def multi_merch_pickup(self, session, message="", csrf_token=None, picker_upper=None, badges=(), **shirt_sizes): picked_up = [] if csrf_token: check_csrf(csrf_token) try: picker_upper = session.query(Attendee).filter_by(badge_num=int(picker_upper)).one() except Exception: message = 'Please enter a valid badge number for the person picking up the merch: ' \ '{} is not in the system'.format(picker_upper) else: for badge_num in set(badges): if badge_num: try: attendee = session.query(Attendee).filter_by(badge_num=int(badge_num)).one() except Exception: picked_up.append('{!r} is not a valid badge number'.format(badge_num)) else: if attendee.got_merch: picked_up.append( '{a.full_name} (badge {a.badge_num}) already got their merch'.format(a=attendee)) else: attendee.got_merch = True shirt_key = 'shirt_{}'.format(attendee.badge_num) if shirt_key in shirt_sizes: attendee.shirt = int(listify(shirt_sizes.get(shirt_key, c.SIZE_UNKNOWN))[0]) picked_up.append('{a.full_name} (badge {a.badge_num}): {a.merch}'.format(a=attendee)) session.add(MerchPickup(picked_up_by=picker_upper, picked_up_for=attendee)) session.commit() return { 'message': message, 'picked_up': picked_up, 'picker_upper': picker_upper }
def multi_merch_pickup(self, session, message="", csrf_token=None, picker_upper=None, badges=(), **shirt_sizes): picked_up = [] if csrf_token: check_csrf(csrf_token) try: picker_upper = session.query(Attendee).filter_by(badge_num=int(picker_upper)).one() except Exception: message = 'Please enter a valid badge number for the person picking up the merch: ' \ '{} is not in the system'.format(picker_upper) else: for badge_num in set(badges): if badge_num: try: attendee = session.query(Attendee).filter_by(badge_num=int(badge_num)).one() except Exception: picked_up.append('{!r} is not a valid badge number'.format(badge_num)) else: if attendee.got_merch: picked_up.append( '{a.full_name} (badge {a.badge_num}) already got their merch'.format(a=attendee)) else: attendee.got_merch = True shirt_key = 'shirt_{}'.format(attendee.badge_num) if shirt_key in shirt_sizes: attendee.shirt = int(listify(shirt_sizes.get(shirt_key, c.SIZE_UNKNOWN))[0]) picked_up.append('{a.full_name} (badge {a.badge_num}): {a.merch}'.format(a=attendee)) session.add(MerchPickup(picked_up_by=picker_upper, picked_up_for=attendee)) session.commit() return { 'message': message, 'picked_up': picked_up, 'picker_upper': picker_upper }
def allotments(self, session, department_id=None, submitted=None, csrf_token=None, **params): if not department_id: raise HTTPRedirect('../dept_checklist/index') attendee = session.admin_attendee() department = session.query(Department).options( subqueryload(Department.dept_checklist_items)).get(department_id) if submitted: slug = 'allotments' item = department.checklist_item_for_slug(slug) if not item: item = DeptChecklistItem(attendee=attendee, department=department, slug=slug) # since this form doesn't use our normal utility methods, we need to do this manually check_csrf(csrf_token) item.comments = render('dept_checklist/allotments.txt', params).decode('utf-8') session.add(item) raise HTTPRedirect( '../dept_checklist/index?department_id={}&message={}', department_id, 'Treasury checklist data uploaded') return {'department': department}
def update_password_of_other( self, session, id, message='', updater_password=None, new_password=None, csrf_token=None, confirm_new_password=None): if updater_password is not None: new_password = new_password.strip() updater_account = session.admin_account(cherrypy.session['account_id']) if not new_password: message = 'New password is required' elif not valid_password(updater_password, updater_account): message = 'Your password is incorrect' elif new_password != confirm_new_password: message = 'Passwords do not match' else: check_csrf(csrf_token) account = session.admin_account(id) account.hashed = bcrypt.hashpw(new_password, bcrypt.gensalt()) raise HTTPRedirect('index?message={}', 'Account Password Updated') return { 'account': session.admin_account(id), 'message': message }
