def admin_orders_action(req, id): check_login(req) check_token(req, req.form.get('token')) check_right(req, module_right) if req.uri.endswith('/storno'): ostate = STATE_STORNED elif req.uri.endswith('/process'): ostate = STATE_PROCESS elif req.uri.endswith('/sent'): ostate = STATE_SENT elif req.uri.endswith('/close'): ostate = STATE_CLOSED elif req.uri.endswith('/wait_for_paid'): ostate = STATE_WAIT_FOR_PAID elif req.uri.endswith('/wait_for_pick_up'): ostate = STATE_WAIT_FOR_PICK_UP else: raise SERVER_RETURN(state.HTTP_BAD_REQUEST) note = req.form.getfirst('note', '', uni) order = Order(id) if order.set_state(req, ostate, note) is None: raise SERVER_RETURN(state.HTTP_NOT_FOUND) if ostate != STATE_CLOSED: send_order_status(req, order) redirect(req, '/admin/eshop/orders/%d' % id)
def login_mod(req): check_login(req) login = Login(req.login.id) token = do_create_token(req, "/login") state = None if req.method == "POST": check_token(req, req.form.get("token")) login.bind(req.form, req.cfg.login_rounds) email = login.email if login.email != req.login.email else None state = login.pref(req, email=email) if 0 < state < 64: return generate_page(req, "login/login_mod.html", token=token, item=login, error=state) state = 0 if state is None else state if email: host = "%s (%s)" % (req.remote_host, req.remote_addr) send_verify_email(req, login, req.login.email, host=host, browser=req.user_agent) state |= REQUEST_FOR_EMAIL else: email = None # endif login.get(req) req.login = login return generate_page(req, "login/login_mod.html", token=token, item=login, state=state, email=email)
def eshop_cart_add(req): do_check_mgc(req) check_token(req, req.json.get('token')) cart = ShoppingCart(req) item_id = req.json.getfirst('item_id', fce=nint) count = req.json.getfirst('count', 0, int) if count < 1: req.state = state.HTTP_BAD_REQUEST req.content_type = 'application/json' return json.dumps({'reason': 'count must bigger then zero'}) item = Item(item_id) if not item.get(req) or item.state != STATE_VISIBLE: req.state = state.HTTP_NOT_FOUND req.content_type = 'application/json' return json.dumps({'reason': 'item not found'}) # append or incrase item cart.merge_items(((item_id, {'name': item.name, 'price': item.price, 'count': count }),)) cart.store(req) cart.calculate() req.content_type = 'application/json' return json.dumps({'reason': 'item append to cart', 'cart': cart.dict()})
def admin_logins_enable(req, id): check_login(req, "/log_in?referer=/admin/logins") check_right(req, R_ADMIN) check_token(req, req.form.get("token")) login = Login(id) if req.login.id == login.id: # not good idea to raise SERVER_RETURN(state.HTTP_FORBIDDEN) # disable himself login.enabled = int(req.uri.endswith("/enable")) login.enable(req) redirect(req, "/admin/logins")
def admin_menu_delete(req, codebook, id): check_login(req) check_right(req, module_right) check_token(req, req.args.get('token'), uri='/admin/codebooks/%s' % codebook) Codebook = build_class(codebook) item = Codebook(id) if item.delete(req): return json_response(req) req.status = state.HTTP_BAD_REQUEST req.content_type = 'application/json' return json_response(req, {'reason': 'integrity_error'})
def admin_item_state(req, id): check_login(req, '/log_in?referer=/admin/eshop/store') check_right(req, module_right) check_token(req, req.form.get('token'), uri='/admin/eshop/store') item = Item(id) if not item.get(req): raise SERVER_RETURN(state.HTTP_NOT_FOUND) if req.uri.endswith('/visible'): item.set_state(req, STATE_VISIBLE) elif req.uri.endswith('/hidden'): item.set_state(req, STATE_HIDDEN) else: item.set_state(req, STATE_DISABLED) redirect(req, req.referer)
