def booking_index():
if current_user.get_role() == "WORKER":
aid = current_user.get_id()
worker_id = Worker.query.filter_by(account_id=aid).first().id
cbookings = Booking.find_confimed_bookings_for_worker(worker_id)
bookings = []
return render_template("booking/list.html",
bookings=bookings,
cbookings=cbookings,
services=Service.query.all(),
workers=Worker.query.all(),
customers=Customer.query.all())
if current_user.get_role() == "CUSTOMER":
aid = current_user.get_id()
customer_id = Customer.query.filter_by(account_id=aid).first().id
cbookings = Booking.find_bookings_for_customer(customer_id, 1)
bookings = Booking.find_bookings_for_customer(customer_id, 0)
return render_template("booking/list.html",
bookings=bookings,
cbookings=cbookings,
services=Service.query.all(),
workers=Worker.query.all(),
customers=Customer.query.all())
cbookings = Booking.query.filter_by(confirmed=1).all()
bookings = Booking.query.filter_by(confirmed=0).all()
return render_template("booking/list.html",
bookings=bookings,
cbookings=cbookings,
services=Service.query.all(),
workers=Worker.query.all(),
customers=Customer.query.all())
def add_groupcategory(group_id):
stmt = text(
"SELECT * FROM Category WHERE category.id NOT IN (SELECT category.id FROM Category, group_category WHERE category.id = Group_category.category_id AND Group_category.group_id = :id)"
).params(id=group_id)
res = db.engine.execute(stmt)
g = Groups.query.get(group_id)
response = []
for row in res:
response.append({"id": row[0], "category": row[3]})
if request.method == "GET" and (g.account_id == current_user.id or
current_user.get_role().role == "ADMIN"):
return render_template("groups/addGroupcategory.html",
response=response,
group_id=group_id)
if g.account_id == current_user.id or current_user.get_role(
).role == "ADMIN":
gc = GroupCategory()
gc.group_id = g.id
gc.category_id = request.form.get("category")
db.session().add(gc)
db.session().commit()
return redirect(url_for("add_groupcategory", group_id=group_id))
def decorated_view(*args, **kwargs):
if not current_user:
return login_manager.unauthorized()
if not current_user.is_authenticated:
return login_manager.unauthorized()
unauthorized = False
if role != "ANY":
unauthorized = True
if current_user.get_role() == "ADMIN":
unauthorized = False
if role == "CUSTOMER" and current_user.get_role() == "WORKER":
unauthorized = False
if current_user.get_role() == role:
unauthorized = False
if unauthorized:
return login_manager.unauthorized()
return fn(*args, **kwargs)
def index():
try:
if current_user.get_role() == 'customer':
return render_template('index.html')
elif current_user.get_role() == 'seller':
return "Seller"
except AttributeError:
return render_template('login.html')
def decorator(*args, **kwargs):
if 'logged-in' in session and session['logged-in']:
if current_user.get_role() == 'SELLER':
return redirect(url_for('seller_bp.dashboard'))
if current_user.get_role() == 'BUYER':
return redirect(url_for('buyer_bp.dashboard'))
if current_user.get_role() == 'ADMIN':
return redirect(url_for('admin_bp.dashboard'))
return a(*args, **kwargs)
def check_authority(role, tmp_id):
data = {}
if current_user.get_role() == 'admin' and role == 'admin':
return data
if role != current_user.get_role() or tmp_id != current_user.get_true_id():
data['error'] = '非法访问'
data['current_user_role'] = current_user.get_role()
data['current_user_id'] = current_user.get_true_id()
data['request_user_role'] = role
data['request_user_id'] = tmp_id
return data
def decorated_view(*args, **kwargs):
if not (current_user and current_user.is_authenticated):
return login_manager.unauthorized()
#acceptable_roles = set(("USER", "ADMIN", "ANY", *current_user.roles()))
if (current_user.get_role() != role) and (current_user.get_role()
!= "ADMIN"):
return login_manager.unauthorized()
return func(*args, **kwargs)
def all_users():
if hasattr(current_user, 'role'):
role = current_user.get_role()
else:
role = ""
return render_template('all-users.html', users=db.all_users(), role=role)
def booking_create():
form = BookingForm(request.form)
if not form.validate():
year = current.get_year()
month = current.get_month()
days = Days_of_the_Month(year, month)
lst = days.get_days()
return render_template("booking/calendar.html",
year=year,
month=month,
days=lst,
daynames=daynames,
form=form)
else:
dateAndTime = form.date.data
notes = form.notes.data
service_id = form.service.data.id
if current_user.get_role() == "CUSTOMER":
customer_id = Customer.query.filter_by(
account_id=current_user.id).first().id
b = Booking(notes, 0, dateAndTime, service_id, customer_id)
db.session().add(b)
db.session().commit()
else:
b = Booking(notes, 0, dateAndTime, service_id)
db.session().add(b)
db.session().commit()
flash('Booking successfully submitted.')
