def need_verification():
if session.get('user') is None:
return redirect(url_for('blog'))
elif session['user']['verified']:
return redirect(url_for('hub'))
else:
return render_template('forms/unverified.html', user=session['user'])
def html_content(self, current_room=None):
from bottle import html_escape
from utils import url_for
html = ""
for text, refs in self.tokens:
text = html_escape(text)
# highlight matching reference in bold
if any(ref.room_id == current_room.id for ref in refs):
text = '<b>{text}</b>'.format(text=text)
# link non-self single refs
if len(refs) == 1 and refs[0].room_id != current_room.id:
text = '<a href="{url}">{text}</a>'.format(
url=url_for(refs[0].room),
text=text
)
# link all multirefs
elif len(refs) > 1:
text = '<a href="{url}">{text}</a>'.format(
url=url_for('/rooms', qs={
'filter_id': ','.join(str(ref.room_id) for ref in refs)
}),
text=text
)
html += text
return ''.join('<p>' + line.replace('\n', '<br />') + '</p>' for line in html.split('\n\n'))
def html_content(self, current_room=None):
from bottle import html_escape
from utils import url_for
html = ""
for text, refs in self.tokens:
text = html_escape(text)
# highlight matching reference in bold
if any(ref.room_id == current_room.id for ref in refs):
text = '<b>{text}</b>'.format(text=text)
# link non-self single refs
if len(refs) == 1 and refs[0].room_id != current_room.id:
text = '<a href="{url}">{text}</a>'.format(url=url_for(
refs[0].room),
text=text)
# link all multirefs
elif len(refs) > 1:
text = '<a href="{url}">{text}</a>'.format(
url=url_for('/rooms',
qs={
'filter_id':
','.join(str(ref.room_id) for ref in refs)
}),
text=text)
html += text
return ''.join('<p>' + line.replace('\n', '<br />') + '</p>'
for line in html.split('\n\n'))
def verify():
token = request.args.get('token')
if token is None:
return redirect(url_for('need_verification'))
user = users.get(token=token)
if user is None:
abort(404)
else:
users.verify(user['pennkey'])
user['verified'] = True
session['user'] = user
return redirect(url_for('hub'))
def edit_post():
if request.method == 'GET':
post = Post.get(request.args.get('ID'))
return render_template('forms/add_post.html', post=post)
form = request.form.copy()
for key in form.keys():
if len(form[key]) == 0:
del form[key]
if request.files['thumbnail'].filename:
form['thumbnail'] = request.files['thumbnail']
if request.files['image'].filename:
form['image'] = request.files['image']
if form['id'] == form['old_id']:
del form['old_id']
post = Post.get(form['id'])
post.update(form)
else:
old = Post.get(form['old_id'])
del form['old_id']
form['thumbnail'] = old.thumbnail
form['image'] = old.image
old.delete()
Post.add(form)
return redirect(url_for('post', ID=form['id']))
async def test_account_status_with_raw_balance(self, client, db_data):
url = url_for(client,
"status",
resource_kwargs={
"account_uuid": ACC1_UUID,
"raw_balance": 'true'
})
url_raw_balance = url.with_query(raw_balance='true')
resp = await client.get(url_raw_balance)
resp_data = await resp.json()
assert resp.status == 200
assert resp_data == {
'status': 200,
'result': True,
'addition': {
'uuid': '26c940a1-7228-4ea2-a3bc-e6460b172040',
'first_name': 'Иван',
'status': True,
'middle_name': 'Сергеевич',
'balance': 1700.0,
'last_name': 'Петров'
},
'description': {}
}
def signup():
error = None
if request.method == 'GET':
return render_template('forms/signup.html', error=error)
name = request.form['name']
email = request.form['email']
pennkey = request.form['pennkey']
password = request.form['password']
gradyear = request.form['gradyear']
confirm = request.form['confirm_password']
if not (password == confirm):
return render_template('forms/signup.html', error="passwords don't match")
arr = email.split('@')
if len(arr) != 2 or arr[1] not in users.VALID_DOMAINS or arr[0] != pennkey:
return render_template('forms/signup.html', error="invalid email")
user = None
try:
user = users.add(pennkey, password, name, email, gradyear)
except ValueError as err:
return render_template('forms/signup.html', error=str(err))
else:
users.send_verification(pennkey)
session['user'] = user
return redirect(url_for('need_verification'))
def status(request):
busy = lockfile.FileLock(runtests.LOCKFILE_PATH).is_locked()
status = {'busy': busy}
if busy:
latest = Revision.q.order_by(Revision.svn_id.desc()).first()
status['latest'] = utils.url_for('revision_detail', rev=latest.svn_id)
return Context(status)
def add_recap():
if request.method == 'GET':
return render_template('forms/add_recap.html')
recaps.add(request.form.copy())
return redirect(url_for('hub'))
def wrapper(*args, **kwargs):
request = args[0]
c = request.client_session
user = request.client_user_object
if not user:
return redirect(url_for('login'))
else:
result = fn(*args, **kwargs)
return result
def wrapper(*args, **kwargs):
request = args[0]
user = request.client_user_object
if not user:
return redirect(url_for('login'))
else:
user_id = user.user_id
subcategory_name = kwargs['sc_name']
subcategoryquery = session.query(SubCategory).filter(SubCategory.subcategory_name==subcategory_name).all()
if len(subcategoryquery) == 0:
return redirect(url_for('overview'))
else:
subcategory_id = subcategoryquery[0].subcategory_id
## check user permission here
apppermisionquery = session.query(AppPermission).filter(AppPermission.user_id==user_id).filter(AppPermission.subcategory_id==subcategory_id).all()
if len(apppermisionquery) == 0:
return redirect(url_for('setpermissions'))
else:
result = fn(*args, **kwargs)
return result
def wrapper(*args, **kwargs):
request = args[0]
user = request.client_user_object
if not user:
return redirect(url_for('login'))
else:
user_id = user.user_id
category_name = kwargs['c_name']
categoryquery = session.query(Category).filter(Category.category_name==category_name).all()
if len(categoryquery) == 0:
return redirect(url_for('overview'))
else:
category_id = categoryquery[0].category_id
## check user permission here
appfamilypermisionquery = session.query(AppFamilyPermission).filter(AppFamilyPermission.user_id==user_id).filter(AppFamilyPermission.category_id==category_id).all()
if len(appfamilypermisionquery) == 0:
return redirect(url_for('setpermissions'))
else:
result = fn(*args, **kwargs)
return result
def new_message():
"""
Post a new message.
This endpoint is requires a valid user token.
"""
msg = Message.create(request.get_json() or {})
db.session.add(msg)
db.session.commit()
r = jsonify(msg.to_dict())
r.status_code = 201
r.headers['Location'] = url_for('get_message', id=msg.id)
return r
def add_event():
if request.method == 'GET':
return render_template('forms/add_event.html', event=None)
form = request.form.copy()
utils.prune(form)
utils.format_time(form, 'start')
utils.format_time(form, 'end')
events.add(form)
return redirect(url_for('hub'))
def signin():
if request.method == 'GET':
return render_template('forms/signin.html')
pennkey = request.form['pennkey']
password = request.form['password']
user = users.sign_in(pennkey, password)
if user is not None:
session['user'] = user
return redirect(url_for('hub'))
return render_template('forms/signin.html')
def show_ballot_price_edit(ballot_id, db):
ballot = db.query(m.BallotSeason).filter(m.BallotSeason.year == ballot_id).one()
# db.make_transient(ballot)
bands = db.query(m.RoomBand).all()
modifiers = db.query(m.RoomBandModifier).all()
if request.method == 'POST':
postdata = add_structure(request.forms)
band_prices = ballot.band_prices
modifier_prices = ballot.modifier_prices
def do_update():
for id, obj in postdata['bands'].items():
try:
rent = decimal.Decimal(obj['rent'])
except decimal.DecimalException:
rent = None
band = db.query(m.RoomBand).get(id)
if band:
price = next((p for p in band_prices if p.band == band), None)
if rent is not None:
if price:
price.rent = rent
else:
m.RoomBandPrice(band=band, season=ballot, rent=rent)
elif price:
band_prices.remove(price)
for id, obj in postdata['modifiers'].items():
try:
rent = decimal.Decimal(obj['discount'])
except (decimal.DecimalException, TypeError) as e:
rent = None
modifier = db.query(m.RoomBandModifier).get(id)
if modifier:
price = next((p for p in modifier_prices if p.modifier == modifier), None)
if rent is not None:
if price:
price.rent = rent
else:
m.RoomBandModifierPrice(modifier=modifier, season=ballot, discount=rent)
elif price:
modifier_prices.remove(price)
do_update()
return redirect(url_for(ballot))
else:
return template('ballot-edit-prices', ballot_season=ballot, bands=bands, modifiers=modifiers)
def setpermissions3(request):
user = request.client_user_object
user_id = user.user_id
if request.method == 'POST':
selectedsubcategory_ids = request.form.getlist('subcategory')
session.query(AppPermission).filter(AppPermission.user_id==user_id).delete()
for selectedsubcategory_id in selectedsubcategory_ids:
selectedsubcategory = session.query(SubCategory).filter(SubCategory.subcategory_id==selectedsubcategory_id)
newapppermission = AppPermission(user_id, selectedsubcategory_id)
session.add(newapppermission)
session.commit()
else:
return redirect(url_for('setpermissions'))
return render_template('setpermissions3.html')
def edit_event():
if request.method == 'GET':
ID = request.args.get('ID')
event = events.get(ID)
utils.reverse_format_time(event, 'start')
utils.reverse_format_time(event, 'end')
return render_template('forms/add_event.html', event=event)
form = request.form.copy()
utils.prune(form)
utils.format_time(form, 'start')
utils.format_time(form, 'end')
events.update(form['ID'], form)
return redirect(url_for('admin'))
def new_user():
"""
Register a new user.
This endpoint is publicly available.
"""
user = User.create(request.get_json() or {})
if User.query.filter_by(nickname=user.nickname).first() is not None:
abort(400)
db.session.add(user)
db.session.commit()
r = jsonify(user.to_dict())
r.status_code = 201
r.headers['Location'] = url_for('get_user', id=user.id)
return r
async def test_not_found_account_status(self, client, db_data):
url = url_for(client,
"status",
resource_kwargs={"account_uuid": f"{uuid4()}"})
resp = await client.get(url)
resp_data = await resp.json()
assert resp.status == 404
assert resp_data == {
"status": 404,
"result": False,
"addition": {
"error": "Not found"
},
"description": "Account not found"
}
def update():
if request.method == 'GET':
return render_template('forms/update.html', error=None)
pennkey = request.form['pennkey']
password = request.form['password']
name = request.form['name']
email = request.form['email']
gradyear = request.form['gradyear']
user = users.sign_in(pennkey, password)
if user is not None:
users.update(pennkey, name=name, email=email, gradyear=gradyear)
return redirect(url_for('hub'))
return render_template('forms/update.html', error='password incorrect')
def password_reset():
if request.method == 'GET':
return render_template('forms/password_reset.html', error=None)
pennkey = request.form['pennkey']
old_password = request.form['old_password']
password = request.form['password']
confirm = request.form['confirm_password']
if not (password == confirm):
return render_template('forms/password_reset.html', error="passwords don't match")
user = users.sign_in(pennkey, old_password)
if user is not None:
users.update(pennkey, password=password)
return redirect(url_for('hub'))
return render_template('forms/password_reset.html', error='old password incorrect')
def setpermissions2(request):
user = request.client_user_object
user_id = user.user_id
if request.method == 'POST':
selectedcategory_ids = request.form.getlist('category')
session.query(AppFamilyPermission).filter(AppFamilyPermission.user_id==user_id).delete()
for selectedcategory_id in selectedcategory_ids:
selectedcategory = session.query(Category).filter(Category.category_id==selectedcategory_id)
newappfamilypermission = AppFamilyPermission(user_id, selectedcategory_id)
session.add(newappfamilypermission)
session.commit()
categories = session.query(Category).filter(Category.category_id.in_(selectedcategory_ids)).order_by(Category.category_display_order.asc()).all()
subcategories = session.query(SubCategory, Category).join(Category, Category.category_id == SubCategory.category_id).all()
else:
return redirect(url_for('setpermissions'))
return render_template('setpermissions2.html', categories=categories, subcategories=subcategories)
def login(request):
c = request.client_session
if request.method == 'POST':
email = request.form.get('email')
email = escape(email)
password = request.form.get('password')
password = escape(password)
hashedpassword = hashlib.md5(password).hexdigest()
userlogin = session.query(User).filter(User.user_email==email).filter(User.user_password==hashedpassword).all()
loggedinuser = None
for user in userlogin:
loggedinuser = user
if loggedinuser:
c["user_id"] = loggedinuser.user_id
c.modified
return redirect(url_for('overview'))
return render_template('login.html')
def add_announcement():
if request.method == 'GET':
return render_template('forms/add_announcement.html', error=None)
title = request.form['title']
content = request.form['content']
branch = request.form['branch']
if branch not in branches.NAMES:
return render_template('forms/add_announcement.html', error='Not a real branch')
try:
branches.add(title, content, branch)
except ValueError as err:
return render_template('forms/add_announcement.html', error=err)
else:
return redirect(url_for('admin'))
def save_ballot_band_edit(ballot_id, db):
ballot = db.query(
m.BallotSeason).filter(m.BallotSeason.year == ballot_id).one()
postdata = add_structure(request.forms)
if postdata['reset'] == '':
rooms = db.query(m.Room).options(load_only(m.Room.id),
joinedload(m.Room.listing_for))
for r in rooms:
list_new = r.listing_for.get(ballot)
list_old = _first_listing_before(r, ballot)
if list_new and list_old:
list_new.band = list_old.band
list_new.modifiers = list_old.modifiers
else:
listings = ballot.room_listings
for id, obj in postdata['listings'].items():
listing = db.query(m.RoomListing).get(id)
if not listing or listing.ballot_season != ballot:
raise HTTPError(400, 'Invalid listing id')
if obj['band'] != '':
band_id = int(obj['band'])
band = db.query(m.RoomBand).get(band_id)
if not band:
raise HTTPError(400, 'Invalid band id')
listing.band = band
else:
listing.band = None
modifier_ids = map(int, obj['modifiers'])
modifiers = {
db.query(m.RoomBandModifier).get(m_id)
for m_id in modifier_ids
}
if not all(modifiers):
raise HTTPError(400, 'Invalid modifier id')
listing.modifiers = modifiers
db.commit()
redirect(url_for(ballot))
def add_post():
if request.method == 'GET':
return render_template('forms/add_post.html', post=None)
form = request.form.copy()
for key in form.keys():
if len(form[key]) == 0:
del form[key]
form['thumbnail'] = request.files['thumbnail']
form['image'] = request.files['image']
Post.add(form)
send("*****@*****.**", "*****@*****.**", \
"New Ambassador Post", form['title'])
return redirect(url_for('blog'))
def _novaclient(request, service_type='compute'):
# service_type can not be 'volume'? 404 occurs
user = request.ouser
catalog = request.ouser.service_catalog
#print catalog
#LOG.debug('service_type is : %s' % service_type)
# LOG.debug('service catalog is : %s' % catalog)
# LOG.debug('novaclient connection created using token "%s" and url "%s"' %
# (user.token, url_for(catalog, 'compute')))
management_url = url_for(catalog, service_type)
c = nova_client.Client(user.name,
user.token,
project_id=user.tenant_id,
auth_url=management_url)
c.client.auth_token = user.token
c.client.management_url = management_url
return c
def _novaclient(request, service_type='compute'):
