Beispiel #1
0
 def _available_badges(self):
     '''
     Return the badges that are editable by a user.
     '''
     c.groups = [{'permission': 'global.admin',
                  'label': _('In all instances'),
                  'show_label': True}]
     if c.instance:
         c.groups.append(
             {'permission': 'instance.admin',
              'label': _('In instance "%s"') % c.instance.label,
              'show_label': h.has_permission('global.admin')})
     badges = {}
     if has('global.admin'):
         badges['global.admin'] = {
             'instance': InstanceBadge.all(instance=None),
             'user': UserBadge.all(instance=None),
             'delegateable': DelegateableBadge.all(instance=None),
             'category': CategoryBadge.all(instance=None),
             'thumbnail': ThumbnailBadge.all(instance=None)}
     if has('instance.admin') and c.instance is not None:
         badges['instance.admin'] = {
             'instance': InstanceBadge.all(instance=c.instance),
             'user': UserBadge.all(instance=c.instance),
             'delegateable': DelegateableBadge.all(instance=c.instance),
             'category': CategoryBadge.all(instance=c.instance),
             'thumbnail': ThumbnailBadge.all(instance=c.instance)}
     return badges
Beispiel #2
0
def edit(m):
    if not c.instance.milestones:
        return False
    if has('instance.admin'):
        return True
    if not (has('milestone.edit') and show(m)):
        return False
    return False
Beispiel #3
0
def supervise(check, u=None):
    """ Supervise users on instance level """
    check.readonly()
    check.other('not_in_instance', not c.instance)
    if u is not None:
        check.other('no_member_in_instance', not u.is_member(c.instance))
    check.other('not_user.manage_or_instance.admin',
                not (has('user.manage') or has('instance.admin')))
Beispiel #4
0
def edit(m):
    if not c.instance.milestones:
        return False
    if has('instance.admin'):
        return True
    if not (has('milestone.edit') and show(m)):
        return False
    return False
Beispiel #5
0
def edit(p):
    if not p.is_mutable():
        return False
    if has('instance.admin'):
        return True
    if not (has('proposal.edit') and show(p)):
        return False
    if (p.description.head.wiki or is_own(p)):
        return True
    return False
Beispiel #6
0
 def _to_python(self, value, state):
     from adhocracy.model import Instance
     if has('global.admin'):
         if value:
             instance = Instance.find(value)
             if instance is None:
                 raise AssertionError("Could not find instance %s" % value)
             return instance
         return None
     elif has('instance.admin') and c.instance:
         return c.instance
     raise formencode.Invalid(_("You're not allowed to edit global badges"),
                              value, state)
Beispiel #7
0
 def _to_python(self, value, state):
     from adhocracy.model import Instance
     if has('global.admin'):
         if value:
             instance = Instance.find(value)
             if instance is None:
                 raise AssertionError("Could not find instance %s" % value)
             return instance
         return None
     elif has('instance.admin') and c.instance:
         return c.instance
     raise formencode.Invalid(
         _("You're not allowed to edit global badges"),
         value, state)
Beispiel #8
0
def edit(check, p):
    if has('instance.admin') or has('global.admin'):
        # Admins can always edit proposals.
        return

    show(check, p)
    check.other('proposal_not_mutable', not p.is_mutable())
    if has('proposal.edit'):
        # having proposal.edit is enough
        return

    check.other('user_is_no_member', not c.user or
                not c.user.is_member(c.instance))
    check.other('proposal_head_not_wiki_or_own',
        not is_own(p) and not p.description.head.wiki)
Beispiel #9
0
def edit(check, p):
    if has('instance.admin') or has('global.admin'):
        # Admins can always edit proposals.
        return

    show(check, p)
    check.other('proposal_not_mutable', not p.is_mutable())
    if has('proposal.edit'):
        # having proposal.edit is enough
        return

    check.other('user_is_no_member', not c.user
                or not c.user.is_member(c.instance))
    check.other('proposal_head_not_wiki_or_own', not is_own(p)
                and not p.description.head.wiki)
Beispiel #10
0
def edit(check, m):
    check.valid_email()
    check.other('instance_without_milestones', not c.instance.milestones)
    if has('instance.admin'):
        return
    check.perm('milestone.edit')
    show(check, m)
Beispiel #11
0
def row(proposal):
    global_admin = authorization.has('global.admin')
    if not proposal:
        return ""
    return render_tile('/proposal/tiles.html', 'row', ProposalTile(proposal),
                       proposal=proposal, cached=True,
                       badgesglobal_admin=global_admin)
Beispiel #12
0
def row(proposal):
    global_admin = authorization.has('global.admin')
    if not proposal:
        return ""
    return render_tile('/proposal/tiles.html', 'row', ProposalTile(proposal),
                       proposal=proposal, cached=True,
                       badgesglobal_admin=global_admin)
Beispiel #13
0
    def update_badges(self, id):
        user = get_entity_or_abort(model.User, id)
        badges = self.form_result.get('badge')

