def new(key):
time.sleep(random.randint(2, 6))
# EXPLANATION: weed out old creation keys
delete_old_keys()
# EXPLANATION: Check if key exists/is valid
result = data.execute(
"SELECT key, email FROM User_creation_keys WHERE key = ?", key)
if empty(result):
time.sleep(random.randint(5, 21))
# TODO: Send to errorpage?
return redirect(url_front())
if request.method == "POST":
if 'cancel' in request.form:
data.execute("DELETE FROM User_creation_keys WHERE key = ?", key)
flash("Oprettelse anulleret")
return redirect(url_front())
b = data.Bucket(request.form)
if not sanitize_username(b.username):
flash("Ugyldigt brugernavn")
return html.back()
if b.password1 != b.password2:
flash("Du gav to forskellige løsener, prøv igen")
return html.back()
if b.password1 == "":
flash("Du skal vælge et løsen")
return html.back()
data.execute("DELETE FROM User_creation_keys WHERE key = ?", key)
create_user(b.username, b.password1, b.name, b.email)
flash("Ny bruger oprettet")
session['logged_in'] = True
session['username'] = b.username
return redirect(url_for("usermanager.settings"))
else:
wb = html.WebBuilder()
wb.form()
wb.formtable()
wb.textfield("username", "Brugernavn (Hvad du bliver kaldt på DIKU):")
wb.textfield("name", "Fulde navn:")
wb.textfield("email", "Email:", value=result[0]["email"])
wb.password("password1", "Løsen")
wb.password("password2", "Gentag løsen")
form = wb.create()
return render_template("form.html", form=form)
def new(key):
time.sleep(random.randint(2,6))
# EXPLANATION: weed out old creation keys
delete_old_keys()
# EXPLANATION: Check if key exists/is valid
result = data.execute("SELECT key, email FROM User_creation_keys WHERE key = ?", key)
if empty(result):
time.sleep(random.randint(5,21))
# TODO: Send to errorpage?
return redirect(url_front())
if request.method == "POST":
if 'cancel' in request.form:
data.execute("DELETE FROM User_creation_keys WHERE key = ?", key)
flash("Oprettelse anulleret")
return redirect(url_front())
b = data.Bucket(request.form)
if not sanitize_username(b.username):
flash("Ugyldigt brugernavn")
return html.back()
if b.password1 != b.password2:
flash("Du gav to forskellige løsener, prøv igen")
return html.back()
if b.password1 == "":
flash("Du skal vælge et løsen")
return html.back()
data.execute("DELETE FROM User_creation_keys WHERE key = ?", key)
create_user(b.username, b.password1, b.name, b.email)
flash("Ny bruger oprettet")
session['logged_in'] = True
session['username'] = b.username
return redirect(url_for("usermanager.settings"))
else:
wb = html.WebBuilder()
wb.form()
wb.formtable()
wb.textfield("username", "Brugernavn (Hvad du bliver kaldt på DIKU):")
wb.textfield("name", "Fulde navn:")
wb.textfield("email", "Email:", value=result[0]["email"])
wb.password("password1", "Løsen")
wb.password("password2", "Gentag løsen")
form = wb.create()
return render_template("form.html", form=form)
def modify_news(id):
news = data.execute("SELECT * FROM News WHERE n_id = ?", id)
if empty(news) or session['username'] != news[0]['creator']:
flash("You are not permitted to edit this newsitem")
return redirect(url_front())
news = news[0]
if request.method == 'POST':
if 'cancel' in request.form:
return redirect(url_front())
b = data.Bucket(request.form)
if 'delete' in request.form:
b >> ("DELETE FROM News WHERE n_id = ?", id)
if b.title == "":
flash("Please enter a title")
return html.back()
b.text
b >> ("UPDATE News $ WHERE n_id = ?", id)
return redirect(url_front())
else:
w = html.WebBuilder()
w.form()
w.formtable()
w.textfield("title", "Overskrift")
w.textarea("text", "Tekst")
w.html('<button type="submit" name="delete" value="delete">Slet nyhed</button>', "")
form = w.create(news)
return render_template("form.html", form=form)
def new():
if request.method == "POST":
if 'cancel' in request.form:
flash(escape("Rustur ikke oprettet"))
return redirect(url_for('rustours.overview'))
b = data.Bucket(request.form)
b.type
if b.tour_name == "":
b.tour_name = "Unavngiven rustur"
if b.year.isdecimal():
b.year = int(b.year)
else:
flash("Please enter a valid year")
return html.back()
b >= "Tours"
return redirect(url_for('rustours.overview'))
