def permission_user_delete(client, kwargs):
if client.user:
user = User.query.filter_by(userid=kwargs['userid']).first_or_404()
permassign = UserClientPermissions.query.filter_by(user=user, client=client).first_or_404()
return render_delete_sqla(permassign, db, title="Confirm delete", message="Remove all permissions assigned to user %s for app '%s'?" % (
(user.pickername), client.title),
success="You have revoked permisions for user %s" % user.pickername,
next=url_for('client_info', key=client.key))
else:
team = Team.query.filter_by(userid=kwargs['userid']).first_or_404()
permassign = TeamClientPermissions.query.filter_by(team=team, client=client).first_or_404()
return render_delete_sqla(permassign, db, title="Confirm delete", message="Remove all permissions assigned to team '%s' for app '%s'?" % (
(team.title), client.title),
success="You have revoked permisions for team '%s'" % team.title,
next=url_for('client_info', key=client.key))
def node_delete(website, folder, node):
g.website = website
g.folder = folder
return render_delete_sqla(node, db, title=u"Confirm delete",
message=u"Delete '%s'? This is permanent. There is no undo." % node.title,
success=u"You have deleted '%s'." % node.title,
next=url_for('folder', website=website.name, folder=folder.name))
def resource_action_delete(client, resource, action):
return render_delete_sqla(action, db, title="Confirm delete",
message=u"Delete action ‘{action}’ from resource ‘{resource}’ of app ‘{client}’?".format(
action=action.title, resource=resource.title, client=client.title),
success=u"You have deleted action ‘{action}’ on resource ‘{resource}’ of app ‘{client}’".format(
action=action.title, resource=resource.title, client=client.title),
next=url_for('.client_info', key=client.key))
def playlist_delete(channel, playlist):
if channel.userid not in g.user.user_organization_ids():
abort(403)
return render_delete_sqla(playlist, db, title=u"Confirm delete",
message=u"Delete playlist '%s'? This cannot be undone." % playlist.title,
success=u"You have deleted playlist '%s'." % playlist.title,
next=url_for('channel_view', channel=channel.name))
def resource_delete(client, resource):
return render_delete_sqla(resource, db, title=u"Confirm delete",
message=u"Delete resource ‘{resource}’ from app ‘{client}’?".format(
resource=resource.title, client=client.title),
success=u"You have deleted resource ‘{resource}’ on app ‘{client}’".format(
resource=resource.title, client=client.title),
next=url_for('.client_info', key=client.key))
def venue_delete(venue):
if not lastuser.has_permission('siteadmin') and venue.profile.userid not in g.user.user_organizations_owned_ids():
abort(403)
return render_delete_sqla(venue, db, title=u"Confirm delete",
message=u"Delete venue '%s'? This cannot be undone." % venue.title,
success=u"You have deleted playlist '%s'." % venue.title,
next=url_for('venue_list'))
def website_delete(website):
g.website = website
return render_delete_sqla(website, db, title=u"Confirm delete",
message=u"Delete website '%s'? This will also permanently remove all "
"pages associated with the website. There is no undo." % website.title,
success=u"You have deleted website '%s'." % website.title,
next=url_for('index'))
def org_delete(org):
if request.method == 'POST':
# FIXME: Find a better way to do this
org_data_changed.send(org, changes=['delete'], user=g.user)
return render_delete_sqla(org, db, title="Confirm delete", message="Delete organization '%s'? " % org.title,
success="You have deleted organization '%s' and all its associated teams." % org.title,
next=url_for('.org_list'))
def video_remove(channel, playlist, video, kwargs):
"""
Remove video from playlist
"""
if playlist not in video.playlists:
# This video isn't in this playlist
abort(404)
if channel.userid not in g.user.user_organization_ids():
# User doesn't own this playlist
abort(403)
if kwargs['video'] != video.url_name:
# Video's URL has changed. Redirect user to prevent old/invalid names
# showing in the URL
return redirect(url_for('video_remove', channel=channel.name, playlist=playlist.name, video=video.url_name))
