def delete_report_redirect():
if session['log_in']==True:
_id= session['uuid']
if User.is_admin(_id):
deletereport=request.args['id']
Report.delete(deletereport)
return redirect(url_for('administration'))
else:
User.update(_id,'banned',True)
return redirect(url_for('index'))
def userdashboard():
if session['log_in'] == True:
_id = session['uuid']
pending = Report.get_report_status_per_user(_id,0)
accepted = Report.get_report_status_per_user(_id,1)
rejected = Report.get_report_status_per_user(_id,-1)
reportCount = get_reports_per_user_count(_id)
history = get_chat_messages(_id)
usernames = get_username_from_messages(history[0])
length = len(history[0])
return view.render_template(view='userdashboard.html',pending=pending,accepted=accepted,rejected=rejected,reportCount=reportCount,history=history,usernames=usernames,length=length)
return redirect(url_for('index'))
def unlock_report():
if session['log_in'] == True:
_id = session['uuid']
if User.is_admin(_id):
unlock_report=request.args['id']
unlocked_report=Report.get_report(unlock_report)
if unlocked_report['locked'] == True:
Report.update(unlocked_report['reportId'],'locked',False)
return redirect(url_for('administration'))
else:
User.update(_id,'banned',True)
return redirect(url_for('index'))
def calculate_score_for_user(user): score=0 if user['banned']==False: allUserReports=Report.find_reports_by_owner_id(user['_id']) for report in allUserReports: score+=int(report['reportScore']) return[user['username'],score]
def new_report():
if session['log_in'] == True:
error=None
_id = session['uuid']
if request.method == 'POST':
if check_form_empty(request.form,ignore='reportContent'):
error='Please fill all the form before submiting!'
return view.render_template(view='add.html',error=error)
else:
reportOwner =_id
reportName =request.form['reportName']
reportType =request.form['reportType']
reportLevel =request.form['reportLevel']
AttackVector =request.form['AttackVector']
reportDescription =request.form['reportDescription']
getprivilege =request.form['getprivilege']
AttackComplexity =request.form['AttackComplexity']
# handle file upload section
if 'reportContent' in request.files:
file =request.files['reportContent']
else:
file = False
reportFile = None
if Report.get_reports_queue(_id)<=conf.REPORT_LIMIT:
if file:
reportFile = file.filename
if allowed_file(reportFile):
reportFile = secure_file_name(file.filename)
file.save(os.path.join(os.getcwd()+conf.UPLOAD_FOLDER,reportFile))
else:
error="File not allowed, INC ban"
return view.render_template(view='add.html',error=error)
report = Report.register_report(reportOwner,reportName,reportType,reportDescription,reportLevel,AttackComplexity,AttackVector,getprivilege,reportFile)
# this has being changed before
success = 'Reported submitted successfully!'
return view.render_template(view='add.html',success=success)
else:
error='Due to flooding threat every user is limited to only '+str(conf.REPORT_LIMIT)+' reports in pending queue, Sorry for the inconvenience.'
return view.render_template(view='add.html',error=error)
elif request.method == 'GET':
user = User.get_by_id(_id)
error = None
if user['banned'] == True:
error = "You are not allowed to add a report because you are banned!"
return view.render_template(view='banned.html',error=error)
return view.render_template(view='add.html',error=error)
return redirect(url_for('index'))
def evaluate_report():
error=None
if session['log_in']==True:
_id= session['uuid']
if User.is_admin(_id):
edit_report=request.args['id']
report=Report.get_report(edit_report)
if report['locked']== False:
usernames = get_username(report)
Report.update(report['reportId'],'locked',True)
return view.render_template(view='admin_report.html',report=report,usernames=usernames)
else:
flash("Another admin is currently evaluating!")
return redirect(url_for('administration'))
else:
User.update(_id,'banned',True)
return redirect(url_for('index'))
def administration():
if session['log_in']==True:
_id = session['uuid']
if User.is_admin(_id):
# counting reports and users
countReports = Report.get_all_reports_count()
countUsers = User.count_users()
# count waiting submissions
pendingReportsCount = Report.get_pending_reports_count()
acceptedReportsCount = Report.get_accepted_reports_count()
rejectedReportsCount = Report.get_rejected_reports_count()
# this line is an anti protection against division by zero
if countReports==0:
acceptedReportsRatio = 0
else:
acceptedReportsRatio = round(acceptedReportsCount * 100 / countReports)
currentDate=datetime.datetime.now()
# this section gonna deal with the users management view in the admin dashboard
allUsers=User.get_all_users()
#handles the message display
messages = Chat.get_unviewed_messages()
usernames = get_username_from_messages(messages)
len2 = len(usernames)
# this section gonna deal with the reports management view in the admin dashboard
allReports = Report.get_all_reports()
allPending = Report.get_all_pending_reports()
allAccepted = Report.get_all_accepted_reports()
allRejected = Report.get_all_rejected_reports()
# this section gonna handle the mini leaderboard in the admin panel
Ranking=[]
for user in allUsers:
if user['admin'] == True:
pass
else:
Ranking.append(calculate_score_for_user(user))
Ranking=sorted(Ranking,key=lambda l:l[1],reverse=True)
length=len(Ranking)
# to avoid the bug of displaying rank in leaderboard
if length is None:
length = 0
return view.render_template(view='admin/admin.html',countReports=countReports,countUsers=countUsers,pendingReportsCount=pendingReportsCount,acceptedReportsCount=acceptedReportsCount,rejectedReportsCount=rejectedReportsCount,ratio=acceptedReportsRatio,
allReports=allReports,allUsers=allUsers,allPending=allPending,allAccepted=allAccepted,allRejected=allRejected,currenttime=currentDate
,length=length,ranking=Ranking,messages=messages,usernames=usernames,len2=len2)
return redirect(url_for('index'))
def score_report():
if session['log_in']==True:
_id= session['uuid']
if User.is_admin(_id):
edit_report=request.form['id']
score=request.form['score']
if int(score)!=0:
Report.update(edit_report,'reportScore',int(score))
Report.update(edit_report,'locked',False)
Report.update(edit_report,'status',1)
return redirect(url_for('administration'))
else:
Report.update(edit_report,'reportScore',int(score))
Report.update(edit_report,'status',-1)
Report.update(edit_report,'locked',False)
return redirect(url_for('administration'))
else:
User.update(_id,'banned',True)
return redirect(url_for('index'))
def get_reports_per_user_count(_id): post = Report.find_reports_by_owner_id(_id) if post is not None: return len(post)
def get_reports(self, _id):
return Report.find_reports_by_owner_id(_id)