def edit(id):
item = MediaItem.query.filter_by(id=id).first_or_404()
form = MediaItemEditForm()
form.category.choices = gen_media_category_choices()
# TODO: write custom decorator for this?
if not current_user.has_admin_role() and current_user.has_media_role(
) and item.is_visible == False and item.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.is_media_admin(
) and item.is_visible == False and not item.created_by == current_user:
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.is_media_admin():
del form.is_visible
form.file.label.text = "Replace with file"
if form.validate_on_submit():
item.name = form.name.data
item.category_id = form.category.data
if current_user.is_event_admin():
item.is_visible = form.is_visible.data
if form.file.data:
remove(path.join(app.config["MEDIA_DIR"], item.filename))
filepath = path.join(app.config["MEDIA_DIR"], item.filename)
form.file.data.save(filepath)
item.filesize = stat(filepath).st_size
db.session.commit()
flash("File was edited.", "success")
return redirect(url_for("media.view", id=id))
elif request.method == "GET":
form.name.data = item.name
form.category.data = item.category_id
if current_user.is_media_admin():
form.is_visible.data = item.is_visible
return render_template("media/edit.html",
form=form,
title=page_title("Edit File '%s'" % item.name))
def get_media(filter_category=None):
if current_user.has_admin_role():
media = MediaItem.query
elif current_user.has_media_role():
admins = User.query.filter(User.roles.contains(Role.query.get(1)))
admin_ids = [a.id for a in admins]
media = MediaItem.query.filter(not_(and_(MediaItem.is_visible == False, MediaItem.created_by_id.in_(admin_ids))))
else:
media = MediaItem.query.filter(or_(MediaItem.is_visible == True, MediaItem.created_by_id == current_user.id))
if filter_category:
media = media.filter_by(category_id = filter_category)
media = media.order_by(MediaItem.id.asc()).all()
return media
def view(id):
item = MediaItem.query.filter_by(id=id).first_or_404()
# TODO: write custom decorator for this?
if not current_user.is_event_admin(
) and item.is_visible == False and not item.created_by == current_user:
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.has_admin_role() and current_user.has_media_role(
) and item.is_visible == False and item.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
return render_template("media/view.html",
item=item,
title=page_title("View File"))
def delete(id):
item = MediaItem.query.filter_by(id=id).first_or_404()
if not current_user.is_event_admin(
) and item.is_visible == False and not item.created_by == current_user:
flash_no_permission()
return redirect(url_for(no_perm_url))
if not current_user.has_admin_role() and current_user.has_media_role(
) and item.is_visible == False and item.created_by.has_admin_role():
flash_no_permission()
return redirect(url_for(no_perm_url))
remove(path.join(app.config["MEDIA_DIR"], item.filename))
db.session.delete(item)
db.session.commit()
flash("Media item was deleted.", "success")
return redirect(url_for('media.index'))
def sidebar(c_id):
if current_user.has_admin_role():
entries = MediaItem.query
elif current_user.has_media_role():
admins = User.query.filter(User.roles.contains(Role.query.get(1)))
admin_ids = [a.id for a in admins]
entries = MediaItem.query.filter(
not_(
and_(MediaItem.is_visible == False,
MediaItem.created_by_id.in_(admin_ids))))
else:
entries = MediaItem.query.filter(
or_(MediaItem.is_visible == True,
MediaItem.created_by_id == current_user.id))
entries = entries.filter_by(category_id=c_id).order_by(
MediaItem.name.asc()).all()
d = {}
for m in entries:
d[m.id] = m.to_dict()
return jsonify(d)