def _decorated(request, *args, **kwargs): inventory_pk = kwargs.pop('inventory_pk', None) inventory = None if inventory_pk: inventory = get_object_or_404(Inventory, pk=inventory_pk) if not inventory.is_admin(request.user): return nopermission(request) elif not request.user.is_superuser: # TODO: introduce new permission to add new inventories return nopermission(request) return function(request, *args, inventory=inventory, **kwargs)
def delete_role(request, event_url_name, role_pk): event = get_object_or_404(Event, url_name=event_url_name) # check permission if not event.is_admin(request.user): return nopermission(request) # check if badge system is active if not event.badges: return notactive(request) role = get_object_or_404(BadgeRole, pk=role_pk, badge_settings__event=event) form = BadgeRoleDeleteForm(request.POST or None, instance=role) if form.is_valid(): form.delete() return HttpResponseRedirect(reverse('badges:settings', args=[event.url_name, ])) context = {'event': event, 'form': form, 'role': role} return render(request, 'badges/delete_role.html', context)
def edit_user(request, user_pk): # check permission if not request.user.is_superuser: return nopermission(request) changed_user = get_object_or_404(get_user_model(), pk=user_pk) form = EditUserForm(request.POST or None, instance=changed_user, admin_user=request.user) if form.is_valid(): form.save() logger.info("user changed", extra={ 'user': request.user, 'changed_user': changed_user.username, }) return redirect('account:view_user', changed_user.pk) context = { 'form': form, 'changed_user': changed_user, } return render(request, 'account/edit_user.html', context)
def edit_specialbadges_template(request, event_url_name, specialbadges_pk): event = get_object_or_404(Event, url_name=event_url_name) # check permission if not has_access(request.user, event, ACCESS_BADGES_EDIT_SPECIAL): return nopermission(request) # check if badge system is active if not event.badges: return notactive(request) # get special badges specialbadges = get_object_or_404(SpecialBadges, pk=specialbadges_pk, event=event) # form form = BadgeForm(request.POST or None, request.FILES or None, instance=specialbadges.template_badge) if form.is_valid(): form.save() specialbadges.save() # sync changes to other badges return redirect('badges:list_specialbadges', event_url_name=event.url_name) context = {'event': event, 'form': form} return render(request, 'badges/edit_badge.html', context)
def edit_specialbadges(request, event_url_name, specialbadges_pk=None): event = get_object_or_404(Event, url_name=event_url_name) # check permission if not has_access(request.user, event, ACCESS_BADGES_EDIT_SPECIAL): return nopermission(request) # check if badge system is active if not event.badges: return notactive(request) # get special badges specialbadges = None if specialbadges_pk: specialbadges = get_object_or_404(SpecialBadges, pk=specialbadges_pk, event=event) # form form = SpecialBadgesForm(request.POST or None, instance=specialbadges, event=event) if form.is_valid(): instance = form.save() return redirect('badges:edit_specialbadges_template', event_url_name=event.url_name, specialbadges_pk=instance.pk) context = {'event': event, 'form': form} return render(request, 'badges/edit_specialbadges.html', context)
def delete_specialbadges(request, event_url_name, specialbadges_pk): event = get_object_or_404(Event, url_name=event_url_name) # check permission if not has_access(request.user, event, ACCESS_BADGES_EDIT_SPECIAL): return nopermission(request) # check if badge system is active if not event.badges: return notactive(request) # get special badges specialbadges = get_object_or_404(SpecialBadges, pk=specialbadges_pk, event=event) form = SpecialBadgesDeleteForm(request.POST or None, instance=specialbadges) if form.is_valid(): form.delete() return redirect('badges:list_specialbadges', event_url_name=event.url_name) context = {'event': event, 'form': form, 'specialbadges': specialbadges} return render(request, 'badges/delete_specialbadges.html', context)
def edit_design(request, event_url_name, design_pk=None): event = get_object_or_404(Event, url_name=event_url_name) # check permission if not event.is_admin(request.user): return nopermission(request) # check if badge system is active if not event.badges: return notactive(request) # get BadgePermission design = None if design_pk: design = get_object_or_404(BadgeDesign, pk=design_pk, badge_settings__event=event) # form form = BadgeDesignForm(request.POST or None, request.FILES or None, instance=design, settings=event.badge_settings) if form.is_valid(): form.save() return HttpResponseRedirect(reverse('badges:settings', args=[event.url_name, ])) context = {'event': event, 'form': form} return render(request, 'badges/edit_design.html', context)
