def void(self, id):
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zkpylons_attendee(id), h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.invoice = Invoice.find_by_id(id, True)
if c.invoice.is_void():
h.flash("Invoice was already voided.")
return redirect_to(action='view', id=c.invoice.id)
if h.auth.authorized(h.auth.has_organiser_role):
c.invoice.void = "Administration Change"
meta.Session.commit()
h.flash("Invoice was voided.")
return redirect_to(action='view', id=c.invoice.id)
else:
if c.invoice.paid():
h.flash("Cannot void a paid invoice.")
return redirect_to(action='view', id=c.invoice.id)
c.invoice.void = "User cancellation"
c.person = c.invoice.person
meta.Session.commit()
email(lca_info['contact_email'], render('/invoice/user_voided.mako'))
h.flash("Previous invoice was voided.")
return redirect_to(controller='registration', action='pay', id=c.person.registration.id)
def _new(self):
person_results = self.form_result['person']
proposal_results = self.form_result['proposal']
attachment_results = self.form_result['attachment']
proposal_results['status'] = ProposalStatus.find_by_name(
'Pending Review')
c.proposal = Proposal(**proposal_results)
meta.Session.add(c.proposal)
if not h.signed_in_person():
c.person = model.Person(**person_results)
meta.Session.add(c.person)
email(c.person.email_address,
render('/person/new_person_email.mako'))
else:
c.person = h.signed_in_person()
for key in person_results:
setattr(c.person, key, self.form_result['person'][key])
c.person.proposals.append(c.proposal)
if attachment_results is not None:
c.attachment = Attachment(**attachment_results)
c.proposal.attachments.append(c.attachment)
meta.Session.add(c.attachment)
meta.Session.commit()
email(c.person.email_address,
render('proposal/thankyou_mini_email.mako'))
h.flash("Proposal submitted!")
return redirect_to(controller='proposal', action="index", id=None)
def void(self, id):
if not h.auth.authorized(
h.auth.Or(h.auth.is_same_zkpylons_attendee(id),
h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.invoice = Invoice.find_by_id(id, True)
if c.invoice.is_void:
h.flash("Invoice was already voided.")
return redirect_to(action='view', id=c.invoice.id)
elif len(c.invoice.payment_received) and h.auth.authorized(
h.auth.has_organiser_role):
h.flash("Invoice has a payment applied to it, do you want to " +
h.link_to('Refund', h.url_for(action='refund')) +
" instead?")
return redirect_to(action='view', id=c.invoice.id)
elif len(c.invoice.payment_received):
h.flash("Cannot void a paid invoice.")
return redirect_to(action='view', id=c.invoice.id)
elif h.auth.authorized(h.auth.has_organiser_role):
c.invoice.void = "Administration Change"
meta.Session.commit()
h.flash("Invoice was voided.")
return redirect_to(action='view', id=c.invoice.id)
else:
c.invoice.void = "User cancellation"
c.person = c.invoice.person
meta.Session.commit()
email(lca_info['contact_email'],
render('/invoice/user_voided.mako'))
h.flash("Previous invoice was voided.")
return redirect_to(controller='registration',
action='pay',
id=c.person.registration.id)
def _edit(self, id):
# We need to recheck auth in here so we can pass in the id
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zkpylons_submitter(id), h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
if not h.auth.authorized(h.auth.has_organiser_role):
if c.paper_editing == 'closed' and not h.auth.authorized(h.auth.has_late_submitter_role):
return render("proposal/editing_closed.mako")
elif c.paper_editing == 'not_open':
return render("proposal/editing_not_open.mako")
c.proposal = Proposal.find_by_id(id)
for key in self.form_result['proposal']:
setattr(c.proposal, key, self.form_result['proposal'][key])
c.proposal.abstract = self.clean_abstract(c.proposal.abstract)
c.person = self.form_result['person_to_edit']
if (c.person.id == h.signed_in_person().id or
h.auth.authorized(h.auth.has_organiser_role)):
for key in self.form_result['person']:
setattr(c.person, key, self.form_result['person'][key])
p_edit = "and author"
else:
p_edit = "(but not author)"
meta.Session.commit()
if lca_info['proposal_update_email'] != '':
body = "Subject: %s Proposal Updated\n\nID: %d\nTitle: %s\nType: %s\nURL: %s" % (h.lca_info['event_name'], c.proposal.id, c.proposal.title, c.proposal.type.name.lower(), "http://" + h.host_name() + h.url_for(action="view"))
email(lca_info['proposal_update_email'], body)
h.flash("Proposal %s edited!"%p_edit)
return redirect_to('/proposal')
def void(self, id):
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zkpylons_attendee(id), h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.invoice = Invoice.find_by_id(id, True)
if c.invoice.is_void:
h.flash("Invoice was already voided.")
