def create(request, team_link, bike_id):
# get parameters
start = request.GET.get('start', None)
finish = request.GET.get('finish', None)
try:
start = start and parse(start).date() or None
finish = finish and parse(finish).date() or None
except ValueError:
start = None
finish = None
team = team_control.get_or_404(team_link)
account = get_object_or_404(Account, user=request.user)
is_lender = team_control.is_member(account, team)
bike = get_object_or_404(Bike, id=bike_id)
if request.method == "POST":
form = forms.Create(request.POST, bike=bike, account=account,
start=start, finish=finish, is_lender=is_lender)
if form.is_valid():
borrow = control.create(account, bike,
form.cleaned_data["start"],
form.cleaned_data["finish"],
form.cleaned_data["note"].strip())
return HttpResponseRedirect("/borrow/view/%s" % borrow.id)
else:
form = forms.Create(bike=bike, account=account,
start=start, finish=finish, is_lender=is_lender)
args = {
"form" : form, "form_title" : _("BORROW_CREATE"),
"cancel_url" : "/%s/bike/view/%s" % (team_link, bike_id),
"has_required_info" : account_control.has_required_info(account)
}
return rtr(team, "borrows", request, "borrow/create.html", args)
def can_change_station(account, bike, station):
""" Check if an account can change the bike station.
Account must be a team member, bike not currently borrowed and
station must be active.
"""
return (station and station.active and bike.team == station.team and
team_control.is_member(account, bike.team) and
not currently_borrowed(bike))
def can_change_station(account, bike, station):
""" Check if an account can change the bike station.
Account must be a team member, bike not currently borrowed and
station must be active.
"""
return (station and station.active and bike.team == station.team
and team_control.is_member(account, bike.team)
and not currently_borrowed(bike))
def log_created_lender_callback(sender, **kwargs):
log = kwargs["log"]
if log.action in ["FINISHED", "BORROWER_RATE"]:
return # no one cares, dont spam
sys_edit = log.initiator == None
if sys_edit or team_control.is_member(log.initiator, log.borrow.team):
return # not need to notify team of its own actions
emails = _lender_emails(log.borrow)
subject, message = _get_email_templates("lender", log.action)
send_mail(emails, subject, message, kwargs)
def borrower_view(request, borrow_id):
account = get_object_or_404(Account, user=request.user)
borrow = get_object_or_404(Borrow, id=borrow_id)
if account != borrow.borrower:
if team_control.is_member(account, borrow.team): # is_lender
url = "/%s/borrow/view/%s" % (borrow.team.link, borrow.id)
return HttpResponseRedirect(url) # redirect lender to right url
raise PermissionDenied
args = { "borrow" : borrow, "logs" : borrow.logs.all() }
return render_response(request, "borrow/view.html", args)
def lender_view(request, team_link, borrow_id):
account = get_object_or_404(Account, user=request.user)
team = team_control.get_or_404(team_link)
borrow = get_object_or_404(Borrow, id=borrow_id, team=team)
if not team_control.is_member(account, borrow.team): # is not lender
if account == borrow.borrower: # redirect borrower to right url
return HttpResponseRedirect("/borrow/view/%s" % borrow.id)
raise PermissionDenied
args = { "borrow" : borrow, "logs" : borrow.logs.all() }
return rtr(team, "borrows", request, "borrow/view.html", args)
def borrower_view(request, borrow_id):
account = get_object_or_404(Account, user=request.user)
borrow = get_object_or_404(Borrow, id=borrow_id)
if account != borrow.borrower:
if team_control.is_member(account, borrow.team): # is_lender
url = "/%s/borrow/view/%s" % (borrow.team.link, borrow.id)
return HttpResponseRedirect(url) # redirect lender to right url
raise PermissionDenied
args = {"borrow": borrow, "logs": borrow.logs.all()}
return render_response(request, "borrow/view.html", args)
def lender_view(request, team_link, borrow_id):
account = get_object_or_404(Account, user=request.user)
team = team_control.get_or_404(team_link)
borrow = get_object_or_404(Borrow, id=borrow_id, team=team)
if not team_control.is_member(account, borrow.team): # is not lender
if account == borrow.borrower: # redirect borrower to right url
return HttpResponseRedirect("/borrow/view/%s" % borrow.id)
raise PermissionDenied
args = {"borrow": borrow, "logs": borrow.logs.all()}
return rtr(team, "borrows", request, "borrow/view.html", args)
def can_cancel(account, borrow):
today = datetime.datetime.now().date()
if borrow.finish < today: # borrow ended
return False
is_lender = team_control.is_member(account, borrow.team)
is_borrower = account == borrow.borrower
lender_state = borrow.state in ["ACCEPTED"]
