def create(request, team_link, bike_id): # get parameters start = request.GET.get('start', None) finish = request.GET.get('finish', None) try: start = start and parse(start).date() or None finish = finish and parse(finish).date() or None except ValueError: start = None finish = None team = team_control.get_or_404(team_link) account = get_object_or_404(Account, user=request.user) is_lender = team_control.is_member(account, team) bike = get_object_or_404(Bike, id=bike_id) if request.method == "POST": form = forms.Create(request.POST, bike=bike, account=account, start=start, finish=finish, is_lender=is_lender) if form.is_valid(): borrow = control.create(account, bike, form.cleaned_data["start"], form.cleaned_data["finish"], form.cleaned_data["note"].strip()) return HttpResponseRedirect("/borrow/view/%s" % borrow.id) else: form = forms.Create(bike=bike, account=account, start=start, finish=finish, is_lender=is_lender) args = { "form" : form, "form_title" : _("BORROW_CREATE"), "cancel_url" : "/%s/bike/view/%s" % (team_link, bike_id), "has_required_info" : account_control.has_required_info(account) } return rtr(team, "borrows", request, "borrow/create.html", args)
def can_change_station(account, bike, station): """ Check if an account can change the bike station. Account must be a team member, bike not currently borrowed and station must be active. """ return (station and station.active and bike.team == station.team and team_control.is_member(account, bike.team) and not currently_borrowed(bike))
def log_created_lender_callback(sender, **kwargs): log = kwargs["log"] if log.action in ["FINISHED", "BORROWER_RATE"]: return # no one cares, dont spam sys_edit = log.initiator == None if sys_edit or team_control.is_member(log.initiator, log.borrow.team): return # not need to notify team of its own actions emails = _lender_emails(log.borrow) subject, message = _get_email_templates("lender", log.action) send_mail(emails, subject, message, kwargs)
def borrower_view(request, borrow_id): account = get_object_or_404(Account, user=request.user) borrow = get_object_or_404(Borrow, id=borrow_id) if account != borrow.borrower: if team_control.is_member(account, borrow.team): # is_lender url = "/%s/borrow/view/%s" % (borrow.team.link, borrow.id) return HttpResponseRedirect(url) # redirect lender to right url raise PermissionDenied args = { "borrow" : borrow, "logs" : borrow.logs.all() } return render_response(request, "borrow/view.html", args)
def lender_view(request, team_link, borrow_id): account = get_object_or_404(Account, user=request.user) team = team_control.get_or_404(team_link) borrow = get_object_or_404(Borrow, id=borrow_id, team=team) if not team_control.is_member(account, borrow.team): # is not lender if account == borrow.borrower: # redirect borrower to right url return HttpResponseRedirect("/borrow/view/%s" % borrow.id) raise PermissionDenied args = { "borrow" : borrow, "logs" : borrow.logs.all() } return rtr(team, "borrows", request, "borrow/view.html", args)
def borrower_view(request, borrow_id): account = get_object_or_404(Account, user=request.user) borrow = get_object_or_404(Borrow, id=borrow_id) if account != borrow.borrower: if team_control.is_member(account, borrow.team): # is_lender url = "/%s/borrow/view/%s" % (borrow.team.link, borrow.id) return HttpResponseRedirect(url) # redirect lender to right url raise PermissionDenied args = {"borrow": borrow, "logs": borrow.logs.all()} return render_response(request, "borrow/view.html", args)
def lender_view(request, team_link, borrow_id): account = get_object_or_404(Account, user=request.user) team = team_control.get_or_404(team_link) borrow = get_object_or_404(Borrow, id=borrow_id, team=team) if not team_control.is_member(account, borrow.team): # is not lender if account == borrow.borrower: # redirect borrower to right url return HttpResponseRedirect("/borrow/view/%s" % borrow.id) raise PermissionDenied args = {"borrow": borrow, "logs": borrow.logs.all()} return rtr(team, "borrows", request, "borrow/view.html", args)
def can_cancel(account, borrow): today = datetime.datetime.now().date() if borrow.finish < today: # borrow ended return False is_lender = team_control.is_member(account, borrow.team) is_borrower = account == borrow.borrower lender_state = borrow.state in ["ACCEPTED"] borrower_state = borrow.state in ["REQUEST", "ACCEPTED"] return (is_borrower and borrower_state or is_lender and lender_state)
def lender_can_rate(account, borrow): today = datetime.datetime.now().date() if not today > borrow.finish: return False # to soon if borrow.state not in ["ACCEPTED"]: return False # wrong state if not team_control.is_member(account, borrow.team): return False # only members if len(Rating.objects.filter(borrow=borrow, originator='LENDER')): return False # already rated return True
def edit_is_allowed(account, bike, name, description, active, reserve, station, lockcode, size, lights): if not team_control.is_member(account, bike.team): return False if bike.active and not active and not can_deactivate(account, bike): return False if bike.station != station and not station.active: return False if bike.station != station and not can_change_station(account, bike, station): return False return True
def view(request, team_link, bike_id, tab): team = team_control.get_or_404(team_link) # get parameters start = request.GET.get('start', None) finish = request.GET.get('finish', None) try: start = start and parse(start).date() or None finish = finish and parse(finish).date() or None except ValueError: start = None finish = None # check user permissions requires_login = tab != "OVERVIEW" requires_membership = tab != "OVERVIEW" logged_in = request.user.is_authenticated() if not logged_in and requires_login: return HttpResponseRedirect("/accounts/login/?next=%s" % request.path) account = logged_in and get_object_or_404(Account, user=request.user) if requires_membership and not team_control.is_member(account, team): raise PermissionDenied # get data bike = get_object_or_404(Bike, id=bike_id, team=team) authorized = (account and team_control.is_member(account, team)) template = _VIEW[tab]["template"] list_data = None if tab == "BORROWS": borrows = bike.borrows.all() list_data = borrow_control.to_list_data(borrows, team_link=True) args = { "bike": bike, "list_data": list_data, "page_title": _VIEW[tab]["page_title"], "tabs": _tabs(bike, team, tab, authorized), "date_start": start, "date_finish": finish, } return rtr(team, "bikes", request, template, args)
