def newquestion(id): if request.method == "GET": #check rights if users.is_teacher(users.user_id()) or users.is_admin( users.user_id()): course = courses.get_course_with_id(id) title = course[1] return render_template("newquestion.html", course_title=title, id=id) else: return render_template( "error.html", message="Sinulla ei ole oikeutta nähdä tätä sivua") if request.method == "POST": question = request.form["question"] course_id = id choices = request.form.getlist("choice") for choice in choices: if len(choice) > 500: return render_template("error.html", \ message="Vastausvaihtoehto on liian pitkä, max. 500 merkkiä") if len(question) > 500: return render_template("error.html", \ message="Kysymys on liian pitkä, max. 500 merkkiä") if question == "" or len(choices) == 0: return render_template("error.html", \ message="Kysymystä ei voi jättää tyhjäksi ja ainakin yksi vastausvaihtoehto "\ "pitää olla") if questions.new_question(question, course_id, choices): return redirect("/courses/" + str(course_id)) else: return render_template("error.html", message="Kysymyksen luominen ei onnistunut")
def tagging(): if not users.is_admin(): return render_template("forbidden.html", message="Sinulla ei ole oikeutta nähdä tätä sivua") restaurants_list = restaurants.get_list() tags_list = tags.get_tags() if request.method == "GET": return render_template("tags.html", tags=tags_list, restaurants=restaurants_list) if request.method == "POST": written_tag = request.form["tag"] list_tag = request.form["existing_tag"] if is_empty(written_tag) and is_empty(list_tag): return render_template("tags.html", errormessage="Et lisännyt tägiä", tags=tags_list, restaurants=restaurants_list) elif not is_empty(written_tag) and not is_empty(list_tag): return render_template("tags.html", errormessage="Lisää yksi tägi kerrallaan", tags=tags_list, restaurants=restaurants_list) else: tag_to_be_added = "" if is_empty(written_tag): tag_to_be_added = list_tag else: tag_to_be_added = written_tag if len(tag_to_be_added) > 50: return render_template("tags.html", errormessage="Tägi on liian pitkä. Sen tulee olla alle 50 merkkiä", tags=tags_list, restaurants=restaurants_list) if "selected_restaurants" in request.form: restaurants_to_be_added = request.form.getlist("selected_restaurants") check_csfr(request.form["csrf_token"], users.get_csrf()) tags.add_tags(restaurants_to_be_added, tag_to_be_added) else: return render_template("tags.html", errormessage="Et antanut ravintoloita", tags=tags_list, restaurants=restaurants_list) return redirect("/")
def toggle_public_private(group_id): if users.is_group_admin(group_id) or users.is_admin(): sql = "UPDATE groups SET open=NOT(open) WHERE id=:group_id" db.session.execute(sql, {"group_id": group_id}) db.session.commit() return True return False
def list_users(): userlist = users.get_all_users() if users.is_admin(): mod_rights = True else: mod_rights = False return render_template("users_list.html", userlist=userlist, mod_rights=mod_rights)
def admin_all_lessons(): user_id = session["user_id"] if users.is_admin(user_id): all_lessons = lessons.get_lessons() return render_template("/all_lessons.html", lessons=all_lessons) else: abort(403)
def all_users(): user_id = session["user_id"] if users.is_admin(user_id): all_users = users.get_users() return render_template("/all_users.html", users=all_users) else: abort(403)
def post(self): token = self.request.get('token') if users.is_admin(token): email = self.request.get('email') password = self.request.get('password') is_admin = self.request.get('is_admin') # 'true' or 'false' is_organization = self.request.get('is_organization') # 'true' or 'false' user = users.User.with_email(email) if user: # update existing: if email and email != '': user.email = email if password and password != '': user.pwd_hash = users.hash_pwd(password) if is_admin is not None: user.is_admin = is_admin == 'true' if is_organization is not None: user.is_organization = is_organization == 'true' message = 'Updated user' user.put() else: # create new: if password is None or password == '' or email is None or email == '': message = "Can't have an empty password or email" else: user, message = users.User.create_user(email, password, is_organization == 'true', is_admin == 'true') user.put() response = {"success": (user is not None), "message": message} else: response = {"success": False, "message": "Only admins can create new users"} send_json(self, response)