borrower_state = borrow.state in ["REQUEST", "ACCEPTED"]
return (is_borrower and borrower_state or
is_lender and lender_state)
def lender_can_rate(account, borrow):
today = datetime.datetime.now().date()
if not today > borrow.finish:
return False # to soon
if borrow.state not in ["ACCEPTED"]:
return False # wrong state
if not team_control.is_member(account, borrow.team):
return False # only members
if len(Rating.objects.filter(borrow=borrow, originator='LENDER')):
return False # already rated
return True
def edit_is_allowed(account, bike, name, description, active, reserve, station,
lockcode, size, lights):
if not team_control.is_member(account, bike.team):
return False
if bike.active and not active and not can_deactivate(account, bike):
return False
if bike.station != station and not station.active:
return False
if bike.station != station and not can_change_station(account, bike, station):
return False
return True
def view(request, team_link, bike_id, tab):
team = team_control.get_or_404(team_link)
# get parameters
start = request.GET.get('start', None)
finish = request.GET.get('finish', None)
try:
start = start and parse(start).date() or None
finish = finish and parse(finish).date() or None
except ValueError:
start = None
finish = None
# check user permissions
requires_login = tab != "OVERVIEW"
requires_membership = tab != "OVERVIEW"
logged_in = request.user.is_authenticated()
if not logged_in and requires_login:
return HttpResponseRedirect("/accounts/login/?next=%s" % request.path)
account = logged_in and get_object_or_404(Account, user=request.user)
if requires_membership and not team_control.is_member(account, team):
raise PermissionDenied
# get data
bike = get_object_or_404(Bike, id=bike_id, team=team)
authorized = (account and team_control.is_member(account, team))
template = _VIEW[tab]["template"]
list_data = None
if tab == "BORROWS":
borrows = bike.borrows.all()
list_data = borrow_control.to_list_data(borrows, team_link=True)
args = {
"bike": bike,
"list_data": list_data,
"page_title": _VIEW[tab]["page_title"],
"tabs": _tabs(bike, team, tab, authorized),
"date_start": start,
"date_finish": finish,
}
return rtr(team, "bikes", request, template, args)
def edit_is_allowed(account, bike, name, description, active, reserve, station,
lockcode, size, lights):
if not team_control.is_member(account, bike.team):
return False
if bike.active and not active and not can_deactivate(account, bike):
return False
if bike.station != station and not station.active:
return False
if bike.station != station and not can_change_station(
account, bike, station):
return False
return True
def view(request, team_link, bike_id, tab):
team = team_control.get_or_404(team_link)
# get parameters
start = request.GET.get('start', None)
finish = request.GET.get('finish', None)
try:
start = start and parse(start).date() or None
finish = finish and parse(finish).date() or None
except ValueError:
start = None
finish = None
# check user permissions
requires_login = tab != "OVERVIEW"
requires_membership = tab != "OVERVIEW"
logged_in = request.user.is_authenticated()
if not logged_in and requires_login:
return HttpResponseRedirect("/accounts/login/?next=%s" % request.path)
account = logged_in and get_object_or_404(Account, user=request.user)
if requires_membership and not team_control.is_member(account, team):
raise PermissionDenied
# get data
bike = get_object_or_404(Bike, id=bike_id, team=team)
authorized = (account and team_control.is_member(account, team))
template = _VIEW[tab]["template"]
list_data = None
if tab == "BORROWS":
borrows = bike.borrows.all()
list_data = borrow_control.to_list_data(borrows, team_link=True)
args = {
"bike" : bike, "list_data" : list_data,
"page_title" : _VIEW[tab]["page_title"],
"tabs" : _tabs(bike, team, tab, authorized),
"date_start" : start, "date_finish" : finish,
}
return rtr(team, "bikes", request, template, args)
def creation_is_allowed(account, bike, start, finish, exclude=None):
if not can_borrow(bike):
return False
# check timeframe
if finish < start:
return False
if not team_control.is_member(account, bike.team):
# check minimum start time
today = datetime.datetime.now().date()
minstart = today + datetime.timedelta(days=MIN_BOOK)
if start < minstart:
return False
# only allowed to borrow one bike at a time
if len(borrows_requested_in_timeframe(account, start, finish,
exclude=exclude)):
return False
if len(active_borrows_in_timeframe(bike, start, finish, exclude=exclude)):
return False
return True
def create(request, team_link, bike_id):
# get parameters
start = request.GET.get('start', None)
finish = request.GET.get('finish', None)
