def tools_show(tool):
"""(Controller) Display information about a given tool"""
r = Tool.query.filter(Tool.id == tool).one_or_none()
if not r:
flash("Tool not found")
return redirect(url_for('tools.tools'))
privs = accesslib.user_privs_on_resource(member=current_user, resource=r)
readonly = False
if (not current_user.privs('RATT')):
readonly = True
if privs < AccessByMember.LEVEL_ARM:
flash("You don't have access to this")
return redirect(url_for('index'))
resources = Resource.query.all()
nodes = Node.query.all()
nodes.append(
Node(id="None", name="UNASSINGED"
)) # TODO BUG This "None" match will break a non-sqlite3 database
cc = comments.get_comments(tool_id=tool)
tool_locked = r.lockout is not None
return render_template('tool_edit.html',
rec=r,
resources=resources,
readonly=readonly,
nodes=nodes,
comments=cc,
tool_locked=tool_locked)
def resource_show(resource):
"""(Controller) Display information about a given resource"""
r = Resource.query.filter(Resource.name == resource).one_or_none()
tools = Tool.query.filter(Tool.resource_id == r.id).all()
if not r:
flash("Resource not found")
return redirect(url_for('resources.resources'))
readonly = True
if accesslib.user_privs_on_resource(
member=current_user, resource=r) >= AccessByMember.LEVEL_ARM:
readonly = False
cc = comments.get_comments(resource_id=r.id)
maint = MaintSched.query.filter(MaintSched.resource_id == r.id).all()
resources = Resource.query.all()
return render_template('resource_edit.html',
rec=r,
resources=resources,
readonly=readonly,
tools=tools,
comments=cc,
maint=maint)
def nodes_show(node):
"""(Controller) Display information about a given node"""
r = Node.query.filter(Node.id==node).one_or_none()
if not r:
flash("Node not found")
return redirect(url_for('nodes.nodes'))
readonly=False
if (not current_user.privs('RATT')):
readonly=True
resources=Resource.query.all()
params=[]
kv = KVopt.query.add_column(NodeConfig.value).add_column(NodeConfig.id).outerjoin(NodeConfig,((KVopt.id == NodeConfig.key_id) & (NodeConfig.node_id == node)))
kv = kv.order_by(KVopt.keyname)
kv = kv.order_by(KVopt.displayOrder)
kv = kv.all()
for (kv,v,ncid) in kv:
xp=kv.keyname.split('.')
if len(xp) ==1:
gpname=""
itemname=xp[0]
else:
gpname=".".join(xp[0:-1])
itemname=xp[-1]
if (len(xp)==2):
indent=''
else:
indent='style=margin-left:{0}px;border-left-color:aliceblue;border-left-width:10px;border-left-style:solid;padding-left:5px'.format((len(xp)-2)*30)
initialvalue=v
if not initialvalue:
initialvalue = kv.default if kv.default else ''
default = kv.default if kv.default else ''
if kv.kind == "boolean":
if default:
default="true"
else:
default="false"
params.append({
'name':kv.keyname,
'groupname':gpname,
'itemname':itemname,
'default':default,
'description':kv.description if kv.description else '',
'options':kv.options.split(";") if kv.options else None,
'value':v if v else '',
'initialvalue':initialvalue,
'kind':kv.kind,
'id':kv.id,
'indent':indent,
'ncid':ncid if ncid else '',
})
cc=comments.get_comments(node_id=node)
return render_template('node_edit.html',node=r,resources=resources,readonly=readonly,params=params,comments=cc)
def member_edit(id):
mid = authutil._safestr(id)
member = {}
if request.method=="POST" and (not current_user.privs('Useredit')):
flash("You cannot edit users",'warning')
return redirect(url_for('members.members'))
if request.method=="POST" and 'Unlink' in request.form:
s = Subscription.query.filter(Subscription.membership==request.form['membership']).one()
if s.member_id:
authutil.log(eventtypes.RATTBE_LOGEVENT_MEMBER_PAYMENT_UNLINKED.id,member_id=s.member_id,doneby=current_user.id,commit=0)
s.member_id = None
db.session.commit()
btn = '''<form method="POST">
<input type="hidden" name="member_id" value="%s" />
<input type="hidden" name="membership" value="%s" />
<input type="submit" value="Undo" name="Undo" />
</form>''' % (request.form['member_id'],request.form['membership'])
flash(Markup("Unlinked. %s" % btn))
elif 'Undo' in request.form:
# Relink cleared member ID
s = Subscription.query.filter(Subscription.membership == request.form['membership']).one()
s.member_id = request.form['member_id']
db.session.commit()
flash ("Undone.")