# If this is the primary playlist for this video, refuse to remove it.
if playlist == video.playlist:
return render_message(title="Cannot remove",
message=Markup("Videos cannot be removed from their primary playlist. "
'<a href="%s">Return to video</a>.' % url_for('video_view',
channel=channel.name, playlist=playlist.name, video=video.url_name)))
connection = PlaylistVideo.query.filter_by(playlist_id=playlist.id, video_id=video.id).first_or_404()
return render_delete_sqla(connection, db, title="Confirm remove",
message=u"Remove video '%s' from playlist '%s'?" % (video.title, playlist.title),
success=u"You have removed video '%s' from playlist '%s'." % (video.title, playlist.title),
next=url_for('playlist_view', channel=channel.name, playlist=playlist.name))
def remove_phone(number):
userphone = UserPhone.query.filter_by(phone=number, user=g.user).first()
if userphone is None:
userphone = UserPhoneClaim.query.filter_by(phone=number, user=g.user).first_or_404()
return render_delete_sqla(userphone, db, title="Confirm removal", message="Remove phone number %s?" % userphone,
success="You have removed your number %s." % userphone,
next=url_for('profile'))
def sponsor_delete(profile, event, sponsor):
if not lastuser.has_permission('siteadmin') and profile.userid not in g.user.user_organizations_owned_ids():
abort(403)
return render_delete_sqla(sponsor, db, title=u"Confirm delete",
message=u"Delete Sponsor '%s'? This cannot be undone." % sponsor.title,
success=u"You have deleted the sponsor '%s'." % sponsor.title,
next=url_for('event_view', profile=profile.name, event=event.name))
def event_delete(profile, event):
workflow = event.workflow()
if not workflow.can_delete():
abort(403)
return render_delete_sqla(event, db, title=u"Confirm delete",
message=u"Delete Event '%s'? This cannot be undone." % event.title,
success=u"You have deleted an event '%s'." % event.title,
next=profile.url_for())
def delete(self):
if self.obj == self.obj.project.primary_venue:
flash(_(u"You can not delete the primary venue"), 'danger')
return render_redirect(self.obj.project.url_for('venues'), code=303)
return render_delete_sqla(self.obj, db, title=u"Confirm delete",
message=_(u"Delete venue “{title}”? This cannot be undone".format(title=self.obj.title)),
success=_(u"You have deleted venue “{title}”".format(title=self.obj.title)),
next=self.obj.project.url_for('venues'))
def delete_address(workspace, invoice, address):
"""
Delete an address
"""
return render_delete_sqla(address, db, title=u"Confirm delete",
message=u"Delete Address '%s'?" % address.address,
success=u"You have deleted '%s'." % address.address,
next=url_for('select_address', workspace=workspace.name, invoice=invoice.url_name))
def proposal_delete(profile, space, proposal):
return render_delete_sqla(proposal, db, title=_(u"Confirm delete"),
message=_(u"Do you really wish to delete your proposal ‘{title}’? "
u"This will remove all votes and comments as well. This operation "
u"is permanent and cannot be undone.").format(title=proposal.title),
success=_("Your proposal has been deleted"),
next=space.url_for(),
cancel_url=proposal.url_for())
def team_delete(org, team):
if team == org.owners or team == org.members:
abort(403)
if request.method == 'POST':
team_data_changed.send(team, changes=['delete'], user=g.user)
return render_delete_sqla(team, db, title=_(u"Confirm delete"), message=_(u"Delete team {title}?").format(title=team.title),
success=_(u"You have deleted team ‘{team}’ from organization ‘{org}’").format(team=team.title, org=org.title),
next=url_for('.org_info', name=org.name))
def team_delete(org, team):
if team == org.owners:
abort(403)
if request.method == 'POST':
team_data_changed.send(team, changes=['delete'], user=g.user)
return render_delete_sqla(team, db, title=u"Confirm delete", message=u"Delete team '%s'?" % team.title,
success=u"You have deleted team '%s' from organization '%s'." % (team.title, org.title),
next=url_for('.org_info', name=org.name))
def folder_delete(website, folder):
g.website = website
g.folder = folder
return render_delete_sqla(folder, db, title=u"Confirm delete",
message=u"Delete folder '%s'? This will also permanently remove all "