try:
start = start and parse(start).date() or None
finish = finish and parse(finish).date() or None
except ValueError:
start = None
finish = None
team = team_control.get_or_404(team_link)
account = get_object_or_404(Account, user=request.user)
is_lender = team_control.is_member(account, team)
bike = get_object_or_404(Bike, id=bike_id)
if request.method == "POST":
form = forms.Create(request.POST,
bike=bike,
account=account,
start=start,
finish=finish,
is_lender=is_lender)
if form.is_valid():
borrow = control.create(account, bike, form.cleaned_data["start"],
form.cleaned_data["finish"],
form.cleaned_data["note"].strip())
return HttpResponseRedirect("/borrow/view/%s" % borrow.id)
else:
form = forms.Create(bike=bike,
account=account,
start=start,
finish=finish,
is_lender=is_lender)
args = {
"form": form,
"form_title": _("BORROW_CREATE"),
"cancel_url": "/%s/bike/view/%s" % (team_link, bike_id),
"has_required_info": account_control.has_required_info(account)
}
return rtr(team, "borrows", request, "borrow/create.html", args)
def _get_listing_bikes(request, team, form):
qs = team.bikes.all()
# hide reserve and inactive for non team members and non logged in users
logged_in = request.user.is_authenticated()
account = logged_in and get_object_or_404(Account, user=request.user) or 0
if not logged_in or not team_control.is_member(account, team):
qs = qs.filter(reserve=False, active=True)
if not form:
return list(qs)
# lights
lights = form.cleaned_data["lights"]
if lights:
qs = qs.filter(lights=True)
# size
size = form.cleaned_data["size"]
if size:
qs = qs.filter(size=size)
# filter timeframe
start = form.cleaned_data["start"]
finish = form.cleaned_data["finish"]
if finish and not start:
today = datetime.datetime.now().date()
start = today + datetime.timedelta(days=1)
if start and not finish:
finish = start + datetime.timedelta(days=7)
if start and finish:
borrows = team.borrows.filter(state="ACCEPTED")
borrows = borrows.exclude(start__gt=finish).exclude(finish__lt=start)
qs = qs.exclude(borrows__in=borrows)
return list(qs)
def _get_listing_bikes(request, team, form):
qs = team.bikes.all()
# hide reserve and inactive for non team members and non logged in users
logged_in = request.user.is_authenticated()
account = logged_in and get_object_or_404(Account, user=request.user) or 0
if not logged_in or not team_control.is_member(account, team):
qs = qs.filter(reserve=False, active=True)
if not form:
return list(qs)
# lights
lights = form.cleaned_data["lights"]
if lights:
qs = qs.filter(lights=True)
# size
size = form.cleaned_data["size"]
if size:
qs = qs.filter(size=size)
# filter timeframe
start = form.cleaned_data["start"]
finish = form.cleaned_data["finish"]
if finish and not start:
today = datetime.datetime.now().date()
start = today + datetime.timedelta(days=1)
if start and not finish:
finish = start + datetime.timedelta(days=7)
if start and finish:
borrows = team.borrows.filter(state="ACCEPTED")
borrows = borrows.exclude(start__gt=finish).exclude(finish__lt=start)
qs = qs.exclude(borrows__in=borrows)
return list(qs)
def can_edit(account, gallery):
return not (
(gallery.team and not team_control.is_member(account, gallery.team)) or
(not gallery.team and gallery.created_by != account))
def can_comment(account, borrow):
if account == borrow.borrower:
return True
if team_control.is_member(account, borrow.team):
return True
return False
def can_delete(account, bike):
""" Check if an account can delete a bike.
Account must be a team member and bike not borrowed in the future.
"""
return (team_control.is_member(account, bike.team)
and not has_future_borrows(bike))
def can_edit(account, gallery):
return not ((gallery.team and not team_control.is_member(account, gallery.team)) or
(not gallery.team and gallery.created_by != account))
def if_member(account, team):
return account and control.is_member(account, team)
def can_delete(account, bike):
""" Check if an account can delete a bike.
Account must be a team member and bike not borrowed in the future.
"""
return (team_control.is_member(account, bike.team)
and not has_future_borrows(bike))
def if_member(account, team):
return account and control.is_member(account, team)
def assert_member(account, team):
if not control.is_member(account, team):
raise PermissionDenied
def can_edit(account, station):
# account must be a member of the stations team
return team_control.is_member(account, station.team)
def can_respond(account, borrow):
if borrow.state != "REQUEST":
return False # borrow must be in request state
if not team_control.is_member(account, borrow.team):
return False # not a member
return True