return redirect(url_for("cal_index"))
def ledgers_document(ledgerdocument_id):
print("*** ledgers_document ***")
documenttypes = getDocumentTypes()
accounts = getAccounts()
domains = getDomains()
ledgerdocumentform = getLedgerDocumentInAForm(ledgerdocument_id)
ledgerrows = LedgerRow.query.filter(
LedgerRow.entity_id == current_user.get_entity_id(),
LedgerRow.ledgerdocument_id == ledgerdocument_id).order_by(
LedgerRow.id)
newledgerrowform = newLedgerRowForm(ledgerdocument_id)
return render_template("ledgers/document.html",
action="ShowLedgerDocument",
userrole=current_user.get_role(),
ledgerdocumentform=ledgerdocumentform,
documenttypes=documenttypes,
accounts=accounts,
domains=domains,
targetledgerrow=-1,
ledgerrows=ledgerrows,
newledgerrowform=newledgerrowform)
def food_edit(food_id):
if int(food_id) > 2147483647:
return render_template("foods/update.html", food = None)
f = Food.query.get(food_id)
if not f:
return render_template("foods/update.html", food = None)
form = NewFoodForm()
form.duration.default = f.preparing_time
food_type = Type.query.get(f.type_id)
form.food_type.default = food_type.name
form.process()
u = f.getUser()
r = 'none'
if current_user.is_authenticated:
r = current_user.get_role()
form.name.data = f.name
form.recipe.data = f.recipe
form.ingredients.clear()
for ingredient in f.findIngredients():
form.ingredients.append(ingredient.get('name'))
return render_template("foods/update.html", food = f, ingredients = form.ingredients, user = u, newFoodForm = form, role = r)
def decorated_view(*args, **kwargs):
if current_app.login_manager._login_disabled:
return func(*args, **kwargs)
elif not (current_user.is_authenticated()
and current_user.get_role() == required_role):
return current_app.login_manager.unauthorized()
return func(*args, **kwargs)
def edit_post(id):
post = db.find_post_by_id(id)
if hasattr(current_user, 'role'):
role = current_user.get_role()
else:
role = ""
if post is None:
flash("Post doesn't exist", category='danger')
return redirect(url_for('all_posts'))
post_form = EditPostForm(price=post['price'],
quantity=post['quantity'],
unit=post['unit'],
product=post['product'],
description=post['description'])
if post_form.validate_on_submit():
rowcount = db.update_post(post_form.price.data,
post_form.quantity.data, post_form.unit.data,
post_form.product.data,
post_form.description.data, id)
if rowcount == 1:
flash("'{}' post updated".format(post_form.product.data),
category='success')
return redirect(url_for('all_posts'))
else:
flash('Post not updated', category='danger')
return render_template('post-form.html',
post_form=post_form,
mode='update',
role=role)
def my_favorites():
query = ProductSearchForm(request.form)
if hasattr(current_user, 'role'):
role = current_user.get_role()
else:
role = ""
if session:
user_id = session['id']
favorites = db.favorites_by_user(user_id)
if request.method == 'POST':
query_list = query.search.data.lower().split(" ")
posts = []
for item in query_list:
posts += db.search_products(item)
return render_template('posts.html',
search_form=query,
posts=posts,
mode='results',
role=role)
return render_template('posts.html',
user_id=user_id,
search_form=query,
posts=favorites,
mode='favorites',
role=role)
def admin_dashboard():
if hasattr(current_user, 'role'):
role = current_user.get_role()
else:
role = ""
return render_template('admin-dashboard.html', role=role)
def my_posts():
user_id = session['id']
query = ProductSearchForm(request.form)
if hasattr(current_user, 'role'):
role = current_user.get_role()
else:
role = ""
if user_id is None:
flash('User is not logged in!', category='danger')
posts = []
else:
posts = db.posts_by_user(user_id)
if request.method == 'POST':
query_list = query.search.data.lower().split(" ")
posts = []
for item in query_list:
posts += db.search_products(item)
return render_template('posts.html',
search_form=query,
posts=posts,
mode='results',
role=role)
return render_template('posts.html',
search_form=query,
posts=posts,
mode='my-posts',
role=role)
def user_posts(user_id):
query = ProductSearchForm(request.form)
user = db.find_user_by_id(user_id)
if hasattr(current_user, 'role'):
role = current_user.get_role()
else:
role = ""
if user_id is None:
flash('No user with id {}'.format(user_id), category='danger')
posts = []
else:
posts = db.posts_by_user(user_id)
if request.method == 'POST':
query_list = query.search.data.lower().split(" ")
posts = []
for item in query_list:
posts += db.search_products(item)
