def view(folder_id=None): form = QueryTagForm() folder = None if folder_id: folder = Folder.query.filter_by(id=folder_id).first() if folder.user_id != current_user.get_user().id: return abort(404) photos = None folders = get_folders() if form.validate_on_submit(): tags = form.query.data.split(",") photos = [] photo_ids = set() for tag in tags: for photo in get_tagged_photos(tag): if not photo[0].id in photo_ids: if not folder or FolderPhoto.query.filter_by(folder_id=folder_id, photo_id=photo[0].id).first(): photos.append(photo[0]) photo_ids.add(photo[0].id) else: if folder: photos = get_photos(folder) else: photos = Photo.query.filter_by(user_id=current_user.get_user().id).all() return render_template("photo/view.html", photos=photos, form=form, folders=folders, folder=folder)
def post(self, task, database, table, job, ended_at): """ add new records from task """ if job['type'] != TaskType.POPULATING: abort(406, message='Task type is invalid') if not current_user.role_is( (UserRole.ADMIN, UserRole.DATA_MANAGER, UserRole.DATA_FILLER)): abort(403, message= 'User access deny. You do not have permission to database') entity = Loader.get_database(database)[table == 'REACTION'] res = [] for s in job['structures']: if s['status'] != StructureStatus.CLEAR or s[ 'type'] != StructureType[table]: continue data = marshal(s, RecordStructureFields.resource_fields) structure = data.pop('data') in_db = entity.find_structure(structure) if not in_db: in_db = entity(structure, current_user.get_user()) res.append(in_db.add_metadata(data, current_user.get_user())) flush() return res, 201
def perform_delete(photo_id): photo = Photo.query.filter_by(id=photo_id).first() if photo.user_id != current_user.get_user().id: return abort(404) else: delete_photo(photo) return redirect(url_for("photos.view"))
def post(self, task, job, ended_at): """ Store in database modeled task only modeled tasks can be saved. failed models in structures skipped. """ if job['type'] != TaskType.MODELING: abort( 406, message='task type is invalid. only modeling tasks acceptable') if Task.exists(task=task): abort(409, message='task already exists in db') data = marshal(job['structures'], TaskStructureResponseFields.resource_fields) Task(data, type=job['type'], date=ended_at, user=current_user.get_user(), task=task) return dict(task=task, status=TaskStatus.PROCESSED, date=ended_at, type=job['type'], user=current_user), 201
def get(self, profile_id): if profile_id == 'me': return g.Profile.objects.filter(user=current_user.get_user()).first() else: if not current_user.is_admin(): return abort(401) return g.Profile.objects.with_id(profile_id)
def put(self, profile_id): if profile_id != 'me' and not current_user.is_admin(): return abort(401) if profile_id == 'me': profile = g.Profile.objects.filter(user=current_user.get_user()).first() else: profile = g.Profile.objects.with_id(profile_id) parser = reqparse.RequestParser() parser.add_argument('facebook_id', type=unicode, store_missing=False) parser.add_argument('twitter_id', type=unicode, store_missing=False) parser.add_argument('biography', type=unicode, store_missing=False) parser.add_argument('birthday', type=unicode, store_missing=False) args = parser.parse_args() for field in ['facebook_id', 'twitter_id']: if field in args.keys(): setattr(profile, field, args[field]) if 'biography' in args.keys(): profile.biography = bleach.clean(args['biography'], tags=ALLOWED_TAGS, styles=ALLOWED_STYLES, attributes=ALLOWED_ATTRIBUTES) if 'birthday' in args.keys(): profile.birthday = arrow.get(args['birthday']).naive profile.save() return profile
def confirm_delete(folder_id): folder = Folder.query.filter_by(id=folder_id).first() if folder.user_id != current_user.get_user().id: return abort(404) else: return render_template("folder/confirm_delete.html", folder=folder)
def get(self, page=None): """ Get current user's saved tasks """ q = Task.select(lambda x: x.user == current_user.get_user()) if page is not None: q = q.page(page, pagesize=RESULTS_PER_PAGE) return list(q)
