def project_delete(profile, project, event): if not lastuser.has_permission('siteadmin') and g.user not in project.users: abort(403) form = ConfirmDeleteForm() if form.validate_on_submit(): if 'delete' in request.form: # FIXME: All of this should cascade. No need to delete one at a time members = ProjectMember.query.filter_by(project_id=project.id).all() comments = Comment.query.filter_by(commentspace=project.comments).all() votes = Vote.query.filter_by(votespace=project.votes).all() for comment in comments: db.session.delete(comment) for vote in votes: db.session.delete(vote) for member in members: db.session.delete(member) db.session.delete(project.comments) db.session.delete(project.votes) db.session.delete(project) db.session.commit() flash("Project removed", "success") return render_redirect(event.url_for(), code=303) elif 'cancel' in request.form: return render_redirect(project.url_for(), code=303) return render_template('baseframe/delete.html', form=form, title=u"Confirm delete", message=u"Delete '%s' ? It will remove comments, votes and all information related to the project. This operation cannot be undone." % (project.title))
def verify_phone(phoneclaim): if phoneclaim.verification_expired: flash(_("You provided an incorrect verification code too many times"), 'danger') # Block attempts to verify this number, but also keep the claim so that a new # claim cannot be made. A periodic sweep to delete old claims is needed. return render_redirect(url_for('.account'), code=303) form = VerifyPhoneForm() form.phoneclaim = phoneclaim if form.validate_on_submit(): if UserPhone.get(phoneclaim.phone) is None: if not current_auth.user.phones: primary = True else: primary = False userphone = UserPhone(user=current_auth.user, phone=phoneclaim.phone, gets_text=True) userphone.primary = primary db.session.add(userphone) db.session.delete(phoneclaim) db.session.commit() flash(_("Your phone number has been verified"), 'success') user_data_changed.send(current_auth.user, changes=['phone']) return render_redirect(url_for('.account'), code=303) else: db.session.delete(phoneclaim) db.session.commit() flash(_("This phone number has already been claimed by another user"), 'danger') elif request.method == 'POST': phoneclaim.verification_attempts += 1 db.session.commit() return render_form(form=form, title=_("Verify phone number"), formid='phone_verify', submit=_("Verify"), ajax=True)
def event_apply(profile, event): workflow = event.workflow() if not workflow.can_apply(): flash("Hacknight is not accepting participants now, please try after sometime.") return render_redirect(event.url_for()) values = {'profile': profile.name, 'event': event.name} participant = Participant.get(g.user, event) if not participant: # If no participant is found create a new participant entry # First collect some information about the new participant user = g.user form = ParticipantForm(obj=user) if form.validate_on_submit(): total_participants = Participant.query.filter_by(event_id=event.id).count() participant = Participant(user=user, event=event) form.populate_obj(participant) participant.save_defaults() participant.status = PARTICIPANT_STATUS.PENDING if event.maximum_participants < total_participants else PARTICIPANT_STATUS.WL db.session.add(participant) db.session.commit() flash(u"Your request to participate has been recorded; you will be notified by the event manager", "success") else: return render_form(form=form, message=Markup(event.apply_instructions) if event.apply_instructions else "", title="Participant Details", submit=u"Participate", cancel_url=event.url_for(), ajax=False) # FIXME: Don't change anything unless this is a POST request elif participant.status == PARTICIPANT_STATUS.WITHDRAWN: participant.status = PARTICIPANT_STATUS.PENDING db.session.commit() flash(u"Your request to participate has been recorded; you will be notified by the event manager", "success") else: flash(u"Your request is pending", "error") return render_redirect(event.url_for(), code=303)
def funnel_view(profile, workspace, proposal): comments = sorted(commentease.Comment.query.filter_by(commentspace=proposal.comments).order_by('created_at').all(), key=lambda c: c.votes.count, reverse=True) commentform = CommentForm() commentform.message.flags.markdown = True delcommentform = DeleteCommentForm() if request.method == 'POST': if request.form.get('form.id') == 'newcomment' and commentform.validate(): if commentform.edit_id.data: comment = commentease.Comment.query.get(int(commentform.edit_id.data)) if comment: if comment.user == g.user: comment.message = commentform.message.data comment._message_html = markdown(comment.message) comment.edited_at = datetime.utcnow() flash("Your comment has been edited", "info") else: flash("You can only edit your own comments", "info") else: flash("No such comment", "error") else: comment = commentease.Comment(user=g.user, commentspace=proposal.comments, message=commentform.message.data) if commentform.reply_to_id.data: parent = commentease.Comment.query.get(int(commentform.reply_to_id.data)) if parent and parent.commentspace == proposal.comments: comment.parent = parent comment._message_html = markdown(comment.message) proposal.comments.count += 1 comment.votes.vote(g.user) # Vote for your own comment db.session.add(comment) flash("Your comment has been posted", "info") db.session.commit() # Redirect despite this being the same page because HTTP 303 is required to not break # the browser Back button return render_redirect(proposal.url_for() + "#c" + str(comment.id), code=303) elif request.form.get('form.id') == 'delcomment' and delcommentform.validate(): comment = commentease.Comment.query.get(int(delcommentform.comment_id.data)) if comment: if comment.user == g.user: comment.delete() proposal.comments.count -= 1 db.session.commit() flash("Your comment was deleted.", "info") else: flash("You did not post that comment.", "error") else: flash("No such comment.", "error") return render_redirect(proposal.url_for(), code=303) confirmform = ConfirmSessionForm() return render_template('proposal.html', workspace=workspace, proposal=proposal, comments=comments, commentform=commentform, delcommentform=delcommentform, breadcrumbs=[(proposal.url_for(), workspace.title)], confirmform=confirmform)
