def _decorated(request, *args, **kwargs):
inventory_pk = kwargs.pop('inventory_pk', None)
inventory = None
if inventory_pk:
inventory = get_object_or_404(Inventory, pk=inventory_pk)
if not inventory.is_admin(request.user):
return nopermission(request)
elif not request.user.is_superuser:
# TODO: introduce new permission to add new inventories
return nopermission(request)
return function(request, *args, inventory=inventory, **kwargs)
def delete_role(request, event_url_name, role_pk):
event = get_object_or_404(Event, url_name=event_url_name)
# check permission
if not event.is_admin(request.user):
return nopermission(request)
# check if badge system is active
if not event.badges:
return notactive(request)
role = get_object_or_404(BadgeRole, pk=role_pk,
badge_settings__event=event)
form = BadgeRoleDeleteForm(request.POST or None, instance=role)
if form.is_valid():
form.delete()
return HttpResponseRedirect(reverse('badges:settings',
args=[event.url_name, ]))
context = {'event': event,
'form': form,
'role': role}
return render(request, 'badges/delete_role.html',
context)
def edit_user(request, user_pk):
# check permission
if not request.user.is_superuser:
return nopermission(request)
changed_user = get_object_or_404(get_user_model(), pk=user_pk)
form = EditUserForm(request.POST or None,
instance=changed_user,
admin_user=request.user)
if form.is_valid():
form.save()
logger.info("user changed",
extra={
'user': request.user,
'changed_user': changed_user.username,
})
return redirect('account:view_user', changed_user.pk)
context = {
'form': form,
'changed_user': changed_user,
}
return render(request, 'account/edit_user.html', context)
def edit_specialbadges_template(request, event_url_name, specialbadges_pk):
event = get_object_or_404(Event, url_name=event_url_name)
# check permission
if not has_access(request.user, event, ACCESS_BADGES_EDIT_SPECIAL):
return nopermission(request)
# check if badge system is active
if not event.badges:
return notactive(request)
# get special badges
specialbadges = get_object_or_404(SpecialBadges,
pk=specialbadges_pk,
event=event)
# form
form = BadgeForm(request.POST or None,
request.FILES or None,
instance=specialbadges.template_badge)
if form.is_valid():
form.save()
specialbadges.save() # sync changes to other badges
return redirect('badges:list_specialbadges',
event_url_name=event.url_name)
context = {'event': event, 'form': form}
return render(request, 'badges/edit_badge.html', context)
def edit_specialbadges(request, event_url_name, specialbadges_pk=None):
event = get_object_or_404(Event, url_name=event_url_name)
# check permission
if not has_access(request.user, event, ACCESS_BADGES_EDIT_SPECIAL):
return nopermission(request)
# check if badge system is active
if not event.badges:
return notactive(request)
# get special badges
specialbadges = None
if specialbadges_pk:
specialbadges = get_object_or_404(SpecialBadges,
pk=specialbadges_pk,
event=event)
# form
form = SpecialBadgesForm(request.POST or None,
instance=specialbadges,
event=event)
if form.is_valid():
instance = form.save()
return redirect('badges:edit_specialbadges_template',
event_url_name=event.url_name,
specialbadges_pk=instance.pk)
context = {'event': event, 'form': form}
return render(request, 'badges/edit_specialbadges.html', context)
def delete_specialbadges(request, event_url_name, specialbadges_pk):
