def show_score(user_id,score_id):
teams = [t for t in Team.select() if can(auth.get_logged_in_user(),READ,t)]
user = get_object_or_404(User, User.id == user_id)
score = get_object_or_404(Score, Score.id == score_id)
ensure(READ,user)
users = [u for u in User.select().where(User.team == user.team) if can(auth.get_logged_in_user(),READ,u)]
return render_template("score_detail.html", active_user=user, teams=teams, users=users, active_team = user.team, score=score)
def test_get_object_or_404(self):
user = self.create_user('test', 'test')
# test with model as first arg
self.assertRaises(NotFound, get_object_or_404, User, username='******')
self.assertEqual(user, get_object_or_404(User, username='******'))
# test with query as first arg
active = User.select().where(active=True)
inactive = User.select().where(active=False)
self.assertRaises(NotFound, get_object_or_404, active, username='******')
self.assertRaises(NotFound, get_object_or_404, inactive, username='******')
self.assertEqual(user, get_object_or_404(active, username='******'))
def test_get_object_or_404(self):
user = self.create_user('test', 'test')
# test with model as first arg
self.assertRaises(NotFound, get_object_or_404, User, User.username=='not-here')
self.assertEqual(user, get_object_or_404(User, User.username=='test'))
# test with query as first arg
active = User.select().where(User.active==True)
inactive = User.select().where(User.active==False)
self.assertRaises(NotFound, get_object_or_404, active, User.username=='not-here')
self.assertRaises(NotFound, get_object_or_404, inactive, User.username=='test')
self.assertEqual(user, get_object_or_404(active, User.username=='test'))
def user_detail(username):
user = get_object_or_404(User, User.username == username)
messages = user.message_set.order_by(Message.pub_date.desc())
return object_list('user_detail.html',
messages,
'message_list',
person=user)
def delete(self, id):
'''Delete a person.'''
person = get_object_or_404(Person, Person.id == int(id))
pid = person.id
person.delete_instance()
return jsonify({"message": "Successfully deleted person.",
"id": pid}), 200
def api_borrow(self, pk):
"""API to borrow disk"""
obj = get_object_or_404(self.get_query(), self.pk == pk)
data = request.data or request.form.get('data') or ''
new_log = Log(model='Disk', log_type='borrow', model_refer=obj.id)
if request.method == 'POST':
data = self.data_precheck(data, SubmitUserForm)
# existence has been checked by SubmitUserForm
req_user = User.select().where(User.id == data['id']).get()
if obj.avail_type == 'Borrowed':
# renew
# only admin or holder can renew
if obj.hold_by != req_user:
return jsonify(errno=3, error="Disk not borrowed by the user")
if not self.check_post(obj) and req_user != g.user:
return self.response_forbidden()
# renew it
obj.renew()
new_log.content = ("member %s renews disk %s" %
(req_user.itsc, obj.get_callnumber()))
new_log.user_affected = req_user
if g.user.admin:
new_log.admin_involved = g.user
elif obj.avail_type == 'Reserved':
# taken to deliver
if not self.check_post(obj):
return self.response_forbidden()
obj.deliver()
new_log.content = ("take out disk %s for delivery" %
obj.get_callnumber())
new_log.user_affected = req_user
new_log.admin_involved = g.user
else:
# checkout
if not self.check_post(obj):
return self.response_forbidden()
obj.check_out(req_user)
new_log.content = ("check out disk %s for member %s" %
(obj.get_callnumber(), req_user.itsc))
new_log.user_affected = req_user
new_log.admin_involved = g.user
elif request.method == 'DELETE':
if not self.check_delete(obj):
return self.response_forbidden()
obj.check_in()
new_log.content = "check in disk %s" % obj.get_callnumber()
new_log.admin_involved = g.user
obj.save()
new_log.save()
