class DataSetController(BaseController):
@expose('etl.templates.datasets.index')
@require(predicates.not_anonymous())
def index(self):
datasets = DBSession.query(DataSet).all()
return dict(datasets=datasets)
@expose('etl.templates.datasets.view')
@expose(content_type="text/csv")
@expose(content_type='application/json')
@require(predicates.Any(predicates.not_anonymous(), is_api_authenticated()))
@validate({'dataset': Convert(lambda v: DBSession.query(DataSet).filter_by(uid=v).one())},
error_handler=abort(404, error_handler=True))
def view(self, dataset, **kw):
try:
result = dataset.fetch()
except Exception as e:
log.exception('Failed to Retrieve Data')
flash('ERROR: %s' % e, 'error')
return dict(dataset=dataset, columns=[], results=[], count=0)
if request.response_type == 'text/csv':
return dateframe_to_csv(result)
elif request.response_type == 'application/json':
return dateframe_to_json(result)
return dict(
dataset=dataset,
columns=list(result.columns),
results=list(result.itertuples()),
count=len(result),
py2=py_version < 3
)
class OutputPlusController(RestController):
allow_only = predicates.not_anonymous()
@expose("json")
@decode_params("json")
def post(self, highlighted_text=u"", workspace=None, list_=[]):
first_5_words = u" ".join(highlighted_text.split())
title = u" ".join(first_5_words.split(" ")[:5])
user = request.identity["user"]
output = Output(
_owner=user._id,
_workspace=workspace,
title=title,
public=True,
visible=True,
html=highlighted_text,
auto_generated=True,
status=Output.STATUS.UNREAD,
)
for o in list_:
m = entity_from_id(_id=ObjectId(o[2:-1]))
output.insert_content(m)
DBSession.flush(output)
return dict(_id=str(output._id), title=title, hash=output.hash)
def _default(self, page=None, *args, **kw):
page_slug = dict(slug=page)
hooks.notify('flatpages.before_override_template', args=(page_slug, self))
page = model.FlatPage.by_slug(page_slug['slug'])
if page is None:
abort(404, 'Page not found')
permission = page.required_permission
if permission and permission != 'public':
if permission == 'not_anonymous':
predicate = predicates.not_anonymous()
else:
predicate = predicates.has_permission(permission)
if not predicate.is_met(request.environ):
abort(403, 'Forbidden')
try:
userid = request.identity['user'].user_id
except:
userid = None
override_template(RootController._default, page.template)
hooks.notify('flatpages.after_override_template', (page, self))
return dict(page=page,
tg_cache={'expire': self.CACHE_EXPIRE,
'key': '%s-%s-%s' % (page.slug, page.updated_at, userid)})
class OutputPlusController(RestController):
allow_only = predicates.not_anonymous()
@expose('json')
@decode_params('json')
def post(self, highlighted_text=u'', workspace=None, list_=[]):
first_5_words = u' '.join(highlighted_text.split())
first_5_words = u' '.join(first_5_words.split(" ")[:5])
user = request.identity['user']
content = []
for elem in list_:
type, _id = elem.split("_")
_model = ResolveController.related_models[type]
o = _model.query.get(ObjectId(_id))
content.append({
'type': type,
'title': o.title,
'content': _id
})
title = _(u'Output ') + first_5_words
output = model.Output(
_owner=user._id,
_category=workspace,
title=title,
content=content,
public=True,
visible=True,
html=highlighted_text
)
return dict(_id=str(output._id), title=title)
class ContentController(StandardController):
"""
Class of controllers used for example in home to mark read the unread
contents via mark_all_read()
"""
@classmethod
def current_item_id_key_in_context(cls) -> str:
return ''
@tg.expose()
def index(self):
return dict()
@require(predicates.not_anonymous())
@tg.expose()
def mark_all_read(self):
'''
Mark as read all the content that hasn't been read
redirects the user to "/home"
'''
user = tg.tmpl_context.current_user
content_api = ContentApi(user)
content_api.mark_read__all()
tg.redirect("/home")
def _check_security(self):
requirement = getattr(self, 'allow_only', None)
if requirement is None:
return True
if hasattr(requirement, 'predicate'):
# It is a full requirement, let it build the response
requirement._check_authorization()
return True
# It is directly a predicate, build the response ourselves
predicate = requirement
try:
predicate.check_authorization(tg.request.environ)
except NotAuthorizedError as e:
reason = unicode_text(e)
if hasattr(self, '_failed_authorization'):
# Should shortcircuit the rest, but if not we will still
# deny authorization
self._failed_authorization(reason)
if not_anonymous().is_met(tg.request.environ):
