def edit(id):
item = MediaItem.query.filter_by(id=id).first_or_404()
form = MediaItemEditForm()
form.category.choices = gen_media_category_choices()
# TODO: write custom decorator for this?
if not current_user.has_admin_role() and current_user.has_media_role(
) and item.is_visible == False and item.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.is_media_admin(
) and item.is_visible == False and not item.created_by == current_user:
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.is_media_admin():
del form.is_visible
form.file.label.text = "Replace with file"
if form.validate_on_submit():
item.name = form.name.data
item.category_id = form.category.data
if current_user.is_event_admin():
item.is_visible = form.is_visible.data
if form.file.data:
remove(path.join(app.config["MEDIA_DIR"], item.filename))
filepath = path.join(app.config["MEDIA_DIR"], item.filename)
form.file.data.save(filepath)
item.filesize = stat(filepath).st_size
db.session.commit()
flash("File was edited.", "success")
return redirect(url_for("media.view", id=id))
elif request.method == "GET":
form.name.data = item.name
form.category.data = item.category_id
if current_user.is_media_admin():
form.is_visible.data = item.is_visible
return render_template("media/edit.html",
form=form,
title=page_title("Edit File '%s'" % item.name))
def edit(id):
wikientry = WikiEntry.query.filter_by(id=id).first_or_404()
form = WikiEntryForm()
form.submit.label.text = "Save Article"
cats = gen_category_strings()
# TODO: write custom decorators for this?
if not current_user.has_admin_role() and current_user.has_wiki_role() and wikientry.is_visible == False and wikientry.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.is_wiki_admin() and wikientry.is_visible == False and not wikientry.created_by == current_user:
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.is_wiki_admin():
del form.is_visible
if not current_user.has_admin_role():
del form.dm_content
if form.validate_on_submit():
wikientry.title = form.title.data
wikientry.content = form.content.data
wikientry.category = form.category.data
wikientry.tags = form.tags.data
if current_user.is_wiki_admin():
wikientry.is_visible = form.is_visible.data
if current_user.has_admin_role():
wikientry.dm_content = form.dm_content.data
db.session.commit()
flash("Wiki entry was edited.", "success")
return redirect(url_for("wiki.view", id=id))
elif request.method == "GET":
form.title.data = wikientry.title
form.content.data = wikientry.content
form.category.data = wikientry.category
form.tags.data = wikientry.tags
if current_user.is_wiki_admin():
form.is_visible.data = wikientry.is_visible
if current_user.has_admin_role():
form.dm_content.data = wikientry.dm_content
return render_template("wiki/edit.html", form=form, nav=(prepare_wiki_nav(), WikiSearchForm()), cats=cats, entry=wikientry, title=page_title("Edit Wiki Article '%s'" % wikientry.title))
def delete(id):
char = Character.query.filter_by(id=id).first_or_404()
if current_user.id != char.user_id and current_user.has_admin_role(
) == False:
flash_no_permission()
return redirect(url_for(no_perm))
player = char.player.username
db.session.delete(char)
db.session.commit()
flash("Character was deleted.", "success")
return redirect(url_for('user.profile', username=player))
def view(id):
wikientry = WikiEntry.query.filter_by(id=id).first_or_404()
# TODO: write custom decorator / function for this?
if not current_user.is_wiki_admin() and wikientry.is_visible == False and not wikientry.created_by == current_user:
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.has_admin_role() and current_user.has_wiki_role() and wikientry.is_visible == False and wikientry.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
map_nodes = get_nodes_by_wiki_id(id)
return render_template("wiki/view.html", entry=wikientry, nav=(prepare_wiki_nav(), WikiSearchForm()), map_nodes=map_nodes, title=page_title("View Wiki Article '%s'" % wikientry.title))
def test_flash_no_permission(self, app, client):
from app.helpers import flash_no_permission
client.get("/")
with client.session_transaction():
flash_no_permission()
flashes = get_flashed_messages()
self.assertEqual(len(flashes), 1)
self.assertTrue("No permission" in flashes[0])
client.get("/")
with client.session_transaction():
flash_no_permission(msg="Custom Message")
flashes = get_flashed_messages()
self.assertEqual(len(flashes), 1)
self.assertTrue("Custom Message" in flashes[0])
def toggle_vis(id):
wikientry = WikiEntry.query.filter_by(id=id).first_or_404()
