def unjoin_group(gid): group = get_group(gid) if not group: flash('Group does not exist') return redirect(url_for('error')) if not in_group(session['userid'], gid): flash("You can't leave a group you're not in.") return redirect(url_for('error')) delete_from_group(gid, session['userid']) flash("Unjoined group " + get_group(gid).groupname + ".") return redirect(url_for('my_groups'))
def rename_group(gid): # Restrict access to this page to matching group owner. group = get_group(gid) if not group: flash("Group does not exist.") return redirect(url_for('error')) if not is_group_owner(gid): flash("You are not authorized to access this page.") return redirect(url_for('error')) form = RenameGroupForm(request.form) if request.method == 'POST' and form.validate(): success = rename_group_controller(gid, form) if success: flash("Successfully renamed group to " + form.groupname.data + ".") return redirect(url_for('my_groups')) else: flash("Group renaming failed; group name must be unique.") return render_template('groups/renamegroup.html', group=group, form=form) else: return render_template('groups/renamegroup.html', group=group, form=form)
def group_page(groupid): group = get_group(groupid) if not group: flash("Group does not exist.") return redirect(url_for('error')) owner = userid_to_object(group.groupownerid) #todo: make sure in_group method works if not in_group(session['userid'], groupid): flash("You can't view this page without joining the group.") return redirect(url_for('group_error', groupid=groupid)) post_form = PostForm(request.form) pageid = get_pageid_group(groupid) if post_form.validate() and request.method == 'POST': post_on_page(pageid, session['userid'], post_form.content.data) return redirect(url_for('group_page', groupid=groupid)) post_form = PostForm() posts = get_posts(pageid) return render_template('pages/grouppage.html', form=post_form, group=group, owner=owner, posts=posts, page=pageid)
def group_members(gid): if not in_group(session['userid'], gid): flash("You can't view this page without joining the group.") return redirect(url_for('group_error', groupid=gid)) group = get_group(gid) members = get_group_members(gid) return render_template('groups/groupmembers.html', group=group, members=members)
def retrieve_customer_groups_controller(userid): conn = mysql.connect() cursor = conn.cursor() cursor.execute('select groupid from groupmembers where userid=%s', (userid)) group_ids = cursor.fetchall() groups = [] for group_id in group_ids: group = get_group(group_id) groups.append(group) return groups
def permission_to_edit_post(userid, postid): page = get_page(postid) post = get_post(postid) if page.pagetype == 'Personal': return page.ownerid == userid or post.authorid == userid else: group = get_group(page.groupid) if group.groupownerid == userid or post.authorid == userid: return True else: return False
def delete_members(gid): group = get_group(gid) if not group: return redirect(url_for('error')) # Restrict access to this page to matching group owner. if not is_group_owner(gid): flash("You are not authorized to access this page.") return redirect(url_for('error')) # get group members group_members = get_group_members(gid) return render_template('groups/deletemembers.html', group=group, group_members=group_members)
def add_member_search(gid): group = get_group(gid) if not group: flash("Group does not exist.") return redirect(url_for('error')) # Restrict access to this page to matching group owner. if not is_group_owner(gid): flash("You are not authorized to access this page.") return redirect(url_for('error')) # reuse methods from finding friends: form = SearchForm(request.form) if request.method == 'POST': search_results = user_search_controller(form) invalid_reqs = get_invalid_group_add_reqs(gid) # todo: directly add users who already requested to join group return render_template('groups/addtogroup.html', group=group, form=form, search_results=search_results, invalid_reqs=invalid_reqs) return render_template('groups/addtogroup.html', group=group, form=form)
def post_page(postid): post = get_post(postid) if not post: flash("Post does not exist.") return redirect(url_for('error')) page = get_page(postid) # page post belongs to # Check whether post/comment thread rooted off a personal page or group page. if page.pagetype == 'Group': if not in_group(session['userid'], page.groupid): flash("You can't view this page without joining the group.") return redirect(url_for('group_error', groupid=page.groupid)) group = get_group(page.groupid) origin_type = 'group' else: user = userid_to_object(page.ownerid) origin_type = 'user' form = CommentForm(request.form) # write a comment if form.validate() and request.method == 'POST': comment_on_post(postid, session['userid'], form.content.data) redirect(url_for('post_page', postid=postid)) form = CommentForm() post = get_post(postid) #debug for c in post.comments: print(c.content, c.likes) # if origin_type == 'user': return render_template('pages/post.html', form=form, post=post, user=user, group=None) else: return render_template('pages/post.html', form=form, post=post, group=group, user=None)
def group_error(groupid): group = get_group(groupid) return render_template('errors/groupprivacy.html', group=group)
def add_to_group(gid, userid): insert_pending_group_member(gid, userid, 'owner') groupname = get_group(gid).groupname flash("Requested to join " + groupname + ".") return redirect(url_for('find_group'))
def confirm_membership(gid, userid): group = get_group(gid) user = userid_to_object(userid) group_accept_controller(gid, userid) flash(user.username + " is now in " + group.groupname + ".") return redirect(url_for('group_requests'))