def user(user): user = getSession().query(tables.User).filter( tables.User.username.ilike(user)).first() if user: if user.id == current_user.id or current_user.group >= 4: if request.method == "POST": if request.form['password'] != "": user.set_password(request.form['password']) user.name = request.form['name'] user.set_user_setting("timezone", request.form['timezone']) getSession().commit() return render_template('user/view.html', title='Home Page', year=datetime.now().year, dbuser=user, timezones=pytz.common_timezones, config=config) else: return render_template( 'errors/403.html', title='403 Access Denied', year=datetime.now().year, message="You do not have permission to use this resource") else: from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def report_event_total_report(event): data = [] total = {} score_total = getSession().query( tables.func.sum(tables.AssignedInject.points)).filter( tables.AssignedInject.eventid == event).first() total['inject'] = score_total[0] if score_total[0] is not None else 0 injects = getSession().query( tables.AssignedInject).filter(tables.AssignedInject.eventid == event) teams = getSession().query(tables.Team).all() for team in teams: d = {} d['team'] = team.name # Get the totals for inject points d['inject'] = 0 for inject in injects: score = getSession().query( tables.func.max(tables.TeamInjectSubmission.points)).filter( tables.TeamInjectSubmission.teamid == team.id, tables.TeamInjectSubmission.assignedinjectid == inject.id).first() d['inject'] += score[0] if score[0] is not None else 0 uptime = getSession().query( tables.func.count(tables.ScoreEvent.id), tables.func.sum( tables.expression.case( value=tables.ScoreEvent.up, whens={ True: 1, False: 0 }))).filter(tables.ScoreEvent.eventid == event).join( tables.TeamServer).filter( tables.TeamServer.teamid == team.id).first() d['uptime'] = uptime[1] if uptime[1] is not None else 0 d['total_uptime'] = uptime[0] data.append(d) return render_template("report/event_total/report.html", title="Event Total Report", data=data, total=total)
def events(): dbsession = getSession() events = dbsession.query(tables.Event).order_by(tables.Event.id).all() return render_template('admin/event/list.html', title='Events', year=datetime.now().year, events=events)
def teams(): dbsession = getSession() teams = dbsession.query(tables.Team).all() return render_template('admin/team/list.html', title='Team List', year=datetime.now().year, teams=teams)
def injectmanager_inject_assign(id): db = getSession() if request.method == "POST": ai = tables.AssignedInject() ai.injectid = id tz = pytz.timezone(config.get_item("default_timezone")) if "timezone" in current_user.settings: tz = pytz.timezone(current_user.settings['timezone']) localwhen = tz.localize( datetime.strptime(request.form['when'], '%Y-%m-%d %H:%M')) ai.when = localwhen.astimezone(pytz.UTC) ai.subject = request.form['subject'] ai.duration = request.form['duration'] ai.points = request.form['points'] ai.body = request.form['body'] ai.eventid = request.form['event'] ai.allowlate = 'late' in request.form db.add(ai) db.commit() return redirect(url_for('injectmanager_inject', id=id)) inject = db.query(tables.Inject).filter(tables.Inject.id == id).first() if inject: categories = db.query(tables.InjectCategory).filter( tables.InjectCategory.parentid == None) events = db.query(tables.Event).filter(tables.Event.end == None) return render_template('injectmanager/assigninject.html', title="Assign Inject - " + inject.subject, inject=inject, categories=categories, events=events) from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def servereditservice(server, service): dbsession = getSession() server = dbsession.query( tables.Server).filter(tables.Server.id == server).first() services = dbsession.query( tables.Service).filter(tables.Service.id == service) if server and services.count() > 0: service = services[0] if request.method == 'POST': service.name = request.form['name'] service.typeid = request.form['type'] if request.form['port'] != "": service.port = request.form['port'] service.enabled = 'enabled' in request.form dbsession.commit() return redirect(url_for('server', server=server.id)) else: types = dbsession.query(tables.ServiceType).order_by( tables.ServiceType.name.asc()).all() return render_template('admin/server/editservice.html', title='Edit Server', year=datetime.now().year, types=types, service=service, server=server) from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def injectmanager(): db = getSession() categories = db.query( tables.InjectCategory).filter(tables.InjectCategory.parentid == None) return render_template('injectmanager/index.html', title='Inject Manager', categories=categories)
