def link_account():
data = verify_jwt(request.args.get("token", ""))
form = BlankForm()
uid = data["uid"]
pid = data["pid"]
email = data["email"]
provider = data["provider"]
if form.validate_on_submit():
if provider == "Google":
GoogleLinks.add(uid=uid, gid=pid)
elif provider == "GitHub":
GithubLinks.add(uid=uid, gid=pid)
db_commit()
set_user(Users.query.filter_by(id=uid).first())
flash("Your account is now connected. Welcome back!",
category="SUCCESS")
return redirect("/", code=303)
# TODO GitHub
flash_form_errors(form)
return render_template("account/link-account.html",
uid=uid,
provider=provider,
email=email,
form=form)
def serve_user_sudo_edit_request(uid):
if user.roles.users <= UserRoles.default:
abort(403)
try:
uid = int(uid)
except:
return error_page(
404, message="/admin/user must be loaded with the user ID.")
target = Users.query.filter_by(id=uid).first()
if not target:
return error_page(404, message="There is no user with this ID.")
if UserRoles.admin > user.roles.users <= target.roles.users:
abort(403)
form = UserSudoAdminForm(
) if user.roles.users >= UserRoles.admin else UserSudoModeratorForm()
if form.validate_on_submit():
flash("Successfully updated user!", category="SUCCESS")
user_sudo_edit(target, form)
else:
flash_form_errors(form, "Changes were not saved!")
return render_template("adminpages/user.html",
sudo=True,
active="users",
target=target,
form=form)
def serve_lesson_edit(org, id):
lesson = Lessons.query.filter_by(oid=get_org_id(), id=id).first()
if not lesson:
return error_page(404, "There is no lesson with the ID %d." % id)
if not (user.organization_roles.lessons >= LessonRoles.admin
or user.organization_roles.lessons >= LessonRoles.default
and lesson.has_author(user.id)):
abort(403)
form = LessonEditForm(lesson)
if form.validate_on_submit():
if lesson_edit(lesson, form):
flash("Successfully deleted lesson!", category="SUCCESS")
return redirect("/organization/%s/admin/lessons/" % org, code=303)
flash("Successfully updated lesson!", category="SUCCESS")
else:
flash_form_errors(form, "Changes were not saved!")
return render_template("adminpages/lesson-edit.html",
sudo=True,
active="lessons",
lesson=lesson,
form=form)
def serve_topic_sudo_create_request(ptid):
if user.roles.topics <= TopicRoles.default:
abort(403)
parent_tid = ""
if ptid:
parent_tid = Topics.query.filter_by(id=ptid).first_or_404().tid
form = TopicSudoCreateForm()
if form.validate_on_submit():
Topics.add(ptid=ptid or None,
tid=form.tid.data,
name=form.name.data,
desc=form.description.data)
db_commit()
return redirect("/admin/topics/", code=303)
flash_form_errors(form)
return render_template("adminpages/topic_create.html",
sudo=True,
active="topics",
form=form,
ptid=parent_tid)
def serve_topic_sudo_edit_request(id):
if user.roles.topics <= TopicRoles.default:
abort(403)
topic = Topics.query.filter_by(id = id).first_or_404()
form = TopicSudoEditForm(topic)
if form.validate_on_submit():
topic.tid = form.tid.data
topic.name = form.name.data
topic.desc = form.description.data
db_commit()
flash("Successfully updated topic!", category = "SUCCESS")
flash_form_errors(form)
if form.tid.data is None:
form.tid.data = topic.tid
if form.name.data is None:
form.name.data = topic.name
if form.description.data is None:
form.description.data = topic.desc
return render_template("adminpages/topic_edit.html", sudo = True, active = "topics", form = form)
def serve_create_account_request():
if user:
return redirect(get_next_page(), code=303)
try:
email = get_email_from_token()
except RedirectError as e:
return e.response
u = Users.query.filter_by(email=email).first()
if u:
set_user(u)
flash(
"Welcome back! This email address already owns an account. If you wish to add/change your password, go to the Edit Profile page.",
category="SUCCESS")
return redirect(get_next_page(), code=303)
form = CreateAccountForm()
if form.validate_on_submit():
return serve_create_account(form)
form.legal_agreement.checked = False
flash_form_errors(form)
return render_template("account/create-account.html",
active="Sign Up",
form=form,
email=email,
next_page=get_next_page())
def serve_change_password_request():
form = ChangePasswordForm()
if form.validate_on_submit():
return serve_change_password(form)
flash_form_errors(form)
return render_template("account/change-password.html",
active="Account",
form=form)
def serve_edit_profile_request():
form = EditProfileForm(user)
if form.validate_on_submit():
edit_profile(form)
flash_form_errors(form, "Changes were not saved!")
