def admin_orders_action(req, id):
check_login(req)
check_token(req, req.form.get('token'))
check_right(req, module_right)
if req.uri.endswith('/storno'):
ostate = STATE_STORNED
elif req.uri.endswith('/process'):
ostate = STATE_PROCESS
elif req.uri.endswith('/sent'):
ostate = STATE_SENT
elif req.uri.endswith('/close'):
ostate = STATE_CLOSED
elif req.uri.endswith('/wait_for_paid'):
ostate = STATE_WAIT_FOR_PAID
elif req.uri.endswith('/wait_for_pick_up'):
ostate = STATE_WAIT_FOR_PICK_UP
else:
raise SERVER_RETURN(state.HTTP_BAD_REQUEST)
note = req.form.getfirst('note', '', uni)
order = Order(id)
if order.set_state(req, ostate, note) is None:
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
if ostate != STATE_CLOSED:
send_order_status(req, order)
redirect(req, '/admin/eshop/orders/%d' % id)
def login_mod(req):
check_login(req)
login = Login(req.login.id)
token = do_create_token(req, "/login")
state = None
if req.method == "POST":
check_token(req, req.form.get("token"))
login.bind(req.form, req.cfg.login_rounds)
email = login.email if login.email != req.login.email else None
state = login.pref(req, email=email)
if 0 < state < 64:
return generate_page(req, "login/login_mod.html", token=token, item=login, error=state)
state = 0 if state is None else state
if email:
host = "%s (%s)" % (req.remote_host, req.remote_addr)
send_verify_email(req, login, req.login.email, host=host, browser=req.user_agent)
state |= REQUEST_FOR_EMAIL
else:
email = None
# endif
login.get(req)
req.login = login
return generate_page(req, "login/login_mod.html", token=token, item=login, state=state, email=email)
def eshop_cart_add(req):
do_check_mgc(req)
check_token(req, req.json.get('token'))
cart = ShoppingCart(req)
item_id = req.json.getfirst('item_id', fce=nint)
count = req.json.getfirst('count', 0, int)
if count < 1:
req.state = state.HTTP_BAD_REQUEST
req.content_type = 'application/json'
return json.dumps({'reason': 'count must bigger then zero'})
item = Item(item_id)
if not item.get(req) or item.state != STATE_VISIBLE:
req.state = state.HTTP_NOT_FOUND
req.content_type = 'application/json'
return json.dumps({'reason': 'item not found'})
# append or incrase item
cart.merge_items(((item_id, {'name': item.name,
'price': item.price,
'count': count
}),))
cart.store(req)
cart.calculate()
req.content_type = 'application/json'
return json.dumps({'reason': 'item append to cart', 'cart': cart.dict()})
def admin_logins_enable(req, id):
check_login(req, "/log_in?referer=/admin/logins")
check_right(req, R_ADMIN)
check_token(req, req.form.get("token"))
login = Login(id)
if req.login.id == login.id: # not good idea to
raise SERVER_RETURN(state.HTTP_FORBIDDEN) # disable himself
login.enabled = int(req.uri.endswith("/enable"))
login.enable(req)
redirect(req, "/admin/logins")
def admin_menu_delete(req, codebook, id):
check_login(req)
check_right(req, module_right)
check_token(req, req.args.get('token'),
uri='/admin/codebooks/%s' % codebook)
Codebook = build_class(codebook)
item = Codebook(id)
if item.delete(req):
return json_response(req)
req.status = state.HTTP_BAD_REQUEST
req.content_type = 'application/json'
return json_response(req, {'reason': 'integrity_error'})
def admin_item_state(req, id):
check_login(req, '/log_in?referer=/admin/eshop/store')
check_right(req, module_right)
check_token(req, req.form.get('token'), uri='/admin/eshop/store')
item = Item(id)
if not item.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
if req.uri.endswith('/visible'):
item.set_state(req, STATE_VISIBLE)
elif req.uri.endswith('/hidden'):
item.set_state(req, STATE_HIDDEN)
else:
item.set_state(req, STATE_DISABLED)
redirect(req, req.referer)
def admin_item_mod(req, id):
check_login(req)
check_right(req, module_right)
item = Item(id)
if req.method == 'POST':
