def day_edit(id, name=None): cset = CalendarSetting.query.get(1) if cset.finalized is False: if current_user.is_moderator(): return deny_access( no_perm_url, "A Moderator can only edit the Calendar after it has been finalized." ) heading = "Edit Day" form = DayForm() form.submit.label.text = "Save Day" day = Day.query.filter_by(id=id).first_or_404() if form.validate_on_submit(): day.name = form.name.data day.abbreviation = form.abbreviation.data day.description = form.description.data db.session.commit() flash("Day edited.", "success") return redirect(url_for("calendar.settings")) elif request.method == "GET": form.name.data = day.name form.abbreviation.data = day.abbreviation form.description.data = day.description return render_template("calendar/form.html", item=day, form=form, heading=heading, title=page_title("Edit Day '{day.name}'"))
def edit(id, name=None): # noqa: C901 item = MediaItem.query.filter_by(id=id).first_or_404() form = MediaItemEditForm() form.category.choices = gen_media_category_choices() if not item.is_editable_by_user(): return deny_access(no_perm_url) if not item.is_hideable_by_user(): del form.is_visible form.file.label.text = "Replace with file" if form.validate_on_submit(): item.name = form.name.data item.category_id = form.category.data if item.is_hideable_by_user(): item.is_visible = form.is_visible.data if form.file.data: # see github issue #47 if item.get_file_ext() != form.file.data.filename.split(".", 1)[-1]: flash( "Due to current technical limitations, the old and new file need to have the same file type. \ As a workaround, you can upload a new file instead.", "danger") return render_template( "media/edit.html", form=form, title=page_title(f"Edit File '{item.name}'")) success, filename, size = upload_media_file( form.file.data, item.filename) item.filesize = size if item.is_image(): success = success and generate_media_thumbnail(filename) if success is False: flash("Error while uploading the new file.", "error") else: db.session.commit() flash("File was edited.", "success") return redirect(item.view_url()) elif request.method == "GET": form.name.data = item.name form.category.data = item.category_id if item.is_hideable_by_user(): form.is_visible.data = item.is_visible return render_template("media/edit.html", form=form, title=page_title(f"Edit File '{item.name}'"))
def journal_delete(c_id, j_id, c_name=None, j_name=None): char = Character.query.filter_by(id=c_id).first_or_404() journal = Journal.query.filter_by(id=j_id).first_or_404() if not journal.is_deletable_by_user(): return deny_access(no_perm_url) # journal belongs to character if journal not in char.journals: return deny_access(no_perm_url, "Journal does not belong to this character.") db.session.delete(journal) db.session.commit() flash("Journal entry was deleted.", "success") return redirect(char.view_url())
def edit(username): # noqa: C901 user = User.query.filter_by(username=username).first_or_404() if not user.is_editable_by_user(): return deny_access(no_perm_url) form = EditProfileForm() if current_user.is_admin(): form.role.choices = gen_role_choices() else: del form.role if form.validate_on_submit(): user.about = form.about.data if (form.password.data): user.set_password(form.password.data) if current_user.username == user.username: user.must_change_password = False elif current_user.is_admin(): # user must reset password after it has been changed by an admin user.must_change_password = True role_okay = True if current_user.is_admin(): old_role = user.role new_role = form.role.data if username == current_user.username and current_user.is_admin( ) and new_role != Role.Admin.value: flash("You can't revoke your own admin role.", "danger") role_okay = False elif user.id == 1 and new_role != Role.Admin.value: flash("The original admin can't be removed.", "danger") role_okay = False else: user.role = new_role if role_okay: db.session.commit() flash("Your changes have been saved.", "success") return redirect(user.view_url()) else: form.role.data = old_role elif request.method == "GET": form.about.data = user.about if current_user.is_admin(): form.role.data = user.role return render_template("user/edit.html", form=form, user=user, title=page_title(f"Edit User '{user.username}'"))
