def photos_show_album(album_id):
"""
View to display all of an album's
photos
"""
query = UserRoleModel.all()
query.filter("user ="******"webmaster":
can_edit = True
break
query = fb_models.AlbumModel.all()
query.filter("me =", album_id)
try:
album = query.fetch(1)[0]
except IndexError:
return render_template("404.html"), 404
query = fb_models.PhotoModel.all()
query.filter("approved =", True)
query.filter("album_id =", album_id)
photos = query.fetch(query.count())
return render_template("photos/show_album.html", can_edit=can_edit, album=album, photos=photos)
def wrapper(*args, **kwargs):
"""Performs a check to see
if any of the roles listed in the names
(list/tuple) are a role of the current user
"""
if login.current_user.is_authenticated():
match = False
query = UserRoleModel.all()
query.filter('user = '******'You do not have the required privileges. Please login with an \
account with the proper permissions to continue',
'error')
return redirect(url_for('login', next=next_page))
else:
flash('You must be logged in to access this page', 'error')
return redirect(url_for('login', next=next_page))
return f(
*args, **kwargs
) # finally execute the view function and return the result
def list_users_by_family(family_name):
"""
This view displays a list of users for the family
specified in family_name
"""
can_edit = None
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
can_edit = True
break
query = models.FamilyModel.all()
query.filter('name =', urllib.unquote_plus(family_name).lower())
try:
family = query.fetch(1)[0]
except IndexError:
return "no such family"
return render_template('404.html'), 404
users = find_users(family=('=', family.key()))
return render_template('members/list.html',
can_edit=can_edit,
family=family,
users=users)
def list_users():
"""
View for listing all users
and listing users based on a
search.
If membership role or webmaster role is present
then the user will also see edit links for the user
"""
can_edit = None
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
can_edit = True
break
users = find_users()
return render_template('members/list.html',
can_edit=can_edit,
users=users)
def contracts_list_contracts():
"""
Lists all of the available contracts
and provides links to their summary pages
"""
can_edit = None
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
can_edit = True
break
query = models.ContractModel.all()
contracts = query.fetch(query.count())
for contract in contracts:
contract.url_name = urllib.quote_plus(contract.name)
return render_template('contracts/list.html',
can_edit=can_edit,
contracts=contracts)
def photos_show_album(album_id):
"""
View to display all of an album's
photos
"""
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
can_edit = True
break
query = fb_models.AlbumModel.all()
query.filter('me =', album_id)
try:
album = query.fetch(1)[0]
except IndexError:
return render_template('404.html'), 404
query = fb_models.PhotoModel.all()
query.filter('approved =', True)
query.filter('album_id =', album_id)
photos = query.fetch(query.count())
return render_template('photos/show_album.html',
can_edit=can_edit,
album=album,
photos=photos)
def contracts_list_contracts():
"""
Lists all of the available contracts
and provides links to their summary pages
"""
can_edit = None
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
can_edit = True
break
query = models.ContractModel.all()
contracts = query.fetch(query.count())
for contract in contracts:
contract.url_name = urllib.quote_plus(contract.name)
return render_template('contracts/list.html',
can_edit=can_edit,
contracts=contracts)
def check_permissions(cwruid):
"""
Returns a permissions tuple.
The first element in the tuple is whether the current
account is the account being accessed.
The second element in the tuple is whether the current
user is a webmaster
"""
# see if the user is the current user
same_user = False
if current_user.cwruid == cwruid:
same_user = True
# see if the user is an admin
admin_user = False
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
admin_user = True
break
return (same_user, admin_user)
def check_permissions(cwruid):
"""
Returns a permissions tuple.
The first element in the tuple is whether the current
account is the account being accessed.
The second element in the tuple is whether the current
user is a webmaster
"""
# see if the user is the current user
same_user = False
if current_user.cwruid == cwruid:
same_user = True
# see if the user is an admin
admin_user = False
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
admin_user = True
break
return (same_user, admin_user)
def list_users_by_family(family_name):
"""
This view displays a list of users for the family
specified in family_name
"""
can_edit = None
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
can_edit = True
break
query = models.FamilyModel.all()
query.filter('name =', urllib.unquote_plus(family_name).lower())
try:
family = query.fetch(1)[0]
except IndexError:
return "no such family"
return render_template('404.html'), 404
users = find_users(family=('=', family.key()))
return render_template('members/list.html',
can_edit=can_edit,
family=family,
users=users)
def contracts_show_contract(contract_name):
"""
Shows a summary of the contract requirements.
