Esempio n. 1
0
def edit_user(user_id):
    is_reviewer = current_user.has_role('reviewer')
    user = user_datastore.get_user(user_id)

    if (not current_user.is_authenticated()) or (user.id != current_user.id and not is_reviewer):
        return current_app.login_manager.unauthorized()

    form = forms.UserEditForm(request.form, user)
    form.roles.choices = [(role.name, role.name.capitalize()) for role in user_datastore.role_model.objects()]

    if not current_user.has_role('admin'):
        del form.roles

    if form.validate_on_submit():
        user.email = form.email.data
        if form.password.data:
            user.password = form.password.data
        if current_user.has_role('admin'):
            user.roles = [user_datastore.find_role(role) for role in form.roles.data]

        user.save()
        flash('User updated successfully.', 'success')

    if current_user.has_role('admin'):
        form.roles.data = [role.name for role in user.roles]

    return render_template('edit_user.html', form=form)
Esempio n. 2
0
 def index(self):
     if current_user.has_role('admin'):
         return redirect(url_for('.index_admin'))
     elif current_user.has_role('urbam'):
         return redirect(url_for('.index_urbam'))
     elif current_user.has_role('secretaria'):
         return redirect(url_for('.index_secretaria'))
Esempio n. 3
0
def vouchers_new():
    form = NewVoucherForm(flask.request.form)

    choices = []

    if current_user.has_role('gateway-admin'):
        choices = [[ current_user.gateway_id, '%s - %s' % (current_user.gateway.network.title, current_user.gateway.title) ]]
    else:
        if current_user.has_role('network-admin'):
            networks = Network.query.filter_by(id=current_user.network_id).all()
        else:
            networks = Network.query.all()

        for network in networks:
            for gateway in network.gateways:
                choices.append([ gateway.id, '%s - %s' % (network.title, gateway.title) ])

    form.gateway_id.choices = choices

    if form.validate_on_submit():
        voucher = Voucher()
        form.populate_obj(voucher)

        if current_user.has_role('gateway-admin'):
            voucher.gateway_id = current_user.gateway_id

        db.session.add(voucher)
        db.session.commit()

        return flask.redirect(flask.url_for('.vouchers_new', id=voucher.id))

    return flask.render_template('vouchers/new.html', form=form)
Esempio n. 4
0
    def get(self):
        parser = reqparse.RequestParser()
        parser.add_argument('p', type=int, required=False, default=None,
                location='values')

        q = HailModel.query
        filters = []
        if not current_user.has_role('admin'):
            if current_user.has_role('operateur'):
                filters.append(HailModel.operateur_id == current_user.id)
            if current_user.has_role('moteur'):
                filters.append(HailModel.added_by == current_user.id)
            q = q.filter(or_(*filters))
        q = q.order_by(HailModel.creation_datetime.desc())
        pagination = q.paginate(page=parser.parse_args()['p'], per_page=30)
        return {"data": [{
                "id": hail.id,
                "added_by": security_models.User.query.get(hail.added_by).email,
                "operateur": hail.operateur.email,
                "status": hail.status,
                "creation_datetime": hail.creation_datetime.strftime("%Y/%m/%d %H:%M:%S"),
                "taxi_id": hail.taxi_id}
                for hail in pagination.items
            ],
            "meta": {
                "next_page": pagination.next_num if pagination.has_next else None,
                "prev_page": pagination.prev_num if pagination.has_prev else None,
                "pages": pagination.pages,
                "total": pagination.total
                }
            }
Esempio n. 5
0
def can_add_thing_to_collection(collection, thing=None):
    if thing and collection.has_thing(thing):
        return False
    if collection.accessibility == 'public':
        return current_user.is_active() and current_user.is_authenticated()
    elif collection.accessibility == 'semi-public':
        return current_user.has_role('admin') or current_user.has_role('editor') or collection.is_creator(current_user) or collection.has_editor(current_user)
    elif collection.accessibility == 'private':
        return current_user.has_role('admin') or current_user.has_role('editor') or collection.is_creator(current_user) or collection.has_editor(current_user)
Esempio n. 6
0
def save_info(id):
    intent = request.form.get('intent', 'accept')
    group = mdl.Group.one(id=id)

    if not current_user.has_role(mdl.Role.ADMIN):
        if intent != 'update' or group.user.id != current_user.id:
            # For non-admins we only allow "update" permission on owned goups.
            return gettext("Access Denied!"), 403

    # attributes that don't require admin permissions.
    num_vegetarians = request.form.get('num_vegetarians', 0)
    num_participants = request.form.get('num_participants', 0)
    data = {
        'name': request.form['name'],
        'phone': request.form['phone'],
        'comments': request.form['comments'],
        'contact': request.form['contact'],
        'email': request.form.get('email', ''),
        'num_vegetarians': int(num_vegetarians) if num_vegetarians else 0,
        'num_participants': int(num_participants) if num_participants else 0,
        'send_email': True,
        'notification_recipient': 'admins',
        'user_is_admin': False,
    }

