def reserve_boat():
form = ReservationForm()
if not ("admin" in current_user.roles() or "club" in current_user.roles()):
del form.boats
return render_template("reservations/show_reservationform.html",
form = form,
form_action = url_for("make_reservation"),
button_text = "Reserve boat")
def bookings_update(booking_id):
b = Booking.query.get(booking_id)
if not b:
return render_template("404.html", res_type="booking"), 404
if ((b.start_dt <= dt.utcnow() and ADMIN not in current_user.roles())
or b.id not in [b.id for b in Booking.get_allowed_by_account()]):
return login_manager.unauthorized()
old_b = copy.deepcopy(b)
form = BookingFormUpdate(request.form)
if not form.validate():
return render_template("bookings/update.html", booking=b, form=form)
for field in [form.account, form.resource]:
if field.data:
setattr(b, field.name, field.data)
b.start_dt = dt.combine(form.start_date.data, form.start_time.data)
b.end_dt = dt.combine(form.end_date.data, form.end_time.data)
if b.start_dt < dt.utcnow() and ADMIN not in current_user.roles():
form.start_date.errors.append(msg_past)
form.start_time.errors.append(msg_past)
return render_template("bookings/update.html",
booking=old_b,
form=form)
if b.start_dt >= b.end_dt:
for field in [form.start_date, form.start_time]:
if field:
field.errors.append(msg_start)
for field in [form.end_date, form.end_time]:
if field:
field.errors.append(msg_end)
return render_template("bookings/update.html",
booking=old_b,
form=form)
if not Booking.is_free_time_slot(b):
for field in [
form.resource, form.start_date, form.start_time, form.end_date,
form.end_time
]:
field.errors.extend(
[msg_free_rts_1(form.resource.data), msg_free_rts_2])
return render_template("bookings/update.html",
booking=old_b,
form=form)
b.calculate_price()
db.session().commit()
return redirect(url_for("bookings_single", booking_id=b.id))
def delete_thread(thread_id):
thread = Thread.query.get(thread_id)
print(current_user.roles())
if not (thread.user_id == current_user.id
or "ADMIN" in current_user.roles()):
return login_manager.unauthorized()
db.session.delete(thread)
db.session().commit()
return redirect(url_for("boards_index"))
def show_reservation(reservation_id):
reservation = Reservation.query.get(reservation_id)
if reservation.user_id != current_user.id or reservation.ending_time < datetime.now():
return redirect(url_for("calendar_index"))
form = ReservationForm(obj=reservation, boats = reservation.number_of_boats())
if not ("admin" in current_user.roles() or "club" in current_user.roles()):
del form.boats
return render_template("reservations/show_reservationform.html",
form = form,
form_action = url_for("modify_reservation", reservation_id=reservation_id),
button_text = "Save changes")
def validate_form(form, form_action, button_text):
if not ("admin" in current_user.roles() or "club" in current_user.roles()):
del form.boats
if not form.validate():
return ""
starting = datetime.combine(form.starting_date.data, form.starting_time.data)
ending = datetime.combine(form.ending_date.data, form.ending_time.data)
message = validate_reservation_times(starting, ending)
if not message == "Clear":
return message
return "Clear"
def bookings_create():
form = BookingFormCreate(request.form)
if not form.validate():
return render_template("bookings/new.html", form=form)
start_dt = dt.combine(form.start_date.data, form.start_time.data)
end_dt = dt.combine(form.end_date.data, form.end_time.data)
if start_dt < dt.utcnow() and ADMIN not in current_user.roles():
form.start_date.errors.append(msg_past)
form.start_time.errors.append(msg_past)
return render_template("bookings/new.html", form=form)
if start_dt >= end_dt:
form.start_date.errors.append(msg_start)
form.start_time.errors.append(msg_start)
form.end_date.errors.append(msg_end)
form.end_time.errors.append(msg_end)
return render_template("bookings/new.html", form=form)
b = Booking(form.account.data.id, form.resource.data.id, start_dt, end_dt)
if not Booking.is_free_time_slot(b):
for field in [
form.resource, form.start_date, form.start_time, form.end_date,
form.end_time
]:
field.errors.extend(
[msg_free_rts_1(form.resource.data), msg_free_rts_2])
return render_template("bookings/new.html", form=form)
db.session().add(b)
db.session().commit()
return redirect(url_for("bookings_single", booking_id=b.id))
def cc_only():
if current_user.is_authenticated:
if "ADMIN" in current_user.roles():
print("------IS ADMIN!")
