def login(self):
_ = self.request.translate
browser_error = checkBrowser(self.request)
device_error = checkDevice(self.request)
login = ''
if self.request.method == 'POST':
if self.request.POST.get('login') \
and self.request.POST.get('password') \
and self.request.POST.get('login').strip() != '' \
and self.request.POST.get('password').strip() != '':
login = self.request.POST.get('login')
password = self.request.POST.get('password')
user = DBSession.query(User).filter(User.username==login).first()
if ( user is not None
and user.active
and user.validate_password(password, user.password)):
headers = security.remember(self.request, user.id)
self.request.session.flash(_(u"Welcome, ${username}! You are logged in.", mapping={'username':user.username}), 'success')
userLogin = UserLogin(user_id = user.id, ip = self.request.client_addr, user_agent = self.request.user_agent)
DBSession.add(userLogin)
DBSession.flush()
self.request.session['user_login_id'] = userLogin.id
if userhelpers.checkUserPasswordChangeNeed(self.request, user):
return HTTPFound(location='/settings/me/edit/', headers=headers)
return HTTPFound(location='/', headers=headers)
self.request.session.flash(_(u"Login failed."), 'error')
else:
self.request.session.flash(_(u"Login failed. Please provide username and password."), 'error')
return {'login':login, 'browser_error':browser_error, 'device_error':device_error}
def settings_new(self):
if self.request.redirect_forbidden:
return HTTPFound(location="/forbidden/")
elif userhelpers.checkUserPasswordChangeNeed(self.request):
return HTTPFound(location="/settings/me/edit/")
_ = self.request.translate
# TODO: Errors
errors = {}
tmp_setting = {"setting_key": "", "setting_value": ""}
if self.request.method == "POST":
tmp_setting["setting_key"] = self.request.POST.get("setting_key").strip()
tmp_setting["setting_value"] = self.request.POST.get("setting_value")
if tmp_setting["setting_key"] and tmp_setting["setting_key"] != "":
if not self.checkIfSettignKeyExists(tmp_setting["setting_key"]):
setting = Setting(tmp_setting["setting_key"], tmp_setting["setting_value"])
DBSession.add(setting)
DBSession.flush()
userAudit = UserAudit(self.request.user.id)
userAudit.model = "Setting"
userAudit.model_id = setting.id
userAudit.action = "Create"
userAudit.revision = setting.metadata_revision
DBSession.add(userAudit)
DBSession.flush()
self.request.session.flash(_(u"Setting created."), "success")
return HTTPFound(location="/settings/list/")
else:
self.request.session.flash(_(u"Setting with same key exists allready."), "error")
else:
self.request.session.flash(_(u"Please provide key."), "error")
self.request.bread.append({"url": "/settings/", "text": _("Settings")})
self.request.bread.append({"url": "/settings/list/", "text": _("List")})
self.request.bread.append({"url": "/settings/new/", "text": _("New")})
return {"setting": tmp_setting}
def security_shifts_logitem_delete(self):
if self.request.redirect_forbidden:
return HTTPFound(location="/forbidden/")
elif userhelpers.checkUserPasswordChangeNeed(self.request):
return HTTPFound(location="/settings/me/edit/")
_ = self.request.translate
logitem_id = self.request.matchdict["logitem_id"]
logitem = DBSession.query(SecurityLogItem).filter(SecurityLogItem.id == logitem_id).first()
if logitem != None:
logitem.deleted = True
DBSession.add(logitem)
DBSession.flush()
userAudit = UserAudit(self.request.user.id)
userAudit.model = "SecurityLogItem"
userAudit.model_id = logitem.id
userAudit.action = "Deleted"
userAudit.revision = logitem.metadata_revision
DBSession.add(userAudit)
DBSession.flush()
self.request.session.flash(_(u"Log item deleted."), "success")
return HTTPFound(location="/security/shifts/view/" + str(logitem.shift_id) + "/")
self.request.session.flash(_(u"Error finding logitem to delete."), "Error")
return HTTPFound(location="/security/shifts/view/" + str(logitem.shift_id) + "/")
def medical_settings_reasons_new(self):
if self.request.redirect_forbidden:
return HTTPFound(location='/forbidden/')
elif userhelpers.checkUserPasswordChangeNeed(self.request):
return HTTPFound(location='/settings/me/edit/')
_ = self.request.translate
reason = MedicalReason()
if self.request.method == 'POST':
reason.title = self.request.POST.get('title').strip()
reason.description = self.request.POST.get('description').strip()
if reason.title != '':
DBSession.add(reason)
DBSession.flush()
self.request.session.flash(_(u"Reason created."), 'success')
return HTTPFound(location='/medical/settings/')
else:
self.request.session.flash(_(u"Please provide title."), 'error')
self.request.bread.append({'url':'/medical/', 'text':_('Medical')})
self.request.bread.append({'url':'/medical/settings/', 'text':_('Settings')})
self.request.bread.append({'url':'/medical/settings/reasons/new/', 'text':_('New reason')})
return {'reason':reason}
def medical_settings_methodofarrivals_edit(self):
if self.request.redirect_forbidden:
return HTTPFound(location='/forbidden/')
elif userhelpers.checkUserPasswordChangeNeed(self.request):
return HTTPFound(location='/settings/me/edit/')
_ = self.request.translate
methodofarrival_id = self.request.matchdict['methodofarrival_id']
methodofarrival = DBSession.query(MedicalMethodOfArrival).filter(MedicalMethodOfArrival.id==methodofarrival_id).first()
if self.request.method == 'POST':
methodofarrival.title = self.request.POST.get('title').strip()
methodofarrival.description = self.request.POST.get('description').strip()
if methodofarrival.title != '':
DBSession.add(methodofarrival)