# TODO: write custom decorator / function for this ?
if not current_user.has_admin_role() and current_user.has_wiki_role() and wikientry.is_visible == False and wikientry.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
if wikientry.is_visible == True:
wikientry.is_visible = False
flash("Article was hidden.", "success")
else:
wikientry.is_visible = True
flash("Article is now visible to anyone.", "success")
db.session.commit()
return redirect(url_for('wiki.view', id=id))
def journal_edit(c_id, j_id):
char = Character.query.filter_by(id=c_id).first_or_404()
journal = Journal.query.filter_by(id=j_id).first_or_404()
# user owns character or is admin
if not current_user.id == char.user_id and not current_user.has_admin_role(
):
flash_no_permission()
return redirect(url_for(no_perm))
# journal belongs to character
if journal not in char.journals:
flash("Journal does not belong to this character.", "danger")
return redirect(url_for(no_perm))
heading = "Edit Journal Entry for " + char.name
form = JournalForm()
form.session.choices = gen_session_choices(char)
form.submit.label.text = "Save Journal Entry"
if form.validate_on_submit():
journal.title = form.title.data
journal.is_visible = form.is_visible.data
journal.content = form.content.data
if form.session.data == 0:
journal.session_id = None
else:
journal.session_id = form.session.data
db.session.commit()
flash("Journal entry was changed.", "success")
return redirect(
url_for("character.journal_view", c_id=c_id, j_id=journal.id))
else:
form.title.data = journal.title
form.is_visible.data = journal.is_visible
form.content.data = journal.content
form.session.data = journal.session_id
return render_template("character/journal_form.html",
heading=heading,
form=form,
title=page_title("Edit Journal Entry '%s'" %
journal.title))
def view(id):
item = MediaItem.query.filter_by(id=id).first_or_404()
# TODO: write custom decorator for this?
if not current_user.is_event_admin(
) and item.is_visible == False and not item.created_by == current_user:
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.has_admin_role() and current_user.has_media_role(
) and item.is_visible == False and item.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
return render_template("media/view.html",
item=item,
title=page_title("View File"))
def journal_create(c_id):
char = Character.query.filter_by(id=c_id).first_or_404()
if current_user.id != char.user_id:
flash_no_permission()
return redirect(url_for(no_perm))
heading = "Create Journal Entry for " + char.name
form = JournalForm()
form.session.choices = gen_session_choices(char)
form.submit.label.text = "Create Journal Entry"
if form.validate_on_submit():
journal_entry = Journal(title=form.title.data,
content=form.content.data,
is_visible=form.is_visible.data,
character_id=c_id)
if (form.session.data != 0):
journal_entry.session_id = form.session.data
db.session.add(journal_entry)
db.session.commit()
flash("Journal entry was created.", "success")
return redirect(
url_for("character.journal_view", c_id=c_id,
j_id=journal_entry.id))
else:
# pre-select session if get-param was passed
session_id = request.args.get("session")
# will do nothing if session_id not an int or not in choices
if session_id:
try:
form.session.data = int(session_id)
except:
pass
return render_template("character/journal_form.html",
heading=heading,
form=form,
title=page_title("Add Journal Entry for '%s'" %
char.name))
def delete(id):
item = MediaItem.query.filter_by(id=id).first_or_404()
if not current_user.is_event_admin(
) and item.is_visible == False and not item.created_by == current_user:
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.has_admin_role() and current_user.has_media_role(
) and item.is_visible == False and item.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
remove(path.join(app.config["MEDIA_DIR"], item.filename))
db.session.delete(item)
db.session.commit()
flash("Media item was deleted.", "success")
return redirect(url_for('media.index'))
def delete(id):
event = Event.query.filter_by(id=id).first_or_404()