def activity_delete(event, venue, activity): if activity.from_funnel: flash("You cannot delete activities created by Funnel", "danger") return render_redirect(url_for('event_venues', event=event.id)) form = ConfirmDeleteForm() if form.validate_on_submit(): if 'delete' in request.form: db.session.delete(activity) flash("Deleted activity %s" % activity.title) db.session.commit() return render_redirect(url_for('venue_activity', event=event.id, venue=venue.id), code=303) return render_template('baseframe/delete.html.jinja2', form=form, title=u"Delete '%s' ?" % (activity.title), message=u"Do you really want to delete the activity '%s'? All checkins related to it will be deleted." % (activity.title))
def venue_delete(event, venue): if venue.from_funnel: flash("You cannot delete venues created by Funnel", "danger") return render_redirect(url_for('event_venues', event=event.id)) form = ConfirmDeleteForm() if form.validate_on_submit(): if 'delete' in request.form: for activity in venue.activity: db.session.delete(activity) db.session.delete(venue) flash("Deleted venue %s" % venue.title) db.session.commit() return render_redirect(url_for('event_venues', event=event.id), code=303) return render_template('baseframe/delete.html', form=form, title=u"Delete '%s' ?" % (venue.title), message=u"Do you really want to delete the venue '%s'? All it's activity items and checkins will also get deleted." % (event.title))
def verify_email(md5sum): useremail = UserEmail.query.filter_by(md5sum=md5sum, user=current_auth.user).first() if useremail: flash(_("This email address is already verified"), 'danger') return render_redirect(url_for('.account'), code=303) emailclaim = UserEmailClaim.query.filter_by(md5sum=md5sum, user=current_auth.user).first_or_404() verify_form = VerifyEmailForm() if verify_form.validate_on_submit(): send_email_verify_link(emailclaim) flash(_(u"The verification email has been sent to this address"), 'success') return render_redirect(url_for('.account'), code=303) return render_form(form=verify_form, title=_("Resend the verification email?"), message=_("We will resend the verification email to '{email}'".format(email=emailclaim.email)), formid="email_verify", submit=_("Send"), cancel_url=url_for('.account'))
def profile_edit(newprofile=False): form = ProfileForm(obj=g.user) form.fullname.description = current_app.config.get("FULLNAME_REASON") form.email.description = current_app.config.get("EMAIL_REASON") form.username.description = current_app.config.get("USERNAME_REASON") form.description.description = current_app.config.get("BIO_REASON") form.timezone.description = current_app.config.get("TIMEZONE_REASON") if g.user.email or newprofile is False: del form.email if newprofile is True: del form.description if form.validate_on_submit(): # Can't auto-populate here because user.email is read-only g.user.fullname = form.fullname.data g.user.username = form.username.data if not newprofile: g.user.description = form.description.data g.user.timezone = form.timezone.data if newprofile and not g.user.email: useremail = UserEmailClaim(user=g.user, email=form.email.data) db.session.add(useremail) send_email_verify_link(useremail) db.session.commit() user_data_changed.send(g.user, changes=["profile", "email-claim"]) flash("Your profile has been updated. We sent you an email to confirm your address", category="success") else: db.session.commit() user_data_changed.send(g.user, changes=["profile"]) flash("Your profile has been updated.", category="success") if newprofile: return render_redirect(get_next_url(), code=303) else: return render_redirect(url_for("profile"), code=303) if newprofile: return render_form( form, title="Update profile", formid="profile_new", submit="Continue", message=u"Hello, %s. Please spare a minute to fill out your profile." % g.user.fullname, ajax=True, ) else: return render_form(form, title="Edit profile", formid="profile_edit", submit="Save changes", ajax=True)
def client_edit(client): form = RegisterClientForm(obj=client) form.client_owner.choices = available_client_owners() if request.method == 'GET': if client.user: form.client_owner.data = client.user.userid else: form.client_owner.data = client.org.userid if form.validate_on_submit(): if client.user != form.user or client.org != form.org: # Ownership has changed. Remove existing permission assignments for perm in UserClientPermissions.query.filter_by(client=client).all(): db.session.delete(perm) for perm in TeamClientPermissions.query.filter_by(client=client).all(): db.session.delete(perm) flash("This application’s owner has changed, so all previously assigned permissions " "have been revoked", "warning") form.populate_obj(client) client.user = form.user client.org = form.org if not client.team_access: # This client does not have access to teams in organizations. Remove all existing assignments for cta in ClientTeamAccess.query.filter_by(client=client).all(): db.session.delete(cta) db.session.commit() return render_redirect(url_for('client_info', key=client.key), code=303) return render_form(form=form, title="Edit application", formid="client_edit", submit="Save changes", ajax=True)
def team_edit(org, team): form = TeamForm(obj=team) if form.validate_on_submit(): form.populate_obj(team) db.session.commit() return render_redirect(url_for("org_info", name=org.name), code=303) return render_form(form=form, title=u"Edit team: %s" % team.title, formid="team_edit", submit="Save", ajax=False)
def add_new_video(channel, playlist): form = VideoAddForm() if form.validate_on_submit(): stream_playlist = channel.playlist_for_stream(create=True) video = Video(playlist=playlist if playlist is not None else stream_playlist) form.populate_obj(video) try: process_video(video, new=True) process_slides(video) except (DataProcessingError, ValueError) as e: flash(e.message, category="error") return render_form(form=form, title=u"New Video", submit=u"Add", cancel_url=channel.url_for(), ajax=False) video.make_name() if playlist is not None and video not in playlist.videos: playlist.videos.append(video) if video not in stream_playlist.videos: stream_playlist.videos.append(video) db.session.commit() flash(u"Added video '%s'." % video.title, 'success') return render_redirect(video.url_for('edit')) if playlist is None: cancel_url = channel.url_for() else: cancel_url = playlist.url_for() return render_form(form=form, title=u"New Video", submit=u"Add", cancel_url=cancel_url, ajax=False)