DBSession.flush()
self.request.session.flash(_(u"MethodOfArrival saved."), 'success')
return HTTPFound(location='/medical/settings/')
else:
self.request.session.flash(_(u"Please provide title."), 'error')
self.request.bread.append({'url':'/medical/', 'text':_('Medical')})
self.request.bread.append({'url':'/medical/settings/', 'text':_('Settings')})
self.request.bread.append({'url':'/medical/settings/methodofarrivals/new/', 'text':_('Edit methodofarrival')})
return {'methodofarrival':methodofarrival}
def settings_users_deactivate(self):
if self.request.redirect_forbidden:
return HTTPFound(location='/forbidden/')
elif userhelpers.checkUserPasswordChangeNeed(self.request):
return HTTPFound(location='/settings/me/edit/')
_ = self.request.translate
user_id = self.request.matchdict['user_id']
if user_id != 1:
user = DBSession.query(User).get(user_id)
user.active = 0
user.metadata_modified = datetime.now()
DBSession.add(user)
DBSession.flush()
userAudit = UserAudit(self.request.user.id)
userAudit.model = 'User'
userAudit.model_id = user.id
userAudit.action = 'Deactivated'
userAudit.revision = user.metadata_revision
DBSession.add(userAudit)
DBSession.flush()
self.request.session.flash(_(u"User deactivated."), 'success')
return HTTPFound(location='/settings/users/')
def settings_organization_club_edit(self):
if self.request.redirect_forbidden:
return HTTPFound(location='/forbidden/')
elif userhelpers.checkUserPasswordChangeNeed(self.request):
return HTTPFound(location='/settings/me/edit/')
_ = self.request.translate
tmp_club = {
'name':'',
'short_name':'',
'leader_id':'',
'subunit_id':0,
'club_code':'',
}
club_id = self.request.matchdict['club_id']
club = DBSession.query(Club).filter(Club.id==club_id).first()
if club.id:
tmp_club = {
'name':club.name,
'short_name':club.short_name,
'leader_id':club.leader_id,
'subunit_id':club.subunit_id,
'club_code':club.club_code
}
if self.request.method == 'POST':
tmp_club['name'] = self.request.POST.get('name').strip()
tmp_club['short_name'] = self.request.POST.get('short_name').strip()
#tmp_club['leader_id'] = self.request.POST.get('leader_id').strip()
tmp_club['leader_id'] = 0
tmp_club['subunit_id'] = self.request.POST.get('subunit_id').strip()
tmp_club['club_code'] = self.request.POST.get('club_code').strip()
if tmp_club['name']:
club.name = tmp_club['name']
club.short_name = tmp_club['short_name']
club.leader_id = tmp_club['leader_id']
club.subunit_id = tmp_club['subunit_id']
club.club_code = tmp_club['club_code']
DBSession.add(club)
DBSession.flush()
userAudit = UserAudit(self.request.user.id)
userAudit.model = 'Club'
userAudit.model_id = club.id
userAudit.action = 'Update'
userAudit.revision = club.metadata_revision
DBSession.add(userAudit)
DBSession.flush()
self.request.session.flash(_(u"Club saved."), 'success')
return HTTPFound(location='/settings/organization/')
else:
self.request.session.flash(_(u"Please provide club name."), 'error')
subunits = DBSession.query(SubUnit).all()
self.request.bread.append({'url':'/settings/', 'text':_('Settings')})
self.request.bread.append({'url':'/settings/organization/', 'text':_('Organization')})
self.request.bread.append({'url':'/settings/organization/club_edit/'+club_id+'/', 'text':_('Edit club')})
return {'club':tmp_club, 'subunits':subunits}
def security_shifts_new(self):
if self.request.redirect_forbidden:
return HTTPFound(location="/forbidden/")
elif userhelpers.checkUserPasswordChangeNeed(self.request):
return HTTPFound(location="/settings/me/edit/")
_ = self.request.translate
shift = SecurityShift()
if self.request.method == "POST":
shift.starts = helpers.parseFinnishDateFromString(self.request.POST.get("starts").strip())
shift.ends = helpers.parseFinnishDateFromString(self.request.POST.get("ends").strip())
# shift.leader_id = helpers.decodeString(self.request.POST.get('leader_id').strip())
shift.notes = helpers.decodeString(self.request.POST.get("notes").strip())
if type(shift.starts) is datetime and type(shift.ends) is datetime and shift.starts < shift.ends:
DBSession.add(shift)
DBSession.flush()
userAudit = UserAudit(self.request.user.id)
userAudit.model = "SecurityShift"
userAudit.model_id = shift.id
userAudit.action = "Create"
userAudit.revision = shift.metadata_revision
DBSession.add(userAudit)
DBSession.flush()
self.request.session.flash(_(u"Shift created."), "success")
return HTTPFound(location="/security/shifts/view/" + str(shift.id) + "/")
else:
self.request.session.flash(_(u"Error creating shift. Shift ends before it begins."), "error")
self.request.bread.append({"url": "/security/", "text": _("Security")})
self.request.bread.append({"url": "/security/shifts/", "text": _("Shifts")})
self.request.bread.append({"url": "/security/shifts/new/", "text": _("Create")})
return {"shift": shift}
def medical_settings_treatmenttypes_edit(self):
if self.request.redirect_forbidden:
return HTTPFound(location='/forbidden/')
elif userhelpers.checkUserPasswordChangeNeed(self.request):
return HTTPFound(location='/settings/me/edit/')
_ = self.request.translate
treatmenttype_id = self.request.matchdict['treatmenttype_id']
treatmenttype = DBSession.query(MedicalTreatmentType).filter(MedicalTreatmentType.id==treatmenttype_id).first()
if self.request.method == 'POST':
treatmenttype.title = self.request.POST.get('title').strip()
treatmenttype.description = self.request.POST.get('description').strip()
if treatmenttype.title != '':
DBSession.add(treatmenttype)
DBSession.flush()
self.request.session.flash(_(u"Treatmenttype saved."), 'success')
