def user_delete(user_id, hard_delete=False): """delete a user. A soft delete only sets the is_active to false a hard_delete signal deletes the user and reassigns all the pages and files to the current ADMIN """ edit_url = url_for('user_edit', user_id=user_id) user = get_object_or_404(User, user_id) if user.id != session.get('user_id'): if hard_delete: # reassign all pages to admin who is deleting pages = Page.select().where(Page.author == user.id) for page in pages: page.author = session.get('user_id') page.save() user.delete_instance() flash("User fully deleted", category="primary") else: user.is_active = False user.save() flash("User deactivated, but still present in database", category="primary") else: flash("CANNOT DELETE/DEACTIVATE an actively logged in account.", category="danger") # redirect to caller or index page if we deleted on an edit view if request.referrer == None or edit_url in request.referrer: return redirect(url_for('index')) else: return redirect(request.referrer)
def POST(self, id=None): form = UserForm() user = None if id is not None: user = get_object_or_404(User, id=id) if not form.validates(): return render.edit_user(form, user, "") for u in User.all(): if form.d.email == u.email: return render.edit_user(form, user, 'NotUniqueEmail') if user is None: user = User.new() user.balance = 0 user.firstname = form.d.firstname user.lastname = form.d.lastname user.email = form.d.email user.active = form.d.active user.rfid = form.d.rfid user.save() raise web.seeother('/users/{}'.format(user.id))
def page_edit(page_id=None): """view edits/creates a page (if called with no page.id)""" if page_id == None: try: page = Page(author=g.user_id, content="") except: flash("Problems creating a new page", category="danger") return redirect(url_for('index')) else: page = get_object_or_404(Page, page_id) if request.method == 'POST': title = request.form.get('title', '') slug = request.form.get('slug', '') author = g.user_id content = request.form.get('content', '') is_published = request.form.get('is_published') == 'on' show_sidebar = request.form.get('show_sidebar') == 'on' show_title = request.form.get('show_title') == 'on' show_nav = request.form.get('show_nav') == 'on' if len(title) > 0 and len(content) > 0: page.title = title page.slug = slugify(slug) page.content = content page.is_published = is_published page.show_sidebar = show_sidebar page.show_nav = show_nav page.show_title = show_title page.save() flash("Page saved.", category="success") return redirect(url_for('index')) else: flash("Please fill in BOTH title and content.", category="danger") return render_template('page_edit.html', page=page)
def page_view(page_id): page = get_object_or_404(Page, page_id) if page.is_published: return render_template('page_view.html', page=page) flash( 'That page id is not published, check back later.', category="warning") return redirect(url_for('index'))
def user_edit(user_id=None): """ADMIN-ONLY view to edit a user or create a user if no user_id supplied""" if user_id is None: user = User() else: user = get_object_or_404(User, user_id) if request.method == 'POST': username = request.form.get('username') displayname = request.form.get('displayname') email = request.form.get('email') password = request.form.get('password') is_active = request.form.get('is_active') == 'on' is_admin = request.form.get('is_admin') == 'on' if len(username) > 0 and len(password) > 0: user.username = username user.displayname = displayname if user.password != password: user.password = password user.password_hash() user.is_active = is_active user.is_admin = is_admin user.save() flash("User information changed", category="success") return redirect(url_for('admin_users')) else: flash('Username and password must be filled in', category="danger") return render_template('user.html', user=user)
def GET(self, id=None): #if id is None, email every active user with his balance if id is not None: users = [get_object_or_404(User, id=id)] else: users = User.filter(active=True) default_tpl = settings.MAIL_DEFAULT_TEMPLATE try: f = open(settings.MAIL_FILE_TEMPLATE, 'rb') tpl = pickle.load(f) f.close() except (IOError, pickle.PickleError): tpl = default_tpl userside = web.input(u=0).u != 0 # used to check if the mail is coming from a QR scan for u in users: utpl = default_tpl if u.balance < 0 and not userside: utpl = tpl body = utpl.format(apayer = float2str(-u.balance if u.balance <0 else 0), solde = float2str(u.balance), prenom = u.firstname, nom = u.lastname) web.sendmail(settings.MAIL_ADDRESS, u.email, 'Your INGI cafetaria balance', body) if userside: return render_no_layout.consume('BALANCE', u) raise web.seeother('/')