return redirect_to(action='view', id=c.invoice.id)
elif len(c.invoice.payment_received) and h.auth.authorized(h.auth.has_organiser_role):
h.flash("Invoice has a payment applied to it, do you want to " + h.link_to('Refund', h.url_for(action='refund')) + " instead?")
return redirect_to(action='view', id=c.invoice.id)
elif len(c.invoice.payment_received):
h.flash("Cannot void a paid invoice.")
return redirect_to(action='view', id=c.invoice.id)
elif h.auth.authorized(h.auth.has_organiser_role):
c.invoice.void = "Administration Change"
meta.Session.commit()
h.flash("Invoice was voided.")
return redirect_to(action='view', id=c.invoice.id)
else:
c.invoice.void = "User cancellation"
c.person = c.invoice.person
meta.Session.commit()
email(Config.get('contact_email'), render('/invoice/user_voided.mako'))
h.flash("Previous invoice was voided.")
return redirect_to(controller='registration', action='pay', id=c.person.registration.id)
def _forgotten_password(self):
"""Action to let the user request a password change.
GET returns a form for emailing them the password change
confirmation.
POST checks the form and then creates a confirmation record:
date, email_address, and a url_hash that is a hash of a
combination of date, email_address, and a random nonce.
The email address must exist in the person database.
The second half of the password change operation happens in
the ``confirm`` action.
"""
c.email = self.form_result['email_address']
c.person = Person.find_by_email(c.email)
if c.person is not None:
# Check if there is already a password recovery in progress
reset = PasswordResetConfirmation.find_by_email(c.email)
if reset is not None:
return render('person/in_progress.mako')
# Ok kick one off
c.conf_rec = PasswordResetConfirmation(email_address=c.email)
meta.Session.add(c.conf_rec)
meta.Session.commit()
email(c.email, render('person/confirmation_email.mako'))
return render('person/password_confirmation_sent.mako')
def _new(self):
person_results = self.form_result['person']
proposal_results = self.form_result['proposal']
attachment_results = self.form_result['attachment']
proposal_results['status'] = ProposalStatus.find_by_name('Pending')
c.proposal = Proposal(**proposal_results)
meta.Session.add(c.proposal)
if not h.signed_in_person():
c.person = model.Person(**person_results)
meta.Session.add(c.person)
email(c.person.email_address, render('/person/new_person_email.mako'))
else:
c.person = h.signed_in_person()
for key in person_results:
setattr(c.person, key, self.form_result['person'][key])
c.person.proposals.append(c.proposal)
if attachment_results is not None:
c.attachment = Attachment(**attachment_results)
c.proposal.attachments.append(c.attachment)
meta.Session.add(c.attachment)
meta.Session.commit()
email(c.person.email_address, render('proposal/thankyou_mini_email.mako'))
h.flash("Proposal submitted!")
return redirect_to(controller='proposal', action="index", id=None)
def _new(self):
# Do we allow account creation?
if Config.get('account_creation'):
"""Create a new person submit.
