Beispiel #1
0
    def get_current_admin_guide():
        module_name = request.blueprint

        admin_guide = Page.get_by_path('guides/admin/' + module_name)

        if not admin_guide or not ModuleAPI.can_write(module_name):
            admin_revision = PageRevision(None, None, None, None, None, None, None)
            if ModuleAPI.can_write(module_name):
                admin_revision.title = 'Er is geen admin handleiding beschikbaar voor ' +\
                    module_name
                if ModuleAPI.can_write('page'):
                    admin_revision.content = 'Voeg ' +\
                        '<a href="/edit/guides/admin/' + module_name + '"> hier </a>' +\
                        ' een admin handleiding toe.'
                else:
                    admin_revision.content = ''
            else:
                admin_revision.title = ''
                admin_revision.content = ''
        else:
            admin_revision = admin_guide.get_latest_revision()
            if ModuleAPI.can_write('page') and\
                    ModuleAPI.can_write(module_name):
                admin_revision.title += '<a href="/edit/guides/admin/' + module_name +\
                    '"> (bewerk) </a>'

        return admin_revision
Beispiel #2
0
    def get_current_user_guide():
        module_name = request.blueprint

        """ Get the user guide for a specific module """
        user_guide = Page.get_by_path('guides/user/' + module_name)

        if not user_guide:
            user_revision = PageRevision(None, None, None, None, None, None, None)
            user_revision.title = 'Er is geen user handleiding beschikbaar voor ' +\
                module_name

            if ModuleAPI.can_write('page') and\
                    ModuleAPI.can_write(module_name):
                user_revision.content = 'Voeg ' +\
                    '<a href="/edit/guides/user/' + module_name + '"> hier </a>' +\
                    ' een user handleiding toe.'
            else:
                user_revision.content = ''
        else:
            user_revision = user_guide.get_latest_revision()
            if ModuleAPI.can_write('page') and\
                    ModuleAPI.can_write(module_name):
                user_revision.title += '<a href="/edit/guides/user/' + module_name +\
                    '"> (bewerk) </a>'

        return user_revision
Beispiel #3
0
def delete(entry_id, inc_page=0):
    if not ModuleAPI.can_write('navigation'):
        return abort(403)

    if inc_page and not ModuleAPI.can_write('page'):
        flash(_('You do not have rights to remove pages'))
        return abort(403)

    entry = db.session.query(NavigationEntry).filter_by(id=entry_id).first()
    if not entry:
        abort(404)

    if not entry.parent:
        if entry.children.count() > 0:
            flash('Deze item heeft nog subitems.', 'danger')
            return redirect(url_for('navigation.edit', entry_id=entry.id))

    if inc_page:
        if entry.external or entry.activity_list:
            flash('Deze item verwijst niet naar een pagina op deze website.',
                  'danger')
        else:
            path = entry.url.lstrip('/')
            if PageAPI.remove_page(path):
                flash('De pagina is verwijderd.', 'success')
            else:
                flash('De te verwijderen pagina kon niet worden gevonden.',
                      'danger')

    db.session.delete(entry)
    db.session.commit()

    flash('De navigatie-item is verwijderd.', 'success')

    return redirect(url_for('navigation.view'))
Beispiel #4
0
def delete(path):
    if not ModuleAPI.can_write('page'):
        return abort(403)

    page = Page.get_by_path(path)
    if not page:
        flash(_('The page you tried to delete does not exist.'), 'danger')
        return redirect(url_for('page.get_page', path=path))
        abort(404)
    rev = page.get_latest_revision()

    class DeleteForm(Form):
        title = StringField(_('Page title'))

    form = DeleteForm(request.form)

    if form.validate_on_submit():
        if rev.title == form.title.data:
            db.session.delete(page)
            db.session.commit()
            flash(_('The page has been deleted'), 'success')
            return redirect(url_for('home.home'))
        else:
            flash(_('The given title does not match the page title.'),
                  'warning')
    else:
        flash_form_errors(form)

    return render_template('page/delete.htm', rev=rev, form=form)
Beispiel #5
0
def admin_vote():
    if not ModuleAPI.can_write('elections'):
        return abort(403)

    rp = db.engine.execute('SELECT a.*, (SELECT COUNT(*) FROM dvhj_vote b '
                           'WHERE b.nominee_id=a.id) AS votes '
                           'FROM dvhj_nominee a WHERE a.valid=1 '
                           'ORDER BY votes DESC;')

    nominees = []

    def nomi(row):
        return {'id': row[0],
                'created': row[1],
                'modified': row[2],
                'name': row[3],
                'valid': row[4],
                'votes': row[5]}

