Esempio n. 1
0
def delete(entry_id, inc_page=0):
    if not ModuleAPI.can_write('navigation'):
        return abort(403)

    if inc_page and not ModuleAPI.can_write('page'):
        flash(_('You do not have rights to remove pages'))
        return abort(403)

    entry = db.session.query(NavigationEntry).filter_by(id=entry_id).first()
    if not entry:
        abort(404)

    if not entry.parent:
        if entry.children.count() > 0:
            flash('Deze item heeft nog subitems.', 'danger')
            return redirect(url_for('navigation.edit', entry_id=entry.id))

    if inc_page:
        if entry.external or entry.activity_list:
            flash('Deze item verwijst niet naar een pagina op deze website.',
                  'danger')
        else:
            path = entry.url.lstrip('/')
            if PageAPI.remove_page(path):
                flash('De pagina is verwijderd.', 'success')
            else:
                flash('De te verwijderen pagina kon niet worden gevonden.',
                      'danger')

    db.session.delete(entry)
    db.session.commit()

    flash('De navigatie-item is verwijderd.', 'success')

    return redirect(url_for('navigation.view'))
Esempio n. 2
0
    def get_current_admin_guide():
        module_name = request.blueprint

        admin_guide = Page.get_by_path('guides/admin/' + module_name)

        if not admin_guide or not ModuleAPI.can_write(module_name):
            admin_revision = PageRevision(None, None, None, None, None, None, None)
            if ModuleAPI.can_write(module_name):
                admin_revision.title = 'Er is geen admin handleiding beschikbaar voor ' +\
                    module_name
                if ModuleAPI.can_write('page'):
                    admin_revision.content = 'Voeg ' +\
                        '<a href="/edit/guides/admin/' + module_name + '"> hier </a>' +\
                        ' een admin handleiding toe.'
                else:
                    admin_revision.content = ''
            else:
                admin_revision.title = ''
                admin_revision.content = ''
        else:
            admin_revision = admin_guide.get_latest_revision()
            if ModuleAPI.can_write('page') and\
                    ModuleAPI.can_write(module_name):
                admin_revision.title += '<a href="/edit/guides/admin/' + module_name +\
                    '"> (bewerk) </a>'

        return admin_revision
Esempio n. 3
0
    def get_current_user_guide():
        module_name = request.blueprint

        """ Get the user guide for a specific module """
        user_guide = Page.get_by_path('guides/user/' + module_name)

        if not user_guide:
            user_revision = PageRevision(None, None, None, None, None, None, None)
            user_revision.title = 'Er is geen user handleiding beschikbaar voor ' +\
                module_name

            if ModuleAPI.can_write('page') and\
                    ModuleAPI.can_write(module_name):
                user_revision.content = 'Voeg ' +\
                    '<a href="/edit/guides/user/' + module_name + '"> hier </a>' +\
                    ' een user handleiding toe.'
            else:
                user_revision.content = ''
        else:
            user_revision = user_guide.get_latest_revision()
            if ModuleAPI.can_write('page') and\
                    ModuleAPI.can_write(module_name):
                user_revision.title += '<a href="/edit/guides/user/' + module_name +\
                    '"> (bewerk) </a>'

        return user_revision
Esempio n. 4
0
def view_single(user_id=None):
    if user_id is None:
        if current_user.is_authenticated:
            return redirect(url_for('user.view_single',
                                    user_id=current_user.id))
        return redirect(url_for('user.view'))

    can_read = False
    can_write = False

    # Only logged in users can view profiles
    if current_user.is_anonymous:
        return abort(403)
    # Unpaid members cannot view other profiles
    if current_user.id != user_id and not current_user.has_paid:
        return abort(403)
    # A user can always view his own profile
    if current_user.id == user_id:
        can_write = True
        can_read = True
    # group rights
    if ModuleAPI.can_read('user'):
        can_read = True
    if ModuleAPI.can_write('user'):
        can_write = True
        can_read = True

    user = User.query.get_or_404(user_id)
    user.avatar = UserAPI.avatar(user)
    user.groups = UserAPI.get_groups_for_user_id(user)

    user.groups_amount = user.groups.count()

    if "gravatar" in user.avatar:
        user.avatar = user.avatar + "&s=341"

