def day_edit(id, name=None):
cset = CalendarSetting.query.get(1)
if cset.finalized is False:
if current_user.is_moderator():
return deny_access(
no_perm_url,
"A Moderator can only edit the Calendar after it has been finalized."
)
heading = "Edit Day"
form = DayForm()
form.submit.label.text = "Save Day"
day = Day.query.filter_by(id=id).first_or_404()
if form.validate_on_submit():
day.name = form.name.data
day.abbreviation = form.abbreviation.data
day.description = form.description.data
db.session.commit()
flash("Day edited.", "success")
return redirect(url_for("calendar.settings"))
elif request.method == "GET":
form.name.data = day.name
form.abbreviation.data = day.abbreviation
form.description.data = day.description
return render_template("calendar/form.html",
item=day,
form=form,
heading=heading,
title=page_title("Edit Day '{day.name}'"))
def edit(id, name=None): # noqa: C901
item = MediaItem.query.filter_by(id=id).first_or_404()
form = MediaItemEditForm()
form.category.choices = gen_media_category_choices()
if not item.is_editable_by_user():
return deny_access(no_perm_url)
if not item.is_hideable_by_user():
del form.is_visible
form.file.label.text = "Replace with file"
if form.validate_on_submit():
item.name = form.name.data
item.category_id = form.category.data
if item.is_hideable_by_user():
item.is_visible = form.is_visible.data
if form.file.data:
# see github issue #47
if item.get_file_ext() != form.file.data.filename.split(".",
1)[-1]:
flash(
"Due to current technical limitations, the old and new file need to have the same file type. \
As a workaround, you can upload a new file instead.",
"danger")
return render_template(
"media/edit.html",
form=form,
title=page_title(f"Edit File '{item.name}'"))
success, filename, size = upload_media_file(
form.file.data, item.filename)
item.filesize = size
if item.is_image():
success = success and generate_media_thumbnail(filename)
if success is False:
flash("Error while uploading the new file.", "error")
else:
db.session.commit()
flash("File was edited.", "success")
return redirect(item.view_url())
elif request.method == "GET":
form.name.data = item.name
form.category.data = item.category_id
if item.is_hideable_by_user():
form.is_visible.data = item.is_visible
return render_template("media/edit.html",
form=form,
title=page_title(f"Edit File '{item.name}'"))
def journal_delete(c_id, j_id, c_name=None, j_name=None):
char = Character.query.filter_by(id=c_id).first_or_404()
journal = Journal.query.filter_by(id=j_id).first_or_404()
if not journal.is_deletable_by_user():
return deny_access(no_perm_url)
# journal belongs to character
if journal not in char.journals:
return deny_access(no_perm_url,
"Journal does not belong to this character.")
db.session.delete(journal)
db.session.commit()
flash("Journal entry was deleted.", "success")
return redirect(char.view_url())
def edit(username): # noqa: C901
user = User.query.filter_by(username=username).first_or_404()
if not user.is_editable_by_user():
return deny_access(no_perm_url)
form = EditProfileForm()
if current_user.is_admin():
form.role.choices = gen_role_choices()
else:
del form.role
if form.validate_on_submit():
user.about = form.about.data
if (form.password.data):
user.set_password(form.password.data)
if current_user.username == user.username:
user.must_change_password = False
elif current_user.is_admin():
# user must reset password after it has been changed by an admin
user.must_change_password = True
role_okay = True
if current_user.is_admin():
old_role = user.role
new_role = form.role.data
if username == current_user.username and current_user.is_admin(
) and new_role != Role.Admin.value:
flash("You can't revoke your own admin role.", "danger")
role_okay = False
elif user.id == 1 and new_role != Role.Admin.value:
flash("The original admin can't be removed.", "danger")
role_okay = False
else:
user.role = new_role
if role_okay:
db.session.commit()
flash("Your changes have been saved.", "success")
return redirect(user.view_url())
else:
form.role.data = old_role
elif request.method == "GET":
form.about.data = user.about
if current_user.is_admin():
form.role.data = user.role
return render_template("user/edit.html",
form=form,
user=user,
title=page_title(f"Edit User '{user.username}'"))
def edit(id, name=None):
