From eda11a172a87021a0ea60b9c1d30398fe9c09914 Mon Sep 17 00:00:00 2001
From: Max Meinhold <mxmeinhold@gmail.com>
Date: Fri, 23 Apr 2021 01:07:23 -0400
Subject: [PATCH 01/16] Create DB migrations

---
 migrations/README                             |  1 +
 migrations/alembic.ini                        | 50 +++++++++++
 migrations/env.py                             | 90 +++++++++++++++++++
 migrations/script.py.mako                     | 24 +++++
 .../versions/4f95c173f1d9_initial_schema.py   | 56 ++++++++++++
 quotefault/__init__.py                        | 41 ++-------
 quotefault/models.py                          | 53 +++++++++++
 7 files changed, 281 insertions(+), 34 deletions(-)
 create mode 100644 migrations/README
 create mode 100644 migrations/alembic.ini
 create mode 100644 migrations/env.py
 create mode 100644 migrations/script.py.mako
 create mode 100644 migrations/versions/4f95c173f1d9_initial_schema.py
 create mode 100644 quotefault/models.py

diff --git a/migrations/README b/migrations/README
new file mode 100644
index 0000000..98e4f9c
--- /dev/null
+++ b/migrations/README
@@ -0,0 +1 @@
+Generic single-database configuration.
\ No newline at end of file
diff --git a/migrations/alembic.ini b/migrations/alembic.ini
new file mode 100644
index 0000000..ec9d45c
--- /dev/null
+++ b/migrations/alembic.ini
@@ -0,0 +1,50 @@
+# A generic, single database configuration.
+
+[alembic]
+# template used to generate migration files
+# file_template = %%(rev)s_%%(slug)s
+
+# set to 'true' to run the environment during
+# the 'revision' command, regardless of autogenerate
+# revision_environment = false
+
+
+# Logging configuration
+[loggers]
+keys = root,sqlalchemy,alembic,flask_migrate
+
+[handlers]
+keys = console
+
+[formatters]
+keys = generic
+
+[logger_root]
+level = WARN
+handlers = console
+qualname =
+
+[logger_sqlalchemy]
+level = WARN
+handlers =
+qualname = sqlalchemy.engine
+
+[logger_alembic]
+level = INFO
+handlers =
+qualname = alembic
+
+[logger_flask_migrate]
+level = INFO
+handlers =
+qualname = flask_migrate
+
+[handler_console]
+class = StreamHandler
+args = (sys.stderr,)
+level = NOTSET
+formatter = generic
+
+[formatter_generic]
+format = %(levelname)-5.5s [%(name)s] %(message)s
+datefmt = %H:%M:%S
diff --git a/migrations/env.py b/migrations/env.py
new file mode 100644
index 0000000..42438a5
--- /dev/null
+++ b/migrations/env.py
@@ -0,0 +1,90 @@
+from __future__ import with_statement
+
+import logging
+from logging.config import fileConfig
+
+from flask import current_app
+
+from alembic import context
+
+# this is the Alembic Config object, which provides
+# access to the values within the .ini file in use.
+config = context.config
+
+# Interpret the config file for Python logging.
+# This line sets up loggers basically.
+fileConfig(config.config_file_name)
+logger = logging.getLogger('alembic.env')
+
+# add your model's MetaData object here
+# for 'autogenerate' support
+# from myapp import mymodel
+# target_metadata = mymodel.Base.metadata
+config.set_main_option(
+    'sqlalchemy.url',
+    str(current_app.extensions['migrate'].db.engine.url).replace('%', '%%'))
+target_metadata = current_app.extensions['migrate'].db.metadata
+
+# other values from the config, defined by the needs of env.py,
+# can be acquired:
+# my_important_option = config.get_main_option("my_important_option")
+# ... etc.
+
+
+def run_migrations_offline():
+    """Run migrations in 'offline' mode.
+
+    This configures the context with just a URL
+    and not an Engine, though an Engine is acceptable
+    here as well.  By skipping the Engine creation
+    we don't even need a DBAPI to be available.
+
+    Calls to context.execute() here emit the given string to the
+    script output.
+
+    """
+    url = config.get_main_option("sqlalchemy.url")
+    context.configure(
+        url=url, target_metadata=target_metadata, literal_binds=True
+    )
+
+    with context.begin_transaction():
+        context.run_migrations()
+
+
+def run_migrations_online():
+    """Run migrations in 'online' mode.
+
+    In this scenario we need to create an Engine
+    and associate a connection with the context.
+
+    """
+
+    # this callback is used to prevent an auto-migration from being generated
+    # when there are no changes to the schema
+    # reference: http://alembic.zzzcomputing.com/en/latest/cookbook.html
+    def process_revision_directives(context, revision, directives):
+        if getattr(config.cmd_opts, 'autogenerate', False):
+            script = directives[0]
+            if script.upgrade_ops.is_empty():
+                directives[:] = []
+                logger.info('No changes in schema detected.')
+
+    connectable = current_app.extensions['migrate'].db.engine
+
+    with connectable.connect() as connection:
+        context.configure(
+            connection=connection,
+            target_metadata=target_metadata,
+            process_revision_directives=process_revision_directives,
+            **current_app.extensions['migrate'].configure_args
+        )
+
+        with context.begin_transaction():
+            context.run_migrations()
+
+
+if context.is_offline_mode():
+    run_migrations_offline()
+else:
+    run_migrations_online()
diff --git a/migrations/script.py.mako b/migrations/script.py.mako
new file mode 100644
index 0000000..2c01563
--- /dev/null
+++ b/migrations/script.py.mako
@@ -0,0 +1,24 @@
+"""${message}
+
+Revision ID: ${up_revision}
+Revises: ${down_revision | comma,n}
+Create Date: ${create_date}
+
+"""
+from alembic import op
+import sqlalchemy as sa
+${imports if imports else ""}
+
+# revision identifiers, used by Alembic.
+revision = ${repr(up_revision)}
+down_revision = ${repr(down_revision)}
+branch_labels = ${repr(branch_labels)}
+depends_on = ${repr(depends_on)}
+
+
+def upgrade():
+    ${upgrades if upgrades else "pass"}
+
+
+def downgrade():
+    ${downgrades if downgrades else "pass"}
diff --git a/migrations/versions/4f95c173f1d9_initial_schema.py b/migrations/versions/4f95c173f1d9_initial_schema.py
new file mode 100644
index 0000000..36f0d50
--- /dev/null
+++ b/migrations/versions/4f95c173f1d9_initial_schema.py
@@ -0,0 +1,56 @@
+"""Initial schema
+
+Revision ID: 4f95c173f1d9
+Revises: 
+Create Date: 2021-04-23 01:02:40.157049
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '4f95c173f1d9'
+down_revision = None
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('api_key',
+    sa.Column('id', sa.Integer(), nullable=False),
+    sa.Column('hash', sa.String(length=64), nullable=True),
+    sa.Column('owner', sa.String(length=80), nullable=True),
+    sa.Column('reason', sa.String(length=120), nullable=True),
+    sa.PrimaryKeyConstraint('id'),
+    sa.UniqueConstraint('hash'),
+    sa.UniqueConstraint('owner', 'reason', name='unique_key')
+    )
+    op.create_table('quote',
+    sa.Column('id', sa.Integer(), nullable=False),
+    sa.Column('submitter', sa.String(length=80), nullable=False),
+    sa.Column('quote', sa.String(length=200), nullable=False),
+    sa.Column('speaker', sa.String(length=50), nullable=False),
+    sa.Column('quote_time', sa.DateTime(), nullable=False),
+    sa.PrimaryKeyConstraint('id'),
+    sa.UniqueConstraint('quote')
+    )
+    op.create_table('vote',
+    sa.Column('id', sa.Integer(), nullable=False),
+    sa.Column('quote_id', sa.Integer(), nullable=True),
+    sa.Column('voter', sa.String(length=200), nullable=False),
+    sa.Column('direction', sa.Integer(), nullable=False),
+    sa.Column('updated_time', sa.DateTime(), nullable=False),
+    sa.ForeignKeyConstraint(['quote_id'], ['quote.id'], ),
+    sa.PrimaryKeyConstraint('id')
+    )
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_table('vote')
+    op.drop_table('quote')
+    op.drop_table('api_key')
+    # ### end Alembic commands ###
diff --git a/quotefault/__init__.py b/quotefault/__init__.py
index 00d4ef9..4a351d6 100644
--- a/quotefault/__init__.py
+++ b/quotefault/__init__.py
@@ -6,6 +6,7 @@
 import requests
 from csh_ldap import CSHLDAP
 from flask import Flask, render_template, request, flash, session, make_response
+from flask_migrate import Migrate
 from flask_pyoidc.flask_pyoidc import OIDCAuthentication
 from flask_sqlalchemy import SQLAlchemy
 from sqlalchemy import func
@@ -16,8 +17,14 @@
     app.config.from_pyfile(os.path.join(os.getcwd(), "config.py"))
 else:
     app.config.from_pyfile(os.path.join(os.getcwd(), "config.env.py"))
+
 #var representing the quote database the app is connected to
 db = SQLAlchemy(app)
+migrate = Migrate(app, db)
+app.logger.info('SQLAlchemy pointed at ' + repr(db.engine.url))
+
+# pylint: disable=wrong-import-position
+from .models import Quote, Vote
 
 # Disable SSL certificate verification warning
 requests.packages.urllib3.disable_warnings()
@@ -38,40 +45,6 @@
 from .mail import send_quote_notification_email
 
 
-# create the quote table with all relevant columns
-class Quote(db.Model):
-    id = db.Column(db.Integer, primary_key=True, nullable=False)
-    submitter = db.Column(db.String(80), nullable=False)
-    quote = db.Column(db.String(200), unique=True, nullable=False)
-    speaker = db.Column(db.String(50), nullable=False)
-    quote_time = db.Column(db.DateTime, nullable=False)
-
-    # initialize a row for the Quote table
-    def __init__(self, submitter, quote, speaker):
-        self.quote_time = datetime.now()
-        self.submitter = submitter
-        self.quote = quote
-        self.speaker = speaker
-
-
-class Vote(db.Model):
-    id = db.Column(db.Integer, primary_key=True, nullable=False)
-    quote_id = db.Column(db.ForeignKey("quote.id"))
-    voter = db.Column(db.String(200), nullable=False)
-    direction = db.Column(db.Integer, nullable=False)
-    updated_time = db.Column(db.DateTime, nullable=False)
-
-    quote = db.relationship(Quote)
-    test = db.UniqueConstraint("quote_id", "voter")
-
-    # initialize a row for the Vote table
-    def __init__(self, quote_id, voter, direction):
-        self.quote_id = quote_id
-        self.voter = voter
-        self.direction = direction
-        self.updated_time = datetime.now()
-
-
 def get_metadata():
     uuid = str(session["userinfo"].get("sub", ""))
     uid = str(session["userinfo"].get("preferred_username", ""))
diff --git a/quotefault/models.py b/quotefault/models.py
new file mode 100644
index 0000000..6b47a3f
--- /dev/null
+++ b/quotefault/models.py
@@ -0,0 +1,53 @@
+"""
+Defines the application's database models
+"""
+
+from sqlalchemy import UniqueConstraint
+
+from quotefault import db
+
+# create the quote table with all relevant columns
+class Quote(db.Model):
+    id = db.Column(db.Integer, primary_key=True, nullable=False)
+    submitter = db.Column(db.String(80), nullable=False)
+    quote = db.Column(db.String(200), unique=True, nullable=False)
+    speaker = db.Column(db.String(50), nullable=False)
+    quote_time = db.Column(db.DateTime, nullable=False)
+
+    # initialize a row for the Quote table
+    def __init__(self, submitter, quote, speaker):
+        self.quote_time = datetime.now()
+        self.submitter = submitter
+        self.quote = quote
+        self.speaker = speaker
+
+
+class Vote(db.Model):
+    id = db.Column(db.Integer, primary_key=True, nullable=False)
+    quote_id = db.Column(db.ForeignKey("quote.id"))
+    voter = db.Column(db.String(200), nullable=False)
+    direction = db.Column(db.Integer, nullable=False)
+    updated_time = db.Column(db.DateTime, nullable=False)
+
+    quote = db.relationship(Quote)
+    test = db.UniqueConstraint("quote_id", "voter")
+
+    # initialize a row for the Vote table
+    def __init__(self, quote_id, voter, direction):
+        self.quote_id = quote_id
+        self.voter = voter
+        self.direction = direction
+        self.updated_time = datetime.now()
+
+
+class APIKey(db.Model):
+    id = db.Column(db.Integer, primary_key=True)
+    hash = db.Column(db.String(64), unique=True)
+    owner = db.Column(db.String(80))
+    reason = db.Column(db.String(120))
+    __table_args__ = (UniqueConstraint('owner', 'reason', name='unique_key'),)
+
+    def __init__(self, owner, reason):
+        self.hash = binascii.b2a_hex(os.urandom(10))
+        self.owner = owner
+        self.reason = reason

From bf96a8cc0e6d4e7ef259e9f12bcdf90c9165e534 Mon Sep 17 00:00:00 2001
From: Max Meinhold <mxmeinhold@gmail.com>
Date: Fri, 23 Apr 2021 01:28:28 -0400
Subject: [PATCH 02/16] Define report table

---
 .../versions/76898f8ac346_add_reports.py      | 33 +++++++++++++++++++
 quotefault/models.py                          | 18 +++++++++-
 2 files changed, 50 insertions(+), 1 deletion(-)
 create mode 100644 migrations/versions/76898f8ac346_add_reports.py

diff --git a/migrations/versions/76898f8ac346_add_reports.py b/migrations/versions/76898f8ac346_add_reports.py
new file mode 100644
index 0000000..8257fd2
--- /dev/null
+++ b/migrations/versions/76898f8ac346_add_reports.py
@@ -0,0 +1,33 @@
+"""Add reports
+
+Revision ID: 76898f8ac346
+Revises: 4f95c173f1d9
+Create Date: 2021-04-23 01:18:03.934757
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '76898f8ac346'
+down_revision = '4f95c173f1d9'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    op.create_table('report',
+    sa.Column('id', sa.Integer(), nullable=False),
+    sa.Column('quote_id', sa.Integer(), nullable=True),
+    sa.Column('reporter', sa.Text(), nullable=False),
+    sa.Column('reason', sa.Text(), nullable=False),
+    sa.ForeignKeyConstraint(['quote_id'], ['quote.id'], ),
+    sa.PrimaryKeyConstraint('id')
+    )
+    op.add_column('quote', sa.Column('hidden', sa.Boolean(), nullable=True))
+
+
+def downgrade():
+    op.drop_column('quote', 'hidden')
+    op.drop_table('report')
diff --git a/quotefault/models.py b/quotefault/models.py
index 6b47a3f..e6d60aa 100644
--- a/quotefault/models.py
+++ b/quotefault/models.py
@@ -8,11 +8,16 @@
 
 # create the quote table with all relevant columns
 class Quote(db.Model):
+    __tablename__ = 'quote'
     id = db.Column(db.Integer, primary_key=True, nullable=False)
     submitter = db.Column(db.String(80), nullable=False)
     quote = db.Column(db.String(200), unique=True, nullable=False)
     speaker = db.Column(db.String(50), nullable=False)
     quote_time = db.Column(db.DateTime, nullable=False)
+    hidden = db.Column(db.Boolean, default=False)
+
+    votes = db.relationship('Vote', back_populates='quote_id')
+    reports = db.relationship('Report', back_populates='quote_id')
 
     # initialize a row for the Quote table
     def __init__(self, submitter, quote, speaker):
@@ -23,13 +28,14 @@ def __init__(self, submitter, quote, speaker):
 
 
 class Vote(db.Model):
+    __tablename__ = 'vote'
     id = db.Column(db.Integer, primary_key=True, nullable=False)
     quote_id = db.Column(db.ForeignKey("quote.id"))
     voter = db.Column(db.String(200), nullable=False)
     direction = db.Column(db.Integer, nullable=False)
     updated_time = db.Column(db.DateTime, nullable=False)
 
-    quote = db.relationship(Quote)
+    quote = db.relationship(Quote, back_populates='votes')
     test = db.UniqueConstraint("quote_id", "voter")
 
     # initialize a row for the Vote table
@@ -41,6 +47,7 @@ def __init__(self, quote_id, voter, direction):
 
 
 class APIKey(db.Model):
+    __tablename__ = 'api_key'
     id = db.Column(db.Integer, primary_key=True)
     hash = db.Column(db.String(64), unique=True)
     owner = db.Column(db.String(80))
@@ -51,3 +58,12 @@ def __init__(self, owner, reason):
         self.hash = binascii.b2a_hex(os.urandom(10))
         self.owner = owner
         self.reason = reason
+
+class Report(db.Model):
+    __tablename__ = 'report'
+    id = db.Column(db.Integer, primary_key=True)
+    quote_id = db.Column(db.Integer, db.ForeignKey('quote.id'))
+    reporter = db.Column(db.Text, nullable=False)
+    reason = db.Column(db.Text, nullable=False)
+
+    quote = db.relationship(Quote, back_populates='reports')

From f8d62c25c56f3403ee550d2309b383310261c4c4 Mon Sep 17 00:00:00 2001
From: Max Meinhold <mxmeinhold@gmail.com>
Date: Fri, 23 Apr 2021 01:43:20 -0400
Subject: [PATCH 03/16] Hide hidden quotes

