def api_store_suggestions(): if not current_user.has_capability('editor'): abort(403) data = [] form = StoreSuggestionSearchForm() if not form.validate_on_submit(): return json_response({'status': -1, 'errors': form.errors}) stores = ObjectDump.query.filter_by(type='suggestion') if form.region.data and form.region.data not in ['None', '_all']: stores = stores.filter_by(region_id=form.region.data) elif not current_user.has_capability('admin'): stores = stores.filter(Store.region_id.in_(current_user.region_ids)) if form.settled.data and form.settled.data not in ['None', '_all']: stores = stores.filter_by(settled=form.settled.data == 'yes') count = stores.count() stores = stores.order_by(getattr(getattr(ObjectDump, form.sort_field.data), form.sort_order.data)())\ .limit(current_app.config['ITEMS_PER_PAGE'])\ .offset((form.page.data - 1) * current_app.config['ITEMS_PER_PAGE'])\ .all() for store in stores: item = store.data item['id'] = store.id item['created'] = store.created data.append(item) return json_response({'data': data, 'status': 0, 'count': count})
def store_edit(store_id): if not current_user.has_capability('editor'): abort(403) store = Store.query.get_or_404(store_id) if not current_user.has_capability( 'admin') and store.region not in current_user.region: abort(403) form = StoreForm(obj=store) if form.validate_on_submit(): opening_times_data = {} for field in ['all', 'delivery', 'pickup']: opening_times_data[field] = getattr(form, 'opening_times_%s' % field) delattr(form, 'opening_times_%s' % field) form.populate_obj(store) setattr(store, 'revisited_%s' % current_user.role, datetime.utcnow()) db.session.add(store) db.session.commit() save_opening_times_form(form, opening_times_data, store) es_index_store_delay.delay(store.id) create_store_revision_delay.delay(store.id) upload_files(form, store, 'store') flash('Geschäft erfolgreich gespeichert', 'success') return redirect('/admin/stores') return render_template('store-edit.html', form=form, store=store, opening_times=get_opening_times_for_form(store.id))
def user_edit(store_id): if not current_user.has_capability('admin'): abort(403) user = User.query.get_or_404(store_id) if current_user.has_capability('admin'): form = UserAdminForm(obj=user) else: form = UserForm(obj=user) if form.validate_on_submit(): form.populate_obj(user) db.session.add(user) db.session.commit() flash('Nutzer erfolgreich gespeichert', 'success') return redirect('/admin/users') return render_template('user-edit.html', form=form, user=user)
def admin_document_file_new(document_id): if not current_user.has_capability('admin'): abort(403) document = Document.get_or_404(document_id) form = DocumentNewFileForm() if form.validate_on_submit(): file_data = form.image_file.data file = File() if form.name.data: file.name = form.name.data file.fileName = file_data.filename file.mimeType = file_data.content_type file.document = document file.save() document.files.append(file) document.save() path = os.path.join(current_app.config['TEMP_UPLOAD_DIR'], str(file.id)) form.image_file.data.seek(0) form.image_file.data.save(path) process_file.delay(str(file.id)) return redirect( url_for('archive_management.admin_document_file_show', document_id=document_id, file_id=str(file.id))) return render_template('document-file-new.html', document=document, form=form, is_edit_mode=False, post=request.url)
def store_delete(store_id): if not current_user.has_capability('admin'): abort(403) store = Store.query.get_or_404(store_id) if not current_user.has_capability('admin') and store.region not in current_user.region: abort(403) form = StoreDeleteForm() if form.validate_on_submit(): if form.abort.data: return redirect('/admin/stores') store.deleted = True db.session.add(store) db.session.commit() flash('Geschäft erfolgreich gelöscht', 'success') return redirect('/admin/stores') return render_template('store-delete.html', store=store, form=form)