# service_type can not be 'volume'? 404 occurs
user = request.ouser
catalog = request.ouser.service_catalog
#print catalog
#LOG.debug('service_type is : %s' % service_type)
# LOG.debug('service catalog is : %s' % catalog)
# LOG.debug('novaclient connection created using token "%s" and url "%s"' %
# (user.token, url_for(catalog, 'compute')))
management_url = url_for(catalog, service_type)
c = nova_client.Client(user.name,
user.token,
project_id=user.tenant_id,
auth_url=management_url)
c.client.auth_token = user.token
c.client.management_url = management_url
return c
def save_ballot_band_edit(ballot_id, db):
ballot = db.query(m.BallotSeason).filter(m.BallotSeason.year == ballot_id).one()
postdata = add_structure(request.forms)
if postdata['reset'] == '':
rooms = db.query(m.Room).options(
load_only(m.Room.id),
joinedload(m.Room.listing_for)
)
for r in rooms:
list_new = r.listing_for.get(ballot)
list_old = _first_listing_before(r, ballot)
if list_new and list_old:
list_new.band = list_old.band
list_new.modifiers = list_old.modifiers
else:
listings = ballot.room_listings
for id, obj in postdata['listings'].items():
listing = db.query(m.RoomListing).get(id)
if not listing or listing.ballot_season != ballot:
raise HTTPError(400, 'Invalid listing id')
if obj['band'] != '':
band_id = int(obj['band'])
band = db.query(m.RoomBand).get(band_id)
if not band:
raise HTTPError(400, 'Invalid band id')
listing.band = band
else:
listing.band = None
modifier_ids = map(int, obj['modifiers'])
modifiers = {db.query(m.RoomBandModifier).get(m_id) for m_id in modifier_ids}
if not all(modifiers):
raise HTTPError(400, 'Invalid modifier id')
listing.modifiers = modifiers
db.commit()
redirect(url_for(ballot))
def save_place_edit(place_id, db): try: place = db.query(m.Place).filter(m.Place.id == place_id).one() except NoResultFound: raise HTTPError(404, "No matching location") last_summary = place.summary summary = m.PlaceSummary( place=place, published_at=datetime.now(), markdown_content=request.forms.content, editor=request.user ) if last_summary and summary.markdown_content == last_summary.markdown_content: raise HTTPError(400, "Same as last edit") db.add(summary) redirect(utils.url_for(place))
def save_place_edit(place_id, db): try: place = db.query(m.Place).filter(m.Place.id == place_id).one() except NoResultFound: raise HTTPError(404, "No matching location") last_summary = place.summary summary = m.PlaceSummary( place=place, published_at=datetime.now(), markdown_content=request.forms.content, editor=request.user ) if last_summary and summary.markdown_content == last_summary.markdown_content: raise HTTPError(400, "Same as last edit") db.add(summary) redirect(utils.url_for(place))
async def test_substract_function(self, client, db_data):
url = url_for(client,
"substract",
resource_kwargs={"account_uuid": ACC1_UUID})
resp = await client.patch(url,
data=json.dumps({"amount": 50.00}),
headers={'Content-Type': 'application/json'})
resp_data = await resp.json()
assert resp.status == 200
assert resp_data == {
'status': 200,
'result': True,
'addition': {
'uuid': '26c940a1-7228-4ea2-a3bc-e6460b172040',
'first_name': 'Иван',
'status': True,
'middle_name': 'Сергеевич',
'balance': 1400.0 - 50.00,
'last_name': 'Петров'
},
'description': {}
}
async def test_substract_function_with_disabled_acc(self, client, db_data):
url = url_for(client,
"substract",
resource_kwargs={"account_uuid": ACC4_UUID})
resp = await client.patch(url,
data=json.dumps({"amount": 50.00}),
headers={'Content-Type': 'application/json'})
resp_data = await resp.json()
assert resp.status == 400
assert resp_data == {
'status': 400,
'result': False,
'addition': {
'balance': 999999.0,
'first_name': 'Петр',
'middle_name': 'Измаилович',
'uuid': '867f0924-a917-4711-939b-90b179a96392',
'last_name': 'Петечкин',
'status': False
},
'description': 'Account is disabled'
}
def book_room(room_id, db):