---
 quotefault/__init__.py | 56 ++++++++++++++++++++----------------------
 1 file changed, 27 insertions(+), 29 deletions(-)

diff --git a/quotefault/__init__.py b/quotefault/__init__.py
index 4a351d6..4a4ecff 100644
--- a/quotefault/__init__.py
+++ b/quotefault/__init__.py
@@ -155,23 +155,33 @@ def submit():
         return render_template('bootstrap/main.html', metadata=metadata, all_members=all_members), 200
 
 
+def get_quote_query(speaker: str = "", submitter: str = "", include_hidden: bool = False):
+    """Return a query based on the args, with vote count attached to the quotes"""
+
+    # Get all the quotes with their votes
+    quote_query = db.session.query(Quote, func.sum(Vote.direction).label('votes')).outerjoin(Vote).group_by(Quote)
+
+    # Put the most recent first
+    quote_query = quote_query.order_by(Quote.quote_time.desc())
+
+    # Filter hidden quotes
+    if not include_hidden:
+        quote_query = quote_query.filter(Quote.hidden == False)
+
+    # Filter by speaker and submitter, if applicable
+    if request.args.get('speaker'):
+        quote_query = quote_query.filter(Quote.speaker == request.args.get('speaker'))
+    if request.args.get('submitter'):
+        quote_query = quote_query.filter(Quote.submitter == request.args.get('submitter'))
+
+    return quote_query
+
 # display first 20 stored quotes
 @app.route('/storage', methods=['GET'])
 @auth.oidc_auth
 def get():
-    metadata = get_metadata()
-    metadata['submitter'] = request.args.get('submitter')  # get submitter from url query string
-    metadata['speaker'] = request.args.get('speaker')  # get speaker from url query string
-
-    #return the first 20 quotes according to query strings (or lack thereof), as well as their associated vote value
-    if metadata['speaker'] is not None and metadata['submitter'] is not None:
-        quotes = db.session.query(Quote, func.sum(Vote.direction).label('votes')).outerjoin(Vote).group_by(Quote).order_by(Quote.quote_time.desc()).filter(Quote.submitter == metadata['submitter'], Quote.speaker == metadata['speaker']).limit(20).all()
-    elif metadata['submitter'] is not None:
-        quotes = db.session.query(Quote, func.sum(Vote.direction).label('votes')).outerjoin(Vote).group_by(Quote).order_by(Quote.quote_time.desc()).filter(Quote.submitter == metadata['submitter']).limit(20).all()
-    elif metadata['speaker'] is not None:
-        quotes = db.session.query(Quote, func.sum(Vote.direction).label('votes')).outerjoin(Vote).group_by(Quote).order_by(Quote.quote_time.desc()).filter(Quote.speaker == metadata['speaker']).limit(20).all()
-    else:
-        quotes = db.session.query(Quote, func.sum(Vote.direction).label('votes')).outerjoin(Vote).group_by(Quote).order_by(Quote.quote_time.desc()).limit(20).all()
+    # Get the most recent 20 quotes
+    quotes = get_quote_query(speaker = request.args.get('speaker'), submitter = request.args.get('submitter')).limit(20).all()
     
     #tie any votes the user has made to their uid
     user_votes = db.session.query(Vote).filter(Vote.voter == metadata['submitter']).all()
@@ -179,7 +189,7 @@ def get():
     return render_template(
         'bootstrap/storage.html',
         quotes=quotes,
-        metadata=metadata,
+        metadata=get_metadata(),
         user_votes=user_votes
     )
 
@@ -189,27 +199,15 @@ def get():
 @auth.oidc_auth
 def additional_quotes():
 
-    metadata = get_metadata()
-    metadata['submitter'] = request.args.get('submitter')  # get submitter from url query string
-    metadata['speaker'] = request.args.get('speaker')  # get speaker from url query string
-
-    #return quotes according to query strings (or lack thereof)
-    if metadata['speaker'] is not None and metadata['submitter'] is not None:
-        quotes = db.session.query(Quote, func.sum(Vote.direction).label('votes')).outerjoin(Vote).group_by(Quote).order_by(Quote.quote_time.desc()).filter(Quote.submitter == metadata['submitter'], Quote.speaker == metadata['speaker']).all()
-    elif metadata['submitter'] is not None:
-        quotes = db.session.query(Quote, func.sum(Vote.direction).label('votes')).outerjoin(Vote).group_by(Quote).order_by(Quote.quote_time.desc()).filter(Quote.submitter == metadata['submitter']).all()
-    elif metadata['speaker'] is not None:
-        quotes = db.session.query(Quote, func.sum(Vote.direction).label('votes')).outerjoin(Vote).group_by(Quote).order_by(Quote.quote_time.desc()).filter(Quote.speaker == metadata['speaker']).all()
-    else:
-        quotes = db.session.query(Quote, func.sum(Vote.direction).label('votes')).outerjoin(Vote).group_by(Quote).order_by(Quote.quote_time.desc()).all()
+    # Get all the quotes
+    quotes = get_quote_query(speaker = request.args.get('speaker'), submitter = request.args.get('submitter')).all()
 
     #tie any votes the user has made to their uid
     user_votes = db.session.query(Vote).filter(Vote.voter == metadata['uid']).all()
 
-
     return render_template(
         'bootstrap/additional_quotes.html',
         quotes=quotes[20:],
-        metadata=metadata,
+        metadata=get_metadata(),
         user_votes=user_votes
     )

From 2c5e74b4de855f22056d01ee958d475869bf184d Mon Sep 17 00:00:00 2001
From: Joseph Abbate <josephabbateny@gmail.com>
Date: Mon, 8 Nov 2021 00:47:31 -0500
Subject: [PATCH 04/16] Add Report, Hide, and Review Functions

Report Button allows quote to be sent to RTP/Eboard for review
Hide prevents the quote from being seen by anyone except for speaker, submitter, and Eboard/RTPs
Review is the process that Eboard/RTP view reported quotes to decide to keep or hide
---
 alembic.ini                                   |  74 +++++++++++
 config.env.py                                 |   4 +
 config.sample.py                              |   3 +
 ...8a4c7fbcc2_report_reviewed_column_added.py |  25 ++++
 ...5c78b9d1d06e_add_report_reviewed_column.py |  24 ++++
 quotefault/__init__.py                        | 124 ++++++++++++++++--
 quotefault/ldap.py                            |  12 ++
 quotefault/mail.py                            |  17 ++-
 quotefault/models.py                          |  19 ++-
 quotefault/templates/bootstrap/admin.html     |  55 ++++++++
 quotefault/templates/bootstrap/base.html      |  14 ++
 quotefault/templates/bootstrap/hidden.html    | 100 ++++++++++++++
 quotefault/templates/bootstrap/storage.html   |  98 +++++++++++++-
 quotefault/templates/extend/base.html         |  29 ++++
 quotefault/templates/extend/email.html        |  17 +++
 quotefault/templates/mail/notif.html          |   9 ++
 quotefault/templates/mail/notif.txt           |   4 +
 quotefault/templates/mail/report.html         |  12 ++
 quotefault/templates/mail/report.txt          |   6 +
 requirements.txt                              |   3 +-
 20 files changed, 627 insertions(+), 22 deletions(-)
 create mode 100644 alembic.ini
 create mode 100644 migrations/versions/3b8a4c7fbcc2_report_reviewed_column_added.py
 create mode 100644 migrations/versions/5c78b9d1d06e_add_report_reviewed_column.py
 create mode 100644 quotefault/templates/bootstrap/admin.html
 create mode 100644 quotefault/templates/bootstrap/hidden.html
 create mode 100644 quotefault/templates/extend/base.html
 create mode 100644 quotefault/templates/extend/email.html
 create mode 100644 quotefault/templates/mail/notif.html
 create mode 100644 quotefault/templates/mail/notif.txt
 create mode 100644 quotefault/templates/mail/report.html
 create mode 100644 quotefault/templates/mail/report.txt

diff --git a/alembic.ini b/alembic.ini
new file mode 100644
index 0000000..33b6827
--- /dev/null
+++ b/alembic.ini
@@ -0,0 +1,74 @@
+# A generic, single database configuration.
+
+[alembic]
+# path to migration scripts
+script_location = migrations
+
+# template used to generate migration files
+# file_template = %%(rev)s_%%(slug)s
+
+# timezone to use when rendering the date
+# within the migration file as well as the filename.
+# string value is passed to dateutil.tz.gettz()
+# leave blank for localtime
+# timezone =
+
+# max length of characters to apply to the
+# "slug" field
+#truncate_slug_length = 40
+
+# set to 'true' to run the environment during
+# the 'revision' command, regardless of autogenerate
+# revision_environment = false
+
+# set to 'true' to allow .pyc and .pyo files without
+# a source .py file to be detected as revisions in the
+# versions/ directory
+# sourceless = false
+
+# version location specification; this defaults
+# to migrations/versions.  When using multiple version
+# directories, initial revisions must be specified with --version-path
+# version_locations = %(here)s/bar %(here)s/bat migrations/versions
+
+# the output encoding used when revision files
+# are written from script.py.mako
+# output_encoding = utf-8
+
+sqlalchemy.url = driver://user:pass@localhost/dbname
+
+
+# Logging configuration
+[loggers]
+keys = root,sqlalchemy,alembic
+
+[handlers]
+keys = console
+
+[formatters]
+keys = generic
+
+[logger_root]
+level = WARN
+handlers = console
+qualname =
+
+[logger_sqlalchemy]
+level = WARN
+handlers =
+qualname = sqlalchemy.engine
+
+[logger_alembic]
+level = INFO
+handlers =
+qualname = alembic
+
+[handler_console]
+class = StreamHandler
+args = (sys.stderr,)
+level = NOTSET
+formatter = generic
+
+[formatter_generic]
+format = %(levelname)-5.5s [%(name)s] %(message)s
+datefmt = %H:%M:%S
diff --git a/config.env.py b/config.env.py
index fc67ded..60c0ee0 100644
--- a/config.env.py
+++ b/config.env.py
@@ -23,5 +23,9 @@
 # CSH_LDAP credentials
 LDAP_BIND_DN = os.environ.get("LDAP_BIND_DN", default="cn=quotefault,ou=Apps,dc=csh,dc=rit,dc=edu")
 LDAP_BIND_PW = os.environ.get("LDAP_BIND_PW", default=None)
+MAIL_USERNAME = os.environ.get("MAIL_USERNAME", default=None)
 MAIL_PASSWORD = os.environ.get("MAIL_PASSWORD", default=None)
 MAIL_SERVER = os.environ.get("MAIL_SERVER", default=None)
+MAIL_PORT = os.environ.get("MAIL_PORT", default=465)
+MAIL_USE_SSL = True
+
diff --git a/config.sample.py b/config.sample.py
index 049a631..b8fa092 100644
--- a/config.sample.py
+++ b/config.sample.py
@@ -20,5 +20,8 @@
 # CSH_LDAP credentials
 LDAP_BIND_DN = ''
 LDAP_BIND_PW = ''
+MAIL_USERNAME = ''
 MAIL_PASSWORD = ''
 MAIL_SERVER = ''
+MAIL_PORT = 465
+MAIL_USE_SSL = True
\ No newline at end of file
diff --git a/migrations/versions/3b8a4c7fbcc2_report_reviewed_column_added.py b/migrations/versions/3b8a4c7fbcc2_report_reviewed_column_added.py
new file mode 100644
index 0000000..7a65e72
--- /dev/null
+++ b/migrations/versions/3b8a4c7fbcc2_report_reviewed_column_added.py
@@ -0,0 +1,25 @@
+"""Report Reviewed Column Added
+
+Revision ID: 3b8a4c7fbcc2
+Revises: 76898f8ac346
+Create Date: 2021-11-07 22:31:04.835460
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '3b8a4c7fbcc2'
+down_revision = '76898f8ac346'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    op.add_column('report', sa.Column('reviewed', sa.Boolean(), nullable=False))
+
+
+def downgrade():
+    op.drop_column('report', 'reviewed')
+
diff --git a/migrations/versions/5c78b9d1d06e_add_report_reviewed_column.py b/migrations/versions/5c78b9d1d06e_add_report_reviewed_column.py
new file mode 100644
index 0000000..da7c282
--- /dev/null
+++ b/migrations/versions/5c78b9d1d06e_add_report_reviewed_column.py
@@ -0,0 +1,24 @@
+"""Add Report Reviewed Column
+
+Revision ID: 5c78b9d1d06e
+Revises: 76898f8ac346
+Create Date: 2021-11-07 22:28:49.719690
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '5c78b9d1d06e'
+down_revision = '76898f8ac346'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    pass
+
+
+def downgrade():
+    pass
diff --git a/quotefault/__init__.py b/quotefault/__init__.py
index 4a4ecff..a303d13 100644
--- a/quotefault/__init__.py
+++ b/quotefault/__init__.py
@@ -3,13 +3,20 @@
 import subprocess
 from datetime import datetime
 
+
+
 import requests
 from csh_ldap import CSHLDAP
 from flask import Flask, render_template, request, flash, session, make_response
+from flask_mail import Mail, Message
 from flask_migrate import Migrate
 from flask_pyoidc.flask_pyoidc import OIDCAuthentication
 from flask_sqlalchemy import SQLAlchemy
 from sqlalchemy import func
+from sqlalchemy.orm.query import Query
+from werkzeug.utils import redirect
+
+from config import LDAP_BIND_DN
 
 app = Flask(__name__)
 # look for a config file to associate with a db/port/ip/servername
@@ -21,10 +28,11 @@
 #var representing the quote database the app is connected to
 db = SQLAlchemy(app)
 migrate = Migrate(app, db)
+mail_client = Mail(app)
 app.logger.info('SQLAlchemy pointed at ' + repr(db.engine.url))
 
 # pylint: disable=wrong-import-position
-from .models import Quote, Vote
+from .models import Quote, Vote, Report
 
 # Disable SSL certificate verification warning
 requests.packages.urllib3.disable_warnings()
@@ -38,12 +46,10 @@
 # Create CSHLDAP connection
 _ldap = CSHLDAP(app.config["LDAP_BIND_DN"],
                 app.config["LDAP_BIND_PW"])
-
 app.secret_key = 'submission'  # allows message flashing, var not actually used
 
-from .ldap import get_all_members, ldap_get_member
-from .mail import send_quote_notification_email
-
+from .ldap import get_all_members, is_member_of_group
+from .mail import send_quote_notification_email, send_report_email
 
 def get_metadata():
     uuid = str(session["userinfo"].get("sub", ""))
@@ -54,16 +60,15 @@ def get_metadata():
         "uuid": uuid,
         "uid": uid,
         "version": version,
-        "plug": plug
+        "plug": plug,
+        "is_admin" : is_member_of_group(uid,'eboard') or is_member_of_group(uid,'rtp')
     }
     return metadata
 
-
 # run the main page by creating the table(s) in the CSH serverspace and rendering the mainpage template
 @app.route('/', methods=['GET'])
 @auth.oidc_auth
 def main():
-    db.create_all()
     metadata = get_metadata()
     all_members = get_all_members()
     return render_template('bootstrap/main.html', metadata=metadata, all_members=all_members)
@@ -116,8 +121,9 @@ def update_settings():
 @app.route('/submit', methods=['POST'])
 @auth.oidc_auth
 def submit():
-    # submitter will grab UN from OIDC when linked to it
+    #submitter will grab UN from OIDC when linked to it
     submitter = session['userinfo'].get('preferred_username', '')
+
     metadata = get_metadata()
     all_members = get_all_members()
     quote = request.form['quoteString']
@@ -145,7 +151,7 @@ def submit():
         db.session.commit()
         # Send email to person quoted
         if app.config['MAIL_SERVER'] != '':
-            send_quote_notification_email(app, speaker)
+            send_quote_notification_email(app, mail_client, speaker)
         # create a message to flash for successful submission
         flash('Submission Successful!')
         # return something to complete submission
@@ -180,16 +186,18 @@ def get_quote_query(speaker: str = "", submitter: str = "", include_hidden: bool
 @app.route('/storage', methods=['GET'])
 @auth.oidc_auth
 def get():
+    metadata = get_metadata()
+
     # Get the most recent 20 quotes
     quotes = get_quote_query(speaker = request.args.get('speaker'), submitter = request.args.get('submitter')).limit(20).all()
     
     #tie any votes the user has made to their uid
-    user_votes = db.session.query(Vote).filter(Vote.voter == metadata['submitter']).all()
+    user_votes = db.session.query(Vote).filter(Vote.voter == metadata['uid']).all()
 
     return render_template(
         'bootstrap/storage.html',
         quotes=quotes,
-        metadata=get_metadata(),
+        metadata=metadata,
         user_votes=user_votes
     )
 
@@ -199,6 +207,8 @@ def get():
 @auth.oidc_auth
 def additional_quotes():
 
+    metadata = get_metadata()
+
     # Get all the quotes
     quotes = get_quote_query(speaker = request.args.get('speaker'), submitter = request.args.get('submitter')).all()
 
