def _review(self, id):
"""Review a funding application.
"""
c.funding = Funding.find_by_id(id)
c.signed_in_person = h.signed_in_person()
c.next_review_id = Funding.find_next_proposal(c.funding.id,
c.funding.type.id,
c.signed_in_person.id)
person = c.signed_in_person
if person in [review.reviewer for review in c.funding.reviews]:
h.flash('Already reviewed')
return redirect_to(action='review', id=c.next_review_id)
results = self.form_result['review']
if results['score'] == 'null':
results['score'] = None
review = FundingReview(**results)
meta.Session.add(review)
c.funding.reviews.append(review)
review.reviewer = person
meta.Session.commit()
if c.next_review_id:
return redirect_to(action='review', id=c.next_review_id)
h.flash("No more funding applications to review")
return redirect_to(action='review_index')
def review(self, id):
c.funding = Funding.find_by_id(id)
c.signed_in_person = h.signed_in_person()
c.next_review_id = Funding.find_next_proposal(c.funding.id, c.funding.type.id, c.signed_in_person.id)
return render('/funding/review.mako')
def _review(self, id):
"""Review a funding application.
"""
c.funding = Funding.find_by_id(id)
c.signed_in_person = h.signed_in_person()
c.next_review_id = Funding.find_next_proposal(c.funding.id, c.funding.type.id, c.signed_in_person.id)
person = c.signed_in_person
if person in [ review.reviewer for review in c.funding.reviews]:
h.flash('Already reviewed')
return redirect_to(action='review', id=c.next_review_id)
results = self.form_result['review']
if results['score'] == 'null':
results['score'] = None
review = FundingReview(**results)
meta.Session.add(review)
c.funding.reviews.append(review)
review.reviewer = person
meta.Session.commit()
if c.next_review_id:
return redirect_to(action='review', id=c.next_review_id)
h.flash("No more funding applications to review")
return redirect_to(action='review_index')
def review(self, id):
c.funding = Funding.find_by_id(id)
c.signed_in_person = h.signed_in_person()
c.next_review_id = Funding.find_next_proposal(c.funding.id,
c.funding.type.id,
c.signed_in_person.id)
return render('/funding/review.mako')
def _edit(self, id):
# We need to recheck auth in here so we can pass in the id
if not h.auth.authorized(
h.auth.Or(h.auth.is_same_zookeepr_funding_submitter(id),
h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
if not h.auth.authorized(h.auth.has_organiser_role):
if c.funding_editing == 'closed':
return render("funding/editing_closed.mako")
elif c.funding_editing == 'not_open':
return render("funding/editing_not_open.mako")
if self.form_result['funding']['male'] == 1:
self.form_result['funding']['male'] = True
elif self.form_result['funding']['male'] == 0:
self.form_result['funding']['male'] = False
c.funding = Funding.find_by_id(id)
for key in self.form_result['funding']:
setattr(c.funding, key, self.form_result['funding'][key])
c.person = c.funding.person
meta.Session.commit()
h.flash("Funding for %s edited!" % c.person.firstname)
return redirect_to('/funding')
def edit(self, id):
# We need to recheck auth in here so we can pass in the id
if not h.auth.authorized(
h.auth.Or(h.auth.is_same_zookeepr_funding_submitter(id),
h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
if not h.auth.authorized(h.auth.has_organiser_role):
if c.funding_editing == 'closed':
return render("funding/editing_closed.mako")
elif c.funding_editing == 'not_open':
return render("funding/editing_not_open.mako")
c.funding = Funding.find_by_id(id)
defaults = {}
defaults.update(h.object_to_defaults(c.funding, 'funding'))
# This is horrible, don't know a better way to do it
if c.funding.type:
defaults['funding.type'] = defaults['funding.funding_type_id']
if c.funding.male:
defaults['funding.male'] = 1
else:
defaults['funding.male'] = 0
form = render('/funding/edit.mako')
return htmlfill.render(form, defaults)
def summary(self):
for ft in c.funding_types:
stuff = Funding.find_all_by_funding_type_id(ft.id, include_withdrawn=False)
stuff.sort(self._score_sort)
setattr(c, '%s_collection' % ft.name, stuff)