def returns_json(*args, **kwargs): cherrypy.response.headers['Content-Type'] = 'application/json' assert cherrypy.request.method == 'POST', 'POST required, got {}'.format( cherrypy.request.method) check_csrf(kwargs.pop('csrf_token', None)) return json.dumps(func(*args, **kwargs), cls=serializer).encode('utf-8')
def delete_team(self, session, id, duplicate_of=None, csrf_token=None, message=''): team = session.mits_team(id) if cherrypy.request.method == 'POST': check_csrf(csrf_token) team.deleted = True team.duplicate_of = duplicate_of or None raise HTTPRedirect('index?message={}{}{}', team.name, ' marked as deleted', ' and as a duplicate' if duplicate_of else '') other = [t for t in session.mits_teams() if t.id != id] return { 'team': team, 'message': message, 'match_count': len([t for t in other if t.name == team.name]), 'other_teams': sorted(other, key=lambda t: (t.name != team.name, t.name)) }
def _submit_checklist_item(session, department_id, submitted, csrf_token, slug, custom_message=''): if not department_id: raise HTTPRedirect('../dept_checklist/index') attendee = session.admin_attendee() department = session.query(Department).options( subqueryload(Department.dept_checklist_items)).get(department_id) if submitted: item = department.checklist_item_for_slug(slug) if not item: item = DeptChecklistItem(attendee=attendee, department=department, slug=slug) # since this form doesn't use our normal utility methods, we need to do this manually check_csrf(csrf_token) session.add(item) raise HTTPRedirect( '../dept_checklist/index?department_id={}&message={}', department_id, custom_message or 'Thanks for completing the {} form!'.format( slug.replace('_', ' '))) return {'department': department}
def tech_requirements(self, session, department_id=None, submitted=None, csrf_token=None): if not department_id: raise HTTPRedirect('../dept_checklist/index') attendee = session.admin_attendee() department = session.query(Department).options( subqueryload(Department.dept_checklist_items)).get(department_id) if submitted: slug = 'tech_requirements' item = department.checklist_item_for_slug(slug) if not item: item = DeptChecklistItem(attendee=attendee, department=department, slug=slug) # since this form doesn't use our normal utility methods, we need to do this manually check_csrf(csrf_token) session.add(item) raise HTTPRedirect( '../dept_checklist/index?department_id={}&message={}', department_id, 'Thanks for completing the tech requirements form!') return {'department': department}
def form(self, session, slug, department_id, csrf_token=None, comments=None): attendee = session.admin_attendee() department = session.query(Department).options( subqueryload(Department.dept_checklist_items)).get(department_id) conf = DeptChecklistConf.instances[slug] item = department.checklist_item_for_slug(slug) if not item: item = DeptChecklistItem(attendee=attendee, department=department, slug=slug) if comments is not None: # since this form doesn't use our normal utility methods, we need to check the csrf_token manually check_csrf(csrf_token) item.comments = comments message = check(item) if not message: session.add(item) message = conf.name + ' checklist data uploaded' raise HTTPRedirect('index?department_id={}&message={}', department_id, message) return {'item': item, 'conf': conf, 'department': department}
def change_password(self, session, message='', old_password=None, new_password=None, csrf_token=None, confirm_new_password=None): if not cherrypy.session.get('account_id'): raise HTTPRedirect('login?message={}', 'You are not logged in') if old_password is not None: new_password = new_password.strip() account = session.admin_account(cherrypy.session.get('account_id')) if not new_password: message = 'New password is required' elif not valid_password(old_password, account): message = 'Incorrect old password; please try again' elif new_password != confirm_new_password: message = 'Passwords do not match' else: check_csrf(csrf_token) account.hashed = bcrypt.hashpw(new_password, bcrypt.gensalt()) raise HTTPRedirect('homepage?message={}', 'Your password has been updated') return {'message': message}