@@ -208,6 +218,94 @@ def additional_quotes():
     return render_template(
         'bootstrap/additional_quotes.html',
         quotes=quotes[20:],
-        metadata=get_metadata(),
+        metadata=metadata,
         user_votes=user_votes
     )
+
+@app.route('/report/<id>', methods=['POST'])
+@auth.oidc_auth
+def report(id):
+    metadata = get_metadata()
+    existing_report = Report.query.filter(Report.reporter==metadata['uid'], Report.quote_id==id).first()
+    if existing_report:
+        flash("You already submitted a report for this Quote!")
+        return redirect('/storage')
+    new_report = Report(id, metadata['uid'], None)
+    db.session.add(new_report)
+    db.session.commit()
+    if app.config['MAIL_SERVER'] != '':
+        send_report_email( app, mail_client, metadata['uid'], Quote.query.get(id) )
+
+    flash("Report Successful!")
+    return redirect('/storage')
+
+@app.route('/review', methods=['GET'])
+@auth.oidc_auth
+def review():
+    metadata = get_metadata()
+    if metadata['is_admin']:
+        # Get the most recent 20 quotes
+        reports = Report.query.filter(Report.reviewed==False).all()
+
+        return render_template(
+            'bootstrap/admin.html',
+            reports=reports,
+            metadata=metadata
+        )
+    return redirect('/')
+
+@app.route('/review/<id>/<result>', methods=['POST'])
+@auth.oidc_auth
+def review_submit(id, result):
+    metadata = get_metadata()
+    result = int(result)
+    if metadata['is_admin']:
+        # 1 = Keep, 0 = Hide
+        if result:
+            report = Report.query.get(id)
+            report.reviewed = True
+            db.session.commit()
+            flash("Report Completed: Quote Kept")
+        else:
+            report = Report.query.get(id)
+            report.quote.hidden = True
+            report.reviewed = True
+            db.session.commit()
+            flash("Report Completed: Quote Hidden")
+        return redirect('/review')
+    return redirect('/')
+
+@app.route('/hide/<id>', methods=['POST'])
+@auth.oidc_auth
+def hide(id):
+    quote = Quote.query.get(id)
+    quote.hidden = True
+    db.session.commit()
+    flash("Quote Hidden!")
+    return redirect('/storage')
+
+@app.route('/unhide/<id>', methods=['POST'])
+@auth.oidc_auth
+def unhide(id):
+    metadata = get_metadata()
+    if metadata['is_admin']:
+        quote = Quote.query.get(id)
+        quote.hidden = False
+        db.session.commit()
+        flash("Quote Unhidden!")
+        return redirect('/hidden')
+    return redirect('/')
+
+@app.route('/hidden', methods=['GET'])
+@auth.oidc_auth
+def hidden():
+    metadata = get_metadata()
+    if metadata['is_admin']:
+        quotes = Quote.query.filter( Quote.hidden ).all()
+    else:
+        quotes = Quote.query.filter( (Quote.speaker == metadata['uid']) | (Quote.submitter == metadata['uid'] ) ).filter( Quote.hidden ).all()
+    return render_template(
+        'bootstrap/hidden.html',
+        quotes=quotes,
+        metadata=metadata
+    )
\ No newline at end of file
diff --git a/quotefault/ldap.py b/quotefault/ldap.py
index f1301bc..54b1bc6 100644
--- a/quotefault/ldap.py
+++ b/quotefault/ldap.py
@@ -1,5 +1,9 @@
 from functools import lru_cache
 from quotefault import _ldap, app
+from typing import Dict, List
+import ldap as pyldap  # type: ignore
+from typing import Optional, List, Dict
+from csh_ldap import CSHLDAP, CSHMember
 
 
 @lru_cache(maxsize=8192)
@@ -22,3 +26,11 @@ def get_display_name(username):
         except:
             return username
     return dict(get_display_name=get_display_name)
+
+def is_member_of_group(uid: str, group: str) -> bool:
+    member = ldap_get_member(uid)
+    group_list = member.get("memberOf")
+    for group_dn in group_list:
+        if group == group_dn.split(",")[0][3:]:
+            return True
+    return False
\ No newline at end of file
diff --git a/quotefault/mail.py b/quotefault/mail.py
index c36d1c2..74e73f6 100644
--- a/quotefault/mail.py
+++ b/quotefault/mail.py
@@ -1,10 +1,22 @@
+from flask_mail import Message
+from flask import render_template
 import smtplib
 import os
 from email.mime.text import MIMEText
 from email.mime.multipart import MIMEMultipart
 
+def send_report_email(app, mail_client, reporter, quote):
+    recipients = ["<eboard@csh.rit.edu>","<rtp@csh.rit.edu>"]
+    msg = Message(subject='New QuoteFault Report',
+                sender=app.config.get('MAIL_USERNAME'),
+                recipients=recipients)
+    template = 'mail/report'
+    msg.body = render_template(template + '.txt', reporter = reporter, quote = quote )
+    msg.html = render_template(template + '.html', reporter = reporter, quote = quote )
+    mail_client.send(msg)
+
 def send_email(app, toaddr, subject, body):
-    fromaddr = "quotefault@csh.rit.edu"
+    fromaddr = app.config['MAIL_USERNAME']
     msg = MIMEMultipart()
     msg['From'] = fromaddr
     msg['To'] = toaddr
@@ -18,10 +30,9 @@ def send_email(app, toaddr, subject, body):
     server.sendmail(fromaddr, toaddr, text)
     server.quit()
 
-
 def send_quote_notification_email(app, user):
     toaddr = "{}@csh.rit.edu".format(user)
     subject = "You've been quoted"
     body = "Somebody quoted you in Quotefault!\n\n"
     body += "Check Quotefault to see what you were caught saying!"
-    send_email(app, toaddr, subject, body)
+    send_email(app, toaddr, subject, body)
\ No newline at end of file
diff --git a/quotefault/models.py b/quotefault/models.py
index e6d60aa..dd3ab8e 100644
--- a/quotefault/models.py
+++ b/quotefault/models.py
@@ -3,8 +3,12 @@
 """
 
 from sqlalchemy import UniqueConstraint
+from sqlalchemy.sql.expression import nullslast
 
 from quotefault import db
+from datetime import datetime
+import os
+import binascii
 
 # create the quote table with all relevant columns
 class Quote(db.Model):
@@ -16,8 +20,8 @@ class Quote(db.Model):
     quote_time = db.Column(db.DateTime, nullable=False)
     hidden = db.Column(db.Boolean, default=False)
 
-    votes = db.relationship('Vote', back_populates='quote_id')
-    reports = db.relationship('Report', back_populates='quote_id')
+    votes = db.relationship('Vote', back_populates='quote')
+    reports = db.relationship('Report', back_populates='quote')
 
     # initialize a row for the Quote table
     def __init__(self, submitter, quote, speaker):
@@ -62,8 +66,15 @@ def __init__(self, owner, reason):
 class Report(db.Model):
     __tablename__ = 'report'
     id = db.Column(db.Integer, primary_key=True)
-    quote_id = db.Column(db.Integer, db.ForeignKey('quote.id'))
+    quote_id = db.Column(db.Integer, db.ForeignKey('quote.id'), nullable=False)
     reporter = db.Column(db.Text, nullable=False)
-    reason = db.Column(db.Text, nullable=False)
+    reason = db.Column(db.Text, nullable=True)
+    reviewed = db.Column(db.Boolean, nullable=False, default=False)
 
     quote = db.relationship(Quote, back_populates='reports')
+
+    def __init__(self, quote_id, reporter, reason):
+        self.hash = binascii.b2a_hex(os.urandom(10))
+        self.quote_id = quote_id
+        self.reporter = reporter
+        self.reason = reason
\ No newline at end of file
diff --git a/quotefault/templates/bootstrap/admin.html b/quotefault/templates/bootstrap/admin.html
new file mode 100644
index 0000000..6e3d422
--- /dev/null
+++ b/quotefault/templates/bootstrap/admin.html
@@ -0,0 +1,55 @@
+{% extends "bootstrap/base.html" %}
+
+{% block styles %}
+    <link rel="stylesheet" href="/static/css/votes/upvote.css">
+{% endblock %}
+
+{% block body %}
+    <div class="container">
+        <!-- flash relevant message when submit button is clicked -->
+        {% with messages = get_flashed_messages(with_categories=true) %}
+            {% if messages %}
+                {% for category, message in messages %}
+                    <script>
+                        switch (category) {
+                            case warning:
+                                category = warning
+                            case error:
+                                category = danger
+                            case
+                            default:
+                                category = success
+                        }
+                    </script>
+                    <div class="alert alert-{{ category }}" role="alert">
+                        {{ message }}
+                    </div>
+                {% endfor %}
+            {% endif %}
+        {% endwith %}
+        {% for report in reports %}
+            <div class="card m-3">
+                <div class="card-body">
+                    "{{ report.quote.quote }}" <b>- {{ get_display_name(report.quote.speaker) }}</b>
+                    <br>
+                    <b>Reported by: {{report.reporter}}</b>
+                </div>
+                <div class="card-footer">
+                    Submitted by <a href="https://profiles.csh.rit.edu/user/{{ report.quote.submitter }}">{{ get_display_name(report.quote.submitter) }}</a> on {{ report.quote.quote_time.strftime('%Y-%m-%d %H:%M:%S') }}
+                    <form method="POST" action="/review/{{report.id}}/0" id="hide::{{report.id}}" method="POST">
+                        <button type="submit" class="btn btn-danger float-right">Hide</button>
+                    </form>
+                    <form method="POST" action="/review/{{report.id}}/1" id="keep::{{report.id}}" method="POST">
+                        <button type="submit" class="btn btn-success float-right">Keep</button>
+                    </form>
+                </div>
+            </div>
+        {% endfor %}
+    </div>
+{% endblock %}
+
+{% block scripts %}
+    <script src="{{ url_for('static', filename='js/load_more.js') }}"></script>
+    <script src="{{ url_for('static', filename='css/votes/upvote.js') }}"></script>
+    <script src="{{ url_for('static', filename='js/vote.js') }}"></script>
+{% endblock %}
diff --git a/quotefault/templates/bootstrap/base.html b/quotefault/templates/bootstrap/base.html
index 5c3d877..6e451a1 100644
--- a/quotefault/templates/bootstrap/base.html
+++ b/quotefault/templates/bootstrap/base.html
@@ -62,6 +62,20 @@
                             Storage
                         </a>
                     </li>
+                    <li class="nav-item navbar-user dropdown">
+                        <a class="nav-link" href="/hidden">
+                            <i class="fa fa-flag"></i>
+                            Hidden
+                        </a>
+                    </li>
+                    {% if metadata['is_admin'] %}
+                    <li class="nav-item navbar-user dropdown">
+                        <a class="nav-link" href="/review">
+                            <i class="fa fa-exclamation-triangle"></i>
+                            Pending Reports
+                        </a>
+                    </li>
+                    {% endif %}
                 </ul>
                 <ul class="nav navbar-nav ml-auto">
                     <li class="nav-item navbar-user dropdown">
diff --git a/quotefault/templates/bootstrap/hidden.html b/quotefault/templates/bootstrap/hidden.html
new file mode 100644
index 0000000..a09fcf6
--- /dev/null
+++ b/quotefault/templates/bootstrap/hidden.html
@@ -0,0 +1,100 @@
+{% extends "bootstrap/base.html" %}
+
+{% block styles %}
+    <link rel="stylesheet" href="/static/css/votes/upvote.css">
+{% endblock %}
+
+{% block body %}
+    <script type="text/javascript">
+        function unhide(id){
+        // Get the modal
+        var modal = document.getElementById(`unhide_${id}`);
+        modal.style.display = "block";
+    }
+    function unhideClose(id){
+        // Get the modal
+        var modal = document.getElementById(`unhide_${id}`);
+        modal.style.display = "none";
+    }
+    </script>
+    <div class="container">
+        <!-- flash relevant message when submit button is clicked -->
+        {% with messages = get_flashed_messages(with_categories=true) %}
+            {% if messages %}
+                {% for category, message in messages %}
+                    <script>
+                        switch (category) {
+                            case warning:
+                                category = warning
+                            case error:
+                                category = danger
+                            default:
+                                category = success
+                        }
+                    </script>
+                    <div class="alert alert-{{ category }}" role="alert">
+                        {{ message }}
+                    </div>
+                {% endfor %}
+            {% endif %}
+        {% endwith %}
+        
+        {% for quote in quotes %}
+            {% if loop.index0 == 0 and config['PLUG'] == True and metadata.plug != 'False' %}
+                <div class="card my-3">
+                    <div class="card-body">
+                        <div class="plug-body">
+                            <a href="https://plug.csh.rit.edu" title="Advertisements by CSH: Plug">
+                                <img style="width: 100%" src="https://plug.csh.rit.edu/data"
+                                     alt="Advertisements by CSH: Plug">
+                            </a>
+                        </div>
+                    </div>
+                </div>
+            {% endif %}
+
+            <div class="card m-3">
+
+                <div class="card-body">
+                    "{{ quote.quote }}" <b>- {{ get_display_name(quote.speaker) }}</b>
+                </div>
+                <div class="card-footer">
+                    Submitted by <a href="https://profiles.csh.rit.edu/user/{{ quote.submitter }}">{{ get_display_name(quote.submitter) }}</a> on {{ quote.quote_time.strftime('%Y-%m-%d %H:%M:%S') }}
+                    {% if metadata['is_admin'] %}
+                        <button type="button" class="btn btn-success btn-sm float-right" onclick="unhide({{quote.id}})" id="unhide_button_{{quote.id}}">Unhide</button>
+                        <div class="modal" id="unhide_{{quote.id}}">
+                            <div class="modal-dialog" role="document">
+                                <div class="modal-content">
+                                    <div class="modal-header">
+                                        <h5 class="modal-title">Unhide Quote</h5>
+                                        <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span
+                                            aria-hidden="true">&times;</span>
+                                        </button>
+                                    </div>
+                                    <div class="modal-body">
+                                        <p>Are you sure you want to unhide this quote?</p>
+                                    </div>
+                                    <div class="modal-footer">
+                                        <!-- TODO: Probably should not be using form and buttons and rather be using input. -->
+                                        <!-- <a class="btn btn-primary btn-sm" href="/report/{{quote.id}}" id="report::{{quote.id}}" type="button btn-danger">Yes</a> -->
+                                        <form method="POST" action="/unhide/{{quote.id}}" id="unhide::{{quote.id}}" method="POST">
+                                            <button type="submit" class="btn btn-success">Yes</button>
+                                        </form>
+                                        <button type="button" class="btn btn-danger" onclick="unhideClose({{quote.id}})" id="unhide_close_{{quote.id}}">No</button>
+                                    </div>
+                                </div>
+                            </div>
+                        </div>
+                    {% endif %}
+
+                </div>
+            </div>
+        {% endfor %}
+    </div>
+{% endblock %}
+
+{% block scripts %}
+    <script src="{{ url_for('static', filename='js/load_more.js') }}"></script>
+    <script src="{{ url_for('static', filename='css/votes/upvote.js') }}"></script>
+    <script src="{{ url_for('static', filename='js/vote.js') }}"></script>
+{% endblock %}
diff --git a/quotefault/templates/bootstrap/storage.html b/quotefault/templates/bootstrap/storage.html
index ba5f59d..3c9fe00 100644
--- a/quotefault/templates/bootstrap/storage.html
+++ b/quotefault/templates/bootstrap/storage.html
@@ -5,7 +5,50 @@
 {% endblock %}
 