# The user is authenticated but not allowed.
code = 403
status = 'error'
else:
# The user has not been not authenticated.
code = 401
status = 'warning'
tg.response.status = code
flash(reason, status=status)
abort(code, comment=reason)
def _default(self, page=None, *args, **kw):
page = model.FlatPage.by_slug(page)
if page is None:
abort(404, 'Page not found')
permission = page.required_permission
if permission and permission != 'public':
if permission == 'not_anonymous':
predicate = predicates.not_anonymous()
else:
predicate = predicates.has_permission(permission)
if not predicate.is_met(request.environ):
abort(403, 'Forbidden')
try:
userid = request.identity['user'].user_id
except:
userid = None
override_template(RootController._default, page.template)
hooks.notify('flatpages.before_render_page', (page, ))
return dict(page=page,
tg_cache={
'expire': self.CACHE_EXPIRE,
'key':
'%s-%s-%s' % (page.slug, page.updated_at, userid)
})
class SoundController(BaseController):
allow_only = predicates.not_anonymous()
def _before(self, *args, **kw):
tmpl_context.project_name = "SpacePlayer"
@expose('webplayer.templates.sound')
def index(self):
sounds = DBSession.query(Sound).all()
return dict(page='sound', sounds=sounds)
@expose('json')
def gener_test_sounds(self, quantity):
Sound.generation_test_data(int(quantity))
redirect('/sound')
@expose('json')
def clear_data(self):
Sound.clear_data()
redirect('/sound')
@expose('json')
def upload_files(self, directory):
Sound.upload_files(directory)
redirect('/sound')
def _check_security(self):
requirement = getattr(self, 'allow_only', None)
if requirement is None:
return True
if hasattr(requirement, 'predicate'):
# It is a full requirement, let it build the response
requirement._check_authorization()
return True
# It is directly a predicate, build the response ourselves
predicate = requirement
try:
predicate.check_authorization(tg.request.environ)
except NotAuthorizedError as e:
reason = unicode_text(e)
if hasattr(self, '_failed_authorization'):
# Should shortcircuit the rest, but if not we will still
# deny authorization
self._failed_authorization(reason)
if not_anonymous().is_met(tg.request.environ):
# The user is authenticated but not allowed.
code = 403
status = 'error'
else:
# The user has not been not authenticated.
code = 401
status = 'warning'
tg.response.status = code
flash(reason, status=status)
abort(code, comment=reason)
class GroupsController(BaseController):
allow_only = not_anonymous()
@expose()
def _lookup(self, group_id, *args):
try:
group_id = int(group_id)
except ValueError:
abort(404, "Not a valid group identifier.")
user = request.identity['user']
group = DBSession.query(Group).get(group_id)
if not group:
abort(404, "No such group.")
if user not in group.users and not user.admin:
abort(403, "You are not a part of this group.")
