def user(display_hash=None, action=None):
""" Create or edit a user. """
if not display_hash:
abort(404)
user = User.query.filter(User.display_hash==display_hash).first()
if not user:
abort(404)
if request.method == 'POST':
form = UserForm(request.form)
if form.validate():
#TODO Flash message if this condition is not met
if form.display_hash.data == current_user.display_hash or current_user.is_admin():
user = User.query.filter(User.display_hash==form.display_hash.data).first()
user.update_from_model(user)
if current_user.is_admin():
user.roles = []
for display_hash in request.form.getlist('role'):
role = Role.query.filter(Role.display_hash==display_hash).first()
user.roles.append(role)
db.session.commit()
return redirect(url_for('users'))
if request.method == 'GET':
form = UserForm(obj=user)
action = url_for('user', display_hash=user.display_hash)
roles = Role.query.all()
return render_template('user.html', form=form, action=action, roles=roles, user=user)
def view(certificate_id):
use_ssl = Setting.get_by_name('use_ssl', default=False).value
if use_ssl == False:
abort(404)
cert = Certificate.get_by_id(certificate_id)
if cert.type != CLIENT and not current_user.is_admin():
abort(403)
ca_cert = Certificate.query.filter_by(type=CA).first()
if cert.user != current_user and not current_user.is_admin():
abort(403)
return render_template('certificate/view.html', certificate=cert, ca_cert=ca_cert, current_user=current_user, active='certificates', ssl=use_ssl)
def pluginCommand(name):
api_plugins = octoprint.plugin.plugin_manager().get_filtered_implementations(lambda p: p._identifier == name, octoprint.plugin.SimpleApiPlugin)
if not api_plugins:
return make_response("Not found", 404)
if len(api_plugins) > 1:
return make_response("More than one api provider registered for {name}, can't proceed".format(name=name), 500)
api_plugin = api_plugins[0]
valid_commands = api_plugin.get_api_commands()
if valid_commands is None:
return make_response("Method not allowed", 405)
if api_plugin.is_api_adminonly() and not current_user.is_admin():
return make_response("Forbidden", 403)
command, data, response = get_json_command_from_request(request, valid_commands)
if response is not None:
return response
response = api_plugin.on_api_command(command, data)
if response is not None:
return response
return NO_CONTENT
def edit(id):
if current_user.is_anonymous():
flash(
Markup('<span class="glyphicon glyphicon-info-sign"></span> You have to login before editing a proposal.'),
"info",
)
return redirect("/login?next=" + str(request.path))
""" Edit an proposal """
p = Proposal.objects.get_or_404(id=id)
form = ProposalForm(request.form, p)
if not current_user.is_admin() and current_user.id == p.proposer.id:
interested_list = p.interested[:] # Deep copy to manipulate
for interested in interested_list:
if interested.user.id == current_user.id:
interested_list.remove(interested)
if len(interested_list) > 0:
flash(
Markup(
'<span class="glyphicon glyphicon-info-sign"></span> You cannot edit a proposal that has interested users.'
),
"info",
)
return redirect(url_for("proposals.detail", id=p.id))
# submit
if form.validate_on_submit():
form.populate_obj(p)
import datetime
p.updated = datetime.datetime.now()
p.save()
return redirect(url_for("proposals.detail", id=p.id))
return render_template("proposal/edit.html", title=_("Edit a proposal"), proposal=p, form=form)
def update_name(_id):
# Check auth
if not current_user.is_admin():
flash("Only admins can force-update user names.", "danger")
return redirect(request.referrer or url_for("index"))
# Get user
_user = User.query.filter(User.id == _id).first()
if _user is None:
flash("User {} not found.".format(_id), "danger")
return redirect(request.referrer or url_for("index"))
old_name = _user.name
_user.update_steam_name()
new_name = _user.name
current_app.logger.info("Manually triggered a user name update.", extra={
'extra': {
'old_name': old_name,
'new_name': new_name,
'actioned_by': current_user.id
}
})
flash(u"Updated user {}'s name from {} to {}.".format(_id, old_name, new_name), "success")
return redirect(request.referrer or url_for("index"))
def view_form_history(word=None):
page = flask.g.database.get_page(get_url(word))
access_edit = False
if page is not None:
# Проверка на права пользователя вносить правки в статью
if current_user.is_authenticated():
access_edit = access_f(page['access'], current_user)
if current_user.is_authenticated():
if current_user.is_admin():
access_edit = True
if current_user.is_authenticated() is False or access_edit is False:
return render_template('page.html',
page=None,
message=u"Вы не имеете прав на просмотр истории изменения страницы",
navigation=True,
word=get_url(word),
history = True
)
pages = flask.g.database.get_pages_history(get_url(word))
