Example #1
0
def ajax_admin_slots_update():
    if loggedin():
        if is_admin(session['username']):
            # update slot length
            set_setting('slot_length', int(request.json['slot_length']))
            return ('', 204)
    else:
        abort(403)
Example #2
0
def admin_general():
    # user needs to be logged in
    if not loggedin():
        return redirect(url_for('login'))

    username = session['username']
    # forbidden if user does not have access (operator for app or admin)
    if not is_admin(username):
        abort(403)

    return render_template('admin_general.html.j2', username=username)
Example #3
0
def ajax_admin_slots_add_slot():
    if loggedin():
        if is_admin(session['username']):
            # add slot
            db, c = get_dbc()
            c.execute('''INSERT INTO slot
                VALUES (null, ?)''', (request.json['slot'], ))
            db.commit()
            return ('', 204)
    else:
        abort(403)
Example #4
0
def ajax_admin_general_recalculate_session():
    # user needs to be logged in
    if not loggedin():
        return redirect(url_for('login'))

    username = session['username']
    # forbidden if user does not have access (operator for app or admin)
    if not is_admin(username):
        abort(403)

    set_setting('next_session', next_session(True))
    return ('', 204)
Example #5
0
def ajax_admin_slots_remove_slot():
    if loggedin():
        if is_admin(session['username']):
            # remove slot
            db, c = get_dbc()
            c.execute(
                '''DELETE FROM slot
                WHERE start_time = ?''', (request.json['slot']))
            db.commit()
            return ('', 204)
    else:
        abort(403)
Example #6
0
def ajax_admin_remove_user():
    if loggedin():
        if is_admin(session['username']):
            user = request.json['user']
            if user_exists(user):
                # remove user
                db, c = get_dbc()
                c.execute(
                    '''DELETE FROM user
                    WHERE username = ?''', (user, ))
                db.commit()
                return jsonify(success='True', user=user)
    # if anything went wrong
    return jsonify(success='False')
Example #7
0
def admin_users():
    # user needs to be logged in
    if not loggedin():
        return redirect(url_for('login'))

    username = session['username']
    # forbidden if user does not have access (operator for app or admin)
    if not is_admin(username):
        abort(403)

    # get all users
    db, c = get_dbc()
    c.execute('''SELECT username
        FROM user''')
    result_users = c.fetchall()
    users = list((u['username'] for u in result_users))

    return render_template('admin_users.html.j2',
                           username=username,
                           users=users)
Example #8
0
def admin_slots():
    # user needs to be logged in
    if not loggedin():
        return redirect(url_for('login'))

    username = session['username']
    # forbidden if user does not have access (operator for app or admin)
    if not is_admin(username):
        abort(403)

    # get all slots
    db, c = get_dbc()
    c.execute('''SELECT start_time
        FROM slot''')
    result_slots = c.fetchall()
    slots = list((s['start_time'] for s in result_slots))

    # get slot length
    slot_length = get_setting('slot_length')

    return render_template('admin_slots.html.j2',
                           username=username,
                           slots=slots,
                           slot_length=slot_length)
Example #9
0
def gconnect():
    # Validate state token
    if request.args.get('state') != login_session['state']:
        response = make_response(json.dumps('Invalid state parameter.'), 401)
        response.headers['Content-Type'] = 'application/json'
        return response
    # Obtain authorization code
    code = request.data

    try:
        # Upgrade the authorization code into a credentials object
        oauth_flow = flow_from_clientsecrets(APP_PATH + 'client_secrets.json',
                                             scope='')
        oauth_flow.redirect_uri = 'postmessage'
        credentials = oauth_flow.step2_exchange(code)
    except FlowExchangeError:
        response = make_response(
            json.dumps('Failed to upgrade the authorization code.'), 401)
        response.headers['Content-Type'] = 'application/json'
        return response

    # Check that the access token is valid.
    access_token = credentials.access_token
    url = ('https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s' %
           access_token)
    h = httplib2.Http()
    result = json.loads(h.request(url, 'GET')[1])
    # If there was an error in the access token info, abort.
    if result.get('error') is not None:
        response = make_response(json.dumps(result.get('error')), 500)
        response.headers['Content-Type'] = 'application/json'
        return response

    # Verify that the access token is used for the intended user.
    gplus_id = credentials.id_token['sub']
    if result['user_id'] != gplus_id:
        response = make_response(
            json.dumps("Token's user ID doesn't match given user ID."), 401)
        response.headers['Content-Type'] = 'application/json'
        return response

    # Verify that the access token is valid for this app.
    if result['issued_to'] != CLIENT_ID:
        response = make_response(
            json.dumps("Token's client ID does not match app's."), 401)
        print "Token's client ID does not match app's."
        response.headers['Content-Type'] = 'application/json'
        return response

    stored_access_token = login_session.get('access_token')
    stored_gplus_id = login_session.get('gplus_id')
    if stored_access_token is not None and gplus_id == stored_gplus_id:
        response = make_response(
            json.dumps('Current user is already connected.'), 200)
        response.headers['Content-Type'] = 'application/json'
        return response

    # Store the access token in the session for later use.
    login_session['access_token'] = credentials.access_token
    login_session['gplus_id'] = gplus_id

    # Get user info
    userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo"
    params = {'access_token': credentials.access_token, 'alt': 'json'}
    answer = requests.get(userinfo_url, params=params)

    data = answer.json()

    login_session['username'] = data['name']
    login_session['picture'] = data['picture']
    login_session['email'] = data['email']

    user_id = get_userid(login_session['email'])
    if not user_id:
        user_id = create_user(login_session)
    login_session['user_id'] = user_id
    login_session['admin'] = is_admin()

    output = ''
    output += '<h1>Willkommen, '
    output += login_session['username']
    output += '!</h1>'
    output += '<img src="'
    output += login_session['picture']
    output += ' " style = "width: 300px; height: 300px;border-radius: 150px;'
    output += '-webkit-border-radius: 150px;-moz-border-radius: 150px;"> '

    flash("Du bist jetzt mit %s eingeloggt" % login_session['email'])
    return output