diff --git a/app/__init__.py b/app/__init__.py index 6d7ee36c7dc9768770cc9c97b688b396ef806b11..b23450fd49841704df43f06d02e82ca50cadabfc 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -127,6 +127,7 @@ def create_app(config_class=Config): else: auth_logger.debug(f'No role found for user {identity.user.username}.') + # Add global template variables @app.context_processor def set_global_html_variable_values(): @@ -150,6 +151,7 @@ def create_app(config_class=Config): 'user_permission': g.user_permission, 'super_admin_permission': g.super_admin_permission } + # Prevent site being loaded using iFrames @app.after_request @@ -157,18 +159,21 @@ def create_app(config_class=Config): response.headers['X-Frame-Options'] = 'SAMEORIGIN' return response + @app.errorhandler(Exception) def handle_exception(e): app.logger.error(f"Unhandled exception: {e}") session['error_message'] = str(e) return redirect(url_for('errors.error')) + @app.errorhandler(403) def handle_exception(e): app.logger.debug(f"Unauthorized: {e}") session['error_message'] = str(e) return redirect(url_for('errors.no_permission')) + @app.before_request def before_request(): g.admin_permission = None diff --git a/app/bookings/routes.py b/app/bookings/routes.py index b839799f62d11f2972337d27c77a38570031f9f2..1900123523fb71fa9d76ca83ef27186e754e7cd4 100644 --- a/app/bookings/routes.py +++ b/app/bookings/routes.py @@ -1,4 +1,5 @@ from flask import render_template, redirect, url_for, request, jsonify, session, flash, g, send_file +from flask_login import current_user from app.bookings import bp from app.models import Listings, Bookings, ListingAvailability from app import db @@ -390,6 +391,8 @@ def generate_ticket(id): @permission_required(user_permission) def get_user_bookings(): query = db.session.query(Bookings).join(Listings) + + query = query.filter(Bookings.user_id == current_user.id) depart_location = request.args.get('depart_location') destination_location = request.args.get('destination_location') diff --git a/app/main/routes.py b/app/main/routes.py index 9530d1ff8b96602a8800d8d77baa2c910132cdce..90558f2584702155db0cdaf79b09150ab1d8cd7b 100644 --- a/app/main/routes.py +++ b/app/main/routes.py @@ -27,10 +27,14 @@ def upload_file(filename): try: upload_folder = os.path.join(os.getcwd(), 'app/uploads') file_directory = send_from_directory(upload_folder, f'listing_images/{filename}') - except: - #Fall back for when image is not associated with a booking + except FileNotFoundError as e: + app_logger.debug(f"FileNotFoundError: {e}") file_directory = send_from_directory(upload_folder, f'listing_images/booking_image_not_found.jpg') - app_logger.debug(f"Can't find {filename} within uploads folder") + except Exception as e: + app_logger.debug(f"General Exception: {e}") + file_directory = send_from_directory(upload_folder, f'listing_images/booking_image_not_found.jpg') + except OSError as e: + pass return file_directory # Should only be used by ajax calls diff --git a/app/main/utils.py b/app/main/utils.py index 9aa91c9e6ec889361f73d43ac1f1a276650c71a0..dfe9c1c56154b5233860cf53e72f662d33f68c62 100644 --- a/app/main/utils.py +++ b/app/main/utils.py @@ -1,7 +1,7 @@ # utils.py from flask import current_app -from datetime import time, datetime, date +from datetime import time, datetime from datetime import datetime from fpdf import FPDF import barcode @@ -11,6 +11,7 @@ from io import BytesIO import os from PIL import Image from pystrich.datamatrix import DataMatrixEncoder +import tempfile def allowed_image_files(filename): return '.' in filename and filename.rsplit('.', 1)[1].lower() in current_app.config['ALLOWED_EXTENSIONS'] diff --git a/app/templates/admin/reports.html b/app/templates/admin/reports.html index 0437f90953d142c910049f66f898df230a72b182..d782b8f9b18be6b9648dcd3ea704c61f3905c117 100644 --- a/app/templates/admin/reports.html +++ b/app/templates/admin/reports.html @@ -4,14 +4,13 @@ <html> <head> <title>Reporting</title> - <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css"> <script src="https://cdn.jsdelivr.net/npm/chart.js"></script> <style> .chart-container { position: relative; width: 100%; height: 300px; - margin-bottom: 30px; /* Margin at the bottom to prevent overlap */ + margin-bottom: 30px; } .card h3 { text-align: center; diff --git a/app/templates/bookings/payment_success.html b/app/templates/bookings/payment_success.html index 5cfb912e5011cb6d6598808c0eaf6dd9e00af683..5419377668cde0922184153c750230b9bf14924c 100644 --- a/app/templates/bookings/payment_success.html +++ b/app/templates/bookings/payment_success.html @@ -6,7 +6,7 @@ <p class="lead">Your payment has been processed successfully.</p> <p>Click the buttons below to download your receipt and plane ticket:</p> <div class="mt-4"> - <form action="{{ url_for('bookings.generate_receipt', id=id) }}" method="get" class="d-inline"> + <form action="{{ url_for('bookings.generate_receipt', id=id) }}" method="get" class="d-inline" style="margin-right: 25px;"> <button type="submit" class="btn btn-success btn-lg">Download Receipt</button> </form> <form action="{{ url_for('bookings.generate_ticket', id=id) }}" method="get" class="d-inline"> diff --git a/app/templates/errors/error.html b/app/templates/errors/error.html index fda2e0fba6ce7b2d063bcc832cf44de59966f498..61e13defb700c0aefa710e6fcae4712ae60449a6 100644 --- a/app/templates/errors/error.html +++ b/app/templates/errors/error.html @@ -2,6 +2,7 @@ <head> <link rel="stylesheet" type="text/css" href="{{ url_for('static', filename='base.css') }}"> <script src="https://kit.fontawesome.com/11fd621de6.js" crossorigin="anonymous"></script> + <title> HT | Something went wrong </title> </head> <div class="quandary-div"> <h1>Something went wrong</h1>