Beispiel #1
0
def update_student(sid):
    #----------------------------------
    if not (auth.if_auth()):
        return redirect(url_for('login'))
    #----------------------------------
    form = StudentForm()
    if form.validate():
        student_id = sid
        session = db.Session()
        user = session.query(Student).filter_by(id=sid).first()
        if user:
            form.populate_obj(user)
            # Обновляем принадлежность к группе
            if user.group == '':
                user.user_id = None
            else:
                if not (auth.user_is_admin()):
                    user.user_id = auth.get_user_id()
            # Сохраняем
            session.commit()
            return redirect(url_for('groups'))
    params = dict()
    params['student_id'] = sid
    params['form'] = form
    params['username'] = auth.get_user_name()
    return render_template('students/edit_student.html', params=params)
Beispiel #2
0
def show_groups():
    #----------------------------------
    if not (auth.if_auth()):
        return redirect(url_for('login'))
    #----------------------------------
    user_id = auth.get_user_id()
    session = db.Session()

    users = session.query(
        Student.group, Student.id, Student.firstname, Student.lastname,
        Student.middlename,
        Student.birth_date).filter_by(user_id=user_id).order_by(
            Student.group).all()  # 4

    groups = {}
    for user in users:
        group = user[0]
        sid = user[1]
        firstname = user[2]
        lastname = user[3]
        middlename = user[4]
        birth_date = user[5]
        if not (group in groups):
            groups[group] = []
        (groups[group]).append({
            'id': sid,
            'firstname': firstname,
            'lastname': lastname,
            'middlename': middlename,
            'birth_date': birth_date.strftime('%d-%m-%Y')
        })
    params = dict()
    params['username'] = auth.get_user_name()
    params['groups'] = groups
    return render_template('students/groups.html', params=params)
Beispiel #3
0
def get_index(category_id=0):
    categories = db_utils.get_categories()
    items = db_utils.get_items(category_id)
    page_title = 'Latest Items'
    if category_id != 0:
        category = db_utils.get_category(category_id)
        page_title = category.name
    for item in items:
        item.nice_date = '{month} {day}, {year}'.format(
            month=calendar.month_name[item.created_at.month],
            day=item.created_at.day,
            year=item.created_at.year)
    signed_in = auth.is_signed_in()
    is_user_admin = False
    if signed_in:
        is_user_admin = auth.is_user_admin()
    return render_template(
        'index.html',
        categories=categories,
        items=items,
        page_title=page_title,
        CLIENT_ID=CLIENT_ID,
        signed_in=signed_in,
        is_user_admin=is_user_admin,
        user_name=auth.get_user_name(),
        picture=auth.get_user_picture(),
        SIGNIN_REQUEST_TOKEN=auth.get_signin_request_token())
Beispiel #4
0
    def set_locked_version(self, tallySheetVersion: TallySheetVersion):
        if tallySheetVersion is None:
            if not has_role_based_access(self, ACCESS_TYPE_UNLOCK):
                raise ForbiddenException(
                    message="User not authorized to unlock the tally sheet.",
                    code=MESSAGE_CODE_TALLY_SHEET_NOT_AUTHORIZED_TO_UNLOCK)

            self.submission.set_locked_version(submissionVersion=None)
        else:
            if self.template.is_submit_allowed():
                if self.submittedVersionId is None:
                    raise ForbiddenException(
                        message=
                        "Data entry tally sheet cannot be locked before submitting",
                        code=MESSAGE_CODE_TALLY_SHEET_CANNOT_LOCK_BEFORE_SUBMIT
                    )
                elif self.submittedStamp.createdBy == get_user_name():
                    raise ForbiddenException(
                        message=
                        "Data entry tally sheet submitted user is not allowed to lock/unlock.",
                        code=
                        MESSAGE_CODE_TALLY_SHEET_SAME_USER_CANNOT_SAVE_AND_SUBMIT
                    )

            if not has_role_based_access(self, ACCESS_TYPE_LOCK):
                raise ForbiddenException(
                    message="User is not authorized to lock the tally sheet.",
                    code=MESSAGE_CODE_TALLY_SHEET_NOT_AUTHORIZED_TO_LOCK)

            self.submission.set_locked_version(
                submissionVersion=tallySheetVersion.submissionVersion)