def admin_item_mod(req, id): check_login(req) check_right(req, module_right) item = Item(id) if req.method == 'POST': check_token(req, req.form.get('token')) item.bind(req.form) error = item.mod(req) if error != item: return generate_page(req, "admin/eshop/item_mod.html", item=item, error=error) if not item.get(req): # still fresh data raise SERVER_RETURN(state.HTTP_NOT_FOUND) return generate_page(req, "admin/eshop/item_mod.html", token=create_token(req), item=item)
def admin_item_add(req): check_login(req) check_right(req, module_right) item = Item() if req.method == 'POST': check_token(req, req.form.get('token'), uri='/admin/eshop/store/add') item.bind(req.form) error = item.add(req) if error != item: return generate_page(req, "admin/eshop/item_mod.html", item=item, error=error) redirect(req, '/admin/eshop/store/%d' % item.id) # endif return generate_page(req, "admin/eshop/item_mod.html", token=create_token(req), item=item)
def admin_codebook_add_update(req, codebook, id=None): check_login(req) check_right(req, module_right) check_token(req, req.form.get('token'), uri='/admin/codebooks/%s' % codebook) Codebook = build_class(codebook) item = Codebook(id) item.bind(req.form) if not item.value: req.status = state.HTTP_BAD_REQUEST return json_response(req, {'reason': 'empty_value'}) if (item.mod(req) if id else item.add(req)): return json_response(req) req.status = state.HTTP_BAD_REQUEST return json_response(req, {'reason': 'value_exist'})
def eshop_cart_pay_and_order(req): do_check_mgc(req) check_token(req, req.form.get('token'), uri='/eshop/cart/recapitulation') cart = ShoppingCart(req) # TODO: payment page if could be (paypal, card, transfer) order = Order.from_cart(cart) if not order: redirect(req, '/eshop') order.client_id = req.login.id if req.login else None retval = order.add(req) if retval == order: cart.clean(req) send_order_status(req, order) return generate_page(req, "eshop/shopping_accept.html", order=order) if retval[0] == EMPTY_ITEMS: redirect(req, '/eshop') if retval[0] == NOT_ENOUGH_ITEMS: cart.set_not_enought(retval[1]) cart.store(req) redirect(req, '/eshop/cart')
def eshop_cart(req): do_check_mgc(req) cart = ShoppingCart(req) if req.method == 'PATCH': check_token(req, req.json.get('token'), uri='/eshop/cart') cart.merge_items(req.json.get('items', [])) req.content_type = 'application/json' cart.store(req) # store shopping cart cart.calculate() return json.dumps({'cart': cart.dict()}) cart.calculate() if req.is_xhr: check_origin(req) req.content_type = 'application/json' return json.dumps({'cart': cart.dict()}) # GET method only view shopping cart - no store was needed return generate_page(req, "eshop/shopping_cart.html", token=create_token(req), cfg_currency=req.cfg.eshop_currency, cart=cart)
def admin_item_actions(req, item_id): check_login(req) check_right(req, module_right) check_token(req, req.args.get('token'), uri='/admin/eshop/store/%s' % item_id) action_type = req.args.getfirst('type', '', uni) if action_type == 'inc': kwargs = {'action_type': ACTION_INC} elif action_type == 'dec': kwargs = {'action_type': ACTION_DEC} elif action_type == 'pri': kwargs = {'action_type': ACTION_PRI} else: kwargs = {} kwargs['item_id'] = item_id pager = Pager(sort='desc') pager.bind(req.args) actions = list(a.__dict__ for a in Action.list(req, pager, **kwargs)) req.content_type = 'application/json' return json.dumps({'actions': actions, 'pager': pager.__dict__})
def admin_logins_mod(req, id): check_login(req) check_right(req, R_ADMIN) token = do_create_token(req, "/admin/logins/%d" % id) login = Login(id) if req.login.id == login.id: # not good idea to remove raise SERVER_RETURN(state.HTTP_FORBIDDEN) # rights himself done = None if req.method == "POST": check_token(req, req.form.get("token")) login.bind(req.form, req.cfg.login_rounds) done = login.mod(req) if 0 < done < 64: return generate_page(req, "admin/logins_mod.html", token=token, rights=rights, item=login, error=done) # endif # endif if not login.get(req): raise SERVER_RETURN(state.HTTP_NOT_FOUND) return generate_page(req, "admin/logins_mod.html", token=token, rights=rights, item=login, state=done)
