def reject(group_id, request_id): group = get_object_or_404(Group, Group.id == group_id) user = User.query.get(session['user_id']) if user in group.admins: request = get_object_or_404(GroupRequest, GroupRequest.id == request_id) request.reject() flash('Request rejected') return redirect(url_for('admin.group_requests', group_id=group_id))
def update_records_label(record_uid): record = get_object_or_404(Record, record_uid) data = request.get_json() label_uid = data.pop('label_uid') if label_uid is not None: get_object_or_404(Label, label_uid) record.label_uid = label_uid db.session.add(record) db.session.commit() return record.to_dict()
def make_admin(group_id, user_id): admin = User.query.get(session['user_id']) group = get_object_or_404(Group, Group.id == group_id) if group.is_admin(admin): #check if current user is an admin user = get_object_or_404(User, User.id == user_id) group.make_admin(user) redirect(url_for('groups.members', group_id=group_id)) else: flash('You do not have permission for that') redirect(url_for('groups.group_page', group_id=group_id))
def remove_ban(group_id, user_id): group = get_object_or_404(Group, Group.id == group_id) user = get_object_or_404(User, User.id == user_id) admin = User.query.get(session['user_id']) if group.is_admin(admin): group.banned_members.remove(user) db.session.commit() flash('User ban removed') return redirect(url_for('admin.banned_members', group_id=group_id)) else: flash('You do not have permission for that') return redirect(url_for('groups.group_page', group_id=group_id))
def delete_post(group_id, post_id): post = get_object_or_404(Post, Post.id == post_id) group = get_object_or_404(Group, Group.id == group_id) user = User.query.get(session['user_id']) if post.poster == session['user_id'] or user in group.admins: group.group_posts.remove(post) db.session.commit() post.delete() flash('POST deleted') return redirect(url_for('groups.group_page', group_id=group_id)) else: flash("You do not have permission for that") return redirect(url_for('posts.post', post_id=post_id))
def remove_member(group_id, user_id): group = get_object_or_404(Group, Group.id == group_id) admin = User.query.get(session['user_id']) if group.is_admin(admin): user = get_object_or_404(User, User.id == user_id) if not group.is_admin(user): group.members.remove(user) group.banned_members.append(user) #add member to banned list db.session.commit() flash('Member removed') else: flash('Admins can remove admins') return redirect(url_for('groups.members', group_id=group_id)) else: flash('You do not have permission to remove someone from a group') return redirect(url_for('groups.group_page', group_id=group_id))
def join_group(group_id): group = get_object_or_404(Group, Group.id == group_id) #check if group exists user = User.query.get(session['user_id']) if user not in group.banned_members: if user not in group.members: check = GroupRequest.query.filter_by( user=session['user_id'], group=group.id).first() #get friend request if group.private: if check == None: #if no request present request = GroupRequest( user=user.id, group=group.id, ) db.session.add(request) db.session.commit() flash('Group is private, request to join sent') return redirect(url_for('users.my_profile')) else: flash('Request already sent') else: group.join(user) else: flash('You already joined this group') else: flash('You are banned from this group') return redirect(url_for('groups.group_page', group_id=group_id))
def set_current_series(recorder_uid, series_uid=None): recorder = get_object_or_404(Recorder, recorder_uid) print(series_uid) if series_uid is None: recorder.current_series_uid = None db.session.commit() return (f'Current series of recorder {recorder.uid} unset.', 204) series = get_object_or_404(Series, series_uid) try: recorder.current_series_uid = series_uid db.session.commit() return series.to_dict() except exc.IntegrityError as ex: db.session.rollback() flask.abort(400, str(ex)) except ValueError as ex: flask.abort(400, str(ex))
def download_record(record_uid): record = get_object_or_404(Record, record_uid) if not record.is_uploaded(): flask.abort( 404, "This record is registered but file has not been uploaded yet" ) return flask.send_file(str(record.filepath), attachment_filename=record.filepath.name)
def like_post(post_id, group_id): post = get_object_or_404(Post, Post.id == post_id) user = User.query.get(session['user_id']) if user not in post.likes: post.like(user) elif user in post.likes: post.unlike(user) return redirect(url_for('groups.group_page', group_id=group_id))