    # ... next, if we are allowed, add admin-only attributes
    if current_user.has_role(mdl.Role.ADMIN):
        if 'direction' in request.form:
            data['direction'] = request.form['direction']
        data['start_time'] = request.form['start_time']
        data['send_email'] = request.form.get('send_email') == 'true'
        data['cancelled'] = request.form.get('cancelled') == 'true'
        data['completed'] = request.form.get('completed') == 'true'
        if intent == 'accept' and not group.accepted:
            loco.accept_registration(current_app.mailer,
                                     group.confirmation_key,
                                     group)
            flash(gettext('Accepted registration for group {}').format(
                group.name), 'info')
        else:
            data['accepted'] = request.form.get('accepted') == 'true'
        data['notification_recipient'] = 'owner'
        data['user_is_admin'] = True

    loco.update_group(current_app.mailer, id, data)

    flash(gettext('Group {name} successfully updated!').format(
        name=data['name']), 'info')

    if data['send_email']:
        flash(gettext('E-Mail sent successfully!'), 'info')

    if current_user.has_role(mdl.Role.ADMIN):
        return redirect(url_for('group.edit', name=data['name']))
    else:
        return redirect(url_for('root.profile'))
Esempio n. 7
0
def rosterentries(day, id=None):
	'''
	API that allows creating, reading and updating roster entries.  Deleting is not
	implemented.  To create or update entries for a different user than the currently
	logged in user, the user needs to have the admin role.
	'''
	if not current_user.is_authenticated():
		flask.abort(403)
	if not day:
		response = flask.jsonify(ok=False, msg='')
		response.status_code = 404
		return response
	day = datetime.datetime(*map(int, re.split('[^\d]', day)[:-1]))
	if flask.request.method == 'GET':
		results = Roster.query.filter_by(day=day).all()
		json_results = []
		for result in results:
			d = {
				'day': result.day.isoformat(),
				'member': result.user.name,
				'user_id': result.user.id,
				'id': result.user.id,
				'will_open': result.will_open != 0,
				'will_service': result.will_service != 0,
				'will_close': result.will_close != 0,
				'comment': result.comment
				}
			json_results.append(d)
		return flask.jsonify(items=json_results)
	if flask.request.method == 'POST':
		req = flask.request.get_json()
		if req['user_id'] != current_user.id and not current_user.has_role('admin'):
			flask.abort(403)
		r = Roster()
		r.day = day;
		r.user = User.query.get(req['user_id'])
		r.will_open =    int(req['will_open'])
		r.will_service = int(req['will_service'])
		r.will_close =   int(req['will_close'])
		r.comment = req['comment']
		db.session.add(r)
		db.session.commit()
		return flask.jsonify(ok=True)
	if flask.request.method == 'PUT':
		req = flask.request.get_json()
		if id != current_user.id and not current_user.has_role('admin'):
			flask.abort(403)
		r = Roster.query.filter_by(day=day, user_id=id).first()
		r.will_open =    int(req['will_open'])
		r.will_service = int(req['will_service'])
		r.will_close =   int(req['will_close'])
		r.comment = req['comment']
		db.session.commit()
		return flask.jsonify(ok=True)
	flask.abort(405)
Esempio n. 8
0
def ads_list():
    if not taxis_models.ADS.can_be_listed_by(current_user):
        if current_user.has_role('stats'):
            return self.metadata()
        abort(403, message="You're not allowed to see this page")
    q = taxis_models.ADS.query
    if not current_user.has_role('admin') and not current_user.has_role('prefecture'):
        q = q.filter_by(added_by=current_user.id)
    page = int(request.args.get('page')) if 'page' in request.args else 1
    return render_template('lists/ads.html',
        ads_list=q.paginate(page) if q else None)
Esempio n. 9
0
 def get(self):
     if not taxis_models.Driver.can_be_listed_by(current_user):
         if current_user.has_role('stats'):
             return self.metadata()
         abort(403, message="You can't list drivers")
     page = int(request.args.get('page')) if 'page' in request.args else 1
     q = taxis_models.Driver.query
     if not current_user.has_role('admin') and not current_user.has_role('prefecture'):
         q = q.filter_by(added_by=current_user.id)
     return render_template('lists/drivers.html',
         driver_list=q.paginate(page))
Esempio n. 10
0
def events(id=None):
    if id:
        event = Event.objects.get(pk=id)
        event.update_timezone()
        add_form = EventForm(request.form, obj=event)
        title_aside = u'Éditer l\'événement'
    else:
        event = Event()
        add_form = EventForm()
        title_aside = u'Créer un événement'

    if add_form.organisations.data:
        add_form.organisations.choices = make_choices(add_form.orgas_choices, selected=add_form.organisations.data, name='Organisations')

    if add_form.places.data:
        add_form.places.choices = make_choices(add_form.places_choices, selected=add_form.places.data, name='Lieux')

    if add_form.validate_on_submit():
        event.title = add_form.title.data
        event.description = add_form.description.data
        event.organisations = add_form.organisations.data
        event.places = add_form.places.data

        if not event.author:
            event.author = current_user.to_dbref()

        event.datetime_first = arrow.get(add_form.datetime_first.data).datetime
        event.datetime_last = arrow.get(add_form.datetime_last.data).datetime
        event.update_timezone()

        if current_user.has_role('Administrateur') or current_user.has_role('Éditeur'):
            event.status = 'published' if 'publish' in request.form else 'draft'
        else:
            event.status = 'validation' if 'publish' in request.form else 'draft'

        event.save()
        if id:
            return redirect('/events')

    # Filter the events for non-admin users
    if not current_user.has_role('Administrateur'):
        filter_role = {'organisations__in': current_user.associations}
    else:
        filter_role = {}

    today = arrow.now().date()
    events_draft = Event.objects(status='draft', **filter_role).order_by('datetime_first')
    events_validation = Event.objects(status='validation', datetime_first__gte=today, **filter_role).order_by('datetime_first')
    events_published = Event.objects(status='published', datetime_first__gte=today).order_by('datetime_first')

    return render_template('events.html', events_draft=events_draft, events_validation=events_validation, events_published=events_published, add_form=add_form, title_aside=title_aside, icons=icons)
Esempio n. 11
0
def home():
    if current_user.is_authenticated():
        if current_user.admin:
            return redirect(url_for('dashboard'))

        if current_user.has_role('monitor'):
            return redirect(url_for('monitor_dashboard'))

        if current_user.has_role('miner'):
            return redirect(url_for('mine_home'))