# if pages is None:
# return 'error!'
# else:
return render_template('history.html', pages=pages, word=get_url(word), navigation=True, history = True)
def settings(_id):
# Authentication
if current_user.id != _id and not current_user.is_admin():
flash("You are not authorised to edit user {}'s settings.".format(_id), "danger")
return redirect(request.referrer or url_for("index"))
# Check user exists
_user = User.query.filter(User.id == _id).first()
if _user is None:
flash("User {} not found.".format(_id), "danger")
return redirect(request.referrer or url_for("index"))
# Validate form, if submitted; else render it.
form = SettingsForm(_user, request.form)
if form.validate_on_submit():
_user.email = form.email.data
_user.show_ads = form.show_ads.data
db.session.add(_user)
db.session.commit()
return redirect(request.args.get("next") or url_for("users.user", _id=_user.id))
return render_template("users/settings.html",
title="Your settings - Dotabank",
user=_user,
form=form)
def index(self):
if current_user.is_authenticated():
if not current_user.is_admin():
return redirect(url_for('chat.login'))
else:
return redirect(url_for('chat.login'))
return super(CustomAdminIndexView, self).index()
def test_student_login(self):
# Ensure login behaves correctly.
with self.client:
self.client.get('/logout', follow_redirects=True)
response = self.client.post(
'/login',
data=dict(
email='*****@*****.**',
password='******',
confirm='student_user'
),
follow_redirects=True
)
self.assertIn(
b'Welcome, <em>[email protected]</em>!',
response.data
)
self.assertIn(
b'<li><a href="/student/courses">View Courses</a></li>',
response.data
)
self.assertIn(
b'<li><a href="/password">Update Password</a></li>',
response.data
)
self.assertTrue(current_user.email == "*****@*****.**")
self.assertTrue(current_user.is_authenticated)
self.assertTrue(current_user.is_active)
self.assertFalse(current_user.is_anonymous())
self.assertTrue(current_user.is_student())
self.assertFalse(current_user.is_teacher())
self.assertFalse(current_user.is_admin())
self.assertEqual(response.status_code, 200)
def add_user():
""" CRUD for adding a user. """
if not current_user.is_admin():
return redirect('users')
if request.method == 'POST':
form = UserForm(request.form)
if form.validate():
existing_user = User.query.filter(User.username==form.username.data).first()
if existing_user:
#TODO Set error to be displayed (flash?)
return redirect(url_for('users'))
user = form.populated_object()
user.generate_uuid()
db.session.add(user)
db.session.commit()
return redirect(url_for('users'))
if request.method == 'GET':
form = UserForm()
action = url_for('add_user')
roles = Role.query.all()
return render_template('user.html', form=form, action=action, roles=roles)
def add_dl_job(_id):
# Check auth
if not current_user.is_admin():
flash("Only admins can add new DL jobs.", "danger")
return redirect(request.referrer or url_for("index"))
# Check replay exists
_replay = Replay.query.filter(Replay.id == _id).first()
if _replay is None:
flash("Replay {} doesn't exist.".format(_id), "danger")
return redirect(request.referrer or url_for("index"))
# Update status
_replay.status = "WAITING_DOWNLOAD"
db.session.add(_replay)
# Add to job queue.
queued = Replay.add_dl_job(_replay)
if queued:
flash("Added DL job for replay {}.".format(_id), "info")
db.session.commit()
else:
flash("Error adding DL job for replay {}.".format(_id), "danger")
db.session.rollback()
return redirect(request.referrer or url_for("index"))
def post_admin_data():
if current_user.is_admin():
res={}
query = request.json
if query['op']=='getValues':
pid = query['dataID']
p = Point.query.get(pid)
res['status']='ok'
res['fields']=[]
for f in Point.get_external_fields():
res['fields'].append({"field":f, "data":getattr(p,f)})
res['fields'].append({"field":'geopointAc',"data":{'id':p.geo.id, 'name':p.geo.name} })
else:
res['status']='ok'
pid = query['dataID']
if query['op']=='edit':
p = Point.query.get(pid)
elif query['op']=='add':
p =Point()
for key, value in query['fields'].items():
print(key, value)
setattr(p, key, value)
geo_id = query['fields']['geopointAc']['id']
print ('>>>>>'+str(geo_id))
if geo_id !=-1: p.geoId=geo_id
db.session.add(p)
db.session.commit()
return json.dumps(res)
def test_update_password2(self):