# TODO: write custom decorator for this?
if not current_user.has_admin_role() and current_user.has_event_role(
) and event.is_visible == False and event.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.is_event_admin(
) and event.is_visible == False and not event.created_by == current_user:
flash_no_permission()
return redirect(url_for(no_perm_url))
db.session.delete(event)
db.session.commit()
flash("Event was deleted", "success")
return redirect(url_for("calendar.index"))
def view(id):
event = Event.query.filter_by(id=id).first_or_404()
moons = Moon.query.all()
# TODO: write decorator for this?
if not current_user.is_event_admin(
) and event.is_visible == False and not event.created_by == current_user:
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.has_admin_role() and current_user.has_event_role(
) and event.is_visible == False and event.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
return render_template("event/view.html",
event=event,
moons=moons,
title=page_title("View Event '%s'" % event.name))
def journal_delete(c_id, j_id):
char = Character.query.filter_by(id=c_id).first_or_404()
journal = Journal.query.filter_by(id=j_id).first_or_404()
# user owns character or is admin
if journal.is_visible == False and not current_user.id == char.user_id and not current_user.has_admin_role(
):
flash_no_permission()
return redirect(url_for(no_perm))
# journal belongs to character
if journal not in char.journals:
flash("Journal does not belong to this character.", "danger")
return redirect(url_for(no_perm))
db.session.delete(journal)
db.session.commit()
flash("Journal entry was deleted.", "success")
return redirect(url_for('character.view', id=char.id))
def journal_view(c_id, j_id):
char = Character.query.filter_by(id=c_id).first_or_404()
journal = Journal.query.filter_by(id=j_id).first_or_404()
# user owns character or is admin
if journal.is_visible == False and not current_user.id == char.user_id and not current_user.has_admin_role(
):
flash_no_permission()
return redirect(url_for(no_perm))
# journal belongs to character
if journal not in char.journals:
flash("Journal does not belong to this character.", "danger")
return redirect(url_for(no_perm))
return render_template("character/journal_view.html",
char=char,
journal=journal,
title=page_title("View Journal Entry '%s'" %
journal.title))
def edit(id):
char = Character.query.filter_by(id=id).first_or_404()
if current_user.id != char.user_id and current_user.has_admin_role(
) == False:
flash_no_permission()
return redirect(url_for(no_perm))
form = EditCharacterForm()
if not current_user.has_admin_role():
del form.dm_notes
if form.validate_on_submit():
char.name = form.name.data
char.race = form.race.data
char.class_ = form.class_.data
char.description = form.description.data
char.private_notes = form.private_notes.data
char.edited = datetime.utcnow()
if current_user.has_admin_role():
char.dm_notes = form.dm_notes.data
db.session.commit()
flash("Character changes have been saved.", "success")
return redirect(url_for("character.view", id=id))
else:
form.name.data = char.name
form.race.data = char.race
form.class_.data = char.class_
form.description.data = char.description
form.private_notes.data = char.private_notes
if current_user.has_admin_role():
form.dm_notes.data = char.dm_notes
return render_template("character/edit.html",
form=form,
title=page_title("Edit character '%s'" %
char.name))
def delete(id):
if id == 1:
flash("The wiki main page can't be deleted", "danger")
return redirect(url_for('wiki.index'))
wikientry = WikiEntry.query.filter_by(id=id).first_or_404()
# TODO: write custom decorator / function for this
if not current_user.is_wiki_admin() and wikientry.is_visible == False and not wikientry.created_by == current_user:
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.has_admin_role() and current_user.has_wiki_role() and wikientry.is_visible == False and wikientry.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
db.session.delete(wikientry)
db.session.commit()
flash("Wiki article was deleted.", "success")
return redirect(url_for('wiki.index'))
def node_edit(id):
form = MapNodeForm()
form.submit.label.text = "Save Location"
if not current_user.is_map_admin():
del form.is_visible
if not current_user.has_admin_role():
del form.submap
else:
form.submap.choices = gen_submap_choices()
form.node_type.choices = gen_node_type_choices()
node = MapNode.query.filter_by(id=id).first_or_404()
