def new(self):
user = None
if "repoze.who.identity" in request.environ:
user = request.environ.get('repoze.who.identity')['user']
values= dict(request.params)
for email in session['site_settings']['contactusmail'].split(','):
if user:
message = Message(user.emails[0].email_address,
email,
"contactus from %s"%values['email'],
encoding='utf-8')
message.plain = "%s"%values['message']
message.send()
else:
message = Message(values['email'],
email,
"contactus asked to reply to %s"%values['email'],
encoding='utf-8')
message.plain = "%s"%values['message']
message.send()
h.flash(_("Your message was sent successfully."))
return redirect(h.url(controller='contactus',action='index'))
def admin(self,id=None,page=1):
def asort(sort,querystr):
feilds ={'1':'Invoice.id',
'2':'Invoice.customer_id',
'3':'Invoice.date_time',
'4':'Invoice.total_price',
'5':'Invoice.Description',}
if sort != '':
if session['invoice_sort_togle'][sort]:
session['invoice_sort_togle'][sort] = False
direction = '.desc()'
else:
session['invoice_sort_togle'][sort] = True
direction = '.asc()'
querystr += ".order_by(%s%s)"%(feilds[sort],direction)
session['invoice_sort'] = sort
session['invoice_sort_direction']=direction
session.save()
elif 'invoice_sort' in session:
sort = session['invoice_sort']
direction = session['invoice_sort_direction']
querystr += ".order_by(%s%s)"%(feilds[sort],direction)
return querystr
came_from = str(request.GET.get('came_from', ''))
identity = request.environ.get('repoze.who.identity')
c.menu_items = h.top_menu(self.menu_items,_('Shop online'))
if came_from == 'removeproduct':
h.flash('To delete a product find it in the table and press on the Delete link')
elif came_from == 'editproduct':
h.flash('To Edit a product details find it in the table below and press on the Edit link')
sort = str(request.GET.get('sort',''))
if 'invoice_sort_togle' not in session:
session['invoice_sort_togle']={'1':True,
'2':True,
'3':True,
'4':True,
'5':True,}
session.save()
querystr=''
if is_met(has_permission('view_invoice')):
Uc = aliased(User)
Us = aliased(User)
if 'invoice_querystr' in session:
querystr = asort(sort,querystr)
invoices = eval(session['invoice_querystr']+querystr)
c.paginator = paginate.Page(invoices,
page=int(request.params.get('page', page)),
items_per_page = 10)
html = render('/derived/invoice/staff/index.html')
return htmlfill.render(html, defaults=session['invoice_search_values'], errors={})
else:
querystr = "Session.query(Invoice).filter(Invoice.deleted==False)"
querystr = asort(sort,querystr)
invoices = eval(querystr)
c.paginator = paginate.Page(invoices,
page=int(request.params.get('page', page)),
items_per_page = 10)
return render('/derived/invoice/staff/index.html')
def createbasket(self):
came_from = str(request.GET.get('came_from', ''))
values = dict(request.params)
for item in values:
if item.startswith('product_id.'):
id = int(item.split('.')[-1])
try:
product = Session.query(Product).filter_by(id=id).one()
except:
h.flash(_('No product exist with ID: %s')%id)
redirect(url(controller='product',action='list'))
if values['quant']!='':
quantity = int(values['quant'])
else:
quantity =1
if session.has_key('basket'):
session['basket'][id]=quantity
else:
session['basket']={id:quantity}
product = Session.query(Product).filter_by(id=id).one()
h.flash(_('%s of product %s added to basket')%(quantity,product.name))
if came_from !='':
return redirect(came_from)
redirect(url(controller='product',action='list'))
def create(self):
values = dict(request.params)
producttag = ProductTag(values['producttag'])
Session.add(producttag)
Session.commit()
h.flash(_("Product tag %s created successfully")%values['producttag'])
return redirect(url(controller='producttag',action='index'))
def create(self):
values = dict(request.params)
usertag = UserTag(values['usertag'])
Session.add(usertag)
Session.commit()
h.flash(_("User tag %s created successfully")%values['usertag'])
return redirect(url(controller='usertag',action='index'))
def edit(self,id):
if is_met(has_permission(u'edit_invoice')):
return render_edit_form_admin(self.menu_items,id=id)
else:
#check to see if the user is the owner of the invoice and invoice is pending the show edit form
#check to see if staff is editing the form
h.flash(_('You don not have enough permission to edit invoice'))
return redirect(url(controller='invoice',action='index'))
def update(self,id):
values = dict(request.params)
producttag = Session.query(ProductTag).filter_by(id=id).one()
producttag.tag = values['producttag']
Session.add(producttag)
Session.commit()
h.flash(_("Tag %s edited successfully")%producttag.tag)
return redirect(url(controller='producttag',action='index'))
def update(self,id):
values = dict(request.params)
#the below
afile = codecs.open(config['content_files']+'/'+id,'w', encoding='utf-8')
afile.write(values['editor1'])
h.flash('%s successfully updates'%id)
afile.close()
return redirect(url(controller='page',action='index'))
def create(self):
#if Session.query(Group).filter_by(group=request.POST['group']).one() != None:
#abort(404)
newgroup = Group(request.POST['group'])
newgroup.permissions = self.form_result['permissions']
Session.add(newgroup)
Session.commit()
h.flash(_('Group successfully Created.'))
