def edit(id): item = MediaItem.query.filter_by(id=id).first_or_404() form = MediaItemEditForm() form.category.choices = gen_media_category_choices() # TODO: write custom decorator for this? if not current_user.has_admin_role() and current_user.has_media_role( ) and item.is_visible == False and item.created_by.has_admin_role(): flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.is_media_admin( ) and item.is_visible == False and not item.created_by == current_user: flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.is_media_admin(): del form.is_visible form.file.label.text = "Replace with file" if form.validate_on_submit(): item.name = form.name.data item.category_id = form.category.data if current_user.is_event_admin(): item.is_visible = form.is_visible.data if form.file.data: remove(path.join(app.config["MEDIA_DIR"], item.filename)) filepath = path.join(app.config["MEDIA_DIR"], item.filename) form.file.data.save(filepath) item.filesize = stat(filepath).st_size db.session.commit() flash("File was edited.", "success") return redirect(url_for("media.view", id=id)) elif request.method == "GET": form.name.data = item.name form.category.data = item.category_id if current_user.is_media_admin(): form.is_visible.data = item.is_visible return render_template("media/edit.html", form=form, title=page_title("Edit File '%s'" % item.name))
def edit(id): wikientry = WikiEntry.query.filter_by(id=id).first_or_404() form = WikiEntryForm() form.submit.label.text = "Save Article" cats = gen_category_strings() # TODO: write custom decorators for this? if not current_user.has_admin_role() and current_user.has_wiki_role() and wikientry.is_visible == False and wikientry.created_by.has_admin_role(): flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.is_wiki_admin() and wikientry.is_visible == False and not wikientry.created_by == current_user: flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.is_wiki_admin(): del form.is_visible if not current_user.has_admin_role(): del form.dm_content if form.validate_on_submit(): wikientry.title = form.title.data wikientry.content = form.content.data wikientry.category = form.category.data wikientry.tags = form.tags.data if current_user.is_wiki_admin(): wikientry.is_visible = form.is_visible.data if current_user.has_admin_role(): wikientry.dm_content = form.dm_content.data db.session.commit() flash("Wiki entry was edited.", "success") return redirect(url_for("wiki.view", id=id)) elif request.method == "GET": form.title.data = wikientry.title form.content.data = wikientry.content form.category.data = wikientry.category form.tags.data = wikientry.tags if current_user.is_wiki_admin(): form.is_visible.data = wikientry.is_visible if current_user.has_admin_role(): form.dm_content.data = wikientry.dm_content return render_template("wiki/edit.html", form=form, nav=(prepare_wiki_nav(), WikiSearchForm()), cats=cats, entry=wikientry, title=page_title("Edit Wiki Article '%s'" % wikientry.title))
def delete(id): char = Character.query.filter_by(id=id).first_or_404() if current_user.id != char.user_id and current_user.has_admin_role( ) == False: flash_no_permission() return redirect(url_for(no_perm)) player = char.player.username db.session.delete(char) db.session.commit() flash("Character was deleted.", "success") return redirect(url_for('user.profile', username=player))
def view(id): wikientry = WikiEntry.query.filter_by(id=id).first_or_404() # TODO: write custom decorator / function for this? if not current_user.is_wiki_admin() and wikientry.is_visible == False and not wikientry.created_by == current_user: flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.has_admin_role() and current_user.has_wiki_role() and wikientry.is_visible == False and wikientry.created_by.has_admin_role(): flash_no_permission() return redirect(url_for(no_perm_url)) map_nodes = get_nodes_by_wiki_id(id) return render_template("wiki/view.html", entry=wikientry, nav=(prepare_wiki_nav(), WikiSearchForm()), map_nodes=map_nodes, title=page_title("View Wiki Article '%s'" % wikientry.title))
def test_flash_no_permission(self, app, client): from app.helpers import flash_no_permission client.get("/") with client.session_transaction(): flash_no_permission() flashes = get_flashed_messages() self.assertEqual(len(flashes), 1) self.assertTrue("No permission" in flashes[0]) client.get("/") with client.session_transaction(): flash_no_permission(msg="Custom Message") flashes = get_flashed_messages() self.assertEqual(len(flashes), 1) self.assertTrue("Custom Message" in flashes[0])
