def can_be_modified(self, user): """ The following persons are authorized to modify a blocking: - owner (the one who created the blocking) - admin (of course) """ return user and (user == self.created_by_user or rb_is_admin(user))
def can_be_modified(self, user): if user is None: return False if self.is_rejected or self.is_cancelled: return False if rb_is_admin(user): return True return self.created_by_user == user or self.is_booked_for(user) or self.room.is_owned_by(user)
def check_advance_days(self, end_date, user=None, quiet=False): if not self.max_advance_days: return True if user and (rb_is_admin(user) or self.is_owned_by(user)): return True advance_days = (end_date - date.today()).days ok = advance_days < self.max_advance_days if quiet or ok: return ok else: msg = _(u'You cannot book this room more than {} days in advance') raise NoReportError(msg.format(self.max_advance_days))
def _process_select_room(self): # Step 1: Room(s), dates, repetition selection form = self._make_select_room_form() if form.validate_on_submit(): flexible_days = form.flexible_dates_range.data day_start_dt = datetime.combine(form.start_dt.data.date(), time()) day_end_dt = datetime.combine(form.end_dt.data.date(), time(23, 59)) selected_rooms = [ r for r in self._rooms if r.id in form.room_ids.data ] selected_period_days = (day_end_dt - day_start_dt).days for room in selected_rooms: booking_limit_days = room.booking_limit_days or rb_settings.get( 'booking_limit') if selected_period_days > booking_limit_days: flash( _(u'Bookings for the room "{}" may not be longer than {} days' ).format(room.name, booking_limit_days), 'error') return redirect(url_for('rooms.book')) occurrences, candidates = self._get_all_occurrences( form.room_ids.data, form, flexible_days) period_form_defaults = FormDefaults( repeat_interval=form.repeat_interval.data, repeat_frequency=form.repeat_frequency.data) period_form = self._make_select_period_form(period_form_defaults) # Show step 2 page return self._get_view('select_period', rooms=selected_rooms, occurrences=occurrences, candidates=candidates, start_dt=day_start_dt, end_dt=day_end_dt, period_form=period_form, form=form, repeat_frequency=form.repeat_frequency.data, repeat_interval=form.repeat_interval.data, flexible_days=flexible_days).display() # GET or form errors => show step 1 page return self._get_view( 'select_room', errors=form.error_list, rooms=self._rooms, form=form, my_rooms=[r.id for r in Room.get_owned_by(session.user)], max_room_capacity=Room.max_capacity, can_override=rb_is_admin(session.user), date_changed=not form.is_submitted() and self.date_changed, ).display()
def check_bookable_hours(self, start_time, end_time, user=None, quiet=False): if user and (rb_is_admin(user) or self.is_owned_by(user)): return True bookable_hours = self.bookable_hours.all() if not bookable_hours: return True for bt in bookable_hours: if bt.fits_period(start_time, end_time): return True if quiet: return False raise NoReportError(u'Room cannot be booked at this time')
def _can_be_booked(self, user, prebook=False, ignore_admin=False): if not user or not rb_check_user_access(user): return False if (not ignore_admin and rb_is_admin(user)) or (self.is_owned_by(user) and self.is_active): return True if self.is_active and self.is_reservable and ( prebook or not self.reservations_need_confirmation): group_name = self.get_attribute_value('allowed-booking-group') if not group_name or user in GroupProxy.get_named_default_group( group_name): return True return False
def create_occurrences(self, skip_conflicts, user=None): ReservationOccurrence.create_series_for_reservation(self) db.session.flush() if user is None: user = self.created_by_user # Check for conflicts with nonbookable periods if not rb_is_admin(user) and not self.room.is_owned_by(user): nonbookable_periods = self.room.nonbookable_periods.filter(NonBookablePeriod.end_dt > self.start_dt) for occurrence in self.occurrences: if not occurrence.is_valid: continue for nbd in nonbookable_periods: if nbd.overlaps(occurrence.start_dt, occurrence.end_dt): if not skip_conflicts: raise ConflictingOccurrences() occurrence.cancel(user, u'Skipped due to nonbookable date', silent=True, propagate=False) break # Check for conflicts with blockings blocked_rooms = self.room.get_blocked_rooms(*(occurrence.start_dt for occurrence in self.occurrences)) for br in blocked_rooms: blocking = br.blocking if blocking.can_be_overridden(user, self.room): continue for occurrence in self.occurrences: if occurrence.is_valid and blocking.is_active_at(occurrence.start_dt.date()): # Cancel OUR occurrence msg = u'Skipped due to collision with a blocking ({})' occurrence.cancel(user, msg.format(blocking.reason), silent=True, propagate=False) # Check for conflicts with other occurrences conflicting_occurrences = self.get_conflicting_occurrences() for occurrence, conflicts in conflicting_occurrences.iteritems(): if not occurrence.is_valid: continue if conflicts['confirmed']: if not skip_conflicts: raise ConflictingOccurrences() # Cancel OUR occurrence msg = u'Skipped due to collision with {} reservation(s)' occurrence.cancel(user, msg.format(len(conflicts['confirmed'])), silent=True, propagate=False) elif conflicts['pending'] and self.is_accepted: # Reject OTHER occurrences for conflict in conflicts['pending']: conflict.reject(user, u'Rejected due to collision with a confirmed reservation')