If the user has not signed a contract it also
displays a signup button
"""
can_edit = None
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
can_edit = True
break
query = models.SignedContractModel.all()
query.filter('user ='******'name =', urllib.unquote_plus(contract_name))
try:
contract = query.fetch(1)[0]
except IndexError:
return render_template('404.html'), 404
contract.url_name = contract_name
query = models.TimeReqModel.all()
query.filter('contract_ =', contract.key())
time_reqs = query.fetch(query.count())
for time_req in time_reqs:
time_req.str_time = str(time_req.time)
time_req.str_date = str(time_req.dueDate)
time_req.url_name = urllib.quote_plus(time_req.name)
query = models.DuesReqModel.all()
query.filter('contract_ =', contract.key())
dues_reqs = query.fetch(query.count())
for dues_req in dues_reqs:
dues_req.str_date = str(dues_req.dueDate)
dues_req.url_name = urllib.quote_plus(dues_req.name)
return render_template('contracts/show.html',
can_edit=can_edit,
can_sign=can_sign,
contract=contract,
time_reqs=time_reqs,
dues_reqs=dues_reqs)
def contracts_show_contract(contract_name):
"""
Shows a summary of the contract requirements.
If the user has not signed a contract it also
displays a signup button
"""
can_edit = None
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
can_edit = True
break
query = models.SignedContractModel.all()
query.filter('user ='******'name =', urllib.unquote_plus(contract_name))
try:
contract = query.fetch(1)[0]
except IndexError:
return render_template('404.html'), 404
contract.url_name = contract_name
query = models.TimeReqModel.all()
query.filter('contract_ =', contract.key())
time_reqs = query.fetch(query.count())
for time_req in time_reqs:
time_req.str_time = str(time_req.time)
time_req.str_date = str(time_req.dueDate)
time_req.url_name = urllib.quote_plus(time_req.name)
query = models.DuesReqModel.all()
query.filter('contract_ =', contract.key())
dues_reqs = query.fetch(query.count())
for dues_req in dues_reqs:
dues_req.str_date = str(dues_req.dueDate)
dues_req.url_name = urllib.quote_plus(dues_req.name)
return render_template('contracts/show.html',
can_edit=can_edit,
can_sign=can_sign,
contract=contract,
time_reqs=time_reqs,
dues_reqs=dues_reqs)
def display_edit_user_account(cwruid):
"""
This view allows the user and administrators
to edit the account information of that user
"""
import urllib, urlparse
permissions = check_permissions(cwruid)
if not permissions[0] and not permissions[1]:
return permission_denied(cwruid)
# get the user object for this page
try:
user = find_users(1, cwruid=('=', cwruid))[0]
except IndexError:
return render_template('404.html'), 404
main_form = forms.MainUpdateUserForm(None)
# initialize admin form if this user has
# admin privileges
admin_form = None
if permissions[1]:
admin_form = forms.AdminUpdateUserForm(None)
# set the choices
admin_form.family.choices = get_family_choices()
admin_form.roles.choices = get_role_choices()
# populate the main form
main_form.fname.data = user.fname
main_form.mname.data = user.mname
main_form.lname.data = user.lname
main_form.avatar.data = user.avatar
# initialize the admin_form if needed
if admin_form is not None:
if user.family is not None:
admin_form.family.data = user.family.name
if user.big is not None:
admin_form.big.data = user.big.cwruid
query = UserRoleModel.all()
query.filter('user ='******'members/edit_account.html',
user=user,
permissions=permissions,
main_form=main_form,
admin_form=admin_form)
def display_edit_user_account(cwruid):
"""
This view allows the user and administrators
to edit the account information of that user
"""
import urllib, urlparse
permissions = check_permissions(cwruid)
if not permissions[0] and not permissions[1]:
return permission_denied(cwruid)
# get the user object for this page
try:
user = find_users(1,cwruid=('=', cwruid))[0]
except IndexError:
return render_template('404.html'), 404
main_form = forms.MainUpdateUserForm(None)
# initialize admin form if this user has
# admin privileges
admin_form = None
if permissions[1]:
admin_form = forms.AdminUpdateUserForm(None)
