Exemple #1
0
    def get(self, database, table, page, full, user=None):
        """
        Get user's records
        """
        if user is None:
            user = current_user.id

        if user == current_user.id:
            if not current_user.role_is(
                (UserRole.ADMIN, UserRole.DATA_MANAGER, UserRole.DATA_FILLER)):
                abort(
                    403,
                    message=
                    'user access deny. You do not have permission to database')
        elif not current_user.role_is((UserRole.ADMIN, UserRole.DATA_MANAGER)):
            abort(
                403,
                message=
                "user access deny. You do not have permission to see another user's data"
            )

        entity = Loader.get_database(database)[table == 'REACTION']
        q = entity.select(lambda x: x.user_id == user).order_by(lambda x: x.id).prefetch(entity.metadata)\
            .page(page, pagesize=RESULTS_PER_PAGE)

        return marshal([x for x in q for x in x.metadata],
                       (RecordStructureResponseFields
                        if full else RecordResponseFields).resource_fields)
Exemple #2
0
 def get(self):
     """
     Get available users list
     """
     if current_user.role_is(UserRole.ADMIN):
         return User.select(lambda x: x._role in
                            (UserRole.ADMIN.value, UserRole.DATA_MANAGER.
                             value, UserRole.DATA_FILLER.value))[:], 200
     elif current_user.role_is(UserRole.DATA_MANAGER):
         return User.select(lambda x: x._role in
                            (UserRole.DATA_MANAGER.value, UserRole.
                             DATA_FILLER.value))[:], 200
     else:
         return User.select(lambda x: x.id == current_user.id)[:], 200
Exemple #3
0
def download(file, name):
    a = Attachment.get(file=file)
    if a and a.post.classtype != 'Thesis' or current_user.is_authenticated and \
            (current_user.role_is(UserRole.ADMIN) or
             current_user.role_is(UserRole.SECRETARY) or
             a.post.author == current_user.get_user()):
        resp = make_response()
        resp.headers['X-Accel-Redirect'] = '/file/%s' % file
        resp.headers['Content-Description'] = 'File Transfer'
        resp.headers['Content-Transfer-Encoding'] = 'binary'
        resp.headers['Content-Disposition'] = 'attachment; filename=%s' % name
        resp.headers['Content-Type'] = 'application/octet-stream'
        return resp
    abort(404)
Exemple #4
0
def top_nav():
    lsg = LeftSubgroup(
        View('News', '.blog'), View('About Us', '.about'),
        Subgroup('Education', View('Students', '.students'),
                 View('Lessons', '.lessons')))
    if current_user.is_authenticated:
        user_menu = [
            View('My Events', '.events'),
            View('Submitted Abstracts', '.theses'),
            Separator(),
            View('Profile', '.user', _user=current_user.id),
            View('Edit Profile', '.profile'),
            Separator(),
            View('Logout', '.logout')
        ]
        if current_user.role_is(UserRole.ADMIN):
            user_menu.insert(2, View('Email Templates', '.emails'))

        rsg = RightSubgroup(
            Subgroup('Searching', View('Search', '.search'), Separator(),
                     View('History', '.queries')),
            Subgroup('Modeling', View('Modeling', '.predictor'), Separator(),
                     View('History', '.results')),
            Subgroup(current_user.full_name, *user_menu))
    else:
        rsg = RightSubgroup(
            View('Searching', '.search'), View('Modeling', '.predictor'),
            View('Login', '.login', next=get_redirect_target()
                 or request.path))

    return Navbar(View(LAB_SHORT, '.index'), *[lsg, rsg])
Exemple #5
0
    def post(self, task, database, table, job, ended_at):
        """
        add new records from task
        """
        if job['type'] != TaskType.POPULATING:
            abort(406, message='Task type is invalid')

        if not current_user.role_is(
            (UserRole.ADMIN, UserRole.DATA_MANAGER, UserRole.DATA_FILLER)):
            abort(403,
                  message=
                  'User access deny. You do not have permission to database')

