def test_is_moderator():
user = User(id=1, name="test", first_name="utilisateur", email="*****@*****.**")
db.session.add(user)
u = User.query.get(1)
assert is_moderator(u) == False
a= Authorization(channel_id=1,user_id=1,permission=2)
db.session.add(a)
assert is_moderator(u) == True
def index():
# Team06: Export to PDF feature
if request.method == "POST":
action = request.form.get('@action', '')
if action == "export":
post_id = request.form.get("id")
chan_id = request.form.get("template")
return pdf.export(post_id, chan_id)
# end addition
user = User.query.get(session.get("user_id", "")) if session.get(
"logged_in", False) else None
posts = []
flattened_list_pubs = []
# TEAM06: add – pdf
pdf_chans = db.session.query(Channel).filter(
Channel.module == 'superform.plugins.pdf'
)
# end add
chans = []
if user is not None:
setattr(user, 'is_mod', is_moderator(user))
posts = db.session.query(Post).filter(
Post.user_id == session.get("user_id", ""))
chans = get_moderate_channels_for_user(user)
pubs_per_chan = (db.session.query(Publishing).filter(
(Publishing.channel_id == c.id) & (Publishing.state == 0)) for c in
chans)
flattened_list_pubs = [y for x in pubs_per_chan for y in x]
# TEAM06: changes in the render_template, templates
return render_template("index.html", user = user, posts = posts,
channels = chans,
publishings = flattened_list_pubs,
templates = pdf_chans)
def search_post() :
'''
Searching in query for posts with a specific filter
:param no param, except request.form from front-end. This form contains all filters possible for a search
:return: data, JSON containing all data retrieved from queries, based on filters.
'''
user = User.query.get(session.get("user_id", "")) if session.get("logged_in", False) else None
posts=[]
data = []
print(str(request.form))
if user is not None:
setattr(user,'is_mod',is_moderator(user))
posts = db.session.query(Post).filter((Post.user_id==session.get("user_id", "")) &
(Post.title.like('%'+request.form['subject']+'%')) &
(Post.description.like('%'+request.form['body']+'%'))
).order_by(request.form['sorted'])
for item in posts :
row = {}
row["id"] = str(item.id)
row["title"] = item.title
row["description"] = str(item.description.splitlines())
row["hrefEdit"] = "#" #Add here after creating buttons function
row["hrefCopy"] = "#"
row["hrefDelete"] = "#"
row["hrefExportPdf"] = str(item.id)
data.append(row)
return json.dumps(data)
def search_publishings() :
'''
Searching in query for publishings with a specific filter
:param no param, except request.form from front-end. This form contains all filters possible for a search
:return: data, JSON containing all data retrieved from queries, based on filters.
'''
data = []
user = User.query.get(session.get("user_id", "")) if session.get("logged_in", False) else None
posts = []
chans = []
flattened_list_pubs = []
if user is not None:
setattr(user, 'is_mod', is_moderator(user))
chans = get_moderate_channels_for_user(user)
pubs_per_chan = (db.session.query(Publishing).filter((Publishing.channel_id == c.id) &
(Publishing.title.like('%'+request.form['subject']+'%')) &
(Publishing.description.like('%' + request.form['body'] + '%')) &
(Publishing.state == 0)) for c in chans)
flattened_list_pubs = [y for x in pubs_per_chan for y in x]
print(str(flattened_list_pubs))
for p in flattened_list_pubs : #request.form['author'] in p.get_author() and
if str(p.channel_id) in request.form.getlist('channels[]'):
row = {}
for c in chans :
if c.id == p.channel_id:
row["channel"] = c.name
row["subject"] = p.title
row["body"] = str(p.description.splitlines())
row["author"] = p.get_author()
row["button"] = url_for('publishings.moderate_publishing',id=p.post_id,idc=p.channel_id)
data.append(row)
return json.dumps(data)
def callback():
auth = OneLogin_Saml2_Auth(prepare_saml_request(request), current_app.config["SAML"])
auth.process_response()
errors = auth.get_errors()
if len(errors) == 0:
auth_attrs = auth.get_attributes()
mappings = current_app.config["SAML"]["attributes"]
attrs = {key: auth_attrs[mapping][0] for key, mapping in mappings.items()}
