def photos_show_album(album_id):
"""
View to display all of an album's
photos
"""
query = UserRoleModel.all()
query.filter("user ="******"webmaster":
can_edit = True
break
query = fb_models.AlbumModel.all()
query.filter("me =", album_id)
try:
album = query.fetch(1)[0]
except IndexError:
return render_template("404.html"), 404
query = fb_models.PhotoModel.all()
query.filter("approved =", True)
query.filter("album_id =", album_id)
photos = query.fetch(query.count())
return render_template("photos/show_album.html", can_edit=can_edit, album=album, photos=photos)
def wrapper(*args, **kwargs):
"""Performs a check to see
if any of the roles listed in the names
(list/tuple) are a role of the current user
"""
if login.current_user.is_authenticated():
match = False
query = UserRoleModel.all()
query.filter('user = '******'You do not have the required privileges. Please login with an \
account with the proper permissions to continue',
'error')
return redirect(url_for('login', next=next_page))
else:
flash('You must be logged in to access this page', 'error')
return redirect(url_for('login', next=next_page))
return f(
*args, **kwargs
) # finally execute the view function and return the result
def contracts_list_contracts():
"""
Lists all of the available contracts
and provides links to their summary pages
"""
can_edit = None
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
can_edit = True
break
query = models.ContractModel.all()
contracts = query.fetch(query.count())
for contract in contracts:
contract.url_name = urllib.quote_plus(contract.name)
return render_template('contracts/list.html',
can_edit=can_edit,
contracts=contracts)
def photos_show_album(album_id):
"""
View to display all of an album's
photos
"""
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
can_edit = True
break
query = fb_models.AlbumModel.all()
query.filter('me =', album_id)
try:
album = query.fetch(1)[0]
except IndexError:
return render_template('404.html'), 404
query = fb_models.PhotoModel.all()
query.filter('approved =', True)
query.filter('album_id =', album_id)
photos = query.fetch(query.count())
return render_template('photos/show_album.html',
can_edit=can_edit,
album=album,
photos=photos)
def list_users_by_family(family_name):
"""
This view displays a list of users for the family
specified in family_name
"""
can_edit = None
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
can_edit = True
break
query = models.FamilyModel.all()
query.filter('name =', urllib.unquote_plus(family_name).lower())
try:
family = query.fetch(1)[0]
except IndexError:
return "no such family"
return render_template('404.html'), 404
users = find_users(family=('=', family.key()))
return render_template('members/list.html',
can_edit=can_edit,
family=family,
users=users)
def list_users_by_family(family_name):
"""
This view displays a list of users for the family
specified in family_name
"""
can_edit = None
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
can_edit = True
break
query = models.FamilyModel.all()
query.filter('name =', urllib.unquote_plus(family_name).lower())
try:
family = query.fetch(1)[0]
except IndexError:
return "no such family"
return render_template('404.html'), 404
users = find_users(family=('=', family.key()))
return render_template('members/list.html',
can_edit=can_edit,
family=family,
users=users)
def contracts_list_contracts():
"""
Lists all of the available contracts
and provides links to their summary pages
"""
can_edit = None
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
can_edit = True
break
query = models.ContractModel.all()
contracts = query.fetch(query.count())
for contract in contracts:
contract.url_name = urllib.quote_plus(contract.name)
return render_template('contracts/list.html',
can_edit=can_edit,
contracts=contracts)
def check_permissions(cwruid):
"""
Returns a permissions tuple.
The first element in the tuple is whether the current
account is the account being accessed.
The second element in the tuple is whether the current
user is a webmaster
"""
# see if the user is the current user
same_user = False
if current_user.cwruid == cwruid:
same_user = True
# see if the user is an admin
admin_user = False
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
admin_user = True
break
return (same_user, admin_user)
def check_permissions(cwruid):
"""
Returns a permissions tuple.
The first element in the tuple is whether the current
account is the account being accessed.
The second element in the tuple is whether the current
user is a webmaster
"""
# see if the user is the current user
same_user = False
if current_user.cwruid == cwruid:
same_user = True
# see if the user is an admin
admin_user = False
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
admin_user = True
break
return (same_user, admin_user)
def list_users():
"""
View for listing all users
and listing users based on a
search.
