def show_score(user_id,score_id): teams = [t for t in Team.select() if can(auth.get_logged_in_user(),READ,t)] user = get_object_or_404(User, User.id == user_id) score = get_object_or_404(Score, Score.id == score_id) ensure(READ,user) users = [u for u in User.select().where(User.team == user.team) if can(auth.get_logged_in_user(),READ,u)] return render_template("score_detail.html", active_user=user, teams=teams, users=users, active_team = user.team, score=score)
def test_get_object_or_404(self): user = self.create_user('test', 'test') # test with model as first arg self.assertRaises(NotFound, get_object_or_404, User, username='******') self.assertEqual(user, get_object_or_404(User, username='******')) # test with query as first arg active = User.select().where(active=True) inactive = User.select().where(active=False) self.assertRaises(NotFound, get_object_or_404, active, username='******') self.assertRaises(NotFound, get_object_or_404, inactive, username='******') self.assertEqual(user, get_object_or_404(active, username='******'))
def test_get_object_or_404(self): user = self.create_user('test', 'test') # test with model as first arg self.assertRaises(NotFound, get_object_or_404, User, User.username=='not-here') self.assertEqual(user, get_object_or_404(User, User.username=='test')) # test with query as first arg active = User.select().where(User.active==True) inactive = User.select().where(User.active==False) self.assertRaises(NotFound, get_object_or_404, active, User.username=='not-here') self.assertRaises(NotFound, get_object_or_404, inactive, User.username=='test') self.assertEqual(user, get_object_or_404(active, User.username=='test'))
def user_detail(username): user = get_object_or_404(User, User.username == username) messages = user.message_set.order_by(Message.pub_date.desc()) return object_list('user_detail.html', messages, 'message_list', person=user)
def delete(self, id): '''Delete a person.''' person = get_object_or_404(Person, Person.id == int(id)) pid = person.id person.delete_instance() return jsonify({"message": "Successfully deleted person.", "id": pid}), 200
def api_borrow(self, pk): """API to borrow disk""" obj = get_object_or_404(self.get_query(), self.pk == pk) data = request.data or request.form.get('data') or '' new_log = Log(model='Disk', log_type='borrow', model_refer=obj.id) if request.method == 'POST': data = self.data_precheck(data, SubmitUserForm) # existence has been checked by SubmitUserForm req_user = User.select().where(User.id == data['id']).get() if obj.avail_type == 'Borrowed': # renew # only admin or holder can renew if obj.hold_by != req_user: return jsonify(errno=3, error="Disk not borrowed by the user") if not self.check_post(obj) and req_user != g.user: return self.response_forbidden() # renew it obj.renew() new_log.content = ("member %s renews disk %s" % (req_user.itsc, obj.get_callnumber())) new_log.user_affected = req_user if g.user.admin: new_log.admin_involved = g.user elif obj.avail_type == 'Reserved': # taken to deliver if not self.check_post(obj): return self.response_forbidden() obj.deliver() new_log.content = ("take out disk %s for delivery" % obj.get_callnumber()) new_log.user_affected = req_user new_log.admin_involved = g.user else: # checkout if not self.check_post(obj): return self.response_forbidden() obj.check_out(req_user) new_log.content = ("check out disk %s for member %s" % (obj.get_callnumber(), req_user.itsc)) new_log.user_affected = req_user new_log.admin_involved = g.user elif request.method == 'DELETE': if not self.check_delete(obj): return self.response_forbidden() obj.check_in() new_log.content = "check in disk %s" % obj.get_callnumber() new_log.admin_involved = g.user obj.save() new_log.save() return self.object_detail(obj)
def user_detail(username): user = get_object_or_404(User, username=username) messages = user.message_set.order_by(('pub_date', 'desc')) return object_list('user_detail.html', messages, 'message_list', person=user)
def api_rate(self, pk): """API to acquire the ups and downs of a disk""" data = request.data or request.form.get('data') or '' obj = get_object_or_404(self.get_query(), self.pk == pk) if request.method == 'GET': """Return the rates and whether a user has rated before""" ups, downs = obj.get_rate() rated = g.user and Log.select().where( Log.model == 'Disk', Log.model_refer == obj.id, Log.log_type == 'rate', Log.user_affected == g.user).exists() elif request.method == 'POST': data = self.data_precheck(data, RateForm) if not g.user: return self.response_forbidden() obj.add_rate(g.user, data['rate']) rated = True ups, downs = obj.get_rate() return self.response({ 'ups': ups, 'downs': downs, 'rated': rated })
