def post(self):
user = self.current_user
# check if they have valid permissions
if 'administrator' not in user.roles:
self.write({'error': 'insufficient permissions'})
else:
cmd = self.get_argument('cmd', None)
# grant permissions to other users
# sharing is caring
if cmd == 'set_role':
username = self.get_argument('username',
'').replace(' ', '.').lower()
fuser = mask.people_db.query(
mask_model.User).filter_by(username=username).all()
if not fuser:
self.write({'error': 'user does not exist'})
else:
fuser = fuser[0]
if fuser.roles is None:
fuser.roles = ''
# roles are a comma separated list
# so we have to do some funkiness to append and then rejoin that list in the database
roles = fuser.roles.split(', ')
roles.append(self.get_argument('newRole', None))
roles = set(roles)
fuser.roles = ', '.join(roles)
mask.add_or_update(fuser)
self.write({'response': 'success'})
def add_null_view(user, profile):
views = mask.people_db.query(mask_model.ProfileView)\
.filter_by(viewer=user, viewed=profile).all()
if len(views) == 0:
view = mask_model.ProfileView()
view.viewer = user
view.viewed = profile
view.last_viewed = datetime.datetime.now()
view.num_views = 0
mask.add_or_update(view)
def post(self, question_id):
user = self.current_user
authorized = self.get_argument("authorize").upper() == "Y"
if 'askanything' in user.roles or 'administrator' in user.roles:
ask_anything = people_db.query(
ask_anything_model.AskAnything).filter_by(
id=question_id).one()
ask_anything.authorized = authorized
ask_anything.reviewed = True
alchemy.add_or_update(ask_anything)
self.set_status(200)
self.write({"status": "Success"})
else:
self.set_status(401)
self.write({"status": "error", "reason": "Insufficient access"})
def post(self, q_id):
user = self.current_user
votes = people_db.query(ask_anything_model.AskAnythingVote)\
.filter_by(question_id=q_id, voter=user.username).all()
# question = s.query(AskAnythingVote).filter_by(id=q_id).one()
if len(votes) > 0:
for vote in votes:
alchemy.delete_thing(vote)
self.set_status(200)
self.write({"Status": "Success. Vote Removed."})
else:
vote = ask_anything_model.AskAnythingVote()
vote.question_id = q_id
vote.voter = user.username
alchemy.add_or_update(vote)
self.set_status(200)
self.write({"status": "Success. Vote Added"})
def update_views(user, profile, year):
if user and str(user.wwuid) != str(
profile.wwuid) and year == tornado.options.options.current_year:
views = mask.people_db.query(mask_model.ProfileView)\
.filter_by(viewer=user.username, viewed=profile.username).all()
if len(views) == 0:
view = mask_model.ProfileView()
view.viewer = user.username
view.viewed = profile.username
view.last_viewed = datetime.datetime.now()
view.num_views = 1
mask.add_or_update(view)
else:
for view in views:
if (datetime.datetime.now() -
view.last_viewed).total_seconds() > 7200:
view.num_views += 1
view.last_viewed = datetime.datetime.now()
mask.add_or_update(view)
def post(self, wwuid):
"""
Modify roles in the users table, accessible only in a testing environment.
Writes the modified user object.
"""
if not environment['pytest']:
raise exceptions.Forbidden403Exception('Method Forbidden')
else:
user = mask.query_user(wwuid)
if user == list():
exceptions.NotFound404Exception(
'user with specified wwuid not found')
else:
body = self.request.body.decode('utf-8')
body_json = json.loads(body)
user.roles = ','.join(body_json['roles'])
mask.add_or_update(user)
self.set_status(201)
self.write({'user': user.to_json()})
def get(self, wwuid):
user = self.current_user
if user.wwuid == wwuid or 'volunteer' in user.roles:
volunteer = alchemy.query_by_wwuid(volunteer_model.Volunteer, wwuid)
if len(volunteer) == 0:
volunteer = volunteer_model.Volunteer(wwuid=user.wwuid)
volunteer = alchemy.add_or_update(volunteer)
else:
volunteer = volunteer[0]
self.write(volunteer.to_json())
else:
self.write({'error': 'insufficient permissions'})
def post(self):
"""
The verify endpoint for SAML only. This endpoint will
get or create a user's account info and send it back
to the SAML container. It also sets the cookie which
will login the user on the front-end.