        self.update_status_report()
Beispiel #5
0
def get_item_page(id):
    categories = db_utils.get_categories()
    item = db_utils.get_item(id)
    recent_items = db_utils.get_recent_items(5)
    if item is None:
        return render_template('404.html')
    item.nice_date = '{month} {day}, {year}'.format(
        month=calendar.month_name[item.created_at.month],
        day=item.created_at.day,
        year=item.created_at.year)
    signed_in = auth.is_signed_in()
    is_user_admin = False
    is_item_owner = False
    if signed_in:
        is_user_admin = auth.is_user_admin()
        is_item_owner = item.user_id == auth.get_user_id()
    return render_template(
        'item.html',
        id=id,
        categories=categories,
        item=item,
        recent_items=recent_items,
        CLIENT_ID=CLIENT_ID,
        signed_in=signed_in,
        is_user_admin=is_user_admin,
        is_item_owner=is_item_owner,
        user_name=auth.get_user_name(),
        picture=login_session.get('picture'),
        SIGNIN_REQUEST_TOKEN=auth.get_signin_request_token())
Beispiel #6
0
def index():
    #----------------------------------
    if not (auth.if_auth()):
        return redirect(url_for('login'))
    #----------------------------------
    params = dict()
    params['username'] = auth.get_user_name()
    return render_template('index.html', params=params)
Beispiel #7
0
def new_student():
    #----------------------------------
    if not (auth.if_auth()):
        return redirect(url_for('login'))
    #----------------------------------
    params = dict()
    params['form'] = StudentForm()
    params['username'] = auth.get_user_name()
    return render_template('students/edit_student.html', params=params)
Beispiel #8
0
 def get(self):
     user = get_current_user(self.request)
     firebase_name = auth.get_user_name(self.request)
     # Rare case that someone changed their name.
     if user.name != firebase_name:
         user.name = firebase_name
         # TODO: search all edits by this user and change the names there.
         user.put()
     self.redirect('/')
Beispiel #9
0
    def on_before_workflow_action(self, workflow_action, tally_sheet_version):
        if workflow_action.actionType in [WORKFLOW_ACTION_TYPE_VERIFY]:
            if tally_sheet_version.createdBy == get_user_name():
                raise UnauthorizedException("You cannot verify the data last edited by yourself.",
                                            code=MESSAGE_CODE_TALLY_SHEET_NOT_AUTHORIZED_TO_VERIFY)

        if workflow_action.actionType in [WORKFLOW_ACTION_TYPE_SAVE, WORKFLOW_ACTION_TYPE_EDIT]:
            # To ignore the completion check
            pass
        else:
            return super(ExtendedTallySheetDataEntry, self).on_before_workflow_action(
                workflow_action=workflow_action, tally_sheet_version=tally_sheet_version)
Beispiel #10
0
def edit_student(sid):
    #----------------------------------
    if not (auth.if_auth()):
        return redirect(url_for('login'))
    #----------------------------------
    student_id = sid
    session = db.Session()
    user = session.query(Student).filter_by(id=sid).first()
    if user:
        params = dict()
        params['form'] = StudentForm(obj=user)
        params['student_id'] = user.id
        params['username'] = auth.get_user_name()
        return render_template('students/edit_student.html', params=params)
    return redirect(url_for('groups'))
Beispiel #11
0
    def get(self):

        # Check that user is logged in. Send to auth if False
        if not self.session.get('logged_in'):
            self.redirect('/auth')
            return

        # Get data for render
        data = _get_front_page_data()

        # Put data into context
        context = {"repos": data, "username": get_user_name()}

        # Render the app
        self.render('index', context)
Beispiel #12
0
    def inject_to_template():
        is_prod_env = False

        if app.config.get('PROD_ENV'):
            is_prod_env = app.config['PROD_ENV']

        from auth import get_user_name
        current_user_name = ''

        try:
            current_user_name = get_user_name()
        except:
            pass
        return dict(
            isProdEnv=is_prod_env,
            current_user=current_user_name,
            current_timestamp=datetime.now().strftime('%Y-%m-%d %H:%M:%S'))
Beispiel #13
0
def _create_private_repo(name, description, private=True):
    """Create a private repo"""

    url = '{}/orgs/{}/repos?access_token={}'.format(GITHUB_API_URL,
                                                    os.environ.get('ORG'),
                                                    get_access_token())

    fields = {
        "name": name,
        "description": description,
        "private": True,
    }