def toggle_user_state(uid): data = request.get_json(silent=True) user = get_object_or_404(User, (User.id == uid)) user.active = data['active'] user.save() user_resource = api.registry[User] return jsonify(user_resource.serialize_object(user))
def delete_welcome_image(pk): activity = get_object_or_404(Activity, (Activity.id == pk)) activity.welcome_img = None if activity.save(): tasks.generate_json_files_for_activity(activity) flash(u'删除图片成功', 'success') return redirect(url_for('edit_activity', pk=pk))
def edit(note_id): user = auth.get_logged_in_user() note = get_object_or_404(Note, Note.user == user, Note.id == note_id) note.content = request.form.get('content') note.save() return redirect(url_for('getNotes', note_id=note.id))
def user_follow(username): user = get_object_or_404(User, User.username==username) Relationship.get_or_create( from_user=auth.get_logged_in_user(), to_user=user, ) flash('You are now following %s' % user.username) return redirect(url_for('user_detail', username=user.username))
def classroom(course_code): course = get_object_or_404(Course, Course.code == course_code) meetings = Meeting.select().where(Meeting.course_id == course.id) resources = Resource.select().where(Resource.course_id == course.id) return render_template('classroom.html', course=course, meetings=meetings, resources=resources)
def change_password(uid): data = request.get_json(silent=True) user = get_object_or_404(User, (User.id == uid)) user.username = data['username'] user.set_password(data['password']) user.save() user_resource = api.registry[User] return jsonify(user_resource.serialize_object(user))
def note_details(self, pk): note = get_object_or_404(self.get_query(), self.pk == pk) return self.response({ 'content': note.unparse_content(), 'reminder': (note.reminder.strftime('%Y-%m-%dT%H:%M') if note.reminder else None), })
def user_unfollow(username): user = get_object_or_404(User, User.username==username) Relationship.delete().where( Relationship.from_user==auth.get_logged_in_user(), Relationship.to_user==user, ).execute() flash('You are no longer following %s' % user.username) return redirect(url_for('user_detail', username=user.username))
def update_choice(self, pk): obj = get_object_or_404(self.get_query(), self.pk == pk) to_add = [] for cid in request.json: if Choice.get_or_none(Choice.id == cid): to_add.append(cid) obj.choices.add(to_add, clear_existing=True) return UPDATED_SUCCESS_RESPONSE
def user_follow(username): user = get_object_or_404(User, User.username == username) Relationship.get_or_create( from_user=auth.get_logged_in_user(), to_user=user, ) flash('You are now following %s' % user.username) return redirect(url_for('user_detail', username=user.username))
def delete(self, id): '''Delete an item.''' item = get_object_or_404(Item, Item.id == id) item.delete_instance() return jsonify({ "message": "Successfully deleted item.", "id": item.id }), 200
def user_unfollow(username): user = get_object_or_404(User, User.username == username) Relationship.delete().where( Relationship.from_user == auth.get_logged_in_user(), Relationship.to_user == user, ).execute() flash('You are no longer following %s' % user.username) return redirect(url_for('user_detail', username=user.username))
def profile_settings(username): user = get_object_or_404(User, User.username == username) # user.first_name = request.form['first_name'] # user.last_name = request.form['last_name'] # user.password = request.form['password'] # user.email = request.form['email'] return render_template('profile-settings.html', user = user)
def delete(self, id): '''Delete a person.''' person = get_object_or_404(Person, Person.id == int(id)) pid = person.id person.delete_instance() return jsonify({ "message": "Successfully deleted person.", "id": pid }), 200
def user_detail(user_id): teams = [t for t in Team.select() if can(auth.get_logged_in_user(),READ,t)] user = get_object_or_404(User, User.id == user_id) ensure(READ,user) scores = Score.select().where(Score.user == user).order_by(Score.created_at.desc()) users = [u for u in User.select().where(User.team == user.team) if can(auth.get_logged_in_user(),READ,u)] pq = PaginatedQuery(scores, 20) last_date = datetime.now() - timedelta(days=5) return render_template("index.html", active_user=user, teams=teams, users=users, pagination=pq, page=pq.get_page(), active_team = user.team, weeks = [w for w in Week.select().where(Week.end > last_date) if not has_score(w.score_set)])
def edit(message_id): user = auth.get_logged_in_user() message = get_object_or_404(Message, user=user, id=message_id) if request.method == 'POST' and request.form['content']: message.content = request.form['content'] message.save() flash('Your changes were saved') return redirect(url_for('user_detail', username=user.username)) return render_template('edit.html', message=message)
