def _review(self, id): """Review a proposal. """ c.proposal = Proposal.find_by_id(id) c.signed_in_person = h.signed_in_person() c.next_review_id = Proposal.find_next_proposal(c.proposal.id, c.proposal.type.id, c.signed_in_person.id) # TODO: currently not enough (see TODOs in model/proposal.py) #if not h.auth.authorized(h.auth.has_organiser_role): # # You can't review your own proposal # for person in c.proposal.people: # if person.id == c.signed_in_person.id: # h.auth.no_role() person = c.signed_in_person if person in [ review.reviewer for review in c.proposal.reviews]: h.flash('Already reviewed') return redirect_to(action='review', id=c.next_review_id) results = self.form_result['review'] review = Review(**results) meta.Session.add(review) c.proposal.reviews.append(review) review.reviewer = person meta.Session.commit() if c.next_review_id: return redirect_to(action='review', id=c.next_review_id) h.flash("No more papers to review") return redirect_to(action='review_index')
def summary(self): for pt in c.proposal_types: stuff = Proposal.find_all_by_proposal_type_id(pt.id, include_withdrawn=False) stuff.sort(self._score_sort) setattr(c, '%s_collection' % pt.name, stuff) for aat in c.accommodation_assistance_types: stuff = Proposal.find_all_by_accommodation_assistance_type_id(aat.id) setattr(c, '%s_collection' % aat.name, stuff) for tat in c.travel_assistance_types: stuff = Proposal.find_all_by_travel_assistance_type_id(tat.id) setattr(c, '%s_collection' % tat.name, stuff) return render('proposal/summary.mako')
def summary(self): for pt in c.proposal_types: stuff = Proposal.find_all_by_proposal_type_id( pt.id, include_withdrawn=False) stuff.sort(self._score_sort) setattr(c, '%s_collection' % pt.name, stuff) for aat in c.accommodation_assistance_types: stuff = Proposal.find_all_by_accommodation_assistance_type_id( aat.id) setattr(c, '%s_collection' % aat.name, stuff) for tat in c.travel_assistance_types: stuff = Proposal.find_all_by_travel_assistance_type_id(tat.id) setattr(c, '%s_collection' % tat.name, stuff) return render('proposal/summary.mako')
def review(self, id): c.streams = Stream.select_values() c.proposal = Proposal.find_by_id(id) c.signed_in_person = h.signed_in_person() # TODO: currently not enough (see TODOs in model/proposal.py) #if not h.auth.authorized(h.auth.has_organiser_role): # # You can't review your own proposal # for person in c.proposal.people: # if person.id == c.signed_in_person.id: # h.auth.no_role() c.next_review_id = Proposal.find_next_proposal(c.proposal.id, c.proposal.type.id, c.signed_in_person.id) return render('/proposal/review.mako')
def _edit(self, id): # We need to recheck auth in here so we can pass in the id if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_submitter(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() if not h.auth.authorized(h.auth.has_organiser_role): if c.paper_editing == 'closed' and not h.auth.authorized(h.auth.has_late_submitter_role): return render("proposal/editing_closed.mako") elif c.paper_editing == 'not_open': return render("proposal/editing_not_open.mako") c.proposal = Proposal.find_by_id(id) for key in self.form_result['proposal']: setattr(c.proposal, key, self.form_result['proposal'][key]) c.proposal.abstract = self.clean_abstract(c.proposal.abstract) c.person = self.form_result['person_to_edit'] if (c.person.id == h.signed_in_person().id or h.auth.authorized(h.auth.has_organiser_role)): for key in self.form_result['person']: setattr(c.person, key, self.form_result['person'][key]) p_edit = "and author" else: p_edit = "(but not author)" meta.Session.commit() if lca_info['proposal_update_email'] != '': body = "Subject: %s Proposal Updated\n\nID: %d\nTitle: %s\nType: %s\nURL: %s" % (h.lca_info['event_name'], c.proposal.id, c.proposal.title, c.proposal.type.name.lower(), "http://" + h.host_name() + h.url_for(action="view")) email(lca_info['proposal_update_email'], body) h.flash("Proposal %s edited!"%p_edit) return redirect_to('/proposal')
def withdraw(self, id): if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_submitter(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() c.proposal = Proposal.find_by_id(id) return render("/proposal/withdraw.mako")