return render_template("colorcode/listwdelete.html", items = Colorcode.cc_iterable(), form = CodeSearchForm())
return render_template("colorcode/listccptype.html", items = Colorcode.cc_iterable(), form = CodeSearchForm())
def decorated_view(*args, **kwargs):
if not current_user:
return login_manager.unauthorized()
if not current_user.is_authenticated:
return login_manager.unauthorized()
# If somebody manages bypass login with this user id created because of adding default categories.
if current_user.get_id == 0:
return login_manager.unauthorized()
unauthorized = False
if role != "ANY":
unauthorized = True
for user_role in current_user.roles():
if user_role == role:
unauthorized = False
break
if unauthorized:
return login_manager.unauthorized()
return fn(*args, **kwargs)
def make_reservation():
form = ReservationForm(request.form)
message = validate_form(form,
form_action = url_for("make_reservation"),
button_text = "Reserve boat")
if message != "Clear":
return render_template("reservations/show_reservationform.html",
form = form,
form_action = url_for("make_reservation"),
button_text = "Reserve boat",
error = message)
if ("admin" in current_user.roles() or "club" in current_user.roles()):
number_of_boats = form.boats.data
else:
count_users_reservations = Reservation.count_reserved_boats_for_user(datetime.now(),
datetime.now() + timedelta(days = 365),
user_id = current_user.id)
if count_users_reservations >= 4:
return render_template("reservations/show_reservationform.html",
form = form,
form_action = url_for("make_reservation"),
button_text = "Reserve boat",
error = "You can only have 4 reservations")
number_of_boats = 1
starting = datetime.combine(form.starting_date.data, form.starting_time.data)
ending = datetime.combine(form.ending_date.data, form.ending_time.data)
available_boats = Boat.available_boats(starting, ending)
if len(available_boats) < number_of_boats:
return render_template("reservations/show_reservationform.html",
form = form,
form_action = url_for("make_reservation"),
button_text = "Reserve boat",
error = "Not enough boats available for this time, only " +
str(len(available_boats)) + " boats available")
reservation = Reservation(starting, ending, current_user.id)
for i in range(number_of_boats):
reservation.boats_reserved.append(Boat.query.get(available_boats[i]))
db.session().add(reservation)
db.session().commit()
return redirect(url_for("calendar_index"))
def events_edit(event_id):
def get_booked_rooms():
rooms = Room.query.all()
for room in rooms:
eventRoom = EventRoom.query.filter_by(event_id=event_id).filter_by(
room_id=room.id).first()
if eventRoom is not None:
room.booked = "checked"
if eventRoom.privateEvent is True:
room.private = "checked"
else:
room.private = ""
else:
room.booked = ""
room.private = ""
return rooms
e = Event.query.get(event_id)
if e.accountId != current_user.id and 'ADMIN' not in current_user.roles():
flash("You are not authorized to remove others events.")
return redirect(url_for("events_list"))
form = EventForm(request.form)
if request.method == "POST":
if not form.validate():
flash('Validation error: please check all fields')
return render_template("calendar/events/edit.html",
form=EventForm(),
e=Event.query.get(event_id),
rooms=get_booked_rooms())
EventRoom.query.filter_by(event_id=event_id).delete()
e.id = form.event_id.data
e.name = form.name.data
e.start_time = form.start_time.data
e.end_time = form.end_time.data
e.description = form.description.data
e.responsible = form.responsible.data
e.accountId = current_user.id # TODO use the original user ID
for roomId in form.roomsBooked.data:
if roomId in form.privateReserve.data:
er = EventRoom(e.id, roomId, 1)
else:
er = EventRoom(e.id, roomId, 0)
db.session().add(er)
try:
db.session().commit()
except IntegrityError:
flash('There is something wrong ! Please check the form !')
