def validate_event_leaders(activities, leaders, multi_activity_mode): """Check whether all activities have a valid leader, display error if not. :param bool multi_activity_mode: If `False`, check that all `leaders` can lead the (single) activitie in `activities`. If `True`, check that each activity in `activities` can be lead by one of the `leaders`. :param activities: List of activities to check. :type activities: list(:py:class:`collectives.models.activitytype.ActivityType`) :param activities: List of leaders. :type activities: list(:py:class:`collectives.models.user.User`) :return: whether all tests succeeded :rtype: bool """ if current_user.is_moderator(): return True if multi_activity_mode: if not any(leaders): flash("Au moins un encadrant doit être défini") return False if current_user.is_moderator(): return True problems = activities_without_leader(activities, leaders) if len(problems) == 0: return True if len(problems) == 1: flash( f"Aucun encadrant valide n'a été défini pour l'activité {problems[0].name}" ) else: names = [a.name for a in problems] flash( f"Aucun encadrant valide n'a été défini pour les activités {', '.join(names)}" ) return False # Single activity mode # Checks whether all leaders can lead this activity if len(activities) != 1: flash("Une seule activité doit être définie", "error") problems = leaders_without_activities(activities, leaders) if len(problems) == 0: return True if len(problems) == 1: flash( f"{problems[0].full_name()} ne peut pas encadrer l'activité {activities[0].name}" ) else: names = [u.full_name() for u in problems] flash( f"{', '.join(names)} ne peuvent pas encadrer l'activité {activities[0].name}" ) return False
def validate_event_leaders(activities, leaders, multi_activity_mode): """ Check whether all activities have a valid leader, display error if not the case :param multi_activity_mode: If `False`, check that all `leaders` can lead the (single) activitie in `activities`. If `True`, check that each activity in `activities` can be lead by one of the `leaders` :return: whether all tests succeeded :rtype: bool """ if len(activities) == 0: flash("Aucune activité définie", "error") return False if current_user.is_moderator(): return True if multi_activity_mode: if not any(leaders): flash("Au moins un encadrant doit être défini") return False if current_user.is_moderator(): return True problems = activities_without_leader(activities, leaders) if len(problems) == 0: return True if len(problems) == 1: flash("Aucun encadrant valide n'a été défini pour l'activité {}". format(problems[0].name)) else: names = [a.name for a in problems] flash( "Aucun encadrant valide n'a été défini pour les activités {}". format(", ".join(names))) return False # Single activity mode # Checks whether all leaders can lead this activity if len(activities) != 1: flash("Une seule activité doit être définie", "error") problems = leaders_without_activities(activities, leaders) if len(problems) == 0: return True if len(problems) == 1: flash("{} ne peut pas encadrer l'activité {}".format( problems[0].full_name(), activities[0].name)) else: names = [u.full_name() for u in problems] flash("{} ne peuvent pas encadrer l'activité {}".format( ", ".join(names), activities[0].name)) return False
def available_activities(activities, leaders, union): """Creates a list of activities theses leaders can lead. This list can be used in a select form input. It will contain activities leaders of this event can lead, plus activities given in parameters (usually, in case of event modification, it is the event activity). In any case, if the current user has a moderator role (admin or moderator), it will return all activities. :param activities: list of activities that will always appears in the list :type activities: list[:py:class:`collectives.models.activitytype.ActivityType`] :param leaders: list of leader used to build activity list. :type leaders: list[:py:class:`collectives.models.user.User`] :param union: If true, return the union all activities that can be led, otherwise returns the intersection :type union: bool :return: List of authorized activities :rtype: list[:py:class:`collectives.models.activitytype.ActivityType`] """ if current_user.is_moderator(): choices = ActivityType.query.all() else: # Gather unique activities choices = None for leader in leaders: if choices is None: choices = leader.led_activities() elif union: choices |= leader.led_activities() else: choices &= leader.led_activities() # Always include existing activities choices = list(choices | set(activities) if choices else activities) choices.sort(key=attrgetter("order", "name", "id")) return choices