def change_password( self, session, message='', old_password=None, new_password=None, csrf_token=None, confirm_new_password=None): if not cherrypy.session.get('account_id'): raise HTTPRedirect('login?message={}', 'You are not logged in') if old_password is not None: new_password = new_password.strip() account = session.admin_account(cherrypy.session['account_id']) if not new_password: message = 'New password is required' elif not valid_password(old_password, account): message = 'Incorrect old password; please try again' elif new_password != confirm_new_password: message = 'Passwords do not match' else: check_csrf(csrf_token) account.hashed = bcrypt.hashpw(new_password, bcrypt.gensalt()) raise HTTPRedirect('homepage?message={}', 'Your password has been updated') return {'message': message}
def form(self, session, slug, department_id, csrf_token=None, comments=None): attendee = session.admin_attendee() department = session.query(Department).options( subqueryload(Department.dept_checklist_items)).get(department_id) conf = DeptChecklistConf.instances[slug] item = department.checklist_item_for_slug(slug) if not item: item = DeptChecklistItem( attendee=attendee, department=department, slug=slug) if comments is not None: # since this form doesn't use our normal utility methods, we need to check the csrf_token manually check_csrf(csrf_token) item.comments = comments message = check(item) if not message: session.add(item) message = conf.name + ' checklist data uploaded' raise HTTPRedirect( 'index?department_id={}&message={}', department_id, message) return { 'item': item, 'conf': conf, 'department': department }
def update_password_of_other(self, session, id, message='', updater_password=None, new_password=None, csrf_token=None, confirm_new_password=None): if updater_password is not None: new_password = new_password.strip() updater_account = session.admin_account( cherrypy.session.get('account_id')) if not new_password: message = 'New password is required' elif not valid_password(updater_password, updater_account): message = 'Your password is incorrect' elif new_password != confirm_new_password: message = 'Passwords do not match' else: check_csrf(csrf_token) account = session.admin_account(id) account.hashed = bcrypt.hashpw(new_password, bcrypt.gensalt()) raise HTTPRedirect('index?message={}', 'Account Password Updated') return {'account': session.admin_account(id), 'message': message}
def set_status(self, session, id, status=None, confirmed=False, csrf_token=None, return_to='index', message=''): team = session.mits_team(id) matching = [ t for t in session.mits_teams() if t.name == team.name and t.id != team.id ] if confirmed or (status and not matching and team.status == c.PENDING and team.completion_percentage == 100): check_csrf(csrf_token) team.status = int(status) separator = '&' if '?' in return_to else '?' raise HTTPRedirect(return_to + separator + 'message={}{}{}', team.name, ' marked as ', team.status_label) return { 'team': team, 'message': message, 'matching': matching, 'return_to': return_to }
def volunteer_agreement(self, session, message='', agreed_to_terms=None, agreed_to_terms_1=None, agreed_to_terms_2=None, csrf_token=None): attendee = session.logged_in_volunteer() if csrf_token is not None: check_csrf(csrf_token) if agreed_to_terms or (agreed_to_terms_1 and agreed_to_terms_2): attendee.agreed_to_volunteer_agreement = True raise HTTPRedirect('index?message={}', 'Agreement received') elif agreed_to_terms_1 or agreed_to_terms_2: message = "You must agree to both the terms of the agreement and the volunteering policies and guidelines" else: message = "You must agree to the terms of the agreement" return { 'message': message, 'attendee': attendee, 'agreed_to_terms_1': agreed_to_terms_1, 'agreed_to_terms_2': agreed_to_terms_2, 'agreement_end_date': c.ESCHATON.date() + timedelta(days=31), }
