def overview(sketch_id): """Generates the sketch overview template. Returns: Template with context. """ sketch = Sketch.query.get_with_acl(sketch_id) sketch_form = NameDescriptionForm() permission_form = TogglePublic() status_form = StatusForm() trash_form = TrashForm() # Edit sketch form POST if sketch_form.validate_on_submit(): if not sketch.has_permission(current_user, u'write'): abort(HTTP_STATUS_CODE_FORBIDDEN) sketch.name = sketch_form.name.data sketch.description = sketch_form.description.data db_session.commit() return redirect( url_for(u'sketch_views.overview', sketch_id=sketch.id)) # Toggle public/private form POST if permission_form.validate_on_submit(): if not sketch.has_permission(current_user, u'write'): abort(HTTP_STATUS_CODE_FORBIDDEN) if permission_form.permission.data == u'public': sketch.grant_permission(user=None, permission=u'read') else: sketch.revoke_permission(user=None, permission=u'read') db_session.commit() return redirect( url_for(u'sketch_views.overview', sketch_id=sketch.id)) # Change status form POST if status_form.validate_on_submit(): if not sketch.has_permission(current_user, u'write'): abort(HTTP_STATUS_CODE_FORBIDDEN) sketch.set_status(status=status_form.status.data) return redirect( url_for(u'sketch_views.overview', sketch_id=sketch.id)) # Trash form POST if trash_form.validate_on_submit(): if not sketch.has_permission(current_user, u'delete'): abort(HTTP_STATUS_CODE_FORBIDDEN) sketch.set_status(status=u'deleted') return redirect( url_for(u'home_views.home')) return render_template( u'sketch/overview.html', sketch=sketch, sketch_form=sketch_form, permission_form=permission_form, status_form=status_form, trash_form=trash_form)
def overview(sketch_id): """Generates the sketch overview template. Returns: Template with context. """ sketch = Sketch.query.get_with_acl(sketch_id) sketch_form = NameDescriptionForm() permission_form = TogglePublic() status_form = StatusForm() trash_form = TrashForm() # Dynamically set the forms select options. # pylint: disable=singleton-comparison permission_form.groups.choices = set( (g.id, g.name) for g in Group.query.filter( or_(Group.user == current_user, Group.user == None))) permission_form.remove_groups.choices = set( (g.id, g.name) for g in sketch.groups) permission_form.remove_users.choices = set( (u.id, u.username) for u in sketch.collaborators) # Edit sketch form POST if sketch_form.validate_on_submit(): if not sketch.has_permission(current_user, u'write'): abort(HTTP_STATUS_CODE_FORBIDDEN) sketch.name = sketch_form.name.data sketch.description = sketch_form.description.data db_session.commit() return redirect( url_for(u'sketch_views.overview', sketch_id=sketch.id)) # Toggle public/private form POST if permission_form.validate_on_submit(): if not sketch.has_permission(current_user, u'write'): abort(HTTP_STATUS_CODE_FORBIDDEN) # Add collaborators to the sketch # TODO(jbn): Make write permission off by default # and selectable in the UI if permission_form.username.data: user = User.query.filter_by( username=permission_form.username.data).first() if user: sketch.grant_permission(permission=u'read', user=user) sketch.grant_permission(permission=u'write', user=user) # Add a group to the sketch if permission_form.groups.data: group_id = permission_form.groups.data group = Group.query.get(group_id) # Only add groups publicly visible or owned by the current user if not group.user or group.user == current_user: sketch.grant_permission(permission=u'read', group=group) sketch.grant_permission(permission=u'write', group=group) # Remove groups from sketch if permission_form.remove_groups.data: for group_id in permission_form.remove_groups.data: group = Group.query.get(group_id) sketch.revoke_permission(permission=u'read', group=group) sketch.revoke_permission(permission=u'write', group=group) # Remove users from sketch if permission_form.remove_users.data: for user_id in permission_form.remove_users.data: user = User.query.get(user_id) sketch.revoke_permission(permission=u'read', user=user) sketch.revoke_permission(permission=u'write', user=user) if permission_form.permission.data == u'public': sketch.grant_permission(permission=u'read') else: sketch.revoke_permission(permission=u'read') db_session.commit() return redirect( url_for(u'sketch_views.overview', sketch_id=sketch.id)) # Change status form POST if status_form.validate_on_submit(): if not sketch.has_permission(current_user, u'write'): abort(HTTP_STATUS_CODE_FORBIDDEN) sketch.set_status(status=status_form.status.data) return redirect( url_for(u'sketch_views.overview', sketch_id=sketch.id)) # Trash form POST if trash_form.validate_on_submit(): if not sketch.has_permission(current_user, u'delete'): abort(HTTP_STATUS_CODE_FORBIDDEN) sketch.set_status(status=u'deleted') return redirect( url_for(u'home_views.home')) return render_template( u'sketch/overview.html', sketch=sketch, sketch_form=sketch_form, permission_form=permission_form, status_form=status_form, trash_form=trash_form)
def overview(sketch_id): """Generates the sketch overview template. Returns: Template with context. """ sketch = Sketch.query.get_with_acl(sketch_id) sketch_form = NameDescriptionForm() permission_form = TogglePublic() status_form = StatusForm() trash_form = TrashForm() # Dynamically set the forms select options. # pylint: disable=singleton-comparison permission_form.groups.choices = set( (g.id, g.name) for g in Group.query.filter( or_(Group.user == current_user, Group.user == None))) permission_form.remove_groups.choices = set( (g.id, g.name) for g in sketch.groups) permission_form.remove_users.choices = set( (u.id, u.username) for u in sketch.collaborators) # Edit sketch form POST if sketch_form.validate_on_submit(): if not sketch.has_permission(current_user, u'write'): abort(HTTP_STATUS_CODE_FORBIDDEN) sketch.name = sketch_form.name.data sketch.description = sketch_form.description.data db_session.commit() return redirect(url_for(u'sketch_views.overview', sketch_id=sketch.id)) # Toggle public/private form POST if permission_form.validate_on_submit(): if not sketch.has_permission(current_user, u'write'): abort(HTTP_STATUS_CODE_FORBIDDEN) # Add collaborators to the sketch # TODO(jbn): Make write permission off by default # and selectable in the UI if permission_form.username.data: user = User.query.filter_by( username=permission_form.username.data).first() if user: sketch.grant_permission(permission=u'read', user=user) sketch.grant_permission(permission=u'write', user=user) # Add a group to the sketch if permission_form.groups.data: group_id = permission_form.groups.data group = Group.query.get(group_id) # Only add groups publicly visible or owned by the current user if not group.user or group.user == current_user: sketch.grant_permission(permission=u'read', group=group) sketch.grant_permission(permission=u'write', group=group) # Remove groups from sketch if permission_form.remove_groups.data: for group_id in permission_form.remove_groups.data: group = Group.query.get(group_id) sketch.revoke_permission(permission=u'read', group=group) sketch.revoke_permission(permission=u'write', group=group) # Remove users from sketch if permission_form.remove_users.data: for user_id in permission_form.remove_users.data: user = User.query.get(user_id) sketch.revoke_permission(permission=u'read', user=user) sketch.revoke_permission(permission=u'write', user=user) if permission_form.permission.data == u'public': sketch.grant_permission(permission=u'read') else: sketch.revoke_permission(permission=u'read') db_session.commit() return redirect(url_for(u'sketch_views.overview', sketch_id=sketch.id)) # Change status form POST if status_form.validate_on_submit(): if not sketch.has_permission(current_user, u'write'): abort(HTTP_STATUS_CODE_FORBIDDEN) sketch.set_status(status=status_form.status.data) return redirect(url_for(u'sketch_views.overview', sketch_id=sketch.id)) # Trash form POST if trash_form.validate_on_submit(): if not sketch.has_permission(current_user, u'delete'): abort(HTTP_STATUS_CODE_FORBIDDEN) sketch.set_status(status=u'deleted') return redirect(url_for(u'home_views.home')) return render_template(u'sketch/overview.html', sketch=sketch, sketch_form=sketch_form, permission_form=permission_form, status_form=status_form, trash_form=trash_form)