def get_current_admin_guide(): module_name = request.blueprint admin_guide = Page.get_by_path('guides/admin/' + module_name) if not admin_guide or not ModuleAPI.can_write(module_name): admin_revision = PageRevision(None, None, None, None, None, None, None) if ModuleAPI.can_write(module_name): admin_revision.title = 'Er is geen admin handleiding beschikbaar voor ' +\ module_name if ModuleAPI.can_write('page'): admin_revision.content = 'Voeg ' +\ '<a href="/edit/guides/admin/' + module_name + '"> hier </a>' +\ ' een admin handleiding toe.' else: admin_revision.content = '' else: admin_revision.title = '' admin_revision.content = '' else: admin_revision = admin_guide.get_latest_revision() if ModuleAPI.can_write('page') and\ ModuleAPI.can_write(module_name): admin_revision.title += '<a href="/edit/guides/admin/' + module_name +\ '"> (bewerk) </a>' return admin_revision
def get_current_user_guide(): module_name = request.blueprint """ Get the user guide for a specific module """ user_guide = Page.get_by_path('guides/user/' + module_name) if not user_guide: user_revision = PageRevision(None, None, None, None, None, None, None) user_revision.title = 'Er is geen user handleiding beschikbaar voor ' +\ module_name if ModuleAPI.can_write('page') and\ ModuleAPI.can_write(module_name): user_revision.content = 'Voeg ' +\ '<a href="/edit/guides/user/' + module_name + '"> hier </a>' +\ ' een user handleiding toe.' else: user_revision.content = '' else: user_revision = user_guide.get_latest_revision() if ModuleAPI.can_write('page') and\ ModuleAPI.can_write(module_name): user_revision.title += '<a href="/edit/guides/user/' + module_name +\ '"> (bewerk) </a>' return user_revision
def delete(entry_id, inc_page=0): if not ModuleAPI.can_write('navigation'): return abort(403) if inc_page and not ModuleAPI.can_write('page'): flash(_('You do not have rights to remove pages')) return abort(403) entry = db.session.query(NavigationEntry).filter_by(id=entry_id).first() if not entry: abort(404) if not entry.parent: if entry.children.count() > 0: flash('Deze item heeft nog subitems.', 'danger') return redirect(url_for('navigation.edit', entry_id=entry.id)) if inc_page: if entry.external or entry.activity_list: flash('Deze item verwijst niet naar een pagina op deze website.', 'danger') else: path = entry.url.lstrip('/') if PageAPI.remove_page(path): flash('De pagina is verwijderd.', 'success') else: flash('De te verwijderen pagina kon niet worden gevonden.', 'danger') db.session.delete(entry) db.session.commit() flash('De navigatie-item is verwijderd.', 'success') return redirect(url_for('navigation.view'))
def delete(path): if not ModuleAPI.can_write('page'): return abort(403) page = Page.get_by_path(path) if not page: flash(_('The page you tried to delete does not exist.'), 'danger') return redirect(url_for('page.get_page', path=path)) abort(404) rev = page.get_latest_revision() class DeleteForm(Form): title = StringField(_('Page title')) form = DeleteForm(request.form) if form.validate_on_submit(): if rev.title == form.title.data: db.session.delete(page) db.session.commit() flash(_('The page has been deleted'), 'success') return redirect(url_for('home.home')) else: flash(_('The given title does not match the page title.'), 'warning') else: flash_form_errors(form) return render_template('page/delete.htm', rev=rev, form=form)
def admin_vote(): if not ModuleAPI.can_write('elections'): return abort(403) rp = db.engine.execute('SELECT a.*, (SELECT COUNT(*) FROM dvhj_vote b ' 'WHERE b.nominee_id=a.id) AS votes ' 'FROM dvhj_nominee a WHERE a.valid=1 ' 'ORDER BY votes DESC;') nominees = [] def nomi(row): return {'id': row[0], 'created': row[1], 'modified': row[2], 'name': row[3], 'valid': row[4], 'votes': row[5]} while True: row = rp.fetchone() if row is None: break nominees.append(nomi(row)) return render_template('elections/admin_vote.htm', title='Docent van het jaar IW/Stemmen/Admin', nominees=nominees)