return GroupController(group), args
@expose('algobowl.templates.group.select')
@expose('json')
def index(self):
user = request.identity['user']
groups = [g for g in user.groups if g.competition.active]
if len(groups) == 1 and request.response_type != 'application/json':
redirect(url('/group/{}'.format(groups[0].id)))
return {'groups': groups}
class RabbitController(BaseController):
allow_only = predicates.not_anonymous()
@expose('json')
def countsessions(self, **kw):
if "user" in kw:
# url=app_globals.host_prefix+app_globals.stompHost+":15672/api/connections"
# response = requests.get(url, auth=(app_globals.stompUserName, app_globals.stompPassword), verify=False)
# count=0
# for item in response.json():
# user=item["user"]
# if (user==request.identity['repoze.who.userid']):
# count=count+1
count = 0
return dict(count=count)
else:
return dict(error="Missing user parameter")
@expose('json')
def createuser(self, **kw):
if "user" in kw:
newUser = kw["user"]
url = app_globals.host_prefix + app_globals.stompHost + ":15672/api/users/" + newUser
headers = {'Content-type': 'application/json'}
data = '{"password":"******","tags":"none"}'
r = requests.put(url,
auth=(app_globals.stompUserName,
app_globals.stompPassword),
headers=headers,
data=data,
verify=False)
url = app_globals.host_prefix + app_globals.stompHost + ":15672/api/permissions/%2f/" + newUser
data = '{"configure":".*","write":".*","read":".*"}'
r = requests.put(url,
auth=(app_globals.stompUserName,
app_globals.stompPassword),
headers=headers,
data=data,
verify=False)
return dict(status="User created")
else:
return dict(error="no parameters")
@expose('json')
def deleteuser(self, **kw):
if "user" in kw:
newUser = kw["user"]
url = app_globals.host_prefix + app_globals.stompHost + ":15672/api/users/" + newUser
headers = {'Content-type': 'application/json'}
data = '{"password":"******","tags":"none"}'
r = requests.delete(url,
auth=(app_globals.stompUserName,
app_globals.stompPassword),
headers=headers,
data=data,
verify=False)
return dict(status="User deleted")
else:
return dict(error="no parameters")
def index(self):
"""
Home page for not authorized users.
"""
from tg.predicates import not_anonymous
if not_anonymous():
redirect('/start')
return dict(page='index', pname=None)
def index(self):
"""
Home page for not authorized users.
"""
from tg.predicates import not_anonymous
if not_anonymous():
redirect('/start')
return dict(page='index', pname=None)
def year_list(self):
"""Handle the 'main_user' page."""
users=DBSession.query(User).all()
workers=DBSession.query(Worker).all()
news_show=DBSession.query(News_show).all()
freeday=DBSession.query(FreeDay).all()
p = not_anonymous(msg='Only logged in users can read this post')
return dict(page='year_list',bar='Alex',users=users, workers=workers,news=news_show, freeday=freeday)
class PresentationsController(BaseController):
@expose('mozzarella.templates.presentations')
def index(self):
"""List all presentations"""
presentations = list(DBSession.query(Presentation))
presentations.sort(key=lambda p: p.date, reverse=True)
return dict(page='presentations', presentations=presentations)
@expose('mozzarella.templates.presentation_upload')
@require(not_anonymous(msg='Only logged in users can sumbit presentations')
)
def upload_form(self, **kw):
tmpl_context.form = new_presentation_form
return dict(page='presentation_upload', value=kw)
@validate(new_presentation_form, error_handler=upload_form)
@expose()
@require(not_anonymous(msg='Only logged in users can sumbit presentations')
)
def upload(self, **kw):
del kw['sprox_id'] # required by sprox
kw['authors'] = [DBSession.query(User).get(id) for id in kw['authors']]
pres = Presentation()
kw['files'] = []
for f in ('file', 'file_2', 'file_3'):
if kw[f] is not None:
kw['files'].append(
PresentationFile(
presentation_id=pres.id,
file=kw[f],
description=kw['{}_description'.format(f)]))
DBSession.add(kw['files'][-1])
del kw[f]
del kw['{}_description'.format(f)]
for k, v in kw.items():
setattr(pres, k, v)
DBSession.add(pres)
DBSession.flush()
flash('Your presentation was successfully uploaded')
redirect('/presentations')
def main_user(self):
"""Handle the 'main_user' page."""
