def user1(): # User 1 has all the power cl = make_test_user(1) u = Users.query.filter_by(username="******").first() o_main = Organizations.query.filter_by(oid="main").first() o_test = Organizations.query.filter_by(oid="test").first() o_test.add_user(u) main_roles = OrganizationRoles.query.filter_by(oid=o_main.id, uid=u.id).first() main_roles.admin = OrganizationManagerRoles.admin main_roles.attendance = roles.attendance.admin main_roles.news = roles.news.moderator test_roles = OrganizationRoles.query.filter_by(oid=o_test.id, uid=u.id).first() test_roles.admin = OrganizationManagerRoles.admin test_roles.attendance = roles.attendance.admin test_roles.news = roles.news.moderator general_roles = Roles.query.filter_by(uid=u.id).first() general_roles.database = roles.database.admin general_roles.organizations = OrganizationAdminRoles.admin general_roles.users = roles.users.admin db_commit() return cl
def link_account(): data = verify_jwt(request.args.get("token", "")) form = BlankForm() uid = data["uid"] pid = data["pid"] email = data["email"] provider = data["provider"] if form.validate_on_submit(): if provider == "Google": GoogleLinks.add(uid=uid, gid=pid) elif provider == "GitHub": GithubLinks.add(uid=uid, gid=pid) db_commit() set_user(Users.query.filter_by(id=uid).first()) flash("Your account is now connected. Welcome back!", category="SUCCESS") return redirect("/", code=303) # TODO GitHub flash_form_errors(form) return render_template("account/link-account.html", uid=uid, provider=provider, email=email, form=form)
def serve_attendance_sudo(oid): if user.organization_roles.attendance < AttendanceRoles.admin: abort(403) form = BlankForm() org = Organizations.query.filter_by(oid=oid).first_or_404() if form.validate_on_submit(): if 'delete' in request.form: del_id = int(request.form['delete']) AttendanceCodes.query.filter_by(id=del_id).delete() db_commit() else: b = os.urandom(16) c = "".join(chr(97 + bc % 26) for bc in b) ac = AttendanceCodes.add(oid=org.id, code=c, start=0, end=0) db_commit() return redirect(f"/organization/{oid}/admin/attendance/{ac.id}", code=303) return render_template("adminpages/attendance.html", sudo=True, active="attendance", form=form)
def lesson_edit(lesson, form): if form.delete.data: Lessons.remove(lesson) db_commit() return True lesson.desc = form.desc.data lesson.title = form.title.data lesson.body = form.body.data lesson.lid = form.lid.data print(lesson.lid) if user.organization_roles.lessons >= LessonRoles.admin: authors = list(map(int, form.authors.data.split())) for lesson_author in LessonAuthors.query.filter_by( lid=lesson.id).all(): if lesson_author.uid not in authors: LessonAuthors.remove(lesson_author) else: authors.remove(lesson_author.uid) for new_author in authors: LessonAuthors.add(lid=lesson.id, uid=new_author, oid=get_org_id()) db_commit()
def serve_topic_sudo_edit_request(id): if user.roles.topics <= TopicRoles.default: abort(403) topic = Topics.query.filter_by(id = id).first_or_404() form = TopicSudoEditForm(topic) if form.validate_on_submit(): topic.tid = form.tid.data topic.name = form.name.data topic.desc = form.description.data db_commit() flash("Successfully updated topic!", category = "SUCCESS") flash_form_errors(form) if form.tid.data is None: form.tid.data = topic.tid if form.name.data is None: form.name.data = topic.name if form.description.data is None: form.description.data = topic.desc return render_template("adminpages/topic_edit.html", sudo = True, active = "topics", form = form)
def serve_attendance_edit(oid, acid): if user.organization_roles.attendance < AttendanceRoles.admin: abort(403) ac = AttendanceCodes.query.filter_by(id=acid).first_or_404() form = AttendanceEditForm(ac) if form.validate_on_submit(): start_ts = to_tstamp(form.start_date.data, form.start_time.data) end_ts = to_tstamp(form.end_date.data, form.end_time.data) if start_ts > end_ts: flash("Start is after end!", category="ERROR") else: code = form.code.data ac.code = code ac.start = start_ts ac.end = end_ts db_commit() flash("Attendance code updated!", category="SUCCESS") return render_template("adminpages/attendance-edit.html", form=form)
