コード例 #1
0
def new(key):
    time.sleep(random.randint(2, 6))

    # EXPLANATION: weed out old creation keys
    delete_old_keys()

    # EXPLANATION: Check if key exists/is valid
    result = data.execute(
        "SELECT key, email FROM User_creation_keys WHERE key = ?", key)
    if empty(result):
        time.sleep(random.randint(5, 21))
        # TODO: Send to errorpage?
        return redirect(url_front())

    if request.method == "POST":
        if 'cancel' in request.form:
            data.execute("DELETE FROM User_creation_keys WHERE key = ?", key)
            flash("Oprettelse anulleret")
            return redirect(url_front())

        b = data.Bucket(request.form)
        if not sanitize_username(b.username):
            flash("Ugyldigt brugernavn")
            return html.back()

        if b.password1 != b.password2:
            flash("Du gav to forskellige løsener, prøv igen")
            return html.back()
        if b.password1 == "":
            flash("Du skal vælge et løsen")
            return html.back()

        data.execute("DELETE FROM User_creation_keys WHERE key = ?", key)
        create_user(b.username, b.password1, b.name, b.email)
        flash("Ny bruger oprettet")

        session['logged_in'] = True
        session['username'] = b.username

        return redirect(url_for("usermanager.settings"))
    else:

        wb = html.WebBuilder()
        wb.form()
        wb.formtable()
        wb.textfield("username", "Brugernavn (Hvad du bliver kaldt på DIKU):")
        wb.textfield("name", "Fulde navn:")
        wb.textfield("email", "Email:", value=result[0]["email"])
        wb.password("password1", "Løsen")
        wb.password("password2", "Gentag løsen")
        form = wb.create()
        return render_template("form.html", form=form)
コード例 #2
0
ファイル: usermanager.py プロジェクト: RusKursusGruppen/GRIS
def new(key):
    time.sleep(random.randint(2,6))

    # EXPLANATION: weed out old creation keys
    delete_old_keys()

    # EXPLANATION: Check if key exists/is valid
    result = data.execute("SELECT key, email FROM User_creation_keys WHERE key = ?", key)
    if empty(result):
        time.sleep(random.randint(5,21))
        # TODO: Send to errorpage?
        return redirect(url_front())

    if request.method == "POST":
        if 'cancel' in request.form:
            data.execute("DELETE FROM User_creation_keys WHERE key = ?", key)
            flash("Oprettelse anulleret")
            return redirect(url_front())

        b = data.Bucket(request.form)
        if not sanitize_username(b.username):
            flash("Ugyldigt brugernavn")
            return html.back()

        if b.password1 != b.password2:
            flash("Du gav to forskellige løsener, prøv igen")
            return html.back()
        if b.password1 == "":
            flash("Du skal vælge et løsen")
            return html.back()

        data.execute("DELETE FROM User_creation_keys WHERE key = ?", key)
        create_user(b.username, b.password1, b.name, b.email)
        flash("Ny bruger oprettet")

        session['logged_in'] = True
        session['username']  = b.username

        return redirect(url_for("usermanager.settings"))
    else:

        wb = html.WebBuilder()
        wb.form()
        wb.formtable()
        wb.textfield("username", "Brugernavn (Hvad du bliver kaldt på DIKU):")
        wb.textfield("name", "Fulde navn:")
        wb.textfield("email", "Email:", value=result[0]["email"])
        wb.password("password1", "Løsen")
        wb.password("password2", "Gentag løsen")
        form = wb.create()
        return render_template("form.html", form=form)
コード例 #3
0
ファイル: front.py プロジェクト: RusKursusGruppen/GRIS
def modify_news(id):
    news = data.execute("SELECT * FROM News WHERE n_id = ?", id)

    if empty(news) or session['username'] != news[0]['creator']:
        flash("You are not permitted to edit this newsitem")
        return redirect(url_front())
    news = news[0]

    if request.method == 'POST':
        if 'cancel' in request.form:
            return redirect(url_front())

        b = data.Bucket(request.form)

        if 'delete' in request.form:
            b >> ("DELETE FROM News WHERE  n_id = ?", id)