event = get_object_or_404(Event, url_name=event_url_name)
# check permission
if not has_access(request.user, event, ACCESS_BADGES_EDIT_SPECIAL):
return nopermission(request)
# check if badge system is active
if not event.badges:
return notactive(request)
# get special badges
specialbadges = get_object_or_404(SpecialBadges,
pk=specialbadges_pk,
event=event)
form = SpecialBadgesDeleteForm(request.POST or None,
instance=specialbadges)
if form.is_valid():
form.delete()
return redirect('badges:list_specialbadges',
event_url_name=event.url_name)
context = {'event': event, 'form': form, 'specialbadges': specialbadges}
return render(request, 'badges/delete_specialbadges.html', context)
def edit_design(request, event_url_name, design_pk=None):
event = get_object_or_404(Event, url_name=event_url_name)
# check permission
if not event.is_admin(request.user):
return nopermission(request)
# check if badge system is active
if not event.badges:
return notactive(request)
# get BadgePermission
design = None
if design_pk:
design = get_object_or_404(BadgeDesign, pk=design_pk,
badge_settings__event=event)
# form
form = BadgeDesignForm(request.POST or None, request.FILES or None,
instance=design, settings=event.badge_settings)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse('badges:settings',
args=[event.url_name, ]))
context = {'event': event,
'form': form}
return render(request, 'badges/edit_design.html',
context)
def list(request, event_url_name):
event = get_object_or_404(Event, url_name=event_url_name)
# check permission
if not has_access(request.user, event, ACCESS_GIFTS_EDIT):
return nopermission(request)
# check if active
if not event.gifts:
return notactive(request)
# manage gift settings
settings_form = GiftSettingsForm(request.POST or None, instance=event.giftsettings)
if settings_form.is_valid():
settings_form.save()
log_msg = "giftsettings changed"
logger.info(log_msg, extra={
'user': request.user,
'event': event,
})
return redirect("gifts:list", event_url_name=event.url_name)
# grab gifts and giftsets
gifts = Gift.objects.filter(event=event)
gift_sets = GiftSet.objects.filter(event=event)
context = {'event': event,
'gifts': gifts,
'gift_sets': gift_sets,
'settings_form': settings_form}
return render(request, 'gifts/list.html', context)
def edit_gift_set(request, event_url_name, gift_set_pk=None):
event = get_object_or_404(Event, url_name=event_url_name)
# check permission
if not is_involved(request.user, event_url_name, admin_required=True):
return nopermission(request)
# check if active
if not event.gifts:
return notactive(request)
gift_set = _validate_gift_set(event, gift_set_pk)
# form
form = GiftSetForm(request.POST or None, instance=gift_set, event=event)
if form.is_valid():
form.save()
return HttpResponseRedirect(
reverse('gifts:list', args=[
event.url_name,
]))
context = {'event': event, 'form': form}
return render(request, 'gifts/edit_gift_set.html', context)
def failed(request, event_url_name, task_id):
event = get_object_or_404(Event, url_name=event_url_name)
# check permission
if not event.is_admin(request.user):
return nopermission(request)
# check if badge system is active
if not event.badges:
return notactive(request)
# get result
result = AsyncResult(task_id)
error = None
latex_output = None
if result.failed():
error = _("Internal Server Error. The admins were notified.")
