def change_email_request(): '''auth.change_email_request()''' form = ChangeEmailForm() if form.validate_on_submit(): if current_user.verify_password(form.password.data): new_email = form.email.data.strip().lower() token = current_user.generate_email_change_token(new_email) send_email( recipient=new_email, subject='确认您的邮箱账户', template='auth/mail/change_email', user=current_user._get_current_object(), token=token ) flash('一封确认邮件已经发送至您的邮箱', category='info') add_user_log( user=current_user._get_current_object(), event='请求修改邮箱为:{}'.format(new_email), category='auth' ) return redirect(url_for('auth.change_email_request')) flash('无效的用户名或密码', category='error') return redirect(url_for('auth.change_email_request')) return minify(render_template( 'auth/change_email.html', form=form ))
def rating(id): '''profile.rating(id)''' tab = 'rating' user = User.query.get_or_404(id) if not user.created or user.deleted: abort(404) if not current_user.can_access_profile(user=user): abort(403) form = UserRatingForm() if form.validate_on_submit() and strip_html_tags(form.body.data): user_rating = UserRating( body_html=sanitize_html(form.body.data), author_id=current_user.id, user_id=user.id ) db.session.add(user_rating) db.session.commit() flash('已给“{}”添加用户评价'.format(user.name_email), category='success') add_user_log( user=current_user._get_current_object(), event='给“{}”添加用户评价:{}'.format( user.name_email, strip_html_tags(user_rating.body_html) ), category='manage' ) return redirect(url_for('profile.rating', id=user.id)) return minify(render_template( 'profile/rating.html', profile_tab=tab, form=form, user=user ))
def punch(id): '''study.punch(id)''' csrf.protect() video = Video.query.get_or_404(id) if not current_user.can_play(video=video): abort(403) if request.json is None: abort(500) if not current_user.punched(video=video): add_user_log(user=current_user._get_current_object(), event='视频研修:{}'.format(video.name), category='study') current_user.punch(video=video, play_time=request.json.get('play_time')) db.session.commit() if video.lesson.type.name in ['VB', 'Y-GRE', 'Y-GRE AW']: # synchronize study progress with Y-System punch = current_user.get_punch(video=video) if punch.sync_required: data = y_system_api_request(api='punch', token_data={ 'user_id': current_user.id, 'section': video.section, }) if verify_data_keys(data=data, keys=['success']): punch.set_synchronized() add_user_log(user=current_user._get_current_object(), event='同步研修进度至Y-System:{}'.format(video.section), category='study') db.session.commit() return jsonify({ 'progress': current_user.video_progress(video=video), })
def logout(): '''auth.logout()''' add_user_log(user=current_user._get_current_object(), event='登出系统', category='auth') db.session.commit() logout_user() return redirect(url_for('auth.login'))
def migrate_user(token): '''api.migrate_user(token)''' data = load_y_vod_token(token=token) if verify_data_keys(data=data, keys=['user_id']): user = User.query.get_or_404(data.get('user_id')) add_user_log(user=user, event='导出用户信息到Y-VOD', category='auth') return jsonify(user.y_vod_user_json) return jsonify({'error': '用户信息无效'})
def login_user(token): '''api.login_user(token)''' data = load_y_vod_token(token=token) if verify_data_keys(data=data, keys=['email', 'password', 'device']): user = User.query.filter_by( email=data.get('email'), created=True, deleted=False ).first() if user is not None: if not user.activated: return jsonify({'error': '您的账户尚未激活'}) if not user.confirmed: return jsonify({'error': '您的邮箱尚未确认'}) if user.is_suspended: return jsonify({'error': '您的账户已被挂起'}) if not user.locked: if user.verify_password(data.get('password')): user.reset_invalid_login_count() db.session.commit() if user.plays('协管员'): send_email( user.email, 'Y-VOD登录提醒', 'auth/mail/y_vod/login', user=user, device=data.get('device'), timestamp=datetime_now(utc_offset=current_app.config['UTC_OFFSET']) ) add_user_log( user=user, event='登录Y-VOD(来源:{})'.format(data.get('device')), category='access' ) return jsonify(user.y_vod_user_json) user.increase_invalid_login_count() db.session.commit() if user.locked: send_emails( recipients=[staff.email for staff in User.all_can('管理用户').all() \ if staff.has_inner_domain_email], subject='锁定用户:{}'.format(user.name_email), template='auth/mail/y_vod/lock_user', user=user, device=data.get('device'), ) add_user_log(user=user, event='登录失败:密码错误(第{}次,来源:{})'.format( user.invalid_login_count, data.get('device') ), category='access') return jsonify({'error': '密码错误(第{}次,来源:{})'.format( user.invalid_login_count, data.get('device') )}) return jsonify({'error': '您的账户已被锁定'}) return jsonify({'error': '无效的用户名或密码'}) return jsonify({'error': '用户信息无效'})
def login(): '''auth.login()''' if current_user.is_authenticated: return redirect(request.args.get('next') or current_user.index_url) form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by( email=form.email.data.strip().lower(), created=True, activated=True, deleted=False ).first() if user is not None: if not user.locked: if user.verify_password(form.password.data): user.reset_invalid_login_count() db.session.commit() login_user(user, remember=form.remember_me.data) if user.plays('协管员'): send_email( recipient=user.email, subject='登录提醒', template='auth/mail/login', user=user, timestamp=datetime_now(utc_offset=current_app.config['UTC_OFFSET']) ) get_announcements(type_name='登录通知', flash_first=True) add_user_log(user=user, event='登录系统', category='access') return redirect(request.args.get('next') or user.index_url) user.increase_invalid_login_count() db.session.commit() if user.locked: send_emails( recipients=[staff.email for staff in User.all_can('管理用户').all() \ if staff.has_inner_domain_email], subject='锁定用户:{}'.format(user.name_email), template='auth/mail/lock_user', user=user ) flash('登录失败:密码错误(第{}次)'.format(user.invalid_login_count), category='error') add_user_log(user=user, event='登录失败:密码错误(第{}次,来源:{})'.format( user.invalid_login_count, get_geo_info( ip_address=request.headers.get('X-Forwarded-For', request.remote_addr), show_ip=True ) ), category='access') return redirect(url_for('auth.login')) flash('登录失败:您的账户已被锁定', category='error') return redirect(url_for('auth.login')) flash('登录失败:无效的用户名或密码', category='error') return minify(render_template( 'auth/login.html', form=form ))
