Пример #1
0
def search_rcis(search_string, logged_in_user):
    """
    Performs a full-text-search for rcis using the rci_index table
    """

    # Only those with the MODERATE_RCIS permission can do this
    if not user_can(Permission.MODERATE_RCIS, logged_in_user):
        raise Unauthorized('You do not have sufficient permissions '
                           'to perform an rci search')

    # If they did not have a search term, return an empty list
    if search_string is None or search_string.strip() == "":
        return []

    # Quote the search string. See https://sqlite.org/fts5.html
    # Not doing this would treat the hyphen character `-` as a column modifier
    search_string = '"{}"'.format(search_string)

    search_results = datastore.query(
        'select * '
        'from rci_index '
        'where rci_index = ?', (search_string, ))

    rcis = []

    for result in search_results:
        rcis.append(get_rci_by_id(rci_id=result['rci_id'], full=True))

    return rcis
Пример #2
0
def get_rcis_for_user(user_id, logged_in_user):
    """
    Fetch the rcis for which the user `user_id` is a collaborator.
    """

    throw_if_not_valid_uuid(user_id)

    # You can only lookup rcis for a user if
    # 1 - That user is you OR
    # 2 - You have permissions to MODERATE_RCIS
    if (user_can(Permission.MODERATE_RCIS, logged_in_user)):
        pass
    else:
        if user_id != logged_in_user['user_id']:
            raise Unauthorized('You do not have sufficient permissions '
                               'to lookup rcis for someone else.')

    user = get_user_record(user_id)

    rci_ids = [
        x['rci_id'] for x in datastore.query(
            'select rci_id '
            'from rci_collabs '
            'where user_id = ?', (user_id, ))
    ]

    rcis = []

    for rci_id in rci_ids:
        rcis.append(get_rci_by_id(rci_id, full=True))

    return rcis
Пример #3
0
def delete_damage(damage_id, logged_in_user):
    """
    Delete a damage record
    """
    damage = common.get_damage_record(damage_id)

    rci = common.get_rci_record(damage['rci_id'])

    rci_id = rci['rci_id']

    # Cannot delete a damage if the rci is locked
    if rci['is_locked']:
        raise Unauthorized('rci {} is locked'.format(rci_id))

    # Check that the user is one of the following
    # (a) a collaborator on the rci OR
    # (b) has Permission.MODERATE_DAMAGES
    if (user_can(Permission.MODERATE_DAMAGES, logged_in_user)):
        pass
    else:
        rci_collaborators = [
            x['user_id'] for x in common.get_rci_collaborators(rci_id)
        ]

        if logged_in_user['user_id'] not in rci_collaborators:
            raise Unauthorized('You cannot delete damages from this rci.'
                               'Please ask to be added to the list of '
                               'collaborators')

    datastore.query('delete from damages '
                    'where damage_id = ?', (damage_id, ))

    return damage
Пример #4
0
    def handle_admin_permission_check(*args, **kwargs):
        user = g.user

        if not user_can(permissions=Permission.MODERATE_SYSTEM, user=user):
            return redirect(url_for('dashboard.main'))
        else:
            return func(*args, **kwargs)
Пример #5
0
def main():
    """
    The "homepage". This is what a user sees when they first log-in.
    """
    logged_in_user = g.user

    # 1 - Fetch user settings for default buildings the user can view.
    #     1.1 If such a setting does not exist, default to all buildings
    # 2 - Try to fetch the rcis for the list of buildings we have.
    #     2.1 - If the call fails with `Unauthorized`, the user has no such access
    #           Fetch their own rcis only

    user_settings = libuser.get_user_settings(
        user_id=logged_in_user['user_id'])

    building_list = user_settings['default_buildings']

    if building_list is None:
        building_list = list(libroom.get_building_manifest().keys())

    try:
        rcis = librci.get_rcis_for_buildings(buildings=building_list,
                                             logged_in_user=logged_in_user)
    except Unauthorized:
        rcis = librci.get_rcis_for_user(user_id=logged_in_user['user_id'],
                                        logged_in_user=logged_in_user)

    user_permissions = libuser.get_user_permissions(
        user_id=logged_in_user['user_id'])

    display_search = user_can(permissions=Permission.MODERATE_RCIS,
                              user=logged_in_user)

    display_system_settings = user_can(permissions=Permission.MODERATE_SYSTEM,
                                       user=logged_in_user)

    return render_template('dashboard/main.html',
                           rcis=rcis,
                           display_search=display_search,
                           display_system_settings=display_system_settings)
Пример #6
0
def unlock_rci(rci_id, logged_in_user):
    """
    Un-Freeze an rci, making it editable again 
    """
    # We will fail with a clear error here if the rci doesn't exist
    rci = get_rci_record(rci_id)