        entity = Loader.get_database(database)[table == 'REACTION']
        res = []
        for s in job['structures']:
            if s['status'] != StructureStatus.CLEAR or s[
                    'type'] != StructureType[table]:
                continue
            data = marshal(s, RecordStructureFields.resource_fields)
            structure = data.pop('data')
            in_db = entity.find_structure(structure)
            if not in_db:
                in_db = entity(structure, current_user.get_user())

            res.append(in_db.add_metadata(data, current_user.get_user()))

        flush()
        return res, 201
Exemple #6
0
def remove(file, name):
    form = DeleteButtonForm()
    if form.validate_on_submit():
        a = Attachment.get(file=file)
        if a and (current_user.role_is(UserRole.ADMIN)
                  or a.post.classtype == 'Thesis' and a.post.author.id == current_user.id
                  and a.post.meeting.thesis_deadline > datetime.utcnow()):
            a.delete()
        return form.redirect()

    return render_template('button.html', form=form, title='Delete', subtitle=name)
Exemple #7
0
    def __get_record(database, table, metadata):
        try:
            data = getattr(
                Loader.get_schema(database), 'MoleculeProperties'
                if table == 'MOLECULE' else 'ReactionConditions')[metadata]
        except ObjectNotFound:
            abort(404, message='invalid record id')

        if data.user_id != current_user.id:
            if not current_user.role_is(
                (UserRole.ADMIN, UserRole.DATA_MANAGER)):
                abort(
                    403,
                    message=
                    "user access deny. You do not have permission to see another user's data"
                )
        elif not current_user.role_is(
            (UserRole.DATA_FILLER, UserRole.ADMIN, UserRole.DATA_MANAGER)):
            abort(403,
                  message=
                  'user access deny. You do not have permission to database')
        return data
Exemple #8
0
    def dispatch_request(self, post):
        admin = current_user.is_authenticated and current_user.role_is(UserRole.ADMIN)
        secretary = current_user.is_authenticated and current_user.role_is(UserRole.SECRETARY)
        special_form = special_field = children = title = None

        p = Post.get(id=post)
        if not p:
            return redirect(url_for('.blog'))

        opened_by_author = current_user.is_authenticated and p.author.id == current_user.id

        if p.classtype == 'Meeting':
            x = self.meeting_page(p)
            if not isinstance(x, tuple):
                return x

            crumb, title, children, special_form = x
        elif p.classtype == 'Thesis':
            crumb = dict(url=url_for('.abstracts', event=p.meeting_id), title='Abstract', parent='Event abstracts')
            special_form = self.thesis_page(p, opened_by_author)
            special_field = '**Presentation Type**: *%s*' % p.type.fancy
        elif p.classtype == 'TeamPost':
            crumb = dict(url=url_for('.students'), title='Student', parent='Laboratory') \
                    if p.type == TeamPostType.STUDENT else \
                    dict(url=url_for('.about'), title='Member', parent='Laboratory')
            special_field = get_articles(p.scopus) if p.scopus else None
        elif p.type == BlogPostType.ABOUT:
            crumb = dict(url=url_for('.about'), title='Description', parent='Laboratory')
        else:
            crumb = dict(url=url_for('.blog'), title='Post', parent='News')

        attachments = list(p.attachments) if admin or secretary or p.classtype != 'Thesis' or opened_by_author else None
        deletable = admin or p.classtype == 'Thesis' and (opened_by_author or
                                                          secretary) and p.meeting.deadline > datetime.utcnow()

        return render_template('post.html', title=title or p.title, post=p, crumb=crumb, children=children,
                               attachments=attachments, deletable=deletable,
                               special_form=special_form, special_field=special_field)
Exemple #9
0
def participants(event):
    m = Meeting.get(id=event, _type=MeetingPostType.MEETING.value)
    if not m:
        return redirect(url_for('.blog'))

    _admin = True if current_user.is_authenticated and (current_user.role_is(UserRole.ADMIN) or
                                                        current_user.role_is(UserRole.SECRETARY)) else False

    header = ('#', 'Participant', 'Country', 'Status', 'Degree', 'Presentation type', 'Town', 'Affiliation', 'Email') \
        if _admin else ('#', 'Participant', 'Country', 'Status', 'Degree', 'Presentation type')

