def validate_event_leaders(activities, leaders, multi_activity_mode):
"""Check whether all activities have a valid leader, display error if not.
:param bool multi_activity_mode: If `False`, check that all `leaders` can lead the
(single) activitie in `activities`. If `True`, check that each activity in
`activities` can be lead by one of the `leaders`.
:param activities: List of activities to check.
:type activities: list(:py:class:`collectives.models.activitytype.ActivityType`)
:param activities: List of leaders.
:type activities: list(:py:class:`collectives.models.user.User`)
:return: whether all tests succeeded
:rtype: bool
"""
if current_user.is_moderator():
return True
if multi_activity_mode:
if not any(leaders):
flash("Au moins un encadrant doit être défini")
return False
if current_user.is_moderator():
return True
problems = activities_without_leader(activities, leaders)
if len(problems) == 0:
return True
if len(problems) == 1:
flash(
f"Aucun encadrant valide n'a été défini pour l'activité {problems[0].name}"
)
else:
names = [a.name for a in problems]
flash(
f"Aucun encadrant valide n'a été défini pour les activités {', '.join(names)}"
)
return False
# Single activity mode
# Checks whether all leaders can lead this activity
if len(activities) != 1:
flash("Une seule activité doit être définie", "error")
problems = leaders_without_activities(activities, leaders)
if len(problems) == 0:
return True
if len(problems) == 1:
flash(
f"{problems[0].full_name()} ne peut pas encadrer l'activité {activities[0].name}"
)
else:
names = [u.full_name() for u in problems]
flash(
f"{', '.join(names)} ne peuvent pas encadrer l'activité {activities[0].name}"
)
return False
def validate_event_leaders(activities, leaders, multi_activity_mode):
"""
Check whether all activities have a valid leader, display error if not the case
:param multi_activity_mode: If `False`, check that all `leaders` can lead the
(single) activitie in `activities`. If `True`, check that each activity in
`activities` can be lead by one of the `leaders`
:return: whether all tests succeeded
:rtype: bool
"""
if len(activities) == 0:
flash("Aucune activité définie", "error")
return False
if current_user.is_moderator():
return True
if multi_activity_mode:
if not any(leaders):
flash("Au moins un encadrant doit être défini")
return False
if current_user.is_moderator():
return True
problems = activities_without_leader(activities, leaders)
if len(problems) == 0:
return True
if len(problems) == 1:
flash("Aucun encadrant valide n'a été défini pour l'activité {}".
format(problems[0].name))
else:
names = [a.name for a in problems]
flash(
"Aucun encadrant valide n'a été défini pour les activités {}".
format(", ".join(names)))
return False
# Single activity mode
# Checks whether all leaders can lead this activity
if len(activities) != 1:
flash("Une seule activité doit être définie", "error")
problems = leaders_without_activities(activities, leaders)
if len(problems) == 0:
return True
if len(problems) == 1:
flash("{} ne peut pas encadrer l'activité {}".format(
problems[0].full_name(), activities[0].name))
else:
names = [u.full_name() for u in problems]
flash("{} ne peuvent pas encadrer l'activité {}".format(
", ".join(names), activities[0].name))
return False
def available_activities(activities, leaders, union):
"""Creates a list of activities theses leaders can lead.
This list can be used in a select form input. It will contain activities
leaders of this event can lead, plus activities given in parameters (usually,
in case of event modification, it is the event activity). In any case, if the current user
has a moderator role (admin or moderator), it will return all activities.
:param activities: list of activities that will always appears in the list
:type activities: list[:py:class:`collectives.models.activitytype.ActivityType`]
:param leaders: list of leader used to build activity list.