def remove_avatar(user_id=None): user = User.query.get(user_id) if not ModuleAPI.can_write('user') and\ (current_user.is_anonymous or current_user.id != user_id): return abort(403) UserAPI.remove_avatar(user) return redirect(url_for('user.view_single', user_id=user_id))
def has_paid(submit_id=None): response = "success" if not ModuleAPI.can_write('custom_form') or current_user.is_anonymous: return abort(403) # Test if user already signed up submission = CustomFormResult.query.filter( CustomFormResult.id == submit_id ).first() if not submission: response = "Error, submission could not be found" # Adjust the "has_paid" if submission.has_paid: submission.has_paid = False else: submission.has_paid = True db.session.add(submission) db.session.commit() copernica_data = { "Betaald": "Ja" if submission.has_paid else "Nee", } copernica.update_subprofile(copernica.SUBPROFILE_ACTIVITY, submission.owner_id, submission.form_id, copernica_data) return response
def create_challenge(challenge_id=None): if not ModuleAPI.can_write('challenge'): abort(403) # Gather all arguments if request.args.get('parent_id'): parent_id = request.args.get('parent_id') else: return "Error, no 'parent_id' given" if request.args.get('name'): name = request.args.get('name') else: return "Error, no 'name' given" if request.args.get('description'): description = request.args.get('description') else: return "Error, no 'description' given" if request.args.get('type'): type = request.args.get('type') else: return "Error, no 'type' given" if request.args.get('start_date'): start_date = datetime.datetime.strptime(request.args.get('start_date'), '%Y-%m-%d').date() else: return "Error, no 'start_date' given" if request.args.get('end_date'): end_date = datetime.datetime.strptime(request.args.get('end_date'), '%Y-%m-%d').date() else: return "Error, no 'end_date' given" if request.args.get('answer'): answer = request.args.get('answer') else: return "Error, no 'answer' given" if request.args.get('weight'): weight = request.args.get('weight') else: return "Error, no 'weight' given" if request.args.get('hint'): hint = request.args.get('hint') else: return "Error, no 'hint' given" # Check if the name of the challenge is unique if ChallengeAPI.challenge_exists(name): return "Error, challenge with name '" + name + "' already exists" return ChallengeAPI.create_challenge(name, description, hint, start_date, end_date, parent_id, weight, type, answer)
def reorder(): if not ModuleAPI.can_write('navigation'): return abort(403) entries = json.loads(request.form['entries']) NavigationAPI.order(entries, None) return ""
def fetch_all(): if not ModuleAPI.can_write('challenge'): abort(403) challenges = ChallengeAPI.fetch_all_challenges() return jsonify(challenges=[challenge.serialize for challenge in challenges])
def view_single(user_id=None): if user_id is None: if current_user.is_authenticated: return redirect(url_for('user.view_single', user_id=current_user.id)) return redirect(url_for('user.view')) can_read = False can_write = False # Only logged in users can view profiles if current_user.is_anonymous: return abort(403) # Unpaid members cannot view other profiles if current_user.id != user_id and not current_user.has_paid: return abort(403) # A user can always view his own profile if current_user.id == user_id: can_write = True can_read = True # group rights if ModuleAPI.can_read('user'): can_read = True if ModuleAPI.can_write('user'): can_write = True can_read = True user = User.query.get_or_404(user_id) user.avatar = UserAPI.avatar(user) user.groups = UserAPI.get_groups_for_user_id(user) user.groups_amount = user.groups.count() if "gravatar" in user.avatar: user.avatar = user.avatar + "&s=341" # Get all activity entrees from these forms, order by start_time of # activity. activities = Activity.query.join(CustomForm).join(CustomFormResult).