def edit(id, name=None): event = Event.query.filter_by(id=id).first_or_404() if not event.is_editable_by_user(): return deny_access(no_perm_url) form = EventForm() form.submit.label.text = "Save Event" form.category.choices = gen_event_category_choices() form.epoch.choices = gen_epoch_choices() form.month.choices = gen_month_choices() if request.method == "POST": form.day.choices = gen_day_choices(form.month.data) else: form.day.choices = gen_day_choices(event.month_id) if not event.is_hideable_by_user(): del form.is_visible if form.validate_on_submit(): event.name = form.name.data event.category_id = form.category.data event.description = form.description.data event.epoch_id = form.epoch.data event.year = form.year.data event.month_id = form.month.data event.day = form.day.data event.duration = form.duration.data if event.is_hideable_by_user(): event.is_visible = form.is_visible.data db.session.commit() update_timestamp(event.id) flash("Event was edited.", "success") return redirect(event.view_url()) elif request.method == "GET": form.name.data = event.name form.category.data = event.category_id form.description.data = event.description form.epoch.data = event.epoch_id form.year.data = event.year form.month.data = event.month_id form.day.data = event.day form.duration.data = event.duration if event.is_hideable_by_user(): form.is_visible.data = event.is_visible calendar_helper = gen_calendar_stats() return render_template("event/edit.html", form=form, calendar=calendar_helper, title=page_title(f"Edit Event '{event.name}'"))
def test_deny_access(self, app, client): from app.helpers import deny_access client.get("/") with client.session_transaction(): resp = deny_access("main.index") self.assertEqual(resp.status_code, 302) flashes = get_flashed_messages() self.assertEqual(len(flashes), 1) self.assertTrue("No permission" in flashes[0]) client.get("/") # flash() (used in case of failure) needs a http context with client.session_transaction(): resp = deny_access("main.index", msg="Custom Message") self.assertEqual(resp.status_code, 302) flashes = get_flashed_messages() self.assertEqual(len(flashes), 1) self.assertTrue("Custom Message" in flashes[0])
def journal_edit(c_id, j_id, c_name=None, j_name=None): char = Character.query.filter_by(id=c_id).first_or_404() journal = Journal.query.filter_by(id=j_id).first_or_404() if not journal.is_editable_by_user(): return deny_access(no_perm_url) # journal belongs to character if journal not in char.journals: return deny_access(no_perm_url, "Journal does not belong to this character.") heading = f"Edit Journal Entry for {char.name}" form = JournalForm() form.session.choices = gen_session_choices(char) form.submit.label.text = "Save Journal Entry" if form.validate_on_submit(): journal.title = form.title.data journal.is_visible = form.is_visible.data journal.content = form.content.data if form.session.data == 0: journal.session_id = None else: journal.session_id = form.session.data db.session.commit() flash("Journal entry was changed.", "success") return redirect(journal.view_url()) else: form.title.data = journal.title form.is_visible.data = journal.is_visible form.content.data = journal.content form.session.data = journal.session_id return render_template( "character/journal_form.html", heading=heading, form=form, title=page_title(f"Edit Journal Entry '{journal.title}'"))
def delete(id, name=None): event = Event.query.filter_by(id=id).first_or_404() if not event.is_deletable_by_user(): return deny_access(no_perm_url) db.session.delete(event) db.session.commit() flash("Event was deleted", "success") return redirect(url_for("calendar.index"))
def view(id, name=None): map_ = Map.query.filter_by(id=id).first_or_404() settings = MapSetting.query.filter_by(id=1).first_or_404() if not map_.is_viewable_by_user(): return deny_access(no_perm_url) return render_template("map/index.html", settings=settings, map_=map_, title=page_title(map_.name))
def journal_view(c_id, j_id, c_name=None, j_name=None): char = Character.query.filter_by(id=c_id).first_or_404() journal = Journal.query.filter_by(id=j_id).first_or_404() if not journal.is_viewable_by_user(): return deny_access(no_perm_url) # journal belongs to character if journal not in char.journals: return deny_access(no_perm_url, "Journal does not belong to this character.") if journal.is_visible is False: flash("This Journal is only visible to you.", "warning") return render_template( "character/journal_view.html", char=char, journal=journal, title=page_title(f"View Journal Entry '{journal.title}'"))
def edit(id, name=None): # noqa: C901 party = Party.query.filter_by(id=id).first_or_404() if not party.is_editable_by_user(): return deny_access(no_perm_url) is_admin = current_user.is_admin() form = PartyForm() form.submit.label.text = "Save Party" if is_admin: form.members.choices = gen_party_members_choices(ensure=party.members) else: del form.members if form.validate_on_submit(): party.name = form.name.data party.description = form.description.data if is_admin: members = Character.query.filter(Character.id.in_(form.members.data)).all() party.members = members success = True if form.profile_picture.data: success, filename = upload_profile_picture(form.profile_picture.data) if success and party.profile_picture: delete_profile_picture(party.profile_picture) party.profile_picture = filename if success is False: flash("Error while editing party.", "error") else: db.session.commit() flash("Party was edited.", "success") return redirect(party.view_url()) elif request.method == "GET": form.name.data = party.name form.description.data = party.description if is_admin: members = [] for m in party.members: members.append(m.id) form.members.data = members return render_template("party/edit.html", form=form, party=party, title=page_title(f"Edit Party '{party.name}'"))
