def frontend_top_nav(): navbar = ExtendedNavbar( View(current_app.config['SITE_TITLE'], 'frontend.index'), root_class='navbar navbar-inverse navbar-fixed-top', items = ( View('Home', 'frontend.index'), View('Members', 'frontend.members'), ) ) if current_user.is_active: navbar.right_items = ( View('Logout {}'.format(current_user.email), 'security.logout'), View('Change password', 'security.change_password'), ) if current_user.has_role('admin'): navbar.right_items = \ (View('User admin', 'useradmin.index'),)\ +navbar.right_items if current_user.has_role('editor'): navbar.right_items = \ (View('Site editor', 'backend.index'),)\ +navbar.right_items else: navbar.right_items = ( View('Login', 'security.login'), ) return navbar
def get_query(self): allowed_locations = [location.id for location in current_user.locations] if current_user.has_role('Administrator'): return self.session.query(self.model) elif current_user.has_role('Standard'): return self.session.query(self.model).filter( self.model.id.in_(allowed_locations))
def application_comment_action(application_id, comment_id, action): form_comment = HrApplicationCommentForm() if current_user.has_role("recruiter") or current_user.has_role("admin"): if HrApplication.query.filter_by(id=int(application_id)).first(): if HrApplicationComment.query.filter_by(id=comment_id).first(): comment = HrApplicationComment.query.filter_by(id=comment_id).first() if comment.user_id == current_user.get_id() or current_user.has_role("admin"): if request.method == 'POST': if action == "edit": if form_comment.validate_on_submit(): flash("comment valid", category="message") HrManager.edit_comment(comment, form_comment.comment.data) elif action == "delete": print "wat" comment.delete() elif action == "delete": print "wat" comment.delete() return redirect(url_for('recruit.application_view', application_id=application_id)) return redirect(url_for('recruit.applications'))
def get_count_query(self): allowed_locations = [location.id for location in current_user.locations] if current_user.has_role('Administrator'): return super(StandardFilteredView, self).get_count_query() elif current_user.has_role('Standard'): return super(StandardFilteredView, self).get_count_query().filter( self.model.id.in_(allowed_locations))
def frontend_top_nav(): navbar = ExtendedNavbar( LocalizedView(babel_config('SITE_TITLE'), 'frontend.index'), root_class='navbar navbar-inverse navbar-fixed-top', items = ( LocalizedView(_('Home'), 'frontend.index'), LocalizedView(_('Members'), 'frontend.members'), ) ) if current_user.is_active: navbar.right_items = ( Text('{}:'.format(current_user.email)), LocalizedView(_('Logout'), 'security.logout'), LocalizedView(_('Change password'), 'security.change_password'), ) if current_user.has_role('editor'): navbar.right_items += \ (LocalizedView(_('Site editor'), 'backend.index'),) if current_user.has_role('admin'): navbar.right_items += \ (LocalizedView(_('User admin'), 'useradmin.index'),) else: navbar.right_items = ( View(_('Login'), 'security.login'), ) if get_language_code()=='en': navbar.right_items += ( LocalizedView(u'עברית', 'frontend.index', 'he'), ) else: navbar.right_items += ( LocalizedView('English', 'frontend.index', 'en'), ) return navbar
def is_accessible(self): #set defaults.. self.can_export = False # set accessibility... if not current_user.is_active or not current_user.is_authenticated: return False # roles not tied to assending permissions... if current_user.has_role('export'): self.can_export = True # roles with assending permissions... if current_user.has_role('superuser'): self.can_create = True self.can_edit = True self.can_delete = True self.can_export = True return True if current_user.has_role('user'): self.can_create = True self.can_edit = True self.can_delete = False return True if current_user.has_role('create'): self.can_create = True self.can_edit = False self.can_delete = False return True if current_user.has_role('read'): self.can_create = False self.can_edit = False self.can_delete = False #self.can_export = False return True return False
def list_receivers(): """List receivers that only have rights to see.""" page = request.args.get('page', 1, type=int) per_page = request.args.get('per_page', 3, type=int) classes = current_user.classes role_ids = [] if current_user.has_role(u'辅导员'): # 如果当前的角色是辅导员,则可以看到所有的本班的人,除了自己。 student_role = api_role.first(name=u'学生') role_ids = [student_role.id] elif current_user.has_role(u'学生'): # 如果当前的角色是学生,则只可以看到学生以外的角色 teacher_role = api_role.first(name=u'辅导员') role_ids = [teacher_role.id] users = api_user.get_user_from_classes(class_ids=[cls.id for cls in classes], role_ids=role_ids) #需要把users<pagenate对象>的相关属性提出来 userdict = [{'id': u.id, 'text': str(u)} for u in users.items] return jsonify(dict(data=userdict, pageinfo=dict(has_next=users.has_next, has_prev=users.has_prev, next_num=users.next_num, pages=users.pages, per_page=users.per_page, prev_num=users.prev_num, total=users.total)))