    #  cache users entities
    list(left_join(x for x in User for s in x.subscriptions if s.meeting == m))
    subs = Subscription.select(lambda x: x.meeting == m).order_by(Subscription.id.desc())

    data = [row_admin(n, cell(url_for('.user', _user=x.user.id), x.user.full_name), x.user.country_name,
                      x.user.sci_status.fancy, x.user.sci_degree.fancy, x.type.fancy, x.user.town, x.user.affiliation,
                      x.user.email) if _admin else
            row(n, cell(url_for('.user', _user=x.user.id), x.user.full_name), x.user.country_name,
                x.user.sci_status.fancy, x.user.sci_degree.fancy, x.type.fancy)
            for n, x in enumerate(subs, start=1)]

    return render_template('table.html', table=table(header=header, rows=data), title=m.title, subtitle='Participants',
                           crumb=dict(url=url_for('.blog_post', post=event), title='Participants', parent='Event page'))
Exemple #10
0
    def get(self, database, table, user=None):
        """
        Get user's records count
        """
        if user is None:
            user = current_user.id
        if user == current_user.id:
            if not current_user.role_is(
                (UserRole.ADMIN, UserRole.DATA_MANAGER, UserRole.DATA_FILLER)):
                abort(
                    403,
                    message=
                    'user access deny. You do not have permission to database')
        elif not current_user.role_is((UserRole.ADMIN, UserRole.DATA_MANAGER)):
            abort(
                403,
                message=
                "user access deny. You do not have permission to see another user's data"
            )

        entity = Loader.get_database(database)[table == 'REACTION']
        q = entity.select(lambda x: x.user_id == user).count()

        return dict(data=q, pages=ceil(q / RESULTS_PER_PAGE))
Exemple #11
0
    def dispatch_request(self, action=4):
        form = FormRoute.get(action)
        if not form or not form.is_profile():
            return redirect(url_for('.profile'))

        tabs = [
            dict(title='Edit Profile',
                 glyph='pencil',
                 active=False,
                 url=url_for('.profile', action=FormRoute.EDIT_PROFILE.value)),
            dict(title='Log out on all devices',
                 glyph='remove',
                 active=False,
                 url=url_for('.profile', action=FormRoute.LOGOUT_ALL.value)),
            dict(title='Change Password',
                 glyph='qrcode',
                 active=False,
                 url=url_for('.profile',
                             action=FormRoute.CHANGE_PASSWORD.value))
        ]

        admin = current_user.role_is(UserRole.ADMIN)
        if admin:
            tabs.extend([
                dict(title='New Blog Post',
                     glyph='font',
                     active=False,
                     url=url_for('.profile',
                                 action=FormRoute.NEW_BLOG_POST.value)),
                dict(title='New Meeting Page',
                     glyph='resize-small',
                     active=False,
                     url=url_for('.profile',
                                 action=FormRoute.NEW_MEETING_PAGE.value)),
                dict(title='New Email Template',
                     glyph='envelope',
                     active=False,
                     url=url_for('.profile',
                                 action=FormRoute.NEW_EMAIL_TEMPLATE.value)),
                dict(title='New Team Member',
                     glyph='knight',
                     active=False,
                     url=url_for('.profile',
                                 action=FormRoute.NEW_MEMBER_PAGE.value)),
                dict(title='Ban User',
                     glyph='remove-circle',
                     active=False,
                     url=url_for('.profile', action=FormRoute.BAN_USER.value)),
                dict(title='Change Role',
                     glyph='arrow-up',
                     active=False,
                     url=url_for('.profile',
                                 action=FormRoute.CHANGE_USER_ROLE.value))
            ])

        if form == FormRoute.EDIT_PROFILE:
            message = 'Edit Profile'
            tabs[0]['active'] = True
            active_form = ProfileForm(obj=current_user.get_user())
            if active_form.validate_on_submit():
                u = User.get(id=current_user.id)
                u.name = active_form.name.data
                u.surname = active_form.surname.data
                u.country = active_form.country.data
                u.degree = active_form.degree.data
                u.status = active_form.status.data