def available_leaders(leaders, activity_ids): """Creates a list of leaders that can be added to an event. Available leaders are users that have 'event creator' roles (EventLeader, ActivitySupervisor, etc), are not in the list of current leaders, and, if `activity_ids` is not empty, can lead any of the corresponding activities. :param leaders: list of current leaders :type leaders: list[:py:class:`collectives.models.user.User`] :return: List of available leaders :rtype: list[:py:class:`collectives.models.user.User`] """ existing_leaders = set(leaders) query = db.session.query(User) query = query.filter(Role.user_id == User.id) if current_user.is_moderator(): query = query.filter(Role.role_id.in_(RoleIds.all_event_creator_roles())) else: query = query.filter(Role.role_id.in_(RoleIds.all_activity_leader_roles())) if len(activity_ids) > 0: query = query.filter(Role.activity_id.in_(activity_ids)) query = query.order_by(User.first_name, User.last_name) choices = query.all() return [u for u in choices if u not in existing_leaders]
def available_activities(activities, leaders): """Creates a list of activities theses leaders can lead. This list can be used in a select form input. It will contain activities any leader of this event can lead, plus activities given in parameters (usually, in case of event modification, it is the event activity). Anyway, if current user is a high level (admin or moderator), it will return all activities. :param activities: list of activities that will always appears in the list :type activities: list[:py:class:`collectives.models.activitytype.ActivityType`] :param leader: list of leader used to build activity list. :type leader: list[:py:class:`collectives.models.user.User`] :return: List of authorized activities :rtype: list[:py:class:`collectives.models.activitytype.ActivityType`] """ if current_user.is_moderator(): choices = ActivityType.query.all() else: # Gather unique activities choices = set(activities) for leader in leaders: choices.update(leader.led_activities()) choices = list(choices) choices.sort(key=attrgetter("order", "name", "id")) return choices
def available_event_types(source_event_type, leaders): """Returns all available event types given the current leaders. This means: - All existing event types if the current user is a moderator - All existing event types if any of the current leaders can lead at least one activity - All event types that do not require an activity in other cases, plus the source event type if provided :param source_event_type: Event type to unconditionally include :type source_event_type: :py:class:`collectives.models.eventtype.EventType` :param leaders: List of leaders currently added to the event :type leaders: list[:py:class:`collectives.models.user.User`] :return: Available event types :rtype: list[:py:class:`collectives.models.eventtype.EventType`] """ query = EventType.query if not current_user.is_moderator(): if not any(l.can_lead_at_least_one_activity() for l in leaders): query_filter = EventType.requires_activity == False if source_event_type: query_filter = sqlalchemy.or_( query_filter, EventType.id == source_event_type.id) query = query.filter(query_filter) return query.all()
def day_edit(id, name=None): cset = CalendarSetting.query.get(1) if cset.finalized is False: if current_user.is_moderator(): return deny_access( no_perm_url, "A Moderator can only edit the Calendar after it has been finalized." ) heading = "Edit Day" form = DayForm() form.submit.label.text = "Save Day" day = Day.query.filter_by(id=id).first_or_404() if form.validate_on_submit(): day.name = form.name.data day.abbreviation = form.abbreviation.data day.description = form.description.data db.session.commit() flash("Day edited.", "success") return redirect(url_for("calendar.settings")) elif request.method == "GET": form.name.data = day.name form.abbreviation.data = day.abbreviation form.description.data = day.description return render_template("calendar/form.html", item=day, form=form, heading=heading, title=page_title("Edit Day '{day.name}'"))
