def edit_user(user_id): is_reviewer = current_user.has_role('reviewer') user = user_datastore.get_user(user_id) if (not current_user.is_authenticated()) or (user.id != current_user.id and not is_reviewer): return current_app.login_manager.unauthorized() form = forms.UserEditForm(request.form, user) form.roles.choices = [(role.name, role.name.capitalize()) for role in user_datastore.role_model.objects()] if not current_user.has_role('admin'): del form.roles if form.validate_on_submit(): user.email = form.email.data if form.password.data: user.password = form.password.data if current_user.has_role('admin'): user.roles = [user_datastore.find_role(role) for role in form.roles.data] user.save() flash('User updated successfully.', 'success') if current_user.has_role('admin'): form.roles.data = [role.name for role in user.roles] return render_template('edit_user.html', form=form)
def index(self): if current_user.has_role('admin'): return redirect(url_for('.index_admin')) elif current_user.has_role('urbam'): return redirect(url_for('.index_urbam')) elif current_user.has_role('secretaria'): return redirect(url_for('.index_secretaria'))
def vouchers_new(): form = NewVoucherForm(flask.request.form) choices = [] if current_user.has_role('gateway-admin'): choices = [[ current_user.gateway_id, '%s - %s' % (current_user.gateway.network.title, current_user.gateway.title) ]] else: if current_user.has_role('network-admin'): networks = Network.query.filter_by(id=current_user.network_id).all() else: networks = Network.query.all() for network in networks: for gateway in network.gateways: choices.append([ gateway.id, '%s - %s' % (network.title, gateway.title) ]) form.gateway_id.choices = choices if form.validate_on_submit(): voucher = Voucher() form.populate_obj(voucher) if current_user.has_role('gateway-admin'): voucher.gateway_id = current_user.gateway_id db.session.add(voucher) db.session.commit() return flask.redirect(flask.url_for('.vouchers_new', id=voucher.id)) return flask.render_template('vouchers/new.html', form=form)
def get(self): parser = reqparse.RequestParser() parser.add_argument('p', type=int, required=False, default=None, location='values') q = HailModel.query filters = [] if not current_user.has_role('admin'): if current_user.has_role('operateur'): filters.append(HailModel.operateur_id == current_user.id) if current_user.has_role('moteur'): filters.append(HailModel.added_by == current_user.id) q = q.filter(or_(*filters)) q = q.order_by(HailModel.creation_datetime.desc()) pagination = q.paginate(page=parser.parse_args()['p'], per_page=30) return {"data": [{ "id": hail.id, "added_by": security_models.User.query.get(hail.added_by).email, "operateur": hail.operateur.email, "status": hail.status, "creation_datetime": hail.creation_datetime.strftime("%Y/%m/%d %H:%M:%S"), "taxi_id": hail.taxi_id} for hail in pagination.items ], "meta": { "next_page": pagination.next_num if pagination.has_next else None, "prev_page": pagination.prev_num if pagination.has_prev else None, "pages": pagination.pages, "total": pagination.total } }
def can_add_thing_to_collection(collection, thing=None): if thing and collection.has_thing(thing): return False if collection.accessibility == 'public': return current_user.is_active() and current_user.is_authenticated() elif collection.accessibility == 'semi-public': return current_user.has_role('admin') or current_user.has_role('editor') or collection.is_creator(current_user) or collection.has_editor(current_user) elif collection.accessibility == 'private': return current_user.has_role('admin') or current_user.has_role('editor') or collection.is_creator(current_user) or collection.has_editor(current_user)
def save_info(id): intent = request.form.get('intent', 'accept') group = mdl.Group.one(id=id) if not current_user.has_role(mdl.Role.ADMIN): if intent != 'update' or group.user.id != current_user.id: # For non-admins we only allow "update" permission on owned goups. return gettext("Access Denied!"), 403 # attributes that don't require admin permissions. num_vegetarians = request.form.get('num_vegetarians', 0) num_participants = request.form.get('num_participants', 0) data = { 'name': request.form['name'], 'phone': request.form['phone'], 'comments': request.form['comments'], 'contact': request.form['contact'], 'email': request.form.get('email', ''), 'num_vegetarians': int(num_vegetarians) if num_vegetarians else 0, 'num_participants': int(num_participants) if num_participants else 0, 'send_email': True, 'notification_recipient': 'admins', 'user_is_admin': False, } # ... next, if we are allowed, add admin-only attributes if current_user.has_role(mdl.Role.ADMIN): if 'direction' in request.form: data['direction'] = request.form['direction'] data['start_time'] = request.form['start_time'] data['send_email'] = request.form.get('send_email') == 'true' data['cancelled'] = request.form.get('cancelled') == 'true' data['completed'] = request.form.get('completed') == 'true' if intent == 'accept' and not group.accepted: loco.accept_registration(current_app.mailer, group.confirmation_key, group) flash(gettext('Accepted registration for group {}').format( group.name), 'info') else: data['accepted'] = request.form.get('accepted') == 'true' data['notification_recipient'] = 'owner' data['user_is_admin'] = True loco.update_group(current_app.mailer, id, data) flash(gettext('Group {name} successfully updated!').format( name=data['name']), 'info') if data['send_email']: flash(gettext('E-Mail sent successfully!'), 'info') if current_user.has_role(mdl.Role.ADMIN): return redirect(url_for('group.edit', name=data['name'])) else: return redirect(url_for('root.profile'))