If membership role or webmaster role is present
then the user will also see edit links for the user
"""
can_edit = None
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
can_edit = True
break
users = find_users()
return render_template('members/list.html',
can_edit=can_edit,
users=users)
def contracts_show_contract(contract_name):
"""
Shows a summary of the contract requirements.
If the user has not signed a contract it also
displays a signup button
"""
can_edit = None
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
can_edit = True
break
query = models.SignedContractModel.all()
query.filter('user ='******'name =', urllib.unquote_plus(contract_name))
try:
contract = query.fetch(1)[0]
except IndexError:
return render_template('404.html'), 404
contract.url_name = contract_name
query = models.TimeReqModel.all()
query.filter('contract_ =', contract.key())
time_reqs = query.fetch(query.count())
for time_req in time_reqs:
time_req.str_time = str(time_req.time)
time_req.str_date = str(time_req.dueDate)
time_req.url_name = urllib.quote_plus(time_req.name)
query = models.DuesReqModel.all()
query.filter('contract_ =', contract.key())
dues_reqs = query.fetch(query.count())
for dues_req in dues_reqs:
dues_req.str_date = str(dues_req.dueDate)
dues_req.url_name = urllib.quote_plus(dues_req.name)
return render_template('contracts/show.html',
can_edit=can_edit,
can_sign=can_sign,
contract=contract,
time_reqs=time_reqs,
dues_reqs=dues_reqs)
def contracts_show_contract(contract_name):
"""
Shows a summary of the contract requirements.
If the user has not signed a contract it also
displays a signup button
"""
can_edit = None
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
can_edit = True
break
query = models.SignedContractModel.all()
query.filter('user ='******'name =', urllib.unquote_plus(contract_name))
try:
contract = query.fetch(1)[0]
except IndexError:
return render_template('404.html'), 404
contract.url_name = contract_name
query = models.TimeReqModel.all()
query.filter('contract_ =', contract.key())
time_reqs = query.fetch(query.count())
for time_req in time_reqs:
time_req.str_time = str(time_req.time)
time_req.str_date = str(time_req.dueDate)
time_req.url_name = urllib.quote_plus(time_req.name)
query = models.DuesReqModel.all()
query.filter('contract_ =', contract.key())
dues_reqs = query.fetch(query.count())
for dues_req in dues_reqs:
dues_req.str_date = str(dues_req.dueDate)
dues_req.url_name = urllib.quote_plus(dues_req.name)
return render_template('contracts/show.html',
can_edit=can_edit,
can_sign=can_sign,
contract=contract,
time_reqs=time_reqs,
dues_reqs=dues_reqs)
def display_edit_user_account(cwruid):
"""
This view allows the user and administrators
to edit the account information of that user
"""
import urllib, urlparse
permissions = check_permissions(cwruid)
if not permissions[0] and not permissions[1]:
return permission_denied(cwruid)
# get the user object for this page
try:
user = find_users(1,cwruid=('=', cwruid))[0]
except IndexError:
return render_template('404.html'), 404
main_form = forms.MainUpdateUserForm(None)
# initialize admin form if this user has
# admin privileges
admin_form = None
if permissions[1]:
admin_form = forms.AdminUpdateUserForm(None)
# set the choices
admin_form.family.choices = get_family_choices()
admin_form.roles.choices = get_role_choices()
# populate the main form
main_form.fname.data = user.fname
main_form.mname.data = user.mname
main_form.lname.data = user.lname
main_form.avatar.data = user.avatar
# initialize the admin_form if needed
if admin_form is not None:
if user.family is not None:
admin_form.family.data = user.family.name
if user.big is not None:
admin_form.big.data = user.big.cwruid
query = UserRoleModel.all()
query.filter('user ='******'members/edit_account.html',
user=user,
permissions=permissions,
main_form=main_form,
admin_form=admin_form)
def display_edit_user_account(cwruid):
"""
This view allows the user and administrators
to edit the account information of that user
"""
import urllib, urlparse
permissions = check_permissions(cwruid)
if not permissions[0] and not permissions[1]:
return permission_denied(cwruid)
# get the user object for this page
try:
user = find_users(1, cwruid=('=', cwruid))[0]
except IndexError:
return render_template('404.html'), 404
main_form = forms.MainUpdateUserForm(None)
# initialize admin form if this user has
# admin privileges
admin_form = None
if permissions[1]:
admin_form = forms.AdminUpdateUserForm(None)