    while True:
        row = rp.fetchone()
        if row is None:
            break

        nominees.append(nomi(row))

    return render_template('elections/admin_vote.htm',
                           title='Docent van het jaar IW/Stemmen/Admin',
                           nominees=nominees)
Beispiel #6
0
def remove_avatar(user_id=None):
    user = User.query.get(user_id)
    if not ModuleAPI.can_write('user') and\
            (current_user.is_anonymous or current_user.id != user_id):
        return abort(403)
    UserAPI.remove_avatar(user)
    return redirect(url_for('user.view_single', user_id=user_id))
Beispiel #7
0
def has_paid(submit_id=None):
    response = "success"

    if not ModuleAPI.can_write('custom_form') or current_user.is_anonymous:
        return abort(403)

    # Test if user already signed up
    submission = CustomFormResult.query.filter(
        CustomFormResult.id == submit_id
    ).first()

    if not submission:
        response = "Error, submission could not be found"

    # Adjust the "has_paid"
    if submission.has_paid:
        submission.has_paid = False
    else:
        submission.has_paid = True

    db.session.add(submission)
    db.session.commit()

    copernica_data = {
        "Betaald": "Ja" if submission.has_paid else "Nee",
    }

    copernica.update_subprofile(copernica.SUBPROFILE_ACTIVITY,
                                submission.owner_id, submission.form_id,
                                copernica_data)

    return response
Beispiel #8
0
def create_challenge(challenge_id=None):
    if not ModuleAPI.can_write('challenge'):
        abort(403)

    # Gather all arguments
    if request.args.get('parent_id'):
        parent_id = request.args.get('parent_id')
    else:
        return "Error, no 'parent_id' given"

    if request.args.get('name'):
        name = request.args.get('name')
    else:
        return "Error, no 'name' given"

    if request.args.get('description'):
        description = request.args.get('description')
    else:
        return "Error, no 'description' given"

    if request.args.get('type'):
        type = request.args.get('type')
    else:
        return "Error, no 'type' given"

    if request.args.get('start_date'):
        start_date = datetime.datetime.strptime(request.args.get('start_date'),
                                                '%Y-%m-%d').date()
    else:
        return "Error, no 'start_date' given"

    if request.args.get('end_date'):
        end_date = datetime.datetime.strptime(request.args.get('end_date'),
                                              '%Y-%m-%d').date()
    else:
        return "Error, no 'end_date' given"

    if request.args.get('answer'):
        answer = request.args.get('answer')
    else:
        return "Error, no 'answer' given"

    if request.args.get('weight'):
        weight = request.args.get('weight')
    else:
        return "Error, no 'weight' given"

    if request.args.get('hint'):
        hint = request.args.get('hint')
    else:
        return "Error, no 'hint' given"

    # Check if the name of the challenge is unique
    if ChallengeAPI.challenge_exists(name):
        return "Error, challenge with name '" + name + "' already exists"

    return ChallengeAPI.create_challenge(name, description, hint, start_date,
                                         end_date, parent_id, weight, type,
                                         answer)
Beispiel #9
0
def reorder():
    if not ModuleAPI.can_write('navigation'):
        return abort(403)

    entries = json.loads(request.form['entries'])
    NavigationAPI.order(entries, None)

    return ""
Beispiel #10
0
def fetch_all():
    if not ModuleAPI.can_write('challenge'):
        abort(403)

    challenges = ChallengeAPI.fetch_all_challenges()

    return jsonify(challenges=[challenge.serialize for challenge in
                               challenges])
Beispiel #11
0
def view_single(user_id=None):
    if user_id is None:
        if current_user.is_authenticated:
            return redirect(url_for('user.view_single',
                                    user_id=current_user.id))
        return redirect(url_for('user.view'))

    can_read = False
    can_write = False

    # Only logged in users can view profiles
    if current_user.is_anonymous:
        return abort(403)
    # Unpaid members cannot view other profiles
    if current_user.id != user_id and not current_user.has_paid:
        return abort(403)
    # A user can always view his own profile
    if current_user.id == user_id:
        can_write = True
        can_read = True
    # group rights
    if ModuleAPI.can_read('user'):
        can_read = True
    if ModuleAPI.can_write('user'):
        can_write = True
        can_read = True

    user = User.query.get_or_404(user_id)
    user.avatar = UserAPI.avatar(user)
    user.groups = UserAPI.get_groups_for_user_id(user)

    user.groups_amount = user.groups.count()

    if "gravatar" in user.avatar:
        user.avatar = user.avatar + "&s=341"

