示例#1
0
def add_championship(competition_id, championship_type):
    with client.context():
        me = auth.user()
        if not me or not me.HasAnyRole(Roles.AdminRoles()):
            abort(403)
        competition = Competition.get_by_id(competition_id)
        if championship_type == 'national':
            championship_id = Championship.NationalsId(competition.year)
        elif championship_type == 'regional':
            championship_id = Championship.RegionalsId(
                competition.year,
                competition.state.get().region.get())
        elif championship_type == 'state':
            championship_id = Championship.StateChampionshipId(
                competition.year, competition.state.get())
        championship = (Championship.get_by_id(championship_id)
                        or Championship(id=championship_id))

        if championship_type == 'national':
            championship.national_championship = True
        elif championship_type == 'regional':
            championship.region = competition.state.get().region
        elif championship_type == 'state':
            championship.state = competition.state
        championship.competition = competition.key
        championship.put()
        # TODO: if we changed a championship we should update champions and eligibilities.
        return redirect('/admin/edit_championships')
示例#2
0
 def get_nav_items(self):
     items = [
         ('Home', '/'),
         ('Competitions', [
             ('Nationals', '/nationals'),
             ('Regional Championships', '/regional'),
         ]),
         ('Competitors', [
             ('State Rankings', '/state_rankings'),
             ('WCA Competitor Tutorial',
              'https://www.worldcubeassociation.org/edudoc/competitor-tutorial/tutorial.pdf'
              ),
         ]),
         ('Organizers', [
             ('CubingUSA Supported Competitions', '/supported'),
             ('WCA Organizer Guidelines',
              'https://www.worldcubeassociation.org/organizer-guidelines'),
         ]),
         ('About', [
             ('About CubingUSA', '/about'),
             ('Who we are', '/about/who'),
             ('Donations', '/about/donations'),
             ('Contact Us', '/about/contact'),
             ('Logo', '/about/logo'),
             ('Public Documents', '/about/documents'),
         ]),
     ]
     if self.user and self.user.HasAnyRole(Roles.AdminRoles()):
         items += [('Admin', [
             ('Edit Users', '/admin/edit_users'),
             ('Edit Championships', '/admin/edit_championships'),
         ])]
     return items
示例#3
0
def edit_championships():
    with client.context():
        me = auth.user()
        if not me or not me.HasAnyRole(Roles.AdminRoles()):
            abort(403)

        all_us_competitions = (Competition.query(
            Competition.country == ndb.Key(Country, 'USA')).order(
                Competition.name).fetch())

        national_championships = (Championship.query(
            Championship.national_championship == True).order(
                -Championship.year).fetch())
        regional_championships = (Championship.query(
            Championship.region != None).order(
                Championship.region).order(-Championship.year).fetch())
        state_championships = (Championship.query(
            Championship.state != None).order(
                Championship.state).order(-Championship.year).fetch())

        states = State.query().fetch()
        regions = Region.query().fetch()

        return render_template('admin/edit_championships.html',
                               c=common.Common(),
                               all_us_competitions=all_us_competitions,
                               national_championships=national_championships,
                               regional_championships=regional_championships,
                               state_championships=state_championships,
                               states=states,
                               regions=regions)
示例#4
0
def delete_championship(championship_id):
    with client.context():
        me = auth.user()
        if not me or not me.HasAnyRole(Roles.AdminRoles()):
            abort(403)
        championship = Championship.get_by_id(championship_id)
        championship.key.delete()
        # TODO: if we changed a championship we should update champions and eligibilities.
        return redirect('/admin/edit_championships')
示例#5
0
def EditableRoles(user, editor):
    if not editor:
        return []
    if editor.HasAnyRole([Roles.GLOBAL_ADMIN]):
        return Roles.AllRoles()
    elif editor.HasAnyRole([Roles.WEBMASTER, Roles.DIRECTOR]):
        return [Roles.WEBMASTER, Roles.DIRECTOR]
    else:
        return []
示例#6
0
def edit_users_table(filter_text=''):
    with client.context():
        me = auth.user()
        if not me or not me.HasAnyRole(Roles.AdminRoles()):
            abort(403)

        if filter_text:
            users_to_show = User.query(ndb.OR(
                User.name == filter_text, User.city == filter_text,
                User.wca_person == ndb.Key(Person, filter_text)),
                                       order_by=[User.name]).fetch(30)
        else:
            users_to_show = User.query(order_by=[User.name]).fetch(30)

        return render_template('admin/edit_users_table.html',
                               c=Common(),
                               users=users_to_show)
示例#7
0
文件: user.py 项目: cubingusa/org
def edit_user(user_id=-1):
    with client.context():
        me = auth.user()
        if not me:
            return redirect('/')
        if user_id == -1:
            user = me
        else:
            user = User.get_by_id(user_id)
        if not user:
            return error('Unrecognized user ID %d' % user_id)
        if not permissions.CanViewUser(user, me):
            return error('You\'re not authorized to view this user.')