# set the choices
admin_form.family.choices = get_family_choices()
admin_form.roles.choices = get_role_choices()
# populate the main form
main_form.fname.data = user.fname
main_form.mname.data = user.mname
main_form.lname.data = user.lname
main_form.avatar.data = user.avatar
# initialize the admin_form if needed
if admin_form is not None:
if user.family is not None:
admin_form.family.data = user.family.name
if user.big is not None:
admin_form.big.data = user.big.cwruid
query = UserRoleModel.all()
query.filter('user ='******'members/edit_account.html',
user=user,
permissions=permissions,
main_form=main_form,
admin_form=admin_form)
def can_edit(names):
# see if the user is an admin
admin_user = False
query = UserRoleModel.all()
query.filter('user =', current_user.key())
uroles = query.fetch(query.count())
for urole in uroles:
if urole.role.name in names:
admin_user = True
return admin_user
def can_edit(names):
# see if the user is an admin
admin_user = False
query = UserRoleModel.all()
query.filter('user =', current_user.key())
uroles = query.fetch(query.count())
for urole in uroles:
if urole.role.name in names:
admin_user = True
return admin_user
def display_blog():
"""
View to display existing blog posts
"""
new_post = None
if current_user.is_authenticated():
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
new_post = forms.NewPostForm()
break
query = models.PostModel.all()
query.order('-timestamp')
posts = query.fetch(10)
for post in posts:
post.url_timestamp = urllib.quote_plus(str(post.timestamp))
post.url_title = urllib.quote_plus(post.title)
post_form = forms.NewPostForm()
if request.method == 'POST' and post_form.validate():
post = models.PostModel(title=post_form.title.data,
timestamp=dt.datetime.now(),
text=post_form.text.data,
author=current_user.key())
post.put()
post.url_timestamp = urllib.quote_plus(str(post.timestamp))
post.url_title = urllib.quote_plus(post.title)
posts.insert(0, post)
if len(posts) > 10:
del posts[-1]
post_form = forms.NewPostForm(None)
post_form = forms.NewPostForm(None)
return render_template('blogs/display_posts.html',
new_post=new_post,
posts=posts)
def display_blog():
"""
View to display existing blog posts
"""
new_post = None
if current_user.is_authenticated():
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
new_post = forms.NewPostForm()
break
query = models.PostModel.all()
query.order('-timestamp')
posts = query.fetch(10)
for post in posts:
post.url_timestamp = urllib.quote_plus(str(post.timestamp))
post.url_title = urllib.quote_plus(post.title)
post_form = forms.NewPostForm()
if request.method == 'POST' and post_form.validate():
post = models.PostModel(title=post_form.title.data,
timestamp=dt.datetime.now(),
text=post_form.text.data,
author=current_user.key())
post.put()
post.url_timestamp = urllib.quote_plus(str(post.timestamp))
post.url_title = urllib.quote_plus(post.title)
posts.insert(0, post)
if len(posts) > 10:
del posts[-1]
post_form = forms.NewPostForm(None)
post_form = forms.NewPostForm(None)
return render_template('blogs/display_posts.html',
new_post=new_post,
posts=posts)
def photos_album_list():
"""
View for displaying a list of all albums
"""
query = UserRoleModel.all()
query.filter("user ="******"webmaster":
can_edit = True
break
query = fb_models.AlbumModel.all()
query.filter("display =", True)
albums = query.fetch(query.count())
return render_template("photos/list_albums.html", can_edit=can_edit, albums=albums)
def wrapper(*args, **kwargs):
"""Performs a check to see
if any of the roles listed in the names
(list/tuple) are a role of the current user
"""
if login.current_user.is_authenticated():
match = False
query = UserRoleModel.all()
query.filter('user = '******'You do not have the required privileges. Please login with an \
account with the proper permissions to continue', 'error')
return redirect(url_for('login', next=next_page))
else:
flash('You must be logged in to access this page', 'error')
return redirect(url_for('login', next=next_page))
return f(*args, **kwargs) # finally execute the view function and return the result
def photos_album_list():
"""
View for displaying a list of all albums
"""
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
can_edit = True
break
query = fb_models.AlbumModel.all()
query.filter('display =', True)
albums = query.fetch(query.count())
return render_template('photos/list_albums.html',
can_edit=can_edit,
albums=albums)
def list_users():
"""
View for listing all users
and listing users based on a
search.