def toggle_vis(id): wikientry = WikiEntry.query.filter_by(id=id).first_or_404() # TODO: write custom decorator / function for this ? if not current_user.has_admin_role() and current_user.has_wiki_role() and wikientry.is_visible == False and wikientry.created_by.has_admin_role(): flash_no_permission() return redirect(url_for(no_perm_url)) if wikientry.is_visible == True: wikientry.is_visible = False flash("Article was hidden.", "success") else: wikientry.is_visible = True flash("Article is now visible to anyone.", "success") db.session.commit() return redirect(url_for('wiki.view', id=id))
def journal_edit(c_id, j_id): char = Character.query.filter_by(id=c_id).first_or_404() journal = Journal.query.filter_by(id=j_id).first_or_404() # user owns character or is admin if not current_user.id == char.user_id and not current_user.has_admin_role( ): flash_no_permission() return redirect(url_for(no_perm)) # journal belongs to character if journal not in char.journals: flash("Journal does not belong to this character.", "danger") return redirect(url_for(no_perm)) heading = "Edit Journal Entry for " + char.name form = JournalForm() form.session.choices = gen_session_choices(char) form.submit.label.text = "Save Journal Entry" if form.validate_on_submit(): journal.title = form.title.data journal.is_visible = form.is_visible.data journal.content = form.content.data if form.session.data == 0: journal.session_id = None else: journal.session_id = form.session.data db.session.commit() flash("Journal entry was changed.", "success") return redirect( url_for("character.journal_view", c_id=c_id, j_id=journal.id)) else: form.title.data = journal.title form.is_visible.data = journal.is_visible form.content.data = journal.content form.session.data = journal.session_id return render_template("character/journal_form.html", heading=heading, form=form, title=page_title("Edit Journal Entry '%s'" % journal.title))
def view(id): item = MediaItem.query.filter_by(id=id).first_or_404() # TODO: write custom decorator for this? if not current_user.is_event_admin( ) and item.is_visible == False and not item.created_by == current_user: flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.has_admin_role() and current_user.has_media_role( ) and item.is_visible == False and item.created_by.has_admin_role(): flash_no_permission() return redirect(url_for(no_perm_url)) return render_template("media/view.html", item=item, title=page_title("View File"))
def journal_create(c_id): char = Character.query.filter_by(id=c_id).first_or_404() if current_user.id != char.user_id: flash_no_permission() return redirect(url_for(no_perm)) heading = "Create Journal Entry for " + char.name form = JournalForm() form.session.choices = gen_session_choices(char) form.submit.label.text = "Create Journal Entry" if form.validate_on_submit(): journal_entry = Journal(title=form.title.data, content=form.content.data, is_visible=form.is_visible.data, character_id=c_id) if (form.session.data != 0): journal_entry.session_id = form.session.data db.session.add(journal_entry) db.session.commit() flash("Journal entry was created.", "success") return redirect( url_for("character.journal_view", c_id=c_id, j_id=journal_entry.id)) else: # pre-select session if get-param was passed session_id = request.args.get("session") # will do nothing if session_id not an int or not in choices if session_id: try: form.session.data = int(session_id) except: pass return render_template("character/journal_form.html", heading=heading, form=form, title=page_title("Add Journal Entry for '%s'" % char.name))
def delete(id): item = MediaItem.query.filter_by(id=id).first_or_404() if not current_user.is_event_admin( ) and item.is_visible == False and not item.created_by == current_user: flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.has_admin_role() and current_user.has_media_role( ) and item.is_visible == False and item.created_by.has_admin_role(): flash_no_permission() return redirect(url_for(no_perm_url)) remove(path.join(app.config["MEDIA_DIR"], item.filename)) db.session.delete(item) db.session.commit() flash("Media item was deleted.", "success") return redirect(url_for('media.index'))