def api_admin_comments(): if not current_user.has_capability('admin'): abort(403) form = CommentSearchForm() if not form.validate_on_submit(): return json_response({'status': -1}) object_kwargs = {} begin, end = form.daterange.data.split(' - ') object_kwargs['created__gte'] = datetime.strptime(begin, '%d.%m.%Y') object_kwargs['created__lte'] = datetime.strptime( end, '%d.%m.%Y') + timedelta(days=1) # TODO: bad data in form status: why? browser side issue #object_kwargs['status__in'] = [int(x) for x in form.status.data] comments = Comment.objects(**object_kwargs) count = comments.count() comments = comments.order_by('%s%s' % ('+' if form.sort_order.data == 'asc' else '-', form.sort_field.data)) \ .limit(current_app.config['ITEMS_PER_PAGE']) \ .skip((form.page.data - 1) * current_app.config['ITEMS_PER_PAGE']) \ .all() data = [] for comment in comments: comment_dict = comment.to_dict() comment_dict['document'] = comment.document.to_dict() data.append(comment_dict) return json_response({'data': data, 'status': 0, 'count': count})
def api_stores(): if not current_user.has_capability('editor'): abort(403) data = [] form = StoreSearchForm() if not form.validate_on_submit(): return json_response({'status': -1, 'errors': form.errors}) stores = Store.query.filter(Store.deleted == False) if form.name.data: stores = stores.filter(Store.name.like('%%%s%%' % form.name.data)) if form.region.data and form.region.data not in ['None', '_all', '_none']: stores = stores.filter_by(region_id=form.region.data) elif form.region.data == '_none': stores = stores.filter_by(region_id=None) elif not current_user.has_capability('admin'): stores = stores.filter(Store.region_id.in_(current_user.region_ids)) if form.revisit_required.data and form.revisit_required.data not in [ 'None', '_all' ]: if form.revisit_required.data == 'yes': stores = stores.filter( not_( or_(Store.revisited_government != None, Store.revisited_user != None, Store.revisited_store != None, Store.revisited_admin != None, Store.revisited_organisation != None))) else: stores = stores.filter( or_(Store.revisited_government != None, Store.revisited_user != None, Store.revisited_store != None, Store.revisited_admin != None, Store.revisited_organisation != None)) count = stores.count() stores = stores.order_by(getattr(getattr(Store, form.sort_field.data), form.sort_order.data)())\ .limit(current_app.config['ITEMS_PER_PAGE'])\ .offset((form.page.data - 1) * current_app.config['ITEMS_PER_PAGE'])\ .all() for store in stores: item = store.to_dict() data.append(item) return json_response({'data': data, 'status': 0, 'count': count})
def archive_category_upload_file(archive_id, category_id): if not current_user.has_capability('admin'): abort(403) archive = Category.get_or_404(archive_id) category = Category.get_or_404(category_id) elastic_request = ElasticRequest( current_app.config['ELASTICSEARCH_DOCUMENT_INDEX'] + '-latest', 'document' ) elastic_request.set_fq('category_with_parents', category_id) elastic_request.query_parts_should = [ {"range": {"file_missing_count": {"gte": 1}}}, {"range": {"file_count": {"gte": 1}}} ], elastic_request.set_limit(32000) elastic_request.query() documents = elastic_request.get_results() if request.files: uploaded_file = request.files['file'] # Hacky way of uploading files because at Stadtarchiv Moers, there's no connection between Document and File in XML print(archive.title) if archive.title == 'Stadtarchiv Moers': document, matching_file = get_matching_document_file_stadtarchiv_moers(archive, uploaded_file) if not document: return jsonify({'error': 'Dateiname wurde in keinem Dokument dieser Kategorie gefunden.'}), 400 else: matching_file_as_dict, document_as_dict = get_matching_file(uploaded_file, documents) if not matching_file_as_dict: return jsonify({'error': 'Dateiname wurde in keinem Dokument dieser Kategorie gefunden.'}), 400 # we need to fetch this document and assign it to the matching_file, because the process_file # function will use this property later on - mongoengine does not dereference it. document = Document.get(document_as_dict.get('id')) if not document: return jsonify({'error': 'Das angegebene Dokument ist indiziert, wurde jedoch nicht in der Datenbank gefunden.'}), 400 matching_file = File.get(matching_file_as_dict.get('id')) if not matching_file: return jsonify({'error': 'Die angegebene Datei ist indiziert, wurde jedoch nicht in der Datenbank gefunden.'}), 400 matching_file.mimeType = uploaded_file.content_type matching_file.document = document matching_file.save() if matching_file not in matching_file.document.files: if matching_file.document.files: matching_file.document.files.append(matching_file) else: matching_file.document.files = [matching_file] matching_file.document.save() # This should be part of the process_file function path = os.path.join(current_app.config['TEMP_UPLOAD_DIR'], str(matching_file.id)) uploaded_file.seek(0) uploaded_file.save(path) process_file.delay(str(matching_file.id)) return jsonify(success=True)