If membership role or webmaster role is present
then the user will also see edit links for the user
"""
can_edit = None
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
can_edit = True
break
users = find_users()
return render_template('members/list.html', can_edit=can_edit, users=users)
def view_blog_post(timestamp, title):
"""
View to display blog post and associated comments
"""
edit_post = None
# determine if the user has the proper role to edit
if current_user.is_authenticated():
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
edit_post = True
break
# get the blog posts
query = models.PostModel.all()
str_timestamp = urllib.unquote_plus(timestamp)
timestamp = dt.datetime.strptime(str_timestamp, '%Y-%m-%d %H:%M:%S.%f')
query.filter('timestamp =', timestamp)
query.filter('title =', urllib.unquote_plus(title))
try:
post = query.fetch(1)[0]
except IndexError:
return render_template('404.html'), 404
# add the urlencoded version of timestamp and
post.url_timestamp = urllib.quote_plus(str(post.timestamp))
post.url_title = urllib.quote_plus(post.title)
# get the comments
query = models.CommentModel.all()
query.filter('post =', post.key())
query.order('timestamp')
comments = query.fetch(query.count())
# go through and add forms with delete button to each comment if the user
# has edit privileges
if edit_post is not None:
for comment in comments:
comment.delete = forms.DeleteCommentForm(None)
comment.delete.key.data = comment.key()
comment.url_timestamp = urllib.quote_plus(str(comment.timestamp))
form = forms.NewComment(request.form)
if request.method == "POST" and form.validate():
comment = models.CommentModel(post=post.key(),
timestamp=dt.datetime.now(),
text=form.text.data,
author=current_user.key())
comment.put()
comment.delete = forms.DeleteCommentForm(None)
comment.delete.key.data = comment.key()
comment.url_timestamp = urllib.quote_plus(str(comment.timestamp))
comments.append(comment)
return render_template('blogs/display_post.html',
edit_post=edit_post,
current_user=current_user,
post=post,
comments=comments,
new_comment=forms.NewComment(None))
def setup():
"""
This view will check the datastore for
a SetupModel entity with the same
version id as this instance.
If the entity exists it will
redirect the user to the homepage.
Otherwise it will create some default
data.
WARNING: This is simply a convenience
method. It will also clear out all
data for all versions!!
It will need to be changed in subsequent versions
"""
query = SetupModel.all()
query.filter("version =", os.environ["CURRENT_VERSION_ID"])
if query.count() == 0:
# the app hasn't been setup yet
# db.delete(db.Entry.all(keys_only=True))
boehms = FamilyModel(name="boehms")
boehms.put()
snm = FamilyModel(name="s & m")
snm.put()
newpham = FamilyModel(name="new pham")
newpham.put()
default_users = []
default_users.append(
create_user("Devin", "Schwab", "dts34", "default", family=boehms.key(), avatar="*****@*****.**")
)
default_users.append(create_user("Jon", "Chan", "jtc77", "default"))
default_users.append(create_user("Zach", "Zanes", "zzz111", "password"))
default_users.append(create_user("Zach", "Zaney", "zzz222", "password1@"))
default_users.append(create_user("Adam", "Min", "admin", "password"))
webmaster_role = RoleModel(name="webmaster", desc="administrator for the website")
webmaster_role.put()
brother_role = RoleModel(name="brother", desc="general brother in the chapter")
brother_role.put()
pledge_role = RoleModel(name="pledge", desc="pledge in the chapter")
pledge_role.put()
neophyte_role = RoleModel(name="neophyte", desc="neophyte in the chapter")
neophyte_role.put()
# default_users = find_users()
urole1 = UserRoleModel(user=default_users[0].key(), role=webmaster_role.key())
urole2 = UserRoleModel(user=default_users[0].key(), role=brother_role.key())
urole3 = UserRoleModel(user=default_users[1].key(), role=webmaster_role.key())
urole4 = UserRoleModel(user=default_users[1].key(), role=webmaster_role.key())
urole5 = UserRoleModel(user=default_users[2].key(), role=brother_role.key())
urole6 = UserRoleModel(user=default_users[4].key(), role=webmaster_role.key())
urole1.put()
urole2.put()
urole3.put()
urole4.put()
urole5.put()
urole6.put()
version = SetupModel(version=os.environ["CURRENT_VERSION_ID"])
