def one_expenditure(expense_id): # if id is zero, use last submitted try: if expense_id < 1: target_expense = Expenditure.query.order_by(text("id desc")).first() else: target_expense = Expenditure.query.filter_by(id=expense_id).one() except: abort(404) if request.method == "GET": return jsonify({ "success": True, "expenditure": target_expense.dict_form(), }) try: if request.method == "PATCH": if has_permission("patch:expenditures"): valid_attributes = set(target_expense.dict_form().keys()) valid_attributes.remove("id") attempted_attributes = set(request.json.keys()) # passed json should be a subset of valid assert attempted_attributes <= valid_attributes target_expense.update(request.json) return jsonify({ "success": True, "expenditure": target_expense.dict_form(), }) else: abort(401) if request.method == "DELETE": if has_permission("delete:expenditures"): target_expense.delete() all_expenditures = Expenditure.query.all() return jsonify({ "success": True, "expenditures": [e.dict_form() for e in all_expenditures] }) else: abort(401) except: abort(422)
def update_category(category_id): # if ID is zero, use last submitted if category_id == 0: target_category = Category.query.order_by(text("id desc")).first() else: target_category = Category.query.get(category_id) if request.method == "GET": return jsonify({ "success": True, "category": target_category.dict_form(), }) try: if request.method == "PATCH": if has_permission("patch:expenditures"): valid_attributes = set(target_category.dict_form().keys()) valid_attributes.remove('id') attempted_attributes = set(request.json.keys()) assert attempted_attributes <= valid_attributes target_category.update(request.json) return jsonify({ "success": True, "category": target_category.dict_form() }) else: abort(401) if request.method == "DELETE": if has_permission("delete:expenditures"): target_category.delete() all_categories = Category.query.all() return jsonify({ "success": True, "categories": [e.dict_form() for e in all_categories] }) else: abort(401) except AssertionError: abort(422)
def phrase_page(lang, base): # Authentication user_profile = auth.verify_auth_token() if user_profile == None or not auth.has_permission(user_profile, 'MANAGE_DICTIONARY'): return flask.redirect(flask.url_for('unauthorized_page')) # Get the phrase from the database phrase = mongo.db.phrases.find_one({ 'lang': lang, 'base': base }) section = dbutils.get_section_for_phrase(mongo, phrase) if phrase and flask.request.method == 'POST': # Apply changes from the form for k, txs in phrase['txs'].iteritems(): for tx in txs: orig_rank = int(tx['rank']) tx['deleted'] = flask.request.form["tx-deleted-%s-%d" % (k, orig_rank)] == '1' tx['text'] = flask.request.form["tx-%s-%d" % (k, orig_rank)] tx['rank'] = int(flask.request.form["tx-rank-%s-%d" % (k, orig_rank)]) phrase['txs'][k] = sorted(txs, key=lambda tx: tx['rank']) # Perform the update mongo.db.phrases.update( { 'lang': lang, 'base': base }, phrase, ) # Parse parameters show_deleted = int(flask.request.args.get('show-deleted', 0)) # Pass the translation to the template return flask.render_template('phrase.html', lang = lang, phrase = phrase, section = section, show_deleted = show_deleted )
def phrases_page(lang): # Authentication user_profile = auth.verify_auth_token() if user_profile == None or not auth.has_permission(user_profile, 'manage_dictionary'): return flask.redirect(flask.url_for('unauthorized_page')) min_phrase = flask.request.args.get('min-phrase') max_phrase = flask.request.args.get('max-phrase') if min_phrase and max_phrase: min_phrase = int(min_phrase) max_phrase = int(max_phrase) else: min_phrase = 0 max_phrase = 99 phrases = mongo.db.phrases.find({ 'lang': lang, 'rank': { '$gt': min_phrase-1, '$lt': max_phrase+1 } }).sort('rank', 1) processed_phrases = [] for phrase in phrases: if dbutils.get_section_for_phrase(mongo, phrase): phrase['has_section'] = 1 if 'txs' in phrase: phrase['has_txs'] = 1 processed_phrases.append(phrase) # Render the template by passing the total phrase counts return flask.render_template('phrases.html', lang = lang, min_phrase = min_phrase, max_phrase = max_phrase, phrase_counts = processed_phrases, )
def auth0_callback_handling(): response = auth0.authorize_access_token() token = response.get('access_token') resp = auth0.get('userinfo') userinfo = resp.json() # Session variables are set only for gui, not for the api. # The permissions are set to pass to the html to hide buttons that # the user is not authorized for without having to call the # has_permission() function repeatedly session['return_html'] = True session['user'] = { 'user_id': userinfo['sub'], 'email': userinfo['email'], 'first_name': userinfo['nickname'].title(), } session['jwt_token'] = token print('') print('token:', token) print('') if has_permission(token, 'get:volunteer'): # the user is either assistant or director and will be redirected # to the dashboard session['public_user'] = False session['delete_task_ok'] = str( has_permission(token, 'delete:task')) session['delete_vol_ok'] = str( has_permission(token, 'delete:volun' 'teer')) session['add_task_ok'] = str(has_permission(token, 'post:task')) session['add_vol_ok'] = str(has_permission(token, 'post:volunteer')) session['update_task_ok'] = str(has_permission( token, 'patch:task')) return redirect('/dashboard') else: # the user is a member of the public and has no permissions # they will be redirected to the index route session['public_user'] = True return redirect('/')