Пример #1
0
def mygroups():
    if 'username' not in flask.session:
        return flask.abort(403)
    user_id = auth_utils.get_user_id(flask.session['username'])
    return flask.render_template('newsgroups.html',
                                 groups=helpers.get_my_newsgroups(user_id),
                                 page="my")
Пример #2
0
def campus_positions():
    '''Renders the campus positions template. We collect a list of
    groups that the currently loged in user is the admin of. We
    also collect the total list of positions and pass it in'''
    approved_group_ids = []
    approved_group_names = []

    def approve_group(group):
        approved_group_ids.append(group['group_id'])
        approved_group_names.append(group['group_name'])

    if is_admin():
        groups = groups_helpers.get_group_list_data(('group_id', 'group_name'))
        for group in groups:
            approve_group(group)
    else:
        username = flask.session.get('username')
        if username:
            user_id = get_user_id(username)
            for group in helpers.get_group_list_of_member(user_id):
                if group["control"]:
                    approve_group(group)
    all_positions = groups_helpers.get_position_data(
        include_house_and_ug=False, order_by=("group_name", "pos_name"))
    return flask.render_template('campus_positions.html',
                                 approved_group_ids=approved_group_ids,
                                 approved_group_names=approved_group_names,
                                 all_positions=all_positions)
Пример #3
0
def set_timezone():
    user_id = auth_utils.get_user_id(flask.session['username'])
    timezone = flask.request.form['timezone']
    timezone = int(timezone) if timezone else None
    helpers.set_member_field(user_id, 'timezone', timezone)
    return redirect(
        flask.url_for('directory_search.view_user', user_id=user_id))
Пример #4
0
def insert_event_to_db(calendar_tag,
                       google_event_id,
                       event_summary,
                       event_description,
                       event_location,
                       begin_time,
                       end_time,
                       username=None):
    '''
    Inserts events to our db. If the event already exists (by looking
    for the google id) then update.
    '''
    insert = '''
        INSERT INTO calendar_events (user_id, calendar_tag,
        google_event_id, summary, description,
        location, begin_time, end_time) VALUES
        (%s, %s, %s, %s, %s, %s, %s, %s) ON DUPLICATE KEY UPDATE
        user_id = VALUES(user_id),
        summary=VALUES(summary),
        description=VALUES(description),
        location=VALUES(location),
        begin_time=VALUES(begin_time),
        end_time=VALUES(end_time)
    '''
    with flask.g.pymysql_db.cursor() as cursor:
        cursor.execute(insert, [
            auth_utils.get_user_id(username), calendar_tag, google_event_id,
            event_summary, event_description, event_location, begin_time,
            end_time
        ])
Пример #5
0
def create_position():
    form = flask.request.form
    group_id = form.get('group_id')
    try:
        group_id = int(group_id)
    except ValueError:
        return jsonify({'success': False, 'message': 'Invalid group'})
    pos_name = form.get('pos_name')
    if not pos_name:
        return jsonify({'success': False, 'message': 'Invalid position'})
    username = flask.session.get('username')
    if not (username and helpers.can_control(get_user_id(username), group_id)):
        return jsonify({
            'success': False,
            'message': 'You do not control this group'
        })

    send = 'send' in form
    control = 'control' in form
    receive = 'receive' in form
    try:
        helpers.add_position(group_id,
                             pos_name,
                             send=send,
                             control=control,
                             receive=receive)
    except Exception as e:
        flask.current_app.logger.exception(f'Failed to create position: {e}')
        return jsonify({'success': False, 'message': 'Unable to add position'})