return self.object_detail(obj)
def user_detail(username):
user = get_object_or_404(User, username=username)
messages = user.message_set.order_by(('pub_date', 'desc'))
return object_list('user_detail.html',
messages,
'message_list',
person=user)
def api_rate(self, pk):
"""API to acquire the ups and downs of a disk"""
data = request.data or request.form.get('data') or ''
obj = get_object_or_404(self.get_query(), self.pk == pk)
if request.method == 'GET':
"""Return the rates and whether a user has rated before"""
ups, downs = obj.get_rate()
rated = g.user and Log.select().where(
Log.model == 'Disk', Log.model_refer == obj.id,
Log.log_type == 'rate', Log.user_affected == g.user).exists()
elif request.method == 'POST':
data = self.data_precheck(data, RateForm)
if not g.user:
return self.response_forbidden()
obj.add_rate(g.user, data['rate'])
rated = True
ups, downs = obj.get_rate()
return self.response({
'ups': ups,
'downs': downs,
'rated': rated
})
def toggle_user_state(uid):
data = request.get_json(silent=True)
user = get_object_or_404(User, (User.id == uid))
user.active = data['active']
user.save()
user_resource = api.registry[User]
return jsonify(user_resource.serialize_object(user))
def delete_welcome_image(pk):
activity = get_object_or_404(Activity, (Activity.id == pk))
activity.welcome_img = None
if activity.save():
tasks.generate_json_files_for_activity(activity)
flash(u'删除图片成功', 'success')
return redirect(url_for('edit_activity', pk=pk))
def edit(note_id):
user = auth.get_logged_in_user()
note = get_object_or_404(Note, Note.user == user, Note.id == note_id)
note.content = request.form.get('content')
note.save()
return redirect(url_for('getNotes', note_id=note.id))
def user_follow(username):
user = get_object_or_404(User, User.username==username)
Relationship.get_or_create(
from_user=auth.get_logged_in_user(),
to_user=user,
)
flash('You are now following %s' % user.username)
return redirect(url_for('user_detail', username=user.username))
def classroom(course_code):
course = get_object_or_404(Course, Course.code == course_code)
meetings = Meeting.select().where(Meeting.course_id == course.id)
resources = Resource.select().where(Resource.course_id == course.id)
return render_template('classroom.html',
course=course,
meetings=meetings,
resources=resources)
def change_password(uid):
data = request.get_json(silent=True)
user = get_object_or_404(User, (User.id == uid))
user.username = data['username']
user.set_password(data['password'])
user.save()
user_resource = api.registry[User]
return jsonify(user_resource.serialize_object(user))
def note_details(self, pk):
note = get_object_or_404(self.get_query(), self.pk == pk)
return self.response({
'content':
note.unparse_content(),
'reminder': (note.reminder.strftime('%Y-%m-%dT%H:%M')
if note.reminder else None),
})
def user_unfollow(username):
user = get_object_or_404(User, User.username==username)
Relationship.delete().where(
Relationship.from_user==auth.get_logged_in_user(),
Relationship.to_user==user,
).execute()
flash('You are no longer following %s' % user.username)
return redirect(url_for('user_detail', username=user.username))
def update_choice(self, pk):
obj = get_object_or_404(self.get_query(), self.pk == pk)
to_add = []
for cid in request.json:
if Choice.get_or_none(Choice.id == cid):
to_add.append(cid)
obj.choices.add(to_add, clear_existing=True)
return UPDATED_SUCCESS_RESPONSE
def user_follow(username):
user = get_object_or_404(User, User.username == username)
Relationship.get_or_create(
from_user=auth.get_logged_in_user(),
to_user=user,
)
flash('You are now following %s' % user.username)
return redirect(url_for('user_detail', username=user.username))
def delete(self, id):
'''Delete an item.'''
