def forms(org_label, form_label): ''' show the forms if there's a label included in the route, render that form alone ''' user = User.objects(email=session['email'])[0] # find the relevant organization orgs = Organization.objects(label=org_label) if not orgs: app.logger.error('%s tried to access an organization that does not \ exist' % session['email']) flash('Organization "%s" not found, sorry!' % org_label, 'warning') return redirect(url_for('organizations')) org = orgs[0] # permission-check if org not in user.organizations and not user.admin_rights: app.logger.error('%s tried to access an organization but was denied \ for want of admin rights' % session['email']) abort(404) if request.method == 'POST': if not form_label: abort(404) forms = Form.objects(label=form_label, organization=org) if not forms: app.logger.error('%s tried to access a form that does not \ exist' % session['email']) flash('Form "%s" does not exist, sorry!' % form_label, 'warning') return redirect(url_for('forms', org_label=org_label)) form = forms[0] form_type = request.form.get('form_type', '') if form_type == 'info': name = request.form.get('name', '') form.name = name form.label = str(escape(name).replace(' ', '-')).lower() form.description = request.form.get('description', '') elif form_type == 'admin': # blow away the form itself name = form.name utilities.delete_form(form) app.logger.info('%s deleted %s' % (session['email'], name)) flash('form "%s" was deleted' % name, 'success') return redirect(url_for('organizations', org_label=org.label)) else: # bad 'form_type' abort(404) try: form.save() flash('Changes to this form were saved successfully', 'success') return redirect(url_for('forms', org_label=org_label , form_label=form.label)) except: form.reload() app.logger.error('%s experienced an error saving info about form \ "%s"' % (session['email'], request.form['name'])) flash('Error saving changes, sorry. Is the name unique?', 'error') return redirect(url_for('forms', org_label=org_label , form_label=form_label)) if request.method == 'GET': if form_label: forms = Form.objects(label=form_label, organization=org) if not forms: app.logger.error('%s tried to access a form that does not \ exist' % session['email']) flash('Form "%s" does not exist, sorry!' % form_label , 'warning') return redirect(url_for('organizations', org_label=org_label)) form = forms[0] if request.args.get('edit', '') == 'true': return render_template('form_edit.html', form=form) else: # count the number of entities question_count = Question.objects(form=form).count() response_count = Response.objects(form=form).count() return render_template('form.html', form=form , question_count=question_count , response_count=response_count) if request.args.get('create', '') == 'true': # create a new form try: form_name = 'form-%s' % utilities.generate_random_string(6) new_form = Form( calling_code = utilities.generate_calling_code(6) , label = form_name.lower() , organization = org , name = form_name ) new_form.save() app.logger.info('form created by %s' % session['email']) flash('Form created; please change the defaults', 'success') # redirect to the editing screen return redirect(url_for('forms', org_label=org_label , form_label=new_form.label, edit='true')) except: app.logger.error('form creation failed for %s' % \ session['email']) flash('There was an error in the form, sorry :/', 'error') return redirect(url_for('forms', org_label=org_label)) # nobody in particular was specified; punt for now abort(404) '''
def organizations(org_label): ''' show the organizations if there's a label included in the route, render that organization alone ''' user = User.objects(email=session['email'])[0] if request.method == 'POST': orgs = Organization.objects(label=org_label) if not orgs: abort(404) org = orgs[0] # permission-check if org not in user.organizations and not user.admin_rights: app.logger.error('%s tried to edit an organization but was \ denied for want of admin rights' % session['email']) abort(404) form_type = request.form.get('form_type', '') if form_type == 'info': if org.name != request.form.get('name', ''): app.logger.info('%s edited the name of %s to %s' % ( session['email'], org.name, request.form.get('name', ''))) name = request.form.get('name', '') org.name = name org.label = str(escape(name).replace(' ', '-')).lower() if org.description != request.form.get('description', ''): app.logger.info('%s edited the description of %s to %s' % ( session['email'], org.name , request.form.get('description', ''))) org.description = request.form.get('description', '') if org.location != request.form.get('location', ''): app.logger.info('%s edited the location of %s to %s' % ( session['email'], org.name , request.form.get('location', ''))) org.location = request.form.get('location', '') elif