def all_feedback(): all_messages = messages.get_messages() user_id = session["user_id"] if users.is_admin(user_id): return render_template("/all_feedback.html", messages=all_messages) else: abort(403)
def add_stats(): if users.is_admin(): form = StatForm(request.form) if request.method == "GET": games = events.get_games() games_list = [(g[2], (str(g[0]) + " " + g[1])) for g in games] games_list.append([0, "Valitse ottelu"]) pl_list = players.get_players() player_list = [(pl[3], (str(pl[2]) + " " + pl[0] + " " + pl[1])) for pl in pl_list] player_list.append([0, "Valitse pelaaja"]) form.player_id.choices = player_list form.event_id.choices = games_list return render_template("add_stats.html", form=form) if request.method == "POST": if users.get_csrf_token() != form.csrf_token.data: return render_template("error.html", message="Kielletty!") if form.submit.data: if form.event_id.data != "0" and form.player_id.data != "0": stats.add_game_stats(form.event_id.data, form.player_id.data, form.min.data, form.fg.data, form.fg_a.data, form.three.data, form.three_a.data, form.ft.data, form.ft_a.data, form.dreb.data, form.oreb.data, form.foul.data, form.ass.data, form.tover.data, form.steal.data, form.block.data) return redirect("/stats") else: return render_template("error.html", message="Pelaaja ja tapahtuma pitää olla valittuna") else: return render_template("error.html", message="Virhe tilastoiden syöttämisessä") else: return render_template("error.html", message="Virhe tilastoiden syöttämisessä") else: return render_template("error.html", message="Ei oikeutta")
def promote_user(id): if users.is_admin() or users.user_id() == id: if users.set_admin(id): return redirect("/users") else: return render_template("error.html", message="Tapahtui virhe") else: return render_template("error.html", message="Ei oikeutta")
def post(self): if users.is_admin(self.request.get('token')): self.response.headers['Content-Type'] = 'text/csv' self.response.headers['Access-Control-Allow-Origin'] = '*' self.response.headers['Content-Disposition'] = 'attachment; filename=JellywatchSightings.csv;' jellyfish.write_csv(self.response) else: self.response.write("Only admins can download the CSV")
def player_list(): if users.is_admin(): mod_rights = True else: mod_rights = False player_list = players.get_players() return render_template("player_list.html", players=player_list, mod_rights=mod_rights)
def index(): count = books.get_bookcount() bookslist = books.get_books() admin = users.is_admin() return render_template("index.html", count=count, books=bookslist, admin=admin)
def post(self): token = self.request.get('token') success = False if users.is_admin(token): id = self.request.get('id') ndb.Key(jellyfish.Sighting, int(id)).delete() success = True send_json(self, {"success": success})
def muu_category(): session["category"] = 3 category_id = session["category"] return render_template("category.html", threads=threads.fetch_category_threads(category_id), admin=users.is_admin(), user=users.user_id(), allowed=users.get_list_of_allowed_users())
def get(self): token = self.request.get('token') response = {} if users.is_admin(token): response = {"users": [u.to_json() for u in users.User.query()]} else: response = {"message": "Only admins can see the list of users"} send_json(self, response)
def delete(message_id): allow = False if users.is_admin(): allow = True elif users.user_id() == get_sender(message_id): allow = True if allow: sql = "DELETE FROM messages WHERE id=:message_id" db.session.execute(sql, {"message_id": message_id}) db.session.commit()
def get(self): token = self.request.get('token') response = {} if users.is_admin(token): headings, sightings = jellyfish.get_recent() response = {"headings": headings, "sightings": sightings} else: response = {"message": "Only admins can see the list of users"} send_json(self, response)
def studentsList(id): allow = False if users.is_admin(users.user_id()) or users.is_teacher(users.user_id()): allow = True students = courses.students_in_course(id) title = courses.get_course_with_id(id)[1] return render_template("students.html", title=title, students=students, allow=allow, id=id)
