Exemplos de check_csrf em Python

Exemplo n.º 1

Arquivo: registration.py Projeto: magfest/ubersystem

    def multi_merch_pickup(self, session, message="", csrf_token=None, picker_upper=None, badges=(), **shirt_sizes):
        picked_up = []
        if csrf_token:
            check_csrf(csrf_token)
            try:
                picker_upper = session.query(Attendee).filter_by(badge_num=int(picker_upper)).one()
            except Exception:
                message = 'Please enter a valid badge number for the person picking up the merch: ' \
                    '{} is not in the system'.format(picker_upper)
            else:
                for badge_num in set(badges):
                    if badge_num:
                        try:
                            attendee = session.query(Attendee).filter_by(badge_num=int(badge_num)).one()
                        except Exception:
                            picked_up.append('{!r} is not a valid badge number'.format(badge_num))
                        else:
                            if attendee.got_merch:
                                picked_up.append(
                                    '{a.full_name} (badge {a.badge_num}) already got their merch'.format(a=attendee))
                            else:
                                attendee.got_merch = True
                                shirt_key = 'shirt_{}'.format(attendee.badge_num)
                                if shirt_key in shirt_sizes:
                                    attendee.shirt = int(listify(shirt_sizes.get(shirt_key, c.SIZE_UNKNOWN))[0])
                                picked_up.append('{a.full_name} (badge {a.badge_num}): {a.merch}'.format(a=attendee))
                                session.add(MerchPickup(picked_up_by=picker_upper, picked_up_for=attendee))
                session.commit()

        return {
            'message': message,
            'picked_up': picked_up,
            'picker_upper': picker_upper
        }

Exemplo n.º 2

    def multi_merch_pickup(self, session, message="", csrf_token=None, picker_upper=None, badges=(), **shirt_sizes):
        picked_up = []
        if csrf_token:
            check_csrf(csrf_token)
            try:
                picker_upper = session.query(Attendee).filter_by(badge_num=int(picker_upper)).one()
            except Exception:
                message = 'Please enter a valid badge number for the person picking up the merch: ' \
                    '{} is not in the system'.format(picker_upper)
            else:
                for badge_num in set(badges):
                    if badge_num:
                        try:
                            attendee = session.query(Attendee).filter_by(badge_num=int(badge_num)).one()
                        except Exception:
                            picked_up.append('{!r} is not a valid badge number'.format(badge_num))
                        else:
                            if attendee.got_merch:
                                picked_up.append(
                                    '{a.full_name} (badge {a.badge_num}) already got their merch'.format(a=attendee))
                            else:
                                attendee.got_merch = True
                                shirt_key = 'shirt_{}'.format(attendee.badge_num)
                                if shirt_key in shirt_sizes:
                                    attendee.shirt = int(listify(shirt_sizes.get(shirt_key, c.SIZE_UNKNOWN))[0])
                                picked_up.append('{a.full_name} (badge {a.badge_num}): {a.merch}'.format(a=attendee))
                                session.add(MerchPickup(picked_up_by=picker_upper, picked_up_for=attendee))
                session.commit()

        return {
            'message': message,
            'picked_up': picked_up,
            'picker_upper': picker_upper
        }

Exemplo n.º 3

Arquivo: dept_checklist.py Projeto: Travis-Snoozy/ubersystem

    def allotments(self,
                   session,
                   department_id=None,
                   submitted=None,
                   csrf_token=None,
                   **params):
        if not department_id:
            raise HTTPRedirect('../dept_checklist/index')
        attendee = session.admin_attendee()
        department = session.query(Department).options(
            subqueryload(Department.dept_checklist_items)).get(department_id)

        if submitted:
            slug = 'allotments'
            item = department.checklist_item_for_slug(slug)
            if not item:
                item = DeptChecklistItem(attendee=attendee,
                                         department=department,
                                         slug=slug)