redirect(url(controller='addgroup', action='list'))
def new(self):
if is_met(has_permission("add_user")):
return render_form(self.menu_items, action="create", add_number_of_emails=1)
if is_met(is_anonymous()):
c.menu_items = h.top_menu(self.menu_items, _("Customers"))
c.came_from = str(request.GET.get("came_from", "")) or url(controller="home", action="index")
if request.GET.get("came_from", None):
h.flash(_("After filling the from you will be sent back to your shopping cart"))
return render("/derived/user/new.html")
def delete(self,id):
invoice = Session.query(Invoice).filter_by(id=id).one()
if is_met(has_permission('delete_invoice')):
return self._delete(invoice)
else:
if invoice.customer == request.environ.get('repoze.who.identity')['user']:
return self._delete(invoice)
else:
h.flash(_('You don not have enough permission to delete invoice'))
return redirect(url(controller='invoice',action='index'))
def update(self):
ftype = request.params.get('type',False)
if ftype == 'selected':
pass
else:
if is_met(has_permission(u'edit_invoice')):
return self._admin_update(request)
elif is_met(in_group('customer')):
h.flash(_('You can only delete an unconfirmed invoices. If you want to change anything in a shipping order contact us by phone'))
return redirect(controller='invoice',action='index')
def fill(sefl,id):
invoice = Session.query(Invoice).filter_by(id=id).one()
for item in invoice.invoice_items:
if session.has_key('basket'):
session['basket'][item.product.id]=item.quantity
else:
session['basket']={item.product.id:item.quantity}
session.save()
h.flash(_("Invoice content successfully added to basket"))
return redirect(url(controller="product",action="editbasket"))
def undelete(self, id):
came_from = str(request.GET.get("came_from", "")) or url(controller="user", action="admin")
try:
user = Session.query(User).filter_by(id=id).one()
except:
h.flash(_("No user with ID:%s to delete" % id))
return redirect(h.url(controller="user", action="index"))
user.deleted = False
Session.add(user)
Session.commit()
h.flash(_("User %s undeleted!") % user.user_name)
return redirect(came_from)
def view(self, id):
if is_met(has_permission("view_user")):
try:
user = Session.query(User).filter_by(id=id).one()
except:
h.flash(_("No user with ID:%s to view") % id)
return redirect(h.url(controller="user", action="index"))
c.menu_items = h.top_menu(self.menu_items, _("Customers"))
c.user = user
return render("/derived/user/staff/view.html")
else:
return redirect(url(controller="user", action="index"))
def delete(self,id):
if id is None:
abort(404)
group = Session.query(Group).filter_by(id=id).one()
if group is None:
abort(404)
h.flash(_('Group successfully deleted.'))