    # You can only unlock an rci if
    # you have permission to MODERATE_RCIS
    if not user_can(Permission.MODERATE_RCIS, logged_in_user):
        raise Unauthorized('You do not have sufficient permissions '
                           'to unlock this rci')

    # Go ahead and unlock it up
    datastore.query('update rcis '
                    'set is_locked = 0 '
                    'where rci_id = ?', (rci_id, ))
Пример #7
0
def lock_rci(rci_id, logged_in_user):
    """
    Freeze an rci, preventing it from being modified
    """
    # We will fail with a clear error here if the rci doesn't exist
    rci = get_rci_record(rci_id)

    # You can only lock an rci if
    # you have permission to MODERATE_RCIS
    if not user_can(Permission.MODERATE_RCIS, logged_in_user):
        raise Unauthorized('You do not have sufficient permissions '
                           'to lock this rci')

    # Go ahead and lock it up
    datastore.query('update rcis '
                    'set is_locked = 1 '
                    'where rci_id = ?', (rci_id, ))
Пример #8
0
def create_rci(user_id, building_name, room_name, logged_in_user):
    """
    Creates a new rci record for a room.

    The user who created it is added to the list of collaborators on 
    this rci

    Multiple rcis can exist for the same room
    """
    # You can only create rcis for someone else if you have
    # permissions to MODERATE_RCS or you are creating an
    # rci for youself.
    if (user_can(Permission.MODERATE_RCIS, logged_in_user)):
        pass
    else:
        if user_id != logged_in_user['user_id']:
            raise Unauthorized('You do not have permissions '
                               'to create an rci for someone else.')

    new_rci_id = str(uuid.uuid4())

    rci_insert_args = {
        'rci_id': new_rci_id,
        'room_name': room_name,
        'building_name': building_name,
        'created_at': datetime.utcnow(),
        'created_by': logged_in_user['user_id']
    }

    rci_collab_insert_args = {'rci_id': new_rci_id, 'user_id': user_id}

    # Create the rci document
    datastore.query(
        'insert into rcis '
        '(rci_id, building_name, room_name, created_at, created_by) '
        'values '
        '(:rci_id,:building_name,:room_name,:created_at,:created_by)',
        rci_insert_args)

    # Add the user as an a collaborator for the rci
    datastore.query(
        'insert into rci_collabs(rci_id, user_id) '
        'values(:rci_id, :user_id);', rci_collab_insert_args)

    # Fetch the newly created rci
    return get_rci_by_id(new_rci_id, full=True)
Пример #9
0
def create_damage(logged_in_user, rci_id, item, text, image_url):
    """
    Record a damage on the rci 
    """
    rci = common.get_rci_record(rci_id)

    # Cannot record a damage if the rci is locked
    if rci['is_locked']:
        raise Unauthorized('Rci {} is locked'.format(rci_id))

    # Check that the user is one of the following
    # (a) a collaborator on the rci OR
    # (b) has Permission.MODERATE_DAMAGES
    if (user_can(Permission.MODERATE_DAMAGES, logged_in_user)):
        pass
    else:
        rci_collaborators = [
            x['user_id'] for x in common.get_rci_collaborators(rci_id)
        ]

        if logged_in_user['user_id'] not in rci_collaborators:
            raise Unauthorized('You cannot record damage on this rci.'
                               'Please ask to be added to the list of '
                               'collaborators')

    damage_insert_args = {
        'damage_id': str(uuid.uuid4()),
        'rci_id': rci_id,
        'item': item,
        'text': text,
        'image_url': image_url,
        'created_by': logged_in_user['user_id'],
        'created_at': datetime.utcnow()
    }

    datastore.query(
        'insert into '
        'damages(damage_id, rci_id, item, text, image_url, created_by, created_at) '
        'values(:damage_id,:rci_id,:item,:text,:image_url,:created_by,:created_at) ',
        damage_insert_args)

    return common.get_damage_record(damage_insert_args['damage_id'])
Пример #10
0
def get_rcis_for_buildings(buildings, logged_in_user):
    """
    Fetch the rcis for the specified buildings
    """

    # Only users that have the MODERATE_RCIS permission can do this
    if not user_can(Permission.MODERATE_RCIS, logged_in_user):
        raise Unauthorized('You do not have sufficient permissions '
                           'to lookup rcis for a building.')

    rci_ids = [
        x['rci_id'] for x in datastore.query(
            'select rci_id '
            'from rcis '
            'where building_name in ({})'.format(', '.join(
                '?' for i in buildings)), buildings)
    ]

    rcis = []

    for rci_id in rci_ids:
        rcis.append(get_rci_by_id(rci_id, full=True))

    return rcis