        if b.title == "":
            flash("Please enter a title")
            return html.back()
        b.text
        b >> ("UPDATE News $ WHERE  n_id = ?", id)
        return redirect(url_front())
    else:
        w = html.WebBuilder()
        w.form()
        w.formtable()
        w.textfield("title", "Overskrift")
        w.textarea("text", "Tekst")
        w.html('<button type="submit" name="delete" value="delete">Slet nyhed</button>', "")

        form = w.create(news)
        return render_template("form.html", form=form)
コード例 #4
0
ファイル: rustours.py プロジェクト: RusKursusGruppen/GRIS
def new():
    if request.method == "POST":
        if 'cancel' in request.form:
            flash(escape("Rustur ikke oprettet"))
            return redirect(url_for('rustours.overview'))

        b = data.Bucket(request.form)
        b.type
        if b.tour_name == "":
            b.tour_name = "Unavngiven rustur"
        if b.year.isdecimal():
            b.year = int(b.year)
        else:
            flash("Please enter a valid year")
            return html.back()
        b >= "Tours"
        return redirect(url_for('rustours.overview'))

    else:
        w = html.WebBuilder()
        w.form()
        w.formtable()
        w.textfield("tour_name", "Navn", value="Unavngiven rustur")
        w.textfield("year", "År", value=rkgyear())
        w.select("type", "Type", [('p', 'Pigetur'), ('t', 'Transetur'), ('m', 'Munketur')])
        form = w.create()
        return render_template("form.html", form=form)
コード例 #5
0
ファイル: front.py プロジェクト: RusKursusGruppen/GRIS
def add_news():
    if request.method == 'POST':
        if 'cancel' in request.form:
            return redirect(url_front())
        creator = session['username']
        created = now()
        title = request.form['title']

        get_flashed_messages()
        if title == "":
            flash("Please enter a title")
            return html.back()

        text = request.form['text']
        data.execute("INSERT INTO News(creator, created, title, text) VALUES(?,?,?,?)", creator, created, title, text)
        return redirect(url_front())
    else:
        w = html.WebBuilder()
        w.form()
        w.formtable()
        w.textfield("title", "Overskrift")
        w.textarea("text", "Tekst")

        form = w.create()
        return render_template("form.html", form=form)
コード例 #6
0
ファイル: mentorteams.py プロジェクト: RusKursusGruppen/GRIS
def new():
    if request.method == "POST":
        if 'cancel' in request.form:
            flash(escape("Mentorhold ikke oprettet"))
            return redirect(url_for('mentorteams.overview'))

        b = data.Bucket(request.form)
        if b.mentor_names == "":
            b.mentor_names = "Unavngivet mentorhold"
        if b.year.isdecimal():
            b.year = int(b.year)
        else:
            flash("Please enter a valid year")
            return html.back()
        b >= "Mentorteams"
        return redirect(url_for('mentorteams.overview'))

    else:
        w = html.WebBuilder()
        w.form()
        w.formtable()
        w.textfield("mentor_names", "Navn", value="Unavngivet mentorhold")
        w.textfield("year", "År", value=rkgyear())
        form = w.create()
        return render_template("form.html", form=form)
コード例 #7
0
def new():
    if request.method == "POST":
        if 'cancel' in request.form:
            flash(escape("Rustur ikke oprettet"))
            return redirect(url_for('rustours.overview'))

        b = data.Bucket(request.form)
        b.type
        if b.tour_name == "":
            b.tour_name = "Unavngiven rustur"
        if b.year.isdecimal():
            b.year = int(b.year)
        else:
            flash("Please enter a valid year")
            return html.back()
        b >= "Tours"
        return redirect(url_for('rustours.overview'))

    else:
        w = html.WebBuilder()
        w.form()
        w.formtable()
        w.textfield("tour_name", "Navn", value="Unavngiven rustur")
        w.textfield("year", "År", value=rkgyear())
        w.select("type", "Type", [('p', 'Pigetur'), ('t', 'Transetur'),
                                  ('m', 'Munketur')])
        form = w.create()
        return render_template("form.html", form=form)
コード例 #8
0
ファイル: mentorteams.py プロジェクト: RusKursusGruppen/GRIS
def settings(m_id):
    if request.method == "POST":
        if 'cancel' in request.form:
            return redirect(url_front())