:type leaders: list[:py:class:`collectives.models.user.User`]
:param union: If true, return the union all activities that can be led, otherwise returns the intersection
:type union: bool
:return: List of authorized activities
:rtype: list[:py:class:`collectives.models.activitytype.ActivityType`]
"""
if current_user.is_moderator():
choices = ActivityType.query.all()
else:
# Gather unique activities
choices = None
for leader in leaders:
if choices is None:
choices = leader.led_activities()
elif union:
choices |= leader.led_activities()
else:
choices &= leader.led_activities()
# Always include existing activities
choices = list(choices | set(activities) if choices else activities)
choices.sort(key=attrgetter("order", "name", "id"))
return choices
def available_leaders(leaders, activity_ids):
"""Creates a list of leaders that can be added to an event.
Available leaders are users that have 'event creator' roles (EventLeader, ActivitySupervisor, etc),
are not in the list of current leaders, and, if `activity_ids` is not empty, can lead
any of the corresponding activities.
:param leaders: list of current leaders
:type leaders: list[:py:class:`collectives.models.user.User`]
:return: List of available leaders
:rtype: list[:py:class:`collectives.models.user.User`]
"""
existing_leaders = set(leaders)
query = db.session.query(User)
query = query.filter(Role.user_id == User.id)
if current_user.is_moderator():
query = query.filter(Role.role_id.in_(RoleIds.all_event_creator_roles()))
else:
query = query.filter(Role.role_id.in_(RoleIds.all_activity_leader_roles()))
if len(activity_ids) > 0:
query = query.filter(Role.activity_id.in_(activity_ids))
query = query.order_by(User.first_name, User.last_name)
choices = query.all()
return [u for u in choices if u not in existing_leaders]
def available_activities(activities, leaders):
"""Creates a list of activities theses leaders can lead.
This list can be used in a select form input. It will contain activities
any leader of this event can lead, plus activities given in parameters (usually,
in case of event modification, it is the event activity). Anyway, if current user
is a high level (admin or moderator), it will return all activities.
:param activities: list of activities that will always appears in the list
:type activities: list[:py:class:`collectives.models.activitytype.ActivityType`]
:param leader: list of leader used to build activity list.
:type leader: list[:py:class:`collectives.models.user.User`]
:return: List of authorized activities
:rtype: list[:py:class:`collectives.models.activitytype.ActivityType`]
"""
if current_user.is_moderator():
choices = ActivityType.query.all()
else:
# Gather unique activities
choices = set(activities)
for leader in leaders:
choices.update(leader.led_activities())
choices = list(choices)
choices.sort(key=attrgetter("order", "name", "id"))
return choices
def available_event_types(source_event_type, leaders):
"""Returns all available event types given the current leaders.
This means:
- All existing event types if the current user is a moderator
- All existing event types if any of the current leaders can lead at least one activity
- All event types that do not require an activity in other cases, plus the source event type if provided
:param source_event_type: Event type to unconditionally include
:type source_event_type: :py:class:`collectives.models.eventtype.EventType`
:param leaders: List of leaders currently added to the event
:type leaders: list[:py:class:`collectives.models.user.User`]
:return: Available event types
:rtype: list[:py:class:`collectives.models.eventtype.EventType`]
"""
query = EventType.query
if not current_user.is_moderator():
if not any(l.can_lead_at_least_one_activity() for l in leaders):
query_filter = EventType.requires_activity == False
if source_event_type:
query_filter = sqlalchemy.or_(
query_filter, EventType.id == source_event_type.id)
query = query.filter(query_filter)
return query.all()
def day_edit(id, name=None):
cset = CalendarSetting.query.get(1)
if cset.finalized is False:
if current_user.is_moderator():
return deny_access(
no_perm_url,
"A Moderator can only edit the Calendar after it has been finalized."