def workspace_new(): # Step 1: Get a list of organizations this user owns existing = Workspace.query.filter(Workspace.userid.in_(g.user.organizations_owned_ids())).all() existing_ids = [e.userid for e in existing] # Step 2: Prune list to organizations without a workspace new_workspaces = [] for org in g.user.organizations_owned(): if org['userid'] not in existing_ids: new_workspaces.append((org['userid'], org['title'])) if not new_workspaces: return render_message( title=u"No organizations remaining", message=u"You do not have any organizations that do not yet have a workspace.") # Step 3: Ask user to select organization form = NewWorkspaceForm() form.workspace.choices = new_workspaces if form.validate_on_submit(): # Step 4: Make a workspace org = [org for org in g.user.organizations_owned() if org['userid'] == form.workspace.data][0] workspace = Workspace(name=org['name'], title=org['title'], userid=org['userid'], currency=form.currency.data, fullname=form.fullname.data, address=form.address.data, cin=form.cin.data,pan=form.pan.data,tin=form.tin.data,tan=form.tan.data) db.session.add(workspace) db.session.commit() flash("Created new workspace for %s" % workspace.title, "success") return render_redirect(url_for('workspace_view', workspace=workspace.name), code=303) return render_form(form=form, title="Create a new organization workspace", submit="Create", formid="workspace_new", cancel_url=url_for('index'), ajax=False)
def login(): # If user is already logged in, send them back if g.user: return redirect(get_next_url(referrer=True), code=303) loginform = LoginForm() openidform = OpenIdForm() if request.method == 'GET': openidform.openid.data = 'http://' formid = request.form.get('form.id') if request.method == 'POST' and formid == 'openid': if openidform.validate(): return oid.try_login(openidform.openid.data, ask_for=['email', 'fullname', 'nickname']) elif request.method == 'POST' and formid == 'login': if loginform.validate(): user = loginform.user login_internal(user) if loginform.remember.data: session.permanent = True else: session.permanent = False db.session.commit() flash('You are now logged in', category='success') return render_redirect(get_next_url(session=True), code=303) if request.is_xhr and formid == 'login': return render_template('forms/loginform.html', loginform=loginform, Markup=Markup) else: return render_template('login.html', openidform=openidform, loginform=loginform, oiderror=oid.fetch_error(), oidnext=oid.get_next_url(), Markup=Markup)
def event_withdraw(profile, event): user_id = g.user.id participant = Participant.query.filter_by(event_id=event.id, user_id=user_id).first() if participant: workflow = participant.workflow() if not workflow.can_withdraw(): abort(403) withdraw_call = { 0: workflow.withdraw_pending, 1: workflow.withdraw_waiting_list, 2: workflow.withdraw_confirmed, 3: workflow.withdraw_rejected, } form = ConfirmWithdrawForm() if form.validate_on_submit(): if 'delete' in request.form: try: withdraw_call[participant.status]() except KeyError: pass db.session.commit() flash(u"Your request to withdraw from {0} is recorded".format(event.title), "success") values = {'profile': profile.name, 'event': event.name} return render_redirect(event.url_for(), code=303) return render_template('withdraw.html', form=form, title=u"Confirm withdraw", message=u"Withdraw from '%s' ? You can come back anytime." % (event.title)) else: abort(404)
def login(): # If user is already logged in, send them back if g.user: return redirect(get_next_url(referrer=True), code=303) loginform = LoginForm() service_forms = {} for service, provider in login_registry.items(): if provider.at_login and provider.form is not None: service_forms[service] = provider.get_form() loginmethod = None if request.method == 'GET': loginmethod = request.cookies.get('login') formid = request.form.get('form.id') if request.method == 'POST' and formid == 'passwordlogin': if loginform.validate(): user = loginform.user login_internal(user) db.session.commit() flash('You are now logged in', category='success') return set_loginmethod_cookie(render_redirect(get_next_url(session=True), code=303), 'password') elif request.method == 'POST' and formid in service_forms: form = service_forms[formid]['form'] if form.validate(): return set_loginmethod_cookie(login_registry[formid].do(form=form), formid) elif request.method == 'POST': abort(500) if request.is_xhr and formid == 'passwordlogin': return render_template('forms/loginform.html', loginform=loginform, Markup=Markup) else: return render_template('login.html', loginform=loginform, lastused=loginmethod, service_forms=service_forms, Markup=Markup)
def profile_new(): form = ProfileNewForm(obj=g.user) form.fullname.description = app.config.get('FULLNAME_REASON') form.email.description = app.config.get('EMAIL_REASON') form.username.description = app.config.get('USERNAME_REASON') form.description.description = app.config.get('BIO_REASON') if form.validate_on_submit(): # Can't auto-populate here because user.email is read-only g.user.fullname = form.fullname.data g.user.username = form.username.data g.user.description = form.description.data if form.existing_email is None: useremail = UserEmailClaim(user=g.user, email=form.email.data) db.session.add(useremail) db.session.commit() send_email_verify_link(useremail) flash("Your profile was successfully updated. We sent you an email to confirm your address", category='success') else: db.session.commit() flash("Your profile was successfully updated.", category='success') return render_redirect(get_next_url(), code=303) return render_form(form, title="Update profile", formid="profile_new", submit="Continue", message=u"Hello, %s. Please spare a minute to fill out your profile." % g.user.fullname, ajax=True)