            # since this form doesn't use our normal utility methods, we need to do this manually
            check_csrf(csrf_token)
            item.comments = render('dept_checklist/allotments.txt',
                                   params).decode('utf-8')
            session.add(item)
            raise HTTPRedirect(
                '../dept_checklist/index?department_id={}&message={}',
                department_id, 'Treasury checklist data uploaded')

        return {'department': department}

Exemplo n.º 4

Arquivo: accounts.py Projeto: magfest/ubersystem

    def update_password_of_other(
            self,
            session,
            id,
            message='',
            updater_password=None,
            new_password=None,
            csrf_token=None,
            confirm_new_password=None):

        if updater_password is not None:
            new_password = new_password.strip()
            updater_account = session.admin_account(cherrypy.session['account_id'])
            if not new_password:
                message = 'New password is required'
            elif not valid_password(updater_password, updater_account):
                message = 'Your password is incorrect'
            elif new_password != confirm_new_password:
                message = 'Passwords do not match'
            else:
                check_csrf(csrf_token)
                account = session.admin_account(id)
                account.hashed = bcrypt.hashpw(new_password, bcrypt.gensalt())
                raise HTTPRedirect('index?message={}', 'Account Password Updated')

        return {
            'account': session.admin_account(id),
            'message': message
        }

Exemplo n.º 5

 def returns_json(*args, **kwargs):
     cherrypy.response.headers['Content-Type'] = 'application/json'
     assert cherrypy.request.method == 'POST', 'POST required, got {}'.format(
         cherrypy.request.method)
     check_csrf(kwargs.pop('csrf_token', None))
     return json.dumps(func(*args, **kwargs),
                       cls=serializer).encode('utf-8')

Exemplo n.º 6

    def delete_team(self,
                    session,
                    id,
                    duplicate_of=None,
                    csrf_token=None,
                    message=''):
        team = session.mits_team(id)
        if cherrypy.request.method == 'POST':
            check_csrf(csrf_token)
            team.deleted = True
            team.duplicate_of = duplicate_of or None
            raise HTTPRedirect('index?message={}{}{}', team.name,
                               ' marked as deleted',
                               ' and as a duplicate' if duplicate_of else '')

        other = [t for t in session.mits_teams() if t.id != id]
        return {
            'team':
            team,
            'message':
            message,
            'match_count':
            len([t for t in other if t.name == team.name]),
            'other_teams':
            sorted(other, key=lambda t: (t.name != team.name, t.name))
        }

Exemplo n.º 7

def _submit_checklist_item(session,
                           department_id,
                           submitted,
                           csrf_token,
                           slug,
                           custom_message=''):
    if not department_id:
        raise HTTPRedirect('../dept_checklist/index')
    attendee = session.admin_attendee()
    department = session.query(Department).options(
        subqueryload(Department.dept_checklist_items)).get(department_id)
    if submitted:
        item = department.checklist_item_for_slug(slug)
        if not item:
            item = DeptChecklistItem(attendee=attendee,
                                     department=department,
                                     slug=slug)

        # since this form doesn't use our normal utility methods, we need to do this manually
        check_csrf(csrf_token)
        session.add(item)
        raise HTTPRedirect(
            '../dept_checklist/index?department_id={}&message={}',
            department_id, custom_message
            or 'Thanks for completing the {} form!'.format(
                slug.replace('_', ' ')))

    return {'department': department}

Exemplo n.º 8

Arquivo: dept_checklist.py Projeto: Travis-Snoozy/ubersystem

    def tech_requirements(self,
                          session,
                          department_id=None,
                          submitted=None,
                          csrf_token=None):
        if not department_id:
            raise HTTPRedirect('../dept_checklist/index')
        attendee = session.admin_attendee()
        department = session.query(Department).options(
            subqueryload(Department.dept_checklist_items)).get(department_id)
        if submitted:
            slug = 'tech_requirements'
            item = department.checklist_item_for_slug(slug)
            if not item:
                item = DeptChecklistItem(attendee=attendee,
                                         department=department,
                                         slug=slug)

            # since this form doesn't use our normal utility methods, we need to do this manually
            check_csrf(csrf_token)
            session.add(item)
            raise HTTPRedirect(
                '../dept_checklist/index?department_id={}&message={}',
                department_id,
                'Thanks for completing the tech requirements form!')

