def _review(self, id):
"""Review a proposal.
"""
c.proposal = Proposal.find_by_id(id)
c.signed_in_person = h.signed_in_person()
c.next_review_id = Proposal.find_next_proposal(c.proposal.id, c.proposal.type.id, c.signed_in_person.id)
# TODO: currently not enough (see TODOs in model/proposal.py)
#if not h.auth.authorized(h.auth.has_organiser_role):
# # You can't review your own proposal
# for person in c.proposal.people:
# if person.id == c.signed_in_person.id:
# h.auth.no_role()
person = c.signed_in_person
if person in [ review.reviewer for review in c.proposal.reviews]:
h.flash('Already reviewed')
return redirect_to(action='review', id=c.next_review_id)
results = self.form_result['review']
review = Review(**results)
meta.Session.add(review)
c.proposal.reviews.append(review)
review.reviewer = person
meta.Session.commit()
if c.next_review_id:
return redirect_to(action='review', id=c.next_review_id)
h.flash("No more papers to review")
return redirect_to(action='review_index')
def summary(self):
for pt in c.proposal_types:
stuff = Proposal.find_all_by_proposal_type_id(pt.id, include_withdrawn=False)
stuff.sort(self._score_sort)
setattr(c, '%s_collection' % pt.name, stuff)
for aat in c.accommodation_assistance_types:
stuff = Proposal.find_all_by_accommodation_assistance_type_id(aat.id)
setattr(c, '%s_collection' % aat.name, stuff)
for tat in c.travel_assistance_types:
stuff = Proposal.find_all_by_travel_assistance_type_id(tat.id)
setattr(c, '%s_collection' % tat.name, stuff)
return render('proposal/summary.mako')
def summary(self):
for pt in c.proposal_types:
stuff = Proposal.find_all_by_proposal_type_id(
pt.id, include_withdrawn=False)
stuff.sort(self._score_sort)
setattr(c, '%s_collection' % pt.name, stuff)
for aat in c.accommodation_assistance_types:
stuff = Proposal.find_all_by_accommodation_assistance_type_id(
aat.id)
setattr(c, '%s_collection' % aat.name, stuff)
for tat in c.travel_assistance_types:
stuff = Proposal.find_all_by_travel_assistance_type_id(tat.id)
setattr(c, '%s_collection' % tat.name, stuff)
return render('proposal/summary.mako')
def review(self, id):
c.streams = Stream.select_values()
c.proposal = Proposal.find_by_id(id)
c.signed_in_person = h.signed_in_person()
# TODO: currently not enough (see TODOs in model/proposal.py)
#if not h.auth.authorized(h.auth.has_organiser_role):
# # You can't review your own proposal
# for person in c.proposal.people:
# if person.id == c.signed_in_person.id:
# h.auth.no_role()
c.next_review_id = Proposal.find_next_proposal(c.proposal.id, c.proposal.type.id, c.signed_in_person.id)
return render('/proposal/review.mako')
def _edit(self, id):
# We need to recheck auth in here so we can pass in the id
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_submitter(id), h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
if not h.auth.authorized(h.auth.has_organiser_role):
if c.paper_editing == 'closed' and not h.auth.authorized(h.auth.has_late_submitter_role):
return render("proposal/editing_closed.mako")
elif c.paper_editing == 'not_open':
return render("proposal/editing_not_open.mako")
c.proposal = Proposal.find_by_id(id)
for key in self.form_result['proposal']:
setattr(c.proposal, key, self.form_result['proposal'][key])
c.proposal.abstract = self.clean_abstract(c.proposal.abstract)
c.person = self.form_result['person_to_edit']
if (c.person.id == h.signed_in_person().id or
h.auth.authorized(h.auth.has_organiser_role)):
for key in self.form_result['person']:
setattr(c.person, key, self.form_result['person'][key])
p_edit = "and author"
else:
p_edit = "(but not author)"
meta.Session.commit()
if lca_info['proposal_update_email'] != '':
body = "Subject: %s Proposal Updated\n\nID: %d\nTitle: %s\nType: %s\nURL: %s" % (h.lca_info['event_name'], c.proposal.id, c.proposal.title, c.proposal.type.name.lower(), "http://" + h.host_name() + h.url_for(action="view"))
email(lca_info['proposal_update_email'], body)