def event_edit(profile, event): workflow = event.workflow() if not workflow.can_edit(): abort(403) form = EventForm(obj=event) if form.venue.data: form.start_datetime.timezone = form.venue.data.timezone form.end_datetime.timezone = form.venue.data.timezone else: form.start_datetime.timezone = app.config['TIMEZONE'] form.end_datetime.timezone = app.config['TIMEZONE'] if form.validate_on_submit(): old_name = event.name form.populate_obj(event) if not event.name: event.make_name() if event.name != old_name: redirect_to = EventRedirect.query.filter_by(name=old_name, profile=profile).first() if redirect_to: redirect_to.event = event else: redirect_to = EventRedirect(name=old_name, profile=profile, event=event) db.session.add(redirect_to) db.session.commit() flash(u"Your edits to %s are saved" % event.title, "success") return render_redirect(event.url_for(), code=303) return render_form(form=form, title="Edit Event", submit=u"Save", cancel_url=event.url_for(), ajax=False)
def board_new(): # Step 1: Get a list of organizations this user owns existing = Board.query.filter(Board.userid.in_(g.user.organizations_owned_ids())).all() existing_ids = [e.userid for e in existing] # Step 2: Prune list to organizations without a board new_boards = [] for org in g.user.organizations_owned(): if org['userid'] not in existing_ids: new_boards.append((org['userid'], org['title'])) if not new_boards: return render_message( title=u"No organizations found", message=Markup(u"You do not have any organizations that do not already have a board. " u'Would you like to <a href="%s">create a new organization</a>?' % lastuser.endpoint_url('/organizations/new'))) # Step 3: Ask user to select organization form = NewBoardForm() form.board.choices = new_boards if request.method == 'GET': form.board.data = new_boards[0][0] if form.validate_on_submit(): # Step 4: Make a board org = [org for org in g.user.organizations_owned() if org['userid'] == form.board.data][0] board = Board(name=org['name'], title=org['title'], userid=org['userid']) db.session.add(board) db.session.commit() flash(u"Created a board for %s" % board.title, 'success') return render_redirect(url_for('board_edit', board=board.name), code=303) return render_form(form=form, title="Create a board for your organization...", submit="Next", formid="board_new", cancel_url=url_for('index'), ajax=False)
def video_edit(channel, playlist, video, kwargs): """ Edit video """ if video.channel.userid not in g.user.user_organization_ids(): # User isn't authorized to edit abort(403) if playlist != video.playlist: # This video isn't in this playlist. Redirect to canonical URL return redirect(url_for('video_edit', channel=video.channel.name, playlist=video.playlist.name, video=video.url_name)) if kwargs['video'] != video.url_name: # Video's URL has changed. Redirect user to prevent old/invalid names # showing in the URL return redirect(url_for('video_delete', channel=channel.name, playlist=playlist.name, video=video.url_name)) form = VideoEditForm(obj=video) if form.validate_on_submit(): form.populate_obj(video) video.process_slides() db.session.commit() flash(u"Edited video '%s'." % video.title, 'success') return render_redirect(url_for('video_view', channel=channel.name, playlist=playlist.name, video=video.url_name)) return render_form(form=form, title=u"Edit video", submit=u"Save", cancel_url=url_for('video_view', channel=channel.name, playlist=playlist.name, video=video.url_name), ajax=True)
def process_form(self): if self.node is None: # Creating a new object self.node = self.model(folder=self.folder, user=g.user) db.session.add(self.node) # Name isn't in revision history, so name changes # are applied to the node. TODO: Move this into a separate # rename action self.node.name = self.form.name.data # Make a revision and apply changes to it revision = self.node.revise() # FIXME: Not all form fields are in the revision object. Don't # use populate_obj here self.form.populate_obj(revision) self.node.properties = self.form.properties.data self.process_node() if not self.node.title: # New object. Copy title from first revision self.node.title = revision.title elif not self.node.is_published: # There is no published version, so use title from the draft self.node.title = revision.title if not self.node.id and not self.node.name: self.node.make_name() db.session.commit() # FIXME: Say created when created flash(u"Edited node '%s'." % self.node.title, 'success') return render_redirect(url_for('folder', website=self.website.name, folder=self.folder.name), code=303)
def profile_edit(newprofile=False): form = ProfileForm(obj=g.user) form.edit_user = g.user form.fullname.description = current_app.config.get('FULLNAME_REASON') form.email.description = current_app.config.get('EMAIL_REASON') form.username.description = current_app.config.get('USERNAME_REASON') form.description.description = current_app.config.get('BIO_REASON') form.timezone.description = current_app.config.get('TIMEZONE_REASON') if g.user.email or newprofile is False: del form.email if newprofile is True: del form.description if form.validate_on_submit(): # Can't auto-populate here because user.email is read-only g.user.fullname = form.fullname.data g.user.username = form.username.data if not newprofile: g.user.description = form.description.data g.user.timezone = form.timezone.data if newprofile and not g.user.email: useremail = UserEmailClaim.get(user=g.user, email=form.email.data) if useremail is None: useremail = UserEmailClaim(user=g.user, email=form.email.data) db.session.add(useremail) send_email_verify_link(useremail) db.session.commit() user_data_changed.send(g.user, changes=['profile', 'email-claim']) flash("Your profile has been updated. We sent you an email to confirm your address", category='success') else: db.session.commit() user_data_changed.send(g.user, changes=['profile']) flash("Your profile has been updated.", category='success') if newprofile: return render_redirect(get_next_url(), code=303) else: return render_redirect(url_for('profile'), code=303) if newprofile: return render_form(form, title="Update profile", formid="profile_new", submit="Continue", message=Markup(u"Hello, <strong>{fullname}</strong>. Please spare a minute to fill out your profile.".format( fullname=escape(g.user.fullname))), ajax=True) else: return render_form(form, title="Edit profile", formid="profile_edit", submit="Save changes", ajax=True)