        if not has('global.admin'):
            # instance admins may only add user badges limited to this instance

            for badge in badges:
                if not badge.instance == c.instance:
                    h.flash(_(u'Invalid badge choice.'), u'error')
                    redirect(h.entity_url(user))

        creator = c.user

        added = []
        removed = []
        for badge in user.badges:
            if badge not in badges:
                removed.append(badge)
                user.badges.remove(badge)

        for badge in badges:
            if badge not in user.badges:
                badge.assign(user, creator)
                added.append(badge)

        model.meta.Session.flush()
        # FIXME: needs commit() cause we do an redirect() which raises
        # an Exception.
        model.meta.Session.commit()
        post_update(user, model.update.UPDATE)
        redirect(h.entity_url(user, instance=c.instance))
Beispiel #14
0
def adopt(check, p):
    check.valid_email()
    if c.instance.allow_adopt and has('instance.admin'):
        return
    show(check, p)
    poll.create(check)
    check.other('proposal_cannot_adopt', not p.can_adopt())
Beispiel #15
0
def edit(check, u):
    check.readonly()
    if has('user.manage'):
        return
    show(check, u)
    check.other('user_not_self', u != c.user)
    check.other(NOT_LOGGED_IN, not c.user)
Beispiel #16
0
def adopt(check, p):
    check.valid_email()
    if c.instance.allow_adopt and has('instance.admin'):
        return
    show(check, p)
    poll.create(check)
    check.other('proposal_cannot_adopt', not p.can_adopt())
Beispiel #17
0
def delete(check, p):
    check.readonly()
    check.valid_email()
    if has('instance.admin'):
        return
    check.perm('proposal.delete')
    show(check, p)
    check.other('proposal_not_mutable', not p.is_mutable())
Beispiel #18
0
def delete(check, p):
    check.readonly()
    check.valid_email()
    if has('instance.admin'):
        return
    check.perm('proposal.delete')
    show(check, p)
    check.other('proposal_not_mutable', not p.is_mutable())
Beispiel #19
0
def edit(check, u):
    check.readonly()
    if has('user.manage'):
        return
    show(check, u)
    check.other('user_not_self', u != c.user)
    check.other(NOT_LOGGED_IN, not c.user)
    is_not_demo(check, c.user)
Beispiel #20
0
def edit(check, m):
    check.readonly()
    check.valid_email()
    check.other('instance_without_milestones', not c.instance.milestones)
    if has('instance.admin'):
        return
    check.perm('milestone.edit')
    show(check, m)
Beispiel #21
0
    def wrapper(self):
        allowed_sender_options = self._get_allowed_sender_options(c.user)
        sender_email = self.form_result.get('sender_email')
        if ((sender_email not in allowed_sender_options)
                or (not allowed_sender_options[sender_email]['enabled'])):
            return ret_abort(_("Sorry, but you're not allowed to set these "
                               "message options"),
                             code=403)
        sender_name = None
        if has('global.message'):
            sender_name = self.form_result.get('sender_name')
        if not sender_name:
            sender_name = c.user.name

        recipients = User.all_q()
        filter_instances = self.form_result.get('filter_instances')
        recipients = recipients.join(Membership).filter(
            Membership.instance_id.in_(filter_instances))
        filter_badges = self.form_result.get('filter_badges')
        if filter_badges:
            recipients = recipients.join(UserBadges,
                                         UserBadges.user_id == User.id)
            recipients = recipients.filter(
                UserBadges.badge_id.in_([fb.id for fb in filter_badges]))

        if has('global.admin'):
            include_footer = self.form_result.get('include_footer')
        else:
            include_footer = True

        if len(filter_instances) == 1:
            instance = Instance.find(filter_instances[0])
        else:
            instance = None

        return func(
            self,
            self.form_result.get('subject'),
            self.form_result.get('body'),
            recipients.all(),
            sender_email=allowed_sender_options[sender_email]['email'],
            sender_name=sender_name,
            instance=instance,
            include_footer=include_footer,
        )
Beispiel #22
0
    def wrapper(self):
        allowed_sender_options = self._get_allowed_sender_options(c.user)
        sender_email = self.form_result.get('sender_email')
        if ((sender_email not in allowed_sender_options) or
                (not allowed_sender_options[sender_email]['enabled'])):
            return ret_abort(_("Sorry, but you're not allowed to set these "
                               "message options"), code=403)
        sender_name = None
        if has('global.message'):
            sender_name = self.form_result.get('sender_name')
        if not sender_name:
            sender_name = c.user.name