"""
# check secret key to ensure this is the SAML conatiner
secret_key = self.get_argument('secret_key', None)
if secret_key != keys["samlEndpointKey"]:
logger.info("Unauthorized Access Attempted")
self.write({'error': 'Unauthorized Access Attempted'})
return
# get the SAML data from the request
employee_id = self.get_argument('employee_id', None)
full_name = self.get_argument('full_name', None)
email_address = self.get_argument('email_address', None)
# check that the data was given in the request
if None in (employee_id, full_name, email_address):
logger.info("AccountHandler: error")
self.write({'error': 'invalid parameters'})
return
# get the user from the database
user = mask.query_user(employee_id)
# create a new user if necessary
if not user:
user = mask_model.User(wwuid=employee_id,
username=email_address.split('@', 1)[0],
full_name=full_name,
status='Student')
mask.add_or_update(user)
# initial view for the new user
add_null_view('null.user', user.username)
# return the new users token and information
token = self.generate_token(user.wwuid)
self.write({'user': user.to_json(), 'token': token})
# set the cookie header in the response
self.set_cookie("token", token, domain='.aswwu.com', expires_days=14)
def __init__(self, wwuid):
self.wwuid = wwuid
profile = mask.query_by_wwuid(mask_model.Profile, wwuid)
user = mask.query_user(wwuid)
if len(profile) == 0:
old_profile = archive.archive_db.query(archives.get_archive_model(get_last_year())).\
filter_by(wwuid=str(wwuid)).all()
new_profile = mask_model.Profile(wwuid=str(wwuid),
username=user.username,
full_name=user.full_name)
if len(old_profile) == 1:
import_profile(new_profile, old_profile[0].export_info())
profile = mask.add_or_update(new_profile)
else:
profile = profile[0]
self.username = user.username
self.full_name = profile.full_name
self.photo = profile.photo
if user.roles:
self.roles = user.roles.split(',')
else:
self.roles = []
self.status = user.status
def post(self, username):
user = self.current_user
if user.username == username or 'administrator' in user.roles:
if user.username != username:
f = open('adminLog', 'w')
f.write(user.username + " is updating the profile of " +
username + "\n")
f.close()
profile = mask.people_db.query(
mask_model.Profile).filter_by(username=str(username)).one()
profile.full_name = bleach.clean(self.get_argument('full_name'))
profile.photo = bleach.clean(self.get_argument('photo', ''))
profile.gender = bleach.clean(self.get_argument('gender', ''))
profile.birthday = bleach.clean(self.get_argument('birthday', ''))
profile.email = bleach.clean(self.get_argument('email', ''))
profile.phone = bleach.clean(self.get_argument('phone', ''))
profile.majors = bleach.clean(self.get_argument('majors', ''))
profile.minors = bleach.clean(self.get_argument('minors', ''))
profile.graduate = bleach.clean(self.get_argument('graduate', ''))
profile.preprofessional = bleach.clean(
self.get_argument('preprofessional', ''))
profile.class_standing = bleach.clean(
self.get_argument('class_standing', ''))
profile.high_school = bleach.clean(
self.get_argument('high_school', ''))
profile.class_of = bleach.clean(self.get_argument('class_of', ''))
profile.relationship_status = bleach.clean(
self.get_argument('relationship_status', ''))
profile.attached_to = bleach.clean(
self.get_argument('attached_to', ''))
profile.quote = bleach.clean(self.get_argument('quote', ''))
profile.quote_author = bleach.clean(
self.get_argument('quote_author', ''))
profile.hobbies = bleach.clean(self.get_argument('hobbies', ''))
profile.career_goals = bleach.clean(
self.get_argument('career_goals', ''))
profile.favorite_books = bleach.clean(
self.get_argument('favorite_books', ''))
profile.favorite_food = bleach.clean(
self.get_argument('favorite_food', ''))
profile.favorite_movies = bleach.clean(
self.get_argument('favorite_movies', ''))
profile.favorite_music = bleach.clean(
self.get_argument('favorite_music', ''))
profile.pet_peeves = bleach.clean(
self.get_argument('pet_peeves', ''))
profile.personality = bleach.clean(
self.get_argument('personality', ''))
profile.privacy = bleach.clean(self.get_argument('privacy', ''))
profile.website = bleach.clean(self.get_argument('website', ''))
if user.status != "Student":
profile.department = bleach.clean(
self.get_argument('department', ''))
profile.office = bleach.clean(self.get_argument('office', ''))
profile.office_hours = bleach.clean(
self.get_argument('office_hours', ''))
mask.add_or_update(profile)
self.write(json.dumps('success'))
else:
self.write({'error': 'invalid permissions'})
def post(self):
ask_anything = ask_anything_model.AskAnything()
ask_anything.question = bleach.clean(self.get_argument("question"))
alchemy.add_or_update(ask_anything)
self.set_status(201)
self.write({"status": "Question Submitted"})
def post(self):
user = self.current_user
# check permissions
if 'volunteer' not in user.roles:
self.write({'error': 'insufficient permissions'})
else:
cmd = self.get_argument('cmd', None)
logger.debug(cmd)
if cmd == 'set_role':
# let volunteer admins grant permissions for other volutneer admins
username = self.get_argument('username', '').replace(' ', '.').lower()