return render_template("account/edit-profile.html",
active="Account",
form=form)
def serve_login_request():
reauth = request.args.get("reauth", "") == "yes"
if user and not reauth:
return redirect(get_next_page(), code = 303)
use_username = request.args.get("id", "username") == "username"
form = UsernameLoginForm() if use_username else EmailLoginForm()
if form.validate_on_submit():
return serve_login(form, use_username, reauth)
else:
flash_form_errors(form)
return serve_login_page(form, use_username, reauth)
def serve_news_sudo_create_request(org):
if user.organization_roles.news <= NewsRoles.default:
abort(403)
form = NewsSudoCreateForm()
if form.validate_on_submit():
flash("Successfully created news item!", category = "SUCCESS")
news_sudo_create(form, org)
return redirect("/organization/%s/admin/news/" % org, code = 303)
else:
flash_form_errors(form)
return render_template("adminpages/news-create.html", sudo = True, active = "news", form = form)
def oauth_create_account():
if user:
return redirect(get_next_page(), code=303)
try:
data = verify_jwt(request.args.get("token", ""))
except (InvalidJWT, ExpiredJWT):
return error_page(
code=400,
message="Invalid token in request. Please contact us.",
errorname="Bad Request")
form = OAuthCreateAccountForm()
if form.email.data is None and "email" in data:
form.email.data = data["email"]
if form.username.data is None and "username" in data:
form.username.data = data["username"]
if form.real_name.data is None and "real_name" in data:
form.real_name.data = data["real_name"]
if form.validate_on_submit():
new_user = create_blank_account(form.email.data, form.username.data,
form.real_name.data,
form.subscribed.data)
if data["provider"] == "Google":
GoogleLinks.add(uid=new_user.id, gid=data["pid"])
elif data["provider"] == "GitHub":
GithubLinks.add(uid=new_user.id, gid=data["pid"])
db_commit()
set_user(new_user)
flash("Welcome!", category="SUCCESS")
return redirect(get_next_page(), code=303)
flash_form_errors(form)
form.legal_agreement.checked = False
return render_template("account/oauth-create-account.html",
active="Sign Up",
form=form,
next_page=get_next_page(),
provider=data["provider"])
def reset_password():
if user:
return redirect(get_next_page(), code=303)
form = ResetPasswordForm()
if form.validate_on_submit():
email = form.email.data
send_reset_email(email)
return redirect("/reset-limbo/?email=%s" % email)
flash_form_errors(form)
return render_template("account/reset-password.html",
active="Log In",
form=form)
def serve_organization_landing(org):
form = OrganizationJoinByCodeForm()
organization = Organizations.query.filter_by(id=get_org_id()).first()
if form.validate_on_submit():
organization.add_user(user)
db_commit()
flash("Joined %s!" % organization.name, category="SUCCESS")
flash_form_errors(form)
return render_template("organizations/landing.html",
active="Organizations",
organization=organization,
form=form)
def serve_lesson_create_request(org):
if user.organization_roles.lessons <= LessonRoles.default:
abort(403)
form = LessonCreateForm()
if form.validate_on_submit():
flash("Successfully created lesson item!", category="SUCCESS")
lesson_admin_create(form, org)
return redirect("/organization/%s/admin/lessons/" % org, code=303)
else:
flash_form_errors(form)
return render_template("adminpages/lesson-create.html",
sudo=True,
active="lessons",
form=form)
def serve_signup_request():
if user:
return redirect("/", code=303)
form = SignupForm()
if form.validate_on_submit():
email = form.email.data.strip()
if Users.query.filter_by(email=email).count() > 0:
link_email(email, get_next_page())
else:
verify_email(email, get_next_page())
return redirect("/signup-limbo/?email=%s" % email, code=303)
flash_form_errors(form)
return render_template("account/signup.html",
active="Sign Up",
next_page=get_next_page(),
form=form)
def serve_attendance(org):
form = AttendanceForm()
if form.validate_on_submit():
AttendanceRecords.add(cid=AttendanceCodes.query.filter_by(
code=form.attendance_code.data.strip()).first().id,
oid=get_org_id(),
uid=user.id,
time=get_time())
db_commit()
flash("Your attendance was confirmed!", category="SUCCESS")
flash_form_errors(form)
return render_template(
"account/attendance.html",
form=form,
off=(AttendanceCodes.query.filter_by(oid=get_org_id()).count() == 0))
def serve_news_sudo_edit_request(org, id):
article = News.query.filter_by(oid = get_org_id(), id = id).first()
if not article:
return error_page(404, "There is no news item with the ID %d." % id)
if not (user.organization_roles.news >= NewsRoles.moderator or user.organization_roles.news >= NewsRoles.default and article.has_author(user.id)):
abort(403)
form = NewsSudoEditForm(article)
if form.validate_on_submit():
if news_sudo_edit(article, form):
flash("Successfully deleted news item!", category = "SUCCESS")
return redirect("/organization/%s/admin/news/" % org, code = 303)
flash("Successfully updated news item!", category = "SUCCESS")
else:
flash_form_errors(form, "Changes were not saved!")
return render_template("adminpages/news-edit.html", sudo = True, active = "news", article = article, form = form)
def serve_organization_sudo(org):
if user.organization_roles.admin < OrganizationManagerRoles.admin:
abort(403)
form = OrganizationSudoForm()
organization = Organizations.query.filter_by(id=get_org_id()).first()
if form.validate_on_submit():
organization.name = form.name.data
organization.desc = form.description.data
organization.join_code = form.join_code.data
organization.can_join_code = form.can_join_code.data
organization.can_apply = form.can_apply.data
db_commit()
flash("Successfully updated organization!", category="SUCCESS")
if form.name.data is None:
form.name.data = organization.name
if form.description.data is None:
form.description.data = organization.desc
if form.join_code.data is None:
form.join_code.data = organization.join_code
form.can_join_code.data = organization.can_join_code
form.can_apply.data = organization.can_apply
flash_form_errors(form)
return render_template("adminpages/organization.html",
sudo=True,
active="organization",
form=form)