def rosterentries(day, id=None): ''' API that allows creating, reading and updating roster entries. Deleting is not implemented. To create or update entries for a different user than the currently logged in user, the user needs to have the admin role. ''' if not current_user.is_authenticated(): flask.abort(403) if not day: response = flask.jsonify(ok=False, msg='') response.status_code = 404 return response day = datetime.datetime(*map(int, re.split('[^\d]', day)[:-1])) if flask.request.method == 'GET': results = Roster.query.filter_by(day=day).all() json_results = [] for result in results: d = { 'day': result.day.isoformat(), 'member': result.user.name, 'user_id': result.user.id, 'id': result.user.id, 'will_open': result.will_open != 0, 'will_service': result.will_service != 0, 'will_close': result.will_close != 0, 'comment': result.comment } json_results.append(d) return flask.jsonify(items=json_results) if flask.request.method == 'POST': req = flask.request.get_json() if req['user_id'] != current_user.id and not current_user.has_role('admin'): flask.abort(403) r = Roster() r.day = day; r.user = User.query.get(req['user_id']) r.will_open = int(req['will_open']) r.will_service = int(req['will_service']) r.will_close = int(req['will_close']) r.comment = req['comment'] db.session.add(r) db.session.commit() return flask.jsonify(ok=True) if flask.request.method == 'PUT': req = flask.request.get_json() if id != current_user.id and not current_user.has_role('admin'): flask.abort(403) r = Roster.query.filter_by(day=day, user_id=id).first() r.will_open = int(req['will_open']) r.will_service = int(req['will_service']) r.will_close = int(req['will_close']) r.comment = req['comment'] db.session.commit() return flask.jsonify(ok=True) flask.abort(405)
def ads_list(): if not taxis_models.ADS.can_be_listed_by(current_user): if current_user.has_role('stats'): return self.metadata() abort(403, message="You're not allowed to see this page") q = taxis_models.ADS.query if not current_user.has_role('admin') and not current_user.has_role('prefecture'): q = q.filter_by(added_by=current_user.id) page = int(request.args.get('page')) if 'page' in request.args else 1 return render_template('lists/ads.html', ads_list=q.paginate(page) if q else None)
def get(self): if not taxis_models.Driver.can_be_listed_by(current_user): if current_user.has_role('stats'): return self.metadata() abort(403, message="You can't list drivers") page = int(request.args.get('page')) if 'page' in request.args else 1 q = taxis_models.Driver.query if not current_user.has_role('admin') and not current_user.has_role('prefecture'): q = q.filter_by(added_by=current_user.id) return render_template('lists/drivers.html', driver_list=q.paginate(page))
def events(id=None): if id: event = Event.objects.get(pk=id) event.update_timezone() add_form = EventForm(request.form, obj=event) title_aside = u'Éditer l\'événement' else: event = Event() add_form = EventForm() title_aside = u'Créer un événement' if add_form.organisations.data: add_form.organisations.choices = make_choices(add_form.orgas_choices, selected=add_form.organisations.data, name='Organisations') if add_form.places.data: add_form.places.choices = make_choices(add_form.places_choices, selected=add_form.places.data, name='Lieux') if add_form.validate_on_submit(): event.title = add_form.title.data event.description = add_form.description.data event.organisations = add_form.organisations.data event.places = add_form.places.data if not event.author: event.author = current_user.to_dbref() event.datetime_first = arrow.get(add_form.datetime_first.data).datetime event.datetime_last = arrow.get(add_form.datetime_last.data).datetime event.update_timezone() if current_user.has_role('Administrateur') or current_user.has_role('Éditeur'): event.status = 'published' if 'publish' in request.form else 'draft' else: event.status = 'validation' if 'publish' in request.form else 'draft' event.save() if id: return redirect('/events') # Filter the events for non-admin users if not current_user.has_role('Administrateur'): filter_role = {'organisations__in': current_user.associations} else: filter_role = {} today = arrow.now().date() events_draft = Event.objects(status='draft', **filter_role).order_by('datetime_first') events_validation = Event.objects(status='validation', datetime_first__gte=today, **filter_role).order_by('datetime_first') events_published = Event.objects(status='published', datetime_first__gte=today).order_by('datetime_first') return render_template('events.html', events_draft=events_draft, events_validation=events_validation, events_published=events_published, add_form=add_form, title_aside=title_aside, icons=icons)