def _new(self): person_results = self.form_result['person'] proposal_results = self.form_result['proposal'] attachment_results = self.form_result['attachment'] proposal_results['status'] = ProposalStatus.find_by_name('Pending') c.proposal = Proposal(**proposal_results) meta.Session.add(c.proposal) if not h.signed_in_person(): c.person = model.Person(**person_results) meta.Session.add(c.person) email(c.person.email_address, render('/person/new_person_email.mako')) else: c.person = h.signed_in_person() for key in person_results: setattr(c.person, key, self.form_result['person'][key]) c.person.proposals.append(c.proposal) if attachment_results is not None: c.attachment = Attachment(**attachment_results) c.proposal.attachments.append(c.attachment) meta.Session.add(c.attachment) meta.Session.commit() email(c.person.email_address, render('proposal/thankyou_mini_email.mako')) h.flash("Proposal submitted!") return redirect_to(controller='proposal', action="index", id=None)
def check(self, app, environ, start_response): if not environ.get('REMOTE_USER'): set_redirect() raise NotAuthenticatedError('Not Authenticated') person = Person.find_by_email(environ['REMOTE_USER']) if person is None: environ['auth_failure'] = 'NO_USER' raise NotAuthorizedError( 'You are not one of the users allowed to access this resource.' ) proposal = Proposal.find_by_id(self.proposal_id) if proposal is None: raise NotAuthorizedError( "Proposal doesn't exist" ) if person not in proposal.people: set_role("User doesn't have any of the specified roles") raise NotAuthorizedError( "User doesn't have any of the specified roles" ) return app(environ, start_response)
def review_index(self): c.person = h.signed_in_person() c.num_proposals = 0 reviewer_role = Role.find_by_name('reviewer') c.num_reviewers = len(reviewer_role.people) for pt in c.proposal_types: stuff = Proposal.find_all_by_proposal_type_id(pt.id, include_withdrawn=False) c.num_proposals += len(stuff) setattr(c, '%s_collection' % pt.name, stuff) for aat in c.accommodation_assistance_types: stuff = Proposal.find_all_by_accommodation_assistance_type_id(aat.id) setattr(c, '%s_collection' % aat.name, stuff) for tat in c.travel_assistance_types: stuff = Proposal.find_all_by_travel_assistance_type_id(tat.id) setattr(c, '%s_collection' % tat.name, stuff) return render('proposal/list_review.mako')
def withdraw(self, id): if not h.auth.authorized( h.auth.Or(h.auth.is_same_zookeepr_submitter(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() c.proposal = Proposal.find_by_id(id) return render("/proposal/withdraw.mako")
def view(self, id): # We need to recheck auth in here so we can pass in the id if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_submitter(id), h.auth.has_organiser_role, h.auth.has_reviewer_role)): # Raise a no_auth error h.auth.no_role() c.proposal = Proposal.find_by_id(id) return render('proposal/view.mako')
def review_index(self): c.person = h.signed_in_person() c.num_proposals = 0 reviewer_role = Role.find_by_name('reviewer') c.num_reviewers = len(reviewer_role.people) for pt in c.proposal_types: stuff = Proposal.find_all_by_proposal_type_id( pt.id, include_withdrawn=False) c.num_proposals += len(stuff) setattr(c, '%s_collection' % pt.name, stuff) for aat in c.accommodation_assistance_types: stuff = Proposal.find_all_by_accommodation_assistance_type_id( aat.id) setattr(c, '%s_collection' % aat.name, stuff) for tat in c.travel_assistance_types: stuff = Proposal.find_all_by_travel_assistance_type_id(tat.id) setattr(c, '%s_collection' % tat.name, stuff) return render('proposal/list_review.mako')
def view(self, id): # We need to recheck auth in here so we can pass in the id if not h.auth.authorized( h.auth.Or(h.auth.is_same_zookeepr_submitter(id), h.auth.has_organiser_role, h.auth.has_reviewer_role)): # Raise a no_auth error h.auth.no_role() c.proposal = Proposal.find_by_id(id) return render('proposal/view.mako')
def _approve(self): c.highlight = set() talks = self.form_result['talk'] statuses = self.form_result['status'] for talk, status in zip(talks, statuses): if status is not None: c.highlight.add(talk.id) talk.status = status meta.Session.commit() c.proposals = Proposal.find_all() c.statuses = ProposalStatus.find_all() return render("proposal/approve.mako")
