def reject(group_id, request_id):
group = get_object_or_404(Group, Group.id == group_id)
user = User.query.get(session['user_id'])
if user in group.admins:
request = get_object_or_404(GroupRequest,
GroupRequest.id == request_id)
request.reject()
flash('Request rejected')
return redirect(url_for('admin.group_requests', group_id=group_id))
def update_records_label(record_uid):
record = get_object_or_404(Record, record_uid)
data = request.get_json()
label_uid = data.pop('label_uid')
if label_uid is not None:
get_object_or_404(Label, label_uid)
record.label_uid = label_uid
db.session.add(record)
db.session.commit()
return record.to_dict()
def make_admin(group_id, user_id):
admin = User.query.get(session['user_id'])
group = get_object_or_404(Group, Group.id == group_id)
if group.is_admin(admin): #check if current user is an admin
user = get_object_or_404(User, User.id == user_id)
group.make_admin(user)
redirect(url_for('groups.members', group_id=group_id))
else:
flash('You do not have permission for that')
redirect(url_for('groups.group_page', group_id=group_id))
def remove_ban(group_id, user_id):
group = get_object_or_404(Group, Group.id == group_id)
user = get_object_or_404(User, User.id == user_id)
admin = User.query.get(session['user_id'])
if group.is_admin(admin):
group.banned_members.remove(user)
db.session.commit()
flash('User ban removed')
return redirect(url_for('admin.banned_members', group_id=group_id))
else:
flash('You do not have permission for that')
return redirect(url_for('groups.group_page', group_id=group_id))
def delete_post(group_id, post_id):
post = get_object_or_404(Post, Post.id == post_id)
group = get_object_or_404(Group, Group.id == group_id)
user = User.query.get(session['user_id'])
if post.poster == session['user_id'] or user in group.admins:
group.group_posts.remove(post)
db.session.commit()
post.delete()
flash('POST deleted')
return redirect(url_for('groups.group_page', group_id=group_id))
else:
flash("You do not have permission for that")
return redirect(url_for('posts.post', post_id=post_id))
def remove_member(group_id, user_id):
group = get_object_or_404(Group, Group.id == group_id)
admin = User.query.get(session['user_id'])
if group.is_admin(admin):
user = get_object_or_404(User, User.id == user_id)
if not group.is_admin(user):
group.members.remove(user)
group.banned_members.append(user) #add member to banned list
db.session.commit()
flash('Member removed')
else:
flash('Admins can remove admins')
return redirect(url_for('groups.members', group_id=group_id))
else:
flash('You do not have permission to remove someone from a group')
return redirect(url_for('groups.group_page', group_id=group_id))
def join_group(group_id):
group = get_object_or_404(Group,
Group.id == group_id) #check if group exists
user = User.query.get(session['user_id'])
if user not in group.banned_members:
if user not in group.members:
check = GroupRequest.query.filter_by(
user=session['user_id'],
group=group.id).first() #get friend request
if group.private:
if check == None: #if no request present
request = GroupRequest(
user=user.id,
group=group.id,
)
db.session.add(request)
db.session.commit()
flash('Group is private, request to join sent')
return redirect(url_for('users.my_profile'))
else:
flash('Request already sent')
else:
group.join(user)
else:
flash('You already joined this group')
else:
flash('You are banned from this group')
return redirect(url_for('groups.group_page', group_id=group_id))
def set_current_series(recorder_uid, series_uid=None):
recorder = get_object_or_404(Recorder, recorder_uid)
print(series_uid)
if series_uid is None:
recorder.current_series_uid = None
db.session.commit()
return (f'Current series of recorder {recorder.uid} unset.', 204)
series = get_object_or_404(Series, series_uid)
try:
recorder.current_series_uid = series_uid
db.session.commit()
return series.to_dict()
except exc.IntegrityError as ex:
db.session.rollback()
flask.abort(400, str(ex))
except ValueError as ex:
flask.abort(400, str(ex))
def download_record(record_uid):
record = get_object_or_404(Record, record_uid)
if not record.is_uploaded():
flask.abort(
404, "This record is registered but file has not been uploaded yet"
)
return flask.send_file(str(record.filepath),
attachment_filename=record.filepath.name)
def like_post(post_id, group_id):
post = get_object_or_404(Post, Post.id == post_id)
user = User.query.get(session['user_id'])
if user not in post.likes:
post.like(user)
elif user in post.likes:
post.unlike(user)
return redirect(url_for('groups.group_page', group_id=group_id))
def delete_series(series_uid):
series = get_object_or_404(Series, series_uid)
if series.records:
