def __init__(self, *args, **kw):
# /event/url/submissions
self.event = kw.get('event', None)
# /event/url/lesson/id/submissions
self.lesson = kw.get('lesson', None)
# /event/url/sheet/id/assignment/id/submissions
self.assignment = kw.get('assignment', None)
# /event/url/sheet/id/submissions
self.sheet = kw.get('sheet', None)
if self.event:
pass
elif self.lesson:
self.event = self.lesson.event
elif self.assignment:
self.event = self.assignment.sheet.event
elif self.sheet:
self.event = self.sheet.event
else:
log.warn('SubmissionController without any filter')
flash('You can not view Submissions without any constraint.', 'error')
abort(400)
# Allow access for event teacher and lesson teacher
self.allow_only = Any(
has('teachers', self.event),
has('tutors', self.lesson),
# has_teacher(self.event),
# has_teachers(self.event),
# has_teacher(self.lesson),
has_permission('manage'),
msg=u'You have no permission to manage this Lesson'
)
self.table = SubmissionTable(DBSession)
self.table_filler = SubmissionTableFiller(DBSession, lesson=self.lesson)
def _before(self, *args, **kw):
try:
TIMRestPathContextSetup.current_user()
TIMRestPathContextSetup.current_workspace()
TIMRestPathContextSetup.current_folder()
except NoResultFound:
abort(404)
def submit_verification(self, output_id, status):
user = request.identity['user']
try:
output_id = int(output_id)
except ValueError:
return {
'status':
'error',
'msg':
'There was an error. Please try clearing your '
'browser cache and repeating this action.'
}
output = DBSession.query(Output).get(output_id)
if not output or output.input.group_id != self.group.id:
abort(404)
try:
status = VerificationStatus[status]
except KeyError:
abort(404)
if not user.admin and not self.group.competition.verification_open:
return {'status': 'error', 'msg': 'Verification closed'}
assert output.original is True
assert output.active is True
assert output.use_ground_truth is False
output.verification = status
return self.verification_data()
def get_delete(self, *args, **kw):
'''This is the code that creates a confirm_delete page
The delete operation will be simulated to be able to display all related
objects that would be deleted too.
'''
if not self.allow_delete:
abort(403)
pks = self.provider.get_primary_fields(self.model)
kw, d = {}, {}
for i, pk in enumerate(pks):
kw[pk] = args[i]
for i, arg in enumerate(args):
d[pks[i]] = arg
obj = self.provider.delete(self.model, d)
deps = u'<dl>'
for k, g in groupby(sorted(o for o in DBSession.deleted if o != obj), lambda x: type(x)):
deps += u'<dt>' + unicode(k.__name__) + u's' + u'</dt>'
deps += u'<dd>' + u', '.join(sorted(unicode(o) for o in g)) + u'</dd>'
deps += u'</dl>'
transaction.doom()
#obj = self.edit_filler.__provider__.get_obj(self.model, params=kw, fields=self.edit_filler.__fields__)
pklist = u'/'.join(map(lambda x: unicode(getattr(obj, x)), pks))
return dict(obj=obj,
model=self.model.__name__,
deps=deps,
pk_count=len(pks), pklist=pklist)
def require_current_user_is_owner(item_id: int):
current_user = tmpl_context.current_user
item = ContentApi(current_user, True,
True).get_one(item_id, ContentType.Any)
if item.owner_id != current_user.user_id:
abort(403, _('You\'re not allowed to access this resource'))
def _lookup(self, uname, *args):
user = DBSession.query(User) \
.filter(User.user_name == uname) \
.one_or_none()
if not user:
abort(404, "No such user")
return UserController(user), args
def csrf_protect(remainder, params):
"""
Perform CSRF protection checks. Performs checks to determine if submitted
form data matches the token in the cookie. It is assumed that the GET
request handler successfully set the token for the request and that the
form was instrumented with a CSRF token field. Use the
:py:func:`~csrf_token` decorator to do this.