return HTTPFound(location='/medical/settings/')
else:
self.request.session.flash(_(u"Please provide title."), 'error')
self.request.bread.append({'url':'/medical/', 'text':_('Medical')})
self.request.bread.append({'url':'/medical/settings/', 'text':_('Settings')})
self.request.bread.append({'url':'/medical/settings/treatmenttypes/new/', 'text':_('Edit treatmenttype')})
return {'treatmenttype':treatmenttype}
def settings_organization_village_edit(self):
if self.request.redirect_forbidden:
return HTTPFound(location='/forbidden/')
elif userhelpers.checkUserPasswordChangeNeed(self.request):
return HTTPFound(location='/settings/me/edit/')
_ = self.request.translate
tmp_village = {
'name':'',
'short_name':'',
'leader_id':'',
'subcamp_id':0,
}
village_id = self.request.matchdict['village_id']
village = DBSession.query(Village).filter(Village.id==village_id).first()
subcamps = DBSession.query(Subcamp).all()
if village.id:
tmp_village = {
'name':village.name,
'short_name':village.short_name,
'leader_id':village.leader_id,
'subcamp_id':village.subcamp_id,
}
if self.request.method == 'POST':
tmp_village['name'] = self.request.POST.get('name').strip()
tmp_village['short_name'] = self.request.POST.get('short_name').strip()
#tmp_village['leader_id'] = self.request.POST.get('leader_id').strip()
tmp_village['leader_id'] = 0
tmp_village['subcamp_id'] = self.request.POST.get('subcamp_id').strip()
if tmp_village['name']:
village.name = tmp_village['name']
village.short_name = tmp_village['short_name']
village.leader_id = tmp_village['leader_id']
village.subcamp_id = tmp_village['subcamp_id']
DBSession.add(village)
DBSession.flush()
userAudit = UserAudit(self.request.user.id)
userAudit.model = 'Village'
userAudit.model_id = village.id
userAudit.action = 'Update'
userAudit.revision = village.metadata_revision
DBSession.add(userAudit)
DBSession.flush()
self.request.session.flash(_(u"Village saved."), 'success')
return HTTPFound(location='/settings/organization/')
else:
self.request.session.flash(_(u"Please provide village name."), 'error')
self.request.bread.append({'url':'/settings/', 'text':_('Settings')})
self.request.bread.append({'url':'/settings/organization/', 'text':_('Organization')})
self.request.bread.append({'url':'/settings/organization/village_edit/'+village_id+'/', 'text':_('Edit village')})
return {'village':tmp_village, 'subcamps':subcamps}
def settings_edit(self):
if self.request.redirect_forbidden:
return HTTPFound(location="/forbidden/")
elif userhelpers.checkUserPasswordChangeNeed(self.request):
return HTTPFound(location="/settings/me/edit/")
_ = self.request.translate
# TODO: Errors
errors = {}
tmp_setting = {"setting_key": "", "setting_value": "", "locked_key": False}
setting_id = self.request.matchdict["setting_id"]
setting = DBSession.query(Setting).filter(Setting.id == setting_id).first()
if setting.id:
tmp_setting = {
"setting_key": setting.setting_key,
"setting_value": setting.setting_value,
"locked_key": setting.locked_key,
}
if self.request.method == "POST":
if not setting.locked_key:
tmp_setting["setting_key"] = self.request.POST.get("setting_key").strip()
else:
tmp_setting["setting_key"] = setting.setting_key
tmp_setting["setting_value"] = self.request.POST.get("setting_value")
if tmp_setting["setting_key"] and tmp_setting["setting_key"] != "":
if not self.checkIfSettignKeyExists(tmp_setting["setting_key"], setting.id):
setting.setting_key = tmp_setting["setting_key"]
setting.setting_value = tmp_setting["setting_value"]
DBSession.add(setting)
DBSession.flush()
userAudit = UserAudit(self.request.user.id)
userAudit.model = "Setting"
userAudit.model_id = setting.id
userAudit.action = "Update"
userAudit.revision = setting.metadata_revision
DBSession.add(userAudit)
DBSession.flush()
self.request.session.flash(_(u"Setting saved."), "success")
return HTTPFound(location="/settings/list/")
else:
self.request.session.flash(_(u"Setting with same key exists allready."), "error")
else:
self.request.session.flash(_(u"Please provide key."), "error")
self.request.bread.append({"url": "/settings/", "text": _("Settings")})
self.request.bread.append({"url": "/settings/list/", "text": _("List")})
self.request.bread.append(
{"url": "/settings/edit/" + setting_id + "/", "text": _("Edit") + " " + setting.setting_key}
)
return {"setting": tmp_setting}
def feedback_add_box_submit(self):
_ = self.request.translate
if self.request.method == 'POST':
feedback = Feedback()
feedback.title = self.request.POST.get('feedback_title')
feedback.description = self.request.POST.get('feedback_description')
feedback.type = int(self.request.POST.get('feedback_type'))
DBSession.add(feedback)
DBSession.flush()
return {'success':True}
def security_participant_view(self):
_ = self.request.translate
participant_id = self.request.matchdict["participant_id"]
participant = DBSession.query(Participant).get(participant_id)
if (
self.request.method == "POST"
and self.request.POST.get("participant_new_status_id") != None
and self.request.POST.get("participant_new_status_id").isdigit()
):
participantStatus = ParticipantStatus()
participantStatus.participant_id = participant.id
participantStatus.status_id = int(self.request.POST.get("participant_new_status_id"))
description = self.request.POST.get("participant_new_status_description")
if description != None and description.strip() != "":
participantStatus.description = description
expected_next_change = self.request.POST.get("participant_new_status_expected_next_change")
