def change_room_numbers(rmnumber):
log = logger.new(request=request)
username = request.headers.get('x-webauth-user')
account = ldap_get_member(username)
update = request.get_json()
if not ldap_is_eval_director(account):
return "must be eval director", 403
# Get the current list of people living on-floor.
current_students = ldap_get_current_students()
# Set the new room number for each person in the list.
for occupant in update["occupants"]:
if occupant != "":
account = ldap_get_member(occupant)
account.roomNumber = rmnumber
log.info('{} assigned to room {}'.format(occupant, rmnumber))
ldap_set_active(account)
log.info('{} marked as active because of room assignment'.format(
occupant))
# Delete any old occupants that are no longer in room.
for old_occupant in [
account for account in current_students
if ldap_get_roomnumber(account) == str(rmnumber)
and account.uid not in update["occupants"]
]:
log.info('{} removed from room {}'.format(old_occupant.uid,
old_occupant.roomNumber))
old_occupant.roomNumber = None
return jsonify({"success": True}), 200
def display_member_management():
log = logger.new(request=request)
log.info('Display Member Management')
username = request.headers.get('x-webauth-user')
account = ldap_get_member(username)
if not ldap_is_eval_director(account) and not ldap_is_financial_director(
account):
return "must be eval director", 403
member_list = get_members_info()
onfloor_list = get_onfloor_members()
co_op_list = [(ldap_get_member(member.uid).displayName, member.semester, member.uid) \
for member in CurrentCoops.query.filter(
CurrentCoops.date_created > start_of_year(),
CurrentCoops.semester != "Neither")]
freshmen = FreshmanAccount.query
freshmen_list = []
for freshman_user in freshmen: # pylint: disable=not-an-iterable
freshmen_list.append({
"id":
freshman_user.id,
"name":
freshman_user.name,
"onfloor":
freshman_user.onfloor_status,
"room":
"" if freshman_user.room_number is None else
freshman_user.room_number,
"eval_date":
freshman_user.eval_date
})
settings = EvalSettings.query.first()
if settings:
lockdown = settings.site_lockdown
intro_form = settings.intro_form_active
accept_dues_until = settings.accept_dues_until
else:
lockdown = False
intro_form = False
accept_dues_until = datetime.now()
return render_template(request,
"member_management.html",
username=username,
active=member_list,
num_current=len(member_list),
num_active=len(ldap_get_active_members()),
num_fresh=len(freshmen_list),
num_onfloor=len(onfloor_list),
freshmen=freshmen_list,
co_op=co_op_list,
site_lockdown=lockdown,
accept_dues_until=accept_dues_until,
intro_form=intro_form)
def edit_uid(uid, flask_request, username):
log = logger.new(request=flask_request, auth_dict={'username': username})
post_data = flask_request.get_json()
account = ldap_get_member(uid)
active_member = post_data['activeMember']
current_account = ldap_get_member(username)
if ldap_is_eval_director(current_account):
room_number = post_data['roomNumber']
onfloor_status = post_data['onfloorStatus']
housing_points = post_data['housingPoints']
log.info('Edit {} - Room: {} On-Floor: {} Points: {}'.format(
uid,
post_data['roomNumber'],
post_data['onfloorStatus'],
post_data['housingPoints']))
ldap_set_roomnumber(account, room_number)
if onfloor_status:
# If a OnFloorStatusAssigned object exists, don't make another
if not ldap_is_member_of_group(account, "onfloor"):
db.session.add(OnFloorStatusAssigned(uid, datetime.now()))
ldap_add_member_to_group(account, "onfloor")
else:
for ofs in OnFloorStatusAssigned.query.filter(OnFloorStatusAssigned.uid == uid):
db.session.delete(ofs)
db.session.flush()
db.session.commit()
if ldap_is_member_of_group(account, "onfloor"):
ldap_remove_member_from_group(account, "onfloor")
ldap_set_housingpoints(account, housing_points)