# Ensure update password behaves correctly.
with self.client:
self.client.post(
'/login',
data=dict(
email='*****@*****.**',
password='******',
),
follow_redirects=True
)
response = self.client.post(
'/password',
data=dict(
password='******',
confirm='short'
),
follow_redirects=True
)
self.assertIn(
b'<h1>Update Password</h1>',
response.data
)
self.assertIn(
b'Field must be between 6 and 25 characters long.',
response.data
)
self.assertTrue(current_user.email == '*****@*****.**')
self.assertTrue(current_user.is_authenticated())
self.assertTrue(current_user.is_active())
self.assertFalse(current_user.is_anonymous())
self.assertTrue(current_user.is_student())
self.assertFalse(current_user.is_teacher())
self.assertFalse(current_user.is_admin())
self.assertEqual(response.status_code, 200)
def post(self):
if request.method == 'POST':
form = NewUserForm()
if form.validate_on_submit():
try:
user = User.create()
# Set Permissions
if current_user.is_admin():
user.role = int(form.role.data)
del form.role
del form.timezone
del form.lang
form.populate_obj(user)
user.set_password(form.password.data)
user.save()
flash(gettext('User was succesfully saved'))
return redirect(url_for('UsersView:get',id=user.id))
except:
flash(gettext('Error while creating the user'), 'error')
raise
else:
flash(gettext('Invalid submission, please check the messages below'), 'error')
else:
form = NewUserForm()
return render_template('admin/users/add.html',
title = gettext('Create new user'),
form = form,
user = [])
def organize(id):
if current_user.is_anonymous():
flash(Markup("<span class=\"glyphicon glyphicon-info-sign\"></span> You have to login before organizing a proposal."), "info")
return redirect('/login?next=' + str(request.path))
p = Proposal.objects.get_or_404(id=id)
# Throw 403 if user isn't an admin
if not current_user.is_admin():
abort(403)
# You can only organize proposals with interested users
if p.num_interested == 0:
flash(Markup("<span class=\"glyphicon glyphicon-exclamation-sign\"></span> You cannot "
+ "organize a proposal that has no interested users."), "danger")
return redirect(url_for('proposals.detail', id=p.id))
form = OrganizeProposalForm()
if form.validate_on_submit():
e = Event()
e.creator = current_user._get_current_object()
form.populate_obj(e)
e.save()
#p.delete()
return redirect(url_for('events.detail', id=e.id))
return render_template("proposal/organize.html", form=form, proposal_title=p.title, proposal_description=p.description)
def delete_users(user):
print user
## Checks if the user is an admin
if current_user.is_admin(current_user.username):
u = User.query.filter_by(username=user).first()
us = UserStatistics.query.filter_by(userId=u.id).first()
## Checks if the user tries to delete itself
if current_user.username == u.username:
flash('Sorry, but you cannot delete yourself. Think about those people who love you more than their world mi amigo.')
return redirect(url_for('Users.set_roles'))
# loads the supervisor and deletes the user
load_supervisor = u.supervisor
supervisor = User.query.filter_by(username=load_supervisor).first()
load_supervisees = supervisor.supervisee
print "Load supervisee before split: " + str(load_supervisees)
load_supervisees = load_supervisees.split(' ')
print "Load supervisee after split: " + str(load_supervisees)
load_supervisees.remove(u.username)
supervisor.supervisee = ' '.join(load_supervisees)
print supervisor.supervisee
db_session.delete(u)
db_session.add(supervisor)
db_session.commit()
flash('User Deleted')
return redirect(url_for('Users.set_roles'))
flash('USER UNAUTHORIZED')
return redirect(url_for('Home.show_home'))
def delete_comment(comment_id):
if (current_user.is_anonymous()):
return '{ "state": "failed" }'
if CommentService.remove_comment_by_id(comment_id, current_user.id, current_user.is_admin()):
return '{ "state": "ok" }'
else:
return '{ "state": "failed" }'
def edit(username):
if current_user.username != username and not current_user.is_admin():
return redirect(url_for('user.home', username=username))
user = User.query.filter_by(username=username).first()
if not user:
return redirect(url_for('user.home',username=username))
form = EditUserForm(request.form, obj=user)
if form.validate_on_submit():
# create an user instance not yet stored in the database
if username != form.username.data.lower():
user_already_exist = User.query.filter_by(username=form.username.data.lower()).first()
if user_already_exist:
flash('Username already exists', 'danger')
return render_template("user.edit.html", form=form, user=user)
user.name=form.name.data
user.username=form.username.data.lower()
user.email=form.email.data.lower()
if len(form.password.data):
user.password=generate_password_hash(form.password.data)
user.role = form.role.data
# Insert the record in our database and commit it
try:
db.session.add(user)
db.session.commit()
flash('User edited successfully!')
