def media(): if "GDRIVE_REFRESH_TOKEN" not in os.environ: flash( "Media storage with Google Drive has not yet been configured for this instance", "warning", ) return redirect(url_for("index")) social = copy.deepcopy(app.config["SOCIAL"]) if current_user.has_any_role("admin", "social-admin"): for platform in social: if not platform["type"] == "account": continue platform["password"] = generate_password(platform["name"], app.secret_key) service = create_oauth_service() gdrive_root = os.environ["GOOGLE_DRIVE_MEDIA_DRIVE_ID"] gdrive_dirs = sorted(list_sub_dirs(service, gdrive_root), key=lambda x: x["name"]) youtube_playlist = os.environ.get("YOUTUBE_PLAYLIST_ID") photos = GDrivePhoto.new_photos(7) return render_template( "media.html", social=social, gdrive_dirs=gdrive_dirs, photos=photos, youtube_playlist=youtube_playlist, )
def score(score_id): bluegrades = ['a', 'b', 'c', 'd'] goldgrades = ['s', 'ss', 'sss'] redgrades = ['f'] score = Post.query.get_or_404(score_id) songtitle = SongTitle.query.join(Language).filter_by( song=score.song).filter(Language.code == 'en').first() if songtitle is None: current_app.logger.error( "Error: song title not found for song ID {score.song.id}!") abort(500) if score.status != POST_APPROVED and not (score.author == current_user or current_user.has_any_role( "Moderator", "Admin")): current_app.logger.info( f"Access denied for user {current_user} to access score {score_id}, returning 404" ) abort(404) return render_template('score.html', score=score, songtitle=songtitle, length=score.length, bluegrades=bluegrades, goldgrades=goldgrades, redgrades=redgrades, int_to_mods=int_to_mods, modlist_to_modstr=modlist_to_modstr, int_to_noteskin=int_to_noteskin)
def accept_score(score_id): if not current_user.has_any_role("Moderator", "Admin"): current_app.logger.info( f"Access denied for user {current_user} to accept score {score_id}, returning 403" ) abort(403) score = Post.query.get_or_404(score_id) approve_post(score) flash('The score has been accepted!', 'success') return redirect(url_for('main.home'))
def delete_tournament(tournament_id): tournament = Tournament.query.get_or_404(tournament_id) if tournament.user_id != current_user.id and not current_user.has_any_role( "Moderator", "Admin"): abort(403) if tournament.image_file != "None": os.remove( os.path.join(current_app.root_path, pic_directories['tournament'], tournament.image_file)) db.session.delete(tournament) db.session.commit() flash('Your tournament has been deleted!', 'success') return redirect(url_for('main.tournaments'))
def post(self): if not current_user.has_any_role(Role.CAFE_STAFF, Role.ADMIN): abort(403) req = UpdateCafeRequest().load(request.get_json()) cafe = db.session.query(Cafe).first() if cafe is None: cafe = Cafe() db.session.add(cafe) cafe.accepting_orders = req["accepting_orders"] db.session.commit() return UpdateCafeResponse().dump(dict(cafe=cafe))
def user_posts(username): page = request.args.get('page', 1, type=int) user = User.query.filter_by(username=username).first_or_404() scores = Post.query.filter_by(author=user) if current_user != user and not current_user.has_any_role( "Moderator", "Admin"): scores = scores.filter( or_(Post.status == POST_APPROVED, Post.status == POST_UNRANKED)) scores = scores.order_by(Post.date_posted.desc()).paginate(per_page=5, page=page) return render_template("user_posts.html", scores=scores, difficulty=difficulty, user=user)
def media(): social = copy.deepcopy(app.config["SOCIAL"]) if current_user.has_any_role("admin", "social-admin"): for platform in social: if not platform["type"] == "account": continue platform["password"] = generate_password(platform["name"], app.secret_key) service = create_service() gdrive_root = os.environ["GOOGLE_DRIVE_MEDIA_DRIVE_ID"] gdrive_dirs = sorted(list_sub_dirs(service, gdrive_root), key=lambda x: x["name"]) photos = GDrivePhoto.new_photos() return render_template("social.html", social=social, gdrive_dirs=gdrive_dirs, photos=photos)
def show_user(user_id): if int(user_id) != current_user.id: if not current_user.has_any_role(): flash("Non autorisé", "error") return redirect(url_for("event.index")) if not current_user.has_signed_ca(): flash( """Vous devez signer la charte RGPD avant de pouvoir accéder à des informations des utilisateurs""", "error", ) return redirect(url_for("profile.confidentiality_agreement")) user = User.query.filter_by(id=user_id).first() return render_template("profile.html", conf=current_app.config, title="Profil adhérent", user=user)
def get(self): req = GetOrdersRequest().load(request.args) filters = [] if req["created_by"] != "me" and not current_user.has_any_role( Role.CAFE_STAFF, Role.ADMIN): abort(403) if req["created_by"] == "me": filters.append(Order.user == current_user) if req["statuses"]: db_statuses = map(lambda s: OrderStatus_[s.name], req["statuses"]) filters.append(Order.status.in_(db_statuses)) if req["created_after"]: filters.append(Order.created_at > req["created_after"]) orders = (db.session.query(Order).filter(*filters).order_by( Order.created_at.desc()).limit(req["limit"])) return GetOrdersResponse().dump({"orders": orders})
