def get_current_admin_guide():
module_name = request.blueprint
admin_guide = Page.get_by_path('guides/admin/' + module_name)
if not admin_guide or not ModuleAPI.can_write(module_name):
admin_revision = PageRevision(None, None, None, None, None, None, None)
if ModuleAPI.can_write(module_name):
admin_revision.title = 'Er is geen admin handleiding beschikbaar voor ' +\
module_name
if ModuleAPI.can_write('page'):
admin_revision.content = 'Voeg ' +\
'<a href="/edit/guides/admin/' + module_name + '"> hier </a>' +\
' een admin handleiding toe.'
else:
admin_revision.content = ''
else:
admin_revision.title = ''
admin_revision.content = ''
else:
admin_revision = admin_guide.get_latest_revision()
if ModuleAPI.can_write('page') and\
ModuleAPI.can_write(module_name):
admin_revision.title += '<a href="/edit/guides/admin/' + module_name +\
'"> (bewerk) </a>'
return admin_revision
def get_current_user_guide():
module_name = request.blueprint
""" Get the user guide for a specific module """
user_guide = Page.get_by_path('guides/user/' + module_name)
if not user_guide:
user_revision = PageRevision(None, None, None, None, None, None, None)
user_revision.title = 'Er is geen user handleiding beschikbaar voor ' +\
module_name
if ModuleAPI.can_write('page') and\
ModuleAPI.can_write(module_name):
user_revision.content = 'Voeg ' +\
'<a href="/edit/guides/user/' + module_name + '"> hier </a>' +\
' een user handleiding toe.'
else:
user_revision.content = ''
else:
user_revision = user_guide.get_latest_revision()
if ModuleAPI.can_write('page') and\
ModuleAPI.can_write(module_name):
user_revision.title += '<a href="/edit/guides/user/' + module_name +\
'"> (bewerk) </a>'
return user_revision
def delete(entry_id, inc_page=0):
if not ModuleAPI.can_write('navigation'):
return abort(403)
if inc_page and not ModuleAPI.can_write('page'):
flash(_('You do not have rights to remove pages'))
return abort(403)
entry = db.session.query(NavigationEntry).filter_by(id=entry_id).first()
if not entry:
abort(404)
if not entry.parent:
if entry.children.count() > 0:
flash('Deze item heeft nog subitems.', 'danger')
return redirect(url_for('navigation.edit', entry_id=entry.id))
if inc_page:
if entry.external or entry.activity_list:
flash('Deze item verwijst niet naar een pagina op deze website.',
'danger')
else:
path = entry.url.lstrip('/')
if PageAPI.remove_page(path):
flash('De pagina is verwijderd.', 'success')
else:
flash('De te verwijderen pagina kon niet worden gevonden.',
'danger')
db.session.delete(entry)
db.session.commit()
flash('De navigatie-item is verwijderd.', 'success')
return redirect(url_for('navigation.view'))
def delete(path):
if not ModuleAPI.can_write('page'):
return abort(403)
page = Page.get_by_path(path)
if not page:
flash(_('The page you tried to delete does not exist.'), 'danger')
return redirect(url_for('page.get_page', path=path))
abort(404)
rev = page.get_latest_revision()
class DeleteForm(Form):
title = StringField(_('Page title'))
form = DeleteForm(request.form)
if form.validate_on_submit():
if rev.title == form.title.data:
db.session.delete(page)
db.session.commit()
flash(_('The page has been deleted'), 'success')
return redirect(url_for('home.home'))
else:
flash(_('The given title does not match the page title.'),
'warning')
else:
flash_form_errors(form)
return render_template('page/delete.htm', rev=rev, form=form)
def admin_vote():
if not ModuleAPI.can_write('elections'):
return abort(403)
rp = db.engine.execute('SELECT a.*, (SELECT COUNT(*) FROM dvhj_vote b '
'WHERE b.nominee_id=a.id) AS votes '
'FROM dvhj_nominee a WHERE a.valid=1 '
'ORDER BY votes DESC;')
nominees = []
def nomi(row):
return {'id': row[0],
'created': row[1],
'modified': row[2],
'name': row[3],
'valid': row[4],
'votes': row[5]}
while True:
row = rp.fetchone()
if row is None:
break
nominees.append(nomi(row))
