def set_answers(user_id, answers=None, current_user=None):
if not user_id:
user_id = current_user.id if current_user else None
if not current_user.id == user_id:
raise ForbiddenException(
f'User {current_user.id} is not permitted to answer for {user_id}')
application = Application.get_for_user(user_id)
if not application:
raise ForbiddenException(f'User {user_id} is not an applicant')
elif application.is_submitted:
raise ForbiddenException(
f'Cannot modify answers to a submitted application')
for answer in answers:
answer_record = Answer.query.filter_by(
question_id=answer['question_id'],
application_id=application.id).one_or_none()
if not answer_record:
answer_record = Answer(question_id=answer['question_id'],
text=answer.get('text', ''),
application_id=application.id)
db.session.add(answer_record)
else:
answer_record.text = answer.get('text', '')
db.session.commit()
db.session.commit()
def add_applicant_note(applicant_user_id,
text,
title=None,
is_chat_log=False,
current_user=None):
application = Application.get_submitted_for_user(applicant_user_id)
if application is None:
raise BadRequestException('User {} is not an applicant'.format(
User.get(applicant_user_id).name))
else:
if not is_recruiter(current_user):
raise ForbiddenException('Current user is not a recruiter')
elif (application.recruiter_id != current_user.id
and not is_senior_recruiter(current_user)):
raise ForbiddenException(
'Current recruiter has not claimed applicant {}'.format(
applicant_user_id))
note = Note(
text=text,
title=title,
application_id=application.id,
is_chat_log=is_chat_log,
author_id=current_user.id,
)
db.session.add(note)
db.session.commit()
return {'status': 'ok'}
def edit_applicant_note(note_id, text, title=None, current_user=None):
note = Note.query.get(note_id)
if note is None:
raise ForbiddenException()
else:
user_application_access_check(current_user, note.application.user)
if current_user.id != note.author_id:
raise ForbiddenException('Only author may modify a note')
else:
note.text = text
note.title = title
db.session.commit()
return {'status': 'ok'}
def character_application_access_check(current_user,
target_character,
write=False):
if not has_applicant_access(
current_user, target_character.user, write=write):
raise ForbiddenException('User {} does not have access.'.format(
current_user.id))
def get_application_images(application_id, current_user=None):
application = Application.query.get(application_id)
if application is None:
raise ForbiddenException('User {} does not have access.'.format(
current_user.id))
else:
return get_user_images(application.user.id, current_user=current_user)
def invite_applicant(applicant_user_id, current_user=current_user):
if not is_senior_recruiter(current_user):
raise ForbiddenException(
'User {} cannot invite applicants.'.format(current_user.id))
else:
application = Application.get_submitted_for_user(applicant_user_id)
if application is None:
raise BadRequestException(
'User {} is not in an open application.'.format(
applicant_user_id
)
)
elif not application.is_accepted:
raise BadRequestException(
'User {} application is not accepted.'.format(
applicant_user_id
)
)
elif application.is_invited:
raise BadRequestException(
'User {} application is already invited.'.format(
applicant_user_id
)
)
else:
send_mail(applicant_user_id, 'invite')
application.is_invited = True
db.session.commit()
add_status_note(
application, 'Application invited by {}.'.format(current_user.name))
def get_user_images(user_id, current_user=None):
if user_id == None:
user_id = current_user.id
application = Application.get_for_user(user_id)
user = User.get(user_id)
if application is None:
raise ForbiddenException('User {} does not have access.'.format(
current_user.id))
elif not has_applicant_access(current_user, user, self_access=True):
raise ForbiddenException('User {} does not have access.'.format(
current_user.id))
return {
'info': [{
'url': image.url,
'id': image.filename
} for image in application.images]
}
async def update_network_config(network_config: NetworkConfig,
aroio: Aroio = Depends(get_auth_aroio)):
"""Update the network configuration. Returns the updated network configuration."""
if not network_config.lan.valid_ipv4_addresses_or_none():
raise ForbiddenException(detail="Incorrect format of IPv4 addresses.")