Session.delete(group)
Session.commit()
redirect(url(controller='addgroup', action='list'))
return "Group Deleted"
def save2(self):
values = dict(request.params)
photos_inform=[]
for item in values:
if item.startswith('product_id'):
product_id = item.split('.')[-1]
if item.startswith('photo-'):
photos_inform.append(int(item.split('-')[-1]))
product = Session.query(Product).filter_by(id=product_id).one()
action = request.params.getone('action')
del values['action']
if action == 'Save':
# we need a new schema to be on par with the new Ajax form
schema = EditProductForm()
try:
result = schema.to_python(dict(request.params), c)
except Invalid, e:
return render_edit2_form(
self.menu_items,
values=values,
id=product.id,
errors=variabledecode.variable_encode(
e.unpack_errors() or {},
add_repetitions=False
),
number_of_photos=number_of_photos(values),
photos = product.photos
)
else:
# Move the save photo to photo controller
photos = Session.query(Photo).filter(Photo.id.in_(photos_inform)).all()
product.code = result['code']
product.name = result['name']
product.description = result['description']
product.quantity= result['quantity']
product.buy_price = result['buy_price']
product.sell_price = result['sell_price']
product.wholesale_price = result['wholesale_price']
product.buy_date = result['buy_date']
product.brand = result['brand']
product.photos = photos
product.tags = result['tag']
Session.add(product)
Session.commit()
h.flash(_('Product edited successfully.'))
redirect(url(controller='product',action='admin'))
def edit(self, id):
user = Session.query(User).filter_by(id=id).one()
identity = request.environ.get("repoze.who.identity")
if is_met(has_permission("edit_user")):
c.menu_items = h.top_menu(self.menu_items, _("Customers"))
values = create_dict(user)
return render_form(self.menu_items, values, action="update", id=user.id)
elif identity["user"] == user:
values = create_dict(user)
return render_customer_form(self.menu_items, user.id, values)
else:
h.flash("You are not authorized to edit this user data!")
came_from = str(request.GET.get("came_from", "")) or url(controller="user", action="index")
return redirect(h.url(came_from))
def forgotaction(self):
values = dict(request.params)
del values["action"]
msg = ""
settingsf = file(config["settings_file"], "rb")
session["site_settings"] = pickle.load(settingsf)
settingsf.close()
session.save()
captchres = h.captcha.submit(
values["recaptcha_challenge_field"],
values["recaptcha_response_field"],
"6LepGccSAAAAAMfzDtmvyRjJ7-A1FWuJa5qUTxX2",
session["site_settings"]["ip_address"],
)
if not captchres.is_valid:
c.menu_items = h.top_menu(self.menu_items, _("Customers"))
html = render("/derived/user/forgot.html")
return htmlfill.render(html, values, errors={"captcha": _("Invalid Captcha try again")})
user = Session.query(User).join(User.emails).filter(Email.email_address == values["email"]).one()
confcode = str(uuid.uuid1())
uconf = UserConfirm(user, confcode)
Session.add(uconf)
Session.commit()
message = Message(
session["site_settings"]["forgotpass"],
user.emails[0].email_address,
_("Kazhal trading Reset password"),
encoding="utf-8",
)
msg += _("If you requested a password reset click the below link\n")
##msg += "%s%s"%(request.application_url,h.url(controller='user',action='resetpassEmail',id=user.id,confcode=confcode))
msg += "%s%s" % (
request.application_url,
url(controller="user", action="resetpassEmail", id=user.id, confcode=confcode),
)
c.contents = msg
msgHtml = render(_("/derived/emails/forgotpass.html"))
message.rich = msgHtml
message.plain = msg
message.send()
h.flash(
_(
"An email has been sent to your address.To reset your password check your email and click on the confirm link."
)
)
return redirect(url(controller="user", action="forgot"))
def delete(self, id):
def delcommons(user):
phones = Session.query(Phone).filter_by(user_id=user.id).all()
addresses = Session.query(Address).filter_by(user_id=user.id).all()
emails = Session.query(Email).filter_by(user_id=user.id).all()
for phone in phones:
Session.delete(phone)
for address in addresses:
Session.delete(address)
for email in emails:
Session.delete(email)
came_from = str(request.GET.get("came_from", "")) or url(controller="user", action="admin")
try:
user = Session.query(User).filter_by(id=id).one()
except:
h.flash(_("No user with ID:%s to delete" % id))
return redirect(h.url(controller="user", action="index"))
if user.user_name == "admin":
h.flash("Did u lost your mind?! deleting admin user will destroy ur program!")