if expected_next_change != None and expected_next_change.strip() != "":
participantStatus.expected_next_change = helpers.parseFinnishDateFromString(
expected_next_change.strip()
)
DBSession.add(participantStatus)
DBSession.flush()
participant.latest_status_key = int(self.request.POST.get("participant_new_status_id"))
DBSession.add(participant)
DBSession.flush()
self.request.session.flash(_(u"Added new status for participant."), "success")
return HTTPFound(location="/security/participant/view/" + str(participant.id) + "/")
participant.getParticipantAddressData()
participant.getParticipantPhoneData()
participant.getParticipantLanguageData()
participant.getParticipantPresenceData()
participant.getParticipantNextOfKinData()
participant.getParticipantMetaData()
self.request.bread.append({"url": "/security/", "text": _("Security")})
self.request.bread.append({"url": "/security/participant/search/", "text": _("Search")})
self.request.bread.append(
{
"url": "/security/participant/view/" + participant_id + "/",
"text": _("Participant")
+ " "
+ helpers.decodeString(participant.firstname)
+ " "
+ helpers.decodeString(participant.lastname),
}
)
return {"participant": participant}
def settings_organization_subcamp_edit(self):
if self.request.redirect_forbidden:
return HTTPFound(location='/forbidden/')
elif userhelpers.checkUserPasswordChangeNeed(self.request):
return HTTPFound(location='/settings/me/edit/')
_ = self.request.translate
tmp_subcamp = {
'name':'',
'short_name':'',
'leader_id':'',
}
subcamp_id = self.request.matchdict['subcamp_id']
subcamp = DBSession.query(Subcamp).filter(Subcamp.id==subcamp_id).first()
if subcamp.id:
tmp_subcamp = {
'name':subcamp.name,
'short_name':subcamp.short_name,
'leader_id':subcamp.leader_id,
}
if self.request.method == 'POST':
tmp_subcamp['name'] = self.request.POST.get('name').strip()
tmp_subcamp['short_name'] = self.request.POST.get('short_name').strip()
#tmp_subcamp['leader_id'] = self.request.POST.get('leader_id').strip()
tmp_subcamp['leader_id'] = 0
if tmp_subcamp['name']:
subcamp.name = tmp_subcamp['name']
subcamp.short_name = tmp_subcamp['short_name']
subcamp.leader_id = int(tmp_subcamp['leader_id'])
DBSession.add(subcamp)
DBSession.flush()
userAudit = UserAudit(self.request.user.id)
userAudit.model = 'Subcamp'
userAudit.model_id = subcamp.id
userAudit.action = 'Update'
userAudit.revision = subcamp.metadata_revision
DBSession.add(userAudit)
DBSession.flush()
self.request.session.flash(_(u"Subcamp saved."), 'success')
return HTTPFound(location='/settings/organization/')
else:
self.request.session.flash(_(u"Please provide subcamp name."), 'error')
self.request.bread.append({'url':'/settings/', 'text':_('Settings')})
self.request.bread.append({'url':'/settings/organization/', 'text':_('Organization')})
self.request.bread.append({'url':'/settings/organization/subcamp_edit/'+subcamp_id+'/', 'text':_('Edit subcamp')})
return {'subcamp':tmp_subcamp}
def settings_organization_village_kitchen_new(self):
if self.request.redirect_forbidden:
return HTTPFound(location='/forbidden/')
elif userhelpers.checkUserPasswordChangeNeed(self.request):
return HTTPFound(location='/settings/me/edit/')
_ = self.request.translate
tmp_village_kitchen = {
'name':'',
'short_name':'',
'leader_id':'',
'subcamp_id':0,
'village_ids':[]
}
subcamps = DBSession.query(Subcamp).all()
villages = DBSession.query(Village).all()
if self.request.method == 'POST':
tmp_village_kitchen['name'] = self.request.POST.get('name').strip()
tmp_village_kitchen['short_name'] = self.request.POST.get('short_name').strip()
#tmp_village_kitchen['leader_id'] = self.request.POST.get('leader_id').strip()
tmp_village_kitchen['leader_id'] = 0
tmp_village_kitchen['subcamp_id'] = self.request.POST.get('subcamp_id').strip()
if tmp_village_kitchen['name']:
village_kitchen = VillageKitchen()
village_kitchen.name = tmp_village_kitchen['name']
village_kitchen.short_name = tmp_village_kitchen['short_name']
village_kitchen.leader_id = tmp_village_kitchen['leader_id']
village_kitchen.subcamp_id = tmp_village_kitchen['subcamp_id']
village_kitchen.villages = DBSession.query(Village).filter(Village.id.in_(self.request.POST.getall('villages'))).all()
DBSession.add(village_kitchen)
DBSession.flush()
userAudit = UserAudit(self.request.user.id)
userAudit.model = 'VillageKitchen'
userAudit.model_id = village_kitchen.id
userAudit.action = 'Create'
userAudit.revision = village_kitchen.metadata_revision
DBSession.add(userAudit)
DBSession.flush()
self.request.session.flash(_(u"Village kitchen created."), 'success')
return HTTPFound(location='/settings/organization/')
else:
self.request.session.flash(_(u"Please provide village_kitchen name."), 'error')
self.request.bread.append({'url':'/settings/', 'text':_('Settings')})
self.request.bread.append({'url':'/settings/organization/', 'text':_('Organization')})
self.request.bread.append({'url':'/settings/organization/village_kitchen_new/', 'text':_('New village_kitchen')})
return {'village_kitchen':tmp_village_kitchen, 'subcamps':subcamps, 'villages':villages}
def security_shifts_view(self):
if self.request.redirect_forbidden:
return HTTPFound(location="/forbidden/")
elif userhelpers.checkUserPasswordChangeNeed(self.request):
return HTTPFound(location="/settings/me/edit/")
_ = self.request.translate
shift_id = self.request.matchdict["shift_id"]
shift = DBSession.query(SecurityShift).filter(SecurityShift.id == shift_id).first()
if self.request.method == "POST":
logitem = SecurityLogItem()
logitem.event_type = self.request.POST.get("event_type")
