def update_review(proposal_code, semester, reviewer, report, cursor):
"""
Update a proposal's reviewer.
Parameters
----------
proposal_code : str
Proposal code of the proposal.
semester : str
Semester, such as "2018-1".
reviewer : str
Username of the reviewer.
report : str
Technical report.
cursor : database cursor
Cursor on which the database command is executed.
Returns
-------
void
"""
if not g.user.may_perform(Action.UPDATE_TECHNICAL_REVIEWS,
proposal_code=proposal_code,
reviewer=reviewer,
report=report):
raise InvalidUsage(
message=
'You are not allowed to make the requested review update for proposal {proposal_code}'
.format(proposal_code=proposal_code),
status_code=403)
if not reviewer:
raise InvalidUsage(message='A reviewer must be specified for a review',
status_code=403)
year, sem = semester.split('-')
sql = '''INSERT INTO ProposalTechReport (ProposalCode_Id, Semester_Id, Astronomer_Id, TechReport)
SELECT pc.ProposalCode_Id, s.Semester_Id, u.Investigator_Id, %s
FROM ProposalCode AS pc, Semester AS s, PiptUser AS u
WHERE pc.Proposal_Code=%s AND (s.Year=%s AND s.Semester=%s) AND u.Username=%s
ON DUPLICATE KEY UPDATE
ProposalCode_Id=
(SELECT ProposalCode_Id FROM ProposalCode WHERE Proposal_Code=%s),
Semester_Id=
(SELECT Semester_Id FROM Semester WHERE Year=%s AND Semester=%s),
Astronomer_Id=
(SELECT Investigator_Id FROM PiptUser WHERE Username=%s),
TechReport=%s'''
params = (report, proposal_code, year, sem, reviewer, proposal_code, year,
sem, reviewer, report)
cursor.execute(sql, params)
def get_user_token(credentials):
if credentials is None:
raise InvalidUsage(message='Username or password not provided',
status_code=400)
try:
username = credentials['credentials']['username']
password = credentials['credentials']['password']
except KeyError:
raise InvalidUsage(message='Username or password not provided',
status_code=400)
verify_user(username, password)
return create_token(username)
def update_completion_comment(proposal_code, semester, comment, cursor):
"""
Update a proposal's reviewer.
Parameters
----------
proposal_code : str
Proposal code of the proposal.
semester : str
Semester, such as "2018-1".
comment : str
Completion Stat comment.
cursor : database cursor
Cursor on which the database command is executed.
Returns
-------
void
"""
if not g.user.may_perform(Action.UPDATE_COMPLETION_STAT_COMMENT,
proposal_code=proposal_code,
comment=comment):
raise InvalidUsage(message='You are not allowed to make the requested update for proposal {proposal_code}'
.format(proposal_code=proposal_code),
status_code=403)
year, sem = semester.split('-')
sql = '''UPDATE ProposalText SET CompletionComment=%s WHERE
ProposalCode_Id=(SELECT ProposalCode_Id FROM ProposalCode WHERE Proposal_Code=%s) AND
Semester_Id=(SELECT Semester_Id FROM Semester WHERE Year=%s AND Semester=%s)'''
params = (comment, proposal_code, year, sem)
cursor.execute(sql, params)
def proposal_summaries():
data = request.json
proposal_codes = data['proposalCodes']
semester = data['semester']
if 'partner' in data:
partner = data['partner']
else:
partner = 'All'
# check permission
for proposal_code in proposal_codes:
if not g.user.may_perform(Action.DOWNLOAD_SUMMARY,
proposal_code=proposal_code,
partner=partner):
raise InvalidUsage(
message=
'You are not allowed to view the pdf summary of proposal {proposal_code}'
.format(proposal_code=proposal_code),
status_code=403)
with tempfile.NamedTemporaryFile('wb') as f:
zip_proposal_summaries(proposal_codes, semester, f)
return send_file(f.name,
mimetype='application/zip',
attachment_filename='proposal_summaries.zip')
def remove_tac_member(partner, member, cursor):
"""
Remove a member from a partner's TAC.
Parameters
----------
partner : str
The partner code (such as "RSA") of the partner whose TAC is updated.
member : str
The username of the TAC member to be removed.
cursor : database cursor
Cursor on which the database command is executed.
