def delete(entry_id, inc_page=0):
if not ModuleAPI.can_write('navigation'):
return abort(403)
if inc_page and not ModuleAPI.can_write('page'):
flash(_('You do not have rights to remove pages'))
return abort(403)
entry = db.session.query(NavigationEntry).filter_by(id=entry_id).first()
if not entry:
abort(404)
if not entry.parent:
if entry.children.count() > 0:
flash('Deze item heeft nog subitems.', 'danger')
return redirect(url_for('navigation.edit', entry_id=entry.id))
if inc_page:
if entry.external or entry.activity_list:
flash('Deze item verwijst niet naar een pagina op deze website.',
'danger')
else:
path = entry.url.lstrip('/')
if PageAPI.remove_page(path):
flash('De pagina is verwijderd.', 'success')
else:
flash('De te verwijderen pagina kon niet worden gevonden.',
'danger')
db.session.delete(entry)
db.session.commit()
flash('De navigatie-item is verwijderd.', 'success')
return redirect(url_for('navigation.view'))
def get_current_admin_guide():
module_name = request.blueprint
admin_guide = Page.get_by_path('guides/admin/' + module_name)
if not admin_guide or not ModuleAPI.can_write(module_name):
admin_revision = PageRevision(None, None, None, None, None, None, None)
if ModuleAPI.can_write(module_name):
admin_revision.title = 'Er is geen admin handleiding beschikbaar voor ' +\
module_name
if ModuleAPI.can_write('page'):
admin_revision.content = 'Voeg ' +\
'<a href="/edit/guides/admin/' + module_name + '"> hier </a>' +\
' een admin handleiding toe.'
else:
admin_revision.content = ''
else:
admin_revision.title = ''
admin_revision.content = ''
else:
admin_revision = admin_guide.get_latest_revision()
if ModuleAPI.can_write('page') and\
ModuleAPI.can_write(module_name):
admin_revision.title += '<a href="/edit/guides/admin/' + module_name +\
'"> (bewerk) </a>'
return admin_revision
def get_current_user_guide():
module_name = request.blueprint
""" Get the user guide for a specific module """
user_guide = Page.get_by_path('guides/user/' + module_name)
if not user_guide:
user_revision = PageRevision(None, None, None, None, None, None, None)
user_revision.title = 'Er is geen user handleiding beschikbaar voor ' +\
module_name
if ModuleAPI.can_write('page') and\
ModuleAPI.can_write(module_name):
user_revision.content = 'Voeg ' +\
'<a href="/edit/guides/user/' + module_name + '"> hier </a>' +\
' een user handleiding toe.'
else:
user_revision.content = ''
else:
user_revision = user_guide.get_latest_revision()
if ModuleAPI.can_write('page') and\
ModuleAPI.can_write(module_name):
user_revision.title += '<a href="/edit/guides/user/' + module_name +\
'"> (bewerk) </a>'
return user_revision
def view_single(user_id=None):
if user_id is None:
if current_user.is_authenticated:
return redirect(url_for('user.view_single',
user_id=current_user.id))
return redirect(url_for('user.view'))
can_read = False
can_write = False
# Only logged in users can view profiles
if current_user.is_anonymous:
return abort(403)
# Unpaid members cannot view other profiles
if current_user.id != user_id and not current_user.has_paid:
return abort(403)
# A user can always view his own profile
if current_user.id == user_id:
can_write = True
can_read = True
# group rights
if ModuleAPI.can_read('user'):
can_read = True
if ModuleAPI.can_write('user'):
can_write = True
can_read = True
user = User.query.get_or_404(user_id)
user.avatar = UserAPI.avatar(user)
user.groups = UserAPI.get_groups_for_user_id(user)
user.groups_amount = user.groups.count()
if "gravatar" in user.avatar:
user.avatar = user.avatar + "&s=341"
