Esempi in Python per check_role

Esempio n. 1

def delete_node():
    id_ = request.args.get('id')
    if not id_:
        flash('Node ID not provided.')
        return redirect(url_for('nodes'))
    if current_user.check_role() >= 10:
        del_node = api_delete('nodes', id_)
        if del_node:
            flash("Node deleted successfully.")
            return redirect(url_for('nodes'))
        else:
            flash("Error deleting node. Please try again.")
            return redirect(url_for('nodes'))
    elif current_user.check_role() >= 3:
        query = {"filters": [{"op": "eq", "name": "id", "val": id_}]}
        test_node = api_get('nodes', query)
        if test_node:
            if test_node[0].get('owner') != current_user.username:
                flash("Permission denied.")
                return redirect(url_for('nodes'))
        del_node = api_delete('nodes', id_)
        if del_node:
            flash("Node deleted successfully.")
            return redirect(url_for('nodes'))
        else:
            flash("Error deleting node. Please try again.")
            return redirect(url_for('nodes'))
    else:
        abort(401)

Esempio n. 2

def disable_node():
    id_ = request.args.get('id')
    if not id_:
        flash('Node ID not provided.')
        return redirect(url_for('nodes'))
    if current_user.check_role() >= 10:
        query = {"filters": [{"op": "eq", "name": "id", "val": id_}]}
        data = {"active": False, 'q': query}
        disable_node = api_update('nodes', data)
        if disable_node:
            flash("Node disabled successfully.")
            return redirect(url_for('nodes'))
        else:
            flash("Error disabling node. Please try again.")
            return redirect(url_for('nodes'))
    elif current_user.check_role() >= 3:
        query = {"filters": [{"op": "eq", "name": "id", "val": id_}]}
        test_node = api_get('nodes', query)
        if test_node.get('owner') != current_user.username:
            flash("Permission denied.")
            return redirect(url_for('nodes'))
        query = {"filters": [{"op": "eq", "name": "id", "val": id_}]}
        data = {"active": False, 'q': query}
        disable_node = api_update('nodes', data)
        if disable_node:
            flash("Node disabled successfully.")
            return redirect(url_for('nodes'))
        else:
            flash("Error disabling node. Please try again.")
            return redirect(url_for('nodes'))
    else:
        abort(401)

Esempio n. 3

def new_node():
    if current_user.check_role() >= 3:
        # For now let's limit a user to 5 nodes.  Admins can have unlimited nodes.
        if current_user.check_role() >= 10:
            # We will just trick it into always being lower than 5
            node_count = []
        else:
            query = {
                "filters": [{
                    "op": "eq",
                    "name": "owner",
                    "val": current_user.username
                }]
            }
            node_count = api_get('nodes', query)
        if len(node_count) >= 5:
            flash('You have reached the limit of 5 nodes.')
            return redirect(url_for('nodes'))
        check_dup = True
        # Keep trying to create unique keys until they don't exist in the db.  This should really only run once.
        # Collisions should be very low.
        while check_dup:
            unique_id = create_unique_id()
            api_key = create_api_key()
            query = {
                "filters": [{
                    "or": [{
                        "op": "eq",
                        "name": "unique_id",
                        "val": unique_id
                    }, {
                        "op": "eq",
                        "name": "api_key",
                        "val": api_key
                    }]
                }],
                "single":
                True
            }
            check_dup = api_get('nodes', query)
        data = {
            "owner": current_user.username,
            "unique_id": unique_id,
            "api_key": api_key,
            "active": True
        }
        add_node = api_create('nodes', data)
        if add_node:
            flash("Node {} added successfully.".format(unique_id))
            return redirect(url_for('nodes'))
        else:
            flash("Error adding node.  Please try again.")
            return redirect(url_for('nodes'))
    else:
        abort(401)

Esempio n. 4

File: support.py Progetto: AlertRED/Flask-microblog

 def check_is_admin(*args, **kwargs):
     if not current_user.is_authenticated:
         flash('Вы не авторизованы', 'alert')
         return redirect(url_for('login'))
     if not current_user.check_role('Admin'):
         flash('У вас не достаточно прав', 'alert')
         return redirect(url_for('index'))
     return foo(*args, **kwargs)

Esempio n. 5

File: decorators.py Progetto: spencerharmon/MADST

 def inner(*args, **kwargs):
     from .models import Role
     current_user = import_user()
     if current_user.check_role(role):
         return func(*args, **kwargs)
     raise Forbidden(
         "Your roles do not grant you access to this page, or your account is disabled."
     )

Esempio n. 6

def nodes():
    sort = request.args.get('sort', 'id')
    # You would image that the library would support switching the sort automatically from asc to desc, but it
    # doesn't appear it does that :(
    sort_dir = request.args.get('direction', 'asc')
    # Check if admin
    if current_user.check_role() >= 10:
        query = {
            "filters": [],
            "order_by": [{
                "field": sort,
                "direction": sort_dir
            }]
        }
        the_nodes = api_get('nodes', query)
        if not the_nodes:
            the_nodes = []
        # Populate the table
        table = NodesTable(the_nodes)
        return render_template("nodes.html", table=table)
    # Check if user
    elif current_user.check_role() >= 3:
        query = {
            "filters": [{
                "op": "eq",
                "name": "owner",
                "val": current_user.username
            }],
            "order_by": [{
                "field": sort,
                "direction": sort_dir
            }]
        }
        the_nodes = api_get('nodes', query)
        if not the_nodes:
            the_nodes = []
        # Populate the table
        table = NodesTable(the_nodes)
        return render_template("nodes.html", table=table)
    else:
        # User unauthorized
        abort(401)