"""
# Remove fields not in class
results = self.form_result['person']
del results['password_confirm']
c.person = Person(**results)
c.person.email_address = c.person.email_address.lower()
meta.Session.add(c.person)
#for sn in self.form_result['social_network']:
# network = SocialNetwork.find_by_name(sn['name'])
# if sn['account_name']:
# c.person.social_networks[network] = sn['account_name']
meta.Session.commit()
if Config.get('confirm_email_address', category='rego') == 'no':
redirect_to(controller='person', action='confirm', confirm_hash=c.person.url_hash)
else:
email(c.person.email_address, render('/person/new_person_email.mako'))
# return render('/person/thankyou.mako')
return self.finish_login(c.person.email_address)
else:
return render('/not_allowed.mako')
def _new(self):
if c.funding_status == 'closed':
return render("funding/closed.mako")
elif c.funding_status == 'not_open':
return render("funding/not_open.mako")
funding_results = self.form_result['funding']
attachment_results1 = self.form_result['attachment']
c.person = h.signed_in_person()
c.funding = Funding(**funding_results)
c.funding.status = FundingStatus.find_by_name('Pending')
c.funding.person = c.person
if not c.funding.type.available():
return render("funding/type_unavailable.mako")
meta.Session.add(c.funding)
if attachment_results1 is not None:
attachment = FundingAttachment(**attachment_results1)
c.funding.attachments.append(attachment)
meta.Session.add(attachment)
meta.Session.commit()
email(c.funding.person.email_address, render('funding/thankyou_email.mako'))
h.flash("Funding submitted!")
return redirect_to(controller='funding', action="index", id=None)
def _new(self):
if c.funding_status == 'closed':
return render("funding/closed.mako")
elif c.funding_status == 'not_open':
return render("funding/not_open.mako")
funding_results = self.form_result['funding']
attachment_results1 = self.form_result['attachment']
c.person = h.signed_in_person()
c.funding = Funding(**funding_results)
c.funding.status = FundingStatus.find_by_name('Pending')
c.funding.person = c.person
if not c.funding.type.available():
return render("funding/type_unavailable.mako")
meta.Session.add(c.funding)
if attachment_results1 is not None:
attachment = FundingAttachment(**attachment_results1)
c.funding.attachments.append(attachment)
meta.Session.add(attachment)
meta.Session.commit()
email(c.funding.person.email_address,
render('funding/thankyou_email.mako'))
h.flash("Funding submitted!")
return redirect_to(controller='funding', action="index", id=None)
def _remind(self):
results = self.form_result
for i in results['invoices']:
c.invoice = i
c.recipient = i.person
email(c.recipient.email_address, render('invoice/remind_email.mako'))
h.flash('Email sent to ' + c.recipient.firstname + ' ' + c.recipient.lastname + ' <' + c.recipient.email_address + '>')
redirect_to(action='remind')
def _remind(self):
results = self.form_result
for i in results['invoices']:
c.invoice = i
c.recipient = i.person
email(c.recipient.email_address, render('invoice/remind_email.mako'))
h.flash('Email sent to ' + c.recipient.fullname + ' <' + c.recipient.email_address + '>')
redirect_to(action='remind')
def reject(self, id):
volunteer = Volunteer.find_by_id(id)
volunteer.accepted = False
volunteer.ticket_type = None
meta.Session.commit()
c.volunteer = volunteer
c.person = volunteer.person
email(c.person.email_address, render('volunteer/response.mako'))
h.flash('Status Updated and Rejection Email Sent')
redirect_to(action='index', id=None)
def reject(self, id):
volunteer = Volunteer.find_by_id(id)
volunteer.accepted = False
volunteer.ticket_type = None
meta.Session.commit()
c.volunteer = volunteer
c.person = volunteer.person
email(c.person.email_address, render('volunteer/response.mako'))
h.flash('Status Updated and Rejection Email Sent')
redirect_to(action='index', id=None)
def _accept(self, id):
results = self.form_result
volunteer = Volunteer.find_by_id(id)
volunteer.ticket_type = results['ticket_type']
volunteer.accepted = True
meta.Session.commit()
c.volunteer = volunteer
c.person = volunteer.person
email(c.person.email_address, render('volunteer/response.mako'))
h.flash('Status Updated and Acceptance Email Sent')
redirect_to(action='index', id=None)
def _accept(self, id):
results = self.form_result
