def delete_node(): id_ = request.args.get('id') if not id_: flash('Node ID not provided.') return redirect(url_for('nodes')) if current_user.check_role() >= 10: del_node = api_delete('nodes', id_) if del_node: flash("Node deleted successfully.") return redirect(url_for('nodes')) else: flash("Error deleting node. Please try again.") return redirect(url_for('nodes')) elif current_user.check_role() >= 3: query = {"filters": [{"op": "eq", "name": "id", "val": id_}]} test_node = api_get('nodes', query) if test_node: if test_node[0].get('owner') != current_user.username: flash("Permission denied.") return redirect(url_for('nodes')) del_node = api_delete('nodes', id_) if del_node: flash("Node deleted successfully.") return redirect(url_for('nodes')) else: flash("Error deleting node. Please try again.") return redirect(url_for('nodes')) else: abort(401)
def disable_node(): id_ = request.args.get('id') if not id_: flash('Node ID not provided.') return redirect(url_for('nodes')) if current_user.check_role() >= 10: query = {"filters": [{"op": "eq", "name": "id", "val": id_}]} data = {"active": False, 'q': query} disable_node = api_update('nodes', data) if disable_node: flash("Node disabled successfully.") return redirect(url_for('nodes')) else: flash("Error disabling node. Please try again.") return redirect(url_for('nodes')) elif current_user.check_role() >= 3: query = {"filters": [{"op": "eq", "name": "id", "val": id_}]} test_node = api_get('nodes', query) if test_node.get('owner') != current_user.username: flash("Permission denied.") return redirect(url_for('nodes')) query = {"filters": [{"op": "eq", "name": "id", "val": id_}]} data = {"active": False, 'q': query} disable_node = api_update('nodes', data) if disable_node: flash("Node disabled successfully.") return redirect(url_for('nodes')) else: flash("Error disabling node. Please try again.") return redirect(url_for('nodes')) else: abort(401)
def new_node(): if current_user.check_role() >= 3: # For now let's limit a user to 5 nodes. Admins can have unlimited nodes. if current_user.check_role() >= 10: # We will just trick it into always being lower than 5 node_count = [] else: query = { "filters": [{ "op": "eq", "name": "owner", "val": current_user.username }] } node_count = api_get('nodes', query) if len(node_count) >= 5: flash('You have reached the limit of 5 nodes.') return redirect(url_for('nodes')) check_dup = True # Keep trying to create unique keys until they don't exist in the db. This should really only run once. # Collisions should be very low. while check_dup: unique_id = create_unique_id() api_key = create_api_key() query = { "filters": [{ "or": [{ "op": "eq", "name": "unique_id", "val": unique_id }, { "op": "eq", "name": "api_key", "val": api_key }] }], "single": True } check_dup = api_get('nodes', query) data = { "owner": current_user.username, "unique_id": unique_id, "api_key": api_key, "active": True } add_node = api_create('nodes', data) if add_node: flash("Node {} added successfully.".format(unique_id)) return redirect(url_for('nodes')) else: flash("Error adding node. Please try again.") return redirect(url_for('nodes')) else: abort(401)
def check_is_admin(*args, **kwargs): if not current_user.is_authenticated: flash('Вы не авторизованы', 'alert') return redirect(url_for('login')) if not current_user.check_role('Admin'): flash('У вас не достаточно прав', 'alert') return redirect(url_for('index')) return foo(*args, **kwargs)
def inner(*args, **kwargs): from .models import Role current_user = import_user() if current_user.check_role(role): return func(*args, **kwargs) raise Forbidden( "Your roles do not grant you access to this page, or your account is disabled." )
def nodes(): sort = request.args.get('sort', 'id') # You would image that the library would support switching the sort automatically from asc to desc, but it # doesn't appear it does that :( sort_dir = request.args.get('direction', 'asc') # Check if admin if current_user.check_role() >= 10: query = { "filters": [], "order_by": [{ "field": sort, "direction": sort_dir }] } the_nodes = api_get('nodes', query) if not the_nodes: the_nodes = [] # Populate the table table = NodesTable(the_nodes) return render_template("nodes.html", table=table) # Check if user elif current_user.check_role() >= 3: query = { "filters": [{ "op": "eq", "name": "owner", "val": current_user.username }], "order_by": [{ "field": sort, "direction": sort_dir }] } the_nodes = api_get('nodes', query) if not the_nodes: the_nodes = [] # Populate the table table = NodesTable(the_nodes) return render_template("nodes.html", table=table) else: # User unauthorized abort(401)