return render('funding/summary.mako')
def edit(self, id):
# We need to recheck auth in here so we can pass in the id
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_funding_submitter(id), h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
if not h.auth.authorized(h.auth.has_organiser_role):
if c.funding_editing == 'closed':
return render("funding/editing_closed.mako")
elif c.funding_editing == 'not_open':
return render("funding/editing_not_open.mako")
c.funding = Funding.find_by_id(id)
defaults = {}
defaults.update(h.object_to_defaults(c.funding, 'funding'))
# This is horrible, don't know a better way to do it
if c.funding.type:
defaults['funding.type'] = defaults['funding.funding_type_id']
if c.funding.male:
defaults['funding.male'] = 1
else:
defaults['funding.male'] = 0
form = render('/funding/edit.mako')
return htmlfill.render(form, defaults)
def check(self, app, environ, start_response):
if not environ.get('REMOTE_USER'):
raise NotAuthenticatedError('Not Authenticated')
person = Person.find_by_email(environ['REMOTE_USER'])
if person is None:
environ['auth_failure'] = 'NO_USER'
raise NotAuthorizedError(
'You are not one of the users allowed to access this resource.'
)
funding = Funding.find_by_id(self.funding_id)
if funding is None:
raise NotAuthorizedError(
"Funding Request doesn't exist"
)
if person != funding.person:
set_role("User doesn't have any of the specified roles")
raise NotAuthorizedError(
"User doesn't have any of the specified roles"
)
return app(environ, start_response)
def withdraw(self, id):
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_funding_submitter(id), h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.funding = Funding.find_by_id(id)
return render("/funding/withdraw.mako")
def _edit(self, id):
# We need to recheck auth in here so we can pass in the id
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_funding_submitter(id), h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
if not h.auth.authorized(h.auth.has_organiser_role):
if c.funding_editing == 'closed':
return render("funding/editing_closed.mako")
elif c.funding_editing == 'not_open':
return render("funding/editing_not_open.mako")
if self.form_result['funding']['male'] == 1:
self.form_result['funding']['male'] = True
elif self.form_result['funding']['male'] == 0:
self.form_result['funding']['male'] = False
c.funding = Funding.find_by_id(id)
for key in self.form_result['funding']:
setattr(c.funding, key, self.form_result['funding'][key])
c.person = c.funding.person
meta.Session.commit()
h.flash("Funding for %s edited!"%c.person.firstname)
return redirect_to('/funding')
def summary(self):
for ft in c.funding_types:
stuff = Funding.find_all_by_funding_type_id(
ft.id, include_withdrawn=False)
stuff.sort(self._score_sort)
setattr(c, '%s_collection' % ft.name, stuff)
return render('funding/summary.mako')
def delete(self, id):
c.attachment = FundingAttachment.find_by_id(id)
c.funding = Funding.find_by_id(c.attachment.funding_id)
if not (h.auth.authorized(h.auth.has_organiser_role) or c.funding.person == h.signed_in_person()):
# Raise a no_auth error
h.auth.no_role()
return render('/funding_attachment/confirm_delete.mako')
def view(self, id):
# We need to recheck auth in here so we can pass in the id
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_funding_submitter(id), h.auth.has_organiser_role, h.auth.has_funding_reviewer_role)):
# Raise a no_auth error
h.auth.no_role()
c.funding = Funding.find_by_id(id)
return render('funding/view.mako')
def withdraw(self, id):
if not h.auth.authorized(
h.auth.Or(h.auth.is_same_zookeepr_funding_submitter(id),
h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.funding = Funding.find_by_id(id)
return render("/funding/withdraw.mako")
def delete(self, id):
c.attachment = FundingAttachment.find_by_id(id)
c.funding = Funding.find_by_id(c.attachment.funding_id)
if not (h.auth.authorized(h.auth.has_organiser_role)
or c.funding.person == h.signed_in_person()):
# Raise a no_auth error
h.auth.no_role()