\ filter(CustomFormResult.owner_id == user_id and CustomForm.id == CustomFormResult.form_id and Activity.form_id == CustomForm.id) user.activities_amount = activities.count() new_activities = activities\ .filter(Activity.end_time > datetime.today()).distinct()\ .order_by(Activity.start_time) old_activities = activities\ .filter(Activity.end_time < datetime.today()).distinct()\ .order_by(Activity.start_time.desc()) return render_template('user/view_single.htm', user=user, new_activities=new_activities, old_activities=old_activities, can_read=can_read, can_write=can_write)
def edit_seo(): # TODO CHANGE THIS TO SEO if not ModuleAPI.can_write('seo'): return abort(403) module = request.args['module'] path = request.args['path'] seo = SeoAPI.get_seo(module, path) # Retrieve form info. form = SeoForm(request.form, seo) # On Seo submit (edit or create) if form.validate_on_submit(): if seo: # Edit the seo entry seo.nl_title = form.nl_title.data.strip() seo.en_title = form.en_title.data.strip() seo.nl_description = form.nl_description.data.strip() seo.en_description = form.en_description.data.strip() seo.nl_tags = form.nl_tags.data.strip() seo.en_tags = form.en_tags.data.strip() print("SEO") db.session.add(seo) db.session.commit() if not seo: # Get seo resources to indentify the seo in the database. res = SeoAPI.get_resources(module, path) # Create the new seo entry seo = SEO(res['page'], res['page_id'], res['activity'], res['activity_id'], res['url'], form.nl_title.data.strip(), form.en_title.data.strip(), form.nl_description.data.strip(), form.en_description.data.strip(), form.nl_tags.data.strip(), form.en_tags.data.strip()) print(vars(seo)) db.session.add(seo) db.session.commit() flash(_('The seo settings have been saved'), 'success') # redirect newly created page return redirect(url_for('page.get_page', path=path)) else: flash_form_errors(form) return render_template('seo/edit_seo.htm', form=form)
def delete(location_id): """Delete a location.""" if not ModuleAPI.can_write('location'): return abort(403) location = Location.query.get_or_404(location_id) db.session.delete(location) db.session.commit() flash(_('Location deleted.'), 'success') return redirect(url_for('location.list'))
def list(page_nr=1, search=None): if not ModuleAPI.can_read('vacancy'): return abort(403) # Order the vacancies in such a way that vacancies that are new # or almost expired, end up on top. order = func.abs( (100 * (func.datediff(Vacancy.start_date, func.current_date()) / func.datediff(Vacancy.start_date, Vacancy.end_date))) - 50) if search is not None: vacancies = Vacancy.query.join(Company). \ filter(or_(Vacancy.title.like('%' + search + '%'), Company.name.like('%' + search + '%'), Vacancy.workload.like('%' + search + '%'), Vacancy.contract_of_service.like('%' + search + '%'))) \ .order_by(order.desc()) if not ModuleAPI.can_write('vacancy'): vacancies = vacancies.filter( and_(Vacancy.start_date < datetime.utcnow(), Vacancy.end_date > datetime.utcnow())) vacancies = vacancies.paginate(page_nr, 15, False) return render_template('vacancy/list.htm', vacancies=vacancies, search=search, path=FILE_FOLDER, title="Vacatures") if ModuleAPI.can_write('vacancy'): vacancies = Vacancy.query.join(Company).order_by(order.desc()) else: vacancies = Vacancy.query.order_by(order.desc()) \ .filter(and_(Vacancy.start_date < datetime.utcnow(), Vacancy.end_date > datetime.utcnow())) vacancies = vacancies.paginate(page_nr, 15, False) return render_template('vacancy/list.htm', vacancies=vacancies, search="", path=FILE_FOLDER, title="Vacatures")
def delete(contact_id): """Delete a contact.""" if not ModuleAPI.can_write('contact'): return abort(403) contact = Contact.query.get_or_404(contact_id) db.session.delete(contact) db.session.commit() flash(_('Contact person deleted.'), 'success') return redirect(url_for('contact.list'))