    # Send request to Github's API
    fetch_url(url, urlfetch.POST, json.dumps(fields))

    # Create a log entry
    message = '{} created the {} repo'.format(get_user_name(), name)
    create_log(message)
Beispiel #14
0
def add_student():
    #----------------------------------
    if not (auth.if_auth()):
        return redirect(url_for('login'))
    #----------------------------------
    student = Student()
    form = StudentForm(obj=student)
    if form.validate():
        session = db.Session()
        form.populate_obj(student)
        user_id = auth.get_user_id()
        student.user_id = user_id
        session.add(student)
        session.commit()
        return redirect(url_for('groups'))
    params = dict()
    params['form'] = form
    params['username'] = auth.get_user_name()
    return render_template('students/edit_student.html', params=params)
Beispiel #15
0
def show_all_students():
    #----------------------------------
    if not (auth.if_auth()):
        return redirect(url_for('login'))
    #----------------------------------
    session = db.Session()
    users = session.query(Student.group, Student.id, Student.firstname,
                          Student.lastname, Student.middlename,
                          Student.birth_date).order_by(
                              Student.lastname).all()  # 4

    groups = {}
    alphabet = list('АБВГДЕЁЖЗИКЛМНОПРСТУФХЦЧШЩЭЮЯ')
    for letter in alphabet:
        if not (letter in groups):
            groups[letter] = []

    for user in users:
        group = user[0]
        sid = user[1]
        firstname = user[2]
        lastname = user[3]
        middlename = user[4]
        birth_date = user[5]

        letter = lastname[0:1]
        if group == None:
            group = ''

        (groups[letter]).append({
            'id': sid,
            'group': group,
            'firstname': firstname,
            'lastname': lastname,
            'middlename': middlename,
            'birth_date': birth_date.strftime('%d-%m-%Y')
        })

    params = dict()
    params['groups'] = groups
    params['username'] = auth.get_user_name()
    return render_template('students/all.html', params=params)
Beispiel #16
0
def get_my_items_page(user_id=0):
    if user_id == 0 and not auth.is_signed_in():
        # This would be reached when /myitems is requested.

        # Redirect to login page.
        # The url to which we are redirected will contain a paramenter
        # which will be the url to redirect back to
        # after logging in
        redirect_parameter = 'redirect={}'.format(url_for('get_my_items_page'))
        url = '{path}?{parameter}'.format(path=url_for('get_login_page'),
                                          parameter=redirect_parameter)
        return redirect(url, 302)
    page_title = 'My Items'
    if user_id != 0:
        user = db_utils.get_user(user_id)
        page_title = 'Items by {}'.format(user.name)
    categories = db_utils.get_categories()
    items = db_utils.get_user_items(user_id if user_id else auth.get_user_id())
    for item in items:
        item.nice_date = '{month} {day}, {year}'.format(
            month=calendar.month_name[item.created_at.month],
            day=item.created_at.day,
            year=item.created_at.year)
    signed_in = auth.is_signed_in()
    is_user_admin = False
    if signed_in:
        is_user_admin = auth.is_user_admin()
    return render_template(
        'index.html',
        page_title=page_title,
        categories=categories,
        items=items,
        CLIENT_ID=CLIENT_ID,
        signed_in=signed_in,
        is_user_admin=is_user_admin,
        user_name=auth.get_user_name(),
        picture=auth.get_user_picture(),
        SIGNIN_REQUEST_TOKEN=auth.get_signin_request_token())
Beispiel #17
0
    def post(self):
        user = get_current_user(self.request)
        if (user.permissions == wmodels.PENDING_USER or user.permissions == wmodels.DEACTIVATED_USER):
            self.redirect('/')
            return
        try:
            image_data = self.request.get('image', default_value='')
            image_url = ''
            if image_data == '' and self.request.get('duplicate') == "True":
                image_url = ndb.Key(urlsafe=self.request.get('original_item')).get().image_url
            elif image_data != '':
                image_url = saveImageInGCS(image_data)

            article_type = self.request.get('article')
            costume_or_prop = self.request.get('item_type')
            costume_size_number = self.request.get('clothing_size_number')
            if costume_size_number == "N/A":
                costume_size_number = -1
            else:
                costume_size_number = int(costume_size_number)
            costume_size_word = self.request.get('clothing_size_string')
            tags_string = self.request.get('tags')
            # Override certain inputs due to costume and prop defaults
            if costume_or_prop == "Costume" and article_type == "N/A":
                # An article type was not selected thus is filtered as an
                # 'Other' item by default
                article_type = "Other"
            elif costume_or_prop == "Prop":
                # Props do not have sizes or article types
                article_type = "N/A"
                costume_size_number = -1
                costume_size_word = "N/A"