def inject_score(): session = getSession() events = session.query(tables.Event).filter( tables.or_(tables.Event.current == True, tables.Event.start == None)) return render_template('injectscore/index.html', title="Inject Scoring", events=events)
def inject_respond(id): session = getSession() inject = session.query(tables.AssignedInject).filter(tables.AssignedInject.id == id).first() if inject and not inject.should_show: if request.method == "POST": sub = tables.TeamInjectSubmission() sub.assignedinjectid = id sub.when = datetime.now() sub.body = request.form['body'] sub.points = 0 sub.teamid = current_user.team session.add(sub) session.commit() if 'file' in request.files and request.files['file'].filename != '': fi = request.files['file'] a = tables.TeamInjectSubmissionAttachment() f = tables.Attachment() a.teaminjectid = sub.id a.attachment_id = f.id f.filename = fi.filename f.data = fi.read() f.size = len(f.data) session.add(f) session.add(a) session.commit() return render_template( 'inject/respond.html', title=inject.subject, year=datetime.now().year, inject=inject ) return page_not_found(None)
def event(event): dbsession = getSession() events = dbsession.query(tables.Event).filter(tables.Event.id == event) if events.count() > 0: event = events[0] sd = dbsession.query( tables.Team.name, tables.func.sum( tables.expression.case(value=tables.ScoreEvent.up, whens={ True: 1, False: 0 })), tables.func.count(tables.ScoreEvent.id)).select_from( tables.ScoreEvent).filter( tables.ScoreEvent.eventid == event.id).join( tables.TeamServer).join(tables.Team).group_by( tables.Team.name).order_by(tables.Team.name) #scoredata = dbsession.execute(tables.text("select t.name, sum(case when se.up = true then 1 else 0 end), count(se.id), round((sum(case when se.up = true then 1.0 else 0.0 end)/count(se.id)) * 100.0, 2) from scoreevents se inner join teamservers ts on ts.id = se.teamserverid inner join teams t on ts.teamid = t.id where se.eventid = " + str(event.id) + " group by t.name order by t.name")) return render_template('admin/event/view.html', title=event.name, year=datetime.now().year, event=event, scoredata=sd) else: return render_template( 'admin/404.html', title='404 Team Not Found', year=datetime.now().year, message="We could not find the team that you were looking for.")
def edituser(user): dbsession = getSession() users = dbsession.query(tables.User).filter(tables.User.name.ilike(user)) if users.count() > 0: dbuser = users[0] if request.method == 'POST': dbuser.name = request.form["name"] dbuser.username = request.form["username"] dbuser.team = request.form["team"] dbuser.group = request.form["group"] if str(request.form["password"]).strip() != "": dbuser.set_password(request.form['password']) dbsession.commit() return redirect(url_for('adminuser', user=dbuser.name)) else: teams = dbsession.query(tables.Team).all() return render_template( 'admin/user/edit.html', title='Edit Team', year=datetime.now().year, dbuser=dbuser, teams=teams ) else: from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def services(): dbsession = getSession() services = dbsession.query(tables.ServiceType).all() """Renders the home page.""" return render_template('admin/service/list.html', title='Service Types', year=datetime.now().year, services=services)
def passdbs(): dbsession = getSession() passdblist = dbsession.query(tables.PasswordDatabase).order_by( tables.PasswordDatabase.name) return render_template('admin/passdb/list.html', title='Password Databases', year=datetime.now().year, passdblist=passdblist)
def injectmanager_inject(id): db = getSession() inject = db.query(tables.Inject).filter(tables.Inject.id == id).first() if inject: return render_template('injectmanager/inject.html', title="Inject - " + inject.subject, inject=inject) from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def users(): dbsession = getSession() users = dbsession.query(tables.User).all() """Renders the home page.""" return render_template( 'admin/user/list.html', title='Users List', year=datetime.now().year, users=users )
def inject_score_event_inject(event, inject): session = getSession() inject = session.query(tables.AssignedInject).filter( tables.AssignedInject.id == inject).first() if inject: return render_template('injectscore/inject.html', title="Score " + inject.subject, inject=inject) from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def inject(id): session = getSession() inject = session.query(tables.AssignedInject).filter(tables.AssignedInject.id == id).first() if inject and not inject.should_show: return render_template( 'inject/view.html', title=inject.subject, year=datetime.now().year, inject=inject ) return page_not_found(None)