def message(id): '''profile.message(id)''' tab = 'message' user = User.query.get_or_404(id) if not user.created or user.deleted: abort(404) if not current_user.can_access_profile(user=user): abort(403) form = MessageForm() if user.id != current_user.id and form.validate_on_submit(): message = Message( title=form.title.data, body_html=sanitize_html(form.body.data), modified_by_id=current_user.id ) db.session.add(message) db.session.commit() message.send_to(user=user) db.session.commit() flash('已向“{}”发送站内信:{}'.format(user.name_email, message.title), category='success') add_user_log( user=current_user._get_current_object(), event='向“{}”发送站内信:{}'.format(user.name_email, message.title), category='manage' ) return redirect(url_for( 'profile.message', id=user.id, page=request.args.get('page', 1, type=int) )) if user.is_staff or user.is_suspended_staff: query = Message.query\ .filter(Message.modified_by_id == user.id)\ .filter(Message.deleted == False)\ .order_by(Message.modified_at.desc()) else: query = UserMessage.query\ .join(Message, Message.id == UserMessage.message_id)\ .filter(UserMessage.user_id == user.id)\ .filter(Message.deleted == False)\ .order_by(Message.modified_at.desc()) page = request.args.get('page', 1, type=int) pagination = query.paginate(page, per_page=current_app.config['RECORD_PER_PAGE'], error_out=False) items = pagination.items return minify(render_template( 'profile/message.html', profile_tab=tab, form=form, pagination=pagination, items=items, user=user ))
def delete_device(id): '''manage.delete_device(id)''' device = Device.query.get_or_404(id) if device.category == 'development' and not current_user.is_developer: abort(403) device.remove_all_lesson_types() db.session.delete(device) flash('已删除设备:{}'.format(device.alias_serial), category='success') add_user_log(user=current_user._get_current_object(), event='删除设备:{}'.format(device.alias_serial), category='manage') db.session.commit() return redirect(request.args.get('next') or url_for('manage.device'))
def change_email(token): '''auth.change_email(token)''' if current_user.change_email(token): db.session.commit() flash('修改邮箱成功', category='success') add_user_log( user=current_user._get_current_object(), event='修改邮箱为:{}'.format(current_user.email), category='auth' ) else: flash('请求无效', category='error') return redirect(current_user.index_url)
def before_request(): '''auth.before_request()''' if current_user.is_authenticated: current_user.ping() mac_address = get_mac_address_from_ip(ip_address=request.headers\ .get('X-Forwarded-For', request.remote_addr)) if mac_address is not None and mac_address != current_user.last_seen_mac: current_user.update_mac(mac_address=mac_address) add_user_log(user=current_user._get_current_object(), event='请求访问(来源:{})'.format( get_device_info(mac_address=mac_address, show_mac=True)), category='access') db.session.commit()
def confirm(token): '''auth.confirm(token)''' if current_user.confirmed: return redirect(current_user.index_url) if current_user.confirm(token): db.session.commit() flash('您的邮箱账户确认成功!', category='success') add_user_log( user=current_user._get_current_object(), event='确认邮箱为:{}'.format(current_user.email), category='auth' ) return redirect(current_user.index_url) flash('确认链接无效或者已经过期', category='error') return redirect(url_for('auth.unconfirmed'))
def resend_confirmation(): '''auth.resend_confirmation()''' token = current_user.generate_confirmation_token() send_email( recipient=current_user.email, subject='确认您的邮箱账户', template='auth/mail/confirm', user=current_user._get_current_object(), token=token ) flash('一封新的确认邮件已经发送至您的邮箱', category='info') add_user_log( user=current_user._get_current_object(), event='请求重发邮箱确认邮件至:{}'.format(current_user.email), category='auth' ) return redirect(url_for('auth.unconfirmed'))
def change_password(): '''auth.change_password()''' form = ChangePasswordForm() if form.validate_on_submit(): if current_user.verify_password(form.old_password.data): current_user.password = form.password.data db.session.add(current_user) db.session.commit() flash('修改密码成功', category='success') add_user_log(user=current_user._get_current_object(), event='修改密码', category='auth') return redirect(current_user.index_url) flash('密码有误', category='error') return redirect(url_for('auth.change_password')) return minify(render_template( 'auth/change_password.html', form=form ))
def edit_device(id): '''manage.edit_device(id)''' device = Device.query.get_or_404(id) if device.category == 'development' and not current_user.is_developer: abort(403) form = DeviceForm(is_developer=current_user.is_developer) if form.validate_on_submit(): serial = form.serial.data.upper() if Device.query\ .filter(Device.id != device.id)\ .filter(Device.serial == serial)\ .first() is not None: flash('已存在序列号为“{}”的设备'.format(serial), category='error') return redirect( request.args.get('next') or url_for('manage.device')) device.serial = serial device.alias = form.alias.data device.type_id = int(form.device_type.data) device.room_id = (None if int(form.room.data) == 0 else int(form.room.data)) device.mac_address = (None if form.mac_address.data == '' else form.mac_address.data) device.category = ('development' if form.development_machine.data and \ current_user.is_developer else 'production') db.session.add(device) device.remove_all_lesson_types() for lesson_type_id in form.lesson_types.data: device.add_lesson_type( lesson_type=LessonType.query.get(int(lesson_type_id))) db.session.commit() flash('已更新设备信息:{}'.format(device.alias_serial), category='success') add_user_log(user=current_user._get_current_object(), event='更新设备信息:{}'.format(device.alias_serial), category='manage') db.session.commit() return redirect(request.args.get('next') or url_for('manage.device')) form.alias.data = device.alias form.serial.data = device.serial form.device_type.data = str(device.type_id) form.room.data = ('0' if device.room_id == None else str(device.room_id)) form.mac_address.data = device.mac_address form.lesson_types.data = [str(item.lesson_type_id) \ for item in device.lesson_type_authorizations] form.development_machine.data = (device.category == 'development') return minify( render_template('manage/edit_device.html', device=device, form=form))
def before_request(): '''auth.before_request()''' if current_user.is_authenticated: current_user.ping() db.session.commit() ip_address = request.headers.get('X-Forwarded-For', request.remote_addr) if ip_address != current_user.last_seen_ip: current_user.update_ip(ip_address=ip_address) db.session.commit() add_user_log( user=current_user._get_current_object(), event='请求访问(来源:{})'.format(get_geo_info(ip_address=ip_address, show_ip=True)), category='access' ) if not current_user.confirmed and \ not request.endpoint.startswith('auth.') and \ request.endpoint != 'static': return redirect(url_for('auth.unconfirmed'))
def archive(id): '''profile.archive(id)''' tab = 'archive' user = User.query.get_or_404(id) if not user.created or user.deleted: abort(404) if not current_user.can_access_profile(user=user): abort(403) add_user_log( user=current_user._get_current_object(), event='查看“{}”的资料'.format(user.name_email), category='access' ) return minify(render_template( 'profile/archive.html', profile_tab=tab, user=user ))
def toggle_device_obsolete(id): '''manage.toggle_device_obsolete(id)''' device = Device.query.get_or_404(id) if device.category == 'development' and not current_user.is_developer: abort(403) device.toggle_obsolete(modified_by=current_user._get_current_object()) if device.obsolete: flash('已标记报废设备:{}'.format(device.alias_serial), category='success') add_user_log(user=current_user._get_current_object(), event='标记报废设备:{}'.format(device.alias_serial), category='manage') else: flash('已恢复使用设备:{}'.format(device.alias_serial), category='success') add_user_log(user=current_user._get_current_object(), event='恢复使用设备:{}'.format(device.alias_serial), category='manage') db.session.commit() return redirect(request.args.get('next') or url_for('manage.device'))
