def users_new():
"""
Create a new user from form parameters.
Actually registers a new account.
"""
user = User.query.filter(User.login == session['login']).first()
if request.form['role'].startswith('librarian'):
if not user.has_permission(Permission.create_librarian):
return 'no perm', 403
if not user.has_permission(Permission.create_patron):
return 'no perm', 403
u = auth.register_account(
login=request.form['login'],
password=request.form['password'],
reset_password=False, # TODO
role=request.form['role'],
name=request.form['name'],
address=request.form['address'],
phone=request.form['phone'],
card_number=request.form['card_number'])
log(session['login'], 'created', 'user {}'.format(u.id))
return redirect('/admin/users')
def users_edit(user_id):
"""
Actually update the user from the form parameters.
If password changes (if it is present and non-empty in form), then set reset_password of user to True).
"""
s_user = User.query.filter(User.login == session['login']).first()
user = User.query.filter(User.id == user_id).first()
if user.role.startswith('librarian'):
if not s_user.has_permission(Permission.modify_librarian):
return 'no perm', 403
if not user.has_permission(Permission.modify_patron):
return 'no perm', 403
log(session['login'], 'updated', 'user {}'.format(user_id))
if 'password' in request.form and len(
request.form['password'].strip()) > 0:
auth.change_password(user_id, request.form['password'])
user = User.query.filter(User.id == user_id).first()
user.login = request.form['login']
user.role = request.form['role']
user.name = request.form['name']
user.address = request.form['address']
user.phone = request.form['phone']
user.card_number = request.form['card_number']
db.session.add(user)
db.session.commit()
return redirect(request.referrer)
def document_delete(document_id):
"""
Delete a document by id.
"""
log(session['login'], 'deleted', 'document {}'.format(document_id))
doc = Document.query.filter(Document.id == document_id).first_or_404()
db.session.delete(doc)
db.session.commit()
return redirect(request.referrer)
def user_claim(document_id):
"""
Claim first available copy of the specified document.
"""
log(session['login'], 'claimed', 'document {}'.format(document_id))
copy = DocumentCopy.query.filter(DocumentCopy.document_id == document_id,
DocumentCopy.loan == None).first_or_404()
user = User.query.filter(User.login == session['login']).first()
user.checkout(copy)
return redirect(request.referrer)
def loan_return(loan_id):
"""
Confirm the returning of the loan by id.
Deletes the loan from the db.
"""
log(session['login'], 'confirmed return of', 'loan {}'.format(loan_id))
loan = Loan.query.filter(Loan.id == loan_id).first()
db.session.delete(loan)
db.session.commit()
return redirect(request.referrer)
def document_new():
"""
Create a new document from form data.
Takes the type into consideration,
if type is not one of {'book', 'av', 'article'} (yeah, it is different, maybe fix later),
then nothing will be done, and it will probably fail with an error.
"""
t = request.form['type']
if t == 'book':
doc = Book(
title=request.form['title'],
price=request.form['price'],
keywords=comma_to_list(request.form['keywords']),
authors=comma_to_list(request.form['authors']),
edition=request.form['edition'],
publisher=request.form['publisher'],
publishment_year=request.form['publishment_year'],
bestseller='bestseller' in request.form,
reference='reference' in request.form
)
elif t == 'av':
doc = AVMaterial(
title=request.form['title'],
price=request.form['price'],
keywords=comma_to_list(request.form['keywords']),
authors=comma_to_list(request.form['authors'])
)
elif t == 'article':
doc = JournalArticle(
title=request.form['title'],
price=request.form['price'],
keywords=comma_to_list(request.form['keywords']),
authors=comma_to_list(request.form['authors']),
issue_editor=request.form['issue_editor'],
issue_publication_date=request.form['issue_publication_date'],
journal=request.form['journal']
)
for i in range(int(request.form['copies'])):
dc = DocumentCopy(document=doc)
db.session.add(doc)
db.session.commit()
log(session['login'], 'created', 'document {}'.format(doc.id))
# TODO
return redirect('/admin/documents')
def loan_confirm(loan_id):
"""
Confirm the loan request by id.
Changes the status to approved, and sets due_date to calculated date for user.
"""
log(session['login'], 'confirmed', 'loan {}'.format(loan_id))
loan = Loan.query.filter(Loan.id == loan_id).first()
loan.status = Loan.Status.approved
loan.due_date = datetime.date.today() + loan.user.get_checkout_period_for(
loan.document_copy.document)
db.session.add(loan)
db.session.commit()
return redirect(request.referrer)
def document_outstanding_request(document_id):
"""
Delete the priority queue for the document.
"""
log(session['login'], 'placed an outstanding request on', 'document {}'.format(document_id))
from hexagonal import QueuedRequest
qrs = QueuedRequest.query.filter(QueuedRequest.document_id == document_id).all()
for qr in qrs:
db.session.delete(qr)
db.session.commit()
return redirect(request.referrer)
def document_edit(document_id):
"""
Actual edit for document.
Does just replace the fields with the supplied ones WITH ONE EXCEPTION (!):
copy_delta - just an integer:
- if 0, does nothing.
- if N, adds blank copies of the document.
- if -N, removes all unused copies from the db.
"""
log(session['login'], 'updated', 'document {}'.format(document_id))
doc = Document.query.filter(Document.id == document_id).first_or_404()
doc.title = request.form['title']
doc.price = request.form['price']
doc.keywords = comma_to_list(request.form['keywords'])
doc.authors = comma_to_list(request.form['authors'])
try:
copy_delta = int(request.form.get('copy_delta', 0))
except:
copy_delta = 0
if copy_delta > 0:
for _ in range(copy_delta):
dc = DocumentCopy(document=doc)
elif copy_delta < 0:
if -copy_delta <= len(doc.available_copies):
# noinspection PyComparisonWithNone
dcs = DocumentCopy.query.filter(DocumentCopy.document == doc, DocumentCopy.loan == None).limit(
-copy_delta).all()
for dc in dcs:
db.session.delete(dc)
db.session.commit()
if doc.type == 'book':
doc.edition = request.form['edition']
doc.publisher = request.form['publisher']
doc.publishment_year = request.form['publishment_year']
doc.bestseller = 'bestseller' in request.form
doc.reference = 'reference' in request.form
db.session.add(doc)
db.session.commit()
from hexagonal.ui.user import update_qr_dates
update_qr_dates()
return redirect(request.referrer)
def user_enqueue(document_id):
"""
Enqueue the document. Patron will get a notification when the copy is available.
"""
log(session['login'], 'enqueued', 'document {}'.format(document_id))
from hexagonal import QueuedRequest
user = User.query.filter(User.login == session['login']).first()
document = Document.query.filter(Document.id == document_id).first()
if not user or not document:
return 'no such document or user', 404
if document in user.queued_documents:
return 'already queued to that doc', 403
qr = QueuedRequest(patron=user, document=document)
db.session.add(qr)
db.session.commit()
return redirect(request.referrer)
def users_delete(user_id):
"""
Delete a user by id.
"""
s_user = User.query.filter(User.login == session['login']).first()
user = User.query.filter(User.id == user_id).first()
if user.role.startswith('librarian'):
if not s_user.has_permission(Permission.delete_librarian):
return 'no perm', 403
if not user.has_permission(Permission.delete_patron):
return 'no perm', 403
log(session['login'], 'deleted', 'user {}'.format(user_id))
user = User.query.filter(User.id == user_id).first_or_404()
db.session.delete(user)
db.session.commit()
return redirect(request.referrer)