def thread(id): if users.is_admin(): list = threads.get_thread_with_invisible(id) else: list = threads.get_thread(id) thread_attributes = threads.get_thread_attributes(id) return render_template("thread.html", count=len(list), messages=list, id=id, thread_attributes=thread_attributes)
def admin_list_users(): """admin function to list users""" usr = verify_user() if not usr or not users.is_admin(usr["email"]): raise EXCEPTION_UNAUTHORIZED return [{ "name": usr["name"], "email": usr["email"] } for usr in users.get_users()]
def lesson(id): user_id = session["user_id"] if users.is_admin(user_id): lesson = lessons.lesson_information(id) participants = lessons.get_participants(id) return render_template("/lesson.html", id=id, lesson_information=lesson, participants=participants) else: abort(403)
def deletebook(): if users.is_admin(): book_id = request.form["id"] if books.delete_book(book_id): return redirect("/") else: return render_template("error.html", message="Kirjan poistaminen ei onnistunut") else: return render_template("error.html", message="Ei oikeuksia poistaa kirjaa")
def admin_new_user(): """admin function to add new users""" usr = verify_user() if not usr or not users.is_admin(usr["email"]): raise EXCEPTION_UNAUTHORIZED name = get_req("name") email = get_req("email") return users.new_user({"email": email, "name": name})
def result(query, order): if order == "ASC": if users.is_admin(): sql = """SELECT M.content, U.username, M.created_at, M.user_id, M.id, M.visible, T.topic, T.id, M.edited_at FROM messages M, users U, threads T WHERE (M.content ILIKE :query OR T.topic ILIKE :query) AND M.user_id=U.id AND M.thread_id=T.id ORDER BY M.created_at ASC""" else: sql = """SELECT M.content, U.username, M.created_at, M.user_id, M.id, M.visible, T.topic, T.id, M.edited_at FROM messages M, users U, threads T WHERE (M.content ILIKE :query OR T.topic ILIKE :query) AND M.user_id=U.id AND M.thread_id=T.id AND M.visible=true ORDER BY M.created_at ASC""" else: if users.is_admin(): sql = """SELECT M.content, U.username, M.created_at, M.user_id, M.id, M.visible, T.topic, T.id, M.edited_at FROM messages M, users U, threads T WHERE (M.content ILIKE :query OR T.topic ILIKE :query) AND M.user_id=U.id AND M.thread_id=T.id ORDER BY M.created_at DESC""" else: sql = """SELECT M.content, U.username, M.created_at, M.user_id, M.id, M.visible, T.topic, T.id, M.edited_at FROM messages M, users U, threads T WHERE (M.content ILIKE :query OR T.topic ILIKE :query) AND M.user_id=U.id AND M.thread_id=T.id AND M.visible=true ORDER BY M.created_at DESC""" # this would be better, but doesn't work for some reason #sql = """SELECT M.content, U.username, M.created_at, M.user_id, M.id, # M.visible, T.topic, T.id, M.edited_at # FROM messages M, users U, threads T # WHERE (M.content ILIKE :query OR T.topic ILIKE :query) AND M.user_id=U.id AND M.thread_id=T.id # AND M.visible=true # ORDER BY M.created_at :order""" #result = db.session.execute(sql, {"query":"%"+query+"%", "order":"%"+order+"%"}) result = db.session.execute(sql, {"query": "%" + query + "%"}) return result.fetchall()
def graveyard(): if users.is_admin(): user = request.args.get('resurrect', 0) if user == 0: buried = users.get_graveyard() return render_template("graveyard.html", buried=buried) else: if users.raise_dead(user): return redirect("/users") else: return render_template("error.html", message="Virhe pelaajan poistossa") else: return render_template("error.html", message="Ei oikeutta")
def edit_user(id): if users.is_admin() or users.user_id() == id: form = EditInfoForm(request.form) user = users.get_user(id) if players.is_player(id): player_id = players.get_player_id(id) player = players.get_player(player_id[0]) return render_template("edit_user.html", user=user, player=player, form=form) else: return render_template("edit_user.html", user=user, form=form) else: return render_template("error.html", message="Ei oikeutta")
def delete_thread(id): allow = False if users.logged(): if threads.get_thread(id)[0][3] == users.user_id(): allow = True elif users.is_admin(): allow = True if not allow: return redirect("/thread/" + str(id) + "/0/4") if session["csrf_token"] != request.form["csrf_token"]: return abort(403) threads.delete(id) return redirect("/")