        recipients = User.all_q()
        filter_instances = self.form_result.get('filter_instances')
        recipients = recipients.join(Membership).filter(
            Membership.instance_id.in_(filter_instances))
        filter_badges = self.form_result.get('filter_badges')
        if filter_badges:
            recipients = recipients.join(UserBadges,
                                         UserBadges.user_id == User.id)
            recipients = recipients.filter(
                UserBadges.badge_id.in_([fb.id for fb in filter_badges]))

        if has('global.admin'):
            include_footer = self.form_result.get('include_footer')
        else:
            include_footer = True

        if len(filter_instances) == 1:
            instance = Instance.find(filter_instances[0])
        else:
            instance = None

        return func(self,
                    self.form_result.get('subject'),
                    self.form_result.get('body'),
                    recipients.all(),
                    sender_email=allowed_sender_options[sender_email]['email'],
                    sender_name=sender_name,
                    instance=instance,
                    include_footer=include_footer,
                    )
Beispiel #23
0
 def get_allowed_instances(cls, user):
     """
     returns all instances in which the given user has permission to send a
     message to all users
     """
     if has('global.message'):
         return Instance.all()
     else:
         return [m.instance for m in user.memberships
                 if (m.instance is not None
                     and m.instance.is_authenticated
                     and 'instance.message' in m.group.permissions)]
Beispiel #24
0
def breadcrumbs(user, dashboard=False):
    from adhocracy.lib.helpers import base_url
    items = []
    if c.instance is not None:
        items.append(_url.link(_("Members"), base_url(u'/user')))
    elif has('user.index_all'):
        items.append(_url.link(_("Members"), base_url(u'/user/all')))
    if user is not None:
        items.append(_url.link(user.name, url(user)))
    if dashboard:
        items.append(_url.link(_('Dashboard'), base_url('/user/dashboard')))
    return _url.root() + _url.BREAD_SEP.join(items)
Beispiel #25
0
def row_inline(proposal):
    global_admin = authorization.has("global.admin")
    if not proposal:
        return ""
    return render_tile(
        "/proposal/tiles.html",
        "row_inline",
        ProposalTile(proposal),
        proposal=proposal,
        cached=False,
        badgesglobal_admin=global_admin,
    )
Beispiel #26
0
def breadcrumbs(user, dashboard=False):
    from adhocracy.lib.helpers import base_url
    items = []
    if c.instance is not None:
        items.append(_url.link(_("Members"), base_url(u'/user')))
    elif has('user.index_all'):
        items.append(_url.link(_("Members"), base_url(u'/user/all')))
    if user is not None:
        items.append(_url.link(user.name, url(user)))
    if dashboard:
        items.append(_url.link(_('Dashboard'), base_url('/user/dashboard')))
    return _url.root() + _url.BREAD_SEP.join(items)
Beispiel #27
0
 def _get_badge_or_redirect(self, id):
     '''
     Get a badge. Redirect if it does not exist. Redirect if
     the badge is not from the current instance, but the user is
     only an instance admin, not a global admin
     '''
     badge = Badge.by_id(id, instance_filter=False)
     if badge is None:
         self._redirect_not_found(id)
     if badge.instance != c.instance and not has('global.admin'):
         self._redirect_not_found(id)
     return badge
Beispiel #28
0
 def _get_allowed_instances(cls, user):
     """
     returns all instances in which the given user has permission to send a
     message to all users
     """
     if has('global.message'):
         return Instance.all()
     else:
         perm = Permission.find('instance.message')
         instances = [m.instance for m in user.memberships
                      if (m.instance is not None
                          and m.instance.is_authenticated
                          and perm in m.group.permissions)]
         return sorted(instances, key=lambda i: i.label)
Beispiel #29
0
 def _get_allowed_instances(cls, user):
     """
     returns all instances in which the given user has permission to send a
     message to all users
     """
     if has('global.message'):
         return Instance.all()
     else:
         perm = Permission.find('instance.message')
         return [
             m.instance for m in user.memberships
             if (m.instance is not None and m.instance.is_authenticated
                 and perm in m.group.permissions)
         ]
Beispiel #30
0
 def _get_allowed_instances(cls, user):
     """
     returns all instances in which the given user has permission to send a
     message to all users
     """
     if has('global.message'):
         return Instance.all(include_hidden=True)
     else:
         perm = Permission.find('instance.message')
         instances = [
             m.instance for m in user.memberships
             if (m.instance is not None and m.instance.is_authenticated
                 and perm in m.group.permissions)
         ]
         return sorted(instances, key=lambda i: i.label)
Beispiel #31
0
 def badges(self, id, errors=None):
     if has('global.admin'):
         c.badges = model.UserBadge.all(instance=None)
     else:
         c.badges = None
     c.page_user = get_entity_or_abort(model.User, id)
     instances = c.page_user and c.page_user.instances or []
     c.instance_badges = [
         {"label": instance.label,
          "badges": model.UserBadge.all(instance=instance)} for
         instance in instances]
     defaults = {'badge': [str(badge.id) for badge in c.page_user.badges]}
     return formencode.htmlfill.render(
         render("/user/badges.html"),
         defaults=defaults,
         force_defaults=False)
Beispiel #32
0
def select(selected, name='milestone'):
    options = [('--', _('(no milestone)'), selected is None)]