u=request.identity['user']
userr_id=u.user_id
users=DBSession.query(User).all()
workers=DBSession.query(Worker).all()
news_show=DBSession.query(News_show).all()
freeday=DBSession.query(FreeDay).all()
p = not_anonymous(msg='Only logged in users can read this post')
return dict(page='main_user',bar='Alex',users=users, us=userr_id, workers=workers,news=news_show, freeday=freeday)
class WorkspaceController(APIBaseController):
@expose('json')
@api_require(predicates.not_anonymous())
def index(self):
# NOTE BS 20161025: I can't use tmpl_context.current_user,
# I d'ont know why
workspace_api = WorkspaceApi(tmpl_context.identity.get('user'))
workspaces = workspace_api.get_all()
serialized_workspaces = Context(CTX.API_WORKSPACE).toDict(workspaces)
return {'value_list': serialized_workspaces}
class SymptomController(BaseController):
allow_only = predicates.not_anonymous()
@expose('blockmrs.templates.symptoms')
def index(self):
return dict()
@expose('blockmrs.templates.diagnosis')
def diagnosis(self):
print('ohea')
return dict()
class ProductController(TGController):
@expose('stroller2.templates.product.product')
def _default(self, slug=None, product=None, *args, **kw):
product = app_globals.shop.product.get(slug=slug, _id=product)
if product is None:
abort(404, 'Product not found')
return dict(product=product,
buy_form=get_buy_product_form(),
action=plug_url('stroller2', '/product/add_to_cart'),
active=self._product_is_active(product))
@require(not_anonymous())
@expose()
@validate(get_buy_product_form(), error_handler=_default)
def add_to_cart(self, product=None, quantity=1, **kw):
return
product = app_globals.shop.product.get(_id=product)
if product is None:
abort(404, 'Product not found')
try:
cart = app_globals.shop.cart.create_or_get(
request.identity['user'].user_id)
except CartLockedException:
flash(_('The cart is unavailable, try again later'), 'error')
return redirect('/product/%s' % product.slug)
if not app_globals.shop.product.buy(cart, product, 0, quantity):
flash(_('The product is sold out'), 'error')
else:
flash(_('Product %s added to cart') % product.i18n_name)
return redirect('/product/%s' % product.slug)
@classmethod
def _product_is_active(cls, product):
if product is None:
return False
if not product.active:
return False
return product.configurations[0].qty > 0
@expose('tavolaclandestina.templates.product.product')
def share(self, slug=None, product=None, *args, **kw):
product = app_globals.shop.product.get(slug=slug, _id=product)
if product is None:
abort(404, 'Product not found')
return dict(product=product,
buy_form=get_buy_product_form(),
action=plug_url('stroller2', '/product/add_to_cart'),
active=self._product_is_active(product))
class HistoryController(BaseController):
"""History actions controller"""
# The predicate that must be met for all the actions in this controller:
allow_only = not_anonymous(msg=l_('Only for authorized users'))
@expose('workbox.templates.history')
def index(self):
"""Handle the history page."""
return dict(page='history')
@expose()
def get(self):
"""Returns history data."""
entries = None
data = []
if has_permission('manage'):
entries = model.History.get_all_records()
for entry in entries:
box = []
box.append(entry.history_id)
box.append(entry.user.display_name)
if entry.box:
box.append(entry.box.box_id)
else:
box.append(' - ')
box.append(entry.datetime.strftime("%Y-%m-%d %H:%M"))
box.append(entry.info)
data.append(box)
else:
entries = model.History.get_all_user_records(
request.identity['user']._id)
for entry in entries:
box = []
box.append(entry.history_id)
if entry.box:
box.append(entry.box.box_id)
else:
box.append(' - ')
box.append(entry.datetime.strftime("%Y-%m-%d %H:%M"))
box.append(entry.info)
data.append(box)
json_entries = {}
json_entries['data'] = data
return json.dumps(json_entries)
class ControlPanel(TGController):
"""Mock TG2 protected controller using @allow_only directly."""
hr = HRManagementController()
allow_only = not_anonymous()
@expose()
def index(self):
return 'you are in the panel'
@expose()
@require(is_user('admin'))
def add_user(self, user_name):
return "%s was just registered" % user_name
class SecureController(BaseController):
"""Sample controller-wide authorization"""
# The predicate that must be met for all the actions in this controller:
#allow_only = has_permission(
# 'manage',
# msg=l_('Only for people with the "manage" permission')
#)
allow_only = predicates.not_anonymous()
@expose('pythondispatchms.templates.index')
def index(self):
"""Let the user know that's visiting a protected controller."""
