def remove_response(submit_id=None): response = "success" if not ModuleAPI.can_read('custom_form'): return abort(403) # Test if user already signed up submission = CustomFormResult.query.filter( CustomFormResult.id == submit_id ).first() if not submission: abort(404) form_id = submission.form_id max_attendants = submission.form.max_attendants db.session.delete(submission) db.session.commit() all_sub = CustomFormResult.query.filter( CustomFormResult.form_id == form_id ).all() if max_attendants <= len(all_sub): from_list = all_sub[max_attendants - 1] copernica_data = { "Reserve": "Nee" } copernica.update_subprofile( copernica.SUBPROFILE_ACTIVITY, from_list.owner_id, from_list.form_id, copernica_data) return response
def get_users(): if not ModuleAPI.can_read('user'): return abort(403) users = User.query.all() user_list = [] for user in users: user_list.append( [user.id, user.email, user.first_name, user.last_name, user.student_id, user.education.name if user.education else "", "<i class='glyphicon glyphicon-ok'></i>" if user.has_paid else "", "<i class='glyphicon glyphicon-ok'></i>" if user.honorary_member else "", "<i class='glyphicon glyphicon-ok'></i>" if user.favourer else "", "<i class='glyphicon glyphicon-ok'></i>" if user.alumnus else "" ]) return json.dumps({"data": user_list})
def view(): if not ModuleAPI.can_read('navigation'): return abort(403) entries = NavigationAPI.get_entries() return render_template('navigation/view.htm', nav_entries=entries)
def get_navigation_menu(group_id, personal, type): if not ModuleAPI.can_read('pimpy'): return abort(403) if current_user.is_anonymous: flash('Huidige gebruiker niet gevonden!', 'danger') return redirect(url_for('pimpy.view_minutes')) groups = current_user.groups\ .filter(Group.name != 'all').order_by(Group.name.asc()).all() if not type: type = 'minutes' endpoint = 'pimpy.view_' + type endpoints = {'view_chosentype': endpoint, 'view_chosentype_personal': endpoint + '_personal', 'view_chosentype_chosenpersonal': endpoint + ('_personal' if personal and type != 'minutes' else ''), 'view_tasks': 'pimpy.view_tasks', 'view_tasks_personal': 'pimpy.view_tasks_personal', 'view_tasks_chosenpersonal': 'pimpy.view_tasks', 'view_minutes': 'pimpy.view_minutes'} if personal: endpoints['view_tasks_chosenpersonal'] += '_personal' if not group_id: group_id = 'all' if group_id != 'all': group_id = int(group_id) return Markup(render_template('pimpy/api/side_menu.htm', groups=groups, group_id=group_id, personal=personal, type=type, endpoints=endpoints, title='PimPy'))
def list(page_nr=1): """Show a paginated list of contacts.""" if not ModuleAPI.can_read('contact'): return abort(403) contacts = Contact.query.paginate(page_nr, 15, False) return render_template('contact/list.htm', contacts=contacts)
def edit(contact_id=None): """Create or edit a contact, frontend.""" if not ModuleAPI.can_read('contact'): return abort(403) if contact_id: contact = Contact.query.get(contact_id) else: contact = Contact() form = ContactForm(request.form, contact) locations = Location.query.order_by('address').order_by('city') form.location_id.choices = \ [(l.id, '%s, %s' % (l.address, l.city)) for l in locations] if form.validate_on_submit(): if not contact.id and Contact.query.filter( Contact.email == form.email.data).count(): flash(_('Contact email "%s" is already in use.' % form.email.data), 'danger') return render_template('contact/edit.htm', contact=contact, form=form) form.populate_obj(contact) db.session.add(contact) db.session.commit() flash(_('Contact person saved.'), 'success') return redirect(url_for('contact.edit', contact_id=contact.id)) else: flash_form_errors(form) return render_template('contact/edit.htm', contact=contact, form=form)
def new_submission(challenge_id=None): if not ModuleAPI.can_read('challenge') or current_user.is_anonymous: abort(403) if request.args.get('challenge_id'): challenge_id = request.args.get('challenge_id') else: return "Error, no 'challenge_id' given" if request.args.get('submission'): submission = request.args.get('submission') else: return "Error, no 'submission' given" new_submission = ChallengeAPI.create_submission(challenge_id=challenge_id, user_id=current_user.id, submission=submission, image_path=None) if new_submission is False: return "Question is already submitted" challenge = ChallengeAPI.fetch_challenge(challenge_id) return ChallengeAPI.validate_question(new_submission, challenge)
def get_ranking(): if not ModuleAPI.can_read('challenge'): abort(403) ranking = ChallengeAPI.get_ranking() return jsonify(ranking=[user.serialize for user in ranking])