        b = data.Bucket(request.form)
        if b.mentor_names == "":
            b.mentor_names = "Unavngivet mentorhold"
        if b.year.isdecimal():
            b.year = int(b.year)
        else:
            flash("Please enter a valid year")
            return html.back()
        b >> ("UPDATE Mentorteams $ WHERE m_id = ?", m_id)

        mentors = request.form['mentors']
        mentors = mentors.replace('"', '')
        mentors = mentors.replace('&quot;', '')
        mentors = [name.split()[0] for name in re.split(';\s', mentors) if name != ""]

        old = data.execute("SELECT username FROM Mentors WHERE m_id = ?", m_id)
        old = [mentor['username'] for mentor in old]

        for mentor in set(old) - set(mentors):
            data.execute("DELETE FROM Mentors WHERE m_id = ? and username = ?", m_id, mentor)
        for mentor in sorted(set(mentors) - set(old)):
            data.execute("INSERT INTO Mentors(m_id, username) VALUES (?, ?)", m_id, mentor)

        return redirect(url_for('mentorteams.mentorteam', m_id=m_id))

    else:
        teams = data.execute("SELECT * FROM Mentorteams WHERE m_id = ?", m_id)
        if len(teams) != 1:
            flash(escape("Det hold findes ikke"))
            return redirect(url_for("mentorteams.overview"))
        team = teams[0]

        all_mentors = data.execute("SELECT * FROM Users WHERE username IN (Select username from Group_users where groupname = 'mentor')")
        all_mentors = ['\\"{0}\\" {1}'.format(mentor['username'], mentor['name']) for mentor in all_mentors]
        all_mentors.sort()

        actual_mentors = data.execute("SELECT * FROM Mentors INNER JOIN Users USING(username) WHERE m_id = ?", m_id)
        actual_mentors = ['&quot;{0}&quot; {1}; '.format(mentor['username'], mentor['name']) for mentor in actual_mentors]
        actual_mentors.sort()
        actual_mentors ="".join(actual_mentors)

        w = html.WebBuilder()
        w.form()
        w.formtable()
        w.textfield("mentor_names", "Navn")
        w.textfield("year", "År")
        w.html(html.autocomplete_multiple(all_mentors, "mentors", default=actual_mentors), description="Mentorer", value="abekat")
        form = w.create(team)
        return render_template("mentorteams/settings.html", form=form)
コード例 #9
0
def entry(b_id, e_id=None):
    if request.method == "POST":
        if 'cancel' in request.form:
            flash(escape("Ændringer annulleret"))
            return redirect(url_for('bookkeeper.book', b_id=b_id))

        b = data.Bucket(request.form)
        if b.description == "":
            flash("Please enter a description")
            return html.back()
        b.amount_string
        # TODO: check for errors
        try:
            b.amount = expinterpreter.interpret_amount(b.amount_string)
        except expinterpreter.ExpinterpreterException as e:
            flash("invalid amount")
            return html.back()

        b.date
        b.creditor = b.creditor.replace('"', '').replace('&quot;', '')
        if b.creditor == "":
            flash("Please enter a creditor")
            return html.back()
        b.creditor = b.creditor.split()[0]

        if e_id == None:
            b.b_id = b_id
            e_id = (b >= "Entries")["e_id"]
        else:
            b >> ("UPDATE Entries $ WHERE b_id = ? and e_id = ?", b_id, e_id)

        # EXPLANATION: ensure all 'share's are valid integers before any database modification
        debts = []
        for req in request.form.keys():
            if req.startswith("participant_"):
                debtor = req[12:]  # len("participant_") == 12
                share_string = request.form[req]
                if share_string != "":
                    try:
                        # EXPLANATION: we store both the string and its result, if it evaluates to something meaningful
                        share = expinterpreter.interpret(share_string)
                        debts.append((debtor, share_string, share))
                    except expinterpreter.ExpinterpreterException as e:
                        flash("Invalid expression in " + debtor + ": " + share)
                        return html.back()