else:
w = html.WebBuilder()
w.form()
w.formtable()
w.textfield("tour_name", "Navn", value="Unavngiven rustur")
w.textfield("year", "År", value=rkgyear())
w.select("type", "Type", [('p', 'Pigetur'), ('t', 'Transetur'), ('m', 'Munketur')])
form = w.create()
return render_template("form.html", form=form)
def add_news():
if request.method == 'POST':
if 'cancel' in request.form:
return redirect(url_front())
creator = session['username']
created = now()
title = request.form['title']
get_flashed_messages()
if title == "":
flash("Please enter a title")
return html.back()
text = request.form['text']
data.execute("INSERT INTO News(creator, created, title, text) VALUES(?,?,?,?)", creator, created, title, text)
return redirect(url_front())
else:
w = html.WebBuilder()
w.form()
w.formtable()
w.textfield("title", "Overskrift")
w.textarea("text", "Tekst")
form = w.create()
return render_template("form.html", form=form)
def new():
if request.method == "POST":
if 'cancel' in request.form:
flash(escape("Mentorhold ikke oprettet"))
return redirect(url_for('mentorteams.overview'))
b = data.Bucket(request.form)
if b.mentor_names == "":
b.mentor_names = "Unavngivet mentorhold"
if b.year.isdecimal():
b.year = int(b.year)
else:
flash("Please enter a valid year")
return html.back()
b >= "Mentorteams"
return redirect(url_for('mentorteams.overview'))
else:
w = html.WebBuilder()
w.form()
w.formtable()
w.textfield("mentor_names", "Navn", value="Unavngivet mentorhold")
w.textfield("year", "År", value=rkgyear())
form = w.create()
return render_template("form.html", form=form)
def new():
if request.method == "POST":
if 'cancel' in request.form:
flash(escape("Rustur ikke oprettet"))
return redirect(url_for('rustours.overview'))
b = data.Bucket(request.form)
b.type
if b.tour_name == "":
b.tour_name = "Unavngiven rustur"
if b.year.isdecimal():
b.year = int(b.year)
else:
flash("Please enter a valid year")
return html.back()
b >= "Tours"
return redirect(url_for('rustours.overview'))
else:
w = html.WebBuilder()
w.form()
w.formtable()
w.textfield("tour_name", "Navn", value="Unavngiven rustur")
w.textfield("year", "År", value=rkgyear())
w.select("type", "Type", [('p', 'Pigetur'), ('t', 'Transetur'),
('m', 'Munketur')])
form = w.create()
return render_template("form.html", form=form)
def settings(m_id):
if request.method == "POST":
if 'cancel' in request.form:
return redirect(url_front())
b = data.Bucket(request.form)
if b.mentor_names == "":
b.mentor_names = "Unavngivet mentorhold"
if b.year.isdecimal():
b.year = int(b.year)
else:
flash("Please enter a valid year")
return html.back()
b >> ("UPDATE Mentorteams $ WHERE m_id = ?", m_id)
mentors = request.form['mentors']
mentors = mentors.replace('"', '')
mentors = mentors.replace('"', '')
mentors = [name.split()[0] for name in re.split(';\s', mentors) if name != ""]
old = data.execute("SELECT username FROM Mentors WHERE m_id = ?", m_id)
old = [mentor['username'] for mentor in old]
for mentor in set(old) - set(mentors):
data.execute("DELETE FROM Mentors WHERE m_id = ? and username = ?", m_id, mentor)
for mentor in sorted(set(mentors) - set(old)):
data.execute("INSERT INTO Mentors(m_id, username) VALUES (?, ?)", m_id, mentor)
return redirect(url_for('mentorteams.mentorteam', m_id=m_id))
else:
teams = data.execute("SELECT * FROM Mentorteams WHERE m_id = ?", m_id)
if len(teams) != 1:
flash(escape("Det hold findes ikke"))
return redirect(url_for("mentorteams.overview"))
team = teams[0]
all_mentors = data.execute("SELECT * FROM Users WHERE username IN (Select username from Group_users where groupname = 'mentor')")
all_mentors = ['\\"{0}\\" {1}'.format(mentor['username'], mentor['name']) for mentor in all_mentors]
all_mentors.sort()
actual_mentors = data.execute("SELECT * FROM Mentors INNER JOIN Users USING(username) WHERE m_id = ?", m_id)
actual_mentors = ['"{0}" {1}; '.format(mentor['username'], mentor['name']) for mentor in actual_mentors]
actual_mentors.sort()
actual_mentors ="".join(actual_mentors)
w = html.WebBuilder()
w.form()
w.formtable()
w.textfield("mentor_names", "Navn")
w.textfield("year", "År")
