def user_delete(user_id, hard_delete=False):
"""delete a user. A soft delete only sets the is_active to false
a hard_delete signal deletes the user and reassigns all the pages and files to the current ADMIN
"""
edit_url = url_for('user_edit', user_id=user_id)
user = get_object_or_404(User, user_id)
if user.id != session.get('user_id'):
if hard_delete:
# reassign all pages to admin who is deleting
pages = Page.select().where(Page.author == user.id)
for page in pages:
page.author = session.get('user_id')
page.save()
user.delete_instance()
flash("User fully deleted", category="primary")
else:
user.is_active = False
user.save()
flash("User deactivated, but still present in database",
category="primary")
else:
flash("CANNOT DELETE/DEACTIVATE an actively logged in account.",
category="danger")
# redirect to caller or index page if we deleted on an edit view
if request.referrer == None or edit_url in request.referrer:
return redirect(url_for('index'))
else:
return redirect(request.referrer)
def POST(self, id=None):
form = UserForm()
user = None
if id is not None:
user = get_object_or_404(User, id=id)
if not form.validates():
return render.edit_user(form, user, "")
for u in User.all():
if form.d.email == u.email:
return render.edit_user(form, user, 'NotUniqueEmail')
if user is None:
user = User.new()
user.balance = 0
user.firstname = form.d.firstname
user.lastname = form.d.lastname
user.email = form.d.email
user.active = form.d.active
user.rfid = form.d.rfid
user.save()
raise web.seeother('/users/{}'.format(user.id))
def page_edit(page_id=None):
"""view edits/creates a page (if called with no page.id)"""
if page_id == None:
try:
page = Page(author=g.user_id, content="")
except:
flash("Problems creating a new page", category="danger")
return redirect(url_for('index'))
else:
page = get_object_or_404(Page, page_id)
if request.method == 'POST':
title = request.form.get('title', '')
slug = request.form.get('slug', '')
author = g.user_id
content = request.form.get('content', '')
is_published = request.form.get('is_published') == 'on'
show_sidebar = request.form.get('show_sidebar') == 'on'
show_title = request.form.get('show_title') == 'on'
show_nav = request.form.get('show_nav') == 'on'
if len(title) > 0 and len(content) > 0:
page.title = title
page.slug = slugify(slug)
page.content = content
page.is_published = is_published
page.show_sidebar = show_sidebar
page.show_nav = show_nav
page.show_title = show_title
page.save()
flash("Page saved.", category="success")
return redirect(url_for('index'))
else:
flash("Please fill in BOTH title and content.", category="danger")
return render_template('page_edit.html', page=page)
def page_view(page_id):
page = get_object_or_404(Page, page_id)
if page.is_published:
return render_template('page_view.html', page=page)
flash(
'That page id is not published, check back later.', category="warning")
return redirect(url_for('index'))
def user_edit(user_id=None):
"""ADMIN-ONLY view to edit a user or create a user if no user_id supplied"""
if user_id is None:
user = User()
else:
user = get_object_or_404(User, user_id)
if request.method == 'POST':
username = request.form.get('username')
displayname = request.form.get('displayname')
email = request.form.get('email')
password = request.form.get('password')
is_active = request.form.get('is_active') == 'on'
is_admin = request.form.get('is_admin') == 'on'
if len(username) > 0 and len(password) > 0:
user.username = username
user.displayname = displayname
if user.password != password:
user.password = password
user.password_hash()
user.is_active = is_active
user.is_admin = is_admin
user.save()
flash("User information changed", category="success")
return redirect(url_for('admin_users'))
else:
flash('Username and password must be filled in', category="danger")
return render_template('user.html', user=user)
def GET(self, id=None):
#if id is None, email every active user with his balance
if id is not None:
users = [get_object_or_404(User, id=id)]
else:
users = User.filter(active=True)
default_tpl = settings.MAIL_DEFAULT_TEMPLATE
try:
f = open(settings.MAIL_FILE_TEMPLATE, 'rb')
tpl = pickle.load(f)
f.close()
except (IOError, pickle.PickleError):
tpl = default_tpl
userside = web.input(u=0).u != 0 # used to check if the mail is coming from a QR scan
for u in users:
utpl = default_tpl
if u.balance < 0 and not userside:
utpl = tpl
body = utpl.format(apayer = float2str(-u.balance if u.balance <0 else 0),
solde = float2str(u.balance),
prenom = u.firstname,
nom = u.lastname)
web.sendmail(settings.MAIL_ADDRESS, u.email, 'Your INGI cafetaria balance', body)
if userside:
return render_no_layout.consume('BALANCE', u)
raise web.seeother('/')
def POST(self, id=None):
form = UserForm()
user = None
if id is not None:
user = get_object_or_404(User, id=id)
if not form.validates():