    if has('milestone.edit'):
        milestones = model.Milestone.all(instance=c.instance)
    else:
        milestones = model.Milestone.all_future(instance=c.instance)

        # Add the currently selected milestone if it is in the past
        # so it will be shown and won't be overwritten on save
        if (selected is not None) and (selected not in milestones):
            milestones.insert(0, selected)

    for milestone in milestones:
        options.append((milestone.id, milestone.title,
                        milestone == selected))

    return render_tile('/milestone/tiles.html', 'select',
                       None, options=options, name=name)
Beispiel #33
0
 def _check_item(self, item, line):
     error_list = []
     user_name = item.get(USER_NAME, '').strip()
     email = item.get(EMAIL, '')
     badges = item.get(USER_BADGES, '')
     if email is not None:
         email = email.strip()
     validated = {}
     USERBADGE_VALIDATOR = ValidUserBadgeNames(
         not_empty=False,
         if_empty=[],
         instance_filter=(not has('global.admin')))
     for (validator, value) in (
         (USERNAME_VALIDATOR, user_name),
         (EMAIL_VALIDATOR, email),
         (USERBADGE_VALIDATOR, badges),
     ):
         try:
             validated[validator] = validator.to_python(value, None)
         except formencode.Invalid, E:
             error_list.append(u'%s (%s)' % (E.msg, value))
Beispiel #34
0
def can_welcome():
    """ Can the current user set welcome codes? """
    return welcome_enabled() and has('global.admin')
Beispiel #35
0
def supervise(check, u):
    check.other('not_in_instance', not c.instance)
    check.other('no_member_in_instance', not u.is_member(c.instance))
    check.other('not_user.manage_or_instance.admin',
        not (has('user.manage') or has('instance.admin')))
Beispiel #36
0
def vote(check):
    check.other('vote_prohibited', has('vote.prohibit'))
    check.other('not_in_instance', not c.instance)
    check.other('not_logged_in', not c.user)
    check.perm('vote.cast')
Beispiel #37
0
def vote(check):
    check.readonly()
    check.other('vote_prohibited', has('vote.prohibit'))
    check.other('not_in_instance', not c.instance)
    check.other(NOT_LOGGED_IN, not c.user)
    check.perm('vote.cast')
Beispiel #38
0
def edit(check, u):
    if has('user.manage'):
        return
    show(check, u)
    check.other('user_not_self', u != c.user)
Beispiel #39
0
def vote(check):
    check.readonly()
    check.other('vote_prohibited', has('vote.prohibit'))
    check.other('not_in_instance', not c.instance)
    check.other(NOT_LOGGED_IN, not c.user)
    check.perm('vote.cast')
Beispiel #40
0
def delete(m):
    return has('milestone.delete') and show(m)
Beispiel #41
0
def message(check, p):
    check.readonly()

    if has('global.message'):
        return
    check.perm('proposal.message')
Beispiel #42
0
def supervise(check, u):
    check.readonly()
    check.other('not_in_instance', not c.instance)
    check.other('no_member_in_instance', not u.is_member(c.instance))
    check.other('not_user.manage_or_instance.admin',
                not (has('user.manage') or has('instance.admin')))
Beispiel #43
0
def show(p):
    return has('proposal.show') and not p.is_deleted()
Beispiel #44
0
def can_edit():
    if not get_backend().is_editable():
        return False
    return has('global.staticpage')
Beispiel #45
0
def create():
    if c.instance.frozen:
        return False
    return has('proposal.create')
Beispiel #46
0
def can_welcome():
    """ Can the current user set welcome codes? """
    return welcome_enabled() and has('global.admin')
Beispiel #47
0
def show(m):
    return (has('milestone.show') and c.instance.milestones
            and not m.is_deleted())
Beispiel #48
0
def adopt(p):
    if c.instance.allow_adopt and has('instance.admin'):
        return True
    return show(p) and poll.create() and p.can_adopt()
Beispiel #49
0
def index():
    return has('proposal.show')
Beispiel #50
0
def delete(p):
    return has('proposal.delete') and show(p) and p.is_mutable()
Beispiel #51
0
def index():
    return has('milestone.show') and c.instance.milestones