Generally, the handler does not need to do anything
CSRF-protection-specific. All it needs is the decorator::
@csrf_protect
@expose('myapp.templates.protected_post_handler')
def protected_post_handler():
if successful:
tg.redirect('/someplace')
return dict(errors="There were some errors")
"""
req = tg.request._current_obj()
secret, token_name, path, expires = _get_conf()
token = req.signed_cookie(token_name, secret=secret)
if not token:
tg.abort(403, 'The form you submitted is invalid or has expired')
form_token = req.args_params.get(token_name)
if form_token != token.decode(ENCODING):
tg.response.delete_cookie(token_name, path=path)
tg.abort(403, 'The form you submitted is invalid or has expired')
def docs(self, arg='', *args, **kwargs):
page_title = u'SAUCE Documentation'
page_header = u''
if arg:
try:
f = open(os.path.join(g.loc, 'docs', arg + '.rst'))
except IOError:
abort(404)
else:
content = publish_string(
f.read(),
writer_name='html',
settings_overrides={'output_encoding': 'unicode'})
page_title += ' - %s' % arg.capitalize()
else:
page_header = u'SAUCE Documentation'
content = u'<p>In the menu on the left, you find all kinds of documentation about <b>SAUCE</b>.</p>'
c.side_menu = c.doc_menu
return dict(page='docs',
page_title=page_title,
page_header=page_header,
content=content)
def _judge_permissions(self):
'''Check current users permissions for judging and generate appropriate warnings'''
if not request.allowance(self.submission):
abort(403)
if self.assignment.is_active:
flash('The assignment is still active, this submission could still be edited by the student.', 'warning')
def __do_process(self, url, **kw):
''' runs requested operation '''
log.info("STARTING INTERNAL (%s): %s", datetime.now().isoformat(), url)
m = re.search(r'(\/image_service\/(image[s]?\/|))(?P<id>[\w-]+)',
url) #includes cases without image(s) in the url
if m is None: #url did not match the regex
return None
uniq = m.group('id')
# check for access permission
resource = self.check_access(uniq, view='image_meta')
user_name = self.get_user_name(resource.get('owner'))
# fetch image meta from a resource if any, has to have a name and a type as "image_meta"
meta = self.srv.cache.get_meta(uniq)
# run processing
try:
r = self.srv.process(url,
uniq,
imagemeta=meta,
resource=resource,
user_name=user_name)
log.info("FINISHED INTERNAL (%s): %s",
datetime.now().isoformat(), url)
return r
except ImageServiceException, e:
log.error('Responce Code: %s for %s: %s ' %
(e.code, uniq, e.message))
log.info("FINISHED INTERNAL with ERROR (%s): %s",
datetime.now().isoformat(), url)
abort(e.code, e.message)
def get_one(self, func):
try:
step = FUNCTIONS[func]
except:
abort(404)
return dict(name=func, doc=step.__doc__)
def delete(self, uid=None):
e_filter = DBSession.query(ExtractionFilter).get(uid)
if not e_filter:
abort(404)
extraction_id = e_filter.extraction_id
DBSession.delete(e_filter)
return redirect('/extractions/view/%s' % extraction_id)
def save_extraction(self, dashboard_id, **kw):
axis = request.json['graph_axis']
visualization_type = request.json['visualization']
validate_axis_against_extraction_visualization(
visualization_type, axis,
DBSession.query(Extraction).get(int(
request.json['extraction_id'])))
try:
de = DBSession.query(DashboardExtractionAssociation).filter(
DashboardExtractionAssociation.uid == request.json['uid'],
).one()
except (NoResultFound, KeyError):
de = DashboardExtractionAssociation()
de.dashboard_id = int(dashboard_id)
de.extraction_id = request.json['extraction_id']
de.extraction_id = request.json['extraction_id']
de.visualization = visualization_type
de.graph_axis = axis
de.index = request.json['index']
try:
columns = int(request.json['columns'])
except ValueError:
abort(412, detail='columns must be an integer beetween 4 and 8')
if 8 < columns or 4 > columns:
abort(412, detail='columns must be between 4 and 8')
de.columns = columns
DBSession.add(de)
return dict(
de=de,
dashboard=de.dashboard,
extraction=de.extraction,
)
def new(self, *args, **kw):
"""Display a page to show a new record."""
if getattr(self, 'new_form', None) is None:
abort(404)
tmpl_context.widget = self.new_form
return dict(value=kw, model=self.model.__name__)
def index(self, **kw):
if not "user" in kw:
abort(status_code=500, detail="Traffic error, parameter (user) not found")
else:
gaugeParameters = Statistics()
currentGauge=gaugeParameters.byUser(kw["groups"])
currentComments = []
all = DBSession.query(helpComment).all()
for item in all:
currentComments.append(dict(id=item.id, hcomment=item.comment))
currentGauge["group"]=kw["groups"]
currentGauge["user"] = kw["user"]
currentGauge["list"]=currentComments
if 'application_id' in kw:
r=requests.get('https://sun.dudewhereismy.com.mx/services/utc_zone?application_id='+kw["application_id"])
parameters = {}
parameters["application_id"] = kw["application_id"]
newSession = requests.session()
mkw = {'params': parameters,'verify': False, 'timeout': 10}
response = newSession.get('https://sun.dudewhereismy.com.mx/services/utc_zone', **mkw)
values = response.json()
if "error" in values:
if values['error']=='ok':
currentGauge["tz"] =values["utc_zone"]
#print("TZ:{}".format(currentGauge["tz"]))
else:
currentGauge["tz"] = "America/Mexico_City"
else:
currentGauge["tz"] = "America/Mexico_City"
#for k,v in kw.items():
# print("{} {}".format(k,v))
#print("**************> GROUPS:{}".format(kw['groups']))
return currentGauge
def updateTrafficStatus(self, **kw):
traffic_id = kw['traffic_id']
state = kw['state']
comment = kw['comment']
if kw['false_alarm'] == "true":
false_alarm = 1
else:
false_alarm = 0
alert = DBSession.query(Traffic).filter_by(id=traffic_id).first()
if alert is not None:
alert.attended_state = state
alert.comment = comment
alert.false_alarm = false_alarm
if state == "A":
alert.attended_time = datetime.datetime.utcnow()
if state == "P":
OperatorLog.addLog(user_name=kw["user"], group_name=kw["group"], operation=app_globals.putPending,
traffic_id=traffic_id)
alert.pending_time = datetime.datetime.utcnow()
if state == "C":
OperatorLog.addLog(user_name=kw["user"], group_name=kw["group"], operation=app_globals.finalizedTraffic,
traffic_id=traffic_id)
alert.closed_time = datetime.datetime.utcnow()
DBSession.flush()
else:
print("NOT FOUND!!!")