version.put()
flash("Setup the application!", "success")
else:
flash("Application is already setup", "error")
return redirect("/")
def create_user():
"""
View for creating a user
"""
from application.generate_keys import generate_randomkey
form = forms.CreateUserForm(request.form)
form.family.choices = get_family_choices()
form.roles.choices = get_role_choices()
if request.method == 'POST':
if form.validate():
# create the user with information specified in form
fname = form.fname.data
lname = form.lname.data
cwruid = form.cwruid.data
# generate a new temporary password
password = generate_randomkey(16)
# get optional attributes
optional_attr = {}
if form.mname.data != '':
optional_attr['mname'] = form.mname.data
if form.family.data != 'none':
# look up family instance
query = models.FamilyModel.all()
query.filter('name =', form.family.data)
families = query.fetch(1)
if len(families) != 1:
form.family.errors.append(u'Family %s does not exist' %
form.family.data)
return render_template('members/create.html',
create_user_form=form)
optional_attr['family'] = families[0].key()
if form.big.data != '':
# look up big instance
users = find_users(cwruid=('=', form.big.data))
if len(users) != 1:
form.big.errors.append(u'User %s does not exist' %
form.big.data)
return render_template('members/create.html',
create_user_form=form)
optional_attr['big'] = users[0].key()
if form.avatar.data != '':
optional_attr['avatar'] = form.avatar.data
try:
new_user = accounts.create_user(fname, lname, cwruid, password,
**optional_attr)
if new_user is None:
raise AttributeError(
'Something went wrong with user creation')
# add the case email address to the user
email = models.EmailModel(user=new_user.key(),
email='*****@*****.**' %
new_user.cwruid,
name='Case Email')
email.put()
# add the roles to the user
for role in form.roles.data:
query = RoleModel.all()
query.filter('name =', role)
if query.count() != 1:
flash('Role %s does not exist' % role, 'error')
continue
desired_role = query.fetch(1)[0]
new_urole = UserRoleModel(user=new_user.key(),
role=desired_role.key())
new_urole.put()
flash('User created successfully', 'success')
form = None
form = forms.CreateUserForm()
form.family.choices = get_family_choices()
form.roles.choices = get_role_choices()
send_new_user_mail(fname, lname, cwruid, password)
except AttributeError, e:
flash(str(e), 'error')
def handle_edit_account_admin_json(cwruid):
"""
This view handles the AJAX request
for the AdminUpdateUserForm submission
from the display_edit_account(cwruid) view
"""
permissions = check_permissions(cwruid)
if not permissions[0] and not permissions[1]:
return jsonify({'result': 'failure', 'msg': 'Permission denied'})
admin_form = forms.AdminUpdateUserForm()
# set the choices
admin_form.family.choices = get_family_choices()
admin_form.roles.choices = get_role_choices()
if admin_form.validate():
try:
user = find_users(1, cwruid=('=', cwruid))[0]
except IndexError:
return jsonify({
'result': 'failure: no such user',
'name': 'admin',
'errors': {}
})
if admin_form.big.data != '':
try:
big = find_users(1, cwruid=('=', admin_form.big.data))[0]
user.big = big.key()
except IndexError:
user.big = None
return jsonify({
'result': 'failure: no such big',
'name': 'admin',
'errors': {}
})
else:
user.big = None
if admin_form.family.data != 'none':
query = models.FamilyModel.all()
query.filter('name =', admin_form.family.data)
try:
family = query.fetch(query.count())[0]
user.family = family.key()
except IndexError:
user.family = None
return jsonify({
'result': 'failure: no such family',
'name': 'admin',
'errors': {}
})
else:
user.family = None
query = UserRoleModel.all()
query.filter('user ='******'name =', role)
try:
new_role = role_query.fetch(query.count())[0]
except IndexError:
return jsonify({
'result': 'failure: no such role',
'name': 'admin',
'errors': {}
})
new_urole = UserRoleModel(user=user.key(), role=new_role.key())
new_urole.put()
else:
del uroles[index]
for urole in uroles:
urole.delete()
user.save()
return jsonify({'result': 'success'})
else:
return jsonify({
'result': 'failure',
'name': 'admin',
'errors': admin_form.errors
})
def setup():
"""
This view will check the datastore for
a SetupModel entity with the same
version id as this instance.