def delete_post(post_id): post = Post.query.get_or_404(post_id) if not (current_user.is_authenticated and (current_user.is_admin() or current_user.is_moderator())): abort(403) db.session.delete(post) db.session.commit() flash('Your post has been deleted!', 'success') return redirect(url_for('home'))
def activity_choices(activities, leaders): if current_user.is_moderator(): choices = ActivityType.query.all() else: choices = set(activities) choices.update(current_user.led_activities()) for leader in leaders: choices.update(leader.led_activities()) return [(a.id, a.name) for a in choices]
def reserve_data(): rows = [] # 协管员和管理员可以获取所有预约信息 if current_user.is_moderator() or current_user.is_administrator(): reserveInfos = ReserveInfo.query.all() # 获取该用户的预约信息 elif current_user.is_user(): reserveInfos = ReserveInfo.query.filter_by(user_id=current_user.id).all() for reserveInfo in reserveInfos: rows.append(reserveInfo.getDictObj()) result = json.dumps(rows) return result
def create_topic(topic_group_id): t_group = TopicGroup.query.get_or_404(topic_group_id) if t_group.protected and not current_user.is_moderator(): abort(403) with_poll = True form = TopicForm() form.remove_edit_fields() if form.submit.data and form.validate_on_submit(): new_topic = Topic(title=form.title.data, body=form.body.data, group=t_group, author=current_user._get_current_object()) if with_poll: new_topic.poll = form.poll_question db.session.add(new_topic) db.session.commit() if with_poll: poll_answers = form.poll_answers.strip().splitlines() new_topic.update_poll_answers(poll_answers) flash(lazy_gettext('The pitch has been created.')) return redirect(url_for('main.topic', topic_id=new_topic.id)) elif not with_poll and form.add_poll.data: if form.title.data or form.body.data: if form.validate_on_submit(): new_topic = Topic(title=form.title.data, body=form.body.data, group=t_group, author=current_user._get_current_object()) db.session.add(new_topic) db.session.commit() flash( lazy_gettext( 'The pitch has been saved. Fill data for a poll.')) return redirect( url_for('main.edit_topic', topic_id=new_topic.id, poll=1)) else: return redirect( url_for('main.create_topic', topic_group_id=topic_group_id, poll=1)) elif form.cancel.data: flash(lazy_gettext('Pitch creation was cancelled.')) return redirect( url_for('main.topic_group', topic_group_id=topic_group_id)) return render_template('create_topic.html', form=form, topic_group=t_group)
def autocomplete_available_leaders(): """API endpoint to list available leaders for autocomplete. In contrast with the previous function this also includes leaders that have never led any event. At least 2 characters are required to make a name search. :param string q: Search string. :param int l: Maximum number of returned items. :param list[int] aid: List of activity ids to include. Empty means include leaders of any activity :param list[int] eid: List of leader ids to exclude :return: A tuple: - JSON containing information describe in AutocompleteUserSchema - HTTP return code : 200 - additional header (content as JSON) :rtype: (string, int, dict) """ q = request.args.get("q") if q is None or (len(q) < 2): found_users = [] else: limit = request.args.get("l", type=int) or 8 activity_ids = request.args.getlist("aid", type=int) existing_ids = request.args.getlist("eid", type=int) query = db.session.query(User) query = query.filter(Role.user_id == User.id) if current_user.is_moderator(): query = query.filter( Role.role_id.in_(RoleIds.all_event_creator_roles())) else: query = query.filter( Role.role_id.in_(RoleIds.all_event_creator_roles())) if len(activity_ids) > 0: query = query.filter(Role.activity_id.in_(activity_ids)) query = query.filter(~User.id.in_(existing_ids)) condition = func.lower(User.first_name + " " + User.last_name).ilike(f"%{q}%") query = query.filter(condition) query = query.order_by(User.first_name, User.last_name, User.id) found_users = query.limit(limit) content = json.dumps(AutocompleteUserSchema(many=True).dump(found_users)) return content, 200, {"content-type": "application/json"}