return render.edit_user(form, user,"")
if user is None:
user = User.new()
user.balance = 0
else:
# check only if email changed
if user.email != form.d.email:
u= None
try:
u = User.get(email=form.d.email)
except Entry.DoesNotExist:
pass
if u is not None:
return render.edit_user(form, user, 'NotUniqueEmail')
user.firstname = form.d.firstname
user.lastname = form.d.lastname
user.email = form.d.email
user.active = form.d.active
user.rfid = form.d.rfid
user.save()
raise web.seeother('/users/{}'.format(user.id))
def GET(self, id=None):
#if id is None, email every active user with his balance
if id is not None:
users = [get_object_or_404(User, id=id)]
else:
users = User.filter(active=True)
default_tpl = settings.MAIL_DEFAULT_TEMPLATE
try:
f = open(settings.MAIL_FILE_TEMPLATE, 'rb')
tpl = pickle.load(f)
f.close()
except (IOError, pickle.PickleError):
tpl = default_tpl
userside = web.input(
u=0).u != 0 # used to check if the mail is coming from a QR scan
for u in users:
utpl = default_tpl
if u.balance < 0 and not userside:
utpl = tpl
body = utpl.format(
apayer=float2str(-u.balance if u.balance < 0 else 0),
solde=float2str(u.balance),
prenom=u.firstname,
nom=u.lastname)
web.sendmail(settings.MAIL_ADDRESS, u.email,
'Your INGI cafetaria balance', body)
if userside:
return render_no_layout.consume('BALANCE', u)
raise web.seeother('/')
def user_profile(user_id=None):
s = request.args.get('s')
if s:
return redirect(url_for('search', s=s))
if user_id is None:
user_id = session['user_id']
user = get_object_or_404(models.User, user_id)
return render_template('cms/default/profile.html', user=user)
def profile_species(species_id):
"""Show a listing of observations of a particular species by the user"""
species = get_object_or_404(models.Species, species_id)
obs = models.Observation.select().where(
models.Observation.user == g.user._get_current_object(),
models.Observation.species == species_id)
# todo decorate this with species info from SnapShot Serengeti
return render_template('observe_species.html', obs=obs, species=species)
def talk_delete(item_id):
talk = get_object_or_404(models.Talk, item_id)
if talk.user == g.user._get_current_object() or g.user.is_admin:
image_id = talk.image.id
talk.delete_instance()
return redirect(url_for('observe', image_id=image_id))
app.logger.warning('failed delete of talk item user={} talk={}'.format(
g.user, item_id))
abort(403) # the user is not allowed to delete this talk item
def observe_delete(item_id):
observation = get_object_or_404(models.Observation, item_id)
if observation.user == g.user._get_current_object() or g.user.is_admin:
image_id = observation.image.id
observation.delete_instance()
return redirect(url_for('observe', image_id=image_id))
app.logger.warning(
'failed delete of observation user={}, observation={}'.format(
g.user, item_id))
abort(403) # the user is not allowed to delete this observation
def page_view(page_id):
"""page view by page.id"""
s = request.args.get('s')
if s:
return redirect(url_for('search', s=s))
page = get_object_or_404(Page, page_id)
if page.is_published:
return render_template('page_view.html', page=page)
flash('That page id is not published, check back later.',
category="warning")
return redirect(url_for('index'))
def POST(self, rfid):
form = UserSelectForm(User.all())()
if form.validates():
user_id = form.d.user
user = get_object_or_404(User, id=user_id)
user.rfid = rfid
user.save()
raise web.seeother('/')
return render.user_rfid(form, rfid)
def POST(self, id):
user = get_object_or_404(User, id=id)
form = CreditForm()
if not form.validates():
return render.credit(user, form)
Operation.new(user_id=id, amount=form.d.amount, date=datetime.datetime.now()).save()
user.balance += float(form.d.amount)
user.save()
raise web.seeother('/')
def POST(self, rfid):
form = UserSelectForm(User.all(order_by='firstname'))()
if form.validates():
user_id = form.d.user
user = get_object_or_404(User, id=user_id)
user.rfid = rfid
user.save()
raise web.seeother('/')
return render.user_rfid(form, rfid)
def GET(self, id=None):
form = UserForm()
user = None
rfid = web.input(rfid=None).rfid
if id is not None:
user = get_object_or_404(User, id=id)
form.fill(firstname=user.firstname, lastname=user.lastname, email=user.email, rfid=user.rfid, active=user.active)
elif rfid:
form.fill(rfid=rfid)
return render.edit_user(form, user)
def page_edit(page_id=None):
errors = {"title_category": "", "title": ""}
# get initial content
if page_id is None:
page = {'title': '', 'content': '', 'slug': ''}
else:
page = get_object_or_404(Page, page_id)
# post new page
if request.method == 'POST':
# create a new page if needed
if page_id is None:
try:
page = Page.create(
title='', content='', slug='', author=g.user_id)
page_id = page.id
except Exception as e:
flash(