return render_template('posts.html',
search_form=query,
posts=posts,
mode='results',
role=role)
return render_template('posts.html',
search_form=query,
user=user,
posts=posts,
mode='user',
role=role)
def create_user():
user_form = AdminUserForm()
if hasattr(current_user, 'role'):
role = current_user.get_role()
else:
role = ""
if user_form.validate_on_submit():
user = db.find_user_by_email(user_form.email.data)
if user is not None:
flash("User {} already exists".format(user_form.email.data),
category='danger')
else:
rowcount = db.create_user(user_form.name.data,
user_form.email.data, user_form.zip.data,
user_form.password.data,
user_form.bio.data,
user_form.rating.data,
user_form.active.data)
if rowcount == 1:
flash("User {} created".format(user_form.name.data),
category='success')
return redirect(url_for('all_users'))
else:
flash("New user not created", category='danger')
return render_template('user-form.html',
form=user_form,
mode='create',
role=role)
def user_profile(id):
query = ProductSearchForm(request.form)
if hasattr(current_user, 'role'):
role = current_user.get_role()
else:
role = ""
user = db.find_user_by_id(id)
if id is None:
flash('User does not exist!', category='danger')
posts = []
else:
posts = db.posts_by_user(id)
if request.method == 'POST':
query_list = query.search.data.lower().split(" ")
posts = []
for item in query_list:
posts += db.search_products(item)
return render_template('posts.html',
search_form=query,
posts=posts,
mode='results',
role=role)
stars = int(user['rating'])
return render_template('user-profile.html',
search_form=query,
posts=posts,
user=user,
role=role,
stars=stars)
def post_details(id):
post = db.find_post_by_id(id)
user_id = post['user_id']
user = db.find_user_by_id(user_id)
query = ProductSearchForm(request.form)
if hasattr(current_user, 'role'):
role = current_user.get_role()
else:
role = ""
if request.method == 'POST':
query_list = query.search.data.lower().split(" ")
posts = []
for item in query_list:
posts += db.search_products(item)
return render_template('posts.html',
search_form=query,
posts=posts,
mode='results',
role=role)
if post['user_id'] == current_user.get_id():
return render_template('post-details.html',
search_form=query,
post=post,
role=role)
else:
return render_template('post-details.html',
search_form=query,
post=post,
user=user,
role=role)
def create_sport_group():
if current_user.get_role() != 'admin':
return redirect(url_for('index.html'))
form = NewSportGroupForm()
if form.validate_on_submit():
sportgroup = SportsGroup(name=form.name.data,
rus_name=form.rus_name.data,
rank=form.rank.data)
db.session.add(sportgroup)
db.session.commit()
ctx.push()
telegrambot.sports_gr, telegrambot.sports_gr_commands = telegrambot.create_sports_group_description(
)
ctx.pop()
flash('New sport group \"{}\" have been saved.'.format(form.name.data))
return redirect(url_for('create_sport_group'))
elif request.method == 'GET':
pass
return render_template('create_sport_group.html',
title='Create Sport Group',
form=form)
def sport_edit1(sport):
if current_user.get_role() != 'admin':
return redirect(url_for('index.html'))
sport = Sports.query.filter_by(name=sport).join(
SportsGroup, SportsGroup.id == Sports.id_sportsgroup).first_or_404()
sport_coeff = SportsCoeff.query.filter_by(sport=sport).first_or_404()
form = SportEdit(request.form)
form.name.default = sport.name
form.rus_name.default = sport.rus_name
form.rank.default = sport.rank
form.criteria.default = sport_coeff.criteria
form.criteria_desc.default = sport_coeff.criteria_description
form.coeff1.default = sport_coeff.coeff1
form.coeff2.default = sport_coeff.coeff2
form.bottom.default = sport_coeff.bottom
form.upper.default = sport_coeff.upper
categories_sp = [(str(c.id), str(c.name)) for c in SportsGroup.query.all()]
categories_place = [(str(c.id), str(c.name)) for c in Place.query.all()]
form.sport_group.choices = categories_sp
form.sport_group.default = sport.sportsgroup.name
form.place.choices = categories_place
form.process()
return render_template('sport_edit.html', title='Sport Edit', form=form)
def delete_player(player_id):
if current_user.get_role() == "admin":
model.delete_row("player", player_id)
return redirect(url_for('players'))
else:
flash("Na tuto operaci nemáte oprávnění", "danger")
return redirect(url_for('index'))
def delete_adventure(adventure_id):
if current_user.get_role() == "admin":
model.delete_row('adventure', adventure_id)
return redirect(url_for('adventures'))
else:
flash("Na tuto operaci nemáte oprávnění", "danger")
return redirect(url_for('index'))
def ledgers_select_ledgerrow(ledgerrow_id):
print("*** ledgers_select_ledgerrow ***")
print("Valittu editoitavaksi tositerivi id = " + ledgerrow_id)
editledgerrowform = getLedgerRowInAForm(ledgerrow_id)
ledgerdocument_id = editledgerrowform.ledgerdocument_id.data
ledgerdocumentform = getLedgerDocumentInAForm(ledgerdocument_id)
ledgerrows = LedgerRow.query.filter(
LedgerRow.entity_id == current_user.get_entity_id(),
LedgerRow.ledgerdocument_id == ledgerdocument_id).order_by(
LedgerRow.id)
newledgerrowform = LedgerRowForm()
newledgerrowform.ledgerdocument_id.data = ledgerdocument_id
documenttypes = getDocumentTypes()
accounts = getAccounts()
domains = getDomains()
return render_template("ledgers/document.html",
action="EditLedgerRow",
userrole=current_user.get_role(),
targetledgerrow=ledgerrow_id,
documenttypes=documenttypes,
accounts=accounts,
domains=domains,
ledgerrows=ledgerrows,
ledgerdocumentform=ledgerdocumentform,
editledgerrowform=editledgerrowform,
newledgerrowform=newledgerrowform)
def wrap(*args, **kwargs):
if (
current_user.get_role() == "admin"
and current_user.is_authenticated
):
return f(*args, **kwargs)
else:
abort(403)
def delete_message(message_id):
m = Message.query.get(message_id)
if m.account_id == current_user.id or current_user.get_role(
).role == "ADMIN":
db.session.delete(m)
db.session.commit()
return redirect(url_for("group_messages", group_id=m.group_id))
def tag_delete(tag_id):
if current_user.get_role() != 'admin':
return abort(401)
tag = Tag.query.get(tag_id)
db.session.delete(tag)
db.session.commit()
return redirect(url_for("tags_index"))
def uncomplete_item(id):
if login_disabled == False and current_user.get_role(
) != UserRole.Writer:
return "Unauthorised", 403
mark_item_as_uncomplete(collection, id)
return redirect(url_for('index'))
def decorated_view(*args, **kwargs):
if not current_user.is_authenticated:
return login_manager.unauthorized()
urole = current_user.get_role().nome
if ((urole != role) and (role != "ANY")):
return login_manager.unauthorized()
return fn(*args, **kwargs)
def test_2_login(self):
print ''
print 'test login/logout process'
with self.app:
print 'get login page'
rv = self.app.get('/login')
assert '<form id="login"' in rv.data
print 'login refused - credentials'
rv = self.login('admin', 'default')
assert 'Invalid credentials: username is unknown or password is invalid.' in rv.data
print 'login refused - credentials'
rv = self.login('admin', '')
assert 'Invalid credentials: username is unknown or password is invalid.' in rv.data
print 'login accepted - home page'
rv = self.login('admin', 'admin')
assert '<title>Home page</title>' in rv.data
print 'login accepted - user attributes'
assert current_user.username == 'admin'
print 'user:'******'user name:', current_user.get_name()
print 'token:', current_user.get_auth_token()
print 'username:'******'user role:', current_user.get_role()
print 'user picture:', current_user.get_picture()
print 'admin:', current_user.can_admin()
print 'action:', current_user.can_action()
print 'reload home page'
rv = self.app.get('/')
assert '<title>Home page</title>' in rv.data
print 'reload home page'
rv = self.app.get('/?search=test')
assert '<title>Home page</title>' in rv.data
print 'reload home page'
rv = self.app.get('/index')
assert '<title>Home page</title>' in rv.data
print 'refresh header'
rv = self.app.get('/refresh_header')
assert 'html_livesynthesis' in rv.data
print 'refresh livestate'
rv = self.app.get('/refresh_livestate')
assert 'livestate' in rv.data
print 'refresh livesynthesis'
rv = self.app.get('/livesynthesis')
assert 'livesynthesis' in rv.data
print 'logout - go to login page'
rv = self.logout()
assert '<form id="login"' in rv.data
def decorated_view(*args, **kwargs):
if current_app.login_manager._login_disabled:
return func(*args, **kwargs)
elif not (current_user.is_authenticated() and current_user.get_role() == required_role):
return current_app.login_manager.unauthorized()
return func(*args, **kwargs)
def decorated_view(*args, **kwargs):
if current_user.get_role() != 1:
return redirect("/")
return fn(*args, **kwargs)
def wrapped(*args, **kwargs):
user_role = current_user.get_role()
if user_role in roles or user_role is "TRIADCARE_ADMIN":
return f(*args, **kwargs)
else:
abort(403)
def decorated_view(*args, **kwargs):
if role and current_user.get_role() != role:
return redirect(url_for('index'))
return fn(*args, **kwargs)