def validate_nominate(): if not ModuleAPI.can_write('elections'): return jsonify(error='Hey, dit mag jij helemaal niet doen!'), 403 nominee = Nominee.query.get(request.form.get('id')) valid = request.form.get('valid') == 'true' nominee.valid = valid db.session.commit() return jsonify()
def delete(vacancy_id=None): """Delete a vacancy.""" if not ModuleAPI.can_write('vacancy'): return abort(403) vacancy = Vacancy.query.get_or_404(vacancy_id) db.session.delete(vacancy) db.session.commit() flash(_('Vacancy deleted'), 'success') return redirect(url_for('vacancy.list'))
def add_users(group_id, page_nr=1): if not (ModuleAPI.can_write("group")): return abort(403) group = Group.query.filter(Group.id == group_id).first() if not group: flash("There is no such group.", "danger") return redirect(url_for("group.view")) return render_template("group/add_users.htm", group=group, title="Add users")
def delete(redirect_id): if not ModuleAPI.can_write('redirect'): return abort(403) redirection = Redirect.query.get_or_404(redirect_id) db.session.delete(redirection) db.session.commit() flash('De omleiding is succesvol verwijderd.') return redirect(url_for('redirect.view'))
def commit_task_to_db(name, content, group_id, filled_in_users, line, minute_id, status): """ Enter task into the database. Return succes (boolean), message (string). Message is the new task.id if succes is true, otherwise it contains an error message. """ if not ModuleAPI.can_write('pimpy'): return abort(403) if group_id == 'all': return False, "Groep kan niet 'All' zijn" group = Group.query.filter(Group.id == group_id).first() if group is None: return False, "Er is niet een groep die voldoet opgegeven." users, message = PimpyAPI.get_list_of_users_from_string( group_id, filled_in_users) if not users: return False, message if minute_id <= 0: minute_id = 1 group_id = int(group_id) task = Task.query.filter( Task.title == name, Task.content == content, Task.group_id == group_id).first() if task: return False, "Deze taak bestaat al in de database" else: task = Task(name, content, group_id, users, minute_id, line, status) db.session.add(task) db.session.commit() # Add task to Copernica # for user in users: # copernica_data = { # "viaductID": task.base32_id(), # "Actiepunt": task.title, # "Status": task.get_status_string(), # "Groep": task.group.name, # } # copernica.add_subprofile( # copernica.SUBPROFILE_TASK, user.id, copernica_data) return True, task.id
def unarchive(form_id, page_nr=1): if not ModuleAPI.can_write('custom_form') or current_user.is_anonymous: return abort(403) form = CustomForm.query.get_or_404(form_id) form.archived = False db.session.commit() flash('Formulier gede-archiveerd', 'success') return redirect(url_for('custom_form.view', page_nr=page_nr))
def fetch_question(): if not ModuleAPI.can_write('challenge'): abort(403) # Gather all arguments if request.args.get('challenge_id'): challenge_id = request.args.get('challenge_id') else: return "Error, no 'challenge_id' given" challenge = ChallengeAPI.fetch_challenge(challenge_id) return jsonify(challenges=challenge.serialize)
def api_delete_user(): if not ModuleAPI.can_write('user'): return abort(403) user_ids = request.get_json()['selected_ids'] del_users = User.query.filter(User.id.in_(user_ids)).all() for user in del_users: db.session.delete(user) db.session.commit() return json.dumps({'status': 'success'})
def upload(page_nr=1): """Upload a file.""" if not ModuleAPI.can_write('file'): return abort(403) new_file_name = request.files['file'] new_file = FileAPI.upload(new_file_name) files = File.query.filter_by(page=None).order_by(File.name)\ .paginate(page_nr, 30, False) form = FileForm() return render_template('files/list.htm', **locals())