        return {'department': department}

Exemplo n.º 9

    def form(self,
             session,
             slug,
             department_id,
             csrf_token=None,
             comments=None):
        attendee = session.admin_attendee()
        department = session.query(Department).options(
            subqueryload(Department.dept_checklist_items)).get(department_id)

        conf = DeptChecklistConf.instances[slug]
        item = department.checklist_item_for_slug(slug)
        if not item:
            item = DeptChecklistItem(attendee=attendee,
                                     department=department,
                                     slug=slug)

        if comments is not None:
            # since this form doesn't use our normal utility methods, we need to check the csrf_token manually
            check_csrf(csrf_token)
            item.comments = comments
            message = check(item)
            if not message:
                session.add(item)
                message = conf.name + ' checklist data uploaded'
            raise HTTPRedirect('index?department_id={}&message={}',
                               department_id, message)

        return {'item': item, 'conf': conf, 'department': department}

Exemplo n.º 10

Arquivo: accounts.py Projeto: parapluiecreative/ubersystem

    def change_password(self,
                        session,
                        message='',
                        old_password=None,
                        new_password=None,
                        csrf_token=None,
                        confirm_new_password=None):

        if not cherrypy.session.get('account_id'):
            raise HTTPRedirect('login?message={}', 'You are not logged in')

        if old_password is not None:
            new_password = new_password.strip()
            account = session.admin_account(cherrypy.session.get('account_id'))
            if not new_password:
                message = 'New password is required'
            elif not valid_password(old_password, account):
                message = 'Incorrect old password; please try again'
            elif new_password != confirm_new_password:
                message = 'Passwords do not match'
            else:
                check_csrf(csrf_token)
                account.hashed = bcrypt.hashpw(new_password, bcrypt.gensalt())
                raise HTTPRedirect('homepage?message={}',
                                   'Your password has been updated')

        return {'message': message}

Exemplo n.º 11

Arquivo: accounts.py Projeto: magfest/ubersystem

    def change_password(
            self,
            session,
            message='',
            old_password=None,
            new_password=None,
            csrf_token=None,
            confirm_new_password=None):

        if not cherrypy.session.get('account_id'):
            raise HTTPRedirect('login?message={}', 'You are not logged in')

        if old_password is not None:
            new_password = new_password.strip()
            account = session.admin_account(cherrypy.session['account_id'])
            if not new_password:
                message = 'New password is required'
            elif not valid_password(old_password, account):
                message = 'Incorrect old password; please try again'
            elif new_password != confirm_new_password:
                message = 'Passwords do not match'
            else:
                check_csrf(csrf_token)
                account.hashed = bcrypt.hashpw(new_password, bcrypt.gensalt())
                raise HTTPRedirect('homepage?message={}', 'Your password has been updated')

        return {'message': message}

Exemplo n.º 12

Arquivo: dept_checklist.py Projeto: magfest/ubersystem

    def form(self, session, slug, department_id, csrf_token=None, comments=None):
        attendee = session.admin_attendee()
        department = session.query(Department).options(
            subqueryload(Department.dept_checklist_items)).get(department_id)

        conf = DeptChecklistConf.instances[slug]
        item = department.checklist_item_for_slug(slug)
        if not item:
            item = DeptChecklistItem(
                attendee=attendee, department=department, slug=slug)

        if comments is not None:
            # since this form doesn't use our normal utility methods, we need to check the csrf_token manually
            check_csrf(csrf_token)
            item.comments = comments
            message = check(item)
            if not message:
                session.add(item)
                message = conf.name + ' checklist data uploaded'
            raise HTTPRedirect(
                'index?department_id={}&message={}', department_id, message)

        return {
            'item': item,
            'conf': conf,
            'department': department
        }

Exemplo n.º 13

Arquivo: accounts.py Projeto: parapluiecreative/ubersystem

    def update_password_of_other(self,
                                 session,
                                 id,
                                 message='',
                                 updater_password=None,
                                 new_password=None,
                                 csrf_token=None,
                                 confirm_new_password=None):

        if updater_password is not None:
            new_password = new_password.strip()
            updater_account = session.admin_account(
                cherrypy.session.get('account_id'))
            if not new_password:
                message = 'New password is required'
            elif not valid_password(updater_password, updater_account):
                message = 'Your password is incorrect'
            elif new_password != confirm_new_password:
                message = 'Passwords do not match'
            else:
                check_csrf(csrf_token)
                account = session.admin_account(id)
                account.hashed = bcrypt.hashpw(new_password, bcrypt.gensalt())
                raise HTTPRedirect('index?message={}',
                                   'Account Password Updated')