    return jsonify({'success': True})
Пример #6
0
def view_post(post_id):
    if 'username' not in flask.session:
        return flask.abort(403)
    user_id = auth_utils.get_user_id(flask.session['username'])
    post = helpers.get_post(post_id)
    if not groups.is_user_in_group(user_id, post['group_id']):
        return flask.abort(403)
    return flask.render_template('view_post.html', post=post)
Пример #7
0
def unsubscribe(group_id):
    if 'username' not in flask.session:
        return flask.abort(403)
    helpers.unsubscribe(auth_utils.get_user_id(flask.session['username']),
                        group_id)
    flask.flash('Successfully unsubscribed')
    return flask.redirect(
        flask.url_for('newsgroups.view_group', group_id=group_id))
Пример #8
0
def apply_subscription(group_id):
    if 'username' not in flask.session:
        return flask.abort(403)
    helpers.apply_subscription(
        auth_utils.get_user_id(flask.session['username']), group_id)
    flask.flash('Successfully applied for subscription')
    return flask.redirect(
        flask.url_for('newsgroups.view_group', group_id=group_id))
Пример #9
0
def delete_notes(username, course, section):
    user_id = get_user_id(username)
    query = """
        UPDATE scheduler_sections SET notes = NULL
        WHERE user_id = %s AND course_id = %s AND section_number = %s
    """
    with flask.g.pymysql_db.cursor() as cursor:
        cursor.execute(query, (user_id, course, section))
Пример #10
0
def delete_application(user_id, group_id):
    username = flask.session.get('username')
    if username is None or not helpers.get_user_actions(
            auth_utils.get_user_id(username), group_id)['control']:
        return flask.abort(403)
    helpers.remove_application(user_id, group_id)
    return flask.redirect(
        flask.url_for('newsgroups.view_group', group_id=group_id))
Пример #11
0
def login_submit():
    """Handle authentication."""
    mask_and_user = flask.request.form.get('username', None)
    password = flask.request.form.get('password', None)

    # Need to take care of the case when masquerading occurs.
    username = None
    mask = None

    if mask_and_user is not None:
        # Check for the character to split.
        if ':' in mask_and_user:
            # If it's there, we assume the second part is a mask name.
            split = mask_and_user.split(':')

            if len(split) > 2:
                flask.flash('You cannot specify multiple masks at once.')
                return flask.redirect(flask.url_for('auth.login'))

            username, mask = split
        else:
            username = mask_and_user

    if username is not None and password is not None:
        user_id = helpers.authenticate(username, password)
        if user_id is not None:
            if mask is not None:
                # If the user doesn't have permission, refuse the attempt to masquerade.
                if not auth_utils.check_permission(username, Permissions.MASK):
                    flask.flash('You do not have permission to masquerade.')
                    return flask.redirect(flask.url_for('auth.login'))

                # Also check that the mask exists.
                if not auth_utils.get_user_id(mask):
                    flask.flash('That person does not exist to mask.')
                    return flask.redirect(flask.url_for('auth.login'))

                # If the user has mask permissions, give them the mask.
                flask.session['username'] = mask
                flask.current_app.logger.info(
                    f'User {username} is masquerading as {mask}')
            else:
                flask.session['username'] = username
                flask.current_app.logger.info(f'User logged in: {username}')

