def newquestion(id):
if request.method == "GET":
#check rights
if users.is_teacher(users.user_id()) or users.is_admin(
users.user_id()):
course = courses.get_course_with_id(id)
title = course[1]
return render_template("newquestion.html",
course_title=title,
id=id)
else:
return render_template(
"error.html",
message="Sinulla ei ole oikeutta nähdä tätä sivua")
if request.method == "POST":
question = request.form["question"]
course_id = id
choices = request.form.getlist("choice")
for choice in choices:
if len(choice) > 500:
return render_template("error.html", \
message="Vastausvaihtoehto on liian pitkä, max. 500 merkkiä")
if len(question) > 500:
return render_template("error.html", \
message="Kysymys on liian pitkä, max. 500 merkkiä")
if question == "" or len(choices) == 0:
return render_template("error.html", \
message="Kysymystä ei voi jättää tyhjäksi ja ainakin yksi vastausvaihtoehto "\
"pitää olla")
if questions.new_question(question, course_id, choices):
return redirect("/courses/" + str(course_id))
else:
return render_template("error.html",
message="Kysymyksen luominen ei onnistunut")
def tagging():
if not users.is_admin():
return render_template("forbidden.html", message="Sinulla ei ole oikeutta nähdä tätä sivua")
restaurants_list = restaurants.get_list()
tags_list = tags.get_tags()
if request.method == "GET":
return render_template("tags.html", tags=tags_list, restaurants=restaurants_list)
if request.method == "POST":
written_tag = request.form["tag"]
list_tag = request.form["existing_tag"]
if is_empty(written_tag) and is_empty(list_tag):
return render_template("tags.html", errormessage="Et lisännyt tägiä", tags=tags_list, restaurants=restaurants_list)
elif not is_empty(written_tag) and not is_empty(list_tag):
return render_template("tags.html", errormessage="Lisää yksi tägi kerrallaan", tags=tags_list, restaurants=restaurants_list)
else:
tag_to_be_added = ""
if is_empty(written_tag):
tag_to_be_added = list_tag
else:
tag_to_be_added = written_tag
if len(tag_to_be_added) > 50:
return render_template("tags.html", errormessage="Tägi on liian pitkä. Sen tulee olla alle 50 merkkiä", tags=tags_list, restaurants=restaurants_list)
if "selected_restaurants" in request.form:
restaurants_to_be_added = request.form.getlist("selected_restaurants")
check_csfr(request.form["csrf_token"], users.get_csrf())
tags.add_tags(restaurants_to_be_added, tag_to_be_added)
else:
return render_template("tags.html", errormessage="Et antanut ravintoloita", tags=tags_list, restaurants=restaurants_list)
return redirect("/")
def toggle_public_private(group_id):
if users.is_group_admin(group_id) or users.is_admin():
sql = "UPDATE groups SET open=NOT(open) WHERE id=:group_id"
db.session.execute(sql, {"group_id": group_id})
db.session.commit()
return True
return False
def list_users():
userlist = users.get_all_users()
if users.is_admin():
mod_rights = True
else:
mod_rights = False
return render_template("users_list.html", userlist=userlist, mod_rights=mod_rights)
def admin_all_lessons():
user_id = session["user_id"]
if users.is_admin(user_id):
all_lessons = lessons.get_lessons()
return render_template("/all_lessons.html", lessons=all_lessons)
else:
abort(403)
def all_users():
user_id = session["user_id"]
if users.is_admin(user_id):
all_users = users.get_users()
return render_template("/all_users.html", users=all_users)
else:
abort(403)
def post(self):
token = self.request.get('token')
if users.is_admin(token):
email = self.request.get('email')
password = self.request.get('password')
is_admin = self.request.get('is_admin') # 'true' or 'false'
is_organization = self.request.get('is_organization') # 'true' or 'false'
user = users.User.with_email(email)
if user:
# update existing:
if email and email != '': user.email = email
if password and password != '': user.pwd_hash = users.hash_pwd(password)
if is_admin is not None: user.is_admin = is_admin == 'true'
if is_organization is not None: user.is_organization = is_organization == 'true'
message = 'Updated user'
user.put()
else:
# create new:
if password is None or password == '' or email is None or email == '':
message = "Can't have an empty password or email"
else:
user, message = users.User.create_user(email, password, is_organization == 'true', is_admin == 'true')
user.put()
response = {"success": (user is not None), "message": message}
else:
response = {"success": False, "message": "Only admins can create new users"}
send_json(self, response)
def all_feedback():
all_messages = messages.get_messages()
user_id = session["user_id"]
if users.is_admin(user_id):
return render_template("/all_feedback.html", messages=all_messages)
else:
abort(403)
def add_stats():
if users.is_admin():
form = StatForm(request.form)
if request.method == "GET":
games = events.get_games()
games_list = [(g[2], (str(g[0]) + " " + g[1])) for g in games]
games_list.append([0, "Valitse ottelu"])
pl_list = players.get_players()
player_list = [(pl[3], (str(pl[2]) + " " + pl[0] + " " + pl[1])) for pl in pl_list]
player_list.append([0, "Valitse pelaaja"])
form.player_id.choices = player_list
form.event_id.choices = games_list
return render_template("add_stats.html", form=form)
if request.method == "POST":
if users.get_csrf_token() != form.csrf_token.data:
return render_template("error.html", message="Kielletty!")
