説明なし

adminadmin.py 3.2KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111
  1. # from sqlalchemy import metadata
  2. import sqlalchemy as db
  3. #########################
  4. # stack overflow:
  5. # Python sanitizing html from a string
  6. def escape(htmlstring):
  7. escapes = {'\"': '"',
  8. '\'': ''',
  9. '<': '&lt;',
  10. '>': '&gt;'}
  11. # This is done first to prevent escaping other escapes.
  12. htmlstring = htmlstring.replace('&', '&amp;')
  13. for seq, esc in escapes.iteritems():
  14. htmlstring = htmlstring.replace(seq, esc)
  15. return htmlstring
  16. #########################
  17. # connect to server
  18. engine = db.create_engine('mysql+pymysql://root:@0.0.0.0/registro_escolar_1')
  19. connection = engine.connect()
  20. # estudiantes = db.Table('estudiantes', metadata, autoload=True, autoload_with=engine)
  21. # usuarios = db.Table('usuarios', metadata, autoload=True, autoload_with=engine)
  22. def admin():
  23. query = 'SELECT u.id, u.nombres, u.apellidos, u.email FROM usuarios u,administracion a WHERE u.id = a.user_id'
  24. result_db = connection.execute(query).fetchall()
  25. ###### headers
  26. headers = '['
  27. headers += '{"nombre":"Nombre"}'
  28. headers += ','
  29. headers += '{"nombre":"Posicion"}'
  30. headers += ','
  31. headers += '{"nombre":"Email"}'
  32. headers += ','
  33. headers += '{"nombre":"Informacion"}'
  34. headers += ','
  35. headers += '{"nombre":"Editar"}'
  36. headers += ']'
  37. ###### tabla
  38. modal_content = '['
  39. tabla = '['
  40. i = 0
  41. len_result = len(result_db)
  42. for q in result_db:
  43. i = i+1
  44. tabla += '{'
  45. modal_content += '{'
  46. tabla += '"Nombre":"'+escape(q[1])+' '+escape(q[2])+'"'
  47. modal_content += '"Nombre":"'+escape(q[1])+' '+escape(q[2])+'"'
  48. tabla += ','
  49. modal_content += ','
  50. query = 'SELECT posicion FROM administracion a WHERE a.user_id = ' + str(q[0])
  51. posicion = connection.execute(query).fetchall()
  52. tabla += '"Posicion":"'+escape(str(posicion[0][0]))+'"'
  53. modal_content += '"Posicion":"'+escape(str(posicion[0][0]))+'"'
  54. tabla += ','
  55. modal_content += ','
  56. tabla += '"Email":"'+escape(q[3])+'"'
  57. modal_content += '"Email":"'+escape(q[3])+'"'
  58. tabla += ','
  59. modal_content += ','
  60. tabla += '"user_id":"'+escape(str(q[0]))+'"'
  61. modal_content += '"user_id":"'+escape(str(q[0]))+'"'
  62. tabla += '}'
  63. modal_content += '}'
  64. if i < len_result:
  65. tabla += ','
  66. modal_content += ','
  67. tabla += ']'
  68. modal_content += ']'
  69. ###### info
  70. info = '{'
  71. info += '"dash_name":"Manejar Administracion"'
  72. info += ','
  73. info += '"dash_link":"/admin/ver/"'
  74. info += ','
  75. info += '"dash_sub_name":"Administracion Registrados"'
  76. info += ','
  77. info += '"add":"Anadir Administracion"'
  78. info += ','
  79. info += '"add_link":"/admin/forma/add/administracion/"'
  80. info += ','
  81. info += '"dir1":"#"'
  82. info += ','
  83. info += '"dir2":"/admin/forma/edit/administracion/"'
  84. info += '}'
  85. ###### modal
  86. modal = '{'
  87. modal += '"infoName":"Ver informacion"'
  88. modal += ','
  89. modal += '"editName":"/admin/ver/"'
  90. modal += '}'
  91. result = '{"headers":'+headers+',"tabla":'+tabla+',"modal_content":'+modal_content+',"info":'+info+',"modal":'+modal+'}'
  92. # print(result)
  93. return(result)