event = Event.query.filter_by(id=id).first_or_404()
if not event.is_editable_by_user():
return deny_access(no_perm_url)
form = EventForm()
form.submit.label.text = "Save Event"
form.category.choices = gen_event_category_choices()
form.epoch.choices = gen_epoch_choices()
form.month.choices = gen_month_choices()
if request.method == "POST":
form.day.choices = gen_day_choices(form.month.data)
else:
form.day.choices = gen_day_choices(event.month_id)
if not event.is_hideable_by_user():
del form.is_visible
if form.validate_on_submit():
event.name = form.name.data
event.category_id = form.category.data
event.description = form.description.data
event.epoch_id = form.epoch.data
event.year = form.year.data
event.month_id = form.month.data
event.day = form.day.data
event.duration = form.duration.data
if event.is_hideable_by_user():
event.is_visible = form.is_visible.data
db.session.commit()
update_timestamp(event.id)
flash("Event was edited.", "success")
return redirect(event.view_url())
elif request.method == "GET":
form.name.data = event.name
form.category.data = event.category_id
form.description.data = event.description
form.epoch.data = event.epoch_id
form.year.data = event.year
form.month.data = event.month_id
form.day.data = event.day
form.duration.data = event.duration
if event.is_hideable_by_user():
form.is_visible.data = event.is_visible
calendar_helper = gen_calendar_stats()
return render_template("event/edit.html", form=form, calendar=calendar_helper,
title=page_title(f"Edit Event '{event.name}'"))
def test_deny_access(self, app, client):
from app.helpers import deny_access
client.get("/")
with client.session_transaction():
resp = deny_access("main.index")
self.assertEqual(resp.status_code, 302)
flashes = get_flashed_messages()
self.assertEqual(len(flashes), 1)
self.assertTrue("No permission" in flashes[0])
client.get("/")
# flash() (used in case of failure) needs a http context
with client.session_transaction():
resp = deny_access("main.index", msg="Custom Message")
self.assertEqual(resp.status_code, 302)
flashes = get_flashed_messages()
self.assertEqual(len(flashes), 1)
self.assertTrue("Custom Message" in flashes[0])
def journal_edit(c_id, j_id, c_name=None, j_name=None):
char = Character.query.filter_by(id=c_id).first_or_404()
journal = Journal.query.filter_by(id=j_id).first_or_404()
if not journal.is_editable_by_user():
return deny_access(no_perm_url)
# journal belongs to character
if journal not in char.journals:
return deny_access(no_perm_url,
"Journal does not belong to this character.")
heading = f"Edit Journal Entry for {char.name}"
form = JournalForm()
form.session.choices = gen_session_choices(char)
form.submit.label.text = "Save Journal Entry"
if form.validate_on_submit():
journal.title = form.title.data
journal.is_visible = form.is_visible.data
journal.content = form.content.data
if form.session.data == 0:
journal.session_id = None
else:
journal.session_id = form.session.data
db.session.commit()
flash("Journal entry was changed.", "success")
return redirect(journal.view_url())
else:
form.title.data = journal.title
form.is_visible.data = journal.is_visible
form.content.data = journal.content
form.session.data = journal.session_id
return render_template(
"character/journal_form.html",
heading=heading,
form=form,
title=page_title(f"Edit Journal Entry '{journal.title}'"))
def delete(id, name=None):
event = Event.query.filter_by(id=id).first_or_404()
if not event.is_deletable_by_user():
return deny_access(no_perm_url)
db.session.delete(event)
db.session.commit()
flash("Event was deleted", "success")
return redirect(url_for("calendar.index"))
def view(id, name=None):
map_ = Map.query.filter_by(id=id).first_or_404()
settings = MapSetting.query.filter_by(id=1).first_or_404()
if not map_.is_viewable_by_user():
return deny_access(no_perm_url)
return render_template("map/index.html",
settings=settings,
map_=map_,
title=page_title(map_.name))
def journal_view(c_id, j_id, c_name=None, j_name=None):
char = Character.query.filter_by(id=c_id).first_or_404()
journal = Journal.query.filter_by(id=j_id).first_or_404()
if not journal.is_viewable_by_user():
return deny_access(no_perm_url)
# journal belongs to character
if journal not in char.journals:
return deny_access(no_perm_url,
"Journal does not belong to this character.")
