def edit(id): item = MediaItem.query.filter_by(id=id).first_or_404() form = MediaItemEditForm() form.category.choices = gen_media_category_choices() # TODO: write custom decorator for this? if not current_user.has_admin_role() and current_user.has_media_role( ) and item.is_visible == False and item.created_by.has_admin_role(): flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.is_media_admin( ) and item.is_visible == False and not item.created_by == current_user: flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.is_media_admin(): del form.is_visible form.file.label.text = "Replace with file" if form.validate_on_submit(): item.name = form.name.data item.category_id = form.category.data if current_user.is_event_admin(): item.is_visible = form.is_visible.data if form.file.data: remove(path.join(app.config["MEDIA_DIR"], item.filename)) filepath = path.join(app.config["MEDIA_DIR"], item.filename) form.file.data.save(filepath) item.filesize = stat(filepath).st_size db.session.commit() flash("File was edited.", "success") return redirect(url_for("media.view", id=id)) elif request.method == "GET": form.name.data = item.name form.category.data = item.category_id if current_user.is_media_admin(): form.is_visible.data = item.is_visible return render_template("media/edit.html", form=form, title=page_title("Edit File '%s'" % item.name))
def get_media(filter_category=None): if current_user.has_admin_role(): media = MediaItem.query elif current_user.has_media_role(): admins = User.query.filter(User.roles.contains(Role.query.get(1))) admin_ids = [a.id for a in admins] media = MediaItem.query.filter(not_(and_(MediaItem.is_visible == False, MediaItem.created_by_id.in_(admin_ids)))) else: media = MediaItem.query.filter(or_(MediaItem.is_visible == True, MediaItem.created_by_id == current_user.id)) if filter_category: media = media.filter_by(category_id = filter_category) media = media.order_by(MediaItem.id.asc()).all() return media
def view(id): item = MediaItem.query.filter_by(id=id).first_or_404() # TODO: write custom decorator for this? if not current_user.is_event_admin( ) and item.is_visible == False and not item.created_by == current_user: flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.has_admin_role() and current_user.has_media_role( ) and item.is_visible == False and item.created_by.has_admin_role(): flash_no_permission() return redirect(url_for(no_perm_url)) return render_template("media/view.html", item=item, title=page_title("View File"))
def delete(id): item = MediaItem.query.filter_by(id=id).first_or_404() if not current_user.is_event_admin( ) and item.is_visible == False and not item.created_by == current_user: flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.has_admin_role() and current_user.has_media_role( ) and item.is_visible == False and item.created_by.has_admin_role(): flash_no_permission() return redirect(url_for(no_perm_url)) remove(path.join(app.config["MEDIA_DIR"], item.filename)) db.session.delete(item) db.session.commit() flash("Media item was deleted.", "success") return redirect(url_for('media.index'))
def sidebar(c_id): if current_user.has_admin_role(): entries = MediaItem.query elif current_user.has_media_role(): admins = User.query.filter(User.roles.contains(Role.query.get(1))) admin_ids = [a.id for a in admins] entries = MediaItem.query.filter( not_( and_(MediaItem.is_visible == False, MediaItem.created_by_id.in_(admin_ids)))) else: entries = MediaItem.query.filter( or_(MediaItem.is_visible == True, MediaItem.created_by_id == current_user.id)) entries = entries.filter_by(category_id=c_id).order_by( MediaItem.name.asc()).all() d = {} for m in entries: d[m.id] = m.to_dict() return jsonify(d)