def delete(id, name=None): party = Party.query.filter_by(id=id).first_or_404() if not party.is_deletable_by_user(): return deny_access(no_perm_url) db.session.delete(party) db.session.commit() flash("Party was deleted", "success") return redirect(url_for("character.list"))
def view(id, name=None): char = Character.query.filter_by(id=id).first_or_404() if not char.is_viewable_by_user(): return deny_access(no_perm_url) if char.is_visible is False: flash("This Character is only visible to you.", "warning") return render_template("character/view.html", char=char, title=page_title(f"View Character '{char.name}'"))
def view(id, name=None): item = MediaItem.query.filter_by(id=id).first_or_404() if not item.is_viewable_by_user(): return deny_access(no_perm_url) if not item.is_visible: flash("This item is only visible to you.", "warning") return render_template("media/view.html", item=item, title=page_title("View File"))
def view(id, name=None): event = Event.query.filter_by(id=id).first_or_404() moons = Moon.query.all() if not event.is_viewable_by_user(): return deny_access(no_perm_url) if event.is_visible is False: flash("This Event is only visible to you.", "warning") return render_template("event/view.html", event=event, moons=moons, title=page_title(f"View Event '{event.name}'"))
def view(id, name=None): wikientry = WikiEntry.query.filter_by(id=id).first_or_404() if not wikientry.is_viewable_by_user(): return deny_access(no_perm_url) if not wikientry.is_visible: flash("This article is only visible to you.", "warning") map_nodes = get_nodes_by_wiki_id(id) return render_template("wiki/view.html", entry=wikientry, nav=(prepare_wiki_nav(), WikiSearchForm()), map_nodes=map_nodes, title=page_title(f"View Wiki Article '{wikientry.title}'"))
def delete(id, name=None): char = Character.query.filter_by(id=id).first_or_404() if not char.is_deletable_by_user(): return deny_access(no_perm_url) player = char.player db.session.delete(char) db.session.commit() flash("Character was deleted.", "success") return redirect(player.view_url())
def create_with_campaign(id): form = SessionForm() form.submit.label.text = "Create Session" campaign = Campaign.query.filter_by(id=id).first_or_404() form.participants.choices = gen_participant_choices( ensure=campaign.default_participants) if not campaign.is_editable_by_user(): return deny_access(no_perm_url) if not current_user.is_dm_of(campaign): del form.dm_notes if form.validate_on_submit(): participants = Character.query.filter( Character.id.in_(form.participants.data)).all() dm_notes = None if current_user.is_dm_of(campaign): dm_notes = form.dm_notes.data new_session = Session(title=form.title.data, campaign_id=form.campaign.data, summary=form.summary.data, dm_notes=dm_notes, date=form.date.data, participants=participants) db.session.add(new_session) db.session.commit() recalc_session_numbers(new_session.campaign, db) flash("Session was created.", "success") return redirect(new_session.view_url()) elif request.method == "GET": participants = [] for p in campaign.default_participants: participants.append(p.id) form.participants.data = participants form.campaign.data = id return render_template("session/create.html", form=form, campaign=campaign, title=page_title("Add Session"))
def toggle_vis(id, name=None): wikientry = WikiEntry.query.filter_by(id=id).first_or_404() if not wikientry.is_hideable_by_user(): return deny_access(no_perm_url) if wikientry.is_visible is True: wikientry.is_visible = False flash("Article was hidden.", "success") else: wikientry.is_visible = True flash("Article is now visible to anyone.", "success") db.session.commit() return redirect(wikientry.view_url())
def delete(id, name=None): if id == 1: flash("The wiki main page can't be deleted", "danger") return redirect(url_for('wiki.index')) wikientry = WikiEntry.query.filter_by(id=id).first_or_404() if not wikientry.is_deletable_by_user(): return deny_access(no_perm_url) db.session.delete(wikientry) db.session.commit() flash("Wiki article was deleted.", "success") return redirect(url_for('wiki.index'))