        return {'account': session.admin_account(id), 'message': message}

Exemplo n.º 14

    def set_status(self,
                   session,
                   id,
                   status=None,
                   confirmed=False,
                   csrf_token=None,
                   return_to='index',
                   message=''):
        team = session.mits_team(id)
        matching = [
            t for t in session.mits_teams()
            if t.name == team.name and t.id != team.id
        ]
        if confirmed or (status and not matching and team.status == c.PENDING
                         and team.completion_percentage == 100):
            check_csrf(csrf_token)
            team.status = int(status)
            separator = '&' if '?' in return_to else '?'
            raise HTTPRedirect(return_to + separator + 'message={}{}{}',
                               team.name, ' marked as ', team.status_label)

        return {
            'team': team,
            'message': message,
            'matching': matching,
            'return_to': return_to
        }

Exemplo n.º 15

    def volunteer_agreement(self,
                            session,
                            message='',
                            agreed_to_terms=None,
                            agreed_to_terms_1=None,
                            agreed_to_terms_2=None,
                            csrf_token=None):
        attendee = session.logged_in_volunteer()
        if csrf_token is not None:
            check_csrf(csrf_token)
            if agreed_to_terms or (agreed_to_terms_1 and agreed_to_terms_2):
                attendee.agreed_to_volunteer_agreement = True
                raise HTTPRedirect('index?message={}', 'Agreement received')
            elif agreed_to_terms_1 or agreed_to_terms_2:
                message = "You must agree to both the terms of the agreement and the volunteering policies and guidelines"
            else:
                message = "You must agree to the terms of the agreement"

        return {
            'message': message,
            'attendee': attendee,
            'agreed_to_terms_1': agreed_to_terms_1,
            'agreed_to_terms_2': agreed_to_terms_2,
            'agreement_end_date': c.ESCHATON.date() + timedelta(days=31),
        }

Exemplo n.º 16

    def shirt_size(self,
                   session,
                   message='',
                   shirt=None,
                   staff_shirt=None,
                   num_event_shirts=None,
                   csrf_token=None):
        attendee = session.logged_in_volunteer()
        if shirt is not None or staff_shirt is not None:
            check_csrf(csrf_token)
            if (shirt
                    and not int(shirt)) or (attendee.gets_staff_shirt and
                                            c.STAFF_SHIRT_OPTS != c.SHIRT_OPTS
                                            and not int(staff_shirt)):
                message = 'You must select a shirt size'
            else:
                if shirt:
                    attendee.shirt = int(shirt)
                if staff_shirt:
                    attendee.staff_shirt = int(staff_shirt)
                if c.STAFF_EVENT_SHIRT_OPTS and c.BEFORE_VOLUNTEER_SHIRT_DEADLINE and num_event_shirts:
                    attendee.num_event_shirts = int(num_event_shirts)
                raise HTTPRedirect('index?message={}', 'Shirt info uploaded')

        return {
            'message': message,
            'attendee': attendee,
            'opts': [('', 'Enter your shirt size')] + c.SHIRT_OPTS[1:]
        }

Exemplo n.º 17

Arquivo: api.py Projeto: MidwestFurryFandom/rams

def auth_by_session(required_access):
    try:
        check_csrf()
    except CSRFException:
        return (403, 'Your CSRF token is invalid. Please go back and try again.')
    admin_account_id = cherrypy.session.get('account_id', None)
    if not admin_account_id:
        return (403, 'Missing admin account in session')
    with Session() as session:
        admin_account = session.query(AdminAccount).filter_by(id=admin_account_id).first()
        if not admin_account:
            return (403, 'Invalid admin account in session')
        if not required_access.issubset(set(admin_account.access_ints)):
            return (403, 'Insufficient access for admin account')
    return None