def apply_extension(): '''profile.apply_extension()''' if current_user.is_staff: abort(403) if current_user.is_suspended: flash('您目前处于挂起状态', category='error') return redirect(request.args.get('next') or current_user.index_url) if current_user.remaining_time.days > current_app.config['EXTENSION_TRIGGER_DAYS']: flash('有效期少于{}天才可以申请延期'.format( current_app.config['EXTENSION_TRIGGER_DAYS'] ), category='error') return redirect(request.args.get('next') or current_user.index_url) if current_user.net_credits < current_app.config['EXTENSION_REQUIRED_CREDITS']: flash('您的积分余额不足({} 积分),请先申请获得积分后再申请延期'.format( current_app.config['EXTENSION_REQUIRED_CREDITS'] ), category='error') return redirect(request.args.get('next') or current_user.index_url) if current_user.is_applying_extension: flash('您已提交过延期申请,请联系工作人员进行处理', category='warning') return redirect(request.args.get('next') or current_user.index_url) form = ApplyExtensionForm() if form.validate_on_submit(): extension = Extension( user_id=current_user.id, type_id=int(form.extension_type.data), months=int(form.months.data), remark=form.remark.data, approved=False, modified_by_id=current_user.id ) db.session.add(extension) db.session.commit() flash('您的延期申请已提交', category='success') add_user_log( user=current_user._get_current_object(), event='申请延长研修有效期', category='duetime' ) return redirect(request.args.get('next') or current_user.index_url) form.remark.data = '示例:因YYYY年MM月DD日至YYYY年MM月DD日出国交换,但忘记挂起研修资格,可用研修时间已不足,申请延长X个月有效期。' return minify(render_template( 'profile/apply_extension.html', form=form ))
def restore_user(id): '''manage.restore_user(id)''' user = User.query.get_or_404(id) if not current_user.can_manage(user=user): abort(403) if not user.suspended: flash('“{}”未处于挂起状态'.format(user.name_with_role), category='warning') return redirect( request.args.get('next') or url_for('profile.overview', id=user.id)) user.restore() flash('已恢复用户:{}'.format(user.name_with_role), category='success') add_user_log(user=user, event='用户被恢复', category='auth') add_user_log(user=current_user._get_current_object(), event='恢复用户:{}'.format(user.name_with_role), category='manage') db.session.commit() return redirect( request.args.get('next') or url_for('profile.overview', id=user.id))
def apply_suspension(): '''profile.apply_suspension()''' if current_user.is_staff: abort(403) if current_user.is_suspended: flash('您已经处于挂起状态', category='error') return redirect(request.args.get('next') or current_user.index_url) if current_user.last_suspension is not None and not current_user.last_suspension.cooled_down: flash('您的恢复研修冷却时间不足', category='error') return redirect(request.args.get('next') or current_user.index_url) form = ApplySuspensionForm() if form.validate_on_submit(): suspension = Suspension( user_id=current_user.id, original_role_id=current_user.role_id, type_id=int(form.suspension_type.data), current=True, self_suspended=True, remark=form.remark.data, modified_by_id=current_user.id ) if current_user.overdue: suspension.start_time = current_user.due_time db.session.add(suspension) user = current_user._get_current_object() user.role_id = Role.query.filter_by(name='挂起').first().id db.session.add(user) db.session.commit() flash('您的挂起申请已提交', category='success') add_user_log( user=current_user._get_current_object(), event='申请挂起研修资格', category='duetime' ) return redirect(request.args.get('next') or current_user.index_url) form.remark.data = '示例:因YYYY年MM月DD日至YYYY年MM月DD日出国交换,申请挂起研修资格。' return minify(render_template( 'profile/apply_suspension.html', form=form ))
def activate(): '''auth.activate()''' if current_user.is_authenticated and current_user.confirmed: return redirect(request.args.get('next') or current_user.index_url) form = ActivationForm() if form.validate_on_submit(): user = User.query.filter_by( email=form.email.data.strip().lower(), created=True, activated=False, deleted=False ).first() if user is not None and user.verify_password(form.activation_code.data): user.activate(new_password=form.password.data) db.session.commit() token = user.generate_confirmation_token() send_email( recipient=user.email, subject='确认您的邮箱账户', template='auth/mail/confirm', user=user, token=token ) login_user(user, remember=False) flash('激活成功!', category='success') flash('一封确认邮件已经发送至您的邮箱', category='info') send_emails( recipients=[staff.email for staff in User.all_can('管理用户').all() \ if staff.has_inner_domain_email], subject='新用户:{}'.format(user.name), template='auth/mail/new_user', user=user ) add_user_log(user=user, event='激活账户', category='auth') return redirect(url_for('auth.unconfirmed')) flash('激活信息有误,或账户已处于激活状态', category='error') return minify(render_template( 'auth/activate.html', form=form ))
def end_suspension(): '''profile.end_suspension()''' if current_user.is_staff: abort(403) if not current_user.is_suspended: flash('您尚未处于挂起状态', category='error') return redirect(request.args.get('next') or current_user.index_url) if not current_user.is_self_suspended: flash('您的研修资格不可自助恢复', category='error') return redirect(request.args.get('next') or current_user.index_url) if not current_user.current_suspension.cooled_down: flash('您的挂起申请冷却时间不足', category='error') return redirect(request.args.get('next') or current_user.index_url) current_user.end_suspension(modified_by=current_user._get_current_object()) db.session.commit() flash('您的研修资格已恢复', category='success') add_user_log( user=current_user._get_current_object(), event='自助恢复研修资格', category='duetime' ) return redirect(request.args.get('next') or current_user.index_url)
def group(id): '''profile.group(id)''' tab = 'group' user = User.query.get_or_404(id) if not user.created or user.deleted: abort(404) if not current_user.can_access_profile(user=user): abort(403) form = GroupForm() if form.validate_on_submit(): if user.organized_groups.count(): flash('“{}”已经发起过团报'.format(user.name_email), category='error') return redirect(url_for('manage.group', page=request.args.get('page', 1, type=int))) if user.registered_groups.count(): flash('“{}”已经参加过“{}”发起的团报'.format( user.name_email, user.registered_groups.first().organizer.name_email ), category='error') return redirect(url_for('manage.group', page=request.args.get('page', 1, type=int))) user.register_group( organizer=user, alumnus=form.alumnus.data, modified_by=current_user._get_current_object() ) db.session.commit() flash('“{}”已成功发起团报'.format(user.name_email), category='success') add_user_log(user=user, event='发起团报', category='group') add_user_log( user=current_user._get_current_object(), event='记录“{}”发起团报'.format(user.name_email), category='manage' ) return redirect(url_for('profile.group', id=user.id)) return minify(render_template( 'profile/group.html', profile_tab=tab, form=form, user=user ))