flask.abort(400, "Cannot delete non empty series")
if series.recorder.current_series_uid == series.uid:
flask.abort(400, "Cannot delete currently maintanded series")
db.session.delete(series)
return (f'Series {series_uid} deleted', 204)
def delete_friend(user_id):
friend = get_object_or_404(User, User.id == user_id)
user = User.query.get(session['user_id'])
if user.is_friend(friend):
user.delete_friend(friend)
flash('User removed from friends list')
return redirect(url_for('users.friends'))
else:
return redirect(url_for('users.friends'))
def reject(request_id):
request = get_object_or_404(FriendRequest, FriendRequest.id == request_id)
if session['user_id'] == request.user_sent_to:
request.reject()
flash('Request rejected')
return redirect(url_for('users.requests'))
else:
flash('Not allowed')
return redirect(url_for('users.requests'))
def new_record():
record_data = request.get_json()
recorder = flask.g.recorder
if record_data["series_uid"] not in [s.uid for s in recorder.serieses]:
flask.abort(403, "Recorder {} does not maintain series {}".format(
recorder.uid, record_data["series_uid"]
))
if record_data["label_uid"] is not None:
get_object_or_404(Label, record_data["label_uid"])
try:
record = Record(**record_data)
db.session.add(record)
db.session.commit()
return record.to_dict()
except exc.IntegrityError as ex:
db.session.rollback()
flask.abort(400, str(ex))
except ValueError as ex:
flask.abort(400, str(ex))
def leave_group(group_id):
user = User.query.get(session['user_id'])
group = get_object_or_404(Group, Group.id == group_id)
if user not in group.members:
flash('You can\'t leave a group you are not apart of')
elif group.is_admin(user):
flash('You can\'t leave a group you are an admin of')
else:
group.leave(session['user_id'])
return redirect(url_for('groups.groups'))
def delte_message(message_id):
message = get_object_or_404(Message, Message.id == message_id)
if session['user_id'] == message.user_to:
db.session.delete(message)
db.session.commit()
flash('Message deleted')
return redirect(url_for('messages.messages'))
elif session['user_id'] != message.user_to:
flash("You do not have permiession for that")
return redirect(url_for('messages.messages'))
def members(group_id):
user = User.query.get(session['user_id'])
group = get_object_or_404(Group, Group.id == group_id)
admins = group.admins
is_admin = group.is_admin(user) #check if the user is an admin
members = group.members
return render_template('members.html',
members=members,
admins=admins,
is_admin=is_admin,
group=group)
def admin_panel(group_id):
user = User.query.get(session['user_id'])
group = get_object_or_404(Group, Group.id == group_id)
if user in group.admins:
return render_template(
'admin.html',
group=group,
)
else:
flash('You are not an admin')
return redirect(url_for('groups.group_page', group_id=group_id))
def read_message(message_id):
message = get_object_or_404(Message, Message.id == message_id)
if session['user_id'] == message.user_to:
user_from = User.query.get(message.user_from)
message.read = True
return render_template('message.html',
message=message,
user_from=user_from)
else:
flash("You do not have permiession for that")
return redirect(url_for('messages.messages'))
def resend_password():
if request.method == 'POST':
user = get_object_or_404(User, User.email == request.form['email'])
token = generate_confirmation_token(user.email)
reset_url = url_for('users.reset_password',
token=token,
_external=True)
html = render_template('reset.html', reset_url=reset_url)
subject = "Reset Password"
send_email(user.email, subject, html)
flash('A reset password email has been sent.', 'success')
return redirect(url_for('users.login'))
return render_template('resend.html')
def resend_confirmation():
if request.method == 'POST':
user = get_object_or_404(User, User.email == request.form['email'])
token = generate_confirmation_token(user.email)
confirm_url = url_for('users.confirm_email',
token=token,
_external=True)
html = render_template('activate.html', confirm_url=confirm_url)
subject = "Please confirm your email"
send_email(user.email, subject, html)
flash('A new confirmation email has been sent.', 'success')
return redirect(url_for('users.login'))
return render_template('resend.html')
def group_page(group_id):
group = get_object_or_404(Group, Group.id == group_id)
print group.private
user = User.query.get(session['user_id'])
url = request.url_rule
admin = user in group.admins
posts = get_sort_posts(group, str(url))
member = user in group.members #check if user is member and grant certain privaliges if so
return render_template('group.html',
group=group,
user=user,
member=member,
posts=posts,