mail_admins("Badge generation error",
str(result.result),
fail_silently=True)
elif result.state == "CREATOR_ERROR":
error = result.info['error']
latex_output = result.info['latex_output']
# return error message
context = {'event': event, 'error': error, 'latex_output': latex_output}
return render(request, 'badges/failed.html', context)
def take_back_direct(request, event_url_name, item_pk):
event = get_object_or_404(Event, url_name=event_url_name)
# check permission
if not has_access(request.user, event, ACCESS_INVENTORY_HANDLE):
return nopermission(request)
# check if badge system is active
if not event.inventory:
return notactive(request)
item = Item.objects.get(pk=item_pk)
try:
helper = item.get_exclusive_user(event)
item.remove_from_helper(helper)
request.session['inventory_helper_pk'] = str(helper.pk)
return redirect('inventory:take_back', event_url_name)
except InvalidMultipleAssignment:
error = 'multiple'
except NotAssigned:
error = 'noassignment'
context = {'event': event, 'error': error}
return render(request, 'inventory/take_back_error.html', context)
def set_present(request, event_url_name, shift_pk):
event, job, shift, helper = get_or_404(event_url_name, shift_pk=shift_pk)
# check permission
if not has_access(request.user, event, ACCESS_GIFTS_HANDLE_PRESENCE):
return nopermission(request)
# check if active
if not event.gifts:
return notactive(request)
form = PresentForm(request.POST or None, shift=shift, user=request.user)
if form.is_valid():
form.save()
messages.success(request, _("Presence was saved"))
return HttpResponseRedirect(reverse('gifts:set_present',
args=[event.url_name, shift.pk, ]))
context = {'event': event,
'shift': shift,
'form': form}
return render(request, 'gifts/set_present.html', context)
def templates(request):
# must be superuser
if not request.user.is_superuser:
return nopermission(request)
context = {}
return render(request, 'toolsettings/templates.html', context)
def send_mail(request, event_url_name):
event = get_object_or_404(Event, url_name=event_url_name)
# check permission
if not event.is_involved(request.user):
return nopermission(request)
# form
form = MailForm(request.POST or None, event=event, user=request.user)
if form.is_valid():
try:
form.send_mail()
messages.success(request, _("Mail was sent successfully"))
except (SMTPException, ConnectionError, MailFormError) as e:
messages.error(
request,
_("Sending mails failed: %(error)s") % {'error': str(e)})
return HttpResponseRedirect(reverse('mail:send',
args=[event_url_name]))
# render page
context = {'event': event, 'form': form}
return render(request, 'mail/send_mail.html', context)
def settings_advanced(request, event_url_name):
event = get_object_or_404(Event, url_name=event_url_name)
# check permission
if not event.is_admin(request.user):
return nopermission(request)
# check if badge system is active
if not event.badges:
return notactive(request)
# form for settings
form = BadgeSettingsForm(request.POST or None,
request.FILES or None,
instance=event.badge_settings)
# for for permissions
permissions = event.badge_settings.badgepermission_set.all()
if form.is_valid():
form.save()
return HttpResponseRedirect(
reverse('badges:settings_advanced', args=[
event.url_name,
]))
# render
context = {'event': event, 'form': form, 'permissions': permissions}
return render(request, 'badges/settings_advanced.html', context)
def edit_badge(request, event_url_name, helper_pk):
event, job, shift, helper = get_or_404(event_url_name, helper_pk=helper_pk)
# check permission
if not event.is_admin(request.user):
return nopermission(request)
# check if badge system is active
if not event.badges:
return notactive(request)
form = BadgeForm(request.POST or None, request.FILES or None,
instance=helper.badge)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse('view_helper',
args=[event_url_name, helper.pk]))
# render page
context = {'event': event,
'helper': helper,
'form': form}
return render(request, 'badges/edit_badge.html', context)
def edit_agreement(request, agreement_pk=None):
# must be superuser
if not request.user.is_superuser:
return nopermission(request)
# get job, if available
agreement = None
if agreement_pk:
agreement = get_object_or_404(Agreement, pk=agreement_pk)
# form
form = AgreementForm(request.POST or None, instance=agreement)
if form.is_valid():
form.save()
if agreement:
logmsg = "useragreement changed"
else:
logmsg = "useragreement created"
agreement = form.instance
logger.info(logmsg,
extra={
'user': request.user,
'agreement': agreement.name,
'agreement_pk': agreement.pk,
})
return redirect("account:list_agreements")
# render page
context = {"form": form, "agreement": agreement}
return render(request, 'account/edit_agreement.html', context)
def send(request):
# check permission
if not (request.user.is_superuser or has_sendnews_group(request.user)):
return nopermission(request)
base_url = request.build_absolute_uri(reverse('index'))
unsubscribe_url = request.build_absolute_uri(
reverse('news:unsubscribe',
args=["1773a8dc-3cf4-497e-9a1c-25128cba768a"]))
form = MailForm(request.POST or None, request=request)
if form.is_valid():
form.send_mail()
messages.success(request, _("Mails are being sent now."))