 {% block body %}
+<script type="text/javascript">
+    function report(id){
+        // Get the modal
+        var modal = document.getElementById(`report_${id}`);
+        modal.style.display = "block";
+    }
+    function reportClose(id){
+        // Get the modal
+        var modal = document.getElementById(`report_${id}`);
+        modal.style.display = "none";
+    }
+    function hide(id){
+        // Get the modal
+        var modal = document.getElementById(`hide_${id}`);
+        modal.style.display = "block";
+    }
+    function hideClose(id){
+        // Get the modal
+        var modal = document.getElementById(`hide_${id}`);
+        modal.style.display = "none";
+    }
+</script>
     <div class="container">
+        <!-- flash relevant message when submit button is clicked -->
+        {% with messages = get_flashed_messages(with_categories=true) %}
+            {% if messages %}
+                {% for category, message in messages %}
+                    <script>
+                        switch (category) {
+                            case warning:
+                                category = warning
+                            case error:
+                                category = danger
+                            default:
+                                category = success
+                        }
+                    </script>
+                    <div class="alert alert-{{ category }}" role="alert">
+                        {{ message }}
+                    </div>
+                {% endfor %}
+            {% endif %}
+        {% endwith %}
+        
         {% for quote, votes in quotes %}
             {% if loop.index0 == 0 and config['PLUG'] == True and metadata.plug != 'False' %}
                 <div class="card my-3">
@@ -41,6 +84,59 @@
                 </div>
                 <div class="card-footer">
                     Submitted by <a href="https://profiles.csh.rit.edu/user/{{ quote.submitter }}">{{ get_display_name(quote.submitter) }}</a> on {{ quote.quote_time.strftime('%Y-%m-%d %H:%M:%S') }}
+                    
+                    <button type="button" class="btn btn-danger btn-sm float-right" onclick="report({{quote.id}})" id="report_button_{{quote.id}}">Report</button>
+                    <div class="modal" id="report_{{quote.id}}">
+                        <div class="modal-dialog" role="document">
+                            <div class="modal-content">
+                                <div class="modal-header">
+                                    <h5 class="modal-title">Report Quote</h5>
+                                    <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span
+                                        aria-hidden="true">&times;</span>
+                                    </button>
+                                </div>
+                                <div class="modal-body">
+                                    <p>Are you sure you want to report this quote?</p>
+                                </div>
+                                <div class="modal-footer">
+                                    <!-- TODO: Probably should not be using form and buttons and rather be using input. -->
+                                    <!-- <a class="btn btn-primary btn-sm" href="/report/{{quote.id}}" id="report::{{quote.id}}" type="button btn-danger">Yes</a> -->
+                                    <form method="POST" action="/report/{{quote.id}}" id="report::{{quote.id}}" method="POST">
+                                        <button type="submit" class="btn btn-danger">Yes</button>
+                                    </form>
+                                    <button type="button" class="btn btn-success" onclck="reportClose({{quote.id}})" id="report_close_{{quote.id}}">No
+                                    </button>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                    {% if metadata['uid'] == quote.submitter or metadata['uid'] == quote.speaker or metadata['is_admin'] %}
+                        <button type="button" class="btn btn-warning btn-sm float-right" onclick="hide({{quote.id}})" id="hide_button_{{quote.id}}">Hide</button>
+                        <div class="modal" id="hide_{{quote.id}}">
+                            <div class="modal-dialog" role="document">
+                                <div class="modal-content">
+                                    <div class="modal-header">
+                                        <h5 class="modal-title">Hide Quote</h5>
+                                        <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span
+                                            aria-hidden="true">&times;</span>
+                                        </button>
+                                    </div>
+                                    <div class="modal-body">
+                                        <p>Are you sure you want to hide this quote?</p>
+                                    </div>
+                                    <div class="modal-footer">
+                                        <!-- TODO: Probably should not be using form and buttons and rather be using input. -->
+                                        <!-- <a class="btn btn-primary btn-sm" href="/report/{{quote.id}}" id="report::{{quote.id}}" type="button btn-danger">Yes</a> -->
+                                        <form method="POST" action="/hide/{{quote.id}}" id="hide::{{quote.id}}" method="POST">
+                                            <button type="submit" class="btn btn-danger">Yes</button>
+                                        </form>
+                                        <button type="button" class="btn btn-success" onclick="hideClose({{quote.id}})" id="hide_close_{{quote.id}}">No</button>
+                                    </div>
+                                </div>
+                            </div>
+                        </div>
+                    {% endif %}
+
                 </div>
             </div>
         {% endfor %}
@@ -55,4 +151,4 @@
     <script src="{{ url_for('static', filename='js/load_more.js') }}"></script>
     <script src="{{ url_for('static', filename='css/votes/upvote.js') }}"></script>
     <script src="{{ url_for('static', filename='js/vote.js') }}"></script>
-{% endblock %}
+{% endblock %}
\ No newline at end of file
diff --git a/quotefault/templates/extend/base.html b/quotefault/templates/extend/base.html
new file mode 100644
index 0000000..b2410b6
--- /dev/null
+++ b/quotefault/templates/extend/base.html
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html lang="en">
+
+{% block head %}
+    {% include "include/head.html" %}
+{% endblock %}
+
+<body>
+
+{% block nav %}
+    {% include "include/nav.html" %}
+{% endblock %}
+
+{% block body %}
+{% endblock %}
+
+{% block footer %}
+    {% include "include/footer.html" %}
+{% endblock %}
+
+{% block includes %}
+{% endblock %}
+
+{% block scripts %}
+    {% include "include/scripts.html" %}
+{% endblock %}
+
+</body>
+</html>
\ No newline at end of file
diff --git a/quotefault/templates/extend/email.html b/quotefault/templates/extend/email.html
new file mode 100644
index 0000000..84b718b
--- /dev/null
+++ b/quotefault/templates/extend/email.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html lang="en">
+
+{% block head %}
+    <head>
+        <title>CSH Quotefault</title>
+        <link rel="stylesheet" 
+              href="https://themeswitcher.csh.rit.edu/api/get" 
+              media="screen">
+    </head>
+{% endblock %}
+
+<body>
+{% block body %}
+{% endblock %}
+</body>
+</html>
\ No newline at end of file
diff --git a/quotefault/templates/mail/notif.html b/quotefault/templates/mail/notif.html
new file mode 100644
index 0000000..1d3de50
--- /dev/null
+++ b/quotefault/templates/mail/notif.html
@@ -0,0 +1,9 @@
+{% extends "extend/email.html" %}
+
+{% block body %}
+    <div class="container main">
+        <h2>Hello CSH Member,</h2>
+        <h3>Somebody quoted you in Quotefault!</h3>
+        <h3>Check <a href="https://quotefault.csh.rit.edu/storage">Quotefault</a> to see what you were caught saying!</h3>
+    </div>
+{% endblock %}
\ No newline at end of file
diff --git a/quotefault/templates/mail/notif.txt b/quotefault/templates/mail/notif.txt
new file mode 100644
index 0000000..9dbc7af
--- /dev/null
+++ b/quotefault/templates/mail/notif.txt
@@ -0,0 +1,4 @@
+Hello CSH Member,
+
+    Somebody quoted you in Quotefault!
+    Check https://quotefault.csh.rit.edu/storage to see what you were caught saying!
\ No newline at end of file
diff --git a/quotefault/templates/mail/report.html b/quotefault/templates/mail/report.html
new file mode 100644
index 0000000..cfe2a89
--- /dev/null
+++ b/quotefault/templates/mail/report.html
@@ -0,0 +1,12 @@
+{% extends "extend/email.html" %}
+
+{% block body %}
+    <div class="container main">
+        <h2>Hello EBoard/RTP,</h2>
+        <h3>There is a new report on QuoteFault</h3>
+        <p>Report submitted by: {{reporter}}</p>
+        <p>Quote being reported: {{quote.quote}} -{{quote.speaker}}</p>
+        <p>Quote submitted by: {{quote.submitter}}</p>
+        <p>Please attend to this on https://quotefault.csh.rit.edu/admin</p>
+    </div>
+{% endblock %}
\ No newline at end of file
diff --git a/quotefault/templates/mail/report.txt b/quotefault/templates/mail/report.txt
new file mode 100644
index 0000000..7f0749d
--- /dev/null
+++ b/quotefault/templates/mail/report.txt
@@ -0,0 +1,6 @@
+Hello EBoard/RTP
+    There is a new report on QuoteFault
+    Report submitted by: {{reporter}}
+    Quote being reported: {{quote.quote}} -{{quote.speaker}}
+    Quote submitted by: {{quote.submitter}}
+    Please attend to this on https://quotefault.csh.rit.edu/admin
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index c938ec6..f8b6875 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,10 +2,11 @@ alembic
 click
 csh_ldap>=2.0.2
 Flask
+Flask-Mail==0.9.1
 Flask-Migrate
 Flask-pyoidc==1.3.0
 Flask-Script
-Flask-SQLAlchemy
+Flask-SQLAlchemy>=2.5.0
 gunicorn
 itsdangerous
 Jinja2

From eb39dd4aea1b50cdce9414c7700a6c3d8de7db92 Mon Sep 17 00:00:00 2001
From: Joseph Abbate <josephabbateny@gmail.com>
Date: Mon, 8 Nov 2021 17:52:41 -0500
Subject: [PATCH 05/16] Pylint Fixes

Pylint Caused Things to break

Left a debug
---
 quotefault/__init__.py | 175 ++++++++++++++++++++++++++++-------------
 quotefault/ldap.py     |  28 +++++--
 quotefault/mail.py     |  35 ++++++---
 quotefault/models.py   |  23 ++++--
 4 files changed, 183 insertions(+), 78 deletions(-)

diff --git a/quotefault/__init__.py b/quotefault/__init__.py
index a303d13..b230137 100644
--- a/quotefault/__init__.py
+++ b/quotefault/__init__.py
@@ -1,14 +1,15 @@
-# import all relevant packages
+"""
+File name: __init__.py
+Author: Nicholas Mercadante
+Contributors: Devin Matte, Max Meinhold, Joe Abbate
+"""
 import os
 import subprocess
 from datetime import datetime
 
-
-
 import requests
 from csh_ldap import CSHLDAP
 from flask import Flask, render_template, request, flash, session, make_response
-from flask_mail import Mail, Message
 from flask_migrate import Migrate
 from flask_pyoidc.flask_pyoidc import OIDCAuthentication
 from flask_sqlalchemy import SQLAlchemy
@@ -28,7 +29,6 @@
 #var representing the quote database the app is connected to
 db = SQLAlchemy(app)
 migrate = Migrate(app, db)
-mail_client = Mail(app)
 app.logger.info('SQLAlchemy pointed at ' + repr(db.engine.url))
 
 # pylint: disable=wrong-import-position
@@ -43,18 +43,21 @@
                           issuer=app.config['OIDC_ISSUER'],
                           client_registration_info=app.config['OIDC_CLIENT_CONFIG'])
 
-# Create CSHLDAP connection
-_ldap = CSHLDAP(app.config["LDAP_BIND_DN"],
-                app.config["LDAP_BIND_PW"])
 app.secret_key = 'submission'  # allows message flashing, var not actually used
 
 from .ldap import get_all_members, is_member_of_group
 from .mail import send_quote_notification_email, send_report_email
 
 def get_metadata():
+    """
+    Provide metadata to page
+    UUID, UID, Git Version, Plug, and admin permissions obtained
+    """
     uuid = str(session["userinfo"].get("sub", ""))
     uid = str(session["userinfo"].get("preferred_username", ""))
-    version = subprocess.check_output(['git', 'rev-parse', '--short', 'HEAD']).decode('utf-8').rstrip()
+    version = subprocess.check_output(
+            ['git', 'rev-parse', '--short', 'HEAD']
+        ).decode('utf-8').rstrip()
     plug = request.cookies.get('plug')
     metadata = {
         "uuid": uuid,
@@ -65,10 +68,14 @@ def get_metadata():
     }
     return metadata
 
-# run the main page by creating the table(s) in the CSH serverspace and rendering the mainpage template
+# run the main page by creating the table(s)
+# in the CSH serverspace and rendering the mainpage template
 @app.route('/', methods=['GET'])
 @auth.oidc_auth
 def main():
+    """
+    Root Website, presents submission page
+    """
     metadata = get_metadata()
     all_members = get_all_members()
     return render_template('bootstrap/main.html', metadata=metadata, all_members=all_members)
@@ -77,6 +84,9 @@ def main():
 @app.route('/settings', methods=['GET'])
 @auth.oidc_auth
 def settings():
+    """
+    Presents settings page
+    """
     metadata = get_metadata()
     return render_template('bootstrap/settings.html', metadata=metadata)
 
@@ -84,6 +94,9 @@ def settings():
 @app.route('/vote', methods=['POST'])
 @auth.oidc_auth
 def make_vote():
+    """
+    Called by JS to add vote to DB
+    """
     # submitter will grab UN from OIDC when linked to it
     submitter = session['userinfo'].get('preferred_username', '')
 
@@ -96,18 +109,20 @@ def make_vote():
         db.session.add(vote)
         db.session.commit()
         return '200'
-    elif existing_vote.direction != direction:
+    if existing_vote.direction != direction:
         existing_vote.direction = direction
         existing_vote.updated_time = datetime.now()
         db.session.commit()
         return '200'
-    else:
-        return '201'
+    return '201'
 
 
 @app.route('/settings', methods=['POST'])
 @auth.oidc_auth
 def update_settings():
+    """
+    Update settings from settings page
+    """
     metadata = get_metadata()
     resp = make_response(render_template('bootstrap/settings.html', metadata=metadata))
     if request.form['plug'] == "off":
@@ -121,6 +136,9 @@ def update_settings():
 @app.route('/submit', methods=['POST'])
 @auth.oidc_auth
 def submit():
+    """
+    Submit quote from main page, add to DB
+    """
     #submitter will grab UN from OIDC when linked to it
     submitter = session['userinfo'].get('preferred_username', '')
 
@@ -133,16 +151,24 @@ def submit():
 
     speaker = request.form['nameString']
     # check for quote duplicate
-    quoteCheck = Quote.query.filter(Quote.quote == quote).first()
+    quote_check = Quote.query.filter(Quote.quote == quote).first()
 
     # checks for empty quote or submitter
     if quote == '' or speaker == '':
         flash('Empty quote or speaker field, try again!', 'error')
-        return render_template('bootstrap/main.html', metadata=metadata, all_members=all_members), 200
-    elif submitter == speaker:
+        return render_template(
+            'bootstrap/main.html',
+            metadata=metadata,
+            all_members=all_members
+        ), 200
+    if submitter == speaker:
         flash('You can\'t quote yourself! Come on', 'error')
-        return render_template('bootstrap/main.html', metadata=metadata, all_members=all_members), 200
-    elif quoteCheck is None:  # no duplicate quotes, proceed with submission
+        return render_template(
+            'bootstrap/main.html',
+            metadata=metadata,
+            all_members=all_members
+        ), 200
+    if quote_check is None:  # no duplicate quotes, proceed with submission
         # create a row for the Quote table
         new_quote = Quote(submitter=submitter, quote=quote, speaker=speaker)
         db.session.add(new_quote)
@@ -151,49 +177,56 @@ def submit():
         db.session.commit()
         # Send email to person quoted
         if app.config['MAIL_SERVER'] != '':
-            send_quote_notification_email(app, mail_client, speaker)
+            send_quote_notification_email(speaker)
         # create a message to flash for successful submission
         flash('Submission Successful!')
         # return something to complete submission
-        return render_template('bootstrap/main.html', metadata=metadata, all_members=all_members), 200
-    else:  # duplicate quote found, bounce the user back to square one
-        flash('Quote already submitted!', 'warning')
-        return render_template('bootstrap/main.html', metadata=metadata, all_members=all_members), 200
+        return render_template(
+            'bootstrap/main.html',
+            metadata=metadata,
+            all_members=all_members
+        ), 200
+    # duplicate quote found, bounce the user back to square one
+    flash('Quote already submitted!', 'warning')
+    return render_template(
+        'bootstrap/main.html',
+        metadata=metadata,
+        all_members=all_members
+    ), 200
 
 
 def get_quote_query(speaker: str = "", submitter: str = "", include_hidden: bool = False):
     """Return a query based on the args, with vote count attached to the quotes"""
-
     # Get all the quotes with their votes
-    quote_query = db.session.query(Quote, func.sum(Vote.direction).label('votes')).outerjoin(Vote).group_by(Quote)
-
+    quote_query = db.session.query(Quote, 
+        func.sum(Vote.direction).label('votes')).outerjoin(Vote).group_by(Quote)
     # Put the most recent first
     quote_query = quote_query.order_by(Quote.quote_time.desc())
-
     # Filter hidden quotes
     if not include_hidden:
         quote_query = quote_query.filter(Quote.hidden == False)
-
     # Filter by speaker and submitter, if applicable
     if request.args.get('speaker'):
         quote_query = quote_query.filter(Quote.speaker == request.args.get('speaker'))
     if request.args.get('submitter'):
         quote_query = quote_query.filter(Quote.submitter == request.args.get('submitter'))
-
     return quote_query
 
 # display first 20 stored quotes
 @app.route('/storage', methods=['GET'])
 @auth.oidc_auth
 def get():
+    """
+    Show submitted quotes, only showing first 20 initially
+    """
     metadata = get_metadata()
 
     # Get the most recent 20 quotes
-    quotes = get_quote_query(speaker = request.args.get('speaker'), submitter = request.args.get('submitter')).limit(20).all()
-    
-    #tie any votes the user has made to their uid
-    user_votes = db.session.query(Vote).filter(Vote.voter == metadata['uid']).all()
+    quotes = get_quote_query(speaker = request.args.get('speaker'),
+        submitter = request.args.get('submitter')).limit(20).all()
 
+    #tie any votes the user has made to their uid
+    user_votes = Vote.query.filter(Vote.voter == metadata['uid']).all()
     return render_template(
         'bootstrap/storage.html',
         quotes=quotes,
@@ -206,11 +239,15 @@ def get():
 @app.route('/additional', methods=['GET'])
 @auth.oidc_auth
 def additional_quotes():
+    """
+    Show beyond the first 20 quotes
+    """
 
     metadata = get_metadata()
 
     # Get all the quotes
-    quotes = get_quote_query(speaker = request.args.get('speaker'), submitter = request.args.get('submitter')).all()
+    quotes = get_quote_query(speaker = request.args.get('speaker'),
+        submitter = request.args.get('submitter')).all()
 
     #tie any votes the user has made to their uid
     user_votes = db.session.query(Vote).filter(Vote.voter == metadata['uid']).all()
@@ -222,19 +259,23 @@ def additional_quotes():
         user_votes=user_votes
     )
 
-@app.route('/report/<id>', methods=['POST'])
+@app.route('/report/<report_id>', methods=['POST'])
 @auth.oidc_auth
-def report(id):
+def submit_report(report_id):
+    """
+    Report a quote and notify EBoard/RTP
+    """
     metadata = get_metadata()
-    existing_report = Report.query.filter(Report.reporter==metadata['uid'], Report.quote_id==id).first()
+    existing_report = Report.query.filter(Report.reporter==metadata['uid'],
+        Report.quote_id==report_id).first()
     if existing_report:
         flash("You already submitted a report for this Quote!")
         return redirect('/storage')
-    new_report = Report(id, metadata['uid'], None)
+    new_report = Report(report_id, metadata['uid'], None)
     db.session.add(new_report)
     db.session.commit()
     if app.config['MAIL_SERVER'] != '':
-        send_report_email( app, mail_client, metadata['uid'], Quote.query.get(id) )
+        send_report_email( metadata['uid'], Quote.query.get(report_id) )
 
     flash("Report Successful!")
     return redirect('/storage')
@@ -242,10 +283,14 @@ def report(id):
 @app.route('/review', methods=['GET'])
 @auth.oidc_auth
 def review():
+    """
+    Presents page for admins to review reports
+    and either hide or keep quote
+    """
     metadata = get_metadata()
     if metadata['is_admin']:
         # Get the most recent 20 quotes
-        reports = Report.query.filter(Report.reviewed==False).all()
+        reports = Report.query.filter(Report.reviewed == False).all()
 
         return render_template(
             'bootstrap/admin.html',
@@ -254,20 +299,23 @@ def review():
         )
     return redirect('/')
 