    # Get all activity entrees from these forms, order by start_time of
    # activity.
    activities = Activity.query.join(CustomForm).join(CustomFormResult).\
        filter(CustomFormResult.owner_id == user_id and
               CustomForm.id == CustomFormResult.form_id and
               Activity.form_id == CustomForm.id)

    user.activities_amount = activities.count()

    new_activities = activities\
        .filter(Activity.end_time > datetime.today()).distinct()\
        .order_by(Activity.start_time)
    old_activities = activities\
        .filter(Activity.end_time < datetime.today()).distinct()\
        .order_by(Activity.start_time.desc())

    return render_template('user/view_single.htm', user=user,
                           new_activities=new_activities,
                           old_activities=old_activities,
                           can_read=can_read,
                           can_write=can_write)
Esempio n. 5
0
def remove_avatar(user_id=None):
    user = User.query.get(user_id)
    if not ModuleAPI.can_write('user') and\
            (current_user.is_anonymous or current_user.id != user_id):
        return abort(403)
    UserAPI.remove_avatar(user)
    return redirect(url_for('user.view_single', user_id=user_id))
Esempio n. 6
0
def delete(path):
    if not ModuleAPI.can_write('page'):
        return abort(403)

    page = Page.get_by_path(path)
    if not page:
        flash(_('The page you tried to delete does not exist.'), 'danger')
        return redirect(url_for('page.get_page', path=path))
        abort(404)
    rev = page.get_latest_revision()

    class DeleteForm(Form):
        title = StringField(_('Page title'))

    form = DeleteForm(request.form)

    if form.validate_on_submit():
        if rev.title == form.title.data:
            db.session.delete(page)
            db.session.commit()
            flash(_('The page has been deleted'), 'success')
            return redirect(url_for('home.home'))
        else:
            flash(_('The given title does not match the page title.'),
                  'warning')
    else:
        flash_form_errors(form)

    return render_template('page/delete.htm', rev=rev, form=form)
Esempio n. 7
0
def new_submission(challenge_id=None):
    if not ModuleAPI.can_read('challenge') or current_user.is_anonymous:
        abort(403)

    if request.args.get('challenge_id'):
        challenge_id = request.args.get('challenge_id')
    else:
        return "Error, no 'challenge_id' given"

    if request.args.get('submission'):
        submission = request.args.get('submission')
    else:
        return "Error, no 'submission' given"

    new_submission = ChallengeAPI.create_submission(challenge_id=challenge_id,
                                                    user_id=current_user.id,
                                                    submission=submission,
                                                    image_path=None)

    if new_submission is False:
        return "Question is already submitted"

    challenge = ChallengeAPI.fetch_challenge(challenge_id)

    return ChallengeAPI.validate_question(new_submission, challenge)
Esempio n. 8
0
def admin_vote():
    if not ModuleAPI.can_write('elections'):
        return abort(403)

    rp = db.engine.execute('SELECT a.*, (SELECT COUNT(*) FROM dvhj_vote b '
                           'WHERE b.nominee_id=a.id) AS votes '
                           'FROM dvhj_nominee a WHERE a.valid=1 '
                           'ORDER BY votes DESC;')

    nominees = []

    def nomi(row):
        return {'id': row[0],
                'created': row[1],
                'modified': row[2],
                'name': row[3],
                'valid': row[4],
                'votes': row[5]}

    while True:
        row = rp.fetchone()
        if row is None:
            break

        nominees.append(nomi(row))

    return render_template('elections/admin_vote.htm',
                           title='Docent van het jaar IW/Stemmen/Admin',
                           nominees=nominees)
Esempio n. 9
0
def has_paid(submit_id=None):
    response = "success"

    if not ModuleAPI.can_write('custom_form') or current_user.is_anonymous:
        return abort(403)

    # Test if user already signed up
    submission = CustomFormResult.query.filter(
        CustomFormResult.id == submit_id
    ).first()

    if not submission:
        response = "Error, submission could not be found"