Exemplo n.º 18

    def volunteer_agreement(self, session, message='', agreed_to_terms=None, csrf_token=None):
        attendee = session.logged_in_volunteer()
        if csrf_token is not None:
            check_csrf(csrf_token)
            if agreed_to_terms:
                attendee.agreed_to_volunteer_agreement = True
                raise HTTPRedirect('index?message={}', 'Agreement received')

            message = "You must agree to the terms of the agreement"

        return {
            'message': message,
            'attendee': attendee,
            'agreement_end_date': c.ESCHATON.date() + timedelta(days=31),
        }

Exemplo n.º 19

Arquivo: api.py Projeto: magfest/ubersystem

def auth_by_session(required_access):
    try:
        check_csrf()
    except CSRFException:
        return (403, 'Your CSRF token is invalid. Please go back and try again.')
    admin_account_id = cherrypy.session.get('account_id', None)
    if not admin_account_id:
        return (403, 'Missing admin account in session')
    with Session() as session:
        admin_account = session.query(AdminAccount).filter_by(id=admin_account_id).first()
        if not admin_account:
            return (403, 'Invalid admin account in session')
        if not required_access.issubset(set(admin_account.access_ints)):
            return (403, 'Insufficient access for admin account')
    return None

Exemplo n.º 20

    def volunteer(self, session, id, csrf_token=None, requested_depts_ids=None, message=''):
        attendee = session.attendee(id)
        if requested_depts_ids:
            check_csrf(csrf_token)
            attendee.staffing = True
            attendee.requested_depts_ids = requested_depts_ids
            raise HTTPRedirect(
                'login?message={}',
                "Thanks for signing up as a volunteer; you'll be emailed as "
                "soon as you are assigned to one or more departments.")

        return {
            'message': message,
            'attendee': attendee,
            'requested_depts_ids': requested_depts_ids
        }

Exemplo n.º 21

    def credits(self,
                session,
                message='',
                name_in_credits='',
                csrf_token=None):
        attendee = session.logged_in_volunteer()
        if csrf_token is not None:
            check_csrf(csrf_token)
            attendee.name_in_credits = name_in_credits
            message = "Thank you for providing a name for the credits roll!" if name_in_credits \
                else "You have opted out of having your name in the credits roll."
            raise HTTPRedirect('index?message={}', message)

        return {
            'message': message,
            'attendee': attendee,
        }

Exemplo n.º 22

    def shirt_size(self, session, message='', shirt=None, second_shirt=None, csrf_token=None):
        attendee = session.logged_in_volunteer()
        if shirt is not None:
            check_csrf(csrf_token)
            if not shirt:
                message = 'You must select a shirt size'
            else:
                attendee.shirt = int(shirt)
                if attendee.gets_staff_shirt and c.SHIRTS_PER_STAFFER > 1 and c.BEFORE_SHIRT_DEADLINE:
                    attendee.second_shirt = int(second_shirt)
                raise HTTPRedirect('index?message={}', 'Shirt info uploaded')

        return {
            'message': message,
            'attendee': attendee,
            'opts': [('', 'Enter your shirt size')] + c.SHIRT_OPTS[1:]
        }

Exemplo n.º 23

Arquivo: dept_checklist.py Projeto: magfest/ubersystem

def _submit_checklist_item(session, department_id, submitted, csrf_token, slug):
    if not department_id:
        raise HTTPRedirect('../dept_checklist/index')
    attendee = session.admin_attendee()
    department = session.query(Department).options(
        subqueryload(Department.dept_checklist_items)).get(department_id)
    if submitted:
        item = department.checklist_item_for_slug(slug)
        if not item:
            item = DeptChecklistItem(attendee=attendee, department=department, slug=slug)

        # since this form doesn't use our normal utility methods, we need to do this manually
        check_csrf(csrf_token)
        session.add(item)
        raise HTTPRedirect(
            '../dept_checklist/index?department_id={}&message={}',
            department_id,
            'Thanks for completing the {} form!'.format(slug.replace('_', ' ')))

    return {'department': department}

Exemplo n.º 24

    def emergency_procedures(self,
                             session,
                             message='',
                             reviewed_procedures=None,
                             csrf_token=None):
        attendee = session.logged_in_volunteer()
        if csrf_token is not None:
            check_csrf(csrf_token)
            if reviewed_procedures:
                attendee.reviewed_emergency_procedures = True
                raise HTTPRedirect(
                    'index?message={}',
                    'Thanks for reviewing our emergency procedures!')

