def profile(user_id):
if not auth.is_logged_in(session):
return redirect_to_login(STRINGS['SIGNED_OUT'])
if int(user_id) == session['user_id'] or auth.is_admin(session):
if request.method == 'POST':
if auth.is_admin(session):
email = request.form['email']
name = request.form['user-name']
suspended = request.form.get('suspended')
is_admin = request.form.get('role')
if suspended is None:
suspended = 0
if is_admin == 'admin':
is_admin = 1
else:
is_admin = 0
user.edit_user_admin(user_id, email, name, suspended, is_admin)
else:
email = request.form['email']
name = request.form['user-name']
app.logger.debug(user_id, email, name)
user.edit_user(user_id, email, name)
flash("Changes saved successfully", category="success")
return redirect(url_for('profile', user_id=user_id))
else:
return render_template("profile.html",
session=session,
user=user.get_user_by_id(user_id))
else:
return redirect_to_home(STRINGS['NOT_AUTHORIZED'])
def user_reset(token=None):
user_db = model.User.get_by('token', token)
if not user_db:
flask.flash(u'Холбоос буруу эсвэл хугацаа нь дууссан байна.',
category='danger')
return flask.redirect(flask.url_for('welcome'))
if auth.is_logged_in():
login.logout_user()
return flask.redirect(flask.request.path)
form = UserResetForm()
if form.validate_on_submit():
user_db.password_hash = util.password_hash(user_db,
form.new_password.data)
user_db.token = util.uuid()
user_db.verified = True
user_db.put()
flask.flash(u'Таны нууц үг амжилттай солигдлоо.', category='success')
return auth.signin_user_db(user_db)
return flask.render_template(
'user/user_reset.html',
title=u'Нууц үгээ солих',
html_class='user-reset',
form=form,
user_db=user_db,
)
def attraction_report(attraction_id):
if not auth.is_logged_in(session):
return redirect_to_login(STRINGS['SIGNED_OUT'])
if not auth.is_admin(session):
return redirect_to_home(STRINGS['NOT_AUTHORIZED'])
show_date = request.args.get('date', str(dt.datetime.now())[:10])
try:
time_slots = attraction.get_time_slots(attraction_id)
show_time_slot = int(
request.args.get('ts', time_slots[0]['time_slot_id']))
app.logger.debug(time_slots[0]['time_slot_id'])
return render_template(
"attractions/attraction_report.html",
session=session,
attraction=attraction.get_attraction(attraction_id),
requires_reservation=attraction.requires_reservation(
attraction_id),
reservations=attraction.get_bookings(attraction_id, show_date,
show_time_slot),
date=show_date,
time_slots=time_slots,
selected_ts=attraction.get_time_slot(show_time_slot))
except IndexError:
return render_template(
"attractions/attraction_report.html",
session=session,
attraction=attraction.get_attraction(attraction_id),
requires_reservation=attraction.requires_reservation(
attraction_id))
def create_attraction():
if not auth.is_logged_in(session):
return redirect_to_login(STRINGS['SIGNED_OUT'])
if not auth.is_admin(session):
return redirect_to_home(STRINGS['NOT_AUTHORIZED'])
if request.method == 'POST':
name = request.form["name"]
description = request.form["description"]
price = request.form["price"]
if request.form["street_num"] == "":
street_num = None
else:
street_num = request.form["street_num"]
street = request.form["street"]
city = request.form["city"]
if request.form["state"] == "":
state = None
else:
state = request.form["state"]
zip = request.form["zip"]
country = request.form["country"]
if request.form["transit"] == "":
transit = None
else:
transit = request.form["transit"]
attraction.create_attraction(name, description, price, street_num,
street, city, state, zip, country,
transit)
flash("Attraction created successfully", category="success")
return redirect(url_for('admin'))
return render_template("attractions/attraction.html", session=session)
def create_trip():
if not auth.is_logged_in(session):
return redirect_to_login(STRINGS['SIGNED_OUT'])
# changes to trip page will go here
city_ids = trip.get_city_ids()