def delete(id, name=None): session = Session.query.filter_by(id=id).first_or_404() if not session.is_editable_by_user(): return deny_access(no_perm_url) campaign = session.campaign db.session.delete(session) recalc_session_numbers(campaign, db) db.session.commit() flash("Session was deleted.", "success") return redirect(url_for("session.index"))
def view_with_node(id, n_id, m_name=None, n_name=None): mapsettings = MapSetting.query.get(1) map_ = Map.query.filter_by(id=id).first_or_404() node = MapNode.query.filter_by(id=n_id).first_or_404() if not map_.is_viewable_by_user(): return deny_access(no_perm_url) if node.on_map != map_.id: flash(f"Map node '{node.id}' could not be found on this map", "danger") return redirect(map_.view_url()) return render_template("map/index.html", settings=mapsettings, map_=map_, jump_to_node=node.id, title=page_title(map_.name))
def journal_create(c_id, c_name=None): char = Character.query.filter_by(id=c_id).first_or_404() if not char.journal_is_creatable_by_user(): return deny_access(no_perm_url) heading = f"Create Journal Entry for {char.name}" form = JournalForm() form.session.choices = gen_session_choices(char) form.submit.label.text = "Create Journal Entry" if form.validate_on_submit(): journal_entry = Journal(title=form.title.data, content=form.content.data, is_visible=form.is_visible.data, character_id=c_id) if (form.session.data != 0): journal_entry.session_id = form.session.data db.session.add(journal_entry) db.session.commit() flash("Journal entry was created.", "success") return redirect(journal_entry.view_url()) else: # set default for visibility if request.method == "GET": form.is_visible.data = True # pre-select session if get-param was passed session_id = request.args.get("session") # will do nothing if session_id not an int or not in choices if session_id: try: form.session.data = int(session_id) except ValueError: pass return render_template( "character/journal_form.html", heading=heading, form=form, title=page_title(f"Add Journal Entry for '{char.name}'"))
def epoch_edit(id, name=None): heading = "Edit Epoch" form = EpochForm() form.submit.label.text = "Save Epoch" cset = CalendarSetting.query.get(1) if cset.finalized is True: del form.years del form.circa else: if current_user.is_moderator(): return deny_access( no_perm_url, "A Moderator can only edit the Calendar after it has been finalized." ) epoch = Epoch.query.filter_by(id=id).first_or_404() if form.validate_on_submit(): epoch.name = form.name.data epoch.abbreviation = form.abbreviation.data epoch.description = form.description.data if cset.finalized is False: epoch.years = form.years.data epoch.circa = form.circa.data db.session.commit() flash("Epoch edited.", "success") return redirect(url_for("calendar.settings")) elif request.method == "GET": form.name.data = epoch.name form.abbreviation.data = epoch.abbreviation form.description.data = epoch.description if cset.finalized is False: form.years.data = epoch.years form.circa.data = epoch.circa return render_template("calendar/form.html", item=epoch, form=form, heading=heading, title=page_title(f"Edit Epoch '{epoch.name}'"))
def edit(id, name=None): wikientry = WikiEntry.query.filter_by(id=id).first_or_404() if not wikientry.is_editable_by_user(): return deny_access(no_perm_url) form = WikiEntryForm() form.submit.label.text = "Save Article" cats = gen_category_strings() if wikientry.id == 1: del form.title if not wikientry.is_hideable_by_user(): del form.is_visible if form.validate_on_submit(): if wikientry.id != 1: wikientry.title = form.title.data wikientry.content = form.content.data wikientry.category = form.category.data wikientry.tags = form.tags.data if wikientry.is_hideable_by_user(): wikientry.is_visible = form.is_visible.data db.session.commit() flash("Wiki entry was edited.", "success") return redirect(wikientry.view_url()) elif request.method == "GET": if wikientry.id != 1: form.title.data = wikientry.title form.content.data = wikientry.content form.category.data = wikientry.category form.tags.data = wikientry.tags if wikientry.is_hideable_by_user(): form.is_visible.data = wikientry.is_visible return render_template("wiki/edit.html", form=form, nav=(prepare_wiki_nav(), WikiSearchForm()), cats=cats, entry=wikientry, title=page_title(f"Edit Wiki Article '{wikientry.title}'"))
def delete(id, name=None): item = MediaItem.query.filter_by(id=id).first_or_404() if not item.is_deletable_by_user(): return deny_access(no_perm_url) fname = path.join(current_app.config["MEDIA_DIR"], item.filename) if path.isfile(fname): remove(fname) tname = path.join(current_app.config["MEDIA_DIR"], "thumbnails", item.filename) if item.is_image() and path.isfile(tname): remove(tname) db.session.delete(item) db.session.commit() flash("Media item was deleted.", "success") return redirect(url_for('media.index'))