        if request.method == 'GET':
            return render_template(
                'edit_user.html',
                c=Common(),
                user=user,
                all_roles=Roles.AllRoles(),
                editing_location_enabled=permissions.CanEditLocation(user, me),
                can_view_roles=permissions.CanViewRoles(user, me),
                editable_roles=permissions.EditableRoles(user, me),
                successful=request.args.get('successful', 0))

        city = request.form['city']
        state_id = request.form['state']
        if state_id == 'empty':
            state_id = ''

        if request.form['lat'] and request.form['lng']:
            lat = int(request.form['lat'])
            lng = int(request.form['lng'])
        else:
            lat = 0
            lng = 0
        template_dict = {}

        old_state_id = user.state.id() if user.state else ''
        changed_location = user.city != city or old_state_id != state_id
        user_modified = False
        if permissions.CanEditLocation(user, me) and changed_location:
            if city:
                user.city = city
            else:
                del user.city
            if state_id:
                user.state = ndb.Key(State, state_id)
            else:
                del user.state
            if user.wca_person and old_state_id != state_id:
                wca_person = user.wca_person.get()
                if wca_person:
                    wca_person.state = user.state
                    wca_person.put()
                RewriteRanks(wca_person)
            user.latitude = lat
            user.longitude = lng
            user_modified = True

            if changed_location:
                # Also save the Update.
                update = UserLocationUpdate()
                update.updater = me.key
                if city:
                    update.city = city
                update.update_time = datetime.datetime.now()
                if state_id:
                    update.state = ndb.Key(State, state_id)
                user.updates.append(update)

        elif changed_location:
            return error('You\'re not authorized to edit user locations.')

        for role in permissions.EditableRoles(user, me):
            if role in request.form and role not in user.roles:
                user.roles.append(role)
                user_modified = True
            elif role not in request.form and role in user.roles:
                user.roles.remove(role)
                user_modified = True

        if user_modified:
            user.put()

        return redirect(request.path + '?successful=1')
示例#8
0
def CanEditLocation(user, editor):
    if not editor:
        return False
    if editor.HasAnyRole(Roles.AdminRoles()):
        return True
    return user == editor
示例#9
0
def CanViewRoles(user, viewer):
    if not viewer:
        return False
    return (viewer.HasAnyRole(Roles.DelegateRoles())
            or viewer.HasAnyRole(Roles.AdminRoles()))
示例#10
0
文件: auth.py 项目: cubingusa/org
    def oauth_callback():
        with client.context():
            token = oauth.wca.authorize_access_token()
            resp = oauth.wca.get('me')
            resp.raise_for_status()

            wca_info = resp.json()['me']
            session['wca_account_number'] = str(wca_info['id'])
            session.permanent = True

            user = User.get_by_id(str(
                wca_info['id'])) or User(id=str(wca_info['id']))
            if 'wca_id' in wca_info and wca_info['wca_id']:
                user.wca_person = ndb.Key(Person, wca_info['wca_id'])
                # If the user has a state on their account, we should update this on the
                # Person and Ranks as well.
                if user.state:
                    person = user.wca_person.get()
                    if person:
                        person.state = user.state
                        person.put()
                        for rank_class in (RankSingle, RankAverage):
                            ndb.put_multi(
                                rank_class.query(
                                    rank_class.person == person.key).fetch())
            else:
                del user.wca_person

            if 'name' in wca_info:
                user.name = wca_info['name']
            else:
                del user.name

            if 'email' in wca_info:
                user.email = wca_info['email']
            else:
                del user.email

            user.roles = [
                role for role in user.roles
                if role not in Roles.DelegateRoles()
            ]
            if 'delegate_status' in wca_info:
                if wca_info['delegate_status'] == 'senior_delegate':
                    user.roles.append(Roles.SENIOR_DELEGATE)
                elif wca_info['delegate_status'] in ('delegate',
                                                     'candidate_delegate'):
                    user.roles.append(Roles.DELEGATE)

            # For local development, make it easier to make a user a global admin.
            if os.environ.get('ADMIN_WCA_ID'):
                user.roles = [
                    role for role in user.roles if role != Roles.GLOBAL_ADMIN
                ]
                if wca_info['wca_id'] and wca_info['wca_id'] in os.environ.get(
                        'ADMIN_WCA_ID'):
                    user.roles.append(Roles.GLOBAL_ADMIN)

            if wca_info['wca_id']:
                wca_id_user = User.get_by_id(wca_info['wca_id'])
            else:
                wca_id_user = None
            if wca_id_user:
                if wca_id_user.city and not user.city:
                    user.city = wca_id_user.city
                if wca_id_user.state and not user.state:
                    user.state = wca_id_user.state
                if wca_id_user.latitude and not user.latitude:
                    user.latitude = wca_id_user.latitude
                if wca_id_user.longitude and not user.longitude:
                    user.longitude = wca_id_user.longitude
                wca_id_user.key.delete()

            user.last_login = datetime.datetime.now()

            user.put()

            return redirect(session.pop('referrer', None) or '/')
示例#11
0
def edit_users():
    with client.context():
        me = auth.user()
        if not me or not me.HasAnyRole(Roles.AdminRoles()):
            abort(403)
        return render_template('admin/edit_users.html', c=Common())