def serve_topic_sudo_create_request(ptid): if user.roles.topics <= TopicRoles.default: abort(403) parent_tid = "" if ptid: parent_tid = Topics.query.filter_by(id=ptid).first_or_404().tid form = TopicSudoCreateForm() if form.validate_on_submit(): Topics.add(ptid=ptid or None, tid=form.tid.data, name=form.name.data, desc=form.description.data) db_commit() return redirect("/admin/topics/", code=303) flash_form_errors(form) return render_template("adminpages/topic_create.html", sudo=True, active="topics", form=form, ptid=parent_tid)
def update_user(uid, **kwargs): user = Users.query.filter_by(id=uid).first() # TODO handle email change if "username" in kwargs: user.username = kwargs.pop("username") if "desc" in kwargs: user.desc = kwargs.pop("desc") if "real_name" in kwargs: user.real_name = kwargs.pop("real_name") if "npass" in kwargs: user.password_hash = pass_hash(kwargs.pop("npass"), user.salt) user.revoke_tokens_before = get_time() set_user(user) if "subscribed" in kwargs: user.subscribed = kwargs.pop("subscribed") if kwargs: logger.warn("WARNING update_user not complete: %s" % kwargs) db_commit()
def serve_change_password(form): password = form.password.data user.password_hash = pass_hash(password, user.salt) user.permissions.revoke_tokens_before = get_time() db_commit() set_user(user._get_current_object()) flash("Your account password has been updated!", category="SUCCESS") return redirect("/edit-profile/", code=303)
def create_blank_account(email, username, real_name, subscribed): new_user = Users.add(email=email, username=username, real_name=real_name, subscribed=subscribed, salt=new_salt()) db_commit() new_user.create_dependencies() return new_user
def move_topic(id, ptid): if user.roles.topics <= TopicRoles.default: abort(403) if is_ancestor(ptid, id): return "", 400 Topics.query.filter_by(id=id).first_or_404().ptid = ptid db_commit() return ""
def user_sudo_edit(target, form): if user.roles.users >= UserRoles.moderator: target.permissions.can_login_after = form.can_login_after.data if user.roles.users >= UserRoles.admin: for role in ["users", "database", "news", "attendance", "topics"]: setattr( target.roles, role, getattr(getattr(roles, role), getattr(form, "role_%s" % role).data)) db_commit()
def lesson_admin_create(form, oid): org = Organizations.query.filter_by(oid=oid).first() article = Lessons.add(oid=org.id, lid=form.lid.data, title=form.title.data, desc=form.desc.data, body=form.body.data) db_commit() for uid in form.authors.data.split(): LessonAuthors.add(lid=article.id, uid=int(uid), oid=org.id) db_commit()
def oauth_create_account(): if user: return redirect(get_next_page(), code=303) try: data = verify_jwt(request.args.get("token", "")) except (InvalidJWT, ExpiredJWT): return error_page( code=400, message="Invalid token in request. Please contact us.", errorname="Bad Request") form = OAuthCreateAccountForm() if form.email.data is None and "email" in data: form.email.data = data["email"] if form.username.data is None and "username" in data: form.username.data = data["username"] if form.real_name.data is None and "real_name" in data: form.real_name.data = data["real_name"] if form.validate_on_submit(): new_user = create_blank_account(form.email.data, form.username.data, form.real_name.data, form.subscribed.data) if data["provider"] == "Google": GoogleLinks.add(uid=new_user.id, gid=data["pid"]) elif data["provider"] == "GitHub": GithubLinks.add(uid=new_user.id, gid=data["pid"]) db_commit() set_user(new_user) flash("Welcome!", category="SUCCESS") return redirect(get_next_page(), code=303) flash_form_errors(form) form.legal_agreement.checked = False return render_template("account/oauth-create-account.html", active="Sign Up", form=form, next_page=get_next_page(), provider=data["provider"])
def serve_organization_landing(org): form = OrganizationJoinByCodeForm() organization = Organizations.query.filter_by(id=get_org_id()).first() if form.validate_on_submit(): organization.add_user(user) db_commit() flash("Joined %s!" % organization.name, category="SUCCESS") flash_form_errors(form) return render_template("organizations/landing.html", active="Organizations", organization=organization, form=form)
def move_topic_keep_children(id, ptid): if user.roles.topics <= TopicRoles.default: abort(403) if Topics.is_parent(id, ptid): return "", 400 topic = Topics.query.filter_by(id=id).first_or_404() for child in Topics.query.filter_by(ptid=topic.id).all(): child.ptid = topic.ptid db_commit() topic.ptid = ptid db_commit() return ""
