def booking_index(): if current_user.get_role() == "WORKER": aid = current_user.get_id() worker_id = Worker.query.filter_by(account_id=aid).first().id cbookings = Booking.find_confimed_bookings_for_worker(worker_id) bookings = [] return render_template("booking/list.html", bookings=bookings, cbookings=cbookings, services=Service.query.all(), workers=Worker.query.all(), customers=Customer.query.all()) if current_user.get_role() == "CUSTOMER": aid = current_user.get_id() customer_id = Customer.query.filter_by(account_id=aid).first().id cbookings = Booking.find_bookings_for_customer(customer_id, 1) bookings = Booking.find_bookings_for_customer(customer_id, 0) return render_template("booking/list.html", bookings=bookings, cbookings=cbookings, services=Service.query.all(), workers=Worker.query.all(), customers=Customer.query.all()) cbookings = Booking.query.filter_by(confirmed=1).all() bookings = Booking.query.filter_by(confirmed=0).all() return render_template("booking/list.html", bookings=bookings, cbookings=cbookings, services=Service.query.all(), workers=Worker.query.all(), customers=Customer.query.all())
def add_groupcategory(group_id): stmt = text( "SELECT * FROM Category WHERE category.id NOT IN (SELECT category.id FROM Category, group_category WHERE category.id = Group_category.category_id AND Group_category.group_id = :id)" ).params(id=group_id) res = db.engine.execute(stmt) g = Groups.query.get(group_id) response = [] for row in res: response.append({"id": row[0], "category": row[3]}) if request.method == "GET" and (g.account_id == current_user.id or current_user.get_role().role == "ADMIN"): return render_template("groups/addGroupcategory.html", response=response, group_id=group_id) if g.account_id == current_user.id or current_user.get_role( ).role == "ADMIN": gc = GroupCategory() gc.group_id = g.id gc.category_id = request.form.get("category") db.session().add(gc) db.session().commit() return redirect(url_for("add_groupcategory", group_id=group_id))
def decorated_view(*args, **kwargs): if not current_user: return login_manager.unauthorized() if not current_user.is_authenticated: return login_manager.unauthorized() unauthorized = False if role != "ANY": unauthorized = True if current_user.get_role() == "ADMIN": unauthorized = False if role == "CUSTOMER" and current_user.get_role() == "WORKER": unauthorized = False if current_user.get_role() == role: unauthorized = False if unauthorized: return login_manager.unauthorized() return fn(*args, **kwargs)
def index(): try: if current_user.get_role() == 'customer': return render_template('index.html') elif current_user.get_role() == 'seller': return "Seller" except AttributeError: return render_template('login.html')
def decorator(*args, **kwargs): if 'logged-in' in session and session['logged-in']: if current_user.get_role() == 'SELLER': return redirect(url_for('seller_bp.dashboard')) if current_user.get_role() == 'BUYER': return redirect(url_for('buyer_bp.dashboard')) if current_user.get_role() == 'ADMIN': return redirect(url_for('admin_bp.dashboard')) return a(*args, **kwargs)
def check_authority(role, tmp_id): data = {} if current_user.get_role() == 'admin' and role == 'admin': return data if role != current_user.get_role() or tmp_id != current_user.get_true_id(): data['error'] = '非法访问' data['current_user_role'] = current_user.get_role() data['current_user_id'] = current_user.get_true_id() data['request_user_role'] = role data['request_user_id'] = tmp_id return data
def decorated_view(*args, **kwargs): if not (current_user and current_user.is_authenticated): return login_manager.unauthorized() #acceptable_roles = set(("USER", "ADMIN", "ANY", *current_user.roles())) if (current_user.get_role() != role) and (current_user.get_role() != "ADMIN"): return login_manager.unauthorized() return func(*args, **kwargs)
def all_users(): if hasattr(current_user, 'role'): role = current_user.get_role() else: role = "" return render_template('all-users.html', users=db.all_users(), role=role)
def booking_create(): form = BookingForm(request.form) if not form.validate(): year = current.get_year() month = current.get_month() days = Days_of_the_Month(year, month) lst = days.get_days() return render_template("booking/calendar.html", year=year, month=month, days=lst, daynames=daynames, form=form) else: dateAndTime = form.date.data notes = form.notes.data service_id = form.service.data.id if current_user.get_role() == "CUSTOMER": customer_id = Customer.query.filter_by( account_id=current_user.id).first().id b = Booking(notes, 0, dateAndTime, service_id, customer_id) db.session().add(b) db.session().commit() else: b = Booking(notes, 0, dateAndTime, service_id) db.session().add(b) db.session().commit() flash('Booking successfully submitted.') return redirect(url_for("cal_index"))