Esempio n. 7

File: routes.py Progetto: CrunchWillSupreme/Reporter

def matter():
    if not current_user.check_role('matter'):
        return redirect(url_for('accessdenied'))
    form = Matter()
    if request.method == 'GET':
        return render_template('matter.html', form=form)
    if request.method == 'POST':
        Mattermain(form.emailadd.data,
                   form.password.data,
                   send_mail=form.send_email.data)
        return render_template('report_success.html')
    return render_template('matter.html', title='Matter Upload', form=form)

Esempio n. 8

File: routes.py Progetto: CrunchWillSupreme/Reporter

def cat():
    if not current_user.check_role('cat'):
        return redirect(url_for('accessdenied'))
    form = CAT()
    email_user = form.emailadd.data
    email_pwd = form.password.data
    send_email = form.send_email.data
    if request.method == 'GET':
        return render_template('catWTF.html', form=form)
    if request.method == 'POST':
        catmain(email_user, email_pwd, send_email)
        return render_template('report_success.html')
    return render_template('catWTF.html', title='CAT Report', form=form)

Esempio n. 9

def invites():
    sort = request.args.get('sort', 'id')
    # You would image that the library would support switching the sort automatically from asc to desc, but it 
    # doesn't appear it does that :(
    sort_dir = request.args.get('direction', 'asc')
    order = asc(sort) if sort_dir == "asc" else desc(sort)
    # Check if admin
    if current_user.check_role() >= 10:
        the_invites = db.session.query(Invites).order_by(order).all()
        # Populate the table
        table = InviteTable(the_invites)
        return render_template("invites.html", table=table)
    else:
        # User unauthorized
        abort(401)

Esempio n. 10

File: users.py Progetto: TorSpider/TorSpider-Frontend

def change_password():
    if current_user.check_role() >= 3:
        the_user = db.session.query(User).filter(User.username == current_user.username).first()
        try:
            thepassword = generate_password()
            the_user.password = bcrypt.hashpw(thepassword.encode('utf-8'), bcrypt.gensalt()).decode('utf-8')
            db.session.merge(the_user)
            db.session.commit()
            flash("Password regenerated successfully!".format(the_user.username))
            return render_template("users_newpass.html", the_pass=thepassword, the_user=the_user.username)
        except Exception as e:
            print(e)
            flash("Error updating user. Please try again.")
            return redirect(url_for('users'))
    else:
        abort(401)

Esempio n. 11

File: users.py Progetto: TorSpider/TorSpider-Frontend

def delete_user():
    id_ = request.args.get('id')
    if not id_:
        flash('User ID not provided.')
        return redirect(url_for('users'))
    if current_user.check_role() >= 10:
        del_user = db.session.query(User).filter(User.id == id_).first()
        try:
            db.session.delete(del_user)
            db.session.commit()
            flash("User {} deleted successfully.".format(del_user.username))
            return redirect(url_for('users'))
        except:
            flash("Error deleting user. Please try again.")
            return redirect(url_for('users'))
    else:
        abort(401)

Esempio n. 12

def delete_invite():
    id_ = request.args.get('id')
    if not id_:
        flash('Invite code ID not provided.')
        return redirect(url_for('invites'))
    if current_user.check_role() >= 10:
        del_invite_code = db.session.query(Invites).filter(Invites.id == id_).first()
        try:
            db.session.delete(del_invite_code)
            db.session.commit()
            flash("Invite code {} deleted successfully.".format(del_invite_code.invite_code))
            return redirect(url_for('invites'))
        except:
            flash("Error deleting invite code. Please try again.")
            return redirect(url_for('invites'))
    else:
        abort(401)

Esempio n. 13

File: routes.py Progetto: CrunchWillSupreme/Reporter

def ack():
    #    if current_user.role not in ['ack','admin']:
    #        return redirect(url_for('accessdenied'))
    #    return render_template('ack.html', title='Acknowledgement Letter Report')
    if not current_user.check_role('ack'):
        return redirect(url_for('accessdenied'))
    form = Ack()
    Ack_create_folder()
    if request.method == 'GET':
        return render_template('ack.html', form=form)
    if request.method == 'POST':
        flash('The email address is: ' + form.emailadd.data +
              " The checkbox shows: " + str(form.send_email.data))
        Ackmain(form.emailadd.data, form.password.data, form.send_email.data)
        return render_template('report_success.html')
    return render_template('ack.html',
                           title='Acknowledgement Letter Add-In',
                           form=form)

