def folder_view(folder_id): folder = get_folder(folder_id) bc = breadcrumbs_for(folder) actions.context['object'] = folder ctx = dict(folder=folder, children=folder.filtered_children, breadcrumbs=bc, csrf_token=csrf.field()) return render_template("documents/folder.html", **ctx)
def members(): g.breadcrumb.append( BreadcrumbItem(label=_(u'Members'), url=Endpoint('communities.members', community_id=g.community.slug))) memberships = _members_query().all() return render_template("community/members.html", seconds_since_epoch=seconds_since_epoch, memberships=memberships, csrf_token=csrf.field())
def render(self, item, form, related_views=()): mapper = sa.orm.class_mapper(item.__class__) panels = [] _to_skip = (None, False, 0, 0.0, '', u'-') for panel in self.panels: data = {} field_name_iter = (fn for row in panel.rows for fn in row) for name in field_name_iter: field = form._fields[name] if field.is_hidden: continue value = field.data if not isinstance(field, FileField) and not field.flags.render_empty: if value in _to_skip: continue value = Markup(field.render_view(entity=item)) if value == u'': # related models may have [] as value, but we don't discard this type # of value in order to let widget a chance to render something useful # like an 'add model' button. # # if it renders an empty string, there's really no point in rendering # a line for this empty field continue label = self.label_for(field, mapper, name) data[name] = (label, value) if data: panels.append((panel, data,)) template = filter(bool, (self.options.get('view_template'), 'widgets/render_single.html')) return Markup(render_template(template, view=self, related_views=related_views, csrf_token=csrf.field(), entity=item, panels=panels, form=form))
def document_view(doc_id): doc = get_document(doc_id) check_read_access(doc) doc.ensure_antivirus_scheduled() db.session.commit() bc = breadcrumbs_for(doc) actions.context['object'] = doc if doc.content_type.startswith("image/"): add_to_recent_items(doc, "image") else: add_to_recent_items(doc, "document") has_preview = doc.has_preview() audit_entries = audit_service.entries_for(doc) ctx = dict(doc=doc, audit_entries=audit_entries, breadcrumbs=bc, folder=doc.parent, has_preview=has_preview, csrf_token=csrf.field()) return render_template("documents/document.html", **ctx)
def post(self): # Manual security check, should be done by the framework instead. if not self.is_accessible(): raise InternalServerError() if request.form['_action'] == 'cancel': return redirect(url_for(".sbe_notifications")) form = SbeNotificationsForm(request.form, prefix=self.id) if form.validate(): preferences = app.services['preferences'] for field_name, field in form._fields.items(): if field is form.csrf_token: continue key = 'sbe:notifications:{}'.format(field_name) value = field.data preferences.set_preferences(**{key: value}) db.session.commit() flash(_(u"Preferences saved."), "info") return redirect(url_for(".sbe_notifications")) else: return render_template("preferences/sbe_notifications.html", form=form, csrf_token=csrf.field())
def descendants_view(folder_id): folder = get_folder(folder_id) bc = breadcrumbs_for(folder) actions.context['object'] = folder root_path_ids = folder._indexable_parent_ids + '/{}'.format(folder.id) svc = current_app.services['indexing'] # yapf: disable filters = wq.And([wq.Term('community_id', folder.community.id), wq.Term('parent_ids', root_path_ids), wq.Or([wq.Term('object_type', Folder.entity_type), wq.Term('object_type', Document.entity_type)])]) # yapf: enable results = svc.search('', filter=filters, limit=None) by_path = {} owner_ids = set() for hit in results: by_path.setdefault(hit['parent_ids'], []).append(hit) owner_type, owner_id = hit['owner'].split(':') if owner_type == 'user': try: owner_id = int(owner_id) owner_ids.add(owner_id) except