def perform_delete(folder_id): folder = Folder.query.filter_by(id=folder_id).first() if folder.user_id != current_user.get_user().id: return abort(404) else: delete_folder(folder) return redirect(url_for("photos.view"))
def add_post(): banner_name, file_name = combo_save(active_form.banner_field, active_form.attachment) p = Email(from_name=active_form.from_name.data, reply_name=active_form.reply_name.data, reply_mail=active_form.reply_mail.data, meeting=active_form.meeting_id.data, type=active_form.type, author=current_user.get_user(), title=active_form.title.data, slug=active_form.slug.data, body=active_form.body.data, banner=banner_name, attachments=file_name) commit() return p.id
def post(self, task, database, table, metadata, job, ended_at): """ update record from task. """ if job['type'] != TaskType.POPULATING: abort(406, message='Task type is invalid') s = job['structures'][0] if s['status'] != StructureStatus.CLEAR or s['type'] != StructureType[ table]: abort(400, message='task structure has errors or invalid type') data = marshal(s, RecordStructureFields.resource_fields) structure = data.pop('data') meta = self.__get_record(database, table, metadata) in_db = Loader.get_database(database)[ table == 'REACTION'].find_structure(structure) if in_db: if in_db != meta.structure: abort( 400, message= 'record structure conflict. db already has this structure. use add_record method' ) else: if table == 'MOLECULE': try: meta.structure.new_structure(structure, current_user.get_user()) except AssertionError as e: abort(400, message='task structure has errors: {}'.format(e)) else: meta.structure.update_structure(structure, current_user.get_user()) flush() # update metadata meta.data = data meta.user_id = current_user.id return meta, 201
def Account(): # Display all of the current user's playlists from both public and private on their account page username = current_user.get_user() cur = conn.cursor() cur.execute("SELECT * FROM PublicPlaylist WHERE userid=%s", current_user.get_id()) public=cur.fetchall() cur.execute("SELECT * FROM PrivatePlaylist WHERE userid=%s", current_user.get_id()) private=cur.fetchall() cur.close() return render_template('account.html', title='Account', username=username, public=public, private=private)
def get_tagged_photos(tag_name, user_id=None): db = get_database() if user_id == None: user_id = current_user.get_user().id tag_name = tag_name.strip().lower() return (db.session.query(Photo, PhotoTag, Tag).filter( Tag.tag == tag_name).filter(PhotoTag.tag_id == Tag.id).filter( PhotoTag.photo_id == Photo.id).all())
def get_photo(photo_id, user_id=None): """ Gets an existing photo. Returns None if the photo_id does not belong to user_id. If user_is not provided, defaults to the currently logged in user. """ if user_id == None: user_id = current_user.get_user().id return Photo.query.filter_by(id=photo_id, user_id=user_id).first()
def download(file, name): a = Attachment.get(file=file) if a and a.post.classtype != 'Thesis' or current_user.is_authenticated and \ (current_user.role_is(UserRole.ADMIN) or current_user.role_is(UserRole.SECRETARY) or a.post.author == current_user.get_user()): resp = make_response() resp.headers['X-Accel-Redirect'] = '/file/%s' % file resp.headers['Content-Description'] = 'File Transfer' resp.headers['Content-Transfer-Encoding'] = 'binary' resp.headers['Content-Disposition'] = 'attachment; filename=%s' % name resp.headers['Content-Type'] = 'application/octet-stream' return resp abort(404)
def update(): session.close() email = request.form.get('email') name = request.form.get('name') password = request.form.get('password') about = request.form.get('about') password_hash = generate_password_hash(password) print(password_hash) account = Table('users', metadata, autoload=True) user = current_user.get_user() engine.execute(account.update().where(account.c.userid == user.userid), email=email, fullname=name, password=password_hash, about=about) return redirect(url_for('profile'))
