Esempio n. 1
0
    def prepare(self, data):
        if self.request['session']['role'] != 'admin':
            if data.get('external_ticket_url'):
                raise JsonErrors.HTTPForbidden(
                    message='external_ticket_url may only be set by admins')
            elif data.get('external_donation_url'):
                raise JsonErrors.HTTPForbidden(
                    message='external_donation_url may only be set by admins')

        timezone: TzInfo = data.pop('timezone', None)
        if timezone:
            data['timezone'] = str(timezone)
        date = data.pop('date', None)
        if date:
            dt, duration = prepare_event_start(date['dt'], date['dur'],
                                               timezone)
            data.update(
                start_ts=dt,
                duration=duration,
            )

        loc = data.pop('location', None)
        if loc:
            data.update(
                location_name=loc['name'],
                location_lat=loc['lat'],
                location_lng=loc['lng'],
            )

        return data
Esempio n. 2
0
 async def check_permissions(self):
     await check_session(self.request, 'admin', 'host')
     await _check_event_permissions(self.request, check_upcoming=True)
     user_status = await self.conn.fetchrow(
         'SELECT status FROM users WHERE id=$1', self.session['user_id'])
     if self.session['role'] != 'admin' and user_status != 'active':
         raise JsonErrors.HTTPForbidden(message='Host not active')
Esempio n. 3
0
    def prepare(self, data):
        if data.get('external_ticket_url') and self.request['session']['role'] != 'admin':
            raise JsonErrors.HTTPForbidden(message='external_ticket_url may only be set by admins')

        date = data.pop('date', None)
        timezone: TzInfo = data.pop('timezone', None)
        if timezone:
            data['timezone'] = str(timezone)
        if date:
            dt: datetime = timezone.localize(date['dt'].replace(tzinfo=None))
            duration: Optional[int] = date['dur']
            if duration:
                duration = timedelta(seconds=duration)
            else:
                dt = datetime(dt.year, dt.month, dt.day)
            data.update(
                start_ts=dt,
                duration=duration,
            )

        loc = data.pop('location', None)
        if loc:
            data.update(
                location_name=loc['name'],
                location_lat=loc['lat'],
                location_lng=loc['lng'],
            )

        return data
Esempio n. 4
0
async def user_tickets(request):
    user_id = int(request.match_info['pk'])
    if request['session']['role'] != 'admin' and user_id != request['session']['user_id']:
        raise JsonErrors.HTTPForbidden(message='wrong user')

    json_str = await request['conn'].fetchval(user_tickets_sql, user_id)
    return raw_json_response(json_str)
Esempio n. 5
0
async def event_tickets(request):
    event_id = int(request.match_info['id'])
    if request['session']['user_role'] == 'host':
        host_id = await request['conn'].fetchval('SELECT host FROM events WHERE id=$1', event_id)
        if host_id != request['session']['user_id']:
            raise JsonErrors.HTTPForbidden(message='use is not the host of this event')

    json_str = await request['conn'].fetchval(event_ticket_sql, event_id, request['company_id'])
    return raw_json_response(json_str)
Esempio n. 6
0
async def _check_event_permissions(request, check_upcoming=False):
    event_id = int(request.match_info['id'])
    r = await request['conn'].fetchrow(
        """
        SELECT host, start_ts
        FROM events AS e
        JOIN categories AS cat ON e.category = cat.id
        WHERE e.id=$1 AND cat.company=$2
        """, event_id, request['company_id'])
    if not r:
        raise JsonErrors.HTTPNotFound(message='event not found')
    host_id, start_ts = r
    if request['session']['role'] != 'admin':
        if host_id != request['session']['user_id']:
            raise JsonErrors.HTTPForbidden(message='user is not the host of this event')
        if check_upcoming and start_ts < datetime.utcnow().replace(tzinfo=timezone.utc):
            raise JsonErrors.HTTPForbidden(message="you can't modify past events")
    return event_id
Esempio n. 7
0
 async def check_permissions(self, method):
     await check_session(self.request, 'admin')
     if int(self.request.match_info['pk']) != self.request['company_id']:
         raise JsonErrors.HTTPForbidden(message='wrong company')