            # Update last login time
            auth_utils.update_last_login(username)

            # Return to previous page if in session
            if 'next' in flask.session:
                redirect_to = flask.session.pop('next')
                return flask.redirect(redirect_to)
            else:
                return flask.redirect(flask.url_for('home'))
    flask.current_app.logger.warn(
        f'Invalid login attempt for user: {username}')
    flask.flash('Incorrect username or password. Please try again!')
    return flask.redirect(flask.url_for('auth.login'))
Пример #12
0
def add_planner_course(username, course_id, year):
    """
    Adds a certain course to a certain user's planner for a given year.
    Year 1 is frosh year, year 2 is smore year, etc.
    """
    user_id = get_user_id(username)
    query = 'INSERT INTO planner_courses (user_id, course_id, planner_year) VALUES (%s, %s, %s)'
    with flask.g.pymysql_db.cursor() as cursor:
        cursor.execute(query, (user_id, course_id, year))
Пример #13
0
def is_admin():
    """
    Checks if user can control the settings.
    """
    if 'username' not in flask.session:
        return False
    user_id = auth_utils.get_user_id(flask.session['username'])
    ascit_id = groups.get_group_id('ASCIT')
    return auth_utils.is_admin() or groups.is_user_in_group(user_id, ascit_id)
Пример #14
0
def set_responses(question_ids, responses):
    user_id = get_user_id(flask.session['username'])
    query = """
        INSERT INTO survey_responses(question_id, user_id, response)
        VALUES (%s, %s, %s)
    """
    with flask.g.pymysql_db.cursor() as cursor:
        for question_id, response in zip(question_ids, responses):
            cursor.execute(query, [question_id, user_id, response])
Пример #15
0
def get_notes(username, course, section):
    user_id = get_user_id(username)
    query = """
        SELECT notes FROM scheduler_sections
        WHERE user_id= %s AND course_id = %s AND section_number = %s
    """
    with flask.g.pymysql_db.cursor() as cursor:
        cursor.execute(query, (user_id, course, section))
        return cursor.fetchone()['notes']
Пример #16
0
def add_reservation(room, username, reason, start, end):
    insertion = """
        INSERT INTO room_reservations
        (room_id, user_id, reason, start_time, end_time)
        VALUES (%s, %s, %s, %s, %s)
    """
    with flask.g.pymysql_db.cursor() as cursor:
        cursor.execute(insertion,
                       [room, get_user_id(username), reason, start, end])
Пример #17
0
def restrict_edit_access(survey, allow_after_close):
    username = flask.session.get('username')
    if not check_permission(username, Permissions.SURVEYS):
        flask.abort(403)
    if not survey:
        return 'Invalid access key'
    if get_user_id(username) != survey['creator']:
        return 'You are not the creator of this survey'
    if not allow_after_close and survey['end_time'] < datetime.now():
        return 'Cannot modify a survey after it has closed'
Пример #18
0
def get_notes(username, course):
    user_id = get_user_id(username)
    query = "SELECT notes FROM scheduler_notes WHERE user_id=%s AND course_id=%s"
    with flask.g.pymysql_db.cursor() as cursor:
        cursor.execute(query, (user_id, course))
        res = cursor.fetchone()
        if res:
            return res['notes']
        else:
            return None
Пример #19
0
def post(group_id=None):
    if 'username' not in flask.session:
        return flask.abort(403)
    user_id = auth_utils.get_user_id(flask.session['username'])
    if not group_id:
        group_id = flask.request.form.get('group')
    return flask.render_template('post.html',
                                 groups=helpers.get_my_newsgroups(
                                     user_id, True),
                                 group_selected=group_id,
                                 page='post')
Пример #20
0
def edit_notes(username, course, notes):
    if len(notes) == 0:
        delete_notes(username, course)
        return
    user_id = get_user_id(username)
    query = """
    INSERT INTO scheduler_notes (user_id, course_id, notes) VALUES (%s, %s, %s)
    ON DUPLICATE KEY UPDATE notes = VALUES(notes)
    """
    with flask.g.pymysql_db.cursor() as cursor:
        cursor.execute(query, (user_id, course, notes))
Пример #21
0
def get_hidden_fields(viewer_name, viewee_id):
    """
    Returns a set of strings corresponding to fields
    on view_user page for viewee that viewer should not see
    """
    if viewer_name is not None:
        is_me = get_user_id(viewer_name) == viewee_id
        if is_me or check_permission(
                viewer_name, DirectoryPermissions.HIDDEN_SEARCH_FIELDS):
            return set()
    return HIDDEN_FIELDS
Пример #22
0
def all_posts(group_id):
    if 'username' not in flask.session:
        return flask.abort(403)
    user_id = auth_utils.get_user_id(flask.session['username'])
    if not groups.is_user_in_group(user_id, group_id):
        return flask.abort(403)
    group_name = groups.get_group_data(group_id, ['group_name'])['group_name']
    return flask.render_template('all_posts.html',
                                 group_id=group_id,
                                 group_name=group_name,
                                 messages=helpers.get_past_messages(
                                     group_id, 50))
Пример #23
0
def drop_scheduler_section(username, course, section):
    """
    Removes a certain section number of a certain course
    from a certain user's schedule for the course's term.
    """
    user_id = get_user_id(username)
    query = """
        DELETE FROM scheduler_sections
        WHERE user_id = %s AND course_id = %s AND section_number = %s
    """
    with flask.g.pymysql_db.cursor() as cursor:
        cursor.execute(query, (user_id, course, section))
Пример #24
0
def add_scheduler_section(username, course, section):
    """
    Adds a certain section number of a certain course
    to a certain user's schedule for the course's term.
    """
    user_id = get_user_id(username)
    query = """
        INSERT INTO scheduler_sections (user_id, course_id, section_number)
        VALUES (%s, %s, %s)
    """
    with flask.g.pymysql_db.cursor() as cursor:
        cursor.execute(query, (user_id, course, section))
Пример #25
0
def drop_planner_course(username, course_id, year):
    """
    Removes a certain course from a certain user's planner for a given year.
    Year 1 is frosh year, year 2 is smore year, etc.
    """
    user_id = get_user_id(username)
    query = """
        DELETE FROM planner_courses
        WHERE user_id = %s AND course_id = %s AND planner_year = %s
    """
    with flask.g.pymysql_db.cursor() as cursor:
        cursor.execute(query, (user_id, course_id, year))
Пример #26
0
def get_my_items():
    """
    Generates the table of items managed by the current user.
    """

