Example #1
0
def update_photo():
    """Allow the user to update their photo."""
    if flask.request.method != 'POST':
        return flask.redirect(flask.request.referrer or
                              flask.url_for('dashboard.profile'))

    if not login.current_user.can_update_photo():
        flask.flash(
            flask.Markup(
                (
                    'You cannot currently change your photo. Please contact '
                    '<a href="{0}">the ticketing officer</a> for assistance.'
                ).format(
                    APP.config['TICKETS_EMAIL_LINK']
                )
            ),
            'error'
        )

        return flask.redirect(flask.request.referrer or
                              flask.url_for('dashboard.profile'))

    if (
            'photo' in flask.request.files and
            flask.request.files['photo'].filename != ''
    ):
        old_photo = login.current_user.photo

        new_photo = photos.save_photo(flask.request.files['photo'])

        login.current_user.photo = new_photo

        DB.session.delete(old_photo)
        DB.session.add(new_photo)

        DB.session.commit()

        # We don't want to delete the photo from S3 until after the DB has
        # been updated
        if old_photo is not None:
            photos.delete_photo(old_photo)

        APP.log_manager.log_event(
            'Updated photo',
            user=login.current_user
        )

        flask.flash(
            'Your photo has been updated',
            'success'
        )
    else:
        flask.flash('You must select a photo to upload.', 'warning')

    return flask.redirect(flask.request.referrer or
                          flask.url_for('dashboard.profile'))
Example #2
0
def destroy_account(user_id, secret_key):
    """Destroy an unverified account.

    If a user is unverified (and therefore has never been able to log in), we
    allow their account to be destroyed. This is useful if somebody tries to
    register with an email address that isn't theirs, where the actual owner of
    the email address can trigger the account's distruction.

    If a user is verified, it gets a little too complicated to destroy their
    account (what happens to any tickets they own?)
    """
    user = models.User.get_by_id(user_id)

    if user is not None and user.secret_key == secret_key:
        if not user.is_verified:
            for entry in user.events:
                entry.action = (
                    entry.action +
                    ' (destroyed user with email address {0})'.format(
                        user.email
                    )
                )
                entry.user = None

            DB.session.delete(user)
            DB.session.delete(user.photo)
            DB.session.commit()

            photos.delete_photo(user.photo)

            APP.log_manager.log_event(
                'Deleted account with email address {0}'.format(
                    user.email
                )
            )

            flask.flash('The account has been deleted.', 'info')
        else:
            APP.log_manager.log_event(
                'Attempted deletion of verified account',
                user=user
            )

            flask.flash('Could not delete user account.', 'warning')
    else:
        flask.flash(
            (
                'Could not delete user account. Check that you have used the '
                'correct link'
            ),
            'warning'
        )

    return flask.redirect(flask.url_for('front.home'))
Example #3
0
def update_photo():
    """Allow the user to update their photo."""
    if flask.request.method != "POST":
        return flask.redirect(
            flask.request.referrer or flask.url_for("dashboard.profile")
        )

    if not login.current_user.can_update_photo():
        flask.flash(
            flask.Markup(
                (
                    "You cannot currently change your photo. Please contact "
                    '<a href="{0}">the ticketing officer</a> for assistance.'
                ).format(APP.config["TICKETS_EMAIL_LINK"])
            ),
            "error",
        )

        return flask.redirect(
            flask.request.referrer or flask.url_for("dashboard.profile")
        )

    if "photo" in flask.request.files and flask.request.files["photo"].filename != "":
        old_photo = login.current_user.photo

        new_photo = photos.save_photo(flask.request.files["photo"])

        login.current_user.photo = new_photo

        DB.session.delete(old_photo)
        DB.session.add(new_photo)

        DB.session.commit()

        # We don't want to delete the photo from S3 until after the DB has
        # been updated
        if old_photo is not None:
            photos.delete_photo(old_photo)

        APP.log_manager.log_event("Updated photo", user=login.current_user)

        flask.flash("Your photo has been updated", "success")
    else:
        flask.flash("You must select a photo to upload.", "warning")

    return flask.redirect(flask.request.referrer or flask.url_for("dashboard.profile"))
Example #4
0
def destroy_account(user_id, secret_key):
    """Destroy an unverified account.

    If a user is unverified (and therefore has never been able to log in), we
    allow their account to be destroyed. This is useful if somebody tries to
    register with an email address that isn't theirs, where the actual owner of
    the email address can trigger the account's distruction.

    If a user is verified, it gets a little too complicated to destroy their
    account (what happens to any tickets they own?)
    """
    user = models.User.get_by_id(user_id)

    if user is not None and user.secret_key == secret_key:
        if not user.is_verified:
            for entry in user.events:
                entry.action = (
                    entry.action +
                    " (destroyed user with email address {0})".format(
                        user.email))
                entry.user = None

            DB.session.delete(user)
            DB.session.delete(user.photo)
            DB.session.commit()

            photos.delete_photo(user.photo)

            APP.log_manager.log_event(
                "Deleted account with email address {0}".format(user.email))

            flask.flash("The account has been deleted.", "info")
        else:
            APP.log_manager.log_event("Attempted deletion of verified account",
                                      user=user)

            flask.flash("Could not delete user account.", "warning")
    else:
        flask.flash(
            ("Could not delete user account. Check that you have used the "
             "correct link"),
            "warning",
        )

    return flask.redirect(flask.url_for("front.home"))
Example #5
0
def update_photo():
    """Allow the user to update their photo."""
    if flask.request.method != 'POST':
        return flask.redirect(flask.request.referrer
                              or flask.url_for('dashboard.profile'))

    if not login.current_user.can_update_photo():
        flask.flash(
            flask.Markup(
                ('You cannot currently change your photo. Please contact '
                 '<a href="{0}">the ticketing officer</a> for assistance.'
                 ).format(APP.config['TICKETS_EMAIL_LINK'])), 'error')

        return flask.redirect(flask.request.referrer
                              or flask.url_for('dashboard.profile'))

    if ('photo' in flask.request.files
            and flask.request.files['photo'].filename != ''):
        old_photo = login.current_user.photo

        new_photo = photos.save_photo(flask.request.files['photo'])

        login.current_user.photo = new_photo

        DB.session.delete(old_photo)
        DB.session.add(new_photo)

        DB.session.commit()

        # We don't want to delete the photo from S3 until after the DB has
        # been updated
        if old_photo is not None:
            photos.delete_photo(old_photo)

        APP.log_manager.log_event('Updated photo', user=login.current_user)

        flask.flash('Your photo has been updated', 'success')
    else:
        flask.flash('You must select a photo to upload.', 'warning')

    return flask.redirect(flask.request.referrer
                          or flask.url_for('dashboard.profile'))