def POST(self, id=None): form = UserForm() user = None if id is not None: user = get_object_or_404(User, id=id) if not form.validates(): return render.edit_user(form, user,"") if user is None: user = User.new() user.balance = 0 else: # check only if email changed if user.email != form.d.email: u= None try: u = User.get(email=form.d.email) except Entry.DoesNotExist: pass if u is not None: return render.edit_user(form, user, 'NotUniqueEmail') user.firstname = form.d.firstname user.lastname = form.d.lastname user.email = form.d.email user.active = form.d.active user.rfid = form.d.rfid user.save() raise web.seeother('/users/{}'.format(user.id))
def GET(self, id=None): #if id is None, email every active user with his balance if id is not None: users = [get_object_or_404(User, id=id)] else: users = User.filter(active=True) default_tpl = settings.MAIL_DEFAULT_TEMPLATE try: f = open(settings.MAIL_FILE_TEMPLATE, 'rb') tpl = pickle.load(f) f.close() except (IOError, pickle.PickleError): tpl = default_tpl userside = web.input( u=0).u != 0 # used to check if the mail is coming from a QR scan for u in users: utpl = default_tpl if u.balance < 0 and not userside: utpl = tpl body = utpl.format( apayer=float2str(-u.balance if u.balance < 0 else 0), solde=float2str(u.balance), prenom=u.firstname, nom=u.lastname) web.sendmail(settings.MAIL_ADDRESS, u.email, 'Your INGI cafetaria balance', body) if userside: return render_no_layout.consume('BALANCE', u) raise web.seeother('/')
def user_profile(user_id=None): s = request.args.get('s') if s: return redirect(url_for('search', s=s)) if user_id is None: user_id = session['user_id'] user = get_object_or_404(models.User, user_id) return render_template('cms/default/profile.html', user=user)
def profile_species(species_id): """Show a listing of observations of a particular species by the user""" species = get_object_or_404(models.Species, species_id) obs = models.Observation.select().where( models.Observation.user == g.user._get_current_object(), models.Observation.species == species_id) # todo decorate this with species info from SnapShot Serengeti return render_template('observe_species.html', obs=obs, species=species)
def talk_delete(item_id): talk = get_object_or_404(models.Talk, item_id) if talk.user == g.user._get_current_object() or g.user.is_admin: image_id = talk.image.id talk.delete_instance() return redirect(url_for('observe', image_id=image_id)) app.logger.warning('failed delete of talk item user={} talk={}'.format( g.user, item_id)) abort(403) # the user is not allowed to delete this talk item
def observe_delete(item_id): observation = get_object_or_404(models.Observation, item_id) if observation.user == g.user._get_current_object() or g.user.is_admin: image_id = observation.image.id observation.delete_instance() return redirect(url_for('observe', image_id=image_id)) app.logger.warning( 'failed delete of observation user={}, observation={}'.format( g.user, item_id)) abort(403) # the user is not allowed to delete this observation
def page_view(page_id): """page view by page.id""" s = request.args.get('s') if s: return redirect(url_for('search', s=s)) page = get_object_or_404(Page, page_id) if page.is_published: return render_template('page_view.html', page=page) flash('That page id is not published, check back later.', category="warning") return redirect(url_for('index'))
def POST(self, rfid): form = UserSelectForm(User.all())() if form.validates(): user_id = form.d.user user = get_object_or_404(User, id=user_id) user.rfid = rfid user.save() raise web.seeother('/') return render.user_rfid(form, rfid)
def POST(self, id): user = get_object_or_404(User, id=id) form = CreditForm() if not form.validates(): return render.credit(user, form) Operation.new(user_id=id, amount=form.d.amount, date=datetime.datetime.now()).save() user.balance += float(form.d.amount) user.save() raise web.seeother('/')
def POST(self, rfid): form = UserSelectForm(User.all(order_by='firstname'))() if form.validates(): user_id = form.d.user user = get_object_or_404(User, id=user_id) user.rfid = rfid user.save() raise web.seeother('/') return render.user_rfid(form, rfid)
def GET(self, id=None): form = UserForm() user = None rfid = web.input(rfid=None).rfid if id is not None: user = get_object_or_404(User, id=id) form.fill(firstname=user.firstname, lastname=user.lastname, email=user.email, rfid=user.rfid, active=user.active) elif rfid: form.fill(rfid=rfid) return render.edit_user(form, user)