)
heading = "Edit Day"
form = DayForm()
form.submit.label.text = "Save Day"
day = Day.query.filter_by(id=id).first_or_404()
if form.validate_on_submit():
day.name = form.name.data
day.abbreviation = form.abbreviation.data
day.description = form.description.data
db.session.commit()
flash("Day edited.", "success")
return redirect(url_for("calendar.settings"))
elif request.method == "GET":
form.name.data = day.name
form.abbreviation.data = day.abbreviation
form.description.data = day.description
return render_template("calendar/form.html",
item=day,
form=form,
heading=heading,
title=page_title("Edit Day '{day.name}'"))
def delete_post(post_id):
post = Post.query.get_or_404(post_id)
if not (current_user.is_authenticated and
(current_user.is_admin() or current_user.is_moderator())):
abort(403)
db.session.delete(post)
db.session.commit()
flash('Your post has been deleted!', 'success')
return redirect(url_for('home'))
def activity_choices(activities, leaders):
if current_user.is_moderator():
choices = ActivityType.query.all()
else:
choices = set(activities)
choices.update(current_user.led_activities())
for leader in leaders:
choices.update(leader.led_activities())
return [(a.id, a.name) for a in choices]
def reserve_data():
rows = []
# 协管员和管理员可以获取所有预约信息
if current_user.is_moderator() or current_user.is_administrator():
reserveInfos = ReserveInfo.query.all()
# 获取该用户的预约信息
elif current_user.is_user():
reserveInfos = ReserveInfo.query.filter_by(user_id=current_user.id).all()
for reserveInfo in reserveInfos:
rows.append(reserveInfo.getDictObj())
result = json.dumps(rows)
return result
def create_topic(topic_group_id):
t_group = TopicGroup.query.get_or_404(topic_group_id)
if t_group.protected and not current_user.is_moderator():
abort(403)
with_poll = True
form = TopicForm()
form.remove_edit_fields()
if form.submit.data and form.validate_on_submit():
new_topic = Topic(title=form.title.data,
body=form.body.data,
group=t_group,
author=current_user._get_current_object())
if with_poll:
new_topic.poll = form.poll_question
db.session.add(new_topic)
db.session.commit()
if with_poll:
poll_answers = form.poll_answers.strip().splitlines()
new_topic.update_poll_answers(poll_answers)
flash(lazy_gettext('The pitch has been created.'))
return redirect(url_for('main.topic', topic_id=new_topic.id))
elif not with_poll and form.add_poll.data:
if form.title.data or form.body.data:
if form.validate_on_submit():
new_topic = Topic(title=form.title.data,
body=form.body.data,
group=t_group,
author=current_user._get_current_object())
db.session.add(new_topic)
db.session.commit()
flash(
lazy_gettext(
'The pitch has been saved. Fill data for a poll.'))
return redirect(
url_for('main.edit_topic', topic_id=new_topic.id, poll=1))
else:
return redirect(
url_for('main.create_topic',
topic_group_id=topic_group_id,
poll=1))
elif form.cancel.data:
flash(lazy_gettext('Pitch creation was cancelled.'))
return redirect(
url_for('main.topic_group', topic_group_id=topic_group_id))
return render_template('create_topic.html', form=form, topic_group=t_group)
def autocomplete_available_leaders():
"""API endpoint to list available leaders for autocomplete. In contrast with the
previous function this also includes leaders that have never led any event.
At least 2 characters are required to make a name search.
:param string q: Search string.
:param int l: Maximum number of returned items.