def password(): form = ChangePasswordForm() if form.validate_on_submit(): user = current_user.get_user() if user and check_password_hash(user.password_hash, form.current_password.data): user.password_hash = generate_password_hash(form.new_password.data) db = get_database() db.session.add(user) db.session.commit() flash("You password was updated.") else: flash("Current password wrong.") return render_template("admin/home/password.html", form=form)
def create_photo(name, user_id=None): """ Create a photo without any file data with the given name. The photo is assigned to the currently logged in user if user_id is not specified. """ if user_id == None: user_id = current_user.get_user().id db = get_database() photo = Photo(name=name, user_id=user_id) db.session.add(photo) db.session.flush() return photo
def get_photo_path(photo_id, user_id=None): """ Gets the path (filename) of an existing photo. Returns None if the photo_id does not belong to user_id. If user_is not provided, defaults to the currently logged in user. """ if user_id == None: user_id = current_user.get_user().id photo = Photo.query.filter_by(id=photo_id, user_id=user_id).first() if photo: path = os.path.join(current_app.instance_path, photo.url) return path return None
def change_password(): data = request.get_json() email = data.get('email') current_pass = data.get('current_pass') new_pass = data.get('new_pass') error_message = "" if email != current_user.email: error_message += "<p>User <b>{}</b> does not have permissions to change password for <b>{}</b></p>".format( email, email) user = current_user.get_user(email, current_pass) if user is None: error_message += "<p>Incorrect password</p>" if error_message != "": return make_response({'status': 'error', 'error_message': error_message}, 500) user.change_password(new_pass) return make_response({'status': 'success'}, 200)
def delete(self, profile_id): if profile_id != 'me' and not current_user.is_admin(): return abort(401) if profile_id == 'me': profile = g.Profile.objects.filter(user=current_user.get_user()).first() else: profile = g.Profile.objects.with_id(profile_id) photo_url = profile.photo profile.photo = 'https://secure.gravatar.com/avatar/' + md5(profile.user.email).hexdigest() + '?d=identicon&s=200' profile.save() if 'https://' + current_app.config['AWS_S3_BUCKET'] + '.s3.amazonaws.com/profiles/' in photo_url: bucket = s3conn.get_bucket(current_app.config['AWS_S3_BUCKET']) key = bucket.get_key(g.tenant + '/profiles/' + str(profile.id)) key.delete() return '', 204
def add_post(): banner_name, file_name = combo_save(active_form.banner_field, active_form.attachment) p = Meeting( meeting=active_form.meeting_id.data, deadline=active_form.deadline.data, poster_deadline=active_form.poster_deadline.data, participation_types=active_form.participation_types, thesis_types=active_form.thesis_types, order=active_form.order.data, type=active_form.type, author=current_user.get_user(), title=active_form.title.data, slug=active_form.slug.data, body_name=active_form.body_name.data, body=active_form.body.data, banner=banner_name, attachments=file_name) commit() return p.id
def single_view(photo_id): tagForm = AddTagForm(prefix="tag") folderForm = SetFolderForm(prefix="folder") photo = Photo.query.filter_by(id=photo_id).first() folders = get_folders() folderForm.folder.choices = [(str(f.id), f.name) for f in folders] if photo.user_id != current_user.get_user().id: abort(404) else: if tagForm.add_button.data and tagForm.validate_on_submit(): tag_photo(photo_id, tagForm.tag.data) flash("Added Tag") if folderForm.add_button.data and folderForm.validate_on_submit(): folder = Folder.query.filter_by(id=int(folderForm.folder.data)).first() add_photo_to_folder(photo, folder) flash("Added Folder") return render_template("photo/view_single.html", photo=photo, tagForm=tagForm, folderForm=folderForm, folders=folders)