if not "group" in kw:
abort(status_code=500, detail="Traffic error, parameter (group) not found")
else:
gaugeParameters = Statistics()
currentGauge=gaugeParameters.byUser(kw["group"])
Message.post("trafficlistener_" + kw["group"], 'REPAINT' + "|")
return currentGauge
def _before(self, *args, **kw):
try:
TIMRestPathContextSetup.current_user()
TIMRestPathContextSetup.current_workspace()
TIMRestPathContextSetup.current_folder()
except NoResultFound:
abort(404)
def set_extraction_index(self, dashboard_id):
uid = request.json['uid']
new_index = request.json['index']
if new_index < 0:
return abort(400, detail='cannot raise first extraction')
last_index = DBSession.query(func.max(DashboardExtractionAssociation.index))\
.filter_by(dashboard_id=dashboard_id).one()[0]
if new_index > last_index:
return abort(400, detail='cannot lower last extraction')
try:
de = DBSession.query(DashboardExtractionAssociation).filter(
DashboardExtractionAssociation.uid == uid, ).one()
except NoResultFound:
return abort(404, detail='dashboard not found')
old_index = de.index
try:
other_de = DBSession.query(DashboardExtractionAssociation).filter(
DashboardExtractionAssociation.dashboard_id == dashboard_id,
DashboardExtractionAssociation.index == new_index,
).one()
other_de.index = old_index
except NoResultFound:
other_de = None
de.index = new_index
return dict(de=de, other_de=other_de)
def submit(self, *args, **kwargs):
'''Create new submission for this assignment'''
if 'manage' not in request.permissions and \
request.user not in set(self.event.members) | set(self.event.tutorsandteachers):
abort(403)
if (not self.assignment.is_active and
not request.allowance(self.assignment)):
flash('This assignment is not active, you may not create a submission', 'warning')
redirect(url(self.assignment.url))
submission = Submission(
assignment=self.assignment,
filename=self.assignment.submission_filename or None,
source=self.assignment.submission_template or None,
language=self.assignment.allowed_languages[0] if self.assignment.allowed_languages else None,
user=request.user,
created=datetime.now(),
modified=datetime.now(),
)
DBSession.add(submission)
try:
DBSession.flush()
except SQLAlchemyError:
DBSession.rollback()
log.warn('Error creating new submission', exc_info=True)
flash('Error creating new submission', 'error')
redirect(url(self.assignment.url))
else:
redirect(url(submission.url + '/edit'))
def new(self, *args, **kw):
"""Display a page to show a new record."""
if getattr(self, 'new_form', None) is None:
abort(404)
tmpl_context.widget = self.new_form
return dict(value=kw, model=self.model.__name__)
def submit(self, *args, **kwargs):
'''Create new submission for this assignment'''
if 'manage' not in request.permissions and \
request.user not in set(self.event.members) | set(self.event.tutorsandteachers):
abort(403)
if (not self.assignment.is_active
and not request.allowance(self.assignment)):
flash(
'This assignment is not active, you may not create a submission',
'warning')
redirect(url(self.assignment.url))
submission = Submission(
assignment=self.assignment,
filename=self.assignment.submission_filename or None,
source=self.assignment.submission_template or None,
language=self.assignment.allowed_languages[0]
if self.assignment.allowed_languages else None,
user=request.user,
created=datetime.now(),
modified=datetime.now(),
)
DBSession.add(submission)
try:
DBSession.flush()
except SQLAlchemyError:
DBSession.rollback()
log.warn('Error creating new submission', exc_info=True)
flash('Error creating new submission', 'error')
redirect(url(self.assignment.url))
else:
redirect(url(submission.url + '/edit'))
def read(self, uid, **kw):
if not uid:
abort(404)
user = User.by_user_id(uid)
if not user:
abort(404)
return dict(page='soviet-read', user=user)
def respond(self):
if not self.survey:
abort(404, 'No survey for meeting')
if not self.survey.active:
if not has_permission('admin'):
abort(403, 'Survey not avalible')
return
flash(
'This page is currently disabled. You can see it because you are an admin.',
'warn')
form = request.POST
if form:
user = request.identity and request.identity.get('user')
response = SurveyResponse(user=user,
provided_name=form.get('_provided_name'),
survey=self.survey)
DBSession.add(response)
requires_ft = bool(form.get('first_time'))
for f in self.survey.fields:
if f.first_time and not requires_ft:
continue
fo = f.type_object()
v = fo.from_post(form)
if v:
DBSession.add(
SurveyData(response=response, field=f, contents=v))
flash('Response submitted successfully')
redirect(base_url='/')
else:
return {'survey': self.survey}
def _default(self):
root = ET.fromstring(self.record)
node = root.find(self.xpath)
if request.method == 'POST':
try:
new_node = ET.fromstring(request.POST['editor'])
except:
abort(500, 'You made a mistake writing the XML.')
