Ejemplo n.º 1
0
def user1():
    # User 1 has all the power
    cl = make_test_user(1)

    u = Users.query.filter_by(username="******").first()

    o_main = Organizations.query.filter_by(oid="main").first()
    o_test = Organizations.query.filter_by(oid="test").first()

    o_test.add_user(u)

    main_roles = OrganizationRoles.query.filter_by(oid=o_main.id,
                                                   uid=u.id).first()

    main_roles.admin = OrganizationManagerRoles.admin
    main_roles.attendance = roles.attendance.admin
    main_roles.news = roles.news.moderator

    test_roles = OrganizationRoles.query.filter_by(oid=o_test.id,
                                                   uid=u.id).first()

    test_roles.admin = OrganizationManagerRoles.admin
    test_roles.attendance = roles.attendance.admin
    test_roles.news = roles.news.moderator

    general_roles = Roles.query.filter_by(uid=u.id).first()

    general_roles.database = roles.database.admin
    general_roles.organizations = OrganizationAdminRoles.admin
    general_roles.users = roles.users.admin

    db_commit()

    return cl
Ejemplo n.º 2
0
def link_account():
    data = verify_jwt(request.args.get("token", ""))
    form = BlankForm()

    uid = data["uid"]
    pid = data["pid"]
    email = data["email"]
    provider = data["provider"]

    if form.validate_on_submit():
        if provider == "Google":
            GoogleLinks.add(uid=uid, gid=pid)
        elif provider == "GitHub":
            GithubLinks.add(uid=uid, gid=pid)
        db_commit()
        set_user(Users.query.filter_by(id=uid).first())
        flash("Your account is now connected. Welcome back!",
              category="SUCCESS")
        return redirect("/", code=303)
        # TODO GitHub

    flash_form_errors(form)

    return render_template("account/link-account.html",
                           uid=uid,
                           provider=provider,
                           email=email,
                           form=form)
Ejemplo n.º 3
0
def serve_attendance_sudo(oid):
    if user.organization_roles.attendance < AttendanceRoles.admin:
        abort(403)

    form = BlankForm()

    org = Organizations.query.filter_by(oid=oid).first_or_404()

    if form.validate_on_submit():
        if 'delete' in request.form:
            del_id = int(request.form['delete'])

            AttendanceCodes.query.filter_by(id=del_id).delete()

            db_commit()
        else:
            b = os.urandom(16)

            c = "".join(chr(97 + bc % 26) for bc in b)

            ac = AttendanceCodes.add(oid=org.id, code=c, start=0, end=0)

            db_commit()

            return redirect(f"/organization/{oid}/admin/attendance/{ac.id}",
                            code=303)

    return render_template("adminpages/attendance.html",
                           sudo=True,
                           active="attendance",
                           form=form)
Ejemplo n.º 4
0
def lesson_edit(lesson, form):
    if form.delete.data:
        Lessons.remove(lesson)
        db_commit()
        return True

    lesson.desc = form.desc.data
    lesson.title = form.title.data
    lesson.body = form.body.data
    lesson.lid = form.lid.data

    print(lesson.lid)

    if user.organization_roles.lessons >= LessonRoles.admin:
        authors = list(map(int, form.authors.data.split()))

        for lesson_author in LessonAuthors.query.filter_by(
                lid=lesson.id).all():
            if lesson_author.uid not in authors:
                LessonAuthors.remove(lesson_author)
            else:
                authors.remove(lesson_author.uid)

        for new_author in authors:
            LessonAuthors.add(lid=lesson.id, uid=new_author, oid=get_org_id())

    db_commit()
Ejemplo n.º 5
0
def serve_topic_sudo_edit_request(id):
  if user.roles.topics <= TopicRoles.default:
    abort(403)
  
  topic = Topics.query.filter_by(id = id).first_or_404()
  
  form = TopicSudoEditForm(topic)
  
