def edit(id):
item = MediaItem.query.filter_by(id=id).first_or_404()
form = MediaItemEditForm()
form.category.choices = gen_media_category_choices()
# TODO: write custom decorator for this?
if not current_user.has_admin_role() and current_user.has_media_role(
) and item.is_visible == False and item.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.is_media_admin(
) and item.is_visible == False and not item.created_by == current_user:
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.is_media_admin():
del form.is_visible
form.file.label.text = "Replace with file"
if form.validate_on_submit():
item.name = form.name.data
item.category_id = form.category.data
if current_user.is_event_admin():
item.is_visible = form.is_visible.data
if form.file.data:
remove(path.join(app.config["MEDIA_DIR"], item.filename))
filepath = path.join(app.config["MEDIA_DIR"], item.filename)
form.file.data.save(filepath)
item.filesize = stat(filepath).st_size
db.session.commit()
flash("File was edited.", "success")
return redirect(url_for("media.view", id=id))
elif request.method == "GET":
form.name.data = item.name
form.category.data = item.category_id
if current_user.is_media_admin():
form.is_visible.data = item.is_visible
return render_template("media/edit.html",
form=form,
title=page_title("Edit File '%s'" % item.name))
def view(id):
item = MediaItem.query.filter_by(id=id).first_or_404()
# TODO: write custom decorator for this?
if not current_user.is_event_admin(
) and item.is_visible == False and not item.created_by == current_user:
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.has_admin_role() and current_user.has_media_role(
) and item.is_visible == False and item.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
return render_template("media/view.html",
item=item,
title=page_title("View File"))
def delete(id):
event = Event.query.filter_by(id=id).first_or_404()
# TODO: write custom decorator for this?
if not current_user.has_admin_role() and current_user.has_event_role(
) and event.is_visible == False and event.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.is_event_admin(
) and event.is_visible == False and not event.created_by == current_user:
flash_no_permission()
return redirect(url_for(no_perm_url))
db.session.delete(event)
db.session.commit()
flash("Event was deleted", "success")
return redirect(url_for("calendar.index"))
def view(id):
event = Event.query.filter_by(id=id).first_or_404()
moons = Moon.query.all()
# TODO: write decorator for this?
if not current_user.is_event_admin(
) and event.is_visible == False and not event.created_by == current_user:
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.has_admin_role() and current_user.has_event_role(
) and event.is_visible == False and event.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
return render_template("event/view.html",
event=event,
moons=moons,
title=page_title("View Event '%s'" % event.name))
def delete(id):
item = MediaItem.query.filter_by(id=id).first_or_404()
if not current_user.is_event_admin(
) and item.is_visible == False and not item.created_by == current_user:
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.has_admin_role() and current_user.has_media_role(
) and item.is_visible == False and item.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
remove(path.join(app.config["MEDIA_DIR"], item.filename))
db.session.delete(item)
db.session.commit()
flash("Media item was deleted.", "success")
return redirect(url_for('media.index'))
def create():
settings = EventSetting.query.get(1)
form = EventForm()
form.submit.label.text = "Create Event"
form.category.choices = gen_event_category_choices()
form.epoch.choices = gen_epoch_choices()
form.month.choices = gen_month_choices()
if request.method == "POST":
form.day.choices = gen_day_choices(form.month.data)
else:
form.day.choices = gen_day_choices(1)
form.category.data = settings.default_category
form.is_visible.data = settings.default_visible
if settings.default_epoch:
form.epoch.data = settings.default_epoch
if settings.default_year:
form.year.data = settings.default_year
if not current_user.is_event_admin():
del form.is_visible
if form.validate_on_submit():
new_event = Event(name=form.name.data,
category_id=form.category.data,
description=form.description.data,
epoch_id=form.epoch.data,
year=form.year.data,
month_id=form.month.data,
day=form.day.data,
duration=form.duration.data)
if current_user.is_event_admin():
new_event.is_visible = form.is_visible.data
else:
new_event.is_visible = settings.default_visible
db.session.add(new_event)
db.session.commit()
update_timestamp(new_event.id)
flash("Event was created.", "success")
return redirect(url_for("event.view", id=new_event.id))
elif request.method == "GET":
# pre-select fields if get-params were passed
epoch_id = request.args.get("epoch")
year = request.args.get("year")
category_id = request.args.get("category")
# will do nothing if var is not an int or not in choices
if epoch_id:
try:
form.epoch.data = int(epoch_id)
except:
pass
# will do nothing if var is not an int or not in choices
if year:
try:
form.year.data = int(year)
except:
pass
# will do nothing if var is not an int or not in choices
if category_id:
try:
form.category.data = int(category_id)
except:
pass
calendar_helper = gen_calendar_stats()
return render_template("event/create.html",
form=form,
calendar=calendar_helper,
title=page_title("Add Event"))
def edit(id):
event = Event.query.filter_by(id=id).first_or_404()
form = EventForm()
form.submit.label.text = "Save Event"
form.category.choices = gen_event_category_choices()
form.epoch.choices = gen_epoch_choices()
form.month.choices = gen_month_choices()
if request.method == "POST":
form.day.choices = gen_day_choices(form.month.data)
else:
form.day.choices = gen_day_choices(event.month_id)
# TODO: write custom decorator for this?
if not current_user.has_admin_role() and current_user.has_event_role(
) and event.is_visible == False and event.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.is_event_admin(
) and event.is_visible == False and not event.created_by == current_user:
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.is_event_admin():
del form.is_visible
if form.validate_on_submit():
event.name = form.name.data
event.category_id = form.category.data
event.description = form.description.data
event.epoch_id = form.epoch.data
event.year = form.year.data
event.month_id = form.month.data
event.day = form.day.data
event.duration = form.duration.data
if current_user.is_event_admin():
event.is_visible = form.is_visible.data
db.session.commit()
update_timestamp(event.id)
flash("Event was edited.", "success")
return redirect(url_for("event.view", id=id))
elif request.method == "GET":
form.name.data = event.name
form.category.data = event.category_id
form.description.data = event.description
form.epoch.data = event.epoch_id
form.year.data = event.year
form.month.data = event.month_id
form.day.data = event.day
form.duration.data = event.duration
if current_user.is_event_admin():
form.is_visible.data = event.is_visible
calendar_helper = gen_calendar_stats()
return render_template("event/edit.html",
form=form,
calendar=calendar_helper,
title=page_title("Edit Event '%s'" % event.name))
def decorated_function(*args, **kwargs):
if not current_user.is_event_admin():
flash("You need to be a event admin to perform this action.", "danger")
return redirect(url_for("calendar.index"))
return f(*args, **kwargs)