# Get all activity entrees from these forms, order by start_time of
# activity.
activities = Activity.query.join(CustomForm).join(CustomFormResult).\
filter(CustomFormResult.owner_id == user_id and
CustomForm.id == CustomFormResult.form_id and
Activity.form_id == CustomForm.id)
user.activities_amount = activities.count()
new_activities = activities\
.filter(Activity.end_time > datetime.today()).distinct()\
.order_by(Activity.start_time)
old_activities = activities\
.filter(Activity.end_time < datetime.today()).distinct()\
.order_by(Activity.start_time.desc())
return render_template('user/view_single.htm', user=user,
new_activities=new_activities,
old_activities=old_activities,
can_read=can_read,
can_write=can_write)
def remove_avatar(user_id=None):
user = User.query.get(user_id)
if not ModuleAPI.can_write('user') and\
(current_user.is_anonymous or current_user.id != user_id):
return abort(403)
UserAPI.remove_avatar(user)
return redirect(url_for('user.view_single', user_id=user_id))
def delete(path):
if not ModuleAPI.can_write('page'):
return abort(403)
page = Page.get_by_path(path)
if not page:
flash(_('The page you tried to delete does not exist.'), 'danger')
return redirect(url_for('page.get_page', path=path))
abort(404)
rev = page.get_latest_revision()
class DeleteForm(Form):
title = StringField(_('Page title'))
form = DeleteForm(request.form)
if form.validate_on_submit():
if rev.title == form.title.data:
db.session.delete(page)
db.session.commit()
flash(_('The page has been deleted'), 'success')
return redirect(url_for('home.home'))
else:
flash(_('The given title does not match the page title.'),
'warning')
else:
flash_form_errors(form)
return render_template('page/delete.htm', rev=rev, form=form)
def new_submission(challenge_id=None):
if not ModuleAPI.can_read('challenge') or current_user.is_anonymous:
abort(403)
if request.args.get('challenge_id'):
challenge_id = request.args.get('challenge_id')
else:
return "Error, no 'challenge_id' given"
if request.args.get('submission'):
submission = request.args.get('submission')
else:
return "Error, no 'submission' given"
new_submission = ChallengeAPI.create_submission(challenge_id=challenge_id,
user_id=current_user.id,
submission=submission,
image_path=None)
if new_submission is False:
return "Question is already submitted"
challenge = ChallengeAPI.fetch_challenge(challenge_id)
return ChallengeAPI.validate_question(new_submission, challenge)
def admin_vote():
if not ModuleAPI.can_write('elections'):
return abort(403)
rp = db.engine.execute('SELECT a.*, (SELECT COUNT(*) FROM dvhj_vote b '
'WHERE b.nominee_id=a.id) AS votes '
'FROM dvhj_nominee a WHERE a.valid=1 '
'ORDER BY votes DESC;')
nominees = []
def nomi(row):
return {'id': row[0],
'created': row[1],
'modified': row[2],
'name': row[3],
'valid': row[4],
'votes': row[5]}
while True:
row = rp.fetchone()
if row is None:
break
nominees.append(nomi(row))
return render_template('elections/admin_vote.htm',
title='Docent van het jaar IW/Stemmen/Admin',
nominees=nominees)
def has_paid(submit_id=None):
response = "success"
if not ModuleAPI.can_write('custom_form') or current_user.is_anonymous:
return abort(403)
# Test if user already signed up
submission = CustomFormResult.query.filter(
CustomFormResult.id == submit_id
).first()
if not submission:
response = "Error, submission could not be found"
# Adjust the "has_paid"
if submission.has_paid:
submission.has_paid = False
else:
submission.has_paid = True
db.session.add(submission)
db.session.commit()
copernica_data = {
"Betaald": "Ja" if submission.has_paid else "Nee",
}
copernica.update_subprofile(copernica.SUBPROFILE_ACTIVITY,
submission.owner_id, submission.form_id,
copernica_data)
return response
def get_users():
if not ModuleAPI.can_read('user'):
return abort(403)
users = User.query.all()
user_list = []
for user in users:
user_list.append(
[user.id,
user.email,
user.first_name,
user.last_name,
user.student_id,
user.education.name
if user.education else "",
"<i class='glyphicon glyphicon-ok'></i>"
if user.has_paid else "",
"<i class='glyphicon glyphicon-ok'></i>"
if user.honorary_member else "",
"<i class='glyphicon glyphicon-ok'></i>"
if user.favourer else "",
"<i class='glyphicon glyphicon-ok'></i>"
if user.alumnus else ""
])
return json.dumps({"data": user_list})