# .ilike is for case insesitive.
fuser = alchemy.people_db.query(mask_model.User).filter(mask_model.User.username.ilike(username)).all()
if not fuser:
self.write({'error': 'user does not exist'})
else:
fuser = fuser[0]
if fuser.roles is None:
fuser.roles = ''
roles = fuser.roles.split(',')
roles.append('volunteer')
roles = set(roles)
fuser.roles = ','.join(roles)
alchemy.add_or_update(fuser)
self.write({'response': 'success'})
elif cmd == 'search' or cmd == 'viewPrintOut':
# searcheth away!
volunteers = alchemy.people_db.query(volunteer_model.Volunteer)
if self.get_argument('campus_ministries', '') == 'on':
volunteers = volunteers.filter_by(campus_ministries=True)
if self.get_argument('student_missions', '') == 'on':
volunteers = volunteers.filter_by(student_missions=True)
if self.get_argument('aswwu', '') == 'on':
volunteers = volunteers.filter_by(aswwu=True)
if self.get_argument('circle_church', '') == 'on':
volunteers = volunteers.filter_by(circle_church=True)
if self.get_argument('university_church', '') == 'on':
volunteers = volunteers.filter_by(university_church=True)
if self.get_argument('buddy_program', '') == 'on':
volunteers = volunteers.filter_by(buddy_program=True)
if self.get_argument('assist', '') == 'on':
volunteers = volunteers.filter_by(assist=True)
if self.get_argument('lead', '') == 'on':
volunteers = volunteers.filter_by(lead=True)
if self.get_argument('audio_slash_visual', '') == 'on':
volunteers = volunteers.filter_by(audio_slash_visual=True)
if self.get_argument('health_promotion', '') == 'on':
volunteers = volunteers.filter_by(health_promotion=True)
if self.get_argument('construction_experience', '') == 'on':
volunteers = volunteers.filter_by(construction_experience=True)
if self.get_argument('outdoor_slash_camping', '') == 'on':
volunteers = volunteers.filter_by(outdoor_slash_camping=True)
if self.get_argument('concert_assistance', '') == 'on':
volunteers = volunteers.filter_by(concert_assistance=True)
if self.get_argument('event_set_up', '') == 'on':
volunteers = volunteers.filter_by(event_set_up=True)
if self.get_argument('children_ministries', '') == 'on':
volunteers = volunteers.filter_by(children_ministries=True)
if self.get_argument('children_story', '') == 'on':
volunteers = volunteers.filter_by(children_story=True)
if self.get_argument('art_poetry_slash_painting_slash_sculpting', '') == 'on':
volunteers = volunteers.filter_by(art_poetry_slash_painting_slash_sculpting=True)
if self.get_argument('organizing_events', '') == 'on':
volunteers = volunteers.filter_by(organizing_events=True)
if self.get_argument('organizing_worship_opportunities', '') == 'on':
volunteers = volunteers.filter_by(organizing_worship_opportunities=True)
if self.get_argument('organizing_community_outreach', '') == 'on':
volunteers = volunteers.filter_by(organizing_community_outreach=True)
if self.get_argument('bible_study', '') == 'on':
volunteers = volunteers.filter_by(bible_study=True)
if self.get_argument('wycliffe_bible_translator_representative', '') == 'on':
volunteers = volunteers.filter_by(wycliffe_bible_translator_representative=True)
if self.get_argument('food_preparation', '') == 'on':
volunteers = volunteers.filter_by(food_preparation=True)
if self.get_argument('graphic_design', '') == 'on':
volunteers = volunteers.filter_by(graphic_design=True)
if self.get_argument('poems_slash_spoken_word', '') == 'on':
volunteers = volunteers.filter_by(poems_slash_spoken_word=True)
if self.get_argument('prayer_team_slash_prayer_house', '') == 'on':
volunteers = volunteers.filter_by(prayer_team_slash_prayer_house=True)
if self.get_argument('dorm_encouragement_and_assisting_chaplains', '') == 'on':
volunteers = volunteers.filter_by(dorm_encouragement_and_assisting_chaplains=True)
if self.get_argument('scripture_reading', '') == 'on':
volunteers = volunteers.filter_by(scripture_reading=True)
if self.get_argument('speaking', '') == 'on':
volunteers = volunteers.filter_by(speaking=True)
if self.get_argument('videography', '') == 'on':
volunteers = volunteers.filter_by(videography=True)
if self.get_argument('drama', '') == 'on':
volunteers = volunteers.filter_by(drama=True)