-@app.route('/review/<id>/<result>', methods=['POST'])
+@app.route('/review/<report_id>/<result>', methods=['POST'])
 @auth.oidc_auth
-def review_submit(id, result):
+def review_submit(report_id, result):
+    """
+    Called when Admin decides on a quote being hidden or kept
+    """
     metadata = get_metadata()
     result = int(result)
     if metadata['is_admin']:
         # 1 = Keep, 0 = Hide
         if result:
-            report = Report.query.get(id)
+            report = Report.query.get(report_id)
             report.reviewed = True
             db.session.commit()
             flash("Report Completed: Quote Kept")
         else:
-            report = Report.query.get(id)
+            report = Report.query.get(report_id)
             report.quote.hidden = True
             report.reviewed = True
             db.session.commit()
@@ -275,21 +323,31 @@ def review_submit(id, result):
         return redirect('/review')
     return redirect('/')
 
-@app.route('/hide/<id>', methods=['POST'])
+@app.route('/hide/<report_id>', methods=['POST'])
 @auth.oidc_auth
-def hide(id):
-    quote = Quote.query.get(id)
-    quote.hidden = True
-    db.session.commit()
-    flash("Quote Hidden!")
+def hide(report_id):
+    """
+    Hides a quote
+    """
+    metadata = get_metadata()
+    quote = Quote.query.get(report_id)
+    if ( metadata['uid'] == quote.speaker
+        or metadata['uid'] == quote.submitter
+        or metadata['is_admin'] ):
+        quote.hidden = True
+        db.session.commit()
+        flash("Quote Hidden!")
     return redirect('/storage')
 
-@app.route('/unhide/<id>', methods=['POST'])
+@app.route('/unhide/<report_id>', methods=['POST'])
 @auth.oidc_auth
-def unhide(id):
+def unhide(report_id):
+    """
+    Gives admins power to unhide a hidden quote
+    """
     metadata = get_metadata()
     if metadata['is_admin']:
-        quote = Quote.query.get(id)
+        quote = Quote.query.get(report_id)
         quote.hidden = False
         db.session.commit()
         flash("Quote Unhidden!")
@@ -299,13 +357,20 @@ def unhide(id):
 @app.route('/hidden', methods=['GET'])
 @auth.oidc_auth
 def hidden():
+    """
+    Presents hidden quotes to qualified users
+    Users who submitted a hidden quote or were quoted in a hidden quote will see those only
+    Admins see all hidden quotes
+    """
     metadata = get_metadata()
     if metadata['is_admin']:
         quotes = Quote.query.filter( Quote.hidden ).all()
     else:
-        quotes = Quote.query.filter( (Quote.speaker == metadata['uid']) | (Quote.submitter == metadata['uid'] ) ).filter( Quote.hidden ).all()
+        quotes = Quote.query.filter(
+            (Quote.speaker == metadata['uid']) | (Quote.submitter == metadata['uid'] )
+        ).filter( Quote.hidden ).all()
     return render_template(
         'bootstrap/hidden.html',
         quotes=quotes,
         metadata=metadata
-    )
\ No newline at end of file
+    )
diff --git a/quotefault/ldap.py b/quotefault/ldap.py
index 54b1bc6..0342708 100644
--- a/quotefault/ldap.py
+++ b/quotefault/ldap.py
@@ -1,24 +1,37 @@
+"""
+File name: mail.py
+Author: Nicholas Mercadante
+"""
 from functools import lru_cache
-from quotefault import _ldap, app
-from typing import Dict, List
-import ldap as pyldap  # type: ignore
-from typing import Optional, List, Dict
-from csh_ldap import CSHLDAP, CSHMember
+from csh_ldap import CSHLDAP
+from quotefault import app
 
+# Create CSHLDAP connection
+_ldap = CSHLDAP(app.config["LDAP_BIND_DN"],
+                app.config["LDAP_BIND_PW"])
 
 @lru_cache(maxsize=8192)
 def get_all_members():
+    """
+    Get all CSH Members
+    """
     return [{"uid": member.get("uid")[0], "cn": member.get("cn")[0]} for member in
             _ldap.get_group('member').get_members()]
 
 
 @lru_cache(maxsize=8192)
 def ldap_get_member(username):
+    """
+    Receive specific member's information based on UID
+    """
     return _ldap.get_member(username, uid=True)
 
 
 @app.context_processor
 def utility_processor():
+    """
+    Get a members actual name based on uid
+    """
     def get_display_name(username):
         try:
             member = ldap_get_member(username)
@@ -28,9 +41,12 @@ def get_display_name(username):
     return dict(get_display_name=get_display_name)
 
 def is_member_of_group(uid: str, group: str) -> bool:
+    """
+    Determine if user is member of OIDC group
+    """
     member = ldap_get_member(uid)
     group_list = member.get("memberOf")
     for group_dn in group_list:
         if group == group_dn.split(",")[0][3:]:
             return True
-    return False
\ No newline at end of file
+    return False
diff --git a/quotefault/mail.py b/quotefault/mail.py
index 74e73f6..4cece12 100644
--- a/quotefault/mail.py
+++ b/quotefault/mail.py
@@ -1,11 +1,21 @@
-from flask_mail import Message
-from flask import render_template
-import smtplib
-import os
+"""
+File name: mail.py
+Author: Nicholas Mercadante
+Contributors: Joe Abbate
+"""
 from email.mime.text import MIMEText
 from email.mime.multipart import MIMEMultipart
+import smtplib
+from flask import render_template
+from flask_mail import Mail, Message
+from quotefault import app
+
+mail_client = Mail(app)
 
-def send_report_email(app, mail_client, reporter, quote):
+def send_report_email(reporter, quote):
+    """
+    Send email to eboard/rtp for a new report
+    """
     recipients = ["<eboard@csh.rit.edu>","<rtp@csh.rit.edu>"]
     msg = Message(subject='New QuoteFault Report',
                 sender=app.config.get('MAIL_USERNAME'),
@@ -15,13 +25,15 @@ def send_report_email(app, mail_client, reporter, quote):
     msg.html = render_template(template + '.html', reporter = reporter, quote = quote )
     mail_client.send(msg)
 
-def send_email(app, toaddr, subject, body):
+def send_email(toaddr, subject, body):
+    """
+    Helper function for quote notification email
+    """
     fromaddr = app.config['MAIL_USERNAME']
     msg = MIMEMultipart()
     msg['From'] = fromaddr
     msg['To'] = toaddr
     msg['Subject'] = subject
-    body = body
     msg.attach(MIMEText(body, 'plain'))
     server = smtplib.SMTP(app.config['MAIL_SERVER'], 25)
     server.starttls()
@@ -30,9 +42,12 @@ def send_email(app, toaddr, subject, body):
     server.sendmail(fromaddr, toaddr, text)
     server.quit()
 
-def send_quote_notification_email(app, user):
-    toaddr = "{}@csh.rit.edu".format(user)
+def send_quote_notification_email(user):
+    """
+    Send user email when they are quoted
+    """
+    toaddr = f"{user}@csh.rit.edu"
     subject = "You've been quoted"
     body = "Somebody quoted you in Quotefault!\n\n"
     body += "Check Quotefault to see what you were caught saying!"
-    send_email(app, toaddr, subject, body)
\ No newline at end of file
+    send_email(toaddr, subject, body)
diff --git a/quotefault/models.py b/quotefault/models.py
index dd3ab8e..92fc0e7 100644
--- a/quotefault/models.py
+++ b/quotefault/models.py
@@ -1,17 +1,17 @@
 """
 Defines the application's database models
 """
-
-from sqlalchemy import UniqueConstraint
-from sqlalchemy.sql.expression import nullslast
-
-from quotefault import db
+import binascii
 from datetime import datetime
 import os
-import binascii
+from sqlalchemy import UniqueConstraint
+from quotefault import db
 
 # create the quote table with all relevant columns
 class Quote(db.Model):
+    """
+    Quote table in SQL
+    """
     __tablename__ = 'quote'
     id = db.Column(db.Integer, primary_key=True, nullable=False)
     submitter = db.Column(db.String(80), nullable=False)
@@ -32,6 +32,9 @@ def __init__(self, submitter, quote, speaker):
 
 
 class Vote(db.Model):
+    """
+    Vote table in SQL
+    """
     __tablename__ = 'vote'
     id = db.Column(db.Integer, primary_key=True, nullable=False)
     quote_id = db.Column(db.ForeignKey("quote.id"))
@@ -51,6 +54,9 @@ def __init__(self, quote_id, voter, direction):
 
 
 class APIKey(db.Model):
+    """
+    APIKey table in SQL
+    """
     __tablename__ = 'api_key'
     id = db.Column(db.Integer, primary_key=True)
     hash = db.Column(db.String(64), unique=True)
@@ -64,6 +70,9 @@ def __init__(self, owner, reason):
         self.reason = reason
 
 class Report(db.Model):
+    """
+    Report table in SQL
+    """
     __tablename__ = 'report'
     id = db.Column(db.Integer, primary_key=True)
     quote_id = db.Column(db.Integer, db.ForeignKey('quote.id'), nullable=False)
@@ -77,4 +86,4 @@ def __init__(self, quote_id, reporter, reason):
         self.hash = binascii.b2a_hex(os.urandom(10))
         self.quote_id = quote_id
         self.reporter = reporter
-        self.reason = reason
\ No newline at end of file
+        self.reason = reason

From e0c0dea2bb9b46b303576ea9cdb196a004d2158d Mon Sep 17 00:00:00 2001
From: Joseph Abbate <josephabbateny@gmail.com>
Date: Wed, 10 Nov 2021 09:40:55 -0500
Subject: [PATCH 06/16] Working Fix to LDAP Docstring

---
 quotefault/ldap.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/quotefault/ldap.py b/quotefault/ldap.py
index 0342708..368fc15 100644
--- a/quotefault/ldap.py
+++ b/quotefault/ldap.py
@@ -42,7 +42,7 @@ def get_display_name(username):
 
 def is_member_of_group(uid: str, group: str) -> bool:
     """
-    Determine if user is member of OIDC group
+    Determine if user is member of LDAP group
     """
     member = ldap_get_member(uid)
     group_list = member.get("memberOf")

From 85ac2a6fbd8517f3705f31168c92ce1dcd96694b Mon Sep 17 00:00:00 2001
From: jabbate19 <josephabbateny@gmail.com>
Date: Tue, 9 Nov 2021 23:50:09 -0500
Subject: [PATCH 07/16] Syntax and Model Repair to Reports

---
 migrations/alembic.ini | 50 ------------------------------------------
 1 file changed, 50 deletions(-)
 delete mode 100644 migrations/alembic.ini

diff --git a/migrations/alembic.ini b/migrations/alembic.ini
deleted file mode 100644
index ec9d45c..0000000
--- a/migrations/alembic.ini
+++ /dev/null
@@ -1,50 +0,0 @@
-# A generic, single database configuration.
-
-[alembic]
-# template used to generate migration files
-# file_template = %%(rev)s_%%(slug)s
-
-# set to 'true' to run the environment during
-# the 'revision' command, regardless of autogenerate
-# revision_environment = false
-
-
-# Logging configuration
-[loggers]
-keys = root,sqlalchemy,alembic,flask_migrate
-
-[handlers]
-keys = console
-
-[formatters]
-keys = generic
-
-[logger_root]
-level = WARN
-handlers = console
-qualname =
-
-[logger_sqlalchemy]
-level = WARN
-handlers =
-qualname = sqlalchemy.engine
-
-[logger_alembic]
-level = INFO
-handlers =
-qualname = alembic
-
-[logger_flask_migrate]
-level = INFO
-handlers =
-qualname = flask_migrate
-
-[handler_console]
-class = StreamHandler
-args = (sys.stderr,)
-level = NOTSET
-formatter = generic
-
-[formatter_generic]
-format = %(levelname)-5.5s [%(name)s] %(message)s
-datefmt = %H:%M:%S

From 4bcf0d6747f37e93ee529acf846149830e9977c2 Mon Sep 17 00:00:00 2001
From: jabbate19 <josephabbateny@gmail.com>
Date: Wed, 10 Nov 2021 00:06:47 -0500
Subject: [PATCH 08/16] Add Report Path for Form

Add Report Review Path

Fix Docstring Wording for LDAP

Documentation/Formatting Correction

Wording and Error Handling Corrections
---
 config.env.py                                 |  1 -
 config.sample.py                              |  2 +-
 migrations/README                             | 11 ++-
 alembic.ini => migrations/alembic.ini         |  0
 ...8a4c7fbcc2_report_reviewed_column_added.py |  2 +-
 ...5c78b9d1d06e_add_report_reviewed_column.py | 24 ------
 .../versions/76898f8ac346_add_reports.py      |  8 +-
 quotefault/__init__.py                        | 78 +++++++++++--------
 quotefault/ldap.py                            |  2 +-
 quotefault/templates/bootstrap/400.html       | 20 +++++
 quotefault/templates/bootstrap/403.html       | 20 +++++
 quotefault/templates/bootstrap/admin.html     |  4 +-
 quotefault/templates/bootstrap/base.html      |  1 +
 quotefault/templates/bootstrap/hidden.html    |  2 +-
 quotefault/templates/bootstrap/storage.html   |  3 +-
 quotefault/templates/extend/base.html         |  2 +-
 quotefault/templates/extend/email.html        |  2 +-
 quotefault/templates/mail/notif.html          |  9 ---
 quotefault/templates/mail/notif.txt           |  4 -
 quotefault/templates/mail/report.html         |  2 +-
 quotefault/templates/mail/report.txt          |  3 +-
 requirements.txt                              |  2 +-
 22 files changed, 113 insertions(+), 89 deletions(-)
 rename alembic.ini => migrations/alembic.ini (100%)
 delete mode 100644 migrations/versions/5c78b9d1d06e_add_report_reviewed_column.py
 create mode 100644 quotefault/templates/bootstrap/400.html
 create mode 100644 quotefault/templates/bootstrap/403.html
 delete mode 100644 quotefault/templates/mail/notif.html
 delete mode 100644 quotefault/templates/mail/notif.txt

diff --git a/config.env.py b/config.env.py
index 60c0ee0..04249fd 100644
--- a/config.env.py
+++ b/config.env.py
@@ -28,4 +28,3 @@
 MAIL_SERVER = os.environ.get("MAIL_SERVER", default=None)
 MAIL_PORT = os.environ.get("MAIL_PORT", default=465)
 MAIL_USE_SSL = True
-
diff --git a/config.sample.py b/config.sample.py
index b8fa092..6c3050c 100644
--- a/config.sample.py
+++ b/config.sample.py
@@ -24,4 +24,4 @@
 MAIL_PASSWORD = ''
 MAIL_SERVER = ''
 MAIL_PORT = 465
-MAIL_USE_SSL = True
\ No newline at end of file
+MAIL_USE_SSL = True
diff --git a/migrations/README b/migrations/README
index 98e4f9c..9311c0d 100644
--- a/migrations/README
+++ b/migrations/README
@@ -1 +1,10 @@
-Generic single-database configuration.
\ No newline at end of file
+Generic single-database configuration.
+
+Q: What is Alembic/Migrations?
+A: Migrations give a versioned history of changes to the SQL Schema for this project. A "revision" defines changes to a table (add/drop tables or columns). This allows you to go back in time if needed, and quickly re-create the whole schema for a local development
+
+Q: How do I update my local database to use the migrations?
+A: (1) Add your URI to config.py, depending on how you are doing it. (2) Run "flask db upgrade"
+
+Q: I made changes to the models.py file and need a new revision. How do I do that?
+A: flask db revision -m "Whatever you want to name it"
\ No newline at end of file
diff --git a/alembic.ini b/migrations/alembic.ini
similarity index 100%
rename from alembic.ini
rename to migrations/alembic.ini
diff --git a/migrations/versions/3b8a4c7fbcc2_report_reviewed_column_added.py b/migrations/versions/3b8a4c7fbcc2_report_reviewed_column_added.py
index 7a65e72..b44b510 100644
--- a/migrations/versions/3b8a4c7fbcc2_report_reviewed_column_added.py
+++ b/migrations/versions/3b8a4c7fbcc2_report_reviewed_column_added.py
@@ -17,7 +17,7 @@
 
 
 def upgrade():
-    op.add_column('report', sa.Column('reviewed', sa.Boolean(), nullable=False))
+    op.add_column('report', sa.Column('reviewed', sa.Boolean(), nullable=False, default=False))
 
 
 def downgrade():
diff --git a/migrations/versions/5c78b9d1d06e_add_report_reviewed_column.py b/migrations/versions/5c78b9d1d06e_add_report_reviewed_column.py
deleted file mode 100644
index da7c282..0000000
--- a/migrations/versions/5c78b9d1d06e_add_report_reviewed_column.py
+++ /dev/null
@@ -1,24 +0,0 @@
-"""Add Report Reviewed Column
-
-Revision ID: 5c78b9d1d06e
-Revises: 76898f8ac346
-Create Date: 2021-11-07 22:28:49.719690
-
-"""
-from alembic import op
-import sqlalchemy as sa
-
-
-# revision identifiers, used by Alembic.
-revision = '5c78b9d1d06e'
-down_revision = '76898f8ac346'
-branch_labels = None
-depends_on = None
-
-
-def upgrade():
-    pass
-
-
-def downgrade():
-    pass
diff --git a/migrations/versions/76898f8ac346_add_reports.py b/migrations/versions/76898f8ac346_add_reports.py
index 8257fd2..a5c6a12 100644
--- a/migrations/versions/76898f8ac346_add_reports.py
+++ b/migrations/versions/76898f8ac346_add_reports.py
@@ -18,14 +18,14 @@
 
 def upgrade():
     op.create_table('report',
-    sa.Column('id', sa.Integer(), nullable=False),
-    sa.Column('quote_id', sa.Integer(), nullable=True),
+    sa.Column('id', sa.Integer(), nullable=False, autoincrement=True),
+    sa.Column('quote_id', sa.Integer(), nullable=False),
     sa.Column('reporter', sa.Text(), nullable=False),
-    sa.Column('reason', sa.Text(), nullable=False),
+    sa.Column('reason', sa.Text(), nullable=True),
     sa.ForeignKeyConstraint(['quote_id'], ['quote.id'], ),
     sa.PrimaryKeyConstraint('id')
     )
-    op.add_column('quote', sa.Column('hidden', sa.Boolean(), nullable=True))
+    op.add_column('quote', sa.Column('hidden', sa.Boolean(), nullable=False, default=False))
 
 
 def downgrade():
diff --git a/quotefault/__init__.py b/quotefault/__init__.py
index b230137..f6d170d 100644
--- a/quotefault/__init__.py
+++ b/quotefault/__init__.py
@@ -8,17 +8,13 @@
 from datetime import datetime
 
 import requests
-from csh_ldap import CSHLDAP
-from flask import Flask, render_template, request, flash, session, make_response
+from flask import Flask, render_template, request, flash, session, make_response, abort
 from flask_migrate import Migrate
 from flask_pyoidc.flask_pyoidc import OIDCAuthentication
 from flask_sqlalchemy import SQLAlchemy
 from sqlalchemy import func
-from sqlalchemy.orm.query import Query
 from werkzeug.utils import redirect
 