cc_ids = user.get_user_cc_ids(session['user_id'])
# This step obfuscates the credit number sent to the UI except for the last 4 digits
for cc in cc_ids:
cc['cc_number'] = 'X' * 3 + cc['cc_number'][-4:]
if request.method == "POST":
city = request.form["city"]
start_date = request.form["start_date"]
cc_id = request.form["credit_card"]
user_id = session['user_id']
# Things to check:
# 1. No field is blank
# 2. The credit card belongs to the user
# 3. Date is in the future
trip.create_trip(city, start_date, cc_id, user_id)
return redirect_to_home("Trip created successfully", "success")
return render_template("trips/create_trip.html",
session=session,
cc_ids=cc_ids,
city_ids=city_ids)
def user_reset(token=None):
user_db = model.User.get_by('token', token)
if not user_db:
flask.flash(__('That link is either invalid or expired.'), category='danger')
return flask.redirect(flask.url_for('welcome'))
if auth.is_logged_in():
login.logout_user()
return flask.redirect(flask.request.path)
form = UserResetForm()
if form.validate_on_submit():
user_db.password_hash = util.password_hash(user_db, form.new_password.data)
user_db.token = util.uuid()
user_db.verified = True
user_db.put()
flask.flash(__('Your password was changed succesfully.'), category='success')
return auth.signin_user_db(user_db)
return flask.render_template(
'user/user_reset.html',
title='Reset Password',
html_class='user-reset',
form=form,
user_db=user_db,
)
def inject_user():
"""Injects 'user' variable into jinja template, so it can be passed into angular. See base.html"""
user = False
if auth.is_logged_in():
user = auth.current_user_db().to_dict(
include=User.get_private_properties())
return {'user': user}
def user_activate(token):
if auth.is_logged_in():
login.logout_user()
return flask.redirect(flask.request.path)
user_db = model.User.get_by('token', token)
if not user_db:
flask.flash(u'Холбоос буруу эсвэл хугацаа нь дууссан байна.',
category='danger')
return flask.redirect(flask.url_for('welcome'))
form = UserActivateForm(obj=user_db)
if form.validate_on_submit():
form.populate_obj(user_db)
user_db.password_hash = util.password_hash(user_db, form.password.data)
user_db.token = util.uuid()
user_db.verified = True
user_db.put()
return auth.signin_user_db(user_db)
return flask.render_template(
'user/user_activate.html',
title=u'Дансаа идэвхижүүлэх',
html_class='user-activate',
user_db=user_db,
form=form,
)
def user_activate(token):
if auth.is_logged_in():
login.logout_user()
return flask.redirect(flask.request.path)
user_db = model.User.get_by('token', token)
if not user_db:
flask.flash(__('That link is either invalid or expired.'), category='danger')
return flask.redirect(flask.url_for('welcome'))
form = UserActivateForm(obj=user_db)
if form.validate_on_submit():
form.populate_obj(user_db)
user_db.password_hash = util.password_hash(user_db, form.password.data)
user_db.token = util.uuid()
user_db.verified = True
user_db.put()
return auth.signin_user_db(user_db)
return flask.render_template(
'user/user_activate.html',
title='Activate Account',
html_class='user-activate',
user_db=user_db,
form=form,
)
def user_reset(token=None):
user_db = model.User.get_by('token', token)
if not user_db:
flask.flash('That link is either invalid or expired.',
category='danger')
return flask.redirect(flask.url_for('welcome'))
if auth.is_logged_in():
login.logout_user()
return flask.redirect(flask.request.path)
form = UserResetForm()
if form.validate_on_submit():
user_db.password_hash = util.password_hash(user_db,
form.new_password.data)
user_db.token = util.uuid()
user_db.verified = True
user_db.put()
flask.flash('Your password was changed succesfully.',
category='success')
return auth.signin_user_db(user_db)
return flask.render_template(
'user/user_reset.html',
title='Reset Password',
html_class='user-reset',
form=form,
user_db=user_db,
)
def user_activate(token):
if auth.is_logged_in():
login.logout_user()
