def _new(self): person_results = self.form_result['person'] proposal_results = self.form_result['proposal'] attachment_results = self.form_result['attachment'] proposal_results['status'] = ProposalStatus.find_by_name( 'Pending Review') c.proposal = Proposal(**proposal_results) meta.Session.add(c.proposal) if not h.signed_in_person(): c.person = model.Person(**person_results) meta.Session.add(c.person) email(c.person.email_address, render('/person/new_person_email.mako')) else: c.person = h.signed_in_person() for key in person_results: setattr(c.person, key, self.form_result['person'][key]) c.person.proposals.append(c.proposal) if attachment_results is not None: c.attachment = Attachment(**attachment_results) c.proposal.attachments.append(c.attachment) meta.Session.add(c.attachment) meta.Session.commit() email(c.person.email_address, render('proposal/thankyou_mini_email.mako')) h.flash("Proposal submitted!") return redirect_to(controller='proposal', action="index", id=None)
def delete(self, id): c.attachment = Attachment.find_by_id(id) c.proposal = Proposal.find_by_id(c.attachment.proposal_id) if not h.auth.authorized(h.auth.has_organiser_role): authorized = False for person in c.proposal.people: if person.id == h.signed_in_person().id: authorized = True break if not authorized: # Raise a no_auth error h.auth.no_role() return render('/attachment/confirm_delete.mako')
def delete(self, id): attachment = Attachment.find_by_id(id) if(attachment == None): abort(400) authorized = h.auth.authorized(h.auth.has_organiser_role) for person in attachment.proposal.people: if h.auth.authorized(h.auth.is_same_zkpylons_user(person.id)): authorized = True if not authorized: # Raise a no_auth error h.auth.no_role() c.attachment = attachment c.proposal = attachment.proposal return render('/attachment/confirm_delete.mako')
def _delete(self, id): attachment = Attachment.find_by_id(id) if(attachment == None): abort(400) authorized = h.auth.authorized(h.auth.has_organiser_role) for person in attachment.proposal.people: if h.auth.authorized(h.auth.is_same_zkpylons_user(person.id)): authorized = True if not authorized: # Raise a no_auth error h.auth.no_role() meta.Session.delete(attachment) meta.Session.commit() h.flash("Attachment Deleted") redirect_to(controller='proposal', action='view', id=attachment.proposal.id)
def _delete(self, id): c.attachment = Attachment.find_by_id(id) proposal = Proposal.find_by_id(c.attachment.proposal_id) if not h.auth.authorized(h.auth.has_organiser_role): authorized = False for person in proposal.people: if person.id == h.signed_in_person().id: authorized = True break if not authorized: # Raise a no_auth error h.auth.no_role() meta.Session.delete(c.attachment) meta.Session.commit() h.flash("Attachment Deleted") redirect_to(controller='proposal', action='view', id=proposal.id)
def view(self, id): attachment = Attachment.find_by_id(id) if(attachment == None): abort(400) authorized = h.auth.authorized(h.auth.has_organiser_role) for person in attachment.proposal.people: if h.auth.authorized(h.auth.is_same_zkpylons_user(person.id)): authorized = True if not authorized: # Raise a no_auth error h.auth.no_role() response.headers['content-type'] = attachment.content_type.encode('ascii','ignore') response.headers.add('content-transfer-encoding', 'binary') response.headers.add('content-length', len(attachment.content)) response.headers['content-disposition'] = 'attachment; filename="%s";' % attachment.filename.encode('ascii','ignore') response.headers.add('Pragma', 'cache') response.headers.add('Cache-Control', 'max-age=3600,public') return attachment.content
def _new(self): if c.cfp_status == 'closed': if not h.auth.authorized( h.auth.Or(h.auth.has_organiser_role, h.auth.has_late_submitter_role)): return render("proposal/closed.mako") elif c.cfp_status == 'not_open': return render("proposal/not_open.mako") person_results = self.form_result['person'] proposal_results = self.form_result['proposal'] attachment_results = self.form_result['attachment'] proposal_results['status'] = ProposalStatus.find_by_name( 'Pending Review') c.proposal = Proposal(**proposal_results) c.proposal.abstract = self.clean_abstract(c.proposal.abstract) meta.Session.add(c.proposal) if not h.signed_in_person(): c.person = model.Person(**person_results) meta.Session.add(c.person) email(c.person.email_address, render('/person/new_person_email.mako')) else: c.person = h.signed_in_person() for key in person_results: setattr(c.person, key, self.form_result['person'][key]) c.person.proposals.append(c.proposal) if attachment_results is not None: attachment = Attachment(**attachment_results) c.proposal.attachments.append(attachment) meta.Session.add(attachment) meta.Session.commit() email(c.person.email_address, render('proposal/thankyou_email.mako')) h.flash("Proposal submitted!") return redirect_to(controller='proposal', action="index", id=None)
def _attach(self, id): """Attach a file to the proposal. """ # We need to recheck auth in here so we can pass in the id if not h.auth.authorized(h.auth.Or(h.auth.is_same_zkpylons_submitter(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() c.proposal = Proposal.find_by_id(id) attachment_results = self.form_result['attachment'] attachment = Attachment(**attachment_results) c.proposal.attachments.append(attachment) meta.Session.commit() h.flash("File was attached") return redirect_to(action='view', id=id)
def view(self, id): attachment = Attachment.find_by_id(id) proposal = Proposal.find_by_id(attachment.proposal_id) if not h.auth.authorized(h.auth.has_organiser_role): authorized = False for person in proposal.people: if h.auth.is_same_zkpylons_user(person.id): authorized = True break if not authorized: # Raise a no_auth error h.auth.no_role() response.headers["content-type"] = attachment.content_type.encode("ascii", "ignore") response.headers.add("content-transfer-encoding", "binary") response.headers.add("content-length", len(attachment.content)) response.headers["content-disposition"] = 'attachment; filename="%s";' % attachment.filename.encode( "ascii", "ignore" ) response.headers.add("Pragma", "cache") response.headers.add("Cache-Control", "max-age=3600,public") return attachment.content