# Only update if there's a diff
log.info('Set {} Active: {}'.format(uid, active_member))
if ldap_is_active(account) != active_member:
if active_member:
ldap_set_active(account)
else:
ldap_set_inactive(account)
if active_member:
db.session.add(SpringEval(uid))
else:
SpringEval.query.filter(
SpringEval.uid == uid and
SpringEval.active).update(
{
'active': False
})
clear_members_cache()
def introductory_project_submit():
log = logger.new(request=request)
username = request.headers.get('x-webauth-user')
account = ldap_get_member(username)
if not ldap_is_eval_director(account):
return "must be eval director", 403
post_data = request.get_json()
if not isinstance(post_data, list):
abort(400)
for intro_member in post_data:
if not isinstance(intro_member, dict):
abort(400)
if 'uid' not in intro_member or 'status' not in intro_member:
abort(400)
if intro_member['status'] not in ['Passed', 'Pending', 'Failed']:
abort(400)
log.info('Freshmen Project {} for {}'.format(intro_member['status'],
intro_member['uid']))
FreshmanEvalData.query.filter(
FreshmanEvalData.uid == intro_member['uid']).update(
{'freshman_project': intro_member['status']})
db.session.flush()
db.session.commit()
return jsonify({"success": True}), 200
def major_project_review():
log = logger.new(request=request)
# get user data
user_name = request.headers.get('x-webauth-user')
account = ldap_get_member(user_name)
if not ldap_is_eval_director(account):
return redirect("/dashboard", code=302)
post_data = request.get_json()
pid = post_data['id']
status = post_data['status']
log.info('{} Major Project ID: {}'.format(status, pid))
print(post_data)
MajorProject.query.filter(
MajorProject.id == pid). \
update(
{
'status': status
})
db.session.flush()
db.session.commit()
return jsonify({"success": True}), 200
def member_management_deleteuser(fid):
log = logger.new(request=request)
log.info('Delete freshman-{}'.format(fid))
username = request.headers.get('x-webauth-user')
account = ldap_get_member(username)
if not ldap_is_eval_director(account):
return "must be eval director", 403
if not fid.isdigit():
return "can only delete freshman accounts", 400
log.info('backend', action="delete freshman account %s" % fid)
for fca in FreshmanCommitteeAttendance.query.filter(
FreshmanCommitteeAttendance.fid == fid):
db.session.delete(fca)
for fts in FreshmanSeminarAttendance.query.filter(
FreshmanSeminarAttendance.fid == fid):
db.session.delete(fts)
for fhm in FreshmanHouseMeetingAttendance.query.filter(
FreshmanHouseMeetingAttendance.fid == fid):
db.session.delete(fhm)
FreshmanAccount.query.filter(FreshmanAccount.id == fid).delete()
db.session.flush()
db.session.commit()
return jsonify({"success": True}), 200
def member_management_uploaduser():
username = request.headers.get('x-webauth-user')
account = ldap_get_member(username)
log = logger.new(request=request)
if not ldap_is_eval_director(account):
return "must be eval director", 403
f = request.files['file']
if not f:
return "No file", 400
try:
stream = io.StringIO(f.stream.read().decode("UTF8"), newline=None)
csv_input = csv.reader(stream)
for new_user in csv_input:
name = new_user[0]
onfloor_status = new_user[1]
if new_user[2]:
room_number = new_user[2]
else:
room_number = None
log.info(
'Create Freshman Account for {} via CSV Upload'.format(name))
db.session.add(FreshmanAccount(name, onfloor_status, room_number))
db.session.flush()
db.session.commit()
return jsonify({"success": True}), 200
except csv.Error:
return "file could not be processed", 400
def conditional_review():
log = logger.new(request=request)
# get user data
user_name = request.headers.get('x-webauth-user')
account = ldap_get_member(user_name)
if not ldap_is_eval_director(account):
return redirect("/dashboard", code=302)
post_data = request.get_json()
cid = post_data['id']