w.html(html.autocomplete_multiple(all_mentors, "mentors", default=actual_mentors), description="Mentorer", value="abekat")
form = w.create(team)
return render_template("mentorteams/settings.html", form=form)
def entry(b_id, e_id=None):
if request.method == "POST":
if 'cancel' in request.form:
flash(escape("Ændringer annulleret"))
return redirect(url_for('bookkeeper.book', b_id=b_id))
b = data.Bucket(request.form)
if b.description == "":
flash("Please enter a description")
return html.back()
b.amount_string
# TODO: check for errors
try:
b.amount = expinterpreter.interpret_amount(b.amount_string)
except expinterpreter.ExpinterpreterException as e:
flash("invalid amount")
return html.back()
b.date
b.creditor = b.creditor.replace('"', '').replace('"', '')
if b.creditor == "":
flash("Please enter a creditor")
return html.back()
b.creditor = b.creditor.split()[0]
if e_id == None:
b.b_id = b_id
e_id = (b >= "Entries")["e_id"]
else:
b >> ("UPDATE Entries $ WHERE b_id = ? and e_id = ?", b_id, e_id)
# EXPLANATION: ensure all 'share's are valid integers before any database modification
debts = []
for req in request.form.keys():
if req.startswith("participant_"):
debtor = req[12:] # len("participant_") == 12
share_string = request.form[req]
if share_string != "":
try:
# EXPLANATION: we store both the string and its result, if it evaluates to something meaningful
share = expinterpreter.interpret(share_string)
debts.append((debtor, share_string, share))
except expinterpreter.ExpinterpreterException as e:
flash("Invalid expression in " + debtor + ": " + share)
return html.back()
# TODO: The following is not harming, but is it necessary?
# TODO: Think more about this line, is the previous statement true?
data.execute("DELETE FROM Debts WHERE e_id = ?", e_id)
for debtor, share_string, share in debts:
# NOTE: insert automaticly replaces old entries
data.execute(
"INSERT INTO Debts(e_id, debtor, share_string, share) VALUES (?, ?, ?, ?)",
e_id, debtor, share_string, share)
return redirect(url_for("bookkeeper.book", b_id=b_id))
else:
w = html.WebBuilder()
w.form()
w.formtable()
if e_id == None:
description = ""
amount_string = ""
date = ""
creditor = session['username']
else:
entry = data.execute("SELECT * FROM Entries WHERE e_id = ?",
e_id)[0]
description = entry['description']
amount_string = entry['amount_string']
date = entry['date'].isoformat()
creditor = entry['creditor']
w.textfield("description", "Hvad", value=description)
w.textfield("amount_string", "Beløb", value=amount_string)
w.calendar("date", "Hvornår", value=date)
participants = data.execute(
"SELECT * FROM Book_participants as B INNER JOIN Users as U ON B.participant = U.username WHERE b_id = ?",
b_id)
participant_names = [
'\\"{0}\\" {1}'.format(user['username'], user['name'])
for user in participants
]
#participant_names = [user['username'] for user in participants]
w.html(html.autocomplete(participant_names,
"creditor",
default=creditor),
description="Udlægger",
value="abekat")
# Extract users
if e_id == None:
previous_debtors = []
else:
previous_debtors = data.execute(
"SELECT username, name, share_string FROM Debts as D INNER JOIN Users as U ON D.debtor = U.username WHERE e_id = ?",
e_id)
usernames = [debtor['username'] for debtor in previous_debtors]
#participants = data.execute("SELECT * FROM Book_participants as B INNER JOIN Users as U ON B.participant = U.username WHERE b_id = ?", b_id)
new_participants = [{
'username': p['username'],
'name': p['name'],
'share_string': ''
} for p in participants if p['username'] not in usernames]
all_participants = previous_debtors + new_participants
all_participants = sorted(all_participants,
key=lambda x: x['username'])
for user in all_participants:
name = 'participant_{0}'.format(user['username'])
description = '"{0}" {1}'.format(user['username'],
user['name'])
value = user['share_string']
w.textfield(name, description, value=value)
form = w.create()
return render_template("form.html", form=form)
def settings(t_id):
if request.method == "POST":
if 'cancel' in request.form:
return redirect(url_front())
b = data.Bucket(request.form)
b.theme
b.type
b.notes
if b.tour_name == "":
