def add_template(client_id: int):
client = Client.query.filter_by(id=client_id).one()
if not current_user.manages(client):
abort(403)
form = TemplateCreateNewForm()
context = dict(form=form, client=client)
if form.validate_on_submit():
data = dict(form.data)
data.pop('csrf_token', None)
file = data.pop('file')
filename = "{}.{}".format(uuid4(), file.filename.split('.')[-1])
data['file'] = filename
upload_path = client.template_path()
if not os.path.exists(upload_path):
os.makedirs(upload_path)
try:
Template(client=client, **data)
db.session.commit()
file.save(os.path.join(upload_path, filename))
return redirect_back('.edit', client_id=client_id)
except IntegrityError:
form.name.errors.append('Name already used')
db.session.rollback()
return render_template('clients/add_template.html', **context)
def edit(assessment_id):
assessment: Assessment = Assessment.query.filter_by(id=assessment_id).one()
if not current_user.owns(assessment) and not current_user.manages(
assessment.client):
abort(403)
if request.form:
form = AssessmentForm(request.form)
else:
form = AssessmentForm(**assessment.to_dict(),
auditors=assessment.auditors)
form.auditors.choices = User.get_choices(
User.user_type.in_(valid_auditors))
context = dict(assessment=assessment, form=form)
if form.validate_on_submit():
data = dict(form.data)
data.pop('csrf_token', None)
auditors = data.pop('auditors', [])
assessment.set(**data)
assessment.auditors.clear()
assessment.auditors.extend(auditors)
return redirect_back('.index')
return render_template('assessments/edit.html', **context)
def delete(assessment_id):
assessment = Assessment.query.filter_by(id=assessment_id).one()
if not current_user.owns(assessment) and not current_user.manages(
assessment.client):
abort(403)
assessment.delete()
return redirect_back('.index')
def delete_template(client_id: int, template_name):
client = Client.query.filter_by(id=client_id).one()
if not current_user.manages(client):
abort(403)
template = Template.query.filter_by(name=template_name,
client=client).one()
os.remove(os.path.join(client.template_path(), template.file))
template.delete()
return redirect_back('.edit', client_id=client_id)
def export(assessment_id):
assessment: Assessment = Assessment.query.filter_by(id=assessment_id).one()
if not current_user.owns(assessment) and not current_user.manages(
assessment.client):
abort(403)
return Response(assessment.to_json(max_nesting=5),
mimetype='application/json',
headers={
'Content-Disposition':
f'attachment;filename=assessment-{assessment_id}.json'
})
def download_template(client_id: int, template_name):
client = Client.query.filter_by(id=client_id).one()
if not current_user.manages(client):
abort(403)
template = Template.query.filter_by(name=template_name,
client=client).one()
return send_from_directory(client.template_path(),
template.file,
as_attachment=True,
attachment_filename="{}.{}".format(
template.name,
template.file.split('.')[-1]))
def edit(client_id: int):
client: Client = Client.query.filter_by(id=client_id).one()
if not current_user.manages(client):
abort(403)
if request.form:
form = ClientForm(request.form)
else:
form = ClientForm(**client.to_dict(),
managers=client.managers,
auditors=client.auditors,
templates=client.templates)
form.managers.choices = User.get_choices(
User.user_type.in_(valid_managers))
form.auditors.choices = User.get_choices(
User.user_type.in_(valid_auditors))
form.templates.choices = Template.get_choices()
change_owner_form = ClientChangeOwnerForm(owner=client.creator)
change_owner_form.owner.choices = User.get_choices(
User.user_type.in_(valid_managers))
context = dict(form=form,
change_owner_form=change_owner_form,
client=client)
if form.validate_on_submit():
data = dict(form.data)
data.pop('csrf_token', None)
managers = data.pop('managers', [])
auditors = data.pop('auditors', [])
templates = data.pop('templates', [])
client.set(**data)
client.managers.clear()
client.managers.extend(managers)
client.auditors.clear()
client.auditors.extend(auditors)
client.templates.clear()
client.templates.extend(templates)
return redirect_back('.index')
return render_template('clients/details.html', **context)