def can_be_overridden(self, user, room=None, explicit_only=False): """Determines if a user can override the blocking The following persons are authorized to override a blocking: - owner (the one who created the blocking) - any users on the blocking's ACL - unless explicitOnly is set: admins and room owners (if a room is given) """ if not user: return False if self.created_by_user == user: return True if not explicit_only: if rb_is_admin(user): return True elif room and room.is_owned_by(user): return True return any(user in principal for principal in iter_acl(self.allowed))
def getVars(self): wvars = WTemplated.getVars(self) wvars['standalone'] = self._standalone room = wvars['room'] wvars['attrs'] = { attr.attribute.name: attr for attr in room.attributes if not attr.attribute.is_hidden or rb_is_admin(session.user) } wvars['owner_name'] = room.owner.full_name wvars['bookable_hours'] = room.bookable_hours.all() wvars['nonbookable_periods'] = room.nonbookable_periods.all() # URLs wvars['stats_url'] = url_for('rooms.roomBooking-roomStats', room) wvars['delete_room_url'] = url_for('rooms_admin.delete_room', room) wvars['modify_room_url'] = url_for('rooms_admin.modify_room', room) wvars['show_on_map'] = room.map_url if room.map_url else url_for( 'rooms.roomBooking-mapOfRooms', room) return wvars
def can_be_rejected(self, user): if user is None: return False return rb_is_admin(user) or self.room.is_owned_by(user)
def can_be_deleted(self, user): if user is None: return False return rb_is_admin(user)
def can_be_cancelled(self, user): if user is None: return False return self.is_owned_by(user) or rb_is_admin(user) or self.is_booked_for(user)
def test_rb_is_admin(create_user, is_admin, is_rb_admin, expected): user = create_user(1, admin=is_admin, rb_admin=is_rb_admin) assert rb_is_admin(user) == expected
def can_be_modified(self, user): """Only admin can modify rooms.""" if not user: return False return rb_is_admin(user)
def can_be_overridden(self, user): if not user: return False return rb_is_admin(user) or self.is_owned_by(user)
def _sidemenu_items(sender, **kwargs): user_is_admin = session.user is not None and rb_is_admin(session.user) user_has_rooms = session.user is not None and Room.user_owns_rooms( session.user) map_available = Location.default_location is not None and Location.default_location.is_map_available yield SideMenuItem('book_room', _('Book a Room'), url_for('rooms.book'), 80, icon='checkmark') if map_available: yield SideMenuItem('map', _('Map of Rooms'), url_for('rooms.roomBooking-mapOfRooms'), 70, icon='location') yield SideMenuItem('calendar', _('Calendar'), url_for('rooms.calendar'), 60, icon='calendar') yield SideMenuItem('my_bookings', _('My Bookings'), url_for('rooms.my_bookings'), 50, icon='time') yield SideMenuItem('search_bookings', _('Search bookings'), url_for('rooms.roomBooking-search4Bookings'), section='search') yield SideMenuItem('search_rooms', _('Search rooms'), url_for('rooms.search_rooms'), section='search') if user_has_rooms: yield SideMenuItem('bookings_in_my_rooms', _('Bookings in my rooms'), url_for('rooms.bookings_my_rooms'), section='my_rooms') yield SideMenuItem('prebookings_in_my_rooms', _('Pre-bookings in my rooms'), url_for('rooms.pending_bookings_my_rooms'), section='my_rooms') yield SideMenuItem('room_list', _('Room list'), url_for('rooms.search_my_rooms'), section='my_rooms') yield SideMenuItem('my_blockings', _('My Blockings'), url_for('rooms.blocking_list', only_mine=True, timeframe='recent'), section='blocking') if user_has_rooms: yield SideMenuItem('blockings_my_rooms', _('Blockings for my rooms'), url_for('rooms.blocking_my_rooms'), section='blocking') yield SideMenuItem('blocking_create', _('Block rooms'), url_for('rooms.create_blocking'), section='blocking') if user_is_admin: yield SideMenuItem('admin', _('Administration'), url_for('rooms_admin.roomBooking-admin'), 10, icon='user-chairperson')
def _check_access(self): user = session.user if not user or (not rb_is_admin(user) and not self.blocked_room.room.is_owned_by(user)): raise Forbidden(_('You are not permitted to modify this blocking'))
def _check_access(self): if session.user is None: self._require_user() elif not rb_is_admin(session.user): raise Forbidden(_('You are not authorized to take this action.'))