except:
db.session.rollback()
flash('Unable to edit user', 'danger')
# redirect user to the 'home' method of the user module.
return redirect(url_for('user.home', username=user.username))
return render_template("user.edit.html", form=form, user=user)
def relevant_posts(query):
if not current_user.is_admin():
query = query.filter(Post.last_published_at != None)
project_id = request.args.get('project_id')
if project_id:
query = query.filter(Post.project_id == project_id)
return query
def post_admin_tables():
if current_user.is_admin():
res={}
query = request.json
if query['cmd']=='getTable':
if query['tid']=='geosTable':
geos = Geo.query.all()
res['tableRows']=[]
res['tableHeader']=['Name','Address', 'Number', 'Country']
for g in geos:
res['tableRows'].append([g.name, g.formatted_address, g.number, g.country.name])
res['status']='ok'
elif query['tid']=='pointsTable':
points = Point.query.all()
res['tableRows']=[]
res['tableHeader']=['Id','Name','GEO', 'pop','bch']
for p in points:
res['tableRows'].append([p.id, p.pointName, p.geo.name, p.pointPop, p.rtBch])
res['status']='ok'
else:
res['status']='unknown table'
else:
res['status']='unknown command'
else:
res= {'status':'unauthorized'}
return json.dumps(res)
def role(page=1):
""" Create and list roles. """
if not current_user.is_admin():
return redirect(url_for('index'))
if request.method == 'POST':
if 'display_hash' in request.form:
display_hash = request.form['display_hash']
role = Role.query.filter(Role.display_hash==display_hash).first()
#TODO Flash message if role does not exist
if role:
db.session.delete(role)
db.session.commit()
return redirect(url_for('role', page=page))
form = RoleForm(request.form)
if form.validate():
existing_role = Role.query.filter(Role.title==form.title.data).first()
#TODO If role exists, flash message
if not existing_role:
role = form.populated_object()
if form.add_all_users.data:
role.users = User.query.all()
db.session.add(role)
db.session.commit()
return redirect(url_for('role', page=page))
if request.method == 'GET':
form = RoleForm()
pagination = Role.query.paginate(page, CONVERSATIONS_PER_PAGE, False)
return render_template('roles.html', pagination=pagination, form=form)
def edit(id):
notification = Notification.query.filter_by(id=id).first_or_404()
if notification.user != current_user and not current_user.is_admin():
abort(403)
type_id, form_type = NOTIFICATION_TYPE_DETAILS[NOTIFICATION_TYPES[notification.type]]
obj = notification
if request.method == "POST":
obj = None
form = form_type(obj=obj)
if not form.is_submitted():
form.populate_from_settings(id)
if form.validate_on_submit():
notification.description = form.description.data
form.populate_settings(notification.settings, id=id)
db.session.add(notification)
db.session.commit()
current_app.decoder.refresh_notifier(id)
if str(ZONE_FAULT) in form.subscriptions.data or str(ZONE_RESTORE) in form.subscriptions.data:
return redirect(url_for("notifications.zone_filter", id=notification.id))
return redirect(url_for("notifications.review", id=notification.id))
use_ssl = Setting.get_by_name("use_ssl", default=False).value
return render_template(
"notifications/edit.html", form=form, id=id, notification=notification, active="notifications", ssl=use_ssl
)
def flatten_series_by_url(data):
if not current_user.is_admin():
return getResponse(error=True, message="You have to have administrator privileges to do that!")