def get_minutes_in_date_range(group_id, start_date, end_date): """Load all minutes in the given group.""" if not ModuleAPI.can_read('pimpy'): return abort(403) if current_user.is_anonymous: flash('Huidige gebruiker niet gevonden', 'danger') return redirect(url_for('pimpy.view_minutes')) list_items = {} start_date = datetime.datetime.strptime(start_date, "%Y-%m-%d") end_date = datetime.datetime.strptime(end_date, "%Y-%m-%d") if group_id != 'all': query = Minute.query.filter(Minute.group_id == group_id).\ filter(start_date <= Minute.minute_date, Minute.minute_date <= end_date).\ order_by(Minute.minute_date.desc()) list_items[Group.query.filter(Group.id == group_id).first().name]\ = query.all() # this should be done with a sql in statement, or something, but meh else: for group in current_user.groups: query = Minute.query.filter(Minute.group_id == group.id) query = query.order_by(Minute.minute_date.desc()) list_items[group.name] = query.all() return Markup(render_template('pimpy/api/minutes.htm', list_items=list_items, type='minutes', group_id=group_id, line_number=-1, title='PimPy'))
def list(page=0): if not ModuleAPI.can_read('mollie'): return abort(403) payments, message = mollie.get_payments(page) return render_template('mollie/list.htm', payments=payments, message=message, page=page)
def group_api_get_users(group_id): if not (ModuleAPI.can_read("group")): return abort(403) group = Group.query.get(group_id) users = group.users.order_by(User.first_name, User.last_name).all() res = [{"val": user.id, "label": user.name} for user in users] return jsonify(users=res)
def view_minutes(group_id='all'): if not ModuleAPI.can_read('pimpy'): return abort(403) if not (group_id == 'all' or group_id.isdigit()): return abort(404) if group_id != 'all' and not current_user.member_of_group(group_id): return abort(403) return PimpyAPI.get_minutes(group_id)
def view_single(user_id=None): if user_id is None: if current_user.is_authenticated: return redirect(url_for('user.view_single', user_id=current_user.id)) return redirect(url_for('user.view')) can_read = False can_write = False # Only logged in users can view profiles if current_user.is_anonymous: return abort(403) # Unpaid members cannot view other profiles if current_user.id != user_id and not current_user.has_paid: return abort(403) # A user can always view his own profile if current_user.id == user_id: can_write = True can_read = True # group rights if ModuleAPI.can_read('user'): can_read = True if ModuleAPI.can_write('user'): can_write = True can_read = True user = User.query.get_or_404(user_id) user.avatar = UserAPI.avatar(user) user.groups = UserAPI.get_groups_for_user_id(user) user.groups_amount = user.groups.count() if "gravatar" in user.avatar: user.avatar = user.avatar + "&s=341" # Get all activity entrees from these forms, order by start_time of # activity. activities = Activity.query.join(CustomForm).join(CustomFormResult).\ filter(CustomFormResult.owner_id == user_id and CustomForm.id == CustomFormResult.form_id and Activity.form_id == CustomForm.id) user.activities_amount = activities.count() new_activities = activities\ .filter(Activity.end_time > datetime.today()).distinct()\ .order_by(Activity.start_time) old_activities = activities\ .filter(Activity.end_time < datetime.today()).distinct()\ .order_by(Activity.start_time.desc()) return render_template('user/view_single.htm', user=user, new_activities=new_activities, old_activities=old_activities, can_read=can_read, can_write=can_write)
def view_minute_raw(group_id, minute_id): if not ModuleAPI.can_read('pimpy'): return abort(403) if not (group_id == 'all' or group_id.isdigit()): return abort(404) if group_id != 'all' and not current_user.member_of_group(group_id): return abort(403) return (PimpyAPI.get_minute_raw(group_id, minute_id), {'Content-Type': 'text/plain; charset=utf-8'})
def user_export(): if not ModuleAPI.can_read('user'): return abort(403) users = User.query.all() si = StringIO() cw = writer(si) cw.writerow([c.name for c in User.__mapper__.columns]) for user in users: cw.writerow([getattr(user, c.name) for c in User.__mapper__.columns]) return si.getvalue().strip('\r\n')
def view_tasks_in_date_range(group_id='all'): if not ModuleAPI.can_read('pimpy'): return abort(403) if group_id != 'all' and not current_user.member_of_group(group_id): return abort(403) group_id = request.form['group_id'] start_date = request.form['start_date'] end_date = request.form['end_date'] return PimpyAPI.get_tasks_in_date_range( group_id, False, start_date, end_date)
def get_minute_raw(group_id, minute_id): """Load specifically one minute in raw format (without markup).""" if not ModuleAPI.can_read('pimpy'): return abort(403) minute = Minute.query.filter(Minute.id == minute_id).first() group = Group.query.filter(Group.id == group_id).first() if group != minute.group: return abort(403) return minute.content