                if active_form.banner_field.data:
                    u.banner = save_upload(active_form.banner_field.data,
                                           images=True)

                if active_form.affiliation.data:
                    u.affiliation = active_form.affiliation.data
                elif u.affiliation:
                    u.affiliation = ''

                if active_form.position.data:
                    u.position = active_form.position.data
                elif u.position:
                    u.position = ''

                if active_form.town.data:
                    u.town = active_form.town.data
                elif u.town:
                    u.town = ''

                flash('Profile updated')

        elif form == FormRoute.LOGOUT_ALL:
            message = 'Log out on all devices'
            tabs[1]['active'] = True
            active_form = ReLoginForm()
            if active_form.validate_on_submit():
                u = User.get(id=current_user.id)
                u.change_token()
                logout_user()
                flash('Successfully logged out from all devices')
                return redirect(url_for('.login'))

        elif form == FormRoute.CHANGE_PASSWORD:
            message = 'Change Password'
            tabs[2]['active'] = True
            active_form = ChangePasswordForm()
            if active_form.validate_on_submit():
                u = User.get(id=current_user.id)
                u.change_password(active_form.password.data)
                logout_user()
                flash('Successfully changed password')
                return redirect(url_for('.login'))

        elif admin and form == FormRoute.NEW_BLOG_POST:
            message = 'New Blog Post'
            tabs[3]['active'] = True
            active_form = PostForm()
            if active_form.validate_on_submit():
                banner_name, file_name = combo_save(active_form.banner_field,
                                                    active_form.attachment)
                p = BlogPost(type=active_form.type,
                             title=active_form.title.data,
                             slug=active_form.slug.data,
                             body=active_form.body.data,
                             banner=banner_name,
                             attachments=file_name,
                             author=current_user.get_user())
                commit()
                return redirect(url_for('.blog_post', post=p.id))

        elif admin and form == FormRoute.NEW_MEETING_PAGE:
            message = 'New Meeting Page'
            tabs[4]['active'] = True
            active_form = MeetingForm()

            def add_post():
                banner_name, file_name = combo_save(active_form.banner_field,
                                                    active_form.attachment)
                p = Meeting(
                    meeting=active_form.meeting_id.data,
                    deadline=active_form.deadline.data,
                    poster_deadline=active_form.poster_deadline.data,
                    participation_types=active_form.participation_types,
                    thesis_types=active_form.thesis_types,
                    order=active_form.order.data,
                    type=active_form.type,
                    author=current_user.get_user(),
                    title=active_form.title.data,
                    slug=active_form.slug.data,
                    body_name=active_form.body_name.data,
                    body=active_form.body.data,
                    banner=banner_name,
                    attachments=file_name)
                commit()
                return p.id

            if active_form.validate_on_submit():
                if active_form.type != MeetingPostType.MEETING:
                    if active_form.meeting_id.data and Meeting.exists(
                            id=active_form.meeting_id.data,
                            post_type=MeetingPostType.MEETING.value):
                        return redirect(url_for('.blog_post', post=add_post()))
                    active_form.meeting_id.errors = ['Bad parent']
                else:
                    if active_form.deadline.data and active_form.poster_deadline.data:
                        return redirect(url_for('.blog_post', post=add_post()))
                    active_form.deadline.errors = ["Need deadline"]
                    active_form.poster_deadline.errors = ["Need deadline"]

        elif admin and form == FormRoute.NEW_EMAIL_TEMPLATE:
            message = 'New Email Template'
            tabs[5]['active'] = True
            active_form = EmailForm()

            def add_post():
                banner_name, file_name = combo_save(active_form.banner_field,
                                                    active_form.attachment)
                p = Email(from_name=active_form.from_name.data,
                          reply_name=active_form.reply_name.data,
                          reply_mail=active_form.reply_mail.data,
                          meeting=active_form.meeting_id.data,
                          type=active_form.type,
                          author=current_user.get_user(),
                          title=active_form.title.data,
                          slug=active_form.slug.data,
                          body=active_form.body.data,
                          banner=banner_name,
                          attachments=file_name)
                commit()
                return p.id