def resource_edit(client, resource): form = ResourceForm(obj=resource) if form.validate_on_submit(): form.populate_obj(resource) db.session.commit() flash("Your resource has been edited", 'success') return render_redirect(url_for('client_info', key=client.key), code=303) return render_form(form=form, title="Edit resource", formid="resource_edit", submit="Save changes", ajax=True)
def delete(self): if self.obj == self.obj.project.primary_venue: flash(_(u"You can not delete the primary venue"), 'danger') return render_redirect(self.obj.project.url_for('venues'), code=303) return render_delete_sqla(self.obj, db, title=u"Confirm delete", message=_(u"Delete venue “{title}”? This cannot be undone".format(title=self.obj.title)), success=_(u"You have deleted venue “{title}”".format(title=self.obj.title)), next=self.obj.project.url_for('venues'))
def venue_edit(event, venue): form = VenueForm(obj=venue) if form.validate_on_submit(): form.populate_obj(venue) db.session.commit() flash("Venue updated") return render_redirect(url_for('event_venues', event=event.id)) return render_template('form.html', form=form, cancel_url=url_for('event_venues', event=event.id))
def activity_edit(event, venue, activity): form = ActivityEditForm(obj=activity) if form.validate_on_submit(): form.populate_obj(activity) db.session.commit() flash("Activity updated") return render_redirect(url_for('venue_activity', event=event.id, venue=venue.id)) return render_template('form.html.jinja2', form=form, title=u"Edit Activity: %s — %s - %s" % (activity.title, venue.title, event.title), submit=u"Update", cancel_url=url_for('venue_activity', event=event.id, venue=venue.id))
def process_form(self): if self.node is None: self.node = self.model(folder=self.folder, user=g.user) db.session.add(self.node) self.form.populate_obj(self.node) db.session.commit() flash(u"Edited redirect '%s'." % self.node.title, 'success') return render_redirect(url_for('folder', website=self.website.name, folder=self.folder.name), code=303)
def resource_action_edit(client, resource, action): form = ResourceActionForm(obj=action) form.edit_resource = resource if form.validate_on_submit(): form.populate_obj(action) db.session.commit() flash("Your action has been edited", 'success') return render_redirect(url_for('client_info', key=client.key), code=303) return render_form(form=form, title="Edit action", formid="action_edit", submit="Save changes", ajax=True)
def edit(self): form = VenueRoomForm(obj=self.obj) if form.validate_on_submit(): form.populate_obj(self.obj) self.obj.make_name(reserved=RESERVED_VENUEROOM) db.session.commit() flash(_(u"Saved changes to this room"), 'success') return render_redirect(self.obj.venue.project.url_for('venues'), code=303) return render_form(form=form, title=_("Edit room"), submit=_("Save"), cancel_url=self.obj.venue.project.url_for('venues'), ajax=False)
def event_publish(profile, event): workflow = event.workflow() if not workflow.can_edit(): abort(403) workflow.openit() db.session.add(event) db.session.commit() flash(u"You have published the event %s" % event.title, "success") return render_redirect(event.url_for(), code=303)
def kiosk_delete(event, kiosk): form = ConfirmDeleteForm() if form.validate_on_submit(): if 'delete' in request.form: db.session.delete(kiosk) db.session.commit() return render_redirect(url_for('event_kiosks', event=event.id), code=303) return render_template('baseframe/delete.html', form=form, title=u"Delete '%s' ?" % (kiosk.name), message=u"Do you really want to delete the kiosk '%s' from event %s?" % (kiosk.name, event.title))
def channel_edit(channel): form = ChannelForm(obj=channel) if channel.userid == g.user.userid: form.type.choices = [(1, channel_types[1])] else: choices = channel_types.items() choices.sort() choices.pop(0) choices.pop(0) form.type.choices = choices if form.validate_on_submit(): form.populate_obj(channel) db.session.commit() flash(u"Edited description for channel", 'success') return render_redirect(channel.url_for(), code=303) return render_form(form=form, title=u"Edit channel", submit=u"Save", cancel_url=channel.url_for(), ajax=True)
def process_form(self): if self.node is None: self.node = Map(folder=self.folder, name=self.form.name.data, title=self.form.title.data) db.session.add(self.node) flash(u"Created new list '%s'" % self.node.title, 'success') else: self.node.name = self.form.name.data self.node.title = self.form.title.data flash(u"Edited list '%s'" % self.node.title, 'success') self.node.populate_map([ json.loads(row, use_decimal=True) for row in self.form.list.data.split('\n') if row.strip() ]) db.session.commit() return render_redirect(url_for('folder', website=self.website.name, folder=self.folder.name), code=303)
def profile_edit(profile): if profile.userid not in g.user.user_organizations_owned_ids(): abort(403) form = ProfileForm(obj=profile) # FIXME: The way "choices" are populated is very confusing. Make this clearer. if profile.userid == g.user.userid: form.type.choices = [(1, profile_types[1])] else: choices = profile_types.items() choices.sort() choices.pop(0) choices.pop(0) form.type.choices = choices if form.validate_on_submit(): form.populate_obj(profile) db.session.commit() flash(u"Edited description for profile", 'success') return render_redirect(profile.url_for(), code=303) return render_form(form=form, title=u"Edit profile", submit=u"Save", cancel_url=profile.url_for(), ajax=True)
def add_email(): form = NewEmailAddressForm() if form.validate_on_submit(): useremail = UserEmailClaim.get(user=current_auth.user, email=form.email.data) if useremail is None: useremail = UserEmailClaim(user=current_auth.user, email=form.email.data, type=form.type.data) db.session.add(useremail) db.session.commit() send_email_verify_link(useremail) flash(_("We sent you an email to confirm your address"), 'success') user_data_changed.send(current_auth.user, changes=['email-claim']) return render_redirect(url_for('.account'), code=303) return render_form(form=form, title=_("Add an email address"), formid='email_add', submit=_("Add email"), ajax=True)