status = post_data['status']
log.info('Updated conditional-{} to {}'.format(cid, status))
conditional = Conditional.query.filter(Conditional.id == cid)
cond_obj = conditional.first()
conditional.update({'status': status})
if cond_obj.s_evaluation:
SpringEval.query.filter(SpringEval.id == cond_obj.s_evaluation).update(
{'status': status})
elif cond_obj.i_evaluation:
FreshmanEvalData.query.filter(
FreshmanEvalData.id == cond_obj.i_evaluation).update(
{'freshman_eval_result': status})
db.session.flush()
db.session.commit()
return jsonify({"success": True}), 200
def slideshow_intro_review():
log = logger.new(request=request)
# get user data
user_name = request.headers.get('x-webauth-user')
account = ldap_get_member(user_name)
if not ldap_is_eval_director(account):
return redirect("/dashboard", code=302)
post_data = request.get_json()
uid = post_data['uid']
status = post_data['status']
log.info('Intro Eval for {}: {}'.format(uid, status))
FreshmanEvalData.query.filter(
FreshmanEvalData.uid == uid and
FreshmanEvalData.active). \
update(
{
'freshman_eval_result': status
})
db.session.flush()
db.session.commit()
return jsonify({"success": True}), 200
def route_errors(error):
data = dict()
username = request.headers.get('x-webauth-user')
# Handle the case where the header isn't present
if username is not None:
member = ldap_get_member(username)
data['username'] = member.uid
data['name'] = member.cn
else:
data['username'] = "******"
data['name'] = "Unknown"
# Figure out what kind of error was passed
if isinstance(error, int):
code = error
elif hasattr(error, 'code'):
code = error.code
else:
# Unhandled exception
code = 500
# Is this a 404?
if code == 404:
error_desc = "Page Not Found"
else:
error_desc = type(error).__name__
return render_template('errors.html',
error=error_desc,
error_code=code,
event_id=g.sentry_event_id,
public_dsn=sentry.client.get_public_dsn('https'),
**data), int(code)
def submit_seminar_attendance():
log = logger.new(request=request)
log.info('Submit Technical Seminar Attendance')
user_name = request.headers.get('x-webauth-user')
account = ldap_get_member(user_name)
approved = ldap_is_eboard(account)
post_data = request.get_json()
seminar_name = post_data['name']
m_attendees = post_data['members']
f_attendees = post_data['freshmen']
timestamp = post_data['timestamp']
timestamp = datetime.strptime(timestamp, "%Y-%m-%d")
seminar = TechnicalSeminar(seminar_name, timestamp, approved)
db.session.add(seminar)
db.session.flush()
db.session.refresh(seminar)
for m in m_attendees:
log.info('Gave Attendance to {} for {}'.format(m, seminar_name))
db.session.add(MemberSeminarAttendance(m, seminar.id))
for f in f_attendees:
log.info('Gave Attendance to freshman-{} for {}'.format(
f, seminar_name))
db.session.add(FreshmanSeminarAttendance(f, seminar.id))
db.session.commit()
return jsonify({"success": True}), 200
def alter_house_attendance(uid, hid):
log = logger.new(request=request)
user_name = request.headers.get('x-webauth-user')
account = ldap_get_member(user_name)
if not ldap_is_eval_director(account):
return "must be evals", 403
if not uid.isdigit():
log.info('Mark {} Present for House Meeting ID: {}'.format(uid, hid))
member_meeting = MemberHouseMeetingAttendance.query.filter(
MemberHouseMeetingAttendance.uid == uid,
MemberHouseMeetingAttendance.meeting_id == hid).first()
member_meeting.attendance_status = "Attended"
db.session.commit()
return jsonify({"success": True}), 200
log.info('Mark freshman-{} Present for House Meeting ID: {}'.format(
uid, hid))
freshman_meeting = FreshmanHouseMeetingAttendance.query.filter(
FreshmanHouseMeetingAttendance.fid == uid,
FreshmanHouseMeetingAttendance.meeting_id == hid).first()
freshman_meeting.attendance_status = "Attended"
db.session.commit()
return jsonify({"success": True}), 200