aroio.configuration.network = network_config
datasource.save(aroio=aroio)
return aroio.configuration.network
def upload_image(current_user=None):
application = Application.get_for_user(current_user.id)
if application is None:
raise ForbiddenException('User {} does not have access.'.format(
current_user.id))
else:
if app.config.get('TESTING'):
image = Image(application_id=application.id)
db.session.add(image)
db.session.commit()
return {'status': 'ok'}
else:
s3 = boto3.client(
's3',
region_name=aws_region_name,
endpoint_url=aws_endpoint_url,
config=Config(signature_version=aws_signature_version),
)
for key, file in request.files.items():
if file.filename == "":
raise BadRequestException("No file selected")
if file and file.filename.lower().endswith(
('.png', '.jpg', '.jpeg')):
try:
image = Image(application_id=application.id)
db.session.add(image)
db.session.commit()
s3.upload_fileobj(file,
aws_bucket_name,
image.filename,
ExtraArgs={
"ACL": 'public-read',
"ContentType": file.content_type
})
except Exception as e:
print('ERROR upload_image AppException', e)
Image.delete(image.id, image.filename)
raise AppException() from e
else:
print('ERROR upload_image File was not an allowed type')
raise ForbiddenException('File was not an allowed type')
return {'status': 'ok'}
def release_applicant(applicant_user_id, current_user=current_user):
if not is_recruiter(current_user):
raise ForbiddenException(
'User {} is not a recruiter'.format(current_user.id))
application = Application.get_submitted_for_user(applicant_user_id)
if application is None:
raise BadRequestException(
'User {} is not in an open application.'.format(
applicant_user_id
)
)
elif not has_applicant_access(current_user, User.get(applicant_user_id)):
raise ForbiddenException('User {} does not have access to user {}'.format(
current_user.id, applicant_user_id
))
else:
application.recruiter_id = None
db.session.commit()
add_status_note(
application, 'Application released by {}.'.format(current_user.name))
return {'status': 'ok'}
def unaccept_applicant(applicant_user_id, current_user=current_user):
if not is_senior_recruiter(current_user):
raise ForbiddenException(
'User {} is not a senior recruiter'.format(current_user.id))
application = Application.get_submitted_for_user(applicant_user_id)
if application is None:
raise BadRequestException(
'User {} is not in an open application.'.format(
applicant_user_id
))
elif not application.is_accepted:
raise ForbiddenException(
'User {} cant unaccept app from user {} as its not accepted'.format(
current_user.id, applicant_user_id
))
else:
add_status_note(
application, 'Application un-accepted by {}.'.format(current_user.name))
application.is_accepted = False
application.is_concluded = False
db.session.commit()
return {'status': 'ok'}
def get_applicant_list(current_user=None):
if not (is_recruiter(current_user) or is_admin(current_user)):
raise ForbiddenException('User must be recruiter or admin.')
result = {}
for user in User.query.join(
Application, Application.user_id == User.id).filter(
db.and_(
Application.is_submitted,
db.or_(
db.not_(Application.is_concluded),
db.and_(Application.is_accepted,
db.not_(Application.is_invited))))):
recruiter_name = None
application = Application.query.filter_by(
user_id=user.id, is_concluded=False).one_or_none()
if application is None:
application = Application.query.filter_by(
user_id=user.id, is_accepted=True,
is_invited=False).one_or_none()
application_status = 'new'
if application:
recruiter_id = application.recruiter_id
if recruiter_id:
recruiter = User.get(recruiter_id)
recruiter_name = recruiter.name
application_status = 'claimed'
if application.is_accepted:
application_status = 'accepted'
applicant_visible = False
# senior recruiters see all
if is_senior_recruiter(current_user) or is_admin(current_user):
applicant_visible = True
elif is_recruiter(current_user):
if application and application.recruiter_id == current_user.id:
applicant_visible = True
else:
applicant_visible = application_status == 'new'
if applicant_visible:
result[user.id] = {
'user_id': user.id,
'recruiter_id':
application.recruiter_id if application else None,
'recruiter_name': recruiter_name,
'status': application_status,
'name': user.name,
}
return {'info': result}
def get_character_search_list(search_text, current_user=None):
# list of all chars with name beginning with search_text
if not (is_recruiter(current_user) or is_admin(current_user)):
raise ForbiddenException('User must be recruiter or admin.')
result = {}
if len(search_text) == 0:
return result
for character in Character.query.\
filter(Character.name.ilike(f'%{search_text}%')):
result[character.id] = {
'user_id': character.id,
'name': character.name,
}
return result
def start_application(current_user=None):
if is_admin(current_user) or is_recruiter(current_user) or is_senior_recruiter(current_user):
raise BadRequestException('Recruiters cannot apply')
character = Character.get(current_user.id)
if character.blocked_from_applying:
raise ForbiddenException('User is blocked')
application = Application.get_for_user(current_user.id)
if application:
raise BadRequestException('An application is already open')
# no application, start one
application = Application(user_id=current_user.id, is_concluded=False)
db.session.add(application)
db.session.commit()
add_status_note(application, 'Application created.')
return {'status': 'ok'}
async def create_filter(filter: Filter,
aroio: Aroio = Depends(get_auth_aroio)):
"""Creates a new filter in the database. Returns the created filter with its id"""
filters = aroio.configuration.convolver.filters
if len(filters) >= 10:
raise ForbiddenException(
detail="Only 10 filters are allowed with the userconfig.txt pattern"
)
# compute next possible filter id by maximum id
filter_id = max([f.id for f in filters]) + 1
filter_in_db = FilterInDb(id=filter_id, **filter.dict())
aroio.configuration.convolver.filters.append(filter_in_db)
datasource.save(aroio=aroio)
return filter_in_db
def get_user_characters(user_id, current_user=None):
user = User.get(user_id)
if not has_applicant_access(current_user, user, self_access=True):
raise ForbiddenException(
'User {} does not have access.'.format(current_user))
if not db.session.query(db.exists().where(User.id == user_id)).scalar():
raise BadRequestException(
'User with id={} does not exist.'.format(user_id))
character_dict = {}
for character in db.session.query(Character).filter(
Character.user_id == user_id):
character_dict[character.id] = {
'name': character.name,
'corporation_id': character.corporation_id,
'corporation_name': character.corporation.name,
}
return {'info': character_dict}
def get_names_to_ids(category, name_list, current_user=None):
if not is_admin(current_user) and not is_recruiter(current_user):
raise ForbiddenException('User not permitted to use search.')