# set the choices
admin_form.family.choices = get_family_choices()
admin_form.roles.choices = get_role_choices()
# populate the main form
main_form.fname.data = user.fname
main_form.mname.data = user.mname
main_form.lname.data = user.lname
main_form.avatar.data = user.avatar
# initialize the admin_form if needed
if admin_form is not None:
if user.family is not None:
admin_form.family.data = user.family.name
if user.big is not None:
admin_form.big.data = user.big.cwruid
query = UserRoleModel.all()
query.filter('user ='******'members/edit_account.html',
user=user,
permissions=permissions,
main_form=main_form,
admin_form=admin_form)
def can_edit(names):
# see if the user is an admin
admin_user = False
query = UserRoleModel.all()
query.filter('user =', current_user.key())
uroles = query.fetch(query.count())
for urole in uroles:
if urole.role.name in names:
admin_user = True
return admin_user
def can_edit(names):
# see if the user is an admin
admin_user = False
query = UserRoleModel.all()
query.filter('user =', current_user.key())
uroles = query.fetch(query.count())
for urole in uroles:
if urole.role.name in names:
admin_user = True
return admin_user
def display_blog():
"""
View to display existing blog posts
"""
new_post = None
if current_user.is_authenticated():
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
new_post = forms.NewPostForm()
break
query = models.PostModel.all()
query.order('-timestamp')
posts = query.fetch(10)
for post in posts:
post.url_timestamp = urllib.quote_plus(str(post.timestamp))
post.url_title = urllib.quote_plus(post.title)
post_form = forms.NewPostForm()
if request.method == 'POST' and post_form.validate():
post = models.PostModel(title=post_form.title.data,
timestamp=dt.datetime.now(),
text=post_form.text.data,
author=current_user.key())
post.put()
post.url_timestamp = urllib.quote_plus(str(post.timestamp))
post.url_title = urllib.quote_plus(post.title)
posts.insert(0, post)
if len(posts) > 10:
del posts[-1]
post_form = forms.NewPostForm(None)
post_form = forms.NewPostForm(None)
return render_template('blogs/display_posts.html',
new_post=new_post,
posts=posts)
def display_blog():
"""
View to display existing blog posts
"""
new_post = None
if current_user.is_authenticated():
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
new_post = forms.NewPostForm()
break
query = models.PostModel.all()
query.order('-timestamp')
posts = query.fetch(10)
for post in posts:
post.url_timestamp = urllib.quote_plus(str(post.timestamp))
post.url_title = urllib.quote_plus(post.title)
post_form = forms.NewPostForm()
if request.method == 'POST' and post_form.validate():
post = models.PostModel(title=post_form.title.data,
timestamp=dt.datetime.now(),
text=post_form.text.data,
author=current_user.key())
post.put()
post.url_timestamp = urllib.quote_plus(str(post.timestamp))
post.url_title = urllib.quote_plus(post.title)
posts.insert(0, post)
if len(posts) > 10:
del posts[-1]
post_form = forms.NewPostForm(None)
post_form = forms.NewPostForm(None)
return render_template('blogs/display_posts.html',
new_post=new_post,
posts=posts)
def photos_album_list():
"""
View for displaying a list of all albums
"""
query = UserRoleModel.all()
query.filter("user ="******"webmaster":
can_edit = True
break
query = fb_models.AlbumModel.all()
query.filter("display =", True)
albums = query.fetch(query.count())
return render_template("photos/list_albums.html", can_edit=can_edit, albums=albums)
def wrapper(*args, **kwargs):
"""Performs a check to see
if any of the roles listed in the names
(list/tuple) are a role of the current user
"""
if login.current_user.is_authenticated():
match = False
query = UserRoleModel.all()
query.filter('user = '******'You do not have the required privileges. Please login with an \
account with the proper permissions to continue', 'error')
return redirect(url_for('login', next=next_page))
else:
flash('You must be logged in to access this page', 'error')
return redirect(url_for('login', next=next_page))
return f(*args, **kwargs) # finally execute the view function and return the result
def list_users():
"""
View for listing all users
and listing users based on a
search.