form_type == 'add_members': # push membership target = request.form.get('add_member_email', '') new_members = User.objects(email=target) if not new_members: flash('we cannot find "%s", has it been registered?' % \ target, 'error') return redirect(url_for('organizations', org_label=org.label)) new_member = new_members[0] # already a member? if org in new_member.organizations: flash('"%s" is already a member of "%s"' % (target, org.name) , 'warning') return redirect(url_for('organizations', org_label=org.label)) else: # add them new_member.update(push__organizations=org) flash('successfully added "%s" to "%s"' % (target, org.name) , 'success') return redirect(url_for('organizations', org_label=org.label)) elif form_type == 'remove_members': # push/pull membership target = request.form.get('remove_member_email', '') old_members = User.objects(email=target) if not old_members: flash('we cannot find "%s", has it been registered?' % \ target, 'error') return redirect(url_for('organizations', org_label=org.label)) old_member = old_members[0] # not yet a member? if org not in old_member.organizations: flash('"%s" is not yet a member of "%s"' % (target, org.name) , 'warning') return redirect(url_for('organizations', org_label=org.label)) else: # drop 'em old_member.update(pull__organizations=org) flash('successfully removed "%s" from %s' % (target, org.name) , 'info') return redirect(url_for('organizations', org_label=org.label)) elif form_type == 'admin': # delete the organization; permission-check first if not user.admin_rights: app.logger.error('%s tried to delete %s but was denied for \ want of admin rights' % (session['email'], org.name)) abort(404) # revoke membership first members = User.objects(organizations=org) for member in members: member.update(pull__organizations=org) # delete all associated forms forms = Form.objects(organization=org) for form in forms: utilities.delete_form(form) # blow away the org itself name = org.name org.delete() app.logger.info('%s deleted %s' % (session['email'], name)) flash('organization "%s" was deleted' % name, 'success') return redirect(url_for('organizations')) else: # bad 'form_type' abort(404) try: org.save() flash('changes saved successfully', 'success') except: org.reload() app.logger.error('%s experienced an error saving info about %s' % ( session['email'], request.form['name'])) flash('Error saving changes, is the name unique?', 'error') return redirect(url_for('organizations', org_label=org.label , edit='true')) if request.method == 'GET': if org_label: orgs = Organization.objects(label=org_label) if not orgs: app.logger.error('%s tried to access an organization that \ does not exist' % session['email']) flash('Organization "%s" not found, sorry!' % org_label , 'warning') return redirect(url_for('organizations')) org = orgs[0] # permission-check if org not in user.organizations and not user.admin_rights: app.logger.error('%s tried to access an organization but was \ denied for want of admin rights' % session['email']) abort(404) if request.args.get('edit', '') == 'true': users = User.objects(organizations=org) return render_template('organization_edit.html' , organization=org, users=users) else: # get all the members users = User.objects(organizations=org) # get all relevant forms forms = Form.objects(organization=org) return render_template('organization.html', organization=org , users=users, forms=forms) if request.args.get('create', '') == 'true': # create a new form # permissions-check if not user.admin_rights: app.logger.error('%s tried to create an organization but was \ denied for want of admin rights' % session['email']) abort(404) # CSRF validation: token = request.args.get('token', '') if not verify_token(token): app.logger.error('organization-creation CSRF attempt on %s' % session['email']) abort(403) try: org_name = 'org-%s' % utilities.generate_random_string(6) new_org = Organization( label = org_name.lower() , name = org_name ) new_org.save() app.logger.info('organization created by %s' % \ session['email']) flash('organization created; please change the defaults', 'success') except: app.logger.error('organization creation failed for %s' % \ session['email']) flash('There was an error in the form, sorry :/', 'error') return redirect(url_for('organizations')) # redirect to the editing screen return redirect(url_for('organizations', org_label=new_org.label , edit='true')) # nobody in particular was specified; show em all if user.admin_rights: orgs = Organization.objects() else: orgs = user.organizations # find the users for each org users = {} for org in orgs: users[org.name] = User.objects(organizations=org) return render_template('organizations.html', organizations=orgs , users=users)