volunteer = Volunteer.find_by_id(id)
volunteer.ticket_type = results['ticket_type']
volunteer.accepted = True
meta.Session.commit()
c.volunteer = volunteer
c.person = volunteer.person
email(c.person.email_address, render('volunteer/response.mako'))
h.flash('Status Updated and Acceptance Email Sent')
redirect_to(action='index', id=None)
def _new(self):
results = self.form_result['volunteer']
c.volunteer = Volunteer(**results)
c.volunteer.person = h.signed_in_person()
c.person = c.volunteer.person
meta.Session.add(c.volunteer)
meta.Session.commit()
h.flash("Thank you for volunteering. We will contact you shortly regarding your application")
email(c.person.email_address, render('volunteer/response.mako'))
redirect_to(action='view', id=c.volunteer.id)
def _new(self):
results = self.form_result['volunteer']
c.volunteer = Volunteer(**results)
c.volunteer.person = h.signed_in_person()
c.person = c.volunteer.person
meta.Session.add(c.volunteer)
meta.Session.commit()
h.flash("Thank you for volunteering. We will contact you shortly regarding your application")
email(c.person.email_address, render('volunteer/response.mako'))
redirect_to(action='view', id=c.volunteer.id)
def _offer(self, id):
# We need to recheck auth in here so we can pass in the id
if not h.auth.authorized(
h.auth.Or(h.auth.is_same_zkpylons_user(id),
h.auth.has_reviewer_role,
h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.person = Person.find_by_id(id)
c.offers = c.person.proposal_offers
c.travel_assistance = reduce(
lambda a, b: a or
('Travel' in b.status.name), c.offers, False) or False
c.accommodation_assistance = reduce(
lambda a, b: a or
('Accommodation' in b.status.name), c.offers, False) or False
# What status are we moving all proposals to?
if self.form_result['status'] == 'accept':
c.status = ProposalStatus.find_by_name('Accepted')
elif self.form_result['status'] == 'withdraw':
c.status = ProposalStatus.find_by_name('Withdrawn')
elif self.form_result['status'] == 'contact':
c.status = ProposalStatus.find_by_name('Contact')
else:
c.status = None
emails = [c.person.email_address]
for offer in c.offers:
offer.status = c.status
if offer.type.notify_email and offer.type.notify_email not in emails:
emails.append(offer.type.notify_email)
if c.travel_assistance:
if not c.person.travel:
self.form_result['travel']['flight_details'] = ''
travel = Travel(**self.form_result['travel'])
meta.Session.add(travel)
c.person.travel = travel
else:
for key in self.form_result['travel']:
setattr(c.person.travel, key,
self.form_result['travel'][key])
if c.status.name == 'Accepted':
email(c.person.email_address, render('/person/offer_email.mako'))
else:
email(emails, render('/person/offer_email.mako'))
# update the objects with the validated form data
meta.Session.commit()
return render('person/offer.mako')
def _remind(self):
results = self.form_result
for i in results["invoices"]:
c.invoice = i
c.recipient = i.person
email(c.recipient.email_address, render("invoice/remind_email.mako"))
h.flash(
"Email sent to "
+ c.recipient.firstname
+ " "
+ c.recipient.lastname
+ " <"
+ c.recipient.email_address
+ ">"
)
redirect_to(action="remind")
def _withdraw(self, id):
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zkpylons_submitter(id), h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.proposal = Proposal.find_by_id(id)
status = ProposalStatus.find_by_name('Withdrawn')
c.proposal.status = status
meta.Session.commit()
c.person = h.signed_in_person()
# Make sure the organisers are notified of this
c.email_address = h.lca_info['emails'][c.proposal.type.name.lower()]
email(c.email_address, render('/proposal/withdraw_email.mako'))
h.flash("Proposal withdrawn. The organisers have been notified.")
return redirect_to(controller='proposal', action="index", id=None)
def _withdraw(self, id):
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zkpylons_funding_submitter(id), h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.funding = Funding.find_by_id(id)
status = FundingStatus.find_by_name('Withdrawn')
c.funding.status = status
meta.Session.commit()
c.person = h.signed_in_person()
# Make sure the organisers are notified of this
c.email_address = c.funding.type.notify_email
email(c.email_address, render('/funding/withdraw_email.mako'))
h.flash("Funding withdrawn. The organisers have been notified.")