"Problems creating a new page. Reason: {}".format(e),
category="danger")
return redirect(url_for('index'))
# fill out the fields
page.title = request.form.get('title', '')
if page.title == '':
errors = {
"title_category": "danger",
"title": "Title/Content must be non-blank"
}
page.content = request.form.get('content', '')
page.slug = request.form.get('slug', '')
if page.slug == '':
page.slug = slugify(page.title)
print("page.slug=", page.slug)
# page status, view options
page.is_published = request.form.get('is_published') == 'on'
page.show_nav = request.form.get('show_nav') == 'on'
page.show_title = request.form.get('show_title') == 'on'
try:
page.save()
flash("Thank you for creating a page!", category="success")
return redirect(url_for('page_view', page_id=page.id))
except Exception as e:
flash(
"Problems creating a new page. Reason: {}".format(e),
category="danger")
return redirect(url_for('index'))
return render_template('page_edit.html', page=page, errors=errors)
def page_delete(page_id):
"""view deletes a page and redirects back to referrer or index"""
edit_url = url_for('page_edit', page_id=page_id)
page = get_object_or_404(Page, page_id)
if page.author.id == session['user_id'] or session['is_admin']:
page.delete_instance()
flash('Page deleted', category="success")
else:
flash('You are not authorized to remove this page', category='danger')
# handle redirect to referer
if request.referrer == None or edit_url in request.referrer:
return redirect(url_for('index'))
else:
return redirect(request.referrer)
def POST(self, id):
user = get_object_or_404(User, id=id)
form = CreditForm()
if not form.validates():
return render.credit(user, form)
#problem here
amount = str(form.d.amount).replace(',', '.', 1)
Operation.new(user_id=id, amount=amount,
date=datetime.datetime.now()).save()
user.balance += float(amount)
user.save()
raise web.seeother('/')
def add_to_cart(cls, data):
cart_id = data.get('cart_id')
product_id = data.get('product').get('id')
attributes = data.get('attributes')
product = get_object_or_404(Product, id=product_id)
cart, _ = ShoppingCart.objects.get_or_create(cart_id=cart_id,
product=product,
attributes=attributes,
defaults={'quantity': 0}
)
cart.quantity += 1
cart.save()
return cart
def POST(self, id):
user = get_object_or_404(User, id=id)
form = ConsumeForm()
if not form.validates():
raise web.seeother('/users/{}'.format(user.id))
amount = settings.CONSUMPTION_UNIT*int(form.d.units)
Operation.new(user_id=id, amount=-amount, date=datetime.datetime.now()).save()
user.balance -= float(amount)
user.save()
if b'userside' in web.data():
return render_no_layout.consume(None, user)
else:
raise web.seeother('/')
def GET(self, id=None):
form = UserForm()
user = None
rfid = web.input(rfid=None).rfid
if id is not None:
user = get_object_or_404(User, id=id)
form.fill(firstname=user.firstname,
lastname=user.lastname,
email=user.email,
rfid=user.rfid,
active=user.active)
elif rfid:
form.fill(rfid=rfid)
return render.edit_user(form, user, "")
def user_pages(user_id=None):
"""show all the pages associated with this user_id, if user_id=None, get ALL pages"""
s = request.args.get('s')
if s:
return redirect(url_for('search', s=s))
if user_id:
pages = models.Page.select().where(models.Page.owner == user_id)
user = get_object_or_404(models.User, user_id)
title = "Pages by {}".format(user.canonical_name())
else:
pages = models.Page.select()
title = "Pages by ALL users"
return render_template('cms/default/pages_view.html',
pages=pages,
title=title)
def POST(self, id):
user = get_object_or_404(User, id=id)
form = ConsumeForm()
if not form.validates():
raise web.seeother('/users/{}'.format(user.id))
amount = settings.CONSUMPTION_UNIT * int(form.d.units)
Operation.new(user_id=id, amount=-amount,
date=datetime.datetime.now()).save()
user.balance -= float(amount)
user.save()
if b'userside' in web.data():
return render_no_layout.consume(None, user)
else:
raise web.seeother('/')
def file_edit(file_id):
"""view to allow edit/delete of a File resource"""
file = get_object_or_404(File, file_id)
if request.method == 'POST':
if file.owner.id == session['user_id'] or session['is_admin']:
title = request.form.get('title')
if title:
file.title = title
file.save()
flash("File information changed", category="success")
return redirect(url_for('admin_files'))
else:
flash('Title must not be blank.', category="danger")
else:
flash("You are not authorized to edit/delete this object.",
category="danger")
return render_template('file_edit.html', file=file)
def POST(self, id=None):
form = UserForm()
user = None
if id is not None:
user = get_object_or_404(User, id=id)
if not form.validates():
return render.edit_user(form, user)
if user is None:
user = User.new()
user.balance = 0
user.firstname = form.d.firstname
user.lastname = form.d.lastname