dups = db.engine.execute('''
SELECT
website, COUNT(*) AS dupes
FROM
series
WHERE
website IS NOT NULL AND website != ''
GROUP
BY website
HAVING
(COUNT(*) > 1);''')
dups = list(dups)
match_num = 0
for website, number in dups:
print(website, number)
matches = Series.query.filter(Series.website==website).all()
ids = [match.id for match in matches]
zipped = list(zip(ids, ids[1:]))
for m1, m2 in zipped:
match_num += 1
merge_series_ids(m1, m2)
return getResponse("%s Items merged." % match_num, error=False)
def edit(id):
notification = Notification.query.filter_by(id=id).first_or_404()
if notification.user != current_user and not current_user.is_admin():
abort(403)
type_id, form_type = NOTIFICATION_TYPE_DETAILS[NOTIFICATION_TYPES[notification.type]]
obj = notification
if request.method == 'POST':
obj = None
form = form_type(obj=obj)
if not form.is_submitted():
form.populate_from_settings(id)
if form.validate_on_submit():
form.populate_obj(notification)
form.populate_settings(notification.settings, id=id)
db.session.add(notification)
db.session.commit()
current_app.decoder.refresh_notifier(id)
flash('Notification saved.', 'success')
use_ssl = Setting.get_by_name('use_ssl', default=False).value
return render_template('notifications/edit.html',
form=form,
id=id,
notification=notification,
active='notifications',
ssl=use_ssl)
def messages():
if not current_user.is_admin():
abort(403)
messages = NotificationMessage.query.all()
return render_template("notifications/messages.html", messages=messages, active="notifications")
def index():
current_app.logger.debug('debug')
if current_user.is_authenticated():
if current_user.is_admin():
return redirect(url_for('admin.index'))
return redirect(url_for('user.index'))
form = LoginForm(login=request.args.get('login', None),
next=request.args.get('next', None))
if form.validate_on_submit():
user, authenticated = User.authenticate(form.login.data,
form.password.data)
if user and authenticated:
remember = request.form.get('remember') == 'y'
if login_user(user, remember=remember):
user.locale_code = request.form.get('locale_code')
db.session.add(user)
db.session.commit()
#flash(_("Logged in"), 'success')
return redirect(form.next.data or url_for('user.index'))
else:
flash(_('Sorry, invalid login'), 'error')
return render_template('frontend/login.html', form=form)
def on_identity_loaded(sender, identity):
identity.user = current_user
if hasattr(current_user, 'id'):
identity.provides.add(UserNeed(current_user.id))
if hasattr(current_user, 'is_admin'):
if current_user.is_admin():
identity.provides.add(RoleNeed('admin'))
def put(self, id):
post = Post.get_by_id(id)
if post is None:
flash(gettext('The post was not found'), 'error')
return redirect(url_for('PostsView:index'))
if not current_user.is_admin() and not post.is_mine():
abort(401)
if request.method in ['POST', 'PUT']:
form = EditPostForm()
if form.validate_on_submit():
try:
form.populate_obj(post)
post.save()
flash(gettext('Post was succesfully saved'))
if request.method == 'POST':
if form.remain.data:
return redirect(url_for('PostsView:get', id=post.id))
else:
return redirect(url_for('PostsView:index'))
except:
flash(gettext('Error while updating the post'), 'error')
else:
flash(gettext('Invalid submission, please check the message below'), 'error')
if request.method == 'PUT':
return jsonify(redirect_to=url_for('PostsView:index'))
else:
form = NewPostForm(post)
return render_template('admin/posts/edit.html',
title=gettext('Edit Post: %(title)s', title=post.title),
form=form,
post=post)
def admin_delete_live():
if current_user.is_admin():
models.Live.delete(request.form['live_id'])
lecloud.cancelLive(request.form['activity_id'])
else:
flash('权限不足!')
return redirect(url_for('admin'))
def edit_comment(discussion_id, comment_id, proposal_id):
if current_user.is_anonymous():
flash(Markup("<span class=\"glyphicon glyphicon-info-sign\"></span> You have to login before editing a comment."), "info")
return redirect('/login?next=' + str(request.path))
""" Edit a comment of a discussion """
d = Discussion.objects.get_or_404(id=discussion_id)
c = Comment.objects.get_or_404(id=comment_id)
form = EditCommentForm()
# If the user is not the owner of the comment and not an admin, throw a 403
if current_user._get_current_object() != c.creator:
if not current_user.is_admin():
abort(403)
if form.validate_on_submit():
c.edit_comment(newText=form.text.data)
return redirect(url_for('discussions.detail', discussion_id=d.id, proposal_id=proposal_id))
return render_template('discussion/edit_comment.html',
discussion = d,
proposal_id = proposal_id,
title = d.title,
comment = c,
text = c.text,
form = form)
def decorator(*args, **kwargs):
if not current_user.is_admin():
abort(403)
return f(*args, **kwargs)
def before_request():
""" If logged in user is an admin, add the flask-admin object to the global scope. """
if current_user.is_admin():