def put(self, customer_id): moteur_id = None if current_user.has_role('admin'): parser = reqparse.RequestParser() parser.add_argument('moteur_id', location='values') moteur_id = parser.parse_args().get('moteur_id', None) if not moteur_id and not current_user.has_role('moteur'): abort(400, message='You need moteur_id argument') if not moteur_id: moteur_id = current_user.id customer = CustomerModel.query.filter_by(id=customer_id, moteur_id=current_user.id).first() if not customer: abort(404, message="Unable to find customer: {}".format(customer_id)) json = request.json if not 'data' in json: abort(400, message="data is needed in json") if len(json['data']) == 0: return {"data": [customer]} if len(json['data']) > 1: abort(400, message="length of data must be one") customer_json = json['data'][0] for arg in ['reprieve_begin', 'reprieve_end', 'ban_begin', 'ban_end']: if not arg in customer_json: continue value = json.get(arg, None) setattr(customer, arg, value) db.session.add(customer) db.session.commit() return {"data":[customer]}
def application_view(application_id): comments = [] characters = [] form_app = HrApplicationForm() form_comment = HrApplicationCommentForm() application = HrApplication.query.filter_by(id=application_id).first() if application: if current_user.has_role("recruiter") or current_user.has_role("admin"): characters = EveCharacter.query.filter_by(user_id=application.user_id).all() comments = HrApplicationComment.query.filter_by(application_id=application_id).all() return render_template('recruit/application.html', application=application, characters=characters, comments=comments, form_comment=form_comment, form_app=form_app) elif int(application.user_id) == int(current_user.get_id()): return render_template('recruit/application.html', application=application, characters=characters, comments=comments, form_comment=form_comment, form_app=form_app) return redirect(url_for('recruit.applications'))
def application_interact(application_id, action): application_status = None auth_info = AuthInfoManager.get_or_create(current_user) if auth_info.main_character_id == None: return redirect(url_for('user.eve_characters')) application = HrApplication.query.filter_by(id=application_id).first() if application: # alter_application takes one of 4 actions if current_user.has_role("admin") or current_user.has_role("recruiter"): if current_user.has_role("admin") or action != "delete": application_status = HrManager.alter_application(application, action, current_user) flash("%s's application %s" % (application.main_character_name, application_status), category='message') elif application.user_id == current_user.get_id(): if action == "delete" and application.approve_deny == "Pending": application_status = HrManager.alter_application(application, action, current_user) flash("%s's application %s" % (application.main_character, application_status), category='message') if application_status and application_status != "deleted": return redirect(url_for('recruit.application_view', application_id=application.id)) return redirect(url_for('recruit.applications'))
def user(id): user = models.User.get(id) if id else None roles = models.Role.query.filter(models.Role.id >= current_user.roles[0].id).all() class UserForm(barrel.forms.Form): email = wtforms.StringField("email", [ wtforms.validators.Required() ]) role = wtforms.SelectField(choices=[(r.id, r.name) for r in roles], default=user.roles[0].id if user else 0) active = wtforms.BooleanField(default=True) new_password = wtforms.PasswordField() confirm_password = wtforms.PasswordField(None, [ wtforms.validators.EqualTo('new_password', message='Passwords must match') ]) if current_user.has_role('admin'): if user: UserForm.group_id = SelectField(models.Group, label='group', default=user.group_id) else: UserForm.group_id = SelectField(models.Group, label='group') elif id: UserForm.password = wtforms.PasswordField('Huidig wachtwoord', [wtforms.validators.Required()]) if request.method == 'POST': form = request.form if user and not current_user.has_role('admin'): if not security.verify_password(form.get('current_password'), user.password): app.logger.flash("Password incorrect", 'error') kwargs = {kw: form.get(kw) for kw in 'email active'.split()} if form.get('new_password'): kwargs['password'] = form.get('new_password') if form.get('role'): kwargs['roles'] = [models.Role.get(int(form.get('role')))] if form.get('group_id'): kwargs['group_id'] = int(form.get('group_id')) else: kwargs['group_id'] = current_user.group_id if user: user.update(**kwargs) else: user = models.User.create(**kwargs) return redirect(url_for('user', id=user.id)) else: columns = 'email role active' users = models.User.query if current_user.has_role('admin'): columns += ' group' else: users = users.filter_by(group_id=current_user.group_id) return app.forms.render_page( id, models.User, template='lists/base.jinja2', columns=columns, form_class=UserForm, rows=users)
def is_accessible(self): if not current_user.is_active or not current_user.is_authenticated: return False if (current_user.has_role("admin") or current_user.has_role("draw_approval") or current_user.has_role("site_manager") or current_user.has_role("budget_manager")): return True return False
