def edit_user(guid): if not current_user.is_admin: flash(_('Only an admin can edit users!')) log_page_access_denied(request, current_user) return redirect(url_for('main.users')) log_page_access(request, current_user) user = User.get_by_guid_or_404(guid) admin = User.query.filter_by(username='******').first() if user == admin: flash(_('You cannot change the master admin!')) return redirect(url_for('main.users')) form = EditUserForm(user.username, user.email) form.locale.choices = [(x, x) for x in current_app.config['LANGUAGES']] if form.validate_on_submit(): user.username = form.username.data, user.email = form.email.data, user.locale = form.locale.data, user.about_me = form.about_me.data user.is_admin = form.is_admin.data if form.password.data: user.set_password(form.password.data) user.get_token() db.session.commit() flash(_('Your changes have been saved.')) return redirect(url_for('main.users')) elif request.method == 'GET': form.username.data = user.username form.email.data = user.email form.locale.data = user.locale form.about_me.data = user.about_me form.is_admin.data = user.is_admin return render_template('edit_form.html', title=_('Edit User'), form=form)
def image(guid): log_page_access(request, current_user) image = Image.get_by_guid_or_404(guid) return render_template('image.html', title=_('Image'), image=image, allow_turning=(not image.vector))
def getcookie(): log_page_access(request, current_user) text = request.cookies.get('TESTtext') response = make_response(( '<h1>Text from the cookie: </h1><br>' + text) if text is not None else '<h1>No cookie found</h1>') return response
def user(guid): user = User.get_by_guid_or_404(guid) log_page_access(request, current_user) return render_template('user.html', title=_('User %(username)s', username=user.username), user=user)
def edit_currency(guid): if not current_user.is_admin: flash(_('Only an admin is allowed to edit currencies!')) log_page_access_denied(request, current_user) return redirect(url_for('main.currencies')) log_page_access(request, current_user) currency = Currency.get_by_guid_or_404(guid) form = CurrencyForm() if form.validate_on_submit(): currency.code = form.code.data currency.name = form.name.data currency.number = form.number.data currency.exponent = form.exponent.data currency.inCHF = form.inCHF.data currency.description = form.description.data db.session.commit() flash(_('Your changes have been saved.')) return redirect(url_for('main.currencies')) elif request.method == 'GET': form.code.data = currency.code form.name.data = currency.name form.number.data = currency.number form.exponent.data = currency.exponent form.inCHF.data = currency.inCHF form.description.data = currency.description return render_template('edit_form.html', title=_('Edit Currency'), form=form)
def export_posts(): log_page_access(request, current_user) if current_user.get_task_in_progress('export_posts'): flash(_('An export task is currently in progress')) else: current_user.launch_task('export_posts', _('Exporting posts...')) db.session.commit() return redirect(url_for('main.user', guid=current_user.guid))
def log_trace(id): log = Log.query.get_or_404(id) if not log.can_view(current_user): flash(_('Your are only allowed to view your own logs!')) log_page_access_denied(request, current_user) return redirect(url_for('main.logs')) log_page_access(request, current_user) return render_template('trace.html', log=log, title=_('Trace'))
def set_admin(guid): user = User.get_by_guid_or_404(guid) if not current_user.is_admin: flash(_('Only an admin can set the admin rights!')) log_page_access_denied(request, current_user) return redirect(url_for('main.user', username=user.username)) log_page_access(request, current_user) user.is_admin = True db.session.commit() return redirect(url_for('main.user', guid=user.guid))
def consume_time(amount): log_page_access(request, current_user) if current_user.get_task_in_progress('consume_time'): flash(_('A time consuming task is currently in progress')) else: current_user.launch_task('consume_time', _('Consuming %(amount)s s of time...', amount=amount), amount=int(amount)) db.session.commit() return redirect(url_for('main.user', guid=current_user.guid))
def users(): log_page_access(request, current_user) page = request.args.get('page', 1, type=int) users = User.query.order_by(User.username.asc()).paginate( page, current_app.config['ITEMS_PER_PAGE'], False) next_url = url_for('main.users', page=users.next_num) if users.has_next else None prev_url = url_for('main.users', page=users.prev_num) if users.has_prev else None return render_template('users.html', title=_('Current users'), users=users.items, next_url=next_url, prev_url=prev_url)
def revoke_admin(guid): user = User.get_by_guid_or_404(guid) admin = User.query.filter_by(username='******').first() if user == admin: flash(_('You cannot change the master admin!')) return redirect(url_for('main.user', guid=user.guid)) if not current_user.is_admin: flash(_('Only an admin can revoke the admin rights!')) log_page_access_denied(request, current_user) return redirect(url_for('main.user', guid=user.guid)) log_page_access(request, current_user) user.is_admin = False db.session.commit() return redirect(url_for('main.user', guid=user.guid))