logger.info("newsletter sent",
extra={
'user': request.user,
'subject': form.cleaned_data['subject'],
})
return HttpResponseRedirect(reverse('news:send'))
num_recipients = Person.objects.count()
context = {
'num_recipients': num_recipients,
'url': base_url,
'unsubscribe_url': unsubscribe_url,
'form': form
}
return render(request, 'news/send.html', context)
def delete_permission(request, event_url_name, permission_pk):
event = get_object_or_404(Event, url_name=event_url_name)
# check permission
if not has_access(request.user, event, ACCESS_BADGES_EDIT):
return nopermission(request)
# check if badge system is active
if not event.badges:
return notactive(request)
# get BadgePermission
permission = get_object_or_404(BadgePermission, pk=permission_pk,
badge_settings__event=event)
# form
form = BadgePermissionDeleteForm(request.POST or None, instance=permission)
if form.is_valid():
form.delete()
return HttpResponseRedirect(reverse('badges:settings_advanced',
args=[event.url_name, ]))
context = {'event': event,
'form': form,
'permission': permission}
return render(request, 'badges/delete_permission.html',
context)
def edit_role(request, event_url_name, role_pk=None):
event = get_object_or_404(Event, url_name=event_url_name)
# check permission
if not has_access(request.user, event, ACCESS_BADGES_EDIT):
return nopermission(request)
# check if badge system is active
if not event.badges:
return notactive(request)
# get BadgePermission
role = None
if role_pk:
role = get_object_or_404(BadgeRole,
pk=role_pk,
badge_settings__event=event)
# form
form = BadgeRoleForm(request.POST or None,
instance=role,
settings=event.badge_settings)
if form.is_valid():
form.save()
return HttpResponseRedirect(
reverse('badges:settings', args=[
event.url_name,
]))
context = {'event': event, 'form': form}
return render(request, 'badges/edit_role.html', context)
def delete_gift_set(request, event_url_name, gift_set_pk):
event = get_object_or_404(Event, url_name=event_url_name)
# check permission
if not event.is_admin(request.user):
return nopermission(request)
# check if active
if not event.gifts:
return notactive(request)
gift_set = _validate_gift_set(event, gift_set_pk)
# form
form = GiftSetDeleteForm(request.POST or None, instance=gift_set)
if form.is_valid():
form.delete()
messages.success(
request,
_("Gift set deleted: %(name)s") % {'name': gift_set.name})
# redirect to shift
return HttpResponseRedirect(
reverse('gifts:list', args=[
event.url_name,
]))
# render page
context = {'gift_set': gift_set, 'form': form}
return render(request, 'gifts/delete_gift_set.html', context)
def view_helpers_prerequisite(request, event_url_name, prerequisite_pk):
event = get_object_or_404(Event, url_name=event_url_name)
# check if feature is active
if not event.prerequisites:
return notactive(request)
# check permission
if not has_access(request.user, event, ACCESS_PREREQUISITES_VIEW):
return nopermission(request)
prerequisite = get_object_or_404(Prerequisite, pk=prerequisite_pk)
if prerequisite.event != event:
raise Http404
# find all helpers that need this prerequisite
helpers = Helper.objects.filter(
shifts__job__prerequisites=prerequisite).distinct()
# render page
context = {
'event': event,
'prerequisite': prerequisite,
'helpers': helpers
}
return render(request, 'prerequisites/view_helpers_prerequisite.html',
context)
def register(request, event_url_name):
event = get_object_or_404(Event, url_name=event_url_name)
# check permission
if not has_access(request.user, event, ACCESS_BADGES_GENERATE):
return nopermission(request)
# check if badge system is active
if not event.badges:
return notactive(request)
