def prepare(self, data): if self.request['session']['role'] != 'admin': if data.get('external_ticket_url'): raise JsonErrors.HTTPForbidden( message='external_ticket_url may only be set by admins') elif data.get('external_donation_url'): raise JsonErrors.HTTPForbidden( message='external_donation_url may only be set by admins') timezone: TzInfo = data.pop('timezone', None) if timezone: data['timezone'] = str(timezone) date = data.pop('date', None) if date: dt, duration = prepare_event_start(date['dt'], date['dur'], timezone) data.update( start_ts=dt, duration=duration, ) loc = data.pop('location', None) if loc: data.update( location_name=loc['name'], location_lat=loc['lat'], location_lng=loc['lng'], ) return data
async def check_permissions(self): await check_session(self.request, 'admin', 'host') await _check_event_permissions(self.request, check_upcoming=True) user_status = await self.conn.fetchrow( 'SELECT status FROM users WHERE id=$1', self.session['user_id']) if self.session['role'] != 'admin' and user_status != 'active': raise JsonErrors.HTTPForbidden(message='Host not active')
def prepare(self, data): if data.get('external_ticket_url') and self.request['session']['role'] != 'admin': raise JsonErrors.HTTPForbidden(message='external_ticket_url may only be set by admins') date = data.pop('date', None) timezone: TzInfo = data.pop('timezone', None) if timezone: data['timezone'] = str(timezone) if date: dt: datetime = timezone.localize(date['dt'].replace(tzinfo=None)) duration: Optional[int] = date['dur'] if duration: duration = timedelta(seconds=duration) else: dt = datetime(dt.year, dt.month, dt.day) data.update( start_ts=dt, duration=duration, ) loc = data.pop('location', None) if loc: data.update( location_name=loc['name'], location_lat=loc['lat'], location_lng=loc['lng'], ) return data
async def user_tickets(request): user_id = int(request.match_info['pk']) if request['session']['role'] != 'admin' and user_id != request['session']['user_id']: raise JsonErrors.HTTPForbidden(message='wrong user') json_str = await request['conn'].fetchval(user_tickets_sql, user_id) return raw_json_response(json_str)
async def event_tickets(request): event_id = int(request.match_info['id']) if request['session']['user_role'] == 'host': host_id = await request['conn'].fetchval('SELECT host FROM events WHERE id=$1', event_id) if host_id != request['session']['user_id']: raise JsonErrors.HTTPForbidden(message='use is not the host of this event') json_str = await request['conn'].fetchval(event_ticket_sql, event_id, request['company_id']) return raw_json_response(json_str)
async def _check_event_permissions(request, check_upcoming=False): event_id = int(request.match_info['id']) r = await request['conn'].fetchrow( """ SELECT host, start_ts FROM events AS e JOIN categories AS cat ON e.category = cat.id WHERE e.id=$1 AND cat.company=$2 """, event_id, request['company_id']) if not r: raise JsonErrors.HTTPNotFound(message='event not found') host_id, start_ts = r if request['session']['role'] != 'admin': if host_id != request['session']['user_id']: raise JsonErrors.HTTPForbidden(message='user is not the host of this event') if check_upcoming and start_ts < datetime.utcnow().replace(tzinfo=timezone.utc): raise JsonErrors.HTTPForbidden(message="you can't modify past events") return event_id
async def check_permissions(self, method): await check_session(self.request, 'admin') if int(self.request.match_info['pk']) != self.request['company_id']: raise JsonErrors.HTTPForbidden(message='wrong company')