node.clear()
for ch in new_node:
node.append(ch)
node.attrib = new_node.attrib
pk, blockchain_id = store_record(ET.tostring(root), b'foobar')
self.user.blockchain_id_cache = blockchain_id
private_key = PrivateKey(user_id=self.user.id,
blockchain_id=blockchain_id,
private_key=pk)
DBSession.add(private_key)
DBSession.add(self.user)
redirect('/p/' + self.xpath[2:] + '/')
return dict(page='profile',
content=minidom.parseString(ET.tostring(node)).toprettyxml(
indent=" ").partition('\n')[2],
xpath=self.xpath)
def before_edit(remainder, params, output):
self = request.controller_state.controller
if not getattr(self, 'allow_edit', True):
abort(403)
# Use my bootstrap-enabled template
override_template(FilterCrudRestController.edit,
'mako:sauce.templates.crc.edit')
def _default(self, page=None, *args, **kw):
page_slug = dict(slug=page)
hooks.notify('flatpages.before_override_template', args=(page_slug, self))
page = model.FlatPage.by_slug(page_slug['slug'])
if page is None:
abort(404, 'Page not found')
permission = page.required_permission
if permission and permission != 'public':
if permission == 'not_anonymous':
predicate = predicates.not_anonymous()
else:
predicate = predicates.has_permission(permission)
if not predicate.is_met(request.environ):
abort(403, 'Forbidden')
try:
userid = request.identity['user'].user_id
except:
userid = None
override_template(RootController._default, page.template)
hooks.notify('flatpages.after_override_template', (page, self))
return dict(page=page,
tg_cache={'expire': self.CACHE_EXPIRE,
'key': '%s-%s-%s' % (page.slug, page.updated_at, userid)})
def cli(self, client_name=None, client_id=None):
user = tg.request.identity["user"]
if client_name and client_id:
if len(client_id) != 88:
tg.abort(400, "client_id must be 88 characters long")
if " " in client_id:
tg.abort(400, "client_id cannot contain spaces")
token = model.AuthToken(
client_name=client_name,
client_id=client_id,
date_added=datetime.datetime.now(),
user=user,
)
try:
model.DBSession.add(token)
model.DBSession.flush()
except sqlalchemy.exc.IntegrityError:
tg.flash("Cannot add client (already added?)", "danger")
model.DBSession.rollback()
else:
tg.flash(f"Client {client_name} successfully added!",
"success")
tg.redirect(tg.url("/pref/cli"))
identity = tg.request.environ.get("repoze.who.identity", {})
this_client_id = identity.get("token")
auth_tokens_json = [{
"id": token.id,
"client_name": token.client_name,
"date_added": token.date_added.isoformat(),
"this_client": this_client_id == token.client_id,
} for token in user.auth_tokens]
return dict(auth_tokens=auth_tokens_json)
def get_delete(self, *args, **kw):
'''This is the code that creates a confirm_delete page'''
if not self.allow_delete:
abort(403)
pks = self.provider.get_primary_fields(self.model)
kw, d = {}, {}
for i, pk in enumerate(pks):
kw[pk] = args[i]
for i, arg in enumerate(args):
d[pks[i]] = arg
obj = self.provider.delete(self.model, d)
deps = u'<dl>'
for k, g in groupby(sorted(o for o in DBSession.deleted if o != obj),
lambda x: type(x)):
deps += u'<dt>' + unicode(k.__name__) + u'</dt>'
deps += u'<dd>' + u', '.join(sorted(unicode(o)
for o in g)) + u'</dd>'
deps += u'</dl>'
transaction.doom()
#obj = self.edit_filler.__provider__.get_obj(self.model, params=kw, fields=self.edit_filler.__fields__)
pklist = u'/'.join(map(lambda x: unicode(getattr(obj, x)), pks))
return dict(obj=obj,
model=self.model.__name__,
deps=deps,
pk_count=len(pks),
pklist=pklist)
def _default(self, page=None, *args, **kw):
page = model.FlatPage.by_slug(page)
if page is None:
abort(404, 'Page not found')
permission = page.required_permission
if permission and permission != 'public':
if permission == 'not_anonymous':
predicate = predicates.not_anonymous()
else:
predicate = predicates.has_permission(permission)
if not predicate.is_met(request.environ):
abort(403, 'Forbidden')
try:
userid = request.identity['user'].user_id
except:
userid = None
override_template(RootController._default, page.template)
hooks.notify('flatpages.before_render_page', (page, ))
return dict(page=page,
tg_cache={
'expire': self.CACHE_EXPIRE,
'key':
'%s-%s-%s' % (page.slug, page.updated_at, userid)
})
def submit_evaluations(self):
me = request.identity['user']
students_allowed = set(user.id for user in self.group.users)
for user_id, score in request.POST.items():
user_id = int(user_id)
if user_id not in students_allowed:
abort(403, "You cannot submit an evaluation to this user")
score = float(score)
if score < 0:
abort(403, "Negative contributions are not allowed")
e = (DBSession.query(Evaluation)
.filter(Evaluation.from_student_id == me.id)
.filter(Evaluation.to_student_id == user_id)
.filter(Evaluation.group_id == self.group.id)
.one_or_none())
if not e:
e = Evaluation(
from_student_id=me.id,
to_student_id=user_id,
group=self.group,
score=score)
else:
e.score = score
DBSession.add(e)
flash('Your evaluations have been saved. Thank you.', 'success')
redirect('/group/{}'.format(self.group.id))