    # Adjust the "has_paid"
    if submission.has_paid:
        submission.has_paid = False
    else:
        submission.has_paid = True

    db.session.add(submission)
    db.session.commit()

    copernica_data = {
        "Betaald": "Ja" if submission.has_paid else "Nee",
    }

    copernica.update_subprofile(copernica.SUBPROFILE_ACTIVITY,
                                submission.owner_id, submission.form_id,
                                copernica_data)

    return response
Esempio n. 10
0
def get_users():
    if not ModuleAPI.can_read('user'):
        return abort(403)

    users = User.query.all()
    user_list = []

    for user in users:
        user_list.append(
            [user.id,
             user.email,
             user.first_name,
             user.last_name,
             user.student_id,
             user.education.name
                if user.education else "",
             "<i class='glyphicon glyphicon-ok'></i>"
                if user.has_paid else "",
             "<i class='glyphicon glyphicon-ok'></i>"
                if user.honorary_member else "",
             "<i class='glyphicon glyphicon-ok'></i>"
                if user.favourer else "",
             "<i class='glyphicon glyphicon-ok'></i>"
                if user.alumnus else ""
             ])
    return json.dumps({"data": user_list})
Esempio n. 11
0
def list(page=0):
    if not ModuleAPI.can_read('mollie'):
        return abort(403)

    payments, message = mollie.get_payments(page)
    return render_template('mollie/list.htm', payments=payments,
                           message=message, page=page)
Esempio n. 12
0
def remove_response(submit_id=None):
    response = "success"

    if not ModuleAPI.can_read('custom_form'):
        return abort(403)

    # Test if user already signed up
    submission = CustomFormResult.query.filter(
        CustomFormResult.id == submit_id
    ).first()

    if not submission:
        abort(404)

    form_id = submission.form_id
    max_attendants = submission.form.max_attendants

    db.session.delete(submission)
    db.session.commit()

    all_sub = CustomFormResult.query.filter(
        CustomFormResult.form_id == form_id
    ).all()

    if max_attendants <= len(all_sub):
        from_list = all_sub[max_attendants - 1]
        copernica_data = {
            "Reserve": "Nee"
        }
        copernica.update_subprofile(
            copernica.SUBPROFILE_ACTIVITY, from_list.owner_id,
            from_list.form_id, copernica_data)

    return response
Esempio n. 13
0
    def get_navigation_menu(group_id, personal, type):
        if not ModuleAPI.can_read('pimpy'):
            return abort(403)
        if current_user.is_anonymous:
            flash('Huidige gebruiker niet gevonden!', 'danger')
            return redirect(url_for('pimpy.view_minutes'))

        groups = current_user.groups\
            .filter(Group.name != 'all').order_by(Group.name.asc()).all()

        if not type:
            type = 'minutes'
        endpoint = 'pimpy.view_' + type
        endpoints = {'view_chosentype': endpoint,
                     'view_chosentype_personal': endpoint + '_personal',
                     'view_chosentype_chosenpersonal': endpoint +
                     ('_personal' if personal and type != 'minutes' else ''),
                     'view_tasks': 'pimpy.view_tasks',
                     'view_tasks_personal': 'pimpy.view_tasks_personal',
                     'view_tasks_chosenpersonal': 'pimpy.view_tasks',
                     'view_minutes': 'pimpy.view_minutes'}
        if personal:
            endpoints['view_tasks_chosenpersonal'] += '_personal'

        if not group_id:
            group_id = 'all'
        if group_id != 'all':
            group_id = int(group_id)

        return Markup(render_template('pimpy/api/side_menu.htm', groups=groups,
                                      group_id=group_id, personal=personal,
                                      type=type, endpoints=endpoints,
                                      title='PimPy'))
Esempio n. 14
0
    def get_minutes_in_date_range(group_id, start_date, end_date):
        """Load all minutes in the given group."""