def admin_logins_add(req): check_login(req) check_right(req, R_ADMIN) token = do_create_token(req, "/admin/logins/add") if req.method == "POST": check_token(req, req.form.get("token")) login = Login() login.bind(req.form, req.cfg.login_rounds) if not req.cfg.login_created_verify_link: login.enabled = 1 login.rights = ["user"] error = login.add(req) if error: return generate_page(req, "admin/logins_mod.html", token=token, rights=rights, item=login, error=error) if req.cfg.login_created_verify_link: send_login_created(req, login) redirect(req, "/admin/logins/%d" % login.id) # endif return generate_page(req, "admin/logins_mod.html", token=token, rights=rights)
def admin_item_incdec(req, id): check_login(req, '/log_in?referer=/admin/eshop/store/%s' % id) check_right(req, module_right) check_token(req, req.form.get('token'), uri='/admin/eshop/store/%s' % id) if req.uri.endswith('/inc'): action_type = ACTION_INC elif req.uri.endswith('/dec'): action_type = ACTION_DEC elif req.uri.endswith('/pri'): action_type = ACTION_PRI else: raise RuntimeError('Unknow action') action = Action.bind(req.form, action_type) item = Item(id) if not item.action(req, action) or not item.get(req): req.status = state.HTTP_NOT_FOUND req.content_type = 'application/json' return json.dumps({'reason': 'item not found'}) req.content_type = 'application/json' return json.dumps({'item': item.__dict__})
def eshop_cart_address_post(req): do_check_mgc(req) check_token(req, req.form.get('token'), uri='/eshop/cart/address') cart = ShoppingCart(req) way = req.form.getfirst('way', '', str) same_as_billing = 'same_as_billing' in req.form billing_address = Address.bind(req.form, 'billing_') if same_as_billing: shipping_address = billing_address.copy() shipping_address['same_as_billing'] = True else: shipping_address = Address.bind(req.form, 'shipping_') shipping_address['same_as_billing'] = False transportation = req.form.getfirst('transportation', '', str) payment = req.form.getfirst('payment', '', str) if req.login: email = req.login.email emailcheck = email else: email = req.form.getfirst('email', '', str) emailcheck = req.form.getfirst('emailcheck', '', str) transportation_price = req.cfg.__dict__.get( 'eshop_transportation_' + transportation, -1) payment_price = req.cfg.__dict__.get( 'eshop_payment_' + payment, -1) if transportation and transportation_price < 0: raise SERVER_RETURN(state.HTTP_BAD_REQUEST) if payment and payment_price < 0: raise SERVER_RETURN(state.HTTP_BAD_REQUEST) if len(billing_address): cart.billing_address = billing_address if len(shipping_address): cart.shipping_address = shipping_address if transportation: cart.transportation = (transportation, transportation_price) if payment: cart.payment = (payment, payment_price) if re_email.match(email): cart.email = email if re_email.match(emailcheck): cart.emailcheck = emailcheck cart.store(req) # store shopping cart if not billing_address: return eshop_cart_address(req, cart, error='no_billing_address') if len(shipping_address) == 1: # only same_as_billing return eshop_cart_address(req, cart, error='no_shipping_address') if not email or email != emailcheck: return eshop_cart_address(req, cart, error='no_email') if not transportation: return eshop_cart_address(req, cart, error='no_transportation') if not payment: return eshop_cart_address(req, cart, error='no_payment') # end of errors block cart.calculate() if way == 'next': redirect(req, '/eshop/cart/recapitulation') elif way == 'prev': redirect(req, '/eshop/cart') return eshop_cart_address(req, cart)