        return render_template('noperms.haml')
    else:
        return redirect(url_for('security.login'))
Esempio n. 12
0
 def func():
     if current_user.is_authenticated():
         for role in roles:
             if not current_user.has_role(role):
                 return False
         return True
     return False
Esempio n. 13
0
 def get_count_query(self):
     if not current_user.has_role('package_admin'):
         return super(VersionView, self).get_count_query().\
             join(self.model.package).\
             join(Package.maintainers).\
             filter(User.id == current_user.id)
     return super(VersionView, self).get_count_query()
Esempio n. 14
0
 def post(self):
     db = current_app.extensions['sqlalchemy'].db
     hj = request.json
     taxi_json = hj['data'][0]
     departement = administrative_models.Departement.filter_by_or_404(
         numero=str(taxi_json['driver']['departement']))
     driver = taxis_models.Driver.filter_by_or_404(
             professional_licence=taxi_json['driver']['professional_licence'],
                        departement_id=departement.id)
     vehicle = taxis_models.Vehicle.filter_by_or_404(
             licence_plate=taxi_json['vehicle']['licence_plate'])
     ads = taxis_models.ADS.filter_by_or_404(
           numero=taxi_json['ads']['numero'],insee=taxi_json['ads']['insee'])
     taxi = taxis_models.Taxi.query.filter_by(driver_id=driver.id,
             vehicle_id=vehicle.id, ads_id=ads.id).first()
     if taxi_json.get('id', None):
         if current_user.has_role('admin'):
             taxi = taxis_models.Taxi.query.get(taxi_json['id'])
         else:
             del taxi_json['id']
     if not taxi:
         taxi = taxis_models.Taxi(driver=driver, vehicle=vehicle, ads=ads,
                 id=taxi_json.get('id', None))
     #This can happen if this is posted with a admin user
     if 'status' in taxi_json and taxi.vehicle.description:
         try:
             taxi.status = taxi_json['status']
         except AssertionError:
             abort(400, message='Invalid status')
     db.session.add(taxi)
     db.session.commit()
     return {'data':[taxi]}, 201
Esempio n. 15
0
    def add_contacts(self):
        if request.method == 'POST':
            if not request.form.get('conference') or not request.form.get(
                'profile'):
                    flash(
                        'You must select Conference and Profile')
                    if current_user.has_role('admin'):
                        return redirect(url_for('contact_admin.index_view'))
                    else:
                        return redirect(url_for('contact_user.index_view'))

            conference = Conference.query.filter_by(
                id=request.form['conference']).first_or_404()

            profile = ParticipantProfile.query.filter_by(
                id=request.form['profile']).first_or_404()

            contacts = Contact.query.filter(
                    Contact.id.in_(request.form['ids'].split(',')))

            for c in contacts:
                if Participant.query.filter_by(phone=c.phone,
                                               conference=conference).first():
                    flash(gettext(
                        '%(contact)s is already there.', contact=c))
                    continue
                p = Participant(phone=c.phone, name=c.name, user=current_user,
                                profile=profile, conference=conference)
                flash(gettext(
                    '%(contact)s added.', contact=c))

                db.session.add(p)
            db.session.commit()

        return redirect(url_for('.edit_view', id=conference.id))
Esempio n. 16
0
def view_application(application_id, is_review=False):
    is_reviewer = current_user.has_role('reviewer')
    application = models.Application.objects.with_id(application_id)

    if not application:
        flash('No application with that id could be found.', 'error')
        return redirect('dashboard')

    if (not current_user.is_authenticated()) or (application.submitter.id != current_user.id and not is_reviewer):
        return current_app.login_manager.unauthorized()

    date = (application.submit_date if application.is_submitted else application.id.generation_time)

    files = []
    for course_app in application.course_applications:
        if course_app.uploaded_content:
            for f in course_app.uploaded_content:
                files.append({'name': f.name, 'url': url_for('download_file', file=f._id)})

    return render_template('view_application.html',
        name=application.submitter.name,
        date=date.strftime('%Y-%m-%d') if date else 'No date available',
        files=files,
        formatted=utils.serialize_application_to_html(application, is_review=is_review)
    )
Esempio n. 17
0
def admin_home():
    if not current_user.has_role("admin"):
	abort(403)
    u = users.User.query.filter_by()
    e = events.Event.query.filter_by()
    p = events.Place.query.filter_by()
    return render_template('admin.min.html', active='home', users=u, events=e, places=p)
Esempio n. 18
0
def root():
    if current_user.has_role("admin"):
        return redirect(url_for("admin"))
    if current_user.is_authenticated():
        return redirect(url_for("edit"))
    else:
        return redirect(url_for_security("login"))
Esempio n. 19
0
    def team(self, slug):
        '''  '''
        if not current_user.has_role('super_admin'):
            # TODO: Check if current user is 'owner' of this team
            flash('You do not have permission to view this page')
            return redirect(url_for('frontend.index'))

        team = Team.objects(slug=slug).first_or_404()
        form = TeamForm(obj=team)
        if form.validate_on_submit():
            if form.logo.data:
                upload_logo = s3_upload(form.logo)
            else:
                upload_logo = team.logo
            if form.picture.data:
                upload_picture = s3_upload(form.picture)
            else:
                upload_picture = team.picture
            form.populate_obj(team)
            team.logo = upload_logo
            team.picture = upload_picture
            print 'Updated team information %s' % team.to_dict()
            team.save()
            flash('Changes Saved')
            return render_template('admin/team.html',
                    team=team, form=form)
        return render_template('admin/team.html', team=team, form=form)
Esempio n. 20
0
    def is_accessible(self):
        if not current_user.is_active or not current_user.is_authenticated:
            return False

        if current_user.has_role('admin'):
            return True
        return False
Esempio n. 21
0
def korist_osas(id):
	korist = Korist.query.get_or_404(id)
	if korist.profile != current_user.profile and not current_user.has_role('Admin'):
		abort(403)
	if korist.osas.count() > 0:
		return redirect(url_for('korist_edit', id=korist.id))
	