if journal.is_visible is False:
flash("This Journal is only visible to you.", "warning")
return render_template(
"character/journal_view.html",
char=char,
journal=journal,
title=page_title(f"View Journal Entry '{journal.title}'"))
def edit(id, name=None): # noqa: C901
party = Party.query.filter_by(id=id).first_or_404()
if not party.is_editable_by_user():
return deny_access(no_perm_url)
is_admin = current_user.is_admin()
form = PartyForm()
form.submit.label.text = "Save Party"
if is_admin:
form.members.choices = gen_party_members_choices(ensure=party.members)
else:
del form.members
if form.validate_on_submit():
party.name = form.name.data
party.description = form.description.data
if is_admin:
members = Character.query.filter(Character.id.in_(form.members.data)).all()
party.members = members
success = True
if form.profile_picture.data:
success, filename = upload_profile_picture(form.profile_picture.data)
if success and party.profile_picture:
delete_profile_picture(party.profile_picture)
party.profile_picture = filename
if success is False:
flash("Error while editing party.", "error")
else:
db.session.commit()
flash("Party was edited.", "success")
return redirect(party.view_url())
elif request.method == "GET":
form.name.data = party.name
form.description.data = party.description
if is_admin:
members = []
for m in party.members:
members.append(m.id)
form.members.data = members
return render_template("party/edit.html", form=form, party=party,
title=page_title(f"Edit Party '{party.name}'"))
def delete(id, name=None):
party = Party.query.filter_by(id=id).first_or_404()
if not party.is_deletable_by_user():
return deny_access(no_perm_url)
db.session.delete(party)
db.session.commit()
flash("Party was deleted", "success")
return redirect(url_for("character.list"))
def view(id, name=None):
char = Character.query.filter_by(id=id).first_or_404()
if not char.is_viewable_by_user():
return deny_access(no_perm_url)
if char.is_visible is False:
flash("This Character is only visible to you.", "warning")
return render_template("character/view.html",
char=char,
title=page_title(f"View Character '{char.name}'"))
def view(id, name=None):
item = MediaItem.query.filter_by(id=id).first_or_404()
if not item.is_viewable_by_user():
return deny_access(no_perm_url)
if not item.is_visible:
flash("This item is only visible to you.", "warning")
return render_template("media/view.html",
item=item,
title=page_title("View File"))
def view(id, name=None):
event = Event.query.filter_by(id=id).first_or_404()
moons = Moon.query.all()
if not event.is_viewable_by_user():
return deny_access(no_perm_url)
if event.is_visible is False:
flash("This Event is only visible to you.", "warning")
return render_template("event/view.html", event=event, moons=moons,
title=page_title(f"View Event '{event.name}'"))
def view(id, name=None):
wikientry = WikiEntry.query.filter_by(id=id).first_or_404()
if not wikientry.is_viewable_by_user():
return deny_access(no_perm_url)
if not wikientry.is_visible:
flash("This article is only visible to you.", "warning")
map_nodes = get_nodes_by_wiki_id(id)
return render_template("wiki/view.html", entry=wikientry, nav=(prepare_wiki_nav(), WikiSearchForm()),
map_nodes=map_nodes, title=page_title(f"View Wiki Article '{wikientry.title}'"))
def delete(id, name=None):
char = Character.query.filter_by(id=id).first_or_404()
if not char.is_deletable_by_user():
return deny_access(no_perm_url)
player = char.player
db.session.delete(char)
db.session.commit()
flash("Character was deleted.", "success")
return redirect(player.view_url())
def create_with_campaign(id):
form = SessionForm()
form.submit.label.text = "Create Session"
campaign = Campaign.query.filter_by(id=id).first_or_404()
form.participants.choices = gen_participant_choices(
ensure=campaign.default_participants)
if not campaign.is_editable_by_user():
return deny_access(no_perm_url)
if not current_user.is_dm_of(campaign):
del form.dm_notes
if form.validate_on_submit():