def page_edit(page_id=None): errors = {"title_category": "", "title": ""} # get initial content if page_id is None: page = {'title': '', 'content': '', 'slug': ''} else: page = get_object_or_404(Page, page_id) # post new page if request.method == 'POST': # create a new page if needed if page_id is None: try: page = Page.create( title='', content='', slug='', author=g.user_id) page_id = page.id except Exception as e: flash( "Problems creating a new page. Reason: {}".format(e), category="danger") return redirect(url_for('index')) # fill out the fields page.title = request.form.get('title', '') if page.title == '': errors = { "title_category": "danger", "title": "Title/Content must be non-blank" } page.content = request.form.get('content', '') page.slug = request.form.get('slug', '') if page.slug == '': page.slug = slugify(page.title) print("page.slug=", page.slug) # page status, view options page.is_published = request.form.get('is_published') == 'on' page.show_nav = request.form.get('show_nav') == 'on' page.show_title = request.form.get('show_title') == 'on' try: page.save() flash("Thank you for creating a page!", category="success") return redirect(url_for('page_view', page_id=page.id)) except Exception as e: flash( "Problems creating a new page. Reason: {}".format(e), category="danger") return redirect(url_for('index')) return render_template('page_edit.html', page=page, errors=errors)
def page_delete(page_id): """view deletes a page and redirects back to referrer or index""" edit_url = url_for('page_edit', page_id=page_id) page = get_object_or_404(Page, page_id) if page.author.id == session['user_id'] or session['is_admin']: page.delete_instance() flash('Page deleted', category="success") else: flash('You are not authorized to remove this page', category='danger') # handle redirect to referer if request.referrer == None or edit_url in request.referrer: return redirect(url_for('index')) else: return redirect(request.referrer)
def POST(self, id): user = get_object_or_404(User, id=id) form = CreditForm() if not form.validates(): return render.credit(user, form) #problem here amount = str(form.d.amount).replace(',', '.', 1) Operation.new(user_id=id, amount=amount, date=datetime.datetime.now()).save() user.balance += float(amount) user.save() raise web.seeother('/')
def add_to_cart(cls, data): cart_id = data.get('cart_id') product_id = data.get('product').get('id') attributes = data.get('attributes') product = get_object_or_404(Product, id=product_id) cart, _ = ShoppingCart.objects.get_or_create(cart_id=cart_id, product=product, attributes=attributes, defaults={'quantity': 0} ) cart.quantity += 1 cart.save() return cart
def POST(self, id): user = get_object_or_404(User, id=id) form = ConsumeForm() if not form.validates(): raise web.seeother('/users/{}'.format(user.id)) amount = settings.CONSUMPTION_UNIT*int(form.d.units) Operation.new(user_id=id, amount=-amount, date=datetime.datetime.now()).save() user.balance -= float(amount) user.save() if b'userside' in web.data(): return render_no_layout.consume(None, user) else: raise web.seeother('/')
def GET(self, id=None): form = UserForm() user = None rfid = web.input(rfid=None).rfid if id is not None: user = get_object_or_404(User, id=id) form.fill(firstname=user.firstname, lastname=user.lastname, email=user.email, rfid=user.rfid, active=user.active) elif rfid: form.fill(rfid=rfid) return render.edit_user(form, user, "")
def user_pages(user_id=None): """show all the pages associated with this user_id, if user_id=None, get ALL pages""" s = request.args.get('s') if s: return redirect(url_for('search', s=s)) if user_id: pages = models.Page.select().where(models.Page.owner == user_id) user = get_object_or_404(models.User, user_id) title = "Pages by {}".format(user.canonical_name()) else: pages = models.Page.select() title = "Pages by ALL users" return render_template('cms/default/pages_view.html', pages=pages, title=title)
def POST(self, id): user = get_object_or_404(User, id=id) form = ConsumeForm() if not form.validates(): raise web.seeother('/users/{}'.format(user.id)) amount = settings.CONSUMPTION_UNIT * int(form.d.units) Operation.new(user_id=id, amount=-amount, date=datetime.datetime.now()).save() user.balance -= float(amount) user.save() if b'userside' in web.data(): return render_no_layout.consume(None, user) else: raise web.seeother('/')
def file_edit(file_id): """view to allow edit/delete of a File resource""" file = get_object_or_404(File, file_id) if request.method == 'POST': if file.owner.id == session['user_id'] or session['is_admin']: title = request.form.get('title') if title: file.title = title file.save() flash("File information changed", category="success") return redirect(url_for('admin_files')) else: flash('Title must not be blank.', category="danger") else: flash("You are not authorized to edit/delete this object.", category="danger") return render_template('file_edit.html', file=file)