check_token(req, req.form.get('token'))
item.bind(req.form)
error = item.mod(req)
if error != item:
return generate_page(req, "admin/eshop/item_mod.html",
item=item, error=error)
if not item.get(req): # still fresh data
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
return generate_page(req, "admin/eshop/item_mod.html",
token=create_token(req), item=item)
def admin_item_add(req):
check_login(req)
check_right(req, module_right)
item = Item()
if req.method == 'POST':
check_token(req, req.form.get('token'), uri='/admin/eshop/store/add')
item.bind(req.form)
error = item.add(req)
if error != item:
return generate_page(req, "admin/eshop/item_mod.html",
item=item, error=error)
redirect(req, '/admin/eshop/store/%d' % item.id)
# endif
return generate_page(req, "admin/eshop/item_mod.html",
token=create_token(req), item=item)
def admin_codebook_add_update(req, codebook, id=None):
check_login(req)
check_right(req, module_right)
check_token(req, req.form.get('token'),
uri='/admin/codebooks/%s' % codebook)
Codebook = build_class(codebook)
item = Codebook(id)
item.bind(req.form)
if not item.value:
req.status = state.HTTP_BAD_REQUEST
return json_response(req, {'reason': 'empty_value'})
if (item.mod(req) if id else item.add(req)):
return json_response(req)
req.status = state.HTTP_BAD_REQUEST
return json_response(req, {'reason': 'value_exist'})
def eshop_cart_pay_and_order(req):
do_check_mgc(req)
check_token(req, req.form.get('token'), uri='/eshop/cart/recapitulation')
cart = ShoppingCart(req)
# TODO: payment page if could be (paypal, card, transfer)
order = Order.from_cart(cart)
if not order:
redirect(req, '/eshop')
order.client_id = req.login.id if req.login else None
retval = order.add(req)
if retval == order:
cart.clean(req)
send_order_status(req, order)
return generate_page(req, "eshop/shopping_accept.html",
order=order)
if retval[0] == EMPTY_ITEMS:
redirect(req, '/eshop')
if retval[0] == NOT_ENOUGH_ITEMS:
cart.set_not_enought(retval[1])
cart.store(req)
redirect(req, '/eshop/cart')
def eshop_cart(req):
do_check_mgc(req)
cart = ShoppingCart(req)
if req.method == 'PATCH':
check_token(req, req.json.get('token'), uri='/eshop/cart')
cart.merge_items(req.json.get('items', []))
req.content_type = 'application/json'
cart.store(req) # store shopping cart
cart.calculate()
return json.dumps({'cart': cart.dict()})
cart.calculate()
if req.is_xhr:
check_origin(req)
req.content_type = 'application/json'
return json.dumps({'cart': cart.dict()})
# GET method only view shopping cart - no store was needed
return generate_page(req, "eshop/shopping_cart.html",
token=create_token(req),
cfg_currency=req.cfg.eshop_currency, cart=cart)
def admin_item_actions(req, item_id):
check_login(req)
check_right(req, module_right)
check_token(req, req.args.get('token'),
uri='/admin/eshop/store/%s' % item_id)
action_type = req.args.getfirst('type', '', uni)
if action_type == 'inc':
kwargs = {'action_type': ACTION_INC}
elif action_type == 'dec':
kwargs = {'action_type': ACTION_DEC}
elif action_type == 'pri':
kwargs = {'action_type': ACTION_PRI}
else:
kwargs = {}
kwargs['item_id'] = item_id
pager = Pager(sort='desc')
pager.bind(req.args)
actions = list(a.__dict__ for a in Action.list(req, pager, **kwargs))
req.content_type = 'application/json'
return json.dumps({'actions': actions, 'pager': pager.__dict__})
def admin_logins_mod(req, id):
check_login(req)
check_right(req, R_ADMIN)
token = do_create_token(req, "/admin/logins/%d" % id)
login = Login(id)
if req.login.id == login.id: # not good idea to remove
raise SERVER_RETURN(state.HTTP_FORBIDDEN) # rights himself
done = None
if req.method == "POST":
check_token(req, req.form.get("token"))
login.bind(req.form, req.cfg.login_rounds)
done = login.mod(req)
if 0 < done < 64:
return generate_page(req, "admin/logins_mod.html", token=token, rights=rights, item=login, error=done)
# endif
# endif
if not login.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
return generate_page(req, "admin/logins_mod.html", token=token, rights=rights, item=login, state=done)
def admin_logins_add(req):
check_login(req)
check_right(req, R_ADMIN)
token = do_create_token(req, "/admin/logins/add")
if req.method == "POST":
check_token(req, req.form.get("token"))
login = Login()
login.bind(req.form, req.cfg.login_rounds)
if not req.cfg.login_created_verify_link:
login.enabled = 1
login.rights = ["user"]
error = login.add(req)
if error:
return generate_page(req, "admin/logins_mod.html", token=token, rights=rights, item=login, error=error)
if req.cfg.login_created_verify_link:
send_login_created(req, login)
redirect(req, "/admin/logins/%d" % login.id)
# endif
return generate_page(req, "admin/logins_mod.html", token=token, rights=rights)
def admin_item_incdec(req, id):
check_login(req, '/log_in?referer=/admin/eshop/store/%s' % id)
check_right(req, module_right)
check_token(req, req.form.get('token'), uri='/admin/eshop/store/%s' % id)
if req.uri.endswith('/inc'):
action_type = ACTION_INC
elif req.uri.endswith('/dec'):
action_type = ACTION_DEC
elif req.uri.endswith('/pri'):
action_type = ACTION_PRI
else:
raise RuntimeError('Unknow action')
action = Action.bind(req.form, action_type)
item = Item(id)
if not item.action(req, action) or not item.get(req):
req.status = state.HTTP_NOT_FOUND
req.content_type = 'application/json'
return json.dumps({'reason': 'item not found'})
req.content_type = 'application/json'
return json.dumps({'item': item.__dict__})
def eshop_cart_address_post(req):
do_check_mgc(req)
check_token(req, req.form.get('token'), uri='/eshop/cart/address')
cart = ShoppingCart(req)
way = req.form.getfirst('way', '', str)
same_as_billing = 'same_as_billing' in req.form
billing_address = Address.bind(req.form, 'billing_')
if same_as_billing:
shipping_address = billing_address.copy()
shipping_address['same_as_billing'] = True
else:
shipping_address = Address.bind(req.form, 'shipping_')
shipping_address['same_as_billing'] = False
transportation = req.form.getfirst('transportation', '', str)
payment = req.form.getfirst('payment', '', str)
if req.login:
email = req.login.email
emailcheck = email
else:
email = req.form.getfirst('email', '', str)
emailcheck = req.form.getfirst('emailcheck', '', str)
transportation_price = req.cfg.__dict__.get(
'eshop_transportation_' + transportation, -1)
payment_price = req.cfg.__dict__.get(
'eshop_payment_' + payment, -1)
if transportation and transportation_price < 0:
raise SERVER_RETURN(state.HTTP_BAD_REQUEST)
if payment and payment_price < 0:
raise SERVER_RETURN(state.HTTP_BAD_REQUEST)
if len(billing_address):
cart.billing_address = billing_address
if len(shipping_address):
cart.shipping_address = shipping_address
if transportation:
cart.transportation = (transportation, transportation_price)
if payment:
cart.payment = (payment, payment_price)
if re_email.match(email):
cart.email = email
if re_email.match(emailcheck):
cart.emailcheck = emailcheck
cart.store(req) # store shopping cart
if not billing_address:
return eshop_cart_address(req, cart, error='no_billing_address')
if len(shipping_address) == 1: # only same_as_billing
return eshop_cart_address(req, cart, error='no_shipping_address')
if not email or email != emailcheck:
return eshop_cart_address(req, cart, error='no_email')
if not transportation:
return eshop_cart_address(req, cart, error='no_transportation')
if not payment:
return eshop_cart_address(req, cart, error='no_payment')
# end of errors block
cart.calculate()
if way == 'next':
redirect(req, '/eshop/cart/recapitulation')
elif way == 'prev':
redirect(req, '/eshop/cart')
return eshop_cart_address(req, cart)