item = get_object_or_404(Item, Item.id == id)
item.delete_instance()
return jsonify({
"message": "Successfully deleted item.",
"id": item.id
}), 200
def user_unfollow(username):
user = get_object_or_404(User, User.username == username)
Relationship.delete().where(
Relationship.from_user == auth.get_logged_in_user(),
Relationship.to_user == user,
).execute()
flash('You are no longer following %s' % user.username)
return redirect(url_for('user_detail', username=user.username))
def profile_settings(username):
user = get_object_or_404(User, User.username == username)
# user.first_name = request.form['first_name']
# user.last_name = request.form['last_name']
# user.password = request.form['password']
# user.email = request.form['email']
return render_template('profile-settings.html', user = user)
def delete(self, id):
'''Delete a person.'''
person = get_object_or_404(Person, Person.id == int(id))
pid = person.id
person.delete_instance()
return jsonify({
"message": "Successfully deleted person.",
"id": pid
}), 200
def user_detail(user_id):
teams = [t for t in Team.select() if can(auth.get_logged_in_user(),READ,t)]
user = get_object_or_404(User, User.id == user_id)
ensure(READ,user)
scores = Score.select().where(Score.user == user).order_by(Score.created_at.desc())
users = [u for u in User.select().where(User.team == user.team) if can(auth.get_logged_in_user(),READ,u)]
pq = PaginatedQuery(scores, 20)
last_date = datetime.now() - timedelta(days=5)
return render_template("index.html", active_user=user, teams=teams, users=users, pagination=pq, page=pq.get_page(), active_team = user.team, weeks = [w for w in Week.select().where(Week.end > last_date) if not has_score(w.score_set)])
def edit(message_id):
user = auth.get_logged_in_user()
message = get_object_or_404(Message, user=user, id=message_id)
if request.method == 'POST' and request.form['content']:
message.content = request.form['content']
message.save()
flash('Your changes were saved')
return redirect(url_for('user_detail', username=user.username))
return render_template('edit.html', message=message)
def detail(slug):
piece = get_object_or_404(Piece.select().where(Piece.slug == slug))
images = PieceImage.select().where(PieceImage.piece == piece)
return render_template(
'detail.html',
piece=piece,
images=images,
available_sizes=app.config['AVAILABLE_SIZES'],
stripe_key=app.config['STRIPE_KEYS']['publishable_key']
)
def edit(message_id):
user = auth.get_logged_in_user()
message = get_object_or_404(Message, Message.user == user, Message.id == message_id)
if request.method == "POST" and request.form["content"]:
message.content = request.form["content"]
message.save()
flash("Your changes were saved")
return redirect(url_for("user_detail", username=user.username))
return render_template("edit.html", message=message)
def edit(message_id):
user = auth.get_logged_in_user()
message = get_object_or_404(Message, Message.user==user, Message.id==message_id)
if request.method == 'POST' and request.form['content']:
message.content = request.form['content']
message.save()
flash('Your changes were saved')
return redirect(url_for('user_detail', username=user.username))
return render_template('edit.html', message=message)
def getNotes(note_id=None):
user = auth.get_logged_in_user()
notes = Note.select().where(Note.user == user).order_by(
Note.created_date.desc())
context = {
'notes': notes,
}
if note_id:
note = get_object_or_404(Note, Note.user == user, Note.id == note_id)
context['note'] = note
return render_template('notes.html', context=context)
def homepage():
teams = [t for t in Team.select() if g.user.can(READ,t)]
if not teams:
abort(404)
current_team = get_object_or_404(Team, Team.id == int(
request.args.get('t'))) if request.args.has_key('t') else teams[0]
ensure(READ,current_team)
users = [u for u in User.select().where(User.team == current_team, User.active == True) if g.user.can(READ,u)]
return render_template("index.html", teams=teams, users=users, active_team=current_team)
def api_vote(self, pk):
"""API for Movote"""
obj = get_object_or_404(self.get_query(), self.pk == pk)
data = request.data or request.form.get("data") or ''
data = self.data_precheck(data, VoteForm)
if not g.user:
return self.response_forbidden()