return render_template('elections/admin_vote.htm',
title='Docent van het jaar IW/Stemmen/Admin',
nominees=nominees)
def remove_avatar(user_id=None):
user = User.query.get(user_id)
if not ModuleAPI.can_write('user') and\
(current_user.is_anonymous or current_user.id != user_id):
return abort(403)
UserAPI.remove_avatar(user)
return redirect(url_for('user.view_single', user_id=user_id))
def has_paid(submit_id=None):
response = "success"
if not ModuleAPI.can_write('custom_form') or current_user.is_anonymous:
return abort(403)
# Test if user already signed up
submission = CustomFormResult.query.filter(
CustomFormResult.id == submit_id
).first()
if not submission:
response = "Error, submission could not be found"
# Adjust the "has_paid"
if submission.has_paid:
submission.has_paid = False
else:
submission.has_paid = True
db.session.add(submission)
db.session.commit()
copernica_data = {
"Betaald": "Ja" if submission.has_paid else "Nee",
}
copernica.update_subprofile(copernica.SUBPROFILE_ACTIVITY,
submission.owner_id, submission.form_id,
copernica_data)
return response
def create_challenge(challenge_id=None):
if not ModuleAPI.can_write('challenge'):
abort(403)
# Gather all arguments
if request.args.get('parent_id'):
parent_id = request.args.get('parent_id')
else:
return "Error, no 'parent_id' given"
if request.args.get('name'):
name = request.args.get('name')
else:
return "Error, no 'name' given"
if request.args.get('description'):
description = request.args.get('description')
else:
return "Error, no 'description' given"
if request.args.get('type'):
type = request.args.get('type')
else:
return "Error, no 'type' given"
if request.args.get('start_date'):
start_date = datetime.datetime.strptime(request.args.get('start_date'),
'%Y-%m-%d').date()
else:
return "Error, no 'start_date' given"
if request.args.get('end_date'):
end_date = datetime.datetime.strptime(request.args.get('end_date'),
'%Y-%m-%d').date()
else:
return "Error, no 'end_date' given"
if request.args.get('answer'):
answer = request.args.get('answer')
else:
return "Error, no 'answer' given"
if request.args.get('weight'):
weight = request.args.get('weight')
else:
return "Error, no 'weight' given"
if request.args.get('hint'):
hint = request.args.get('hint')
else:
return "Error, no 'hint' given"
# Check if the name of the challenge is unique
if ChallengeAPI.challenge_exists(name):
return "Error, challenge with name '" + name + "' already exists"
return ChallengeAPI.create_challenge(name, description, hint, start_date,
end_date, parent_id, weight, type,
answer)
def reorder():
if not ModuleAPI.can_write('navigation'):
return abort(403)
entries = json.loads(request.form['entries'])
NavigationAPI.order(entries, None)
return ""
def fetch_all():
if not ModuleAPI.can_write('challenge'):
abort(403)
challenges = ChallengeAPI.fetch_all_challenges()
return jsonify(challenges=[challenge.serialize for challenge in
challenges])
def view_single(user_id=None):
if user_id is None:
if current_user.is_authenticated:
return redirect(url_for('user.view_single',
user_id=current_user.id))
return redirect(url_for('user.view'))
can_read = False
can_write = False
# Only logged in users can view profiles
if current_user.is_anonymous:
return abort(403)
# Unpaid members cannot view other profiles
if current_user.id != user_id and not current_user.has_paid:
return abort(403)
# A user can always view his own profile
if current_user.id == user_id:
can_write = True
can_read = True
# group rights
if ModuleAPI.can_read('user'):
can_read = True
if ModuleAPI.can_write('user'):
can_write = True
can_read = True
user = User.query.get_or_404(user_id)
user.avatar = UserAPI.avatar(user)
user.groups = UserAPI.get_groups_for_user_id(user)
user.groups_amount = user.groups.count()
if "gravatar" in user.avatar:
user.avatar = user.avatar + "&s=341"