def permission_new(): form = PermissionForm() form.context.choices = available_client_owners() if request.method == 'GET': form.context.data = g.user.userid if form.validate_on_submit(): perm = Permission() form.populate_obj(perm) perm.user = form.user perm.org = form.org perm.allusers = False db.session.add(perm) db.session.commit() flash("Your new permission has been defined", 'success') return render_redirect(url_for('.permission_list'), code=303) return render_form(form=form, title="Define a new permission", formid="perm_new", submit="Define new permission", ajax=True)
def new(self): form = OrganizationForm() form.name.description = current_app.config.get('ORG_NAME_REASON') form.title.description = current_app.config.get('ORG_TITLE_REASON') if form.validate_on_submit(): org = Organization() form.populate_obj(org) if current_auth.user not in org.owners.users: org.owners.users.append(current_auth.user) db.session.add(org) db.session.commit() org_data_changed.send(org, changes=['new'], user=current_auth.user) return render_redirect(org.url_for('view'), code=303) return render_form( form=form, title=_("New organization"), formid='org_new', submit=_("Create"), ajax=False, )
def edit_banner(self): form = ProjectBannerForm(obj=self.obj) if request.method == 'POST': if form.validate_on_submit(): form.populate_obj(self.obj) db.session.commit() flash(_("Your changes have been saved"), 'info') return render_redirect(self.obj.url_for(), code=303) else: return render_form(form=form, title="", submit=_("Save banner"), ajax=True) return render_form( form=form, title="", submit=_("Save banner"), ajax=True, template='img_upload_formlayout.html.jinja2', )
def folder_new(website): g.website = website form = FolderForm() themes = [('', 'Website Default')] + [(t.identifier, t.name) for t in get_themes_list()] form.theme.choices = themes if form.validate_on_submit(): folder = Folder(website=website) form.populate_obj(folder) db.session.add(folder) db.session.commit() return render_redirect(url_for('folder', website=website.name, folder=folder.name), code=303) return render_form(form=form, title=u"New folder", submit=u"Create", cancel_url=url_for('website', website=website.name), ajax=True)
def permission_edit(perm): form = PermissionForm(obj=perm) form.context.choices = available_client_owners() if request.method == 'GET': if perm.user: form.context.data = perm.user.userid else: form.context.data = perm.org.userid if form.validate_on_submit(): form.populate_obj(perm) perm.user = form.user perm.org = form.org db.session.commit() flash("Your permission has been saved", 'success') return render_redirect(url_for('.permission_list'), code=303) return render_form(form=form, title="Edit permission", formid="perm_edit", submit="Save changes", ajax=True)
def remove_email(md5sum): useremail = UserEmail.query.filter_by(md5sum=md5sum, user=current_auth.user).first() if not useremail: useremail = UserEmailClaim.query.filter_by( md5sum=md5sum, user=current_auth.user).first_or_404() if isinstance(useremail, UserEmail) and useremail.primary: flash(_("You cannot remove your primary email address"), 'error') return render_redirect(url_for('.profile'), code=303) if request.method == 'POST': # FIXME: Confirm validation success user_data_changed.send(current_auth.user, changes=['email-delete']) return render_delete_sqla( useremail, db, title=_(u"Confirm removal"), message=_(u"Remove email address {email}?").format( email=useremail.email), success=_(u"You have removed your email address {email}").format( email=useremail.email), next=url_for('.profile'))
def edit(self): if 'edit-filterset' not in g.board.current_permissions: abort(403) form = FiltersetForm(obj=self.obj) if form.validate_on_submit(): form.populate_obj(self.obj) try: db.session.commit() flash(u"Updated filterset", 'success') return render_redirect(self.obj.url_for(), code=303) except ValueError: db.session.rollback() flash( u"There already exists a filterset with the selected criteria", 'interactive') return render_form(form=form, title=u"Edit filterset…", submit="Update", formid="filterset_edit", ajax=False)
def new(self): self.message = u"Campaigns appear around the job board and provide a call to action for users" form = CampaignForm() if request.method == 'GET' and g.board: form.boards.data = [g.board] if form.validate_on_submit(): campaign = Campaign(user=g.user) form.populate_obj(campaign) campaign.name = suuid( ) # Use a random name since it's also used in user action submit forms db.session.add(campaign) db.session.commit() flash(u"Created a campaign", 'success') return render_redirect(campaign.url_for(), code=303) return render_form(form=form, title=u"Create a campaign…", submit="Next", formid="campaign_new", cancel_url=url_for(self.list_current.endpoint), ajax=False)
def report_edit(workspace, report): workflow = report.workflow() form = ExpenseReportForm(obj=report) return report_edit_internal(workspace, form, report, workflow) # All okay. Allow editing if form.validate_on_submit(): form.populate_obj(report) db.session.commit() flash("Edited report '%s'." % report.title, 'success') return render_redirect(url_for('report', workspace=workspace.name, report=report.url_name), code=303) return render_form(form=form, title=u"Edit expense report", formid="report_edit", submit=u"Save", cancel_url=url_for('report', workspace=workspace.name, report=report.url_name))
def node_unpublish(website, folder, node): g.website = website g.folder = folder if not (hasattr(node, 'unpublish') and callable(node.unpublish)): abort(404) form = ConfirmForm(obj=node) if form.validate_on_submit(): node.unpublish() db.session.commit() flash(u"Unpublished '%s'" % node.title, 'success') return render_redirect(url_for('folder', website=folder.website.name, folder=folder.name), code=303) return render_form(form=form, title="Unpublish node", submit=u"Unpublish", cancel_url=url_for('folder', website=folder.website.name, folder=folder.name), node=node)
