def validate(self):
if not Form.validate(self):
return False
user = db.get_user_by_username(self.username.data)
if user is not None:
self.username.errors.append("Username exists")
return False
return True
def validate(self):
if not Form.validate(self):
return False
self.user = db.get_user_by_username(self.username.data)
if self.user is None:
self.username.errors = ("Unknown username",)
return False
if not check_password_hash(self.user.passwd, self.password.data):
self.password.errors = ("Invalid password",)
return False
return True
def validate(self):
rv = Form.validate(self)
if not rv:
return False
link = self.link.data
title = self.title.data
description = self.description.data
tags = map(lambda x: {"name": x.strip()}, self.tags.data.split(","))
# TODO : add id control if create is False (modification mode need a
# valid bookmark id)
self.bookmark = ItemBookmark(ptags=tags, plink=link, ptitle=title, pdescription=description, json=True)
return True
def validate(self):
rv = Form.validate(self)
if not rv:
return False
link = self.link.data
title = self.title.data
description = self.description.data
tags = map(lambda x: {'name': x.strip()}, self.tags.data.split(','))
# TODO : add id control if create is False (modification mode need a
# valid bookmark id)
self.bookmark = ItemBookmark(ptags=tags, plink=link, ptitle=title,
pdescription=description, json=True)
return True
def validate(self):
if not Form.validate(self):
return False
try:
self.short_path = json.loads(self.short_path_json.data)
except ValueError:
# TODO logging
self.comment.errors.append("Server upload error")
return False
# sanity check for short path
for elem in self.short_path:
if type(elem) != list or len(elem) != 2:
self.comment.errors.append("Server upload error")
return False
return True
def validate(self):
rv = Form.validate(self)
if not rv:
return False
print self.admin
user = User(self.admin.data)
if user is None:
self.admin.errors.append('Unknown admin')
return False
if not user.check_password(self.password.data):
self.password.errors.append('Invalid password')
return False
return True
def validate(self):
# regular validation
rv = Form.validate(self)
if not rv:
return False
user = User.query.filter_by(username=self.login_username.data).first()
if user is None:
self.login_username.errors.append('unknown username or invalid password')
return False
if not user.check_password(self.login_password.data):
self.password.errors.append('unknown username or invalid password')
return False
self.user = user
return True
def validate(self):
rv = Form.validate(self)
if not rv:
return False
pseudo = self.login.data
password = self.password.data
password_confirmation = self.password_confirmation.data
if password != password_confirmation:
self.password.errors.append('Passwords mismatch')
self.password_confirmation.errors.append('Passwords mismatch')
return False
self.user = User(pseudo, password)
return True
def inject_common_values():
form = Form()
ga_id = app.config['CDW']['google_analytics_id']
ga_id = None if ga_id == 'None' or ga_id == '' else ga_id
intro_video_id = app.config['CDW']['intro_video_id']
return {
'facebook_app_id':
app.config['SOCIAL_PROVIDERS']['facebook']['oauth']['consumer_key'],
'google_analytics_id':
ga_id,
'media_root':
app.config['MEDIA_ROOT'],
'csrf_token':
form.csrf.data,
'intro_video_id':
intro_video_id,
'local_request':
app.config['LOCAL_REQUEST']
}
def validate(self):
rv = Form.validate(self)
if not rv:
return False
pseudo = self.login.data
password = self.password.data
try:
user_exists(self, self.login)
user = check_password(pseudo, password)
if user is None:
self.password.errors.append('Wrong password.')
return False
except ValidationError:
self.login.errors.append('Unknow user.')
return False
self.user = user
return True
def validate(self):
if not Form.validate(self):
return False
f_sgf = None
if self.url.data:
try:
f_sgf = urllib.urlopen(self.url.data)
except IOError:
self.url.errors = ("Invalid url.",)
return False
elif self.file.data:
f_sgf = self.file.data
if not f_sgf.filename.endswith("sgf"):
self.url.errors = ("Invalid file extension. Expected .sgf file.",)
return False
else:
self.url.errors = ("One of the fields must be filled.",)
return False
assert(f_sgf)
self.sgf = f_sgf.read()
return True
def __init__(self, *args, ** kwargs):
Form.__init__(self, *args, ** kwargs)
self.user = None
def __init__(self, *a, **k):
Form.__init__(self, *a, **k)
self.short_path = None
def __init__(self, *a, **k):
Form.__init__(self, *a, **k)
self.sgf = None
def __init__(self):
Form.__init__(self, id="frmUpdate")
def __init__(self, *args, **kwargs):
Form.__init__(self, *args, **kwargs)
if not self.next.data:
self.next.data = get_redirect_target() or ''
def __init__(self, *args, **kwargs):
Form.__init__(self, *args, **kwargs)
if not self.next.data:
self.next.data = get_redirect_target() or ''
def userlist(page = 1, pending = False, sponsored = False, rolloffs = False):
# We need to make sure sponsors without admin/labstaff permissions don't go
# browsing through all the users data
domains = g.user.get_domains()
if ((sponsored and 'sponsor' not in domains) or
(not sponsored and (not g.user_is_labstaff) and (not g.user_is_admin)) or
(rolloffs and (not g.user_is_labstaff) and (not g.user_is_admin))):
flash("Unauthorized.")