def list(page=0):
if not ModuleAPI.can_read('mollie'):
return abort(403)
payments, message = mollie.get_payments(page)
return render_template('mollie/list.htm', payments=payments,
message=message, page=page)
def remove_response(submit_id=None):
response = "success"
if not ModuleAPI.can_read('custom_form'):
return abort(403)
# Test if user already signed up
submission = CustomFormResult.query.filter(
CustomFormResult.id == submit_id
).first()
if not submission:
abort(404)
form_id = submission.form_id
max_attendants = submission.form.max_attendants
db.session.delete(submission)
db.session.commit()
all_sub = CustomFormResult.query.filter(
CustomFormResult.form_id == form_id
).all()
if max_attendants <= len(all_sub):
from_list = all_sub[max_attendants - 1]
copernica_data = {
"Reserve": "Nee"
}
copernica.update_subprofile(
copernica.SUBPROFILE_ACTIVITY, from_list.owner_id,
from_list.form_id, copernica_data)
return response
def get_navigation_menu(group_id, personal, type):
if not ModuleAPI.can_read('pimpy'):
return abort(403)
if current_user.is_anonymous:
flash('Huidige gebruiker niet gevonden!', 'danger')
return redirect(url_for('pimpy.view_minutes'))
groups = current_user.groups\
.filter(Group.name != 'all').order_by(Group.name.asc()).all()
if not type:
type = 'minutes'
endpoint = 'pimpy.view_' + type
endpoints = {'view_chosentype': endpoint,
'view_chosentype_personal': endpoint + '_personal',
'view_chosentype_chosenpersonal': endpoint +
('_personal' if personal and type != 'minutes' else ''),
'view_tasks': 'pimpy.view_tasks',
'view_tasks_personal': 'pimpy.view_tasks_personal',
'view_tasks_chosenpersonal': 'pimpy.view_tasks',
'view_minutes': 'pimpy.view_minutes'}
if personal:
endpoints['view_tasks_chosenpersonal'] += '_personal'
if not group_id:
group_id = 'all'
if group_id != 'all':
group_id = int(group_id)
return Markup(render_template('pimpy/api/side_menu.htm', groups=groups,
group_id=group_id, personal=personal,
type=type, endpoints=endpoints,
title='PimPy'))
def get_minutes_in_date_range(group_id, start_date, end_date):
"""Load all minutes in the given group."""
if not ModuleAPI.can_read('pimpy'):
return abort(403)
if current_user.is_anonymous:
flash('Huidige gebruiker niet gevonden', 'danger')
return redirect(url_for('pimpy.view_minutes'))
list_items = {}
start_date = datetime.datetime.strptime(start_date, "%Y-%m-%d")
end_date = datetime.datetime.strptime(end_date, "%Y-%m-%d")
if group_id != 'all':
query = Minute.query.filter(Minute.group_id == group_id).\
filter(start_date <= Minute.minute_date,
Minute.minute_date <= end_date).\
order_by(Minute.minute_date.desc())
list_items[Group.query.filter(Group.id == group_id).first().name]\
= query.all()
# this should be done with a sql in statement, or something, but meh
else:
for group in current_user.groups:
query = Minute.query.filter(Minute.group_id == group.id)
query = query.order_by(Minute.minute_date.desc())
list_items[group.name] = query.all()
return Markup(render_template('pimpy/api/minutes.htm',
list_items=list_items, type='minutes',
group_id=group_id, line_number=-1,
title='PimPy'))
def get_ranking():
if not ModuleAPI.can_read('challenge'):
abort(403)
ranking = ChallengeAPI.get_ranking()
return jsonify(ranking=[user.serialize for user in ranking])
def edit(contact_id=None):
"""Create or edit a contact, frontend."""
if not ModuleAPI.can_read('contact'):
return abort(403)
if contact_id:
contact = Contact.query.get(contact_id)
else:
contact = Contact()
form = ContactForm(request.form, contact)
locations = Location.query.order_by('address').order_by('city')
form.location_id.choices = \
[(l.id, '%s, %s' % (l.address, l.city)) for l in locations]
if form.validate_on_submit():
if not contact.id and Contact.query.filter(
Contact.email == form.email.data).count():
flash(_('Contact email "%s" is already in use.' %
form.email.data), 'danger')
return render_template('contact/edit.htm', contact=contact,
form=form)
form.populate_obj(contact)
db.session.add(contact)
db.session.commit()
flash(_('Contact person saved.'), 'success')
return redirect(url_for('contact.edit', contact_id=contact.id))
else:
flash_form_errors(form)
return render_template('contact/edit.htm', contact=contact, form=form)
def list(page_nr=1):
"""Show a paginated list of contacts."""