obj.add_vote(g.user, data['film_id'])
obj.save()
return self.response({})
def api_reserve(self, pk):
"""API to reserve a disk"""
obj = get_object_or_404(self.get_query(), self.pk == pk)
data = request.data or request.form.get('data') or ''
new_log = Log(model='Disk', log_type='reserve', model_refer=obj.id)
if request.method == 'POST':
data = self.data_precheck(data, ReserveForm)
# reserve the disk
obj.reserve(g.user, data['form'])
new_log.user_affected = g.user
if data['form'] == 'Counter':
new_log.content = ("member %s reserves disk"
" %s (counter)") % \
(g.user.itsc, obj.get_callnumber())
elif data['form'] == 'Hall':
new_log.content = ("member %s reserves disk"
" %s (Hall %d %s). remarks: %s") %\
(
g.user.itsc,
obj.get_callnumber(),
data.get('hall', ''),
data.get('room', ''),
data.get('remarks', '')
)
# send email to reminder exco to deliver disk
mail_content = render_template(
'exco_reserve.html', disk=obj, member=g.user,
data=data, time=str(datetime.now()))
sq = Exco.select().where(
Exco.hall_allocate % ("%%%d%%" % int(data.get('hall', '*'))))
send_email(
['*****@*****.**'] + [x.email for x in sq], [],
"Delivery Request", mail_content)
elif request.method == 'DELETE':
# clear reservation
if not self.check_delete(obj):
return self.response_forbidden()
new_log.content = "clear reservation for disk %s" % obj.get_callnumber()
new_log.admin_involved = g.user
new_log.user_affected = obj.reserved_by
obj.clear_reservation()
obj.save()
new_log.save()
return self.object_detail(obj)
def api_detail(self, pk, method=None):
obj = get_object_or_404(self.get_query(), self.pk == pk)
method = method or request.method
if not getattr(self, 'check_%s' % method.lower())(obj):
return self.response_forbidden()
if method == 'GET':
return self.object_detail(obj)
elif method in ('PUT', 'POST'):
return self.edit(obj)
elif method == 'DELETE':
return self.delete(obj)
def save_score(user_id):
user = get_object_or_404(User, User.id == user_id)
week = Week.get(Week.id==int(request.form.get("week")))
ensure(EDIT,user)
Score.create(
user = user,
self_score = request.form.get("score"),
week_start = week.start,
week_end = week.end,
week = week,
self_memo = request.form.get("self_memo")
)
return redirect(url_for('user_detail',user_id=user_id))
def api_detail(self, pk, method=None):
obj = get_object_or_404(self.get_query(), self.pk==pk)
method = method or request.method
if not getattr(self, 'check_%s' % method.lower())(obj):
return self.response_forbidden()
if method == 'GET':
return self.object_detail(obj)
elif method in ('PUT', 'POST'):
return self.edit(obj)
elif method == 'DELETE':
return self.delete(obj)
def api_detail(self, pk, method=None):
obj = get_object_or_404(self.get_query(), **{self.model._meta.pk_name: pk})
method = method or request.method
if not getattr(self, "check_%s" % method.lower())(obj):
return self.response_forbidden()
if method == "GET":
return self.object_detail(obj)
elif method in ("PUT", "POST"):
return self.edit(obj)
elif method == "DELETE":
return self.delete(obj)
def put(self, id):
'''Update an item.'''
item = get_object_or_404(Item, Item.id == id)
# Update item
item.name = request.json.get("name", item.name)
item.checked_out = request.json.get("checked_out", item.checked_out)
if request.json.get("person_id"):
person = Person.get(Person.id == int(request.json['person_id']))
item.person = person or item.person
else:
item.person = None
item.updated = datetime.utcnow()
item.save()
return jsonify({"message": "Successfully updated item.",
"item": ItemSerializer(item).data})
def account_list():
if request.method == 'POST':
uid = request.form.get('uid')
username = request.form.get('username')
password = request.form.get('password')
if not (username and password):
flash(u'缺少字段', 'danger')
else:
if uid:
user = get_object_or_404(User, (User.id == uid))
else:
user = User()
user.username = username
user.set_password(password)
if user.save():
flash(u'操作成功', 'success')
return render_template('accounts.html')
def api_vote(self, pk):
"""API for Shoppingvote"""
obj = get_object_or_404(self.get_query(), self.pk == pk)
data = request.data or request.form.get("data") or ''
'''
SYS: data precheck only checks if the request data is integrate.
it won't bother if the data is logical or legal.