-from config import LDAP_BIND_DN
-
 app = Flask(__name__)
 # look for a config file to associate with a db/port/ip/servername
 if os.path.exists(os.path.join(os.getcwd(), "config.py")):
@@ -68,7 +64,6 @@ def get_metadata():
     }
     return metadata
 
-# run the main page by creating the table(s)
 # in the CSH serverspace and rendering the mainpage template
 @app.route('/', methods=['GET'])
 @auth.oidc_auth
@@ -259,24 +254,23 @@ def additional_quotes():
         user_votes=user_votes
     )
 
-@app.route('/report/<report_id>', methods=['POST'])
+@app.route('/report/<quote_id>', methods=['POST'])
 @auth.oidc_auth
-def submit_report(report_id):
+def submit_report(quote_id):
     """
     Report a quote and notify EBoard/RTP
     """
     metadata = get_metadata()
     existing_report = Report.query.filter(Report.reporter==metadata['uid'],
-        Report.quote_id==report_id).first()
+        Report.quote_id==quote_id).first()
     if existing_report:
         flash("You already submitted a report for this Quote!")
         return redirect('/storage')
-    new_report = Report(report_id, metadata['uid'], None)
+    new_report = Report(quote_id, metadata['uid'], None)
     db.session.add(new_report)
     db.session.commit()
     if app.config['MAIL_SERVER'] != '':
-        send_report_email( metadata['uid'], Quote.query.get(report_id) )
-
+        send_report_email( metadata['uid'], Quote.query.get(quote_id) )
     flash("Report Successful!")
     return redirect('/storage')
 
@@ -288,7 +282,7 @@ def review():
     and either hide or keep quote
     """
     metadata = get_metadata()
-    if metadata['is_admin']:
+    if metadata['is_admin']:  
         # Get the most recent 20 quotes
         reports = Report.query.filter(Report.reviewed == False).all()
 
@@ -297,7 +291,7 @@ def review():
             reports=reports,
             metadata=metadata
         )
-    return redirect('/')
+    abort(403)
 
 @app.route('/review/<report_id>/<result>', methods=['POST'])
 @auth.oidc_auth
@@ -306,53 +300,60 @@ def review_submit(report_id, result):
     Called when Admin decides on a quote being hidden or kept
     """
     metadata = get_metadata()
-    result = int(result)
-    if metadata['is_admin']:
-        # 1 = Keep, 0 = Hide
-        if result:
-            report = Report.query.get(report_id)
+    report = Report.query.get(report_id)
+    if report and metadata['is_admin']:
+        if result == "keep": 
             report.reviewed = True
             db.session.commit()
             flash("Report Completed: Quote Kept")
-        else:
-            report = Report.query.get(report_id)
+        elif result == "hide":
             report.quote.hidden = True
             report.reviewed = True
             db.session.commit()
             flash("Report Completed: Quote Hidden")
+        else:
+            abort(400)
         return redirect('/review')
-    return redirect('/')
+    elif report:
+        abort(403)
+    abort(400)
+    
 
-@app.route('/hide/<report_id>', methods=['POST'])
+@app.route('/hide/<quote_id>', methods=['POST'])
 @auth.oidc_auth
-def hide(report_id):
+def hide(quote_id):
     """
     Hides a quote
     """
     metadata = get_metadata()
-    quote = Quote.query.get(report_id)
-    if ( metadata['uid'] == quote.speaker
+    quote = Quote.query.get(quote_id)
+    if quote and ( metadata['uid'] == quote.speaker
         or metadata['uid'] == quote.submitter
         or metadata['is_admin'] ):
         quote.hidden = True
         db.session.commit()
         flash("Quote Hidden!")
-    return redirect('/storage')
+        return redirect('/storage')
+    elif quote:
+        abort(403)
+    abort(400)
 
-@app.route('/unhide/<report_id>', methods=['POST'])
+@app.route('/unhide/<quote_id>', methods=['POST'])
 @auth.oidc_auth
-def unhide(report_id):
+def unhide(quote_id):
     """
     Gives admins power to unhide a hidden quote
     """
     metadata = get_metadata()
-    if metadata['is_admin']:
-        quote = Quote.query.get(report_id)
+    quote = Quote.query.get(quote_id)
+    if quote and metadata['is_admin']:
         quote.hidden = False
         db.session.commit()
         flash("Quote Unhidden!")
         return redirect('/hidden')
-    return redirect('/')
+    elif quote:
+        abort(403)
+    abort(400)
 
 @app.route('/hidden', methods=['GET'])
 @auth.oidc_auth
@@ -364,9 +365,9 @@ def hidden():
     """
     metadata = get_metadata()
     if metadata['is_admin']:
-        quotes = Quote.query.filter( Quote.hidden ).all()
+        quotes = get_quote_query(include_hidden=True).filter( Quote.hidden ).all()
     else:
-        quotes = Quote.query.filter(
+        quotes = get_quote_query(include_hidden=True).filter(
             (Quote.speaker == metadata['uid']) | (Quote.submitter == metadata['uid'] )
         ).filter( Quote.hidden ).all()
     return render_template(
@@ -374,3 +375,12 @@ def hidden():
         quotes=quotes,
         metadata=metadata
     )
+
+@app.errorhandler(403)
+def forbidden(e):
+    return render_template('bootstrap/403.html', metadata=get_metadata()), 403
+
+@app.errorhandler(400)
+def forbidden(e):
+    return render_template('bootstrap/400.html', metadata=get_metadata()), 400
+
diff --git a/quotefault/ldap.py b/quotefault/ldap.py
index 368fc15..e856e45 100644
--- a/quotefault/ldap.py
+++ b/quotefault/ldap.py
@@ -1,5 +1,5 @@
 """
-File name: mail.py
+File name: ldap.py
 Author: Nicholas Mercadante
 """
 from functools import lru_cache
diff --git a/quotefault/templates/bootstrap/400.html b/quotefault/templates/bootstrap/400.html
new file mode 100644
index 0000000..dc3337e
--- /dev/null
+++ b/quotefault/templates/bootstrap/400.html
@@ -0,0 +1,20 @@
+{% extends "bootstrap/base.html" %}
+
+{% block styles %}
+    <link rel="stylesheet" href="/static/css/votes/upvote.css">
+{% endblock %}
+
+{% block body %}
+    <div class="container">
+        <h1 class="text-center">400 - Bad Request</h1>
+        <br>
+        <br>
+        <h3 class="text-center">You input data that was invalid! If this is incorrect, please contact an RTP.</h3>
+    </div>
+{% endblock %}
+
+{% block scripts %}
+    <script src="{{ url_for('static', filename='js/load_more.js') }}"></script>
+    <script src="{{ url_for('static', filename='css/votes/upvote.js') }}"></script>
+    <script src="{{ url_for('static', filename='js/vote.js') }}"></script>
+{% endblock %}
diff --git a/quotefault/templates/bootstrap/403.html b/quotefault/templates/bootstrap/403.html
new file mode 100644
index 0000000..d1a5569
--- /dev/null
+++ b/quotefault/templates/bootstrap/403.html
@@ -0,0 +1,20 @@
+{% extends "bootstrap/base.html" %}
+
+{% block styles %}
+    <link rel="stylesheet" href="/static/css/votes/upvote.css">
+{% endblock %}
+
+{% block body %}
+    <div class="container">
+        <h1 class="text-center">403 - Forbidden</h1>
+        <br>
+        <br>
+        <h3 class="text-center">You are not an admin! If this is incorrect, please contact an RTP.</h3>
+    </div>
+{% endblock %}
+
+{% block scripts %}
+    <script src="{{ url_for('static', filename='js/load_more.js') }}"></script>
+    <script src="{{ url_for('static', filename='css/votes/upvote.js') }}"></script>
+    <script src="{{ url_for('static', filename='js/vote.js') }}"></script>
+{% endblock %}
diff --git a/quotefault/templates/bootstrap/admin.html b/quotefault/templates/bootstrap/admin.html
index 6e3d422..783b1ba 100644
--- a/quotefault/templates/bootstrap/admin.html
+++ b/quotefault/templates/bootstrap/admin.html
@@ -36,10 +36,10 @@
                 </div>
                 <div class="card-footer">
                     Submitted by <a href="https://profiles.csh.rit.edu/user/{{ report.quote.submitter }}">{{ get_display_name(report.quote.submitter) }}</a> on {{ report.quote.quote_time.strftime('%Y-%m-%d %H:%M:%S') }}
-                    <form method="POST" action="/review/{{report.id}}/0" id="hide::{{report.id}}" method="POST">
+                    <form method="POST" action="/review/{{report.id}}/hide" id="hide::{{report.id}}" method="POST">
                         <button type="submit" class="btn btn-danger float-right">Hide</button>
                     </form>
-                    <form method="POST" action="/review/{{report.id}}/1" id="keep::{{report.id}}" method="POST">
+                    <form method="POST" action="/review/{{report.id}}/keep" id="keep::{{report.id}}" method="POST">
                         <button type="submit" class="btn btn-success float-right">Keep</button>
                     </form>
                 </div>
diff --git a/quotefault/templates/bootstrap/base.html b/quotefault/templates/bootstrap/base.html
index 6e451a1..55b34b0 100644
--- a/quotefault/templates/bootstrap/base.html
+++ b/quotefault/templates/bootstrap/base.html
@@ -114,3 +114,4 @@
 </body>
 
 </html>
+
diff --git a/quotefault/templates/bootstrap/hidden.html b/quotefault/templates/bootstrap/hidden.html
index a09fcf6..4c63354 100644
--- a/quotefault/templates/bootstrap/hidden.html
+++ b/quotefault/templates/bootstrap/hidden.html
@@ -39,7 +39,7 @@
             {% endif %}
         {% endwith %}
         
-        {% for quote in quotes %}
+        {% for quote, votes in quotes %}
             {% if loop.index0 == 0 and config['PLUG'] == True and metadata.plug != 'False' %}
                 <div class="card my-3">
                     <div class="card-body">
diff --git a/quotefault/templates/bootstrap/storage.html b/quotefault/templates/bootstrap/storage.html
index 3c9fe00..01a468e 100644
--- a/quotefault/templates/bootstrap/storage.html
+++ b/quotefault/templates/bootstrap/storage.html
@@ -151,4 +151,5 @@ <h5 class="modal-title">Hide Quote</h5>
     <script src="{{ url_for('static', filename='js/load_more.js') }}"></script>
     <script src="{{ url_for('static', filename='css/votes/upvote.js') }}"></script>
     <script src="{{ url_for('static', filename='js/vote.js') }}"></script>
-{% endblock %}
\ No newline at end of file
+{% endblock %}
+
diff --git a/quotefault/templates/extend/base.html b/quotefault/templates/extend/base.html
index b2410b6..418e93d 100644
--- a/quotefault/templates/extend/base.html
+++ b/quotefault/templates/extend/base.html
@@ -26,4 +26,4 @@
 {% endblock %}
 
 </body>
-</html>
\ No newline at end of file
+</html>
diff --git a/quotefault/templates/extend/email.html b/quotefault/templates/extend/email.html
index 84b718b..4ff36e3 100644
--- a/quotefault/templates/extend/email.html
+++ b/quotefault/templates/extend/email.html
@@ -14,4 +14,4 @@
 {% block body %}
 {% endblock %}
 </body>
-</html>
\ No newline at end of file
+</html>
diff --git a/quotefault/templates/mail/notif.html b/quotefault/templates/mail/notif.html
deleted file mode 100644
index 1d3de50..0000000
--- a/quotefault/templates/mail/notif.html
+++ /dev/null
@@ -1,9 +0,0 @@
-{% extends "extend/email.html" %}
-
-{% block body %}
-    <div class="container main">
-        <h2>Hello CSH Member,</h2>
-        <h3>Somebody quoted you in Quotefault!</h3>
-        <h3>Check <a href="https://quotefault.csh.rit.edu/storage">Quotefault</a> to see what you were caught saying!</h3>
-    </div>
-{% endblock %}
\ No newline at end of file
diff --git a/quotefault/templates/mail/notif.txt b/quotefault/templates/mail/notif.txt
deleted file mode 100644
index 9dbc7af..0000000
--- a/quotefault/templates/mail/notif.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Hello CSH Member,
-
-    Somebody quoted you in Quotefault!
-    Check https://quotefault.csh.rit.edu/storage to see what you were caught saying!
\ No newline at end of file
diff --git a/quotefault/templates/mail/report.html b/quotefault/templates/mail/report.html
index cfe2a89..1c49a17 100644
--- a/quotefault/templates/mail/report.html
+++ b/quotefault/templates/mail/report.html
@@ -9,4 +9,4 @@ <h3>There is a new report on QuoteFault</h3>
         <p>Quote submitted by: {{quote.submitter}}</p>
         <p>Please attend to this on https://quotefault.csh.rit.edu/admin</p>
     </div>
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/quotefault/templates/mail/report.txt b/quotefault/templates/mail/report.txt
index 7f0749d..9be4e59 100644
--- a/quotefault/templates/mail/report.txt
+++ b/quotefault/templates/mail/report.txt
@@ -3,4 +3,5 @@ Hello EBoard/RTP
     Report submitted by: {{reporter}}
     Quote being reported: {{quote.quote}} -{{quote.speaker}}
     Quote submitted by: {{quote.submitter}}
-    Please attend to this on https://quotefault.csh.rit.edu/admin
\ No newline at end of file
+    Please attend to this on https://quotefault.csh.rit.edu/admin
+    
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index f8b6875..1ea1cec 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,7 +3,7 @@ click
 csh_ldap>=2.0.2
 Flask
 Flask-Mail==0.9.1
-Flask-Migrate
+Flask-Migrate==3.1.0
 Flask-pyoidc==1.3.0
 Flask-Script
 Flask-SQLAlchemy>=2.5.0

From fcd6e9dc8ad23dec004ef9ad50810466b5d09b88 Mon Sep 17 00:00:00 2001
From: Joseph Abbate <josephabbateny@gmail.com>
Date: Fri, 12 Nov 2021 18:53:19 -0500
Subject: [PATCH 09/16] Default Report Reason"