If the entity exists it will
redirect the user to the homepage.
Otherwise it will create some default
data.
WARNING: This is simply a convenience
method. It will also clear out all
data for all versions!!
It will need to be changed in subsequent versions
"""
query = SetupModel.all()
query.filter('version =', os.environ['CURRENT_VERSION_ID'])
if query.count() == 0:
# the app hasn't been setup yet
#db.delete(db.Entry.all(keys_only=True))
boehms = FamilyModel(name='boehms')
boehms.put()
snm = FamilyModel(name='s & m')
snm.put()
newpham = FamilyModel(name='new pham')
newpham.put()
default_users = []
default_users.append(
create_user('Devin',
'Schwab',
'dts34',
'default',
family=boehms.key(),
avatar='*****@*****.**'))
default_users.append(create_user('Jon', 'Chan', 'jtc77', 'default'))
default_users.append(create_user('Zach', 'Zanes', 'zzz111',
'password'))
default_users.append(
create_user('Zach', 'Zaney', 'zzz222', 'password1@'))
default_users.append(create_user('Adam', 'Min', 'admin', 'password'))
webmaster_role = RoleModel(name='webmaster',
desc='administrator for the website')
webmaster_role.put()
brother_role = RoleModel(name='brother',
desc='general brother in the chapter')
brother_role.put()
pledge_role = RoleModel(name='pledge', desc='pledge in the chapter')
pledge_role.put()
neophyte_role = RoleModel(name='neophyte',
desc='neophyte in the chapter')
neophyte_role.put()
#default_users = find_users()
urole1 = UserRoleModel(user=default_users[0].key(),
role=webmaster_role.key())
urole2 = UserRoleModel(user=default_users[0].key(),
role=brother_role.key())
urole3 = UserRoleModel(user=default_users[1].key(),
role=webmaster_role.key())
urole4 = UserRoleModel(user=default_users[1].key(),
role=webmaster_role.key())
urole5 = UserRoleModel(user=default_users[2].key(),
role=brother_role.key())
urole6 = UserRoleModel(user=default_users[4].key(),
role=webmaster_role.key())
urole1.put()
urole2.put()
urole3.put()
urole4.put()
urole5.put()
urole6.put()
version = SetupModel(version=os.environ['CURRENT_VERSION_ID'])
version.put()
flash('Setup the application!', 'success')
else:
flash('Application is already setup', 'error')
return redirect('/')
def view_blog_post(timestamp, title):
"""
View to display blog post and associated comments
"""
edit_post = None
# determine if the user has the proper role to edit
if current_user.is_authenticated():
query = UserRoleModel.all()
query.filter('user ='******'webmaster':
edit_post = True
break
# get the blog posts
query = models.PostModel.all()
str_timestamp = urllib.unquote_plus(timestamp)
timestamp = dt.datetime.strptime(str_timestamp, '%Y-%m-%d %H:%M:%S.%f')
query.filter('timestamp =', timestamp)
query.filter('title =', urllib.unquote_plus(title))
try:
post = query.fetch(1)[0]
except IndexError:
return render_template('404.html'), 404
# add the urlencoded version of timestamp and
post.url_timestamp = urllib.quote_plus(str(post.timestamp))
post.url_title = urllib.quote_plus(post.title)
# get the comments
query = models.CommentModel.all()
query.filter('post =', post.key())
query.order('timestamp')
comments = query.fetch(query.count())
# go through and add forms with delete button to each comment if the user
# has edit privileges
if edit_post is not None:
for comment in comments:
comment.delete = forms.DeleteCommentForm(None)
comment.delete.key.data = comment.key()
comment.url_timestamp = urllib.quote_plus(str(comment.timestamp))
form = forms.NewComment(request.form)
if request.method=="POST" and form.validate():
comment = models.CommentModel(post=post.key(),
timestamp=dt.datetime.now(),
text=form.text.data,
author=current_user.key())
comment.put()
comment.delete = forms.DeleteCommentForm(None)
comment.delete.key.data = comment.key()
comment.url_timestamp = urllib.quote_plus(str(comment.timestamp))
comments.append(comment)
return render_template('blogs/display_post.html',
edit_post=edit_post,
current_user=current_user,
post=post,
comments=comments,
new_comment=forms.NewComment(None))