            message = "You must acknowledge that you reviewed our emerency procedures"

        return {
            'message': message,
            'attendee': attendee,
            'agreement_end_date': c.ESCHATON.date() + timedelta(days=31),
        }

Exemplo n.º 25

Arquivo: dept_checklist.py Projeto: magfest/ubersystem

    def tech_requirements(self, session, department_id=None, submitted=None, csrf_token=None):
        if not department_id:
            raise HTTPRedirect('../dept_checklist/index')
        attendee = session.admin_attendee()
        department = session.query(Department).options(
            subqueryload(Department.dept_checklist_items)).get(department_id)
        if submitted:
            slug = 'tech_requirements'
            item = department.checklist_item_for_slug(slug)
            if not item:
                item = DeptChecklistItem(attendee=attendee, department=department, slug=slug)

            # since this form doesn't use our normal utility methods, we need to do this manually
            check_csrf(csrf_token)
            session.add(item)
            raise HTTPRedirect(
                '../dept_checklist/index?department_id={}&message={}',
                department_id,
                'Thanks for completing the tech requirements form!')

        return {'department': department}

Exemplo n.º 26

Arquivo: dept_checklist.py Projeto: magfest/ubersystem

    def allotments(self, session, department_id=None, submitted=None, csrf_token=None, **params):
        if not department_id:
            raise HTTPRedirect('../dept_checklist/index')
        attendee = session.admin_attendee()
        department = session.query(Department).options(
            subqueryload(Department.dept_checklist_items)).get(department_id)

        if submitted:
            slug = 'allotments'
            item = department.checklist_item_for_slug(slug)
            if not item:
                item = DeptChecklistItem(attendee=attendee, department=department, slug=slug)

            # since this form doesn't use our normal utility methods, we need to do this manually
            check_csrf(csrf_token)
            item.comments = render('dept_checklist/allotments.txt', params).decode('utf-8')
            session.add(item)
            raise HTTPRedirect(
                '../dept_checklist/index?department_id={}&message={}',
                department_id,
                'Treasury checklist data uploaded')

        return {'department': department}

Exemplo n.º 27

 def protected(*args, csrf_token, **kwargs):
     check_csrf(csrf_token)
     return func(*args, **kwargs)

Exemplo n.º 28

Arquivo: mivs_applications.py Projeto: magfest/ubersystem

    def confirm(self, session, csrf_token=None, decision=None):
        studio = session.logged_in_studio()
        if not studio.comped_badges:
            raise HTTPRedirect('index?message={}', 'You did not have any games accepted')
        elif studio.group:
            raise HTTPRedirect('index?message={}', 'Your group has already been created')
        elif studio.after_confirm_deadline and not c.HAS_INDIE_ADMIN_ACCESS:
            raise HTTPRedirect('index?message={}', 'The deadline for confirming your acceptance has passed.')

        has_leader = False
        badges_remaining = studio.comped_badges
        developers = sorted(studio.developers, key=lambda d: (not d.primary_contact, d.full_name))
        for dev in developers:
            if not dev.matching_attendee and badges_remaining:
                dev.comped = True
                badges_remaining -= 1
            else:
                dev.comped = False

            if not has_leader and not getattr(dev.matching_attendee, 'group_id', None):
                dev.leader = has_leader = True
            else:
                dev.leader = False

        if cherrypy.request.method == 'POST':
            check_csrf(csrf_token)
            assert decision in ['Accept', 'Decline']
            if decision == 'Decline':
                for game in studio.games:
                    if game.status == c.ACCEPTED:
                        game.status = c.STUDIO_DECLINED
                raise HTTPRedirect('index?message={}', 'You have been marked as declining space in the showcase')
            else:
                group = studio.group = Group(name='MIVS Studio: ' + studio.name, can_add=True)
                session.add(group)
                session.commit()
                for dev in developers:
                    if dev.matching_attendee:
                        if not dev.matching_attendee.group_id:
                            group.attendees.append(dev.matching_attendee)
                            if dev.leader:
                                group.leader_id = dev.matching_attendee.id
                    else:
                        attendee = Attendee(
                            placeholder=True,
                            badge_type=c.ATTENDEE_BADGE,
                            paid=c.NEED_NOT_PAY if dev.comped else c.PAID_BY_GROUP,
                            first_name=dev.first_name,
                            last_name=dev.last_name,
                            cellphone=dev.cellphone,
                            email=dev.email
                        )
                        group.attendees.append(attendee)
                        session.commit()
                        if dev.leader:
                            group.leader_id = attendee.id
                for i in range(badges_remaining):
                    group.attendees.append(Attendee(badge_type=c.ATTENDEE_BADGE, paid=c.NEED_NOT_PAY))
                group.cost = group.default_cost
                group.guest = GuestGroup()
                group.guest.group_type = c.MIVS
                raise HTTPRedirect('index?message={}', 'Your studio has been registered')

