def dispatch_request(self, page):
dataset = Dataset.query.get(request.args.get('period'))
if not can_manage_comment(dataset):
raise PermissionDenied
comment_id = request.args.get('comment_id')
comment = (
self.section.wiki_comment_cls.query
.filter_by(id=comment_id)
.first_or_404()
)
toggle = request.args.get('toggle')
if toggle == 'del':
if comment.author != current_user or sta_cannot_change():
raise PermissionDenied
if comment.deleted is None:
comment.deleted = 0
comment.deleted = 1 - comment.deleted
db.session.commit()
elif toggle == 'read':
if comment.author == current_user:
raise PermissionDenied
if is_read(comment):
comment.readers.remove(current_user)
else:
comment.readers.append(current_user)
db.session.commit()
else:
abort(404)
return ''
def dispatch_request(self, page):
dataset = Dataset.query.get(request.args.get('period'))
if not can_manage_comment(dataset):
raise PermissionDenied
comment_id = request.args.get('comment_id')
comment = (self.section.wiki_comment_cls.query.filter_by(
id=comment_id).first_or_404())
toggle = request.args.get('toggle')
if toggle == 'del':
if comment.author != current_user or sta_cannot_change():
raise PermissionDenied
if comment.deleted is None:
comment.deleted = 0
comment.deleted = 1 - comment.deleted
db.session.commit()
elif toggle == 'read':
if comment.author == current_user:
raise PermissionDenied
if is_read(comment):
comment.readers.remove(current_user)
else:
comment.readers.append(current_user)
db.session.commit()
else:
abort(404)
return ''
def can_edit_comment(comment):
if not comment or (not current_user.is_authenticated() and not EU_ASSESSMENT_MODE):
return False
if comment and comment.record and comment.record.dataset and \
comment.record.dataset.is_readonly:
return False
return (not comment.record.deleted and not comment.deleted and
comment.author_id == current_user.id and not sta_cannot_change())
def can_touch(assessment):
if current_user.is_anonymous() and not EU_ASSESSMENT_MODE:
return False
if not assessment:
return EU_ASSESSMENT_MODE or admin_perm.can() or nat_perm.can(
) or etc_perm.can() or (sta_perm.can() and not consultation_ended())
return EU_ASSESSMENT_MODE or admin_perm.can() or etc_perm.can() or (
assessment.user == current_user and not sta_cannot_change())
def can_touch(assessment):
if current_user.is_anonymous() and not EU_ASSESSMENT_MODE:
return False
if not assessment:
return EU_ASSESSMENT_MODE or admin_perm.can() or nat_perm.can() or etc_perm.can() or (
sta_perm.can() and not consultation_ended())
return EU_ASSESSMENT_MODE or admin_perm.can() or etc_perm.can() or (
assessment.user == current_user and not sta_cannot_change())
def can_delete_comment(comment):
if not comment or not current_user.is_authenticated:
return False
if comment.author_id == current_user.id:
if sta_cannot_change():
return False
return True
return admin_perm.can()
def can_edit_comment(comment):
if not comment or (not current_user.is_authenticated
and not EU_ASSESSMENT_MODE):
return False
if comment and comment.record and comment.record.dataset and \
comment.record.dataset.is_readonly:
return False
return (not comment.record.deleted and not comment.deleted
and comment.author_id == current_user.id
and not sta_cannot_change())
def can_delete_comment(comment):
if not comment or not current_user.is_authenticated():
return False
if comment.author_id == current_user.id:
if sta_cannot_change():
return False
return True
return admin_perm.can()
def can_delete(record):
if EU_ASSESSMENT_MODE:
return True
if current_user.is_anonymous():
return False
if record.dataset.is_readonly:
return False
if record.user_id == current_user.id:
return not sta_cannot_change()
def can_delete(record):
if EU_ASSESSMENT_MODE:
return True
if current_user.is_anonymous():
return False
if record.dataset.is_readonly:
return False
if record.user_id == current_user.id:
return not sta_cannot_change()
def can_edit(record):
if EU_ASSESSMENT_MODE:
return True
if current_user.is_anonymous():
return False
if record.deleted:
return False
if record.dataset.is_readonly:
return False
if record.user_id == current_user.id:
if sta_cannot_change():
return False
return True
return etc_perm.can() or admin_perm.can()
def can_edit(record):
if EU_ASSESSMENT_MODE:
return True
if current_user.is_anonymous():
return False
if record.deleted:
return False
if record.dataset.is_readonly:
return False
if record.user_id == current_user.id:
if sta_cannot_change():
return False
return True
return etc_perm.can() or admin_perm.can()
def can_add_conclusion(dataset, zone, subject, region=None):
"""
Zone: one of 'species', 'habitat'
"""
from art17.summary.views import SpeciesSummary, HabitatSummary
zone_cls_mapping = {'species': SpeciesSummary, 'habitat': HabitatSummary}
can_add = False
warning_message = ''
if not dataset:
warning_message = 'Please select a valid dataset in order to add ' + \
'a conclusion.'