db.session.rollback()
return render_template("calendar/events/edit.html",
form=EventForm(),
e=Event.query.get(event_id),
rooms=get_booked_rooms())
return redirect(url_for("events_index"))
else:
return render_template("calendar/events/edit.html",
form=EventForm(),
e=Event.query.get(event_id),
rooms=get_booked_rooms())
def modify_reservation(reservation_id):
form = ReservationForm(request.form)
reservation = Reservation.query.get(reservation_id)
if reservation.user_id != current_user.id or reservation.ending_time < datetime.now():
return redirect(url_for("calendar_index"))
message = validate_form(form,
form_action = url_for("modify_reservation", reservation_id=reservation_id),
button_text = "Save changes")
if message != "Clear":
return render_template("reservations/show_reservationform.html",
reservation = reservation,
form = form,
form_action = url_for("modify_reservation", reservation_id=reservation_id),
button_text = "Save changes",
error = message)
if ("admin" in current_user.roles() or "club" in current_user.roles()):
number_of_boats = form.boats.data
else:
number_of_boats = 1
starting = datetime.combine(form.starting_date.data, form.starting_time.data)
ending = datetime.combine(form.ending_date.data, form.ending_time.data)
available_boats = Boat.available_boats_for_changing_reservation(starting, ending, reservation.id)
if len(available_boats) < number_of_boats:
return render_template("reservations/show_reservationform.html",
reservation = reservation,
form = form,
form_action = url_for("modify_reservation", reservation_id=reservation_id),
button_text = "Save changes",
error = "Not enough boats available for this time, only " +
str(len(available_boats)) + " boats available")
reservation.update(starting, ending)
reservation.boats_reserved = []
for i in range(number_of_boats):
reservation.boats_reserved.append(Boat.query.get(available_boats[i]))
db.session().add(reservation)
db.session().commit()
return redirect(url_for("calendar_index"))
def events_delete(event_id):
e = Event.query.get(event_id)
if e.accountId != current_user.id and 'ADMIN' not in current_user.roles():
flash("You are not authorized to remove others events.")
return redirect(url_for("events_list"))
EventRoom.query.filter_by(event_id=event_id).delete()
Event.query.filter_by(id=event_id).delete()
db.session().commit()
return redirect(url_for("events_list"))
def decorated_view(*args, **kwargs):
if current_user.is_authenticated:
for bettor_role in current_user.roles():
if role == "ANY" or role == bettor_role:
return fn(*args, **kwargs)
flash("You are not authorized to use this functionality")
return login_manager.unauthorized()
else:
return login_manager.unauthorized()
def decorated_view(*args, **kwargs):
if not (current_user and current_user.is_authenticated):
return login_manager.unauthorized()
acceptable_roles = set(("ANY", *current_user.roles()))
if role not in acceptable_roles:
return login_manager.unauthorized()
return func(*args, **kwargs)
def decorated_view(*args, **kwargs):
if not current_user.is_authenticated:
return login_manager.unauthorized()
if not any(role in s
for s in current_user.roles(current_user.email)):
return login_manager.unauthorized()
return fn(*args, **kwargs)
def items_delete(item_id):
owned = Item.query.filter(Item.id == item_id,
Item.account_id == current_user.id).first()
if owned or "ADMIN" in current_user.roles():
item = Item.query.get(item_id)
db.session.delete(item)
db.session().commit()
return redirect(url_for("index"))
def bookings_delete_ask(booking_id):
b = Booking.query.get(booking_id)
if not b:
return render_template("404.html", res_type="booking"), 404
if ((b.start_dt <= dt.utcnow() and ADMIN not in current_user.roles())
