
         return redirect(url_for('.order', id=order_id))
@@ -80,23 +91,23 @@ def delete_item(order_id, item_id):
 @login_required
 def volunteer(id):
     order = Order.query.filter(Order.id == id).first()
-    if order is not None:
+    if order is None:
-        print(order.courrier_id)
+        abort(404)
-        if order.courrier_id == 0:
+    if order.courrier_id is None or order.courrier_id == 0:
         order.courrier_id = current_user.id
         db.session.commit()
         flash("Thank you for volunteering!")
     else:
         flash("Volunteering not possible!")
     return redirect(url_for('.order', id=id))
-    abort(404)
 
 
 @order_bp.route('/<id>/close')
 @login_required
 def close_order(id):
     order = Order.query.filter(Order.id == id).first()
-    if order is not None:
+    if order is None:
+        abort(401)
     if (current_user.id == order.courrier_id or current_user.is_admin()) \
             and order.stoptime is None or (order.stoptime > datetime.now()):
         order.stoptime = datetime.now()
@@ -106,7 +117,6 @@ def close_order(id):
                 order.courrier_id = courrier.id
         db.session.commit()
         return redirect(url_for('.order', id=id))
-    abort(401)
 
 app.register_blueprint(order_bp, url_prefix='/order')
 
@@ -120,7 +130,16 @@ def select_user(items):
     while user is None:
         item = random.choice(items)
         user = item.user
+        if user:
             if random.randint(user.bias, 100) < 80:
                 user = None
 
     return user
+
+def get_orders():
+    orders = []
+    if not current_user.is_anonymous():
+        orders = Order.query.filter((Order.stoptime > datetime.now()) | (Order.stoptime == None)).all()
+    else:
+        orders = Order.query.filter(((Order.stoptime > datetime.now()) | (Order.stoptime == None) & (Order.public == True))).all()
+    return orders