logitem.shift_id = shift_id
logitem.notified_by = self.request.POST.get("notified_by")
logitem.task = self.request.POST.get("task")
logitem.content = self.request.POST.get("content")
logitem.deleted = False
logitem.people_present = self.request.POST.get("people_present")
logitem.started = helpers.parseFinnishDateFromString(self.request.POST.get("started"), default_now=True)
logitem.ended = helpers.parseFinnishDateFromString(self.request.POST.get("ended"))
DBSession.add(logitem)
DBSession.flush()
userAudit = UserAudit(self.request.user.id)
userAudit.model = "SecurityLogItem"
userAudit.model_id = logitem.id
userAudit.action = "Create"
userAudit.revision = logitem.metadata_revision
DBSession.add(userAudit)
DBSession.flush()
self.request.session.flash(_(u"Log item created."), "success")
return HTTPFound(location="/security/shifts/view/" + shift_id + "/")
logitems = (
DBSession.query(SecurityLogItem)
.filter(SecurityLogItem.shift_id == shift_id, SecurityLogItem.deleted == False)
.order_by(SecurityLogItem.started.desc())
.all()
)
self.request.bread.append({"url": "/security/", "text": _("Security")})
self.request.bread.append({"url": "/security/shifts/", "text": _("Shifts")})
self.request.bread.append({"url": "/security/shifts/view/" + shift_id + "/", "text": _("View")})
return {"shift": shift, "logitems": logitems}
def settings_groups_new(self):
if self.request.redirect_forbidden:
return HTTPFound(location='/forbidden/')
elif userhelpers.checkUserPasswordChangeNeed(self.request):
return HTTPFound(location='/settings/me/edit/')
_ = self.request.translate
tmp_group = {
'name':'',
'leader_id':'',
'privileges':'',
}
if self.request.method == 'POST':
tmp_group['name'] = self.request.POST.get('name').strip()
# tmp_group['leader_id'] = self.request.POST.get('leader_id').strip()
if not self.checkIfGroupnameExists(tmp_group['name']):
group = Group(tmp_group['name'])
if security.has_permission("settings_users_modify_permissions", self.request.context, self.request):
privileges_list = ''
if len(self.request.POST.getall('privileges')) > 0:
for privilege in DBSession.query(Privilege).filter(Privilege.id.in_(self.request.POST.getall('privileges'))).all():
privileges_list += '|'+privilege.name + '|'
group.privileges = privileges_list
DBSession.add(group)
DBSession.flush()
userAudit = UserAudit(self.request.user.id)
userAudit.model = 'Group'
userAudit.model_id = group.id
userAudit.action = 'Create'
userAudit.revision = group.metadata_revision
DBSession.add(userAudit)
DBSession.flush()
self.request.session.flash(_(u"Group created."), 'success')
if group.id != '' and group.id != 0:
return HTTPFound(location='/settings/groups/view/'+str(group.id))
else:
self.request.session.flash(_(u"Group with that name allready exists."), 'error')
privileges = DBSession.query(Privilege).all()
self.request.bread.append({'url':'/settings/', 'text':_('Settings')})
self.request.bread.append({'url':'/settings/groups/', 'text':_('Groups')})
self.request.bread.append({'url':'/settings/groups/new/', 'text':_('New')})
return {'group':tmp_group, 'privileges':privileges}
def settings_organization_subunit_new(self):
if self.request.redirect_forbidden:
return HTTPFound(location='/forbidden/')
elif userhelpers.checkUserPasswordChangeNeed(self.request):
return HTTPFound(location='/settings/me/edit/')
_ = self.request.translate
tmp_subunit = {
'name':'',
'short_name':'',
'leader_id':'',
'village_id':0,
}
if self.request.method == 'POST':
tmp_subunit['name'] = self.request.POST.get('name').strip()
tmp_subunit['short_name'] = self.request.POST.get('short_name').strip()
#tmp_subunit['leader_id'] = self.request.POST.get('leader_id').strip()
tmp_subunit['leader_id'] = 0
tmp_subunit['village_id'] = self.request.POST.get('village_id').strip()
if tmp_subunit['name']:
subunit = SubUnit()
subunit.name = tmp_subunit['name']
subunit.short_name = tmp_subunit['short_name']
subunit.leader_id = tmp_subunit['leader_id']
subunit.village_id = tmp_subunit['village_id']
DBSession.add(subunit)
DBSession.flush()
userAudit = UserAudit(self.request.user.id)
userAudit.model = 'SubUnit'
userAudit.model_id = subunit.id
userAudit.action = 'Create'
userAudit.revision = subunit.metadata_revision
DBSession.add(userAudit)
DBSession.flush()
self.request.session.flash(_(u"Subunit created."), 'success')
return HTTPFound(location='/settings/organization/')
else:
self.request.session.flash(_(u"Please provide subunit name."), 'error')
villages = DBSession.query(Village).all()
self.request.bread.append({'url':'/settings/', 'text':_('Settings')})
self.request.bread.append({'url':'/settings/organization/', 'text':_('Organization')})
self.request.bread.append({'url':'/settings/organization/subunit_new/', 'text':_('New subunit')})
return {'subunit':tmp_subunit, 'villages':villages}
def logout(self):
_ = self.request.translate
if 'user_login_id' in self.request.session:
user_login_id = self.request.session['user_login_id']
userLogin = DBSession.query(UserLogin).get(user_login_id)
if userLogin.id == user_login_id:
userLogin.set_logout()
DBSession.add(userLogin)
del self.request.session['user_login_id']
headers = security.forget(self.request)
self.request.session.flash(_(u"You have been logged out."), 'success')
location = self.request.route_url('home')
return HTTPFound(location=location, headers=headers)
def main(argv=sys.argv):
if len(argv) != 2:
usage(argv)
config_uri = argv[1]
setup_logging(config_uri)
settings = get_appsettings(config_uri)
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.create_all(engine)
