def close_appeal(ban_uid): ban = Ban.objects(uid=ban_uid).first() if ban is None: abort(404) if not current_user.has_permission("bans.appeal.manage"): abort(403) if ban.appeal.state == 'closed_forever': flash("Appeal has already been closed.", category='alert') return redirect(url_for('bans.view_ban', ban_uid=ban_uid)) if request.method == "POST": form = AppealUnlockTimeForm(request.form) if form.validate(): ban.appeal.unlock_time = form.date.data ban.appeal.state = 'closed_time' ban.save() flash("Appeal closed until specified date.", category='success') return redirect(url_for('bans.view_ban', ban_uid=ban_uid)) else: flash("Appeal unlock date form failed to validate. Make sure you're typing in the right data.", category='alert') return redirect(url_for('bans.view_ban', ban_uid=ban_uid)) ban.appeal.state = 'closed_forever' ban.save() flash("Appeal has been closed.", category='success') return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
def unban(ban_uid): ban = Ban.objects(uid=ban_uid).first() if ban is None: abort(404) if not current_user.has_permission("bans.appeal.manage"): abort(403) if not ban.active: flash("Ban has already been lifted.", category='alert') return redirect(url_for('bans.view_ban', ban_uid=ban_uid)) if request.method == "POST": form = BanUnbanTimeForm(request.form) if form.validate(): ban.removed_time = form.date.data ban.removed_by = current_user.name ban.save() flash("Ban will be lifted on specified date.", category='success') return redirect(url_for('bans.view_ban', ban_uid=ban_uid)) else: flash( "Unban date form failed to validate. Make sure you're typing in the right data.", category='alert') return redirect(url_for('bans.view_ban', ban_uid=ban_uid)) ban.active = False ban.removed_by = current_user.name ban.removed_time = datetime.datetime.utcnow() ban.save() ban.ban_lifted() flash("Ban has been lifted.", category='success') return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
def graph_lookup_view(player=None): if not current_user.has_permission('alts.graph'): abort(403) return render_template("graph_view.html", preload=[player] if player else [], csrf_token=generate_csrf())
def unban(ban_uid): ban = Ban.objects(uid=ban_uid).first() if ban is None: abort(404) if not current_user.has_permission("bans.appeal.manage"): abort(403) if not ban.active: flash("Ban has already been lifted.", category='alert') return redirect(url_for('bans.view_ban', ban_uid=ban_uid)) if request.method == "POST": form = BanUnbanTimeForm(request.form) if form.validate(): ban.removed_time = form.date.data ban.removed_by = current_user.name ban.save() flash("Ban will be lifted on specified date.", category='success') return redirect(url_for('bans.view_ban', ban_uid=ban_uid)) else: flash("Unban date form failed to validate. Make sure you're typing in the right data.", category='alert') return redirect(url_for('bans.view_ban', ban_uid=ban_uid)) ban.active = False ban.removed_by = current_user.name ban.removed_time = datetime.datetime.utcnow() ban.save() ban.ban_lifted() flash("Ban has been lifted.", category='success') return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
def close_appeal(ban_uid): ban = Ban.objects(uid=ban_uid).first() if ban is None: abort(404) if not current_user.has_permission("bans.appeal.manage"): abort(403) if ban.appeal.state == 'closed_forever': flash("Appeal has already been closed.", category='alert') return redirect(url_for('bans.view_ban', ban_uid=ban_uid)) if request.method == "POST": form = AppealUnlockTimeForm(request.form) if form.validate(): ban.appeal.unlock_time = form.date.data ban.appeal.state = 'closed_time' ban.save() flash("Appeal closed until specified date.", category='success') return redirect(url_for('bans.view_ban', ban_uid=ban_uid)) else: flash( "Appeal unlock date form failed to validate. Make sure you're typing in the right data.", category='alert') return redirect(url_for('bans.view_ban', ban_uid=ban_uid)) ban.appeal.state = 'closed_forever' ban.save() flash("Appeal has been closed.", category='success') return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
def api_key_edit(key_id): key = ApiKey.objects(id=key_id).first() if key is None or current_user != key.owner: abort(401) form = ApiKeyEditForm() form.acl.choices = list() for access_token in access_tokens.values(): if access_token.get("permission"): if not current_user.has_permission(access_token.get("permission")): continue form.acl.choices.append( (access_token.get("token"), access_token.get("token"))) if request.method == "GET": form.label.data = key.label form.acl.data = key.access return render_template( 'api_settings_edit_pane.html', settings_panels_structure=settings_panels_structure, form=form, key=key, title="Edit - API Keys - Developer - Settings") elif request.method == "POST": form.validate() key.label = form.label.data key.access = form.acl.data key.save() return redirect(url_for('api.api_key_edit', key_id=key_id))