if form.submit.data:
if form.event_id.data != "0" and form.player_id.data != "0":
stats.add_game_stats(form.event_id.data, form.player_id.data, form.min.data, form.fg.data, form.fg_a.data, form.three.data, form.three_a.data, form.ft.data, form.ft_a.data,
form.dreb.data, form.oreb.data, form.foul.data, form.ass.data, form.tover.data, form.steal.data, form.block.data)
return redirect("/stats")
else:
return render_template("error.html", message="Pelaaja ja tapahtuma pitää olla valittuna")
else:
return render_template("error.html", message="Virhe tilastoiden syöttämisessä")
else:
return render_template("error.html", message="Virhe tilastoiden syöttämisessä")
else:
return render_template("error.html", message="Ei oikeutta")
def promote_user(id):
if users.is_admin() or users.user_id() == id:
if users.set_admin(id):
return redirect("/users")
else:
return render_template("error.html", message="Tapahtui virhe")
else:
return render_template("error.html", message="Ei oikeutta")
def post(self):
if users.is_admin(self.request.get('token')):
self.response.headers['Content-Type'] = 'text/csv'
self.response.headers['Access-Control-Allow-Origin'] = '*'
self.response.headers['Content-Disposition'] = 'attachment; filename=JellywatchSightings.csv;'
jellyfish.write_csv(self.response)
else:
self.response.write("Only admins can download the CSV")
def player_list():
if users.is_admin():
mod_rights = True
else:
mod_rights = False
player_list = players.get_players()
return render_template("player_list.html", players=player_list, mod_rights=mod_rights)
def index():
count = books.get_bookcount()
bookslist = books.get_books()
admin = users.is_admin()
return render_template("index.html",
count=count,
books=bookslist,
admin=admin)
def post(self):
token = self.request.get('token')
success = False
if users.is_admin(token):
id = self.request.get('id')
ndb.Key(jellyfish.Sighting, int(id)).delete()
success = True
send_json(self, {"success": success})
def muu_category():
session["category"] = 3
category_id = session["category"]
return render_template("category.html",
threads=threads.fetch_category_threads(category_id),
admin=users.is_admin(),
user=users.user_id(),
allowed=users.get_list_of_allowed_users())
def get(self):
token = self.request.get('token')
response = {}
if users.is_admin(token):
response = {"users": [u.to_json() for u in users.User.query()]}
else:
response = {"message": "Only admins can see the list of users"}
send_json(self, response)
def delete(message_id):
allow = False
if users.is_admin():
allow = True
elif users.user_id() == get_sender(message_id):
allow = True
if allow:
sql = "DELETE FROM messages WHERE id=:message_id"
db.session.execute(sql, {"message_id": message_id})
db.session.commit()
def get(self):
token = self.request.get('token')
response = {}
if users.is_admin(token):
headings, sightings = jellyfish.get_recent()
response = {"headings": headings, "sightings": sightings}
else:
response = {"message": "Only admins can see the list of users"}
send_json(self, response)
def studentsList(id):
allow = False
if users.is_admin(users.user_id()) or users.is_teacher(users.user_id()):
allow = True
students = courses.students_in_course(id)
title = courses.get_course_with_id(id)[1]
return render_template("students.html",
title=title,
students=students,
allow=allow,
id=id)
def thread(id):
if users.is_admin():
list = threads.get_thread_with_invisible(id)
else:
list = threads.get_thread(id)
thread_attributes = threads.get_thread_attributes(id)
return render_template("thread.html",
count=len(list),
messages=list,
id=id,
thread_attributes=thread_attributes)
def admin_list_users():
"""admin function to list users"""
usr = verify_user()
if not usr or not users.is_admin(usr["email"]):
raise EXCEPTION_UNAUTHORIZED
return [{
"name": usr["name"],
"email": usr["email"]
} for usr in users.get_users()]
def lesson(id):
user_id = session["user_id"]
if users.is_admin(user_id):