    # Get all activity entrees from these forms, order by start_time of
    # activity.
    activities = Activity.query.join(CustomForm).join(CustomFormResult).\
        filter(CustomFormResult.owner_id == user_id and
               CustomForm.id == CustomFormResult.form_id and
               Activity.form_id == CustomForm.id)

    user.activities_amount = activities.count()

    new_activities = activities\
        .filter(Activity.end_time > datetime.today()).distinct()\
        .order_by(Activity.start_time)
    old_activities = activities\
        .filter(Activity.end_time < datetime.today()).distinct()\
        .order_by(Activity.start_time.desc())

    return render_template('user/view_single.htm', user=user,
                           new_activities=new_activities,
                           old_activities=old_activities,
                           can_read=can_read,
                           can_write=can_write)
Beispiel #12
0
def edit_seo():
    # TODO CHANGE THIS TO SEO
    if not ModuleAPI.can_write('seo'):
        return abort(403)

    module = request.args['module']
    path = request.args['path']

    seo = SeoAPI.get_seo(module, path)

    # Retrieve form info.
    form = SeoForm(request.form, seo)

    # On Seo submit (edit or create)
    if form.validate_on_submit():
        if seo:
            # Edit the seo entry
            seo.nl_title = form.nl_title.data.strip()
            seo.en_title = form.en_title.data.strip()
            seo.nl_description = form.nl_description.data.strip()
            seo.en_description = form.en_description.data.strip()
            seo.nl_tags = form.nl_tags.data.strip()
            seo.en_tags = form.en_tags.data.strip()
            print("SEO")

            db.session.add(seo)
            db.session.commit()
        if not seo:
            # Get seo resources to indentify the seo in the database.
            res = SeoAPI.get_resources(module, path)

            # Create the new seo entry
            seo = SEO(res['page'],
                      res['page_id'],
                      res['activity'],
                      res['activity_id'],
                      res['url'],
                      form.nl_title.data.strip(),
                      form.en_title.data.strip(),
                      form.nl_description.data.strip(),
                      form.en_description.data.strip(),
                      form.nl_tags.data.strip(),
                      form.en_tags.data.strip())
            print(vars(seo))

            db.session.add(seo)
            db.session.commit()

        flash(_('The seo settings have been saved'), 'success')

        # redirect newly created page
        return redirect(url_for('page.get_page', path=path))
    else:
        flash_form_errors(form)

    return render_template('seo/edit_seo.htm', form=form)
Beispiel #13
0
def delete(location_id):
    """Delete a location."""
    if not ModuleAPI.can_write('location'):
        return abort(403)

    location = Location.query.get_or_404(location_id)
    db.session.delete(location)
    db.session.commit()
    flash(_('Location deleted.'), 'success')
    return redirect(url_for('location.list'))
Beispiel #14
0
def list(page_nr=1, search=None):
    if not ModuleAPI.can_read('vacancy'):
        return abort(403)

    # Order the vacancies in such a way that vacancies that are new
    # or almost expired, end up on top.
    order = func.abs(
        (100 * (func.datediff(Vacancy.start_date, func.current_date()) /
                func.datediff(Vacancy.start_date, Vacancy.end_date))) - 50)

    if search is not None:
        vacancies = Vacancy.query.join(Company). \
            filter(or_(Vacancy.title.like('%' + search + '%'),
                       Company.name.like('%' + search + '%'),
                       Vacancy.workload.like('%' + search + '%'),
                       Vacancy.contract_of_service.like('%' + search + '%'))) \
            .order_by(order.desc())

        if not ModuleAPI.can_write('vacancy'):
            vacancies = vacancies.filter(
                and_(Vacancy.start_date <
                     datetime.utcnow(), Vacancy.end_date >
                     datetime.utcnow()))

        vacancies = vacancies.paginate(page_nr, 15, False)

        return render_template('vacancy/list.htm', vacancies=vacancies,
                               search=search, path=FILE_FOLDER,
                               title="Vacatures")

    if ModuleAPI.can_write('vacancy'):
        vacancies = Vacancy.query.join(Company).order_by(order.desc())
    else:
        vacancies = Vacancy.query.order_by(order.desc()) \
            .filter(and_(Vacancy.start_date <
                         datetime.utcnow(), Vacancy.end_date >
                         datetime.utcnow()))

    vacancies = vacancies.paginate(page_nr, 15, False)

    return render_template('vacancy/list.htm', vacancies=vacancies,
                           search="", path=FILE_FOLDER, title="Vacatures")
Beispiel #15
0
def delete(contact_id):
    """Delete a contact."""
    if not ModuleAPI.can_write('contact'):
        return abort(403)