def api_key_edit(key_id): key = ApiKey.objects(id=key_id).first() if key is None or current_user != key.owner: abort(401) form = ApiKeyEditForm() form.acl.choices = list() for access_token in access_tokens.values(): if access_token.get("permission"): if not current_user.has_permission(access_token.get("permission")): continue form.acl.choices.append((access_token.get("token"), access_token.get("token"))) if request.method == "GET": form.label.data = key.label form.acl.data = key.access return render_template('api_settings_edit_pane.html', settings_panels_structure=settings_panels_structure, form=form, key=key, title="Edit - API Keys - Developer - Settings") elif request.method == "POST": form.validate() key.label = form.label.data key.access = form.acl.data key.save() return redirect(url_for('api.api_key_edit', key_id=key_id))
def profile_text_edit(name): if current_user.name != name and not current_user.has_permission( 'profile.admin'): abort(404) user = User.objects(name=name).first() if user is None: abort(404) profile = get_profile(user) form = ProfileTextEditForm(request.form) if request.method == 'POST': if not form.validate(): return render_template('profile_edit_text.html', profile=profile, form=form) profile.profile_text = form.text.data profile.save() return redirect(user.get_profile_url()) form.text.data = profile.profile_text return render_template('profile_edit_text.html', profile=profile, form=form, user=user, title="Edit Profile - " + name + " - Profile")
def ban_reason_edit(ban_uid): edit_form = BanReasonEditForm(request.form) if not current_user.has_permission("bans.appeal.manage"): abort(403) ban = Ban.objects(uid=ban_uid).first() if ban is None: abort(404) if request.method == "POST" and edit_form.validate(): ban.reason = edit_form.text.data ban.save() return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
def appeal_reply_edit(appeal_reply_id): edit_form = AppealReplyTextEditForm(request.form) appeal_reply = AppealReply.objects(id=appeal_reply_id).first() if appeal_reply is None: abort(404) if not (current_user.has_permission("bans.appeal.manage") or (current_user.is_authenticated() and current_user == appeal_reply.creator)): abort(403) if request.method == "POST" and edit_form.validate(): appeal_reply.text = edit_form.text.data appeal_reply.edits.append(AppealEdit(text=edit_form.text.data, user=current_user.to_dbref())) appeal_reply.save() return redirect(url_for('bans.view_ban', ban_uid=appeal_reply.ban.uid))
def open_appeal(ban_uid): ban = Ban.objects(uid=ban_uid).first() if ban is None: abort(404) if not current_user.has_permission("bans.appeal.manage"): abort(403) if ban.appeal.state == 'open': flash("Appeal is already open.", category='alert') return redirect(url_for('bans.view_ban', ban_uid=ban_uid)) ban.appeal.state = 'open' ban.save() flash("Appeal has been re-opened.", category='success') return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
def appeal_reply_edit(appeal_reply_id): edit_form = AppealReplyTextEditForm(request.form) appeal_reply = AppealReply.objects(id=appeal_reply_id).first() if appeal_reply is None: abort(404) if not (current_user.has_permission("bans.appeal.manage") or (current_user.is_authenticated() and current_user == appeal_reply.creator)): abort(403) if request.method == "POST" and edit_form.validate(): appeal_reply.text = edit_form.text.data appeal_reply.edits.append( AppealEdit(text=edit_form.text.data, user=current_user.to_dbref())) appeal_reply.save() return redirect(url_for('bans.view_ban', ban_uid=appeal_reply.ban.uid))
def profile_text_edit(name): if current_user.name != name and not current_user.has_permission('profile.admin'): abort(404) user = User.objects(name=name).first() if user is None: abort(404) profile = get_profile(user) form = ProfileTextEditForm(request.form) if request.method == 'POST': if not form.validate(): return render_template('profile_edit_text.html', profile=profile, form=form) profile.profile_text = form.text.data profile.save() return redirect(user.get_profile_url()) form.text.data = profile.profile_text return render_template('profile_edit_text.html', profile=profile, form=form, user=user, title="Edit Profile - " + name + " - Profile")
def add_payment(): if not current_user.has_permission('financial.payments'): abort(403) form = PaymentAddForm(request.form) if request.method == "POST": payment = PaymentTransaction() payment.amount = form.amount.data payment.period_begin = form.start_date.data payment.period_end = form.end_date.data payment.user = current_user.to_dbref() payment.note = form.note.data payment.save() return redirect(url_for('donations.donate')) return render_template("add_payment.html", form=form)
def wrapper(*args, **kwargs): for permission in permissions: if not current_user.has_permission(permission): abort(403) return func(*args, **kwargs)
def is_accessible(self): return current_user.has_permission('admin.%s' % permission)