def shirt_size(self, session, message='', shirt=None, staff_shirt=None, num_event_shirts=None, csrf_token=None): attendee = session.logged_in_volunteer() if shirt is not None or staff_shirt is not None: check_csrf(csrf_token) if (shirt and not int(shirt)) or (attendee.gets_staff_shirt and c.STAFF_SHIRT_OPTS != c.SHIRT_OPTS and not int(staff_shirt)): message = 'You must select a shirt size' else: if shirt: attendee.shirt = int(shirt) if staff_shirt: attendee.staff_shirt = int(staff_shirt) if c.STAFF_EVENT_SHIRT_OPTS and c.BEFORE_VOLUNTEER_SHIRT_DEADLINE and num_event_shirts: attendee.num_event_shirts = int(num_event_shirts) raise HTTPRedirect('index?message={}', 'Shirt info uploaded') return { 'message': message, 'attendee': attendee, 'opts': [('', 'Enter your shirt size')] + c.SHIRT_OPTS[1:] }
def auth_by_session(required_access): try: check_csrf() except CSRFException: return (403, 'Your CSRF token is invalid. Please go back and try again.') admin_account_id = cherrypy.session.get('account_id', None) if not admin_account_id: return (403, 'Missing admin account in session') with Session() as session: admin_account = session.query(AdminAccount).filter_by(id=admin_account_id).first() if not admin_account: return (403, 'Invalid admin account in session') if not required_access.issubset(set(admin_account.access_ints)): return (403, 'Insufficient access for admin account') return None
def volunteer_agreement(self, session, message='', agreed_to_terms=None, csrf_token=None): attendee = session.logged_in_volunteer() if csrf_token is not None: check_csrf(csrf_token) if agreed_to_terms: attendee.agreed_to_volunteer_agreement = True raise HTTPRedirect('index?message={}', 'Agreement received') message = "You must agree to the terms of the agreement" return { 'message': message, 'attendee': attendee, 'agreement_end_date': c.ESCHATON.date() + timedelta(days=31), }
def auth_by_session(required_access): try: check_csrf() except CSRFException: return (403, 'Your CSRF token is invalid. Please go back and try again.') admin_account_id = cherrypy.session.get('account_id', None) if not admin_account_id: return (403, 'Missing admin account in session') with Session() as session: admin_account = session.query(AdminAccount).filter_by(id=admin_account_id).first() if not admin_account: return (403, 'Invalid admin account in session') if not required_access.issubset(set(admin_account.access_ints)): return (403, 'Insufficient access for admin account') return None
def volunteer(self, session, id, csrf_token=None, requested_depts_ids=None, message=''): attendee = session.attendee(id) if requested_depts_ids: check_csrf(csrf_token) attendee.staffing = True attendee.requested_depts_ids = requested_depts_ids raise HTTPRedirect( 'login?message={}', "Thanks for signing up as a volunteer; you'll be emailed as " "soon as you are assigned to one or more departments.") return { 'message': message, 'attendee': attendee, 'requested_depts_ids': requested_depts_ids }
def credits(self, session, message='', name_in_credits='', csrf_token=None): attendee = session.logged_in_volunteer() if csrf_token is not None: check_csrf(csrf_token) attendee.name_in_credits = name_in_credits message = "Thank you for providing a name for the credits roll!" if name_in_credits \ else "You have opted out of having your name in the credits roll." raise HTTPRedirect('index?message={}', message) return { 'message': message, 'attendee': attendee, }
def shirt_size(self, session, message='', shirt=None, second_shirt=None, csrf_token=None): attendee = session.logged_in_volunteer() if shirt is not None: check_csrf(csrf_token) if not shirt: message = 'You must select a shirt size' else: attendee.shirt = int(shirt) if attendee.gets_staff_shirt and c.SHIRTS_PER_STAFFER > 1 and c.BEFORE_SHIRT_DEADLINE: attendee.second_shirt = int(second_shirt) raise HTTPRedirect('index?message={}', 'Shirt info uploaded') return { 'message': message, 'attendee': attendee, 'opts': [('', 'Enter your shirt size')] + c.SHIRT_OPTS[1:] }