            # tags is a string. Needs to parsed into an array
            tags_list = parseTags(tags_string)

            # Create Item and add to the list
            duplication = self.request.get('times_to_duplicate')
            d = int(duplication)
            while d > 0:
                qr_code, _ = Item.allocate_ids(1)
                Item(
                    id=qr_code,
                    creator_id=auth.get_user_id(self.request),
                    creator_name=auth.get_user_name(self.request),
                    name=self.request.get('name'),
                    image_url=image_url,
                    item_type=costume_or_prop,
                    condition=self.request.get('condition'),
                    item_color=self.request.get_all('color'),
                    clothing_article_type=article_type,
                    clothing_size_num=costume_size_number,
                    qr_code=qr_code,
                    description=self.request.get('description', default_value=''),
                    clothing_size_string=costume_size_word,
                    tags=tags_list).put()
                d = d - 1;
                #sleep(0.1)

            next_page = self.request.get("next_page")
            if next_page == "Make Another Item":
                self.redirect("/add_item")
            else:
                self.redirect("/search_and_browse")
        except:
            # Should never be here unless the token has expired,
            # meaning that we forgot to refresh their token.
            self.redirect("/enforce_auth")
Beispiel #18
0
def get_edit_item_page(id=0):

    if request.method == 'GET':
        if not auth.is_signed_in():
            # Redirect to login page.
            # The url to which we are redirected will contain a paramenter
            # which will be the url to redirect back to
            # after logging in
            redirect_parameter = None
            if id and id != 0:
                redirect_parameter = 'redirect={}'.format(
                    url_for('edit_item', id=id))
            else:
                redirect_parameter = 'redirect={}'.format(url_for('new_item'))
                url = '{path}?{parameter}'.format(
                    path=url_for('get_login_page'),
                    parameter=redirect_parameter)
                return redirect(url, 302)
        categories = db_utils.get_categories()
        item = None
        if id and id != 0:
            item = db_utils.get_item(id)
            if item is None:
                return render_template('404.html')
            else:
                if (not auth.is_user_admin()
                        and item.user_id != auth.get_user_id()):
                    # Cannot edit item that does not belong to user
                    # But admins are allowed
                    return render_template('unauthorized.html')
        return render_template('edit-item.html',
                               item=item,
                               categories=categories,
                               CLIENT_ID=CLIENT_ID,
                               signed_in=auth.is_signed_in(),
                               user_name=auth.get_user_name(),
                               picture=login_session.get('picture'))
    elif request.method == 'POST':
        # This is meant to be reached from AJAX request.
        # We return a JSON response that will be used by
        # The JS code making the request.
        if not auth.is_signed_in():
            return response.error('Unauthorized')

        if id and id != 0:
            # Update item
            item = db_utils.get_item(id)
            if (not auth.is_user_admin()
                    and item.user_id != auth.get_user_id()):
                # Only item owners and admins allowed to update item
                return response.error('Unauthorized')

            if (request.form['name'] and request.form['desc']
                    and request.form['cat-id']):
                item = db_utils.update_item(request.form['item-id'],
                                            request.form['name'],
                                            request.form['desc'],
                                            request.form['cat-id'])
                itemData = {
                    'id': item.id,
                    'name': item.name,
                    'desc': item.desc,
                    'short_desc': item.short_desc,
                    'category_id': item.category_id
                }
                return response.success(
                    url_for('get_item_page', id=itemData['id']), itemData)
            else:
                return response.error('Failed to save')
        else:
            # Create new item
            if (request.form['name'] and request.form['desc']
                    and request.form['cat-id']):
                item = db_utils.add_item(request.form['name'],
                                         request.form['desc'],
                                         request.form['cat-id'],
                                         auth.get_user_id())
                itemData = {
                    'id': item.id,
                    'name': item.name,
                    'desc': item.desc,
                    'short_desc': item.short_desc,
                    'category_id': item.category_id
                }
                return response.success(
                    url_for('get_item_page', id=itemData['id']), itemData)
            else:
                return response.error('Failed to save')