:param list[int] aid: List of activity ids to include. Empty means include leaders of any activity
:param list[int] eid: List of leader ids to exclude
:return: A tuple:
- JSON containing information describe in AutocompleteUserSchema
- HTTP return code : 200
- additional header (content as JSON)
:rtype: (string, int, dict)
"""
q = request.args.get("q")
if q is None or (len(q) < 2):
found_users = []
else:
limit = request.args.get("l", type=int) or 8
activity_ids = request.args.getlist("aid", type=int)
existing_ids = request.args.getlist("eid", type=int)
query = db.session.query(User)
query = query.filter(Role.user_id == User.id)
if current_user.is_moderator():
query = query.filter(
Role.role_id.in_(RoleIds.all_event_creator_roles()))
else:
query = query.filter(
Role.role_id.in_(RoleIds.all_event_creator_roles()))
if len(activity_ids) > 0:
query = query.filter(Role.activity_id.in_(activity_ids))
query = query.filter(~User.id.in_(existing_ids))
condition = func.lower(User.first_name + " " +
User.last_name).ilike(f"%{q}%")
query = query.filter(condition)
query = query.order_by(User.first_name, User.last_name, User.id)
found_users = query.limit(limit)
content = json.dumps(AutocompleteUserSchema(many=True).dump(found_users))
return content, 200, {"content-type": "application/json"}
def epoch_edit(id, name=None):
heading = "Edit Epoch"
form = EpochForm()
form.submit.label.text = "Save Epoch"
cset = CalendarSetting.query.get(1)
if cset.finalized is True:
del form.years
del form.circa
else:
if current_user.is_moderator():
return deny_access(
no_perm_url,
"A Moderator can only edit the Calendar after it has been finalized."
)
epoch = Epoch.query.filter_by(id=id).first_or_404()
if form.validate_on_submit():
epoch.name = form.name.data
epoch.abbreviation = form.abbreviation.data
epoch.description = form.description.data
if cset.finalized is False:
epoch.years = form.years.data
epoch.circa = form.circa.data
db.session.commit()
flash("Epoch edited.", "success")
return redirect(url_for("calendar.settings"))
elif request.method == "GET":
form.name.data = epoch.name
form.abbreviation.data = epoch.abbreviation
form.description.data = epoch.description
if cset.finalized is False:
form.years.data = epoch.years
form.circa.data = epoch.circa
return render_template("calendar/form.html",
item=epoch,
form=form,
heading=heading,
title=page_title(f"Edit Epoch '{epoch.name}'"))
def filter_hidden_events(query):
"""Update a SQLAlchemy query object with a filter that
removes Event with a status that the current use is not allowed to see
- Moderators can see all events
- Normal users cannot see 'Pending' events
- Activity supervisors can see 'Pending' events for the activities that
they supervise
- Leaders can see the events that they lead
:param query: The original query
:type query: :py:class:`sqlalchemy.orm.query.Query`
:return: The filtered query
:rtype: :py:class:`sqlalchemy.orm.query.Query`
"""
# Display pending events only to relevant persons
if not current_user.is_authenticated:
# Not logged users see no pending event
query = query.filter(Event.status != EventStatus.Pending)
elif current_user.is_moderator():
# Admin see all pending events (no filter)
pass
else:
# Regular user can see non Pending
query_filter = Event.status != EventStatus.Pending
# If user is a supervisor, it can see Pending events of its activities
if current_user.is_supervisor():
# Supervisors can see all sup
activities = current_user.get_supervised_activities()
activities_ids = [a.id for a in activities]
supervised = Event.activity_types.any(
ActivityType.id.in_(activities_ids))
query_filter = or_(query_filter, supervised)
# If user can create event, it can see its pending events
if current_user.can_create_events():
lead = Event.leaders.any(id=current_user.id)
query_filter = or_(query_filter, lead)
# After filter construction, it is applied to the query
query = query.filter(query_filter)
return query
def accept_event_leaders(event, leaders):
"""
Check whether all activities have a valid leader, display error if not the case
"""
if not any(leaders):
flash("Au moins un encadrant doit être défini")
return False
if current_user.is_moderator():
return True
problems = event.activities_without_leader(leaders)
if len(problems) == 0:
return True
if len(problems) == 1:
flash(
"Aucun encadrant valide n'a été défini pour l'activité {}".format(
problems[0].name))
else:
names = [a.name for a in problems]
flash("Aucun encadrant valide n'a été défini pour les activités {}".
format(names.join(", ")))
return False
def settings():
cset = CalendarSetting.query.get(1)
if cset.finalized is False:
if current_user.is_moderator():
return deny_access(
no_perm_url,
"A Moderator can only edit the Calendar after it has been finalized."