h.flash("Proposal %s edited!"%p_edit)
return redirect_to('/proposal')
def withdraw(self, id):
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_submitter(id), h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.proposal = Proposal.find_by_id(id)
return render("/proposal/withdraw.mako")
def _new(self):
person_results = self.form_result['person']
proposal_results = self.form_result['proposal']
attachment_results = self.form_result['attachment']
proposal_results['status'] = ProposalStatus.find_by_name('Pending')
c.proposal = Proposal(**proposal_results)
meta.Session.add(c.proposal)
if not h.signed_in_person():
c.person = model.Person(**person_results)
meta.Session.add(c.person)
email(c.person.email_address,
render('/person/new_person_email.mako'))
else:
c.person = h.signed_in_person()
for key in person_results:
setattr(c.person, key, self.form_result['person'][key])
c.person.proposals.append(c.proposal)
if attachment_results is not None:
c.attachment = Attachment(**attachment_results)
c.proposal.attachments.append(c.attachment)
meta.Session.add(c.attachment)
meta.Session.commit()
email(c.person.email_address,
render('proposal/thankyou_mini_email.mako'))
h.flash("Proposal submitted!")
return redirect_to(controller='proposal', action="index", id=None)
def check(self, app, environ, start_response):
if not environ.get('REMOTE_USER'):
set_redirect()
raise NotAuthenticatedError('Not Authenticated')
person = Person.find_by_email(environ['REMOTE_USER'])
if person is None:
environ['auth_failure'] = 'NO_USER'
raise NotAuthorizedError(
'You are not one of the users allowed to access this resource.'
)
proposal = Proposal.find_by_id(self.proposal_id)
if proposal is None:
raise NotAuthorizedError(
"Proposal doesn't exist"
)
if person not in proposal.people:
set_role("User doesn't have any of the specified roles")
raise NotAuthorizedError(
"User doesn't have any of the specified roles"
)
return app(environ, start_response)
def review(self, id):
c.streams = Stream.select_values()
c.proposal = Proposal.find_by_id(id)
c.signed_in_person = h.signed_in_person()
# TODO: currently not enough (see TODOs in model/proposal.py)
#if not h.auth.authorized(h.auth.has_organiser_role):
# # You can't review your own proposal
# for person in c.proposal.people:
# if person.id == c.signed_in_person.id:
# h.auth.no_role()
c.next_review_id = Proposal.find_next_proposal(c.proposal.id,
c.proposal.type.id,
c.signed_in_person.id)
return render('/proposal/review.mako')
def review_index(self):
c.person = h.signed_in_person()
c.num_proposals = 0
reviewer_role = Role.find_by_name('reviewer')
c.num_reviewers = len(reviewer_role.people)
for pt in c.proposal_types:
stuff = Proposal.find_all_by_proposal_type_id(pt.id, include_withdrawn=False)
c.num_proposals += len(stuff)
setattr(c, '%s_collection' % pt.name, stuff)
for aat in c.accommodation_assistance_types:
stuff = Proposal.find_all_by_accommodation_assistance_type_id(aat.id)
setattr(c, '%s_collection' % aat.name, stuff)
for tat in c.travel_assistance_types:
stuff = Proposal.find_all_by_travel_assistance_type_id(tat.id)
setattr(c, '%s_collection' % tat.name, stuff)
return render('proposal/list_review.mako')
def withdraw(self, id):
if not h.auth.authorized(
h.auth.Or(h.auth.is_same_zookeepr_submitter(id),
h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.proposal = Proposal.find_by_id(id)
return render("/proposal/withdraw.mako")
def view(self, id):
# We need to recheck auth in here so we can pass in the id
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_submitter(id), h.auth.has_organiser_role, h.auth.has_reviewer_role)):
# Raise a no_auth error
h.auth.no_role()
c.proposal = Proposal.find_by_id(id)
return render('proposal/view.mako')
def review_index(self):
c.person = h.signed_in_person()
c.num_proposals = 0
reviewer_role = Role.find_by_name('reviewer')
c.num_reviewers = len(reviewer_role.people)