	form = OSASForm(obj=korist)
	# form = KoristFormWithOSAs(obj=korist)
	if form.validate_on_submit():
		events = korist.group.events.all()
		for i in xrange(len(events)):
			osa_form = form.osas[i]
			osa = OSA(korist=korist, event=events[i], comment=osa_form.comment.data, osa=osa_form.osa.data)
			db.session.add(osa)
		
		korist.active = bool(form.active.data)
		# form.populate_obj(korist)
		db.session.add(korist)
		
		db.session.commit()
		return redirect(url_for('korist', id=korist.id))
	else:
		for event in korist.group.events:
			form.osas.append_entry(OSA(korist=korist, event=event))
	return render_template("korist_osas.html", korist=korist, form=form)
Esempio n. 22
0
    def validate(self):
        if not super(GenerateApiKeyForm, self).validate():  # pragma: no cover
            return False

        if not current_user.has_role('developer'):
            return False

        return True
Esempio n. 23
0
File: model.py Progetto: ktmud/david 
    def is_accessible(self):

        roles = getattr(self, 'roles_accepted', None)
        if not roles: return True
        for r in roles:
            if current_user.has_role(r):
                return True
        return False
Esempio n. 24
0
 def index(self):
     if login.current_user.is_authenticated():
         if current_user.has_role('admin'):
             return super(AdminIndexView, self).index()
         else:
             return make_response("Unauthorized User")
     else:
         return redirect(url_for('.login_view'))
Esempio n. 25
0
    def is_accessible(self):
        if not current_user.is_active() or not current_user.is_authenticated():
            return False

        if current_user.has_role(Constants.ADMIN_ROLE):
            return True

        return False
Esempio n. 26
0
    def is_accessible(self):
        if not current_user.is_active() or not current_user.is_authenticated():
            return False

        if current_user.has_role('superuser'):
            return True

        return False
Esempio n. 27
0
 def is_accessible(self):
     roles_accepted = getattr(self, 'roles_accepted', None)
     if roles_accepted:
         accessible = any(
             [current_user.has_role(role) for role in roles_accepted]
         )
         return accessible
     return True
Esempio n. 28
0
 def is_accessible(self):
     try:
         role = models.Role.objects.get(name='admin')
     except models.Role.DoesNotExist:
         return False
     return (
         current_user.is_authenticated() and current_user.has_role(role)
     )
Esempio n. 29
0
def home():
    if not request_wants_json():
        return render_template('base.html')
    links = {}
    if current_user.has_role('operateur') or current_user.has_role('admin'):
        links.update(
                {'vehicle': {
                    'href': url_for('api.vehicle', _external=True),
                    'methods': set(['POST', 'PUT'])},
                 'driver': {
                    'href': url_for('api.drivers', _external=True),
                    'methods': set(['POST', 'PUT'])},
                 'ads': {
                    'href': url_for('api.ads', _external=True),
                    'methods': set(['POST', 'PUT'])},
                 'taxi_id': {
                    'href': url_for('api.taxi_id', _external=True, taxi_id="_id_"),
                    'methods': set(['PUT', 'GET'])},
                 'hail': {
                     'href': url_for('api.hail_endpoint', _external=True),
                     'methods': set(['PUT', 'GET'])
                     }
                }
         )
    if current_user.has_role('moteur') or current_user.has_role('admin'):
        links.update(
                {
                'taxi_id': {
                    'href': url_for('api.taxi_id', _external=True, taxi_id="_id_"),
                    'methods': links.get('taxi_id', {'methods': set()})['methods']\
                                        .union(set(['GET']))
                }
                })
        links.update(
                {
                'hail': {
                    'href': url_for('api.hail_endpoint'),
                    'methods': links.get('hail', {'methods': set()})['methods']\
                                        .union(set(['POST', 'PUT', 'GET']))
                }
                })
    for k, v in links.items():
        links[k]['methods'] = list(v['methods'])

    return jsonify({'links': links})
Esempio n. 30
0
def TestLogin():
    if current_user.is_authenticated():
        if current_user.has_role('privileged_user'):
            context = {'user_name': get_current_user_first_name()}
            return render_template('testroles.html', **context)
        else:
            return  make_response("Unauthorized User")
    else:
        return redirect('/login')
Esempio n. 31
0
 def is_accessible(self):
     '''For checking if the admin view is accessible.'''
     role = models.Role.objects.get(name='admin')
     return current_user.is_authenticated() and current_user.has_role(role)
Esempio n. 32
0
 def is_accessible(self):
     return (current_user.has_role('admin') and
             current_user.has_role('super'))
Esempio n. 33
0
 def get_users(self, role_name, status):
     parser = self.get_parser()
     self.add_pagination_args(parser)
     parser.add_argument('key',
                         type=StringParam.check,
                         required=False,
                         location='args',
                         min=0,
                         max=20)
     parser.add_argument('order_update_time',
                         type=str,
                         required=False,
                         location='args',
                         default='desc')
     parser.add_argument('show',
                         type=str,
                         required=False,
                         location='args',
                         default='false')
     page, page_size, key = self.get_params('page', 'page_size', 'key')
     show = self.get_param('show') == 'true'
     if self.get_param('order_update_time') == 'desc':
         order_by = User.update_time.desc()
     else:
         order_by = User.update_time
     total, users = user_datastore.get_users(role_name, page, page_size,
                                             status, key, show, order_by)
     items = []
     if role_name == RoleType.teacher:
         for user in users:
             phone = user.phone if len(user.phone) != 32 else ''
             info = {
                 'id': user.id,
                 'chinese_name': user.chinese_name,
                 'english_name': user.english_name,
                 'graduated': user.teacher.graduated,
                 'major': user.teacher.major,
                 'country': user.teacher.country,
                 'phone': phone,
                 'introduce': user.teacher.introduce,
                 'success_case': user.teacher.success_case,
                 'feature': user.teacher.feature,
                 'update_time':
                 user.update_time.strftime('%Y-%m-%d %H:%M:%S'),
             }
             items.append(info)
     else:
         if not current_user.has_role(RoleType.admin):
             self.unauthorized(errorcode.UNAUTHORIZED)
         for user in users:
             info = {
                 'id': user.id,
                 'chinese_name': user.chinese_name,
                 'sexual': user.student.sexual,
                 'age': user.student.age,
                 'school': user.student.school,
                 'location': user.student.location,
                 'course_name': user.student.course_name,
                 'phone': user.phone,
                 'update_time':
                 user.update_time.strftime('%Y-%m-%d %H:%M:%S'),
             }
             items.append(info)
     return {
         'page_total': page_total(total, page_size),
         'page': page,
         'items': items,
     }
Esempio n. 34
0
def show_article(id):
    document = Document.query.get_or_404(id)
    if request.args.get('format') == 'places-json':
        return jsonify(DocumentPlace.summary_for_docs([document]))