def epoch_edit(id, name=None): heading = "Edit Epoch" form = EpochForm() form.submit.label.text = "Save Epoch" cset = CalendarSetting.query.get(1) if cset.finalized is True: del form.years del form.circa else: if current_user.is_moderator(): return deny_access( no_perm_url, "A Moderator can only edit the Calendar after it has been finalized." ) epoch = Epoch.query.filter_by(id=id).first_or_404() if form.validate_on_submit(): epoch.name = form.name.data epoch.abbreviation = form.abbreviation.data epoch.description = form.description.data if cset.finalized is False: epoch.years = form.years.data epoch.circa = form.circa.data db.session.commit() flash("Epoch edited.", "success") return redirect(url_for("calendar.settings")) elif request.method == "GET": form.name.data = epoch.name form.abbreviation.data = epoch.abbreviation form.description.data = epoch.description if cset.finalized is False: form.years.data = epoch.years form.circa.data = epoch.circa return render_template("calendar/form.html", item=epoch, form=form, heading=heading, title=page_title(f"Edit Epoch '{epoch.name}'"))
def filter_hidden_events(query): """Update a SQLAlchemy query object with a filter that removes Event with a status that the current use is not allowed to see - Moderators can see all events - Normal users cannot see 'Pending' events - Activity supervisors can see 'Pending' events for the activities that they supervise - Leaders can see the events that they lead :param query: The original query :type query: :py:class:`sqlalchemy.orm.query.Query` :return: The filtered query :rtype: :py:class:`sqlalchemy.orm.query.Query` """ # Display pending events only to relevant persons if not current_user.is_authenticated: # Not logged users see no pending event query = query.filter(Event.status != EventStatus.Pending) elif current_user.is_moderator(): # Admin see all pending events (no filter) pass else: # Regular user can see non Pending query_filter = Event.status != EventStatus.Pending # If user is a supervisor, it can see Pending events of its activities if current_user.is_supervisor(): # Supervisors can see all sup activities = current_user.get_supervised_activities() activities_ids = [a.id for a in activities] supervised = Event.activity_types.any( ActivityType.id.in_(activities_ids)) query_filter = or_(query_filter, supervised) # If user can create event, it can see its pending events if current_user.can_create_events(): lead = Event.leaders.any(id=current_user.id) query_filter = or_(query_filter, lead) # After filter construction, it is applied to the query query = query.filter(query_filter) return query
def accept_event_leaders(event, leaders): """ Check whether all activities have a valid leader, display error if not the case """ if not any(leaders): flash("Au moins un encadrant doit être défini") return False if current_user.is_moderator(): return True problems = event.activities_without_leader(leaders) if len(problems) == 0: return True if len(problems) == 1: flash( "Aucun encadrant valide n'a été défini pour l'activité {}".format( problems[0].name)) else: names = [a.name for a in problems] flash("Aucun encadrant valide n'a été défini pour les activités {}". format(names.join(", "))) return False
def settings(): cset = CalendarSetting.query.get(1) if cset.finalized is False: if current_user.is_moderator(): return deny_access( no_perm_url, "A Moderator can only edit the Calendar after it has been finalized." ) epochs = Epoch.query.order_by(Epoch.order.asc()).all() months = Month.query.order_by(Month.order.asc()).all() days = Day.query.order_by(Day.order.asc()).all() moons = Moon.query.order_by(Moon.name.asc()).all() return render_template("calendar/settings.html", settings=cset, epochs=epochs, months=months, days=days, moons=moons, title=page_title("Calendar Settings"))
def get_reserve_info_flag_by_id(): data_dict = request.get_json() # 获取前台的数据(json格式) rows = {'flag': 'fail'} # flag标记是否可以获取详细信息,默认fail(不可以) print('------------------------------------------') print(data_dict) print('------------------------------------------') if current_user.is_moderator() or current_user.is_administrator(): # 管理员和协管用户可以 rows['flag'] = 'success' else: reserve_info = ReserveInfo.query.get_or_404(int(data_dict['reserve_id'])) print('------------------------------------------') print(data_dict) print(reserve_info.user_id) print(current_user.id) print('------------------------------------------') if reserve_info.user_id == current_user.id: # 如果当前用户与预约用户是同一用户 rows['flag'] = 'success' result = json.dumps(rows) return result