def alter_seminar_attendance(sid):
log = logger.new(request=request)
log.info('Edit Technical Seminar Attendance')
user_name = request.headers.get('x-webauth-user')
account = ldap_get_member(user_name)
if not ldap_is_eboard(account):
return jsonify({"success": False, "error": "Not EBoard"}), 403
post_data = request.get_json()
meeting_id = sid
m_attendees = post_data['members']
f_attendees = post_data['freshmen']
FreshmanSeminarAttendance.query.filter(
FreshmanSeminarAttendance.seminar_id == meeting_id).delete()
MemberSeminarAttendance.query.filter(
MemberSeminarAttendance.seminar_id == meeting_id).delete()
for m in m_attendees:
db.session.add(MemberSeminarAttendance(m, meeting_id))
for f in f_attendees:
db.session.add(FreshmanSeminarAttendance(f, meeting_id))
db.session.flush()
db.session.commit()
return jsonify({"success": True}), 200
def get_ts_attendees(cid, user_dict=None):
if request.method == 'GET':
attendees = [{
"value": a.uid,
"display": ldap_get_member(a.uid).displayName
} for a in MemberCommitteeAttendance.query.filter(
MemberCommitteeAttendance.meeting_id == cid).all()]
for freshman in [{
"value":
a.fid,
"display":
FreshmanAccount.query.filter(
FreshmanAccount.id == a.fid).first().name
} for a in FreshmanCommitteeAttendance.query.filter(
FreshmanCommitteeAttendance.meeting_id == cid).all()]:
attendees.append(freshman)
return jsonify({"attendees": attendees}), 200
log = logger.new(request=request, auth_dict=user_dict)
log.info('Delete Committee Meeting {}'.format(cid))
if not ldap_is_eboard(user_dict['account']):
return jsonify({"success": False, "error": "Not EBoard"}), 403
FreshmanCommitteeAttendance.query.filter(
FreshmanCommitteeAttendance.meeting_id == cid).delete()
MemberCommitteeAttendance.query.filter(
MemberCommitteeAttendance.meeting_id == cid).delete()
CommitteeMeeting.query.filter(CommitteeMeeting.id == cid).delete()
db.session.flush()
db.session.commit()
return jsonify({"success": True}), 200
def submit_committee_attendance():
log = logger.new(request=request)
user_name = request.headers.get('x-webauth-user')
account = ldap_get_member(user_name)
approved = ldap_is_eboard(account)
post_data = request.get_json()
committee = post_data['committee']
m_attendees = post_data['members']
f_attendees = post_data['freshmen']
timestamp = post_data['timestamp']
log.info('Submit {} Meeting Attendance'.format(committee))
timestamp = datetime.strptime(timestamp, "%Y-%m-%d")
meeting = CommitteeMeeting(committee, timestamp, approved)
db.session.add(meeting)
db.session.flush()
db.session.refresh(meeting)
for m in m_attendees:
log.info('Gave Attendance to {} for {}'.format(m, committee))
db.session.add(MemberCommitteeAttendance(m, meeting.id))
for f in f_attendees:
log.info('Gave Attendance to freshman-{} for {}'.format(f, committee))
db.session.add(FreshmanCommitteeAttendance(f, meeting.id))
db.session.commit()
return jsonify({"success": True}), 200
def display_major_project():
log = logger.new(request=request)
log.info('Display Major Project Page')
# get user data
user_name = request.headers.get('x-webauth-user')
major_projects = [{
'username': p.uid,
'name': ldap_get_member(p.uid).cn,
'proj_name': p.name,
'status': p.status,
'description': p.description,
'id': p.id,
'is_owner': bool(user_name == p.uid)
} for p in MajorProject.query.filter(
MajorProject.date > start_of_year()).order_by(desc(MajorProject.id))]
major_projects_len = len(major_projects)
# return names in 'first last (username)' format
return render_template(request,
'major_project_submission.html',
major_projects=major_projects,
major_projects_len=major_projects_len,
username=user_name)
def member_management_upgrade_user(user_dict=None):
log = logger.new(request=request, auth_dict=user_dict)
if not ldap_is_eval_director(user_dict['account']):
return "must be eval director", 403