def home(): if current_user.is_authenticated(): if current_user.admin: return redirect(url_for('dashboard')) if current_user.has_role('monitor'): return redirect(url_for('monitor_dashboard')) if current_user.has_role('miner'): return redirect(url_for('mine_home')) return render_template('noperms.haml') else: return redirect(url_for('security.login'))
def func(): if current_user.is_authenticated(): for role in roles: if not current_user.has_role(role): return False return True return False
def get_count_query(self): if not current_user.has_role('package_admin'): return super(VersionView, self).get_count_query().\ join(self.model.package).\ join(Package.maintainers).\ filter(User.id == current_user.id) return super(VersionView, self).get_count_query()
def post(self): db = current_app.extensions['sqlalchemy'].db hj = request.json taxi_json = hj['data'][0] departement = administrative_models.Departement.filter_by_or_404( numero=str(taxi_json['driver']['departement'])) driver = taxis_models.Driver.filter_by_or_404( professional_licence=taxi_json['driver']['professional_licence'], departement_id=departement.id) vehicle = taxis_models.Vehicle.filter_by_or_404( licence_plate=taxi_json['vehicle']['licence_plate']) ads = taxis_models.ADS.filter_by_or_404( numero=taxi_json['ads']['numero'],insee=taxi_json['ads']['insee']) taxi = taxis_models.Taxi.query.filter_by(driver_id=driver.id, vehicle_id=vehicle.id, ads_id=ads.id).first() if taxi_json.get('id', None): if current_user.has_role('admin'): taxi = taxis_models.Taxi.query.get(taxi_json['id']) else: del taxi_json['id'] if not taxi: taxi = taxis_models.Taxi(driver=driver, vehicle=vehicle, ads=ads, id=taxi_json.get('id', None)) #This can happen if this is posted with a admin user if 'status' in taxi_json and taxi.vehicle.description: try: taxi.status = taxi_json['status'] except AssertionError: abort(400, message='Invalid status') db.session.add(taxi) db.session.commit() return {'data':[taxi]}, 201
def add_contacts(self): if request.method == 'POST': if not request.form.get('conference') or not request.form.get( 'profile'): flash( 'You must select Conference and Profile') if current_user.has_role('admin'): return redirect(url_for('contact_admin.index_view')) else: return redirect(url_for('contact_user.index_view')) conference = Conference.query.filter_by( id=request.form['conference']).first_or_404() profile = ParticipantProfile.query.filter_by( id=request.form['profile']).first_or_404() contacts = Contact.query.filter( Contact.id.in_(request.form['ids'].split(','))) for c in contacts: if Participant.query.filter_by(phone=c.phone, conference=conference).first(): flash(gettext( '%(contact)s is already there.', contact=c)) continue p = Participant(phone=c.phone, name=c.name, user=current_user, profile=profile, conference=conference) flash(gettext( '%(contact)s added.', contact=c)) db.session.add(p) db.session.commit() return redirect(url_for('.edit_view', id=conference.id))
def view_application(application_id, is_review=False): is_reviewer = current_user.has_role('reviewer') application = models.Application.objects.with_id(application_id) if not application: flash('No application with that id could be found.', 'error') return redirect('dashboard') if (not current_user.is_authenticated()) or (application.submitter.id != current_user.id and not is_reviewer): return current_app.login_manager.unauthorized() date = (application.submit_date if application.is_submitted else application.id.generation_time) files = [] for course_app in application.course_applications: if course_app.uploaded_content: for f in course_app.uploaded_content: files.append({'name': f.name, 'url': url_for('download_file', file=f._id)}) return render_template('view_application.html', name=application.submitter.name, date=date.strftime('%Y-%m-%d') if date else 'No date available', files=files, formatted=utils.serialize_application_to_html(application, is_review=is_review) )
def admin_home(): if not current_user.has_role("admin"): abort(403) u = users.User.query.filter_by() e = events.Event.query.filter_by() p = events.Place.query.filter_by() return render_template('admin.min.html', active='home', users=u, events=e, places=p)
def root(): if current_user.has_role("admin"): return redirect(url_for("admin")) if current_user.is_authenticated(): return redirect(url_for("edit")) else: return redirect(url_for_security("login"))
def team(self, slug): ''' ''' if not current_user.has_role('super_admin'): # TODO: Check if current user is 'owner' of this team flash('You do not have permission to view this page') return redirect(url_for('frontend.index')) team = Team.objects(slug=slug).first_or_404() form = TeamForm(obj=team) if form.validate_on_submit(): if form.logo.data: upload_logo = s3_upload(form.logo) else: upload_logo = team.logo if form.picture.data: upload_picture = s3_upload(form.picture) else: upload_picture = team.picture form.populate_obj(team) team.logo = upload_logo team.picture = upload_picture print 'Updated team information %s' % team.to_dict() team.save() flash('Changes Saved') return render_template('admin/team.html', team=team, form=form) return render_template('admin/team.html', team=team, form=form)