def moon_edit(id, name=None): cset = CalendarSetting.query.get(1) if cset.finalized is False: if current_user.is_moderator(): return deny_access( no_perm_url, "A Moderator can only edit the Calendar after it has been finalized." ) heading = "Edit Moon" form = MoonForm() form.submit.label.text = "Save Moon" moon = Moon.query.filter_by(id=id).first_or_404() if form.validate_on_submit(): moon.name = form.name.data moon.description = form.description.data moon.phase_length = form.phase_length.data moon.phase_offset = form.phase_offset.data moon.waxing_color = stretch_color(form.waxing_color.data.hex) moon.waning_color = stretch_color(form.waning_color.data.hex) db.session.commit() flash("Moon edited.", "success") return redirect(url_for("calendar.settings")) elif request.method == "GET": form.name.data = moon.name form.description.data = moon.description form.phase_length.data = moon.phase_length form.phase_offset.data = moon.phase_offset form.waxing_color.data = moon.waxing_color form.waning_color.data = moon.waning_color return render_template("calendar/form.html", item=moon, form=form, heading=heading, title=page_title(f"Edit Moon '{moon.name}'"))
def article(post_id): prev_url = request.args.get('prev_url', '') post_show = Post.query.get_or_404(post_id) if post_show.is_draft and (current_user != post_show.author and not current_user.is_moderator()): abort(404) form = CommentForm() if form.validate_on_submit(): if not current_user.is_authenticated: flash("请先登录") return redirect(url_for('auth.login', next=str(request.url))) comment = Comment(body=form.body.data, post=post_show, author=current_user) post_show.author.get_message_from_admin(content=u'你收到了一条评论。', link_id=post_show.id, link_type='comment') comment.save() flash('你的评论已提交。') return redirect(url_for('post.article', post_id=post_show.id, page=-1)) page = request.args.get('page', 1, type=int) if page == -1: page = (post_show.comments.count() - 1) / \ current_app.config['COMMENTS_PER_PAGE'] + 1 pagination = post_show.comments.order_by(Comment.timestamp.asc()).paginate( page, per_page=current_app.config['COMMENTS_PER_PAGE'], error_out=False) comments = pagination.items post_show.count += 1 post_show.save() return render_template('post/article.html', posts=[post_show], form=form, prev_url=prev_url, comments=comments, pagination=pagination, page=page)
def update_post(post_id): post = Post.query.get_or_404(post_id) if not (current_user.is_authenticated and (current_user.is_admin() or current_user.is_moderator())): abort(403) form = PostForm() if form.validate_on_submit(): post.title = form.title.data post.content = form.content.data if form.picture.data: picture_file = save_post_picture(form.picture.data) post.image_file = picture_file db.session.commit() flash('Your post has been updated!', 'success') return redirect(url_for('post', post_id=post.id)) elif request.method == 'GET': form.title.data = post.title form.content.data = post.content form.picture.data = post.image_file return render_template('create_post.html', title='Update Post', form=form, legend='Update Post')
def edit_comment(comment_id): comment = Comment.query.filter_by(id=comment_id, deleted=False).first_or_404() if current_user != comment.author and not current_user.is_moderator(): abort(403) form = CommentEditForm() if form.submit.data and form.validate_on_submit(): comment.body = form.body.data comment.updated_at = datetime.utcnow() db.session.add(comment) flash(lazy_gettext('The comment has been updated.')) return redirect( request.args.get('next') or url_for('main.topic', topic_id=comment.topic_id)) elif form.cancel.data: flash(lazy_gettext('Comment editing was omitted .')) return redirect( request.args.get('next') or url_for('main.topic', topic_id=comment.topic_id)) elif form.delete.data: comment.deleted = True comment.updated_at = datetime.utcnow() db.session.add(comment) flash(lazy_gettext('The comment has been deleted.')) return redirect( request.args.get('next') or url_for('main.topic', topic_id=comment.topic_id)) if not form.is_submitted(): form.body.data = comment.body return render_template('edit_comment.html', form=form, comment=comment)