return redirect('index')
if (pending or rolloffs) and request.method == "POST":
form = Form(request.form)
if not form.validate():
flash("There was an error with your submission.")
redirect(request.url)
users = [user for user, value in request.form.iteritems() if value == 'approve']
if rolloffs:
users = [user for user, value in request.form.iteritems()]
users = [User.username == user for user in users]
if len(users) > 0:
query = User.query.filter(or_(*users))
if sponsored:
# Filter and make sure we only get this sponsors users, for security
query = query.filter(User.sponsor == g.user.username)
users = query.all()
for user in users:
if sponsored:
user.status = 'pending_labstaff'
elif rolloffs:
user.status = 'pending_rolloff'
else:
user.status = 'pending_create'
db.session.add(user)
db.session.commit()
# here we handle denying accounts:
users = [user for user, value in request.form.iteritems() if value == 'deny']
users = [User.username == user for user in users]
if len(users) > 0:
query = User.query.filter(or_(*users))
if sponsored:
query = query.filter(User.sponsor == g.user.username)
users = query.all()
for user in users:
# send rejection emails, silent reject if comments are empty
if sponsored:
mail.sponsor_reject(user)
elif g.user_is_admin:
mail.admin_reject(user)
# drop rejected users
db.session.delete(user)
db.session.commit()
query = User.query
sort = 'username'
sort_col = User.username
sort_dir = asc
cols = {'username' : User.username,
'uid' : User._uid,
'sponsor' : User.sponsor,
'email' : User.email,
'name' : User.last_name,
'last_name' : User.last_name,
'first_name' : User.first_name,
'status' : User.status,
'grad_date' : User._grad_date}
# Let's make the filter form
class FilterForm(Form):
pass
for field, col in cols.iteritems():
setattr(FilterForm, field, TextField())
filter_form = FilterForm(request.args)
if 'sort' in request.args:
if request.args['sort'] in cols:
sort = request.args['sort']
sort_col = cols[request.args['sort']]
if 'dir' in request.args and request.args['dir'] == 'desc':
sort_dir = desc
if sponsored:
query = query.filter(User.sponsor == g.user.username)
if pending:
query = query.filter(User.status == 'pending_sponsor')
else:
query = query.filter(User.status != 'pending_sponsor')
elif rolloffs:
now = date.today()
query = query.filter(User._grad_date <= now)
query = query.filter(User.status != 'pending_sponsor')
query = query.filter(User.status != 'pending_labstaff')
query = query.filter(User.status != 'pending_rolloff')
else:
if pending:
query = query.filter(User.status == 'pending_labstaff')
# else:
# query = query.filter(User.status != 'pending_labstaff')
# query = query.filter(User.status != 'pending_sponsor')
for field, col in cols.iteritems():
if field in request.args:
if request.args[field].strip() == "":
continue
query = query.filter(col.like(request.args[field].strip()))
query = query.order_by(sort_dir(sort_col))
page = query.paginate(page)
if pending:
# Patch a Form. This allows us to keep our CSRF protection
class F(Form):
pass
for user in page.items:
setattr(F, user.username, RadioField(choices=[('approve', 'Approve'), ('postpone', 'Postpone'), ('deny', 'Deny')], validators=[validators.Required()]))
# Flask-WTForms likes to pull data from request.form. Force it not to.
form = F(ImmutableMultiDict())
# We do this after the fact so WTForms can do some of its binding
for user in page.items:
user.radio = getattr(form, user.username)
user.radio.data = 'postpone'
if sponsored:
template = 'sponsorship_requests.html'
else:
template = 'list_pending_users.html'
elif rolloffs:
class rolloffCheckbox(Form):
pass
for user in page.items:
setattr(rolloffCheckbox, user.username, BooleanField())
form = rolloffCheckbox(ImmutableMultiDict())
for user in page.items:
user.checkbox = getattr(form, user.username)
template = 'list_upcoming_rolloffs.html'
else:
form = Form()
if sponsored:
template = 'sponsored_users.html'
else:
template = 'userlist.html'
return render_template(template, page=page, sort=sort, sort_dir='asc' if sort_dir == asc else 'desc', form=form, filter_form=filter_form)
def __init__(self, *args, **kwargs):
kwargs['csrf_enabled'] = False
Form.__init__(self, *args, **kwargs)
def __init__(self, *a, **k):
Form.__init__(self, *a, **k)
self.user = None
def __init__(self, formdata=None, obj=None, prefix='', **kwargs):
agent_type_id = AgentType.query.filter_by(name=obj['agent_type']).one().agent_type_id
kwargs.setdefault('agent_type', agent_type_id)
Form.__init__(self, formdata, obj, prefix, **kwargs)