# Get all activity entrees from these forms, order by start_time of
# activity.
activities = Activity.query.join(CustomForm).join(CustomFormResult).\
filter(CustomFormResult.owner_id == user_id and
CustomForm.id == CustomFormResult.form_id and
Activity.form_id == CustomForm.id)
user.activities_amount = activities.count()
new_activities = activities\
.filter(Activity.end_time > datetime.today()).distinct()\
.order_by(Activity.start_time)
old_activities = activities\
.filter(Activity.end_time < datetime.today()).distinct()\
.order_by(Activity.start_time.desc())
return render_template('user/view_single.htm', user=user,
new_activities=new_activities,
old_activities=old_activities,
can_read=can_read,
can_write=can_write)
def edit_seo():
# TODO CHANGE THIS TO SEO
if not ModuleAPI.can_write('seo'):
return abort(403)
module = request.args['module']
path = request.args['path']
seo = SeoAPI.get_seo(module, path)
# Retrieve form info.
form = SeoForm(request.form, seo)
# On Seo submit (edit or create)
if form.validate_on_submit():
if seo:
# Edit the seo entry
seo.nl_title = form.nl_title.data.strip()
seo.en_title = form.en_title.data.strip()
seo.nl_description = form.nl_description.data.strip()
seo.en_description = form.en_description.data.strip()
seo.nl_tags = form.nl_tags.data.strip()
seo.en_tags = form.en_tags.data.strip()
print("SEO")
db.session.add(seo)
db.session.commit()
if not seo:
# Get seo resources to indentify the seo in the database.
res = SeoAPI.get_resources(module, path)
# Create the new seo entry
seo = SEO(res['page'],
res['page_id'],
res['activity'],
res['activity_id'],
res['url'],
form.nl_title.data.strip(),
form.en_title.data.strip(),
form.nl_description.data.strip(),
form.en_description.data.strip(),
form.nl_tags.data.strip(),
form.en_tags.data.strip())
print(vars(seo))
db.session.add(seo)
db.session.commit()
flash(_('The seo settings have been saved'), 'success')
# redirect newly created page
return redirect(url_for('page.get_page', path=path))
else:
flash_form_errors(form)
return render_template('seo/edit_seo.htm', form=form)
def delete(location_id):
"""Delete a location."""
if not ModuleAPI.can_write('location'):
return abort(403)
location = Location.query.get_or_404(location_id)
db.session.delete(location)
db.session.commit()
flash(_('Location deleted.'), 'success')
return redirect(url_for('location.list'))
def list(page_nr=1, search=None):
if not ModuleAPI.can_read('vacancy'):
return abort(403)
# Order the vacancies in such a way that vacancies that are new
# or almost expired, end up on top.
order = func.abs(
(100 * (func.datediff(Vacancy.start_date, func.current_date()) /
func.datediff(Vacancy.start_date, Vacancy.end_date))) - 50)
if search is not None:
vacancies = Vacancy.query.join(Company). \
filter(or_(Vacancy.title.like('%' + search + '%'),
Company.name.like('%' + search + '%'),
Vacancy.workload.like('%' + search + '%'),
Vacancy.contract_of_service.like('%' + search + '%'))) \
.order_by(order.desc())
if not ModuleAPI.can_write('vacancy'):
vacancies = vacancies.filter(
and_(Vacancy.start_date <
datetime.utcnow(), Vacancy.end_date >
datetime.utcnow()))
vacancies = vacancies.paginate(page_nr, 15, False)
return render_template('vacancy/list.htm', vacancies=vacancies,
search=search, path=FILE_FOLDER,
title="Vacatures")
if ModuleAPI.can_write('vacancy'):
vacancies = Vacancy.query.join(Company).order_by(order.desc())
else:
vacancies = Vacancy.query.order_by(order.desc()) \
.filter(and_(Vacancy.start_date <
datetime.utcnow(), Vacancy.end_date >
datetime.utcnow()))
vacancies = vacancies.paginate(page_nr, 15, False)
return render_template('vacancy/list.htm', vacancies=vacancies,
search="", path=FILE_FOLDER, title="Vacatures")
def delete(contact_id):
"""Delete a contact."""