def list(request, event_url_name): event = get_object_or_404(Event, url_name=event_url_name) # check permission if not has_access(request.user, event, ACCESS_GIFTS_EDIT): return nopermission(request) # check if active if not event.gifts: return notactive(request) # manage gift settings settings_form = GiftSettingsForm(request.POST or None, instance=event.giftsettings) if settings_form.is_valid(): settings_form.save() log_msg = "giftsettings changed" logger.info(log_msg, extra={ 'user': request.user, 'event': event, }) return redirect("gifts:list", event_url_name=event.url_name) # grab gifts and giftsets gifts = Gift.objects.filter(event=event) gift_sets = GiftSet.objects.filter(event=event) context = {'event': event, 'gifts': gifts, 'gift_sets': gift_sets, 'settings_form': settings_form} return render(request, 'gifts/list.html', context)
def edit_gift_set(request, event_url_name, gift_set_pk=None): event = get_object_or_404(Event, url_name=event_url_name) # check permission if not is_involved(request.user, event_url_name, admin_required=True): return nopermission(request) # check if active if not event.gifts: return notactive(request) gift_set = _validate_gift_set(event, gift_set_pk) # form form = GiftSetForm(request.POST or None, instance=gift_set, event=event) if form.is_valid(): form.save() return HttpResponseRedirect( reverse('gifts:list', args=[ event.url_name, ])) context = {'event': event, 'form': form} return render(request, 'gifts/edit_gift_set.html', context)
def failed(request, event_url_name, task_id): event = get_object_or_404(Event, url_name=event_url_name) # check permission if not event.is_admin(request.user): return nopermission(request) # check if badge system is active if not event.badges: return notactive(request) # get result result = AsyncResult(task_id) error = None latex_output = None if result.failed(): error = _("Internal Server Error. The admins were notified.") mail_admins("Badge generation error", str(result.result), fail_silently=True) elif result.state == "CREATOR_ERROR": error = result.info['error'] latex_output = result.info['latex_output'] # return error message context = {'event': event, 'error': error, 'latex_output': latex_output} return render(request, 'badges/failed.html', context)
def take_back_direct(request, event_url_name, item_pk): event = get_object_or_404(Event, url_name=event_url_name) # check permission if not has_access(request.user, event, ACCESS_INVENTORY_HANDLE): return nopermission(request) # check if badge system is active if not event.inventory: return notactive(request) item = Item.objects.get(pk=item_pk) try: helper = item.get_exclusive_user(event) item.remove_from_helper(helper) request.session['inventory_helper_pk'] = str(helper.pk) return redirect('inventory:take_back', event_url_name) except InvalidMultipleAssignment: error = 'multiple' except NotAssigned: error = 'noassignment' context = {'event': event, 'error': error} return render(request, 'inventory/take_back_error.html', context)
def set_present(request, event_url_name, shift_pk): event, job, shift, helper = get_or_404(event_url_name, shift_pk=shift_pk) # check permission if not has_access(request.user, event, ACCESS_GIFTS_HANDLE_PRESENCE): return nopermission(request) # check if active if not event.gifts: return notactive(request) form = PresentForm(request.POST or None, shift=shift, user=request.user) if form.is_valid(): form.save() messages.success(request, _("Presence was saved")) return HttpResponseRedirect(reverse('gifts:set_present', args=[event.url_name, shift.pk, ])) context = {'event': event, 'shift': shift, 'form': form} return render(request, 'gifts/set_present.html', context)
def templates(request): # must be superuser if not request.user.is_superuser: return nopermission(request) context = {} return render(request, 'toolsettings/templates.html', context)
def send_mail(request, event_url_name): event = get_object_or_404(Event, url_name=event_url_name) # check permission if not event.is_involved(request.user): return nopermission(request) # form form = MailForm(request.POST or None, event=event, user=request.user) if form.is_valid(): try: form.send_mail() messages.success(request, _("Mail was sent successfully")) except (SMTPException, ConnectionError, MailFormError) as e: messages.error( request, _("Sending mails failed: %(error)s") % {'error': str(e)}) return HttpResponseRedirect(reverse('mail:send', args=[event_url_name])) # render page context = {'event': event, 'form': form} return render(request, 'mail/send_mail.html', context)