participants = Character.query.filter(
Character.id.in_(form.participants.data)).all()
dm_notes = None
if current_user.is_dm_of(campaign):
dm_notes = form.dm_notes.data
new_session = Session(title=form.title.data,
campaign_id=form.campaign.data,
summary=form.summary.data,
dm_notes=dm_notes,
date=form.date.data,
participants=participants)
db.session.add(new_session)
db.session.commit()
recalc_session_numbers(new_session.campaign, db)
flash("Session was created.", "success")
return redirect(new_session.view_url())
elif request.method == "GET":
participants = []
for p in campaign.default_participants:
participants.append(p.id)
form.participants.data = participants
form.campaign.data = id
return render_template("session/create.html",
form=form,
campaign=campaign,
title=page_title("Add Session"))
def toggle_vis(id, name=None):
wikientry = WikiEntry.query.filter_by(id=id).first_or_404()
if not wikientry.is_hideable_by_user():
return deny_access(no_perm_url)
if wikientry.is_visible is True:
wikientry.is_visible = False
flash("Article was hidden.", "success")
else:
wikientry.is_visible = True
flash("Article is now visible to anyone.", "success")
db.session.commit()
return redirect(wikientry.view_url())
def delete(id, name=None):
if id == 1:
flash("The wiki main page can't be deleted", "danger")
return redirect(url_for('wiki.index'))
wikientry = WikiEntry.query.filter_by(id=id).first_or_404()
if not wikientry.is_deletable_by_user():
return deny_access(no_perm_url)
db.session.delete(wikientry)
db.session.commit()
flash("Wiki article was deleted.", "success")
return redirect(url_for('wiki.index'))
def delete(id, name=None):
session = Session.query.filter_by(id=id).first_or_404()
if not session.is_editable_by_user():
return deny_access(no_perm_url)
campaign = session.campaign
db.session.delete(session)
recalc_session_numbers(campaign, db)
db.session.commit()
flash("Session was deleted.", "success")
return redirect(url_for("session.index"))
def view_with_node(id, n_id, m_name=None, n_name=None):
mapsettings = MapSetting.query.get(1)
map_ = Map.query.filter_by(id=id).first_or_404()
node = MapNode.query.filter_by(id=n_id).first_or_404()
if not map_.is_viewable_by_user():
return deny_access(no_perm_url)
if node.on_map != map_.id:
flash(f"Map node '{node.id}' could not be found on this map", "danger")
return redirect(map_.view_url())
return render_template("map/index.html",
settings=mapsettings,
map_=map_,
jump_to_node=node.id,
title=page_title(map_.name))
def journal_create(c_id, c_name=None):
char = Character.query.filter_by(id=c_id).first_or_404()
if not char.journal_is_creatable_by_user():
return deny_access(no_perm_url)
heading = f"Create Journal Entry for {char.name}"
form = JournalForm()
form.session.choices = gen_session_choices(char)
form.submit.label.text = "Create Journal Entry"
if form.validate_on_submit():
journal_entry = Journal(title=form.title.data,
content=form.content.data,
is_visible=form.is_visible.data,
character_id=c_id)
if (form.session.data != 0):
journal_entry.session_id = form.session.data
db.session.add(journal_entry)
db.session.commit()
flash("Journal entry was created.", "success")
return redirect(journal_entry.view_url())
else:
# set default for visibility
if request.method == "GET":
form.is_visible.data = True
# pre-select session if get-param was passed
session_id = request.args.get("session")
# will do nothing if session_id not an int or not in choices
if session_id:
try:
form.session.data = int(session_id)
except ValueError:
pass
return render_template(
"character/journal_form.html",
heading=heading,
form=form,
title=page_title(f"Add Journal Entry for '{char.name}'"))
def epoch_edit(id, name=None):
heading = "Edit Epoch"
form = EpochForm()
form.submit.label.text = "Save Epoch"
cset = CalendarSetting.query.get(1)
if cset.finalized is True:
del form.years
del form.circa
else:
if current_user.is_moderator():
return deny_access(
no_perm_url,
"A Moderator can only edit the Calendar after it has been finalized."