b.tour_name = "Unavngiven rustur"
if b.year.isdecimal():
b.year = int(b.year)
else:
flash("Please enter a valid year")
return html.back()
b >> ("UPDATE Tours $ WHERE t_id = ?", t_id)
tutors = request.form['tutors']
tutors = tutors.replace('"', '')
tutors = tutors.replace('"', '')
tutors = [name.split()[0] for name in re.split(';\s', tutors) if name != ""]
old = data.execute("SELECT username FROM Tours_tutors WHERE t_id = ?", t_id)
old = [tutor['username'] for tutor in old]
for tutor in set(old) - set(tutors):
data.execute("DELETE FROM Tours_tutors WHERE t_id = ? and username = ?", t_id, tutor)
for tutor in sorted(set(tutors) - set(old)):
try:
data.execute("INSERT INTO Tours_tutors(t_id, username) VALUES (?, ?)", t_id, tutor)
except psycopg2.IntegrityError as e:
if e.pgerror.startswith('ERROR: insert or update on table "tours_tutors" violates foreign key constraint "tours_tutors_username_fkey"'):
flash("No tutor: "+tutor)
raise
return redirect(url_for('rustours.rustour', t_id=t_id))
else:
tours = data.execute("SELECT * FROM Tours WHERE t_id = ?", t_id)
if len(tours) != 1:
flash(escape("Den tur findes ikke"))
return redirect(url_for("rustours.overview"))
tour = tours[0]
all_tutors = data.execute("SELECT * FROM Users WHERE username IN (Select username from Group_users where groupname = 'rkg')")
all_tutors = ['\\"{0}\\" {1}'.format(tutor['username'], tutor['name']) for tutor in all_tutors]
all_tutors.sort()
actual_tutors = data.execute("SELECT * FROM Tours_tutors INNER JOIN Users USING(username) WHERE t_id = ?", t_id)
actual_tutors = ['"{0}" {1}; '.format(tutor['username'], tutor['name']) for tutor in actual_tutors]
actual_tutors.sort()
actual_tutors = "".join(actual_tutors)
w = html.WebBuilder()
w.form()
w.formtable()
w.textfield("tour_name", "Navn")
w.textfield("theme", "Tema")
w.textfield("year", "År")
w.select("type", "Type", [('p', 'Pigetur'), ('t', 'Transetur'), ('m', 'Munketur')])
w.html(html.autocomplete_multiple(all_tutors, "tutors", default=actual_tutors), description="Vejledere", value="abekat")
w.textarea("notes", "Noter")
form = w.create(tour)
return render_template("rustours/settings.html", form=form, t_id=t_id)
def settings(t_id):
if request.method == "POST":
if 'cancel' in request.form:
return redirect(url_front())
b = data.Bucket(request.form)
b.theme
b.type
b.notes
if b.tour_name == "":
b.tour_name = "Unavngiven rustur"
if b.year.isdecimal():
b.year = int(b.year)
else:
flash("Please enter a valid year")
return html.back()
b >> ("UPDATE Tours $ WHERE t_id = ?", t_id)
tutors = request.form['tutors']
tutors = tutors.replace('"', '')
tutors = tutors.replace('"', '')
tutors = [
name.split()[0] for name in re.split(';\s', tutors) if name != ""
]
old = data.execute("SELECT username FROM Tours_tutors WHERE t_id = ?",
t_id)
old = [tutor['username'] for tutor in old]
for tutor in set(old) - set(tutors):
data.execute(
"DELETE FROM Tours_tutors WHERE t_id = ? and username = ?",
t_id, tutor)
for tutor in sorted(set(tutors) - set(old)):
try:
data.execute(
"INSERT INTO Tours_tutors(t_id, username) VALUES (?, ?)",
t_id, tutor)
except psycopg2.IntegrityError as e:
if e.pgerror.startswith(
'ERROR: insert or update on table "tours_tutors" violates foreign key constraint "tours_tutors_username_fkey"'
):
flash("No tutor: " + tutor)
raise
return redirect(url_for('rustours.rustour', t_id=t_id))
else:
tours = data.execute("SELECT * FROM Tours WHERE t_id = ?", t_id)
if len(tours) != 1:
flash(escape("Den tur findes ikke"))
return redirect(url_for("rustours.overview"))
tour = tours[0]
all_tutors = data.execute(
"SELECT * FROM Users WHERE username IN (Select username from Group_users where groupname = 'rkg')"
)
all_tutors = [
'\\"{0}\\" {1}'.format(tutor['username'], tutor['name'])
for tutor in all_tutors
]
all_tutors.sort()
actual_tutors = data.execute(
"SELECT * FROM Tours_tutors INNER JOIN Users USING(username) WHERE t_id = ?",
t_id)
actual_tutors = [
'"{0}" {1}; '.format(tutor['username'], tutor['name'])
for tutor in actual_tutors
]
actual_tutors.sort()
actual_tutors = "".join(actual_tutors)
w = html.WebBuilder()
w.form()
w.formtable()
w.textfield("tour_name", "Navn")