def detail(slug): piece = get_object_or_404(Piece.select().where(Piece.slug == slug)) images = PieceImage.select().where(PieceImage.piece == piece) return render_template( 'detail.html', piece=piece, images=images, available_sizes=app.config['AVAILABLE_SIZES'], stripe_key=app.config['STRIPE_KEYS']['publishable_key'] )
def edit(message_id): user = auth.get_logged_in_user() message = get_object_or_404(Message, Message.user == user, Message.id == message_id) if request.method == "POST" and request.form["content"]: message.content = request.form["content"] message.save() flash("Your changes were saved") return redirect(url_for("user_detail", username=user.username)) return render_template("edit.html", message=message)
def edit(message_id): user = auth.get_logged_in_user() message = get_object_or_404(Message, Message.user==user, Message.id==message_id) if request.method == 'POST' and request.form['content']: message.content = request.form['content'] message.save() flash('Your changes were saved') return redirect(url_for('user_detail', username=user.username)) return render_template('edit.html', message=message)
def getNotes(note_id=None): user = auth.get_logged_in_user() notes = Note.select().where(Note.user == user).order_by( Note.created_date.desc()) context = { 'notes': notes, } if note_id: note = get_object_or_404(Note, Note.user == user, Note.id == note_id) context['note'] = note return render_template('notes.html', context=context)
def homepage(): teams = [t for t in Team.select() if g.user.can(READ,t)] if not teams: abort(404) current_team = get_object_or_404(Team, Team.id == int( request.args.get('t'))) if request.args.has_key('t') else teams[0] ensure(READ,current_team) users = [u for u in User.select().where(User.team == current_team, User.active == True) if g.user.can(READ,u)] return render_template("index.html", teams=teams, users=users, active_team=current_team)
def api_vote(self, pk): """API for Movote""" obj = get_object_or_404(self.get_query(), self.pk == pk) data = request.data or request.form.get("data") or '' data = self.data_precheck(data, VoteForm) if not g.user: return self.response_forbidden() obj.add_vote(g.user, data['film_id']) obj.save() return self.response({})
def api_reserve(self, pk): """API to reserve a disk""" obj = get_object_or_404(self.get_query(), self.pk == pk) data = request.data or request.form.get('data') or '' new_log = Log(model='Disk', log_type='reserve', model_refer=obj.id) if request.method == 'POST': data = self.data_precheck(data, ReserveForm) # reserve the disk obj.reserve(g.user, data['form']) new_log.user_affected = g.user if data['form'] == 'Counter': new_log.content = ("member %s reserves disk" " %s (counter)") % \ (g.user.itsc, obj.get_callnumber()) elif data['form'] == 'Hall': new_log.content = ("member %s reserves disk" " %s (Hall %d %s). remarks: %s") %\ ( g.user.itsc, obj.get_callnumber(), data.get('hall', ''), data.get('room', ''), data.get('remarks', '') ) # send email to reminder exco to deliver disk mail_content = render_template( 'exco_reserve.html', disk=obj, member=g.user, data=data, time=str(datetime.now())) sq = Exco.select().where( Exco.hall_allocate % ("%%%d%%" % int(data.get('hall', '*')))) send_email( ['*****@*****.**'] + [x.email for x in sq], [], "Delivery Request", mail_content) elif request.method == 'DELETE': # clear reservation if not self.check_delete(obj): return self.response_forbidden() new_log.content = "clear reservation for disk %s" % obj.get_callnumber() new_log.admin_involved = g.user new_log.user_affected = obj.reserved_by obj.clear_reservation() obj.save() new_log.save() return self.object_detail(obj)
def api_detail(self, pk, method=None): obj = get_object_or_404(self.get_query(), self.pk == pk) method = method or request.method if not getattr(self, 'check_%s' % method.lower())(obj): return self.response_forbidden() if method == 'GET': return self.object_detail(obj) elif method in ('PUT', 'POST'): return self.edit(obj) elif method == 'DELETE': return self.delete(obj)
def save_score(user_id): user = get_object_or_404(User, User.id == user_id) week = Week.get(Week.id==int(request.form.get("week"))) ensure(EDIT,user) Score.create( user = user, self_score = request.form.get("score"), week_start = week.start, week_end = week.end, week = week, self_memo = request.form.get("self_memo") ) return redirect(url_for('user_detail',user_id=user_id))