with transaction.manager:
sudo_user = User('superadmin', '')
sudo_user.set_password('password')
sudo_user.needs_password_change = True
sudo_user.language = 'fi_FI'
DBSession.add(sudo_user)
DBSession.flush()
sudo_group = Group('superadmin')
sudo_group.set_leader_id(sudo_user.id)
DBSession.add(sudo_group)
DBSession.flush()
sudo_user.groups = [sudo_group]
DBSession.add(sudo_user)
DBSession.flush()
for setting_key, setting_value in initial_settings.items():
tmp_setting = Setting(setting_key, setting_value, True)
DBSession.add(tmp_setting)
DBSession.flush()
for permission in sorted(permissions_list):
tmp_privilege = Privilege(permission)
DBSession.add(tmp_privilege)
DBSession.flush()
print ''
print 'login variables: superadmin / password'
print ''
def medical_card_edit(self):
if self.request.redirect_forbidden:
return HTTPFound(location='/forbidden/')
elif userhelpers.checkUserPasswordChangeNeed(self.request):
return HTTPFound(location='/settings/me/edit/')
_ = self.request.translate
card_id = self.request.matchdict['card_id']
medicalCard = DBSession.query(MedicalCard).filter(MedicalCard.id==card_id).first()
participant_id = medicalCard.participant_id
participant = DBSession.query(Participant).filter(Participant.id==participant_id).first()
participant.getParticipantMedicalData()
medicalCardEvents = DBSession.query(MedicalCardEvent).filter(MedicalCardEvent.card_id==card_id).order_by(MedicalCardEvent.event_time).all()
medicalParticipantAdditional = DBSession.query(MedicalParticipantAdditional).filter(MedicalParticipantAdditional.participant_id==participant_id).first()
reasons = DBSession.query(MedicalReason).order_by(MedicalReason.title).all()
treatmenttypes = DBSession.query(MedicalTreatmentType).order_by(MedicalTreatmentType.title).all()
methodsofarrival = DBSession.query(MedicalMethodOfArrival).order_by(MedicalMethodOfArrival.title).all()
if self.request.method == 'POST':
# save card
medicalCard.hospital_in = helpers.parseFinnishDateFromString(self.request.POST.get('hospital_in'), True)
medicalCard.hospital_out = helpers.parseFinnishDateFromString(self.request.POST.get('hospital_out'))
medicalCard.method_of_arrival = int(self.request.POST.get('method_of_arrival'))
medicalCard.medications = int(self.request.POST.get('medications'))
medicalCard.medications_info = self.request.POST.get('medications_info').strip()
medicalCard.treatment_type = int(self.request.POST.get('treatment_type'))
medicalCard.reason_id = int(self.request.POST.get('reason_id'))
medicalCard.diagnose = self.request.POST.get('diagnose').strip()
medicalCard.followup_going = self.request.POST.get('followup_going').strip()
medicalCard.followup_notes = self.request.POST.get('followup_notes').strip()
medicalCard.card_status = int(self.request.POST.get('card_status').strip())
DBSession.add(medicalCard)
DBSession.flush()
#save participant additional
medicalParticipantAdditional.hetu = self.request.POST.get('additional_hetu').strip()
medicalParticipantAdditional.notes = self.request.POST.get('additional_notes').strip()
medicalParticipantAdditional.insurance = int(self.request.POST.get('additional_insurance'))
medicalParticipantAdditional.insurance_company = self.request.POST.get('additional_insurance_company').strip()
medicalParticipantAdditional.insurance_number = self.request.POST.get('additional_insurance_number').strip()
DBSession.add(medicalParticipantAdditional)
DBSession.flush()
#save card event
if len(self.request.POST.getall('event_id')) > 0:
event_ids = self.request.POST.getall('event_id')
if len(medicalCardEvents) > 0:
for medicalCardEvent in medicalCardEvents:
if str(medicalCardEvent.id) not in event_ids:
DBSession.delete(medicalCardEvent)
DBSession.flush()
event_times = self.request.POST.getall('event_time')
event_writers = self.request.POST.getall('event_writer')
event_types = self.request.POST.getall('event_type')
event_notes = self.request.POST.getall('event_notes')
for key, event_note in enumerate(event_notes):
if event_note != '':
event_time = event_times[key]
event_id = event_ids[key]
event_writer = event_writers[key]
event_type = event_types[key]
event_time_dt = helpers.parseFinnishDateFromString(event_time)
if int(event_ids[key]) == 0:
tmp_event = MedicalCardEvent()
tmp_event.card_id = medicalCard.id
else:
tmp_event = DBSession.query(MedicalCardEvent).get(event_ids[key])
tmp_event.notes = event_note
tmp_event.event_time = helpers.parseFinnishDateFromString(event_time)
tmp_event.writer = event_writer
tmp_event.event_type = event_type
DBSession.add(tmp_event)
DBSession.flush()
elif len(medicalCardEvents) > 0:
for event in medicalCardEvents:
DBSession.delete(event)
DBSession.flush()
# save participant medical
if len(self.request.POST.getall('medical_diet'))>0:
participant.medical_data.diets = DBSession.query(ParticipantMedicalDiet).filter(ParticipantMedicalDiet.id.in_(self.request.POST.getall('medical_diet'))).all()
if len(self.request.POST.getall('medical_food_allergy'))>0:
participant.medical_data.food_allergies = DBSession.query(ParticipantMedicalFoodAllergy).filter(ParticipantMedicalFoodAllergy.id.in_(self.request.POST.getall('medical_food_allergy'))).all()
participant.medical_data.additional_food = self.request.POST.get('medical_additional_food').strip()
participant.medical_data.drugs_help = int(self.request.POST.get('medical_drugs_help'))
participant.medical_data.illnesses = self.request.POST.get('medical_illnesses').strip()
if len(self.request.POST.getall('medical_allergy'))>0:
participant.medical_data.allergies = DBSession.query(ParticipantMedicalAllergy).filter(ParticipantMedicalAllergy.id.in_(self.request.POST.getall('medical_allergy'))).all()
participant.medical_data.additional_health = self.request.POST.get('medical_additional_health').strip()
participant.medical_data.week_of_pregnancy = self.request.POST.get('medical_week_of_pregnancy').strip()
participant.medical_data.participant_id = participant_id
DBSession.add(participant.medical_data)
DBSession.flush()
return HTTPFound(location='/medical/card/view/'+str(medicalCard.id)+'/')
self.request.bread.append({'url':'/medical/', 'text':_('Medical')})
self.request.bread.append({'url':'/medical/card/edit/'+str(card_id)+'/', 'text':_('Edit card')})
return {'medicalCard':medicalCard, 'participant':participant, 'medicalParticipantAdditional':medicalParticipantAdditional, 'medicalCardEvents':medicalCardEvents, 'reasons':reasons, 'treatmenttypes':treatmenttypes, 'methodsofarrival':methodsofarrival}
def settings_users_new(self):
if self.request.redirect_forbidden:
return HTTPFound(location='/forbidden/')
elif userhelpers.checkUserPasswordChangeNeed(self.request):
return HTTPFound(location='/settings/me/edit/')
_ = self.request.translate
use_mailer = self.request.registry.settings['leirirekkari.use_mailer']
tmp_user = {
'firstname':'',
'lastname':'',
'email':'',
'title':'',
'login':'',
'language':'',
'groups':'',
'privileges':'',
}
if security.has_permission("settings_users_modify_groups", self.request.context, self.request):
groups = DBSession.query(Group).all()
else:
groups = {}
if security.has_permission("settings_users_modify_permissions", self.request.context, self.request):
privileges = DBSession.query(Privilege).all()
else:
privileges = {}
if self.request.method == 'POST':
tmp_user['firstname'] = self.request.POST.get('firstname').strip()
tmp_user['lastname'] = self.request.POST.get('lastname').strip()
tmp_user['email'] = self.request.POST.get('email').strip()
tmp_user['login'] = self.request.POST.get('account_login').strip()
tmp_user['language'] = self.request.POST.get('language').strip()
tmp_user['title'] = self.request.POST.get('title').strip()
if tmp_user['login'] and tmp_user['email']:
login = tmp_user['login']
if self.request.POST.get('account_password') != None:
password1 = self.request.POST.get('account_password').strip()
else:
password1 = ''
if self.request.POST.get('account_password_again') != None:
password2 = self.request.POST.get('account_password_again').strip()
else:
password2 = ''
if not self.checkIfUsernameExists(login):
if password1 == '':
password1 = self.nicepass(8,4)
elif len(password1) < 12:
self.request.session.flash(_(u"Passwords too short, must be at least 12 characters long."), 'error')
return {'user':tmp_user, 'groups':groups, 'privileges':privileges, 'use_mailer':use_mailer}
elif not self.checkIfPasswordsMatch(password1, password2):
self.request.session.flash(_(u"Passwords didn't match."), 'error')
return {'user':tmp_user, 'groups':groups, 'privileges':privileges, 'use_mailer':use_mailer}
user = User(login, tmp_user['email'])
user.set_password(password1)
user.active = 1
user.firstname = tmp_user['firstname']
user.lastname = tmp_user['lastname']
user.title = tmp_user['title']
user.language = tmp_user['language']
if security.has_permission("settings_users_modify_groups", self.request.context, self.request):
if len(self.request.POST.getall('groups'))>0:
user.groups = DBSession.query(Group).filter(Group.id.in_(self.request.POST.getall('groups'))).all()
else:
user.groups = []
if security.has_permission("settings_users_modify_permissions", self.request.context, self.request):
privileges_list = ''
if len(self.request.POST.getall('privileges')) > 0:
for privilege in DBSession.query(Privilege).filter(Privilege.id.in_(self.request.POST.getall('privileges'))).all():
privileges_list += '|'+privilege.name + '|'
else:
privileges_list = ''
user.privileges = privileges_list
user.metadata_modified = datetime.now()
if self.request.POST.get('send_login_details') != None and self.request.POST.get('send_login_details').strip() == '1':
user.needs_password_change = 1
elif self.request.POST.get('require_password_change') != None and self.request.POST.get('require_password_change').strip() == '1':
user.needs_password_change = 1
else:
user.needs_password_change = 0
DBSession.add(user)
DBSession.flush()
self.request.session.flash(_(u"User created."), 'success')
userAudit = UserAudit(self.request.user.id)
userAudit.model = 'User'
userAudit.model_id = user.id
userAudit.action = 'Create'
userAudit.revision = user.metadata_revision
DBSession.add(userAudit)
DBSession.flush()
if user.id != '' and user.id != 0:
if self.request.registry.settings['leirirekkari.use_mailer'] == 'true':
if self.request.POST.get('send_login_details') != None and self.request.POST.get('send_login_details').strip() == '1':
mailer = get_mailer(self.request)
setting_site_name = DBSession.query(Setting).filter(Setting.setting_key == 'site_name').first()
setting_mail_sent_from = DBSession.query(Setting).filter(Setting.setting_key == 'mail_sent_from').first()
setting_site_url = DBSession.query(Setting).filter(Setting.setting_key == 'site_url').first()
message_subject = _(u"User account information for") + ' ' + setting_site_name.setting_value
message_body = _(u"Hi\n\nHere are your account details for ${site_name}.\n\nUsername: ${username}\n\nPassword: ${password}\n\nYou can login at ${site_url}\n\nRemember to behave and that all the personal data is classified and should be used and distributed carefully.",