)
epochs = Epoch.query.order_by(Epoch.order.asc()).all()
months = Month.query.order_by(Month.order.asc()).all()
days = Day.query.order_by(Day.order.asc()).all()
moons = Moon.query.order_by(Moon.name.asc()).all()
return render_template("calendar/settings.html",
settings=cset,
epochs=epochs,
months=months,
days=days,
moons=moons,
title=page_title("Calendar Settings"))
def get_reserve_info_flag_by_id():
data_dict = request.get_json() # 获取前台的数据(json格式)
rows = {'flag': 'fail'} # flag标记是否可以获取详细信息,默认fail(不可以)
print('------------------------------------------')
print(data_dict)
print('------------------------------------------')
if current_user.is_moderator() or current_user.is_administrator(): # 管理员和协管用户可以
rows['flag'] = 'success'
else:
reserve_info = ReserveInfo.query.get_or_404(int(data_dict['reserve_id']))
print('------------------------------------------')
print(data_dict)
print(reserve_info.user_id)
print(current_user.id)
print('------------------------------------------')
if reserve_info.user_id == current_user.id: # 如果当前用户与预约用户是同一用户
rows['flag'] = 'success'
result = json.dumps(rows)
return result
def moon_edit(id, name=None):
cset = CalendarSetting.query.get(1)
if cset.finalized is False:
if current_user.is_moderator():
return deny_access(
no_perm_url,
"A Moderator can only edit the Calendar after it has been finalized."
)
heading = "Edit Moon"
form = MoonForm()
form.submit.label.text = "Save Moon"
moon = Moon.query.filter_by(id=id).first_or_404()
if form.validate_on_submit():
moon.name = form.name.data
moon.description = form.description.data
moon.phase_length = form.phase_length.data
moon.phase_offset = form.phase_offset.data
moon.waxing_color = stretch_color(form.waxing_color.data.hex)
moon.waning_color = stretch_color(form.waning_color.data.hex)
db.session.commit()
flash("Moon edited.", "success")
return redirect(url_for("calendar.settings"))
elif request.method == "GET":
form.name.data = moon.name
form.description.data = moon.description
form.phase_length.data = moon.phase_length
form.phase_offset.data = moon.phase_offset
form.waxing_color.data = moon.waxing_color
form.waning_color.data = moon.waning_color
return render_template("calendar/form.html",
item=moon,
form=form,
heading=heading,
title=page_title(f"Edit Moon '{moon.name}'"))
def article(post_id):
prev_url = request.args.get('prev_url', '')
post_show = Post.query.get_or_404(post_id)
if post_show.is_draft and (current_user != post_show.author
and not current_user.is_moderator()):
abort(404)
form = CommentForm()
if form.validate_on_submit():
if not current_user.is_authenticated:
flash("请先登录")
return redirect(url_for('auth.login', next=str(request.url)))
comment = Comment(body=form.body.data,
post=post_show,
author=current_user)
post_show.author.get_message_from_admin(content=u'你收到了一条评论。',
link_id=post_show.id,
link_type='comment')
comment.save()
flash('你的评论已提交。')
return redirect(url_for('post.article', post_id=post_show.id, page=-1))
page = request.args.get('page', 1, type=int)
if page == -1:
page = (post_show.comments.count() - 1) / \
current_app.config['COMMENTS_PER_PAGE'] + 1
pagination = post_show.comments.order_by(Comment.timestamp.asc()).paginate(
page,
per_page=current_app.config['COMMENTS_PER_PAGE'],
error_out=False)
comments = pagination.items
post_show.count += 1
post_show.save()
return render_template('post/article.html',
posts=[post_show],
form=form,
prev_url=prev_url,
comments=comments,
pagination=pagination,
page=page)
def update_post(post_id):
post = Post.query.get_or_404(post_id)
if not (current_user.is_authenticated and
(current_user.is_admin() or current_user.is_moderator())):
abort(403)
form = PostForm()
if form.validate_on_submit():
post.title = form.title.data
post.content = form.content.data
if form.picture.data:
picture_file = save_post_picture(form.picture.data)
post.image_file = picture_file
db.session.commit()
flash('Your post has been updated!', 'success')
return redirect(url_for('post', post_id=post.id))
elif request.method == 'GET':
form.title.data = post.title
form.content.data = post.content
form.picture.data = post.image_file
return render_template('create_post.html',
title='Update Post',
form=form,
legend='Update Post')
def edit_comment(comment_id):
comment = Comment.query.filter_by(id=comment_id,
deleted=False).first_or_404()
if current_user != comment.author and not current_user.is_moderator():
abort(403)
form = CommentEditForm()
if form.submit.data and form.validate_on_submit():
comment.body = form.body.data
comment.updated_at = datetime.utcnow()
db.session.add(comment)
flash(lazy_gettext('The comment has been updated.'))