)
epoch = Epoch.query.filter_by(id=id).first_or_404()
if form.validate_on_submit():
epoch.name = form.name.data
epoch.abbreviation = form.abbreviation.data
epoch.description = form.description.data
if cset.finalized is False:
epoch.years = form.years.data
epoch.circa = form.circa.data
db.session.commit()
flash("Epoch edited.", "success")
return redirect(url_for("calendar.settings"))
elif request.method == "GET":
form.name.data = epoch.name
form.abbreviation.data = epoch.abbreviation
form.description.data = epoch.description
if cset.finalized is False:
form.years.data = epoch.years
form.circa.data = epoch.circa
return render_template("calendar/form.html",
item=epoch,
form=form,
heading=heading,
title=page_title(f"Edit Epoch '{epoch.name}'"))
def edit(id, name=None):
wikientry = WikiEntry.query.filter_by(id=id).first_or_404()
if not wikientry.is_editable_by_user():
return deny_access(no_perm_url)
form = WikiEntryForm()
form.submit.label.text = "Save Article"
cats = gen_category_strings()
if wikientry.id == 1:
del form.title
if not wikientry.is_hideable_by_user():
del form.is_visible
if form.validate_on_submit():
if wikientry.id != 1:
wikientry.title = form.title.data
wikientry.content = form.content.data
wikientry.category = form.category.data
wikientry.tags = form.tags.data
if wikientry.is_hideable_by_user():
wikientry.is_visible = form.is_visible.data
db.session.commit()
flash("Wiki entry was edited.", "success")
return redirect(wikientry.view_url())
elif request.method == "GET":
if wikientry.id != 1:
form.title.data = wikientry.title
form.content.data = wikientry.content
form.category.data = wikientry.category
form.tags.data = wikientry.tags
if wikientry.is_hideable_by_user():
form.is_visible.data = wikientry.is_visible
return render_template("wiki/edit.html", form=form, nav=(prepare_wiki_nav(), WikiSearchForm()), cats=cats,
entry=wikientry, title=page_title(f"Edit Wiki Article '{wikientry.title}'"))
def delete(id, name=None):
item = MediaItem.query.filter_by(id=id).first_or_404()
if not item.is_deletable_by_user():
return deny_access(no_perm_url)
fname = path.join(current_app.config["MEDIA_DIR"], item.filename)
if path.isfile(fname):
remove(fname)
tname = path.join(current_app.config["MEDIA_DIR"], "thumbnails",
item.filename)
if item.is_image() and path.isfile(tname):
remove(tname)
db.session.delete(item)
db.session.commit()
flash("Media item was deleted.", "success")
return redirect(url_for('media.index'))
def moon_edit(id, name=None):
cset = CalendarSetting.query.get(1)
if cset.finalized is False:
if current_user.is_moderator():
return deny_access(
no_perm_url,
"A Moderator can only edit the Calendar after it has been finalized."
)
heading = "Edit Moon"
form = MoonForm()
form.submit.label.text = "Save Moon"
moon = Moon.query.filter_by(id=id).first_or_404()
if form.validate_on_submit():
moon.name = form.name.data
moon.description = form.description.data
moon.phase_length = form.phase_length.data
moon.phase_offset = form.phase_offset.data
moon.waxing_color = stretch_color(form.waxing_color.data.hex)
moon.waning_color = stretch_color(form.waning_color.data.hex)
db.session.commit()
flash("Moon edited.", "success")
return redirect(url_for("calendar.settings"))
elif request.method == "GET":
form.name.data = moon.name
form.description.data = moon.description
form.phase_length.data = moon.phase_length
form.phase_offset.data = moon.phase_offset
form.waxing_color.data = moon.waxing_color
form.waning_color.data = moon.waning_color
return render_template("calendar/form.html",
item=moon,
form=form,
heading=heading,
title=page_title(f"Edit Moon '{moon.name}'"))
def settings():
cset = CalendarSetting.query.get(1)
if cset.finalized is False:
if current_user.is_moderator():
return deny_access(
no_perm_url,
"A Moderator can only edit the Calendar after it has been finalized."
