def decorated_function(*args, **kwargs): if current_user.has_department( kwargs["department_id"]) or current_user.is_admin(): return view_function(*args, **kwargs) flash('You do not have sufficient permissions to do that', 'alert alert-danger') return redirect(request.args.get('next') or '/')
def decorated_function(*args, **kwargs): try: department = Department.query.filter_by( short_name=kwargs["short_name"].upper()).first() except KeyError: department = Department.query.filter_by( id=kwargs["department_id"]).first() # check whether the current dataset is public dataset_is_public = True if dataset: try: dataset_is_public = getattr(department, "is_public_{}".format(dataset)) except ValueError: dataset_is_public = True # check whether the user has access to this department if current_user.is_authenticated(): user_has_dept_access = current_user.has_department( department.id) or current_user.is_admin() else: user_has_dept_access = False # abort with a 403 Forbidden if the department or dataset's not public and the user's not authorized to access it if (not department.is_public or not dataset_is_public) and ( not current_user.is_authenticated() or not user_has_dept_access): abort(403) return view_function(*args, **kwargs)
def edit_chart_block(department_id, chart_slug): block = ChartBlock.query.filter_by(department_id=department_id, slug=chart_slug).first() if not block: abort(404) if not current_user.has_department(department_id) and not current_user.is_admin(): abort(401) # set values if they were passed block.title = request.form["chart_title"] if "chart_title" in request.form and request.form["chart_title"] else block.title block.content = request.form["chart_content"] if "chart_content" in request.form and request.form["chart_content"] else block.content if ("chart_order" in request.form and request.form["chart_order"]): try: int(request.form["chart_order"]) except: pass else: block.order = request.form["chart_order"] block.save() if "blocks_prefix" in request.form: # Importing this at the top of file caused a circular dependency # issue so we do a delayed import here from comport.department.models import Department department = Department.query.filter_by(id=department_id).first() blocks = department.get_blocks_by_slug_startswith(request.form["blocks_prefix"]) block.order = max(min(block.order, len(blocks) - 1), 0) block.save() # Init new array to length of blocks new_blocks = [None] * len(blocks) # Put block of interest where it's supposed to be new_blocks[block.order] = block blocks.pop(blocks.index(block)) # Iterate through new_blocks for index, value in enumerate(new_blocks): if value is not None: continue move_block = blocks.pop(0) move_block.order = index move_block.save() new_blocks[index] = move_block if request.referrer and 'edit' in request.referrer: new_path = urlparse(request.referrer.replace('/edit/', '/preview/')).path else: new_path = url_for( 'department.department_dashboard', department_id=department_id ) return redirect(new_path)
def edit_chart_block(department_id, chart_slug): block = ChartBlock.query.filter_by(department_id=department_id, slug=chart_slug).first() if not block: abort(404) if not current_user.has_department(department_id) and not current_user.is_admin(): abort(401) block.title = request.form["chart_title"] block.content = request.form["chart_content"] block.save() return redirect(url_for( 'department.department_dashboard', department_id=department_id ))
def edit_chart_block(department_id, chart_slug): block = ChartBlock.query.filter_by(department_id=department_id, slug=chart_slug).first() if not block: abort(404) if not current_user.has_department( department_id) and not current_user.is_admin(): abort(401) block.title = request.form["chart_title"] block.content = request.form["chart_content"] block.save() return redirect( url_for('department.department_dashboard', department_id=department_id))
def decorated_function(*args, **kwargs): if current_user.has_department(kwargs["department_id"]) or current_user.is_admin(): return view_function(*args, **kwargs) flash('You do not have sufficent permissions to do that', 'alert alert-danger') return redirect(request.args.get('next') or '/')
def edit_chart_block(department_id, chart_slug): block = ChartBlock.query.filter_by(department_id=department_id, slug=chart_slug).first() if not block: abort(404) if not current_user.has_department( department_id) and not current_user.is_admin(): abort(401) # set values if they were passed block.title = request.form[ "chart_title"] if "chart_title" in request.form and request.form[ "chart_title"] else block.title block.content = request.form[ "chart_content"] if "chart_content" in request.form and request.form[ "chart_content"] else block.content if ("chart_order" in request.form and request.form["chart_order"]): try: int(request.form["chart_order"]) except: pass else: block.order = request.form["chart_order"] block.save() if "blocks_prefix" in request.form: # Importing this at the top of file caused a circular dependency # issue so we do a delayed import here from comport.department.models import Department department = Department.query.filter_by(id=department_id).first() blocks = department.get_blocks_by_slug_startswith( request.form["blocks_prefix"]) block.order = max(min(block.order, len(blocks) - 1), 0) block.save() # Init new array to length of blocks new_blocks = [None] * len(blocks) # Put block of interest where it's supposed to be new_blocks[block.order] = block blocks.pop(blocks.index(block)) # Iterate through new_blocks for index, value in enumerate(new_blocks): if value is not None: continue move_block = blocks.pop(0) move_block.order = index move_block.save() new_blocks[index] = move_block if request.referrer and 'edit' in request.referrer: new_path = urlparse(request.referrer.replace('/edit/', '/preview/')).path else: new_path = url_for('department.department_dashboard', department_id=department_id) return redirect(new_path)