return redirect(came_from)
if user.pending:
conf = Session.query(UserConfirm).filter_by(user_id=user.id).one()
Session.delete(conf)
delcommons(user)
Session.delete(user)
else:
invoices = Session.query(Invoice).filter_by(customer_id=user.id).filter_by(pending=False).all()
if invoices == []:
invoices = Session.query(Invoice).filter_by(customer_id=user.id).all()
for invoice in invoices:
for invoice_item in invoice.invoice_items:
Session.delete(invoice_item)
Session.delete(invoice)
delcommons(user)
Session.delete(user)
h.flash("user and all his/her pending orders were deleted")
else:
h.flash(
"you can not delete users permanently with confirmed orders from this site.instead this user has been marked as deleted and is unable to use his/her account anymore"
)
user.deleted = True
Session.add(user)
Session.commit()
h.flash(_("User %s deleted!") % user.user_name)
return redirect(came_from)
def view(self,id):
if "repoze.who.identity" in request.environ:
user = request.environ.get('repoze.who.identity')['user']
wholesale_tag = Session.query(UserTag).filter_by(tag='wholesale').one()
if wholesale_tag in user.tags:
c.wholesale = True
try:
product = Session.query(Product).filter_by(id=id).one()
except:
h.flash(_('No product exist with ID: %s')%id)
redirect(url(controller='product',action='list'))
if request.environ.get("repoze.who.identity") is not None:
c.permissions = request.environ["repoze.what.credentials"]["permissions"]
c.product = product
c.menu_items = h.top_menu(self.menu_items,_('Products'))
return render('/derived/product/view.html')
def editbasket(self):
if "repoze.who.identity" in request.environ:
user = request.environ.get('repoze.who.identity')['user']
wholesale_tag = Session.query(UserTag).filter_by(tag='wholesale').one()
if wholesale_tag in user.tags:
c.wholesale=True
if session.has_key('basket') and session['basket']!={}:
products=[]
for item in session['basket']:
products.append(Session.query(Product).filter_by(id=item).one())
c.products = products
c.menu_items = h.top_menu(self.menu_items,_('Shop online'))
return render('/derived/product/editbasket.html')
else:
h.flash(_('No Items in basket'))
return redirect(url(controller='product', action='list'))
def _delete(self,invoice):
if not invoice.pending:
h.flash(_('You can not delete a confirmed invoice.'))
return redirect(h.url(controller='invoice',action='index'))
invoice.deleted = True
customer = invoice.customer
invoice_items=[]
for invoice_item in invoice.invoice_items:
product = invoice_item.product
product.quantity += invoice_item.quantity
customer.balance += invoice_item.total_price
Session.add(customer)
Session.add(product)
Session.add(invoice_item)
Session.add(invoice)
Session.commit()
h.flash(_('Invoice %s was marked as deleted')%invoice.id)
return redirect(url(controller='invoice',action='index'))
def resetpassEmail(self, id):
confcode = request.params.getone("confcode")
try:
user = Session.query(User).filter_by(id=id).one()
userconf = (
Session.query(UserConfirm)
.join(UserConfirm.user)
.filter(User.id == user.id)
.filter(UserConfirm.confirm_code == confcode)
.one()
)
except:
h.flash(_("wrong reset confirmation info."))
return redirect(url(controller="home", action="index"))
c.user = user
c.confcode = userconf.confirm_code
c.menu_items = h.top_menu(self.menu_items, _("Customers"))
return render("/derived/user/resetpass.html")
def _confirm(self,invoice):
customer = invoice.customer
if not is_met(has_permission('confirm_invoice')):
h.flash(_("You don't have enough permision to confirm ivoice"))
return redirect(url(controller='invoice', action='edit',id=invoice.id))
if invoice.total_price > customer.balance + customer.cradit:
h.flash(_("Customer balance is low. <a href='%s'>Give him enough cradit or contanct him about the funds</a>")%url(controller='user',action='edit',id=customer.id))
invoice.Description = _("Low balance")
Session.add(invoice)
Session.commit()
return redirect(url(controller='invoice',action='edit',id=invoice.id))
invoice_id = invoice.id
invoice_items=[]
for invoice_item in invoice.invoice_items:
product = invoice_item.product
product.quantity -= invoice_item.quantity
customer.balance -= invoice_item.total_price
Session.add(product)
Session.add(customer)
invoice.pending = False
Session.add(invoice)
Session.commit()
def index(self,id=None,page=1):
identity = request.environ.get('repoze.who.identity')
c.menu_items = h.top_menu(self.menu_items,_('Shop online'))
if is_met(in_group('customer')):
if session.has_key('invoice_querystr'):
invoices2 = eval(session['invoice_querystr']+".order_by(desc(Invoice.date_time))")
#invoices = Session.query(Invoice).filter_by(customer=identity['user']).filter_by(deleted=False).order_by(Invoice.date_time)
c.paginator = paginate.Page(invoices2,
page=int(request.params.get('page',page)),
items_per_page=10)
html = render('/derived/invoice/customer/index.html')
return htmlfill.render(html, defaults=session['invoice_search_values'], errors={})
else:
invoices = Session.query(Invoice).filter_by(customer=identity['user']).filter_by(deleted=False).order_by(desc(Invoice.date_time))
c.paginator = paginate.Page(invoices,
page=int(request.params.get('page',page)),
items_per_page=10)
return render('/derived/invoice/customer/index.html')
else:
h.flash(_('Please take a few moments to %s\n')%(h.link_to(_("register"),url(controller="user", action="new"))))
return redirect(url(controller='home',action='index'))
def post_login(self):
identity = request.environ.get('repoze.who.identity')
if not identity:
session['failedlogin'] +=1
session.save()
#h.flash(_("Incorrect User name or Password"))
if session['failedlogin']>3:
session['failedlogin'] = 0
session.save()
#return "To many login atempts!"