"pages in this folder. There is no undo." % folder.name,
success=u"You have deleted folder '%s'." % folder.name,
next=url_for('website', website=website.name))
def delete(self):
return render_delete_sqla(self.obj, db, title=_(u"Confirm delete"),
message=_(u"Do you really wish to delete your proposal ‘{title}’? "
u"This will remove all votes and comments as well. This operation "
u"is permanent and cannot be undone.").format(title=self.obj.title),
success=_("Your proposal has been deleted"),
next=self.obj.project.url_for(),
cancel_url=self.obj.url_for())
def org_delete(org):
return render_delete_sqla(
org,
db,
title="Confirm delete",
message="Delete organization '%s'? " % org.title,
success="You have deleted organization '%s' and all its associated teams." % org.title,
next=url_for("org_list"),
)
def remove_phone(number):
userphone = UserPhone.query.filter_by(phone=number, user=g.user).first()
if userphone is None:
userphone = UserPhoneClaim.query.filter_by(phone=number, user=g.user).first_or_404()
if request.method == 'POST':
user_data_changed.send(g.user, changes=['phone-delete'])
return render_delete_sqla(userphone, db, title="Confirm removal", message="Remove phone number %s?" % userphone,
success="You have removed your number %s." % userphone,
next=url_for('.profile'))
def venueroom_delete(space, venue, room):
return render_delete_sqla(
room,
db,
title=u"Confirm delete",
message=_(u"Delete room “{title}”? This cannot be undone".format(title=room.title)),
success=_(u"You have deleted room “{title}”".format(title=room.title)),
next=space.url_for("venues"),
)
def org_delete(org):
if request.method == 'POST':
# FIXME: Find a better way to do this
org_data_changed.send(org, changes=['delete'], user=g.user)
return render_delete_sqla(org, db, title=_(u"Confirm delete"),
message=_(u"Delete organization ‘{title}’? ").format(
title=org.title),
success=_(u"You have deleted organization ‘{title}’ and all its associated teams").format(title=org.title),
next=url_for('.org_list'))
def venue_delete(space, venue):
return render_delete_sqla(
venue,
db,
title=u"Confirm delete",
message=_(u"Delete venue “{title}”? This cannot be undone".format(title=venue.title)),
success=_(u"You have deleted venue “{title}”".format(title=venue.title)),
next=space.url_for("venues"),
)
def remove_email(md5sum):
useremail = UserEmail.query.filter_by(md5sum=md5sum, user=g.user).first()
if not useremail:
useremail = UserEmailClaim.query.filter_by(md5sum=md5sum, user=g.user).first_or_404()
if isinstance(useremail, UserEmail) and useremail.primary:
flash("You cannot remove your primary email address", "error")
return render_redirect(url_for('profile'), code=303)
return render_delete_sqla(useremail, db, title="Confirm removal", message="Remove email address %s?" % useremail,
success="You have removed your email address %s." % useremail,
next=url_for('profile'))
def permission_user_delete(client, kwargs):
if client.user:
user = User.get(userid=kwargs['userid'])
if not user:
abort(404)
permassign = UserClientPermissions.query.filter_by(user=user, client=client).first_or_404()
return render_delete_sqla(permassign, db, title=u"Confirm delete", message=u"Remove all permissions assigned to user {pname} for app ‘{title}’?".format(
pname=user.pickername, title=client.title),
success=u"You have revoked permisions for user {pname}".format(pname=user.pickername),
next=url_for('.client_info', key=client.key))
else:
team = Team.get(userid=kwargs['userid'])
if not team:
abort(404)
permassign = TeamClientPermissions.query.filter_by(team=team, client=client).first_or_404()
return render_delete_sqla(permassign, db, title=u"Confirm delete", message=u"Remove all permissions assigned to team ‘{pname}’ for app ‘{title}’?".format(
pname=team.title, title=client.title),
success=u"You have revoked permisions for team {title}".format(title=team.title),
next=url_for('.client_info', key=client.key))
def workspace_delete(workspace):
# Only allow workspaces to be deleted if they have no expense reports
if workspace.reports:
return render_message(
title=u"Cannot delete this workspace",
message=u"This workspace cannot be deleted because it contains expense reports.")
