def remove_response(submit_id=None):
response = "success"
if not ModuleAPI.can_read('custom_form'):
return abort(403)
# Test if user already signed up
submission = CustomFormResult.query.filter(
CustomFormResult.id == submit_id
).first()
if not submission:
abort(404)
form_id = submission.form_id
max_attendants = submission.form.max_attendants
db.session.delete(submission)
db.session.commit()
all_sub = CustomFormResult.query.filter(
CustomFormResult.form_id == form_id
).all()
if max_attendants <= len(all_sub):
from_list = all_sub[max_attendants - 1]
copernica_data = {
"Reserve": "Nee"
}
copernica.update_subprofile(
copernica.SUBPROFILE_ACTIVITY, from_list.owner_id,
from_list.form_id, copernica_data)
return response
def get_users():
if not ModuleAPI.can_read('user'):
return abort(403)
users = User.query.all()
user_list = []
for user in users:
user_list.append(
[user.id,
user.email,
user.first_name,
user.last_name,
user.student_id,
user.education.name
if user.education else "",
"<i class='glyphicon glyphicon-ok'></i>"
if user.has_paid else "",
"<i class='glyphicon glyphicon-ok'></i>"
if user.honorary_member else "",
"<i class='glyphicon glyphicon-ok'></i>"
if user.favourer else "",
"<i class='glyphicon glyphicon-ok'></i>"
if user.alumnus else ""
])
return json.dumps({"data": user_list})
def view():
if not ModuleAPI.can_read('navigation'):
return abort(403)
entries = NavigationAPI.get_entries()
return render_template('navigation/view.htm', nav_entries=entries)
def get_navigation_menu(group_id, personal, type):
if not ModuleAPI.can_read('pimpy'):
return abort(403)
if current_user.is_anonymous:
flash('Huidige gebruiker niet gevonden!', 'danger')
return redirect(url_for('pimpy.view_minutes'))
groups = current_user.groups\
.filter(Group.name != 'all').order_by(Group.name.asc()).all()
if not type:
type = 'minutes'
endpoint = 'pimpy.view_' + type
endpoints = {'view_chosentype': endpoint,
'view_chosentype_personal': endpoint + '_personal',
'view_chosentype_chosenpersonal': endpoint +
('_personal' if personal and type != 'minutes' else ''),
'view_tasks': 'pimpy.view_tasks',
'view_tasks_personal': 'pimpy.view_tasks_personal',
'view_tasks_chosenpersonal': 'pimpy.view_tasks',
'view_minutes': 'pimpy.view_minutes'}
if personal:
endpoints['view_tasks_chosenpersonal'] += '_personal'
if not group_id:
group_id = 'all'
if group_id != 'all':
group_id = int(group_id)
return Markup(render_template('pimpy/api/side_menu.htm', groups=groups,
group_id=group_id, personal=personal,
type=type, endpoints=endpoints,
title='PimPy'))
def list(page_nr=1):
"""Show a paginated list of contacts."""
if not ModuleAPI.can_read('contact'):
return abort(403)
contacts = Contact.query.paginate(page_nr, 15, False)
return render_template('contact/list.htm', contacts=contacts)
def edit(contact_id=None):
"""Create or edit a contact, frontend."""