return HTTPForbidden(request=request,body="Incorrect User name or Password")
if identity['user'].pending:
session['failedlogin'] = 0
session.save()
h.flash(_('Your account is still pending. Check your email for activation link'))
#return redirect logout
return redirect(url(controller="account",action="logout"))
#return render(path.join(get_lang()[0],'derived/account/login.mako'))
if identity['user'].deleted:
session['failedlogin'] = 0
session.save()
h.flash(_('Your account has been deleted!'))
return redirect(url(controller="account",action="logout"))
#return render(path.join(get_lang()[0],'derived/account/login.mako'))
session['user'] = identity['user'].id
if is_met(not_anonymous()):
session['failedlogin'] = 0
session['user_selection']={}
session['product_selection']={}
session['invoice_selection']={}
session.save()
if 'came_from' in session:
came_from = session['came_from']
del session['came_from']
session.save()
return redirect(came_from)
return render(path.join(get_lang()[0],'derived/account/login.mako'))
def view(self,id,page=1):
identity = request.environ.get('repoze.who.identity')
c.menu_items = h.top_menu(self.menu_items,_('Shop online'))
invoice = Session.query(Invoice).filter_by(id=id).one()
if is_met(has_permission('view_invoice')):
c.invoice = invoice
c.paginator = paginate.Page(
invoice.invoice_items,
page=int(request.params.get('page', page)),
items_per_page = 10
)
return render('/derived/invoice/view.html')
elif invoice.customer == identity['user']:
c.invoice = invoice
c.paginator = paginate.Page(
invoice.invoice_items,
page=int(request.params.get('page', page)),
items_per_page = 10
)
return render('/derived/invoice/view.html')
else:
h.flash(_('You are not authorized to view this invoice'))
return redirect(url(controller='invoice',action='index'))
def update(self, id):
user = Session.query(User).filter_by(id=int(id)).one()
values = dict(request.params)
action = values["action"]
del values["action"]
if is_met(has_permission("edit_user")):
res = self._proccess_form(action, values, postto="update", id=user.id, renderer=render_form)
if res is not False:
return res
schema = UserFormEdit()
try:
result = schema.to_python(values, c)
except Invalid, e:
return render_form(
self.menu_items,
values,
action="update",
errors=variabledecode.variable_encode(e.unpack_errors() or {}, add_repetitions=False),
id=user.id,
)
self._save(result, user)
h.flash(_("User %s data updated") % result["user_name"])
return redirect(url(controller="user", action="admin"))
def confirmuser(self):
confirmcode = request.GET.get("confirmcode", "")
try:
conf = Session.query(UserConfirm).filter_by(confirm_code=confirmcode).one()
except:
h.flash(_("Wrong confirmation code"))
redirect(url(controller="home", action="index"))
if conf.confirm_code[:3] != u"cu-":
h.flash(_("Not a user confirmation"))
redirect(url(controller="product", action="list"))
user = conf.user
user.pending = False
Session.add(user)
Session.delete(conf)
Session.commit()
h.flash(_("Confirmation ok. you can now login with your user name and password"))
redirect(url(controller="home", action="index"))