return flask.redirect(flask.request.path)
user_db = model.User.get_by('token', token)
if not user_db:
flask.flash('That link is either invalid or expired.',
category='danger')
return flask.redirect(flask.url_for('welcome'))
form = UserActivateForm(obj=user_db)
if form.validate_on_submit():
form.populate_obj(user_db)
user_db.password_hash = util.password_hash(user_db, form.password.data)
user_db.token = util.uuid()
user_db.verified = True
user_db.put()
return auth.signin_user_db(user_db)
return flask.render_template(
'user/user_activate.html',
title='Activate Account',
html_class='user-activate',
user_db=user_db,
form=form,
)
def inject_user():
"""Injects 'user' variable into jinja template, so it can be passed into angular. See base.html"""
user = False
if auth.is_logged_in():
user = auth.current_user_db().to_dict(include=User.get_private_properties())
return {
'user': user
}
def delete_attraction(attraction_id):
if not auth.is_logged_in(session):
return redirect_to_login(STRINGS['SIGNED_OUT'])
if not auth.is_admin(session):
return redirect_to_home(STRINGS['NOT_AUTHORIZED'])
attraction.delete_attraction(attraction_id)
flash("Attraction deleted successfully", category='success')
return redirect(url_for('admin'))
def welcome():
if not auth.is_logged_in():
return flask.render_template('welcome.haml', html_class='welcome')
case_search = CaseSearchForm()
cases = flask.request.args.get('cases')
return flask.render_template('home.haml',
html_class='home',
title='Home',
case_search=case_search,
cases=cases)
def delete_user(user_id):
if not auth.is_logged_in(session):
return redirect_to_login(STRINGS['SIGNED_OUT'])
if not auth.is_admin(session):
return redirect_to_home(STRINGS['NOT_AUTHORIZED'])
if int(user_id) == session['user_id']:
flash("You can't delete your own account")
else:
user.delete_user(user_id)
flash("User deleted successfully", category="success")
return redirect(url_for('admin'))
def view_event(event_id):
# don't have to be logged in, but still get logged in status
auth.is_logged_in()
event = storage.get_event(event_id)
event_view = storage.load_event_view(event_id)
event_type = event['type']
# pretend user isn't logged in
if hasattr(g, 'userid') and event['user_id'] != g.user_id:
delattr(g, 'user_id')
g.frippery_app = event_type
if event_type == 'secret-santa':
context = event_apps.secret_santa.get_context(event, event_view)
return render_template('secret-santa.html', event_id=event_id, **context)
elif event_type == 'tourney':
context = event_apps.tourney.get_context(event, event_view)
return render_template('tourney.html', event_id=event_id, **context)
else:
return "UNKNOWN EVENT TYPE"
def admin():
if not auth.is_logged_in(session):
return redirect_to_login(STRINGS['SIGNED_OUT'])
if not auth.is_admin(session):
return redirect_to_home(STRINGS['NOT_AUTHORIZED'])
return render_template("admin.html",
session=session,
users=user.get_all_users(),
attractions=attraction.get_all(),
res_info=attraction.requires_reservation_all())
return render_template("admin.html",
session=session,
users=user.get_all_users(),
attractions=attraction.get_all())
def user_reset(token=None):
"""Verifies user's token from url, if it's valid redirects user to page, where he can
set new password"""
user_db = model.User.get_by('token', token)
if not user_db:
flask.flash('Sorry, password reset link is either invalid or expired.')
return flask.redirect(flask.url_for('index'))
if auth.is_logged_in():
login.logout_user()
return flask.redirect(flask.request.path)
# note this is url with '#', so it leads to angular state
return flask.redirect('%s#!/password/reset/%s' % (flask.url_for('index'), token))
def user_reset(token=None):
"""Verifies user's token from url, if it's valid redirects user to page, where he can
set new password"""
user_db = model.User.get_by('token', token)
if not user_db:
flask.flash('Sorry, password reset link is either invalid or expired.')