lesson = lessons.lesson_information(id)
participants = lessons.get_participants(id)
return render_template("/lesson.html",
id=id,
lesson_information=lesson,
participants=participants)
else:
abort(403)
def deletebook():
if users.is_admin():
book_id = request.form["id"]
if books.delete_book(book_id):
return redirect("/")
else:
return render_template("error.html",
message="Kirjan poistaminen ei onnistunut")
else:
return render_template("error.html",
message="Ei oikeuksia poistaa kirjaa")
def admin_new_user():
"""admin function to add new users"""
usr = verify_user()
if not usr or not users.is_admin(usr["email"]):
raise EXCEPTION_UNAUTHORIZED
name = get_req("name")
email = get_req("email")
return users.new_user({"email": email, "name": name})
def result(query, order):
if order == "ASC":
if users.is_admin():
sql = """SELECT M.content, U.username, M.created_at, M.user_id, M.id,
M.visible, T.topic, T.id, M.edited_at
FROM messages M, users U, threads T
WHERE (M.content ILIKE :query OR T.topic ILIKE :query) AND M.user_id=U.id AND M.thread_id=T.id
ORDER BY M.created_at ASC"""
else:
sql = """SELECT M.content, U.username, M.created_at, M.user_id, M.id,
M.visible, T.topic, T.id, M.edited_at
FROM messages M, users U, threads T
WHERE (M.content ILIKE :query OR T.topic ILIKE :query) AND M.user_id=U.id AND M.thread_id=T.id
AND M.visible=true
ORDER BY M.created_at ASC"""
else:
if users.is_admin():
sql = """SELECT M.content, U.username, M.created_at, M.user_id, M.id,
M.visible, T.topic, T.id, M.edited_at
FROM messages M, users U, threads T
WHERE (M.content ILIKE :query OR T.topic ILIKE :query) AND M.user_id=U.id AND M.thread_id=T.id
ORDER BY M.created_at DESC"""
else:
sql = """SELECT M.content, U.username, M.created_at, M.user_id, M.id,
M.visible, T.topic, T.id, M.edited_at
FROM messages M, users U, threads T
WHERE (M.content ILIKE :query OR T.topic ILIKE :query) AND M.user_id=U.id AND M.thread_id=T.id
AND M.visible=true
ORDER BY M.created_at DESC"""
# this would be better, but doesn't work for some reason
#sql = """SELECT M.content, U.username, M.created_at, M.user_id, M.id,
# M.visible, T.topic, T.id, M.edited_at
# FROM messages M, users U, threads T
# WHERE (M.content ILIKE :query OR T.topic ILIKE :query) AND M.user_id=U.id AND M.thread_id=T.id
# AND M.visible=true
# ORDER BY M.created_at :order"""
#result = db.session.execute(sql, {"query":"%"+query+"%", "order":"%"+order+"%"})
result = db.session.execute(sql, {"query": "%" + query + "%"})
return result.fetchall()
def graveyard():
if users.is_admin():
user = request.args.get('resurrect', 0)
if user == 0:
buried = users.get_graveyard()
return render_template("graveyard.html", buried=buried)
else:
if users.raise_dead(user):
return redirect("/users")
else:
return render_template("error.html", message="Virhe pelaajan poistossa")
else: return render_template("error.html", message="Ei oikeutta")
def edit_user(id):
if users.is_admin() or users.user_id() == id:
form = EditInfoForm(request.form)
user = users.get_user(id)
if players.is_player(id):
player_id = players.get_player_id(id)
player = players.get_player(player_id[0])
return render_template("edit_user.html", user=user, player=player, form=form)
else:
return render_template("edit_user.html", user=user, form=form)
else:
return render_template("error.html", message="Ei oikeutta")
def delete_thread(id):
allow = False
if users.logged():
if threads.get_thread(id)[0][3] == users.user_id():
allow = True
elif users.is_admin():
allow = True
if not allow:
return redirect("/thread/" + str(id) + "/0/4")
if session["csrf_token"] != request.form["csrf_token"]:
return abort(403)
threads.delete(id)
return redirect("/")
def book(id):
book = books.get_book(id)
admin = users.is_admin()
return render_template("book.html",
name=book[0],
genre=book[1],
author=book[2],
id=id,
admin=admin,
publisher=book[3],
published_in=book[4],
year=book[5],
isbn=book[6])