  if form.validate_on_submit():
    topic.tid = form.tid.data
    topic.name = form.name.data
    topic.desc = form.description.data
    db_commit()
    flash("Successfully updated topic!", category = "SUCCESS")
  
  flash_form_errors(form)
  
  if form.tid.data is None:
    form.tid.data = topic.tid
  
  if form.name.data is None:
    form.name.data = topic.name
  
  if form.description.data is None:
    form.description.data = topic.desc
  
  return render_template("adminpages/topic_edit.html", sudo = True, active = "topics", form = form)
Ejemplo n.º 6
0
def serve_attendance_edit(oid, acid):
    if user.organization_roles.attendance < AttendanceRoles.admin:
        abort(403)

    ac = AttendanceCodes.query.filter_by(id=acid).first_or_404()

    form = AttendanceEditForm(ac)

    if form.validate_on_submit():
        start_ts = to_tstamp(form.start_date.data, form.start_time.data)
        end_ts = to_tstamp(form.end_date.data, form.end_time.data)

        if start_ts > end_ts:
            flash("Start is after end!", category="ERROR")

        else:

            code = form.code.data

            ac.code = code
            ac.start = start_ts
            ac.end = end_ts

            db_commit()

            flash("Attendance code updated!", category="SUCCESS")

    return render_template("adminpages/attendance-edit.html", form=form)
Ejemplo n.º 7
0
def serve_topic_sudo_create_request(ptid):
    if user.roles.topics <= TopicRoles.default:
        abort(403)

    parent_tid = ""

    if ptid:
        parent_tid = Topics.query.filter_by(id=ptid).first_or_404().tid

    form = TopicSudoCreateForm()

    if form.validate_on_submit():
        Topics.add(ptid=ptid or None,
                   tid=form.tid.data,
                   name=form.name.data,
                   desc=form.description.data)
        db_commit()
        return redirect("/admin/topics/", code=303)

    flash_form_errors(form)

    return render_template("adminpages/topic_create.html",
                           sudo=True,
                           active="topics",
                           form=form,
                           ptid=parent_tid)
Ejemplo n.º 8
0
def update_user(uid, **kwargs):
    user = Users.query.filter_by(id=uid).first()

    # TODO handle email change

    if "username" in kwargs:
        user.username = kwargs.pop("username")

    if "desc" in kwargs:
        user.desc = kwargs.pop("desc")

    if "real_name" in kwargs:
        user.real_name = kwargs.pop("real_name")

    if "npass" in kwargs:
        user.password_hash = pass_hash(kwargs.pop("npass"), user.salt)
        user.revoke_tokens_before = get_time()
        set_user(user)

    if "subscribed" in kwargs:
        user.subscribed = kwargs.pop("subscribed")

    if kwargs:
        logger.warn("WARNING update_user not complete: %s" % kwargs)

    db_commit()
Ejemplo n.º 9
0
def serve_change_password(form):
    password = form.password.data
    user.password_hash = pass_hash(password, user.salt)
    user.permissions.revoke_tokens_before = get_time()
    db_commit()

    set_user(user._get_current_object())
    flash("Your account password has been updated!", category="SUCCESS")
    return redirect("/edit-profile/", code=303)
Ejemplo n.º 10
0
def create_blank_account(email, username, real_name, subscribed):
    new_user = Users.add(email=email,
                         username=username,
                         real_name=real_name,
                         subscribed=subscribed,
                         salt=new_salt())
    db_commit()
    new_user.create_dependencies()
    return new_user
Ejemplo n.º 11
0
def move_topic(id, ptid):
    if user.roles.topics <= TopicRoles.default:
        abort(403)

    if is_ancestor(ptid, id):
        return "", 400

    Topics.query.filter_by(id=id).first_or_404().ptid = ptid

    db_commit()
    return ""
Ejemplo n.º 12
0
def user_sudo_edit(target, form):
    if user.roles.users >= UserRoles.moderator:
        target.permissions.can_login_after = form.can_login_after.data