return redirect(
request.args.get('next')
or url_for('main.topic', topic_id=comment.topic_id))
elif form.cancel.data:
flash(lazy_gettext('Comment editing was omitted .'))
return redirect(
request.args.get('next')
or url_for('main.topic', topic_id=comment.topic_id))
elif form.delete.data:
comment.deleted = True
comment.updated_at = datetime.utcnow()
db.session.add(comment)
flash(lazy_gettext('The comment has been deleted.'))
return redirect(
request.args.get('next')
or url_for('main.topic', topic_id=comment.topic_id))
if not form.is_submitted():
form.body.data = comment.body
return render_template('edit_comment.html', form=form, comment=comment)
def manage_event(event_id=None):
if not current_user.can_create_events():
flash('Accès restreint, rôle insuffisant.', 'error')
return redirect(url_for('event.index'))
event = Event.query.get(event_id) if event_id is not None else Event()
choices = activity_choices(event.activity_types, event.leaders)
form = EventForm(choices, CombinedMultiDict((request.files, request.form)))
if not form.is_submitted():
form = EventForm(choices, obj=event)
if not event_id is None:
form.type.data = str(event.activity_types[0].id)
return render_template('editevent.html',
conf=current_app.config,
form=form)
form.populate_obj(event)
# Validate dates
valid = True
if not event.starts_before_ends():
flash('La date de début doit être antérieure à la date de fin')
valid = False
if event.num_online_slots > 0:
if not event.has_defined_registration_date():
flash(
"Les date de début ou fin d\'ouverture ou de fermeture d'inscription ne peuvent être nulles."
)
valid = False
else:
if not event.opens_before_closes():
flash(
'Les inscriptions internet doivent ouvrir avant de terminer'
)
valid = False
if not event.opens_before_ends():
flash(
'Les inscriptions internet doivent ouvrir avant la fin de l\'événement'
)
valid = False
if event.num_slots < event.num_online_slots:
flash(
'Le nombre de places internet ne doit pas dépasser le nombre de places total'
)
valid = False
elif event.num_online_slots < 0:
flash('Le nombre de places par internet ne peut être négatif')
valid = False
if not valid:
return render_template('editevent.html',
conf=current_app.config,
form=form)
event.set_rendered_description(event.description)
# Only set ourselves as leader if there weren't any
if not any(event.leaders):
event.leaders.append(current_user)
# For now enforce single activity type
activity_type = ActivityType.query.filter_by(id=event.type).first()
if activity_type not in event.activity_types:
event.activity_types.clear()
event.activity_types.append(activity_type)
# We are changing the activity, check that there is a valid leader
if not current_user.is_moderator() and not event.has_valid_leaders():
flash('Encadrant invalide pour cette activité')
return render_template('editevent.html',
conf=current_app.config,
form=form)
# We have to save new event before add the photo, or id is not defined
db.session.add(event)
db.session.commit()
# If no photo is sen, we don't do anything, especially if a photo is
# already existing
if (form.photo_file.data is not None):
event.save_photo(form.photo_file.data)
db.session.add(event)
db.session.commit()
elif form.duplicate_photo.data != "":
duplicated_event = Event.query.get(form.duplicate_photo.data)
if duplicated_event != None:
event.photo = duplicated_event.photo
db.session.add(event)
db.session.commit()