if event.badge_settings.barcodes:
form = BadgeBarcodeForm(request.POST or None, event=event)
if form.is_valid():
if form.badge.printed:
# duplicate -> error
messages.error(
request,
_("Badge already printed: %(name)s") %
{'name': form.badge.name()})
else:
# mark as printed
form.badge.printed = True
form.badge.save()
messages.success(
request,
_("Badge registered: %(name)s") %
{'name': form.badge.name()})
else:
form = None
context = {'event': event, 'form': form}
return render(request, 'badges/register.html', context)
def list_shirts(request, event_url_name):
event = get_object_or_404(Event, url_name=event_url_name)
# check permission
if not event.is_admin(request.user):
return nopermission(request)
# check if active
if not event.gifts:
return notactive(request)
if event.ask_shirt:
helpers = event.helper_set.filter(gifts__buy_shirt=True)
num_shirts = OrderedDict()
shirts = helpers.values('shirt').annotate(num=Count('shirt'))
for size, name in event.get_shirt_choices():
num = 0
try:
num = shirts.get(shirt=size)['num']
except Helper.DoesNotExist:
pass
num_shirts.update({name: num})
else:
helpers = None
num_shirts = None
context = {'event': event,
'helpers': helpers,
'num_shirts': num_shirts,
'shirts_not_active': not event.ask_shirt}
return render(request, 'gifts/list_shirts.html', context)
def remove(request):
# check if feature is available
if not settings.FEATURES_NEWSLETTER:
raise Http404
# must be superuser
if not request.user.is_superuser:
return nopermission(request)
form = RemoveForm(request.POST or None)
if form.is_valid():
email = form.delete()
messages.success(request, _("Recipient removed."))
logger.info("newsletter removed",
extra={
'user': request.user,
'email': email,
})
return redirect('news:remove')
context = {'form': form}
return render(request, 'news/remove.html', context)
def overview(request, event_url_name):
event = get_object_or_404(Event, url_name=event_url_name)
# permission
if not event.is_admin(request.user):
return nopermission(request)
num_helpers = event.helper_set.count()
num_coordinators = 0
timeline = {}
for helper in event.helper_set.all():
if helper.is_coordinator:
num_coordinators += 1
else:
day = helper.timestamp.strftime('%Y-%m-%d')
if day in timeline:
timeline[day] += 1
else:
timeline[day] = 1
num_vegetarians = event.helper_set.filter(vegetarian=True).count()
num_shift_slots = Shift.objects.filter(job__event=event).aggregate(
Sum('number'))['number__sum']
empty_slots_expr = ExpressionWrapper(F('number') - F('num_helpers'),
output_field=fields.IntegerField())
num_empty_shift_slots = Shift.objects.filter(job__event=event) \
.annotate(num_helpers=Count('helper')) \
.annotate(empty_slots=empty_slots_expr) \
.aggregate(Sum('empty_slots'))['empty_slots__sum']
total_duration = ExpressionWrapper((F('end') - F('begin')) * F('number'),
output_field=fields.DurationField())
hours_total = Shift.objects.filter(job__event=event) \
.annotate(duration=total_duration) \
.aggregate(Sum('duration'))['duration__sum']
# sum up timeline
timeline = OrderedDict(sorted(timeline.items()))
timeline_sum = OrderedDict()
tmp = 0
for day in timeline:
tmp += timeline[day]
timeline_sum[day] = tmp
# render
context = {'event': event,
'num_helpers': num_helpers,
'num_coordinators': num_coordinators,
'num_vegetarians': num_vegetarians,
'num_shift_slots': num_shift_slots,
'num_empty_shift_slots': num_empty_shift_slots,
'hours_total': hours_total,
'timeline': timeline_sum}
return render(request, 'statistic/overview.html', context)
def overview(request, event_url_name):
event = get_object_or_404(Event, url_name=event_url_name)
# permission
if not has_access(request.user, event, ACCESS_STATISTICS_VIEW):