post_data = request.get_json()
fid = post_data['fid']
uid = post_data['uid']
signatures_missed = post_data['sigsMissed']
log.info('Upgrade freshman-{} to Account: {}'.format(fid, uid))
acct = FreshmanAccount.query.filter(
FreshmanAccount.id == fid).first()
new_acct = FreshmanEvalData(uid, signatures_missed)
new_acct.eval_date = acct.eval_date
db.session.add(new_acct)
for fca in FreshmanCommitteeAttendance.query.filter(FreshmanCommitteeAttendance.fid == fid):
db.session.add(MemberCommitteeAttendance(uid, fca.meeting_id))
db.session.delete(fca)
for fts in FreshmanSeminarAttendance.query.filter(FreshmanSeminarAttendance.fid == fid):
db.session.add(MemberSeminarAttendance(uid, fts.seminar_id))
db.session.delete(fts)
for fhm in FreshmanHouseMeetingAttendance.query.filter(FreshmanHouseMeetingAttendance.fid == fid):
# Don't duplicate HM attendance records
mhm = MemberHouseMeetingAttendance.query.filter(
MemberHouseMeetingAttendance.meeting_id == fhm.meeting_id).first()
if mhm is None:
db.session.add(MemberHouseMeetingAttendance(
uid, fhm.meeting_id, fhm.excuse, fhm.attendance_status))
else:
log.info('Duplicate house meeting attendance! fid: {}, uid: {}, id: {}'.format(
fid,
uid,
fhm.meeting_id))
db.session.delete(fhm)
new_account = ldap_get_member(uid)
if acct.onfloor_status:
db.session.add(OnFloorStatusAssigned(uid, datetime.now()))
ldap_set_onfloor(new_account)
if acct.room_number:
ldap_set_roomnumber(new_account, acct.room_number)
db.session.delete(acct)
db.session.flush()
db.session.commit()
clear_members_cache()
return jsonify({"success": True}), 200
def remove_current_student(uid):
log = logger.new(request=request)
username = request.headers.get('x-webauth-user')
account = ldap_get_member(username)
if not ldap_is_eval_director(account):
return "must be eval director", 403
member = ldap_get_member(uid)
if request.method == 'DELETE':
log.info('Remove {} from Current Student'.format(uid))
ldap_set_non_current_student(member)
elif request.method == 'POST':
log.info('Add {} to Current Students'.format(uid))
ldap_set_current_student(member)
return jsonify({"success": True}), 200
def get_member(uid):
log = logger.new(request=request)
log.info('Get {}\'s Information'.format(uid))
username = request.headers.get('x-webauth-user')
account = ldap_get_member(username)
if not ldap_is_eval_director(account):
return "must be eval director", 403
member = ldap_get_member(uid)
account_dict = {
"uid": member.uid,
"name": member.cn,
"display": member.displayName
}
return jsonify(account_dict), 200
def restart_app():
user_name = request.headers.get('x-webauth-user')
account = ldap_get_member(user_name)
if not ldap_is_rtp(account):
return redirect("/dashboard")
log = logger.new(request=request)
log.info('Restart Conditional')
os.kill(os.getpid(), signal.SIGINT)
return "application restarted", 200
def wrapped_function(*args, **kwargs):
username = str(session["userinfo"].get("preferred_username", ""))
account = ldap_get_member(username)
user_dict = {
'username': username,
'account': account
}
kwargs["user_dict"] = user_dict
return func(*args, **kwargs)
def get_cm_attendees(sid):
if request.method == 'GET':
attendees = [{
"value": a.uid,
"display": ldap_get_member(a.uid).displayName
} for a in MemberSeminarAttendance.query.filter(
MemberSeminarAttendance.seminar_id == sid).all()]
for freshman in [{
"value":
a.fid,
"display":
FreshmanAccount.query.filter(
FreshmanAccount.id == a.fid).first().name
} for a in FreshmanSeminarAttendance.query.filter(
FreshmanSeminarAttendance.seminar_id == sid).all()]:
attendees.append(freshman)
return jsonify({"attendees": attendees}), 200
else:
log = logger.new(request=request)
log.info('Delete Technical Seminar {}'.format(sid))
user_name = request.headers.get('x-webauth-user')
account = ldap_get_member(user_name)