def reset_password(token): '''auth.reset_password(token)''' if current_user.is_authenticated: return redirect(current_user.index_url) form = ResetPasswordForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data.strip().lower()).first() if user is None or not user.created or not user.activated or user.deleted: flash('用户邮箱错误', category='error') return redirect(url_for('auth.reset_password_request')) if user.reset_password(token, form.password.data): db.session.commit() flash('重置密码成功', category='success') add_user_log(user=user, event='重置密码', category='auth') return redirect(url_for('auth.login')) flash('重置密码失败', category='error') return redirect(url_for('auth.reset_password_request')) return minify(render_template( 'auth/reset_password.html', form=form, token=token ))
def y_gre_practice_set_download(id): '''resource.y_gre_practice_set_download(id)''' practice_set = PracticeSet.query.get_or_404(id) if not current_user.can_download_y_gre_practice_set_pdf(practice_set=practice_set): abort(403) cached_pdf_file = os.path.join(current_app.config['CACHE_DIR'], 'user_{}'.format(current_user.id), 'y_gre', 'practice_sets', '{}.pdf'.format(practice_set.id)) if os.path.exists(cached_pdf_file): encrypted_pdf_file = cached_pdf_file else: raw_pdf_file = os.path.join(current_app.config['RESOURCE_DIR'], 'y_gre', 'practice_sets', '{}.pdf'.format(practice_set.id)) if current_user.id_number: pdf_password = current_user.id_number[-6:] else: pdf_password = current_app.config['ADMIN_PASSWORD'] encrypted_pdf_file = encrypt_pdf( raw_pdf_file=raw_pdf_file, cached_pdf_file=cached_pdf_file, password=pdf_password ) if encrypted_pdf_file is None: abort(404) add_user_log( user=current_user._get_current_object(), event='获取文件“{}.pdf”'.format(practice_set.name), category='resource' ) if current_app.config['X_ACCEL_ENABLE']: return nginx_send_file( filename=encrypted_pdf_file, mimetype='application/pdf', attachment_filename='{}.pdf'.format(practice_set.name) ) return send_file( encrypted_pdf_file, mimetype='application/pdf', as_attachment=True, attachment_filename='{}.pdf'.format(practice_set.name) )
def reset_password_request(): '''auth.reset_password_request()''' if current_user.is_authenticated: return redirect(request.args.get('next') or current_user.index_url) form = ResetPasswordRequestForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data.strip().lower()).first() if user is not None and user.created and user.activated and not user.deleted: token = user.generate_reset_token() send_email( recipient=user.email, subject='重置您的密码', template='auth/mail/reset_password', user=user, token=token, next=request.args.get('next') ) flash('一封用于重置密码的邮件已经发送至您的邮箱', category='info') add_user_log(user=user, event='请求重置密码', category='auth') return redirect(url_for('auth.reset_password_request')) return minify(render_template( 'auth/reset_password_request.html', form=form ))
def device(): '''manage.device()''' form = DeviceForm(is_developer=current_user.is_developer) if form.validate_on_submit(): serial = form.serial.data.upper() if Device.query.filter_by(serial=serial).first() is not None: flash('已存在序列号为“{}”的设备'.format(serial), category='error') return redirect(url_for('manage.device')) device = Device( serial=serial, alias=form.alias.data, type_id=int(form.device_type.data), room_id=(None if int(form.room.data) == 0 else int(form.room.data)), mac_address=(None if form.mac_address.data == '' else form.mac_address.data), category=('development' if form.development_machine.data and \ current_user.is_developer else 'production'), modified_by_id=current_user.id ) db.session.add(device) db.session.commit() for lesson_type_id in form.lesson_types.data: device.add_lesson_type( lesson_type=LessonType.query.get(int(lesson_type_id))) db.session.commit() flash('已添加设备:{} [{}]'.format(device.alias, device.serial), category='success') add_user_log(user=current_user._get_current_object(), event='添加设备:{} [{}]'.format(device.alias, device.serial), category='manage') db.session.commit() return redirect(url_for('manage.device')) show_tablet_devices = True show_desktop_devices = False show_mobile_devices = False show_development_devices = False show_obsolete_devices = False if current_user.is_authenticated: show_tablet_devices = bool( request.cookies.get('show_tablet_devices', '1')) show_desktop_devices = bool( request.cookies.get('show_desktop_devices', '')) show_mobile_devices = bool( request.cookies.get('show_mobile_devices', '')) show_development_devices = bool( request.cookies.get('show_development_devices', '')) show_obsolete_devices = bool( request.cookies.get('show_obsolete_devices', '')) if show_tablet_devices: header = '平板设备' query = Device.query\ .join(DeviceType, DeviceType.id == Device.type_id)\ .filter(DeviceType.name == 'Tablet')\ .filter(Device.category == 'production')\ .filter(Device.obsolete == False)\ .order_by(Device.alias.asc()) if show_desktop_devices: header = '桌面设备' query = Device.query\ .join(DeviceType, DeviceType.id == Device.type_id)\ .filter(DeviceType.name == 'Desktop')\ .filter(Device.category == 'production')\ .filter(Device.obsolete == False)\ .order_by(Device.alias.asc()) if show_mobile_devices: header = '移动设备' query = Device.query\ .join(DeviceType, DeviceType.id == Device.type_id)\ .filter(DeviceType.name == 'Mobile')\ .filter(Device.category == 'production')\ .filter(Device.obsolete == False)\ .order_by(Device.alias.asc()) if show_development_devices: if current_user.is_developer: header = '开发设备' query = Device.query\ .filter(Device.category == 'development')\ .filter(Device.obsolete == False)\ .order_by(Device.alias.asc()) else: return redirect(url_for('manage.tablet_devices')) if show_obsolete_devices: header = '报废设备' if current_user.is_developer: query = Device.query\ .filter(Device.obsolete == True)\ .order_by(Device.alias.asc()) else: query = Device.query\ .filter(Device.category == 'production')\ .filter(Device.obsolete == True)\ .order_by(Device.alias.asc()) page = request.args.get('page', 1, type=int) try: pagination = query.paginate( page, per_page=current_app.config['RECORD_PER_PAGE'], error_out=False) except NameError: return redirect(url_for('manage.tablet_devices')) devices = pagination.items return minify( render_template('manage/device.html', header=header, form=form, show_tablet_devices=show_tablet_devices, show_desktop_devices=show_desktop_devices, show_mobile_devices=show_mobile_devices, show_development_devices=show_development_devices, show_obsolete_devices=show_obsolete_devices, pagination=pagination, devices=devices))