        if not ModuleAPI.can_read('pimpy'):
            return abort(403)
        if current_user.is_anonymous:
            flash('Huidige gebruiker niet gevonden', 'danger')
            return redirect(url_for('pimpy.view_minutes'))

        list_items = {}

        start_date = datetime.datetime.strptime(start_date, "%Y-%m-%d")
        end_date = datetime.datetime.strptime(end_date, "%Y-%m-%d")

        if group_id != 'all':
            query = Minute.query.filter(Minute.group_id == group_id).\
                filter(start_date <= Minute.minute_date,
                       Minute.minute_date <= end_date).\
                order_by(Minute.minute_date.desc())
            list_items[Group.query.filter(Group.id == group_id).first().name]\
                = query.all()
        # this should be done with a sql in statement, or something, but meh
        else:
            for group in current_user.groups:
                query = Minute.query.filter(Minute.group_id == group.id)
                query = query.order_by(Minute.minute_date.desc())
                list_items[group.name] = query.all()

        return Markup(render_template('pimpy/api/minutes.htm',
                                      list_items=list_items, type='minutes',
                                      group_id=group_id, line_number=-1,
                                      title='PimPy'))
Esempio n. 15
0
def get_ranking():
    if not ModuleAPI.can_read('challenge'):
        abort(403)

    ranking = ChallengeAPI.get_ranking()

    return jsonify(ranking=[user.serialize for user in ranking])
Esempio n. 16
0
def edit(contact_id=None):
    """Create or edit a contact, frontend."""
    if not ModuleAPI.can_read('contact'):
        return abort(403)

    if contact_id:
        contact = Contact.query.get(contact_id)
    else:
        contact = Contact()

    form = ContactForm(request.form, contact)

    locations = Location.query.order_by('address').order_by('city')
    form.location_id.choices = \
        [(l.id, '%s, %s' % (l.address, l.city)) for l in locations]

    if form.validate_on_submit():
        if not contact.id and Contact.query.filter(
                Contact.email == form.email.data).count():
            flash(_('Contact email "%s" is already in use.' %
                    form.email.data), 'danger')
            return render_template('contact/edit.htm', contact=contact,
                                   form=form)
        form.populate_obj(contact)
        db.session.add(contact)
        db.session.commit()
        flash(_('Contact person saved.'), 'success')
        return redirect(url_for('contact.edit', contact_id=contact.id))
    else:
        flash_form_errors(form)

    return render_template('contact/edit.htm', contact=contact, form=form)
Esempio n. 17
0
def list(page_nr=1):
    """Show a paginated list of contacts."""
    if not ModuleAPI.can_read('contact'):
        return abort(403)

    contacts = Contact.query.paginate(page_nr, 15, False)
    return render_template('contact/list.htm', contacts=contacts)
Esempio n. 18
0
def view():
    if not ModuleAPI.can_read('navigation'):
        return abort(403)

    entries = NavigationAPI.get_entries()

    return render_template('navigation/view.htm', nav_entries=entries)
Esempio n. 19
0
def create_challenge(challenge_id=None):
    if not ModuleAPI.can_write('challenge'):
        abort(403)

    # Gather all arguments
    if request.args.get('parent_id'):
        parent_id = request.args.get('parent_id')
    else:
        return "Error, no 'parent_id' given"

    if request.args.get('name'):
        name = request.args.get('name')
    else:
        return "Error, no 'name' given"

    if request.args.get('description'):
        description = request.args.get('description')
    else:
        return "Error, no 'description' given"

    if request.args.get('type'):
        type = request.args.get('type')
    else:
        return "Error, no 'type' given"

    if request.args.get('start_date'):
        start_date = datetime.datetime.strptime(request.args.get('start_date'),
                                                '%Y-%m-%d').date()
    else:
        return "Error, no 'start_date' given"

    if request.args.get('end_date'):
        end_date = datetime.datetime.strptime(request.args.get('end_date'),
                                              '%Y-%m-%d').date()
    else:
        return "Error, no 'end_date' given"

    if request.args.get('answer'):
        answer = request.args.get('answer')
    else:
        return "Error, no 'answer' given"

    if request.args.get('weight'):
        weight = request.args.get('weight')
    else:
        return "Error, no 'weight' given"

    if request.args.get('hint'):
        hint = request.args.get('hint')
    else:
        return "Error, no 'hint' given"