def remove_restaurant():
if not users.is_admin():
return render_template("forbidden.html", message="Sinulla ei ole oikeutta nähdä tätä sivua")
if request.method == "GET":
restaurantnames = restaurants.get_list()
return render_template("remove_restaurant.html", restaurants=restaurantnames)
if request.method == "POST":
restaurant_id = request.form["restaurant_to_be_removed"]
check_csfr(request.form["csrf_token"], users.get_csrf())
restaurants.remove_restaurant(restaurant_id)
return redirect("/")
def hide(id):
allow = False
if users.is_admin():
allow = True
elif users.user_id() == get_user_id(id):
allow = True
if allow:
sql = "UPDATE messages SET visible=false WHERE id=:id"
db.session.execute(sql, {"id": id})
db.session.commit()
return True
else:
return False
def post(self):
token = self.request.get('token')
response = {}
if users.is_admin(token):
email = self.request.get('email')
user = users.User.with_email(email)
if user:
user.key.delete()
response = {"success": True}
else:
response = {"success": False, "message": "No user with this email found"}
else:
response = {"success": False, "message": "Only admins can delete users"}
send_json(self, response)
def course(id):
course = courses.get_course_with_id(id)
title = course[1]
description = course[2]
level = course[3]
content = course[4]
keyword = course[5]
#check rights
status = False
if users.is_teacher(users.user_id()) or users.is_admin(users.user_id()):
status = True
#get questions and choices
questionlist = questions.get_questions_with_course_id(id)
return render_template("course.html", title=title, description = description, level=level, \
content=content, keyword=keyword, id=id, questions=questionlist, status=status)
def showuser(id):
allow = False
if (users.is_admin(users.user_id())):
allow = True
if (users.user_id() == id) or allow:
user = users.user_all(id)
firstname = user[1]
lastname = user[2]
username = user[3]
status = user[5]
return render_template("showuser.html", id=id, firstname=firstname, lastname=lastname, \
username=username, status=status, allow=allow)
else:
return render_template(
"error.html", message="Sinulla ei ole oikeutta nähdä tätä sivua")
def leave():
if users.is_teacher(users.user_id()) or users.is_admin(users.user_id()):
course_id = request.form["course_id"]
student_id = request.form["student_id"]
if students.leave_course(student_id, course_id):
return redirect("/courses/" + str(course_id) + "/students")
else:
return render_template(
"error.html", message="Kurssilta poistaminen ei onnistunut")
else:
course_id = request.form["course_id"]
if students.leave_course(users.user_id(), course_id):
return redirect("/welcome")
else:
return render_template(
"error.html", message="Kurssilta poistuminen ei onnistunut")
def reject_user_from_group(group_id, username):
if users.is_admin() or (users.authenticated
and group_id in [n.id for n in get_user_groups()]):
try:
# Remove user request with username to group
sql = """UPDATE groups
SET requests=array_remove(requests,(SELECT id FROM users WHERE username=:username))
WHERE id=:group_id"""
db.session.execute(sql, {
"username": username,
"group_id": group_id
})
db.session.commit()
return True
except:
return False
def handle_tell(who, what):
who = who.lstrip()
for user in users_not_to_answer:
if re.search(user, who, flags=re.IGNORECASE):
print('Ignoring user {}'.format(who))
return
what = what.lstrip()
if re.search('^play$', what, flags=re.IGNORECASE):
tell(who, 'Not implemented')
# TODO: call function starting the game here.
elif re.search('^ngames', what, flags=re.IGNORECASE):
qtell(who, 'Pending games:\n{}'.format(pending.get_pending_as_string()))
elif re.search('^observe', what, flags=re.IGNORECASE):
if users.is_admin(who) or users.is_td(who):
# Ask the bot to observe particular game.
observe(who, what)
else:
tell(who, 'Command unknown: {}'.format(what))
else:
tell(who, 'Command unknown: {}'.format(what))