def get_one(self, id, **kw):
entity = self._prepare_query(**kw).filter(self.model.id == id).first()
if entity is None:
abort(404, 'Not found')
return {'value': self._dictify(entity)}
def create(cls, parameters, name, url):
cwd = os.getenv('dispatch_DIR')
np = cwd.rfind("/") + 1
who = whoami()
if who == "":
error = "CSV Failure"
reason = "User not logged"
message = "The following {} occured, this is due to {}, please DEBUG the url : {}".format(
error, reason, url)
abort(status_code=500, detail=message)
file_name = cwd + "/" + cwd[np:].replace(
".", "") + "/public/" + who + "_" + name + ".pdf"
my_file = Path(file_name)
if my_file.is_file():
os.remove(file_name)
## PDF Generation ##
options = {
'page-width': '11.0in',
'page-height': '8.5in',
'margin-top': '0.1in',
'margin-right': '0.1in',
'margin-bottom': '0.1in',
'margin-left': '0.1in',
'encoding': "UTF-8",
'quiet': '',
}
body = render_template(parameters, "mako", url)
pdfkit.from_string(body, file_name, options=options)
return "/" + who + "_" + name + ".pdf"
def insert(self, path=None, user=None, **kwargs):
""" Move a resource identified by path
"""
if user is not None and identity.is_admin():
identity.current.set_current_user(user)
resource = self._check_post_body()
if resource is None:
resource = etree.Element('resource', value=path)
else:
path = resource.get('value')
log.info("insert_path() %s %s %s", tg.request.method, path, kwargs)
store, driver = self.mounts.valid_store_ref(resource)
if store is None:
abort(400, "%s is not a valid store " % path)
if resource.get('name') is None:
resource.set('name', path.replace(driver.mount_url, ''))
log.debug("insert %s %s %s", path, driver.mount_url,
etree.tostring(resource))
resource = self.blobsrv.store_blob(resource)
return etree.tostring(resource)
def _judge_permissions(self):
'''Check current users permissions for judging and generate appropriate warnings'''
if not request.allowance(self.submission):
abort(403)
if self.assignment.is_active:
flash('The assignment is still active, this submission could still be edited by the student.', 'warning')
def check_access(self, ident):
resource = data_service.resource_load (uniq = ident)
if resource is None:
if identity.not_anonymous():
abort(403)
else:
abort(401)
return resource
def share(self, slug=None, product=None, *args, **kw):
product = app_globals.shop.product.get(slug=slug, _id=product)
if product is None:
abort(404, 'Product not found')
return dict(product=product, buy_form=get_buy_product_form(),
action=plug_url('stroller2', '/product/add_to_cart'),
active=self._product_is_active(product))
def accept(self, uid, **kw):
if not uid:
abort(404)
user = User.by_user_id(uid)
if not user:
abort(404)
user.status = True
return redirect('/soviet')
def delete_permission(self, permission_id):
primary_field = get_primary_field('Permission')
try:
model.provider.delete(app_model.Permission, {primary_field: permission_id})
except AttributeError:
abort(404)
flash(_('Permission deleted'))
return redirect(url(self.mount_point))
def edit(self, *args, **kw):
user = handler.user.get_user_in_session(request)
# get circle id
if request.method == 'GET':
sequence_id = args[0]
else :
sequence_id = kw.get('cid')
sequence_id=int(sequence_id)
sequence = DBSession.query(Sequence).filter(Sequence.id == sequence_id).first()
if not sequence:
abort(404, 'Sequence with id %s not found' % sequence_id)
if not sequence.public:
add_user_widget = form.AddUser(action=url('/sequences/edit/%s' % sequence_id)).req()
if request.method == 'POST':
# add an user
mail = kw.get('mail')
try:
add_user_widget.validate({'cid' : sequence_id, 'mail' : mail})
except twc.ValidationError as e:
users = ', '.join(['%s' % u.email for u in sequence.users])
default_tracks = ', '.join(['%s' % t.name for t in sequence.default_tracks])
kw['cid'] = sequence_id
users = sequence.users
for u in users:
u.__dict__['sid'] = sequence_id
widget = e.widget
widget.value = kw
return dict(page='sequences', users=users, add_user=add_user, add_user_widget=add_user_widget, default_tracks=default_tracks, au_error=True, seq_id=sequence_id)
to_add = DBSession.query(User).filter(User.email == mail).first()
if to_add is None:
to_add = handler.user.create_tmp_user(mail)
sequence.users.append(to_add)
DBSession.flush()
kw['cid'] = sequence_id
add_user_widget.value = kw
else:
add_user_widget = None
users = sequence.users
for u in users:
u.__dict__['sid'] = sequence_id
tracks = sequence.default_tracks
for t in tracks:
t.__dict__['sid'] = sequence_id
add_user = util.to_datagrid(datagrid.sequence_user_grid, users, "Users", len(users)>0)
def_tracks = util.to_datagrid(datagrid.sequence_default_tracks, tracks, "Default tracks", len(tracks)>0)
return dict(page='sequences', users=users, add_user=add_user, add_user_widget=add_user_widget, default_tracks=def_tracks, au_error=False, seq_id=sequence_id)
def postflight(self, runtype=None, mac=None, name=None, serial=None, manifest=None, base64bz2report=None):
"""Log postflight."""