def _submit_checklist_item(session, department_id, submitted, csrf_token, slug): if not department_id: raise HTTPRedirect('../dept_checklist/index') attendee = session.admin_attendee() department = session.query(Department).options( subqueryload(Department.dept_checklist_items)).get(department_id) if submitted: item = department.checklist_item_for_slug(slug) if not item: item = DeptChecklistItem(attendee=attendee, department=department, slug=slug) # since this form doesn't use our normal utility methods, we need to do this manually check_csrf(csrf_token) session.add(item) raise HTTPRedirect( '../dept_checklist/index?department_id={}&message={}', department_id, 'Thanks for completing the {} form!'.format(slug.replace('_', ' '))) return {'department': department}
def emergency_procedures(self, session, message='', reviewed_procedures=None, csrf_token=None): attendee = session.logged_in_volunteer() if csrf_token is not None: check_csrf(csrf_token) if reviewed_procedures: attendee.reviewed_emergency_procedures = True raise HTTPRedirect( 'index?message={}', 'Thanks for reviewing our emergency procedures!') message = "You must acknowledge that you reviewed our emerency procedures" return { 'message': message, 'attendee': attendee, 'agreement_end_date': c.ESCHATON.date() + timedelta(days=31), }
def tech_requirements(self, session, department_id=None, submitted=None, csrf_token=None): if not department_id: raise HTTPRedirect('../dept_checklist/index') attendee = session.admin_attendee() department = session.query(Department).options( subqueryload(Department.dept_checklist_items)).get(department_id) if submitted: slug = 'tech_requirements' item = department.checklist_item_for_slug(slug) if not item: item = DeptChecklistItem(attendee=attendee, department=department, slug=slug) # since this form doesn't use our normal utility methods, we need to do this manually check_csrf(csrf_token) session.add(item) raise HTTPRedirect( '../dept_checklist/index?department_id={}&message={}', department_id, 'Thanks for completing the tech requirements form!') return {'department': department}
def allotments(self, session, department_id=None, submitted=None, csrf_token=None, **params): if not department_id: raise HTTPRedirect('../dept_checklist/index') attendee = session.admin_attendee() department = session.query(Department).options( subqueryload(Department.dept_checklist_items)).get(department_id) if submitted: slug = 'allotments' item = department.checklist_item_for_slug(slug) if not item: item = DeptChecklistItem(attendee=attendee, department=department, slug=slug) # since this form doesn't use our normal utility methods, we need to do this manually check_csrf(csrf_token) item.comments = render('dept_checklist/allotments.txt', params).decode('utf-8') session.add(item) raise HTTPRedirect( '../dept_checklist/index?department_id={}&message={}', department_id, 'Treasury checklist data uploaded') return {'department': department}
def protected(*args, csrf_token, **kwargs): check_csrf(csrf_token) return func(*args, **kwargs)
def confirm(self, session, csrf_token=None, decision=None): studio = session.logged_in_studio() if not studio.comped_badges: raise HTTPRedirect('index?message={}', 'You did not have any games accepted') elif studio.group: raise HTTPRedirect('index?message={}', 'Your group has already been created') elif studio.after_confirm_deadline and not c.HAS_INDIE_ADMIN_ACCESS: raise HTTPRedirect('index?message={}', 'The deadline for confirming your acceptance has passed.') has_leader = False badges_remaining = studio.comped_badges developers = sorted(studio.developers, key=lambda d: (not d.primary_contact, d.full_name)) for dev in developers: if not dev.matching_attendee and badges_remaining: dev.comped = True badges_remaining -= 1 else: dev.comped = False if not