---
 migrations/versions/76898f8ac346_add_reports.py | 2 +-
 quotefault/__init__.py                          | 5 ++---
 quotefault/templates/bootstrap/admin.html       | 2 +-
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/migrations/versions/76898f8ac346_add_reports.py b/migrations/versions/76898f8ac346_add_reports.py
index a5c6a12..83930d8 100644
--- a/migrations/versions/76898f8ac346_add_reports.py
+++ b/migrations/versions/76898f8ac346_add_reports.py
@@ -21,7 +21,7 @@ def upgrade():
     sa.Column('id', sa.Integer(), nullable=False, autoincrement=True),
     sa.Column('quote_id', sa.Integer(), nullable=False),
     sa.Column('reporter', sa.Text(), nullable=False),
-    sa.Column('reason', sa.Text(), nullable=True),
+    sa.Column('reason', sa.Text(), nullable=False),
     sa.ForeignKeyConstraint(['quote_id'], ['quote.id'], ),
     sa.PrimaryKeyConstraint('id')
     )
diff --git a/quotefault/__init__.py b/quotefault/__init__.py
index f6d170d..c157432 100644
--- a/quotefault/__init__.py
+++ b/quotefault/__init__.py
@@ -8,12 +8,11 @@
 from datetime import datetime
 
 import requests
-from flask import Flask, render_template, request, flash, session, make_response, abort
+from flask import Flask, render_template, request, flash, session, make_response, abort, redirect
 from flask_migrate import Migrate
 from flask_pyoidc.flask_pyoidc import OIDCAuthentication
 from flask_sqlalchemy import SQLAlchemy
 from sqlalchemy import func
-from werkzeug.utils import redirect
 
 app = Flask(__name__)
 # look for a config file to associate with a db/port/ip/servername
@@ -266,7 +265,7 @@ def submit_report(quote_id):
     if existing_report:
         flash("You already submitted a report for this Quote!")
         return redirect('/storage')
-    new_report = Report(quote_id, metadata['uid'], None)
+    new_report = Report(quote_id, metadata['uid'], "Report Reason Not Given")
     db.session.add(new_report)
     db.session.commit()
     if app.config['MAIL_SERVER'] != '':
diff --git a/quotefault/templates/bootstrap/admin.html b/quotefault/templates/bootstrap/admin.html
index 783b1ba..cea8406 100644
--- a/quotefault/templates/bootstrap/admin.html
+++ b/quotefault/templates/bootstrap/admin.html
@@ -32,7 +32,7 @@
                 <div class="card-body">
                     "{{ report.quote.quote }}" <b>- {{ get_display_name(report.quote.speaker) }}</b>
                     <br>
-                    <b>Reported by: {{report.reporter}}</b>
+                    <b>Reported by: {{report.reporter}} | Reason: {{report.reason}}</b>
                 </div>
                 <div class="card-footer">
                     Submitted by <a href="https://profiles.csh.rit.edu/user/{{ report.quote.submitter }}">{{ get_display_name(report.quote.submitter) }}</a> on {{ report.quote.quote_time.strftime('%Y-%m-%d %H:%M:%S') }}

From abf86bec345b99161600fdb5b46020db75e713d6 Mon Sep 17 00:00:00 2001
From: jabbate19 <josephabbateny@gmail.com>
Date: Fri, 12 Nov 2021 19:19:07 -0500
Subject: [PATCH 10/16] Fix Nesting and Styling

---
 migrations/README                             |  2 +-
 ...8a4c7fbcc2_report_reviewed_column_added.py |  1 -
 quotefault/__init__.py                        | 76 +++++++++----------
 .../bootstrap/{400.html => 404.html}          |  4 +-
 4 files changed, 39 insertions(+), 44 deletions(-)
 rename quotefault/templates/bootstrap/{400.html => 404.html} (72%)

diff --git a/migrations/README b/migrations/README
index 9311c0d..f7e61ca 100644
--- a/migrations/README
+++ b/migrations/README
@@ -7,4 +7,4 @@ Q: How do I update my local database to use the migrations?
 A: (1) Add your URI to config.py, depending on how you are doing it. (2) Run "flask db upgrade"
 
 Q: I made changes to the models.py file and need a new revision. How do I do that?
-A: flask db revision -m "Whatever you want to name it"
\ No newline at end of file
+A: flask db revision -m "Whatever you want to name it"
diff --git a/migrations/versions/3b8a4c7fbcc2_report_reviewed_column_added.py b/migrations/versions/3b8a4c7fbcc2_report_reviewed_column_added.py
index b44b510..079a49e 100644
--- a/migrations/versions/3b8a4c7fbcc2_report_reviewed_column_added.py
+++ b/migrations/versions/3b8a4c7fbcc2_report_reviewed_column_added.py
@@ -22,4 +22,3 @@ def upgrade():
 
 def downgrade():
     op.drop_column('report', 'reviewed')
-
diff --git a/quotefault/__init__.py b/quotefault/__init__.py
index c157432..38c60bf 100644
--- a/quotefault/__init__.py
+++ b/quotefault/__init__.py
@@ -26,9 +26,6 @@
 migrate = Migrate(app, db)
 app.logger.info('SQLAlchemy pointed at ' + repr(db.engine.url))
 
-# pylint: disable=wrong-import-position
-from .models import Quote, Vote, Report
-
 # Disable SSL certificate verification warning
 requests.packages.urllib3.disable_warnings()
 
@@ -42,6 +39,7 @@
 
 from .ldap import get_all_members, is_member_of_group
 from .mail import send_quote_notification_email, send_report_email
+from .models import Quote, Vote, Report
 
 def get_metadata():
     """
@@ -59,11 +57,10 @@ def get_metadata():
         "uid": uid,
         "version": version,
         "plug": plug,
-        "is_admin" : is_member_of_group(uid,'eboard') or is_member_of_group(uid,'rtp')
+        "is_admin" : is_member_of_group(uid, 'eboard') or is_member_of_group(uid, 'rtp')
     }
     return metadata
 
-# in the CSH serverspace and rendering the mainpage template
 @app.route('/', methods=['GET'])
 @auth.oidc_auth
 def main():
@@ -281,7 +278,7 @@ def review():
     and either hide or keep quote
     """
     metadata = get_metadata()
-    if metadata['is_admin']:  
+    if metadata['is_admin']:
         # Get the most recent 20 quotes
         reports = Report.query.filter(Report.reviewed == False).all()
 
@@ -300,22 +297,22 @@ def review_submit(report_id, result):
     """
     metadata = get_metadata()
     report = Report.query.get(report_id)
-    if report and metadata['is_admin']:
-        if result == "keep": 
-            report.reviewed = True
-            db.session.commit()
-            flash("Report Completed: Quote Kept")
-        elif result == "hide":
-            report.quote.hidden = True
-            report.reviewed = True
-            db.session.commit()
-            flash("Report Completed: Quote Hidden")
-        else:
-            abort(400)
-        return redirect('/review')
-    elif report:
+    if not metadata['is_admin']:
         abort(403)
-    abort(400)
+    if not report:
+        abort(404)
+    if result == "keep": 
+        report.reviewed = True
+        db.session.commit()
+        flash("Report Completed: Quote Kept")
+    elif result == "hide":
+        report.quote.hidden = True
+        report.reviewed = True
+        db.session.commit()
+        flash("Report Completed: Quote Hidden")
+    else:
+        abort(404)
+    return redirect('/review')
     
 
 @app.route('/hide/<quote_id>', methods=['POST'])
@@ -326,16 +323,15 @@ def hide(quote_id):
     """
     metadata = get_metadata()
     quote = Quote.query.get(quote_id)
-    if quote and ( metadata['uid'] == quote.speaker
-        or metadata['uid'] == quote.submitter
-        or metadata['is_admin'] ):
-        quote.hidden = True
-        db.session.commit()
-        flash("Quote Hidden!")
-        return redirect('/storage')
-    elif quote:
+    if not metadata['is_admin']:
         abort(403)
-    abort(400)
+    if not quote:
+        abort(404)
+    quote.hidden = True
+    db.session.commit()
+    flash("Quote Hidden!")
+    return redirect('/storage')
+
 
 @app.route('/unhide/<quote_id>', methods=['POST'])
 @auth.oidc_auth
@@ -345,14 +341,15 @@ def unhide(quote_id):
     """
     metadata = get_metadata()
     quote = Quote.query.get(quote_id)
-    if quote and metadata['is_admin']:
-        quote.hidden = False
-        db.session.commit()
-        flash("Quote Unhidden!")
-        return redirect('/hidden')
-    elif quote:
+    if not metadata['is_admin']:
         abort(403)
-    abort(400)
+    if not quote:
+        abort(404)
+    quote.hidden = False
+    db.session.commit()
+    flash("Quote Unhidden!")
+    return redirect('/hidden')
+
 
 @app.route('/hidden', methods=['GET'])
 @auth.oidc_auth
@@ -379,7 +376,6 @@ def hidden():
 def forbidden(e):
     return render_template('bootstrap/403.html', metadata=get_metadata()), 403
 
-@app.errorhandler(400)
+@app.errorhandler(404)
 def forbidden(e):
-    return render_template('bootstrap/400.html', metadata=get_metadata()), 400
-
+    return render_template('bootstrap/404.html', metadata=get_metadata()), 404
diff --git a/quotefault/templates/bootstrap/400.html b/quotefault/templates/bootstrap/404.html
similarity index 72%
rename from quotefault/templates/bootstrap/400.html
rename to quotefault/templates/bootstrap/404.html
index dc3337e..55ae5fa 100644
--- a/quotefault/templates/bootstrap/400.html
+++ b/quotefault/templates/bootstrap/404.html
@@ -6,10 +6,10 @@
 
 {% block body %}
     <div class="container">
-        <h1 class="text-center">400 - Bad Request</h1>
+        <h1 class="text-center">404 - Not Found</h1>
         <br>
         <br>
-        <h3 class="text-center">You input data that was invalid! If this is incorrect, please contact an RTP.</h3>
+        <h3 class="text-center">Something was entered that does not exist. Check your URL! If you have any questions, contact an RTP.</h3>
     </div>
 {% endblock %}
 

From 906f37d69d7e5d416fb919553167e5a28d93ae07 Mon Sep 17 00:00:00 2001
From: Joseph Abbate <josephabbateny@gmail.com>
Date: Mon, 15 Nov 2021 19:17:16 -0500
Subject: [PATCH 11/16] Comment and HTML Code Fixes

---
 quotefault/__init__.py                  | 10 ++++++++--
 quotefault/templates/bootstrap/400.html | 20 ++++++++++++++++++++
 quotefault/templates/mail/report.html   |  2 +-
 3 files changed, 29 insertions(+), 3 deletions(-)
 create mode 100644 quotefault/templates/bootstrap/400.html

diff --git a/quotefault/__init__.py b/quotefault/__init__.py
index 38c60bf..4f8919b 100644
--- a/quotefault/__init__.py
+++ b/quotefault/__init__.py
@@ -279,7 +279,7 @@ def review():
     """
     metadata = get_metadata()
     if metadata['is_admin']:
-        # Get the most recent 20 quotes
+        # Get all outstanding reports
         reports = Report.query.filter(Report.reviewed == False).all()
 
         return render_template(
@@ -301,6 +301,8 @@ def review_submit(report_id, result):
         abort(403)
     if not report:
         abort(404)
+    if report.reviewed:
+        abort(404)
     if result == "keep": 
         report.reviewed = True
         db.session.commit()
@@ -311,7 +313,7 @@ def review_submit(report_id, result):
         db.session.commit()
         flash("Report Completed: Quote Hidden")
     else:
-        abort(404)
+        abort(400)
     return redirect('/review')
     
 
@@ -379,3 +381,7 @@ def forbidden(e):
 @app.errorhandler(404)
 def forbidden(e):
     return render_template('bootstrap/404.html', metadata=get_metadata()), 404
+
+@app.errorhandler(400)
+def forbidden(e):
+    return render_template('bootstrap/400.html', metadata=get_metadata()), 400
diff --git a/quotefault/templates/bootstrap/400.html b/quotefault/templates/bootstrap/400.html
new file mode 100644
index 0000000..dc3337e
--- /dev/null
+++ b/quotefault/templates/bootstrap/400.html
@@ -0,0 +1,20 @@
+{% extends "bootstrap/base.html" %}
+
+{% block styles %}
+    <link rel="stylesheet" href="/static/css/votes/upvote.css">
+{% endblock %}
+
+{% block body %}
+    <div class="container">
+        <h1 class="text-center">400 - Bad Request</h1>
+        <br>
+        <br>
+        <h3 class="text-center">You input data that was invalid! If this is incorrect, please contact an RTP.</h3>
+    </div>
+{% endblock %}
+
+{% block scripts %}
+    <script src="{{ url_for('static', filename='js/load_more.js') }}"></script>
+    <script src="{{ url_for('static', filename='css/votes/upvote.js') }}"></script>
+    <script src="{{ url_for('static', filename='js/vote.js') }}"></script>
+{% endblock %}
diff --git a/quotefault/templates/mail/report.html b/quotefault/templates/mail/report.html
index 1c49a17..6eb3dd3 100644
--- a/quotefault/templates/mail/report.html
+++ b/quotefault/templates/mail/report.html
@@ -7,6 +7,6 @@ <h3>There is a new report on QuoteFault</h3>
         <p>Report submitted by: {{reporter}}</p>
         <p>Quote being reported: {{quote.quote}} -{{quote.speaker}}</p>
         <p>Quote submitted by: {{quote.submitter}}</p>
-        <p>Please attend to this on https://quotefault.csh.rit.edu/admin</p>
+        <p>Please attend to this on the <a href="https://quotefault.csh.rit.edu/admin">QuoteFault Admin Page</a>!</p>
     </div>
 {% endblock %}

From 91c29eb88daad02679e5fcaec07f13b140a40f13 Mon Sep 17 00:00:00 2001
From: jabbate19 <josephabbateny@gmail.com>
Date: Tue, 16 Nov 2021 21:40:38 -0500
Subject: [PATCH 12/16] JS Repairs with Hidden

---
 quotefault/__init__.py                      |  2 +-
 quotefault/templates/bootstrap/admin.html   | 11 -----------
 quotefault/templates/bootstrap/hidden.html  | 22 ++++++---------------
 quotefault/templates/bootstrap/main.html    | 11 -----------
 quotefault/templates/bootstrap/storage.html | 10 ----------
 5 files changed, 7 insertions(+), 49 deletions(-)

diff --git a/quotefault/__init__.py b/quotefault/__init__.py
index 4f8919b..ec87060 100644
--- a/quotefault/__init__.py
+++ b/quotefault/__init__.py
@@ -325,7 +325,7 @@ def hide(quote_id):
     """
     metadata = get_metadata()
     quote = Quote.query.get(quote_id)
-    if not metadata['is_admin']:
+    if not (metadata['uid'] == quote.submitter or metadata['uid'] == quote.speaker or metadata['is_admin']):
         abort(403)
     if not quote:
         abort(404)
diff --git a/quotefault/templates/bootstrap/admin.html b/quotefault/templates/bootstrap/admin.html
index cea8406..730bc89 100644
--- a/quotefault/templates/bootstrap/admin.html
+++ b/quotefault/templates/bootstrap/admin.html
@@ -10,17 +10,6 @@
         {% with messages = get_flashed_messages(with_categories=true) %}
             {% if messages %}
                 {% for category, message in messages %}
-                    <script>
-                        switch (category) {
-                            case warning:
-                                category = warning
-                            case error:
-                                category = danger
-                            case
-                            default:
-                                category = success
-                        }
-                    </script>
                     <div class="alert alert-{{ category }}" role="alert">
                         {{ message }}
                     </div>
diff --git a/quotefault/templates/bootstrap/hidden.html b/quotefault/templates/bootstrap/hidden.html
index 4c63354..454a91b 100644
--- a/quotefault/templates/bootstrap/hidden.html
+++ b/quotefault/templates/bootstrap/hidden.html
@@ -10,28 +10,18 @@
         // Get the modal
         var modal = document.getElementById(`unhide_${id}`);
         modal.style.display = "block";
-    }
-    function unhideClose(id){
-        // Get the modal
-        var modal = document.getElementById(`unhide_${id}`);
-        modal.style.display = "none";
-    }
+        }
+        function unhideClose(id){
+            // Get the modal
+            var modal = document.getElementById(`unhide_${id}`);
+            modal.style.display = "none";
+        }
     </script>
     <div class="container">
         <!-- flash relevant message when submit button is clicked -->
         {% with messages = get_flashed_messages(with_categories=true) %}
             {% if messages %}
                 {% for category, message in messages %}
-                    <script>
-                        switch (category) {
-                            case warning:
-                                category = warning
-                            case error:
-                                category = danger
-                            default:
-                                category = success
-                        }
-                    </script>
                     <div class="alert alert-{{ category }}" role="alert">
                         {{ message }}
                     </div>
diff --git a/quotefault/templates/bootstrap/main.html b/quotefault/templates/bootstrap/main.html
index d17cf42..7359466 100644
--- a/quotefault/templates/bootstrap/main.html
+++ b/quotefault/templates/bootstrap/main.html
@@ -6,17 +6,6 @@
         {% with messages = get_flashed_messages(with_categories=true) %}
             {% if messages %}
                 {% for category, message in messages %}
-                    <script>
-                        switch (category) {
-                            case warning:
-                                category = warning
-                            case error:
-                                category = danger
-                            case
-                            default:
-                                category = success
-                        }
-                    </script>
                     <div class="alert alert-{{ category }}" role="alert">
                         {{ message }}
                     </div>
diff --git a/quotefault/templates/bootstrap/storage.html b/quotefault/templates/bootstrap/storage.html
index 01a468e..f345d71 100644
--- a/quotefault/templates/bootstrap/storage.html
+++ b/quotefault/templates/bootstrap/storage.html
@@ -32,16 +32,6 @@
         {% with messages = get_flashed_messages(with_categories=true) %}
             {% if messages %}
                 {% for category, message in messages %}
-                    <script>
-                        switch (category) {
-                            case warning:
-                                category = warning
-                            case error:
-                                category = danger
-                            default:
-                                category = success
-                        }
-                    </script>
                     <div class="alert alert-{{ category }}" role="alert">
                         {{ message }}
                     </div>

From 4497aa224f1bc899d472b8ddfbb99b262968d285 Mon Sep 17 00:00:00 2001
From: jabbate19 <josephabbateny@gmail.com>
Date: Tue, 16 Nov 2021 22:18:55 -0500
Subject: [PATCH 13/16] Pin requirements