def _review(self, id): """Review a proposal. """ c.proposal = Proposal.find_by_id(id) c.signed_in_person = h.signed_in_person() c.next_review_id = Proposal.find_next_proposal(c.proposal.id, c.proposal.type.id, c.signed_in_person.id) # TODO: currently not enough (see TODOs in model/proposal.py) #if not h.auth.authorized(h.auth.has_organiser_role): # # You can't review your own proposal # for person in c.proposal.people: # if person.id == c.signed_in_person.id: # h.auth.no_role() person = c.signed_in_person if person in [review.reviewer for review in c.proposal.reviews]: h.flash('Already reviewed') return redirect_to(action='review', id=c.next_review_id) results = self.form_result['review'] review = Review(**results) meta.Session.add(review) c.proposal.reviews.append(review) review.reviewer = person meta.Session.commit() if c.next_review_id: return redirect_to(action='review', id=c.next_review_id) h.flash("No more papers to review") return redirect_to(action='review_index')
def delete(self, id): c.attachment = Attachment.find_by_id(id) c.proposal = Proposal.find_by_id(c.attachment.proposal_id) if not h.auth.authorized(h.auth.has_organiser_role): authorized = False for person in c.proposal.people: if person.id == h.signed_in_person().id: authorized = True break if not authorized: # Raise a no_auth error h.auth.no_role() return render('/attachment/confirm_delete.mako')
def delete(self, id): c.attachment = Attachment.find_by_id(id) c.proposal = Proposal.find_by_id(c.attachment.proposal_id) if not h.auth.authorized(h.auth.has_organiser_role): authorized = False for person in c.proposal.people: if person.id == h.signed_in_person().id: authorized = True break if not authorized: # Raise a no_auth error h.auth.no_role() return render("/attachment/confirm_delete.mako")
def _withdraw(self, id): if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_submitter(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() c.proposal = Proposal.find_by_id(id) status = ProposalStatus.find_by_name('Withdrawn') c.proposal.status = status meta.Session.commit() c.person = h.signed_in_person() # Make sure the organisers are notified of this c.email_address = h.lca_info['emails'][c.proposal.type.name.lower()] email(c.email_address, render('/proposal/withdraw_email.mako')) h.flash("Proposal withdrawn. The organisers have been notified.") return redirect_to(controller='proposal', action="index", id=None)
def _delete(self, id): c.attachment = Attachment.find_by_id(id) proposal = Proposal.find_by_id(c.attachment.proposal_id) if not h.auth.authorized(h.auth.has_organiser_role): authorized = False for person in proposal.people: if person.id == h.signed_in_person().id: authorized = True break if not authorized: # Raise a no_auth error h.auth.no_role() meta.Session.delete(c.attachment) meta.Session.commit() h.flash("Attachment Deleted") redirect_to(controller="proposal", action="view", id=proposal.id)
def _delete(self, id): c.attachment = Attachment.find_by_id(id) proposal = Proposal.find_by_id(c.attachment.proposal_id) if not h.auth.authorized(h.auth.has_organiser_role): authorized = False for person in proposal.people: if person.id == h.signed_in_person().id: authorized = True break if not authorized: # Raise a no_auth error h.auth.no_role() meta.Session.delete(c.attachment) meta.Session.commit() h.flash("Attachment Deleted") redirect_to(controller='proposal', action='view', id=proposal.id)
def edit(self, id): # We need to recheck auth in here so we can pass in the id if not h.auth.authorized( h.auth.Or(h.auth.is_same_zookeepr_submitter(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() if not h.auth.authorized(h.auth.has_organiser_role): if c.paper_editing == 'closed' and not h.auth.authorized( h.auth.has_late_submitter_role): return render("proposal/editing_closed.mako") elif c.paper_editing == 'not_open': return render("proposal/editing_not_open.mako") c.proposal = Proposal.find_by_id(id) c.person = c.proposal.people[0] for person in c.proposal.people: if h.signed_in_person() == person: c.person = person defaults = h.object_to_defaults(c.proposal, 'proposal') defaults.update(h.object_to_defaults(c.person, 'person')) defaults['person.name'] = c.person.firstname + " " + c.person.lastname # This is horrible, don't know a better way to do it if c.proposal.type: defaults['proposal.type'] = defaults['proposal.proposal_type_id'] if c.proposal.travel_assistance: defaults['proposal.travel_assistance'] = defaults[ 'proposal.travel_assistance_type_id'] if c.proposal.accommodation_assistance: defaults['proposal.accommodation_assistance'] = defaults[ 'proposal.accommodation_assistance_type_id'] if c.proposal.audience: defaults['proposal.audience'] = defaults[ 'proposal.target_audience_id'] defaults['person_to_edit'] = c.person.id defaults['name'] = c.person.firstname + " " + c.person.lastname c.miniconf = (c.proposal.type.name == 'Miniconf') form = render('/proposal/edit.mako') return htmlfill.render(form, defaults)
def _withdraw(self, id): if not h.auth.authorized( h.auth.Or(h.auth.is_same_zookeepr_submitter(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() c.proposal = Proposal.find_by_id(id) status = ProposalStatus.find_by_name('Withdrawn') c.proposal.status = status meta.Session.commit() c.person = h.signed_in_person() # Make sure the organisers are notified of this c.email_address = h.lca_info['emails'][c.proposal.type.name.lower()] email(c.email_address, render('/proposal/withdraw_email.mako')) h.flash("Proposal withdrawn. The organisers have been notified.") return redirect_to(controller='proposal', action="index", id=None)
def _attach(self, id): """Attach a file to the proposal. """ # We need to recheck auth in here so we can pass in the id if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_submitter(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() c.proposal = Proposal.find_by_id(id) attachment_results = self.form_result['attachment'] attachment = Attachment(**attachment_results) c.proposal.attachments.append(attachment) meta.Session.commit() h.flash("File was attached") return redirect_to(action='view', id=id)
def _edit(self, id): # We need to recheck auth in here so we can pass in the id if not h.auth.authorized( h.auth.Or(h.auth.is_same_zookeepr_submitter(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() if not h.auth.authorized(h.auth.has_organiser_role): if c.paper_editing == 'closed' and not h.auth.authorized( h.auth.has_late_submitter_role): return render("proposal/editing_closed.mako") elif c.paper_editing == 'not_open': return render("proposal/editing_not_open.mako") c.proposal = Proposal.find_by_id(id) for key in self.form_result['proposal']: setattr(c.proposal, key, self.form_result['proposal'][key]) c.proposal.abstract = self.clean_abstract(c.proposal.abstract) c.person = self.form_result['person_to_edit'] if (c.person.id == h.signed_in_person().id or h.auth.authorized(h.auth.has_organiser_role)): for key in self.form_result['person']: setattr(c.person, key, self.form_result['person'][key]) p_edit = "and author" else: p_edit = "(but not author)" meta.Session.commit() if lca_info['proposal_update_email'] != '': body = "Subject: %s Proposal Updated\n\nID: %d\nTitle: %s\nType: %s\nURL: %s" % ( h.lca_info['event_name'], c.proposal.id, c.proposal.title, c.proposal.type.name.lower(), "http://" + h.host_name() + h.url_for(action="view")) email(lca_info['proposal_update_email'], body) h.flash("Proposal %s edited!" % p_edit) return redirect_to('/proposal')
def _new(self): if c.cfp_status == 'closed': if not h.auth.authorized( h.auth.Or(h.auth.has_organiser_role, h.auth.has_late_submitter_role)): return render("proposal/closed.mako") elif c.cfp_status == 'not_open': return render("proposal/not_open.mako") person_results = self.form_result['person'] proposal_results = self.form_result['proposal'] attachment_results = self.form_result['attachment'] proposal_results['status'] = ProposalStatus.find_by_name('Pending') c.proposal = Proposal(**proposal_results) c.proposal.abstract = self.clean_abstract(c.proposal.abstract) meta.Session.add(c.proposal) if not h.signed_in_person(): c.person = model.Person(**person_results) meta.Session.add(c.person) email(c.person.email_address, render('/person/new_person_email.mako')) else: c.person = h.signed_in_person() for key in person_results: setattr(c.person, key, self.form_result['person'][key]) c.person.proposals.append(c.proposal) if attachment_results is not None: attachment = Attachment(**attachment_results) c.proposal.attachments.append(attachment) meta.Session.add(attachment) meta.Session.commit() email(c.person.email_address, render('proposal/thankyou_email.mako')) h.flash("Proposal submitted!") return redirect_to(controller='proposal', action="index", id=None)
