def _new(self): if c.funding_status == 'closed': return render("funding/closed.mako") elif c.funding_status == 'not_open': return render("funding/not_open.mako") funding_results = self.form_result['funding'] attachment_results1 = self.form_result['attachment'] c.person = h.signed_in_person() c.funding = Funding(**funding_results) c.funding.status = FundingStatus.find_by_name('Pending') c.funding.person = c.person if not c.funding.type.available(): return render("funding/type_unavailable.mako") meta.Session.add(c.funding) if attachment_results1 is not None: attachment = FundingAttachment(**attachment_results1) c.funding.attachments.append(attachment) meta.Session.add(attachment) meta.Session.commit() email(c.funding.person.email_address, render('funding/thankyou_email.mako')) h.flash("Funding submitted!") return redirect_to(controller='funding', action="index", id=None)
def delete(self, id): c.attachment = FundingAttachment.find_by_id(id) c.funding = Funding.find_by_id(c.attachment.funding_id) if not (h.auth.authorized(h.auth.has_organiser_role) or c.funding.person == h.signed_in_person()): # Raise a no_auth error h.auth.no_role() return render('/funding_attachment/confirm_delete.mako')
def _delete(self, id): c.attachment = FundingAttachment.find_by_id(id) funding = Funding.find_by_id(c.attachment.funding_id) if not (h.auth.authorized(h.auth.has_organiser_role) or funding.person == h.signed_in_person()): # Raise a no_auth error h.auth.no_role() meta.Session.delete(c.attachment) meta.Session.commit() h.flash("Attachment Deleted") redirect_to(controller='funding', action='view', id=funding.id)
def view(self, id): attachment = FundingAttachment.find_by_id(id) funding = Funding.find_by_id(attachment.funding_id) if not h.auth.authorized(h.auth.Or(h.auth.is_same_zkpylons_funding_submitter(funding.id), h.auth.has_organiser_role, h.auth.has_funding_reviewer_role)): # Raise a no_auth error h.auth.no_role() response.headers['content-type'] = attachment.content_type.encode('ascii','ignore') response.headers.add('content-transfer-encoding', 'binary') response.headers.add('content-length', len(attachment.content)) response.headers['content-disposition'] = 'attachment; filename="%s";' % attachment.filename.encode('ascii','ignore') response.headers.add('Pragma', 'cache') response.headers.add('Cache-Control', 'max-age=3600,public') return attachment.content
def view(self, id): attachment = FundingAttachment.find_by_id(id) funding = Funding.find_by_id(attachment.funding_id) if not h.auth.authorized(h.auth.Or(h.auth.is_same_zkpylons_funding_submitter(funding.id), h.auth.has_organiser_role, h.auth.has_funding_reviewer_role)): # Raise a no_auth error h.auth.no_role() response.headers['content-type'] = attachment.content_type response.headers.add('content-transfer-encoding', 'binary') response.headers.add('content-length', len(attachment.content)) response.headers['content-disposition'] = 'attachment; filename="%s";' % attachment.filename response.headers.add('Pragma', 'cache') response.headers.add('Cache-Control', 'max-age=3600,public') return attachment.content
def _attach(self, id): """Attach a file to the funding. """ # We need to recheck auth in here so we can pass in the id if not h.auth.authorized(h.auth.Or(h.auth.is_same_zkpylons_funding_submitter(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() c.funding = Funding.find_by_id(id) attachment_results = self.form_result['attachment'] attachment = FundingAttachment(**attachment_results) c.funding.attachments.append(attachment) meta.Session.commit() h.flash("File was attached") return redirect_to(action='view', id=id)
def view(self, id): attachment = FundingAttachment.find_by_id(id) funding = Funding.find_by_id(attachment.funding_id) if not h.auth.authorized( h.auth.Or( h.auth.is_same_zkpylons_funding_submitter(funding.id), h.auth.has_organiser_role, h.auth.has_funding_reviewer_role, ) ): # Raise a no_auth error h.auth.no_role() response.headers["content-type"] = attachment.content_type response.headers.add("content-transfer-encoding", "binary") response.headers.add("content-length", len(attachment.content)) response.headers["content-disposition"] = 'attachment; filename="%s";' % attachment.filename response.headers.add("Pragma", "cache") response.headers.add("Cache-Control", "max-age=3600,public") return attachment.content