return flask.redirect(flask.url_for('index'))
if auth.is_logged_in():
login.logout_user()
return flask.redirect(flask.request.path)
# note this is url with '#', so it leads to angular state
return flask.redirect('%s#!/password/reset/%s' %
(flask.url_for('index'), token))
def get_bootstrap_class_list(recommender_db):
bootstrap_class_list = ['label', 'label-pill']
# Get the classes needed for the "follow/following label"
if auth.is_logged_in():
user_db = auth.current_user_key().get()
following_dbs = model.Following.query(model.Following.recommender_key == recommender_db.key,
model.Following.user_key == user_db.key).fetch()
if following_dbs:
bootstrap_class_list.append('label-success')
else:
bootstrap_class_list.append('label-default')
else:
bootstrap_class_list.extend(['label-default', 'not-logged-in'])
return ' '.join(bootstrap_class_list)
def join_project(token, email):
"""Verifies user's email by token provided in url"""
if auth.is_logged_in():
login.logout_user()
return flask.redirect(flask.request.path)
user_db = model.User.get_by('token', token)
if user_db and not user_db.verified:
# setting new token is necessary, so this one can't be reused
user_db.token = util.uuid()
user_db.verified = True
user_db.put()
flask.flash('Account activated. Please log in to continue!')
else:
flask.flash('Sorry, activation link is either invalid or expired.')
return flask.redirect('/login')
def review_attraction(attraction_id):
if not auth.is_logged_in(session):
return redirect_to_login(STRINGS['SIGNED_OUT'])
if request.method == 'POST':
review = request.form['review']
title = request.form['title']
review_created = dt.datetime.now()
user_id = session['user_id']
attraction_id = attraction_id
attraction.create_review(title, review, review_created, user_id,
attraction_id)
flash("Review created successfully", category="success")
return redirect(url_for('home'))
return render_template("attractions/review.html",
session=session,
attr=attraction.get_attraction(attraction_id))
def event_list_service(username=None):
if auth.is_logged_in():
user_db = auth.current_user_db()
else:
user_dbs, user_cursor = model.User.get_dbs(is_public=True, limit=10)
user_db = random.choice(user_dbs) if user_dbs else None
if username and user_db.username != username:
if not user_db.admin:
return flask.abort(404)
user_db = model.User.get_by('username', username)
if not user_db:
return flask.abort(404)
event_dbs, next_cursor = user_db.get_event_dbs()
return util.jsonify_model_dbs(event_dbs, next_cursor)
def user_verify(token):
"""Verifies user's email by token provided in url"""
if auth.is_logged_in():
login.logout_user()
return flask.redirect(flask.request.path)
user_db = model.User.get_by('token', token)
if user_db and not user_db.verified:
# setting new token is necessary, so this one can't be reused
user_db.token = util.uuid()
user_db.verified = True
user_db.put()
auth.signin_user_db(user_db)
flask.flash('Welcome on board %s!' % user_db.username)
else:
flask.flash('Sorry, activation link is either invalid or expired.')
return flask.redirect(flask.url_for('index'))
def user_verify(token):
"""Verifies user's email by token provided in url"""
if auth.is_logged_in():
login.logout_user()
return flask.redirect(flask.request.path)
user_db = model.User.get_by('token', token)
if user_db and not user_db.verified:
# setting new token is necessary, so this one can't be reused
user_db.token = util.uuid()
user_db.verified = True
user_db.put()
auth.signin_user_db(user_db)
flask.flash('Welcome on board %s!' % user_db.username)
else:
flask.flash('Sorry, activation link is either invalid or expired.')