def is_accessible(self): if not current_user.is_active or not current_user.is_authenticated: return False if current_user.has_role('admin'): return True return False
def korist_osas(id): korist = Korist.query.get_or_404(id) if korist.profile != current_user.profile and not current_user.has_role('Admin'): abort(403) if korist.osas.count() > 0: return redirect(url_for('korist_edit', id=korist.id)) form = OSASForm(obj=korist) # form = KoristFormWithOSAs(obj=korist) if form.validate_on_submit(): events = korist.group.events.all() for i in xrange(len(events)): osa_form = form.osas[i] osa = OSA(korist=korist, event=events[i], comment=osa_form.comment.data, osa=osa_form.osa.data) db.session.add(osa) korist.active = bool(form.active.data) # form.populate_obj(korist) db.session.add(korist) db.session.commit() return redirect(url_for('korist', id=korist.id)) else: for event in korist.group.events: form.osas.append_entry(OSA(korist=korist, event=event)) return render_template("korist_osas.html", korist=korist, form=form)
def validate(self): if not super(GenerateApiKeyForm, self).validate(): # pragma: no cover return False if not current_user.has_role('developer'): return False return True
def is_accessible(self): roles = getattr(self, 'roles_accepted', None) if not roles: return True for r in roles: if current_user.has_role(r): return True return False
def index(self): if login.current_user.is_authenticated(): if current_user.has_role('admin'): return super(AdminIndexView, self).index() else: return make_response("Unauthorized User") else: return redirect(url_for('.login_view'))
def is_accessible(self): if not current_user.is_active() or not current_user.is_authenticated(): return False if current_user.has_role(Constants.ADMIN_ROLE): return True return False
def is_accessible(self): if not current_user.is_active() or not current_user.is_authenticated(): return False if current_user.has_role('superuser'): return True return False
def is_accessible(self): roles_accepted = getattr(self, 'roles_accepted', None) if roles_accepted: accessible = any( [current_user.has_role(role) for role in roles_accepted] ) return accessible return True
def is_accessible(self): try: role = models.Role.objects.get(name='admin') except models.Role.DoesNotExist: return False return ( current_user.is_authenticated() and current_user.has_role(role) )
def home(): if not request_wants_json(): return render_template('base.html') links = {} if current_user.has_role('operateur') or current_user.has_role('admin'): links.update( {'vehicle': { 'href': url_for('api.vehicle', _external=True), 'methods': set(['POST', 'PUT'])}, 'driver': { 'href': url_for('api.drivers', _external=True), 'methods': set(['POST', 'PUT'])}, 'ads': { 'href': url_for('api.ads', _external=True), 'methods': set(['POST', 'PUT'])}, 'taxi_id': { 'href': url_for('api.taxi_id', _external=True, taxi_id="_id_"), 'methods': set(['PUT', 'GET'])}, 'hail': { 'href': url_for('api.hail_endpoint', _external=True), 'methods': set(['PUT', 'GET']) } } ) if current_user.has_role('moteur') or current_user.has_role('admin'): links.update( { 'taxi_id': { 'href': url_for('api.taxi_id', _external=True, taxi_id="_id_"), 'methods': links.get('taxi_id', {'methods': set()})['methods']\ .union(set(['GET'])) } }) links.update( { 'hail': { 'href': url_for('api.hail_endpoint'), 'methods': links.get('hail', {'methods': set()})['methods']\ .union(set(['POST', 'PUT', 'GET'])) } }) for k, v in links.items(): links[k]['methods'] = list(v['methods']) return jsonify({'links': links})
def TestLogin(): if current_user.is_authenticated(): if current_user.has_role('privileged_user'): context = {'user_name': get_current_user_first_name()} return render_template('testroles.html', **context) else: return make_response("Unauthorized User") else: return redirect('/login')
def is_accessible(self): '''For checking if the admin view is accessible.''' role = models.Role.objects.get(name='admin') return current_user.is_authenticated() and current_user.has_role(role)
def is_accessible(self): return (current_user.has_role('admin') and current_user.has_role('super'))
def get_users(self, role_name, status): parser = self.get_parser() self.add_pagination_args(parser) parser.add_argument('key', type=StringParam.check, required=False, location='args', min=0, max=20) parser.add_argument('order_update_time', type=str, required=False, location='args', default='desc') parser.add_argument('show', type=str, required=False, location='args', default='false') page, page_size, key = self.get_params('page', 'page_size', 'key') show = self.get_param('show') == 'true' if self.get_param('order_update_time') == 'desc': order_by = User.update_time.desc() else: order_by = User.update_time total, users = user_datastore.get_users(role_name, page, page_size, status, key, show, order_by) items = [] if role_name == RoleType.teacher: for user in users: phone = user.phone if len(user.phone) != 32 else '' info = { 'id': user.id, 'chinese_name': user.chinese_name, 