    try:
        URL = session[str(current_user.id)]['search']
    except:
        URL = url_for('activity')

    if current_user.has_role('fdi'):

        exists = Investment.query.filter_by(doc_id=id).first() is not None

        if not exists:
            return render_template('fdi/edit_analysis.haml',
                                   create=0,
                                   document=document,
                                   natures=AnalysisNature.all(),
                                   URL=URL)

        investment = Investment.query.filter_by(doc_id=id).first()

        if Involvements1.query.filter_by(
                id=investment.involvement_id1).first() is None:
            investment.involvement_id1 = 5
            db.session.commit()
        if Involvements2.query.filter_by(
                id=investment.involvement_id2).first() is None:
            investment.involvement_id2 = 73
            db.session.commit()
        if Involvements3.query.filter_by(
                id=investment.involvement_id3).first() is None:
            investment.involvement_id3 = 19
            db.session.commit()
        if Provinces.query.filter_by(
                id=investment.province_id).first() is None:
            investment.province_id = 10
            db.session.commit()

        if Industries.query.filter_by(
                id=investment.industry_id).first() is None:
            investment.industry_id = 12
            db.session.commit()

        if ValueUnits.query.filter_by(
                id=investment.value_unit_id).first() is None:
            investment.value_unit_id = 3
            db.session.commit()

        if ValueUnits.query.filter_by(
                id=investment.value_unit_id2).first() is None:
            investment.value_unit_id2 = 3
            db.session.commit()

        phase = Phases.query.filter_by(id=investment.phase_id).first()
        sector = Sectors.query.filter_by(id=investment.sector_id).first()
        involvement_tier1 = Involvements1.query.filter_by(
            id=investment.involvement_id1).first()
        involvement_tier2 = Involvements2.query.filter_by(
            id=investment.involvement_id2).first()
        involvement_tier3 = Involvements3.query.filter_by(
            id=investment.involvement_id3).first()
        industry = Industries.query.filter_by(
            id=investment.industry_id).first()
        inv_origin = InvestmentOrigins.query.filter_by(
            id=investment.invest_origin_id).first()
        province = Provinces.query.filter_by(id=investment.province_id).first()
        inv_type = InvestmentType.query.filter_by(
            id=investment.invest_type_id).first()
        currency = Currencies.query.filter_by(
            id=investment.currency_id).first()
        value_unit = ValueUnits.query.filter_by(
            id=investment.value_unit_id).first()
        value_unit2 = ValueUnits.query.filter_by(
            id=investment.value_unit_id2).first()

        return render_template('fdi/show.haml',
                               investment=investment,
                               document=document,
                               phase=phase.name,
                               sector=sector.name,
                               inv_origin=inv_origin.name,
                               inv_type=inv_type.name,
                               currency=currency.name,
                               involvement1=involvement_tier1.name,
                               involvement2=involvement_tier2.name,
                               involvement3=involvement_tier3.name,
                               industry=industry.name,
                               value_unit=value_unit.name,
                               value_unit2=value_unit2.name,
                               province=province.name,
                               URL=URL)

    return render_template('articles/show.haml', document=document, URL=URL)
Esempio n. 35
0
 def func():
     if current_user.is_authenticated():
         for role in roles:
             if current_user.has_role(role):
                 return True
     return False
Esempio n. 36
0
def can_edit_thing(thing):
    return current_user.has_role('admin') or current_user.has_role(
        'editor') or thing.is_creator(current_user)
Esempio n. 37
0
 def _handle_view(self, name, **kwargs):
     if current_user.has_role('admin'):
         self.can_delete = True
     else:
         self.can_delete = False
Esempio n. 38
0
def req_shop_owner(*args, **kwargs):
    if not current_user.is_authenticated() or not current_user.has_role(
            Constants.SHOP_OWNER_ROLE):
        raise ProcessingException(description='Not authenticated!', code=401)
Esempio n. 39
0
 def is_accessible(self):
     if not current_user.is_active() or not current_user.is_authenticated():
         return False
     if current_user.has_role('admin'):
         return True
     return False
Esempio n. 40
0
 def is_accessible(self):
     return current_user.has_role('admin')
Esempio n. 41
0
def eligible_for_passwords():
    return current_user.has_role('admin') or current_user.has_role('edit')
Esempio n. 42
0
 def func():
     return current_user.is_authenticated() and current_user.has_role(role)
Esempio n. 43
0
 def is_visible(self):
     if current_user.has_role('urbam', invert_for_admin=True):
         return False
     return super(OrdemServicoView, self).is_accessible()
Esempio n. 44
0
 def is_accessible(self):
     if not current_user.has_role('urbam', invert_for_admin=True):
         return super(OrdemServicoView, self).is_accessible()
     for endpoint in self._urbam_accessible:
         if request.endpoint == 'ordemservico.{}'.format(endpoint):
             return True
Esempio n. 45
0
def can_edit_queue(queue):
    return current_user.has_role('admin') or current_user.has_role('editor') or queue.is_creator(current_user)
Esempio n. 46
0
 def is_accessible(self):
     has_secretaria = current_user.has_role('secretaria')
     return current_user.is_authenticated and has_secretaria
Esempio n. 47
0
def can_delete_file_from_thing(thing):
    return current_user.has_role('admin') or current_user.has_role('editor')
Esempio n. 48
0
    def post(self):
        """Post a :abbr:`SPK (Synology Package)` to the repository.