for pt in c.proposal_types:
stuff = Proposal.find_all_by_proposal_type_id(
pt.id, include_withdrawn=False)
c.num_proposals += len(stuff)
setattr(c, '%s_collection' % pt.name, stuff)
for aat in c.accommodation_assistance_types:
stuff = Proposal.find_all_by_accommodation_assistance_type_id(
aat.id)
setattr(c, '%s_collection' % aat.name, stuff)
for tat in c.travel_assistance_types:
stuff = Proposal.find_all_by_travel_assistance_type_id(tat.id)
setattr(c, '%s_collection' % tat.name, stuff)
return render('proposal/list_review.mako')
def view(self, id):
# We need to recheck auth in here so we can pass in the id
if not h.auth.authorized(
h.auth.Or(h.auth.is_same_zookeepr_submitter(id),
h.auth.has_organiser_role,
h.auth.has_reviewer_role)):
# Raise a no_auth error
h.auth.no_role()
c.proposal = Proposal.find_by_id(id)
return render('proposal/view.mako')
def _approve(self):
c.highlight = set()
talks = self.form_result['talk']
statuses = self.form_result['status']
for talk, status in zip(talks, statuses):
if status is not None:
c.highlight.add(talk.id)
talk.status = status
meta.Session.commit()
c.proposals = Proposal.find_all()
c.statuses = ProposalStatus.find_all()
return render("proposal/approve.mako")
def _approve(self):
c.highlight = set()
talks = self.form_result['talk']
statuses = self.form_result['status']
for talk, status in zip(talks, statuses):
if status is not None:
c.highlight.add(talk.id)
talk.status = status
meta.Session.commit()
c.proposals = Proposal.find_all()
c.statuses = ProposalStatus.find_all()
return render("proposal/approve.mako")
def _review(self, id):
"""Review a proposal.
"""
c.proposal = Proposal.find_by_id(id)
c.signed_in_person = h.signed_in_person()
c.next_review_id = Proposal.find_next_proposal(c.proposal.id,
c.proposal.type.id,
c.signed_in_person.id)
# TODO: currently not enough (see TODOs in model/proposal.py)
#if not h.auth.authorized(h.auth.has_organiser_role):
# # You can't review your own proposal
# for person in c.proposal.people:
# if person.id == c.signed_in_person.id:
# h.auth.no_role()
person = c.signed_in_person
if person in [review.reviewer for review in c.proposal.reviews]:
h.flash('Already reviewed')
return redirect_to(action='review', id=c.next_review_id)
results = self.form_result['review']
review = Review(**results)
meta.Session.add(review)
c.proposal.reviews.append(review)
review.reviewer = person
meta.Session.commit()
if c.next_review_id:
return redirect_to(action='review', id=c.next_review_id)
h.flash("No more papers to review")
return redirect_to(action='review_index')
def delete(self, id):
c.attachment = Attachment.find_by_id(id)
c.proposal = Proposal.find_by_id(c.attachment.proposal_id)
if not h.auth.authorized(h.auth.has_organiser_role):
authorized = False
for person in c.proposal.people:
if person.id == h.signed_in_person().id:
authorized = True
break
if not authorized:
# Raise a no_auth error
h.auth.no_role()
return render('/attachment/confirm_delete.mako')
def delete(self, id):
c.attachment = Attachment.find_by_id(id)
c.proposal = Proposal.find_by_id(c.attachment.proposal_id)
if not h.auth.authorized(h.auth.has_organiser_role):
authorized = False
for person in c.proposal.people:
if person.id == h.signed_in_person().id:
authorized = True
break
if not authorized:
# Raise a no_auth error
h.auth.no_role()
return render("/attachment/confirm_delete.mako")
def _withdraw(self, id):
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_submitter(id), h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.proposal = Proposal.find_by_id(id)
status = ProposalStatus.find_by_name('Withdrawn')
c.proposal.status = status
meta.Session.commit()
c.person = h.signed_in_person()
# Make sure the organisers are notified of this
c.email_address = h.lca_info['emails'][c.proposal.type.name.lower()]
email(c.email_address, render('/proposal/withdraw_email.mako'))
h.flash("Proposal withdrawn. The organisers have been notified.")