return redirect_to(controller='funding', action="index", id=None)
def _withdraw(self, id):
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zkpylons_funding_submitter(id), h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.funding = Funding.find_by_id(id)
status = FundingStatus.find_by_name('Withdrawn')
c.funding.status = status
meta.Session.commit()
c.person = h.signed_in_person()
# Make sure the organisers are notified of this
c.email_address = c.funding.type.notify_email
email(c.email_address, render('/funding/withdraw_email.mako'))
h.flash("Funding withdrawn. The organisers have been notified.")
return redirect_to(controller='funding', action="index", id=None)
def _offer(self,id):
# We need to recheck auth in here so we can pass in the id
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zkpylons_user(id), h.auth.has_reviewer_role, h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.person = Person.find_by_id(id)
c.offers = c.person.proposal_offers
c.travel_assistance = reduce(lambda a, b: a or ('Travel' in b.status.name), c.offers, False) or False
c.accommodation_assistance = reduce(lambda a, b: a or ('Accommodation' in b.status.name), c.offers, False) or False
# What status are we moving all proposals to?
if self.form_result['status'] == 'accept':
c.status = ProposalStatus.find_by_name('Accepted')
elif self.form_result['status'] == 'withdraw':
c.status = ProposalStatus.find_by_name('Withdrawn')
elif self.form_result['status'] == 'contact':
c.status = ProposalStatus.find_by_name('Contact')
else:
c.status = None
emails = [c.person.email_address]
for offer in c.offers:
offer.status = c.status
if offer.type.notify_email and offer.type.notify_email not in emails:
emails.append(offer.type.notify_email)
if c.travel_assistance:
if not c.person.travel:
self.form_result['travel']['flight_details'] = ''
travel = Travel(**self.form_result['travel'])
meta.Session.add(travel)
c.person.travel = travel
else:
for key in self.form_result['travel']:
setattr(c.person.travel, key, self.form_result['travel'][key])
if c.status.name == 'Accepted':
email(c.person.email_address, render('/person/offer_email.mako'))
else:
email(emails, render('/person/offer_email.mako'))
# update the objects with the validated form data
meta.Session.commit()
return render('person/offer.mako')
def _new(self):
if c.cfp_status == 'closed':
if not h.auth.authorized(
h.auth.Or(h.auth.has_organiser_role,
h.auth.has_late_submitter_role)):
return render("proposal/closed.mako")
elif c.cfp_status == 'not_open':
return render("proposal/not_open.mako")
person_results = self.form_result['person']
proposal_results = self.form_result['proposal']
attachment_results = self.form_result['attachment']
proposal_results['status'] = ProposalStatus.find_by_name(
'Pending Review')
c.proposal = Proposal(**proposal_results)
c.proposal.abstract = self.clean_abstract(c.proposal.abstract)
meta.Session.add(c.proposal)
if not h.signed_in_person():
c.person = model.Person(**person_results)
meta.Session.add(c.person)
email(c.person.email_address,
render('/person/new_person_email.mako'))
else:
c.person = h.signed_in_person()
for key in person_results:
setattr(c.person, key, self.form_result['person'][key])
c.person.proposals.append(c.proposal)
if attachment_results is not None:
attachment = Attachment(**attachment_results)
c.proposal.attachments.append(attachment)
meta.Session.add(attachment)
meta.Session.commit()
email(c.person.email_address, render('proposal/thankyou_email.mako'))
h.flash("Proposal submitted!")
return redirect_to(controller='proposal', action="index", id=None)
def _new(self):
if c.cfp_status == 'closed':
if not h.auth.authorized(h.auth.Or(h.auth.has_organiser_role, h.auth.has_late_submitter_role)):
return render("proposal/closed.mako")
elif c.cfp_status == 'not_open':
return render("proposal/not_open.mako")
person_results = self.form_result['person']
proposal_results = self.form_result['proposal']
attachment_results = self.form_result['attachment']
proposal_results['status'] = ProposalStatus.find_by_name('Pending Review')
c.proposal = Proposal(**proposal_results)
c.proposal.abstract = self.clean_abstract(c.proposal.abstract)
meta.Session.add(c.proposal)
if not h.signed_in_person():
# We don't want proposals to be submitted by folks who
# aren't actually signed in. So, redirect them to the
# sign-in page.
h.flash("You need to be signed in to submit a proposal!")
