def tools_show(tool): """(Controller) Display information about a given tool""" r = Tool.query.filter(Tool.id == tool).one_or_none() if not r: flash("Tool not found") return redirect(url_for('tools.tools')) privs = accesslib.user_privs_on_resource(member=current_user, resource=r) readonly = False if (not current_user.privs('RATT')): readonly = True if privs < AccessByMember.LEVEL_ARM: flash("You don't have access to this") return redirect(url_for('index')) resources = Resource.query.all() nodes = Node.query.all() nodes.append( Node(id="None", name="UNASSINGED" )) # TODO BUG This "None" match will break a non-sqlite3 database cc = comments.get_comments(tool_id=tool) tool_locked = r.lockout is not None return render_template('tool_edit.html', rec=r, resources=resources, readonly=readonly, nodes=nodes, comments=cc, tool_locked=tool_locked)
def resource_show(resource): """(Controller) Display information about a given resource""" r = Resource.query.filter(Resource.name == resource).one_or_none() tools = Tool.query.filter(Tool.resource_id == r.id).all() if not r: flash("Resource not found") return redirect(url_for('resources.resources')) readonly = True if accesslib.user_privs_on_resource( member=current_user, resource=r) >= AccessByMember.LEVEL_ARM: readonly = False cc = comments.get_comments(resource_id=r.id) maint = MaintSched.query.filter(MaintSched.resource_id == r.id).all() resources = Resource.query.all() return render_template('resource_edit.html', rec=r, resources=resources, readonly=readonly, tools=tools, comments=cc, maint=maint)
def nodes_show(node): """(Controller) Display information about a given node""" r = Node.query.filter(Node.id==node).one_or_none() if not r: flash("Node not found") return redirect(url_for('nodes.nodes')) readonly=False if (not current_user.privs('RATT')): readonly=True resources=Resource.query.all() params=[] kv = KVopt.query.add_column(NodeConfig.value).add_column(NodeConfig.id).outerjoin(NodeConfig,((KVopt.id == NodeConfig.key_id) & (NodeConfig.node_id == node))) kv = kv.order_by(KVopt.keyname) kv = kv.order_by(KVopt.displayOrder) kv = kv.all() for (kv,v,ncid) in kv: xp=kv.keyname.split('.') if len(xp) ==1: gpname="" itemname=xp[0] else: gpname=".".join(xp[0:-1]) itemname=xp[-1] if (len(xp)==2): indent='' else: indent='style=margin-left:{0}px;border-left-color:aliceblue;border-left-width:10px;border-left-style:solid;padding-left:5px'.format((len(xp)-2)*30) initialvalue=v if not initialvalue: initialvalue = kv.default if kv.default else '' default = kv.default if kv.default else '' if kv.kind == "boolean": if default: default="true" else: default="false" params.append({ 'name':kv.keyname, 'groupname':gpname, 'itemname':itemname, 'default':default, 'description':kv.description if kv.description else '', 'options':kv.options.split(";") if kv.options else None, 'value':v if v else '', 'initialvalue':initialvalue, 'kind':kv.kind, 'id':kv.id, 'indent':indent, 'ncid':ncid if ncid else '', }) cc=comments.get_comments(node_id=node) return render_template('node_edit.html',node=r,resources=resources,readonly=readonly,params=params,comments=cc)
def member_edit(id): mid = authutil._safestr(id) member = {} if request.method=="POST" and (not current_user.privs('Useredit')): flash("You cannot edit users",'warning') return redirect(url_for('members.members')) if request.method=="POST" and 'Unlink' in request.form: s = Subscription.query.filter(Subscription.membership==request.form['membership']).one() if s.member_id: authutil.log(eventtypes.RATTBE_LOGEVENT_MEMBER_PAYMENT_UNLINKED.id,member_id=s.member_id,doneby=current_user.id,commit=0) s.member_id = None db.session.commit() btn = '''<form method="POST"> <input type="hidden" name="member_id" value="%s" /> <input type="hidden" name="membership" value="%s" /> <input type="submit" value="Undo" name="Undo" /> </form>''' % (request.form['member_id'],request.form['membership']) flash(Markup("Unlinked. %s" % btn)) elif 'Undo' in request.form: # Relink cleared member ID s = Subscription.query.filter(Subscription.membership == request.form['membership']).one() s.member_id = request.form['member_id'] db.session.commit() flash ("Undone.") elif request.method=="POST" and 'DeleteMember' in request.form: if current_user.privs("Finance"): flash (Markup("WARNING: Slack and GMail accounts have <b>not</b> been deleted"),"danger") authutil.log(eventtypes.RATTBE_LOGEVENT_MEMBER_RECORD_DELETED.id,member_id=mid,doneby=current_user.id,commit=0) m=Member.query.filter(Member.id==mid).one() for s in Subscription.query.filter(Subscription.member_id == m.id).all(): s.member_id=None db.session.delete(m) db.session.commit() return redirect(url_for("members.members")) else: flash ("You do not have authority to delete users","warning") elif request.method=="POST" and 'SaveChanges' in request.form: nocommit=False m=Member.query.filter(Member.id==mid).one() f=request.form m.member= f['input_member'] m.firstname= f['input_firstname'] m.lastname= f['input_lastname'] m.nickname= f['input_nickname'] #TODO REMOVE MISSING FIELD CHEKCS HERE if 'input_plan' in f: m.plan= f['input_plan'] if 'input_payment' in f: m.payment= f['input_payment'] if f['input_phone'] == "None" or f['input_phone'].strip() == "": m.phone=None else: m.phone= f['input_phone'] if f['input_dob'] == "None" or f['input_dob'].strip() == "": m.dob=None else: if re.match('^\d\d\/\d\d/\d\d\d\d$',f['input_dob']): dt = datetime.datetime.strptime(f['input_dob'],"%m/%d/%Y") m.dob= dt elif re.match('^\d\d\d\d-\d\d-\d\d\s+\d+:\d+:\d+',f['input_dob']): dt = datetime.datetime.strptime(f['input_dob'],"%Y-%m-%d %H:%M:%S") m.dob= dt else: flash("Invalid Date of Birth Format - must be \"MM/DD/YYYY\"","danger") nocommit=True m.slack= f['input_slack'] m.alt_email= f['input_alt_email'] m.email= f['input_email'] if 'input_access_enabled' in f: if m.access_enabled != 1: authutil.log(eventtypes.RATTBE_LOGEVENT_MEMBER_ACCESS_ENABLED.id,message=f['input_access_reason'],member_id=m.id,doneby=current_user.id,commit=0) m.access_enabled=1 m.access_reason= None else: if m.access_enabled != 0: authutil.log(eventtypes.RATTBE_LOGEVENT_MEMBER_ACCESS_DISABLED.id,member_id=m.id,doneby=current_user.id,commit=0) m.access_enabled=0 m.access_reason= f['input_access_reason'] if not nocommit: flash("Changes Saved (Please Review/Verify)","success") db.session.commit() authutil.kick_backend() #(member,subscription)=Member.query.outerjoin(Subscription).filter(Member.member==mid).first() member=db.session.query(Member,Subscription) member = member.outerjoin(Subscription).outerjoin(Waiver).filter(Member.id==mid) r = member.one_or_none() if not r: flash("Member not found",'warning') return redirect(url_for("members.members")) (member,subscription) = r # TODO this access display doesn't work at all access=db.session.query(Resource).add_column(AccessByMember.level).outerjoin(AccessByMember).outerjoin(Member) access = access.filter(Member.member == mid) access = access.filter(AccessByMember.active == 1) access = access.all() acc =[] for a in access: (r,level) = a acc.append({'description':r.name,'level':authutil.accessLevelString(level,user="",noaccess="")}) if current_user.privs('Useredit'): cc=comments.get_comments(member_id=member.id) else: cc={} return render_template('member_edit.html',rec=member,subscription=subscription,access=acc,comments=cc,page="edit")
def member_show(id): """Controller method to Display or modify a single user""" #TODO: Move member query functions to membership module meta = {} access = {} mid = authutil._safestr(id) member=db.session.query(Member,Subscription) member = member.outerjoin(Subscription).outerjoin(Waiver).filter(Member.member==mid) res = member.one_or_none() if (not current_user.privs('Useredit')) and res[0].member != current_user.member: if current_user.is_arm(): return redirect(url_for('members.member_editaccess',id=res[0].id)) flash("You cannot view that user",'warning') return redirect(url_for('members.members')) (warning,allowed,dooraccess)=(None,None,None) if res: (member,subscription) = res utc = dateutil.tz.gettz('UTC') eastern = dateutil.tz.gettz('US/Eastern') if subscription: meta['sub_updated_local']=subscription.updated_date.replace(tzinfo=utc).astimezone(eastern).replace(tzinfo=None).strftime("%a, %b %d, %Y %I:%M %p (Local)") meta['sub_created_local']=subscription.created_date.replace(tzinfo=utc).astimezone(eastern).replace(tzinfo=None).strftime("%a, %b %d, %Y %I:%M %p (Local)") meta['sub_expires_local']=subscription.expires_date.replace(tzinfo=utc).astimezone(eastern).replace(tzinfo=None).strftime("%a, %b %d, %Y %I:%M %p (Local)") (warning,allowed,dooraccess)=getDoorAccess(member.id) access=db.session.query(Resource).outerjoin(AccessByMember).outerjoin(Member) access = access.filter(Member.id == member.id) access = access.filter(AccessByMember.active == 1) access = access.all() if current_user.privs('Useredit'): cc=comments.get_comments(member_id=member.id) else: cc={} waivers = Waiver.query.filter(Waiver.member_id == member.id) waivers = Waiver.addWaiverTypeCol(waivers) waivers = waivers.all() for waiver in waivers: if (waiver.Waiver.waivertype == Waiver.WAIVER_TYPE_MEMBER): meta['waiver']=waiver.Waiver.created_date if subscription: if subscription.expires_date < datetime.datetime.now(): meta['is_expired'] = True if subscription.active: meta['is_inactive'] = True groupmembers=[] if subscription: groupmembers=Subscription.query.filter(Subscription.subid == subscription.subid).filter(Subscription.id != subscription.id) groupmembers=groupmembers.join(Member,Member.id == Subscription.member_id) groupmembers=groupmembers.add_column(Member.member) groupmembers=groupmembers.add_column(Member.firstname) groupmembers=groupmembers.add_column(Member.lastname) groupmembers=groupmembers.all() tags = MemberTag.query.filter(MemberTag.member_id == member.id).all() return render_template('member_show.html',rec=member,access=access,subscription=subscription,comments=cc,dooraccess=dooraccess,access_warning=warning,access_allowed=allowed,meta=meta,page="view",tags=tags,groupmembers=groupmembers,waivers=waivers) else: flash("Member not found",'warning') return redirect(url_for("members.members"))