        First a :class:`~spkrepo.models.Package` is created if not existing already, based on the
        :attr:`~spkrepo.models.Package.name`. Only users with ``package_admin`` role can create new packages, other
        users must be defined as :attr:`~spkrepo.models.Package.maintainers` to be able to continue.

        Then a :class:`~spkrepo.models.Version` is created with its appropriate relationships if not existing already,
        based on the :attr:`~spkrepo.models.Version.package` and the :attr:`~spkrepo.models.Version.version`.

        Lastly, a :class:`~spkrepo.models.Build` is created with its appropriate relationships and files saved on the
        filesystem.

        .. note::

           The created :class:`~spkrepo.models.Build` is not :attr:`~spkrepo.models.Build.active` by default

        **Example response:**

        .. sourcecode:: http

            HTTP/1.1 201 CREATED
            Content-Length: 97

            {
                "architectures": ["88f628x"],
                "firmware": "3.1-1594",
                "package": "btsync",
                "version": "1.4.103-10"
            }

        :statuscode 201: SPK registered
        :statuscode 400: Request contained no body
        :statuscode 403: Insufficient permission
        :statuscode 409: A :class:`~spkrepo.models.Build` already exists
        :statuscode 422: Invalid or malformed SPK
        :statuscode 500: Signing or filesystem issue
        """
        if not request.data:
            abort(400, message='No data to process')

        # open the spk
        try:
            spk = SPK(io.BytesIO(request.data))
        except SPKParseError as e:
            abort(422, message=str(e))

        # reject signed packages
        if spk.signature is not None:
            abort(422, message='Package contains a signature')

        # Architectures
        architectures = []
        for info_arch in spk.info['arch'].split():
            architecture = Architecture.find(info_arch, syno=True)
            if architecture is None:
                abort(422, message='Unknown architecture: %s' % info_arch)
            architectures.append(architecture)

        # Firmware
        match = firmware_re.match(spk.info['firmware'])
        if not match:
            abort(422, message='Invalid firmware')
        firmware = Firmware.find(int(match.group('build')))
        if firmware is None:
            abort(422, message='Unknown firmware')

        # Package
        create_package = False
        package = Package.find(spk.info['package'])
        if package is None:
            if not current_user.has_role('package_admin'):
                abort(403, message='Insufficient permissions to create new packages')
            create_package = True
            package = Package(name=spk.info['package'], author=current_user)
        elif not current_user.has_role('package_admin') and current_user not in package.maintainers:
            abort(403, message='Insufficient permissions on this package')

        # Version
        create_version = False
        match = version_re.match(spk.info['version'])
        if not match:
            abort(422, message='Invalid version')
        # TODO: check discrepencies with what's in the database
        version = {v.version: v for v in package.versions}.get(int(match.group('version')))
        if version is None:
            create_version = True
            version = Version(package=package, upstream_version=match.group('upstream_version'),
                              version=int(match.group('version')), changelog=spk.info.get('changelog'),
                              report_url=spk.info.get('report_url'), distributor=spk.info.get('distributor'),
                              distributor_url=spk.info.get('distributor_url'), maintainer=spk.info.get('maintainer'),
                              maintainer_url=spk.info.get('maintainer_url'),
                              dependencies=spk.info.get('install_dep_packages'),
                              conf_dependencies=spk.conf_dependencies,
                              conflicts=spk.info.get('install_conflict_packages'),
                              conf_conflicts=spk.conf_conflicts,
                              conf_privilege=spk.conf_privilege,
                              conf_resource=spk.conf_resource,
                              install_wizard='install' in spk.wizards, upgrade_wizard='upgrade' in spk.wizards,
                              startable=spk.info.get('startable'), license=spk.license)

            for key, value in spk.info.items():
                if key == 'install_dep_services':
                    for service_name in value.split():
                        version.service_dependencies.append(Service.find(service_name))
                elif key == 'displayname':
                    version.displaynames['enu'] = DisplayName(language=Language.find('enu'), displayname=value)
                elif key.startswith('displayname_'):
                    language = Language.find(key.split('_', 1)[1])
                    if not language:
                        abort(422, message='Unknown INFO displayname language')
                    version.displaynames[language.code] = DisplayName(language=language, displayname=value)
                elif key == 'description':
                    version.descriptions['enu'] = Description(description=value, language=Language.find('enu'))
                elif key.startswith('description_'):
                    language = Language.find(key.split('_', 1)[1])
                    if not language:
                        abort(422, message='Unknown INFO description language')
                    version.descriptions[language.code] = Description(language=language, description=value)

            # Icon
            for size, icon in spk.icons.items():
                version.icons[size] = Icon(path=os.path.join(package.name, str(version.version), 'icon_%s.png' % size),
                                           size=size)

        # Build
        if version.id:
            # check for conflicts
            conflicts = set(architectures) & set(Architecture.query.join(Architecture.builds).
                                                 filter_by(version=version, firmware=firmware).all())
            if conflicts:
                abort(409, message='Conflicting architectures: %s' % (', '.join(sorted(a.code for a in conflicts))))

        build_filename = Build.generate_filename(package, version, firmware, architectures)
        build = Build(version=version, architectures=architectures, firmware=firmware, publisher=current_user,
                      path=os.path.join(package.name, str(version.version), build_filename),
                      checksum=spk.info.get('checksum'))