            if active_form.validate_on_submit():
                if active_form.type.is_meeting:
                    if active_form.meeting_id.data and Meeting.exists(
                            id=active_form.meeting_id.data,
                            post_type=MeetingPostType.MEETING.value):
                        return redirect(url_for('.blog_post', post=add_post()))
                    active_form.meeting_id.errors = ['Bad parent']
                else:
                    return redirect(url_for('.blog_post', post=add_post()))

        elif admin and form == FormRoute.NEW_MEMBER_PAGE:
            message = 'New Member'
            tabs[6]['active'] = True
            active_form = TeamForm()
            if active_form.validate_on_submit():
                banner_name, file_name = combo_save(active_form.banner_field,
                                                    active_form.attachment)
                p = TeamPost(type=active_form.type,
                             title=active_form.title.data,
                             slug=active_form.slug.data,
                             body=active_form.body.data,
                             banner=banner_name,
                             attachments=file_name,
                             author=current_user.get_user(),
                             role=active_form.role.data,
                             scopus=active_form.scopus.data,
                             order=active_form.order.data)
                commit()
                return redirect(url_for('.blog_post', post=p.id))

        elif admin and form == FormRoute.BAN_USER:
            message = 'Ban User'
            tabs[7]['active'] = True
            active_form = BanUserForm()
            if active_form.validate_on_submit():
                u = User.get(email=active_form.email.data.lower())
                u.active = False
                flash('Successfully banned %s %s (%s)' %
                      (u.name, u.surname, u.email))

        elif admin and form == FormRoute.CHANGE_USER_ROLE:
            message = 'Change Role'
            tabs[8]['active'] = True
            active_form = ChangeRoleForm()
            if active_form.validate_on_submit():
                u = User.get(email=active_form.email.data.lower())
                u.user_role = active_form.type.value
                flash('Successfully changed %s %s (%s) role' %
                      (u.name, u.surname, u.email))

        else:  # admin or GTFO
            return redirect(url_for('.profile'))

        return render_template("forms.html",
                               subtitle='Profile',
                               title=current_user.full_name,
                               tabs=tabs,
                               form=active_form,
                               message=message)
Exemple #12
0
    def dispatch_request(self, page=1):
        if not current_user.role_is(UserRole.ADMIN):
            return redirect(url_for('.index'))

        q = select(x for x in Email).order_by(Email.id.desc())
        return blog_viewer(page, q, '.emails', 'E-mail templates', 'list')
Exemple #13
0
    def dispatch_request(self, post):
        admin = current_user.is_authenticated and current_user.role_is(
            UserRole.ADMIN)
        edit_post = None
        remove_post_form = None
        special_form = None
        special_field = None
        children = []
        title = None
        info = None

        p = Post.get(id=post)
        if not p:
            return redirect(url_for('.blog'))

        opened_by_author = current_user.is_authenticated and p.author.id == current_user.id
        downloadable = admin or p.classtype != 'Thesis' or opened_by_author
        deletable = admin or p.classtype == 'Thesis' and opened_by_author and p.meeting.deadline > datetime.utcnow(
        )
        """ admin page
        """
        if admin:
            remove_post_form = DeleteButtonForm(prefix='delete')
            if p.classtype == 'BlogPost':
                edit_post = PostForm(obj=p)
            elif p.classtype == 'Meeting':
                edit_post = MeetingForm(obj=p)
            elif p.classtype == 'Thesis':
                edit_post = ThesisForm(obj=p)
            elif p.classtype == 'Email':
                edit_post = EmailForm(obj=p)
            elif p.classtype == 'TeamPost':
                edit_post = TeamForm(obj=p)
            else:  # BAD POST
                return redirect(url_for('.blog'))

            if remove_post_form.validate_on_submit():
                p.delete()
                return remove_post_form.redirect('.blog')
            elif edit_post.validate_on_submit():
                p.body = edit_post.body.data
                p.title = edit_post.title.data
                p.date = datetime.utcnow()

                if hasattr(edit_post, 'slug') and edit_post.slug.data:
                    p.slug = edit_post.slug.data