def post(self, profile_id): if profile_id != 'me' and not current_user.is_admin(): return abort(401) if profile_id == 'me': profile = g.Profile.objects.filter(user=current_user.get_user()).first() else: profile = g.Profile.objects.with_id(profile_id) parser = reqparse.RequestParser() parser.add_argument('photo', type=werkzeug.datastructures.FileStorage, location='files') args = parser.parse_args() bucket = s3conn.get_bucket(current_app.config['AWS_S3_BUCKET']) key = Key(bucket) key.key = g.tenant + '/profiles/' + str(profile.id) key.content_type = args['photo'].mimetype key.set_contents_from_file(args['photo'].stream) key.make_public() profile.photo = 'https://' + current_app.config['AWS_S3_BUCKET'] + '.s3.amazonaws.com/ ' + g.tenant + '/profiles/' + str(profile.id) profile.save() return profile
def dispatch_request(self, page=1): q = select(x.meeting for x in Subscription if x.user == current_user.get_user()).order_by( Meeting.id.desc()) return blog_viewer(page, q, '.events', 'Events', 'Participation')
def profile(): user = current_user.get_user() return render_template("profile.html", current_user=user)
def dispatch_request(self, page=1): q = select(x for x in Thesis if x.author == current_user.get_user()).order_by( Thesis.id.desc()) return blog_viewer(page, q, '.theses', 'Events', 'Abstracts')
def dispatch_request(self, post): admin = current_user.is_authenticated and current_user.role_is( UserRole.ADMIN) edit_post = None remove_post_form = None special_form = None special_field = None children = [] title = None info = None p = Post.get(id=post) if not p: return redirect(url_for('.blog')) opened_by_author = current_user.is_authenticated and p.author.id == current_user.id downloadable = admin or p.classtype != 'Thesis' or opened_by_author deletable = admin or p.classtype == 'Thesis' and opened_by_author and p.meeting.deadline > datetime.utcnow( ) """ admin page """ if admin: remove_post_form = DeleteButtonForm(prefix='delete') if p.classtype == 'BlogPost': edit_post = PostForm(obj=p) elif p.classtype == 'Meeting': edit_post = MeetingForm(obj=p) elif p.classtype == 'Thesis': edit_post = ThesisForm(obj=p) elif p.classtype == 'Email': edit_post = EmailForm(obj=p) elif p.classtype == 'TeamPost': edit_post = TeamForm(obj=p) else: # BAD POST return redirect(url_for('.blog')) if remove_post_form.validate_on_submit(): p.delete() return remove_post_form.redirect('.blog') elif edit_post.validate_on_submit(): p.body = edit_post.body.data p.title = edit_post.title.data p.date = datetime.utcnow() if hasattr(edit_post, 'slug') and edit_post.slug.data: p.slug = edit_post.slug.data if edit_post.banner_field.data: p.banner = save_upload(edit_post.banner_field.data, images=True) if edit_post.attachment.data: p.add_attachment(*save_upload(edit_post.attachment.data)) if hasattr(p, 'update_type'): try: p.update_type(edit_post.type) if p.classtype == 'Thesis': sub = Subscription.get(user=p.author, meeting=p.meeting) sub.update_type(edit_post.type.participation_type) except Exception as e: edit_post.post_type.errors = [str(e)] if hasattr(p, 'update_meeting') and p.can_update_meeting( ) and edit_post.meeting_id.data: p.update_meeting(edit_post.meeting_id.data) if hasattr(p, 'update_order') and edit_post.order.data: p.update_order(edit_post.order.data) if hasattr(p, 'update_role'): p.update_role(edit_post.role.data) if hasattr(p, 'update_scopus'): p.update_scopus(edit_post.scopus.data) if hasattr(p, 'update_from_name'): p.update_from_name(edit_post.from_name.data) if hasattr(p, 'update_reply_name'): p.update_reply_name(edit_post.reply_name.data) if hasattr(p, 'update_reply_mail'): p.update_reply_mail(edit_post.reply_mail.data) if hasattr(p, 'update_body_name'): p.update_body_name(edit_post.body_name.data) if hasattr(p, 'update_deadline') and edit_post.deadline.data: p.update_deadline(edit_post.deadline.data) if hasattr(p, 'update_poster_deadline' ) and edit_post.poster_deadline.data: p.update_poster_deadline(edit_post.poster_deadline.data) if hasattr(p, 'update_participation_types' ) and edit_post.participation_types: p.update_participation_types(edit_post.participation_types) if hasattr(p, 'update_thesis_types') and edit_post.thesis_types: p.update_thesis_types(edit_post.thesis_types) """ Meetings sidebar and title """ if p.classtype == 'Meeting': title = p.meeting.title children.append( dict(title='Event main page', url=url_for('.blog_post', post=p.meeting_id))) children.extend( dict(title=x.title, url=url_for('.blog_post', post=x.id)) for x in p.meeting.children.filter( lambda x: x.classtype == 'Meeting').order_by( lambda x: x.special['order'])) children.append( dict(title='Participants', url=url_for('.participants', event=p.meeting_id))) children.append( dict(title='Abstracts', url=url_for('.abstracts', event=p.meeting_id))) if p.type != MeetingPostType.MEETING: crumb = dict(url=url_for('.blog_post', post=p.meeting_id), title=p.title, parent='Event main page') if current_user.is_authenticated and p.type == MeetingPostType.REGISTRATION \ and p.deadline > datetime.utcnow(): sub = Subscription.get(user=current_user.get_user(), meeting=p.meeting) special_form = MeetForm( prefix='special', obj=sub, types=p.meeting.participation_types) if special_form.validate_on_submit(): thesis = Thesis.get(post_parent=p.meeting, author=current_user.get_user()) if sub: if special_form.type == MeetingPartType.LISTENER and thesis: special_form.part_type.errors = [ 'Listener participation type unavailable. ' 'You sent thesis earlier.' ] flash('Participation type change error', 'error') else: sub.update_type(special_form.type) thesis_type = ThesisPostType.thesis_types( special_form.type)[-1] if thesis and thesis.type != thesis_type: thesis.update_type(thesis_type) flash('Thesis type changed! Check it.') flash('Participation type changed!') else: Subscription(current_user.get_user(), p.meeting, special_form.type) flash('Welcome to meeting!') m = Email.get( post_parent=p.meeting, post_type=EmailPostType.MEETING_THESIS.value) send_mail((m and m.body or '%s\n\nYou registered to meeting') % current_user.full_name, current_user.email, to_name=current_user.full_name, title=m and m.title, subject=m and m.title or 'Welcome to meeting', banner=m and m.banner, from_name=m and m.from_name, reply_mail=m and m.reply_mail, reply_name=m and m.reply_name) elif current_user.is_authenticated and p.type == MeetingPostType.SUBMISSION \ and p.poster_deadline > datetime.utcnow(): sub = Subscription.get(user=current_user.get_user(), meeting=p.meeting) if sub and sub.type != MeetingPartType.LISTENER and \ not Thesis.exists(post_parent=p.meeting, author=current_user.get_user()): thesis_types = p.meeting.thesis_types special_form = ThesisForm( prefix='special', body_name=p.body_name, types=[ x for x in ThesisPostType.thesis_types(sub.type) if x in thesis_types ]) if special_form.validate_on_submit(): banner_name, file_name = combo_save( special_form.banner_field, special_form.attachment) t = Thesis(p.meeting_id, type=special_form.type, title=special_form.title.data, body=special_form.body.data, banner=banner_name, attachments=file_name, author=current_user.get_user()) commit() return redirect(url_for('.blog_post', post=t.id)) else: crumb = dict(url=url_for('.blog'), title='Post', parent='News') elif p.classtype == 'Thesis': if current_user.is_authenticated and opened_by_author and p.meeting.poster_deadline > datetime.utcnow( ): sub = Subscription.get(user=current_user.get_user(), meeting=p.meeting) thesis_types = p.meeting.thesis_types special_form = ThesisForm( prefix='special', obj=p, body_name=p.body_name, types=[ x for x in ThesisPostType.thesis_types(sub.type) if x in thesis_types ]) if special_form.validate_on_submit(): p.title = special_form.title.data p.body = special_form.body.data p.update_type(special_form.type) if special_form.banner_field.data: p.banner = save_upload(special_form.banner_field.data, images=True) if special_form.attachment.data: p.add_attachment( *save_upload(special_form.attachment.data)) crumb = dict(url=url_for('.abstracts', event=p.meeting_id), title='Abstract', parent='Event participants') special_field = '**Presentation Type**: *%s*' % p.type.fancy elif p.classtype == 'TeamPost': crumb = dict(url=url_for('.students'), title='Student', parent='Laboratory') \ if p.type == TeamPostType.STUDENT else dict(url=url_for('.about'), title='Member', parent='Laboratory') if p.scopus: special_field = get_articles(p.scopus) elif p.type == BlogPostType.ABOUT: crumb = dict(url=url_for('.about'), title='Description', parent='Laboratory') else: crumb = dict(url=url_for('.blog'), title='Post', parent='News') """ collect sidebar news """ info = select(x for x in Post if x.id != post and x.post_type in ( BlogPostType.IMPORTANT.value, MeetingPostType.MEETING.value)).order_by( Post.date.desc()).limit(3) return render_template("post.html", title=title or p.title, post=p, info=info, downloadable=downloadable, children=children, deletable=deletable, edit_form=edit_post, remove_form=remove_post_form, crumb=crumb, special_form=special_form, special_field=special_field)
def dispatch_request(self, action=4): form = FormRoute.get(action) if not form or not form.is_profile(): return redirect(url_for('.profile')) tabs = [ dict(title='Edit Profile', glyph='pencil', active=False, url=url_for('.profile', action=FormRoute.EDIT_PROFILE.value)), dict(title='Log out on all devices', glyph='remove', active=False, url=url_for('.profile', action=FormRoute.LOGOUT_ALL.value)), dict(title='Change Password', glyph='qrcode', active=False, url=url_for('.profile', action=FormRoute.CHANGE_PASSWORD.value)) ] admin = current_user.role_is(UserRole.ADMIN) if admin: tabs.extend([ dict(title='New Blog Post', glyph='font', active=False, url=url_for('.profile', action=FormRoute.NEW_BLOG_POST.value)), dict(title='New Meeting Page', glyph='resize-small', active=False, url=url_for('.profile', action=FormRoute.NEW_MEETING_PAGE.value)), dict(title='New Email Template', glyph='envelope', active=False, url=url_for('.profile', action=FormRoute.NEW_EMAIL_TEMPLATE.value)), dict(title='New Team Member', glyph='knight', active=False, url=url_for('.profile', action=FormRoute.NEW_MEMBER_PAGE.value)), dict(title='Ban User', glyph='remove-circle', active=False, url=url_for('.profile', action=FormRoute.BAN_USER.value)), dict(title='Change Role', glyph='arrow-up', active=False, url=url_for('.profile', action=FormRoute.CHANGE_USER_ROLE.value)) ]) if form == FormRoute.EDIT_PROFILE: message = 'Edit Profile' tabs[0]['active'] = True active_form = ProfileForm(obj=current_user.get_user()) if active_form.validate_on_submit(): u = User.get(id=current_user.id) u.name = active_form.name.data u.surname = active_form.surname.data u.country = active_form.country.data u.degree = active_form.degree.data u.status = active_form.status.data if active_form.banner_field.data: u.banner = save_upload(active_form.banner_field.data, images=True) if active_form.affiliation.data: u.affiliation = active_form.affiliation.data elif u.affiliation: u.affiliation = '' if active_form.position.data: u.position = active_form.position.data elif u.position: u.position = '' if active_form.town.data: u.town = active_form.town.data elif u.town: u.town = '' flash('Profile updated') elif form == FormRoute.LOGOUT_ALL: message = 'Log out on all devices' tabs[1]['active'] = True active_form = ReLoginForm() if active_form.validate_on_submit(): u = User.get(id=current_user.id) u.change_token() logout_user() flash('Successfully logged out from all devices') return redirect(url_for('.login')) elif form == FormRoute.CHANGE_PASSWORD: message = 'Change Password' tabs[2]['active'] = True active_form = ChangePasswordForm() if active_form.validate_on_submit(): u = User.get(id=current_user.id) u.change_password(active_form.password.data) logout_user() flash('Successfully changed password') return redirect(url_for('.login')) elif admin and form == FormRoute.NEW_BLOG_POST: message = 'New Blog Post' tabs[3]['active'] = True active_form = PostForm() if