if not ModuleAPI.can_write('contact'):
return abort(403)
contact = Contact.query.get_or_404(contact_id)
db.session.delete(contact)
db.session.commit()
flash(_('Contact person deleted.'), 'success')
return redirect(url_for('contact.list'))
def validate_nominate():
if not ModuleAPI.can_write('elections'):
return jsonify(error='Hey, dit mag jij helemaal niet doen!'), 403
nominee = Nominee.query.get(request.form.get('id'))
valid = request.form.get('valid') == 'true'
nominee.valid = valid
db.session.commit()
return jsonify()
def delete(vacancy_id=None):
"""Delete a vacancy."""
if not ModuleAPI.can_write('vacancy'):
return abort(403)
vacancy = Vacancy.query.get_or_404(vacancy_id)
db.session.delete(vacancy)
db.session.commit()
flash(_('Vacancy deleted'), 'success')
return redirect(url_for('vacancy.list'))
def add_users(group_id, page_nr=1):
if not (ModuleAPI.can_write("group")):
return abort(403)
group = Group.query.filter(Group.id == group_id).first()
if not group:
flash("There is no such group.", "danger")
return redirect(url_for("group.view"))
return render_template("group/add_users.htm", group=group, title="Add users")
def delete(redirect_id):
if not ModuleAPI.can_write('redirect'):
return abort(403)
redirection = Redirect.query.get_or_404(redirect_id)
db.session.delete(redirection)
db.session.commit()
flash('De omleiding is succesvol verwijderd.')
return redirect(url_for('redirect.view'))
def commit_task_to_db(name, content, group_id, filled_in_users,
line, minute_id, status):
"""
Enter task into the database.
Return succes (boolean), message (string). Message is the new task.id
if succes is true, otherwise it contains an error message.
"""
if not ModuleAPI.can_write('pimpy'):
return abort(403)
if group_id == 'all':
return False, "Groep kan niet 'All' zijn"
group = Group.query.filter(Group.id == group_id).first()
if group is None:
return False, "Er is niet een groep die voldoet opgegeven."
users, message = PimpyAPI.get_list_of_users_from_string(
group_id, filled_in_users)
if not users:
return False, message
if minute_id <= 0:
minute_id = 1
group_id = int(group_id)
task = Task.query.filter(
Task.title == name,
Task.content == content,
Task.group_id == group_id).first()
if task:
return False, "Deze taak bestaat al in de database"
else:
task = Task(name, content, group_id,
users, minute_id, line, status)
db.session.add(task)
db.session.commit()
# Add task to Copernica
# for user in users:
# copernica_data = {
# "viaductID": task.base32_id(),
# "Actiepunt": task.title,
# "Status": task.get_status_string(),
# "Groep": task.group.name,
# }
# copernica.add_subprofile(
# copernica.SUBPROFILE_TASK, user.id, copernica_data)
return True, task.id
def unarchive(form_id, page_nr=1):
if not ModuleAPI.can_write('custom_form') or current_user.is_anonymous:
return abort(403)
form = CustomForm.query.get_or_404(form_id)
form.archived = False
db.session.commit()
flash('Formulier gede-archiveerd', 'success')
return redirect(url_for('custom_form.view', page_nr=page_nr))
def fetch_question():
if not ModuleAPI.can_write('challenge'):
abort(403)
# Gather all arguments
if request.args.get('challenge_id'):
challenge_id = request.args.get('challenge_id')
else:
return "Error, no 'challenge_id' given"
challenge = ChallengeAPI.fetch_challenge(challenge_id)
return jsonify(challenges=challenge.serialize)
def api_delete_user():
if not ModuleAPI.can_write('user'):
return abort(403)
user_ids = request.get_json()['selected_ids']
del_users = User.query.filter(User.id.in_(user_ids)).all()
for user in del_users:
db.session.delete(user)
db.session.commit()
return json.dumps({'status': 'success'})
def upload(page_nr=1):
"""Upload a file."""
