def index():
"""Return a friendly HTTP greeting."""
if current_user.is_authenticated:
# If authenticated - push into app, not homepage
if current_user.is_sudo():
# Staffjoy user. Go to Euler.
return redirect(url_for("euler.index"))
admins = current_user.admin_of.all()
if len(admins) > 0:
# Go to manage app
return redirect(url_for("manager.manager_app",
org_id=admins[0].id))
memberships = current_user.memberships()
if len(memberships) > 0:
# Go to planner
m = memberships[0]
return redirect(
url_for("myschedules.myschedules_app",
org_id=m.get("organization_id"),
location_id=m.get("location_id"),
role_id=m.get("role_id"),
user_id=current_user.id))
# Nothing left - default to portal
return redirect(url_for("auth.portal"))
if is_native():
return redirect(url_for("auth.native_login"))
return render_template("homepage.html")
def myschedules_app(org_id, location_id, role_id, user_id):
# verify route exists
user = RoleToUser.query.join(Role).join(Location).join(
Organization).filter(RoleToUser.user_id == user_id, Role.id == role_id,
Location.id == location_id,
Organization.id == org_id).first()
RoleToUser.query.filter_by(role_id=role_id,
user_id=user_id,
archived=False).first_or_404()
if user is None:
abort(404)
# check if sudo or logged in as user
if not (current_user.is_sudo() or current_user.id == user_id):
return abort(403)
current_user.track_event("visited_myschedules")
current_user.ping(org_id=org_id)
resp = make_response(
render_template("myschedules.html",
api_token=current_user.generate_api_token(),
org_id=org_id,
location_id=location_id,
role_id=role_id,
user_id=user_id))
resp.headers["Cache-Control"] = "no-store"
return resp
def studies_summary():
studies = OrderedDict(
sorted(study_config.items(), key=lambda t: t[1]["publication"]))
for k, v in studies.iteritems():
# Don't show stidies that are not published yet ;-)
if not v["public"]:
if current_user.is_authenticated and current_user.is_sudo():
continue
del studies[k]
return studies
def manager_app(org_id):
# Auth - are they sudo?
organization = Organization.query.get_or_404(org_id)
if current_user.is_sudo() or organization in current_user.manager_accounts(
):
current_user.track_event("visited_manager")
current_user.ping(org_id=org_id)
resp = make_response(
render_template("manager.html",
organization=organization,
api_token=current_user.generate_api_token()))
resp.headers["Cache-Control"] = "no-store"
return resp
return abort(403)
def before_request():
if not current_user.is_sudo():
abort(403)