        if user.roles.users >= UserRoles.admin:
            for role in ["users", "database", "news", "attendance", "topics"]:
                setattr(
                    target.roles, role,
                    getattr(getattr(roles, role),
                            getattr(form, "role_%s" % role).data))

        db_commit()
Ejemplo n.º 13
0
def lesson_admin_create(form, oid):
    org = Organizations.query.filter_by(oid=oid).first()

    article = Lessons.add(oid=org.id,
                          lid=form.lid.data,
                          title=form.title.data,
                          desc=form.desc.data,
                          body=form.body.data)
    db_commit()

    for uid in form.authors.data.split():
        LessonAuthors.add(lid=article.id, uid=int(uid), oid=org.id)

    db_commit()
Ejemplo n.º 14
0
def oauth_create_account():
    if user:
        return redirect(get_next_page(), code=303)

    try:
        data = verify_jwt(request.args.get("token", ""))
    except (InvalidJWT, ExpiredJWT):
        return error_page(
            code=400,
            message="Invalid token in request. Please contact us.",
            errorname="Bad Request")

    form = OAuthCreateAccountForm()

    if form.email.data is None and "email" in data:
        form.email.data = data["email"]

    if form.username.data is None and "username" in data:
        form.username.data = data["username"]

    if form.real_name.data is None and "real_name" in data:
        form.real_name.data = data["real_name"]

    if form.validate_on_submit():
        new_user = create_blank_account(form.email.data, form.username.data,
                                        form.real_name.data,
                                        form.subscribed.data)

        if data["provider"] == "Google":
            GoogleLinks.add(uid=new_user.id, gid=data["pid"])
        elif data["provider"] == "GitHub":
            GithubLinks.add(uid=new_user.id, gid=data["pid"])

        db_commit()

        set_user(new_user)

        flash("Welcome!", category="SUCCESS")
        return redirect(get_next_page(), code=303)

    flash_form_errors(form)

    form.legal_agreement.checked = False

    return render_template("account/oauth-create-account.html",
                           active="Sign Up",
                           form=form,
                           next_page=get_next_page(),
                           provider=data["provider"])
Ejemplo n.º 15
0
def serve_organization_landing(org):
    form = OrganizationJoinByCodeForm()
    organization = Organizations.query.filter_by(id=get_org_id()).first()

    if form.validate_on_submit():
        organization.add_user(user)
        db_commit()

        flash("Joined %s!" % organization.name, category="SUCCESS")

    flash_form_errors(form)

    return render_template("organizations/landing.html",
                           active="Organizations",
                           organization=organization,
                           form=form)
Ejemplo n.º 16
0
def move_topic_keep_children(id, ptid):
    if user.roles.topics <= TopicRoles.default:
        abort(403)

    if Topics.is_parent(id, ptid):
        return "", 400

    topic = Topics.query.filter_by(id=id).first_or_404()

    for child in Topics.query.filter_by(ptid=topic.id).all():
        child.ptid = topic.ptid

    db_commit()

    topic.ptid = ptid

    db_commit()
    return ""
Ejemplo n.º 17
0
def serve_attendance(org):
    form = AttendanceForm()

    if form.validate_on_submit():
        AttendanceRecords.add(cid=AttendanceCodes.query.filter_by(
            code=form.attendance_code.data.strip()).first().id,
                              oid=get_org_id(),
                              uid=user.id,
                              time=get_time())
        db_commit()

        flash("Your attendance was confirmed!", category="SUCCESS")

    flash_form_errors(form)

    return render_template(
        "account/attendance.html",
        form=form,
        off=(AttendanceCodes.query.filter_by(oid=get_org_id()).count() == 0))
Ejemplo n.º 18
0
def news_sudo_create(form, oid):
  org = Organizations.query.filter_by(oid = oid).first()
  
  article = News.add(oid = get_org_id(), nid = form.nid.data, title = form.title.data, body = form.body.data, time = get_time())
  db_commit()
  