or b.id not in [b.id for b in Booking.get_allowed_by_account()]):
return login_manager.unauthorized()
return render_template("bookings/delete.html", booking=b)
def decorated_view(*args, **kwargs):
if not current_user:
return login_manager.unauthorized()
if not current_user.is_authenticated:
return login_manager.unauthorized()
unauthorized = False
print(current_user.roles())
print(role)
if role != "ANY":
unauthorized = True
if current_user.roles() == role:
unauthorized = False
if unauthorized:
return login_manager.unauthorized()
return fn(*args, **kwargs)
def decorated_view(*args, **kwargs):
roles = current_user.roles()
if not current_user:
return login_manager.unauthorized()
if not current_user.is_authenticated:
return login_manager.unauthorized()
unauthorized = False
if role == role:
unauthorized = True
for user_role in current_user.roles():
if user_role == role or user_role == "A":
unauthorized = False
break
if unauthorized:
return login_manager.unauthorized()
return fn(*args, **kwargs)
def message_edit_form(message_id):
f = MessageForm()
m = Message.query.get(message_id)
if current_user.id != m.account_id and not current_user.roles(
).__contains__("ADMIN"):
return login_manager.unauthorized()
f.subject.default = m.subject
f.body.default = m.body
f.process()
return render_template("messages/edit.html", form=f, m=m)
def module_take(cid=None):
if cid == None:
if Professors.query.get(current_user.id):
cid = Professors.query.get(current_user.id).cid
else:
abort(404)
mod = Courses.query.get_or_404(cid)
if request.method == 'POST':
if request.form['btn'] == 'Accept':
sid = request.form['sid']
student = TakenCourses.query.get([sid, cid])
student.is_pending = False
db.session.commit()
flash(f'{Students.query.get(sid).info.name} is now enrolled into {mod.cid} {mod.cname}!', 'success')
elif request.form['btn'] == 'Reject':
sid = request.form['sid']
student = TakenCourses.query.get([sid, cid])
db.session.delete(student)
db.session.commit()
flash(f'{Students.query.get(sid).info.name} is rejected from {mod.cid} {mod.cname}!', 'warning')
return redirect(url_for('module_take', cid=cid))
if not Professors.query.filter_by(cid=cid).first():
abort(404)
is_student, is_ta, is_prof = (False for i in range(3))
if (TakenCourses.query.filter_by(sid=current_user.id, cid=cid, year=cur_year, sem=cur_sem, is_pending=False).first()):
is_student = True
if 'Professor' in current_user.roles() and Professors.query.get(current_user.id).cid==cid:
is_prof = True
if 'TA' in current_user.roles() and TeachingAssistants.query.filter_by(sid=current_user.id, is_ta=True).first().cid==cid:
is_ta = True
if is_student or is_prof or is_ta:
prof = Professors.query.filter_by(cid=cid).first()
groups = Groups.query.filter_by(pid=prof.pid).all()
students = TakenCourses.query.filter_by(cid=cid, year=cur_year, sem=cur_sem, is_pending=False).all()
requests = TakenCourses.query.filter_by(cid=cid, year=cur_year, sem=cur_sem, is_pending=True).all()
return render_template('module_take.html', title=cid + ' ' + mod.cname, mod=mod, students=students, groups=groups, Groups=Groups, \
groupinfo=GroupInfo, prof=prof, requests=requests, is_student=is_student, is_ta=is_ta, is_prof=is_prof, year=cur_year, sem=cur_sem)
else:
abort(403)
def bookings_delete(booking_id):
b = Booking.query.get(booking_id)
if not b:
return render_template("404.html", res_type="booking"), 404
if ((b.start_dt <= dt.utcnow() and ADMIN not in current_user.roles())
or b.id not in [b.id for b in Booking.get_allowed_by_account()]):
return login_manager.unauthorized()
db.session.delete(b)
db.session.commit()
return redirect(url_for("bookings_list"))
def edit_thread(thread_id):
thread = Thread.query.get(thread_id)
if not (thread.user_id == current_user.id