    # Check if the name of the challenge is unique
    if ChallengeAPI.challenge_exists(name):
        return "Error, challenge with name '" + name + "' already exists"

    return ChallengeAPI.create_challenge(name, description, hint, start_date,
                                         end_date, parent_id, weight, type,
                                         answer)
Esempio n. 20
0
def reorder():
    if not ModuleAPI.can_write('navigation'):
        return abort(403)

    entries = json.loads(request.form['entries'])
    NavigationAPI.order(entries, None)

    return ""
Esempio n. 21
0
def group_api_get_users(group_id):
    if not (ModuleAPI.can_read("group")):
        return abort(403)
    group = Group.query.get(group_id)
    users = group.users.order_by(User.first_name, User.last_name).all()

    res = [{"val": user.id, "label": user.name} for user in users]
    return jsonify(users=res)
Esempio n. 22
0
def fetch_all():
    if not ModuleAPI.can_write('challenge'):
        abort(403)

    challenges = ChallengeAPI.fetch_all_challenges()

    return jsonify(challenges=[challenge.serialize for challenge in
                               challenges])
Esempio n. 23
0
def view(redirect_id=None):
    if not ModuleAPI.can_read('redirect'):
        return abort(403)

    can_write = ModuleAPI.can_write('redirect')

    redirection = Redirect.query.get(redirect_id) if redirect_id else None

    if redirection:
        form = RedirectForm(request.form, redirection)
    else:
        form = RedirectForm(request.form)

    if form.validate_on_submit():
        if not can_write:
            return abort(403)

        fro = form.data['fro'].rstrip('/')
        to = form.data['to']

        old_redirection = Redirect.query.filter(Redirect.fro == fro).first()

        if old_redirection and old_redirection.id != redirect_id:
            flash('Er is al een omleiding vanaf dat pad gedefiniëerd.',
                  'danger')
        else:
            if redirection:
                redirection.fro = fro
                redirection.to = to
            else:
                redirection = Redirect(fro, to)

            db.session.add(redirection)
            db.session.commit()

            flash('De omleiding is succesvol opgeslagen.')

            return redirect(url_for('redirect.view',
                                    redirect_id=redirection.id))

    redirections = Redirect.query.order_by(Redirect.fro).all()

    return render_template('redirect.htm', redirections=redirections,
                           redirection=redirection, form=form,
                           can_write=can_write)
Esempio n. 24
0
def view(page_nr=1):
    if not (ModuleAPI.can_read("group")):
        return abort(403)

    form = ViewGroupForm(request.form)
    pagination = Group.query.order_by(Group.name).paginate(page_nr, 15, False)

    if form.validate_on_submit():
        if form.delete_group.data:
            if ModuleAPI.can_write("group"):
                group_ids = []

                for group, form_entry in zip(pagination.items, form.entries):
                    if form_entry.select.data:
                        group_ids.append(group.id)

                groups = Group.query.filter(Group.id.in_(group_ids)).all()

                for group in groups:
                    db.session.delete(group)

                db.session.commit()

                if len(groups) > 1:
                    flash("The selected groups have been deleted.", "success")
                else:
                    flash("The selected group has been deleted.", "success")

                return redirect(url_for("group.view"))
            else:
                flash("This incident has been reported to our authorities.", "warning")
    else:
        for group in pagination.items:
            form.entries.append_entry()

        flash_form_errors(form)

    return render_template(
        "group/view.htm",
        form=form,
        pagination=pagination,
        groups=zip(pagination.items, form.entries),
        current_user=current_user,
        title="Groups",
    )
Esempio n. 25
0
def view_minutes(group_id='all'):
    if not ModuleAPI.can_read('pimpy'):
        return abort(403)
    if not (group_id == 'all' or group_id.isdigit()):
        return abort(404)
    if group_id != 'all' and not current_user.member_of_group(group_id):
        return abort(403)

    return PimpyAPI.get_minutes(group_id)
Esempio n. 26
0
def edit_seo():
    # TODO CHANGE THIS TO SEO
    if not ModuleAPI.can_write('seo'):
        return abort(403)

    module = request.args['module']
    path = request.args['path']

    seo = SeoAPI.get_seo(module, path)