return render('/funding_attachment/confirm_delete.mako')
def review_index(self):
c.person = h.signed_in_person()
c.num_proposals = 0
reviewer_role = Role.find_by_name('funding_reviewer')
c.num_reviewers = len(reviewer_role.people)
for ft in c.funding_types:
stuff = Funding.find_all_by_funding_type_id(ft.id, include_withdrawn=False)
c.num_proposals += len(stuff)
setattr(c, '%s_collection' % ft.name, stuff)
return render('funding/list_review.mako')
def review_index(self):
c.person = h.signed_in_person()
c.num_proposals = 0
reviewer_role = Role.find_by_name('funding_reviewer')
c.num_reviewers = len(reviewer_role.people)
for ft in c.funding_types:
stuff = Funding.find_all_by_funding_type_id(
ft.id, include_withdrawn=False)
c.num_proposals += len(stuff)
setattr(c, '%s_collection' % ft.name, stuff)
return render('funding/list_review.mako')
def view(self, id):
# We need to recheck auth in here so we can pass in the id
if not h.auth.authorized(
h.auth.Or(h.auth.is_same_zookeepr_funding_submitter(id),
h.auth.has_organiser_role,
h.auth.has_funding_reviewer_role)):
# Raise a no_auth error
h.auth.no_role()
c.funding = Funding.find_by_id(id)
return render('funding/view.mako')
def _approve(self):
c.highlight = set()
requests = self.form_result['funding']
statuses = self.form_result['status']
for request, status in zip(requests, statuses):
if status is not None:
c.highlight.add(request.id)
request.status = status
meta.Session.commit()
c.requests = Funding.find_all()
c.statuses = FundingStatus.find_all()
return render("funding/approve.mako")
def _delete(self, id):
c.attachment = FundingAttachment.find_by_id(id)
funding = Funding.find_by_id(c.attachment.funding_id)
if not (h.auth.authorized(h.auth.has_organiser_role) or funding.person == h.signed_in_person()):
# Raise a no_auth error
h.auth.no_role()
meta.Session.delete(c.attachment)
meta.Session.commit()
h.flash("Attachment Deleted")
redirect_to(controller='funding', action='view', id=funding.id)
def _approve(self):
c.highlight = set()
requests = self.form_result['funding']
statuses = self.form_result['status']
for request, status in zip(requests, statuses):
if status is not None:
c.highlight.add(request.id)
request.status = status
meta.Session.commit()
c.requests = Funding.find_all()
c.statuses = FundingStatus.find_all()
return render("funding/approve.mako")
def _delete(self, id):
c.attachment = FundingAttachment.find_by_id(id)
funding = Funding.find_by_id(c.attachment.funding_id)
if not (h.auth.authorized(h.auth.has_organiser_role)
or funding.person == h.signed_in_person()):
# Raise a no_auth error
h.auth.no_role()
meta.Session.delete(c.attachment)
meta.Session.commit()
h.flash("Attachment Deleted")
redirect_to(controller='funding', action='view', id=funding.id)
def view(self, id):
attachment = FundingAttachment.find_by_id(id)
funding = Funding.find_by_id(attachment.funding_id)
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_funding_submitter(funding.id), h.auth.has_organiser_role, h.auth.has_funding_reviewer_role)):
# Raise a no_auth error
h.auth.no_role()
response.headers['content-type'] = attachment.content_type
response.headers.add('content-transfer-encoding', 'binary')
response.headers.add('content-length', len(attachment.content))
response.headers['content-disposition'] = 'attachment; filename="%s";' % attachment.filename
response.headers.add('Pragma', 'cache')
response.headers.add('Cache-Control', 'max-age=3600,public')
return attachment.content
def _withdraw(self, id):
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_funding_submitter(id), h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.funding = Funding.find_by_id(id)
status = FundingStatus.find_by_name('Withdrawn')
c.funding.status = status
meta.Session.commit()
c.person = h.signed_in_person()
# Make sure the organisers are notified of this
c.email_address = h.lca_info['emails']['funding']
email(c.email_address, render('/funding/withdraw_email.mako'))
h.flash("Funding withdrawn. The organisers have been notified.")