def home(): if current_user.has_role('admin'): user_list = [u for u in User.query.all() if u.has_role('operateur')] elif current_user.has_role('operateur'): user_list = [current_user] else: user_list = [] return render_template('index.html', user_name_list=[u.email for u in user_list], is_admin=current_user.has_role('admin'), apikey=current_user.apikey)
def ads_list(): if not taxis_models.ADS.can_be_listed_by(current_user): if current_user.has_role('stats'): return self.metadata() abort(403, message="You're not allowed to see this page") q = taxis_models.ADS.query if not current_user.has_role('admin') and not current_user.has_role('prefecture'): q = q.filter_by(added_by=current_user.id) page = int(request.args.get('page')) if 'page' in request.args else 1 return render_template('lists/ads.html', ads_list=q.paginate(page) if q else None)
def drivers_view(self): if not taxis_models.Driver.can_be_listed_by(current_user): if current_user.has_role('stats'): return self.metadata() abort(403, message="You can't list drivers") page = int(request.args.get('page')) if 'page' in request.args else 1 q = taxis_models.Driver.query if not current_user.has_role('admin') and not current_user.has_role('prefecture'): q = q.filter_by(added_by=current_user.id) return render_template('lists/drivers.html', driver_list=q.paginate(page))
def list_hails(dep): if not current_user.has_role('admin') and\ not current_user.has_role('operateur') and not current_user.has_role('moteur'): return defaultdict(dict) depattern = '{0:02d}%'.format(dep) if dep else '%' hails = [] last_year = datetime.now() + relativedelta(months=-12) hails = db.session.query(Hail.operateur_id, Hail.added_by, Hail.creation_datetime, Hail.id, ADS.insee, ADS.numero, Hail._status) \ .join(Hail.taxi_relation) \ .join(Taxi.ads) \ .filter(ADS.insee.like(depattern)) \ .filter(Hail.creation_datetime >= last_year) if current_user.has_role('operateur'): hails = hails.filter(Hail.operateur_id == current_user.id) elif current_user.has_role('moteur'): hails = hails.filter(Hail.added_by == current_user.id) hidden_operator = User.query.filter_by( email=current_app.config.get('HIDDEN_OPERATOR', 'testing_operator') ).first() hidden_moteur = User.query.filter_by( email=current_app.config.get('HIDDEN_MOTEUR', 'testing_moteur') ).first() if hidden_operator: hails = hails.filter(Hail.operateur_id != hidden_operator.id) if hidden_moteur: hails = hails.filter(Hail.added_by != hidden_moteur.id) hails = hails.order_by(Hail.creation_datetime.desc()).limit(100).all() tab_hails = defaultdict(dict) for hail in hails: tab_hails[hail.id]['creation_datetime'] = hail.creation_datetime # tab_hails[hail.id]['added_by'] = user_datastore.get_user(hail.added_by).commercial_name tab_hails[hail.id]['added_by'] = user_datastore.get_user(hail.added_by).email tab_hails[hail.id]['operator'] = user_datastore.get_user(hail.operateur_id).commercial_name tab_hails[hail.id]['ads.insee'] = hail.insee zupc = None zupc = ZUPC.query.filter_by(insee=hail.insee).order_by(ZUPC.id.desc()).first() if zupc: tab_hails[hail.id]['zupc.nom'] = zupc.nom else: tab_hails[hail.id]['zupc.nom'] = '' tab_hails[hail.id]['ads.numero'] = hail.numero tab_hails[hail.id]['last_status'] = hail._status return tab_hails
def hails_map_list(): if 'id' in request.args: return hails_log(request.args['id']) operateurs = [] moteurs = [] for u in User.query.all(): if u.has_role('operateur') and current_user.has_role('admin'): operateurs.append(str(u.email)) if u.has_role('moteur') and current_user.has_role('admin'): moteurs.append(str(u.email)) return render_template('hails_list_map.html', apikey=current_user.apikey, statuses=status_enum_list, operateurs=operateurs, moteurs=moteurs)
def get_count_query(self): if not current_user.has_role('package_admin'): return super(VersionView, self).get_count_query().\ join(self.model.package).\ join(Package.maintainers).\ filter(User.id == current_user.id) return super(VersionView, self).get_count_query()
def post(self): db = current_app.extensions['sqlalchemy'].db hj = request.json taxi_json = hj['data'][0] departement = administrative_models.Departement.filter_by_or_404( numero=str(taxi_json['driver']['departement'])) driver = taxis_models.Driver.filter_by_or_404( professional_licence=taxi_json['driver']['professional_licence'], departement_id=departement.id) vehicle = taxis_models.Vehicle.filter_by_or_404( licence_plate=taxi_json['vehicle']['licence_plate']) ads = taxis_models.ADS.filter_by_or_404( numero=taxi_json['ads']['numero'],insee=taxi_json['ads']['insee']) taxi = taxis_models.Taxi.query.filter_by(driver_id=driver.id, vehicle_id=vehicle.id, ads_id=ads.id).first() if taxi_json.get('id', None): if current_user.has_role('admin'): taxi = taxis_models.Taxi.query.get(taxi_json['id']) else: del taxi_json['id'] if not taxi: taxi = taxis_models.Taxi(driver=driver, vehicle=vehicle, ads=ads, id=taxi_json.get('id', None)) #This can happen if this is posted with a admin user if 'status' in taxi_json and taxi.vehicle.description: try: taxi.status = taxi_json['status'] except AssertionError: abort(400, message='Invalid status') db.session.add(taxi) db.session.commit() return {'data':[taxi]}, 201
def is_accessible(self): if not current_user.is_active or not current_user.is_authenticated: return False if current_user.has_role('superuser'): return True return False