'english_name': user.english_name, 'graduated': user.teacher.graduated, 'major': user.teacher.major, 'country': user.teacher.country, 'phone': phone, 'introduce': user.teacher.introduce, 'success_case': user.teacher.success_case, 'feature': user.teacher.feature, 'update_time': user.update_time.strftime('%Y-%m-%d %H:%M:%S'), } items.append(info) else: if not current_user.has_role(RoleType.admin): self.unauthorized(errorcode.UNAUTHORIZED) for user in users: info = { 'id': user.id, 'chinese_name': user.chinese_name, 'sexual': user.student.sexual, 'age': user.student.age, 'school': user.student.school, 'location': user.student.location, 'course_name': user.student.course_name, 'phone': user.phone, 'update_time': user.update_time.strftime('%Y-%m-%d %H:%M:%S'), } items.append(info) return { 'page_total': page_total(total, page_size), 'page': page, 'items': items, }
def show_article(id): document = Document.query.get_or_404(id) if request.args.get('format') == 'places-json': return jsonify(DocumentPlace.summary_for_docs([document])) try: URL = session[str(current_user.id)]['search'] except: URL = url_for('activity') if current_user.has_role('fdi'): exists = Investment.query.filter_by(doc_id=id).first() is not None if not exists: return render_template('fdi/edit_analysis.haml', create=0, document=document, natures=AnalysisNature.all(), URL=URL) investment = Investment.query.filter_by(doc_id=id).first() if Involvements1.query.filter_by( id=investment.involvement_id1).first() is None: investment.involvement_id1 = 5 db.session.commit() if Involvements2.query.filter_by( id=investment.involvement_id2).first() is None: investment.involvement_id2 = 73 db.session.commit() if Involvements3.query.filter_by( id=investment.involvement_id3).first() is None: investment.involvement_id3 = 19 db.session.commit() if Provinces.query.filter_by( id=investment.province_id).first() is None: investment.province_id = 10 db.session.commit() if Industries.query.filter_by( id=investment.industry_id).first() is None: investment.industry_id = 12 db.session.commit() if ValueUnits.query.filter_by( id=investment.value_unit_id).first() is None: investment.value_unit_id = 3 db.session.commit() if ValueUnits.query.filter_by( id=investment.value_unit_id2).first() is None: investment.value_unit_id2 = 3 db.session.commit() phase = Phases.query.filter_by(id=investment.phase_id).first() sector = Sectors.query.filter_by(id=investment.sector_id).first() involvement_tier1 = Involvements1.query.filter_by( id=investment.involvement_id1).first() involvement_tier2 = Involvements2.query.filter_by( id=investment.involvement_id2).first() involvement_tier3 = Involvements3.query.filter_by( id=investment.involvement_id3).first() industry = Industries.query.filter_by( id=investment.industry_id).first() inv_origin = InvestmentOrigins.query.filter_by( id=investment.invest_origin_id).first() province = Provinces.query.filter_by(id=investment.province_id).first() inv_type = InvestmentType.query.filter_by( id=investment.invest_type_id).first() currency = Currencies.query.filter_by( id=investment.currency_id).first() value_unit = ValueUnits.query.filter_by( id=investment.value_unit_id).first() value_unit2 = ValueUnits.query.filter_by( id=investment.value_unit_id2).first() return render_template('fdi/show.haml', investment=investment, document=document, phase=phase.name, sector=sector.name, inv_origin=inv_origin.name, inv_type=inv_type.name, currency=currency.name, involvement1=involvement_tier1.name, involvement2=involvement_tier2.name, involvement3=involvement_tier3.name, industry=industry.name, value_unit=value_unit.name, value_unit2=value_unit2.name, province=province.name, URL=URL) return render_template('articles/show.haml', document=document, URL=URL)
def func(): if current_user.is_authenticated(): for role in roles: if current_user.has_role(role): return True return False
def can_edit_thing(thing): return current_user.has_role('admin') or current_user.has_role( 'editor') or thing.is_creator(current_user)
def _handle_view(self, name, **kwargs): if current_user.has_role('admin'): self.can_delete = True else: self.can_delete = False
def req_shop_owner(*args, **kwargs): if not current_user.is_authenticated() or not current_user.has_role( Constants.SHOP_OWNER_ROLE): raise ProcessingException(description='Not authenticated!', code=401)
def is_accessible(self): if not current_user.is_active() or not current_user.is_authenticated(): return False if current_user.has_role('admin'): return True return False
def is_accessible(self): return current_user.has_role('admin')
def eligible_for_passwords(): return current_user.has_role('admin') or current_user.has_role('edit')
def func(): return current_user.is_authenticated() and current_user.has_role(role)
def is_visible(self): if current_user.has_role('urbam', invert_for_admin=True): return False return super(OrdemServicoView, self).is_accessible()
def is_accessible(self): if not current_user.has_role('urbam', invert_for_admin=True): return super(OrdemServicoView, self).is_accessible() for endpoint in self._urbam_accessible: if request.endpoint == 'ordemservico.{}'.format(endpoint): return True