def delete_series(series_uid): series = get_object_or_404(Series, series_uid) if series.records: flask.abort(400, "Cannot delete non empty series") if series.recorder.current_series_uid == series.uid: flask.abort(400, "Cannot delete currently maintanded series") db.session.delete(series) return (f'Series {series_uid} deleted', 204)
def delete_friend(user_id): friend = get_object_or_404(User, User.id == user_id) user = User.query.get(session['user_id']) if user.is_friend(friend): user.delete_friend(friend) flash('User removed from friends list') return redirect(url_for('users.friends')) else: return redirect(url_for('users.friends'))
def reject(request_id): request = get_object_or_404(FriendRequest, FriendRequest.id == request_id) if session['user_id'] == request.user_sent_to: request.reject() flash('Request rejected') return redirect(url_for('users.requests')) else: flash('Not allowed') return redirect(url_for('users.requests'))
def new_record(): record_data = request.get_json() recorder = flask.g.recorder if record_data["series_uid"] not in [s.uid for s in recorder.serieses]: flask.abort(403, "Recorder {} does not maintain series {}".format( recorder.uid, record_data["series_uid"] )) if record_data["label_uid"] is not None: get_object_or_404(Label, record_data["label_uid"]) try: record = Record(**record_data) db.session.add(record) db.session.commit() return record.to_dict() except exc.IntegrityError as ex: db.session.rollback() flask.abort(400, str(ex)) except ValueError as ex: flask.abort(400, str(ex))
def leave_group(group_id): user = User.query.get(session['user_id']) group = get_object_or_404(Group, Group.id == group_id) if user not in group.members: flash('You can\'t leave a group you are not apart of') elif group.is_admin(user): flash('You can\'t leave a group you are an admin of') else: group.leave(session['user_id']) return redirect(url_for('groups.groups'))
def delte_message(message_id): message = get_object_or_404(Message, Message.id == message_id) if session['user_id'] == message.user_to: db.session.delete(message) db.session.commit() flash('Message deleted') return redirect(url_for('messages.messages')) elif session['user_id'] != message.user_to: flash("You do not have permiession for that") return redirect(url_for('messages.messages'))
def members(group_id): user = User.query.get(session['user_id']) group = get_object_or_404(Group, Group.id == group_id) admins = group.admins is_admin = group.is_admin(user) #check if the user is an admin members = group.members return render_template('members.html', members=members, admins=admins, is_admin=is_admin, group=group)
def admin_panel(group_id): user = User.query.get(session['user_id']) group = get_object_or_404(Group, Group.id == group_id) if user in group.admins: return render_template( 'admin.html', group=group, ) else: flash('You are not an admin') return redirect(url_for('groups.group_page', group_id=group_id))
def read_message(message_id): message = get_object_or_404(Message, Message.id == message_id) if session['user_id'] == message.user_to: user_from = User.query.get(message.user_from) message.read = True return render_template('message.html', message=message, user_from=user_from) else: flash("You do not have permiession for that") return redirect(url_for('messages.messages'))
def resend_password(): if request.method == 'POST': user = get_object_or_404(User, User.email == request.form['email']) token = generate_confirmation_token(user.email) reset_url = url_for('users.reset_password', token=token, _external=True) html = render_template('reset.html', reset_url=reset_url) subject = "Reset Password" send_email(user.email, subject, html) flash('A reset password email has been sent.', 'success') return redirect(url_for('users.login')) return render_template('resend.html')
def resend_confirmation(): if request.method == 'POST': user = get_object_or_404(User, User.email == request.form['email']) token = generate_confirmation_token(user.email) confirm_url = url_for('users.confirm_email', token=token, _external=True) html = render_template('activate.html', confirm_url=confirm_url) subject = "Please confirm your email" send_email(user.email, subject, html) flash('A new confirmation email has been sent.', 'success') return redirect(url_for('users.login')) return render_template('resend.html')
def group_page(group_id): group = get_object_or_404(Group, Group.id == group_id) print group.private user = User.query.get(session['user_id']) url = request.url_rule admin = user in group.admins posts = get_sort_posts(group, str(url)) member = user in group.members #check if user is member and grant certain privaliges if so return render_template('group.html', group=group, user=user, member=member, posts=posts, admin=admin)