g.admin = admin # Only utilized under is_admin condition
def decorated_view(*args, **kwargs):
if current_user.is_authenticated() and current_user.is_admin():
return func(*args, **kwargs)
else:
return current_app.login_manager.unauthorized()
def decorated_view(*args, **kwargs):
if not (current_user.is_authenticated() and current_user.is_admin()):
abort(403)
return f(*args, **kwargs)
def changePasswordForUser(username):
if userManager is None:
return jsonify(SUCCESS)
if current_user is not None and not current_user.is_anonymous() and (current_user.get_name() == username or current_user.is_admin()):
if "application/json" in request.headers["Content-Type"]:
data = request.json
if "password" in data.keys() and data["password"]:
try:
userManager.changeUserPassword(username, data["password"])
except users.UnknownUser:
return app.make_response(("Unknown user: %s" % username, 404, []))
return jsonify(SUCCESS)
else:
return app.make_response(("Forbidden", 403, []))
def is_accessible(self):
if current_user.is_authenticated():
if current_user.is_admin():
return True
def admin():
if current_user.is_admin():
user_list = models.User.list()
return render_template('admin.html', user_list=user_list)
else:
return redirect(url_for('manage'))
def is_accessible(self):
if not current_user.is_anonymous:
return current_user.is_admin()
return False
def is_accessible(self):
return current_user.is_admin()
def is_accessible(self):
if not current_user:
return False
return current_user.is_admin() if hasattr(current_user,
'is_admin') else False
def getUser(username): if userManager is None: return jsonify(SUCCESS) if current_user is not None and not current_user.is_anonymous() and (current_user.get_name() == username or current_user.is_admin()): user = userManager.findUser(username) if user is not None: return jsonify(user.asDict()) else: abort(404) else: abort(403)
def limitedAdmin(**kwargs):
if not current_user.is_admin():
return abort(403)
return render_template('index.html', brand_image=get_brand_image())
def decorated_function(*args, **kwargs):
if user_is_anonymous(current_user) or not current_user.is_admin():
if Setting.get_by_name('setup_complete', default=False) == True:
abort(403)
return f(*args, **kwargs)
def query_on_description(description):
offset = request.args.get('offset', 0)
size = request.args.get('size', 10)
order_by = request.args.get('order_by', "upload_time")
reverse = request.args.get('reverse', 0) > 0
res = VideoListService.query_on_description(description, offset, size, order_by, reverse,
show_banned = (not current_user.is_anonymous()) and current_user.is_admin(),
show_disabled = (not current_user.is_anonymous()) and current_user.is_admin())
res = [v.to_rich_dict() for v in res]
return json.dumps(res, ensure_ascii = False)
def update():
""" route to update the database """
if current_user.is_admin():
app.update_db.set()
return redirect(url_for("index"))
def authorize_changes(resource):
return current_user.is_admin()
def decorated_view(*args, **kwargs):
logger.info("admin access attempt by %s" % current_user.get_id())
if not current_user.is_admin():
return flask.abort(403) # access denied
return fn(*args, **kwargs)
def decorated_function(*args, **kwargs):
if not current_user.is_admin():
flash('Nu puteti face aceasta operatie!')
return redirect(request.referrer)
return f(*args, **kwargs)
def check_mod_permissions(mod):
if mod.completed is False or mod.enabled is False:
abort(404)
elif mod.visibility == "H" and current_user not in mod.authors and not current_user.is_admin():
abort(403)
def wrapper(*args, **kwargs):
if current_user.is_admin():
return func(*args, **kwargs)
abort(403)
def edit(mod_id):
mod = Mod.query.get_or_404(mod_id)
new_item = False
if request.referrer == url_for(".upload", _external=True):
new_item = True
check_edit_permissions(mod)
edit_form = EditMod()
edit_form.equip_regions.query = TF2EquipRegion.query.all()
edit_form.bodygroups.query = TF2BodyGroup.query.all()
edit_form.tags.query = Tag.query.all()
package_formats = [("vpk", "VPK")]
visibilities = [("Pu", "Public"), ("Pr", "Unlisted"), ("H", "Hidden")]
edit_form.package_format.choices = package_formats
edit_form.visibility.choices = visibilities
if edit_form.workshop_id.data == "":
edit_form.workshop_id.data = None
if edit_form.validate_on_submit():
valid = True
mod.pretty_name = edit_form.pretty_name.data
mod.description = edit_form.description.data
workshop_id = edit_form.workshop_id.data
if workshop_id:
from re import match
try:
if match(
"http[s]?:\/\/(www\.)?steamcommunity\.com\/sharedfiles\/filedetails\/",
workshop_id):
from urlparse import urlparse, parse_qs
workshop_id = parse_qs(
urlparse(workshop_id).query).get("id")[0]
int(workshop_id)
elif not int(workshop_id) > 0:
valid = False
edit_form.workshop_id.errors.append(
"Not a valid workshop ID.")
workshop_id = None
except (ValueError, TypeError):
valid = False
edit_form.workshop_id.errors.append("Not a valid workshop ID.")