    # Retrieve form info.
    form = SeoForm(request.form, seo)

    # On Seo submit (edit or create)
    if form.validate_on_submit():
        if seo:
            # Edit the seo entry
            seo.nl_title = form.nl_title.data.strip()
            seo.en_title = form.en_title.data.strip()
            seo.nl_description = form.nl_description.data.strip()
            seo.en_description = form.en_description.data.strip()
            seo.nl_tags = form.nl_tags.data.strip()
            seo.en_tags = form.en_tags.data.strip()
            print("SEO")

            db.session.add(seo)
            db.session.commit()
        if not seo:
            # Get seo resources to indentify the seo in the database.
            res = SeoAPI.get_resources(module, path)

            # Create the new seo entry
            seo = SEO(res['page'],
                      res['page_id'],
                      res['activity'],
                      res['activity_id'],
                      res['url'],
                      form.nl_title.data.strip(),
                      form.en_title.data.strip(),
                      form.nl_description.data.strip(),
                      form.en_description.data.strip(),
                      form.nl_tags.data.strip(),
                      form.en_tags.data.strip())
            print(vars(seo))

            db.session.add(seo)
            db.session.commit()

        flash(_('The seo settings have been saved'), 'success')

        # redirect newly created page
        return redirect(url_for('page.get_page', path=path))
    else:
        flash_form_errors(form)

    return render_template('seo/edit_seo.htm', form=form)
Esempio n. 27
0
def delete(location_id):
    """Delete a location."""
    if not ModuleAPI.can_write('location'):
        return abort(403)

    location = Location.query.get_or_404(location_id)
    db.session.delete(location)
    db.session.commit()
    flash(_('Location deleted.'), 'success')
    return redirect(url_for('location.list'))
Esempio n. 28
0
def list(page_nr=1, search=None):
    if not ModuleAPI.can_read('vacancy'):
        return abort(403)

    # Order the vacancies in such a way that vacancies that are new
    # or almost expired, end up on top.
    order = func.abs(
        (100 * (func.datediff(Vacancy.start_date, func.current_date()) /
                func.datediff(Vacancy.start_date, Vacancy.end_date))) - 50)

    if search is not None:
        vacancies = Vacancy.query.join(Company). \
            filter(or_(Vacancy.title.like('%' + search + '%'),
                       Company.name.like('%' + search + '%'),
                       Vacancy.workload.like('%' + search + '%'),
                       Vacancy.contract_of_service.like('%' + search + '%'))) \
            .order_by(order.desc())

        if not ModuleAPI.can_write('vacancy'):
            vacancies = vacancies.filter(
                and_(Vacancy.start_date <
                     datetime.utcnow(), Vacancy.end_date >
                     datetime.utcnow()))

        vacancies = vacancies.paginate(page_nr, 15, False)

        return render_template('vacancy/list.htm', vacancies=vacancies,
                               search=search, path=FILE_FOLDER,
                               title="Vacatures")

    if ModuleAPI.can_write('vacancy'):
        vacancies = Vacancy.query.join(Company).order_by(order.desc())
    else:
        vacancies = Vacancy.query.order_by(order.desc()) \
            .filter(and_(Vacancy.start_date <
                         datetime.utcnow(), Vacancy.end_date >
                         datetime.utcnow()))

    vacancies = vacancies.paginate(page_nr, 15, False)

    return render_template('vacancy/list.htm', vacancies=vacancies,
                           search="", path=FILE_FOLDER, title="Vacatures")
Esempio n. 29
0
def view_minute_raw(group_id, minute_id):
    if not ModuleAPI.can_read('pimpy'):
        return abort(403)
    if not (group_id == 'all' or group_id.isdigit()):
        return abort(404)

    if group_id != 'all' and not current_user.member_of_group(group_id):
        return abort(403)

    return (PimpyAPI.get_minute_raw(group_id, minute_id),
            {'Content-Type': 'text/plain; charset=utf-8'})
Esempio n. 30
0
def view_tasks_in_date_range(group_id='all'):
    if not ModuleAPI.can_read('pimpy'):
        return abort(403)
    if group_id != 'all' and not current_user.member_of_group(group_id):
        return abort(403)

    group_id = request.form['group_id']
    start_date = request.form['start_date']
    end_date = request.form['end_date']
    return PimpyAPI.get_tasks_in_date_range(
        group_id, False, start_date, end_date)