def book(id): book = books.get_book(id) admin = users.is_admin() return render_template("book.html", name=book[0], genre=book[1], author=book[2], id=id, admin=admin, publisher=book[3], published_in=book[4], year=book[5], isbn=book[6])
def remove_restaurant(): if not users.is_admin(): return render_template("forbidden.html", message="Sinulla ei ole oikeutta nähdä tätä sivua") if request.method == "GET": restaurantnames = restaurants.get_list() return render_template("remove_restaurant.html", restaurants=restaurantnames) if request.method == "POST": restaurant_id = request.form["restaurant_to_be_removed"] check_csfr(request.form["csrf_token"], users.get_csrf()) restaurants.remove_restaurant(restaurant_id) return redirect("/")
def hide(id): allow = False if users.is_admin(): allow = True elif users.user_id() == get_user_id(id): allow = True if allow: sql = "UPDATE messages SET visible=false WHERE id=:id" db.session.execute(sql, {"id": id}) db.session.commit() return True else: return False
def post(self): token = self.request.get('token') response = {} if users.is_admin(token): email = self.request.get('email') user = users.User.with_email(email) if user: user.key.delete() response = {"success": True} else: response = {"success": False, "message": "No user with this email found"} else: response = {"success": False, "message": "Only admins can delete users"} send_json(self, response)
def course(id): course = courses.get_course_with_id(id) title = course[1] description = course[2] level = course[3] content = course[4] keyword = course[5] #check rights status = False if users.is_teacher(users.user_id()) or users.is_admin(users.user_id()): status = True #get questions and choices questionlist = questions.get_questions_with_course_id(id) return render_template("course.html", title=title, description = description, level=level, \ content=content, keyword=keyword, id=id, questions=questionlist, status=status)
def showuser(id): allow = False if (users.is_admin(users.user_id())): allow = True if (users.user_id() == id) or allow: user = users.user_all(id) firstname = user[1] lastname = user[2] username = user[3] status = user[5] return render_template("showuser.html", id=id, firstname=firstname, lastname=lastname, \ username=username, status=status, allow=allow) else: return render_template( "error.html", message="Sinulla ei ole oikeutta nähdä tätä sivua")
def leave(): if users.is_teacher(users.user_id()) or users.is_admin(users.user_id()): course_id = request.form["course_id"] student_id = request.form["student_id"] if students.leave_course(student_id, course_id): return redirect("/courses/" + str(course_id) + "/students") else: return render_template( "error.html", message="Kurssilta poistaminen ei onnistunut") else: course_id = request.form["course_id"] if students.leave_course(users.user_id(), course_id): return redirect("/welcome") else: return render_template( "error.html", message="Kurssilta poistuminen ei onnistunut")
def reject_user_from_group(group_id, username): if users.is_admin() or (users.authenticated and group_id in [n.id for n in get_user_groups()]): try: # Remove user request with username to group sql = """UPDATE groups SET requests=array_remove(requests,(SELECT id FROM users WHERE username=:username)) WHERE id=:group_id""" db.session.execute(sql, { "username": username, "group_id": group_id }) db.session.commit() return True except: return False
def handle_tell(who, what): who = who.lstrip() for user in users_not_to_answer: if re.search(user, who, flags=re.IGNORECASE): print('Ignoring user {}'.format(who)) return what = what.lstrip() if re.search('^play$', what, flags=re.IGNORECASE): tell(who, 'Not implemented') # TODO: call function starting the game here. elif re.search('^ngames', what, flags=re.IGNORECASE): qtell(who, 'Pending games:\n{}'.format(pending.get_pending_as_string())) elif re.search('^observe', what, flags=re.IGNORECASE): if users.is_admin(who) or users.is_td(who): # Ask the bot to observe particular game. observe(who, what) else: tell(who, 'Command unknown: {}'.format(what)) else: tell(who, 'Command unknown: {}'.format(what))