workshop_id = None
mod.workshop_id = workshop_id
if not workshop_id or workshop_id == "":
mod.workshop_id = None
mod.package_format = edit_form.package_format.data
mod.visibility = edit_form.visibility.data
mod.defindex = edit_form.defindex.data
if not mod.defindex.isnumeric():
mod.defindex = None
mod.hide_downloads = edit_form.hide_downloads.data
if mod.hide_downloads and not mod.defindex:
mod.hide_downloads = False
flash(
"If the item is not officially in-game, please simply change the item visibility to hidden to remove downloads.",
"danger")
mod.bodygroups = []
mod.equip_regions = []
for bodygroup in edit_form.bodygroups.data:
mod.bodygroups.append(TF2BodyGroup.query.get(bodygroup))
for equip_region in edit_form.equip_regions.data:
mod.equip_regions.append(TF2EquipRegion.query.get(equip_region))
for tag in edit_form.tags.data:
mod.tags.append(Tag.query.get(tag))
authors_to_add = []
for i, author in enumerate(edit_form.authors):
authors_to_add.append((i, author.author.data))
author_profiles = []
for i, add_author in authors_to_add:
if add_author:
user_author_record = new_user(add_author)
if isinstance(user_author_record, str):
edit_form.authors.entries[i].author.errors.append(
user_author_record)
valid = False
else:
author_profiles.append(user_author_record)
if not current_user.is_admin() and current_user not in author_profiles:
edit_form.authors.errors.append(
"You may not remove yourself as an author.")
valid = False
author_profiles = remove_duplicates(author_profiles)
if valid:
for i in range(0, len(mod.authors)):
mod.authors.pop()
for i, author_profile in enumerate(author_profiles):
mod_author = ModAuthor(mod_id=mod.id,
user_id=author_profile.account_id,
order=i)
db.session.add(mod_author)
db.session.add(mod)
db.session.commit()
flash("Save successful.", "success")
return redirect(url_for("mods.page", mod_id=mod.id))
classes = [_class for _class in mod.class_model]
edit_form.pretty_name.data = mod.pretty_name
edit_form.workshop_id.data = mod.workshop_id
edit_form.description.data = mod.description
for i, author in enumerate(mod.authors):
edit_form.authors[i].author.data = author.perma_profile_url
edit_form.equip_regions.data = [
equip_region for equip_region in mod.equip_regions
]
edit_form.bodygroups.data = [bodygroup for bodygroup in mod.bodygroups]
edit_form.tags.data = [tag for tag in mod.tags]
edit_form.package_format.data = mod.package_format
edit_form.visibility.data = mod.visibility
edit_form.hide_downloads.data = mod.hide_downloads
edit_form.defindex.data = mod.defindex
if new_item:
edit_form.visibility.data = "Pu"
edit_form.publish.label.text += " and Publish!"
classes_array = json.dumps(classes)
count = item_search(
classes=classes,
bodygroups=[bodygroup.bodygroup for bodygroup in mod.bodygroups],
equip_regions=[
equip_region.equip_region for equip_region in mod.equip_regions
]).count()
"""if request.method == 'POST' and 'mod_image' in request.files:
try:
filename = modimages.save(request.files['mod_image'])
print filename
except UploadNotAllowed:
flash("Only images can be uploaded.", "danger")
<form method=POST enctype=multipart/form-data>
<input type=file name=mod_image>
<input type="submit" value="Submit">
</form>"""
return render_template('mods/edit.html',
mod=mod,
edit_form=edit_form,
classes=classes_array,
count=count,
title=u"Editing {}".format(mod.pretty_name))
def decorated_view(*args, **kwargs):
if current_user.is_admin():
return fn(*args, **kwargs)
else:
abort(403)
def conflict_resolve(conf_id):
"""
Renders conflict resolve page.
