def edit(id): item = MediaItem.query.filter_by(id=id).first_or_404() form = MediaItemEditForm() form.category.choices = gen_media_category_choices() # TODO: write custom decorator for this? if not current_user.has_admin_role() and current_user.has_media_role( ) and item.is_visible == False and item.created_by.has_admin_role(): flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.is_media_admin( ) and item.is_visible == False and not item.created_by == current_user: flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.is_media_admin(): del form.is_visible form.file.label.text = "Replace with file" if form.validate_on_submit(): item.name = form.name.data item.category_id = form.category.data if current_user.is_event_admin(): item.is_visible = form.is_visible.data if form.file.data: remove(path.join(app.config["MEDIA_DIR"], item.filename)) filepath = path.join(app.config["MEDIA_DIR"], item.filename) form.file.data.save(filepath) item.filesize = stat(filepath).st_size db.session.commit() flash("File was edited.", "success") return redirect(url_for("media.view", id=id)) elif request.method == "GET": form.name.data = item.name form.category.data = item.category_id if current_user.is_media_admin(): form.is_visible.data = item.is_visible return render_template("media/edit.html", form=form, title=page_title("Edit File '%s'" % item.name))
def view(id): item = MediaItem.query.filter_by(id=id).first_or_404() # TODO: write custom decorator for this? if not current_user.is_event_admin( ) and item.is_visible == False and not item.created_by == current_user: flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.has_admin_role() and current_user.has_media_role( ) and item.is_visible == False and item.created_by.has_admin_role(): flash_no_permission() return redirect(url_for(no_perm_url)) return render_template("media/view.html", item=item, title=page_title("View File"))
def delete(id): event = Event.query.filter_by(id=id).first_or_404() # TODO: write custom decorator for this? if not current_user.has_admin_role() and current_user.has_event_role( ) and event.is_visible == False and event.created_by.has_admin_role(): flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.is_event_admin( ) and event.is_visible == False and not event.created_by == current_user: flash_no_permission() return redirect(url_for(no_perm_url)) db.session.delete(event) db.session.commit() flash("Event was deleted", "success") return redirect(url_for("calendar.index"))
def view(id): event = Event.query.filter_by(id=id).first_or_404() moons = Moon.query.all() # TODO: write decorator for this? if not current_user.is_event_admin( ) and event.is_visible == False and not event.created_by == current_user: flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.has_admin_role() and current_user.has_event_role( ) and event.is_visible == False and event.created_by.has_admin_role(): flash_no_permission() return redirect(url_for(no_perm_url)) return render_template("event/view.html", event=event, moons=moons, title=page_title("View Event '%s'" % event.name))
def delete(id): item = MediaItem.query.filter_by(id=id).first_or_404() if not current_user.is_event_admin( ) and item.is_visible == False and not item.created_by == current_user: flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.has_admin_role() and current_user.has_media_role( ) and item.is_visible == False and item.created_by.has_admin_role(): flash_no_permission() return redirect(url_for(no_perm_url)) remove(path.join(app.config["MEDIA_DIR"], item.filename)) db.session.delete(item) db.session.commit() flash("Media item was deleted.", "success") return redirect(url_for('media.index'))
def create(): settings = EventSetting.query.get(1) form = EventForm() form.submit.label.text = "Create Event" form.category.choices = gen_event_category_choices() form.epoch.choices = gen_epoch_choices() form.month.choices = gen_month_choices() if request.method == "POST": form.day.choices = gen_day_choices(form.month.data) else: form.day.choices = gen_day_choices(1) form.category.data = settings.default_category form.is_visible.data = settings.default_visible if settings.default_epoch: form.epoch.data = settings.default_epoch if settings.default_year: form.year.data = settings.default_year if not current_user.is_event_admin(): del form.is_visible if form.validate_on_submit(): new_event = Event(name=form.name.data, category_id=form.category.data, description=form.description.data, epoch_id=form.epoch.data, year=form.year.data, month_id=form.month.data, day=form.day.data, duration=form.duration.data) if current_user.is_event_admin(): new_event.is_visible = form.is_visible.data else: new_event.is_visible = settings.default_visible db.session.add(new_event) db.session.commit() update_timestamp(new_event.id) flash("Event was created.", "success") return redirect(url_for("event.view", id=new_event.id)) elif request.method == "GET": # pre-select fields if get-params were passed epoch_id = request.args.get("epoch") year = request.args.get("year") category_id = request.args.get("category") # will do nothing if var is not an int or not in choices if epoch_id: try: form.epoch.data = int(epoch_id) except: pass # will do nothing if var is not an int or not in choices if year: try: form.year.data = int(year) except: pass # will do nothing if var is not an int or not in choices if category_id: try: form.category.data = int(category_id) except: pass calendar_helper = gen_calendar_stats() return render_template("event/create.html", form=form, calendar=calendar_helper, title=page_title("Add Event"))
def edit(id): event = Event.query.filter_by(id=id).first_or_404() form = EventForm() form.submit.label.text = "Save Event" form.category.choices = gen_event_category_choices() form.epoch.choices = gen_epoch_choices() form.month.choices = gen_month_choices() if request.method == "POST": form.day.choices = gen_day_choices(form.month.data) else: form.day.choices = gen_day_choices(event.month_id) # TODO: write custom decorator for this? if not current_user.has_admin_role() and current_user.has_event_role( ) and event.is_visible == False and event.created_by.has_admin_role(): flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.is_event_admin( ) and event.is_visible == False and not event.created_by == current_user: flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.is_event_admin(): del form.is_visible if form.validate_on_submit(): event.name = form.name.data event.category_id = form.category.data event.description = form.description.data event.epoch_id = form.epoch.data event.year = form.year.data event.month_id = form.month.data event.day = form.day.data event.duration = form.duration.data if current_user.is_event_admin(): event.is_visible = form.is_visible.data db.session.commit() update_timestamp(event.id) flash("Event was edited.", "success") return redirect(url_for("event.view", id=id)) elif request.method == "GET": form.name.data = event.name form.category.data = event.category_id form.description.data = event.description form.epoch.data = event.epoch_id form.year.data = event.year form.month.data = event.month_id form.day.data = event.day form.duration.data = event.duration if current_user.is_event_admin(): form.is_visible.data = event.is_visible calendar_helper = gen_calendar_stats() return render_template("event/edit.html", form=form, calendar=calendar_helper, title=page_title("Edit Event '%s'" % event.name))
def decorated_function(*args, **kwargs): if not current_user.is_event_admin(): flash("You need to be a event admin to perform this action.", "danger") return redirect(url_for("calendar.index")) return f(*args, **kwargs)