mapping={'site_name':setting_site_name.setting_value, 'username':tmp_user['login'], 'password':password1, 'site_url':setting_site_url.setting_value})
message = Message(subject=message_subject,
sender=setting_mail_sent_from.setting_value,
recipients=[tmp_user['email']],
body=message_body)
mailer.send(message)
return HTTPFound(location='/settings/users/view/'+str(user.id))
else:
self.request.session.flash(_(u"User with that username allready exists. Please choose another one."), 'error')
self.request.bread.append({'url':'/settings/', 'text':_('Settings')})
self.request.bread.append({'url':'/settings/users/', 'text':_('Users')})
self.request.bread.append({'url':'/settings/users/new/', 'text':_('New')})
return {'user':tmp_user, 'groups':groups, 'privileges':privileges, 'use_mailer':use_mailer}
def settings_me_edit(self):
_ = self.request.translate
tmp_user = {
'id':0,
'firstname':'',
'lastname':'',
'email':'',
'title':'',
'login':'',
'language':'',
'groups':'',
}
user = self.request.user
if user.id:
tmp_user = {
'id':user.id,
'firstname':user.firstname,
'lastname':user.lastname,
'email':user.email,
'title':user.title,
'language':user.language,
}
if self.request.method == 'POST':
tmp_user['firstname'] = self.request.POST.get('firstname').strip()
tmp_user['lastname'] = self.request.POST.get('lastname').strip()
tmp_user['email'] = self.request.POST.get('email').strip()
tmp_user['language'] = self.request.POST.get('language').strip()
tmp_user['title'] = self.request.POST.get('title').strip()
if tmp_user['email']:
if self.request.POST.get('account_password') != None:
password1 = self.request.POST.get('account_password').strip()
else:
password1 = ''
if self.request.POST.get('account_password_again') != None:
password2 = self.request.POST.get('account_password_again').strip()
else:
password2 = ''
if password1 != '' and len(password1) < 12:
self.request.session.flash(_(u"Passwords too short, must be at least 12 characters long."), 'error')
return {'user':tmp_user}
elif password1 != '' and not self.checkIfPasswordsMatch(password1, password2):
self.request.session.flash(_(u"Passwords didn't match."), 'error')
return {'user':tmp_user}
elif password1 != '':
user.set_password(password1)
user.needs_password_change = 0
self.request.session.flash(_(u"Password changed."), 'success')
userAudit = UserAudit(self.request.user.id)
userAudit.model = 'User'
userAudit.model_id = user.id
userAudit.action = 'Password update'
userAudit.revision = user.metadata_revision
DBSession.add(userAudit)
DBSession.flush()
user.firstname = tmp_user['firstname']
user.lastname = tmp_user['lastname']
user.title = tmp_user['title']
user.language = tmp_user['language']
DBSession.add(user)
DBSession.flush()
userAudit = UserAudit(self.request.user.id)
userAudit.model = 'User'
userAudit.model_id = user.id
userAudit.action = 'Update'
userAudit.revision = user.metadata_revision
DBSession.add(userAudit)
DBSession.flush()
if user.id != '' and user.id != 0:
self.request.session.flash(_(u"User saved."), 'success')
return HTTPFound(location='/settings/me/')
else:
return HTTPFound(location='/settings/me/edit/')
else:
self.request.session.flash(_(u"Please provide email address."), 'error')
self.request.bread.append({'url':'/settings/', 'text':_('Settings')})
self.request.bread.append({'url':'/settings/me/', 'text':_('Me')})
self.request.bread.append({'url':'/settings/me/edit/', 'text':_('Edit')})
return {'user':tmp_user}
def settings_groups_edit(self):
if self.request.redirect_forbidden:
return HTTPFound(location='/forbidden/')
elif userhelpers.checkUserPasswordChangeNeed(self.request):
return HTTPFound(location='/settings/me/edit/')
_ = self.request.translate
tmp_group = {
'id':'',
'name':'',
'leader_id':'',
'privileges':'',
}
group_id = self.request.matchdict['group_id']
group = DBSession.query(Group).filter(Group.id==group_id).first()
if group.id:
if group.id == 1:
return HTTPFound(location='/settings/groups/')
# privilege_ids = [privilege.id for privilege in group.privileges]
tmp_group = {
'id':group.id,
'name':group.name,
'leader_id':group.leader_id,
'privileges':group.privileges
}
if self.request.method == 'POST':
tmp_group['name'] = self.request.POST.get('name').strip()
if not self.checkIfGroupnameExists(tmp_group['name'], tmp_group['id']):
group.name = tmp_group['name']
if security.has_permission("settings_users_modify_permissions", self.request.context, self.request):
privileges_list = ''
if len(self.request.POST.getall('privileges'))> 0:
for privilege in DBSession.query(Privilege).filter(Privilege.id.in_(self.request.POST.getall('privileges'))).all():
privileges_list += '|'+privilege.name + '|'
group.privileges = privileges_list
DBSession.add(group)
DBSession.flush()
userAudit = UserAudit(self.request.user.id)
userAudit.model = 'Group'
userAudit.model_id = group.id
userAudit.action = 'Update'
userAudit.revision = group.metadata_revision
DBSession.add(userAudit)
DBSession.flush()
self.request.session.flash(_(u"Group saved."), 'success')
return HTTPFound(location='/settings/groups/view/'+str(group.id))
else:
self.request.session.flash(_(u"Group with that name allready exists."), 'error')
privileges = DBSession.query(Privilege).all()
self.request.bread.append({'url':'/settings/', 'text':_('Settings')})
self.request.bread.append({'url':'/settings/groups/', 'text':_('Groups')})
self.request.bread.append({'url':'/settings/groups/edit/'+str(group.id)+'/', 'text':_('Edit') + ' ' + helpers.decodeString(group.name)})
return {'group':tmp_group, 'privileges':privileges}