'''
data = self.data_precheck(data, ShoppingVoteForm)
if not g.user:
return self.response_forbidden()
votes_left=obj.add_vote(g.user, data['film_id'])
obj.save()
return self.response({"votes_left":votes_left,})
def put(self, id):
'''Update an item.'''
item = get_object_or_404(Item, Item.id == id)
# Update item
item.name = request.json.get("name", item.name)
item.checked_out = request.json.get("checked_out", item.checked_out)
if request.json.get("person_id"):
person = Person.get(Person.id == int(request.json['person_id']))
item.person = person or item.person
else:
item.person = None
item.updated = datetime.utcnow()
item.save()
return jsonify({
"message": "Successfully updated item.",
"item": ItemSerializer(item).data
})
def begin_exam(self):
eid = request.args.get('eid')
user = auth.get_logged_in_user()
exam = get_object_or_404(self.get_query(), self.pk == eid)
if user in exam.users:
if self.already_taken(user, exam):
return ALREADY_TAKEN_EXAM_RESPONSE
else:
choices = exam.test_paper.choices
response = {
'problem': [model_to_dict(choice, exclude=(Choice.answer, Choice.case_type, Choice.id)) for choice
in choices],
'token': self.make_token(exam)
}
return self.response(response)
else:
return NOT_PERMITTED_RESPONSE
def api_apply(self, pk):
"""API to apply for a ticket"""
obj = get_object_or_404(self.get_query(), self.pk == pk)
data = request.data or request.form.get("data") or ''
if not g.user:
return self.response_forbidden()
data = self.data_precheck(data, ApplyTicketForm)
obj.add_application(g.user, data)
Log.create(
model="PreviewShowTicket", log_type='apply',
model_refer=obj.id, user_affected=g.user,
content=("member %s apply for ticket id=%d" %
(g.user.itsc, obj.id))
)
return self.response({})
def submit(self):
eid = request.json['eid']
token = request.json['token']
answers = request.json['answers']
user = auth.get_logged_in_user()
exam = get_object_or_404(self.get_query(), self.pk == eid)
if self.check_token(exam, token):
if self.already_taken(user, exam):
return ALREADY_TAKEN_EXAM_RESPONSE
else:
choices = exam.test_paper.choices
counter = 0
for idx, choice in enumerate(choices):
counter += choice.answer == answers[idx]
score = counter / len(choices) * 100
report = Report.create(user=user, exam=exam, score=score)
return self.response(model_to_dict(report, only=(Report.score,)))
else:
return NOT_PERMITTED_RESPONSE
def address():
address_form = AddressForm(request.form)
user = auth.get_logged_in_user()
address = get_object_or_404(Address, Address.user == user)
if request.method == "POST":
address = address.update(
street=request.form["street"],
zipcode=request.form["zipcode"],
state=request.form["state"],
country=request.form["country"]).where(address.user == user)
address.execute()
flash("Address successfully saved")
return redirect(url_for("dashboard"))
elif request.method =="GET":
street = address.street
zipcode = address.zipcode
state = address.state
country = address.country
return render_template("address.html", street=street, zipcode=zipcode, state=state, country=country, address_form=address_form)
def addfragment(imageid, *context):
"""
if HTTP verb is POST a new fragment is saved for a specific imageid
the annotation being saved depends on the type of annotation
in the frontend in these steps:
- create imagefragment
- create metadata for the fragment
- create annotation for the fragment depending on annotation type
(everything not is not identified by a specific context of the frontend,
is being annotated using key-value pairs)
if HTTP verb is GET the user is being redirected to the image
***TODO***
the typ of annotation data should not depend on the frontend to enable
using this trough the API --> further improvement needed!