If membership role or webmaster role is present
then the user will also see edit links for the user
"""
can_edit = None
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
can_edit = True
break
users = find_users()
return render_template('members/list.html', can_edit=can_edit, users=users)
def photos_album_list():
"""
View for displaying a list of all albums
"""
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
can_edit = True
break
query = fb_models.AlbumModel.all()
query.filter('display =', True)
albums = query.fetch(query.count())
return render_template('photos/list_albums.html',
can_edit=can_edit,
albums=albums)
def handle_edit_account_admin_json(cwruid):
"""
This view handles the AJAX request
for the AdminUpdateUserForm submission
from the display_edit_account(cwruid) view
"""
permissions = check_permissions(cwruid)
if not permissions[0] and not permissions[1]:
return jsonify({'result': 'failure', 'msg': 'Permission denied'})
admin_form = forms.AdminUpdateUserForm()
# set the choices
admin_form.family.choices = get_family_choices()
admin_form.roles.choices = get_role_choices()
if admin_form.validate():
try:
user = find_users(1, cwruid=('=', cwruid))[0]
except IndexError:
return jsonify({
'result': 'failure: no such user',
'name': 'admin',
'errors': {}
})
if admin_form.big.data != '':
try:
big = find_users(1, cwruid=('=', admin_form.big.data))[0]
user.big = big.key()
except IndexError:
user.big = None
return jsonify({
'result': 'failure: no such big',
'name': 'admin',
'errors': {}
})
else:
user.big = None
if admin_form.family.data != 'none':
query = models.FamilyModel.all()
query.filter('name =', admin_form.family.data)
try:
family = query.fetch(query.count())[0]
user.family = family.key()
except IndexError:
user.family = None
return jsonify({
'result': 'failure: no such family',
'name': 'admin',
'errors': {}
})
else:
user.family = None
query = UserRoleModel.all()
query.filter('user ='******'name =', role)
try:
new_role = role_query.fetch(query.count())[0]
except IndexError:
return jsonify({
'result': 'failure: no such role',
'name': 'admin',
'errors': {}
})
new_urole = UserRoleModel(user=user.key(), role=new_role.key())
new_urole.put()
else:
del uroles[index]
for urole in uroles:
urole.delete()
user.save()
return jsonify({'result': 'success'})
else:
return jsonify({
'result': 'failure',
'name': 'admin',
'errors': admin_form.errors
})
def view_blog_post(timestamp, title):
"""
View to display blog post and associated comments
"""
edit_post = None
# determine if the user has the proper role to edit
if current_user.is_authenticated():
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
edit_post = True
break
# get the blog posts
query = models.PostModel.all()
str_timestamp = urllib.unquote_plus(timestamp)
timestamp = dt.datetime.strptime(str_timestamp, '%Y-%m-%d %H:%M:%S.%f')
query.filter('timestamp =', timestamp)
query.filter('title =', urllib.unquote_plus(title))
try:
post = query.fetch(1)[0]
except IndexError:
return render_template('404.html'), 404
# add the urlencoded version of timestamp and
post.url_timestamp = urllib.quote_plus(str(post.timestamp))
post.url_title = urllib.quote_plus(post.title)
# get the comments
query = models.CommentModel.all()
query.filter('post =', post.key())
query.order('timestamp')
comments = query.fetch(query.count())
# go through and add forms with delete button to each comment if the user
# has edit privileges
if edit_post is not None:
for comment in comments:
comment.delete = forms.DeleteCommentForm(None)
comment.delete.key.data = comment.key()
comment.url_timestamp = urllib.quote_plus(str(comment.timestamp))
form = forms.NewComment(request.form)
if request.method=="POST" and form.validate():
comment = models.CommentModel(post=post.key(),
timestamp=dt.datetime.now(),
text=form.text.data,
author=current_user.key())
comment.put()