def archive_show(archive_id): if not current_user.has_capability('admin'): abort(403) archive = Category.get_or_404(archive_id) return render_template( 'admin-archive-show.html', archive=archive, children=archive.get_dict_with_children(True).get('children'))
def user_new(): if not current_user.has_capability('admin'): abort(403) if current_user.has_capability('admin'): form = UserAdminForm() else: form = UserForm() if form.validate_on_submit(): user = User() form.populate_obj(user) user.password = get_random_password() user.capabilities = ['admin'] db.session.add(user) db.session.commit() flash('Nutzer erfolgreich gespeichert', 'success') return redirect('/admin/users') return render_template('user-new.html', form=form)
def user_switch(user_id): newuser = User.query.get(user_id) if not newuser: abort(403) if current_user.has_capability('admin'): session['emulate-user-id'] = user_id return redirect('/') abort(403)
def archive_category_show(archive_id, category_id): if not current_user.has_capability('admin'): abort(403) archive = Category.get_or_404(archive_id) category = Category.get_or_404(category_id) return render_template('category-show.html', archive=archive, category=category)
def store_suggestion_edit(suggestion_id): if not current_user.has_capability('editor'): abort(403) object_dump = ObjectDump.query.get_or_404(suggestion_id) store = Store.query.get_or_404(object_dump.object_id) return render_template('store-suggestion-edit.html', object_dump=object_dump, store=store)
def store_show(store_id): if not current_user.has_capability('editor'): abort(403) store = Store.query.get_or_404(store_id) opening_times = OpeningTime.query.filter_by(store_id=store.id).order_by( OpeningTime.weekday, OpeningTime.open).all() return render_template('store-show.html', store=store, opening_times=opening_times)
def archive_category_edit(document_id): if not current_user.has_capability('admin'): abort(403) document = Document.get_or_404(document_id) form = DocumentForm(obj=document) if form.validate_on_submit(): form.populate_obj(document) document.save() return redirect('/document/%s' % document.id) return render_template('document-edit.html', document=document, form=form)
def admin_document_file_show(document_id, file_id): if not current_user.has_capability('admin'): abort(403) document = Document.get_or_404(document_id) file = File.get_or_404(file_id) return render_template('document-file-show.html', document=document, file=file, url=get_first_thumbnail_url(document.id, file.id, 1200))
def subsite_edit(subsite_id): if not current_user.has_capability('admin'): abort(403) subsite = Subsite.get_or_404(subsite_id) form = SubsiteForm(obj=subsite) if form.validate_on_submit(): form.populate_obj(subsite) subsite.save() flash('Subsite %s gespeichert.' % subsite.title, 'success') return redirect('/admin/subsites') return render_template('subsite-edit.html', form=form, subsite=subsite)
def subsite_new(): if not current_user.has_capability('admin'): abort(403) form = SubsiteForm() if form.validate_on_submit(): subsite = Subsite() form.populate_obj(subsite) subsite.save() flash('Subsite %s gespeichert.' % subsite.title, 'success') return redirect('/admin/subsites') return render_template('subsite-new.html', form=form)
def user_new(): if not current_user.has_capability('admin'): abort(403) form = UserForm() if form.validate_on_submit(): user = User() form.populate_obj(user) user.save() flash('User %s gespeichert.' % user.email, 'success') return redirect('/admin/users') return render_template('user-new.html', form=form)
def user_edit(user_id): if not current_user.has_capability('admin'): abort(403) user = User.get_or_404(user_id) form = UserForm(obj=user) if form.validate_on_submit(): form.populate_obj(user) user.save() flash('User %s gespeichert.' % user.email, 'success') return redirect('/admin/users') return render_template('user-edit.html', form=form, user=user)