"""
image = get_object_or_404(Image, id=imageid)
if request.method == 'POST' and request.form['xvalue']:
imgfrag = imgc.add_fragment(image, [request.form['xvalue'], request.form['yvalue']])
namespace = request.args.get('namespace')
fragmeta = imgc.add_metadata(imgfrag, namespace)
if request.args.get('context') == "person":
imgc.add_annotation(fragmeta, 'name', request.form['name'])
imgc.add_annotation(fragmeta, 'homepage', request.form['homepage'])
elif request.args.get('context') == "location":
imgc.add_annotation(fragmeta, 'locationLabel', request.form['locationLabel'])
imgc.add_annotation(fragmeta, 'locationLink', request.form['locationLink'])
elif (request.args.get('context') == "relation") or (request.args.get('context') == "media"):
imgc.add_annotation(fragmeta, 'targetLabel', request.form['targetLabel'])
imgc.add_annotation(fragmeta, 'targetLink', request.form['targetLink'])
else:
annokey = request.form['key']
value = request.form['value']
imgc.add_annotation(fragmeta, annokey, value)
flash('Das Fragment wurde erfolgreich angelegt!')
return redirect(url_for('image_detail', imageid=imageid))
return render_template('image_detail.html', img=image)
def update_score(user_id,score_id):
with db.database.transaction():
score = get_object_or_404(Score, Score.id == score_id)
ensure(EDIT,score)
score.rater = auth.get_logged_in_user()
score.score = request.form.get("score")
score.memo = request.form.get("memo")
score.save()
ScoreHistory.create(
rater = auth.get_logged_in_user(),
score = score,
history = request.form.get("score")
)
Score.get_or_create(
user = g.user,
week = score.week,
week_start = score.week_start,
week_end = score.week_end
)
return redirect(url_for('user_detail',user_id=user_id))
def adduri(imageid):
"""
if HTTP verb is POST a new fragment is saved for a specific imageid
the annotation being saved depends on the type of annotation
in the frontend
***TODO***
the typ of annotation data should not depend on the frontend to enable
using this trough the API --> further improvement needed!
"""
image = get_object_or_404(Image, id=imageid)
if request.method == 'POST' and request.form['imguri']:
if imgc.add_imageuri(request.form['imguri'], image) == True:
flash('Die URI wurde erfolgreich hinzugefuegt.')
return redirect(url_for('image_detail', imageid=imageid))
else:
flash('Diese URI existiert bereits fuer dieses Bild - bitte waehle eine andere.', 'error')
return redirect(url_for('image_detail', imageid=imageid))
return render_template('image_detail.html', img=image)
def api_particip(self, pk):
"""API to note down participants of a regular film show"""
obj = get_object_or_404(self.get_query(), self.pk == pk)
data = request.data or request.form.get("data") or ''
if not self.check_post(obj):
return self.response_forbidden()
data = self.data_precheck(data, SubmitUserForm)
# existence has been verified
user = User.select().where(User.id == data['id']).get()
obj.signin_user(user)
user.save()
obj.save()
Log.create(
model="RegularFilmShow", model_refer=obj.id,
log_type="entry", user_affected=user, admin_involved=g.user,
content="member %s enter RFS" % user.itsc)
return self.response({})
def city_detail(city_id):
city = get_object_or_404(City, id=city_id)
obj_list = Pinche.select().where(city=city).order_by('pub_date')
return object_list('city_detail.html', obj_list, "obj_list")
def delete_entry(note_id):
user = auth.get_logged_in_user()
note = get_object_or_404(Note, Note.user == user, Note.id == note_id)
note.delete_instance()
return redirect(url_for('getNotes'))
def pinche_detail(pinche_id):
obj = get_object_or_404(Pinche, id=pinche_id)
return render_template('pinche_detail.html', obj=obj)
def news_detail(news_id):
obj = get_object_or_404(OursNews, id=news_id)
return render_template('news_detail.html', obj=obj)