return flask.redirect(flask.url_for('index'))
def welcome():
if auth.is_logged_in():
currency_dbs, currency_cursor = model.Currency.get_dbs(
limit=-1, order='is_crypto,name')
transaction_dbs, transaction_cursor = model.Transaction.get_dbs(
user_key=auth.current_user_key(), order='-date', limit=-1)
total_profit = 0
total_net_worth = 0
currency_codes = []
for transaction_db in transaction_dbs:
total_profit += transaction_db.profit_amount_user
total_net_worth += transaction_db.net_worth_user
currency_codes.append(transaction_db.acquired_currency_code)
currency_codes = list(set(currency_codes))
price_dbs = []
user_currency_code = auth.current_user_db().currency_key.get(
).code if auth.current_user_db().currency_key else 'USD'
for currency_code in currency_codes:
if currency_code != user_currency_code:
price_db = model.Price.get_by(
'code_unique',
':'.join(tuple(sorted([currency_code,
user_currency_code]))))
if price_db:
price_dbs.append(price_db)
return flask.render_template(
'welcome.html',
html_class='welcome',
transaction_dbs=transaction_dbs,
total_profit=total_profit,
total_net_worth=total_net_worth,
currency_dbs=currency_dbs,
price_dbs=price_dbs,
user_currency_code=user_currency_code,
api_url=flask.url_for('api.transaction.list'),
)
return flask.render_template(
'welcome.html',
html_class='welcome',
)
def get_user_frontpage():
params = {'pagination_size': config.PAGINATION_SIZE};
if (auth.is_logged_in()):
params['user_id'] = session['user_id']
else:
return {}
cur = db.singleton()
records = db.query(cur, '''SELECT res_data.id, username, user_id, date_of_call, time_of_call,
from_title, from_who, from_service_floor, telephone_number, physician_name,
physician_telephone_number, pt_name, pt_hosp_number, pt_location, pt_hospital,
specific_request, staff_contacted, relevant_info, action_taken, follow_up,
call_classification, updated, flag, commented
FROM ''' + config.DATABASE_SCHEMA + '''.res_data
INNER JOIN ''' + config.DATABASE_SCHEMA + '''.users ON (res_data.user_id = users.id)
WHERE user_id = %(user_id)s
AND deleted = false
ORDER BY updated DESC
LIMIT %(pagination_size)s''', params)
return records
def start_event(event_id):
if not auth.is_logged_in():
return redirect('/')
storage.start_event(g.user_id, event_id)
event_data = storage.get_event(event_id)
event_type = event_data['type']
if event_type == 'secret-santa':
app = event_apps.secret_santa
elif event_type == 'tourney':
app = event_apps.tourney
ticket_class_id = event_data['ticket_class']
attendees = start.finalize_attendees(event_id, ticket_class_id)
storage.save_event_view(
event_id,
app.create_event_view(event_data, attendees),
)
return redirect('/%d' % (event_id,))
def connect_event():
if not auth.is_logged_in():
return redirect('/')
input_data = request.values.to_dict()
event_id = int(input_data['eid'])
ticket_class = input_data.get('ticket_class')
if not event_id:
return redirect('/events')
if ticket_class is None:
ticket_classes = connect.connect_event(event_id)
else:
ticket_classes = {}
# If only one ticket class, no need to prompt them to select one.
if len(ticket_classes) == 1:
ticket_class = ticket_classes.keys()[0]
if ticket_class:
event_data = g.eb_api.get(
'events/%d' % (event_id,)
).data
storage.add_event(
g.user_id,
event_id,
{
'name': event_data['name']['text'],
'descr': event_data['description']['text'],
'type': g.frippery_app,
'ticket_class': int(ticket_class),
},
)
if ticket_class is None:
return render_template(
'connect.html',
ticket_classes=ticket_classes,
event_id=event_id,
)
else:
return redirect('/events')
def feedback():
if not config.CONFIG_DB.feedback_email:
return flask.abort(418)
form = FeedbackForm(obj=auth.current_user_db())
if not config.CONFIG_DB.has_anonymous_recaptcha or auth.is_logged_in():
del form.recaptcha
if form.validate_on_submit():
body = '%s\n\n%s' % (form.message.data, form.email.data)
kwargs = {'reply_to': form.email.data} if form.email.data else {}
task.send_mail_notification('%s...' % body[:48].strip(), body, **kwargs)
flask.flash(__('Thank you for your feedback!'), category='success')
return flask.redirect(flask.url_for('welcome'))
return flask.render_template(
'feedback.html',
title=_('Feedback'),
html_class='feedback',
form=form,
)
def feedback():
if not config.CONFIG_DB.feedback_email:
return flask.abort(418)
form = FeedbackForm(obj=auth.current_user_db())
if not config.CONFIG_DB.has_anonymous_recaptcha or auth.is_logged_in():
del form.recaptcha
if form.validate_on_submit():
body = '%s\n\n%s' % (form.message.data, form.email.data)
kwargs = {'reply_to': form.email.data} if form.email.data else {}
task.send_mail_notification('%s...' % body[:48].strip(), body, **kwargs)
flask.flash('Thank you for your feedback!', category='success')
return flask.redirect(flask.url_for('welcome'))
return flask.render_template(
'feedback.html',
title='Feedback',
html_class='feedback',
form=form,
)
def events():
if not auth.is_logged_in():
return redirect('/')
events = storage.list_events(g.user_id)
imported_events = set(str(event[0]) for event in events)
non_imported_events = [
{
'id': event['id'],
'name': event['name']['text'],
}
for event in g.eb_api.get(
'users/me/owned_events',
{'status': 'live'},
).data['events']
if event['id'] not in imported_events
]
from storage import (
EVENT_STATUS_NEW,
EVENT_STATUS_STARTED,
)
return render_template('events.html', **locals())
def index():
if auth.is_logged_in():
if request.method == 'GET':
user_info = auth.get_user_info()
global user_data
user_data = {
'email': user_info['email'],
'name': user_info['name']
}
if len(list(collection.find({"email": user_info['email']}))) < 1:
#For the condition that thte user hasnt signed up, ask for phone number
return open('get_number.html').read()
if request.method == 'POST':
result = request.form['number']
user_data['phone'] = result
db.users.insert_one(user_data)
return list(collection.find({"email":
user_info['email']}))[0]
return 'You are Logged In'
return 'You are not logged in.'