def _attach(self, id): """Attach a file to the proposal. """ # We need to recheck auth in here so we can pass in the id if not h.auth.authorized( h.auth.Or(h.auth.is_same_zookeepr_submitter(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() c.proposal = Proposal.find_by_id(id) attachment_results = self.form_result['attachment'] attachment = Attachment(**attachment_results) c.proposal.attachments.append(attachment) meta.Session.commit() h.flash("File was attached") return redirect_to(action='view', id=id)
def view(self, id): attachment = Attachment.find_by_id(id) proposal = Proposal.find_by_id(attachment.proposal_id) if not h.auth.authorized(h.auth.has_organiser_role): authorized = False for person in proposal.people: if h.auth.is_same_zookeepr_user(person.id): authorized = True break if not authorized: # Raise a no_auth error h.auth.no_role() response.headers["content-type"] = attachment.content_type.encode("ascii", "ignore") response.headers.add("content-transfer-encoding", "binary") response.headers.add("content-length", len(attachment.content)) response.headers["content-disposition"] = 'attachment; filename="%s";' % attachment.filename.encode( "ascii", "ignore" ) response.headers.add("Pragma", "cache") response.headers.add("Cache-Control", "max-age=3600,public") return attachment.content
def edit(self, id): # We need to recheck auth in here so we can pass in the id if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_submitter(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() if not h.auth.authorized(h.auth.has_organiser_role): if c.paper_editing == 'closed' and not h.auth.authorized(h.auth.has_late_submitter_role): return render("proposal/editing_closed.mako") elif c.paper_editing == 'not_open': return render("proposal/editing_not_open.mako") c.proposal = Proposal.find_by_id(id) c.person = c.proposal.people[0] for person in c.proposal.people: if h.signed_in_person() == person: c.person = person defaults = h.object_to_defaults(c.proposal, 'proposal') defaults.update(h.object_to_defaults(c.person, 'person')) defaults['person.name'] = c.person.firstname + " " + c.person.lastname # This is horrible, don't know a better way to do it if c.proposal.type: defaults['proposal.type'] = defaults['proposal.proposal_type_id'] if c.proposal.travel_assistance: defaults['proposal.travel_assistance'] = defaults['proposal.travel_assistance_type_id'] if c.proposal.accommodation_assistance: defaults['proposal.accommodation_assistance'] = defaults['proposal.accommodation_assistance_type_id'] if c.proposal.audience: defaults['proposal.audience'] = defaults['proposal.target_audience_id'] defaults['person_to_edit'] = c.person.id defaults['name'] = c.person.firstname + " " + c.person.lastname c.miniconf = (c.proposal.type.name == 'Miniconf') form = render('/proposal/edit.mako') return htmlfill.render(form, defaults)
def view(self, id): attachment = Attachment.find_by_id(id) proposal = Proposal.find_by_id(attachment.proposal_id) if not h.auth.authorized(h.auth.has_organiser_role): authorized = False for person in proposal.people: if h.auth.is_same_zookeepr_user(person.id): authorized = True break if not authorized: # Raise a no_auth error h.auth.no_role() response.headers['content-type'] = attachment.content_type.encode( 'ascii', 'ignore') response.headers.add('content-transfer-encoding', 'binary') response.headers.add('content-length', len(attachment.content)) response.headers[ 'content-disposition'] = 'attachment; filename="%s";' % attachment.filename.encode( 'ascii', 'ignore') response.headers.add('Pragma', 'cache') response.headers.add('Cache-Control', 'max-age=3600,public') return attachment.content
def _to_python(self, value, state): return Proposal.find_by_id(int(value))
def approve(self): c.highlight = set() c.proposals = Proposal.find_all() c.statuses = ProposalStatus.find_all() return render("proposal/approve.mako")