        # sign
        if current_app.config['GNUPG_PATH'] is not None:  # pragma: no cover
            try:
                spk.sign(current_app.config['GNUPG_TIMESTAMP_URL'], current_app.config['GNUPG_PATH'])
            except SPKSignError as e:
                abort(500, message='Failed to sign package', details=e.message)

        # save files
        try:
            data_path = current_app.config['DATA_PATH']
            if create_package:
                os.mkdir(os.path.join(data_path, package.name))
            if create_version:
                os.mkdir(os.path.join(data_path, package.name, str(version.version)))
                for size, icon in build.version.icons.items():
                    icon.save(spk.icons[size])
            build.save(spk.stream)
        except Exception as e:  # pragma: no cover
            if create_package:
                shutil.rmtree(os.path.join(data_path, package.name), ignore_errors=True)
            elif create_version:
                shutil.rmtree(os.path.join(data_path, package.name, str(version.version)), ignore_errors=True)
            else:
                try:
                    os.remove(os.path.join(data_path, build.path))
                except OSError:
                    pass
            abort(500, message='Failed to save files', details=e.message)

        # insert the package into database
        db.session.add(build)
        db.session.commit()

        # success
        return {'package': package.name, 'version': version.version_string, 'firmware': firmware.firmware_string,
                'architectures': [a.code for a in architectures]}, 201
Esempio n. 49
0
def can_add_file_to_thing(thing):
    if current_user.has_role('spammer'):
        return False
    return current_user.has_role('admin') or current_user.has_role(
        'editor') or current_user.has_role('contributor')
Esempio n. 50
0
 def is_accessible(self):
     return super(
         RoleAdmin,
         self).is_accessible() and current_user.has_role('admin') or False
Esempio n. 51
0
def edit_article_analysis(id):
    document = Document.query.get_or_404(id)

    try:
        URL = session[str(current_user.id)]['search']
    except:
        URL = url_for('activity')

    if current_user.has_role('fdi'):

        investment = Investment.query.filter_by(doc_id=id).first()

        fdi_form = FDIAnalysisForm(prefix='fdi-new',
                                   csrf_enabled=True,
                                   obj=investment)

    # can this user do this?
    if not document.can_user_edit(current_user):
        flash("You're not allowed to edit this article.", 'error')
        return redirect(url_for('show_article', id=id))

    if request.args.get('format') == 'places-json':
        return jsonify(DocumentPlace.summary_for_docs([document]))

    status = 200
    form = document.make_analysis_form()

    new_source_form = DocumentSourceForm(prefix='sources-new',
                                         csrf_enabled=False,
                                         document=document)

    # fairness forms
    new_fairness_form = DocumentFairnessForm(prefix='fairness-new',
                                             csrf_enabled=False)
    new_fairness_form.fairness_id.choices = [[
        '', '(none)'
    ]] + new_fairness_form.fairness_id.choices

    fairness_forms = []
    for fairness in document.fairness:
        f = DocumentFairnessForm(prefix='fairness[%d]' % fairness.id,
                                 obj=fairness)
        f.document_fairness = fairness
        fairness_forms.append(f)

    if request.method == 'POST':

        if current_user.has_role('fdi'):

            forms = [fdi_form]
            if all(f.validate() for f in forms):

                with db.session.no_autoflush:
                    fdi_form.populate_obj(investment)

                if current_user.is_authenticated() and not document.checked_by:
                    document.checked_by = current_user

                log.info("Updated analysis by %s for %s" %
                         (current_user, document))
                db.session.commit()

                flash('Analysis updated.')

                if not request.is_xhr:
                    return redirect(url_for('edit_article_analysis', id=id))

                status = 200
            else:
                if request.is_xhr:
                    status = 412
                else:
                    flash('Please correct the problems below and try again.',
                          'warning')

        else:
            form.sources.entries = [
                e for e in form.sources.entries
                if not e.form.is_deleted() and not e.form.is_empty()
            ]

            # new fairness
            for key in sorted(
                    set('-'.join(key.split('-', 3)[0:2])
                        for key in request.form.keys()
                        if key.startswith('fairness-new['))):
                frm = DocumentFairnessForm(prefix=key)
                # skip new fairness that have an empty bias
                if frm.fairness_id.data != '':
                    fairness_forms.append(frm)

            forms = [form] + fairness_forms

            if all(f.validate() for f in forms):
                # convert issue id's to Issue objects
                form.issues.data = [
                    Issue.query.get_or_404(i) for i in form.issues.data
                ]

                # update document -- no_autoflush seems to be required with wtforms alchemy
                with db.session.no_autoflush:
                    form.populate_obj(document)
                    document.dedup_sources()

                # update and delete fairness
                for frm in fairness_forms:
                    frm.create_or_update(document)

                # link to user
                if current_user.is_authenticated() and not document.checked_by:
                    document.checked_by = current_user

                log.info("Updated analysis by %s for %s" %
                         (current_user, document))

                db.session.commit()

                # XXX - the document analysis forms only update the *_id attributes,
                # no the association attribute, but we need that updated for the functionality
                # below. So, run it after the commit. It sucks that we don't do this all
                # in one transaction. We should use a different form mechanism
                # that updates everything
                document.relearn_source_affiliations()
                db.session.commit()

                flash('Analysis updated.')