#flash(_("Secure Controller here"))
return dict(page='index')
class RootController(TGController):
allow_only = not_anonymous()
@expose('json')
def ajax_update_last_seen_of_a_recipient(self):
result = {
'last_activity_seen': request.identity['user'].last_activity_seen
}
request.identity['user'].last_activity_seen = datetime.utcnow()
return result
@expose()
def see(self, target_link):
request.identity['user'].last_activity_seen = datetime.utcnow()
return redirect(target_link)
class MemoryController(BaseController):
allow_only = predicates.not_anonymous()
provider_type_selector_type = ProviderTypeSelector
@expose('full_stack_app.templates.memory')
def index(self):
memories = DBSession.query(Memory).all()
return dict(page='memory',
memories=memories)
@expose('full_stack_app.templates.adding')
def adding(self):
memory_form = MemoryForm()
return dict(page='adding',
memory_form=memory_form)
@expose()
def new(self, name, content):
user = request.identity['user']
DBSession.add(Memory(name=name, content=content, user=user))
redirect('/memory')
@expose('json')
def post_delete(self, uid, **kw):
memory = DBSession.query(Memory).filter_by(uid=uid).one()
if not memory:
return dict(errors={'memory':'Memory not found'})
DBSession.delete(memory)
redirect('/memory')
@expose('full_stack_app.templates.edit')
def edit(self, uid):
memory = DBSession.query(Memory).filter_by(uid=uid).one()
return dict(page='edit',
memory=memory,
edit_form=EditForm,
value=dict(uid=memory.uid,
name=memory.name,
content=memory.content))
@expose()
def save(self, uid, name, content):#, data):
memory = DBSession.query(Memory).filter_by(uid=uid).one()
memory.name = name
memory.content = content
#memory.data = datetime.utcnow
redirect('/memory')
def _lookup(self, project_name, *remainder):
"""
Project instance lookup.
"""
from tg.predicates import not_anonymous
try:
came_from = request.headers['Referer']
except Exception:
came_from = request.path_url
if not not_anonymous():
flash(l_('Permission is not sufficient for this user.'), 'error')
redirect('/login?came_from=%s' % came_from)
if DBSession.query(Projects).filter(
Projects.name == project_name).first():
class UsersController(BaseController):
"""Subcontrollers for lookup.
MAIN SITE FOR PROJECT INSTANCE.
Parmission allowed only for logged user with added permision named as a project.
"""
# The predicate that must be met for all the actions in this controller:
allow_only = has_permission(
project_name,
msg=l_('Permission is not sufficient for this user.'))
molecules = MoleculesController()
select = SelectController()
synthesis = SynthesisController()
library = LibraryController()
results = ResultsController()
@expose('molgears.templates.users.index')
def index(self):
"""Main site for project."""
userid = request.identity['repoze.who.userid']
projects = DBSession.query(Projects).all()
user = DBSession.query(User).filter_by(
user_name=userid).first()
perms = [p.permission_name for p in list(user.permissions)]
return dict(page='index',
userid=userid,
projects=projects,
perms=perms,
pname=project_name)
users = UsersController()
else:
users = ErrorController()
return users, remainder
class CalendarController(BaseController):
"""
Calendar web tracim page.
"""
@tg.expose('tracim.templates.calendar.iframe_container')
@tg.require(not_anonymous())
def index(self):
user = tmpl_context.identity.get('user')
dictified_current_user = Context(CTX.CURRENT_USER).toDict(user)
fake_api = DictLikeClass(
current_user=dictified_current_user,
)
return DictLikeClass(fake_api=fake_api)
def start(self):
"""
Home page for authorized users.