def update_recorder(recorder_uid): recorder = get_object_or_404(Recorder, recorder_uid) recorder_data = request.get_json() location_description = recorder_data.pop('location_description') try: if location_description is not None: recorder.location_description = location_description db.session.commit() return recorder.to_dict() except exc.IntegrityError as ex: db.session.rollback() flask.abort(400, str(ex)) except ValueError as ex: flask.abort(400, str(ex))
def new_series(): series_data = request.get_json() get_object_or_404(Recorder, series_data['recorder_uid']) parameters = series_data.pop('parameters') try: try: uid = parameters.pop('uid') parameters_obj = get_object(RecordingParameters, uid) except orm.exc.NoResultFound: parameters_obj = RecordingParameters(uid=uid, **parameters) except KeyError: parameters_obj = RecordingParameters(**parameters) db.session.add(parameters_obj) db.session.commit() series = Series(parameters_uid=parameters_obj.uid, **series_data) db.session.add(series) db.session.commit() return series.to_dict() except exc.IntegrityError as ex: db.session.rollback() flask.abort(400, str(ex)) except ValueError as ex: flask.abort(400, str(ex)) return {}
def banned_members(group_id): group = get_object_or_404(Group, Group.id == group_id) admin = User.query.get(session['user_id']) if group.is_admin(admin): members = group.banned_members admins = group.admins return render_template('members.html', members=members, admins=admins, banned=True, is_admin=True, group=group) else: flash('You do not have permission for that') return redirect(url_for('groups.group_page', group_id=group_id))
def group_requests(group_id): group = get_object_or_404(Group, Group.id == group_id) if group.private: requests = GroupRequest.query.filter_by(group=group_id) users_from = [] for r in requests: user = User.query.get(r.user) users_from.append((r, user)) l = len(users_from) return render_template('requests.html', len=l, users_from=users_from, is_group=True, group=group) else: flash("Group is public no requests") return redirect(url_for('admin.admin_panel', group_id=group_id))
def change_privacy(group_id): group = get_object_or_404(Group, Group.id == group_id) user = User.query.get(session['user_id']) if user in group.admins: if group.private == True: group.private = False requests = GroupRequest.query.filter_by(group=group_id) for r in requests: r.accept(r.user, group.id) flash('Group made public') else: group.private = True flash('Group made private') db.session.commit() return redirect(url_for('admin.admin_panel', group_id=group_id)) else: flash('You do not have permission for that') return redirect(url_for('groups.group_page', group_id=group_id))
def update_series_parameters(series_uid): series = get_object_or_404(Series, series_uid) parameters = request.get_json() try: uid = parameters.pop('uid') parameters_set = get_object(RecordingParameters, uid) except orm.exc.NoResultFound: parameters_set = RecordingParameters(uid=uid, **parameters) except KeyError: parameters_set = RecordingParameters(**parameters) series.parameters_uid = parameters_set.uid try: db.session.add(parameters_set) db.session.commit() return parameters_set.to_dict() except exc.IntegrityError as ex: db.session.rollback() flask.abort(400, str(ex)) except ValueError as ex: flask.abort(400, str(ex))
def update_series(series_uid): series = get_object_or_404(Series, series_uid) series_data = request.get_json() description = series_data.pop('description', None) recorder_uid = series_data.pop('recorder_uid', None) try: if description is not None: series.description = description if recorder_uid is not None: if series.records: flask.abort(400, "Cannot change recorder of non empty series") series.recorder_uid = recorder_uid db.session.commit() return series.to_dict() except exc.IntegrityError as ex: db.session.rollback() flask.abort(400, str(ex)) except ValueError as ex: flask.abort(400, str(ex))
def profile(user_id): user = get_object_or_404(User, User.id == user_id) user_profile = user.id == session['user_id'] u = User.query.get(session['user_id']) posts = Post.query.filter_by(poster=user.id, self_post=True) posts = [(x, x.time_posted) for x in posts] posts.sort(key=lambda x: x[1]) posts.reverse() friends = u in user.friends #check if the user is friends with the user if request.method == 'POST': print request.form message = Message(user_to=User.query.get(user_id), user_from=User.query.get(session['user_id']), content=request.form['message']) db.session.add(message) db.session.commit() return render_template('user.html', user=user, user_profile=user_profile, friends=friends, posts=posts)