def filter_hidden_events(query):
"""Update a SQLAlchemy query object with a filter that
removes Event with a status that the current use is not allowed to see
- Moderators can see all events
- Normal users cannot see 'Pending' events
- Activity supervisors can see 'Pending' events for the activities that
they supervise
- Leaders can see the events that they lead
:param query: The original query
:type query: :py:class:`sqlalchemy.orm.query.Query`
:return: The filtered query
:rtype: :py:class:`sqlalchemy.orm.query.Query`
"""
# Display pending events only to relevant persons
if not current_user.is_authenticated:
# Not logged users see no pending event
query = query.filter(Event.status != EventStatus.Pending)
elif current_user.is_moderator():
# Admin see all pending events (no filter)
pass
else:
# Regular user can see non Pending
query_filter = Event.status != EventStatus.Pending
# If user is a supervisor, it can see Pending events of its activities
if current_user.is_supervisor():
# Supervisors can see all sup
activities = current_user.get_supervised_activities()
activities_ids = [a.id for a in activities]
supervised = Event.activity_types.any(
ActivityType.id.in_(activities_ids))
query_filter = or_(query_filter, supervised)
# If user can create event, it can see its pending events
if current_user.can_create_events():
lead = Event.leaders.any(id=current_user.id)
query_filter = or_(query_filter, lead)
# After filter construction, it is applied to the query
query = query.filter(query_filter)
return query
def events():
page = int(request.args.get('page'))
size = int(request.args.get('size'))
# Initialize query
query = Event.query
# Display pending events only to relevant persons
if not current_user.is_authenticated:
# Not logged users see no pending event
query = query.filter(Event.status != EventStatus.Pending)
elif current_user.is_admin():
# Admin see all pending events (no filter)
pass
else:
# Regular user can see non Pending
filter = Event.status != EventStatus.Pending
# If user is a supervisor, it can see Pending events of its activities
if current_user.is_supervisor():
# Supervisors can see all sup
activities = current_user.get_supervised_activities()
activities_ids = [a.id for a in activities]
supervised = Event.activity_types.any(
ActivityType.id.in_(activities_ids))
filter = or_(filter, supervised)
# If user can create event, it can see its pending events
if current_user.can_create_events():
lead = Event.leaders.any(id=current_user.id)
filter = or_(filter, lead)
# After filter construction, it is applied to the query
query = query.filter(filter)
# Process all filters.
# All filter are added as AND
i = 0
while f'filters[{i}][field]' in request.args:
value = request.args.get(f'filters[{i}][value]')
field = request.args.get(f'filters[{i}][field]')
if field == 'activity_type':
filter = Event.activity_types.any(short=value)
if field == 'end':
filter = Event.end >= value
if field == 'status':
filter = Event.status == value
query = query.filter(filter)
# Get next filter
i += 1
# Process first sorter only
if f'sorters[0][field]' in request.args:
sort_field = request.args.get('sorters[0][field]')
sort_dir = request.args.get('sorters[0][dir]')
order = desc(sort_field) if sort_dir == 'desc' else sort_field
query = query.order_by(order)
paginated_events = query.paginate(page, size, False)
data = EventSchema(many=True).dump(paginated_events.items)
response = {'data': data, "last_page": paginated_events.pages}
return json.dumps(response), 200, {'content-type': 'application/json'}
def events():
page = int(request.args.get("page"))
size = int(request.args.get("size"))
# Initialize query
query = Event.query
# Display pending events only to relevant persons
if not current_user.is_authenticated:
# Not logged users see no pending event
query = query.filter(Event.status != EventStatus.Pending)
elif current_user.is_admin():
# Admin see all pending events (no filter)
pass
else:
# Regular user can see non Pending
query_filter = Event.status != EventStatus.Pending
# If user is a supervisor, it can see Pending events of its activities
if current_user.is_supervisor():
# Supervisors can see all sup
activities = current_user.get_supervised_activities()
activities_ids = [a.id for a in activities]
supervised = Event.activity_types.any(
ActivityType.id.in_(activities_ids))
query_filter = or_(query_filter, supervised)
# If user can create event, it can see its pending events
if current_user.can_create_events():
lead = Event.leaders.any(id=current_user.id)
query_filter = or_(query_filter, lead)
# After filter construction, it is applied to the query
query = query.filter(query_filter)
# Process all filters.
# All filter are added as AND
i = 0
while f"filters[{i}][field]" in request.args:
value = request.args.get(f"filters[{i}][value]")
filter_type = request.args.get(f"filters[{i}][type]")
field = request.args.get(f"filters[{i}][field]")
if field == "status":
value = getattr(EventStatus, value)
query_filter = None
if field == "activity_type":
query_filter = Event.activity_types.any(short=value)
elif field == "end":
if filter_type == ">=":
query_filter = Event.end >= current_time()
elif field == "status":
if filter_type == "=":
query_filter = Event.status == value
elif filter_type == "!=":
query_filter = Event.status != value
if query_filter is not None:
query = query.filter(query_filter)
# Get next filter
i += 1
# Process first sorter only
if "sorters[0][field]" in request.args:
sort_field = request.args.get("sorters[0][field]")
sort_dir = request.args.get("sorters[0][dir]")
order = desc(sort_field) if sort_dir == "desc" else sort_field
query = query.order_by(order)
paginated_events = query.paginate(page, size, False)
data = EventSchema(many=True).dump(paginated_events.items)
response = {"data": data, "last_page": paginated_events.pages}
return json.dumps(response), 200, {"content-type": "application/json"}