def update_student(sid): #---------------------------------- if not (auth.if_auth()): return redirect(url_for('login')) #---------------------------------- form = StudentForm() if form.validate(): student_id = sid session = db.Session() user = session.query(Student).filter_by(id=sid).first() if user: form.populate_obj(user) # Обновляем принадлежность к группе if user.group == '': user.user_id = None else: if not (auth.user_is_admin()): user.user_id = auth.get_user_id() # Сохраняем session.commit() return redirect(url_for('groups')) params = dict() params['student_id'] = sid params['form'] = form params['username'] = auth.get_user_name() return render_template('students/edit_student.html', params=params)
def show_groups(): #---------------------------------- if not (auth.if_auth()): return redirect(url_for('login')) #---------------------------------- user_id = auth.get_user_id() session = db.Session() users = session.query( Student.group, Student.id, Student.firstname, Student.lastname, Student.middlename, Student.birth_date).filter_by(user_id=user_id).order_by( Student.group).all() # 4 groups = {} for user in users: group = user[0] sid = user[1] firstname = user[2] lastname = user[3] middlename = user[4] birth_date = user[5] if not (group in groups): groups[group] = [] (groups[group]).append({ 'id': sid, 'firstname': firstname, 'lastname': lastname, 'middlename': middlename, 'birth_date': birth_date.strftime('%d-%m-%Y') }) params = dict() params['username'] = auth.get_user_name() params['groups'] = groups return render_template('students/groups.html', params=params)
def get_index(category_id=0): categories = db_utils.get_categories() items = db_utils.get_items(category_id) page_title = 'Latest Items' if category_id != 0: category = db_utils.get_category(category_id) page_title = category.name for item in items: item.nice_date = '{month} {day}, {year}'.format( month=calendar.month_name[item.created_at.month], day=item.created_at.day, year=item.created_at.year) signed_in = auth.is_signed_in() is_user_admin = False if signed_in: is_user_admin = auth.is_user_admin() return render_template( 'index.html', categories=categories, items=items, page_title=page_title, CLIENT_ID=CLIENT_ID, signed_in=signed_in, is_user_admin=is_user_admin, user_name=auth.get_user_name(), picture=auth.get_user_picture(), SIGNIN_REQUEST_TOKEN=auth.get_signin_request_token())
def set_locked_version(self, tallySheetVersion: TallySheetVersion): if tallySheetVersion is None: if not has_role_based_access(self, ACCESS_TYPE_UNLOCK): raise ForbiddenException( message="User not authorized to unlock the tally sheet.", code=MESSAGE_CODE_TALLY_SHEET_NOT_AUTHORIZED_TO_UNLOCK) self.submission.set_locked_version(submissionVersion=None) else: if self.template.is_submit_allowed(): if self.submittedVersionId is None: raise ForbiddenException( message= "Data entry tally sheet cannot be locked before submitting", code=MESSAGE_CODE_TALLY_SHEET_CANNOT_LOCK_BEFORE_SUBMIT ) elif self.submittedStamp.createdBy == get_user_name(): raise ForbiddenException( message= "Data entry tally sheet submitted user is not allowed to lock/unlock.", code= MESSAGE_CODE_TALLY_SHEET_SAME_USER_CANNOT_SAVE_AND_SUBMIT ) if not has_role_based_access(self, ACCESS_TYPE_LOCK): raise ForbiddenException( message="User is not authorized to lock the tally sheet.", code=MESSAGE_CODE_TALLY_SHEET_NOT_AUTHORIZED_TO_LOCK) self.submission.set_locked_version( submissionVersion=tallySheetVersion.submissionVersion) self.update_status_report()
def get_item_page(id): categories = db_utils.get_categories() item = db_utils.get_item(id) recent_items = db_utils.get_recent_items(5) if item is None: return render_template('404.html') item.nice_date = '{month} {day}, {year}'.format( month=calendar.month_name[item.created_at.month], day=item.created_at.day, year=item.created_at.year) signed_in = auth.is_signed_in() is_user_admin = False is_item_owner = False if signed_in: is_user_admin = auth.is_user_admin() is_item_owner = item.user_id == auth.get_user_id() return render_template( 'item.html', id=id, categories=categories, item=item, recent_items=recent_items, CLIENT_ID=CLIENT_ID, signed_in=signed_in, is_user_admin=is_user_admin, is_item_owner=is_item_owner, user_name=auth.get_user_name(), picture=login_session.get('picture'), SIGNIN_REQUEST_TOKEN=auth.get_signin_request_token())
def index(): #---------------------------------- if not (auth.if_auth()): return redirect(url_for('login')) #---------------------------------- params = dict() params['username'] = auth.get_user_name() return render_template('index.html', params=params)
def new_student(): #---------------------------------- if not (auth.if_auth()): return redirect(url_for('login')) #---------------------------------- params = dict() params['form'] = StudentForm() params['username'] = auth.get_user_name() return render_template('students/edit_student.html', params=params)