if event_id is None:
# This is a new event, send notification to supervisor
send_new_event_notification(event)
return redirect(url_for('event.view_event', event_id=event.id))
def edit_topic(topic_id):
tpc = Topic.query.filter_by(id=topic_id, deleted=False).first_or_404()
if current_user != tpc.author and not current_user.is_moderator():
abort(403)
with_poll = request.args.get('poll', 0, type=int) or tpc.poll
form = TopicWithPollForm() if with_poll else TopicForm()
if not current_user.is_moderator():
del form.group_id
if form.submit.data and form.validate_on_submit():
if current_user.is_moderator():
tpc.group_id = form.group_id.data
tpc.title = form.title.data
tpc.body = form.body.data
if with_poll:
tpc.poll = form.poll_question.data
tpc.update_poll_answers(
form.poll_answers.data.strip().splitlines())
tpc.updated_at = datetime.utcnow()
db.session.add(tpc)
flash(lazy_gettext('The pitch has been renewed'))
return redirect(url_for('main.topic', topic_id=tpc.id))
elif not with_poll and form.add_poll.data and form.validate_on_submit():
if current_user.is_moderator():
tpc.group_id = form.group_id.data
tpc.title = form.title.data
tpc.body = form.body.data
tpc.updated_at = datetime.utcnow()
db.session.add(tpc)
flash(lazy_gettext('fill in information for a poll'))
return redirect(url_for('main.edit_topic', topic_id=tpc.id, poll=1))
elif form.cancel.data:
flash(lazy_gettext('Pitch editing was terminated.'))
return redirect(url_for('main.topic', topic_id=tpc.id))
elif form.delete.data:
tpc.comments.update(dict(deleted=True))
tpc.poll_answers.update(dict(deleted=True))
tpc.poll_votes.update(dict(deleted=True))
tpc.deleted = True
tpc.updated_at = datetime.utcnow()
db.session.add(tpc)
flash(lazy_gettext('The pitch has been wiped out.'))
return redirect(
url_for('main.topic_group', topic_group_id=tpc.group_id))
if not form.is_submitted():
form.title.data = tpc.title
form.body.data = tpc.body
if form.group_id:
form.group_id.data = tpc.group_id
if tpc.poll:
form.poll_question.data = tpc.poll
form.poll_answers.data = '\n'.join([
a.body
for a in tpc.poll_answers.filter_by(deleted=False).all()
])
return render_template('edit_topic.html', form=form, topic=tpc)
def func():
if not current_user.is_moderator():
abort(403)
return fun()
def user(username):
"""user's articles show"""
user_showed = User.query.filter_by(username=username).first()
if user_showed is None:
abort(404)
if current_user == user_showed or current_user.is_moderator():
query_category_count = query = user_showed.posts
else:
query_category_count = query = user_showed.posts.filter_by(
is_draft=False)
categories_list = Category.query.filter_by(parent_id=1).all()
tags = Tag.query.all()
prev_url = request.args.get('prev_url', '')
page = request.args.get('page', 1, type=int)
cur_category = request.args.get('category', '')
cur_category_cookie = request.cookies.get('category_user', '')
category_disable = request.args.get('category_disable', '')
cur_tag = request.args.get('tag', '')
cur_tag_cookie = request.cookies.get('tags_user', '')
tag_disable = request.args.get('tag_disable', '')
cur_key = request.args.get('key', '')
cur_key_cookie = request.cookies.get('key_user', '')
key_disable = request.args.get('key_disable', '')
# 处理从post.article栏目&标签跳转
if prev_url:
if cur_category:
resp = make_response(
redirect(
url_for('main.user',
username=username,
category=cur_category)))