def contact():
resp_model = {}
resp_model['html_class'] = 'contact'
resp_model['canonical_path'] = flask.url_for('contact')
decorate_page_response_model(resp_model)
# Add feedbackform, present in the footer - needed for CXFR protection
contact_form = ContactForm(obj=auth.current_user_db())
# Add layout switch param - this is the switcher for page render (full
# (default), reduced)
resp_model['contact_form'] = contact_form
if 'contact_form' in resp_model:
contact_form = resp_model['contact_form']
if not config.CONFIG_DB.has_anonymous_recaptcha or auth.is_logged_in():
del contact_form.recaptcha
if contact_form.validate_on_submit():
if not config.CONFIG_DB.feedback_email:
return flask.abort(418)
body = '%s\n\n%s' % (contact_form.message.data,
contact_form.email.data)
kwargs = {
'reply_to': contact_form.email.data} if contact_form.email.data else {}
task.send_mail_notification('%s...' % body[:48].strip(), body, **kwargs)
flask.flash('Thank you for your feedback!', category='success')
return flask.redirect(flask.url_for('home'))
contact_page_db = model.ModuleConfig.get_by('module_id', 'contact-page')
if contact_page_db is not None and contact_page_db.config is not None:
contact_page_data = json.loads(contact_page_db.config)
if 'page_data' in resp_model:
resp_model['page_data'].update(contact_page_data)
else:
resp_model['page_data'] = contact_page_data
if 'page_data' in resp_model and 'image_keys' in resp_model['page_data'] and len(resp_model['page_data']['image_keys']) > 0:
res_kes = [ndb.Key(urlsafe=k)
for k in resp_model['page_data']['image_keys']]
resp_model['page_data']['images'] = ndb.get_multi(res_kes)
return flask.render_template('public/contact/contact.html', model=resp_model)
def user_activate(token):
if auth.is_logged_in():
login.logout_user()
return flask.redirect(flask.request.path)
user_db = models.User.get_by("token", token)
if not user_db:
flask.flash("That link is either invalid or expired.", category="danger")
return flask.redirect(flask.url_for("welcome"))
form = forms.UserActivateForm(obj=user_db)
if form.validate_on_submit():
form.populate_obj(user_db)
user_db.password_hash = util.password_hash(user_db, form.password.data)
user_db.token = util.uuid()
user_db.verified = True
user_db.put()
return auth.signin_user_db(user_db)
return flask.render_template(
"user/user_activate.html", title="Activate Account", html_class="user-activate", user_db=user_db, form=form
)
def user_reset(token=None):
user_db = models.User.get_by("token", token)
if not user_db:
flask.flash("That link is either invalid or expired.", category="danger")
return flask.redirect(flask.url_for("welcome"))
if auth.is_logged_in():
login.logout_user()
return flask.redirect(flask.request.path)
form = forms.UserResetForm()
if form.validate_on_submit():
user_db.password_hash = util.password_hash(user_db, form.new_password.data)
user_db.token = util.uuid()
user_db.verified = True
user_db.put()
flask.flash("Your password was changed succesfully.", category="success")
return auth.signin_user_db(user_db)
return flask.render_template(
"user/user_reset.html", title="Reset Password", html_class="user-reset", form=form, user_db=user_db
)
def edit_trip(trip_id):
if not auth.is_logged_in(session):
return redirect_to_login(STRINGS['SIGNED_OUT'])
if not trip.belongs_to(trip_id, session['user_id']):
return redirect_to_home(STRINGS['NOT_AUTHORIZED'])
city_name = trip.get_city(trip_id)['city']
app.logger.debug("city_name: %s" % city_name)
attraction_id = trip.get_attraction_id(city_name)