"""
conflict = Conflict.query.get(conf_id)
form = ResolveConflict(formdata=request.form, obj=conflict)
if current_user.is_admin():
form.resolved_by.choices = [
("Not resolved yet", "Not resolved yet"),
("Order did not come", "Order did not come"),
("Order come but someone ate it", "Order come but someone ate it"),
]
info = [
"Order did not come -- means that the order cost will be "
"changed to 0 and there will be additional description in "
"the order",
"Order come but someone ate it -- does not change anything.",
"Not resolved yet -- does not change anything"
]
elif current_user.username == conflict.user_connected:
form.resolved_by.choices = [
("I did not eat your lunch", "I did not eat your lunch"),
("I'm sorry, I ate your meal", "I'm sorry, I ate your meal"),
]
info = [
"I'm sorry, I ate your meal -- means that the order will be "
"asinged to you.",
"I did not eat your lunch -- does not change anything"
]
else:
flash("You cannot resolve conflicts by yourself")
return redirect('conflicts')
if request.method == 'POST' and form.validate():
conflict.resolved = (request.form.get("resolved") == "y")
conflict.resolved_by = request.form["resolved_by"]
conflict.notes = request.form.get("notes")
msg = Message(
'Lunch app conflict update',
recipients=[conflict.created_by_user],
)
if conflict.resolved_by == "Order did not come":
order = Order.query.get(conflict.order_connected)
order.cost = 0
order.description = "ORDER DID NOT COME\n" + order.description
msg.body = "The order \n{}\n did not come so it cost was changed" \
"to 0 pln and it got properly described on your list " \
"of orders.".format(order.description)
elif conflict.resolved_by == "I'm sorry, I ate your meal":
conflict.resolved = True
order = Order.query.get(conflict.order_connected)
order.user_name = current_user.username
msg.body = "{} is sorry he ate Your meal the order is now" \
"assigned to him/her".format(conflict.user_connected)
else:
url = server_url() + url_for("conflict_resolve", conf_id=conf_id)
msg.body = "Your conflict was updated check out the changes " \
"here: \n {}".format(url)
mail.send(msg)
db.session.commit()
flash('Conflict updated')
return redirect('conflicts')
return render_template("conflict_resolve.html", form=form, info=info)
def decorated_view(*args, **kwargs):
if not current_user or not current_user.is_admin():
return current_app.login_manager.unauthorized()
return func(*args, **kwargs)
def check_edit_permissions(mod):
check_mod_permissions(mod)
if current_user not in mod.authors and not current_user.is_admin():
abort(403)
def package(mod_id, defindex):
mod_package = ModPackage.query.filter_by(mod_id=mod_id,
defindex=defindex).first()
mod = Mod.query.get_or_404(mod_id)
check_mod_permissions(mod)
if mod.hide_downloads:
abort(404)
replacement = TF2Item.query.filter_by(defindex=defindex,
inactive=False).first()
if mod and replacement:
if not current_user.is_admin():
twenty_four_hours_ago = datetime.datetime.utcnow(
) - datetime.timedelta(hours=24)
downloads_by_mod = PackageDownload.query.filter_by(user=current_user)\
.filter(PackageDownload.downloaded >= twenty_four_hours_ago)\
.outerjoin(ModPackage)\
.filter(ModPackage.mod_id == mod_id)
if downloads_by_mod.count() >= 15:
flash(
u"Download limit for {} reached. Please try again in 24 hours."
.format(mod.pretty_name), "danger")
return redirect(url_for("mods.page", mod_id=mod_id))
downloads_by_replacement = downloads_by_mod.filter(
ModPackage.defindex == defindex)
if downloads_by_replacement.count() >= 2:
flash(
u"Download limit for {} replacement reached. Please try again in 24 hours."
.format(replacement.item_name), "danger")
return redirect(url_for("mods.page", mod_id=mod_id))
if not mod_package:
filename = package_mod_to_item(mod, replacement)
long_date = False
if datetime.datetime.utcnow() < mod.uploaded + datetime.timedelta(
weeks=4):
long_date = True
mod_package = ModPackage(mod.id, replacement.defindex, filename,
long_date)
db.session.add(mod_package)
db.session.commit()
elif datetime.datetime.utcnow() > mod_package.expire_date:
mod = mod_package.mod
replacement = mod_package.replacement
long_date = False
if datetime.datetime.utcnow() < mod.uploaded + datetime.timedelta(
weeks=4):
long_date = True
filename = package_mod_to_item(mod, replacement)
mod_package.filename = filename
mod_package.update_expire(long_date)
mod_package.deleted = False
db.session.add(mod_package)
db.session.commit()
else:
filename = mod_package.filename
download_record = PackageDownload(mod_package.id,
current_user.account_id)
db.session.add(download_record)
db.session.commit()
return send_from_directory(os.path.abspath(
os.path.join(current_app.config['OUTPUT_FOLDER_LOCATION'],
str(mod.id))),
filename,
as_attachment=True)
else:
abort(404)
def is_accessible(self):
# print current_user.is_admin()
# print current_user.is_authenticated()
return current_user.is_admin()
def decorated_view(*args, **kwargs):
print('Inside decorated view.')
if not current_user.is_admin(): # Where have we defined current_user
return abort(403)
return func(*args, **kwargs)
def is_accessible(self):
return current_user.is_authenticated() and current_user.is_admin()
def validate_vm_quota(form, field):
if (not current_user.is_admin()) and current_user.vm_quota != int(
field.data):
raise ValidationError(_("Only admin user can update vm quota."))