return redirect_to(controller='proposal', action="index", id=None)
def _delete(self, id):
c.attachment = Attachment.find_by_id(id)
proposal = Proposal.find_by_id(c.attachment.proposal_id)
if not h.auth.authorized(h.auth.has_organiser_role):
authorized = False
for person in proposal.people:
if person.id == h.signed_in_person().id:
authorized = True
break
if not authorized:
# Raise a no_auth error
h.auth.no_role()
meta.Session.delete(c.attachment)
meta.Session.commit()
h.flash("Attachment Deleted")
redirect_to(controller="proposal", action="view", id=proposal.id)
def _delete(self, id):
c.attachment = Attachment.find_by_id(id)
proposal = Proposal.find_by_id(c.attachment.proposal_id)
if not h.auth.authorized(h.auth.has_organiser_role):
authorized = False
for person in proposal.people:
if person.id == h.signed_in_person().id:
authorized = True
break
if not authorized:
# Raise a no_auth error
h.auth.no_role()
meta.Session.delete(c.attachment)
meta.Session.commit()
h.flash("Attachment Deleted")
redirect_to(controller='proposal', action='view', id=proposal.id)
def edit(self, id):
# We need to recheck auth in here so we can pass in the id
if not h.auth.authorized(
h.auth.Or(h.auth.is_same_zookeepr_submitter(id),
h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
if not h.auth.authorized(h.auth.has_organiser_role):
if c.paper_editing == 'closed' and not h.auth.authorized(
h.auth.has_late_submitter_role):
return render("proposal/editing_closed.mako")
elif c.paper_editing == 'not_open':
return render("proposal/editing_not_open.mako")
c.proposal = Proposal.find_by_id(id)
c.person = c.proposal.people[0]
for person in c.proposal.people:
if h.signed_in_person() == person:
c.person = person
defaults = h.object_to_defaults(c.proposal, 'proposal')
defaults.update(h.object_to_defaults(c.person, 'person'))
defaults['person.name'] = c.person.firstname + " " + c.person.lastname
# This is horrible, don't know a better way to do it
if c.proposal.type:
defaults['proposal.type'] = defaults['proposal.proposal_type_id']
if c.proposal.travel_assistance:
defaults['proposal.travel_assistance'] = defaults[
'proposal.travel_assistance_type_id']
if c.proposal.accommodation_assistance:
defaults['proposal.accommodation_assistance'] = defaults[
'proposal.accommodation_assistance_type_id']
if c.proposal.audience:
defaults['proposal.audience'] = defaults[
'proposal.target_audience_id']
defaults['person_to_edit'] = c.person.id
defaults['name'] = c.person.firstname + " " + c.person.lastname
c.miniconf = (c.proposal.type.name == 'Miniconf')
form = render('/proposal/edit.mako')
return htmlfill.render(form, defaults)
def _withdraw(self, id):
if not h.auth.authorized(
h.auth.Or(h.auth.is_same_zookeepr_submitter(id),
h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.proposal = Proposal.find_by_id(id)
status = ProposalStatus.find_by_name('Withdrawn')
c.proposal.status = status
meta.Session.commit()
c.person = h.signed_in_person()
# Make sure the organisers are notified of this
c.email_address = h.lca_info['emails'][c.proposal.type.name.lower()]
email(c.email_address, render('/proposal/withdraw_email.mako'))
h.flash("Proposal withdrawn. The organisers have been notified.")
return redirect_to(controller='proposal', action="index", id=None)
def _attach(self, id):
"""Attach a file to the proposal.