def is_accessible(self): if not current_user.is_active() or not current_user.is_authenticated(): return False if current_user.has_role('admin'): return True return False
def validate(self): if not super(GenerateApiKeyForm, self).validate(): # pragma: no cover return False if not current_user.has_role('developer'): return False return True
def index(self): if login.current_user.is_authenticated: if current_user.has_role('admin'): return super(AdminIndexView, self).index() else: return make_response("Unauthorized User") else: return redirect(url_for('.login_view'))
def check_if_admin(): if current_user: if current_user.has_role("admin"): return True else: return False else: return False
def TestLogin(): if current_user.is_authenticated: if current_user.has_role('privileged_user'): context = {'user_name': get_current_user_first_name()} return render_template('testroles.html', **context) else: return make_response("Unauthorized User") else: return redirect('/login')
def is_accessible(self): if not current_user.is_active or not current_user.is_authenticated: return False if current_user.has_role('read'): self.can_create = False self.can_edit = False self.can_delete = False return True if current_user.has_role('create'): self.can_create = False self.can_edit = False self.can_delete = False return True if current_user.has_role('user'): self.can_create = False self.can_edit = False self.can_delete = False return True return False
def is_accessible(self): if not current_user.is_active or not current_user.is_authenticated: return False if current_user.has_role('adminrole'): self.can_create = True self.can_edit = True self.can_delete = True #self.can_export = True return True return False
def script(): """render own javascript""" return Response( response=render_template( "user_management/js/user_management.js", _=_, is_admin=current_user.has_role("Administrator"), user_id=current_user.id ), status=200, mimetype="application/javascript" )
def _handle_view(self, name, **kwargs): """Redirect users when a view is not accessible""" if not self.is_accessible(): if current_user.is_authenticated: # permission denied abort(403) else: # login return redirect(url_for('security.login', next=request.url)) self.can_create = self.can_delete = current_user.has_role('Administrator') # noqa
def send_mail_from_service(): data = request.get_json() if current_user.is_authenticated() and not current_user.has_role('blocked'): service=Service.query.filter(Service.slug==data['service']).first() data['service'] = service.name data['user'] = current_user.email data['date'] = datetime.datetime.now() mail_template = render_template('service-mail.jinja', **data) msg = Message('new service', sender="*****@*****.**", recipients=["*****@*****.**"]) msg.body = mail_template mail.send(msg) return jsonify(**{'status':'ok', 'notification': render_template('_notification.html', text="We have recived your service offer. We will contact you soon.")}) else: if not current_user.is_authenticated(): return jsonify(**{'status':'fail', 'notification': render_template('_notification.html', text="Sorry, you are not authenticated!")}) elif current_user.has_role('blocked'): return jsonify(**{'status':'fail', 'notification': render_template('_notification.html', text="Sorry, you are in the blacklist!")})
def post(self, id: str): """POST to /assets/<id>, where id can be 'create' (and thus a new asset is made from POST data) Most of the code deals with creating a user for the asset if no existing is chosen. """ asset: Asset = None error_msg = "" if id == "create": asset_form = with_options(NewAssetForm()) # We make our own auth check here because set_owner might alter the DB; # otherwise we trust the API is handling auth. if not current_user.has_role("admin"): return unauthorized_handler(None, []) owner, owner_error = set_owner(asset_form, create_if_not_exists=True) market, market_error = set_market(asset_form) if asset_form.asset_type_name.data == "none chosen": asset_form.asset_type_name.data = "" form_valid = asset_form.validate_on_submit() # Fill up the form with useful errors for the user if owner_error is not None: form_valid = False asset_form.owner.errors.append(owner_error) if market_error is not None: form_valid = False asset_form.market_id.errors.append(market_error) # Create new asset or return the form for new assets with a message if form_valid and owner is not None and market is not None: post_asset_response = InternalApi().post( url_for("flexmeasures_api_v2_0.post_assets"), args=asset_form.to_json(), do_not_raise_for=[400], ) if post_asset_response.status_code in (200, 201): asset_dict = post_asset_response.json() asset = process_internal_api_response( asset_dict, int(asset_dict["id"]), make_obj=True) msg = "Creation was successful." else: current_app.logger.error( f"Internal asset API call unsuccessful [{post_asset_response.status_code}]: {post_asset_response.text}" ) asset_form.process_api_validation_errors( post_asset_response.json()) if "message" in post_asset_response.json(): error_msg = post_asset_response.json()["message"] if asset is None: msg = "Cannot create asset. " + error_msg return