---
 requirements.txt | 30 ++++++++++++++----------------
 1 file changed, 14 insertions(+), 16 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 1ea1cec..eae7621 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,21 +1,19 @@
-alembic
-click
+alembic==1.7.4
+click==8.0.3
 csh_ldap>=2.0.2
-Flask
+Flask==2.0.2
 Flask-Mail==0.9.1
 Flask-Migrate==3.1.0
 Flask-pyoidc==1.3.0
-Flask-Script
+Flask-Script==2.0.6
 Flask-SQLAlchemy>=2.5.0
-gunicorn
-itsdangerous
-Jinja2
-Mako
-MarkupSafe
-pip
-PyMySQL
-python-editor
-setuptools
-SQLAlchemy
-Werkzeug
-wheel
+gunicorn==20.1.0
+itsdangerous==2.0.1
+Jinja2==3.0.3
+Mako==1.1.5
+MarkupSafe==2.0.1
+PyMySQL==1.0.2
+python-editor==1.0.4
+SQLAlchemy==1.4.26
+Werkzeug==2.0.2
+

From 7cffc91c6a00f610be94cfa608e7b83822f7c941 Mon Sep 17 00:00:00 2001
From: jabbate19 <josephabbateny@gmail.com>
Date: Tue, 16 Nov 2021 22:20:34 -0500
Subject: [PATCH 14/16] Newlines

---
 app.py                                                          | 1 +
 config.env.py                                                   | 1 +
 config.sample.py                                                | 1 +
 migrations/README                                               | 1 +
 migrations/alembic.ini                                          | 1 +
 migrations/env.py                                               | 1 +
 migrations/script.py.mako                                       | 1 +
 .../versions/3b8a4c7fbcc2_report_reviewed_column_added.py       | 1 +
 migrations/versions/4f95c173f1d9_initial_schema.py              | 1 +
 migrations/versions/76898f8ac346_add_reports.py                 | 1 +
 quotefault/__init__.py                                          | 1 +
 quotefault/ldap.py                                              | 1 +
 quotefault/mail.py                                              | 1 +
 quotefault/models.py                                            | 1 +
 quotefault/templates/bootstrap/400.html                         | 1 +
 quotefault/templates/bootstrap/403.html                         | 1 +
 quotefault/templates/bootstrap/404.html                         | 1 +
 quotefault/templates/bootstrap/additional_quotes.html           | 1 +
 quotefault/templates/bootstrap/admin.html                       | 1 +
 quotefault/templates/bootstrap/hidden.html                      | 1 +
 quotefault/templates/bootstrap/main.html                        | 1 +
 quotefault/templates/bootstrap/settings.html                    | 1 +
 quotefault/templates/extend/base.html                           | 1 +
 quotefault/templates/extend/email.html                          | 1 +
 quotefault/templates/mail/report.html                           | 1 +
 quotefault/templates/mail/report.txt                            | 2 +-
 26 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/app.py b/app.py
index 3d15de6..3e70b78 100644
--- a/app.py
+++ b/app.py
@@ -4,3 +4,4 @@
     app.run(host=app.config['IP'], port=app.config['PORT'], threaded = False)
 
 application = app
+
diff --git a/config.env.py b/config.env.py
index 04249fd..60c0ee0 100644
--- a/config.env.py
+++ b/config.env.py
@@ -28,3 +28,4 @@
 MAIL_SERVER = os.environ.get("MAIL_SERVER", default=None)
 MAIL_PORT = os.environ.get("MAIL_PORT", default=465)
 MAIL_USE_SSL = True
+
diff --git a/config.sample.py b/config.sample.py
index 6c3050c..ef351f6 100644
--- a/config.sample.py
+++ b/config.sample.py
@@ -25,3 +25,4 @@
 MAIL_SERVER = ''
 MAIL_PORT = 465
 MAIL_USE_SSL = True
+
diff --git a/migrations/README b/migrations/README
index f7e61ca..abee060 100644
--- a/migrations/README
+++ b/migrations/README
@@ -8,3 +8,4 @@ A: (1) Add your URI to config.py, depending on how you are doing it. (2) Run "fl
 
 Q: I made changes to the models.py file and need a new revision. How do I do that?
 A: flask db revision -m "Whatever you want to name it"
+
diff --git a/migrations/alembic.ini b/migrations/alembic.ini
index 33b6827..adbe62a 100644
--- a/migrations/alembic.ini
+++ b/migrations/alembic.ini
@@ -72,3 +72,4 @@ formatter = generic
 [formatter_generic]
 format = %(levelname)-5.5s [%(name)s] %(message)s
 datefmt = %H:%M:%S
+
diff --git a/migrations/env.py b/migrations/env.py
index 42438a5..30cbc57 100644
--- a/migrations/env.py
+++ b/migrations/env.py
@@ -88,3 +88,4 @@ def process_revision_directives(context, revision, directives):
     run_migrations_offline()
 else:
     run_migrations_online()
+
diff --git a/migrations/script.py.mako b/migrations/script.py.mako
index 2c01563..bb975ed 100644
--- a/migrations/script.py.mako
+++ b/migrations/script.py.mako
@@ -22,3 +22,4 @@ def upgrade():
 
 def downgrade():
     ${downgrades if downgrades else "pass"}
+
diff --git a/migrations/versions/3b8a4c7fbcc2_report_reviewed_column_added.py b/migrations/versions/3b8a4c7fbcc2_report_reviewed_column_added.py
index 079a49e..b44b510 100644
--- a/migrations/versions/3b8a4c7fbcc2_report_reviewed_column_added.py
+++ b/migrations/versions/3b8a4c7fbcc2_report_reviewed_column_added.py
@@ -22,3 +22,4 @@ def upgrade():
 
 def downgrade():
     op.drop_column('report', 'reviewed')
+
diff --git a/migrations/versions/4f95c173f1d9_initial_schema.py b/migrations/versions/4f95c173f1d9_initial_schema.py
index 36f0d50..d2da803 100644
--- a/migrations/versions/4f95c173f1d9_initial_schema.py
+++ b/migrations/versions/4f95c173f1d9_initial_schema.py
@@ -54,3 +54,4 @@ def downgrade():
     op.drop_table('quote')
     op.drop_table('api_key')
     # ### end Alembic commands ###
+
diff --git a/migrations/versions/76898f8ac346_add_reports.py b/migrations/versions/76898f8ac346_add_reports.py
index 83930d8..e5ec032 100644
--- a/migrations/versions/76898f8ac346_add_reports.py
+++ b/migrations/versions/76898f8ac346_add_reports.py
@@ -31,3 +31,4 @@ def upgrade():
 def downgrade():
     op.drop_column('quote', 'hidden')
     op.drop_table('report')
+
diff --git a/quotefault/__init__.py b/quotefault/__init__.py
index ec87060..3658ef5 100644
--- a/quotefault/__init__.py
+++ b/quotefault/__init__.py
@@ -385,3 +385,4 @@ def forbidden(e):
 @app.errorhandler(400)
 def forbidden(e):
     return render_template('bootstrap/400.html', metadata=get_metadata()), 400
+
diff --git a/quotefault/ldap.py b/quotefault/ldap.py
index e856e45..e1eb623 100644
--- a/quotefault/ldap.py
+++ b/quotefault/ldap.py
@@ -50,3 +50,4 @@ def is_member_of_group(uid: str, group: str) -> bool:
         if group == group_dn.split(",")[0][3:]:
             return True
     return False
+
diff --git a/quotefault/mail.py b/quotefault/mail.py
index 4cece12..fde3b75 100644
--- a/quotefault/mail.py
+++ b/quotefault/mail.py
@@ -51,3 +51,4 @@ def send_quote_notification_email(user):
     body = "Somebody quoted you in Quotefault!\n\n"
     body += "Check Quotefault to see what you were caught saying!"
     send_email(toaddr, subject, body)
+
diff --git a/quotefault/models.py b/quotefault/models.py
index 92fc0e7..448c2f7 100644
--- a/quotefault/models.py
+++ b/quotefault/models.py
@@ -87,3 +87,4 @@ def __init__(self, quote_id, reporter, reason):
         self.quote_id = quote_id
         self.reporter = reporter
         self.reason = reason
+
diff --git a/quotefault/templates/bootstrap/400.html b/quotefault/templates/bootstrap/400.html
index dc3337e..84e845d 100644
--- a/quotefault/templates/bootstrap/400.html
+++ b/quotefault/templates/bootstrap/400.html
@@ -18,3 +18,4 @@ <h3 class="text-center">You input data that was invalid! If this is incorrect, p
     <script src="{{ url_for('static', filename='css/votes/upvote.js') }}"></script>
     <script src="{{ url_for('static', filename='js/vote.js') }}"></script>
 {% endblock %}
+
diff --git a/quotefault/templates/bootstrap/403.html b/quotefault/templates/bootstrap/403.html
index d1a5569..4542890 100644
--- a/quotefault/templates/bootstrap/403.html
+++ b/quotefault/templates/bootstrap/403.html
@@ -18,3 +18,4 @@ <h3 class="text-center">You are not an admin! If this is incorrect, please conta
     <script src="{{ url_for('static', filename='css/votes/upvote.js') }}"></script>
     <script src="{{ url_for('static', filename='js/vote.js') }}"></script>
 {% endblock %}
+
diff --git a/quotefault/templates/bootstrap/404.html b/quotefault/templates/bootstrap/404.html
index 55ae5fa..db3a7b0 100644
--- a/quotefault/templates/bootstrap/404.html
+++ b/quotefault/templates/bootstrap/404.html
@@ -18,3 +18,4 @@ <h3 class="text-center">Something was entered that does not exist. Check your UR
     <script src="{{ url_for('static', filename='css/votes/upvote.js') }}"></script>
     <script src="{{ url_for('static', filename='js/vote.js') }}"></script>
 {% endblock %}
+
diff --git a/quotefault/templates/bootstrap/additional_quotes.html b/quotefault/templates/bootstrap/additional_quotes.html
index 586fb5a..516343d 100644
--- a/quotefault/templates/bootstrap/additional_quotes.html
+++ b/quotefault/templates/bootstrap/additional_quotes.html
@@ -24,3 +24,4 @@
         </div>
     </div>
 {% endfor %}
+
diff --git a/quotefault/templates/bootstrap/admin.html b/quotefault/templates/bootstrap/admin.html
index 730bc89..fe9903a 100644
--- a/quotefault/templates/bootstrap/admin.html
+++ b/quotefault/templates/bootstrap/admin.html
@@ -42,3 +42,4 @@
     <script src="{{ url_for('static', filename='css/votes/upvote.js') }}"></script>
     <script src="{{ url_for('static', filename='js/vote.js') }}"></script>
 {% endblock %}
+
diff --git a/quotefault/templates/bootstrap/hidden.html b/quotefault/templates/bootstrap/hidden.html
index 454a91b..4ef505a 100644
--- a/quotefault/templates/bootstrap/hidden.html
+++ b/quotefault/templates/bootstrap/hidden.html
@@ -88,3 +88,4 @@ <h5 class="modal-title">Unhide Quote</h5>
     <script src="{{ url_for('static', filename='css/votes/upvote.js') }}"></script>
     <script src="{{ url_for('static', filename='js/vote.js') }}"></script>
 {% endblock %}
+
diff --git a/quotefault/templates/bootstrap/main.html b/quotefault/templates/bootstrap/main.html
index 7359466..8642c2c 100644
--- a/quotefault/templates/bootstrap/main.html
+++ b/quotefault/templates/bootstrap/main.html
@@ -56,3 +56,4 @@
         });
     </script>
 {% endblock %}
+
diff --git a/quotefault/templates/bootstrap/settings.html b/quotefault/templates/bootstrap/settings.html
index 1887233..f11d673 100644
--- a/quotefault/templates/bootstrap/settings.html
+++ b/quotefault/templates/bootstrap/settings.html
@@ -23,3 +23,4 @@
         </div>
     </div>
 {% endblock %}
+
diff --git a/quotefault/templates/extend/base.html b/quotefault/templates/extend/base.html
index 418e93d..eb60f96 100644
--- a/quotefault/templates/extend/base.html
+++ b/quotefault/templates/extend/base.html
@@ -27,3 +27,4 @@
 
 </body>
 </html>
+
diff --git a/quotefault/templates/extend/email.html b/quotefault/templates/extend/email.html
index 4ff36e3..0a31183 100644
--- a/quotefault/templates/extend/email.html
+++ b/quotefault/templates/extend/email.html
@@ -15,3 +15,4 @@
 {% endblock %}
 </body>
 </html>
+
diff --git a/quotefault/templates/mail/report.html b/quotefault/templates/mail/report.html
index 6eb3dd3..0f8bbfd 100644
--- a/quotefault/templates/mail/report.html
+++ b/quotefault/templates/mail/report.html
@@ -10,3 +10,4 @@ <h3>There is a new report on QuoteFault</h3>
         <p>Please attend to this on the <a href="https://quotefault.csh.rit.edu/admin">QuoteFault Admin Page</a>!</p>
     </div>
 {% endblock %}
+
diff --git a/quotefault/templates/mail/report.txt b/quotefault/templates/mail/report.txt
index 9be4e59..3dd3065 100644
--- a/quotefault/templates/mail/report.txt
+++ b/quotefault/templates/mail/report.txt
@@ -4,4 +4,4 @@ Hello EBoard/RTP
     Quote being reported: {{quote.quote}} -{{quote.speaker}}
     Quote submitted by: {{quote.submitter}}
     Please attend to this on https://quotefault.csh.rit.edu/admin
-    
\ No newline at end of file
+

From 66daf7c9b3f387c9587b37a2b4e9e830752f1bc7 Mon Sep 17 00:00:00 2001
From: jabbate19 <josephabbateny@gmail.com>
Date: Tue, 16 Nov 2021 22:21:49 -0500
Subject: [PATCH 15/16] 409 File

409 Redirect
---
 quotefault/__init__.py                  |  4 ++++
 quotefault/templates/bootstrap/409.html | 21 +++++++++++++++++++++
 2 files changed, 25 insertions(+)
 create mode 100644 quotefault/templates/bootstrap/409.html

diff --git a/quotefault/__init__.py b/quotefault/__init__.py
index 3658ef5..edf2e46 100644
--- a/quotefault/__init__.py
+++ b/quotefault/__init__.py
@@ -386,3 +386,7 @@ def forbidden(e):
 def forbidden(e):
     return render_template('bootstrap/400.html', metadata=get_metadata()), 400
 
+@app.errorhandler(409)
+def forbidden(e):
+    return render_template('bootstrap/409.html', metadata=get_metadata()), 409
+
diff --git a/quotefault/templates/bootstrap/409.html b/quotefault/templates/bootstrap/409.html
new file mode 100644
index 0000000..f6ea5a2
--- /dev/null
+++ b/quotefault/templates/bootstrap/409.html
@@ -0,0 +1,21 @@
+{% extends "bootstrap/base.html" %}
+
+{% block styles %}
+    <link rel="stylesheet" href="/static/css/votes/upvote.css">
+{% endblock %}
+
+{% block body %}
+    <div class="container">
+        <h1 class="text-center">409 - Conflict</h1>
+        <br>
+        <br>
+        <h3 class="text-center">Your request conflicts the current data within the system. If you believe this is wrong, contact an RTP.</h3>
+    </div>
+{% endblock %}
+
+{% block scripts %}
+    <script src="{{ url_for('static', filename='js/load_more.js') }}"></script>
+    <script src="{{ url_for('static', filename='css/votes/upvote.js') }}"></script>
+    <script src="{{ url_for('static', filename='js/vote.js') }}"></script>
+{% endblock %}
+

From a3cb5fb82a1ab5b37d705f4a41d34e2fcf57409b Mon Sep 17 00:00:00 2001
From: Max Meinhold <mxmeinhold@gmail.com>
Date: Wed, 17 Nov 2021 03:08:34 +0000
Subject: [PATCH 16/16] Reformat and reword migrations readme

---
 migrations/README | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/migrations/README b/migrations/README
index abee060..b2194f3 100644
--- a/migrations/README
+++ b/migrations/README
@@ -1,11 +1,12 @@
-Generic single-database configuration.
-
-Q: What is Alembic/Migrations?
-A: Migrations give a versioned history of changes to the SQL Schema for this project. A "revision" defines changes to a table (add/drop tables or columns). This allows you to go back in time if needed, and quickly re-create the whole schema for a local development
-
-Q: How do I update my local database to use the migrations?
-A: (1) Add your URI to config.py, depending on how you are doing it. (2) Run "flask db upgrade"
-
-Q: I made changes to the models.py file and need a new revision. How do I do that?
-A: flask db revision -m "Whatever you want to name it"
-
+## What are Alembic and migrations?
+Migrations give a versioned history of changes to the SQL Schema for this project.
+A `revision` or `migration` defines changes to the structure of the database (such as adding/dropping tables or columns), as well as procedures for migrating existing data to the new structure. Migrations allow for safe(ish) rollbacks, and make it easier to make incremental changes to the database.
+
+## Applying migrations
+Once you have your db URI in `config.py`, run `flask db upgrade` to bring the db up to the latest revision.
+
+## Creating new revisions
+When you change `models.py`, you'll need to make a new migration.
+Run `flask db revision -m "<descriptive title>"` to autogenerate one.
+You should go manually inspect the created revision to make sure it does what you expect.
+Once you've got your changes all set, be sure to commit the migration file in the same commit as your changes to `models.py`