elif dataset.is_readonly:
warning_message = 'The current dataset is readonly, so you cannot ' + \
'add a conclusion.'
elif not region:
warning_message = 'Please select a Bioregion in order to add a ' + \
'conclusion.'
elif not (admin_perm.can() or sta_perm.can() or nat_perm.can() or
etc_perm.can() or EU_ASSESSMENT_MODE):
warning_message = 'You do not have permission to add conclusions.'
elif sta_cannot_change():
warning_message = 'The consultation period has ended; you cannont ' + \
'add conclusions anymore.'
else:
if not EU_ASSESSMENT_MODE:
record_exists = zone_cls_mapping[zone].get_manual_record(
dataset.id, subject, region, current_user.id)
if record_exists:
warning_message = 'You have already added a conclusion for ' + \
'the selected subject and region.'
else:
can_add = True
else:
can_add = True
return can_add, warning_message
def can_add_conclusion(dataset, zone, subject, region=None):
"""
Zone: one of 'species', 'habitat'
"""
from art17.summary.views import SpeciesSummary, HabitatSummary
zone_cls_mapping = {'species': SpeciesSummary, 'habitat': HabitatSummary}
can_add = False
warning_message = ''
if not dataset:
warning_message = 'Please select a valid dataset in order to add ' + \
'a conclusion.'
elif dataset.is_readonly:
warning_message = 'The current dataset is readonly, so you cannot ' + \
'add a conclusion.'
elif not region:
warning_message = 'Please select a Bioregion in order to add a ' + \
'conclusion.'
elif not (admin_perm.can() or sta_perm.can() or nat_perm.can()
or etc_perm.can() or EU_ASSESSMENT_MODE):
warning_message = 'You do not have permission to add conclusions.'
elif sta_cannot_change():
warning_message = 'The consultation period has ended; you cannont ' + \
'add conclusions anymore.'
else:
if not EU_ASSESSMENT_MODE:
record_exists = zone_cls_mapping[zone].get_manual_record(
dataset.id, subject, region, current_user.id)
if record_exists:
warning_message = 'You have already added a conclusion for ' + \
'the selected subject and region.'
else:
can_add = True
else:
can_add = True
return can_add, warning_message
def can_post_comment(record):
if EU_ASSESSMENT_MODE:
return True
if not current_user.is_authenticated:
return False
if record.dataset and record.dataset.is_readonly:
return False
can_add = False
if sta_cannot_change():
can_add = False
elif sta_perm.can() or nat_perm.can():
if (record.user.has_role('nat') and record.user_id == current_user.id) \
or not record.user or record.user.has_role('stakeholder'):
can_add = True
else:
can_add = True
if can_add:
authors = [c.author_id for c in record.comments]
if current_user.id in authors:
return False
return not record.deleted and can_add
def can_post_comment(record):
if EU_ASSESSMENT_MODE:
return True
if not current_user.is_authenticated():
return False
if record.dataset and record.dataset.is_readonly:
return False
can_add = False
if sta_cannot_change():
can_add = False
elif sta_perm.can() or nat_perm.can():
if (record.user.has_role('nat') and record.user_id == current_user.id) \
or not record.user or record.user.has_role('stakeholder'):
can_add = True
else:
can_add = True
if can_add:
authors = [c.author_id for c in record.comments]
if current_user.id in authors:
return False
return not record.deleted and can_add
def can_add_comment(comments, revisions, dataset):
if not dataset or dataset.is_readonly or sta_cannot_change():
return False
is_author = current_user in [cmnt.author for cmnt in comments]
return not (current_user.is_anonymous or is_author) and revisions
def can_edit_comment(comment):
if current_user == comment.author and not comment.deleted and \
not sta_cannot_change():
return True
return False
def can_add_comment(comments, revisions, dataset):
if not dataset or dataset.is_readonly or sta_cannot_change():
return False
is_author = current_user in [cmnt.author for cmnt in comments]
return not (current_user.is_anonymous() or is_author) and revisions
def can_edit_comment(comment):
if current_user == comment.author and not comment.deleted and \
not sta_cannot_change():
return True
return False