def ledgers_document(ledgerdocument_id): print("*** ledgers_document ***") documenttypes = getDocumentTypes() accounts = getAccounts() domains = getDomains() ledgerdocumentform = getLedgerDocumentInAForm(ledgerdocument_id) ledgerrows = LedgerRow.query.filter( LedgerRow.entity_id == current_user.get_entity_id(), LedgerRow.ledgerdocument_id == ledgerdocument_id).order_by( LedgerRow.id) newledgerrowform = newLedgerRowForm(ledgerdocument_id) return render_template("ledgers/document.html", action="ShowLedgerDocument", userrole=current_user.get_role(), ledgerdocumentform=ledgerdocumentform, documenttypes=documenttypes, accounts=accounts, domains=domains, targetledgerrow=-1, ledgerrows=ledgerrows, newledgerrowform=newledgerrowform)
def food_edit(food_id): if int(food_id) > 2147483647: return render_template("foods/update.html", food = None) f = Food.query.get(food_id) if not f: return render_template("foods/update.html", food = None) form = NewFoodForm() form.duration.default = f.preparing_time food_type = Type.query.get(f.type_id) form.food_type.default = food_type.name form.process() u = f.getUser() r = 'none' if current_user.is_authenticated: r = current_user.get_role() form.name.data = f.name form.recipe.data = f.recipe form.ingredients.clear() for ingredient in f.findIngredients(): form.ingredients.append(ingredient.get('name')) return render_template("foods/update.html", food = f, ingredients = form.ingredients, user = u, newFoodForm = form, role = r)
def decorated_view(*args, **kwargs): if current_app.login_manager._login_disabled: return func(*args, **kwargs) elif not (current_user.is_authenticated() and current_user.get_role() == required_role): return current_app.login_manager.unauthorized() return func(*args, **kwargs)
def edit_post(id): post = db.find_post_by_id(id) if hasattr(current_user, 'role'): role = current_user.get_role() else: role = "" if post is None: flash("Post doesn't exist", category='danger') return redirect(url_for('all_posts')) post_form = EditPostForm(price=post['price'], quantity=post['quantity'], unit=post['unit'], product=post['product'], description=post['description']) if post_form.validate_on_submit(): rowcount = db.update_post(post_form.price.data, post_form.quantity.data, post_form.unit.data, post_form.product.data, post_form.description.data, id) if rowcount == 1: flash("'{}' post updated".format(post_form.product.data), category='success') return redirect(url_for('all_posts')) else: flash('Post not updated', category='danger') return render_template('post-form.html', post_form=post_form, mode='update', role=role)
def my_favorites(): query = ProductSearchForm(request.form) if hasattr(current_user, 'role'): role = current_user.get_role() else: role = "" if session: user_id = session['id'] favorites = db.favorites_by_user(user_id) if request.method == 'POST': query_list = query.search.data.lower().split(" ") posts = [] for item in query_list: posts += db.search_products(item) return render_template('posts.html', search_form=query, posts=posts, mode='results', role=role) return render_template('posts.html', user_id=user_id, search_form=query, posts=favorites, mode='favorites', role=role)
def admin_dashboard(): if hasattr(current_user, 'role'): role = current_user.get_role() else: role = "" return render_template('admin-dashboard.html', role=role)
def my_posts(): user_id = session['id'] query = ProductSearchForm(request.form) if hasattr(current_user, 'role'): role = current_user.get_role() else: role = "" if user_id is None: flash('User is not logged in!', category='danger') posts = [] else: posts = db.posts_by_user(user_id) if request.method == 'POST': query_list = query.search.data.lower().split(" ") posts = [] for item in query_list: posts += db.search_products(item) return render_template('posts.html', search_form=query, posts=posts, mode='results', role=role) return render_template('posts.html', search_form=query, posts=posts, mode='my-posts', role=role)