"""
from tg.predicates import not_anonymous
if not not_anonymous():
flash(l_(u'Permission is not sufficient for this user'), 'error')
redirect('/')
userid = request.identity['repoze.who.userid']
projects = DBSession.query(Projects).order_by('id').all()
user = DBSession.query(User).filter_by(user_name=userid).first()
perms = list(user.permissions)
perms_names = [p.permission_name for p in perms]
user_projects = [project for project in projects if project.name in perms_names]
# flash(l_(u'Alpha version. Please send error reporting to: [email protected]. \t\t :)'), 'warning')
return dict(page='start', projects=user_projects, pname=None)
class CalendarsController(APIBaseController):
@expose('json')
@api_require(predicates.not_anonymous())
def index(self):
# NOTE BS 20161025: I can't use tmpl_context.current_user,
# I d'ont know why
user = tmpl_context.identity.get('user')
calendar_workspaces = CalendarManager\
.get_workspace_readable_calendars_for_user(user)
calendars = Context(CTX.API_CALENDAR_WORKSPACE)\
.toDict(calendar_workspaces)
# Manually add information about user calendar
calendars.append(Context(CTX.API_CALENDAR_USER).toDict(user))
return {'value_list': calendars}
class RootController(BaseController):
admin = AdminController(algobowl.model, DBSession, config_type=AdminConfig)
error = ErrorController()
group = GroupsController()
competition = CompetitionsController()
def _before(self, *args, **kw):
tmpl_context.project_name = "algobowl"
@expose('algobowl.templates.index')
def index(self):
"""Handle the front-page."""
return dict(page='index')
@expose()
def algobowl(self):
"""Redirect for old route to homepage"""
redirect(url('/'))
@expose()
def login(self):
if not tg.request.identity:
who_api = get_api(tg.request.environ)
return who_api.challenge()
redirect(url('/'))
@expose()
@require(predicates.not_anonymous())
def logout(self):
who_api = get_api(tg.request.environ)
headers = who_api.logout()
return HTTPFound(headers=headers)
@expose()
def post_login(self, came_from=lurl('/')):
if tg.request.identity:
user = tg.request.identity['user']
flash("Welcome, {}!".format(user), 'success')
u = tg.request.relative_url(str(came_from), to_application=True)
if not u.startswith(tg.request.application_url):
flash("Dangerous redirect prevented", "warning")
redirect('/')
redirect(u)
else:
flash("Login failure", 'error')
redirect('/')
class ProfileController(BaseController):
# Uncomment this line if your controller requires an authenticated user
allow_only = predicates.not_anonymous()
def _before(self, *args, **kw):
tmpl_context.page_name = "Fortressd"
@expose('fortress.templates.profiles.index')
def index(self):
"""Handle the front-page."""
return dict(page='index')
@expose('fortress.templates.profiles.edit_info')
def edit_info(self):
"""Handle the front-page."""
return dict(page='index')
@expose('fortress.templates.profiles.change_passwd')
def change_passwd(self):
"""Handle the front-page."""
return dict(page='index')
class RelationController(BaseController):
allow_only = predicates.not_anonymous()
def _before(self, *args, **kw):
tmpl_context.project_name = "SpacePlayer"
@expose('webplayer.templates.relation')
def index(self, **kw):
relations = DBSession.query(Relation).all()
sounds = DBSession.query(Sound).all()
#relations_table = []
#relations_table = [[0 for i in range(0, len(sounds))] for j in range(0, len(sounds))]
try:
relations_table = []
relations_table = [[0 for i in range(0, len(sounds))]
for j in range(0, len(sounds))]
for i in relations:
relations_table[i.left_sound_id - 1][i.right_sound_id -
1] = i.weight
except:
pass
return dict(page='relation',
relations=relations,
relations_table=relations_table)
@expose('json')
def gener_new_relation(self):
sounds = DBSession.query(Sound).all()
Relation.generation_new_relation(len(sounds))
redirect('/relation')
@expose('json')
def gener_null_relation(self):
sounds = DBSession.query(Sound).all()
Relation.generation_null_relation(len(sounds))
redirect('/relation')
def _lookup(self, project_name, *remainder):
"""
Project instance lookup.