        # TODO: The following is not harming, but is it necessary?
        # TODO: Think more about this line, is the previous statement true?
        data.execute("DELETE FROM Debts WHERE e_id = ?", e_id)

        for debtor, share_string, share in debts:
            # NOTE: insert automaticly replaces old entries
            data.execute(
                "INSERT INTO Debts(e_id, debtor, share_string, share) VALUES (?, ?, ?, ?)",
                e_id, debtor, share_string, share)

        return redirect(url_for("bookkeeper.book", b_id=b_id))
    else:
        w = html.WebBuilder()
        w.form()
        w.formtable()
        if e_id == None:
            description = ""
            amount_string = ""
            date = ""
            creditor = session['username']
        else:
            entry = data.execute("SELECT * FROM Entries WHERE e_id = ?",
                                 e_id)[0]
            description = entry['description']
            amount_string = entry['amount_string']
            date = entry['date'].isoformat()
            creditor = entry['creditor']
        w.textfield("description", "Hvad", value=description)
        w.textfield("amount_string", "Beløb", value=amount_string)
        w.calendar("date", "Hvornår", value=date)

        participants = data.execute(
            "SELECT * FROM Book_participants as B INNER JOIN Users as U ON B.participant = U.username WHERE b_id = ?",
            b_id)
        participant_names = [
            '\\"{0}\\" {1}'.format(user['username'], user['name'])
            for user in participants
        ]
        #participant_names = [user['username'] for user in participants]
        w.html(html.autocomplete(participant_names,
                                 "creditor",
                                 default=creditor),
               description="Udlægger",
               value="abekat")

        # Extract users
        if e_id == None:
            previous_debtors = []
        else:
            previous_debtors = data.execute(
                "SELECT username, name, share_string FROM Debts as D INNER JOIN Users as U ON D.debtor = U.username WHERE e_id = ?",
                e_id)

        usernames = [debtor['username'] for debtor in previous_debtors]
        #participants = data.execute("SELECT * FROM Book_participants as B INNER JOIN Users as U ON B.participant = U.username WHERE b_id = ?", b_id)

        new_participants = [{
            'username': p['username'],
            'name': p['name'],
            'share_string': ''
        } for p in participants if p['username'] not in usernames]

        all_participants = previous_debtors + new_participants
        all_participants = sorted(all_participants,
                                  key=lambda x: x['username'])

        for user in all_participants:
            name = 'participant_{0}'.format(user['username'])
            description = '&quot;{0}&quot; {1}'.format(user['username'],
                                                       user['name'])
            value = user['share_string']
            w.textfield(name, description, value=value)

        form = w.create()
        return render_template("form.html", form=form)
コード例 #10
0
ファイル: rustours.py プロジェクト: RusKursusGruppen/GRIS
def settings(t_id):
    if request.method == "POST":
        if 'cancel' in request.form:
            return redirect(url_front())

        b = data.Bucket(request.form)
        b.theme
        b.type
        b.notes
        if b.tour_name == "":
            b.tour_name = "Unavngiven rustur"
        if b.year.isdecimal():
            b.year = int(b.year)
        else:
            flash("Please enter a valid year")
            return html.back()
        b >> ("UPDATE Tours $ WHERE t_id = ?", t_id)

        tutors = request.form['tutors']
        tutors = tutors.replace('"', '')
        tutors = tutors.replace('&quot;', '')
        tutors = [name.split()[0] for name in re.split(';\s', tutors) if name != ""]

        old = data.execute("SELECT username FROM Tours_tutors WHERE t_id = ?", t_id)
        old = [tutor['username'] for tutor in old]
        for tutor in set(old) - set(tutors):
            data.execute("DELETE FROM Tours_tutors WHERE t_id = ? and username = ?", t_id, tutor)
        for tutor in sorted(set(tutors) - set(old)):
            try:
                data.execute("INSERT INTO Tours_tutors(t_id, username) VALUES (?, ?)", t_id, tutor)
            except psycopg2.IntegrityError as e:
                if e.pgerror.startswith('ERROR:  insert or update on table "tours_tutors" violates foreign key constraint "tours_tutors_username_fkey"'):
                    flash("No tutor: "+tutor)
                raise

        return redirect(url_for('rustours.rustour', t_id=t_id))

    else:
        tours = data.execute("SELECT * FROM Tours WHERE t_id = ?", t_id)
        if len(tours) != 1:
            flash(escape("Den tur findes ikke"))
            return redirect(url_for("rustours.overview"))
        tour = tours[0]

