def sidebar():
if current_user.has_admin_role():
entries = Event.query
elif current_user.has_event_role():
admins = User.query.filter(User.roles.contains(Role.query.get(1)))
admin_ids = [a.id for a in admins]
entries = Event.query.filter(
not_(
and_(Event.is_visible == False,
Event.created_by_id.in_(admin_ids))))
else:
entries = Event.query.filter(
or_(Event.is_visible == True,
Event.created_by_id == current_user.id))
entries = entries.with_entities(Event.id, Event.name,
Event.is_visible).order_by(
Event.name.asc()).all()
return jsonify(entries)
def delete(id):
if id == 1:
flash("The wiki main page can't be deleted", "danger")
return redirect(url_for('wiki.index'))
wikientry = WikiEntry.query.filter_by(id=id).first_or_404()
# TODO: write custom decorator / function for this
if not current_user.is_wiki_admin() and wikientry.is_visible == False and not wikientry.created_by == current_user:
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.has_admin_role() and current_user.has_wiki_role() and wikientry.is_visible == False and wikientry.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
db.session.delete(wikientry)
db.session.commit()
flash("Wiki article was deleted.", "success")
return redirect(url_for('wiki.index'))
def view_with_node(id, n_id):
mapsettings = MapSetting.query.get(1)
map_ = Map.query.filter_by(id=id).first_or_404()
node = MapNode.query.filter_by(id=n_id).first_or_404()
if map_.is_visible == False and not current_user.has_admin_role():
flash("This map is not visible.", "danger")
return redirect(url_for("index"))
if node.on_map != map_.id:
flash("Map node {0} could not be found on this map".format(node.id),
"danger")
return render_template("map/index.html",
settings=mapsettings,
map_=map_,
title=page_title(map_.name))
return render_template("map/index.html",
settings=mapsettings,
map_=map_,
jump_to_node=node.id,
title=page_title(map_.name))
def sidebar(c_id):
if current_user.has_admin_role():
entries = MediaItem.query
elif current_user.has_media_role():
admins = User.query.filter(User.roles.contains(Role.query.get(1)))
admin_ids = [a.id for a in admins]
entries = MediaItem.query.filter(
not_(
and_(MediaItem.is_visible == False,
MediaItem.created_by_id.in_(admin_ids))))
else:
entries = MediaItem.query.filter(
or_(MediaItem.is_visible == True,
MediaItem.created_by_id == current_user.id))
entries = entries.filter_by(category_id=c_id).order_by(
MediaItem.name.asc()).all()
d = {}
for m in entries:
d[m.id] = m.to_dict()
return jsonify(d)
def edit(id):
event = Event.query.filter_by(id=id).first_or_404()
form = EventForm()
form.submit.label.text = "Save Event"
form.category.choices = gen_event_category_choices()
form.epoch.choices = gen_epoch_choices()
form.month.choices = gen_month_choices()
if request.method == "POST":
form.day.choices = gen_day_choices(form.month.data)
else:
form.day.choices = gen_day_choices(event.month_id)
# TODO: write custom decorator for this?
if not current_user.has_admin_role() and current_user.has_event_role(
) and event.is_visible == False and event.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.is_event_admin(
) and event.is_visible == False and not event.created_by == current_user:
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.is_event_admin():
del form.is_visible
if form.validate_on_submit():
event.name = form.name.data
event.category_id = form.category.data
event.description = form.description.data
event.epoch_id = form.epoch.data
event.year = form.year.data
event.month_id = form.month.data
event.day = form.day.data
event.duration = form.duration.data
if current_user.is_event_admin():
event.is_visible = form.is_visible.data
db.session.commit()
update_timestamp(event.id)
flash("Event was edited.", "success")
return redirect(url_for("event.view", id=id))
elif request.method == "GET":
form.name.data = event.name
form.category.data = event.category_id
form.description.data = event.description
form.epoch.data = event.epoch_id
form.year.data = event.year
form.month.data = event.month_id
form.day.data = event.day
form.duration.data = event.duration
if current_user.is_event_admin():
form.is_visible.data = event.is_visible
calendar_helper = gen_calendar_stats()
return render_template("event/edit.html",
form=form,
calendar=calendar_helper,
title=page_title("Edit Event '%s'" % event.name))
def redirect_non_admins():
if not current_user.has_admin_role():
flash("Operation not permitted.")
redirect(url_for("index"))
def node_edit(id):
form = MapNodeForm()
form.submit.label.text = "Save Location"
if not current_user.is_map_admin():
del form.is_visible
if not current_user.has_admin_role():
del form.submap
else:
form.submap.choices = gen_submap_choices()
form.node_type.choices = gen_node_type_choices()
node = MapNode.query.filter_by(id=id).first_or_404()
# TODO: make custom decorators for this?
if not current_user.has_admin_role() and current_user.has_map_role(
) and node.is_visible == False and node.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.is_map_admin(
) and node.is_visible == False and not node.created_by == current_user:
flash_no_permission()
redirect(url_for(no_perm_url))
wiki_entry_ok = True
if node.wiki_entry_id != 0 and node.wiki_entry_id != None:
wentry = WikiEntry.query.filter_by(id=node.wiki_entry_id).first()
if not wentry:
wiki_entry_ok = False
else:
if not current_user.has_admin_role(
) and current_user.is_wiki_admin(
) and wentry.is_visible == False and wentry.created_by.has_admin_role(
):
wiki_entry_ok = False
if not current_user.is_wiki_admin(
) and wentry.is_visible == False and not wentry.created_by == current_user:
wiki_entry_ok = False
if wiki_entry_ok == True:
form.wiki_entry.choices = gen_wiki_entry_choices()
else:
form.wiki_entry.label.text = "(wiki entry is invisible to you and can not be changed.)"