def matter(): if not current_user.check_role('matter'): return redirect(url_for('accessdenied')) form = Matter() if request.method == 'GET': return render_template('matter.html', form=form) if request.method == 'POST': Mattermain(form.emailadd.data, form.password.data, send_mail=form.send_email.data) return render_template('report_success.html') return render_template('matter.html', title='Matter Upload', form=form)
def cat(): if not current_user.check_role('cat'): return redirect(url_for('accessdenied')) form = CAT() email_user = form.emailadd.data email_pwd = form.password.data send_email = form.send_email.data if request.method == 'GET': return render_template('catWTF.html', form=form) if request.method == 'POST': catmain(email_user, email_pwd, send_email) return render_template('report_success.html') return render_template('catWTF.html', title='CAT Report', form=form)
def invites(): sort = request.args.get('sort', 'id') # You would image that the library would support switching the sort automatically from asc to desc, but it # doesn't appear it does that :( sort_dir = request.args.get('direction', 'asc') order = asc(sort) if sort_dir == "asc" else desc(sort) # Check if admin if current_user.check_role() >= 10: the_invites = db.session.query(Invites).order_by(order).all() # Populate the table table = InviteTable(the_invites) return render_template("invites.html", table=table) else: # User unauthorized abort(401)
def change_password(): if current_user.check_role() >= 3: the_user = db.session.query(User).filter(User.username == current_user.username).first() try: thepassword = generate_password() the_user.password = bcrypt.hashpw(thepassword.encode('utf-8'), bcrypt.gensalt()).decode('utf-8') db.session.merge(the_user) db.session.commit() flash("Password regenerated successfully!".format(the_user.username)) return render_template("users_newpass.html", the_pass=thepassword, the_user=the_user.username) except Exception as e: print(e) flash("Error updating user. Please try again.") return redirect(url_for('users')) else: abort(401)
def delete_user(): id_ = request.args.get('id') if not id_: flash('User ID not provided.') return redirect(url_for('users')) if current_user.check_role() >= 10: del_user = db.session.query(User).filter(User.id == id_).first() try: db.session.delete(del_user) db.session.commit() flash("User {} deleted successfully.".format(del_user.username)) return redirect(url_for('users')) except: flash("Error deleting user. Please try again.") return redirect(url_for('users')) else: abort(401)
def delete_invite(): id_ = request.args.get('id') if not id_: flash('Invite code ID not provided.') return redirect(url_for('invites')) if current_user.check_role() >= 10: del_invite_code = db.session.query(Invites).filter(Invites.id == id_).first() try: db.session.delete(del_invite_code) db.session.commit() flash("Invite code {} deleted successfully.".format(del_invite_code.invite_code)) return redirect(url_for('invites')) except: flash("Error deleting invite code. Please try again.") return redirect(url_for('invites')) else: abort(401)
def ack(): # if current_user.role not in ['ack','admin']: # return redirect(url_for('accessdenied')) # return render_template('ack.html', title='Acknowledgement Letter Report') if not current_user.check_role('ack'): return redirect(url_for('accessdenied')) form = Ack() Ack_create_folder() if request.method == 'GET': return render_template('ack.html', form=form) if request.method == 'POST': flash('The email address is: ' + form.emailadd.data + " The checkbox shows: " + str(form.send_email.data)) Ackmain(form.emailadd.data, form.password.data, form.send_email.data) return render_template('report_success.html') return render_template('ack.html', title='Acknowledgement Letter Add-In', form=form)