return redirect_to(controller="person", action="signin", id=None)
else:
c.person = h.signed_in_person()
for key in person_results:
setattr(c.person, key, self.form_result['person'][key])
c.person.proposals.append(c.proposal)
if attachment_results is not None:
attachment = Attachment(**attachment_results)
c.proposal.attachments.append(attachment)
meta.Session.add(attachment)
meta.Session.commit()
email(c.person.email_address, render('proposal/thankyou_email.mako'))
h.flash("Proposal submitted!")
return redirect_to(controller='proposal', action="index", id=None)
def _edit(self, id):
# We need to recheck auth in here so we can pass in the id
if not h.auth.authorized(
h.auth.Or(h.auth.is_same_zkpylons_submitter(id),
h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
if not h.auth.authorized(h.auth.has_organiser_role):
if c.proposal_editing == 'closed' and not h.auth.authorized(
h.auth.has_late_submitter_role):
return render("proposal/editing_closed.mako")
elif c.proposal_editing == 'not_open':
return render("proposal/editing_not_open.mako")
c.proposal = Proposal.find_by_id(id)
for key in self.form_result['proposal']:
setattr(c.proposal, key, self.form_result['proposal'][key])
c.proposal.abstract = self.clean_abstract(c.proposal.abstract)
c.person = self.form_result['person_to_edit']
if (c.person.id == h.signed_in_person().id
or h.auth.authorized(h.auth.has_organiser_role)):
for key in self.form_result['person']:
setattr(c.person, key, self.form_result['person'][key])
p_edit = "and author"
else:
p_edit = "(but not author)"
meta.Session.commit()
if lca_info['proposal_update_email'] != '':
body = "Subject: %s Proposal Updated\n\nID: %d\nTitle: %s\nType: %s\nURL: %s" % (
h.lca_info['event_name'], c.proposal.id, c.proposal.title,
c.proposal.type.name.lower(),
"http://" + h.host_name() + h.url_for(action="view"))
email(lca_info['proposal_update_email'], body)
h.flash("Proposal %s edited!" % p_edit)
return redirect_to('/proposal')
def _new(self):
if c.cfp_status == 'closed':
if not h.auth.authorized(h.auth.Or(h.auth.has_organiser_role, h.auth.has_late_submitter_role)):
return render("proposal/closed.mako")
elif c.cfp_status == 'not_open':
return render("proposal/not_open.mako")
person_results = self.form_result['person']
proposal_results = self.form_result['proposal']
attachment_results = self.form_result['attachment']
proposal_results['status'] = ProposalStatus.find_by_name('Pending')
c.proposal = Proposal(**proposal_results)
c.proposal.abstract = self.clean_abstract(c.proposal.abstract)
meta.Session.add(c.proposal)
if not h.signed_in_person():
c.person = model.Person(**person_results)
meta.Session.add(c.person)
email(c.person.email_address, render('/person/new_person_email.mako'))
else:
c.person = h.signed_in_person()
for key in person_results:
setattr(c.person, key, self.form_result['person'][key])
c.person.proposals.append(c.proposal)
if attachment_results is not None:
attachment = Attachment(**attachment_results)
c.proposal.attachments.append(attachment)
meta.Session.add(attachment)
meta.Session.commit()
email(c.person.email_address, render('proposal/thankyou_email.mako'))
h.flash("Proposal submitted!")
return redirect_to(controller='proposal', action="index", id=None)
class PaymentController(BaseController):
"""This controller receives payment advice from the payment gateway.