from sqlalchemy.sql import exists
token = request.forms.crsf_token
if not token or token != request.session.get('crsf_token'):
raise HTTPError(403, "Bad CSRF token")
try:
room = db.query(m.Room).filter(m.Room.id == room_id).one()
except NoResultFound:
raise HTTPError(404, "No matching room")
ballot_event = get_ballot(db)
import roombooking
try:
roombooking.check_then_book(db, request.user, room, ballot_event)
except roombooking.BookingError:
pass
# whatever happens, we redirect back to the room page, which
# reevaluates the check and gives the error message to the user about
# what went wrong
return redirect(utils.url_for(room))
def book_room(room_id, db):
from sqlalchemy.sql import exists
token = request.forms.crsf_token
if not token or token != request.session.get('crsf_token'):
raise HTTPError(403, "Bad CSRF token")
try:
room = db.query(m.Room).filter(m.Room.id == room_id).one()
except NoResultFound:
raise HTTPError(404, "No matching room")
ballot_event = get_ballot(db)
import roombooking
try:
roombooking.check_then_book(db, request.user, room, ballot_event)
except roombooking.BookingError:
pass
# whatever happens, we redirect back to the room page, which
# reevaluates the check and gives the error message to the user about
# what went wrong
return redirect(utils.url_for(room))
def url_for(self):
if self.label():
return url_for("number_fields.by_label", label=self.label())
else:
None
def url_for(self):
return url_for("artin_representations.render_artin_representation_webpage", label=self.label())
def show_ballot_price_edit(ballot_id, db):
ballot = db.query(
m.BallotSeason).filter(m.BallotSeason.year == ballot_id).one()
# db.make_transient(ballot)
bands = db.query(m.RoomBand).all()
modifiers = db.query(m.RoomBandModifier).all()
if request.method == 'POST':
postdata = add_structure(request.forms)
band_prices = ballot.band_prices
modifier_prices = ballot.modifier_prices
def do_update():
for id, obj in postdata['bands'].items():
try:
rent = decimal.Decimal(obj['rent'])
except decimal.DecimalException:
rent = None
band = db.query(m.RoomBand).get(id)
if band:
price = next(
(p for p in band_prices if p.band == band), None)
if rent is not None:
if price:
price.rent = rent
else:
m.RoomBandPrice(band=band,
season=ballot,
rent=rent)
elif price:
band_prices.remove(price)
for id, obj in postdata['modifiers'].items():
try:
rent = decimal.Decimal(obj['discount'])
except (decimal.DecimalException, TypeError) as e:
rent = None
modifier = db.query(m.RoomBandModifier).get(id)
if modifier:
price = next((p for p in modifier_prices
if p.modifier == modifier), None)
if rent is not None:
if price:
price.rent = rent
else:
m.RoomBandModifierPrice(modifier=modifier,
season=ballot,
discount=rent)
elif price:
modifier_prices.remove(price)
do_update()
return redirect(url_for(ballot))
else:
return template('ballot-edit-prices',
ballot_season=ballot,
bands=bands,
modifiers=modifiers)
def forbidden(err):
if session.get("user") is None:
return redirect(url_for("signin"))
elif not session["user"]["verified"]:
return redirect(url_for("need_verification"))
return render_template("error.html", error=403)
def url_for(self):
return url_for(
"artin_representations.by_data", dim=self.dimension(), conductor=self.conductor(), index=self.index()
)
def delete_post():
post = Post.get(request.args.get('ID'))
post.delete()
return redirect(url_for('admin'))
def url_for(self):
if self.label():
return url_for("number_fields.by_label", label=self.label())
else:
None
def url_for(self):
return url_for("artin_representations.by_data",
dim=self.dimension(),
conductor=self.conductor(),
index=self.index())
def static(fn, dbg_force_reload=False):
result = utils.url_for('static', filename=fn)
if app.debug and dbg_force_reload:
result += '?v=' + str(time.time())
return result
def url_for(self):
return url_for(
"artin_representations.render_artin_representation_webpage",
label=self.label())