def register(): if current_user.is_authenticated: if current_user.check_role(['admin']): status = 'True' else: return redirect(url_for('main.index')) else: status = current_app.config['REGISTRATION_OPEN'] form = RegistrationForm() if form.validate_on_submit(): user = User(email=form.email.data.lower()) user.set_password(form.password.data) db.session.add(user) db.session.commit() send_verification_email(user) return redirect(url_for('auth.unverified_email')) return render_template('auth/register.html', title='Register', form=form, status=status)
def disable_invite(): # I'm doing provide a disable function for now, perhaps update it to fill edit later. id_ = request.args.get('id') if not id_: flash('Invite code ID not provided.') return redirect(url_for('invites')) if current_user.check_role() >= 10: the_invite = db.session.query(Invites).filter(Invites.id == id_).first() the_invite.active = False try: db.session.merge(the_invite) db.session.commit() flash("Invite code {} updated successfully.".format(the_invite.invite_code)) return redirect(url_for('invites')) except: flash("Error disabling invite code. Please try again.") return redirect(url_for('invites')) else: abort(401)
def regen_password(): id_ = request.args.get('id') if not id_: flash('Node ID not provided.') return redirect(url_for('users')) if current_user.check_role() >= 10: the_user = db.session.query(User).filter(User.id == id_).first() try: thepassword = generate_password() the_user.password = bcrypt.hashpw(thepassword.encode('utf-8'), bcrypt.gensalt()).decode('utf-8') db.session.merge(the_user) db.session.commit() flash("User {} updated successfully.".format(the_user.username)) return render_template("users_newpass.html", the_pass=thepassword, the_user=the_user.username) except Exception as e: print(e) flash("Error updating user. Please try again.") return redirect(url_for('users')) else: abort(401)
def new_invite(): if current_user.check_role() >= 10: check_dup = True # Keep trying to create unique keys until they don't exist in the db. This should really only run once. # Collisions should be very low. while check_dup: invite_code = create_invite_code() check_dup = db.session.query(Invites).filter(Invites.invite_code == invite_code).first() new_code = Invites() new_code.created_by = current_user.username new_code.invite_code = invite_code new_code.active = True try: db.session.add(new_code) db.session.commit() flash("Invite code {} added successfully.".format(invite_code)) return redirect(url_for('invites')) except: db.session.rollback() flash("Error adding invite code. Please try again.") return redirect(url_for('invites')) else: abort(401)
def regen_node_api(): id_ = request.args.get('id') if not id_: flash('Node ID not provided.') return redirect(url_for('nodes')) if current_user.check_role() >= 10: check_dup = True # Keep trying to create unique keys until they don't exist in the db. This should really only run once. # Collisions should be very low. while check_dup: api_key = create_api_key() query = { "filters": [{ "op": "eq", "name": "api_key", "val": api_key }], "single": True } check_dup = api_get('nodes', query) query = {"filters": [{"op": "eq", "name": "id", "val": id_}]} data = {"api_key": api_key, 'q': query} api_node = api_create('nodes', data) if api_node: flash("Node updated successfully.") return redirect(url_for('nodes')) else: flash("Error updating node. Please try again.") return redirect(url_for('nodes')) elif current_user.check_role() >= 3: query = {"filters": [{"op": "eq", "name": "id", "val": id_}]} test_node = api_get('nodes', query) if test_node.get('owner') != current_user.username: flash("Permission denied.") return redirect(url_for('nodes')) check_dup = True # Keep trying to create unique keys until they don't exist in the db. This should really only run once. # Collisions should be very low. while check_dup: api_key = create_api_key() query = { "filters": [{ "op": "eq", "name": "api_key", "val": api_key }], "single": True } check_dup = api_get('nodes', query) query = {"filters": [{"op": "eq", "name": "id", "val": id_}]} data = {"api_key": api_key, 'q': query} api_node = api_create('nodes', data) if api_node: flash("Node updated successfully.") return redirect(url_for('nodes')) else: flash("Error updating node. Please try again.") return redirect(url_for('nodes')) else: abort(401)
def decorated_function(*args, **kwargs): if not current_user.check_role(roles): flash('You do not have permission to view this page.', 'warning') return redirect(url_for('main.index')) return func(*args, **kwargs)