def user_posts(user_id): query = ProductSearchForm(request.form) user = db.find_user_by_id(user_id) if hasattr(current_user, 'role'): role = current_user.get_role() else: role = "" if user_id is None: flash('No user with id {}'.format(user_id), category='danger') posts = [] else: posts = db.posts_by_user(user_id) if request.method == 'POST': query_list = query.search.data.lower().split(" ") posts = [] for item in query_list: posts += db.search_products(item) return render_template('posts.html', search_form=query, posts=posts, mode='results', role=role) return render_template('posts.html', search_form=query, user=user, posts=posts, mode='user', role=role)
def create_user(): user_form = AdminUserForm() if hasattr(current_user, 'role'): role = current_user.get_role() else: role = "" if user_form.validate_on_submit(): user = db.find_user_by_email(user_form.email.data) if user is not None: flash("User {} already exists".format(user_form.email.data), category='danger') else: rowcount = db.create_user(user_form.name.data, user_form.email.data, user_form.zip.data, user_form.password.data, user_form.bio.data, user_form.rating.data, user_form.active.data) if rowcount == 1: flash("User {} created".format(user_form.name.data), category='success') return redirect(url_for('all_users')) else: flash("New user not created", category='danger') return render_template('user-form.html', form=user_form, mode='create', role=role)
def user_profile(id): query = ProductSearchForm(request.form) if hasattr(current_user, 'role'): role = current_user.get_role() else: role = "" user = db.find_user_by_id(id) if id is None: flash('User does not exist!', category='danger') posts = [] else: posts = db.posts_by_user(id) if request.method == 'POST': query_list = query.search.data.lower().split(" ") posts = [] for item in query_list: posts += db.search_products(item) return render_template('posts.html', search_form=query, posts=posts, mode='results', role=role) stars = int(user['rating']) return render_template('user-profile.html', search_form=query, posts=posts, user=user, role=role, stars=stars)
def post_details(id): post = db.find_post_by_id(id) user_id = post['user_id'] user = db.find_user_by_id(user_id) query = ProductSearchForm(request.form) if hasattr(current_user, 'role'): role = current_user.get_role() else: role = "" if request.method == 'POST': query_list = query.search.data.lower().split(" ") posts = [] for item in query_list: posts += db.search_products(item) return render_template('posts.html', search_form=query, posts=posts, mode='results', role=role) if post['user_id'] == current_user.get_id(): return render_template('post-details.html', search_form=query, post=post, role=role) else: return render_template('post-details.html', search_form=query, post=post, user=user, role=role)
def create_sport_group(): if current_user.get_role() != 'admin': return redirect(url_for('index.html')) form = NewSportGroupForm() if form.validate_on_submit(): sportgroup = SportsGroup(name=form.name.data, rus_name=form.rus_name.data, rank=form.rank.data) db.session.add(sportgroup) db.session.commit() ctx.push() telegrambot.sports_gr, telegrambot.sports_gr_commands = telegrambot.create_sports_group_description( ) ctx.pop() flash('New sport group \"{}\" have been saved.'.format(form.name.data)) return redirect(url_for('create_sport_group')) elif request.method == 'GET': pass return render_template('create_sport_group.html', title='Create Sport Group', form=form)
def sport_edit1(sport): if current_user.get_role() != 'admin': return redirect(url_for('index.html')) sport = Sports.query.filter_by(name=sport).join( SportsGroup, SportsGroup.id == Sports.id_sportsgroup).first_or_404() sport_coeff = SportsCoeff.query.filter_by(sport=sport).first_or_404() form = SportEdit(request.form) form.name.default = sport.name form.rus_name.default = sport.rus_name form.rank.default = sport.rank form.criteria.default = sport_coeff.criteria form.criteria_desc.default = sport_coeff.criteria_description form.coeff1.default = sport_coeff.coeff1 form.coeff2.default = sport_coeff.coeff2 form.bottom.default = sport_coeff.bottom form.upper.default = sport_coeff.upper categories_sp = [(str(c.id), str(c.name)) for c in SportsGroup.query.all()] categories_place = [(str(c.id), str(c.name)) for c in Place.query.all()] form.sport_group.choices = categories_sp form.sport_group.default = sport.sportsgroup.name form.place.choices = categories_place form.process() return render_template('sport_edit.html', title='Sport Edit', form=form)
def delete_player(player_id): if current_user.get_role() == "admin": model.delete_row("player", player_id) return redirect(url_for('players')) else: flash("Na tuto operaci nemáte oprávnění", "danger") return redirect(url_for('index'))