active_form.validate_on_submit(): banner_name, file_name = combo_save(active_form.banner_field, active_form.attachment) p = BlogPost(type=active_form.type, title=active_form.title.data, slug=active_form.slug.data, body=active_form.body.data, banner=banner_name, attachments=file_name, author=current_user.get_user()) commit() return redirect(url_for('.blog_post', post=p.id)) elif admin and form == FormRoute.NEW_MEETING_PAGE: message = 'New Meeting Page' tabs[4]['active'] = True active_form = MeetingForm() def add_post(): banner_name, file_name = combo_save(active_form.banner_field, active_form.attachment) p = Meeting( meeting=active_form.meeting_id.data, deadline=active_form.deadline.data, poster_deadline=active_form.poster_deadline.data, participation_types=active_form.participation_types, thesis_types=active_form.thesis_types, order=active_form.order.data, type=active_form.type, author=current_user.get_user(), title=active_form.title.data, slug=active_form.slug.data, body_name=active_form.body_name.data, body=active_form.body.data, banner=banner_name, attachments=file_name) commit() return p.id if active_form.validate_on_submit(): if active_form.type != MeetingPostType.MEETING: if active_form.meeting_id.data and Meeting.exists( id=active_form.meeting_id.data, post_type=MeetingPostType.MEETING.value): return redirect(url_for('.blog_post', post=add_post())) active_form.meeting_id.errors = ['Bad parent'] else: if active_form.deadline.data and active_form.poster_deadline.data: return redirect(url_for('.blog_post', post=add_post())) active_form.deadline.errors = ["Need deadline"] active_form.poster_deadline.errors = ["Need deadline"] elif admin and form == FormRoute.NEW_EMAIL_TEMPLATE: message = 'New Email Template' tabs[5]['active'] = True active_form = EmailForm() def add_post(): banner_name, file_name = combo_save(active_form.banner_field, active_form.attachment) p = Email(from_name=active_form.from_name.data, reply_name=active_form.reply_name.data, reply_mail=active_form.reply_mail.data, meeting=active_form.meeting_id.data, type=active_form.type, author=current_user.get_user(), title=active_form.title.data, slug=active_form.slug.data, body=active_form.body.data, banner=banner_name, attachments=file_name) commit() return p.id if active_form.validate_on_submit(): if active_form.type.is_meeting: if active_form.meeting_id.data and Meeting.exists( id=active_form.meeting_id.data, post_type=MeetingPostType.MEETING.value): return redirect(url_for('.blog_post', post=add_post())) active_form.meeting_id.errors = ['Bad parent'] else: return redirect(url_for('.blog_post', post=add_post())) elif admin and form == FormRoute.NEW_MEMBER_PAGE: message = 'New Member' tabs[6]['active'] = True active_form = TeamForm() if active_form.validate_on_submit(): banner_name, file_name = combo_save(active_form.banner_field, active_form.attachment) p = TeamPost(type=active_form.type, title=active_form.title.data, slug=active_form.slug.data, body=active_form.body.data, banner=banner_name, attachments=file_name, author=current_user.get_user(), role=active_form.role.data, scopus=active_form.scopus.data, order=active_form.order.data) commit() return redirect(url_for('.blog_post', post=p.id)) elif admin and form == FormRoute.BAN_USER: message = 'Ban User' tabs[7]['active'] = True active_form = BanUserForm() if active_form.validate_on_submit(): u = User.get(email=active_form.email.data.lower()) u.active = False flash('Successfully banned %s %s (%s)' % (u.name, u.surname, u.email)) elif admin and form == FormRoute.CHANGE_USER_ROLE: message = 'Change Role' tabs[8]['active'] = True active_form = ChangeRoleForm() if active_form.validate_on_submit(): u = User.get(email=active_form.email.data.lower()) u.user_role = active_form.type.value flash('Successfully changed %s %s (%s) role' % (u.name, u.surname, u.email)) else: # admin or GTFO return redirect(url_for('.profile')) return render_template("forms.html", subtitle='Profile', title=current_user.full_name, tabs=tabs, form=active_form, message=message)