if self.get_argument('public_school_outreach', '') == 'on':
volunteers = volunteers.filter_by(public_school_outreach=True)
if self.get_argument('retirement_slash_nursing_home_outreach', '') == 'on':
volunteers = volunteers.filter_by(retirement_slash_nursing_home_outreach=True)
if self.get_argument('helping_the_homeless_slash_disadvantaged', '') == 'on':
volunteers = volunteers.filter_by(helping_the_homeless_slash_disadvantaged=True)
if self.get_argument('working_with_youth', '') == 'on':
volunteers = volunteers.filter_by(working_with_youth=True)
if self.get_argument('working_with_children', '') == 'on':
volunteers = volunteers.filter_by(working_with_children=True)
if self.get_argument('greeting', '') == 'on':
volunteers = volunteers.filter_by(greeting=True)
if self.get_argument('shofar_for_vespers', '') == 'on':
volunteers = volunteers.filter_by(shofar_for_vespers=True)
if self.get_argument('music', '') != '':
volunteers = volunteers.filter(
volunteer_model.Volunteer.music.ilike('%'+str(self.get_argument('music', ''))+'%')
)
if self.get_argument('join_small_groups', '') == 'on':
volunteers = volunteers.filter_by(join_small_groups=True)
if self.get_argument('lead_small_groups', '') == 'on':
volunteers = volunteers.filter_by(lead_small_groups=True)
if self.get_argument('can_transport_things', '') == 'on':
volunteers = volunteers.filter_by(can_transport_things=True)
if self.get_argument('languages', '') != '':
volunteers = volunteers.filter(
volunteer_model.Volunteer.languages.ilike('%'+str(self.get_argument('languages', ''))+'%')
)
if self.get_argument('berean_fellowship', '') != '':
volunteers = volunteers.filter_by(berean_fellowship=True)
if self.get_argument('aswwu_video_extra', '') != '':
volunteers = volunteers.filter_by(aswwu_video_extra=True)
if self.get_argument('global_service_food_fair', '') != '':
volunteers = volunteers.filter_by(global_service_food_fair=True)
if self.get_argument('wants_to_be_involved', '') == 'on':
volunteers = volunteers.filter_by(wants_to_be_involved=True)
# vusers = [{'profile': query_by_wwuid(Profile, v.wwuid)[0], 'volunteer_data': v} for v in volunteers]
vusers = []
for v in volunteers:
vol_result = alchemy.query_by_wwuid(mask_model.Profile, v.wwuid)
if len(vol_result) > 0:
vusers.append({'profile': vol_result[0], 'volunteer_data': v})
# should we return the results as JSON
if cmd == 'search':
self.write({'results': [{'full_name': v['profile'].full_name, 'email': v['profile'].email,
'photo': v['profile'].photo,
'username': v['profile'].username} for v in vusers]})
# or as a full fledged webpage
else:
logger.debug(user)
self.write('<table border="1"><tr>'
'<th>Photo</th><th>Name</th>'
'<th>Class Standing</th><th>Major(s)</th>'
'<th>Email</th><th>Phone</th>'
'<th>Volunteer Data</th></tr>')
for v in vusers:
self.write('<tr><td>' + ('<img src="https://aswwu.com/media/img-xs/'
+ str(v['profile'].photo)+'">'
if str(v['profile'].photo).find(str(v['profile'].wwuid)) > -1 else '')
+ '</td><td>' + str(v['profile'].full_name) + '</td>''<td>'
+ str(v['profile'].class_standing) + '</td><td>' + str(v['profile'].majors)
+ '</td><td>' + str(v['profile'].email) + '</td>''<td>' + str(v['profile'].phone)
+ '</td><td>' + str(v['volunteer_data'].only_true()) + '</td></tr>')
self.write('</table>')
def post(self):
user = self.current_user
volunteer = alchemy.query_by_wwuid(volunteer_model.Volunteer, user.wwuid)[0]
volunteer.campus_ministries = (True if self.get_argument('campus_ministries', 0) == '1' else False)
volunteer.student_missions = (True if self.get_argument('student_missions', 0) == '1' else False)
volunteer.aswwu = (True if self.get_argument('aswwu', 0) == '1' else False)
volunteer.circle_church = (True if self.get_argument('circle_church', 0) == '1' else False)
volunteer.university_church = (True if self.get_argument('university_church', 0) == '1' else False)
volunteer.buddy_program = (True if self.get_argument('buddy_program', 0) == '1' else False)
volunteer.assist = (True if self.get_argument('assist', 0) == '1' else False)
volunteer.lead = (True if self.get_argument('lead', 0) == '1' else False)