    return table_fetch(
        """
            marketplace_items NATURAL LEFT JOIN
            marketplace_textbooks NATURAL JOIN
            marketplace_categories
        """,
        fields=MANAGE_FIELDS,
        attrs={'user_id': get_user_id(flask.session['username'])})
Пример #27
0
def drop_planner_placeholder(username, placeholder_id):
    """
    Removes the placeholder with the given ID from the user's planner.
    Returns whether successful (i.e. the given placeholder did belong to the user).
    """
    user_id = get_user_id(username)
    query = """
        DELETE FROM planner_placeholders
        WHERE placeholder_id = %s AND user_id = %s
    """
    with flask.g.pymysql_db.cursor() as cursor:
        cursor.execute(query, (placeholder_id, user_id))
        return cursor.rowcount > 0
Пример #28
0
def view_user(user_id):
    if not is_caltech_user():
        return login_redirect()

    user = helpers.get_user(user_id)
    is_me = 'username' in flask.session and get_user_id(
        flask.session['username']) == user_id
    hidden_fields = helpers.get_hidden_fields(flask.session.get('username'),
                                              user_id)
    return flask.render_template('view_user.html',
                                 user=user,
                                 is_me=is_me,
                                 user_id=user_id,
                                 hidden_fields=hidden_fields)
Пример #29
0
def update_lock_query(title, new_lock_status):
    """
    Query for updating lock status
    """
    title = title.replace(" ", "_")
    query = """
    UPDATE webpage_files 
        SET locked = %s, last_edit_time = NOW(), last_edit_uid = %s 
        WHERE title = %s
    """
    with flask.g.pymysql_db.cursor() as cursor:
        cursor.execute(
            query, (new_lock_status,
                    auth_utils.get_user_id(flask.session['username']), title))
Пример #30
0
def set_email():
    username = flask.session.get('username')
    if username is None:
        flask.abort(403)

    email = flask.request.form['email']
    valid = validate_email(email) and \
        validate_matches(email, flask.request.form['email2'])
    if not valid:
        return redirect(flask.url_for('.edit_user'))

    user_id = auth_utils.get_user_id(username)
    helpers.set_member_field(user_id, 'email', email)
    return redirect(
        flask.url_for('directory_search.view_user', user_id=user_id))