def login(): '''auth.login()''' if current_user.is_authenticated: return redirect(request.args.get('next') or current_user.index_url) form = LoginForm() if form.validate_on_submit(): mac_address = get_mac_address_from_ip(ip_address=request.headers\ .get('X-Forwarded-For', request.remote_addr)) if mac_address is None: flash('无法获取设备信息', category='error') return redirect( url_for('auth.login', next=request.args.get('next'))) device = Device.query.filter_by(mac_address=mac_address).first() if device is None: flash('设备未授权(MAC地址:{})'.format(mac_address), category='error') return redirect( url_for('auth.login', next=request.args.get('next'))) # authenticate user via Y-System data = y_system_api_request(api='login-user', token_data={ 'email': form.email.data.strip().lower(), 'password': form.password.data, 'device': device.alias, }) if data is None: flash('网络通信故障', category='error') return redirect( url_for('auth.login', next=request.args.get('next'))) if verify_data_keys(data=data, keys=['error']): flash('登录失败:{}'.format(data.get('error')), category='error') return redirect( url_for('auth.login', next=request.args.get('next'))) if not verify_data_keys(data=data, keys=['user_id']): flash('登录失败:用户信息无效', category='error') flash('初次登录时,请确认Y-System账号已经激活。', category='info') return redirect( url_for('auth.login', next=request.args.get('next'))) user = User.query.get(data.get('user_id')) if user is None: # migrate user from Y-System data = y_system_api_request(api='migrate-user', token_data={ 'user_id': data.get('user_id'), }) if data is None: flash('网络通信故障', category='error') return redirect( url_for('auth.login', next=request.args.get('next'))) if verify_data_keys(data=data, keys=['error']): flash('登录失败:{}'.format(data.get('error')), category='error') return redirect( url_for('auth.login', next=request.args.get('next'))) if not verify_data_keys(data=data, keys=['user_id', 'role', 'name']): flash('登录失败:用户信息无效', category='error') flash('初次登录时,请确认Y-System账号已经激活。', category='info') return redirect( url_for('auth.login', next=request.args.get('next'))) role = Role.query.filter_by(name=data.get('role')).first() if role is None: flash('登录失败:无效的用户角色“{}”'.format(data.get('role')), category='error') return redirect( url_for('auth.login', next=request.args.get('next'))) user = User(id=data.get('user_id'), role_id=role.id, name=data.get('name')) db.session.add(user) db.session.commit() add_user_log(user=user, event='从Y-System导入用户信息', category='auth') if verify_data_keys(data=data, keys=['role', 'name']): if data.get('role') != user.role.name: role = Role.query.filter_by(name=data.get('role')).first() if role is not None: user.role_id = role.id db.session.add(user) if data.get('name') != user.name: user.name = data.get('name') db.session.add(user) if data.get('vb_progress') is not None: user.sync_punch(section=data.get('vb_progress')) if data.get('y_gre_progress') is not None: user.sync_punch(section=data.get('y_gre_progress')) if data.get('y_gre_aw_progress') is not None: user.sync_punch(section=data.get('y_gre_aw_progress')) login_user(user, remember=current_app.config['AUTH_REMEMBER_LOGIN']) add_user_log(user=user, event='登录系统', category='auth') db.session.commit() return redirect(request.args.get('next') or user.index_url) return minify(render_template('auth/login.html', form=form))
def credit(id): '''profile.credit(id)''' tab = 'credit' user = User.query.get_or_404(id) if not user.created or user.deleted: abort(404) if not current_user.can_access_profile(user=user): abort(403) if user.id == current_user.id: form = ApplyCreditForm() if form.validate_on_submit(): credit = Credit.query.get_or_404(int(form.credit.data)) credit_record = UserCredit( user_id=user.id, credit_id=credit.id, granter_id=current_user.id, remark=form.remark.data ) db.session.add(credit_record) db.session.commit() flash('已申请积分项目:{}'.format(credit.name_value), category='success') add_user_log( user=current_user._get_current_object(), event='申请积分项目:{}'.format(credit.name_value), category='credit' ) else: form = CreditRecordForm() if form.validate_on_submit() and current_user.can('管理积分'): credit = Credit.query.get_or_404(int(form.credit.data)) credit_record = UserCredit( user_id=user.id, credit_id=credit.id, quantity=form.quantity.data, approved=form.approved.data, granter_id=current_user.id, remark=form.remark.data ) db.session.add(credit_record) db.session.commit() flash('已给“{}”添加积分项目:{}'.format( user.name_email, credit.name_value ), category='success') add_user_log( user=user, event='获得积分:{}'.format(credit.name_value), category='credit' ) add_user_log( user=current_user._get_current_object(), event='给“{}”添加积分项目:{}'.format(user.name_email, credit.name_value), category='manage' ) page = request.args.get('page', 1, type=int) pagination = UserCredit.query\ .filter(UserCredit.user_id == user.id)\ .order_by(UserCredit.timestamp.desc())\ .paginate(page, per_page=current_app.config['RECORD_PER_PAGE'], error_out=False) credit_records = pagination.items return minify(render_template( 'profile/credit.html', profile_tab=tab, form=form, pagination=pagination, credit_records=credit_records, user=user ))
def register(creator_id, token): '''auth.register(creator_id, token)''' if current_user.is_authenticated: logout_user() creator = User.query.get_or_404(creator_id) if not creator.created or creator.deleted or not creator.register_user(token): flash('用户注册页面已过期', category='error') return redirect(request.args.get('next') or url_for('manage.student')) form = RegistrationForm() if form.validate_on_submit() and creator.register_user(token): user = User( email=form.email.data.strip().lower(), role_id=int(form.role.data), password=form.id_number.data.strip().upper()[-6:], name=form.name.data.strip(), id_type_id=int(form.id_type.data), id_number=form.id_number.data.strip().upper(), gender_id=int(form.gender.data), birthdate=form.birthdate.data, mobile=form.mobile.data, wechat=form.wechat.data, qq=form.qq.data, address=form.address.data, emergency_contact_name=form.emergency_contact_name.data, emergency_contact_relationship_id=int(form.emergency_contact_relationship.data), emergency_contact_mobile=form.emergency_contact_mobile.data, worked_in_same_field=form.worked_in_same_field.data, deformity=form.deformity.data, application_specialty=form.application_specialty.data, application_degree=form.application_degree.data, application_country=form.application_country.data, application_rank=form.application_rank.data, application_agency=form.application_agency.data ) db.session.add(user) db.session.commit() # education if form.high_school.data: user.add_education_record( education_type=EducationType.query.filter_by(name='高中').first(), school=form.high_school.data, year=form.high_school_year.data ) if form.bachelor_school.data and form.bachelor_school.data != '无': user.add_education_record( education_type=EducationType.query.filter_by(name='本科').first(), school=form.bachelor_school.data, major=form.bachelor_major.data, gpa=form.bachelor_gpa.data, full_gpa=form.bachelor_full_gpa.data, year=form.bachelor_year.data ) if '北京大学' in form.bachelor_school.data: user.add_tag(tag=Tag.query.filter_by(name='北大').first()) elif '清华' in form.bachelor_school.data: user.add_tag(tag=Tag.query.filter_by(name='清华').first()) elif '北京邮电大学' in form.bachelor_school.data: user.add_tag(tag=Tag.query.filter_by(name='北邮').first()) if form.bachelor_full_gpa.data and \ form.bachelor_gpa.data and \ float(form.bachelor_full_gpa.data) == 100 and \ float(form.bachelor_gpa.data) >= 90: user.add_tag(tag=Tag.query.filter_by(name='GPA90+').first()) if form.master_school.data: user.add_education_record( education_type=EducationType.query.filter_by(name='硕士').first(), school=form.master_school.data, major=form.master_major.data, gpa=form.master_gpa.data, full_gpa=form.master_full_gpa.data, year=form.master_year.data ) if '北京大学' in form.master_school.data: user.add_tag(tag=Tag.query.filter_by(name='北大').first()) elif '清华' in form.master_school.data: user.add_tag(tag=Tag.query.filter_by(name='清华').first()) elif '北京邮电大学' in form.master_school.data: user.add_tag(tag=Tag.query.filter_by(name='北邮').first()) if form.master_full_gpa.data and \ form.master_gpa.data and \ float(form.master_full_gpa.data) == 100 and \ float(form.master_gpa.data) >= 90: user.add_tag(tag=Tag.query.filter_by(name='GPA90+').first()) if form.doctor_school.data: user.add_education_record( education_type=EducationType.query.filter_by(name='博士').first(), school=form.doctor_school.data, major=form.doctor_major.data, gpa=form.doctor_gpa.data, full_gpa=form.doctor_full_gpa.data, year=form.doctor_year.data ) if '北京大学' in form.doctor_school.data: user.add_tag(tag=Tag.query.filter_by(name='北大').first()) elif '清华' in form.doctor_school.data: user.add_tag(tag=Tag.query.filter_by(name='清华').first()) elif '北京邮电大学' in form.doctor_school.data: user.add_tag(tag=Tag.query.filter_by(name='北邮').first()) if form.doctor_full_gpa.data and \ form.doctor_gpa.data and \ float(form.doctor_full_gpa.data) == 100 and \ float(form.doctor_gpa.data) >= 90: user.add_tag(tag=Tag.query.filter_by(name='GPA90+').first()) # employment if form.employer_1.data: user.add_employment_record( employer=form.employer_1.data, position=form.position_1.data, year=form.job_year_1.data ) if form.employer_2.data: user.add_employment_record( employer=form.employer_2.data, position=form.position_2.data, year=form.job_year_2.data ) # scores if form.cee_total.data and int(form.cee_total.data): user.add_score_record( score_type=ScoreType.query.filter_by(name='高考总分').first(), score=form.cee_total.data, full_score=form.cee_total_full.data ) if form.cee_math.data and int(form.cee_math.data): user.add_score_record( score_type=ScoreType.query.filter_by(name='高考数学').first(), score=form.cee_math.data, full_score=form.cee_math_full.data ) if int(form.cee_math_full.data) == 150 and int(form.cee_math.data) >= 135: user.add_tag(tag=Tag.query.filter_by(name='高考数学135+').first()) if form.cee_english.data and int(form.cee_english.data): user.add_score_record( score_type=ScoreType.query.filter_by(name='高考英语').first(), score=form.cee_english.data, full_score=form.cee_english_full.data ) if form.cet_4.data: user.add_score_record( score_type=ScoreType.query.filter_by(name='大学英语四级').first(), score=form.cet_4.data ) if form.cet_6.data: user.add_score_record( score_type=ScoreType.query.filter_by(name='大学英语六级').first(), score=form.cet_6.data ) if int(form.cet_6.data) >= 600: user.add_tag(tag=Tag.query.filter_by(name='六级600+').first()) if form.tem_4.data: user.add_score_record( score_type=ScoreType.query.filter_by(name='专业英语四级').first(), score=form.tem_4.data ) if form.tem_8.data: user.add_score_record( score_type=ScoreType.query.filter_by(name='专业英语八级').first(), score=form.tem_8.data ) # competition scores has_competition_score = False if form.math_competition.data: user.add_score_record( score_type=ScoreType.query.filter_by(name='数学竞赛').first(), remark=form.math_competition.data ) has_competition_score = True if form.physics_competition.data: user.add_score_record( score_type=ScoreType.query.filter_by(name='物理竞赛').first(), remark=form.physics_competition.data ) has_competition_score = True if form.chemistry_competition.data: user.add_score_record( score_type=ScoreType.query.filter_by(name='化学竞赛').first(), remark=form.chemistry_competition.data ) has_competition_score = True if form.biology_competition.data: user.add_score_record( score_type=ScoreType.query.filter_by(name='生物竞赛').first(), remark=form.biology_competition.data ) has_competition_score = True if form.computer_competition.data: user.add_score_record( score_type=ScoreType.query.filter_by(name='计算机竞赛').first(), remark=form.computer_competition.data ) has_competition_score = True if form.science_competition.data: user.add_score_record( score_type=ScoreType.query.filter_by(name='科技竞赛').first(), remark=form.science_competition.data ) has_competition_score = True if form.english_competition.data: user.add_score_record( score_type=ScoreType.query.filter_by(name='英语竞赛').first(), remark=form.english_competition.data ) has_competition_score = True if has_competition_score: user.add_tag(tag=Tag.query.filter_by(name='竞赛').first()) # other score if form.other_score.data: user.add_score_record( score_type=ScoreType.query.filter_by(name='其它').first(), remark=form.other_score.data ) # TOEFL score if form.toefl_total.data: test_id = None if form.toefl_test_date.data and int(form.toefl_test_date.data): test_id = int(form.toefl_test_date.data) toefl_test_score = TOEFLTestScore( user_id=user.id, test_id=test_id, label_id=ScoreLabel.query.filter_by(name='TOEFL 初始').first().id, total_score=form.toefl_total.data, reading_score=form.toefl_reading.data, listening_score=form.toefl_listening.data, speaking_score=form.toefl_speaking.data, writing_score=form.toefl_writing.data, registered=True, modified_by_id=creator.id ) db.session.add(toefl_test_score) # registration for purpose_type_id in form.purposes.data: user.add_purpose(purpose_type=PurposeType.query.get(int(purpose_type_id))) if form.other_purpose.data: user.add_purpose( purpose_type=PurposeType.query.filter_by(name='其它').first(), remark=form.other_purpose.data ) for referrer_type_id in form.referrers.data: user.add_referrer(referrer_type=ReferrerType.query.get(int(referrer_type_id))) if form.other_referrer.data: user.add_referrer( referrer_type=ReferrerType.query.filter_by(name='其它').first(), remark=form.other_referrer.data ) if form.inviter_email.data: inviter = User.query.filter_by( email=form.inviter_email.data.strip().lower(), created=True, deleted=False ).first() if inviter is not None: inviter.invite_user(user=user, grant_credit=True) else: flash('需联系工作人员进行核对云社区推荐人邮箱:{}'\ .format(form.inviter_email.data.strip().lower()), category='error') if form.partner.data: partner = Partner.query.filter_by(name=form.partner.data).first() if partner is not None: partner.refer_user(user=user, commission=partner.default_commission) db.session.commit() flash('完成注册,请联系工作人员进行资料审核', category='success') add_user_log(user=user, event='注册账户', category='auth') return redirect(url_for( 'manage.confirm_user_registration', id=user.id, next=request.args.get('next') )) return minify(render_template( 'auth/register.html', form=form, creator=creator, token=token ))