def serve_attendance(org): form = AttendanceForm() if form.validate_on_submit(): AttendanceRecords.add(cid=AttendanceCodes.query.filter_by( code=form.attendance_code.data.strip()).first().id, oid=get_org_id(), uid=user.id, time=get_time()) db_commit() flash("Your attendance was confirmed!", category="SUCCESS") flash_form_errors(form) return render_template( "account/attendance.html", form=form, off=(AttendanceCodes.query.filter_by(oid=get_org_id()).count() == 0))
def news_sudo_create(form, oid): org = Organizations.query.filter_by(oid = oid).first() article = News.add(oid = get_org_id(), nid = form.nid.data, title = form.title.data, body = form.body.data, time = get_time()) db_commit() for uid in form.authors.data.split(): NewsAuthors.add(nid = article.id, uid = int(uid), oid = get_org_id()) if form.email.data: co = Organizations.query.filter_by(id = get_org_id()).first() send_many([ tup[0] for tup in db.session.query(Users.email).\ join(OrganizationUsers).\ filter(OrganizationUsers.oid == co.id, Users.subscribed == True).all() ], "%s Announcement - %s" % ("CS Center" if org.id == 1 else org.name, form.title.data), md.render(form.body.data)) db_commit()
def news_sudo_edit(article, form): if form.delete.data: News.remove(article) db_commit() return True article.nid = form.nid.data article.title = form.title.data article.body = form.body.data if user.organization_roles.news >= NewsRoles.moderator: authors = list(map(int, form.authors.data.split())) for news_author in NewsAuthors.query.filter_by(nid = article.id).all(): if news_author.uid not in authors: NewsAuthors.remove(news_author) else: authors.remove(news_author.uid) for new_author in authors: NewsAuthors.add(nid = article.id, uid = new_author, oid = get_org_id()) db_commit()
def serve_organization_sudo(org): if user.organization_roles.admin < OrganizationManagerRoles.admin: abort(403) form = OrganizationSudoForm() organization = Organizations.query.filter_by(id=get_org_id()).first() if form.validate_on_submit(): organization.name = form.name.data organization.desc = form.description.data organization.join_code = form.join_code.data organization.can_join_code = form.can_join_code.data organization.can_apply = form.can_apply.data db_commit() flash("Successfully updated organization!", category="SUCCESS") if form.name.data is None: form.name.data = organization.name if form.description.data is None: form.description.data = organization.desc if form.join_code.data is None: form.join_code.data = organization.join_code form.can_join_code.data = organization.can_join_code form.can_apply.data = organization.can_apply flash_form_errors(form) return render_template("adminpages/organization.html", sudo=True, active="organization", form=form)
def edit_profile(form): kwargs = {} if form.desc.data != user.desc: kwargs["desc"] = form.description.data if form.username.data != user.username: kwargs["username"] = form.username.data if form.email.data != user.email: kwargs["email"] = form.email.data flash( "An email was sent to your new email address to complete the email change!", category="SUCCESS") if form.real_name.data != user.real_name: kwargs["real_name"] = form.real_name.data if form.subscribed.data != user.subscribed: kwargs["subscribed"] = form.subscribed.data update_user(user.id, **kwargs) db_commit() flash("Successfully updated your user data!", category="SUCCESS")
def global_logout(): user.permissions.revoke_tokens_before = get_time() db_commit() return ""
import wcics.server.routes from wcics.utils.time import get_time from wcics.database.models import Organizations from wcics.database.utils import db_commit ## Perform any init that is assumed to exist # Create main organization Organizations.add(oid='main', name='Main Organization', desc='main organization thing') # This organization should eventually be created through our interface (but said interface does not yet exist...) Organizations.add(oid="test", name="Test organization", desc="I am a test") db_commit() print("\nOrganizations were sucessfully created!\n")
def create_account(email, username, real_name, password, subscribed): new_user = create_blank_account(email, username, real_name, subscribed) new_user.password_hash = pass_hash(password, new_user.salt) db_commit() return new_user