def organizations(org_label): ''' show the organizations if there's a label included in the route, render that organization alone ''' user = User.objects(email=session['email'])[0] if request.method == 'POST': orgs = Organization.objects(label=org_label) if not orgs: abort(404) org = orgs[0] # permission-check if org not in user.organizations and not user.admin_rights: app.logger.error('%s tried to edit an organization but was \ denied for want of admin rights' % session['email']) abort(404) form_type = request.form.get('form_type', '') if form_type == 'info': if org.name != request.form.get('name', ''): app.logger.info( '%s edited the name of %s to %s' % (session['email'], org.name, request.form.get('name', ''))) name = request.form.get('name', '') org.name = name org.label = str(escape(name).replace(' ', '-')).lower() if org.description != request.form.get('description', ''): app.logger.info('%s edited the description of %s to %s' % (session['email'], org.name, request.form.get('description', ''))) org.description = request.form.get('description', '') if org.location != request.form.get('location', ''): app.logger.info('%s edited the location of %s to %s' % (session['email'], org.name, request.form.get('location', ''))) org.location = request.form.get('location', '') elif form_type == 'add_members': # push membership target = request.form.get('add_member_email', '') new_members = User.objects(email=target) if not new_members: flash('we cannot find "%s", has it been registered?' % \ target, 'error') return redirect(url_for('organizations', org_label=org.label)) new_member = new_members[0] # already a member? if org in new_member.organizations: flash('"%s" is already a member of "%s"' % (target, org.name), 'warning') return redirect(url_for('organizations', org_label=org.label)) else: # add them new_member.update(push__organizations=org) flash('successfully added "%s" to "%s"' % (target, org.name), 'success') return redirect(url_for('organizations', org_label=org.label)) elif form_type == 'remove_members': # push/pull membership target = request.form.get('remove_member_email', '') old_members = User.objects(email=target) if not old_members: flash('we cannot find "%s", has it been registered?' % \ target, 'error') return redirect(url_for('organizations', org_label=org.label)) old_member = old_members[0] # not yet a member? if org not in old_member.organizations: flash('"%s" is not yet a member of "%s"' % (target, org.name), 'warning') return redirect(url_for('organizations', org_label=org.label)) else: # drop 'em old_member.update(pull__organizations=org) flash('successfully removed "%s" from %s' % (target, org.name), 'info') return redirect(url_for('organizations', org_label=org.label)) elif form_type == 'admin': # delete the organization; permission-check first if not user.admin_rights: app.logger.error('%s tried to delete %s but was denied for \ want of admin rights' % (session['email'], org.name)) abort(404) # revoke membership first members = User.objects(organizations=org) for member in members: member.update(pull__organizations=org) # delete all associated forms forms = Form.objects(organization=org) for form in forms: utilities.delete_form(form) # blow away the org itself name = org.name org.delete() app.logger.info('%s deleted %s' % (session['email'], name)) flash('organization "%s" was deleted' % name, 'success') return redirect(url_for('organizations')) else: # bad 'form_type' abort(404) try: org.save() flash('changes saved successfully', 'success') except: org.reload() app.logger.error('%s experienced an error saving info about %s' % (session['email'], request.form['name'])) flash('Error saving changes, is the name unique?', 'error') return redirect( url_for('organizations', org_label=org.label, edit='true')) if request.method == 'GET': if org_label: orgs = Organization.objects(label=org_label) if not orgs: app.logger.error('%s tried to access an organization that \ does not exist' % session['email']) flash('Organization "%s" not found, sorry!' % org_label, 'warning') return redirect(url_for('organizations')) org = orgs[0] # permission-check if org not in user.organizations and not user.admin_rights: app.logger.error('%s tried to access an organization but was \ denied for want of admin rights' % session['email']) abort(404) if request.args.get('edit', '') == 'true': users = User.objects(organizations=org) return render_template('organization_edit.html', organization=org, users=users) else: # get all the members users = User.objects(organizations=org) # get all relevant forms forms = Form.objects(organization=org) return render_template('organization.html', organization=org, users=users, forms=forms) if request.args.get('create', '') == 'true': # create a new form # permissions-check if not user.admin_rights: app.logger.error('%s tried to create an organization but was \ denied for want of admin rights' % session['email']) abort(404) # CSRF validation: token = request.args.get('token', '') if not verify_token(token): app.logger.error('organization-creation CSRF attempt on %s' % session['email']) abort(403) try: org_name = 'org-%s' % utilities.generate_random_string(6) new_org = Organization(label=org_name.lower(), name=org_name) new_org.save() app.logger.info('organization created by %s' % \ session['email']) flash('organization created; please change the defaults', 'success') except: app.logger.error('organization creation failed for %s' % \ session['email']) flash('There was an error in the form, sorry :/', 'error') return redirect(url_for('organizations')) # redirect to the editing screen return redirect( url_for('organizations', org_label=new_org.label, edit='true')) # nobody in particular was specified; show em all if user.admin_rights: orgs = Organization.objects() else: orgs = user.organizations # find the users for each org users = {} for org in orgs: users[org.name] = User.objects(organizations=org) return render_template('organizations.html', organizations=orgs, users=users)
def forms(org_label, form_label): ''' show the forms if there's a label included in the route, render that form alone ''' user = User.objects(email=session['email'])[0] # find the relevant organization orgs = Organization.objects(label=org_label) if not orgs: app.logger.error('%s tried to access an organization that does not \ exist' % session['email']) flash('Organization "%s" not found, sorry!' % org_label, 'warning') return redirect(url_for('organizations')) org = orgs[0] # permission-check if org not in user.organizations and not user.admin_rights: app.logger.error('%s tried to access an organization but was denied \ for want of admin rights' % session['email']) abort(404) if request.method == 'POST': if not form_label: abort(404) forms = Form.objects(label=form_label, organization=org) if not forms: app.logger.error('%s tried to access a form that does not \ exist' % session['email']) flash('Form "%s" does not exist, sorry!' % form_label, 'warning') return redirect(url_for('forms', org_label=org_label)) form = forms[0] form_type = request.form.get('form_type', '') if form_type == 'info': name = request.form.get('name', '') form.name = name form.label = str(escape(name).replace(' ', '-')).lower() form.description = request.form.get('description', '') elif form_type == 'admin': # blow away the form itself name = form.name utilities.delete_form(form) app.logger.info('%s deleted %s' % (session['email'], name)) flash('form "%s" was deleted' % name, 'success') return redirect(url_for('organizations', org_label=org.label)) else: # bad 'form_type' abort(404) try: form.save() flash('Changes to this form were saved successfully', 'success') return redirect( url_for('forms', org_label=org_label, form_label=form.label)) except: form.reload() app.logger.error('%s experienced an error saving info about form \ "%s"' % (session['email'], request.form['name'])) flash('Error saving changes, sorry. Is the name unique?', 'error') return redirect( url_for('forms', org_label=org_label, form_label=form_label)) if request.method == 'GET': if form_label: forms = Form.objects(label=form_label, organization=org) if not forms: app.logger.error('%s tried to access a form that does not \ exist' % session['email']) flash('Form "%s" does not exist, sorry!' % form_label, 'warning') return redirect(url_for('organizations', org_label=org_label)) form = forms[0] if request.args.get('edit', '') == 'true': return render_template('form_edit.html', form=form) else: # count the number of entities question_count = Question.objects(form=form).count() response_count = Response.objects(form=form).count() return render_template('form.html', form=form, question_count=question_count, response_count=response_count) if request.args.get('create', '') == 'true': # create a new form # CSRF validation: token = request.args.get('token', '') if not verify_token(token): app.logger.error('organization-creation CSRF attempt on %s' % session['email']) abort(403) try: form_name = 'form-%s' % utilities.generate_random_string(6) new_form = Form( calling_code=utilities.generate_calling_code(6), label=form_name.lower(), organization=org, name=form_name) new_form.save() app.logger.info('form created by %s' % session['email']) flash('Form created; please change the defaults', 'success') # redirect to the editing screen return redirect( url_for('forms', org_label=org_label, form_label=new_form.label, edit='true')) except: app.logger.error('form creation failed for %s' % \ session['email']) flash('There was an error in the form, sorry :/', 'error') return redirect(url_for('forms', org_label=org_label)) # nobody in particular was specified; punt for now abort(404) '''