or "ADMIN" in current_user.roles()):
return login_manager.unauthorized()
if request.method == "GET":
return render_template("threads/edit.html",
form=ThreadForm(),
thread=thread)
thread.title = request.form.get("title")
db.session().commit()
return redirect(url_for("view_thread", thread_id=thread_id))
def bookings_form_update(booking_id):
b = Booking.query.get(booking_id)
if not b:
return render_template("404.html", res_type="booking"), 404
if ((b.start_dt <= dt.utcnow() and ADMIN not in current_user.roles())
or b.id not in [b.id for b in Booking.get_allowed_by_account()]):
return login_manager.unauthorized()
form = BookingFormUpdate()
form.account.data = b.account
form.resource.data = b.resource
form.start_date.data = b.start_dt.date()
form.start_time.data = b.start_dt.time()
form.end_date.data = b.end_dt.date()
form.end_time.data = b.end_dt.time()
return render_template("bookings/update.html", booking=b, form=form)
def decorated_view(*args, **kwargs):
if not current_user:
return login_manager.unauthorized()
if not current_user.is_authenticated:
return login_manager.unauthorized()
unauthorized = False
if role != "any":
unauthorized = True
if role in current_user.roles():
unauthorized = False
if unauthorized:
return login_manager.unauthorized()
return fn(*args, **kwargs)
def communities_create():
form = CommunityFormCreate(request.form)
if not form.validate():
return render_template("communities/new.html", form=form)
c = Community(form.address.data)
try:
db.session().add(c)
db.session().commit()
except exc.SQLAlchemyError as e:
db.session().rollback()
msg = "This address is already taken, please choose another one."
form.address.errors.append(msg)
return render_template("communities/new.html", form=form)
if current_user.is_authenticated and ADMIN in current_user.roles():
return redirect(url_for("communities_single", community_id=c.id))
return redirect(url_for("communities_list"))
def decorated_view(*args, **kwargs):
if not current_user:
return login_manager.unauthorized()
if not current_user.is_authenticated:
return login_manager.unauthorized()
unauthorized = False
if accepted_roles != "ANY":
unauthorized = True
for user_role in current_user.roles():
for role in accepted_roles:
if user_role.name == role:
unauthorized = False
break
if unauthorized:
return login_manager.unauthorized()
return fn(*args, **kwargs)
def decorated_view(*args, **kwargs):
if not current_user:
return login_manager.unauthorized()
if not current_user.is_authenticated:
return login_manager.unauthorized()
unauthorized = False
if "ANY" not in roles:
unauthorized = True
for user_role in current_user.roles():
if user_role in roles:
unauthorized = False
break
if unauthorized:
flash('Sinulla ei ole oikeuksia käyttää tätä toiminnallisuutta.')
return redirect(url_for('index'))
return fn(*args, **kwargs)
def decorated_view(*args, **kwargs):
if not current_user:
return login_manager.unauthorized()
if not current_user.is_authenticated:
return login_manager.unauthorized()
unauthorized = False
if "ANY" not in roles:
unauthorized = True
for user_role in current_user.roles():
if user_role in roles:
unauthorized = False
break
if unauthorized:
flash('You do not have permission to use this functionality.')
return redirect(url_for('index'))
return fn(*args, **kwargs)
def decorated_view(*args, **kwargs):
if not current_user:
return login_manager.unauthorized()
if not current_user.is_authenticated:
return login_manager.unauthorized()
unauthorized = False
if role != "ANY":
unauthorized = True
for user_role in current_user.roles():
for auth_role in role:
if user_role.lower() == auth_role.lower():
unauthorized = False
break
if unauthorized:
return login_manager.unauthorized()
return fn(*args, **kwargs)