def can_edit_queue(queue): return current_user.has_role('admin') or current_user.has_role('editor') or queue.is_creator(current_user)
def is_accessible(self): has_secretaria = current_user.has_role('secretaria') return current_user.is_authenticated and has_secretaria
def can_delete_file_from_thing(thing): return current_user.has_role('admin') or current_user.has_role('editor')
def post(self): """Post a :abbr:`SPK (Synology Package)` to the repository. First a :class:`~spkrepo.models.Package` is created if not existing already, based on the :attr:`~spkrepo.models.Package.name`. Only users with ``package_admin`` role can create new packages, other users must be defined as :attr:`~spkrepo.models.Package.maintainers` to be able to continue. Then a :class:`~spkrepo.models.Version` is created with its appropriate relationships if not existing already, based on the :attr:`~spkrepo.models.Version.package` and the :attr:`~spkrepo.models.Version.version`. Lastly, a :class:`~spkrepo.models.Build` is created with its appropriate relationships and files saved on the filesystem. .. note:: The created :class:`~spkrepo.models.Build` is not :attr:`~spkrepo.models.Build.active` by default **Example response:** .. sourcecode:: http HTTP/1.1 201 CREATED Content-Length: 97 { "architectures": ["88f628x"], "firmware": "3.1-1594", "package": "btsync", "version": "1.4.103-10" } :statuscode 201: SPK registered :statuscode 400: Request contained no body :statuscode 403: Insufficient permission :statuscode 409: A :class:`~spkrepo.models.Build` already exists :statuscode 422: Invalid or malformed SPK :statuscode 500: Signing or filesystem issue """ if not request.data: abort(400, message='No data to process') # open the spk try: spk = SPK(io.BytesIO(request.data)) except SPKParseError as e: abort(422, message=str(e)) # reject signed packages if spk.signature is not None: abort(422, message='Package contains a signature') # Architectures architectures = [] for info_arch in spk.info['arch'].split(): architecture = Architecture.find(info_arch, syno=True) if architecture is None: abort(422, message='Unknown architecture: %s' % info_arch) architectures.append(architecture) # Firmware match = firmware_re.match(spk.info['firmware']) if not match: abort(422, message='Invalid firmware') firmware = Firmware.find(int(match.group('build'))) if firmware is None: abort(422, message='Unknown firmware') # Package create_package = False package = Package.find(spk.info['package']) if package is None: if not current_user.has_role('package_admin'): abort(403, message='Insufficient permissions to create new packages') create_package = True package = Package(name=spk.info['package'], author=current_user) elif not current_user.has_role('package_admin') and current_user not in package.maintainers: abort(403, message='Insufficient permissions on this package') # Version create_version = False match = version_re.match(spk.info['version']) if not match: abort(422, message='Invalid version') # TODO: check discrepencies with what's in the database version = {v.version: v for v in package.versions}.get(int(match.group('version'))) if version is None: create_version = True version = Version(package=package, upstream_version=match.group('upstream_version'), version=int(match.group('version')), changelog=spk.info.get('changelog'), report_url=spk.info.get('report_url'), distributor=spk.info.get('distributor'), distributor_url=spk.info.get('distributor_url'), maintainer=spk.info.get('maintainer'), maintainer_url=spk.info.get('maintainer_url'), dependencies=spk.info.get('install_dep_packages'), conf_dependencies=spk.conf_dependencies, conflicts=spk.info.get('install_conflict_packages'), conf_conflicts=spk.conf_conflicts, conf_privilege=spk.conf_privilege, conf_resource=spk.conf_resource, install_wizard='install' in spk.wizards, upgrade_wizard='upgrade' in spk.wizards, startable=spk.info.get('startable'), license=spk.license) for key, value in spk.info.items(): if key == 'install_dep_services': for service_name in value.split(): version.service_dependencies.append(Service.find(service_name)) elif key == 'displayname': version.displaynames['enu'] = DisplayName(language=Language.find('enu'), displayname=value) elif key.startswith('displayname_'): language = Language.find(key.split('_', 1)[1]) if not language: abort(422, message='Unknown INFO displayname language') version.displaynames[language.code] = DisplayName(language=language, displayname=value) elif key == 'description': version.descriptions['enu'] = Description(description=value, language=Language.find('enu')) elif key.startswith('description_'): language = Language.find(key.split('_', 1)[1]) if not language: abort(422, message='Unknown INFO description language') version.descriptions[language.code] = Description(language=language, description=value) # Icon for size, icon in spk.icons.items(): version.icons[size] = Icon(path=os.path.join(package.name, str(version.version), 'icon_%s.png' % size), size=size) # Build if version.id: # check for conflicts conflicts = set(architectures) & set(Architecture.query.join(Architecture.builds). filter_by(version=version, firmware=firmware).all()) if