render_flexmeasures_template( "crud/asset_new.html", asset_form=asset_form, msg=msg, map_center=get_center_location(db, user=current_user), mapboxAccessToken=current_app.config.get( "MAPBOX_ACCESS_TOKEN", ""), ) else: asset_form = with_options(AssetForm()) if not asset_form.validate_on_submit(): return render_flexmeasures_template( "crud/asset_new.html", asset_form=asset_form, msg="Cannot edit asset.", map_center=get_center_location(db, user=current_user), mapboxAccessToken=current_app.config.get( "MAPBOX_ACCESS_TOKEN", ""), ) patch_asset_response = InternalApi().patch( url_for("flexmeasures_api_v2_0.patch_asset", id=id), args=asset_form.to_json(), do_not_raise_for=[400], ) asset_dict = patch_asset_response.json() if patch_asset_response.status_code in (200, 201): asset = process_internal_api_response(asset_dict, int(id), make_obj=True) msg = "Editing was successful." else: current_app.logger.error( f"Internal asset API call unsuccessful [{patch_asset_response.status_code}]: {patch_asset_response.text}" ) asset_form.process_api_validation_errors( patch_asset_response.json()) asset = Asset.query.get(id) latest_measurement_time_str, asset_plot_html = get_latest_power_as_plot( asset) return render_flexmeasures_template( "crud/asset.html", asset=asset, asset_form=asset_form, msg=msg, latest_measurement_time_str=latest_measurement_time_str, asset_plot_html=asset_plot_html, mapboxAccessToken=current_app.config.get("MAPBOX_ACCESS_TOKEN", ""), )
def is_accessible(self): # 目前仅允许超级管理员访问该页面 return current_user.has_role(SuperAdmin)
def edit_form_rules(self): if not has_app_context() or current_user.has_role('reviewer1'): edit_form_rules = [ #rules.Header('Personal Info'), rules.Header('Project Info'), rules.Field('project_name'), rules.Field('version'), rules.Field('SVN'), CustomizableField('notes', field_args={ 'readonly': True }), #rules.Field('project_name'), #rules.Field('version'), #rules.Field('SVN'), #rules.Field('notes'), rules.Header('Reviewers'), rules.Field('comment1'), CustomizableField('review1', field_args={ 'readonly': True }), CustomizableField('comment2', field_args={ 'readonly': True }), CustomizableField('comment3', field_args={ 'readonly': True }), ] if not has_app_context() or current_user.has_role('reviewer2'): edit_form_rules = [ #rules.Header('Personal Info'), rules.Header('Project Info'), rules.Field('project_name'), rules.Field('version'), rules.Field('SVN'), CustomizableField('notes', field_args={ 'readonly': True }), rules.Header('Reviewers'), CustomizableField('comment1', field_args={ 'readonly': True }), rules.Field('comment2'), CustomizableField('review2', field_args={ 'readonly': True }), CustomizableField('comment3', field_args={ 'readonly': True }), ] if not has_app_context() or current_user.has_role('developer'): edit_form_rules = [ #rules.Header('Personal Info'), rules.Header('Project Info'), CustomizableField('project_name', field_args={ 'readonly': True }), CustomizableField('version', field_args={ 'readonly': True }), CustomizableField('SVN', field_args={ 'readonly': True }), #rules.Container('wrap', rules.Field('notes')), rules.Field('notes'), rules.Header('Reviewers'), CustomizableField('comment1', field_args={ 'readonly': True }), CustomizableField('comment2', field_args={ 'readonly': True }), CustomizableField('comment3', field_args={ 'readonly': True }), ] if not has_app_context() or current_user.has_role('superuser') or current_user.has_role('administrator'): edit_form_rules = [ #rules.Header('Personal Info'), rules.Header('Project Info'), rules.Field('project_name'), rules.Field('version'), rules.Field('SVN'), rules.Field('notes'), rules.Header('Reviewers'), rules.Field('comment1'), rules.Field('review1'), rules.Field('comment2'), rules.Field('review2'), rules.Field('comment3'), rules.Field('approve'), ] return edit_form_rules
def can_unsign(self): return current_user.has_role('admin')
def is_accessible(self): return current_user.has_role('admin')
def is_accessible(self): if ((current_user is None) or not (current_user.has_role('admin'))): return False else: return True
def is_accessible(self): return ( current_user.is_superadmin or current_user.has_role("dataprovider") or current_user.writable_teams.count() )
def can_delete(self): return current_user.has_role('admin')
def can_create(self): return current_user.has_role('package_admin')
def can_do_stuff_with_job(current_user, owner): return current_user.has_role('admin') or current_user.email == owner.email
def admin(): # "管理员界面" print('管理员界面') print(current_user.has_role('admin')) return 'admin view'