def y_gre_practice_set_check_answer(id): '''resource.y_gre_practice_set_check_answer(id)''' block = QuestionBlock.query.get_or_404(id) if not current_user.can_access_y_gre_practice_set_answer(practice_set=block.practice_set): flash('您尚未学习对应课程', category='error') return redirect(request.args.get('next') or \ url_for('resource.y_gre_practice_set_part', practice_set_id=block.practice_set_id, part_id=block.part_id)) if current_user.is_staff: flash('员工用户可直接查看该习题答案', category='warning') return redirect(request.args.get('next') or \ url_for('resource.y_gre_practice_set_part', practice_set_id=block.practice_set_id, part_id=block.part_id)) if current_user.answered_question_block(block=block): flash('您已经核对过该习题答案:{}'.format(block.name), category='warning') return redirect(request.args.get('next') or \ url_for('resource.y_gre_practice_set_part', practice_set_id=block.practice_set_id, part_id=block.part_id)) # dynamic check answer form composition class CheckAnswerForm(FlaskForm): '''resource.CheckAnswerForm(FlaskForm)''' submit = SubmitField('提交') for question in block.questions.all(): if question.category == '1-text': setattr(CheckAnswerForm, 'question_{}_blank_1'.format(question.id), StringField(question.abbr, validators=[InputRequired()])) elif question.category == '2-text': setattr(CheckAnswerForm, 'question_{}_blank_1'.format(question.id), StringField(question.abbr, validators=[InputRequired()])) setattr(CheckAnswerForm, 'question_{}_blank_2'.format(question.id), StringField('填空2', validators=[InputRequired()])) elif question.category == '3-text': setattr(CheckAnswerForm, 'question_{}_blank_1'.format(question.id), StringField(question.abbr, validators=[InputRequired()])) setattr(CheckAnswerForm, 'question_{}_blank_2'.format(question.id), StringField('填空2', validators=[InputRequired()])) setattr(CheckAnswerForm, 'question_{}_blank_3'.format(question.id), StringField('填空3', validators=[InputRequired()])) elif question.category == '4-text': setattr(CheckAnswerForm, 'question_{}_blank_1'.format(question.id), StringField(question.abbr, validators=[InputRequired()])) setattr(CheckAnswerForm, 'question_{}_blank_2'.format(question.id), StringField('填空2', validators=[InputRequired()])) setattr(CheckAnswerForm, 'question_{}_blank_3'.format(question.id), StringField('填空3', validators=[InputRequired()])) setattr(CheckAnswerForm, 'question_{}_blank_4'.format(question.id), StringField('填空4', validators=[InputRequired()])) elif question.category == '1-select': setattr(CheckAnswerForm, 'question_{}_blank_1'.format(question.id), SelectField(question.abbr, choices=[('', '选择选项'), ('A', 'A'), ('B', 'B'), ('C', 'C'), ('D', 'D'), ('E', 'E')], coerce=str, validators=[InputRequired()])) elif question.category == '1-select-2': setattr(CheckAnswerForm, 'question_{}_blank_1'.format(question.id), SelectMultipleField(question.abbr, choices=[('', '选择选项'), ('A', 'A'), ('B', 'B'), ('C', 'C'), ('D', 'D'), ('E', 'E'), ('F', 'F')], coerce=str, validators=[InputRequired()])) elif question.category == '2-select': setattr(CheckAnswerForm, 'question_{}_blank_1'.format(question.id), SelectField(question.abbr, choices=[('', '选择选项'), ('A', 'A'), ('B', 'B'), ('C', 'C')], coerce=str, validators=[InputRequired()])) setattr(CheckAnswerForm, 'question_{}_blank_2'.format(question.id), SelectField('选项2', choices=[('', '选择选项'), ('D', 'D'), ('E', 'E'), ('F', 'F')], coerce=str, validators=[InputRequired()])) elif question.category == '3-select': setattr(CheckAnswerForm, 'question_{}_blank_1'.format(question.id), SelectField(question.abbr, choices=[('', '选择选项'), ('A', 'A'), ('B', 'B'), ('C', 'C')], coerce=str, validators=[InputRequired()])) setattr(CheckAnswerForm, 'question_{}_blank_2'.format(question.id), SelectField('选项2', choices=[('', '选择选项'), ('D', 'D'), ('E', 'E'), ('F', 'F')], coerce=str, validators=[InputRequired()])) setattr(CheckAnswerForm, 'question_{}_blank_3'.format(question.id), SelectField('选项3', choices=[('', '选择选项'), ('G', 'G'), ('H', 'H'), ('I', 'I')], coerce=str, validators=[InputRequired()])) form = CheckAnswerForm() if form.validate_on_submit(): try: for question in block.questions.all(): if question.category in ['1-text', '1-select']: blank_1 = getattr(form, 'question_{}_blank_1'.format(question.id)).data user_answer = UserAnswer( user_id=current_user.id, question_id=question.id, blank_1=blank_1, correct=(blank_1 == question.blank_1) ) elif question.category in ['2-text', '2-select']: blank_1 = getattr(form, 'question_{}_blank_1'.format(question.id)).data blank_2 = getattr(form, 'question_{}_blank_2'.format(question.id)).data user_answer = UserAnswer( user_id=current_user.id, question_id=question.id, blank_1=blank_1, blank_2=blank_2, correct=(blank_1 == question.blank_1 and blank_2 == question.blank_2) ) elif question.category in ['3-text', '3-select']: blank_1 = getattr(form, 'question_{}_blank_1'.format(question.id)).data blank_2 = getattr(form, 'question_{}_blank_2'.format(question.id)).data blank_3 = getattr(form, 'question_{}_blank_3'.format(question.id)).data user_answer = UserAnswer( user_id=current_user.id, question_id=question.id, blank_1=blank_1, blank_2=blank_2, blank_3=blank_3, correct=(blank_1 == question.blank_1 and blank_2 == question.blank_2 and blank_3 == question.blank_3) ) elif question.category == '4-text': blank_1 = getattr(form, 'question_{}_blank_1'.format(question.id)).data blank_2 = getattr(form, 'question_{}_blank_2'.format(question.id)).data blank_3 = getattr(form, 'question_{}_blank_3'.format(question.id)).data blank_4 = getattr(form, 'question_{}_blank_4'.format(question.id)).data user_answer = UserAnswer( user_id=current_user.id, question_id=question.id, blank_1=blank_1, blank_2=blank_2, blank_3=blank_3, blank_4=blank_4, correct=(blank_1 == question.blank_1 and blank_2 == question.blank_2 and blank_3 == question.blank_3 and blank_4 == question.blank_4) ) elif question.category == '1-select-2': blank_1 = ''.join(sorted(getattr(form, 'question_{}_blank_1'.format(question.id)).data)) user_answer = UserAnswer( user_id=current_user.id, question_id=question.id, blank_1=blank_1, correct=(blank_1 == question.blank_1) ) db.session.add(user_answer) db.session.flush() except SQLAlchemyError: db.session.rollback() flash('系统异常,请稍后重试。', category='error') else: db.session.commit() flash('您已完成“{}”的答案核对'.format(block.name), category='success') add_user_log( user=current_user._get_current_object(), event='核对答案:{}'.format(block.name), category='resource' ) return redirect(request.args.get('next') or \ url_for('resource.y_gre_practice_set_part', practice_set_id=block.practice_set_id, part_id=block.part_id)) return minify(render_template( 'resource/y_gre/practice_set_check_answer.html', block=block, form=form ))
def logout(): '''auth.logout()''' add_user_log(user=current_user._get_current_object(), event='登出系统', category='access') logout_user() return redirect(url_for('auth.login'))