conflicts: abort(409, message='Conflicting architectures: %s' % (', '.join(sorted(a.code for a in conflicts)))) build_filename = Build.generate_filename(package, version, firmware, architectures) build = Build(version=version, architectures=architectures, firmware=firmware, publisher=current_user, path=os.path.join(package.name, str(version.version), build_filename), checksum=spk.info.get('checksum')) # sign if current_app.config['GNUPG_PATH'] is not None: # pragma: no cover try: spk.sign(current_app.config['GNUPG_TIMESTAMP_URL'], current_app.config['GNUPG_PATH']) except SPKSignError as e: abort(500, message='Failed to sign package', details=e.message) # save files try: data_path = current_app.config['DATA_PATH'] if create_package: os.mkdir(os.path.join(data_path, package.name)) if create_version: os.mkdir(os.path.join(data_path, package.name, str(version.version))) for size, icon in build.version.icons.items(): icon.save(spk.icons[size]) build.save(spk.stream) except Exception as e: # pragma: no cover if create_package: shutil.rmtree(os.path.join(data_path, package.name), ignore_errors=True) elif create_version: shutil.rmtree(os.path.join(data_path, package.name, str(version.version)), ignore_errors=True) else: try: os.remove(os.path.join(data_path, build.path)) except OSError: pass abort(500, message='Failed to save files', details=e.message) # insert the package into database db.session.add(build) db.session.commit() # success return {'package': package.name, 'version': version.version_string, 'firmware': firmware.firmware_string, 'architectures': [a.code for a in architectures]}, 201
def can_add_file_to_thing(thing): if current_user.has_role('spammer'): return False return current_user.has_role('admin') or current_user.has_role( 'editor') or current_user.has_role('contributor')
def is_accessible(self): return super( RoleAdmin, self).is_accessible() and current_user.has_role('admin') or False
def edit_article_analysis(id): document = Document.query.get_or_404(id) try: URL = session[str(current_user.id)]['search'] except: URL = url_for('activity') if current_user.has_role('fdi'): investment = Investment.query.filter_by(doc_id=id).first() fdi_form = FDIAnalysisForm(prefix='fdi-new', csrf_enabled=True, obj=investment) # can this user do this? if not document.can_user_edit(current_user): flash("You're not allowed to edit this article.", 'error') return redirect(url_for('show_article', id=id)) if request.args.get('format') == 'places-json': return jsonify(DocumentPlace.summary_for_docs([document])) status = 200 form = document.make_analysis_form() new_source_form = DocumentSourceForm(prefix='sources-new', csrf_enabled=False, document=document) # fairness forms new_fairness_form = DocumentFairnessForm(prefix='fairness-new', csrf_enabled=False) new_fairness_form.fairness_id.choices = [[ '', '(none)' ]] + new_fairness_form.fairness_id.choices fairness_forms = [] for fairness in document.fairness: f = DocumentFairnessForm(prefix='fairness[%d]' % fairness.id, obj=fairness) f.document_fairness = fairness fairness_forms.append(f) if request.method == 'POST': if current_user.has_role('fdi'): forms = [fdi_form] if all(f.validate() for f in forms): with db.session.no_autoflush: fdi_form.populate_obj(investment) if current_user.is_authenticated() and not document.checked_by: document.checked_by = current_user log.info("Updated analysis by %s for %s" % (current_user, document)) db.session.commit() flash('Analysis updated.') if not request.is_xhr: return redirect(url_for('edit_article_analysis', id=id)) status = 200 else: if request.is_xhr: status = 412 else: flash('Please correct the problems below and try again.', 'warning') else: form.sources.entries = [ e for e in form.sources.entries if not e.form.is_deleted() and not e.form.is_empty() ] # new fairness for key in sorted( set('-'.join(key.split('-', 3)[0:2]) for key in request.form.keys() if key.startswith('fairness-new['))): frm = DocumentFairnessForm(prefix=key) # skip new fairness that have an empty bias if frm.fairness_id.data != '': fairness_forms.append(frm) forms = [form] + fairness_forms if all(f.validate() for f in forms): # convert issue id's to Issue objects form.issues.data = [ Issue.query.get_or_404(i) for i in form.issues.data ] # update document -- no_autoflush seems to be required with wtforms alchemy with db.session.no_autoflush: form.populate_obj(document) document.dedup_sources() # update and delete fairness for frm in fairness_forms: frm.create_or_update(document) # link to user if current_user.is_authenticated() and not document.checked_by: document.checked_by = current_user log.info("Updated analysis by %s for %s" % (current_user, document)) db.session.commit() # XXX - the document analysis forms only update the *_id attributes, # no the association attribute, but we need that updated for the functionality # below. So, run it after the commit. It sucks that we don't do this all # in one transaction. We should use a different form mechanism # that updates everything document.relearn_source_affiliations() db.session.commit() flash('Analysis