def remove_task(guid): task = Task.get_by_guid_or_404(guid) if not task.can_edit(current_user): flash(_('Your are only allowed to delete your own task!')) log_page_access_denied(request, current_user) return redirect(url_for('main.tasks')) log_page_access(request, current_user) task_name = task.name task_username = task.user.username db.session.delete(task) db.session.commit() flash( _('Task %(name)s from user %(username)s has been removed', name=task_name, username=task_username)) return redirect(url_for('main.tasks'))
def create_error(): if not current_user.is_admin: flash(_('Only an admin can create errors!')) log_page_access_denied(request, current_user) return redirect(url_for('main.logs')) log_page_access(request, current_user) key = request.args.get('key', 'TYPE_ERROR', type=str) if key == 'TYPE_ERROR': test_str = 'asdf' test_number = test_str + 5 flash( _('This flash should never show up: %(test_number)s', test_number=test_number)) db.session.commit() return redirect(url_for('main.logs'))
def currencies(): log_page_access(request, current_user) page = request.args.get('page', 1, type=int) currencies = Currency.query.order_by(Currency.code.asc()).paginate( page, current_app.config['ITEMS_PER_PAGE'], False) next_url = url_for( 'main.currencies', page=currencies.next_num) if currencies.has_next else None prev_url = url_for( 'main.currencies', page=currencies.prev_num) if currencies.has_prev else None return render_template('currencies.html', title=_('Current currencies'), currencies=currencies.items, allow_new=current_user.is_admin, next_url=next_url, prev_url=prev_url)
def edit_profile(): log_page_access(request, current_user) form = EditProfileForm(current_user.username) form.locale.choices = [(x, x) for x in current_app.config['LANGUAGES']] if form.validate_on_submit(): current_user.username = form.username.data current_user.about_me = form.about_me.data current_user.locale = form.locale.data db.session.commit() flash(_('Your changes have been saved.')) return redirect(url_for('main.user', guid=current_user.guid)) elif request.method == 'GET': form.username.data = current_user.username form.about_me.data = current_user.about_me form.locale.data = current_user.locale return render_template('edit_form.html', title=_('Edit Profile'), form=form)
def statistics(): log_page_access(request, current_user) if current_user.is_admin: classes = [ Currency, User, Message, Notification, Image, Log, Task, Event, EventUser, EventCurrency, Expense, Settlement, Post ] else: classes = [ Message, Notification, Log, Task, Expense, Settlement, Event, EventUser, EventCurrency, Post ] statistics = [] for c in classes: statistics.extend(c.get_class_stats(current_user)) return render_template('statistics.html', rows=statistics, title=_('Statistics'))
def logs(): log_page_access(request, current_user) page = request.args.get('page', 1, type=int) severity = request.args.get('severity', None, type=str) filters = [] if severity is not None: filters.append(Log.severity == severity.upper()) if not current_user.is_admin: filters.append(Log.user == current_user) logs = Log.query.filter(*filters).order_by(Log.date.desc()).paginate( page, current_app.config['ITEMS_PER_PAGE'], False) next_url = url_for('main.logs', page=logs.next_num) \ if logs.has_next else None prev_url = url_for('main.logs', page=logs.prev_num) \ if logs.has_prev else None return render_template('logs.html', logs=logs.items, title=_('Logs'), next_url=next_url, prev_url=prev_url)
def edit_profile_picture(): log_page_access(request, current_user) form = ImageForm() if form.validate_on_submit(): try: image_filename = images.save(request.files['image']) image_path = images.path(image_filename) current_user.launch_task('import_image', _('Importing %(filename)s...', filename=image_filename), path=image_path, add_to_class='User', add_to_id=current_user.id) db.session.commit() flash(_('Your changes have been saved.')) except UploadNotAllowed: flash(_('Invalid or empty image.')) return redirect(url_for('main.user', guid=current_user.guid)) return render_template('edit_form.html', title=_('Profile Picture'), form=form)
def new_user(): if not current_user.is_admin: flash(_('Only an admin can create new users!')) log_page_access_denied(request, current_user) return redirect(url_for('main.users')) log_page_access(request, current_user) form = NewUserForm() form.locale.choices = [(x, x) for x in current_app.config['LANGUAGES']] if form.validate_on_submit(): user = User(username=form.username.data, email=form.email.data, locale=form.locale.data, about_me=form.about_me.data) user.is_admin = form.is_admin.data user.set_password(form.password.data) user.get_token() db.session.add(user) db.session.commit() flash(_('New user %(username)s created', username=user.username)) return redirect(url_for('main.users')) return render_template('edit_form.html', title=_('New User'), form=form)