def get(self): user = get_current_user(self.request) firebase_name = auth.get_user_name(self.request) # Rare case that someone changed their name. if user.name != firebase_name: user.name = firebase_name # TODO: search all edits by this user and change the names there. user.put() self.redirect('/')
def on_before_workflow_action(self, workflow_action, tally_sheet_version): if workflow_action.actionType in [WORKFLOW_ACTION_TYPE_VERIFY]: if tally_sheet_version.createdBy == get_user_name(): raise UnauthorizedException("You cannot verify the data last edited by yourself.", code=MESSAGE_CODE_TALLY_SHEET_NOT_AUTHORIZED_TO_VERIFY) if workflow_action.actionType in [WORKFLOW_ACTION_TYPE_SAVE, WORKFLOW_ACTION_TYPE_EDIT]: # To ignore the completion check pass else: return super(ExtendedTallySheetDataEntry, self).on_before_workflow_action( workflow_action=workflow_action, tally_sheet_version=tally_sheet_version)
def edit_student(sid): #---------------------------------- if not (auth.if_auth()): return redirect(url_for('login')) #---------------------------------- student_id = sid session = db.Session() user = session.query(Student).filter_by(id=sid).first() if user: params = dict() params['form'] = StudentForm(obj=user) params['student_id'] = user.id params['username'] = auth.get_user_name() return render_template('students/edit_student.html', params=params) return redirect(url_for('groups'))
def get(self): # Check that user is logged in. Send to auth if False if not self.session.get('logged_in'): self.redirect('/auth') return # Get data for render data = _get_front_page_data() # Put data into context context = {"repos": data, "username": get_user_name()} # Render the app self.render('index', context)
def inject_to_template(): is_prod_env = False if app.config.get('PROD_ENV'): is_prod_env = app.config['PROD_ENV'] from auth import get_user_name current_user_name = '' try: current_user_name = get_user_name() except: pass return dict( isProdEnv=is_prod_env, current_user=current_user_name, current_timestamp=datetime.now().strftime('%Y-%m-%d %H:%M:%S'))
def _create_private_repo(name, description, private=True): """Create a private repo""" url = '{}/orgs/{}/repos?access_token={}'.format(GITHUB_API_URL, os.environ.get('ORG'), get_access_token()) fields = { "name": name, "description": description, "private": True, } # Send request to Github's API fetch_url(url, urlfetch.POST, json.dumps(fields)) # Create a log entry message = '{} created the {} repo'.format(get_user_name(), name) create_log(message)
def add_student(): #---------------------------------- if not (auth.if_auth()): return redirect(url_for('login')) #---------------------------------- student = Student() form = StudentForm(obj=student) if form.validate(): session = db.Session() form.populate_obj(student) user_id = auth.get_user_id() student.user_id = user_id session.add(student) session.commit() return redirect(url_for('groups')) params = dict() params['form'] = form params['username'] = auth.get_user_name() return render_template('students/edit_student.html', params=params)
def show_all_students(): #---------------------------------- if not (auth.if_auth()): return redirect(url_for('login')) #---------------------------------- session = db.Session() users = session.query(Student.group, Student.id, Student.firstname, Student.lastname, Student.middlename, Student.birth_date).order_by( Student.lastname).all() # 4 groups = {} alphabet = list('АБВГДЕЁЖЗИКЛМНОПРСТУФХЦЧШЩЭЮЯ') for letter in alphabet: if not (letter in groups): groups[letter] = [] for user in users: group = user[0] sid = user[1] firstname = user[2] lastname = user[3] middlename = user[4] birth_date = user[5] letter = lastname[0:1] if group == None: group = '' (groups[letter]).append({ 'id': sid, 'group': group, 'firstname': firstname, 'lastname': lastname, 'middlename': middlename, 'birth_date': birth_date.strftime('%d-%m-%Y') }) params = dict() params['groups'] = groups params['username'] = auth.get_user_name() return render_template('students/all.html', params=params)
def get_my_items_page(user_id=0): if user_id == 0 and not auth.is_signed_in(): # This would be reached when /myitems is requested. # Redirect to login page. # The url to which we are redirected will contain a paramenter # which will be the url to redirect back to # after logging in redirect_parameter = 'redirect={}'.format(url_for('get_my_items_page')) url = '{path}?{parameter}'.format(path=url_for('get_login_page'), parameter=redirect_parameter) return redirect(url, 302) page_title = 'My Items' if user_id != 0: user = db_utils.get_user(user_id) page_title = 'Items by {}'.format(user.name) categories = db_utils.get_categories() items = db_utils.get_user_items(user_id if user_id else auth.get_user_id()) for item in items: item.nice_date = '{month} {day}, {year}'.format( month=calendar.month_name[item.created_at.month], day=item.created_at.day, year=item.created_at.year) signed_in = auth.is_signed_in() is_user_admin = False if signed_in: is_user_admin = auth.is_user_admin() return render_template( 'index.html', page_title=page_title, categories=categories, items=items, CLIENT_ID=CLIENT_ID, signed_in=signed_in, is_user_admin=is_user_admin, user_name=auth.get_user_name(), picture=auth.get_user_picture(), SIGNIN_REQUEST_TOKEN=auth.get_signin_request_token())