    contact = Contact.query.get_or_404(contact_id)
    db.session.delete(contact)
    db.session.commit()
    flash(_('Contact person deleted.'), 'success')

    return redirect(url_for('contact.list'))
Beispiel #16
0
def validate_nominate():
    if not ModuleAPI.can_write('elections'):
        return jsonify(error='Hey, dit mag jij helemaal niet doen!'), 403

    nominee = Nominee.query.get(request.form.get('id'))
    valid = request.form.get('valid') == 'true'

    nominee.valid = valid
    db.session.commit()

    return jsonify()
Beispiel #17
0
def delete(vacancy_id=None):
    """Delete a vacancy."""
    if not ModuleAPI.can_write('vacancy'):
        return abort(403)

    vacancy = Vacancy.query.get_or_404(vacancy_id)
    db.session.delete(vacancy)
    db.session.commit()
    flash(_('Vacancy deleted'), 'success')

    return redirect(url_for('vacancy.list'))
Beispiel #18
0
def add_users(group_id, page_nr=1):
    if not (ModuleAPI.can_write("group")):
        return abort(403)

    group = Group.query.filter(Group.id == group_id).first()

    if not group:
        flash("There is no such group.", "danger")
        return redirect(url_for("group.view"))

    return render_template("group/add_users.htm", group=group, title="Add users")
Beispiel #19
0
def delete(redirect_id):
    if not ModuleAPI.can_write('redirect'):
        return abort(403)

    redirection = Redirect.query.get_or_404(redirect_id)

    db.session.delete(redirection)
    db.session.commit()

    flash('De omleiding is succesvol verwijderd.')

    return redirect(url_for('redirect.view'))
Beispiel #20
0
    def commit_task_to_db(name, content, group_id, filled_in_users,
                          line, minute_id, status):
        """
        Enter task into the database.

        Return succes (boolean), message (string). Message is the new task.id
        if succes is true, otherwise it contains an error message.
        """
        if not ModuleAPI.can_write('pimpy'):
            return abort(403)

        if group_id == 'all':
            return False, "Groep kan niet 'All' zijn"
        group = Group.query.filter(Group.id == group_id).first()
        if group is None:
            return False, "Er is niet een groep die voldoet opgegeven."

        users, message = PimpyAPI.get_list_of_users_from_string(
            group_id, filled_in_users)
        if not users:
            return False, message

        if minute_id <= 0:
            minute_id = 1

        group_id = int(group_id)

        task = Task.query.filter(
            Task.title == name,
            Task.content == content,
            Task.group_id == group_id).first()

        if task:
            return False, "Deze taak bestaat al in de database"
        else:
            task = Task(name, content, group_id,
                        users, minute_id, line, status)

        db.session.add(task)
        db.session.commit()

        # Add task to Copernica
        # for user in users:
        #     copernica_data = {
        #         "viaductID": task.base32_id(),
        #         "Actiepunt": task.title,
        #         "Status": task.get_status_string(),
        #         "Groep": task.group.name,
        #     }
        #     copernica.add_subprofile(
        #         copernica.SUBPROFILE_TASK, user.id, copernica_data)

        return True, task.id
Beispiel #21
0
def unarchive(form_id, page_nr=1):
    if not ModuleAPI.can_write('custom_form') or current_user.is_anonymous:
        return abort(403)

    form = CustomForm.query.get_or_404(form_id)

    form.archived = False
    db.session.commit()

    flash('Formulier gede-archiveerd', 'success')

    return redirect(url_for('custom_form.view', page_nr=page_nr))
Beispiel #22
0
def fetch_question():
    if not ModuleAPI.can_write('challenge'):
        abort(403)

    # Gather all arguments
    if request.args.get('challenge_id'):
        challenge_id = request.args.get('challenge_id')
    else:
        return "Error, no 'challenge_id' given"

    challenge = ChallengeAPI.fetch_challenge(challenge_id)

    return jsonify(challenges=challenge.serialize)
Beispiel #23
0
def api_delete_user():
    if not ModuleAPI.can_write('user'):
        return abort(403)

    user_ids = request.get_json()['selected_ids']
    del_users = User.query.filter(User.id.in_(user_ids)).all()

    for user in del_users:
        db.session.delete(user)

    db.session.commit()

    return json.dumps({'status': 'success'})
Beispiel #24
0
def upload(page_nr=1):
    """Upload a file."""
    if not ModuleAPI.can_write('file'):
        return abort(403)

    new_file_name = request.files['file']
    new_file = FileAPI.upload(new_file_name)