def edit(summary_id): if not ModuleAPI.can_write('summary', True): session['prev'] = 'summary.edit_summary' return abort(403) summary = Summary.query.get(summary_id) if not summary: flash(_('Summary could not be found.'), 'danger') return redirect(url_for('summary.view')) session['summary_edit_id'] = summary_id form = EditForm(request.form, summary) courses = Course.query.order_by(Course.name).all() educations = Education.query.order_by(Education.name).all() form.course.choices = [(c.id, c.name) for c in courses] form.education.choices = [(e.id, e.name) for e in educations] if request.method == 'POST': if form.validate_on_submit(): file = request.files['summary'] summary.title = form.title.data summary.course_id = form.course.data summary.education_id = form.education.data summary.date = form.date.data new_path = upload_file_real(file, summary.path) if new_path: summary.path = new_path elif new_path is None: flash(_('Wrong format summary.'), 'danger') if not new_path: flash(_('Old summary preserved.'), 'info') db.session.commit() flash(_('Summary succesfully changed.'), 'success') return redirect(url_for('summary.edit', summary_id=summary_id)) else: flash_form_errors(form) path = '/static/uploads/summaries/' return render_template( 'summary/edit.htm', path=path, summary=summary, courses=courses, educations=educations, new_summary=False, form=form)
def contest_submissions_view(contest_id, team_id=None): # Use DOMjudge team id so the pages also support non via_user teams if team_id and not ModuleAPI.can_write('domjudge'): return abort(403) session = DOMjudgeAPI.login(DOMJUDGE_ADMIN_USERNAME, DOMJUDGE_ADMIN_PASSWORD) if not team_id: team_id = DOMjudgeAPI.get_teamid_for_userid( current_user.id, 3, session) return render_contest_submissions_view(contest_id, team_id=team_id)
def group_api_add_users(group_id): if not (ModuleAPI.can_write("group")): return abort(403) group = Group.query.get(group_id) user_ids = request.get_json()["selected_ids"] add_users = User.query.filter(User.id.in_(user_ids)).all() for user in add_users: group.add_user(user) db.session.add(group) db.session.commit() return "testestetsetset", 200
def remove_activity(activity_id=0): if not ModuleAPI.can_write('activity'): return abort(403) # Get activity activity = Activity.query.filter(Activity.id == activity_id).first() # Remove the event from google calendar google.delete_activity(activity.google_event_id) # Remove it db.session.delete(activity) db.session.commit() return redirect(url_for('activity.view'))
def get_courses(): if not ModuleAPI.can_write('examination', True): return abort(403) courses = Course.query.all() courses_list = [] for course in courses: courses_list.append( [course.id, course.name, course.description if course.description != "" else "N/A" ]) return json.dumps({"data": courses_list})
def edit_task(task_id, name, content, group_id, filled_in_users, line): """ Return succes (boolean), message (string). Message is irrelevant if succes is true, otherwise it contains what exactly went wrong. In case of succes the task is edited in the database. """ if not ModuleAPI.can_write('pimpy'): return abort(403) if task_id == -1: return False, "Geen taak ID opgegeven." task = Task.query.filter(Task.id == task_id).first() users, message = PimpyAPI.get_list_of_users_from_string( group_id, filled_in_users) if not users: return False, message if name: task.title = name if content: task.content = content if group_id: task.group_id = group_id if line: task.line = line if users: task.users = users # if status: # task.status = status db.session.commit() # for user in users: # copernica_data = { # "Actiepunt": task.title, # "Status": task.get_status_string(), # } # copernica.update_subprofile(copernica.SUBPROFILE_TASK, # user.id, task.base32_id(), # copernica_data) return True, "Taak bewerkt."