# Decode report
# FIXME: there has to be a better way to submit a binary blob
try:
base64bz2report = base64bz2report.replace(" ", "+")
bz2report = base64.b64decode(base64bz2report)
report = bz2.decompress(bz2report)
except BaseException as e:
print "Can't decode report from %s (%s): %s" % (request.environ['REMOTE_ADDR'], mac, str(e))
abort(403)
# Parse plist with plistlib, as Objective-C objects can't be pickled.
try:
plist = plistlib.readPlistFromString(report)
except BaseException as e:
print "Received invalid plist from %s (%s): %s" % (request.environ['REMOTE_ADDR'], mac, str(e))
abort(403)
#plist, format, error = \
# NSPropertyListSerialization.propertyListFromData_mutabilityOption_format_errorDescription_(
# buffer(report),
# NSPropertyListMutableContainers,
# None,
# None
# )
#if error:
# print "error:", error
# abort(401)
# Create client if needed.
client = Client.by_serial(serial)
if not client:
print "postflight running without preflight for %s" % mac
client = Client()
client.serial = serial
DBSession.add(client)
# Update client attributes.
client.runtype = runtype
if name:
client.name = name
else:
client.name = "<NO NAME>"
# Get manifest id from plist
client.mac = mac
client.manifest = manifest
client.runstate = u"done"
client.timestamp = datetime.now()
client.remote_ip = unicode(request.environ['REMOTE_ADDR'])
# Save report, updating activity, errors, warnings, and console_user.
client.update_report(plist)
DBSession.flush()
return "postflight logged for %s\n" % name
def report_plist(self, serial=None):
"""View a munki report."""
client=Client.by_serial(unicode(serial))
if not client:
abort(404)
# Work with a copy of the client report so we can modify it without
# causing a database update.
report = dict(client.report_plist)
return plistlib.writePlistToString(report)
def index(self, *args, **kwargs):
try:
server = oauth2.Server()
server.add_signature_method(oauth2.SignatureMethod_HMAC_SHA1())
req = oauth2.Request.from_request(
request.method, request.url, request.headers, request.params, request.query_string
)
params = server.verify_request(req, oauth2.Consumer(self.key, self.secret), None)
except:
log.debug("LTI Tool Provider OAuth Error", exc_info=True)
flash("LTI Tool Provider OAuth Error", "error")
abort(403)
else:
log.debug(params)
user_name = (
params.get("tool_consumer_info_product_family_code", "external")
+ "_"
+ params.get("tool_consumer_instance_guid", "external")
+ "_"
+ params.get("user_id")
)
user = User.query.filter_by(user_name=user_name).first()
if not user:
log.info("New user %s", user_name)
user = User(
user_name=user_name,
display_name=params.get("lis_person_name_full"),
email_address=params.get("lis_person_contact_email_primary"),
)
DBSession.add(user)
submission = Submission.query.filter(Submission.assignment == self.assignment, Submission.user == user).first()
if not submission:
submission = Submission(
assignment=self.assignment,
filename=self.assignment.submission_filename or None,
source=self.assignment.submission_template or None,
language=self.assignment.allowed_languages[0],
user=user,
created=datetime.now(),
modified=datetime.now(),
)
DBSession.add(submission)
DBSession.flush()
session["lti"] = True
session["params"] = params
session["user"] = user.id
session["submission"] = submission.id
session.save()
redirect("/lti/%d/edit" % self.assignment.id)
def get_all(self, *args, **kw):
"""Return all records.
Pagination is done by offset/limit in the filler method.
Returns an HTML page with the records if not json.