def make_phone_primary(): form = PhonePrimaryForm() if form.validate_on_submit(): userphone = UserPhone.get_for(user=current_auth.user, phone=form.phone.data) if userphone is not None: if userphone.primary: flash(_("This is already your primary phone number"), 'info') else: current_auth.user.primary_phone = userphone db.session.commit() user_data_changed.send(current_auth.user, changes=['phone-update-primary']) flash(_("Your primary phone number has been updated"), 'success') else: flash(_("No such phone number is linked to this user account"), 'danger') else: flash(_("Please select a phone number"), 'danger') return render_redirect(url_for('.account'), code=303)
def make_email_primary(): form = EmailPrimaryForm() if form.validate_on_submit(): useremail = UserEmail.get_for(user=current_auth.user, email=form.email.data) if useremail is not None: if useremail.primary: flash(_("This is already your primary email address"), 'info') else: current_auth.user.primary_email = useremail db.session.commit() user_data_changed.send(current_auth.user, changes=['email-update-primary']) flash(_("Your primary email address has been updated"), 'success') else: flash(_("No such email address is linked to this user account"), 'danger') else: flash(_("Please select an email address"), 'danger') return render_redirect(url_for('.account'), code=303)
def org_new(): form = OrganizationForm() form.domain.choices = user_org_domains(g.user) form.name.description = current_app.config.get('ORG_NAME_REASON') form.title.description = current_app.config.get('ORG_TITLE_REASON') if form.validate_on_submit(): org = Organization() form.populate_obj(org) if g.user not in org.owners.users: org.owners.users.append(g.user) if g.user not in org.members.users: org.members.users.append(g.user) db.session.add(org) db.session.commit() org_data_changed.send(org, changes=['new'], user=g.user) return render_redirect(url_for('.org_info', name=org.name), code=303) return render_form(form=form, title=_("New organization"), formid='org_new', submit=_("Create"), ajax=False)
def workspace_edit(workspace): form = WorkspaceForm(obj=workspace) form.admin_teams.query = Team.query.filter_by( orgid=workspace.userid).order_by('title') form.review_teams.query = form.admin_teams.query form.access_teams.query = form.admin_teams.query if form.validate_on_submit(): form.populate_obj(workspace) db.session.commit() flash(u"Edited workspace settings.", 'success') return render_redirect(url_for('workspace_view', workspace=workspace.name), code=303) return render_form(form=form, title=u"Edit workspace settings", submit="Save", formid="workspace_edit", cancel_url=url_for('workspace_view', workspace=workspace.name), ajax=True)
def remove_extid(extid): num_extids = len(current_auth.user.externalids) has_pw_hash = bool(current_auth.user.pw_hash) if not has_pw_hash and num_extids == 1: flash( _("You do not have a password set. So you must have at least one external ID enabled." ), 'danger') return render_redirect(url_for('.account'), code=303) return render_delete_sqla( extid, db, title=_(u"Confirm removal"), message=_(u"Remove {service} account ‘{username}’ from your account?" ).format(service=login_registry[extid.service].title, username=extid.username), success=_( u"You have removed the {service} account ‘{username}’").format( service=login_registry[extid.service].title, username=extid.username), next=url_for('.account'), delete_text=_(u"Remove"))
def event_send_email(profile, event): form = SendEmailForm() form.send_to.choices = [(-1, "All participants (confirmed or not)")] + \ [(item.value, item.title) for item in ParticipantWorkflow.states()] if form.validate_on_submit(): if form.send_to.data == -1: participants = Participant.query.filter_by(event=event).all() else: participants = Participant.query.filter_by(event=event, status=form.send_to.data).all() subject = form.subject.data count = 0 for participant in participants: if participant.email: message = form.message.data.replace("*|FULLNAME|*", participant.user.fullname) text_message = html2text(message) if g.user.email: send_email(sender=(g.user.fullname, g.user.email), to=participant.email, subject=subject, body=text_message, html=message) count += 1 flash("Your message was sent to %d participant(s)." % count) return render_redirect(event.url_for()) return render_form(form=form, title="Send email to participants", submit=u"Send", cancel_url=event.url_for(), ajax=False)
def email_template_form(profile, event): form = EmailEventParticipantsForm(obj=event) if not (form.confirmation_message.data or form.waitlisted_message.data or form.rejected_message.data or form.pending_message.data): if not form.confirmation_message.data: form.confirmation_message.data = render_template('confirmed_participants_email.md', event=event) if not form.waitlisted_message.data: form.waitlisted_message.data = render_template('waitlisted_participants_email.md', event=event) if not form.rejected_message.data: form.rejected_message.data = render_template('rejected_participants_email.md', event=event) if not form.pending_message.data: form.pending_message.data = render_template('pending_participants_email.md', event=event) if form.validate_on_submit(): form.populate_obj(event) event.confirmation_message_text = html2text(event.confirmation_message) event.pending_message_text = html2text(event.pending_message) event.waitlisted_message_text = html2text(event.waitlisted_message) event.rejected_message_text = html2text(event.rejected_message) db.session.commit() flash(u"Participants Email template for %s is saved" % event.title, "success") return render_redirect(event.url_for(), code=303) return render_form(form=form, title="Email Participants form", submit=u"Save", cancel_url=event.url_for(), ajax=False)
def report_edit(report): workflow = report.workflow() if not workflow.can_view(): abort(403) if not workflow.can_edit(): return render_template( 'baseframe/message.html', message=u"You cannot edit this report at this time.") form = ExpenseReportForm(obj=report) return report_edit_internal(form, report, workflow) # All okay. Allow editing if form.validate_on_submit(): form.populate_obj(report) db.session.commit() flash("Edited report '%s'." % report.title, 'success') return render_redirect(url_for('report', id=report.id), code=303) return render_form(form=form, title=u"Edit expense report", formid="report_edit", submit=u"Save", cancel_url=url_for('report', id=report.id))