elif cur_tag:
resp = make_response(
redirect(url_for('main.user', username=username, tag=cur_tag)))
else:
resp = make_response(
redirect(url_for('main.user', username=username)))
resp.set_cookie('tags_user',
'',
path=url_for('main.user', username=username),
max_age=0)
resp.set_cookie('category_user',
'',
path=url_for('main.user', username=username),
max_age=0)
resp.set_cookie('key_user',
'',
path=url_for('main.user', username=username),
max_age=0)
return resp
# category
if not cur_category and not category_disable:
cur_category = cur_category_cookie
if cur_category:
if not cur_category_cookie or cur_category_cookie != cur_category:
resp = make_response(
redirect(url_for('main.user', username=username)))
resp.set_cookie('category_user',
cur_category,
path=url_for('main.user', username=username),
max_age=60 * 3)
resp.set_cookie('tags_user',
'',
path=url_for('main.user', username=username),
max_age=0)
return resp
category_instance = Category.query.filter_by(name=cur_category).first()
if category_instance:
query = category_instance.posts_query(query)
if category_disable:
resp = make_response(redirect(url_for('main.user', username=username)))
resp.set_cookie('category_user',
'',
path=url_for('main.user', username=username),
max_age=0)
resp.set_cookie('tags_user',
'',
path=url_for('main.user', username=username),
max_age=0)
return resp
# tag
cur_tags = cur_tag_cookie.split(',')
if cur_tag:
if cur_tag not in cur_tags:
cur_tags.append(cur_tag)
cur_tags = ','.join(cur_tags)
resp = make_response(
redirect(url_for('main.user', username=username)))
resp.set_cookie('tags_user',
cur_tags,
path=url_for('main.user', username=username),
max_age=60 * 3)
return resp
elif cur_tag in cur_tags:
cur_tags.remove(cur_tag)
cur_tags = ','.join(cur_tags)
resp = make_response(
redirect(url_for('main.user', username=username)))
resp.set_cookie('tags_user',
cur_tags,
path=url_for('main.user', username=username),
max_age=60 * 3)
return resp
elif not tag_disable:
for tag in cur_tags:
if tag:
tag_instance = Tag.query.filter_by(content=tag).first()
if tag_instance:
query = tag_instance.posts_query(query)
if tag_disable:
resp = make_response(redirect(url_for('main.user', username=username)))
resp.set_cookie('tags_user',
'',
path=url_for('main.user', username=username),
max_age=0)
return resp
# key
if not cur_key and not key_disable:
cur_key = cur_key_cookie
if cur_key:
if cur_key_cookie != cur_key:
resp = make_response(
redirect(url_for('main.user', username=username)))
resp.set_cookie('key_user',
cur_key,
path=url_for('main.user', username=username),
max_age=60 * 3)
return resp
query = query.filter(
Post.body.contains(cur_key) | Post.title.contains(cur_key)
| Post.summary.contains(cur_key))
if key_disable:
resp = make_response(redirect(url_for('main.user', username=username)))
resp.set_cookie('key_user',
'',
path=url_for('main.user', username=username),
max_age=0)
return resp
# query
pagination = None
posts = None
if query:
pagination = query.order_by(Post.count.desc()).order_by(
Post.timestamp.desc()).paginate(
page,
per_page=current_app.config['FOLLOWERS_PER_PAGE'],
error_out=False)
posts = pagination.items
return render_template('user.html',
user=user_showed,
posts=posts,
query_category_count=query_category_count,
tags=tags,
query_tag_count=query,
cur_tags=cur_tags,
cur_category=cur_category,
key=cur_key,
categories=categories_list,
pagination=pagination)
