def close_appeal(ban_uid):
ban = Ban.objects(uid=ban_uid).first()
if ban is None:
abort(404)
if not current_user.has_permission("bans.appeal.manage"):
abort(403)
if ban.appeal.state == 'closed_forever':
flash("Appeal has already been closed.", category='alert')
return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
if request.method == "POST":
form = AppealUnlockTimeForm(request.form)
if form.validate():
ban.appeal.unlock_time = form.date.data
ban.appeal.state = 'closed_time'
ban.save()
flash("Appeal closed until specified date.", category='success')
return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
else:
flash("Appeal unlock date form failed to validate. Make sure you're typing in the right data.", category='alert')
return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
ban.appeal.state = 'closed_forever'
ban.save()
flash("Appeal has been closed.", category='success')
return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
def unban(ban_uid):
ban = Ban.objects(uid=ban_uid).first()
if ban is None:
abort(404)
if not current_user.has_permission("bans.appeal.manage"):
abort(403)
if not ban.active:
flash("Ban has already been lifted.", category='alert')
return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
if request.method == "POST":
form = BanUnbanTimeForm(request.form)
if form.validate():
ban.removed_time = form.date.data
ban.removed_by = current_user.name
ban.save()
flash("Ban will be lifted on specified date.", category='success')
return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
else:
flash(
"Unban date form failed to validate. Make sure you're typing in the right data.",
category='alert')
return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
ban.active = False
ban.removed_by = current_user.name
ban.removed_time = datetime.datetime.utcnow()
ban.save()
ban.ban_lifted()
flash("Ban has been lifted.", category='success')
return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
def graph_lookup_view(player=None):
if not current_user.has_permission('alts.graph'):
abort(403)
return render_template("graph_view.html",
preload=[player] if player else [],
csrf_token=generate_csrf())
def unban(ban_uid):
ban = Ban.objects(uid=ban_uid).first()
if ban is None:
abort(404)
if not current_user.has_permission("bans.appeal.manage"):
abort(403)
if not ban.active:
flash("Ban has already been lifted.", category='alert')
return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
if request.method == "POST":
form = BanUnbanTimeForm(request.form)
if form.validate():
ban.removed_time = form.date.data
ban.removed_by = current_user.name
ban.save()
flash("Ban will be lifted on specified date.", category='success')
return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
else:
flash("Unban date form failed to validate. Make sure you're typing in the right data.", category='alert')
return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
ban.active = False
ban.removed_by = current_user.name
ban.removed_time = datetime.datetime.utcnow()
ban.save()
ban.ban_lifted()
flash("Ban has been lifted.", category='success')
return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
def close_appeal(ban_uid):
ban = Ban.objects(uid=ban_uid).first()
if ban is None:
abort(404)
if not current_user.has_permission("bans.appeal.manage"):
abort(403)
if ban.appeal.state == 'closed_forever':
flash("Appeal has already been closed.", category='alert')
return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
if request.method == "POST":
form = AppealUnlockTimeForm(request.form)
if form.validate():
ban.appeal.unlock_time = form.date.data
ban.appeal.state = 'closed_time'
ban.save()
flash("Appeal closed until specified date.", category='success')
return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
else:
flash(
"Appeal unlock date form failed to validate. Make sure you're typing in the right data.",
category='alert')
return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
ban.appeal.state = 'closed_forever'
ban.save()
flash("Appeal has been closed.", category='success')
return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
def api_key_edit(key_id):
key = ApiKey.objects(id=key_id).first()
if key is None or current_user != key.owner:
abort(401)
form = ApiKeyEditForm()
form.acl.choices = list()
for access_token in access_tokens.values():
if access_token.get("permission"):
if not current_user.has_permission(access_token.get("permission")):
continue
form.acl.choices.append(
(access_token.get("token"), access_token.get("token")))
if request.method == "GET":
form.label.data = key.label
form.acl.data = key.access
return render_template(
'api_settings_edit_pane.html',
settings_panels_structure=settings_panels_structure,
form=form,
key=key,
title="Edit - API Keys - Developer - Settings")
elif request.method == "POST":
form.validate()
key.label = form.label.data
key.access = form.acl.data
key.save()
return redirect(url_for('api.api_key_edit', key_id=key_id))
def api_key_edit(key_id):
key = ApiKey.objects(id=key_id).first()
if key is None or current_user != key.owner:
abort(401)
form = ApiKeyEditForm()
form.acl.choices = list()
for access_token in access_tokens.values():
if access_token.get("permission"):
if not current_user.has_permission(access_token.get("permission")):
continue
form.acl.choices.append((access_token.get("token"), access_token.get("token")))
if request.method == "GET":
form.label.data = key.label
form.acl.data = key.access
return render_template('api_settings_edit_pane.html', settings_panels_structure=settings_panels_structure, form=form, key=key, title="Edit - API Keys - Developer - Settings")