def verify_phone(phoneclaim): form = VerifyPhoneForm() form.phoneclaim = phoneclaim if form.validate_on_submit(): if not g.user.phones: primary = True else: primary = False userphone = UserPhone(user=g.user, phone=phoneclaim.phone, gets_text=True, primary=primary) db.session.add(userphone) db.session.delete(phoneclaim) db.session.commit() flash("Your phone number has been verified.", 'success') return render_redirect(url_for('profile'), code=303) return render_form(form=form, title="Verify phone number", formid="phone_verify", submit="Verify", ajax=True)
def client_new(): form = RegisterClientForm() form.client_owner.choices = available_client_owners() if request.method == 'GET': form.client_owner.data = g.user.userid if form.validate_on_submit(): client = Client() form.populate_obj(client) client.user = form.user client.org = form.org client.trusted = False db.session.add(client) db.session.commit() return render_redirect(url_for('.client_info', key=client.key), code=303) return render_form(form=form, title="Register a new client application", formid="client_new", submit="Register application", ajax=True)
def client_edit(client): form = RegisterClientForm(obj=client, model=Client) form.edit_user = current_auth.user form.client_owner.choices = available_client_owners() if request.method == 'GET': if client.user: form.client_owner.data = client.user.buid else: form.client_owner.data = client.org.buid if form.validate_on_submit(): if client.user != form.user or client.org != form.org: # Ownership has changed. Remove existing permission assignments for perm in UserClientPermissions.query.filter_by( client=client).all(): db.session.delete(perm) for perm in TeamClientPermissions.query.filter_by( client=client).all(): db.session.delete(perm) flash( _(u"This application’s owner has changed, so all previously assigned permissions " "have been revoked"), 'warning') form.populate_obj(client) client.user = form.user client.org = form.org if not client.team_access: # This client does not have access to teams in organizations. Remove all existing assignments for cta in ClientTeamAccess.query.filter_by(client=client).all(): db.session.delete(cta) db.session.commit() return render_redirect(url_for('.client_info', key=client.key), code=303) return render_form(form=form, title=_("Edit application"), formid='client_edit', submit=_("Save changes"), ajax=True)
def event_withdraw(profile, event): user_id = g.user.id participant = Participant.query.filter_by(event_id=event.id, user_id=user_id).first() if participant: workflow = participant.workflow() if not workflow.can_withdraw(): abort(403) withdraw_call = { 0: workflow.withdraw_pending, 1: workflow.withdraw_waiting_list, 2: workflow.withdraw_confirmed, 3: workflow.withdraw_rejected, } form = ConfirmWithdrawForm() if form.validate_on_submit(): if 'delete' in request.form: try: withdraw_call[participant.status]() except KeyError: pass db.session.commit() flash( u"Your request to withdraw from {0} is recorded".format( event.title), "success") values = {'profile': profile.name, 'event': event.name} return render_redirect(url_for('event_view', **values), code=303) return render_template( 'withdraw.html', form=form, title=u"Confirm withdraw", message=u"Withdraw from '%s' ? You can come back anytime." % (event.title)) else: abort(404)
def event_apply(profile, event): values = {'profile': profile.name, 'event': event.name} participant = Participant.get(g.user, event) if not participant: # If no participant is found create a new participant entry # First collect some information about the new participant user = g.user form = ParticipantForm(obj=user) if form.validate_on_submit(): total_participants = Participant.query.filter_by( event_id=event.id).count() participant = Participant(user=user, event=event) form.populate_obj(participant) participant.save_defaults() participant.status = PARTICIPANT_STATUS.PENDING if event.maximum_participants < total_participants else PARTICIPANT_STATUS.WL db.session.add(participant) db.session.commit() flash( u"Your request to participate has been recorded; you will be notified by the event manager", "success") else: return render_form(form=form, title="Participant Details", submit=u"Participate", cancel_url=url_for('event_view', event=event.name, profile=profile.name), ajax=False) # FIXME: Don't change anything unless this is a POST request elif participant.status == PARTICIPANT_STATUS.WITHDRAWN: participant.status = PARTICIPANT_STATUS.PENDING db.session.commit() flash( u"Your request to participate has been recorded; you will be notified by the event manager", "success") else: flash(u"Your request is pending", "error") return render_redirect(url_for('event_view', **values), code=303)
def board_new(): form = BoardForm() if 'siteadmin' not in lastuser.permissions(): # Allow only siteadmins to set this field del form.options.form.require_pay form.userid.choices = g.user.allowner_choices() if form.validate_on_submit(): board = Board() form.populate_obj(board) if not board.name: board.make_name() db.session.add(board) if 'add' in request.args: post = JobPost.get(request.args['add']) if post: board.add(post) db.session.commit() flash(u"Created a job board named %s" % board.title, 'success') return render_redirect(url_for('board_view', board=board.name), code=303) return render_form(form=form, title=u"Create a job board…", submit="Next", message=u"Make your own job board with just the jobs you want to showcase. " "Your board will appear as a subdomain", formid="board_new", cancel_url=url_for('index'), ajax=False)
def event_edit(profile, event): workflow = event.workflow() if not workflow.can_edit(): abort(403) form = EventForm(obj=event) if form.validate_on_submit(): form.populate_obj(event) if not event.name: event.make_name() event.profile_id = profile.id db.session.commit() flash(u"Your edits to %s are saved" % event.title, "success") return render_redirect(url_for('event_view', event=event.name, profile=profile.name), code=303) return render_form(form=form, title="Edit Event", submit=u"Save", cancel_url=url_for('event_view', event=event.name, profile=profile.name), ajax=False)