the url /payment/new receives the advice
"""
@authorize(h.auth.has_organiser_role)
def index(self):
c.payment_collection = Payment.find_all()
return render('/payment/list.mako')
@authorize(h.auth.is_valid_user)
def view(self, id):
payment = Payment.find_by_id(id, abort_404=True)
c.person = payment.invoice.person
if not h.auth.authorized(
h.auth.Or(h.auth.is_same_zkpylons_user(c.person.id),
h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.is_organiser = False
if h.auth.authorized(h.auth.has_organiser_role):
c.is_organiser = True
c.payment = PaymentReceived.find_by_payment(payment.id)
c.validation_errors = []
if c.payment is not None and c.payment.validation_errors is not None and len(
c.payment.validation_errors) > 0:
c.validation_errors = c.payment.validation_errors.split(';')
same_invoice = PaymentReceived.find_by_invoice(payment.invoice.id)
same_email = PaymentReceived.find_by_email(c.person.email_address)
if c.payment is not None:
same_invoice = same_invoice.filter("payment_id <> " +
str(payment.id))
same_email = same_email.filter("payment_id <> " + str(payment.id))
c.related_payments = same_invoice.union(same_email)
return render('/payment/view.mako')
# No authentication because it's called directly by the payment gateway
def new(self):
schema = SecurePayPingSchema()
try:
form_result = schema.to_python(request.params)
except validators.Invalid, error:
return 'Invalid: %s' % error
payment = None
c.person = None
fields = form_result
c.response = {
'payment_id': fields['payment_id'],
'invoice_id': fields['invoice_id'],
'success_code': fields['summary_code'],
'amount_paid': fields['response_amount'],
'currency_used': fields['currency'],
'card_name': fields['card_name'],
'card_type': fields['card_type'],
'card_number': fields['card_number'],
'card_expiry': fields['card_number'],
'card_mac': fields['card_mac'],
'auth_code': fields['response_code'],
'gateway_ref': fields['bank_reference'],
'response_text': fields['response_text'],
'client_ip_gateway': fields['remote_ip'],
'client_ip_zookeepr': request.environ.get('REMOTE_ADDR'),
'email_address': fields['receipt_address']
}
if 'Approved' in c.response[
'response_text'] or 'success' in c.response['response_text']:
c.response['approved'] = True
else:
c.response['approved'] = False
validation_errors = []
if c.response is None:
abort(500, ''.join(validation_errors))
else:
# Make sure the same browser created the zkpylons payment object and paid by credit card
#if c.response['client_ip_gateway'] != c.response['client_ip_zookeepr']:
#validation_errors.append('Mismatch in IP addresses: zkpylons=' + c.response['client_ip_zookeepr'] + ' gateway=' + c.response['client_ip_gateway'])
# Get the payment object associated with this transaction
payment = Payment.find_by_id(c.response['payment_id'])
if payment is None:
validation_errors.append(
'Invalid payment ID from the payment gateway')
else:
c.person = payment.invoice.person
# Check whether a payment has already been received for this payment object
received = PaymentReceived.find_by_payment(payment.id)
if received is not None:
# Ignore repeat payment
return redirect_to(action='view', id=payment.id)
# Extra validation
if c.response['amount_paid'] != payment.amount:
validation_errors.append(
'Mismatch between amounts paid and invoiced')
if c.response['invoice_id'] != payment.invoice.id:
validation_errors.append(
'Mismatch between returned invoice ID and payment object')
#if c.response['email_address'] != pxpay.munge_email(payment.invoice.person.email_address):
# validation_errors.append('Mismatch between returned email address and invoice object')
if not c.person.is_from_common_country():
if c.person.country:
validation_errors.append('Uncommon country: ' +
c.person.country)
else:
validation_errors.append('Unknown country')
c.pr = PaymentReceived(**c.response)
c.pr.validation_errors = ';'.join(validation_errors)
meta.Session.add(c.pr)
meta.Session.commit()
if len(validation_errors) > 0 and c.response['approved']:
# Suspiciously approved transaction which needs to be checked manually
email(lca_info['contact_email'],
render('/payment/suspicious_payment.mako'))
if c.person is not None:
email(c.person.email_address, render('/payment/response.mako'))
# OK we now have a valid transaction, we redirect the user to the view page
# so they can see if their transaction was accepted or declined
return redirect_to(action='view', id=payment.id)