Esempio n. 14

File: routes.py Progetto: cpkm/darts-site

def register():
    if current_user.is_authenticated:
        if current_user.check_role(['admin']):
            status = 'True'
        else:
            return redirect(url_for('main.index'))
    else:
        status = current_app.config['REGISTRATION_OPEN']

    form = RegistrationForm()
    
    if form.validate_on_submit():
        user = User(email=form.email.data.lower())
        user.set_password(form.password.data)
        db.session.add(user)
        db.session.commit()
        send_verification_email(user)
        return redirect(url_for('auth.unverified_email'))
    return render_template('auth/register.html', title='Register', form=form, status=status)

Esempio n. 15

def disable_invite():
    # I'm doing provide a disable function for now, perhaps update it to fill edit later.
    id_ = request.args.get('id')
    if not id_:
        flash('Invite code ID not provided.')
        return redirect(url_for('invites'))
    if current_user.check_role() >= 10:
        the_invite = db.session.query(Invites).filter(Invites.id == id_).first()
        the_invite.active = False
        try:
            db.session.merge(the_invite)
            db.session.commit()
            flash("Invite code {} updated successfully.".format(the_invite.invite_code))
            return redirect(url_for('invites'))
        except:
            flash("Error disabling invite code. Please try again.")
            return redirect(url_for('invites'))
    else:
        abort(401)

Esempio n. 16

File: users.py Progetto: TorSpider/TorSpider-Frontend

def regen_password():
    id_ = request.args.get('id')
    if not id_:
        flash('Node ID not provided.')
        return redirect(url_for('users'))
    if current_user.check_role() >= 10:
        the_user = db.session.query(User).filter(User.id == id_).first()
        try:
            thepassword = generate_password()
            the_user.password = bcrypt.hashpw(thepassword.encode('utf-8'), bcrypt.gensalt()).decode('utf-8')
            db.session.merge(the_user)
            db.session.commit()
            flash("User {} updated successfully.".format(the_user.username))
            return render_template("users_newpass.html", the_pass=thepassword, the_user=the_user.username)
        except Exception as e:
            print(e)
            flash("Error updating user. Please try again.")
            return redirect(url_for('users'))
    else:
        abort(401)

Esempio n. 17

def new_invite():
    if current_user.check_role() >= 10:
        check_dup = True
        # Keep trying to create unique keys until they don't exist in the db.  This should really only run once.
        # Collisions should be very low.
        while check_dup:
            invite_code = create_invite_code()
            check_dup = db.session.query(Invites).filter(Invites.invite_code == invite_code).first()
        new_code = Invites()
        new_code.created_by = current_user.username
        new_code.invite_code = invite_code
        new_code.active = True
        try:
            db.session.add(new_code)
            db.session.commit()
            flash("Invite code {} added successfully.".format(invite_code))
            return redirect(url_for('invites'))
        except:
            db.session.rollback()
            flash("Error adding invite code.  Please try again.")
            return redirect(url_for('invites'))
    else:
        abort(401)

Esempio n. 18

def regen_node_api():
    id_ = request.args.get('id')
    if not id_:
        flash('Node ID not provided.')
        return redirect(url_for('nodes'))
    if current_user.check_role() >= 10:
        check_dup = True
        # Keep trying to create unique keys until they don't exist in the db.  This should really only run once.
        # Collisions should be very low.
        while check_dup:
            api_key = create_api_key()
            query = {
                "filters": [{
                    "op": "eq",
                    "name": "api_key",
                    "val": api_key
                }],
                "single": True
            }
            check_dup = api_get('nodes', query)
        query = {"filters": [{"op": "eq", "name": "id", "val": id_}]}
        data = {"api_key": api_key, 'q': query}

        api_node = api_create('nodes', data)
        if api_node:
            flash("Node updated successfully.")
            return redirect(url_for('nodes'))
        else:
            flash("Error updating node. Please try again.")
            return redirect(url_for('nodes'))
    elif current_user.check_role() >= 3:
        query = {"filters": [{"op": "eq", "name": "id", "val": id_}]}
        test_node = api_get('nodes', query)
        if test_node.get('owner') != current_user.username:
            flash("Permission denied.")
            return redirect(url_for('nodes'))
        check_dup = True
        # Keep trying to create unique keys until they don't exist in the db.  This should really only run once.
        # Collisions should be very low.
        while check_dup:
            api_key = create_api_key()
            query = {
                "filters": [{
                    "op": "eq",
                    "name": "api_key",
                    "val": api_key
                }],
                "single": True
            }
            check_dup = api_get('nodes', query)
        query = {"filters": [{"op": "eq", "name": "id", "val": id_}]}
        data = {"api_key": api_key, 'q': query}

        api_node = api_create('nodes', data)
        if api_node:
            flash("Node updated successfully.")
            return redirect(url_for('nodes'))
        else:
            flash("Error updating node. Please try again.")
            return redirect(url_for('nodes'))
    else:
        abort(401)

Esempio n. 19

File: decorators.py Progetto: cpkm/darts-site

 def decorated_function(*args, **kwargs):
     if not current_user.check_role(roles):
         flash('You do not have permission to view this page.',
               'warning')
         return redirect(url_for('main.index'))
     return func(*args, **kwargs)