if not ldap_is_eboard(account):
return jsonify({"success": False, "error": "Not EBoard"}), 403
FreshmanSeminarAttendance.query.filter(
FreshmanSeminarAttendance.seminar_id == sid).delete()
MemberSeminarAttendance.query.filter(
MemberSeminarAttendance.seminar_id == sid).delete()
TechnicalSeminar.query.filter(TechnicalSeminar.id == sid).delete()
db.session.flush()
db.session.commit()
return jsonify({"success": True}), 200
def member_management_make_user_active():
log = logger.new(request=request)
uid = request.headers.get('x-webauth-user')
account = ldap_get_member(uid)
if not ldap_is_current_student(account) or ldap_is_active(account):
return "must be current student and not active", 403
ldap_set_active(account)
log.info("Make user {} active".format(uid))
clear_members_cache()
return jsonify({"success": True}), 200
def introductory_project():
log = logger.new(request=request)
log.info('Display Freshmen Project Management')
username = request.headers.get('x-webauth-user')
account = ldap_get_member(username)
if not ldap_is_eval_director(account):
return "must be eval director", 403
return render_template(request,
'introductory_project.html',
username=username,
intro_members=display_intro_evals(internal=True))
def display_attendance_hm():
log = logger.new(request=request)
log.info('Display House Meeting Attendance Page')
user_name = request.headers.get('x-webauth-user')
account = ldap_get_member(user_name)
if not ldap_is_eval_director(account):
return redirect("/dashboard")
return render_template(request,
'attendance_hm.html',
username=user_name,
date=datetime.now().strftime("%Y-%m-%d"),
members=get_non_alumni_non_coop(internal=True))
def remove_current_student(uid, user_dict=None):
log = logger.new(request=request, auth_dict=user_dict)
if not ldap_is_eval_director(user_dict['account']):
return "must be eval director", 403
member = ldap_get_member(uid)
if request.method == 'DELETE':
log.info('Remove {} from Current Student'.format(uid))
ldap_set_non_current_student(member)
elif request.method == 'POST':
log.info('Add {} to Current Students'.format(uid))
ldap_set_current_student(member)
return jsonify({"success": True}), 200
def display_logs():
log = logger.new(request=request)
log.info('Display Logs')
username = request.headers.get('x-webauth-user')
account = ldap_get_member(username)
log.info(account.displayName)
if not ldap_is_eboard(account) and not ldap_is_rtp(account):
return "must be rtp or eboard", 403
logs = UserLog.query.all()
return render_template(request, "logs.html", logs=logs, username=username)
def conditional_delete(cid):
log = logger.new(request=request)
log.info('Delete conditional-{}'.format(cid))
user_name = request.headers.get('x-webauth-user')
account = ldap_get_member(user_name)
if ldap_is_eval_director(account):
Conditional.query.filter(Conditional.id == cid).delete()
db.session.flush()
db.session.commit()
return jsonify({"success": True}), 200
return "Must be evals director to delete!", 401
def get_seminar_attendees(meeting_id):
attendees = [
ldap_get_member(a.uid).displayName
for a in MemberSeminarAttendance.query.filter(
MemberSeminarAttendance.seminar_id == meeting_id).all()
]
for freshman in [
a.fid for a in FreshmanSeminarAttendance.query.filter(
FreshmanSeminarAttendance.seminar_id == meeting_id).all()
]:
attendees.append(
FreshmanAccount.query.filter(
FreshmanAccount.id == freshman).first().name)
return attendees
def get_member(uid, user_dict=None):
log = logger.new(request=request, auth_dict=user_dict)
log.info('Get {}\'s Information'.format(uid))
if not ldap_is_eval_director(user_dict['account']):
return "must be eval director", 403
member = ldap_get_member(uid)
account_dict = {
"uid": member.uid,
"name": member.cn,
"display": member.displayName
}
return jsonify(account_dict), 200