        return {
            'studio': studio,
            'developers': developers
        }

Exemplo n.º 29

Arquivo: mivs.py Projeto: parapluiecreative/ubersystem

    def confirm(self, session, csrf_token=None, decision=None):
        studio = session.logged_in_studio()
        if not studio.comped_badges:
            raise HTTPRedirect('index?message={}', 'You did not have any games accepted')
        elif studio.group:
            raise HTTPRedirect('index?message={}', 'Your group has already been created')
        elif studio.after_confirm_deadline and not c.HAS_MIVS_ADMIN_ACCESS:
            raise HTTPRedirect('index?message={}', 'The deadline for confirming your acceptance has passed.')

        has_leader = False
        badges_remaining = studio.comped_badges
        developers = sorted(studio.developers, key=lambda d: (not d.primary_contact, d.full_name))
        for dev in developers:
            if not dev.matching_attendee and badges_remaining:
                dev.comped = True
                badges_remaining -= 1
            else:
                dev.comped = False

            if not has_leader and not getattr(dev.matching_attendee, 'group_id', None):
                dev.leader = has_leader = True
            else:
                dev.leader = False

        if cherrypy.request.method == 'POST':
            check_csrf(csrf_token)
            assert decision in ['Accept', 'Decline']
            if decision == 'Decline':
                for game in studio.games:
                    if game.status == c.ACCEPTED:
                        game.status = c.CANCELLED
                raise HTTPRedirect('index?message={}', 'You have been marked as declining space in the showcase')
            else:
                group = studio.group = Group(name='MIVS Studio: ' + studio.name, can_add=True)
                session.add(group)
                session.commit()
                for dev in developers:
                    if dev.matching_attendee:
                        if not dev.matching_attendee.group_id:
                            group.attendees.append(dev.matching_attendee)
                            if dev.leader:
                                group.leader_id = dev.matching_attendee.id
                    else:
                        attendee = Attendee(
                            placeholder=True,
                            badge_type=c.ATTENDEE_BADGE,
                            paid=c.NEED_NOT_PAY if dev.comped else c.PAID_BY_GROUP,
                            first_name=dev.first_name,
                            last_name=dev.last_name,
                            cellphone=dev.cellphone,
                            email=dev.email
                        )
                        group.attendees.append(attendee)
                        session.commit()
                        if dev.leader:
                            group.leader_id = attendee.id
                for i in range(badges_remaining):
                    group.attendees.append(Attendee(badge_type=c.ATTENDEE_BADGE, paid=c.NEED_NOT_PAY))
                group.cost = group.default_cost
                group.guest = GuestGroup()
                group.guest.group_type = c.MIVS
                raise HTTPRedirect('index?message={}', 'Your studio has been registered')

        return {
            'studio': studio,
            'developers': developers
        }

Exemplo n.º 30

Arquivo: decorators.py Projeto: magfest/ubersystem

 def returns_json(*args, **kwargs):
     cherrypy.response.headers['Content-Type'] = 'application/json'
     assert cherrypy.request.method == 'POST', 'POST required, got {}'.format(cherrypy.request.method)
     check_csrf(kwargs.pop('csrf_token', None))
     return json.dumps(func(*args, **kwargs), cls=serializer).encode('utf-8')

Exemplo n.º 31

Arquivo: decorators.py Projeto: magfest/ubersystem

 def protected(*args, csrf_token, **kwargs):
     check_csrf(csrf_token)
     return func(*args, **kwargs)