"""
if self.pagination:
paginator = request.paginators['value_list']
paginator.paginate_items_per_page = self.pagination['items_per_page']
else:
paginator = request.paginators['value_list']
paginator.paginate_items_per_page = -1
paginator.paginate_page = 0
if tg.request.response_type == 'application/json':
adapt_params_for_pagination(kw, self.pagination_enabled)
try:
count, values = self.table_filler._do_get_provider_count_and_objs(**kw)
except Exception as e:
log.exception('Failed to retrieve table data')
abort(400, detail=unicode_text(e))
values = self._dictify(values, length=count)
if self.pagination_enabled:
values = SmartPaginationCollection(values, count)
return dict(value_list=values)
if not getattr(self.table.__class__, '__retrieves_own_value__', False):
kw.pop('substring_filters', None)
if self.substring_filters is True:
substring_filters = list(set(kw.keys()) - set(['limit', 'offset', 'order_by', 'desc']))
else:
substring_filters = self.substring_filters
adapt_params_for_pagination(kw, self.pagination_enabled)
try:
values = self.table_filler.get_value(substring_filters=substring_filters, **kw)
except Exception as e:
log.exception('Failed to retrieve table data')
flash('Unable to retrieve data (Filter "%s": %s)' % (request.query_string, e), 'warn')
# Reset all variables to sane defaults
kw = {}
values = []
self.table_filler.__count__ = 0
if self.pagination_enabled:
values = SmartPaginationCollection(values, self.table_filler.__count__)
else:
values = []
tmpl_context.widget = self.table
search_fields = self._get_search_fields(kw)
current_search = self._get_current_search(search_fields)
return dict(model=self.model.__name__, value_list=values,
mount_point=self._mount_point(),
headers=search_fields, # Just for backwards compatibility
search_fields=search_fields, current_search=current_search)
def before_render_edit(remainder, params, output):
'''Function to be hooked before edit
- Determines whether editing is even allowed
- Replaces template with our own
'''
self = request.controller_state.controller
if not getattr(self, 'allow_edit', True):
abort(403)
# Use my bootstrap-enabled template
override_template(FilterCrudRestController.edit,
'mako:sauce.templates.crc.edit')
def get_user_in_session(request):
'''
Get the user that is performing the current request
@param request: the web request
@type request: a WebOb
'''
if not 'repoze.who.identity' in request.environ:
abort(401)
identity = request.environ['repoze.who.identity']
email = identity['repoze.who.userid']
user = DBSession.query(User).filter(User.email == email).first()
return user
def delete_note(self, note_id, visiting_group_id):
log.debug(u'Trying to delete note with id="%s" visting_group_id="%s"' % (note_id, visiting_group_id))
note_o = common_couch.getCouchDBDocument(holly_couch, note_id, doc_type=None)
if note_o['target_id'] != visiting_group_id:
abort(403) # TODO: NOT ALLOWED TO DO THIS, FORBIDDEN.
if note_o['type'] == 'attachment':
note_o['attachment_state'] = -100
elif note_o['type'] == 'note':
note_o['note_state'] = -100
holly_couch[note_id] = note_o
# TODO: add to history
raise redirect(request.referrer)
def diff(self, *args, **kwargs):
c.rgb = rgb
c.pygmentize = Pygmentize(
formatter_args=dict(
linenos='table',
lineanchors='line',
linespans='line',
)
)
try:
a = Submission.query.filter_by(id=int(args[0])).one()
b = Submission.query.filter_by(id=int(args[1])).one()
except ValueError:
abort(400)
except IndexError:
abort(400)
except NoResultFound:
abort(404)
except MultipleResultsFound: # pragma: no cover
log.warn('Database inconsistency', exc_info=True)
abort(500)
else:
return dict(page='assignment', view='diff',
assignment=self.assignment, x=distances.combined(a.source or u'', b.source or u''),
a=a, b=b, source=udiff(a.source, b.source, unicode(a), unicode(b)))
def edit(self, *args, **kw):
"""Display a page to edit the record."""
if getattr(self, 'edit_form', None) is None:
abort(404)
obj = self._get_object(kw)
if obj is None:
abort(404)
tmpl_context.widget = self.edit_form
value = self.edit_filler.get_value(kw)
value['_method'] = 'PUT'
return dict(value=value, model=self.model.__name__,
pk_count=len(self.provider.get_primary_fields(self.model)))
def upload(self, filename='upload', **kwargs):
if 'Content-MD5' not in request.headers:
abort(400, 'Request must contain a valid "Content-MD5" header.')
stage_path = config.get('upload_path')
with nimsutil.TempDir(prefix='.tmp', dir=stage_path) as tempdir_path:
hash_ = hashlib.sha1()
upload_filepath = os.path.join(tempdir_path, filename)
with open(upload_filepath, 'wb') as upload_file:
for chunk in iter(lambda: request.body_file.read(2**20), ''):
hash_.update(chunk)
upload_file.write(chunk)
if hash_.hexdigest() != request.headers['Content-MD5']:
abort(400, 'Content-MD5 mismatch (or unset).')