return render_delete_sqla(workspace, db, title=u"Confirm delete",
message=u"Delete workspace '%s'?" % workspace.title,
success=u"You have deleted workspace '%s'." % workspace.title,
next=url_for('index'))
def invoice_delete(workspace, invoice):
workflow = invoice.workflow()
if not workflow.can_view():
abort(403)
if not workflow.draft():
# Only drafts can be deleted
return render_template('baseframe/message.html.jinja2', message=u"Only draft invoices can be deleted.")
return render_delete_sqla(invoice, db, title=u"Confirm delete",
message=u"Delete Category '%s'?" % invoice.title,
success=u"You have deleted '%s'." % invoice.title,
next=url_for('invoice_list', workspace=workspace.name))
def remove_extid(extid):
num_extids = len(current_auth.user.externalids)
has_pw_hash = bool(current_auth.user.pw_hash)
if not has_pw_hash and num_extids == 1:
flash(_("You do not have a password set. So you must have at least one external ID enabled."), 'danger')
return render_redirect(url_for('.account'), code=303)
return render_delete_sqla(extid, db, title=_(u"Confirm removal"),
message=_(u"Remove {service} account ‘{username}’ from your account?").format(service=login_registry[extid.service].title, username=extid.username),
success=_(u"You have removed the {service} account ‘{username}’").format(service=login_registry[extid.service].title, username=extid.username),
next=url_for('.account'),
delete_text=_(u"Remove"))
def video_delete(channel, playlist, video):
"""
Delete video
"""
if playlist != video.playlist:
# This video isn't in this playlist. Redirect to canonical URL
return redirect(video.url_for('delete'))
return render_delete_sqla(video, db, title=u"Confirm delete",
message=u"Delete video '%s'? This will remove the video from all playlists it appears in." % video.title,
success=u"You have deleted video '%s'." % video.title, next=playlist.url_for())
def remove_email(md5sum):
useremail = UserEmail.query.filter_by(md5sum=md5sum, user=g.user).first()
if not useremail:
useremail = UserEmailClaim.query.filter_by(md5sum=md5sum,
user=g.user).first_or_404()
if isinstance(useremail, UserEmail) and useremail.primary:
flash(_("You cannot remove your primary email address"), 'error')
return render_redirect(url_for('.profile'), code=303)
if request.method == 'POST':
# FIXME: Confirm validation success
user_data_changed.send(g.user, changes=['email-delete'])
return render_delete_sqla(
useremail,
db,
title=_(u"Confirm removal"),
message=_(u"Remove email address {email}?").format(
email=useremail.email),
success=_(u"You have removed your email address {email}").format(
email=useremail.email),
next=url_for('.profile'))
def video_remove(channel, playlist, video):
"""
Remove video from playlist
"""
if playlist not in video.playlists:
# This video isn't in this playlist
abort(404)
# If this is the primary playlist for this video, refuse to remove it.
if playlist == video.playlist:
return render_message(title="Cannot remove",
message=Markup("Videos cannot be removed from their primary playlist. "
'<a href="%s">Return to video</a>.' % video.url_for()))
connection = PlaylistVideo.query.filter_by(playlist_id=playlist.id, video_id=video.id).first_or_404()
return render_delete_sqla(connection, db, title="Confirm remove",
message=u"Remove video '%s' from playlist '%s'?" % (video.title, playlist.title),
success=u"You have removed video '%s' from playlist '%s'." % (video.title, playlist.title),
next=playlist.url_for())
def remove_extid(extid):
num_extids = len(current_auth.user.externalids)
has_pw_hash = bool(current_auth.user.pw_hash)
if not has_pw_hash and num_extids == 1:
flash(
_("You do not have a password set. So you must have at least one external ID enabled."
), 'danger')
return render_redirect(url_for('.account'), code=303)
return render_delete_sqla(
extid,
db,
title=_(u"Confirm removal"),
message=_(u"Remove {service} account ‘{username}’ from your account?"