        all_tutors = data.execute("SELECT * FROM Users WHERE username IN (Select username from Group_users where groupname = 'rkg')")
        all_tutors = ['\\"{0}\\" {1}'.format(tutor['username'], tutor['name']) for tutor in all_tutors]
        all_tutors.sort()

        actual_tutors = data.execute("SELECT * FROM Tours_tutors INNER JOIN Users USING(username) WHERE t_id = ?", t_id)
        actual_tutors = ['&quot;{0}&quot; {1}; '.format(tutor['username'], tutor['name']) for tutor in actual_tutors]
        actual_tutors.sort()
        actual_tutors = "".join(actual_tutors)

        w = html.WebBuilder()
        w.form()
        w.formtable()
        w.textfield("tour_name", "Navn")
        w.textfield("theme", "Tema")
        w.textfield("year", "År")
        w.select("type", "Type", [('p', 'Pigetur'), ('t', 'Transetur'), ('m', 'Munketur')])
        w.html(html.autocomplete_multiple(all_tutors, "tutors", default=actual_tutors), description="Vejledere", value="abekat")
        w.textarea("notes", "Noter")
        form = w.create(tour)
        return render_template("rustours/settings.html", form=form, t_id=t_id)
コード例 #11
0
def settings(t_id):
    if request.method == "POST":
        if 'cancel' in request.form:
            return redirect(url_front())

        b = data.Bucket(request.form)
        b.theme
        b.type
        b.notes
        if b.tour_name == "":
            b.tour_name = "Unavngiven rustur"
        if b.year.isdecimal():
            b.year = int(b.year)
        else:
            flash("Please enter a valid year")
            return html.back()
        b >> ("UPDATE Tours $ WHERE t_id = ?", t_id)

        tutors = request.form['tutors']
        tutors = tutors.replace('"', '')
        tutors = tutors.replace('&quot;', '')
        tutors = [
            name.split()[0] for name in re.split(';\s', tutors) if name != ""
        ]

        old = data.execute("SELECT username FROM Tours_tutors WHERE t_id = ?",
                           t_id)
        old = [tutor['username'] for tutor in old]
        for tutor in set(old) - set(tutors):
            data.execute(
                "DELETE FROM Tours_tutors WHERE t_id = ? and username = ?",
                t_id, tutor)
        for tutor in sorted(set(tutors) - set(old)):
            try:
                data.execute(
                    "INSERT INTO Tours_tutors(t_id, username) VALUES (?, ?)",
                    t_id, tutor)
            except psycopg2.IntegrityError as e:
                if e.pgerror.startswith(
                        'ERROR:  insert or update on table "tours_tutors" violates foreign key constraint "tours_tutors_username_fkey"'
                ):
                    flash("No tutor: " + tutor)
                raise

        return redirect(url_for('rustours.rustour', t_id=t_id))

    else:
        tours = data.execute("SELECT * FROM Tours WHERE t_id = ?", t_id)
        if len(tours) != 1:
            flash(escape("Den tur findes ikke"))
            return redirect(url_for("rustours.overview"))
        tour = tours[0]

        all_tutors = data.execute(
            "SELECT * FROM Users WHERE username IN (Select username from Group_users where groupname = 'rkg')"
        )
        all_tutors = [
            '\\"{0}\\" {1}'.format(tutor['username'], tutor['name'])
            for tutor in all_tutors
        ]
        all_tutors.sort()

        actual_tutors = data.execute(
            "SELECT * FROM Tours_tutors INNER JOIN Users USING(username) WHERE t_id = ?",
            t_id)
        actual_tutors = [
            '&quot;{0}&quot; {1}; '.format(tutor['username'], tutor['name'])
            for tutor in actual_tutors
        ]
        actual_tutors.sort()
        actual_tutors = "".join(actual_tutors)

        w = html.WebBuilder()
        w.form()
        w.formtable()
        w.textfield("tour_name", "Navn")
        w.textfield("theme", "Tema")
        w.textfield("year", "År")
        w.select("type", "Type", [('p', 'Pigetur'), ('t', 'Transetur'),
                                  ('m', 'Munketur')])
        w.html(html.autocomplete_multiple(all_tutors,
                                          "tutors",
                                          default=actual_tutors),
               description="Vejledere",
               value="abekat")
        w.textarea("notes", "Noter")
        form = w.create(tour)
        return render_template("rustours/settings.html", form=form, t_id=t_id)
コード例 #12
0
ファイル: bookkeeper.py プロジェクト: RusKursusGruppen/GRIS
def entry(b_id, e_id=None):
    if request.method == "POST":
        if 'cancel' in request.form:
            flash(escape("Ændringer annulleret"))
            return redirect(url_for('bookkeeper.book', b_id=b_id))