def POST(self, id=None): form = UserForm() user = None if id is not None: user = get_object_or_404(User, id=id) if not form.validates(): return render.edit_user(form, user) if user is None: user = User.new() user.balance = 0 user.firstname = form.d.firstname user.lastname = form.d.lastname user.email = form.d.email user.active = form.d.active user.rfid = form.d.rfid user.save() raise web.seeother('/users/{}'.format(user.id))
def file_delete(file_id): """view to delete an existing file object and physical file (owned by user)""" f = get_object_or_404(File, file_id) pathname = os.path.join(app.config['UPLOAD_FOLDER'], f.filepath) if f.owner.id == session['user_id'] or session['is_admin']: f.delete_instance() try: os.remove(pathname) flash('File Successfully Deleted', category="success") except: flash( "Error: problems removing physical file. Check log for details.", category="warning") else: flash('You are not authorized to remove this file.', category="danger") # handle redirect to referer if request.referrer == None: return redirect(url_for('index')) else: return redirect(request.referrer)
def get_categories_from_id(cls, department_id): department = get_object_or_404(cls, id=department_id) return department.categories.all()
def page_view(page_id): """view page by its id, this is not the public route""" page = get_object_or_404(models.Page, page_id) if not (page.is_published) and not (session.get('is_authenticated')): abort(404) return render_template('cms/default/page_view.html', page=page)
def GET(self, id): user = get_object_or_404(User, id=id) form = ConsumeForm() return render_no_layout.consume(form, user)
def get_object(self): schema = self.get_schema() return get_object_or_404(schema.Meta.model, self.kwargs.get(self.lookup_key))
def page_edit(page_id=None): """edit an existing page, or create a page if page_id is None""" # if page_id = None, then we are creating a new page. # possible errors, we use this in the validation process errors = { 'title': '', 'title_category': '', 'content': '', 'content_category': '' } if page_id: # get existing page by page_id or 404 page = get_object_or_404(models.Page, page_id) else: # empty page for the form page = models.Page() error_flag = False # see if we were called POST if request.method == 'POST': title = request.form.get('title') if not (title): errors['title'] = 'Title cannot be blank' errors['title_category'] = 'is-danger' error_flag = True show_title = request.form.get('show_title') == 'on' show_nav = request.form.get('show_nav') == 'on' slug = request.form.get('slug') is_published = request.form.get('is_published') == 'on' content = request.form.get('content') if not (content): errors['title'] = 'Title cannot be blank' errors['title_category'] = 'is-danger' error_flag = True parent = request.form.get('parent') # if no errors get around to creating or saving new page. # implement later, maybe always create a new row for page, old page marked as not published, revision timestamp. if not (error_flag): try: # ensure parent is int or None parent = int(parent) except: parent = None if page_id is None: page = models.Page.create(owner=session['user_id'], title=title, slug=slug, parent=parent, show_title=show_title, show_nav=show_nav, content=content, is_published=is_published) else: page.title = title page.show_title = show_title page.show_nav = show_nav page.slug = slug page.content = content page.is_published = is_published page.parent = parent # if slug was left blank, we can make a slug based on page if page.slug == '': page.generate_slug() page.save() #return redirect( url_for('page_view', page_id=page.id) ) return redirect(page.url()) else: flash('There were errors on the page', category='danger') # build a list of potential parents for the FORM select field pages = models.Page.select() parents = [("", "None")] # a None parent is allowed. for p in pages: parents.append((p.id, p.title)) return render_template('cms/default/page_edit.html', errors=errors, page=page, parents=parents)
def get_values_from_id(cls, attribute_id): attribute = get_object_or_404(cls, id=attribute_id) return attribute.attributevalue_set.all()
def get_products_from_department_id(cls, department_id): department = get_object_or_404(Department, id=department_id) categories = department.categories.all() productCategories = get_list_or_404(cls, category__in=categories) return [pc.product for pc in productCategories]
def GET(self, id): user = get_object_or_404(User, id=id) operations = Operation.filter(user_id=id, order_by='date DESC') return render.user(user, operations)
def get_reviews_from_id(cls, product_id): product = get_object_or_404(cls, id=product_id) return product.reviews.all()