"""
# We need to recheck auth in here so we can pass in the id
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_submitter(id), h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.proposal = Proposal.find_by_id(id)
attachment_results = self.form_result['attachment']
attachment = Attachment(**attachment_results)
c.proposal.attachments.append(attachment)
meta.Session.commit()
h.flash("File was attached")
return redirect_to(action='view', id=id)
def _edit(self, id):
# We need to recheck auth in here so we can pass in the id
if not h.auth.authorized(
h.auth.Or(h.auth.is_same_zookeepr_submitter(id),
h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
if not h.auth.authorized(h.auth.has_organiser_role):
if c.paper_editing == 'closed' and not h.auth.authorized(
h.auth.has_late_submitter_role):
return render("proposal/editing_closed.mako")
elif c.paper_editing == 'not_open':
return render("proposal/editing_not_open.mako")
c.proposal = Proposal.find_by_id(id)
for key in self.form_result['proposal']:
setattr(c.proposal, key, self.form_result['proposal'][key])
c.proposal.abstract = self.clean_abstract(c.proposal.abstract)
c.person = self.form_result['person_to_edit']
if (c.person.id == h.signed_in_person().id
or h.auth.authorized(h.auth.has_organiser_role)):
for key in self.form_result['person']:
setattr(c.person, key, self.form_result['person'][key])
p_edit = "and author"
else:
p_edit = "(but not author)"
meta.Session.commit()
if lca_info['proposal_update_email'] != '':
body = "Subject: %s Proposal Updated\n\nID: %d\nTitle: %s\nType: %s\nURL: %s" % (
h.lca_info['event_name'], c.proposal.id, c.proposal.title,
c.proposal.type.name.lower(),
"http://" + h.host_name() + h.url_for(action="view"))
email(lca_info['proposal_update_email'], body)
h.flash("Proposal %s edited!" % p_edit)
return redirect_to('/proposal')
def _new(self):
if c.cfp_status == 'closed':
if not h.auth.authorized(
h.auth.Or(h.auth.has_organiser_role,
h.auth.has_late_submitter_role)):
return render("proposal/closed.mako")
elif c.cfp_status == 'not_open':
return render("proposal/not_open.mako")
person_results = self.form_result['person']
proposal_results = self.form_result['proposal']
attachment_results = self.form_result['attachment']
proposal_results['status'] = ProposalStatus.find_by_name('Pending')
c.proposal = Proposal(**proposal_results)
c.proposal.abstract = self.clean_abstract(c.proposal.abstract)
meta.Session.add(c.proposal)
if not h.signed_in_person():
c.person = model.Person(**person_results)
meta.Session.add(c.person)
email(c.person.email_address,
render('/person/new_person_email.mako'))
else:
c.person = h.signed_in_person()
for key in person_results:
setattr(c.person, key, self.form_result['person'][key])
c.person.proposals.append(c.proposal)
if attachment_results is not None:
attachment = Attachment(**attachment_results)
c.proposal.attachments.append(attachment)
meta.Session.add(attachment)
meta.Session.commit()
email(c.person.email_address, render('proposal/thankyou_email.mako'))
h.flash("Proposal submitted!")
return redirect_to(controller='proposal', action="index", id=None)
def _attach(self, id):
"""Attach a file to the proposal.