def admin(): dbsession = getSession() event = None events = dbsession.query(tables.Event).filter(tables.Event.current == True) if events.count() > 0: event = events[0].id return render_template('admin/index.html', title='Admin', year=datetime.now().year, driver=str(engine.driver), event=event)
def stopevent(event): dbsession = getSession() events = dbsession.query(tables.Event).filter(tables.Event.id == event) if events.count() > 0: event = events[0] event.current = False event.end = datetime.utcnow() dbsession.commit() return redirect(url_for("events")) else: from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def inject_score_event_inject_remove(event, inject): session = getSession() inject = session.query(tables.AssignedInject).filter( tables.AssignedInject.id == inject).first() if inject: if request.method == "POST": session.delete(inject) session.commit() return redirect(url_for('inject_score_event', event=event)) return render_template("injectscore/delete_inject.html", inject=inject, event=event) return page_not_found(None)
def injectmanager_category_delete(id): db = getSession() cat = db.query( tables.InjectCategory).filter(tables.InjectCategory.id == id).first() if cat: if request.method == "POST": db.delete(cat) db.commit() return redirect(url_for('injectmanager')) return render_template('injectmanager/delete_category.html', title='Delete Category', category=cat) return page_not_found(None)
def inject_score_event(event): session = getSession() event = session.query( tables.Event).filter(tables.Event.id == event).first() if event: injects = session.query(tables.AssignedInject).filter( tables.AssignedInject.eventid == event.id) return render_template('injectscore/event.html', title="Inject Scoring", injects=injects, datetime=datetime, event=event) return page_not_found(None)
def addevent(): if request.method == 'POST': dbsession = getSession() e = tables.Event() e.name = request.form['name'] dbsession.add(e) dbsession.commit() return redirect(url_for('events')) else: return render_template( 'admin/event/add.html', title='Add Event', year=datetime.now().year, )
def adminuser(user): dbsession = getSession() users = dbsession.query(tables.User).filter(tables.User.name.ilike(user)) if users.count() > 0: user = users[0] return render_template( 'admin/user/view.html', title=user.name, year=datetime.now().year, dbuser=user, ) else: from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def server(server): dbsession = getSession() servers = dbsession.query(tables.Server).filter(tables.Server.id == server) if servers.count() > 0: server = servers[0] return render_template( 'admin/server/view.html', title=server.name, year=datetime.now().year, server=server, ) else: from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def team(team): dbsession = getSession() teams = dbsession.query(tables.Team).filter(tables.Team.name.ilike(team)) if teams.count() > 0: team = teams[0] return render_template( 'admin/team/view.html', title=team.name, year=datetime.now().year, team=team, ) else: from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def adduser(): dbsession = getSession() if request.method == 'POST': u = tables.User.create(request.form['name'], request.form['username'], request.form['password'], request.form['team'], request.form['group']) dbsession.add(u) dbsession.commit() return redirect(url_for('users')) else: teams = dbsession.query(tables.Team).all() return render_template( 'admin/user/add.html', title='Add Team', year=datetime.now().year, teams=teams, )
def addservice(): if request.method == 'POST': dbsession = getSession() st = tables.ServiceType() st.name = request.form['name'] st.tester = request.form['tester'] dbsession.add(st) dbsession.commit() return redirect(url_for('services')) else: return render_template( 'admin/service/add.html', title='Add Service Type', year=datetime.now().year, )
def injectmanager_addcategory(): db = getSession() if request.method == "POST": cat = tables.InjectCategory() if request.form['category'] != '-1': cat.parentid = request.form['category'] cat.name = request.form['name'] db.add(cat) db.commit() return redirect(url_for('injectmanager') + "#" + str(cat.id)) categories = db.query( tables.InjectCategory).filter(tables.InjectCategory.parentid == None) return render_template('injectmanager/addcategory.html', title='Add Category', categories=categories)
def passdb(passdb): dbsession = getSession() passdbs = dbsession.query(tables.PasswordDatabase).filter( tables.PasswordDatabase.name.ilike(passdb)) if passdbs.count() > 0: passdb = passdbs[0] return render_template( 'admin/passdb/view.html', title=passdb.name, year=datetime.now().year, passdb=passdb, ) else: from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)