def post(self): user = get_current_user(self.request) if (user.permissions == wmodels.PENDING_USER or user.permissions == wmodels.DEACTIVATED_USER): self.redirect('/') return try: image_data = self.request.get('image', default_value='') image_url = '' if image_data == '' and self.request.get('duplicate') == "True": image_url = ndb.Key(urlsafe=self.request.get('original_item')).get().image_url elif image_data != '': image_url = saveImageInGCS(image_data) article_type = self.request.get('article') costume_or_prop = self.request.get('item_type') costume_size_number = self.request.get('clothing_size_number') if costume_size_number == "N/A": costume_size_number = -1 else: costume_size_number = int(costume_size_number) costume_size_word = self.request.get('clothing_size_string') tags_string = self.request.get('tags') # Override certain inputs due to costume and prop defaults if costume_or_prop == "Costume" and article_type == "N/A": # An article type was not selected thus is filtered as an # 'Other' item by default article_type = "Other" elif costume_or_prop == "Prop": # Props do not have sizes or article types article_type = "N/A" costume_size_number = -1 costume_size_word = "N/A" # tags is a string. Needs to parsed into an array tags_list = parseTags(tags_string) # Create Item and add to the list duplication = self.request.get('times_to_duplicate') d = int(duplication) while d > 0: qr_code, _ = Item.allocate_ids(1) Item( id=qr_code, creator_id=auth.get_user_id(self.request), creator_name=auth.get_user_name(self.request), name=self.request.get('name'), image_url=image_url, item_type=costume_or_prop, condition=self.request.get('condition'), item_color=self.request.get_all('color'), clothing_article_type=article_type, clothing_size_num=costume_size_number, qr_code=qr_code, description=self.request.get('description', default_value=''), clothing_size_string=costume_size_word, tags=tags_list).put() d = d - 1; #sleep(0.1) next_page = self.request.get("next_page") if next_page == "Make Another Item": self.redirect("/add_item") else: self.redirect("/search_and_browse") except: # Should never be here unless the token has expired, # meaning that we forgot to refresh their token. self.redirect("/enforce_auth")
def get_edit_item_page(id=0): if request.method == 'GET': if not auth.is_signed_in(): # Redirect to login page. # The url to which we are redirected will contain a paramenter # which will be the url to redirect back to # after logging in redirect_parameter = None if id and id != 0: redirect_parameter = 'redirect={}'.format( url_for('edit_item', id=id)) else: redirect_parameter = 'redirect={}'.format(url_for('new_item')) url = '{path}?{parameter}'.format( path=url_for('get_login_page'), parameter=redirect_parameter) return redirect(url, 302) categories = db_utils.get_categories() item = None if id and id != 0: item = db_utils.get_item(id) if item is None: return render_template('404.html') else: if (not auth.is_user_admin() and item.user_id != auth.get_user_id()): # Cannot edit item that does not belong to user # But admins are allowed return render_template('unauthorized.html') return render_template('edit-item.html', item=item, categories=categories, CLIENT_ID=CLIENT_ID, signed_in=auth.is_signed_in(), user_name=auth.get_user_name(), picture=login_session.get('picture')) elif request.method == 'POST': # This is meant to be reached from AJAX request. # We return a JSON response that will be used by # The JS code making the request. if not auth.is_signed_in(): return response.error('Unauthorized') if id and id != 0: # Update item item = db_utils.get_item(id) if (not auth.is_user_admin() and item.user_id != auth.get_user_id()): # Only item owners and admins allowed to update item return response.error('Unauthorized') if (request.form['name'] and request.form['desc'] and request.form['cat-id']): item = db_utils.update_item(request.form['item-id'], request.form['name'], request.form['desc'], request.form['cat-id']) itemData = { 'id': item.id, 'name': item.name, 'desc': item.desc, 'short_desc': item.short_desc, 'category_id': item.category_id } return response.success( url_for('get_item_page', id=itemData['id']), itemData) else: return response.error('Failed to save') else: # Create new item if (request.form['name'] and request.form['desc'] and request.form['cat-id']): item = db_utils.add_item(request.form['name'], request.form['desc'], request.form['cat-id'], auth.get_user_id()) itemData = { 'id': item.id, 'name': item.name, 'desc': item.desc, 'short_desc': item.short_desc, 'category_id': item.category_id } return response.success( url_for('get_item_page', id=itemData['id']), itemData) else: return response.error('Failed to save')