Returns
-------
void
"""
if not g.user.may_perform(Action.UPDATE_TAC_COMMENTS, partner=partner):
raise InvalidUsage(
message='You are not allowed to update members of {partner}'.
format(partner=partner),
status_code=403)
sql = '''
DELETE FROM PiptUserTAC
WHERE
PiptUser_Id = (SELECT PiptUser_Id FROM PiptUser WHERE Username = %s)
AND
Partner_Id = (SELECT Partner_Id FROM Partner WHERE Partner_Code = %s)
'''
params = (member, partner)
cursor.execute(sql, params)
def token():
if request.json:
tok = get_user_token(request.json)
if "errors" in tok:
raise InvalidUsage(message=tok, status_code=400)
return jsonify({"user": {"token": tok}}), 200
return jsonify({"errors": {"global": "Invalid user"}}), 401
def proposal_summary():
data = request.json
proposal_code = data['proposalCode']
semester = data['semester']
# check permission
if not g.user.may_perform(Action.VIEW_PROPOSAL,
proposal_code=proposal_code):
raise InvalidUsage(
message=
'You are not allowed to view the pdf summary of proposal {proposal_code}'
.format(proposal_code=proposal_code),
status_code=403)
return send_file(summary_file(proposal_code, semester))
def verify_user(username, password):
"""
:param username: username
:param password: password
:return: PiptUser_Id or None if not found
"""
sql = """SELECT COUNT(PiptUser_Id) AS UserCount
FROM PiptUser
WHERE Username='******' AND Password=MD5('{password}')""" \
.format(username=username, password=password)
conn = sdb_connect()
result = pd.read_sql(sql, conn)
conn.close()
if not result.iloc[0]['UserCount']:
raise InvalidUsage('Username or password wrong')
def update_liaison_astronomer(proposal_code, liaison_astronomer, cursor):
"""
Update a proposal's liaison astronomer.
Parameters
----------
proposal_code : str
Proposal code of the proposal.
liaison_astronomer : str
Username of the liaison astronomer.
cursor : database cursor
Cursor on which the database command is executed.
Returns
-------
void
"""
if not g.user.may_perform(Action.UPDATE_LIAISON_ASTRONOMER,
proposal_code=proposal_code,
liaison_astronomer=liaison_astronomer):
raise InvalidUsage(
message=
'You are not allowed to update the liaison astronomer of proposal {proposal_code}'
.format(proposal_code=proposal_code),
status_code=403)
if liaison_astronomer is not None:
sql = '''UPDATE ProposalContact SET Astronomer_Id=
(SELECT PiptUser.Investigator_Id
FROM PiptUser
WHERE PiptUser.Username=%s)
WHERE ProposalContact.ProposalCode_Id=
(SELECT ProposalCode.ProposalCode_Id
FROM ProposalCode
WHERE ProposalCode.Proposal_Code=%s)'''
params = (liaison_astronomer, proposal_code)
else:
sql = '''UPDATE ProposalContact SET Astronomer_Id=NULL
WHERE ProposalContact.ProposalCode_Id=
(SELECT ProposalCode.ProposalCode_Id
FROM ProposalCode
WHERE ProposalCode.Proposal_Code=%s)'''
params = (proposal_code, )
cursor.execute(sql, params)
def proposal_summary():
data = request.json
proposal_code = data['proposalCode']
semester = data['semester']
if 'partner' in data:
partner = data['partner']
else:
partner = 'All'
# TODO: check permission
if not g.user.may_perform(Action.DOWNLOAD_SUMMARY,
proposal_code=proposal_code,
partner=partner):
raise InvalidUsage(
message=
'You are not allowed to view the pdf summary of proposal {proposal_code}'
.format(proposal_code=proposal_code),
status_code=403)
return send_file(summary_file(proposal_code, semester))
def update_tac_member(partner, member, is_chair, cursor):
"""
Update or add a tac member to be TAC on given partner.
Parameters
----------
partner : str
The partner code (such as "RSA") of the partner whose TAC is updated
member : str
The username of the added/updated TAC member.
is_chair: boolean
true if user is a chair
cursor : database cursor
Cursor on which the database command is executed.
Returns
-------
void
"""
if not g.user.may_perform(Action.UPDATE_TAC_COMMENTS, partner=partner):
raise InvalidUsage(
message='You are not allowed to update members of {partner}'.
format(partner=partner),
status_code=403)
chair = 1 if is_chair else 0
sql = '''
INSERT INTO PiptUserTAC (PiptUser_Id, Partner_Id, Chair)
SELECT PiptUser_Id, Partner_Id, 0
FROM PiptUser join Partner on (Partner_Code = %s)
WHERE Username = %s
ON DUPLICATE KEY UPDATE
PiptUser_Id=
(SELECT PiptUser_Id FROM PiptUser WHERE Username = %s),
Partner_Id=
(SELECT Partner_Id FROM Partner WHERE Partner_Code = %s),
Chair=%s'''
params = (partner, member, member, partner, chair)
cursor.execute(sql, params)