if not ModuleAPI.can_read('contact'):
return abort(403)
if contact_id:
contact = Contact.query.get(contact_id)
else:
contact = Contact()
form = ContactForm(request.form, contact)
locations = Location.query.order_by('address').order_by('city')
form.location_id.choices = \
[(l.id, '%s, %s' % (l.address, l.city)) for l in locations]
if form.validate_on_submit():
if not contact.id and Contact.query.filter(
Contact.email == form.email.data).count():
flash(_('Contact email "%s" is already in use.' %
form.email.data), 'danger')
return render_template('contact/edit.htm', contact=contact,
form=form)
form.populate_obj(contact)
db.session.add(contact)
db.session.commit()
flash(_('Contact person saved.'), 'success')
return redirect(url_for('contact.edit', contact_id=contact.id))
else:
flash_form_errors(form)
return render_template('contact/edit.htm', contact=contact, form=form)
def new_submission(challenge_id=None):
if not ModuleAPI.can_read('challenge') or current_user.is_anonymous:
abort(403)
if request.args.get('challenge_id'):
challenge_id = request.args.get('challenge_id')
else:
return "Error, no 'challenge_id' given"
if request.args.get('submission'):
submission = request.args.get('submission')
else:
return "Error, no 'submission' given"
new_submission = ChallengeAPI.create_submission(challenge_id=challenge_id,
user_id=current_user.id,
submission=submission,
image_path=None)
if new_submission is False:
return "Question is already submitted"
challenge = ChallengeAPI.fetch_challenge(challenge_id)
return ChallengeAPI.validate_question(new_submission, challenge)
def get_ranking():
if not ModuleAPI.can_read('challenge'):
abort(403)
ranking = ChallengeAPI.get_ranking()
return jsonify(ranking=[user.serialize for user in ranking])
def get_minutes_in_date_range(group_id, start_date, end_date):
"""Load all minutes in the given group."""
if not ModuleAPI.can_read('pimpy'):
return abort(403)
if current_user.is_anonymous:
flash('Huidige gebruiker niet gevonden', 'danger')
return redirect(url_for('pimpy.view_minutes'))
list_items = {}
start_date = datetime.datetime.strptime(start_date, "%Y-%m-%d")
end_date = datetime.datetime.strptime(end_date, "%Y-%m-%d")
if group_id != 'all':
query = Minute.query.filter(Minute.group_id == group_id).\
filter(start_date <= Minute.minute_date,
Minute.minute_date <= end_date).\
order_by(Minute.minute_date.desc())
list_items[Group.query.filter(Group.id == group_id).first().name]\
= query.all()
# this should be done with a sql in statement, or something, but meh
else:
for group in current_user.groups:
query = Minute.query.filter(Minute.group_id == group.id)
query = query.order_by(Minute.minute_date.desc())
list_items[group.name] = query.all()
return Markup(render_template('pimpy/api/minutes.htm',
list_items=list_items, type='minutes',
group_id=group_id, line_number=-1,
title='PimPy'))
def list(page=0):
if not ModuleAPI.can_read('mollie'):
return abort(403)
payments, message = mollie.get_payments(page)
return render_template('mollie/list.htm', payments=payments,
message=message, page=page)
def group_api_get_users(group_id):
if not (ModuleAPI.can_read("group")):
return abort(403)
group = Group.query.get(group_id)
users = group.users.order_by(User.first_name, User.last_name).all()
res = [{"val": user.id, "label": user.name} for user in users]
return jsonify(users=res)
def view_minutes(group_id='all'):
if not ModuleAPI.can_read('pimpy'):
return abort(403)
if not (group_id == 'all' or group_id.isdigit()):
return abort(404)
if group_id != 'all' and not current_user.member_of_group(group_id):
return abort(403)
return PimpyAPI.get_minutes(group_id)
def view_single(user_id=None):
if user_id is None:
if current_user.is_authenticated:
return redirect(url_for('user.view_single',
user_id=current_user.id))
return redirect(url_for('user.view'))
can_read = False
can_write = False
# Only logged in users can view profiles
if current_user.is_anonymous:
return abort(403)
# Unpaid members cannot view other profiles
if current_user.id != user_id and not current_user.has_paid:
return abort(403)
# A user can always view his own profile
if current_user.id == user_id:
can_write = True
can_read = True
# group rights
if ModuleAPI.can_read('user'):
can_read = True
if ModuleAPI.can_write('user'):
can_write = True
can_read = True
user = User.query.get_or_404(user_id)
user.avatar = UserAPI.avatar(user)
user.groups = UserAPI.get_groups_for_user_id(user)
user.groups_amount = user.groups.count()
if "gravatar" in user.avatar:
user.avatar = user.avatar + "&s=341"