w.textfield("theme", "Tema")
w.textfield("year", "År")
w.select("type", "Type", [('p', 'Pigetur'), ('t', 'Transetur'),
('m', 'Munketur')])
w.html(html.autocomplete_multiple(all_tutors,
"tutors",
default=actual_tutors),
description="Vejledere",
value="abekat")
w.textarea("notes", "Noter")
form = w.create(tour)
return render_template("rustours/settings.html", form=form, t_id=t_id)
def entry(b_id, e_id=None):
if request.method == "POST":
if 'cancel' in request.form:
flash(escape("Ændringer annulleret"))
return redirect(url_for('bookkeeper.book', b_id=b_id))
b = data.Bucket(request.form)
if b.description == "":
flash("Please enter a description")
return html.back()
b.amount_string
# TODO: check for errors
try:
b.amount = expinterpreter.interpret_amount(b.amount_string)
except expinterpreter.ExpinterpreterException as e:
flash("invalid amount")
return html.back()
b.date
b.creditor = b.creditor.replace('"', '').replace('"', '')
if b.creditor == "":
flash("Please enter a creditor")
return html.back()
b.creditor = b.creditor.split()[0]
if e_id == None:
b.b_id = b_id
e_id = (b >= "Entries")["e_id"]
else:
b >> ("UPDATE Entries $ WHERE b_id = ? and e_id = ?", b_id, e_id)
# EXPLANATION: ensure all 'share's are valid integers before any database modification
debts = []
for req in request.form.keys():
if req.startswith("participant_"):
debtor = req[12:] # len("participant_") == 12
share_string = request.form[req]
if share_string != "":
try:
# EXPLANATION: we store both the string and its result, if it evaluates to something meaningful
share = expinterpreter.interpret(share_string)
debts.append((debtor, share_string, share))
except expinterpreter.ExpinterpreterException as e:
flash("Invalid expression in " + debtor + ": " + share)
return html.back()
# TODO: The following is not harming, but is it necessary?
# TODO: Think more about this line, is the previous statement true?
data.execute("DELETE FROM Debts WHERE e_id = ?", e_id)
for debtor, share_string, share in debts:
# NOTE: insert automaticly replaces old entries
data.execute("INSERT INTO Debts(e_id, debtor, share_string, share) VALUES (?, ?, ?, ?)", e_id, debtor, share_string, share)
return redirect(url_for("bookkeeper.book", b_id=b_id))
else:
w = html.WebBuilder()
w.form()
w.formtable()
if e_id == None:
description = ""
amount_string = ""
date = ""
creditor = session['username']
else:
entry = data.execute("SELECT * FROM Entries WHERE e_id = ?", e_id)[0]
description = entry['description']
amount_string = entry['amount_string']
date = entry['date'].isoformat()
creditor = entry['creditor']
w.textfield("description", "Hvad", value=description)
w.textfield("amount_string", "Beløb", value=amount_string)
w.calendar("date", "Hvornår", value=date)
participants = data.execute("SELECT * FROM Book_participants as B INNER JOIN Users as U ON B.participant = U.username WHERE b_id = ?", b_id)
participant_names = ['\\"{0}\\" {1}'.format(user['username'], user['name']) for user in participants]
#participant_names = [user['username'] for user in participants]
w.html(html.autocomplete(participant_names, "creditor", default=creditor), description="Udlægger", value="abekat")
# Extract users
if e_id == None:
previous_debtors = []
else:
previous_debtors = data.execute("SELECT username, name, share_string FROM Debts as D INNER JOIN Users as U ON D.debtor = U.username WHERE e_id = ?", e_id)
usernames = [debtor['username'] for debtor in previous_debtors]
#participants = data.execute("SELECT * FROM Book_participants as B INNER JOIN Users as U ON B.participant = U.username WHERE b_id = ?", b_id)
new_participants = [{'username':p['username'], 'name':p['name'], 'share_string':''} for p in participants if p['username'] not in usernames]
all_participants = previous_debtors + new_participants
all_participants = sorted(all_participants, key=lambda x: x['username'])
for user in all_participants:
name = 'participant_{0}'.format(user['username'])
description = '"{0}" {1}'.format(user['username'], user['name'])
value = user['share_string']
w.textfield(name, description, value=value)
form = w.create()
return render_template("form.html", form=form)