        b = data.Bucket(request.form)
        if b.description == "":
            flash("Please enter a description")
            return html.back()
        b.amount_string
        # TODO: check for errors
        try:
            b.amount = expinterpreter.interpret_amount(b.amount_string)
        except expinterpreter.ExpinterpreterException as e:
            flash("invalid amount")
            return html.back()

        b.date
        b.creditor = b.creditor.replace('"', '').replace('&quot;', '')
        if b.creditor == "":
            flash("Please enter a creditor")
            return html.back()
        b.creditor = b.creditor.split()[0]

        if e_id == None:
            b.b_id = b_id
            e_id = (b >= "Entries")["e_id"]
        else:
            b >> ("UPDATE Entries $ WHERE b_id = ? and e_id = ?", b_id, e_id)


        # EXPLANATION: ensure all 'share's are valid integers before any database modification
        debts = []
        for req in request.form.keys():
            if req.startswith("participant_"):
                debtor = req[12:] # len("participant_") == 12
                share_string = request.form[req]
                if share_string != "":
                    try:
                        # EXPLANATION: we store both the string and its result, if it evaluates to something meaningful
                        share = expinterpreter.interpret(share_string)
                        debts.append((debtor, share_string, share))
                    except expinterpreter.ExpinterpreterException as e:
                        flash("Invalid expression in " + debtor + ": " + share)
                        return html.back()

        # TODO: The following is not harming, but is it necessary?
        # TODO: Think more about this line, is the previous statement true?
        data.execute("DELETE FROM Debts WHERE e_id = ?", e_id)

        for debtor, share_string, share in debts:
            # NOTE: insert automaticly replaces old entries
            data.execute("INSERT INTO Debts(e_id, debtor, share_string, share) VALUES (?, ?, ?, ?)", e_id, debtor, share_string, share)

        return redirect(url_for("bookkeeper.book", b_id=b_id))
    else:
        w = html.WebBuilder()
        w.form()
        w.formtable()
        if e_id == None:
            description = ""
            amount_string = ""
            date = ""
            creditor = session['username']
        else:
            entry = data.execute("SELECT * FROM Entries WHERE e_id = ?", e_id)[0]
            description = entry['description']
            amount_string = entry['amount_string']
            date = entry['date'].isoformat()
            creditor = entry['creditor']
        w.textfield("description", "Hvad", value=description)
        w.textfield("amount_string", "Beløb", value=amount_string)
        w.calendar("date", "Hvornår", value=date)

        participants = data.execute("SELECT * FROM Book_participants as B INNER JOIN Users as U ON B.participant = U.username WHERE b_id = ?", b_id)
        participant_names = ['\\"{0}\\" {1}'.format(user['username'], user['name']) for user in participants]
        #participant_names = [user['username'] for user in participants]
        w.html(html.autocomplete(participant_names, "creditor", default=creditor), description="Udlægger", value="abekat")

        # Extract users
        if e_id == None:
            previous_debtors = []
        else:
            previous_debtors = data.execute("SELECT username, name, share_string FROM Debts as D INNER JOIN Users as U ON D.debtor = U.username WHERE e_id = ?", e_id)

        usernames = [debtor['username'] for debtor in previous_debtors]
        #participants = data.execute("SELECT * FROM Book_participants as B INNER JOIN Users as U ON B.participant = U.username WHERE b_id = ?", b_id)

        new_participants = [{'username':p['username'], 'name':p['name'], 'share_string':''} for p in participants if p['username'] not in usernames]

        all_participants = previous_debtors + new_participants
        all_participants = sorted(all_participants, key=lambda x: x['username'])

        for user in all_participants:
            name = 'participant_{0}'.format(user['username'])
            description = '&quot;{0}&quot; {1}'.format(user['username'], user['name'])
            value = user['share_string']
            w.textfield(name, description, value=value)


        form = w.create()
        return render_template("form.html", form=form)