elif request.method == "POST":
form.validate()
key.label = form.label.data
key.access = form.acl.data
key.save()
return redirect(url_for('api.api_key_edit', key_id=key_id))
def profile_text_edit(name):
if current_user.name != name and not current_user.has_permission(
'profile.admin'):
abort(404)
user = User.objects(name=name).first()
if user is None:
abort(404)
profile = get_profile(user)
form = ProfileTextEditForm(request.form)
if request.method == 'POST':
if not form.validate():
return render_template('profile_edit_text.html',
profile=profile,
form=form)
profile.profile_text = form.text.data
profile.save()
return redirect(user.get_profile_url())
form.text.data = profile.profile_text
return render_template('profile_edit_text.html',
profile=profile,
form=form,
user=user,
title="Edit Profile - " + name + " - Profile")
def ban_reason_edit(ban_uid):
edit_form = BanReasonEditForm(request.form)
if not current_user.has_permission("bans.appeal.manage"):
abort(403)
ban = Ban.objects(uid=ban_uid).first()
if ban is None:
abort(404)
if request.method == "POST" and edit_form.validate():
ban.reason = edit_form.text.data
ban.save()
return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
def ban_reason_edit(ban_uid):
edit_form = BanReasonEditForm(request.form)
if not current_user.has_permission("bans.appeal.manage"):
abort(403)
ban = Ban.objects(uid=ban_uid).first()
if ban is None:
abort(404)
if request.method == "POST" and edit_form.validate():
ban.reason = edit_form.text.data
ban.save()
return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
def appeal_reply_edit(appeal_reply_id):
edit_form = AppealReplyTextEditForm(request.form)
appeal_reply = AppealReply.objects(id=appeal_reply_id).first()
if appeal_reply is None:
abort(404)
if not (current_user.has_permission("bans.appeal.manage") or (current_user.is_authenticated() and current_user == appeal_reply.creator)):
abort(403)
if request.method == "POST" and edit_form.validate():
appeal_reply.text = edit_form.text.data
appeal_reply.edits.append(AppealEdit(text=edit_form.text.data, user=current_user.to_dbref()))
appeal_reply.save()
return redirect(url_for('bans.view_ban', ban_uid=appeal_reply.ban.uid))
def open_appeal(ban_uid):
ban = Ban.objects(uid=ban_uid).first()
if ban is None:
abort(404)
if not current_user.has_permission("bans.appeal.manage"):
abort(403)
if ban.appeal.state == 'open':
flash("Appeal is already open.", category='alert')
return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
ban.appeal.state = 'open'
ban.save()
flash("Appeal has been re-opened.", category='success')
return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
def open_appeal(ban_uid):
ban = Ban.objects(uid=ban_uid).first()
if ban is None:
abort(404)
if not current_user.has_permission("bans.appeal.manage"):
abort(403)
if ban.appeal.state == 'open':
flash("Appeal is already open.", category='alert')
return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
ban.appeal.state = 'open'
ban.save()
flash("Appeal has been re-opened.", category='success')
return redirect(url_for('bans.view_ban', ban_uid=ban_uid))
def appeal_reply_edit(appeal_reply_id):
edit_form = AppealReplyTextEditForm(request.form)
appeal_reply = AppealReply.objects(id=appeal_reply_id).first()
if appeal_reply is None:
abort(404)
if not (current_user.has_permission("bans.appeal.manage") or
(current_user.is_authenticated()
and current_user == appeal_reply.creator)):
abort(403)
if request.method == "POST" and edit_form.validate():
appeal_reply.text = edit_form.text.data
appeal_reply.edits.append(
AppealEdit(text=edit_form.text.data, user=current_user.to_dbref()))
appeal_reply.save()
return redirect(url_for('bans.view_ban', ban_uid=appeal_reply.ban.uid))
def profile_text_edit(name):
if current_user.name != name and not current_user.has_permission('profile.admin'):
abort(404)
user = User.objects(name=name).first()
if user is None:
abort(404)
profile = get_profile(user)
form = ProfileTextEditForm(request.form)
if request.method == 'POST':
if not form.validate():
return render_template('profile_edit_text.html', profile=profile, form=form)
profile.profile_text = form.text.data
profile.save()
return redirect(user.get_profile_url())
form.text.data = profile.profile_text
return render_template('profile_edit_text.html', profile=profile, form=form, user=user, title="Edit Profile - " + name + " - Profile")
def add_payment():
if not current_user.has_permission('financial.payments'):
abort(403)
form = PaymentAddForm(request.form)
if request.method == "POST":
payment = PaymentTransaction()
payment.amount = form.amount.data
payment.period_begin = form.start_date.data
payment.period_end = form.end_date.data
payment.user = current_user.to_dbref()
payment.note = form.note.data
payment.save()
return redirect(url_for('donations.donate'))
return render_template("add_payment.html", form=form)
def wrapper(*args, **kwargs):
for permission in permissions:
if not current_user.has_permission(permission):
abort(403)
return func(*args, **kwargs)
def wrapper(*args, **kwargs):
for permission in permissions:
if not current_user.has_permission(permission):
abort(403)
return func(*args, **kwargs)
def is_accessible(self):
return current_user.has_permission('admin.%s' % permission)
def is_accessible(self):
return current_user.has_permission('admin.%s' % permission)
def graph_lookup_view(player=None):
if not current_user.has_permission('alts.graph'):
abort(403)
return render_template("graph_view.html", preload=[player] if player else [], csrf_token=generate_csrf())