def delete_score(score_id): score = Post.query.get(score_id) if not score or not (score.author == current_user or current_user.has_any_role("Moderator", "Admin")): current_app.logger.info( f"Access denied for user {current_user} to delete score {score_id}, returning 403" ) abort(403) if score.image_file != "None": try: os.remove( os.path.join(current_app.root_path, pic_directories['score'], score.image_file)) except: flash('Score screenshot couldn\'t be found.', 'info') db.session.delete(score) db.session.commit() update_user_sp(score.author) flash('The score has been deleted!', 'success') return redirect(url_for('main.home'))
def edit_score(score_id): form = ScoreForm() current_app.logger.info(request.form) post = Post.query.get(score_id) if not post or not (post.author == current_user or current_user.has_any_role("Moderator", "Admin")): current_app.logger.info( f"Access denied for user {current_user} to edit score {score_id}, returning 403" ) abort(403) if flask.request.method == "GET": form.score.data = post.score form.lettergrade.data = post.lettergrade form.platform.data = post.platform form.stagepass.data = post.stagepass form.perfect.data = post.perfect form.great.data = post.great form.good.data = post.good form.bad.data = post.bad form.miss.data = post.miss form.maxcombo.data = post.maxcombo modifiers, form.judgement.data = int_to_mods(post.modifiers, separate_judge=True) form.noteskin.data = post.noteskin form.rushspeed.data = post.rushspeed form.ranked.data = post.ranked if request.form.get('lettergrade') is not None: form.lettergrade.data = request.form.get('lettergrade') if request.form.get('stagepass') is not None: form.stagepass.data = request.form.get('stagepass') if request.form.get('platform') is not None: form.platform.data = request.form.get('platform') try: if request.form.get('score') is not None: form.score.data = int(request.form.get('score')) if request.form.get('perfect') is not None: form.perfect.data = int(request.form.get('perfect')) if request.form.get('great') is not None: form.great.data = int(request.form.get('great')) if request.form.get('good') is not None: form.good.data = int(request.form.get('good')) if request.form.get('bad') is not None: form.bad.data = int(request.form.get('bad')) if request.form.get('miss') is not None: form.miss.data = int(request.form.get('miss')) if request.form.get('maxcombo') is not None: form.maxcombo.data = int(request.form.get('maxcombo')) if request.form.get('noteskin') is not None: form.noteskin.data = int(request.form.get('noteskin')) if request.form.get('rushspeed') is not None: form.rushspeed.data = float(request.form.get('rushspeed')) except: pass if request.form.get('gamemix') is not None: form.gamemix.data = request.form.get('gamemix') if request.form.get('ranked') is not None: form.ranked.data = request.form.get('ranked') if request.form.get('judgement') is not None: form.judgement.data = request.form.get('judgement') if form.validate_on_submit(): current_app.logger.info("Form validated.") difficulty = request.form.get('diffDrop') try: file = request.files['file'] except: picture_file = "None" file = None flash('No file uploaded', 'info') if file.filename != '': if file and allowed_file(file.filename): picture_file = save_picture(file, 'score') flash('File uploaded successfully!', 'success') elif file and not allowed_file(file.filename): picture_file = "None" flash('You can\'t upload that!', 'error') else: picture_file = "None" current_app.logger.info("Updating post info...") # instead of converting form to a post, edit an existing post ID and update some info post = Post.query.get(score_id) post.score = form.score.data post.exscore = calc_exscore(form.perfect.data, form.great.data, form.good.data, form.bad.data, form.miss.data) post.lettergrade = form.lettergrade.data post.platform = form.platform.data post.stagepass = form.stagepass.data post.perfect = form.perfect.data post.great = form.great.data post.good = form.good.data post.bad = form.bad.data post.miss = form.miss.data post.maxcombo = form.maxcombo.data post.modifiers = mods_to_int(request.form.getlist('modifiers'), form.judgement.data) post.noteskin = form.noteskin.data post.rushspeed = form.rushspeed.data if form.rushspeed.data != None else 1.0 post.ranked = form.ranked.data if picture_file != None: post.image_file = picture_file # SP should always be calculated in score submission, non-approved posts will get ignored post.sp = calc_performance( Post.query.get(post.chart_id).first(), post.perfect, post.great, post.good, post.bad, post.miss, int_to_judge(post.modifiers), post.rushspeed, post.stagepass == "True") # if already unranked before, do not set to pending post.status = POST_PENDING if post.sp >= 0 and post.status != POST_UNRANKED else POST_UNRANKED if post.acsubmit: post.status = POST_APPROVED current_app.logger.info("Committing to database...") db.session.commit() update_user_sp(current_user) current_app.logger.info("Updated user SP.") flash( 'Score has been edited! If your score was approved before it has re-entered the moderator queue. If it was unranked it stays unranked.', 'success') return redirect(url_for('scores.score', score_id=score_id)) # generate form from post here return render_template("new_score.html", title="Edit Score", form=form, currpost=post)
def tournament_matches(tournament_id): tournament = Tournament.query.get_or_404(tournament_id) if current_user.id not in tournament.organizers( ) and not current_user.has_any_role("Moderator", "Admin"): abort(403) return render_template('tournament_matches.html', tournament=tournament)
def has_permission(self, order: Order): return order.user == current_user or current_user.has_any_role( Role.CAFE_STAFF, Role.ADMIN)