"""
from tg.predicates import not_anonymous
try:
came_from = request.headers['Referer']
except Exception:
came_from = request.path_url
if not not_anonymous():
flash(l_('Permission is not sufficient for this user.'), 'error')
redirect('/login?came_from=%s' % came_from)
if DBSession.query(Projects).filter(Projects.name==project_name).first():
class UsersController(BaseController):
"""Subcontrollers for lookup.
MAIN SITE FOR PROJECT INSTANCE.
Parmission allowed only for logged user with added permision named as a project.
"""
# The predicate that must be met for all the actions in this controller:
allow_only = has_permission(project_name,
msg=l_('Permission is not sufficient for this user.'))
molecules = MoleculesController()
select = SelectController()
synthesis = SynthesisController()
library = LibraryController()
results = ResultsController()
@expose('molgears.templates.users.index')
def index(self):
"""Main site for project."""
userid = request.identity['repoze.who.userid']
projects = DBSession.query(Projects).all()
user = DBSession.query(User).filter_by(user_name=userid).first()
perms = [p.permission_name for p in list(user.permissions)]
return dict(page='index', userid=userid, projects=projects, perms=perms, pname=project_name)
users = UsersController()
else:
users = ErrorController()
return users, remainder
class ProfileController(BaseController):
def __init__(self, *args, **kwargs):
pass
@require(predicates.not_anonymous())
@expose('rocket.templates.generic')
def index(self, *args, **kwargs):
html = self.get_active_profile_html(*args, **kwargs)
javascript = self.get_javascript_profile_onload()
title = _("My Profile")
return dict(title=title, html=html, javascript=javascript)
@expose()
def get_active_profile_html(self, *args, **kwargs):
html = f"""
<div class="row">
<div class="col-md-12">
<div class="card">
<div class="card-header">
<div class="row d-flex">
<div class="col-md-6">
<h4 class="card-title">{_('My Profile')}</h4>
</div>
</div>
<hr>
</div>
<div class="card-body">
</div>
</div>
</div>
"""
return html
@expose()
def get_javascript_profile_onload(self, *args, **kwargs):
javascript = """
"""
return javascript
def _check_security(self):
predicate = getattr(self, 'allow_only', None)
if predicate is None:
return True
try:
predicate.check_authorization(request.environ)
except NotAuthorizedError, e:
reason = unicode(e)
if hasattr(self, '_failed_authorization'):
# Should shortcircuit the rest, but if not we will still
# deny authorization
self._failed_authorization(reason)
if not_anonymous().is_met(request.environ):
# The user is authenticated but not allowed.
code = 403
status = 'error'
else:
# The user has not been not authenticated.
code = 401
status = 'warning'
pylons.response.status = code
flash(reason, status=status)
abort(code, comment=reason)
def _check_security(self):
predicate = getattr(self, 'allow_only', None)
if predicate is None:
return True
try:
predicate.check_authorization(request.environ)
except NotAuthorizedError, e:
reason = unicode(e)
if hasattr(self, '_failed_authorization'):
# Should shortcircuit the rest, but if not we will still
# deny authorization
self._failed_authorization(reason)
if not_anonymous().is_met(request.environ):
# The user is authenticated but not allowed.
code = 403
status = 'error'
else:
# The user has not been not authenticated.
code = 401
status = 'warning'
pylons.response.status = code
flash(reason, status=status)
abort(code, comment=reason)
class WikiPageController(BaseController):
def __init__(self, page, new=False):
self.page = page
self.new = new
@expose('acmwebsite.templates.wikiview')
def index(self):
"""View the page"""
return dict(page='wiki', wikipage=self.page, new=self.new)
@expose('acmwebsite.templates.wikiedit')
@require(predicates.not_anonymous())
def edit(self, title=None, content=None, comment=None):
user = request.identity.get('user')
if (self.page.
edit_permission # pages without permissions set may be edited by anyone
and self.page.edit_permission not in user.permissions):
abort(403, "You do not have permission to edit this page.")
if title or content or comment:
self.page = WikiPage(slug=self.page.slug,
title=title,
content=content,
comment=comment,
author=user)
DBSession.add(self.page)
flash(
"Your changes have been saved. Thank you for your attention to detail."