def delete(id): event = Event.query.filter_by(id=id).first_or_404() # TODO: write custom decorator for this? if not current_user.has_admin_role() and current_user.has_event_role( ) and event.is_visible == False and event.created_by.has_admin_role(): flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.is_event_admin( ) and event.is_visible == False and not event.created_by == current_user: flash_no_permission() return redirect(url_for(no_perm_url)) db.session.delete(event) db.session.commit() flash("Event was deleted", "success") return redirect(url_for("calendar.index"))
def view(id): event = Event.query.filter_by(id=id).first_or_404() moons = Moon.query.all() # TODO: write decorator for this? if not current_user.is_event_admin( ) and event.is_visible == False and not event.created_by == current_user: flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.has_admin_role() and current_user.has_event_role( ) and event.is_visible == False and event.created_by.has_admin_role(): flash_no_permission() return redirect(url_for(no_perm_url)) return render_template("event/view.html", event=event, moons=moons, title=page_title("View Event '%s'" % event.name))
def journal_delete(c_id, j_id): char = Character.query.filter_by(id=c_id).first_or_404() journal = Journal.query.filter_by(id=j_id).first_or_404() # user owns character or is admin if journal.is_visible == False and not current_user.id == char.user_id and not current_user.has_admin_role( ): flash_no_permission() return redirect(url_for(no_perm)) # journal belongs to character if journal not in char.journals: flash("Journal does not belong to this character.", "danger") return redirect(url_for(no_perm)) db.session.delete(journal) db.session.commit() flash("Journal entry was deleted.", "success") return redirect(url_for('character.view', id=char.id))
def journal_view(c_id, j_id): char = Character.query.filter_by(id=c_id).first_or_404() journal = Journal.query.filter_by(id=j_id).first_or_404() # user owns character or is admin if journal.is_visible == False and not current_user.id == char.user_id and not current_user.has_admin_role( ): flash_no_permission() return redirect(url_for(no_perm)) # journal belongs to character if journal not in char.journals: flash("Journal does not belong to this character.", "danger") return redirect(url_for(no_perm)) return render_template("character/journal_view.html", char=char, journal=journal, title=page_title("View Journal Entry '%s'" % journal.title))
def edit(id): char = Character.query.filter_by(id=id).first_or_404() if current_user.id != char.user_id and current_user.has_admin_role( ) == False: flash_no_permission() return redirect(url_for(no_perm)) form = EditCharacterForm() if not current_user.has_admin_role(): del form.dm_notes if form.validate_on_submit(): char.name = form.name.data char.race = form.race.data char.class_ = form.class_.data char.description = form.description.data char.private_notes = form.private_notes.data char.edited = datetime.utcnow() if current_user.has_admin_role(): char.dm_notes = form.dm_notes.data db.session.commit() flash("Character changes have been saved.", "success") return redirect(url_for("character.view", id=id)) else: form.name.data = char.name form.race.data = char.race form.class_.data = char.class_ form.description.data = char.description form.private_notes.data = char.private_notes if current_user.has_admin_role(): form.dm_notes.data = char.dm_notes return render_template("character/edit.html", form=form, title=page_title("Edit character '%s'" % char.name))
def delete(id): if id == 1: flash("The wiki main page can't be deleted", "danger") return redirect(url_for('wiki.index')) wikientry = WikiEntry.query.filter_by(id=id).first_or_404() # TODO: write custom decorator / function for this if not current_user.is_wiki_admin() and wikientry.is_visible == False and not wikientry.created_by == current_user: flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.has_admin_role() and current_user.has_wiki_role() and wikientry.is_visible == False and wikientry.created_by.has_admin_role(): flash_no_permission() return redirect(url_for(no_perm_url)) db.session.delete(wikientry) db.session.commit() flash("Wiki article was deleted.", "success") return redirect(url_for('wiki.index'))