user.email = form.d.email
user.active = form.d.active
user.rfid = form.d.rfid
user.save()
raise web.seeother('/users/{}'.format(user.id))
def file_delete(file_id):
"""view to delete an existing file object and physical file (owned by user)"""
f = get_object_or_404(File, file_id)
pathname = os.path.join(app.config['UPLOAD_FOLDER'], f.filepath)
if f.owner.id == session['user_id'] or session['is_admin']:
f.delete_instance()
try:
os.remove(pathname)
flash('File Successfully Deleted', category="success")
except:
flash(
"Error: problems removing physical file. Check log for details.",
category="warning")
else:
flash('You are not authorized to remove this file.', category="danger")
# handle redirect to referer
if request.referrer == None:
return redirect(url_for('index'))
else:
return redirect(request.referrer)
def get_categories_from_id(cls, department_id):
department = get_object_or_404(cls, id=department_id)
return department.categories.all()
def page_view(page_id):
"""view page by its id, this is not the public route"""
page = get_object_or_404(models.Page, page_id)
if not (page.is_published) and not (session.get('is_authenticated')):
abort(404)
return render_template('cms/default/page_view.html', page=page)
def GET(self, id):
user = get_object_or_404(User, id=id)
form = ConsumeForm()
return render_no_layout.consume(form, user)
def get_object(self):
schema = self.get_schema()
return get_object_or_404(schema.Meta.model, self.kwargs.get(self.lookup_key))
def page_edit(page_id=None):
"""edit an existing page, or create a page if page_id is None"""
# if page_id = None, then we are creating a new page.
# possible errors, we use this in the validation process
errors = {
'title': '',
'title_category': '',
'content': '',
'content_category': ''
}
if page_id:
# get existing page by page_id or 404
page = get_object_or_404(models.Page, page_id)
else:
# empty page for the form
page = models.Page()
error_flag = False
# see if we were called POST
if request.method == 'POST':
title = request.form.get('title')
if not (title):
errors['title'] = 'Title cannot be blank'
errors['title_category'] = 'is-danger'
error_flag = True
show_title = request.form.get('show_title') == 'on'
show_nav = request.form.get('show_nav') == 'on'
slug = request.form.get('slug')
is_published = request.form.get('is_published') == 'on'
content = request.form.get('content')
if not (content):
errors['title'] = 'Title cannot be blank'
errors['title_category'] = 'is-danger'
error_flag = True
parent = request.form.get('parent')
# if no errors get around to creating or saving new page.
# implement later, maybe always create a new row for page, old page marked as not published, revision timestamp.
if not (error_flag):
try:
# ensure parent is int or None
parent = int(parent)
except:
parent = None
if page_id is None:
page = models.Page.create(owner=session['user_id'],
title=title,
slug=slug,
parent=parent,
show_title=show_title,
show_nav=show_nav,
content=content,
is_published=is_published)
else:
page.title = title
page.show_title = show_title
page.show_nav = show_nav
page.slug = slug
page.content = content
page.is_published = is_published
page.parent = parent
# if slug was left blank, we can make a slug based on page
if page.slug == '':
page.generate_slug()
page.save()
#return redirect( url_for('page_view', page_id=page.id) )
return redirect(page.url())
else:
flash('There were errors on the page', category='danger')
# build a list of potential parents for the FORM select field
pages = models.Page.select()
parents = [("", "None")] # a None parent is allowed.
for p in pages:
parents.append((p.id, p.title))
return render_template('cms/default/page_edit.html',
errors=errors,
page=page,
parents=parents)
def get_values_from_id(cls, attribute_id):
attribute = get_object_or_404(cls, id=attribute_id)
return attribute.attributevalue_set.all()
def get_object(self):
schema = self.get_schema()
return get_object_or_404(schema.Meta.model,
self.kwargs.get(self.lookup_key))
def get_products_from_department_id(cls, department_id):
department = get_object_or_404(Department, id=department_id)
categories = department.categories.all()
productCategories = get_list_or_404(cls, category__in=categories)
return [pc.product for pc in productCategories]
def GET(self, id):
user = get_object_or_404(User, id=id)
operations = Operation.filter(user_id=id, order_by='date DESC')
return render.user(user, operations)
def GET(self, id):
user = get_object_or_404(User, id=id)
form = ConsumeForm()
return render_no_layout.consume(form, user)
def get_reviews_from_id(cls, product_id):
product = get_object_or_404(cls, id=product_id)
return product.reviews.all()
def GET(self, id):
user = get_object_or_404(User, id=id)
operations = Operation.filter(user_id=id, order_by='date DESC')
return render.user(user, operations)