def score(id): '''profile.score(id)''' tab = 'score' user = User.query.get_or_404(id) if not user.created or user.deleted: abort(404) if not current_user.can_access_profile(user=user): abort(403) if not (user.is_student or user.is_suspended_student): return redirect(url_for('profile.overview', id=user.id)) assignment_score_form = AssignmentScoreForm(prefix='assignment_score') if assignment_score_form.validate_on_submit(): score = AssignmentScore( user_id=user.id, assignment_id=int(assignment_score_form.assignment.data), grade_id=int(assignment_score_form.grade.data), remark_html=sanitize_html(assignment_score_form.remark.data), feedback=assignment_score_form.feedback.data, modified_by_id=current_user.id ) db.session.add(score) db.session.commit() flash('已添加作业记录:{}'.format(score.summary), category='success') add_user_log( user=current_user._get_current_object(), event='添加作业记录:{}'.format(score.summary), category='manage' ) return redirect(url_for('profile.score', id=user.id)) vb_test_score_form = VBTestScoreForm(prefix='vb_test_score') if vb_test_score_form.submit.data and vb_test_score_form.validate_on_submit(): vb_score = None if vb_test_score_form.score.data: vb_score = float(vb_test_score_form.score.data) score = VBTestScore( user_id=user.id, test_id=int(vb_test_score_form.test.data), score=vb_score, remark_html=sanitize_html(vb_test_score_form.remark.data), retrieved=vb_test_score_form.retrieved.data, retake=vb_test_score_form.retake.data, skip=vb_test_score_form.skip.data, feedback=vb_test_score_form.feedback.data, modified_by_id=current_user.id ) db.session.add(score) db.session.commit() flash('已添加VB考试记录:{}'.format(score.summary), category='success') add_user_log( user=current_user._get_current_object(), event='添加VB考试记录:{}'.format(score.summary), category='manage' ) return redirect(url_for('profile.score', id=user.id)) y_gre_test_score_form = YGRETestScoreForm(prefix='y_gre_test_score') if y_gre_test_score_form.submit.data and y_gre_test_score_form.validate_on_submit(): v_score = None if y_gre_test_score_form.v_score.data: v_score = int(y_gre_test_score_form.v_score.data) q_score = None if y_gre_test_score_form.q_score.data: q_score = int(y_gre_test_score_form.q_score.data) aw_score = None if y_gre_test_score_form.aw_score.data: aw_score = int(y_gre_test_score_form.aw_score.data) score = YGRETestScore( user_id=user.id, test_id=int(y_gre_test_score_form.test.data), v_score=v_score, q_score=q_score, aw_score_id=aw_score, remark_html=sanitize_html(y_gre_test_score_form.remark.data), retrieved=y_gre_test_score_form.retrieved.data, retake=y_gre_test_score_form.retake.data, skip=y_gre_test_score_form.skip.data, feedback=y_gre_test_score_form.feedback.data, modified_by_id=current_user.id ) db.session.add(score) db.session.commit() flash('已添加Y-GRE考试记录:{}'.format(score.summary), category='success') add_user_log( user=current_user._get_current_object(), event='添加Y-GRE考试记录:{}'.format(score.summary), category='manage' ) return redirect(url_for('profile.score', id=user.id)) gre_test_score_form = GRETestScoreForm(prefix='gre_test_score') if gre_test_score_form.submit.data and gre_test_score_form.validate_on_submit(): label_id = None if int(gre_test_score_form.score_label.data) > 0: label_id = int(gre_test_score_form.score_label.data) if user.gre_test_scores.filter_by(label_id=label_id).first() is not None: flash('“{}”已经拥有“{}”成绩'.format( user.name_email, ScoreLabel.query.get(label_id).name ), category='error') return redirect(url_for('profile.score', id=user.id)) aw_score_id = None if gre_test_score_form.aw_score.data: aw_score_id = int(gre_test_score_form.aw_score.data) score = GRETestScore( user_id=user.id, test_id=int(gre_test_score_form.test_date.data), label_id=label_id, v_score=gre_test_score_form.v_score.data, q_score=gre_test_score_form.q_score.data, aw_score_id=aw_score_id, remark_html=sanitize_html(gre_test_score_form.remark.data), registered=gre_test_score_form.registered.data, modified_by_id=current_user.id ) db.session.add(score) db.session.commit() flash('已添加GRE考试记录:{}'.format(score.summary), category='success') add_user_log( user=current_user._get_current_object(), event='添加GRE考试记录:{}'.format(score.summary), category='manage' ) return redirect(url_for('profile.score', id=user.id)) gmat_test_score_form = GMATTestScoreForm(prefix='gmat_test_score') if gmat_test_score_form.submit.data and gmat_test_score_form.validate_on_submit(): label_id = None if int(gmat_test_score_form.score_label.data) > 0: label_id = int(gmat_test_score_form.score_label.data) if user.gmat_test_scores.filter_by(label_id=label_id).first() is not None: flash('“{}”已经拥有“{}”成绩'.format( user.name_email, ScoreLabel.query.get(label_id).name ), category='error') return redirect(url_for('profile.score', id=user.id)) aw_score_id = None if gmat_test_score_form.aw_score.data: aw_score_id = int(gmat_test_score_form.aw_score.data) score = GMATTestScore( user_id=user.id, test_id=int(gmat_test_score_form.test_date.data), label_id=label_id, ir_score=gmat_test_score_form.ir_score.data, q_score=gmat_test_score_form.q_score.data, v_score=gmat_test_score_form.v_score.data, total_score=gmat_test_score_form.total_score.data, aw_score_id=aw_score_id, remark_html=sanitize_html(gmat_test_score_form.remark.data), registered=gmat_test_score_form.registered.data, modified_by_id=current_user.id ) db.session.add(score) db.session.commit() flash('已添加GMAT考试记录:{}'.format(score.summary), category='success') add_user_log( user=current_user._get_current_object(), event='添加GMAT考试记录:{}'.format(score.summary), category='manage' ) return redirect(url_for('profile.score', id=user.id)) toefl_test_score_form = TOEFLTestScoreForm(prefix='toefl_test_score') if toefl_test_score_form.submit.data and toefl_test_score_form.validate_on_submit(): label_id = None if int(toefl_test_score_form.score_label.data) > 0: label_id = int(toefl_test_score_form.score_label.data) if user.toefl_test_scores.filter_by(label_id=label_id).first() is not None: flash('“{}”已经拥有“{}”成绩'.format( user.name_email, ScoreLabel.query.get(label_id).name ), category='error') return redirect(url_for('profile.score', id=user.id)) score = TOEFLTestScore( user_id=user.id, test_id=int(toefl_test_score_form.test_date.data), label_id=label_id, total_score=toefl_test_score_form.total.data, reading_score=toefl_test_score_form.reading.data, listening_score=toefl_test_score_form.listening.data, speaking_score=toefl_test_score_form.speaking.data, writing_score=toefl_test_score_form.writing.data, remark_html=sanitize_html(toefl_test_score_form.remark.data), registered=toefl_test_score_form.registered.data, modified_by_id=current_user.id ) db.session.add(score) db.session.commit() flash('已添加TOEFL考试记录:{}'.format(score.summary), category='success') add_user_log( user=current_user._get_current_object(), event='添加TOEFL考试记录:{}'.format(score.summary), category='manage' ) return redirect(url_for( 'profile.score', id=user.id, page=request.args.get('page', 1, type=int) )) return minify(render_template( 'profile/score.html', profile_tab=tab, assignment_score_form=assignment_score_form, vb_test_score_form=vb_test_score_form, y_gre_test_score_form=y_gre_test_score_form, gre_test_score_form=gre_test_score_form, gmat_test_score_form=gmat_test_score_form, toefl_test_score_form=toefl_test_score_form, user=user ))