has_leader and not getattr(dev.matching_attendee, 'group_id', None): dev.leader = has_leader = True else: dev.leader = False if cherrypy.request.method == 'POST': check_csrf(csrf_token) assert decision in ['Accept', 'Decline'] if decision == 'Decline': for game in studio.games: if game.status == c.ACCEPTED: game.status = c.STUDIO_DECLINED raise HTTPRedirect('index?message={}', 'You have been marked as declining space in the showcase') else: group = studio.group = Group(name='MIVS Studio: ' + studio.name, can_add=True) session.add(group) session.commit() for dev in developers: if dev.matching_attendee: if not dev.matching_attendee.group_id: group.attendees.append(dev.matching_attendee) if dev.leader: group.leader_id = dev.matching_attendee.id else: attendee = Attendee( placeholder=True, badge_type=c.ATTENDEE_BADGE, paid=c.NEED_NOT_PAY if dev.comped else c.PAID_BY_GROUP, first_name=dev.first_name, last_name=dev.last_name, cellphone=dev.cellphone, email=dev.email ) group.attendees.append(attendee) session.commit() if dev.leader: group.leader_id = attendee.id for i in range(badges_remaining): group.attendees.append(Attendee(badge_type=c.ATTENDEE_BADGE, paid=c.NEED_NOT_PAY)) group.cost = group.default_cost group.guest = GuestGroup() group.guest.group_type = c.MIVS raise HTTPRedirect('index?message={}', 'Your studio has been registered') return { 'studio': studio, 'developers': developers }
def confirm(self, session, csrf_token=None, decision=None): studio = session.logged_in_studio() if not studio.comped_badges: raise HTTPRedirect('index?message={}', 'You did not have any games accepted') elif studio.group: raise HTTPRedirect('index?message={}', 'Your group has already been created') elif studio.after_confirm_deadline and not c.HAS_MIVS_ADMIN_ACCESS: raise HTTPRedirect('index?message={}', 'The deadline for confirming your acceptance has passed.') has_leader = False badges_remaining = studio.comped_badges developers = sorted(studio.developers, key=lambda d: (not d.primary_contact, d.full_name)) for dev in developers: if not dev.matching_attendee and badges_remaining: dev.comped = True badges_remaining -= 1 else: dev.comped = False if not has_leader and not getattr(dev.matching_attendee, 'group_id', None): dev.leader = has_leader = True else: dev.leader = False if cherrypy.request.method == 'POST': check_csrf(csrf_token) assert decision in ['Accept', 'Decline'] if decision == 'Decline': for game in studio.games: if game.status == c.ACCEPTED: game.status = c.CANCELLED raise HTTPRedirect('index?message={}', 'You have been marked as declining space in the showcase') else: group = studio.group = Group(name='MIVS Studio: ' + studio.name, can_add=True) session.add(group) session.commit() for dev in developers: if dev.matching_attendee: if not dev.matching_attendee.group_id: group.attendees.append(dev.matching_attendee) if dev.leader: group.leader_id = dev.matching_attendee.id else: attendee = Attendee( placeholder=True, badge_type=c.ATTENDEE_BADGE, paid=c.NEED_NOT_PAY if dev.comped else c.PAID_BY_GROUP, first_name=dev.first_name, last_name=dev.last_name, cellphone=dev.cellphone, email=dev.email ) group.attendees.append(attendee) session.commit() if dev.leader: group.leader_id = attendee.id for i in range(badges_remaining): group.attendees.append(Attendee(badge_type=c.ATTENDEE_BADGE, paid=c.NEED_NOT_PAY)) group.cost = group.default_cost group.guest = GuestGroup() group.guest.group_type = c.MIVS raise HTTPRedirect('index?message={}', 'Your studio has been registered') return { 'studio': studio, 'developers': developers }
def returns_json(*args, **kwargs): cherrypy.response.headers['Content-Type'] = 'application/json' assert cherrypy.request.method == 'POST', 'POST required, got {}'.format(cherrypy.request.method) check_csrf(kwargs.pop('csrf_token', None)) return json.dumps(func(*args, **kwargs), cls=serializer).encode('utf-8')
def protected(*args, csrf_token, **kwargs): check_csrf(csrf_token) return func(*args, **kwargs)