)
redirect(request.url.replace('/edit', ''))
return dict(page='wiki', wikipage=self.page, new=self.new)
@expose('acmwebsite.templates.wikihistory')
def history(self):
revisions = (DBSession.query(WikiPage).filter(
WikiPage.slug == self.page.slug).order_by(
WikiPage.revision.desc()).all())
return dict(page='wiki', revisions=revisions)
class PlayerController(BaseController):
allow_only = predicates.not_anonymous()
def _before(self, *args, **kw):
tmpl_context.project_name = "SpacePlayer"
@expose('webplayer.templates.player')
def index(self, id=2, previous_id=1):
try:
sound = DBSession.query(Sound).get(id)
sound_url = '/music/' + str(sound.sound_id) + '.mp3'
except:
redirect('/sound')
return dict(page='player',
sound=sound,
sound_url=sound_url,
previous_id=previous_id)
@expose()
def next_button(self, current_time_next, current_id, previous_id):
next_sound = current_id
try:
if int(current_time_next) < 38:
Relation.reduce_own_value(current_id)
Relation.reduce_relation(previous_id, current_id)
next_sound = Relation.get_next_sound(previous_id)
elif int(current_time_next) >= 38 and int(current_time_next) < 61:
next_sound = Relation.get_next_sound(current_id)
previous_id = current_id
elif int(current_time_next) >= 61:
Relation.increase_own_value(current_id)
Relation.increase_relation(previous_id, current_id)
next_sound = Relation.get_next_sound(current_id)
previous_id = current_id
except:
pass
redirect('/player', dict(id=next_sound, previous_id=previous_id))
@expose()
def previous_button(self, current_time_pre, current_id, previous_id):
next_sound = current_id
try:
if int(current_time_pre) < 38:
Relation.reduce_own_value(current_id)
Relation.reduce_relation(current_id, previous_id)
next_sound = Relation.get_previous_sound(previous_id)
elif int(current_time_pre) >= 38 and int(current_time_pre) < 61:
next_sound = Relation.get_previous_sound(current_id)
previous_id = current_id
elif int(current_time_pre) >= 61:
Relation.increase_own_value(current_id)
Relation.increase_relation(current_id, previous_id)
next_sound = Relation.get_previous_sound(current_id)
previous_id = current_id
except:
pass
redirect('/player', dict(id=next_sound, previous_id=previous_id))
@expose()
def stop_button(self, current_time_stop, current_id, previous_id):
try:
if int(current_time_stop) > 61:
Relation.increase_own_value(current_id)
except:
pass
redirect('/player', dict(id=current_id, previous_id=previous_id))
count = kwargs['count']
for license in licenses:
flash(license)
redirect('/admin_panel')
#Manage controllers
#_________________________________________
#Create license
@expose()
@require(predicates.not_anonymous(msg='Must be logged in.'))
def create_license(self, **data):
user_name = request.identity['repoze.who.userid']
user_id = DBSession.query(model.User.user_id).filter(model.User.user_name==user_name).first().user_id
#Make sure that the computer_id belongs to user who is loggned in and that it has assignments
if DBSession.query(model.Computer).filter(model.Computer.id==data['id'], model.Computer.user_id==user_id).count() < 1 or DBSession.query(model.Assignment).filter(model.Assignment.computer_id==data['id'], model.Assignment.user_id==user_id).count() < 1:
flash(('This incident has been reported'), 'error')
redirect('/manage')
assignments = DBSession.query(model.Assignment.id).join(model.Computer).filter(model.Computer.id==data['id']).all()
grouped_assignments = DBSession.query(func.sum(model.Assignment.count).label('count_sum'), model.Assignment, model.Computer, model.License).join(model.Computer).join(model.License).filter(model.Computer.id==data['id']).group_by(model.License.id).all()
plain_license = LicenseFormat()
def test_authenticated_user(self):
environ = make_environ('gustavo')
p = predicates.not_anonymous()
self.eval_met_predicate(p, environ)
def test_anonymous_user(self):
environ = {}
p = predicates.not_anonymous()
self.eval_unmet_predicate(p, environ,
'The current user must have been authenticated')