                # if it's an ajax request, we're just going to return a 200
                if not request.is_xhr:
                    return redirect(url_for('edit_article_analysis', id=id))

                status = 200
            else:
                if request.is_xhr:
                    status = 412
                else:
                    flash('Please correct the problems below and try again.',
                          'warning')
    else:
        if current_user.has_role('fdi'):
            t2_options = {
                1: range(1, 48) + [73],
                2: range(48, 57) + [73],
                3: range(57, 65) + [73],
                4: range(65, 73) + [73],
                5: [73]
            }
            t3_options = {
                9: [1, 19],
                33: [2, 19],
                48: [3, 19],
                49: [4, 19],
                50: [5, 6, 7, 19],
                51: [8, 9, 19],
                52: [10, 11, 19],
                53: [12, 19],
                54: [13, 19],
                55: [14, 19],
                56: [15, 19],
                57: [16, 19],
                58: [17, 19],
                59: [18, 19],
                73: [19]
            }

            if fdi_form.involvement_id1.data is not None:
                if int(fdi_form.involvement_id1.data) in t2_options.keys():
                    fdi_form.involvement_id2.choices = [[str(
                        c.id), c.name] for c in Involvements2.query.filter(
                            Involvements2.id.in_(t2_options[int(
                                fdi_form.involvement_id1.data)])).all()]
                else:
                    fdi_form.involvement_id2.choices = [["73", "unspecified"]]
            else:
                fdi_form.involvement_id2.choices = [["73", "unspecified"]]

            if fdi_form.involvement_id2.data is not None:
                if int(fdi_form.involvement_id2.data) in t3_options.keys():
                    fdi_form.involvement_id3.choices = [[str(
                        c.id), c.name] for c in Involvements3.query.filter(
                            Involvements3.id.in_(t3_options[int(
                                fdi_form.involvement_id2.data)])).all()]
                else:
                    fdi_form.involvement_id3.choices = [["19", "unspecified"]]
            else:
                fdi_form.involvement_id3.choices = [["19", "unspecified"]]

        # wtforms turns None values into None, which sucks
        if form.topic_id.data == 'None':
            form.topic_id.data = ''
        if form.origin_location_id.data == 'None':
            form.origin_location_id.data = ''
        # ensure that checkboxes can be pre-populated
        form.issues.data = [str(i.id) for i in document.issues]

    # only render if it's not an ajax request
    if not request.is_xhr:
        if current_user.has_role('fdi'):
            resp = make_response(
                render_template('fdi/edit_analysis.haml',
                                fdi_form=fdi_form,
                                document=document,
                                investment=investment,
                                natures=AnalysisNature.all(),
                                URL=URL))
        else:
            resp = make_response(
                render_template('articles/edit_analysis.haml',
                                form=form,
                                new_source_form=new_source_form,
                                new_fairness_form=new_fairness_form,
                                fairness_forms=fairness_forms,
                                document=document,
                                natures=AnalysisNature.all(),
                                URL=URL))
    else:
        resp = ''

    return (
        resp,
        status,
        # ensure the browser refreshes the page when Back is pressed
        {
            'Cache-Control': 'no-cache, no-store, must-revalidate'
        })
Esempio n. 52
0
def can_add_thing():
    if current_user.has_role('spammer'):
        return False
    return current_user.is_authenticated()
Esempio n. 53
0
 def is_accessible(self):
     return super(
         AuthBaseView,
         self).is_accessible() and current_user.has_role('admin') or False
Esempio n. 54
0
def can_view_file_for_thing(thing):
    if current_user.has_role('restricted'):
        return False
    return current_user.is_authenticated()
Esempio n. 55
0
def users(id=None):
    '''
	API that allows creating, reading, updating and deleting users.  The logged in
	user needs to habe the admin role.
	'''
    if not current_user.is_authenticated():
        flask.abort(403)
    if not current_user.has_role('admin'):
        flask.abort(403)

    admin_role = Role.query.filter_by(name='admin').first()
    if id:
        user = User.query.filter_by(id=id).first()
    if flask.request.method == 'GET':
        json = []
        for user in User.query.all():
            u = {
                'id': user.id,
                'name': user.name,
                'email': user.email,
                'passwprd': '',
                'roles': [unicode(role.name) for role in user.roles],
                'admin_user': admin_role in user.roles,
            }
            json.append(u)
        return flask.jsonify(items=json)
    if flask.request.method == 'DELETE' and id:
        try:
            Roster.query.filter_by(user=user).delete()
            db.session.delete(user)
            db.session.commit()
        except DatabaseError as e:
            response = flask.jsonify(
                ok=False,
                msg='Benutzer kann nicht gelöscht werden: ' + e.message)
            response.status_code = 409
            return response
        return flask.jsonify(ok=True)
    if flask.request.method == 'PUT':
        roles = []
        req = flask.request.get_json()
        if 'admin_user' in req:
            roles.append(admin_role)
        try:
            user.name = req['name']
            user.email = req['email']
            if 'password' in req:
                user.password = encrypt_password(req['password'])
            user.roles = roles
            db.session.commit()
        except IntegrityError:
            response = flask.jsonify(
                ok=False,
                msg=
                'Es gibt bereits einen Benutzer mit dieser Email (doppelter Datensatz)'
            )
            response.status_code = 409
            return response
        except DatabaseError as e:
            response = flask.jsonify(ok=False,
                                     msg='beim Speichern des Benutzers: ' +
                                     e.message)
            response.status_code = 409
            return response
        return flask.jsonify(ok=True, id=user.id)
    if flask.request.method == 'POST':
        roles = []
        req = flask.request.get_json()
        if 'admin_user' in req and req['admin_user']:
            roles.append(admin_role)
        try:
            user = user_datastore.create_user(name=req['name'],
                                              email=req['email'],
                                              password=encrypt_password(
                                                  req['password']),
                                              roles=roles)
            db.session.commit()
        except IntegrityError:
            response = flask.jsonify(
                ok=False,
                msg=
                'Es gibt bereits einen Benutzer mit dieser Email (doppelter Datensatz)'
            )
            response.status_code = 409
            return response
        except DatabaseError as e:
            response = flask.jsonify(ok=False,
                                     msg='beim Speichern des Benutzers: ' +
                                     e.message)
            response.status_code = 409
            return response
        return flask.jsonify(ok=True, id=user.id)
    flask.abort(405)