)
epochs = Epoch.query.order_by(Epoch.order.asc()).all()
months = Month.query.order_by(Month.order.asc()).all()
days = Day.query.order_by(Day.order.asc()).all()
moons = Moon.query.order_by(Moon.name.asc()).all()
return render_template("calendar/settings.html",
settings=cset,
epochs=epochs,
months=months,
days=days,
moons=moons,
title=page_title("Calendar Settings"))
def map_settings(id, name=None):
map_ = Map.query.filter_by(id=id).first_or_404()
if not map_.is_editable_by_user():
return deny_access(no_perm_url)
form = MapForm()
form.submit.label.text = "Save Map"
if form.validate_on_submit():
map_.name = form.name.data
map_.min_zoom = form.min_zoom.data
map_.max_zoom = form.max_zoom.data
map_.default_zoom = form.default_zoom.data
map_.external_provider = form.external_provider.data
map_.tiles_path = form.tiles_path.data
map_.no_wrap = form.no_wrap.data
map_.is_visible = form.is_visible.data
db.session.commit()
flash("Map settings have been changed.", "success")
return redirect(map_.view_url())
else:
form.name.data = map_.name
form.no_wrap.data = map_.no_wrap
form.external_provider.data = map_.external_provider
form.tiles_path.data = map_.tiles_path
form.min_zoom.data = map_.min_zoom
form.max_zoom.data = map_.max_zoom
form.default_zoom.data = map_.default_zoom
form.is_visible.data = map_.is_visible
return render_template("map/edit.html",
map=map_,
form=form,
title=page_title(f"Edit Map '{map_.name}'"))
def edit(id, name=None): # noqa: C901
campaign = Campaign.query.filter_by(id=id).first_or_404()
if not campaign.is_editable_by_user():
return deny_access(no_perm_url)
is_admin = current_user.is_admin()
is_dm = current_user.is_dm_of(campaign)
form = CampaignEditForm()
form.associated_parties.choices = gen_party_choices()
form.default_participants.choices = gen_participant_choices(ensure=campaign.default_participants)
if not is_admin:
del form.dm
else:
form.dm.choices = gen_dm_choices()
if not is_dm:
del form.dm_notes
if form.validate_on_submit():
campaign.name = form.name.data
campaign.description = form.description.data
campaign.associated_parties = Party.query.filter(Party.id.in_(form.associated_parties.data)).all()
campaign.default_participants = Character.query.filter(Character.id.in_(form.default_participants.data)).all()
campaign.color = stretch_color(form.color.data.hex)
if is_admin:
campaign.dm_id = form.dm.data
if is_dm:
campaign.dm_notes = form.dm_notes.data
success = True
if form.profile_picture.data:
success, filename = upload_profile_picture(form.profile_picture.data)
if success and campaign.profile_picture:
delete_profile_picture(campaign.profile_picture)
campaign.profile_picture = filename
if success is False:
flash("Error while editing campaign.", "error")
else:
db.session.commit()
flash("Campaign was edited.", "success")
return redirect(campaign.view_url())
elif request.method == "GET":
form.name.data = campaign.name
form.description.data = campaign.description
form.color.data = campaign.color
form.associated_parties.data = [p.id for p in campaign.associated_parties]
participants = []
for p in campaign.default_participants:
participants.append(p.id)
form.default_participants.data = participants
if is_admin:
form.dm.data = campaign.dm_id
if is_dm:
form.dm_notes.data = campaign.dm_notes
return render_template("campaign/edit.html", form=form, campaign=campaign,
title=page_title(f"Edit Campaign '{campaign.name}'"))