updated.') # if it's an ajax request, we're just going to return a 200 if not request.is_xhr: return redirect(url_for('edit_article_analysis', id=id)) status = 200 else: if request.is_xhr: status = 412 else: flash('Please correct the problems below and try again.', 'warning') else: if current_user.has_role('fdi'): t2_options = { 1: range(1, 48) + [73], 2: range(48, 57) + [73], 3: range(57, 65) + [73], 4: range(65, 73) + [73], 5: [73] } t3_options = { 9: [1, 19], 33: [2, 19], 48: [3, 19], 49: [4, 19], 50: [5, 6, 7, 19], 51: [8, 9, 19], 52: [10, 11, 19], 53: [12, 19], 54: [13, 19], 55: [14, 19], 56: [15, 19], 57: [16, 19], 58: [17, 19], 59: [18, 19], 73: [19] } if fdi_form.involvement_id1.data is not None: if int(fdi_form.involvement_id1.data) in t2_options.keys(): fdi_form.involvement_id2.choices = [[str( c.id), c.name] for c in Involvements2.query.filter( Involvements2.id.in_(t2_options[int( fdi_form.involvement_id1.data)])).all()] else: fdi_form.involvement_id2.choices = [["73", "unspecified"]] else: fdi_form.involvement_id2.choices = [["73", "unspecified"]] if fdi_form.involvement_id2.data is not None: if int(fdi_form.involvement_id2.data) in t3_options.keys(): fdi_form.involvement_id3.choices = [[str( c.id), c.name] for c in Involvements3.query.filter( Involvements3.id.in_(t3_options[int( fdi_form.involvement_id2.data)])).all()] else: fdi_form.involvement_id3.choices = [["19", "unspecified"]] else: fdi_form.involvement_id3.choices = [["19", "unspecified"]] # wtforms turns None values into None, which sucks if form.topic_id.data == 'None': form.topic_id.data = '' if form.origin_location_id.data == 'None': form.origin_location_id.data = '' # ensure that checkboxes can be pre-populated form.issues.data = [str(i.id) for i in document.issues] # only render if it's not an ajax request if not request.is_xhr: if current_user.has_role('fdi'): resp = make_response( render_template('fdi/edit_analysis.haml', fdi_form=fdi_form, document=document, investment=investment, natures=AnalysisNature.all(), URL=URL)) else: resp = make_response( render_template('articles/edit_analysis.haml', form=form, new_source_form=new_source_form, new_fairness_form=new_fairness_form, fairness_forms=fairness_forms, document=document, natures=AnalysisNature.all(), URL=URL)) else: resp = '' return ( resp, status, # ensure the browser refreshes the page when Back is pressed { 'Cache-Control': 'no-cache, no-store, must-revalidate' })
def can_add_thing(): if current_user.has_role('spammer'): return False return current_user.is_authenticated()
def is_accessible(self): return super( AuthBaseView, self).is_accessible() and current_user.has_role('admin') or False
def can_view_file_for_thing(thing): if current_user.has_role('restricted'): return False return current_user.is_authenticated()
def users(id=None): ''' API that allows creating, reading, updating and deleting users. The logged in user needs to habe the admin role. ''' if not current_user.is_authenticated(): flask.abort(403) if not current_user.has_role('admin'): flask.abort(403) admin_role = Role.query.filter_by(name='admin').first() if id: user = User.query.filter_by(id=id).first() if flask.request.method == 'GET': json = [] for user in User.query.all(): u = { 'id': user.id, 'name': user.name, 'email': user.email, 'passwprd': '', 'roles': [unicode(role.name) for role in user.roles], 'admin_user': admin_role in user.roles, } json.append(u) return flask.jsonify(items=json) if flask.request.method == 'DELETE' and id: try: Roster.query.filter_by(user=user).delete() db.session.delete(user) db.session.commit() except DatabaseError as e: response = flask.jsonify( ok=False, msg='Benutzer kann nicht gelöscht werden: ' + e.message) response.status_code = 409 return response return flask.jsonify(ok=True) if flask.request.method == 'PUT': roles = [] req = flask.request.get_json() if 'admin_user' in req: roles.append(admin_role) try: user.name = req['name'] user.email = req['email'] if 'password' in req: user.password = encrypt_password(req['password']) user.roles = roles db.session.commit() except IntegrityError: response = flask.jsonify( ok=False, msg= 'Es gibt bereits einen Benutzer mit dieser Email (doppelter Datensatz)' ) response.status_code = 409 return response except DatabaseError as e: response = flask.jsonify(ok=False, msg='beim Speichern des Benutzers: ' + e.message) response.status_code = 409 return response return flask.jsonify(ok=True, id=user.id) if flask.request.method == 'POST': roles = [] req = flask.request.get_json() if 'admin_user' in req and req['admin_user']: roles.append(admin_role) try: user = user_datastore.create_user(name=req['name'], email=req['email'], password=encrypt_password( req['password']), roles=roles) db.session.commit() except IntegrityError: response = flask.jsonify( ok=False, msg= 'Es gibt bereits einen Benutzer mit dieser Email (doppelter Datensatz)' ) response.status_code = 409 return response except DatabaseError as e: response = flask.jsonify(ok=False, msg='beim Speichern des Benutzers: ' + e.message) response.status_code = 409 return response return flask.jsonify(ok=True, id=user.id) flask.abort(405)