def messages(): log_page_access(request, current_user) current_user.last_message_read_time = datetime.utcnow() current_user.add_notification('unread_message_count', 0) db.session.commit() users = [(u.id, u.username) for u in User.query.order_by(User.username.asc()) if u != current_user] form = MessageForm() form.recipient_id.choices = users recipient_guid = request.args.get('recipient') if recipient_guid: recipient = User.get_by_guid_or_404(recipient_guid) form.recipient_id.data = recipient.id if form.validate_on_submit(): recipient = User.query.get(form.recipient_id.data) msg = Message(author=current_user, recipient=recipient, body=form.message.data) db.session.add(msg) recipient.add_notification('unread_message_count', recipient.new_messages()) db.session.commit() flash(_('Your message has been sent.')) return redirect(url_for('main.messages')) page = request.args.get('page', 1, type=int) messages = current_user.messages_sent.union( current_user.messages_received).order_by( Message.timestamp.desc()).paginate( page, current_app.config['MESSAGES_PER_PAGE'], False) next_url = url_for('main.messages', page=messages.next_num) \ if messages.has_next else None prev_url = url_for('main.messages', page=messages.prev_num) \ if messages.has_prev else None return render_template('messages.html', title=_('Messages'), form=form, messages=messages.items, next_url=next_url, prev_url=prev_url)
def start_task(): if not current_user.is_admin: flash(_('Only an admin can start tasks!')) log_page_access_denied(request, current_user) return redirect(url_for('main.tasks')) log_page_access(request, current_user) key = request.args.get('key', 'WASTE_TIME', type=str) if key == 'WASTE_TIME': amount = request.args.get('amount', 10, type=int) current_user.launch_task('consume_time', _('Consuming %(amount)s s of time...', amount=amount), amount=amount) flash(_('A time consuming task is currently in progress')) elif key == 'CHECK_CURRENCIES': current_user.launch_task('check_rates_yahoo', _('Checking currencies...')) flash(_('Checking online sources for currency rates')) elif key == 'UPDATE_CURRENCIES': source = request.args.get('source', 'yahoo', type=str) if source == 'yahoo': current_user.launch_task('update_rates_yahoo', _('Updating currencies...')) flash(_('Updating currency rates from known sources')) elif key == 'TYPE_ERROR': amount = request.args.get('amount', 1, type=int) for count in range(0, amount): current_user.launch_task( key.lower(), _('Creating %(count)s/%(amount)s errors of type %(error_type)s ...', count=count + 1, amount=amount, error_type=key)) flash( _('%(amount)s tasks with TypeErrors have been created', amount=amount)) db.session.commit() return redirect(url_for('main.tasks'))
def tasks(): log_page_access(request, current_user) page = request.args.get('page', 1, type=int) complete_str = request.args.get('complete', None, type=str) complete = (False if complete_str == 'False' else True if complete_str == 'True' else None) filters = [] if complete is not None: filters.append(Task.complete == complete) if not current_user.is_admin: filters.append(Task.user == current_user) tasks = Task.query.filter(*filters).order_by( Task.db_created_at.desc()).paginate( page, current_app.config['ITEMS_PER_PAGE'], False) next_url = url_for('main.tasks', page=tasks.next_num) \ if tasks.has_next else None prev_url = url_for('main.tasks', page=tasks.prev_num) \ if tasks.has_prev else None return render_template('tasks.html', tasks=tasks.items, title=_('Tasks'), next_url=next_url, prev_url=prev_url)
def new_currency(): if not current_user.is_admin: flash(_('Only an admin is allowed to create new currencies!')) log_page_access_denied(request, current_user) return redirect(url_for('main.currencies')) log_page_access(request, current_user) form = CurrencyForm() if form.validate_on_submit(): currency = Currency(code=form.code.data, name=form.name.data, number=form.number.data, exponent=form.exponent.data, inCHF=form.inCHF.data, description=form.description.data, db_created_by=current_user.username) db.session.add(currency) db.session.commit() flash(_('Your new currency has been added.')) return redirect(url_for('main.currencies')) return render_template('edit_form.html', title=_('New Currency'), form=form)
def administration(): log_page_access(request, current_user) return render_template('administration.html', title=_('Administration'))
def setcookie(text): log_page_access(request, current_user) response = make_response('<h1>Text from the cookie: </h1><br>' + text) response.set_cookie('TESTtext', text) return response
def cookies(): log_page_access(request, current_user) cookies = [(k, v) for k, v in request.cookies.items()] print(cookies) return render_template('statistics.html', rows=cookies, title=_('Cookies'))
def user_popup(guid): log_page_access(request, current_user) user = User.get_by_guid_or_404(guid) return render_template('user_popup.html', user=user)
def rotate_image(guid): degree = request.args.get('degree', 0, type=int) image = Image.get_by_guid_or_404(guid) image.rotate_image(degree) log_page_access(request, current_user) return redirect(url_for('main.image', guid=image.guid))