comment.delete = forms.DeleteCommentForm(None)
comment.delete.key.data = comment.key()
comment.url_timestamp = urllib.quote_plus(str(comment.timestamp))
comments.append(comment)
return render_template('blogs/display_post.html',
edit_post=edit_post,
current_user=current_user,
post=post,
comments=comments,
new_comment=forms.NewComment(None))
def view_blog_post(timestamp, title):
"""
View to display blog post and associated comments
"""
edit_post = None
# determine if the user has the proper role to edit
if current_user.is_authenticated():
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
edit_post = True
break
# get the blog posts
query = models.PostModel.all()
str_timestamp = urllib.unquote_plus(timestamp)
timestamp = dt.datetime.strptime(str_timestamp, '%Y-%m-%d %H:%M:%S.%f')
query.filter('timestamp =', timestamp)
query.filter('title =', urllib.unquote_plus(title))
try:
post = query.fetch(1)[0]
except IndexError:
return render_template('404.html'), 404
# add the urlencoded version of timestamp and
post.url_timestamp = urllib.quote_plus(str(post.timestamp))
post.url_title = urllib.quote_plus(post.title)
# get the comments
query = models.CommentModel.all()
query.filter('post =', post.key())
query.order('timestamp')
comments = query.fetch(query.count())
# go through and add forms with delete button to each comment if the user
# has edit privileges
if edit_post is not None:
for comment in comments:
comment.delete = forms.DeleteCommentForm(None)
comment.delete.key.data = comment.key()
comment.url_timestamp = urllib.quote_plus(str(comment.timestamp))
form = forms.NewComment(request.form)
if request.method == "POST" and form.validate():
comment = models.CommentModel(post=post.key(),
timestamp=dt.datetime.now(),
text=form.text.data,
author=current_user.key())
comment.put()
comment.delete = forms.DeleteCommentForm(None)
comment.delete.key.data = comment.key()
comment.url_timestamp = urllib.quote_plus(str(comment.timestamp))
comments.append(comment)
return render_template('blogs/display_post.html',
edit_post=edit_post,
current_user=current_user,
post=post,
comments=comments,
new_comment=forms.NewComment(None))
def handle_edit_account_admin_json(cwruid):
"""
This view handles the AJAX request
for the AdminUpdateUserForm submission
from the display_edit_account(cwruid) view
"""
permissions = check_permissions(cwruid)
if not permissions[0] and not permissions[1]:
return jsonify({'result':'failure', 'msg':'Permission denied'})
admin_form = forms.AdminUpdateUserForm()
# set the choices
admin_form.family.choices = get_family_choices()
admin_form.roles.choices = get_role_choices()
if admin_form.validate():
try:
user = find_users(1, cwruid=('=', cwruid))[0]
except IndexError:
return jsonify({'result':'failure: no such user', 'name':'admin', 'errors': {}})
if admin_form.big.data != '':
try:
big = find_users(1, cwruid=('=', admin_form.big.data))[0]
user.big = big.key()
except IndexError:
user.big = None
return jsonify({'result':'failure: no such big', 'name':'admin', 'errors': {}})
else:
user.big = None
if admin_form.family.data != 'none':
query = models.FamilyModel.all()
query.filter('name =', admin_form.family.data)
try:
family = query.fetch(query.count())[0]
user.family = family.key()
except IndexError:
user.family = None
return jsonify({'result':'failure: no such family', 'name':'admin', 'errors': {}})
else:
user.family = None
query = UserRoleModel.all()
query.filter('user ='******'name =', role)
try:
new_role = role_query.fetch(query.count())[0]
except IndexError:
return jsonify({'result':'failure: no such role', 'name':'admin', 'errors': {}})
new_urole = UserRoleModel(user=user.key(),
role=new_role.key())
new_urole.put()
else:
del uroles[index]
for urole in uroles:
urole.delete()
user.save()
return jsonify({'result':'success'})
else:
return jsonify({'result':'failure', 'name':'admin', 'errors': admin_form.errors})