def prepare(self, data):
if self.request['session']['role'] != 'admin':
if data.get('external_ticket_url'):
raise JsonErrors.HTTPForbidden(
message='external_ticket_url may only be set by admins')
elif data.get('external_donation_url'):
raise JsonErrors.HTTPForbidden(
message='external_donation_url may only be set by admins')
timezone: TzInfo = data.pop('timezone', None)
if timezone:
data['timezone'] = str(timezone)
date = data.pop('date', None)
if date:
dt, duration = prepare_event_start(date['dt'], date['dur'],
timezone)
data.update(
start_ts=dt,
duration=duration,
)
loc = data.pop('location', None)
if loc:
data.update(
location_name=loc['name'],
location_lat=loc['lat'],
location_lng=loc['lng'],
)
return data
async def check_permissions(self):
await check_session(self.request, 'admin', 'host')
await _check_event_permissions(self.request, check_upcoming=True)
user_status = await self.conn.fetchrow(
'SELECT status FROM users WHERE id=$1', self.session['user_id'])
if self.session['role'] != 'admin' and user_status != 'active':
raise JsonErrors.HTTPForbidden(message='Host not active')
def prepare(self, data):
if data.get('external_ticket_url') and self.request['session']['role'] != 'admin':
raise JsonErrors.HTTPForbidden(message='external_ticket_url may only be set by admins')
date = data.pop('date', None)
timezone: TzInfo = data.pop('timezone', None)
if timezone:
data['timezone'] = str(timezone)
if date:
dt: datetime = timezone.localize(date['dt'].replace(tzinfo=None))
duration: Optional[int] = date['dur']
if duration:
duration = timedelta(seconds=duration)
else:
dt = datetime(dt.year, dt.month, dt.day)
data.update(
start_ts=dt,
duration=duration,
)
loc = data.pop('location', None)
if loc:
data.update(
location_name=loc['name'],
location_lat=loc['lat'],
location_lng=loc['lng'],
)
return data
async def user_tickets(request):
user_id = int(request.match_info['pk'])
if request['session']['role'] != 'admin' and user_id != request['session']['user_id']:
raise JsonErrors.HTTPForbidden(message='wrong user')
json_str = await request['conn'].fetchval(user_tickets_sql, user_id)
return raw_json_response(json_str)
async def event_tickets(request):
event_id = int(request.match_info['id'])
if request['session']['user_role'] == 'host':
host_id = await request['conn'].fetchval('SELECT host FROM events WHERE id=$1', event_id)
if host_id != request['session']['user_id']:
raise JsonErrors.HTTPForbidden(message='use is not the host of this event')
json_str = await request['conn'].fetchval(event_ticket_sql, event_id, request['company_id'])
return raw_json_response(json_str)
async def _check_event_permissions(request, check_upcoming=False):
event_id = int(request.match_info['id'])
r = await request['conn'].fetchrow(
"""
SELECT host, start_ts
FROM events AS e
JOIN categories AS cat ON e.category = cat.id
WHERE e.id=$1 AND cat.company=$2
""", event_id, request['company_id'])
if not r:
raise JsonErrors.HTTPNotFound(message='event not found')
host_id, start_ts = r
if request['session']['role'] != 'admin':
if host_id != request['session']['user_id']:
raise JsonErrors.HTTPForbidden(message='user is not the host of this event')
if check_upcoming and start_ts < datetime.utcnow().replace(tzinfo=timezone.utc):
raise JsonErrors.HTTPForbidden(message="you can't modify past events")
return event_id
async def check_permissions(self, method):
await check_session(self.request, 'admin')
if int(self.request.match_info['pk']) != self.request['company_id']:
raise JsonErrors.HTTPForbidden(message='wrong company')