  for uid in form.authors.data.split():
    NewsAuthors.add(nid = article.id, uid = int(uid), oid = get_org_id())
  
  if form.email.data:
    co = Organizations.query.filter_by(id = get_org_id()).first()
    send_many([
      tup[0] 
      for tup in db.session.query(Users.email).\
        join(OrganizationUsers).\
        filter(OrganizationUsers.oid == co.id, Users.subscribed == True).all()
    ], 
    "%s Announcement - %s" % ("CS Center" if org.id == 1 else org.name, form.title.data), md.render(form.body.data))
  
  db_commit()
Ejemplo n.º 19
0
def news_sudo_edit(article, form):
  if form.delete.data:
    News.remove(article)
    db_commit()
    return True
  
  article.nid = form.nid.data
  article.title = form.title.data
  article.body = form.body.data
    
  if user.organization_roles.news >= NewsRoles.moderator:
    authors = list(map(int, form.authors.data.split()))

    for news_author in NewsAuthors.query.filter_by(nid = article.id).all():
      if news_author.uid not in authors:
        NewsAuthors.remove(news_author)
      else:
        authors.remove(news_author.uid)

    for new_author in authors:
      NewsAuthors.add(nid = article.id, uid = new_author, oid = get_org_id())

  db_commit()
Ejemplo n.º 20
0
def serve_organization_sudo(org):
    if user.organization_roles.admin < OrganizationManagerRoles.admin:
        abort(403)

    form = OrganizationSudoForm()

    organization = Organizations.query.filter_by(id=get_org_id()).first()

    if form.validate_on_submit():
        organization.name = form.name.data
        organization.desc = form.description.data
        organization.join_code = form.join_code.data
        organization.can_join_code = form.can_join_code.data
        organization.can_apply = form.can_apply.data

        db_commit()

        flash("Successfully updated organization!", category="SUCCESS")

    if form.name.data is None:
        form.name.data = organization.name

    if form.description.data is None:
        form.description.data = organization.desc

    if form.join_code.data is None:
        form.join_code.data = organization.join_code

    form.can_join_code.data = organization.can_join_code
    form.can_apply.data = organization.can_apply

    flash_form_errors(form)

    return render_template("adminpages/organization.html",
                           sudo=True,
                           active="organization",
                           form=form)
Ejemplo n.º 21
0
def edit_profile(form):
    kwargs = {}

    if form.desc.data != user.desc:
        kwargs["desc"] = form.description.data

    if form.username.data != user.username:
        kwargs["username"] = form.username.data

    if form.email.data != user.email:
        kwargs["email"] = form.email.data
        flash(
            "An email was sent to your new email address to complete the email change!",
            category="SUCCESS")

    if form.real_name.data != user.real_name:
        kwargs["real_name"] = form.real_name.data

    if form.subscribed.data != user.subscribed:
        kwargs["subscribed"] = form.subscribed.data

    update_user(user.id, **kwargs)
    db_commit()
    flash("Successfully updated your user data!", category="SUCCESS")
Ejemplo n.º 22
0
def global_logout():
    user.permissions.revoke_tokens_before = get_time()
    db_commit()
    return ""
Ejemplo n.º 23
0
import wcics.server.routes

from wcics.utils.time import get_time
from wcics.database.models import Organizations
from wcics.database.utils import db_commit

## Perform any init that is assumed to exist

# Create main organization
Organizations.add(oid='main',
                  name='Main Organization',
                  desc='main organization thing')

# This organization should eventually be created through our interface (but said interface does not yet exist...)
Organizations.add(oid="test", name="Test organization", desc="I am a test")

db_commit()

print("\nOrganizations were sucessfully created!\n")
Ejemplo n.º 24
0
def create_account(email, username, real_name, password, subscribed):
    new_user = create_blank_account(email, username, real_name, subscribed)
    new_user.password_hash = pass_hash(password, new_user.salt)
    db_commit()
    return new_user