def manage_event(event_id=None): if not current_user.can_create_events(): flash('Accès restreint, rôle insuffisant.', 'error') return redirect(url_for('event.index')) event = Event.query.get(event_id) if event_id is not None else Event() choices = activity_choices(event.activity_types, event.leaders) form = EventForm(choices, CombinedMultiDict((request.files, request.form))) if not form.is_submitted(): form = EventForm(choices, obj=event) if not event_id is None: form.type.data = str(event.activity_types[0].id) return render_template('editevent.html', conf=current_app.config, form=form) form.populate_obj(event) # Validate dates valid = True if not event.starts_before_ends(): flash('La date de début doit être antérieure à la date de fin') valid = False if event.num_online_slots > 0: if not event.has_defined_registration_date(): flash( "Les date de début ou fin d\'ouverture ou de fermeture d'inscription ne peuvent être nulles." ) valid = False else: if not event.opens_before_closes(): flash( 'Les inscriptions internet doivent ouvrir avant de terminer' ) valid = False if not event.opens_before_ends(): flash( 'Les inscriptions internet doivent ouvrir avant la fin de l\'événement' ) valid = False if event.num_slots < event.num_online_slots: flash( 'Le nombre de places internet ne doit pas dépasser le nombre de places total' ) valid = False elif event.num_online_slots < 0: flash('Le nombre de places par internet ne peut être négatif') valid = False if not valid: return render_template('editevent.html', conf=current_app.config, form=form) event.set_rendered_description(event.description) # Only set ourselves as leader if there weren't any if not any(event.leaders): event.leaders.append(current_user) # For now enforce single activity type activity_type = ActivityType.query.filter_by(id=event.type).first() if activity_type not in event.activity_types: event.activity_types.clear() event.activity_types.append(activity_type) # We are changing the activity, check that there is a valid leader if not current_user.is_moderator() and not event.has_valid_leaders(): flash('Encadrant invalide pour cette activité') return render_template('editevent.html', conf=current_app.config, form=form) # We have to save new event before add the photo, or id is not defined db.session.add(event) db.session.commit() # If no photo is sen, we don't do anything, especially if a photo is # already existing if (form.photo_file.data is not None): event.save_photo(form.photo_file.data) db.session.add(event) db.session.commit() elif form.duplicate_photo.data != "": duplicated_event = Event.query.get(form.duplicate_photo.data) if duplicated_event != None: event.photo = duplicated_event.photo db.session.add(event) db.session.commit() if event_id is None: # This is a new event, send notification to supervisor send_new_event_notification(event) return redirect(url_for('event.view_event', event_id=event.id))
def edit_topic(topic_id): tpc = Topic.query.filter_by(id=topic_id, deleted=False).first_or_404() if current_user != tpc.author and not current_user.is_moderator(): abort(403) with_poll = request.args.get('poll', 0, type=int) or tpc.poll form = TopicWithPollForm() if with_poll else TopicForm() if not current_user.is_moderator(): del form.group_id if form.submit.data and form.validate_on_submit(): if current_user.is_moderator(): tpc.group_id = form.group_id.data tpc.title = form.title.data tpc.body = form.body.data if with_poll: tpc.poll = form.poll_question.data tpc.update_poll_answers( form.poll_answers.data.strip().splitlines()) tpc.updated_at = datetime.utcnow() db.session.add(tpc) flash(lazy_gettext('The pitch has been renewed')) return redirect(url_for('main.topic', topic_id=tpc.id)) elif not with_poll and form.add_poll.data and form.validate_on_submit(): if current_user.is_moderator(): tpc.group_id = form.group_id.data tpc.title = form.title.data tpc.body = form.body.data tpc.updated_at = datetime.utcnow() db.session.add(tpc) flash(lazy_gettext('fill in information for a poll')) return redirect(url_for('main.edit_topic', topic_id=tpc.id, poll=1)) elif form.cancel.data: flash(lazy_gettext('Pitch editing was terminated.')) return redirect(url_for('main.topic', topic_id=tpc.id)) elif form.delete.data: tpc.comments.update(dict(deleted=True)) tpc.poll_answers.update(dict(deleted=True)) tpc.poll_votes.update(dict(deleted=True)) tpc.deleted = True tpc.updated_at = datetime.utcnow() db.session.add(tpc) flash(lazy_gettext('The pitch has been wiped out.')) return redirect( url_for('main.topic_group', topic_group_id=tpc.group_id)) if not form.is_submitted(): form.title.data = tpc.title form.body.data = tpc.body if form.group_id: form.group_id.data = tpc.group_id if tpc.poll: form.poll_question.data = tpc.poll form.poll_answers.data = '\n'.join([ a.body for a in tpc.poll_answers.filter_by(deleted=False).all() ]) return render_template('edit_topic.html', form=form, topic=tpc)
def func(): if not current_user.is_moderator(): abort(403) return fun()