def get_points(user_id=None): if not ModuleAPI.can_read('challenge'): abort(403) if request.args.get('user_id'): user_id = request.args.get('user_id') else: return "Error, no 'user_id' given" points = ChallengeAPI.get_points(user_id) return str(points)
def view_users(group_id): if not (ModuleAPI.can_read("group")): return abort(403) group = Group.query.filter(Group.id == group_id).first() if not group: flash("There is no such group.") return redirect(url_for("group.view")) users = group.users.order_by(User.first_name).order_by(User.last_name).all() return render_template("group/view_users.htm", group=group, users=users, title="%s users" % (group.name))
def view(page_nr=1): if not ModuleAPI.can_read('custom_form'): return abort(403) followed_forms = CustomForm.qry_followed().all() active_forms = CustomForm.qry_active().all() archived_paginate = CustomForm.qry_archived().paginate(page_nr, 10) return render_template('custom_form/overview.htm', followed_forms=followed_forms, active_forms=active_forms, archived_paginate=archived_paginate, page_nr=page_nr)
def get_group_users(group_id): if not (ModuleAPI.can_read("group")): return abort(403) group = Group.query.filter(Group.id == group_id).first() if not group: flash("There is no such group.") return redirect(url_for("group.view")) users = group.users.all() user_list = [[user.id, user.name] for user in users] user_list.sort() return json.dumps({"data": user_list})
def view(page_nr=1): if not (ModuleAPI.can_read("group")): return abort(403) form = ViewGroupForm(request.form) pagination = Group.query.order_by(Group.name).paginate(page_nr, 15, False) if form.validate_on_submit(): if form.delete_group.data: if ModuleAPI.can_write("group"): group_ids = [] for group, form_entry in zip(pagination.items, form.entries): if form_entry.select.data: group_ids.append(group.id) groups = Group.query.filter(Group.id.in_(group_ids)).all() for group in groups: db.session.delete(group) db.session.commit() if len(groups) > 1: flash("The selected groups have been deleted.", "success") else: flash("The selected group has been deleted.", "success") return redirect(url_for("group.view")) else: flash("This incident has been reported to our authorities.", "warning") else: for group in pagination.items: form.entries.append_entry() flash_form_errors(form) return render_template( "group/view.htm", form=form, pagination=pagination, groups=zip(pagination.items, form.entries), current_user=current_user, title="Groups", )
def view(redirect_id=None): if not ModuleAPI.can_read('redirect'): return abort(403) can_write = ModuleAPI.can_write('redirect') redirection = Redirect.query.get(redirect_id) if redirect_id else None if redirection: form = RedirectForm(request.form, redirection) else: form = RedirectForm(request.form) if form.validate_on_submit(): if not can_write: return abort(403) fro = form.data['fro'].rstrip('/') to = form.data['to'] old_redirection = Redirect.query.filter(Redirect.fro == fro).first() if old_redirection and old_redirection.id != redirect_id: flash('Er is al een omleiding vanaf dat pad gedefiniëerd.', 'danger') else: if redirection: redirection.fro = fro redirection.to = to else: redirection = Redirect(fro, to) db.session.add(redirection) db.session.commit() flash('De omleiding is succesvol opgeslagen.') return redirect(url_for('redirect.view', redirect_id=redirection.id)) redirections = Redirect.query.order_by(Redirect.fro).all() return render_template('redirect.htm', redirections=redirections, redirection=redirection, form=form, can_write=can_write)
def list(page_nr=1): """List all files that are not assigned to a page.""" if not ModuleAPI.can_read('file'): return abort(403) if request.args.get('search'): search = request.args.get('search', None) filters = FileAPI.search(search) files = File.query.filter(File.name.in_(filters), File.page == None) # noqa else: files = File.query.filter(File.page == None) # noqa files = files.order_by(File.name).paginate(page_nr, 30, False) form = FileForm() return render_template('files/list.htm', files=files, form=form)
def view(archive=None, page_nr=1): if not ModuleAPI.can_read('activity'): return abort(403) if archive == "archive": activities = Activity.query.filter( Activity.end_time < datetime.datetime.today()).order_by( Activity.start_time.desc()) title = _('Activity archive') + " - " + _('page') + " " + str(page_nr) else: activities = Activity.query.filter( Activity.end_time > ( datetime.datetime.now() - datetime.timedelta(hours=12))) \ .order_by(Activity.start_time.asc()) title = _('Activities') + ' - ' + _('page') + ' ' + str(page_nr) return render_template('activity/view.htm', activities=activities.paginate(page_nr, 10, False), archive=archive, title=title)