# Get all activity entrees from these forms, order by start_time of
# activity.
activities = Activity.query.join(CustomForm).join(CustomFormResult).\
filter(CustomFormResult.owner_id == user_id and
CustomForm.id == CustomFormResult.form_id and
Activity.form_id == CustomForm.id)
user.activities_amount = activities.count()
new_activities = activities\
.filter(Activity.end_time > datetime.today()).distinct()\
.order_by(Activity.start_time)
old_activities = activities\
.filter(Activity.end_time < datetime.today()).distinct()\
.order_by(Activity.start_time.desc())
return render_template('user/view_single.htm', user=user,
new_activities=new_activities,
old_activities=old_activities,
can_read=can_read,
can_write=can_write)
def view_minute_raw(group_id, minute_id):
if not ModuleAPI.can_read('pimpy'):
return abort(403)
if not (group_id == 'all' or group_id.isdigit()):
return abort(404)
if group_id != 'all' and not current_user.member_of_group(group_id):
return abort(403)
return (PimpyAPI.get_minute_raw(group_id, minute_id),
{'Content-Type': 'text/plain; charset=utf-8'})
def user_export():
if not ModuleAPI.can_read('user'):
return abort(403)
users = User.query.all()
si = StringIO()
cw = writer(si)
cw.writerow([c.name for c in User.__mapper__.columns])
for user in users:
cw.writerow([getattr(user, c.name) for c in User.__mapper__.columns])
return si.getvalue().strip('\r\n')
def view_tasks_in_date_range(group_id='all'):
if not ModuleAPI.can_read('pimpy'):
return abort(403)
if group_id != 'all' and not current_user.member_of_group(group_id):
return abort(403)
group_id = request.form['group_id']
start_date = request.form['start_date']
end_date = request.form['end_date']
return PimpyAPI.get_tasks_in_date_range(
group_id, False, start_date, end_date)
def get_minute_raw(group_id, minute_id):
"""Load specifically one minute in raw format (without markup)."""
if not ModuleAPI.can_read('pimpy'):
return abort(403)
minute = Minute.query.filter(Minute.id == minute_id).first()
group = Group.query.filter(Group.id == group_id).first()
if group != minute.group:
return abort(403)
return minute.content
def get_points(user_id=None):
if not ModuleAPI.can_read('challenge'):
abort(403)
if request.args.get('user_id'):
user_id = request.args.get('user_id')
else:
return "Error, no 'user_id' given"
points = ChallengeAPI.get_points(user_id)
return str(points)
def view_users(group_id):
if not (ModuleAPI.can_read("group")):
return abort(403)
group = Group.query.filter(Group.id == group_id).first()
if not group:
flash("There is no such group.")
return redirect(url_for("group.view"))
users = group.users.order_by(User.first_name).order_by(User.last_name).all()
return render_template("group/view_users.htm", group=group, users=users, title="%s users" % (group.name))
def view(page_nr=1):
if not ModuleAPI.can_read('custom_form'):
return abort(403)
followed_forms = CustomForm.qry_followed().all()
active_forms = CustomForm.qry_active().all()
archived_paginate = CustomForm.qry_archived().paginate(page_nr, 10)
return render_template('custom_form/overview.htm',
followed_forms=followed_forms,
active_forms=active_forms,
archived_paginate=archived_paginate,
page_nr=page_nr)
def get_group_users(group_id):
if not (ModuleAPI.can_read("group")):
return abort(403)
group = Group.query.filter(Group.id == group_id).first()
if not group:
flash("There is no such group.")