def node_edit(id): form = MapNodeForm() form.submit.label.text = "Save Location" if not current_user.is_map_admin(): del form.is_visible if not current_user.has_admin_role(): del form.submap else: form.submap.choices = gen_submap_choices() form.node_type.choices = gen_node_type_choices() node = MapNode.query.filter_by(id=id).first_or_404() # TODO: make custom decorators for this? if not current_user.has_admin_role() and current_user.has_map_role( ) and node.is_visible == False and node.created_by.has_admin_role(): flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.is_map_admin( ) and node.is_visible == False and not node.created_by == current_user: flash_no_permission() redirect(url_for(no_perm_url)) wiki_entry_ok = True if node.wiki_entry_id != 0 and node.wiki_entry_id != None: wentry = WikiEntry.query.filter_by(id=node.wiki_entry_id).first() if not wentry: wiki_entry_ok = False else: if not current_user.has_admin_role( ) and current_user.is_wiki_admin( ) and wentry.is_visible == False and wentry.created_by.has_admin_role( ): wiki_entry_ok = False if not current_user.is_wiki_admin( ) and wentry.is_visible == False and not wentry.created_by == current_user: wiki_entry_ok = False if wiki_entry_ok == True: form.wiki_entry.choices = gen_wiki_entry_choices() else: form.wiki_entry.label.text = "(wiki entry is invisible to you and can not be changed.)" form.wiki_entry.render_kw = { "disabled": "disabled" } form.wiki_entry.choices = [(0, "disabled")] if form.validate_on_submit(): node.name = form.name.data node.description = form.description.data node.node_type = form.node_type.data node.coord_x = form.coord_x.data node.coord_y = form.coord_y.data if wiki_entry_ok == True: node.wiki_entry_id = form.wiki_entry.data if current_user.is_map_admin(): node.is_visible = form.is_visible.data if current_user.has_admin_role(): node.submap = form.submap.data db.session.commit() map_changed(node.on_map) return jsonify(data={ 'success': True, 'message': "Location was edited." }) elif request.method == "POST": return jsonify( data={ 'success': False, 'message': "Form validation error", 'errors': form.errors }) form.name.data = node.name form.description.data = node.description form.node_type.data = node.node_type form.coord_x.data = node.coord_x form.coord_y.data = node.coord_y if wiki_entry_ok == True: form.wiki_entry.data = node.wiki_entry_id if current_user.is_map_admin(): form.is_visible.data = node.is_visible if current_user.has_admin_role(): form.submap.data = node.submap return render_template("map/node_edit.html", form=form, node=node)
def edit(id): event = Event.query.filter_by(id=id).first_or_404() form = EventForm() form.submit.label.text = "Save Event" form.category.choices = gen_event_category_choices() form.epoch.choices = gen_epoch_choices() form.month.choices = gen_month_choices() if request.method == "POST": form.day.choices = gen_day_choices(form.month.data) else: form.day.choices = gen_day_choices(event.month_id) # TODO: write custom decorator for this? if not current_user.has_admin_role() and current_user.has_event_role( ) and event.is_visible == False and event.created_by.has_admin_role(): flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.is_event_admin( ) and event.is_visible == False and not event.created_by == current_user: flash_no_permission() return redirect(url_for(no_perm_url)) if not current_user.is_event_admin(): del form.is_visible if form.validate_on_submit(): event.name = form.name.data event.category_id = form.category.data event.description = form.description.data event.epoch_id = form.epoch.data event.year = form.year.data event.month_id = form.month.data event.day = form.day.data event.duration = form.duration.data if current_user.is_event_admin(): event.is_visible = form.is_visible.data db.session.commit() update_timestamp(event.id) flash("Event was edited.", "success") return redirect(url_for("event.view", id=id)) elif request.method == "GET": form.name.data = event.name form.category.data = event.category_id form.description.data = event.description form.epoch.data = event.epoch_id form.year.data = event.year form.month.data = event.month_id form.day.data = event.day form.duration.data = event.duration if current_user.is_event_admin(): form.is_visible.data = event.is_visible calendar_helper = gen_calendar_stats() return render_template("event/edit.html", form=form, calendar=calendar_helper, title=page_title("Edit Event '%s'" % event.name))