                if edit_post.banner_field.data:
                    p.banner = save_upload(edit_post.banner_field.data,
                                           images=True)

                if edit_post.attachment.data:
                    p.add_attachment(*save_upload(edit_post.attachment.data))

                if hasattr(p, 'update_type'):
                    try:
                        p.update_type(edit_post.type)
                        if p.classtype == 'Thesis':
                            sub = Subscription.get(user=p.author,
                                                   meeting=p.meeting)
                            sub.update_type(edit_post.type.participation_type)
                    except Exception as e:
                        edit_post.post_type.errors = [str(e)]

                if hasattr(p, 'update_meeting') and p.can_update_meeting(
                ) and edit_post.meeting_id.data:
                    p.update_meeting(edit_post.meeting_id.data)

                if hasattr(p, 'update_order') and edit_post.order.data:
                    p.update_order(edit_post.order.data)

                if hasattr(p, 'update_role'):
                    p.update_role(edit_post.role.data)

                if hasattr(p, 'update_scopus'):
                    p.update_scopus(edit_post.scopus.data)

                if hasattr(p, 'update_from_name'):
                    p.update_from_name(edit_post.from_name.data)

                if hasattr(p, 'update_reply_name'):
                    p.update_reply_name(edit_post.reply_name.data)

                if hasattr(p, 'update_reply_mail'):
                    p.update_reply_mail(edit_post.reply_mail.data)

                if hasattr(p, 'update_body_name'):
                    p.update_body_name(edit_post.body_name.data)

                if hasattr(p, 'update_deadline') and edit_post.deadline.data:
                    p.update_deadline(edit_post.deadline.data)

                if hasattr(p, 'update_poster_deadline'
                           ) and edit_post.poster_deadline.data:
                    p.update_poster_deadline(edit_post.poster_deadline.data)

                if hasattr(p, 'update_participation_types'
                           ) and edit_post.participation_types:
                    p.update_participation_types(edit_post.participation_types)

                if hasattr(p,
                           'update_thesis_types') and edit_post.thesis_types:
                    p.update_thesis_types(edit_post.thesis_types)
        """ Meetings sidebar and title
        """
        if p.classtype == 'Meeting':
            title = p.meeting.title

            children.append(
                dict(title='Event main page',
                     url=url_for('.blog_post', post=p.meeting_id)))
            children.extend(
                dict(title=x.title, url=url_for('.blog_post', post=x.id))
                for x in p.meeting.children.filter(
                    lambda x: x.classtype == 'Meeting').order_by(
                        lambda x: x.special['order']))

            children.append(
                dict(title='Participants',
                     url=url_for('.participants', event=p.meeting_id)))
            children.append(
                dict(title='Abstracts',
                     url=url_for('.abstracts', event=p.meeting_id)))

            if p.type != MeetingPostType.MEETING:
                crumb = dict(url=url_for('.blog_post', post=p.meeting_id),
                             title=p.title,
                             parent='Event main page')

                if current_user.is_authenticated and p.type == MeetingPostType.REGISTRATION \
                        and p.deadline > datetime.utcnow():

                    sub = Subscription.get(user=current_user.get_user(),
                                           meeting=p.meeting)
                    special_form = MeetForm(
                        prefix='special',
                        obj=sub,
                        types=p.meeting.participation_types)

                    if special_form.validate_on_submit():
                        thesis = Thesis.get(post_parent=p.meeting,
                                            author=current_user.get_user())
                        if sub:
                            if special_form.type == MeetingPartType.LISTENER and thesis:
                                special_form.part_type.errors = [
                                    'Listener participation type unavailable. '
                                    'You sent thesis earlier.'
                                ]
                                flash('Participation type change error',
                                      'error')
                            else:
                                sub.update_type(special_form.type)
                                thesis_type = ThesisPostType.thesis_types(
                                    special_form.type)[-1]
                                if thesis and thesis.type != thesis_type:
                                    thesis.update_type(thesis_type)
                                    flash('Thesis type changed! Check it.')
                                flash('Participation type changed!')
                        else:
                            Subscription(current_user.get_user(), p.meeting,
                                         special_form.type)
                            flash('Welcome to meeting!')