def moon_edit(id, name=None): cset = CalendarSetting.query.get(1) if cset.finalized is False: if current_user.is_moderator(): return deny_access( no_perm_url, "A Moderator can only edit the Calendar after it has been finalized." ) heading = "Edit Moon" form = MoonForm() form.submit.label.text = "Save Moon" moon = Moon.query.filter_by(id=id).first_or_404() if form.validate_on_submit(): moon.name = form.name.data moon.description = form.description.data moon.phase_length = form.phase_length.data moon.phase_offset = form.phase_offset.data moon.waxing_color = stretch_color(form.waxing_color.data.hex) moon.waning_color = stretch_color(form.waning_color.data.hex) db.session.commit() flash("Moon edited.", "success") return redirect(url_for("calendar.settings")) elif request.method == "GET": form.name.data = moon.name form.description.data = moon.description form.phase_length.data = moon.phase_length form.phase_offset.data = moon.phase_offset form.waxing_color.data = moon.waxing_color form.waning_color.data = moon.waning_color return render_template("calendar/form.html", item=moon, form=form, heading=heading, title=page_title(f"Edit Moon '{moon.name}'"))
def settings(): cset = CalendarSetting.query.get(1) if cset.finalized is False: if current_user.is_moderator(): return deny_access( no_perm_url, "A Moderator can only edit the Calendar after it has been finalized." ) epochs = Epoch.query.order_by(Epoch.order.asc()).all() months = Month.query.order_by(Month.order.asc()).all() days = Day.query.order_by(Day.order.asc()).all() moons = Moon.query.order_by(Moon.name.asc()).all() return render_template("calendar/settings.html", settings=cset, epochs=epochs, months=months, days=days, moons=moons, title=page_title("Calendar Settings"))
def map_settings(id, name=None): map_ = Map.query.filter_by(id=id).first_or_404() if not map_.is_editable_by_user(): return deny_access(no_perm_url) form = MapForm() form.submit.label.text = "Save Map" if form.validate_on_submit(): map_.name = form.name.data map_.min_zoom = form.min_zoom.data map_.max_zoom = form.max_zoom.data map_.default_zoom = form.default_zoom.data map_.external_provider = form.external_provider.data map_.tiles_path = form.tiles_path.data map_.no_wrap = form.no_wrap.data map_.is_visible = form.is_visible.data db.session.commit() flash("Map settings have been changed.", "success") return redirect(map_.view_url()) else: form.name.data = map_.name form.no_wrap.data = map_.no_wrap form.external_provider.data = map_.external_provider form.tiles_path.data = map_.tiles_path form.min_zoom.data = map_.min_zoom form.max_zoom.data = map_.max_zoom form.default_zoom.data = map_.default_zoom form.is_visible.data = map_.is_visible return render_template("map/edit.html", map=map_, form=form, title=page_title(f"Edit Map '{map_.name}'"))
def edit(id, name=None): # noqa: C901 campaign = Campaign.query.filter_by(id=id).first_or_404() if not campaign.is_editable_by_user(): return deny_access(no_perm_url) is_admin = current_user.is_admin() is_dm = current_user.is_dm_of(campaign) form = CampaignEditForm() form.associated_parties.choices = gen_party_choices() form.default_participants.choices = gen_participant_choices(ensure=campaign.default_participants) if not is_admin: del form.dm else: form.dm.choices = gen_dm_choices() if not is_dm: del form.dm_notes if form.validate_on_submit(): campaign.name = form.name.data campaign.description = form.description.data campaign.associated_parties = Party.query.filter(Party.id.in_(form.associated_parties.data)).all() campaign.default_participants = Character.query.filter(Character.id.in_(form.default_participants.data)).all() campaign.color = stretch_color(form.color.data.hex) if is_admin: campaign.dm_id = form.dm.data if is_dm: campaign.dm_notes = form.dm_notes.data success = True if form.profile_picture.data: success, filename = upload_profile_picture(form.profile_picture.data) if success and campaign.profile_picture: delete_profile_picture(campaign.profile_picture) campaign.profile_picture = filename if success is False: flash("Error while editing campaign.", "error") else: db.session.commit() flash("Campaign was edited.", "success") return redirect(campaign.view_url()) elif request.method == "GET": form.name.data = campaign.name form.description.data = campaign.description form.color.data = campaign.color form.associated_parties.data = [p.id for p in campaign.associated_parties] participants = [] for p in campaign.default_participants: participants.append(p.id) form.default_participants.data = participants if is_admin: form.dm.data = campaign.dm_id if is_dm: form.dm_notes.data = campaign.dm_notes return render_template("campaign/edit.html", form=form, campaign=campaign, title=page_title(f"Edit Campaign '{campaign.name}'"))