form.wiki_entry.render_kw = {
"disabled": "disabled"
}
form.wiki_entry.choices = [(0, "disabled")]
if form.validate_on_submit():
node.name = form.name.data
node.description = form.description.data
node.node_type = form.node_type.data
node.coord_x = form.coord_x.data
node.coord_y = form.coord_y.data
if wiki_entry_ok == True:
node.wiki_entry_id = form.wiki_entry.data
if current_user.is_map_admin():
node.is_visible = form.is_visible.data
if current_user.has_admin_role():
node.submap = form.submap.data
db.session.commit()
map_changed(node.on_map)
return jsonify(data={
'success': True,
'message': "Location was edited."
})
elif request.method == "POST":
return jsonify(
data={
'success': False,
'message': "Form validation error",
'errors': form.errors
})
form.name.data = node.name
form.description.data = node.description
form.node_type.data = node.node_type
form.coord_x.data = node.coord_x
form.coord_y.data = node.coord_y
if wiki_entry_ok == True:
form.wiki_entry.data = node.wiki_entry_id
if current_user.is_map_admin():
form.is_visible.data = node.is_visible
if current_user.has_admin_role():
form.submap.data = node.submap
return render_template("map/node_edit.html", form=form, node=node)
def node_create(map_id, x, y):
Map.query.filter_by(id=map_id).first_or_404()
form = MapNodeForm()
form.submit.label.text = "Create Location"
if not current_user.is_map_admin():
del form.is_visible
if not current_user.has_admin_role():
del form.submap
else:
form.submap.choices = gen_submap_choices()
form.coord_x.data = x
form.coord_y.data = y
form.node_type.choices = gen_node_type_choices()
form.wiki_entry.choices = gen_wiki_entry_choices()
if form.validate_on_submit():
new_node = MapNode(name=form.name.data,
description=form.description.data,
node_type=form.node_type.data,
coord_x=form.coord_x.data,
coord_y=form.coord_y.data,
wiki_entry_id=form.wiki_entry.data,
on_map=map_id)
if current_user.is_map_admin():
new_node.is_visible = form.is_visible.data
if new_node.is_visible:
message = "Location was created."
else:
message = "Location was created, it is only visible to map admins."
else:
msetting = MapSetting.query.get(1)
new_node.is_visible = msetting.default_visible
if new_node.is_visible:
message = "Location was created."
else:
message = "Location was created. Until approved, it is only visible to map admins and you."
if current_user.has_admin_role():
new_node.submap = form.submap.data
db.session.add(new_node)
db.session.commit()
map_changed(new_node.on_map)
return jsonify(data={'success': True, 'message': message})
elif request.method == "POST":
return jsonify(
data={
'success': False,
'message': "Form validation error",
'errors': form.errors
})
else:
if current_user.is_map_admin():
msetting = MapSetting.query.get(1)
form.is_visible.data = msetting.default_visible
return render_template("map/node_create.html", form=form, x=x, y=y)
def edit(username):
# TODO: make a custom decorator for this?
if current_user.has_admin_role() or current_user.username == username:
form = EditProfileForm()
if current_user.has_admin_role():
form.roles.choices = gen_role_choices()
else:
del form.roles
user = User.query.filter_by(username=username).first_or_404()
if form.validate_on_submit():
user.about = form.about.data
if (form.password.data):
user.set_password(form.password.data)
if current_user.username == user.username:
user.must_change_password = False
elif current_user.has_admin_role():
# user must reset password after it has been changed by an admin
user.must_change_password = True
if current_user.has_admin_role():
new_user_roles = Role.query.filter(Role.id.in_(
form.roles.data)).all()
admin_role = Role.query.get(1)
if username == current_user.username and current_user.has_admin_role(
) and admin_role not in new_user_roles:
new_user_roles.append(admin_role)
flash("You can't revoke your own admin role.", "danger")
if user.id == 1 and admin_role not in new_user_roles:
new_user_roles.append(admin_role)
flash("The original admin can't be removed.", "danger")
user.roles = new_user_roles
db.session.commit()
flash("Your changes have been saved.", "success")
return redirect(url_for("user.profile", username=username))
elif request.method == "GET":
form.about.data = user.about
if current_user.has_admin_role():
user_roles = []
for role in user.roles:
user_roles.append(str(role.id))
form.roles.data = user_roles
return render_template("user/edit.html",
form=form,
user=user,
title=page_title("Edit User '%s'" %
user.username))
else:
flash("You dont have the neccessary role to perform this action.",
"danger")
return redirect(url_for(no_perm_url))
def decorated_function(*args, **kwargs):
if not current_user.has_admin_role():
flash("You need to be admin to perform this action.", "danger")
return redirect(url_for(url))
return f(*args, **kwargs)