print 'upload from %s: %s [%s]' % (request.user_agent, os.path.basename(upload_filepath), nimsutil.hrsize(request.content_length))
os.rename(upload_filepath, os.path.join(stage_path, str(uuid.uuid1()) + '_' + filename)) # add UUID to prevent clobbering files
def _lookup(self, url, *args):
'''Return EventController for specified url'''
try:
event = Event.by_url(url)
except NoResultFound:
flash('Event %s not found' % url, 'error')
abort(404)
except MultipleResultsFound: # pragma: no cover
log.error('Database inconsistency: Event %s', url, exc_info=True)
flash('An error occurred while accessing Event %s' % url, 'error')
abort(500)
controller = EventController(event)
return controller, args
def _get_obj(self, entity, pkdict):
'''Get just one object with primary keys and matching modifiers'''
pk_names = self.get_primary_fields(entity)
pks = dict((n, pkdict[n]) for n in pk_names)
query = self.session.query(entity)
if self.query_modifier:
query = self.query_modifier(query)
query = query.reset_joinpoint().filter_by(**pks)
try:
obj = query.first()
except DataError:
obj = None
abort(400)
# log.debug(obj)
return obj
def reset_munkiadminadmin_password(self, password=None, password_verify=None):
"""Reset munkiadmin password."""
if get_users():
abort(403)
if password != password_verify:
abort(404)
create_file_users("munkiadmin", "MunkiAdmin", password)
flash(_("Created munkiadmin user"), "ok")
return dict(
page='index',
num_users=len(get_users())
)
def add_to_cart(self, product=None, quantity=1, **kw):
print kw
return
product = app_globals.shop.product.get(_id=product)
if product is None:
abort(404, 'Product not found')
try:
cart = app_globals.shop.cart.create_or_get(request.identity['user'].user_id)
except CartLockedException:
flash(_('The cart is unavailable, try again later'), 'error')
return redirect('/product/%s' % product.slug)
if not app_globals.shop.product.buy(cart, product, 0, quantity):
flash(_('The product is sold out'), 'error')
else:
flash(_('Product %s added to cart') % product.i18n_name)
return redirect('/product/%s' % product.slug)
def get(self, id, *args, **kw):
"""
Display the form by it's id
"""
# check plugin id
plug = None
try:
plug = putil.get_plugin_byId(id)
except:
tg.abort(400, "Bad plugin identifier")
debug('get plugin %s' % id)
# get the plugin
obj = plug
info = obj.info
form = info.get('output')()
desc = info.get('description')
debug('params = %s' % kw, 1)
# bioscript parameters
bs_private = {}
if 'bs_private' in kw:
bs_private = json.loads(kw['bs_private'])
debug("get bs private parameters %s" % bs_private, 2)
if 'prefill' in bs_private:
prefill_fields(info.get('in'), form, bs_private['prefill'], kw)
# {'bs_private': {'app': pp, 'cfg': handler.job.bioscript_config, 'prefill': prefill}})
# add some private parameters from BioScript
pp = {'id': id}
# if user is a serviec, add the key & the mail in the authentication
user = util.get_user(tg.request)
if user.is_service:
pp['mail'] = user.email
pp['key'] = user.key
bs_private['pp'] = pp
# prepare form output
main_proxy = tg.config.get('main.proxy')
widget = form(action=main_proxy + tg.url('/plugins/validate', {'id': id})).req()
widget.value = {'bs_private': json.dumps(bs_private), 'key': user.key}
debug('display plugin with bs_private : %s' % bs_private)
debug('vaaalue : %s' % widget.value)
debug(user)
return {'page': 'plugin', 'desc': desc, 'title': info.get('title'), 'widget': widget}
def get_one(self, *args, **kw):
"""get one record, returns HTML or json"""
obj = self._get_object(kw)
if tg.request.response_type == 'application/json':
if obj is None:
tg.response.status_code = 404
elif self.conditional_update_field is not None:
tg.response.last_modified = getattr(obj, self.conditional_update_field)
return dict(model=self.model.__name__,
value=self._dictify(obj))
if obj is None:
abort(404)
tmpl_context.widget = self.edit_form
value = self.edit_filler.get_value(kw)
return dict(value=value, model=self.model.__name__)
def download(self, pageid):
from rst2pdf.createpdf import RstToPdf
p = model.FlatPage.by_id(pageid) or abort(404)
out = BytesIO()
rst2pdf = RstToPdf()
rst2pdf.createPdf(p.content, output=out)
out.seek(0)
return out.read()
def get_all(self, **kw):
"""
model?limit=5
model?limit=5&offset=2
model?order_by=amount
model?order_by=date|desc;amount|desc
model?pagesize=10&page=1
:param kw:
:return:
"""
query = self._prepare_query(**kw)
filtered_query = self._filter_query(query, **kw)
entities = filtered_query.all()
if entities is None:
abort(404, 'Not found')
return {'value_list': self._dictify(entities), 'total_entries': query.count(), 'entries': filtered_query.count()}
def docs(self, arg=''):
page_title = u'SAUCE Documentation'
page_header = u''
if arg:
try:
f = open(os.path.join(g.loc, 'docs', arg + '.rst'))
except IOError:
abort(404)
else:
content = publish_string(f.read(), writer_name='html',
settings_overrides={'output_encoding': 'unicode'})
page_title += ' - %s' % arg.capitalize()
else:
page_header = u'SAUCE Documentation'
content = u'<p>In the menu on the left, you find all kinds of documentation about <b>SAUCE</b>.</p>'
c.side_menu = c.doc_menu
return dict(page='docs', page_title=page_title, page_header=page_header, content=content)