admin=admin)
def update_recorder(recorder_uid):
recorder = get_object_or_404(Recorder, recorder_uid)
recorder_data = request.get_json()
location_description = recorder_data.pop('location_description')
try:
if location_description is not None:
recorder.location_description = location_description
db.session.commit()
return recorder.to_dict()
except exc.IntegrityError as ex:
db.session.rollback()
flask.abort(400, str(ex))
except ValueError as ex:
flask.abort(400, str(ex))
def new_series():
series_data = request.get_json()
get_object_or_404(Recorder, series_data['recorder_uid'])
parameters = series_data.pop('parameters')
try:
try:
uid = parameters.pop('uid')
parameters_obj = get_object(RecordingParameters, uid)
except orm.exc.NoResultFound:
parameters_obj = RecordingParameters(uid=uid, **parameters)
except KeyError:
parameters_obj = RecordingParameters(**parameters)
db.session.add(parameters_obj)
db.session.commit()
series = Series(parameters_uid=parameters_obj.uid, **series_data)
db.session.add(series)
db.session.commit()
return series.to_dict()
except exc.IntegrityError as ex:
db.session.rollback()
flask.abort(400, str(ex))
except ValueError as ex:
flask.abort(400, str(ex))
return {}
def banned_members(group_id):
group = get_object_or_404(Group, Group.id == group_id)
admin = User.query.get(session['user_id'])
if group.is_admin(admin):
members = group.banned_members
admins = group.admins
return render_template('members.html',
members=members,
admins=admins,
banned=True,
is_admin=True,
group=group)
else:
flash('You do not have permission for that')
return redirect(url_for('groups.group_page', group_id=group_id))
def group_requests(group_id):
group = get_object_or_404(Group, Group.id == group_id)
if group.private:
requests = GroupRequest.query.filter_by(group=group_id)
users_from = []
for r in requests:
user = User.query.get(r.user)
users_from.append((r, user))
l = len(users_from)
return render_template('requests.html',
len=l,
users_from=users_from,
is_group=True,
group=group)
else:
flash("Group is public no requests")
return redirect(url_for('admin.admin_panel', group_id=group_id))
def change_privacy(group_id):
group = get_object_or_404(Group, Group.id == group_id)
user = User.query.get(session['user_id'])
if user in group.admins:
if group.private == True:
group.private = False
requests = GroupRequest.query.filter_by(group=group_id)
for r in requests:
r.accept(r.user, group.id)
flash('Group made public')
else:
group.private = True
flash('Group made private')
db.session.commit()
return redirect(url_for('admin.admin_panel', group_id=group_id))
else:
flash('You do not have permission for that')
return redirect(url_for('groups.group_page', group_id=group_id))
def update_series_parameters(series_uid):
series = get_object_or_404(Series, series_uid)
parameters = request.get_json()
try:
uid = parameters.pop('uid')
parameters_set = get_object(RecordingParameters, uid)
except orm.exc.NoResultFound:
parameters_set = RecordingParameters(uid=uid, **parameters)
except KeyError:
parameters_set = RecordingParameters(**parameters)
series.parameters_uid = parameters_set.uid
try:
db.session.add(parameters_set)
db.session.commit()
return parameters_set.to_dict()
except exc.IntegrityError as ex:
db.session.rollback()
flask.abort(400, str(ex))
except ValueError as ex:
flask.abort(400, str(ex))
def update_series(series_uid):
series = get_object_or_404(Series, series_uid)
series_data = request.get_json()
description = series_data.pop('description', None)
recorder_uid = series_data.pop('recorder_uid', None)
try:
if description is not None:
series.description = description
if recorder_uid is not None:
if series.records:
flask.abort(400,
"Cannot change recorder of non empty series")
series.recorder_uid = recorder_uid
db.session.commit()
return series.to_dict()
except exc.IntegrityError as ex:
db.session.rollback()
flask.abort(400, str(ex))
except ValueError as ex:
flask.abort(400, str(ex))
def profile(user_id):
user = get_object_or_404(User, User.id == user_id)
user_profile = user.id == session['user_id']
u = User.query.get(session['user_id'])
posts = Post.query.filter_by(poster=user.id, self_post=True)
posts = [(x, x.time_posted) for x in posts]
posts.sort(key=lambda x: x[1])
posts.reverse()
friends = u in user.friends #check if the user is friends with the user
if request.method == 'POST':
print request.form
message = Message(user_to=User.query.get(user_id),
user_from=User.query.get(session['user_id']),
content=request.form['message'])
db.session.add(message)
db.session.commit()
return render_template('user.html',
user=user,
user_profile=user_profile,
friends=friends,
posts=posts)