    files = File.query.filter_by(page=None).order_by(File.name)\
        .paginate(page_nr, 30, False)
    form = FileForm()

    return render_template('files/list.htm', **locals())
Beispiel #25
0
def edit(summary_id):
    if not ModuleAPI.can_write('summary', True):
        session['prev'] = 'summary.edit_summary'
        return abort(403)

    summary = Summary.query.get(summary_id)

    if not summary:
        flash(_('Summary could not be found.'), 'danger')
        return redirect(url_for('summary.view'))

    session['summary_edit_id'] = summary_id

    form = EditForm(request.form, summary)
    courses = Course.query.order_by(Course.name).all()
    educations = Education.query.order_by(Education.name).all()
    form.course.choices = [(c.id, c.name) for c in courses]
    form.education.choices = [(e.id, e.name) for e in educations]

    if request.method == 'POST':
        if form.validate_on_submit():
            file = request.files['summary']

            summary.title = form.title.data
            summary.course_id = form.course.data
            summary.education_id = form.education.data
            summary.date = form.date.data

            new_path = upload_file_real(file, summary.path)
            if new_path:
                summary.path = new_path
            elif new_path is None:
                flash(_('Wrong format summary.'), 'danger')

            if not new_path:
                flash(_('Old summary preserved.'), 'info')

            db.session.commit()
            flash(_('Summary succesfully changed.'), 'success')

            return redirect(url_for('summary.edit', summary_id=summary_id))
        else:
            flash_form_errors(form)

    path = '/static/uploads/summaries/'

    return render_template(
        'summary/edit.htm', path=path, summary=summary,
        courses=courses, educations=educations,
        new_summary=False, form=form)
Beispiel #26
0
def contest_submissions_view(contest_id, team_id=None):
    # Use DOMjudge team id so the pages also support non via_user teams

    if team_id and not ModuleAPI.can_write('domjudge'):
        return abort(403)

    session = DOMjudgeAPI.login(DOMJUDGE_ADMIN_USERNAME,
                                DOMJUDGE_ADMIN_PASSWORD)

    if not team_id:
        team_id = DOMjudgeAPI.get_teamid_for_userid(
            current_user.id, 3, session)

    return render_contest_submissions_view(contest_id, team_id=team_id)
Beispiel #27
0
def group_api_add_users(group_id):
    if not (ModuleAPI.can_write("group")):
        return abort(403)
    group = Group.query.get(group_id)

    user_ids = request.get_json()["selected_ids"]
    add_users = User.query.filter(User.id.in_(user_ids)).all()

    for user in add_users:
        group.add_user(user)

    db.session.add(group)
    db.session.commit()
    return "testestetsetset", 200
Beispiel #28
0
def remove_activity(activity_id=0):
    if not ModuleAPI.can_write('activity'):
        return abort(403)

    # Get activity
    activity = Activity.query.filter(Activity.id == activity_id).first()

    # Remove the event from google calendar
    google.delete_activity(activity.google_event_id)

    # Remove it
    db.session.delete(activity)
    db.session.commit()

    return redirect(url_for('activity.view'))
Beispiel #29
0
def get_courses():
    if not ModuleAPI.can_write('examination', True):
        return abort(403)

    courses = Course.query.all()
    courses_list = []

    for course in courses:
        courses_list.append(
            [course.id,
             course.name,
             course.description if course.description != "" else "N/A"
             ])

    return json.dumps({"data": courses_list})
Beispiel #30
0
    def edit_task(task_id, name, content, group_id,
                  filled_in_users, line):
        """
        Return succes (boolean), message (string).

        Message is irrelevant if
        succes is true, otherwise it contains what exactly went wrong.

        In case of succes the task is edited in the database.
        """
        if not ModuleAPI.can_write('pimpy'):
            return abort(403)

        if task_id == -1:
            return False, "Geen taak ID opgegeven."

        task = Task.query.filter(Task.id == task_id).first()

        users, message = PimpyAPI.get_list_of_users_from_string(
            group_id, filled_in_users)
        if not users:
            return False, message

        if name:
            task.title = name
        if content:
            task.content = content
        if group_id:
            task.group_id = group_id
        if line:
            task.line = line
        if users:
            task.users = users
    #   if status:
    #       task.status = status

        db.session.commit()

        # for user in users:
        #     copernica_data = {
        #         "Actiepunt": task.title,
        #         "Status": task.get_status_string(),
        #     }
        #     copernica.update_subprofile(copernica.SUBPROFILE_TASK,
        #                                 user.id, task.base32_id(),
        #                                 copernica_data)

        return True, "Taak bewerkt."