def delete_adventure(adventure_id): if current_user.get_role() == "admin": model.delete_row('adventure', adventure_id) return redirect(url_for('adventures')) else: flash("Na tuto operaci nemáte oprávnění", "danger") return redirect(url_for('index'))
def ledgers_select_ledgerrow(ledgerrow_id): print("*** ledgers_select_ledgerrow ***") print("Valittu editoitavaksi tositerivi id = " + ledgerrow_id) editledgerrowform = getLedgerRowInAForm(ledgerrow_id) ledgerdocument_id = editledgerrowform.ledgerdocument_id.data ledgerdocumentform = getLedgerDocumentInAForm(ledgerdocument_id) ledgerrows = LedgerRow.query.filter( LedgerRow.entity_id == current_user.get_entity_id(), LedgerRow.ledgerdocument_id == ledgerdocument_id).order_by( LedgerRow.id) newledgerrowform = LedgerRowForm() newledgerrowform.ledgerdocument_id.data = ledgerdocument_id documenttypes = getDocumentTypes() accounts = getAccounts() domains = getDomains() return render_template("ledgers/document.html", action="EditLedgerRow", userrole=current_user.get_role(), targetledgerrow=ledgerrow_id, documenttypes=documenttypes, accounts=accounts, domains=domains, ledgerrows=ledgerrows, ledgerdocumentform=ledgerdocumentform, editledgerrowform=editledgerrowform, newledgerrowform=newledgerrowform)
def wrap(*args, **kwargs): if ( current_user.get_role() == "admin" and current_user.is_authenticated ): return f(*args, **kwargs) else: abort(403)
def delete_message(message_id): m = Message.query.get(message_id) if m.account_id == current_user.id or current_user.get_role( ).role == "ADMIN": db.session.delete(m) db.session.commit() return redirect(url_for("group_messages", group_id=m.group_id))
def tag_delete(tag_id): if current_user.get_role() != 'admin': return abort(401) tag = Tag.query.get(tag_id) db.session.delete(tag) db.session.commit() return redirect(url_for("tags_index"))
def uncomplete_item(id): if login_disabled == False and current_user.get_role( ) != UserRole.Writer: return "Unauthorised", 403 mark_item_as_uncomplete(collection, id) return redirect(url_for('index'))
def decorated_view(*args, **kwargs): if not current_user.is_authenticated: return login_manager.unauthorized() urole = current_user.get_role().nome if ((urole != role) and (role != "ANY")): return login_manager.unauthorized() return fn(*args, **kwargs)
def test_2_login(self): print '' print 'test login/logout process' with self.app: print 'get login page' rv = self.app.get('/login') assert '<form id="login"' in rv.data print 'login refused - credentials' rv = self.login('admin', 'default') assert 'Invalid credentials: username is unknown or password is invalid.' in rv.data print 'login refused - credentials' rv = self.login('admin', '') assert 'Invalid credentials: username is unknown or password is invalid.' in rv.data print 'login accepted - home page' rv = self.login('admin', 'admin') assert '<title>Home page</title>' in rv.data print 'login accepted - user attributes' assert current_user.username == 'admin' print 'user:'******'user name:', current_user.get_name() print 'token:', current_user.get_auth_token() print 'username:'******'user role:', current_user.get_role() print 'user picture:', current_user.get_picture() print 'admin:', current_user.can_admin() print 'action:', current_user.can_action() print 'reload home page' rv = self.app.get('/') assert '<title>Home page</title>' in rv.data print 'reload home page' rv = self.app.get('/?search=test') assert '<title>Home page</title>' in rv.data print 'reload home page' rv = self.app.get('/index') assert '<title>Home page</title>' in rv.data print 'refresh header' rv = self.app.get('/refresh_header') assert 'html_livesynthesis' in rv.data print 'refresh livestate' rv = self.app.get('/refresh_livestate') assert 'livestate' in rv.data print 'refresh livesynthesis' rv = self.app.get('/livesynthesis') assert 'livesynthesis' in rv.data print 'logout - go to login page' rv = self.logout() assert '<form id="login"' in rv.data
def decorated_view(*args, **kwargs): if current_user.get_role() != 1: return redirect("/") return fn(*args, **kwargs)
def wrapped(*args, **kwargs): user_role = current_user.get_role() if user_role in roles or user_role is "TRIADCARE_ADMIN": return f(*args, **kwargs) else: abort(403)
def decorated_view(*args, **kwargs): if role and current_user.get_role() != role: return redirect(url_for('index')) return fn(*args, **kwargs)