if not ModuleAPI.can_read('contact'):
return abort(403)
contacts = Contact.query.paginate(page_nr, 15, False)
return render_template('contact/list.htm', contacts=contacts)
def view():
if not ModuleAPI.can_read('navigation'):
return abort(403)
entries = NavigationAPI.get_entries()
return render_template('navigation/view.htm', nav_entries=entries)
def create_challenge(challenge_id=None):
if not ModuleAPI.can_write('challenge'):
abort(403)
# Gather all arguments
if request.args.get('parent_id'):
parent_id = request.args.get('parent_id')
else:
return "Error, no 'parent_id' given"
if request.args.get('name'):
name = request.args.get('name')
else:
return "Error, no 'name' given"
if request.args.get('description'):
description = request.args.get('description')
else:
return "Error, no 'description' given"
if request.args.get('type'):
type = request.args.get('type')
else:
return "Error, no 'type' given"
if request.args.get('start_date'):
start_date = datetime.datetime.strptime(request.args.get('start_date'),
'%Y-%m-%d').date()
else:
return "Error, no 'start_date' given"
if request.args.get('end_date'):
end_date = datetime.datetime.strptime(request.args.get('end_date'),
'%Y-%m-%d').date()
else:
return "Error, no 'end_date' given"
if request.args.get('answer'):
answer = request.args.get('answer')
else:
return "Error, no 'answer' given"
if request.args.get('weight'):
weight = request.args.get('weight')
else:
return "Error, no 'weight' given"
if request.args.get('hint'):
hint = request.args.get('hint')
else:
return "Error, no 'hint' given"
# Check if the name of the challenge is unique
if ChallengeAPI.challenge_exists(name):
return "Error, challenge with name '" + name + "' already exists"
return ChallengeAPI.create_challenge(name, description, hint, start_date,
end_date, parent_id, weight, type,
answer)
def reorder():
if not ModuleAPI.can_write('navigation'):
return abort(403)
entries = json.loads(request.form['entries'])
NavigationAPI.order(entries, None)
return ""
def group_api_get_users(group_id):
if not (ModuleAPI.can_read("group")):
return abort(403)
group = Group.query.get(group_id)
users = group.users.order_by(User.first_name, User.last_name).all()
res = [{"val": user.id, "label": user.name} for user in users]
return jsonify(users=res)
def fetch_all():
if not ModuleAPI.can_write('challenge'):
abort(403)
challenges = ChallengeAPI.fetch_all_challenges()
return jsonify(challenges=[challenge.serialize for challenge in
challenges])
def view(redirect_id=None):
if not ModuleAPI.can_read('redirect'):
return abort(403)
can_write = ModuleAPI.can_write('redirect')
redirection = Redirect.query.get(redirect_id) if redirect_id else None
if redirection:
form = RedirectForm(request.form, redirection)
else:
form = RedirectForm(request.form)
if form.validate_on_submit():
if not can_write:
return abort(403)
fro = form.data['fro'].rstrip('/')
to = form.data['to']
old_redirection = Redirect.query.filter(Redirect.fro == fro).first()
if old_redirection and old_redirection.id != redirect_id:
flash('Er is al een omleiding vanaf dat pad gedefiniëerd.',
'danger')
else:
if redirection:
redirection.fro = fro
redirection.to = to
else:
redirection = Redirect(fro, to)
db.session.add(redirection)
db.session.commit()
flash('De omleiding is succesvol opgeslagen.')
return redirect(url_for('redirect.view',
redirect_id=redirection.id))
redirections = Redirect.query.order_by(Redirect.fro).all()
return render_template('redirect.htm', redirections=redirections,
redirection=redirection, form=form,
can_write=can_write)
def view(page_nr=1):
if not (ModuleAPI.can_read("group")):
return abort(403)
form = ViewGroupForm(request.form)
pagination = Group.query.order_by(Group.name).paginate(page_nr, 15, False)
if form.validate_on_submit():
if form.delete_group.data:
if ModuleAPI.can_write("group"):
group_ids = []
for group, form_entry in zip(pagination.items, form.entries):
if form_entry.select.data:
group_ids.append(group.id)
groups = Group.query.filter(Group.id.in_(group_ids)).all()
for group in groups:
db.session.delete(group)
db.session.commit()
if len(groups) > 1:
flash("The selected groups have been deleted.", "success")
else:
flash("The selected group has been deleted.", "success")
return redirect(url_for("group.view"))
else:
flash("This incident has been reported to our authorities.", "warning")
else:
for group in pagination.items:
form.entries.append_entry()
flash_form_errors(form)
return render_template(
"group/view.htm",
form=form,
pagination=pagination,
groups=zip(pagination.items, form.entries),
current_user=current_user,
title="Groups",
)
def view_minutes(group_id='all'):
if not ModuleAPI.can_read('pimpy'):
return abort(403)
if not (group_id == 'all' or group_id.isdigit()):
return abort(404)
if group_id != 'all' and not current_user.member_of_group(group_id):
return abort(403)
return PimpyAPI.get_minutes(group_id)
def edit_seo():
# TODO CHANGE THIS TO SEO
if not ModuleAPI.can_write('seo'):
return abort(403)
module = request.args['module']
path = request.args['path']
seo = SeoAPI.get_seo(module, path)