user = User.query.get(attrs["uid"])
if not user:
user = User(id=attrs["uid"], name=attrs["sn"], first_name=attrs["givenName"], email=attrs["email"])
db.session.add(user)
db.session.commit()
session["logged_in"] = True
session["user_id"] = user.id
session["first_name"] = user.first_name
session["name"] = user.name
session["email"] = user.email
session["admin"] = user.admin
session["moderator"] = is_moderator(user)
# Redirect to desired url
self_url = OneLogin_Saml2_Utils.get_self_url(prepare_saml_request(request))
if 'RelayState' in request.form and self_url != request.form['RelayState']:
return redirect(auth.redirect_to(request.form['RelayState']))
else:
return make_response(", ".join(errors), 500)
return make_response("saml_acs_error", 500)
def get_publications(user):
if user is None:
return []
setattr(user, 'is_mod', is_moderator(user))
my_pubs = []
if user is not None:
my_pubs = [pub for _, _, pub in db.session.query(Channel, Post, Publishing)
.filter(Channel.id == Publishing.channel_id)
.filter(Publishing.post_id == Post.id)
.filter(Post.user_id == user.id).order_by(desc(Publishing.post_id))]
return my_pubs
def delete_publishing(post_id, channel_id):
user = User.query.get(session.get("user_id", "")) if session.get(
"logged_in", False) else None
if user is not None:
setattr(user, 'is_mod', is_moderator(user))
post = db.session.query(Post).filter_by(id=post_id).first()
if post is not None:
post_user_id = post.user_id
if post_user_id == user.id or user.is_mod:
publishings = db.session.query(Publishing).filter(
Publishing.post_id == post_id).all()
channel = db.session.query(Channel).filter(
Channel.id == channel_id).first()
for pub in publishings:
if pub.channel_id == channel.id:
fb_connected = True
# The publishing has been posted
if pub.state == 1:
# It is posted on Facebook
if channel.module == "superform.plugins.facebook":
print("ALERT")
from superform.plugins.facebook import fb_token
if fb_token == 0:
# User is not connected on Facebook
flash("You are not connected on Facebook!")
fb_connected = False
else:
extra = json.loads(pub.extra)
fb_delete(extra["facebook_post_id"])
# It is posted on Wiki
elif channel.module == "superform.plugins.wiki":
wiki_delete(pub.title, channel.config)
if fb_connected:
db.session.delete(pub)
db.session.commit()
else:
# The user is trying to delete the publishing linked to a post he did not create
flash(
"You don't have the rights to delete this post (not the creator)"
)
else:
# The post does not exist
return render_template('404.html'), 404
else:
# User is not connected
return render_template('403.html'), 403
return redirect(url_for('delete.delete', id=post_id))
def index():
user = User.query.get(session.get("user_id", "")) if session.get("logged_in", False) else None
posts = []
flattened_list_pubs = []
if user is not None:
setattr(user, 'is_mod', is_moderator(user))
posts = db.session.query(Post).filter(Post.user_id == session.get("user_id", ""))
chans = get_moderate_channels_for_user(user)
pubs_per_chan = (
db.session.query(Publishing).filter((Publishing.channel_id == c.id) & (Publishing.state == 0)) for c in
chans)
flattened_list_pubs = [y for x in pubs_per_chan for y in x]
return render_template("index.html", user=user, posts=posts, publishings=flattened_list_pubs)
def index():
user = User.query.get(session.get("user_id", "")) if session.get(
"logged_in", False) else None
user_posts = []
moderable_pubs_per_chan = []
my_accepted_pubs = []
my_refused_pubs = []
if user is not None:
setattr(user, 'is_mod', is_moderator(user))
from sqlalchemy import desc
user_posts = db.session.query(Post).filter(Post.user_id == session.get("user_id", "")).order_by(desc(Post.id))\
.limit(5).all()
moderable_pubs_per_chan = [
pub for _, _, pub in
db.session.query(Authorization, Channel, Publishing).filter(
Authorization.user_id == user.id, Authorization.permission ==
Permission.MODERATOR.value).filter(
Authorization.channel_id == Publishing.channel_id).filter(
Publishing.post_id == Post.id).filter(
Channel.id == Publishing.channel_id).filter(
Publishing.state == State.NOTVALIDATED.value).