return redirect(url_for("group.view"))
users = group.users.all()
user_list = [[user.id, user.name] for user in users]
user_list.sort()
return json.dumps({"data": user_list})
def view(page_nr=1):
if not (ModuleAPI.can_read("group")):
return abort(403)
form = ViewGroupForm(request.form)
pagination = Group.query.order_by(Group.name).paginate(page_nr, 15, False)
if form.validate_on_submit():
if form.delete_group.data:
if ModuleAPI.can_write("group"):
group_ids = []
for group, form_entry in zip(pagination.items, form.entries):
if form_entry.select.data:
group_ids.append(group.id)
groups = Group.query.filter(Group.id.in_(group_ids)).all()
for group in groups:
db.session.delete(group)
db.session.commit()
if len(groups) > 1:
flash("The selected groups have been deleted.", "success")
else:
flash("The selected group has been deleted.", "success")
return redirect(url_for("group.view"))
else:
flash("This incident has been reported to our authorities.", "warning")
else:
for group in pagination.items:
form.entries.append_entry()
flash_form_errors(form)
return render_template(
"group/view.htm",
form=form,
pagination=pagination,
groups=zip(pagination.items, form.entries),
current_user=current_user,
title="Groups",
)
def view(redirect_id=None):
if not ModuleAPI.can_read('redirect'):
return abort(403)
can_write = ModuleAPI.can_write('redirect')
redirection = Redirect.query.get(redirect_id) if redirect_id else None
if redirection:
form = RedirectForm(request.form, redirection)
else:
form = RedirectForm(request.form)
if form.validate_on_submit():
if not can_write:
return abort(403)
fro = form.data['fro'].rstrip('/')
to = form.data['to']
old_redirection = Redirect.query.filter(Redirect.fro == fro).first()
if old_redirection and old_redirection.id != redirect_id:
flash('Er is al een omleiding vanaf dat pad gedefiniëerd.',
'danger')
else:
if redirection:
redirection.fro = fro
redirection.to = to
else:
redirection = Redirect(fro, to)
db.session.add(redirection)
db.session.commit()
flash('De omleiding is succesvol opgeslagen.')
return redirect(url_for('redirect.view',
redirect_id=redirection.id))
redirections = Redirect.query.order_by(Redirect.fro).all()
return render_template('redirect.htm', redirections=redirections,
redirection=redirection, form=form,
can_write=can_write)
def list(page_nr=1):
"""List all files that are not assigned to a page."""
if not ModuleAPI.can_read('file'):
return abort(403)
if request.args.get('search'):
search = request.args.get('search', None)
filters = FileAPI.search(search)
files = File.query.filter(File.name.in_(filters),
File.page == None) # noqa
else:
files = File.query.filter(File.page == None) # noqa
files = files.order_by(File.name).paginate(page_nr, 30, False)
form = FileForm()
return render_template('files/list.htm', files=files, form=form)
def view(archive=None, page_nr=1):
if not ModuleAPI.can_read('activity'):
return abort(403)
if archive == "archive":
activities = Activity.query.filter(
Activity.end_time < datetime.datetime.today()).order_by(
Activity.start_time.desc())
title = _('Activity archive') + " - " + _('page') + " " + str(page_nr)
else:
activities = Activity.query.filter(
Activity.end_time > (
datetime.datetime.now() - datetime.timedelta(hours=12))) \
.order_by(Activity.start_time.asc())
title = _('Activities') + ' - ' + _('page') + ' ' + str(page_nr)
return render_template('activity/view.htm',
activities=activities.paginate(page_nr, 10, False),
archive=archive, title=title)
def list(page_nr=1, search=None):
if not ModuleAPI.can_read('vacancy'):
return abort(403)
# Order the vacancies in such a way that vacancies that are new
# or almost expired, end up on top.
order = func.abs(
(100 * (func.datediff(Vacancy.start_date, func.current_date()) /
func.datediff(Vacancy.start_date, Vacancy.end_date))) - 50)
if search is not None:
vacancies = Vacancy.query.join(Company). \
filter(or_(Vacancy.title.like('%' + search + '%'),
Company.name.like('%' + search + '%'),
Vacancy.workload.like('%' + search + '%'),
Vacancy.contract_of_service.like('%' + search + '%'))) \
.order_by(order.desc())
if not ModuleAPI.can_write('vacancy'):
vacancies = vacancies.filter(
and_(Vacancy.start_date <
datetime.utcnow(), Vacancy.end_date >
datetime.utcnow()))
vacancies = vacancies.paginate(page_nr, 15, False)
return render_template('vacancy/list.htm', vacancies=vacancies,
search=search, path=FILE_FOLDER,
title="Vacatures")
if ModuleAPI.can_write('vacancy'):
vacancies = Vacancy.query.join(Company).order_by(order.desc())
else:
vacancies = Vacancy.query.order_by(order.desc()) \
.filter(and_(Vacancy.start_date <
datetime.utcnow(), Vacancy.end_date >
datetime.utcnow()))
vacancies = vacancies.paginate(page_nr, 15, False)
return render_template('vacancy/list.htm', vacancies=vacancies,
search="", path=FILE_FOLDER, title="Vacatures")
def get_tasks_in_date_range(group_id, personal, start_date, end_date):
"""Load all tasks for a given group in a daterange."""