elif category not in category_dict:
raise BadRequestException(
'Category {} is not one of the valid categories {}'.format(
category, list(category_dict.keys())))
else:
result = esi.get_op('post_universe_ids',
names=name_list,
disable_multi=True)
category_key = f'{category}s'
if category_key in result:
result = result[category_key]
return {'info': {item['name']: item['id'] for item in result}}
else:
return {'info': {}}
def delete_s3(image_id, current_user=None):
image = Image.query.get(image_id)
application = Application.get_for_user(current_user.id)
if application is not None:
self_access = not application.is_submitted
has_access = has_applicant_access(current_user,
application.user,
self_access=self_access)
else:
has_access = False
if (not has_access or image is None or application is None
or application.is_submitted
or application.id != image.application_id):
raise ForbiddenException(
'User {} does not have access to image {}.'.format(
current_user.id, image_id))
else:
Image.delete(image_id, image.filename)
return {'status': 'ok'}
def get_search_results(category, search, current_user=None):
if category == 'system':
category = 'solar_system'
if not is_admin(current_user) and not is_recruiter(current_user):
raise ForbiddenException('User not permitted to use search.')
elif category not in category_dict:
raise BadRequestException(
'Category {} is not one of the valid categories {}'.format(
category, list(category_dict.keys())))
else:
response = esi.get_op('get_search',
categories=[category],
search=search,
disable_multi=True)
if category in response:
id_list = response[category]
item_dict = category_dict[category].get_multi(id_list)
return {'info': {row.id: row.name for _, row in item_dict.items()}}
else:
return {'info': {}}
def get_ids_to_names(id_list, current_user=None):
if not is_admin(current_user) and not is_recruiter(current_user):
raise ForbiddenException('User not permitted to use search.')
elif len(id_list) > 0:
result = esi.get_op('post_universe_names',
ids=id_list,
disable_multi=True)
return_dict = {}
for data in result:
entry = {
'name': data['name'],
}
if data['category'] in category_dict:
entry['redlisted'] = category_dict[data['category']].get(
data['id']).is_redlisted
else:
entry['redlisted'] = False
return_dict[data['id']] = entry
return {'info': return_dict}
else:
return {'info': {}}
def claim_applicant(applicant_user_id, current_user=current_user):
if not is_recruiter(current_user):
raise ForbiddenException(
'User {} is not a recruiter'.format(current_user.id))
application = Application.get_submitted_for_user(applicant_user_id)
if application is None:
raise BadRequestException(
'User {} is not in an open application.'.format(
applicant_user_id
)
)
elif application.recruiter_id is not None:
raise BadRequestException(
'User {} has already been claimed by a recruiter.'.format(
applicant_user_id
)
)
else:
application.recruiter_id = current_user.id
db.session.commit()
add_status_note(
application, 'Application claimed by {}.'.format(current_user.name))
return {'status': 'ok'}
def get_users(current_user=None):
if not is_admin(current_user):
raise ForbiddenException('Only admin have access to user list.')
return_list = []
admins = set(admin.user for admin in db.session.query(Admin).all())
recruiters = set(recruiter.user
for recruiter in db.session.query(Recruiter).all())
users_with_roles = admins.union(recruiters)
for user in users_with_roles:
return_list.append({
'id':
user.id,
'is_admin':
user.admin is not None,
'is_recruiter':
user.recruiter is not None,
'is_senior_recruiter':
user.recruiter is not None and user.recruiter.is_senior,
'name':
user.name,
})
return {'info': return_list}
def get_answers(user_id, current_user=None):
if not db.session.query(db.exists().where(User.id == user_id)).scalar():
raise BadRequestException(
'User with id={} does not exist.'.format(user_id))
user = User.get(user_id)
current_user = current_user or user
if not has_applicant_access(current_user, user, self_access=True):
raise ForbiddenException(
'User {} does not have access to user {}'.format(
current_user, user_id))
application = Application.get_for_user(user_id)
if not application:
raise BadRequestException(
'User with id={} has no application.'.format(user_id))
questions = get_questions()
response = {'questions': {}, 'has_application': False}
if application:
response['has_application'] = True
# get a dict keyed by question id of questions & answers
answers = {a.question_id: a.text for a in application.answers}
for question_id in questions:
answer = answers[question_id] if question_id in answers else ""
response['questions'][question_id] = {
'question': questions[question_id],
'user_id': user_id,
'answer': answer,
}
else:
# no application yet, create empty answers
for question_id in questions:
response['questions'][question_id] = {
'question': questions[question_id],
'user_id': user_id,
'answer': '',
}
return response
async def is_admin(user: models.User = Depends(get_current_active_user)):
if not user.is_super:
raise ForbiddenException()
def user_admin_access_check(current_user):
if not is_admin(current_user):
raise ForbiddenException('User {} does not have access.'.format(
current_user.id))