).format(service=login_registry[extid.service].title,
username=extid.username),
success=_(
u"You have removed the {service} account ‘{username}’").format(
service=login_registry[extid.service].title,
username=extid.username),
next=url_for('.account'),
delete_text=_(u"Remove"))
def remove_phone(number):
userphone = UserPhone.get(phone=number)
if userphone is None or userphone.user != current_auth.user:
userphone = UserPhoneClaim.get_for(user=current_auth.user,
phone=number)
if not userphone:
abort(404)
if userphone.verification_expired:
flash(
_("This number has been blocked due to too many failed verification"
" attempts"),
'danger',
)
# Block attempts to delete this number if verification failed.
# It needs to be deleted in a background sweep.
return render_redirect(url_for('account'), code=303)
if (isinstance(userphone, UserPhone)
and current_auth.user.verified_contact_count == 1):
flash(
_("Your account requires at least one verified email address or phone"
" number"),
'danger',
)
return render_redirect(url_for('account'), code=303)
if request.method == 'POST':
# FIXME: Confirm validation success
user_data_changed.send(current_auth.user, changes=['phone-delete'])
return render_delete_sqla(
userphone,
db,
title=_("Confirm removal"),
message=_("Remove phone number {phone} from your account?").format(
phone=userphone.phone),
success=_("You have removed your number {phone}").format(
phone=userphone.phone),
next=url_for('account'),
delete_text=_("Remove"),
)
def remove_email(md5sum):
useremail = UserEmail.get_for(user=current_auth.user, md5sum=md5sum)
if not useremail:
useremail = UserEmailClaim.get_for(user=current_auth.user,
md5sum=md5sum)
if not useremail:
abort(404)
if isinstance(useremail, UserEmail) and useremail.primary:
flash(_("You cannot remove your primary email address"), 'danger')
return render_redirect(url_for('.account'), code=303)
if request.method == 'POST':
# FIXME: Confirm validation success
user_data_changed.send(current_auth.user, changes=['email-delete'])
return render_delete_sqla(
useremail,
db,
title=_("Confirm removal"),
message=_("Remove email address {email} from your account?").format(
email=useremail.email),
success=_("You have removed your email address {email}").format(
email=useremail.email),
next=url_for('.account'),
delete_text=_("Remove"),
)
def delete(self):
return render_delete_sqla(self.obj, db, title=u"Confirm delete",
message=u"Delete campaign '%s'?" % self.obj.title,
success=u"You have deleted campaign '%s'." % self.obj.title,
next=url_for(getattr(self, self.current_tab).endpoint),
cancel_url=self.obj.url_for())
def campaign_action_delete(campaign, action):
return render_delete_sqla(action, db, title=u"Confirm delete",
message=u"Delete campaign action '%s'?" % campaign.title,
success=u"You have deleted campaign action '%s'." % campaign.title,
next=url_for('campaign_view', campaign=campaign.name))
def permission_delete(perm):
return render_delete_sqla(perm, db, title=_(u"Confirm delete"), message=_(u"Delete permission ‘{name}’?").format(name=perm.name),
success=_("Your permission has been deleted"),
next=url_for('.permission_list'))
def campaign_delete(campaign):
return render_delete_sqla(campaign, db, title=u"Confirm delete",
message=u"Delete campaign '%s'?" % campaign.title,
success=u"You have deleted campaign '%s'." % campaign.title,
next=url_for('campaign_list'))
def delete(self):
return render_delete_sqla(self.obj, db, title=u"Confirm delete",
message=u"Delete campaign action '%s'?" % self.obj.title,
success=u"You have deleted campaign action '%s'." % self.obj.title,
next=self.obj.parent.url_for())
def client_cred_delete(client, cred):
return render_delete_sqla(cred, db, title=_(u"Confirm delete"),
message=_(u"Delete access key ‘{title}’? ").format(title=cred.title),
success=_(u"You have deleted access key ‘{title}’").format(title=cred.title),
next=url_for('.client_info', key=client.key))
def board_delete(board):
return render_delete_sqla(board, db, title=u"Confirm delete",
message=u"Delete board '%s'?" % board.title,
success=u"You have deleted board '%s'." % board.title,
next=url_for('index'))
def client_delete(client):
return render_delete_sqla(client, db, title=_(u"Confirm delete"),
message=_(u"Delete application ‘{title}’? ").format(title=client.title),
success=_(u"You have deleted application ‘{title}’ and all its associated resources and permission assignments").format(
title=client.title),
next=url_for('.client_list'))