def enroll(token): token = jwt.decode(token, app.config['SECRET_KEY']) user = current_user.get_user() user.update(add_to_set__permissions=token['permission']) return redirect(url_for('editor'))
def meeting_page(post): special_form = None if post.type != MeetingPostType.MEETING: if current_user.is_authenticated and post.type == MeetingPostType.REGISTRATION \ and post.deadline > datetime.utcnow(): sub = Subscription.get(user=current_user.get_user(), meeting=post.meeting) special_form = MeetForm(prefix='special', obj=sub, types=post.meeting.participation_types) if special_form.validate_on_submit(): theses = list(Thesis.select(lambda x: x._parent == post.meeting and x.author == current_user.get_user())) if sub: if special_form.type == MeetingPartType.LISTENER and theses: special_form.part_type.errors = ['Listener participation type unavailable. ' 'You sent thesis earlier.'] flash('Participation type change error', 'error') else: sub.update_type(special_form.type) thesis_types = post.meeting.thesis_types thesis_type = next(x for x in ThesisPostType.thesis_types(sub.type)[::-1] if x in thesis_types) for thesis in theses: if thesis.type != thesis_type: thesis.update_type(thesis_type) flash('Thesis type changed! Check it.') flash('Participation type changed!') else: Subscription(current_user.get_user(), post.meeting, special_form.type) flash('Welcome to meeting!') m = Email.get(_parent=post.meeting, _type=EmailPostType.MEETING_THESIS.value) attach_files, attach_names = attach_mixin(m) send_mail((m and m.body or '%s\n\nYou registered to meeting') % current_user.full_name, current_user.email, to_name=current_user.full_name, title=m and m.title, subject=m and m.title or 'Welcome to meeting', banner=m and m.banner, from_name=m and m.from_name, reply_mail=m and m.reply_mail, reply_name=m and m.reply_name, attach_files=attach_files, attach_names=attach_names) rid = select(x.id for x in Post if x._parent == post.meeting and x._type == MeetingPostType.SUBMISSION.value).first() return redirect(url_for('.blog_post', post=rid)) elif current_user.is_authenticated and post.type == MeetingPostType.SUBMISSION \ and post.thesis_deadline > datetime.utcnow(): sub = Subscription.get(user=current_user.get_user(), meeting=post.meeting) if sub and sub.type != MeetingPartType.LISTENER: thesis_count = Thesis.select(lambda x: x._parent == post.meeting and x.author == current_user.get_user()).count() if thesis_count < post.meeting.thesis_count: thesis_types = post.meeting.thesis_types special_form = ThesisForm(prefix='special', body_name=post.body_name, types=[x for x in ThesisPostType.thesis_types(sub.type, dante=thesis_count > 0) if x in thesis_types]) if special_form.validate_on_submit(): banner_name, file_name = combo_save(special_form.banner_field, special_form.attachment) t = Thesis(post.meeting_id, type=special_form.type, title=special_form.title.data, body=special_form.body.data, banner=banner_name, attachments=file_name, author=current_user.get_user()) flush() return redirect(url_for('.blog_post', post=t.id)) crumb = dict(url=url_for('.blog_post', post=post.meeting_id), title=post.title, parent='Event main page') else: crumb = dict(url=url_for('.blog'), title='Post', parent='News') children = [dict(title='Event main page', url=url_for('.blog_post', post=post.meeting_id))] children.extend(dict(title=x.title, url=url_for('.blog_post', post=x.id)) for x in post.meeting.children. filter(lambda x: x.classtype == 'Meeting').order_by(lambda x: x.special['order'])) children.append(dict(title='Participants', url=url_for('.participants', event=post.meeting_id))) children.append(dict(title='Abstracts', url=url_for('.abstracts', event=post.meeting_id))) return crumb, post.meeting.title, children, special_form
def confirm_delete(photo_id): photo = Photo.query.filter_by(id=photo_id).first() if photo.user_id != current_user.get_user().id: return abort(404) else: return render_template("photo/confirm_delete.html", photo=photo)