order_by(desc(Publishing.post_id)).limit(5).all()
]
my_refused_pubs = [
pub for _, _, pub in db.session.query(Channel, Post, Publishing).
filter(Channel.id == Publishing.channel_id).filter(
Publishing.post_id == Post.id).filter(
Publishing.state == State.REFUSED.value).filter(
Post.user_id == user.id).order_by(desc(Post.id)).limit(
5).all()
]
my_accepted_pubs = [
pub for _, _, pub in db.session.query(Channel, Post, Publishing).
filter(Channel.id == Publishing.channel_id).filter(
Publishing.post_id == Post.id).filter(
Publishing.state == State.VALIDATED.value).filter(
Post.user_id == user.id).order_by(desc(Post.id)).limit(
5).all()
]
return render_template("index.html",
user=user,
posts=user_posts,
publishings=moderable_pubs_per_chan,
my_refused_publishings=my_refused_pubs,
my_accepted_publishings=my_accepted_pubs,
states=State)
def delete_publishing(post_id, channel_id):
user = User.query.get(session.get("user_id", "")) if session.get(
"logged_in", False) else None
if user is not None:
setattr(user, 'is_mod', is_moderator(user))
post = db.session.query(Post).filter_by(id=post_id).first()
if post is not None:
post_user_id = post.user_id
if post_user_id == user.id or user.is_mod:
publishings = db.session.query(Publishing).filter(
Publishing.post_id == post_id).all()
channel = db.session.query(Channel).filter(
Channel.id == channel_id).first()
for pub in publishings:
if pub.channel_id == channel.id:
# The publishing has been posted
if pub.state == State.VALIDATED.value:
# Do specific actions depending of the channel
# flash("The publishing has been posted")
# return redirect(url_for('delete.delete', id=post_id))
# Default: remove publishing as it was not validated
pass
db.session.delete(pub)
db.session.commit()
else:
# The user is trying to delete the publishing linked to a post he did not create
flash(
"You don't have the rights to delete this post (not the creator)"
)
else:
# The post does not exist
return render_template('404.html'), 404
else:
# User is not connected
return render_template('403.html'), 403
return redirect(url_for('delete.delete', id=post_id))
def delete_post(id):
user = User.query.get(session.get("user_id", "")) if session.get(
"logged_in", False) else None
if user is not None:
setattr(user, 'is_mod', is_moderator(user))
post = db.session.query(Post).filter_by(id=id).first()
if post is not None:
post_user_id = post.user_id
if post_user_id == user.id or user.is_mod:
publishings = db.session.query(Publishing).filter(
Publishing.post_id == id).all()
post_del_cond = True
for _ in publishings:
# If there is any publishing
post_del_cond = False
# If every publishing linked to the post has been deleted (otherwise violation of constraint in db)
if post_del_cond:
db.session.delete(post)
db.session.commit()
else:
flash(
"At least one publishing remains, cannot delete post",
category='error')
else:
# The user trying to delete the post is not the one who created it
flash(
"You don't have the rights to delete this post (not the creator)"
)
else:
# The post does not exist
return render_template('404.html'), 404
else:
# User is not connected
return render_template('403.html'), 403
return redirect(url_for('index'))
def delete(id):
user = User.query.get(session.get("user_id", "")) if session.get(
"logged_in", False) else None
drafts = []
unmoderated = []
posted = []
has_draft = False
has_unmoderated = False
has_posted = False
if not user:
# User is not connected
return render_template('403.html'), 403
setattr(user, 'is_mod', is_moderator(user))
post = db.session.query(Post).get(id)
if post is not None:
post_user_id = post.user_id
if post_user_id == user.id or user.is_mod:
publishings = db.session.query(Publishing).filter(
Publishing.post_id == id).all()
for pub in publishings:
# The publishing is a draft
if pub.state == State.INCOMPLETE.value:
drafts.append(pub)
has_draft = True
# The publishing has been submitted for review
elif pub.state == State.NOT_VALIDATED.value:
unmoderated.append(pub)
has_unmoderated = True
# The publishing has been refused
elif pub.state == State.REFUSED.value:
unmoderated.append(pub)
has_unmoderated = True
# The publishing has been posted
elif pub.state == State.VALIDATED.value:
channel = db.session.query(Channel).filter(
Channel.id == pub.channel_id).first()
# The channel is Facebook
if channel.module == "superform.plugins.facebook":
posted.append((pub, "fb"))
has_posted = True
# The channel is Wiki
elif channel.module == "superform.plugins.wiki":
posted.append((pub, "wiki"))
has_posted = True
else:
posted.append((pub, "0"))
has_posted = True
# The publishing has been archived
else:
pass
else:
# The user trying to delete the post is not the one who created it
flash(
"You don't have the rights to delete this post (not the creator)"
)
else:
# The post does not exist
return render_template('404.html'), 404
if has_draft or has_unmoderated or has_posted:
return render_template("delete.html",
user=user,
post=post,
draft_pubs=drafts,
unmoderated_pubs=unmoderated,
posted_pubs=posted,
has_draft=has_draft,
has_unmoderated=has_unmoderated,
has_posted=has_posted)
else:
return delete_post(id)
def index():
# Team06: Export to PDF feature
if request.method == "POST":
action = request.form.get('@action', '')
if action == "export":
post_id = request.form.get("id")
chan_id = request.form.get("template")
return export(post_id, chan_id)
# end addition
user_id = session.get("user_id", "") if session.get("logged_in",
False) else -1
user = User.query.get(user_id) if session.get("logged_in", False) else None
# TEAM06: add – pdf
pdf_chans = db.session.query(Channel).filter(
Channel.module == 'superform.plugins.pdf')
# end add
posts_var = []
pubs_unvalidated = []
chans = []
if user is not None and user_id != -1:
setattr(user, 'is_mod', is_moderator(user))
chans = get_moderate_channels_for_user(user)
# AJOUTER Post.user_id == user_id dans posts DANS QUERY?
posts_var = db.session.query(Post).filter(
Post.user_id == user_id).order_by(Post.date_created.desc())
for post in posts_var:
publishings_var = db.session.query(Publishing).filter(
Publishing.post_id == post.id).all()
channels_var = set()
for publishing in publishings_var:
channels_var.add(
db.session.query(Channel).filter(
Channel.id == publishing.channel_id).first())
setattr(post, "channels", channels_var)
posts_user = db.session.query(Post).filter(
Post.user_id == user_id).all()
pubs_unvalidated = db.session.query(Publishing).filter(
Publishing.state == State.REFUSED.value).filter(
Publishing.user_id == user_id).order_by(
Publishing.post_id).order_by(Publishing.channel_id).all()
post_ids = [p.id for p in posts_user]
for pub_unvalidated in pubs_unvalidated:
if pub_unvalidated.post_id in post_ids:
size_comment = current_app.config["SIZE_COMMENT"]
channels_var = [
db.session.query(Channel).filter(
Channel.id == pub_unvalidated.channel_id).first()
]
setattr(pub_unvalidated, "channels", channels_var)
last_comment = db.session.query(Comment).filter(
Comment.publishing_id ==
pub_unvalidated.publishing_id).first()
comm = comm_short = last_comment.moderator_comment[:
size_comment]
if len(last_comment.moderator_comment) > size_comment:
comm_short = comm + "..."
comm = last_comment.moderator_comment
setattr(pub_unvalidated, "comment_short", comm_short)
setattr(pub_unvalidated, "comment", comm)
# TEAM06: changes in the render_template, templates
return render_template("index.html",
posts=posts_var[:5],
pubs_unvalidated=pubs_unvalidated,
templates=pdf_chans,
user=user,
channels=chans)