def edit_is_allowed(account, bike, name, description, active, reserve, station, lockcode, size, lights): if not team_control.is_member(account, bike.team): return False if bike.active and not active and not can_deactivate(account, bike): return False if bike.station != station and not station.active: return False if bike.station != station and not can_change_station( account, bike, station): return False return True
def view(request, team_link, bike_id, tab): team = team_control.get_or_404(team_link) # get parameters start = request.GET.get('start', None) finish = request.GET.get('finish', None) try: start = start and parse(start).date() or None finish = finish and parse(finish).date() or None except ValueError: start = None finish = None # check user permissions requires_login = tab != "OVERVIEW" requires_membership = tab != "OVERVIEW" logged_in = request.user.is_authenticated() if not logged_in and requires_login: return HttpResponseRedirect("/accounts/login/?next=%s" % request.path) account = logged_in and get_object_or_404(Account, user=request.user) if requires_membership and not team_control.is_member(account, team): raise PermissionDenied # get data bike = get_object_or_404(Bike, id=bike_id, team=team) authorized = (account and team_control.is_member(account, team)) template = _VIEW[tab]["template"] list_data = None if tab == "BORROWS": borrows = bike.borrows.all() list_data = borrow_control.to_list_data(borrows, team_link=True) args = { "bike" : bike, "list_data" : list_data, "page_title" : _VIEW[tab]["page_title"], "tabs" : _tabs(bike, team, tab, authorized), "date_start" : start, "date_finish" : finish, } return rtr(team, "bikes", request, template, args)
def creation_is_allowed(account, bike, start, finish, exclude=None): if not can_borrow(bike): return False # check timeframe if finish < start: return False if not team_control.is_member(account, bike.team): # check minimum start time today = datetime.datetime.now().date() minstart = today + datetime.timedelta(days=MIN_BOOK) if start < minstart: return False # only allowed to borrow one bike at a time if len(borrows_requested_in_timeframe(account, start, finish, exclude=exclude)): return False if len(active_borrows_in_timeframe(bike, start, finish, exclude=exclude)): return False return True
def create(request, team_link, bike_id): # get parameters start = request.GET.get('start', None) finish = request.GET.get('finish', None) try: start = start and parse(start).date() or None finish = finish and parse(finish).date() or None except ValueError: start = None finish = None team = team_control.get_or_404(team_link) account = get_object_or_404(Account, user=request.user) is_lender = team_control.is_member(account, team) bike = get_object_or_404(Bike, id=bike_id) if request.method == "POST": form = forms.Create(request.POST, bike=bike, account=account, start=start, finish=finish, is_lender=is_lender) if form.is_valid(): borrow = control.create(account, bike, form.cleaned_data["start"], form.cleaned_data["finish"], form.cleaned_data["note"].strip()) return HttpResponseRedirect("/borrow/view/%s" % borrow.id) else: form = forms.Create(bike=bike, account=account, start=start, finish=finish, is_lender=is_lender) args = { "form": form, "form_title": _("BORROW_CREATE"), "cancel_url": "/%s/bike/view/%s" % (team_link, bike_id), "has_required_info": account_control.has_required_info(account) } return rtr(team, "borrows", request, "borrow/create.html", args)
def _get_listing_bikes(request, team, form): qs = team.bikes.all() # hide reserve and inactive for non team members and non logged in users logged_in = request.user.is_authenticated() account = logged_in and get_object_or_404(Account, user=request.user) or 0 if not logged_in or not team_control.is_member(account, team): qs = qs.filter(reserve=False, active=True) if not form: return list(qs) # lights lights = form.cleaned_data["lights"] if lights: qs = qs.filter(lights=True) # size size = form.cleaned_data["size"] if size: qs = qs.filter(size=size) # filter timeframe start = form.cleaned_data["start"] finish = form.cleaned_data["finish"] if finish and not start: today = datetime.datetime.now().date() start = today + datetime.timedelta(days=1) if start and not finish: finish = start + datetime.timedelta(days=7) if start and finish: borrows = team.borrows.filter(state="ACCEPTED") borrows = borrows.exclude(start__gt=finish).exclude(finish__lt=start) qs = qs.exclude(borrows__in=borrows) return list(qs)
def can_edit(account, gallery): return not ( (gallery.team and not team_control.is_member(account, gallery.team)) or (not gallery.team and gallery.created_by != account))
def can_comment(account, borrow): if account == borrow.borrower: return True if team_control.is_member(account, borrow.team): return True return False
def can_delete(account, bike): """ Check if an account can delete a bike. Account must be a team member and bike not borrowed in the future. """ return (team_control.is_member(account, bike.team) and not has_future_borrows(bike))
def can_edit(account, gallery): return not ((gallery.team and not team_control.is_member(account, gallery.team)) or (not gallery.team and gallery.created_by != account))
def if_member(account, team): return account and control.is_member(account, team)
def assert_member(account, team): if not control.is_member(account, team): raise PermissionDenied
def can_edit(account, station): # account must be a member of the stations team return team_control.is_member(account, station.team)
def can_respond(account, borrow): if borrow.state != "REQUEST": return False # borrow must be in request state if not team_control.is_member(account, borrow.team): return False # not a member return True