elif request.method=="POST" and 'DeleteMember' in request.form:
if current_user.privs("Finance"):
flash (Markup("WARNING: Slack and GMail accounts have <b>not</b> been deleted"),"danger")
authutil.log(eventtypes.RATTBE_LOGEVENT_MEMBER_RECORD_DELETED.id,member_id=mid,doneby=current_user.id,commit=0)
m=Member.query.filter(Member.id==mid).one()
for s in Subscription.query.filter(Subscription.member_id == m.id).all():
s.member_id=None
db.session.delete(m)
db.session.commit()
return redirect(url_for("members.members"))
else:
flash ("You do not have authority to delete users","warning")
elif request.method=="POST" and 'SaveChanges' in request.form:
nocommit=False
m=Member.query.filter(Member.id==mid).one()
f=request.form
m.member= f['input_member']
m.firstname= f['input_firstname']
m.lastname= f['input_lastname']
m.nickname= f['input_nickname']
#TODO REMOVE MISSING FIELD CHEKCS HERE
if 'input_plan' in f: m.plan= f['input_plan']
if 'input_payment' in f: m.payment= f['input_payment']
if f['input_phone'] == "None" or f['input_phone'].strip() == "":
m.phone=None
else:
m.phone= f['input_phone']
if f['input_dob'] == "None" or f['input_dob'].strip() == "":
m.dob=None
else:
if re.match('^\d\d\/\d\d/\d\d\d\d$',f['input_dob']):
dt = datetime.datetime.strptime(f['input_dob'],"%m/%d/%Y")
m.dob= dt
elif re.match('^\d\d\d\d-\d\d-\d\d\s+\d+:\d+:\d+',f['input_dob']):
dt = datetime.datetime.strptime(f['input_dob'],"%Y-%m-%d %H:%M:%S")
m.dob= dt
else:
flash("Invalid Date of Birth Format - must be \"MM/DD/YYYY\"","danger")
nocommit=True
m.slack= f['input_slack']
m.alt_email= f['input_alt_email']
m.email= f['input_email']
if 'input_access_enabled' in f:
if m.access_enabled != 1:
authutil.log(eventtypes.RATTBE_LOGEVENT_MEMBER_ACCESS_ENABLED.id,message=f['input_access_reason'],member_id=m.id,doneby=current_user.id,commit=0)
m.access_enabled=1
m.access_reason= None
else:
if m.access_enabled != 0:
authutil.log(eventtypes.RATTBE_LOGEVENT_MEMBER_ACCESS_DISABLED.id,member_id=m.id,doneby=current_user.id,commit=0)
m.access_enabled=0
m.access_reason= f['input_access_reason']
if not nocommit:
flash("Changes Saved (Please Review/Verify)","success")
db.session.commit()
authutil.kick_backend()
#(member,subscription)=Member.query.outerjoin(Subscription).filter(Member.member==mid).first()
member=db.session.query(Member,Subscription)
member = member.outerjoin(Subscription).outerjoin(Waiver).filter(Member.id==mid)
r = member.one_or_none()
if not r:
flash("Member not found",'warning')
return redirect(url_for("members.members"))
(member,subscription) = r
# TODO this access display doesn't work at all
access=db.session.query(Resource).add_column(AccessByMember.level).outerjoin(AccessByMember).outerjoin(Member)
access = access.filter(Member.member == mid)
access = access.filter(AccessByMember.active == 1)
access = access.all()
acc =[]
for a in access:
(r,level) = a
acc.append({'description':r.name,'level':authutil.accessLevelString(level,user="",noaccess="")})
if current_user.privs('Useredit'):
cc=comments.get_comments(member_id=member.id)
else:
cc={}
return render_template('member_edit.html',rec=member,subscription=subscription,access=acc,comments=cc,page="edit")
def member_show(id):
"""Controller method to Display or modify a single user"""
#TODO: Move member query functions to membership module
meta = {}
access = {}
mid = authutil._safestr(id)
member=db.session.query(Member,Subscription)
member = member.outerjoin(Subscription).outerjoin(Waiver).filter(Member.member==mid)
res = member.one_or_none()
if (not current_user.privs('Useredit')) and res[0].member != current_user.member:
if current_user.is_arm():
return redirect(url_for('members.member_editaccess',id=res[0].id))
flash("You cannot view that user",'warning')
return redirect(url_for('members.members'))
(warning,allowed,dooraccess)=(None,None,None)
if res:
(member,subscription) = res
utc = dateutil.tz.gettz('UTC')
eastern = dateutil.tz.gettz('US/Eastern')
if subscription:
meta['sub_updated_local']=subscription.updated_date.replace(tzinfo=utc).astimezone(eastern).replace(tzinfo=None).strftime("%a, %b %d, %Y %I:%M %p (Local)")
meta['sub_created_local']=subscription.created_date.replace(tzinfo=utc).astimezone(eastern).replace(tzinfo=None).strftime("%a, %b %d, %Y %I:%M %p (Local)")
meta['sub_expires_local']=subscription.expires_date.replace(tzinfo=utc).astimezone(eastern).replace(tzinfo=None).strftime("%a, %b %d, %Y %I:%M %p (Local)")
(warning,allowed,dooraccess)=getDoorAccess(member.id)
access=db.session.query(Resource).outerjoin(AccessByMember).outerjoin(Member)
access = access.filter(Member.id == member.id)
access = access.filter(AccessByMember.active == 1)
access = access.all()
if current_user.privs('Useredit'):
cc=comments.get_comments(member_id=member.id)
else:
cc={}
waivers = Waiver.query.filter(Waiver.member_id == member.id)
waivers = Waiver.addWaiverTypeCol(waivers)
waivers = waivers.all()
for waiver in waivers:
if (waiver.Waiver.waivertype == Waiver.WAIVER_TYPE_MEMBER):
meta['waiver']=waiver.Waiver.created_date
if subscription:
if subscription.expires_date < datetime.datetime.now():
meta['is_expired'] = True
if subscription.active:
meta['is_inactive'] = True
groupmembers=[]
if subscription:
groupmembers=Subscription.query.filter(Subscription.subid == subscription.subid).filter(Subscription.id != subscription.id)
groupmembers=groupmembers.join(Member,Member.id == Subscription.member_id)
groupmembers=groupmembers.add_column(Member.member)
groupmembers=groupmembers.add_column(Member.firstname)
groupmembers=groupmembers.add_column(Member.lastname)
groupmembers=groupmembers.all()
tags = MemberTag.query.filter(MemberTag.member_id == member.id).all()
return render_template('member_show.html',rec=member,access=access,subscription=subscription,comments=cc,dooraccess=dooraccess,access_warning=warning,access_allowed=allowed,meta=meta,page="view",tags=tags,groupmembers=groupmembers,waivers=waivers)
else:
flash("Member not found",'warning')
return redirect(url_for("members.members"))