def upload_submitter_attachment(sid): # sid is a SubmissionRecord id record = SubmissionRecord.query.get_or_404(sid) # check is convenor for the project's class, or has suitable admin/root privileges config = record.owner.config pclass = config.project_class if not is_uploadable(record, message=True, allow_student=True, allow_faculty=True): return redirect(redirect_url()) url = request.args.get('url', None) text = request.args.get('text', None) has_admin_rights = is_admin(current_user) UploadSubmitterAttachmentForm = UploadSubmitterAttachmentFormFactory(admin=has_admin_rights) form = UploadSubmitterAttachmentForm(request.form) if form.validate_on_submit(): if 'attachment' in request.files: attachment_file = request.files['attachment'] # generate unique filename for upload incoming_filename = Path(attachment_file.filename) extension = incoming_filename.suffix.lower() root_subfolder = current_app.config.get('ASSETS_ATTACHMENTS_SUBFOLDER') or 'attachments' year_string = str(config.year) pclass_string = pclass.abbreviation subfolder = Path(root_subfolder) / Path(pclass_string) / Path(year_string) filename, abs_path = make_submitted_asset_filename(ext=extension, subpath=subfolder) submitted_files.save(attachment_file, folder=str(subfolder), name=str(filename)) # generate asset record asset = SubmittedAsset(timestamp=datetime.now(), uploaded_id=current_user.id, expiry=None, filename=str(subfolder/filename), target_name=form.target_name.data, mimetype=str(attachment_file.content_type), license=form.license.data) try: db.session.add(asset) db.session.flush() except SQLAlchemyError as e: flash('Could not upload attachment due to a database issue. Please contact an administrator.', 'error') current_app.logger.exception("SQLAlchemyError exception", exc_info=e) return redirect(url_for('documents.submitter_documents', sid=sid, url=url, text=text)) # generate attachment record attachment = SubmissionAttachment(parent_id=record.id, attachment_id=asset.id, description=form.description.data) if has_admin_rights: attachment.type = form.type.data attachment.publish_to_students = form.publish_to_students.data attachment.include_supervisor_emails = form.include_supervisor_emails.data attachment.include_marker_emails = form.include_marker_emails.data else: attachment.include_marker_emails = False attachment.include_supervisor_emails = False attachment.type = SubmissionAttachment.ATTACHMENT_OTHER if current_user.has_role('student'): attachment.publish_to_students = True else: attachment.publish_to_students = False # uploading user has access asset.grant_user(current_user) # project supervisor has access if record.project is not None and record.project.owner is not None: asset.grant_user(record.project.owner.user) # project examiner has access if record.marker is not None: asset.grant_user(record.marker.user) # students can't ordinarily download attachments unless permission is given # set up list of roles that should have access, if they exist asset.grant_roles(['office', 'convenor', 'moderator', 'exam_board', 'external_examiner']) try: db.session.add(attachment) db.session.commit() except SQLAlchemyError as e: flash('Could not upload attachment due to a database issue. ' 'Please contact an administrator.', 'error') current_app.logger.exception("SQLAlchemyError exception", exc_info=e) else: flash('Attachment "{file}" was successfully uploaded.'.format(file=incoming_filename), 'info') return redirect(url_for('documents.submitter_documents', sid=sid, url=url, text=text)) else: if request.method == 'GET': form.license.data = current_user.default_license return render_template('documents/upload_attachment.html', record=record, form=form, url=url, text=text, has_admin_rights=has_admin_rights)
def is_accessible(self): return (current_user.is_active and current_user.is_authenticated and current_user.has_role('superuser'))
def is_accessible(self): return current_user.is_active and current_user.is_authenticated and \ (not self.role_required or current_user.has_role(self.role_required))
def is_accessible(self): return current_user.has_role(Role.admin().name)
def has_one_accepted_role(self, user): return any([current_user.has_role(r) for r in self.roles_accepted])
def timeline(student_id): """ Show student timeline :return: """ if current_user.has_role('student') and student_id != current_user.id: flash( 'It is only possible to view the project timeline for your own account.', 'info') return redirect(redirect_url()) user = User.query.get_or_404(student_id) if not user.has_role('student'): flash( 'It is only possible to view project timelines for a student account.', 'info') return redirect(redirect_url()) if user.student_data is None: flash( 'Cannot display project timeline for this student account because the corresponding ' 'StudentData record is missing.', 'error') return redirect(redirect_url()) data = user.student_data if not data.has_timeline: if current_user.has_role('student'): flash( 'You do not yet have a timeline because you have not completed any projects. ' 'This option will become available once you have one or more completed ' 'submissions in the database.', 'info') else: flash( 'This student does not yet have any completed submissions. The timeline option ' 'will become available once one or more retired submissions have been entered ' 'in the database.', 'info') return redirect(redirect_url()) url = request.args.get('url', None) text = request.args.get('text', None) # collate retired selector and submitter records for this student years, selector_records, submitter_records = data.collect_student_records() # check roles for logged-in user, to determine whether they are permitted to view the student's feedback roles = {} for year in submitter_records: submissions = submitter_records[year] for sub in submissions: for record in sub.ordered_assignments: if validate_is_convenor(sub.config.project_class, message=False): roles[record.id] = 'convenor' elif validate_submission_viewable(record, message=False): roles[record.id] = 'faculty' elif user.id == current_user.id and current_user.has_role( 'student'): roles[record.id] = 'student' student_text = 'my timeline' generic_text = 'student timeline'.format(name=user.name) return_url = url_for('student.timeline', student_id=data.id, text=text, url=url) return render_template('student/timeline.html', data=data, years=years, user=user, student=data, selector_records=selector_records, submitter_records=submitter_records, roles=roles, text=text, url=url, student_text=student_text, generic_text=generic_text, return_url=return_url)