ValueError: pass for children in by_path.values(): children.sort(key=lambda hit: (hit['object_type'] != Folder. entity_type, hit['name'].lower())) descendants = [] def visit(path_id, level=0): children = by_path.get(path_id, ()) for child in children: is_folder = child['object_type'] == Folder.entity_type type_letter = 'F' if is_folder else 'D' descendants.append((level, type_letter, child)) if is_folder: path_id = child['parent_ids'] + '/{}'.format(child['id']) visit(path_id, level + 1) visit(root_path_ids, 0) owners = dict() owners_query = User.query \ .filter(User.id.in_(owner_ids)) \ .add_column(sa.sql.func.concat('user:'******'key')) for user, key in owners_query: owners[key] = user ctx = { 'folder': folder, 'descendants': descendants, 'owners': owners, 'breadcrumbs': bc, 'get_icon': get_icon_for_hit, 'csrf_token': csrf.field(), } return render_template("documents/descendants.html", **ctx)
def permissions(folder_id): folder = get_folder(folder_id) check_manage_access(folder) bc = breadcrumbs_for(folder) actions.context['object'] = folder local_roles_assignments = folder.get_local_roles_assignments() principals = set((p for p, r in local_roles_assignments)) security._fill_role_cache_batch(principals) users_and_local_roles = [(user, role, repository.has_access(user, folder)) for user, role in local_roles_assignments if isinstance(user, User)] groups_and_local_roles = [ t for t in local_roles_assignments if isinstance(t[0], Group) ] users_and_inherited_roles = groups_and_inherited_roles = () if folder.inherit_security: inherited_roles_assignments = folder.get_inherited_roles_assignments() users_and_inherited_roles = [ (user, role, False) for user, role in inherited_roles_assignments if isinstance(user, User) ] groups_and_inherited_roles = [ t for t in inherited_roles_assignments if isinstance(t[0], Group) ] query = Group.query query = query.order_by(func.lower(Group.name)) all_groups = query.all() class EntryPresenter(object): _USER_FMT = ('<a href="{{ url_for("social.user", user_id=user.id) }}">' '{{ user.name }}</a>') _GROUP_FMT = ( '<a href="{{ url_for("social.group_home", group_id=group.id)' ' }}">{{ group.name }}</a>') def __init__(self, e): render = render_template_string self.entry = e self.date = e.happened_at.strftime('%Y-%m-%d %H:%M') self.manager = render( '<img src="{{ user_photo_url(e.manager, size=16) }}" alt="" />' '<a href="{{ url_for("social.user", user_id=e.manager_id) }}">' '{{ e.manager.name }}</a>', e=e) if e.op == e.SET_INHERIT: msg = _('On {date}, {manager} has activated inheritance') elif e.op == e.UNSET_INHERIT: msg = _('On {date}, {manager} has deactivated inheritance') elif e.op == e.GRANT: msg = _( 'On {date}, {manager} has given role "{role}" to {principal}' ) elif e.op == e.REVOKE: msg = _('On {date}, {manager} has revoked role "{role}" from ' '{principal}') else: raise Exception("Unknown audit entry type %s" % e.op) principal = '' if self.entry.user: principal = render(self._USER_FMT, user=self.entry.user) elif self.entry.group: principal = render(self._GROUP_FMT, group=self.entry.group) self.msg = Markup( msg.format(date=self.date, manager=self.manager, role=self.entry.role, principal=principal)) audit_entries = [EntryPresenter(e) for e in security.entries_for(folder)] csrf_token = csrf.field() ctx = dict(folder=folder, users_and_local_roles=users_and_local_roles, users_and_inherited_roles=users_and_inherited_roles, groups_and_local_roles=groups_and_local_roles, groups_and_inherited_roles=groups_and_inherited_roles, audit_entries=audit_entries, csrf_token=csrf_token, all_groups=all_groups, breadcrumbs=bc) return render_template("documents/permissions.html", **ctx)
def group_home(group_id): e = Env(csrf_token=csrf.field()) e.group = Group.query.get(group_id) e.is_admin = is_admin(e.group) return render_template("social/group.html", **e)