def archive_edit(archive_id): if not current_user.has_capability('admin'): abort(403) category = Category.get_or_404(archive_id) form = ArchiveForm(obj=category) if form.validate_on_submit(): form.populate_obj(category) category.save() flash('Archiv %s gespeichert.' % category.title, 'success') return redirect('/admin/archives') return render_template('archive-edit.html', form=form, archive=category)
def archive_new(): if not current_user.has_capability('admin'): abort(403) form = ArchiveForm() if form.validate_on_submit(): category = Category() form.populate_obj(category) category.save() flash('Archiv %s gespeichert.' % category.title, 'success') return redirect('/admin/archives') return render_template('admin-archive-new.html', form=form)
def user_delete(user_id): if not current_user.has_capability('admin'): abort(403) user = User.get_or_404(user_id) form = UserDeleteForm() if form.validate_on_submit(): if form.abort.data: return redirect('/admin/users') user.delete() flash('User %s gelöscht.' % user.email, 'success') return redirect('/admin/users') return render_template('user-delete.html', form=form, user=user)
def admin_document_show(document_id): if not current_user.has_capability('admin'): abort(403) document = Document.get_or_404(document_id) categories = [] for i in range(0, len(document.category)): category = document.category[i] categories.append([]) while category: categories[i].insert(0, category) category = category.parent document.categories = categories return render_template('document-show.html', document=document)
def archive_delete(archive_id): if not current_user.has_capability('admin'): abort(403) category = Category.get_or_404(archive_id) form = ArchiveDeleteForm() if form.validate_on_submit(): if form.abort.data: return redirect('/admin/archives') category.delete() flash('Archiv %s gelöscht.' % category.title, 'success') return redirect('/admin/archives') return render_template('archive-delete.html', form=form, archive=category)
def __init__(self, all_option=False, limit_allowed=False, **kwargs): self.simple_validate = getattr(kwargs['_form'], 'simple_validate', False) super(RegionField, self).__init__(**kwargs) self.choices = [('_all', 'beliebig')] if all_option else [('0', 'bitte wählen')] if self.simple_validate: return regions = Region.query if limit_allowed and not current_user.has_capability('admin'): regions = regions.filter(Region.user.contains(current_user)) regions = regions.order_by(Region.name).all() for region in regions: self.choices.append((str(region.id), region.name))
def subsite_delete(subsite_id): if not current_user.has_capability('admin'): abort(403) subsite = Subsite.get_or_404(subsite_id) form = SubsiteDeleteForm() if form.validate_on_submit(): if form.abort.data: return redirect('/admin/subsites') subsite.delete() flash('Subsite %s gelöscht.' % subsite.title, 'success') return redirect('/admin/subsites') return render_template('subsite-delete.html', form=form, subsite=subsite)
def category_edit(category_id): if not current_user.has_capability('admin'): abort(403) category = Category.query.get_or_404(category_id) form = CategoryForm(obj=category) if form.validate_on_submit(): form.populate_obj(category) db.session.add(category) db.session.commit() upload_files(form, category, 'category') flash('Category erfolgreich gespeichert', 'success') return redirect('/admin/categorys') return render_template('category-edit.html', form=form, category=category)
def api_admin_archive_category_table(category_id, filename): if not current_user.has_capability('admin'): abort(403) category = Category.get_or_404(category_id) check_uuid_filename(filename) dit = DataImportTable(filename) return json_response({ 'status': 0, 'data': { 'header': dit.header, 'datasets': dit.preview } })
def region_edit(region_id): region = Region.query.get_or_404(region_id) if not current_user.has_capability( 'admin') and region not in current_user.region: abort(403) form = RegionForm(obj=region) if form.validate_on_submit(): form.populate_obj(region) db.session.add(region) db.session.commit() upload_files(form, region, 'region') flash('Region erfolgreich gespeichert', 'success') return redirect('/admin/regions') return render_template('region-edit.html', form=form, region=region)