if not ModuleAPI.can_read('pimpy'):
return abort(403)
if current_user.is_anonymous:
flash('Huidige gebruiker niet gevonden', 'danger')
return redirect(url_for('pimpy.view_tasks'))
status_meanings = Task.get_status_meanings()
tasks_rel = TaskUserRel.query.join(Task).join(User)
groups = UserAPI.get_groups_for_current_user()
groups = map(lambda x: x.id, groups)
if group_id == 'all':
tasks_rel = tasks_rel.filter(Task.group_id.in_(groups))
else:
group_id = int(group_id)
if group_id not in groups:
return abort(403)
tasks_rel = tasks_rel.filter(Task.group_id == group_id)
if personal:
tasks_rel = tasks_rel.filter(User.id == current_user.id)
tasks_rel = tasks_rel.filter(~Task.status.in_((4, 5))).join(Group).\
filter(start_date <= Task.timestamp,
Task.timestamp <= end_date)
tasks_rel = tasks_rel.order_by(Group.name.asc(), User.first_name.asc(),
User.last_name.asc(), Task.id.asc())
return Markup(render_template('pimpy/api/tasks.htm',
personal=personal,
group_id=group_id,
tasks_rel=tasks_rel,
type='tasks',
status_meanings=status_meanings,
title='PimPy'))
def get_minute(group_id, minute_id, line_number):
"""Load (and thus view) specifically one minute."""
if not ModuleAPI.can_read('pimpy'):
return abort(403)
list_items = {}
minute = Minute.query.filter(Minute.id == minute_id).first()
group = Group.query.filter(Group.id == group_id).first()
if group != minute.group:
return abort(403)
list_items[group.name] = [minute]
tag = "%dln%d" % (list_items[group.name][0].id, int(line_number))
return render_template('pimpy/api/minutes.htm', list_items=list_items,
type='minutes', group_id=group_id,
line_number=line_number, tag=tag,
title='PimPy')
def view_list(page=1):
if not ModuleAPI.can_read('challenge') or current_user.is_anonymous:
return abort(403)
print((app.config['SQLALCHEMY_DATABASE_URI']))
challenge = Challenge()
form = ChallengeForm(request.form, challenge)
challenges = ChallengeAPI.fetch_all_challenges_user(current_user.id)
approved_challenges = \
ChallengeAPI.fetch_all_approved_challenges_user(current_user.id)
user_points = ChallengeAPI.get_points(current_user.id)
ranking = ChallengeAPI.get_ranking()
challenge_description = ChallengeAPI.get_challenge_description()
return render_template('challenge/dashboard.htm', challenges=challenges,
user_points=user_points, ranking=ranking,
approved_challenges=approved_challenges, form=form,
challenge_description=challenge_description)
def view_single(form_id=None):
if not ModuleAPI.can_read('custom_form'):
return abort(403)
custom_form = CustomForm.query.get(form_id)
if not custom_form:
return abort(403)
results = []
entries = CustomFormResult.query\
.filter(CustomFormResult.form_id == form_id).order_by("created")
from urllib.parse import unquote_plus
from urllib.parse import parse_qs
for entry in entries:
# Hide form entries from non existing users
data = parse_qs(entry.data)
# Add the entry date
time = entry.created.strftime("%Y-%m-%d %H:%M") if \
entry.created is not None else ""
# Append the results with a single entry
results.append({
'id': entry.id,
'owner': entry.owner,
'data': data,
'has_paid': entry.has_paid,
'time': time
})
custom_form.results = results
return render_template('custom_form/view_results.htm',
custom_form=custom_form,
xps=CustomForm.exports,
unquote_plus=unquote_plus)