def inaccessible_callback(self, name, **kwargs): if not current_user.has_role('admin'): return redirect(url_for('security.login', next=request.url))
def view_vid_page(videoID): sysSettings = settings.settings.query.first() videos_root = globalvars.videoRoot + 'videos/' recordedVid = RecordedVideo.RecordedVideo.query.filter_by( id=videoID).first() if recordedVid is not None: if recordedVid.published is False: if current_user.is_authenticated: if current_user != recordedVid.owningUser and current_user.has_role( 'Admin') is False: flash("No Such Video at URL", "error") return redirect(url_for("root.main_page")) else: flash("No Such Video at URL", "error") return redirect(url_for("root.main_page")) if recordedVid.channel.protected and sysSettings.protectionEnabled: if not securityFunc.check_isValidChannelViewer( recordedVid.channel.id): return render_template( themes.checkOverride('channelProtectionAuth.html')) recordedVid.views = recordedVid.views + 1 recordedVid.channel.views = recordedVid.channel.views + 1 if recordedVid.length is None: fullVidPath = videos_root + recordedVid.videoLocation duration = None try: duration = videoFunc.getVidLength(fullVidPath) except: return render_template(themes.checkOverride('notready.html'), video=recordedVid) recordedVid.length = duration db.session.commit() topicList = topics.topics.query.all() streamURL = '/videos/' + recordedVid.videoLocation isEmbedded = request.args.get("embedded") newView = views.views(1, recordedVid.id) db.session.add(newView) db.session.commit() # Function to allow custom start time on Video startTime = None if 'startTime' in request.args: startTime = request.args.get("startTime") try: startTime = float(startTime) except: startTime = None if isEmbedded is None or isEmbedded == "False": randomRecorded = RecordedVideo.RecordedVideo.query.filter( RecordedVideo.RecordedVideo.pending == False, RecordedVideo.RecordedVideo.id != recordedVid.id, RecordedVideo.RecordedVideo.published == True).order_by( func.random()).limit(12) subState = False if current_user.is_authenticated: chanSubQuery = subscriptions.channelSubs.query.filter_by( channelID=recordedVid.channel.id, userID=current_user.id).first() if chanSubQuery is not None: subState = True return render_template(themes.checkOverride('vidplayer.html'), video=recordedVid, streamURL=streamURL, topics=topicList, randomRecorded=randomRecorded, subState=subState, startTime=startTime) else: isAutoPlay = request.args.get("autoplay") if isAutoPlay is None: isAutoPlay = False elif isAutoPlay.lower() == 'true': isAutoPlay = True else: isAutoPlay = False return render_template( themes.checkOverride('vidplayer_embed.html'), video=recordedVid, streamURL=streamURL, topics=topicList, isAutoPlay=isAutoPlay, startTime=startTime) else: flash("No Such Video at URL", "error") return redirect(url_for("root.main_page"))
def is_accessible(self): """Make sure only admins can see this""" return current_user.has_role('admin')
def comments_vid_page(videoID): sysSettings = settings.settings.query.first() recordedVid = RecordedVideo.RecordedVideo.query.filter_by( id=videoID).first() if recordedVid is not None: if request.method == 'POST': comment = system.strip_html(request.form['commentText']) currentUser = current_user.id newComment = comments.videoComments(currentUser, comment, recordedVid.id) db.session.add(newComment) db.session.commit() if recordedVid.channel.imageLocation is None: channelImage = (sysSettings.siteProtocol + sysSettings.siteAddress + "/static/img/video-placeholder.jpg") else: channelImage = (sysSettings.siteProtocol + sysSettings.siteAddress + "/images/" + recordedVid.channel.imageLocation) pictureLocation = "" if current_user.pictureLocation is None: pictureLocation = '/static/img/user2.png' else: pictureLocation = '/images/' + pictureLocation newNotification = notifications.userNotification( templateFilters.get_userName(current_user.id) + " commented on your video - " + recordedVid.channelName, '/play/' + str(recordedVid.id), "/images/" + str(current_user.pictureLocation), recordedVid.owningUser) db.session.add(newNotification) db.session.commit() webhookFunc.runWebhook( recordedVid.channel.id, 7, channelname=recordedVid.channel.channelName, channelurl=(sysSettings.siteProtocol + sysSettings.siteAddress + "/channel/" + str(recordedVid.channel.id)), channeltopic=templateFilters.get_topicName( recordedVid.channel.topic), channelimage=channelImage, streamer=templateFilters.get_userName( recordedVid.channel.owningUser), channeldescription=str(recordedVid.channel.description), videoname=recordedVid.channelName, videodate=recordedVid.videoDate, videodescription=recordedVid.description, videotopic=templateFilters.get_topicName(recordedVid.topic), videourl=(sysSettings.siteProtocol + sysSettings.siteAddress + '/videos/' + recordedVid.videoLocation), videothumbnail=(sysSettings.siteProtocol + sysSettings.siteAddress + '/videos/' + recordedVid.thumbnailLocation), user=current_user.username, userpicture=(sysSettings.siteProtocol + sysSettings.siteAddress + str(pictureLocation)), comment=comment) flash('Comment Added', "success") system.newLog( 4, "Video Comment Added by " + current_user.username + "to Video ID #" + str(recordedVid.id)) elif request.method == 'GET': if request.args.get('action') == "delete": commentID = int(request.args.get('commentID')) commentQuery = comments.videoComments.query.filter_by( id=commentID).first() if commentQuery is not None: if current_user.has_role( 'Admin' ) or recordedVid.owningUser == current_user.id or commentQuery.userID == current_user.id: upvoteQuery = upvotes.commentUpvotes.query.filter_by( commentID=commentQuery.id).all() for vote in upvoteQuery: db.session.delete(vote) db.session.delete(commentQuery) db.session.commit() system.newLog( 4, "Video Comment Deleted by " + current_user.username + "to Video ID #" + str(recordedVid.id)) flash('Comment Deleted', "success") else: flash("Not Authorized to Remove Comment", "error") else: flash('Invalid Video ID', 'error') return redirect(url_for('root.main_page')) return redirect(url_for('.view_vid_page', videoID=videoID))
def authorize(role): if not current_user.is_authenticated: return _unauthenticated_response if not current_user.has_role(role): return _forbidden_response return None
def is_accessible(self): return current_user.has_role('Superuser') or current_user.has_role( 'Admin')
def can_edit(self): return current_user.has_role('package_admin')
def is_accessible(self): """ Only allow admins to see other users """ return current_user.has_role('admin')
def index(): if not current_user.is_authenticated: return redirect("/login") if current_user.has_role(data_store.find_role("pending")): return redirect("/pending") return redirect("/overview")
def index(self): if not current_user.is_authenticated: return redirect(url_for('security.login')) if current_user.has_role('master'): print('i am a master') current_week = len( Profile.query.filter( Profile.propertys.any(Property.name == 'Лид')).filter( Profile.user == current_user.id).filter( func.strftime('%W', User.created_at) == ( '0' + str(datetime.now().isocalendar()[1]) )).filter(Profile.city == Profile.city).filter( Profile.contacted.any( Profile.user == current_user.id)).all()) print(current_week) previous_week = len( Profile.query.filter( Profile.propertys.any(Property.name == 'Лид')).filter( Profile.user == current_user.id).filter( func.strftime('%W', User.created_at) == ( '0' + str(datetime.now().isocalendar()[1] - 1) )).filter(Profile.city == Profile.city).filter( Profile.contacted.any( Profile.user == current_user.id)).all()) print(previous_week) if previous_week == 0 and current_week == 0: delta = 0 elif previous_week == 0: delta = round( (((float(previous_week) / float(current_week)) + 1) * 100), 2) else: delta = round( (((float(current_week) / float(previous_week)) - 1) * 100), 2) elif current_user.has_role('superadmin'): arg1 = 'Hello' asd = User.query.get(1) year = '2018' month = '1' day = '1' time = '23:59:59' data = '{}-{}-{} {}'.format(year, month, day, time) newdata = '{}-{}-{} {}'.format((str(int(year) - 25)), month, day, time) #print(newdata) print(asd.created_at.isocalendar()[1]) print(str(int(datetime.now().isocalendar()[1]))) if asd.created_at.strftime('%V') == ( '0' + str(int(datetime.now().isocalendar()[1]))): print('yeah!') print(asd.created_at.strftime('%V')) print('0' + str(int(datetime.now().isocalendar()[1]))) weekly_contacts = User.query.filter( db.func.date(User.created_at) <= data, db.func.date(User.created_at) >= newdata).count() current_week = len( User.query.filter( func.strftime('%W', User.created_at) == ( '0' + str(datetime.now().isocalendar()[1]))).all()) previous_week = len( User.query.filter( func.strftime('%W', User.created_at) == ( '0' + str(datetime.now().isocalendar()[1] - 1))).all()) #print(newquery) print(current_week) print(previous_week) if previous_week == 0 and current_week == 0: delta = 0 elif previous_week == 0: delta = round( (((float(previous_week) / float(current_week)) + 1) * 100), 2) else: delta = round( (((float(current_week) / float(previous_week)) - 1) * 100), 2) #fromto_contacts = len(User.query.filter(User.created_at.between(newdata, data)).all()) #print(fromto_contacts) #print(weekly_contacts) return self.render( 'admin/roles/superadmin.html', current_week='123', #current_week, previous_week='123', #previous_week, delta='123') #delta)
def is_accessible(self): return current_user.is_authenticated and current_user.has_role('admin')
def index_redirect(): if current_user.has_role('Greinir'): return redirect(url_for('verification.verify_index')) return redirect(url_for('collection.collection_list'))