return nopermission(request)
num_helpers = event.helper_set.count()
num_coordinators = event.all_coordinators.count()
num_vegetarians = event.helper_set.filter(vegetarian=True).count()
num_shift_slots = Shift.objects.filter(job__event=event).aggregate(
Sum('number'))['number__sum']
empty_slots_expr = ExpressionWrapper(F('number') - F('num_helpers'),
output_field=fields.IntegerField())
num_empty_shift_slots = Shift.objects.filter(job__event=event) \
.annotate(num_helpers=Count('helper')) \
.annotate(empty_slots=empty_slots_expr) \
.aggregate(Sum('empty_slots'))['empty_slots__sum']
total_duration = ExpressionWrapper((F('end') - F('begin')) * F('number'),
output_field=fields.DurationField())
try:
hours_total = Shift.objects.filter(job__event=event) \
.annotate(duration=total_duration) \
.aggregate(Sum('duration'))['duration__sum']
except (OperationalError, OverflowError):
hours_total = None
except Exception as e:
# handle psycopg2.DataError without importing psycopg2
# happens on overflow with postgresql
if 'DataError' in str(e.__class__):
hours_total = None
else:
raise e
if event.badges:
num_specialbadges = SpecialBadges.objects.filter(
event=event).aggregate(Sum('number'))['number__sum'] or 0
else:
num_specialbadges = 0
# render
context = {
'event': event,
'num_helpers': num_helpers,
'num_coordinators': num_coordinators,
'num_vegetarians': num_vegetarians,
'num_shift_slots': num_shift_slots,
'num_empty_shift_slots': num_empty_shift_slots,
'num_specialbadges': num_specialbadges,
'hours_total': hours_total
}
return render(request, 'statistic/overview.html', context)
def list_agreements(request):
# must be superuser
if not request.user.is_superuser:
return nopermission(request)
agreements = Agreement.objects.all()
context = {'agreements': agreements}
return render(request, 'account/list_agreements.html', context)
def show_mail(request, event_url_name, mail_pk):
event = get_object_or_404(Event, url_name=event_url_name)
mail = get_object_or_404(SentMail, pk=mail_pk)
# check permission
if not mail.can_see_mail(request.user):
return nopermission(request)
# render page
context = {'event': event,
'mail': mail}
return render(request, 'mail/show_mail.html', context)
def template_privacy(request):
# must be superuser
if not request.user.is_superuser:
return nopermission(request)
# forms
obj_privacy, c = HTMLSetting.objects.get_or_create(key='privacy')
form_privacy = HTMLSettingForm(request.POST or None,
instance=obj_privacy,
prefix='privacy')
obj_privacy_text, c = TextSetting.objects.get_or_create(key='privacy')
form_privacy_text = TextSettingForm(request.POST or None,
instance=obj_privacy_text,
prefix='privacy_text')
obj_news, c = HTMLSetting.objects.get_or_create(key='privacy_newsletter')
form_news = HTMLSettingForm(request.POST or None,
instance=obj_news,
prefix='news')
obj_news_subscribe, c = HTMLSetting.objects.get_or_create(
key='privacy_newsletter_subscribe')
form_news_subscribe = HTMLSettingForm(request.POST or None,
instance=obj_news_subscribe,
prefix='news_subscribe')
if form_privacy.is_valid() and form_privacy_text.is_valid() \
and form_news.is_valid() and form_news_subscribe.is_valid():
form_privacy.save()
form_privacy_text.save()
form_news.save()
form_news_subscribe.save()
logger.info("settings changed",
extra={
'changed': 'templates_privacy',
'user': request.user,
})
return HttpResponseRedirect(reverse('toolsettings:templates'))
# render page
context = {
'form_privacy': form_privacy,
'form_privacy_text': form_privacy_text,
'form_news': form_news,
'form_news_subscribe': form_news_subscribe
}
return render(request, 'toolsettings/template_privacy.html', context)