# TODO: make custom decorators for this?
if not current_user.has_admin_role() and current_user.has_map_role(
) and node.is_visible == False and node.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.is_map_admin(
) and node.is_visible == False and not node.created_by == current_user:
flash_no_permission()
redirect(url_for(no_perm_url))
wiki_entry_ok = True
if node.wiki_entry_id != 0 and node.wiki_entry_id != None:
wentry = WikiEntry.query.filter_by(id=node.wiki_entry_id).first()
if not wentry:
wiki_entry_ok = False
else:
if not current_user.has_admin_role(
) and current_user.is_wiki_admin(
) and wentry.is_visible == False and wentry.created_by.has_admin_role(
):
wiki_entry_ok = False
if not current_user.is_wiki_admin(
) and wentry.is_visible == False and not wentry.created_by == current_user:
wiki_entry_ok = False
if wiki_entry_ok == True:
form.wiki_entry.choices = gen_wiki_entry_choices()
else:
form.wiki_entry.label.text = "(wiki entry is invisible to you and can not be changed.)"
form.wiki_entry.render_kw = {
"disabled": "disabled"
}
form.wiki_entry.choices = [(0, "disabled")]
if form.validate_on_submit():
node.name = form.name.data
node.description = form.description.data
node.node_type = form.node_type.data
node.coord_x = form.coord_x.data
node.coord_y = form.coord_y.data
if wiki_entry_ok == True:
node.wiki_entry_id = form.wiki_entry.data
if current_user.is_map_admin():
node.is_visible = form.is_visible.data
if current_user.has_admin_role():
node.submap = form.submap.data
db.session.commit()
map_changed(node.on_map)
return jsonify(data={
'success': True,
'message': "Location was edited."
})
elif request.method == "POST":
return jsonify(
data={
'success': False,
'message': "Form validation error",
'errors': form.errors
})
form.name.data = node.name
form.description.data = node.description
form.node_type.data = node.node_type
form.coord_x.data = node.coord_x
form.coord_y.data = node.coord_y
if wiki_entry_ok == True:
form.wiki_entry.data = node.wiki_entry_id
if current_user.is_map_admin():
form.is_visible.data = node.is_visible
if current_user.has_admin_role():
form.submap.data = node.submap
return render_template("map/node_edit.html", form=form, node=node)
def edit(id):
event = Event.query.filter_by(id=id).first_or_404()
form = EventForm()
form.submit.label.text = "Save Event"
form.category.choices = gen_event_category_choices()
form.epoch.choices = gen_epoch_choices()
form.month.choices = gen_month_choices()
if request.method == "POST":
form.day.choices = gen_day_choices(form.month.data)
else:
form.day.choices = gen_day_choices(event.month_id)
# TODO: write custom decorator for this?
if not current_user.has_admin_role() and current_user.has_event_role(
) and event.is_visible == False and event.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.is_event_admin(
) and event.is_visible == False and not event.created_by == current_user:
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.is_event_admin():
del form.is_visible
if form.validate_on_submit():
event.name = form.name.data
event.category_id = form.category.data
event.description = form.description.data
event.epoch_id = form.epoch.data
event.year = form.year.data
event.month_id = form.month.data
event.day = form.day.data
event.duration = form.duration.data
if current_user.is_event_admin():
event.is_visible = form.is_visible.data
db.session.commit()
update_timestamp(event.id)
flash("Event was edited.", "success")
return redirect(url_for("event.view", id=id))
elif request.method == "GET":
form.name.data = event.name
form.category.data = event.category_id
form.description.data = event.description
form.epoch.data = event.epoch_id
form.year.data = event.year
form.month.data = event.month_id
form.day.data = event.day
form.duration.data = event.duration
if current_user.is_event_admin():
form.is_visible.data = event.is_visible
calendar_helper = gen_calendar_stats()
return render_template("event/edit.html",
form=form,
calendar=calendar_helper,
title=page_title("Edit Event '%s'" % event.name))