def handle_edit_account_admin_json(cwruid):
"""
This view handles the AJAX request
for the AdminUpdateUserForm submission
from the display_edit_account(cwruid) view
"""
permissions = check_permissions(cwruid)
if not permissions[0] and not permissions[1]:
return jsonify({'result':'failure', 'msg':'Permission denied'})
admin_form = forms.AdminUpdateUserForm()
# set the choices
admin_form.family.choices = get_family_choices()
admin_form.roles.choices = get_role_choices()
if admin_form.validate():
try:
user = find_users(1, cwruid=('=', cwruid))[0]
except IndexError:
return jsonify({'result':'failure: no such user', 'name':'admin', 'errors': {}})
if admin_form.big.data != '':
try:
big = find_users(1, cwruid=('=', admin_form.big.data))[0]
user.big = big.key()
except IndexError:
user.big = None
return jsonify({'result':'failure: no such big', 'name':'admin', 'errors': {}})
else:
user.big = None
if admin_form.family.data != 'none':
query = models.FamilyModel.all()
query.filter('name =', admin_form.family.data)
try:
family = query.fetch(query.count())[0]
user.family = family.key()
except IndexError:
user.family = None
return jsonify({'result':'failure: no such family', 'name':'admin', 'errors': {}})
else:
user.family = None
query = UserRoleModel.all()
query.filter('user ='******'name =', role)
try:
new_role = role_query.fetch(query.count())[0]
except IndexError:
return jsonify({'result':'failure: no such role', 'name':'admin', 'errors': {}})
new_urole = UserRoleModel(user=user.key(),
role=new_role.key())
new_urole.put()
else:
del uroles[index]
for urole in uroles:
urole.delete()
user.save()
return jsonify({'result':'success'})
else:
return jsonify({'result':'failure', 'name':'admin', 'errors': admin_form.errors})
def create_user():
"""
View for creating a user
"""
from application.generate_keys import generate_randomkey
form = forms.CreateUserForm(request.form)
form.family.choices = get_family_choices()
form.roles.choices = get_role_choices()
if request.method == 'POST':
if form.validate():
# create the user with information specified in form
fname = form.fname.data
lname = form.lname.data
cwruid = form.cwruid.data
# generate a new temporary password
password = generate_randomkey(16)
# get optional attributes
optional_attr = {}
if form.mname.data != '':
optional_attr['mname'] = form.mname.data
if form.family.data != 'none':
# look up family instance
query = models.FamilyModel.all()
query.filter('name =', form.family.data)
families = query.fetch(1)
if len(families) != 1:
form.family.errors.append(u'Family %s does not exist' % form.family.data)
return render_template('members/create.html',
create_user_form=form)
optional_attr['family'] = families[0].key()
if form.big.data != '':
# look up big instance
users = find_users(cwruid=('=', form.big.data))
if len(users) != 1:
form.big.errors.append(u'User %s does not exist' % form.big.data)
return render_template('members/create.html',
create_user_form=form)
optional_attr['big'] = users[0].key()
if form.avatar.data != '':
optional_attr['avatar'] = form.avatar.data
try:
new_user = accounts.create_user(fname, lname, cwruid, password, **optional_attr)
if new_user is None:
raise AttributeError('Something went wrong with user creation')
# add the case email address to the user
email = models.EmailModel(user=new_user.key(),
email='*****@*****.**' % new_user.cwruid,
name='Case Email')
email.put()
# add the roles to the user
for role in form.roles.data:
query = RoleModel.all()
query.filter('name =', role)
if query.count() != 1:
flash('Role %s does not exist' % role, 'error')
continue
desired_role = query.fetch(1)[0]
new_urole = UserRoleModel(user=new_user.key(), role=desired_role.key())
new_urole.put()
flash('User created successfully', 'success')
form = None
form = forms.CreateUserForm()
form.family.choices = get_family_choices()
form.roles.choices = get_role_choices()
send_new_user_mail(fname, lname, cwruid, password)
except AttributeError, e:
flash(str(e), 'error')