if not ModuleAPI.can_write('file'):
return abort(403)
new_file_name = request.files['file']
new_file = FileAPI.upload(new_file_name)
files = File.query.filter_by(page=None).order_by(File.name)\
.paginate(page_nr, 30, False)
form = FileForm()
return render_template('files/list.htm', **locals())
def edit(summary_id):
if not ModuleAPI.can_write('summary', True):
session['prev'] = 'summary.edit_summary'
return abort(403)
summary = Summary.query.get(summary_id)
if not summary:
flash(_('Summary could not be found.'), 'danger')
return redirect(url_for('summary.view'))
session['summary_edit_id'] = summary_id
form = EditForm(request.form, summary)
courses = Course.query.order_by(Course.name).all()
educations = Education.query.order_by(Education.name).all()
form.course.choices = [(c.id, c.name) for c in courses]
form.education.choices = [(e.id, e.name) for e in educations]
if request.method == 'POST':
if form.validate_on_submit():
file = request.files['summary']
summary.title = form.title.data
summary.course_id = form.course.data
summary.education_id = form.education.data
summary.date = form.date.data
new_path = upload_file_real(file, summary.path)
if new_path:
summary.path = new_path
elif new_path is None:
flash(_('Wrong format summary.'), 'danger')
if not new_path:
flash(_('Old summary preserved.'), 'info')
db.session.commit()
flash(_('Summary succesfully changed.'), 'success')
return redirect(url_for('summary.edit', summary_id=summary_id))
else:
flash_form_errors(form)
path = '/static/uploads/summaries/'
return render_template(
'summary/edit.htm', path=path, summary=summary,
courses=courses, educations=educations,
new_summary=False, form=form)
def contest_submissions_view(contest_id, team_id=None):
# Use DOMjudge team id so the pages also support non via_user teams
if team_id and not ModuleAPI.can_write('domjudge'):
return abort(403)
session = DOMjudgeAPI.login(DOMJUDGE_ADMIN_USERNAME,
DOMJUDGE_ADMIN_PASSWORD)
if not team_id:
team_id = DOMjudgeAPI.get_teamid_for_userid(
current_user.id, 3, session)
return render_contest_submissions_view(contest_id, team_id=team_id)
def group_api_add_users(group_id):
if not (ModuleAPI.can_write("group")):
return abort(403)
group = Group.query.get(group_id)
user_ids = request.get_json()["selected_ids"]
add_users = User.query.filter(User.id.in_(user_ids)).all()
for user in add_users:
group.add_user(user)
db.session.add(group)
db.session.commit()
return "testestetsetset", 200
def remove_activity(activity_id=0):
if not ModuleAPI.can_write('activity'):
return abort(403)
# Get activity
activity = Activity.query.filter(Activity.id == activity_id).first()
# Remove the event from google calendar
google.delete_activity(activity.google_event_id)
# Remove it
db.session.delete(activity)
db.session.commit()
return redirect(url_for('activity.view'))
def get_courses():
if not ModuleAPI.can_write('examination', True):
return abort(403)
courses = Course.query.all()
courses_list = []
for course in courses:
courses_list.append(
[course.id,
course.name,
course.description if course.description != "" else "N/A"
])
return json.dumps({"data": courses_list})
def edit_task(task_id, name, content, group_id,
filled_in_users, line):
"""
Return succes (boolean), message (string).
Message is irrelevant if
succes is true, otherwise it contains what exactly went wrong.
In case of succes the task is edited in the database.
"""
if not ModuleAPI.can_write('pimpy'):
return abort(403)
if task_id == -1:
return False, "Geen taak ID opgegeven."
task = Task.query.filter(Task.id == task_id).first()
users, message = PimpyAPI.get_list_of_users_from_string(
group_id, filled_in_users)
if not users:
return False, message
if name:
task.title = name
if content:
task.content = content
if group_id:
task.group_id = group_id
if line:
task.line = line
if users:
task.users = users
# if status:
# task.status = status
db.session.commit()
# for user in users:
# copernica_data = {
# "Actiepunt": task.title,
# "Status": task.get_status_string(),
# }
# copernica.update_subprofile(copernica.SUBPROFILE_TASK,
# user.id, task.base32_id(),
# copernica_data)
return True, "Taak bewerkt."