return redirect_to(controller='funding', action="index", id=None)
def view(self, id):
attachment = FundingAttachment.find_by_id(id)
funding = Funding.find_by_id(attachment.funding_id)
if not h.auth.authorized(
h.auth.Or(
h.auth.is_same_zookeepr_funding_submitter(
funding.id), h.auth.has_organiser_role,
h.auth.has_funding_reviewer_role)):
# Raise a no_auth error
h.auth.no_role()
response.headers['content-type'] = attachment.content_type
response.headers.add('content-transfer-encoding', 'binary')
response.headers.add('content-length', len(attachment.content))
response.headers[
'content-disposition'] = 'attachment; filename="%s";' % attachment.filename
response.headers.add('Pragma', 'cache')
response.headers.add('Cache-Control', 'max-age=3600,public')
return attachment.content
def _withdraw(self, id):
if not h.auth.authorized(
h.auth.Or(h.auth.is_same_zookeepr_funding_submitter(id),
h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.funding = Funding.find_by_id(id)
status = FundingStatus.find_by_name('Withdrawn')
c.funding.status = status
meta.Session.commit()
c.person = h.signed_in_person()
# Make sure the organisers are notified of this
c.email_address = h.lca_info['emails']['funding']
email(c.email_address, render('/funding/withdraw_email.mako'))
h.flash("Funding withdrawn. The organisers have been notified.")
return redirect_to(controller='funding', action="index", id=None)
def _attach(self, id):
"""Attach a file to the funding.
"""
# We need to recheck auth in here so we can pass in the id
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_funding_submitter(id), h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.funding = Funding.find_by_id(id)
attachment_results = self.form_result['attachment']
attachment = FundingAttachment(**attachment_results)
c.funding.attachments.append(attachment)
meta.Session.commit()
h.flash("File was attached")
return redirect_to(action='view', id=id)
def _new(self):
if c.funding_status == 'closed':
return render("funding/closed.mako")
elif c.funding_status == 'not_open':
return render("funding/not_open.mako")
if self.form_result['funding']['male'] == 1:
self.form_result['funding']['male'] = True
elif self.form_result['funding']['male'] == 0:
self.form_result['funding']['male'] = False
funding_results = self.form_result['funding']
attachment_results1 = self.form_result['attachment1']
attachment_results2 = self.form_result['attachment2']
c.person = h.signed_in_person()
c.funding = Funding(**funding_results)
c.funding.status = FundingStatus.find_by_name('Pending')
c.funding.person = c.person
if not c.funding.type.available():
return render("funding/type_unavailable.mako")
meta.Session.add(c.funding)
if attachment_results1 is not None:
attachment = FundingAttachment(**attachment_results1)
c.funding.attachments.append(attachment)
meta.Session.add(attachment)
if attachment_results2 is not None:
attachment = FundingAttachment(**attachment_results2)
c.funding.attachments.append(attachment)
meta.Session.add(attachment)
meta.Session.commit()
email(c.funding.person.email_address,
render('funding/thankyou_email.mako'))
h.flash("Funding submitted!")
return redirect_to(controller='funding', action="index", id=None)
def _attach(self, id):
"""Attach a file to the funding.
"""
# We need to recheck auth in here so we can pass in the id
if not h.auth.authorized(
h.auth.Or(h.auth.is_same_zookeepr_funding_submitter(id),
h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.funding = Funding.find_by_id(id)
attachment_results = self.form_result['attachment']
attachment = FundingAttachment(**attachment_results)
c.funding.attachments.append(attachment)
meta.Session.commit()
h.flash("File was attached")
return redirect_to(action='view', id=id)
def approve(self):
c.highlight = set()
c.requests = Funding.find_all()
c.statuses = FundingStatus.find_all()
return render("funding/approve.mako")
def _to_python(self, value, state):
return Funding.find_by_id(int(value))
def _to_python(self, value, state):
return Funding.find_by_id(int(value))
def approve(self):
c.highlight = set()
c.requests = Funding.find_all()
c.statuses = FundingStatus.find_all()
return render("funding/approve.mako")