                            m = Email.get(
                                post_parent=p.meeting,
                                post_type=EmailPostType.MEETING_THESIS.value)
                            send_mail((m and m.body
                                       or '%s\n\nYou registered to meeting') %
                                      current_user.full_name,
                                      current_user.email,
                                      to_name=current_user.full_name,
                                      title=m and m.title,
                                      subject=m and m.title
                                      or 'Welcome to meeting',
                                      banner=m and m.banner,
                                      from_name=m and m.from_name,
                                      reply_mail=m and m.reply_mail,
                                      reply_name=m and m.reply_name)

                elif current_user.is_authenticated and p.type == MeetingPostType.SUBMISSION \
                        and p.poster_deadline > datetime.utcnow():

                    sub = Subscription.get(user=current_user.get_user(),
                                           meeting=p.meeting)
                    if sub and sub.type != MeetingPartType.LISTENER and \
                            not Thesis.exists(post_parent=p.meeting, author=current_user.get_user()):
                        thesis_types = p.meeting.thesis_types
                        special_form = ThesisForm(
                            prefix='special',
                            body_name=p.body_name,
                            types=[
                                x
                                for x in ThesisPostType.thesis_types(sub.type)
                                if x in thesis_types
                            ])
                        if special_form.validate_on_submit():
                            banner_name, file_name = combo_save(
                                special_form.banner_field,
                                special_form.attachment)
                            t = Thesis(p.meeting_id,
                                       type=special_form.type,
                                       title=special_form.title.data,
                                       body=special_form.body.data,
                                       banner=banner_name,
                                       attachments=file_name,
                                       author=current_user.get_user())
                            commit()
                            return redirect(url_for('.blog_post', post=t.id))
            else:
                crumb = dict(url=url_for('.blog'), title='Post', parent='News')

        elif p.classtype == 'Thesis':
            if current_user.is_authenticated and opened_by_author and p.meeting.poster_deadline > datetime.utcnow(
            ):
                sub = Subscription.get(user=current_user.get_user(),
                                       meeting=p.meeting)
                thesis_types = p.meeting.thesis_types
                special_form = ThesisForm(
                    prefix='special',
                    obj=p,
                    body_name=p.body_name,
                    types=[
                        x for x in ThesisPostType.thesis_types(sub.type)
                        if x in thesis_types
                    ])
                if special_form.validate_on_submit():
                    p.title = special_form.title.data
                    p.body = special_form.body.data
                    p.update_type(special_form.type)

                    if special_form.banner_field.data:
                        p.banner = save_upload(special_form.banner_field.data,
                                               images=True)
                    if special_form.attachment.data:
                        p.add_attachment(
                            *save_upload(special_form.attachment.data))

            crumb = dict(url=url_for('.abstracts', event=p.meeting_id),
                         title='Abstract',
                         parent='Event participants')
            special_field = '**Presentation Type**: *%s*' % p.type.fancy
        elif p.classtype == 'TeamPost':
            crumb = dict(url=url_for('.students'), title='Student', parent='Laboratory') \
                if p.type == TeamPostType.STUDENT else dict(url=url_for('.about'), title='Member', parent='Laboratory')
            if p.scopus:
                special_field = get_articles(p.scopus)
        elif p.type == BlogPostType.ABOUT:
            crumb = dict(url=url_for('.about'),
                         title='Description',
                         parent='Laboratory')
        else:
            crumb = dict(url=url_for('.blog'), title='Post', parent='News')
            """ collect sidebar news
            """
            info = select(x for x in Post if x.id != post and x.post_type in (
                BlogPostType.IMPORTANT.value,
                MeetingPostType.MEETING.value)).order_by(
                    Post.date.desc()).limit(3)

        return render_template("post.html",
                               title=title or p.title,
                               post=p,
                               info=info,
                               downloadable=downloadable,
                               children=children,
                               deletable=deletable,
                               edit_form=edit_post,
                               remove_form=remove_post_form,
                               crumb=crumb,
                               special_form=special_form,
                               special_field=special_field)