def list(page_nr=1, search=None): if not ModuleAPI.can_read('vacancy'): return abort(403) # Order the vacancies in such a way that vacancies that are new # or almost expired, end up on top. order = func.abs( (100 * (func.datediff(Vacancy.start_date, func.current_date()) / func.datediff(Vacancy.start_date, Vacancy.end_date))) - 50) if search is not None: vacancies = Vacancy.query.join(Company). \ filter(or_(Vacancy.title.like('%' + search + '%'), Company.name.like('%' + search + '%'), Vacancy.workload.like('%' + search + '%'), Vacancy.contract_of_service.like('%' + search + '%'))) \ .order_by(order.desc()) if not ModuleAPI.can_write('vacancy'): vacancies = vacancies.filter( and_(Vacancy.start_date < datetime.utcnow(), Vacancy.end_date > datetime.utcnow())) vacancies = vacancies.paginate(page_nr, 15, False) return render_template('vacancy/list.htm', vacancies=vacancies, search=search, path=FILE_FOLDER, title="Vacatures") if ModuleAPI.can_write('vacancy'): vacancies = Vacancy.query.join(Company).order_by(order.desc()) else: vacancies = Vacancy.query.order_by(order.desc()) \ .filter(and_(Vacancy.start_date < datetime.utcnow(), Vacancy.end_date > datetime.utcnow())) vacancies = vacancies.paginate(page_nr, 15, False) return render_template('vacancy/list.htm', vacancies=vacancies, search="", path=FILE_FOLDER, title="Vacatures")
def get_tasks_in_date_range(group_id, personal, start_date, end_date): """Load all tasks for a given group in a daterange.""" if not ModuleAPI.can_read('pimpy'): return abort(403) if current_user.is_anonymous: flash('Huidige gebruiker niet gevonden', 'danger') return redirect(url_for('pimpy.view_tasks')) status_meanings = Task.get_status_meanings() tasks_rel = TaskUserRel.query.join(Task).join(User) groups = UserAPI.get_groups_for_current_user() groups = map(lambda x: x.id, groups) if group_id == 'all': tasks_rel = tasks_rel.filter(Task.group_id.in_(groups)) else: group_id = int(group_id) if group_id not in groups: return abort(403) tasks_rel = tasks_rel.filter(Task.group_id == group_id) if personal: tasks_rel = tasks_rel.filter(User.id == current_user.id) tasks_rel = tasks_rel.filter(~Task.status.in_((4, 5))).join(Group).\ filter(start_date <= Task.timestamp, Task.timestamp <= end_date) tasks_rel = tasks_rel.order_by(Group.name.asc(), User.first_name.asc(), User.last_name.asc(), Task.id.asc()) return Markup(render_template('pimpy/api/tasks.htm', personal=personal, group_id=group_id, tasks_rel=tasks_rel, type='tasks', status_meanings=status_meanings, title='PimPy'))
def get_minute(group_id, minute_id, line_number): """Load (and thus view) specifically one minute.""" if not ModuleAPI.can_read('pimpy'): return abort(403) list_items = {} minute = Minute.query.filter(Minute.id == minute_id).first() group = Group.query.filter(Group.id == group_id).first() if group != minute.group: return abort(403) list_items[group.name] = [minute] tag = "%dln%d" % (list_items[group.name][0].id, int(line_number)) return render_template('pimpy/api/minutes.htm', list_items=list_items, type='minutes', group_id=group_id, line_number=line_number, tag=tag, title='PimPy')
def view_list(page=1): if not ModuleAPI.can_read('challenge') or current_user.is_anonymous: return abort(403) print((app.config['SQLALCHEMY_DATABASE_URI'])) challenge = Challenge() form = ChallengeForm(request.form, challenge) challenges = ChallengeAPI.fetch_all_challenges_user(current_user.id) approved_challenges = \ ChallengeAPI.fetch_all_approved_challenges_user(current_user.id) user_points = ChallengeAPI.get_points(current_user.id) ranking = ChallengeAPI.get_ranking() challenge_description = ChallengeAPI.get_challenge_description() return render_template('challenge/dashboard.htm', challenges=challenges, user_points=user_points, ranking=ranking, approved_challenges=approved_challenges, form=form, challenge_description=challenge_description)
def view_single(form_id=None): if not ModuleAPI.can_read('custom_form'): return abort(403) custom_form = CustomForm.query.get(form_id) if not custom_form: return abort(403) results = [] entries = CustomFormResult.query\ .filter(CustomFormResult.form_id == form_id).order_by("created") from urllib.parse import unquote_plus from urllib.parse import parse_qs for entry in entries: # Hide form entries from non existing users data = parse_qs(entry.data) # Add the entry date time = entry.created.strftime("%Y-%m-%d %H:%M") if \ entry.created is not None else "" # Append the results with a single entry results.append({ 'id': entry.id, 'owner': entry.owner, 'data': data, 'has_paid': entry.has_paid, 'time': time }) custom_form.results = results return render_template('custom_form/view_results.htm', custom_form=custom_form, xps=CustomForm.exports, unquote_plus=unquote_plus)