def api_detail(self, pk, method=None): obj = get_object_or_404(self.get_query(), self.pk==pk) method = method or request.method if not getattr(self, 'check_%s' % method.lower())(obj): return self.response_forbidden() if method == 'GET': return self.object_detail(obj) elif method in ('PUT', 'POST'): return self.edit(obj) elif method == 'DELETE': return self.delete(obj)
def api_detail(self, pk, method=None): obj = get_object_or_404(self.get_query(), **{self.model._meta.pk_name: pk}) method = method or request.method if not getattr(self, "check_%s" % method.lower())(obj): return self.response_forbidden() if method == "GET": return self.object_detail(obj) elif method in ("PUT", "POST"): return self.edit(obj) elif method == "DELETE": return self.delete(obj)
def put(self, id): '''Update an item.''' item = get_object_or_404(Item, Item.id == id) # Update item item.name = request.json.get("name", item.name) item.checked_out = request.json.get("checked_out", item.checked_out) if request.json.get("person_id"): person = Person.get(Person.id == int(request.json['person_id'])) item.person = person or item.person else: item.person = None item.updated = datetime.utcnow() item.save() return jsonify({"message": "Successfully updated item.", "item": ItemSerializer(item).data})
def account_list(): if request.method == 'POST': uid = request.form.get('uid') username = request.form.get('username') password = request.form.get('password') if not (username and password): flash(u'缺少字段', 'danger') else: if uid: user = get_object_or_404(User, (User.id == uid)) else: user = User() user.username = username user.set_password(password) if user.save(): flash(u'操作成功', 'success') return render_template('accounts.html')
def api_vote(self, pk): """API for Shoppingvote""" obj = get_object_or_404(self.get_query(), self.pk == pk) data = request.data or request.form.get("data") or '' ''' SYS: data precheck only checks if the request data is integrate. it won't bother if the data is logical or legal. ''' data = self.data_precheck(data, ShoppingVoteForm) if not g.user: return self.response_forbidden() votes_left=obj.add_vote(g.user, data['film_id']) obj.save() return self.response({"votes_left":votes_left,})
def put(self, id): '''Update an item.''' item = get_object_or_404(Item, Item.id == id) # Update item item.name = request.json.get("name", item.name) item.checked_out = request.json.get("checked_out", item.checked_out) if request.json.get("person_id"): person = Person.get(Person.id == int(request.json['person_id'])) item.person = person or item.person else: item.person = None item.updated = datetime.utcnow() item.save() return jsonify({ "message": "Successfully updated item.", "item": ItemSerializer(item).data })
def begin_exam(self): eid = request.args.get('eid') user = auth.get_logged_in_user() exam = get_object_or_404(self.get_query(), self.pk == eid) if user in exam.users: if self.already_taken(user, exam): return ALREADY_TAKEN_EXAM_RESPONSE else: choices = exam.test_paper.choices response = { 'problem': [model_to_dict(choice, exclude=(Choice.answer, Choice.case_type, Choice.id)) for choice in choices], 'token': self.make_token(exam) } return self.response(response) else: return NOT_PERMITTED_RESPONSE
def api_apply(self, pk): """API to apply for a ticket""" obj = get_object_or_404(self.get_query(), self.pk == pk) data = request.data or request.form.get("data") or '' if not g.user: return self.response_forbidden() data = self.data_precheck(data, ApplyTicketForm) obj.add_application(g.user, data) Log.create( model="PreviewShowTicket", log_type='apply', model_refer=obj.id, user_affected=g.user, content=("member %s apply for ticket id=%d" % (g.user.itsc, obj.id)) ) return self.response({})
def submit(self): eid = request.json['eid'] token = request.json['token'] answers = request.json['answers'] user = auth.get_logged_in_user() exam = get_object_or_404(self.get_query(), self.pk == eid) if self.check_token(exam, token): if self.already_taken(user, exam): return ALREADY_TAKEN_EXAM_RESPONSE else: choices = exam.test_paper.choices counter = 0 for idx, choice in enumerate(choices): counter += choice.answer == answers[idx] score = counter / len(choices) * 100 report = Report.create(user=user, exam=exam, score=score) return self.response(model_to_dict(report, only=(Report.score,))) else: return NOT_PERMITTED_RESPONSE
def address(): address_form = AddressForm(request.form) user = auth.get_logged_in_user() address = get_object_or_404(Address, Address.user == user) if request.method == "POST": address = address.update( street=request.form["street"], zipcode=request.form["zipcode"], state=request.form["state"], country=request.form["country"]).where(address.user == user) address.execute() flash("Address successfully saved") return redirect(url_for("dashboard")) elif request.method =="GET": street = address.street zipcode = address.zipcode state = address.state country = address.country return render_template("address.html", street=street, zipcode=zipcode, state=state, country=country, address_form=address_form)