# Retrieve form info.
form = SeoForm(request.form, seo)
# On Seo submit (edit or create)
if form.validate_on_submit():
if seo:
# Edit the seo entry
seo.nl_title = form.nl_title.data.strip()
seo.en_title = form.en_title.data.strip()
seo.nl_description = form.nl_description.data.strip()
seo.en_description = form.en_description.data.strip()
seo.nl_tags = form.nl_tags.data.strip()
seo.en_tags = form.en_tags.data.strip()
print("SEO")
db.session.add(seo)
db.session.commit()
if not seo:
# Get seo resources to indentify the seo in the database.
res = SeoAPI.get_resources(module, path)
# Create the new seo entry
seo = SEO(res['page'],
res['page_id'],
res['activity'],
res['activity_id'],
res['url'],
form.nl_title.data.strip(),
form.en_title.data.strip(),
form.nl_description.data.strip(),
form.en_description.data.strip(),
form.nl_tags.data.strip(),
form.en_tags.data.strip())
print(vars(seo))
db.session.add(seo)
db.session.commit()
flash(_('The seo settings have been saved'), 'success')
# redirect newly created page
return redirect(url_for('page.get_page', path=path))
else:
flash_form_errors(form)
return render_template('seo/edit_seo.htm', form=form)
def delete(location_id):
"""Delete a location."""
if not ModuleAPI.can_write('location'):
return abort(403)
location = Location.query.get_or_404(location_id)
db.session.delete(location)
db.session.commit()
flash(_('Location deleted.'), 'success')
return redirect(url_for('location.list'))
def list(page_nr=1, search=None):
if not ModuleAPI.can_read('vacancy'):
return abort(403)
# Order the vacancies in such a way that vacancies that are new
# or almost expired, end up on top.
order = func.abs(
(100 * (func.datediff(Vacancy.start_date, func.current_date()) /
func.datediff(Vacancy.start_date, Vacancy.end_date))) - 50)
if search is not None:
vacancies = Vacancy.query.join(Company). \
filter(or_(Vacancy.title.like('%' + search + '%'),
Company.name.like('%' + search + '%'),
Vacancy.workload.like('%' + search + '%'),
Vacancy.contract_of_service.like('%' + search + '%'))) \
.order_by(order.desc())
if not ModuleAPI.can_write('vacancy'):
vacancies = vacancies.filter(
and_(Vacancy.start_date <
datetime.utcnow(), Vacancy.end_date >
datetime.utcnow()))
vacancies = vacancies.paginate(page_nr, 15, False)
return render_template('vacancy/list.htm', vacancies=vacancies,
search=search, path=FILE_FOLDER,
title="Vacatures")
if ModuleAPI.can_write('vacancy'):
vacancies = Vacancy.query.join(Company).order_by(order.desc())
else:
vacancies = Vacancy.query.order_by(order.desc()) \
.filter(and_(Vacancy.start_date <
datetime.utcnow(), Vacancy.end_date >
datetime.utcnow()))
vacancies = vacancies.paginate(page_nr, 15, False)
return render_template('vacancy/list.htm', vacancies=vacancies,
search="", path=FILE_FOLDER, title="Vacatures")
def view_minute_raw(group_id, minute_id):
if not ModuleAPI.can_read('pimpy'):
return abort(403)
if not (group_id == 'all' or group_id.isdigit()):
return abort(404)
if group_id != 'all' and not current_user.member_of_group(group_id):
return abort(403)
return (PimpyAPI.get_minute_raw(group_id, minute_id),
{'Content-Type': 'text/plain; charset=utf-8'})
def view_tasks_in_date_range(group_id='all'):
if not ModuleAPI.can_read('pimpy'):
return abort(403)
if group_id != 'all' and not current_user.member_of_group(group_id):
return abort(403)
group_id = request.form['group_id']
start_date = request.form['start_date']
end_date = request.form['end_date']
return PimpyAPI.get_tasks_in_date_range(
group_id, False, start_date, end_date)