def user(username): """user's articles show""" user_showed = User.query.filter_by(username=username).first() if user_showed is None: abort(404) if current_user == user_showed or current_user.is_moderator(): query_category_count = query = user_showed.posts else: query_category_count = query = user_showed.posts.filter_by( is_draft=False) categories_list = Category.query.filter_by(parent_id=1).all() tags = Tag.query.all() prev_url = request.args.get('prev_url', '') page = request.args.get('page', 1, type=int) cur_category = request.args.get('category', '') cur_category_cookie = request.cookies.get('category_user', '') category_disable = request.args.get('category_disable', '') cur_tag = request.args.get('tag', '') cur_tag_cookie = request.cookies.get('tags_user', '') tag_disable = request.args.get('tag_disable', '') cur_key = request.args.get('key', '') cur_key_cookie = request.cookies.get('key_user', '') key_disable = request.args.get('key_disable', '') # 处理从post.article栏目&标签跳转 if prev_url: if cur_category: resp = make_response( redirect( url_for('main.user', username=username, category=cur_category))) elif cur_tag: resp = make_response( redirect(url_for('main.user', username=username, tag=cur_tag))) else: resp = make_response( redirect(url_for('main.user', username=username))) resp.set_cookie('tags_user', '', path=url_for('main.user', username=username), max_age=0) resp.set_cookie('category_user', '', path=url_for('main.user', username=username), max_age=0) resp.set_cookie('key_user', '', path=url_for('main.user', username=username), max_age=0) return resp # category if not cur_category and not category_disable: cur_category = cur_category_cookie if cur_category: if not cur_category_cookie or cur_category_cookie != cur_category: resp = make_response( redirect(url_for('main.user', username=username))) resp.set_cookie('category_user', cur_category, path=url_for('main.user', username=username), max_age=60 * 3) resp.set_cookie('tags_user', '', path=url_for('main.user', username=username), max_age=0) return resp category_instance = Category.query.filter_by(name=cur_category).first() if category_instance: query = category_instance.posts_query(query) if category_disable: resp = make_response(redirect(url_for('main.user', username=username))) resp.set_cookie('category_user', '', path=url_for('main.user', username=username), max_age=0) resp.set_cookie('tags_user', '', path=url_for('main.user', username=username), max_age=0) return resp # tag cur_tags = cur_tag_cookie.split(',') if cur_tag: if cur_tag not in cur_tags: cur_tags.append(cur_tag) cur_tags = ','.join(cur_tags) resp = make_response( redirect(url_for('main.user', username=username))) resp.set_cookie('tags_user', cur_tags, path=url_for('main.user', username=username), max_age=60 * 3) return resp elif cur_tag in cur_tags: cur_tags.remove(cur_tag) cur_tags = ','.join(cur_tags) resp = make_response( redirect(url_for('main.user', username=username))) resp.set_cookie('tags_user', cur_tags, path=url_for('main.user', username=username), max_age=60 * 3) return resp elif not tag_disable: for tag in cur_tags: if tag: tag_instance = Tag.query.filter_by(content=tag).first() if tag_instance: query = tag_instance.posts_query(query) if tag_disable: resp = make_response(redirect(url_for('main.user', username=username))) resp.set_cookie('tags_user', '', path=url_for('main.user', username=username), max_age=0) return resp # key if not cur_key and not key_disable: cur_key = cur_key_cookie if cur_key: if cur_key_cookie != cur_key: resp = make_response( redirect(url_for('main.user', username=username))) resp.set_cookie('key_user', cur_key, path=url_for('main.user', username=username), max_age=60 * 3) return resp query = query.filter( Post.body.contains(cur_key) | Post.title.contains(cur_key) | Post.summary.contains(cur_key)) if key_disable: resp = make_response(redirect(url_for('main.user', username=username))) resp.set_cookie('key_user', '', path=url_for('main.user', username=username), max_age=0) return resp # query pagination = None posts = None if query: pagination = query.order_by(Post.count.desc()).order_by( Post.timestamp.desc()).paginate( page, per_page=current_app.config['FOLLOWERS_PER_PAGE'], error_out=False) posts = pagination.items return render_template('user.html', user=user_showed, posts=posts, query_category_count=query_category_count, tags=tags, query_tag_count=query, cur_tags=cur_tags, cur_category=cur_category, key=cur_key, categories=categories_list, pagination=pagination)