def addfragment(imageid, *context): """ if HTTP verb is POST a new fragment is saved for a specific imageid the annotation being saved depends on the type of annotation in the frontend in these steps: - create imagefragment - create metadata for the fragment - create annotation for the fragment depending on annotation type (everything not is not identified by a specific context of the frontend, is being annotated using key-value pairs) if HTTP verb is GET the user is being redirected to the image ***TODO*** the typ of annotation data should not depend on the frontend to enable using this trough the API --> further improvement needed! """ image = get_object_or_404(Image, id=imageid) if request.method == 'POST' and request.form['xvalue']: imgfrag = imgc.add_fragment(image, [request.form['xvalue'], request.form['yvalue']]) namespace = request.args.get('namespace') fragmeta = imgc.add_metadata(imgfrag, namespace) if request.args.get('context') == "person": imgc.add_annotation(fragmeta, 'name', request.form['name']) imgc.add_annotation(fragmeta, 'homepage', request.form['homepage']) elif request.args.get('context') == "location": imgc.add_annotation(fragmeta, 'locationLabel', request.form['locationLabel']) imgc.add_annotation(fragmeta, 'locationLink', request.form['locationLink']) elif (request.args.get('context') == "relation") or (request.args.get('context') == "media"): imgc.add_annotation(fragmeta, 'targetLabel', request.form['targetLabel']) imgc.add_annotation(fragmeta, 'targetLink', request.form['targetLink']) else: annokey = request.form['key'] value = request.form['value'] imgc.add_annotation(fragmeta, annokey, value) flash('Das Fragment wurde erfolgreich angelegt!') return redirect(url_for('image_detail', imageid=imageid)) return render_template('image_detail.html', img=image)
def update_score(user_id,score_id): with db.database.transaction(): score = get_object_or_404(Score, Score.id == score_id) ensure(EDIT,score) score.rater = auth.get_logged_in_user() score.score = request.form.get("score") score.memo = request.form.get("memo") score.save() ScoreHistory.create( rater = auth.get_logged_in_user(), score = score, history = request.form.get("score") ) Score.get_or_create( user = g.user, week = score.week, week_start = score.week_start, week_end = score.week_end ) return redirect(url_for('user_detail',user_id=user_id))
def adduri(imageid): """ if HTTP verb is POST a new fragment is saved for a specific imageid the annotation being saved depends on the type of annotation in the frontend ***TODO*** the typ of annotation data should not depend on the frontend to enable using this trough the API --> further improvement needed! """ image = get_object_or_404(Image, id=imageid) if request.method == 'POST' and request.form['imguri']: if imgc.add_imageuri(request.form['imguri'], image) == True: flash('Die URI wurde erfolgreich hinzugefuegt.') return redirect(url_for('image_detail', imageid=imageid)) else: flash('Diese URI existiert bereits fuer dieses Bild - bitte waehle eine andere.', 'error') return redirect(url_for('image_detail', imageid=imageid)) return render_template('image_detail.html', img=image)
def api_particip(self, pk): """API to note down participants of a regular film show""" obj = get_object_or_404(self.get_query(), self.pk == pk) data = request.data or request.form.get("data") or '' if not self.check_post(obj): return self.response_forbidden() data = self.data_precheck(data, SubmitUserForm) # existence has been verified user = User.select().where(User.id == data['id']).get() obj.signin_user(user) user.save() obj.save() Log.create( model="RegularFilmShow", model_refer=obj.id, log_type="entry", user_affected=user, admin_involved=g.user, content="member %s enter RFS" % user.itsc) return self.response({})
def city_detail(city_id): city = get_object_or_404(City, id=city_id) obj_list = Pinche.select().where(city=city).order_by('pub_date') return object_list('city_detail.html', obj_list, "obj_list")
def delete_entry(note_id): user = auth.get_logged_in_user() note = get_object_or_404(Note, Note.user == user, Note.id == note_id) note.delete_instance() return redirect(url_for('getNotes'))
def pinche_detail(pinche_id): obj = get_object_or_404(Pinche, id=pinche_id) return render_template('pinche_detail.html', obj=obj)
def news_detail(news_id): obj = get_object_or_404(OursNews, id=news_id) return render_template('news_detail.html', obj=obj)