def settings_advanced(request, event_url_name): event = get_object_or_404(Event, url_name=event_url_name) # check permission if not event.is_admin(request.user): return nopermission(request) # check if badge system is active if not event.badges: return notactive(request) # form for settings form = BadgeSettingsForm(request.POST or None, request.FILES or None, instance=event.badge_settings) # for for permissions permissions = event.badge_settings.badgepermission_set.all() if form.is_valid(): form.save() return HttpResponseRedirect( reverse('badges:settings_advanced', args=[ event.url_name, ])) # render context = {'event': event, 'form': form, 'permissions': permissions} return render(request, 'badges/settings_advanced.html', context)
def edit_badge(request, event_url_name, helper_pk): event, job, shift, helper = get_or_404(event_url_name, helper_pk=helper_pk) # check permission if not event.is_admin(request.user): return nopermission(request) # check if badge system is active if not event.badges: return notactive(request) form = BadgeForm(request.POST or None, request.FILES or None, instance=helper.badge) if form.is_valid(): form.save() return HttpResponseRedirect(reverse('view_helper', args=[event_url_name, helper.pk])) # render page context = {'event': event, 'helper': helper, 'form': form} return render(request, 'badges/edit_badge.html', context)
def edit_agreement(request, agreement_pk=None): # must be superuser if not request.user.is_superuser: return nopermission(request) # get job, if available agreement = None if agreement_pk: agreement = get_object_or_404(Agreement, pk=agreement_pk) # form form = AgreementForm(request.POST or None, instance=agreement) if form.is_valid(): form.save() if agreement: logmsg = "useragreement changed" else: logmsg = "useragreement created" agreement = form.instance logger.info(logmsg, extra={ 'user': request.user, 'agreement': agreement.name, 'agreement_pk': agreement.pk, }) return redirect("account:list_agreements") # render page context = {"form": form, "agreement": agreement} return render(request, 'account/edit_agreement.html', context)
def send(request): # check permission if not (request.user.is_superuser or has_sendnews_group(request.user)): return nopermission(request) base_url = request.build_absolute_uri(reverse('index')) unsubscribe_url = request.build_absolute_uri( reverse('news:unsubscribe', args=["1773a8dc-3cf4-497e-9a1c-25128cba768a"])) form = MailForm(request.POST or None, request=request) if form.is_valid(): form.send_mail() messages.success(request, _("Mails are being sent now.")) logger.info("newsletter sent", extra={ 'user': request.user, 'subject': form.cleaned_data['subject'], }) return HttpResponseRedirect(reverse('news:send')) num_recipients = Person.objects.count() context = { 'num_recipients': num_recipients, 'url': base_url, 'unsubscribe_url': unsubscribe_url, 'form': form } return render(request, 'news/send.html', context)
def delete_permission(request, event_url_name, permission_pk): event = get_object_or_404(Event, url_name=event_url_name) # check permission if not has_access(request.user, event, ACCESS_BADGES_EDIT): return nopermission(request) # check if badge system is active if not event.badges: return notactive(request) # get BadgePermission permission = get_object_or_404(BadgePermission, pk=permission_pk, badge_settings__event=event) # form form = BadgePermissionDeleteForm(request.POST or None, instance=permission) if form.is_valid(): form.delete() return HttpResponseRedirect(reverse('badges:settings_advanced', args=[event.url_name, ])) context = {'event': event, 'form': form, 'permission': permission} return render(request, 'badges/delete_permission.html', context)
def edit_role(request, event_url_name, role_pk=None): event = get_object_or_404(Event, url_name=event_url_name) # check permission if not has_access(request.user, event, ACCESS_BADGES_EDIT): return nopermission(request) # check if badge system is active if not event.badges: return notactive(request) # get BadgePermission role = None if role_pk: role = get_object_or_404(BadgeRole, pk=role_pk, badge_settings__event=event) # form form = BadgeRoleForm(request.POST or None, instance=role, settings=event.badge_settings) if form.is_valid(): form.save() return HttpResponseRedirect( reverse('badges:settings', args=[ event.url_name, ])) context = {'event': event, 'form': form} return render(request, 'badges/edit_role.html', context)