"""
# We need to recheck auth in here so we can pass in the id
if not h.auth.authorized(
h.auth.Or(h.auth.is_same_zookeepr_submitter(id),
h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.proposal = Proposal.find_by_id(id)
attachment_results = self.form_result['attachment']
attachment = Attachment(**attachment_results)
c.proposal.attachments.append(attachment)
meta.Session.commit()
h.flash("File was attached")
return redirect_to(action='view', id=id)
def view(self, id):
attachment = Attachment.find_by_id(id)
proposal = Proposal.find_by_id(attachment.proposal_id)
if not h.auth.authorized(h.auth.has_organiser_role):
authorized = False
for person in proposal.people:
if h.auth.is_same_zookeepr_user(person.id):
authorized = True
break
if not authorized:
# Raise a no_auth error
h.auth.no_role()
response.headers["content-type"] = attachment.content_type.encode("ascii", "ignore")
response.headers.add("content-transfer-encoding", "binary")
response.headers.add("content-length", len(attachment.content))
response.headers["content-disposition"] = 'attachment; filename="%s";' % attachment.filename.encode(
"ascii", "ignore"
)
response.headers.add("Pragma", "cache")
response.headers.add("Cache-Control", "max-age=3600,public")
return attachment.content
def edit(self, id):
# We need to recheck auth in here so we can pass in the id
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_submitter(id), h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
if not h.auth.authorized(h.auth.has_organiser_role):
if c.paper_editing == 'closed' and not h.auth.authorized(h.auth.has_late_submitter_role):
return render("proposal/editing_closed.mako")
elif c.paper_editing == 'not_open':
return render("proposal/editing_not_open.mako")
c.proposal = Proposal.find_by_id(id)
c.person = c.proposal.people[0]
for person in c.proposal.people:
if h.signed_in_person() == person:
c.person = person
defaults = h.object_to_defaults(c.proposal, 'proposal')
defaults.update(h.object_to_defaults(c.person, 'person'))
defaults['person.name'] = c.person.firstname + " " + c.person.lastname
# This is horrible, don't know a better way to do it
if c.proposal.type:
defaults['proposal.type'] = defaults['proposal.proposal_type_id']
if c.proposal.travel_assistance:
defaults['proposal.travel_assistance'] = defaults['proposal.travel_assistance_type_id']
if c.proposal.accommodation_assistance:
defaults['proposal.accommodation_assistance'] = defaults['proposal.accommodation_assistance_type_id']
if c.proposal.audience:
defaults['proposal.audience'] = defaults['proposal.target_audience_id']
defaults['person_to_edit'] = c.person.id
defaults['name'] = c.person.firstname + " " + c.person.lastname
c.miniconf = (c.proposal.type.name == 'Miniconf')
form = render('/proposal/edit.mako')
return htmlfill.render(form, defaults)
def view(self, id):
attachment = Attachment.find_by_id(id)
proposal = Proposal.find_by_id(attachment.proposal_id)
if not h.auth.authorized(h.auth.has_organiser_role):
authorized = False
for person in proposal.people:
if h.auth.is_same_zookeepr_user(person.id):
authorized = True
break
if not authorized:
# Raise a no_auth error
h.auth.no_role()
response.headers['content-type'] = attachment.content_type.encode(
'ascii', 'ignore')
response.headers.add('content-transfer-encoding', 'binary')
response.headers.add('content-length', len(attachment.content))
response.headers[
'content-disposition'] = 'attachment; filename="%s";' % attachment.filename.encode(
'ascii', 'ignore')
response.headers.add('Pragma', 'cache')
response.headers.add('Cache-Control', 'max-age=3600,public')
return attachment.content
def _to_python(self, value, state):
return Proposal.find_by_id(int(value))
def approve(self):
c.highlight = set()
c.proposals = Proposal.find_all()
c.statuses = ProposalStatus.find_all()
return render("proposal/approve.mako")
def _to_python(self, value, state):
return Proposal.find_by_id(int(value))
def approve(self):
c.highlight = set()
c.proposals = Proposal.find_all()
c.statuses = ProposalStatus.find_all()
return render("proposal/approve.mako")