volunteer.audio_slash_visual = (True if self.get_argument('audio_slash_visual', 0) == '1' else False)
volunteer.health_promotion = (True if self.get_argument('health_promotion', 0) == '1' else False)
volunteer.construction_experience = (True if self.get_argument('construction_experience', 0) == '1' else False)
volunteer.outdoor_slash_camping = (True if self.get_argument('outdoor_slash_camping', 0) == '1' else False)
volunteer.concert_assistance = (True if self.get_argument('concert_assistance', 0) == '1' else False)
volunteer.event_set_up = (True if self.get_argument('event_set_up', 0) == '1' else False)
volunteer.children_ministries = (True if self.get_argument('children_ministries', 0) == '1' else False)
volunteer.children_story = (True if self.get_argument('children_story', 0) == '1' else False)
volunteer.art_poetry_slash_painting_slash_sculpting = \
(True if self.get_argument('art_poetry_slash_painting_slash_sculpting', 0) == '1' else False)
volunteer.organizing_events = (True if self.get_argument('organizing_events', 0) == '1' else False)
volunteer.organizing_worship_opportunities = \
(True if self.get_argument('organizing_worship_opportunities', 0) == '1' else False)
volunteer.organizing_community_outreach = \
(True if self.get_argument('organizing_community_outreach', 0) == '1' else False)
volunteer.bible_study = (True if self.get_argument('bible_study', 0) == '1' else False)
volunteer.wycliffe_bible_translator_representative = \
(True if self.get_argument('wycliffe_bible_translator_representative', 0) == '1' else False)
volunteer.food_preparation = (True if self.get_argument('food_preparation', 0) == '1' else False)
volunteer.graphic_design = (True if self.get_argument('graphic_design', 0) == '1' else False)
volunteer.poems_slash_spoken_word = (True if self.get_argument('poems_slash_spoken_word', 0) == '1' else False)
volunteer.prayer_team_slash_prayer_house = \
(True if self.get_argument('prayer_team_slash_prayer_house', 0) == '1' else False)
volunteer.dorm_encouragement_and_assisting_chaplains = \
(True if self.get_argument('dorm_encouragement_and_assisting_chaplains', 0) == '1' else False)
volunteer.scripture_reading = (True if self.get_argument('scripture_reading', 0) == '1' else False)
volunteer.speaking = (True if self.get_argument('speaking', 0) == '1' else False)
volunteer.videography = (True if self.get_argument('videography', 0) == '1' else False)
volunteer.drama = (True if self.get_argument('drama', 0) == '1' else False)
volunteer.public_school_outreach = (True if self.get_argument('public_school_outreach', 0) == '1' else False)
volunteer.retirement_slash_nursing_home_outreach = \
(True if self.get_argument('retirement_slash_nursing_home_outreach', 0) == '1' else False)
volunteer.helping_the_homeless_slash_disadvantaged = \
(True if self.get_argument('helping_the_homeless_slash_disadvantaged', 0) == '1' else False)
volunteer.working_with_youth = (True if self.get_argument('working_with_youth', 0) == '1' else False)
volunteer.working_with_children = (True if self.get_argument('working_with_children', 0) == '1' else False)
volunteer.greeting = (True if self.get_argument('greeting', 0) == '1' else False)
volunteer.shofar_for_vespers = (True if self.get_argument('shofar_for_vespers', 0) == '1' else False)
volunteer.music = self.get_argument('music', '')
volunteer.join_small_groups = (True if self.get_argument('join_small_groups', 0) == '1' else False)
volunteer.lead_small_groups = (True if self.get_argument('lead_small_groups', 0) == '1' else False)
volunteer.can_transport_things = (True if self.get_argument('can_transport_things', 0) == '1' else False)
volunteer.languages = self.get_argument('languages', '')
volunteer.berean_fellowship = self.get_argument('berean_fellowship', '')
volunteer.aswwu_video_extra = self.get_argument('aswwu_video_extra', '')
volunteer.global_service_food_fair = self.get_argument('global_service_food_fair', '')
volunteer.wants_to_be_involved = (True if self.get_argument('wants_to_be_involved', 0) == '1' else False)
logger.debug(volunteer.only_true())
alchemy.add_or_update(volunteer)
self.write(json.dumps('success'))