def delete_gift_set(request, event_url_name, gift_set_pk): event = get_object_or_404(Event, url_name=event_url_name) # check permission if not event.is_admin(request.user): return nopermission(request) # check if active if not event.gifts: return notactive(request) gift_set = _validate_gift_set(event, gift_set_pk) # form form = GiftSetDeleteForm(request.POST or None, instance=gift_set) if form.is_valid(): form.delete() messages.success( request, _("Gift set deleted: %(name)s") % {'name': gift_set.name}) # redirect to shift return HttpResponseRedirect( reverse('gifts:list', args=[ event.url_name, ])) # render page context = {'gift_set': gift_set, 'form': form} return render(request, 'gifts/delete_gift_set.html', context)
def view_helpers_prerequisite(request, event_url_name, prerequisite_pk): event = get_object_or_404(Event, url_name=event_url_name) # check if feature is active if not event.prerequisites: return notactive(request) # check permission if not has_access(request.user, event, ACCESS_PREREQUISITES_VIEW): return nopermission(request) prerequisite = get_object_or_404(Prerequisite, pk=prerequisite_pk) if prerequisite.event != event: raise Http404 # find all helpers that need this prerequisite helpers = Helper.objects.filter( shifts__job__prerequisites=prerequisite).distinct() # render page context = { 'event': event, 'prerequisite': prerequisite, 'helpers': helpers } return render(request, 'prerequisites/view_helpers_prerequisite.html', context)
def register(request, event_url_name): event = get_object_or_404(Event, url_name=event_url_name) # check permission if not has_access(request.user, event, ACCESS_BADGES_GENERATE): return nopermission(request) # check if badge system is active if not event.badges: return notactive(request) if event.badge_settings.barcodes: form = BadgeBarcodeForm(request.POST or None, event=event) if form.is_valid(): if form.badge.printed: # duplicate -> error messages.error( request, _("Badge already printed: %(name)s") % {'name': form.badge.name()}) else: # mark as printed form.badge.printed = True form.badge.save() messages.success( request, _("Badge registered: %(name)s") % {'name': form.badge.name()}) else: form = None context = {'event': event, 'form': form} return render(request, 'badges/register.html', context)
def list_shirts(request, event_url_name): event = get_object_or_404(Event, url_name=event_url_name) # check permission if not event.is_admin(request.user): return nopermission(request) # check if active if not event.gifts: return notactive(request) if event.ask_shirt: helpers = event.helper_set.filter(gifts__buy_shirt=True) num_shirts = OrderedDict() shirts = helpers.values('shirt').annotate(num=Count('shirt')) for size, name in event.get_shirt_choices(): num = 0 try: num = shirts.get(shirt=size)['num'] except Helper.DoesNotExist: pass num_shirts.update({name: num}) else: helpers = None num_shirts = None context = {'event': event, 'helpers': helpers, 'num_shirts': num_shirts, 'shirts_not_active': not event.ask_shirt} return render(request, 'gifts/list_shirts.html', context)
def remove(request): # check if feature is available if not settings.FEATURES_NEWSLETTER: raise Http404 # must be superuser if not request.user.is_superuser: return nopermission(request) form = RemoveForm(request.POST or None) if form.is_valid(): email = form.delete() messages.success(request, _("Recipient removed.")) logger.info("newsletter removed", extra={ 'user': request.user, 'email': email, }) return redirect('news:remove') context = {'form': form} return render(request, 'news/remove.html', context)
def overview(request, event_url_name): event = get_object_or_404(Event, url_name=event_url_name) # permission if not event.is_admin(request.user): return nopermission(request) num_helpers = event.helper_set.count() num_coordinators = 0 timeline = {} for helper in event.helper_set.all(): if helper.is_coordinator: num_coordinators += 1 else: day = helper.timestamp.strftime('%Y-%m-%d') if day in timeline: timeline[day] += 1 else: timeline[day] = 1 num_vegetarians = event.helper_set.filter(vegetarian=True).count() num_shift_slots = Shift.objects.filter(job__event=event).aggregate( Sum('number'))['number__sum'] empty_slots_expr = ExpressionWrapper(F('number') - F('num_helpers'), output_field=fields.IntegerField()) num_empty_shift_slots = Shift.objects.filter(job__event=event) \ .annotate(num_helpers=Count('helper')) \ .annotate(empty_slots=empty_slots_expr) \ .aggregate(Sum('empty_slots'))['empty_slots__sum'] total_duration = ExpressionWrapper((F('end') - F('begin')) * F('number'), output_field=fields.DurationField()) hours_total = Shift.objects.filter(job__event=event) \ .annotate(duration=total_duration) \ .aggregate(Sum('duration'))['duration__sum'] # sum up timeline timeline = OrderedDict(sorted(timeline.items())) timeline_sum = OrderedDict() tmp = 0 for day in timeline: tmp += timeline[day] timeline_sum[day] = tmp # render context = {'event': event, 'num_helpers': num_helpers, 'num_coordinators': num_coordinators, 'num_vegetarians': num_vegetarians, 'num_shift_slots': num_shift_slots, 'num_empty_shift_slots': num_empty_shift_slots, 'hours_total': hours_total, 'timeline': timeline_sum} return render(request, 'statistic/overview.html', context)
def overview(request, event_url_name): event = get_object_or_404(Event, url_name=event_url_name) # permission if not has_access(request.user, event, ACCESS_STATISTICS_VIEW): return nopermission(request) num_helpers = event.helper_set.count() num_coordinators = event.all_coordinators.count() num_vegetarians = event.helper_set.filter(vegetarian=True).count() num_shift_slots = Shift.objects.filter(job__event=event).aggregate( Sum('number'))['number__sum'] empty_slots_expr = ExpressionWrapper(F('number') - F('num_helpers'), output_field=fields.IntegerField()) num_empty_shift_slots = Shift.objects.filter(job__event=event) \ .annotate(num_helpers=Count('helper')) \ .annotate(empty_slots=empty_slots_expr) \ .aggregate(Sum('empty_slots'))['empty_slots__sum'] total_duration = ExpressionWrapper((F('end') - F('begin')) * F('number'), output_field=fields.DurationField()) try: hours_total = Shift.objects.filter(job__event=event) \ .annotate(duration=total_duration) \ .aggregate(Sum('duration'))['duration__sum'] except (OperationalError, OverflowError): hours_total = None except Exception as e: # handle psycopg2.DataError without importing psycopg2 # happens on overflow with postgresql if 'DataError' in str(e.__class__): hours_total = None else: raise e if event.badges: num_specialbadges = SpecialBadges.objects.filter( event=event).aggregate(Sum('number'))['number__sum'] or 0 else: num_specialbadges = 0 # render context = { 'event': event, 'num_helpers': num_helpers, 'num_coordinators': num_coordinators, 'num_vegetarians': num_vegetarians, 'num_shift_slots': num_shift_slots, 'num_empty_shift_slots': num_empty_shift_slots, 'num_specialbadges': num_specialbadges, 'hours_total': hours_total } return render(request, 'statistic/overview.html', context)
def list_agreements(request): # must be superuser if not request.user.is_superuser: return nopermission(request) agreements = Agreement.objects.all() context = {'agreements': agreements} return render(request, 'account/list_agreements.html', context)
def show_mail(request, event_url_name, mail_pk): event = get_object_or_404(Event, url_name=event_url_name) mail = get_object_or_404(SentMail, pk=mail_pk) # check permission if not mail.can_see_mail(request.user): return nopermission(request) # render page context = {'event': event, 'mail': mail} return render(request, 'mail/show_mail.html', context)
def template_privacy(request): # must be superuser if not request.user.is_superuser: return nopermission(request) # forms obj_privacy, c = HTMLSetting.objects.get_or_create(key='privacy') form_privacy = HTMLSettingForm(request.POST or None, instance=obj_privacy, prefix='privacy') obj_privacy_text, c = TextSetting.objects.get_or_create(key='privacy') form_privacy_text = TextSettingForm(request.POST or None, instance=obj_privacy_text, prefix='privacy_text') obj_news, c = HTMLSetting.objects.get_or_create(key='privacy_newsletter') form_news = HTMLSettingForm(request.POST or None, instance=obj_news, prefix='news') obj_news_subscribe, c = HTMLSetting.objects.get_or_create( key='privacy_newsletter_subscribe') form_news_subscribe = HTMLSettingForm(request.POST or None, instance=obj_news_subscribe, prefix='news_subscribe') if form_privacy.is_valid() and form_privacy_text.is_valid() \ and form_news.is_valid() and form_news_subscribe.is_valid(): form_privacy.save() form_privacy_text.save() form_news.save() form_news_subscribe.save() logger.info("settings changed", extra={ 'changed': 'templates_privacy', 'user': request.user, }) return HttpResponseRedirect(reverse('toolsettings:templates')) # render page context = { 'form_privacy': form_privacy, 'form_privacy_text': form_privacy_text, 'form_news': form_news, 'form_news_subscribe': form_news_subscribe } return render(request, 'toolsettings/template_privacy.html', context)