now = dt.datetime.now().date(
) # Thanks https://stackoverflow.com/a/3279015/5434744
trip_ref = trip.get_trip(trip_id)
trip_start = trip_ref['start_date']
trip_in_past = now > trip_start
return render_template("trips/edit_trip.html",
session=session,
trip=trip_ref,
attractions=attraction_id,
trip_in_past=trip_in_past,
activities=trip.get_activities(trip_id))
def action(event_id, method):
if not auth.is_logged_in():
return redirect('/')
event = storage.get_event(event_id)
event_type = event['type']
if hasattr(g, 'userid') and event['user_id'] != g.user_id:
return "NOT YOUR EVENT"
if event_type == 'secret-santa':
app = event_apps.secret_santa
elif event_type == 'tourney':
app = event_apps.tourney
else:
return "UNKNOWN EVENT TYPE"
method = getattr(app, method, None)
if method is None:
return "UNKNOWN METHOD"
method(event_id, **request.values.to_dict())
return redirect('/%s' % (event_id,))
def register():
if auth.is_logged_in(session):
session.clear()
return redirect(url_for('register'))
if request.method == 'POST':
# Access request fields using request.form['name attribute from HTML input element']
# Check to make sure each field contains valid info
# If one or more fields are not valid, call flash("message about invalid field")
# and don't save the data
# If you're feeling nice, return to the page with the data still filled in
email = request.form['email']
email_confirm = request.form['email_confirm']
if email != email_confirm:
flash("Entered emails do not match")
return render_template('auth/register.html', session=session)
password = request.form['password']
password_confirm = request.form['password_confirm']
if password != password_confirm:
flash("Entered passwords do not match")
return render_template('auth/register.html', session=session)
name = request.form['full_name']
snum = request.form['address_snum']
street = request.form['address_street']
city = request.form['address_city']
state = request.form['address_state']
zip = request.form['address_zip']
country = request.form['address_country']
cc_number = request.form['cc_number']
cc_cvv = request.form['cc_cvv']
cc_exp_month = request.form['cc_expiry_month']
cc_exp_year = request.form['cc_expiry_year']
user.create_new_user(email, password, name, snum, street, city, state,
zip, country, cc_number, cc_number, cc_cvv,
cc_exp_month, cc_exp_year)
return redirect_to_login("Welcome to the Matrix", "success")
return render_template('auth/register.html', session=session)
def get_user_frontpage():
params = {
'pagination_size': config.PAGINATION_SIZE
}
if (auth.is_logged_in()):
params['user_id'] = session['user_id']
else:
return {}
cur = db.singleton()
records = db.query(
cur,
'''SELECT res_data.id, username, user_id, date_of_call, time_of_call,
from_title, from_who, from_service_floor, telephone_number, physician_name,
physician_telephone_number, pt_name, pt_hosp_number, pt_location, pt_hospital,
specific_request, staff_contacted, relevant_info, action_taken, follow_up,
call_classification, updated, flag, commented
FROM ''' + config.DATABASE_SCHEMA + '''.res_data
INNER JOIN ''' + config.DATABASE_SCHEMA +
'''.users ON (res_data.user_id = users.id)
WHERE user_id = %(user_id)s
AND deleted = false
ORDER BY updated DESC
LIMIT %(pagination_size)s''', params)
return records
def inject_user():
"""Injects 'user' variable into jinja template, so it can be passed into angular. See base.html"""
user = False
user_future = False
if auth.is_logged_in():
user_db = auth.current_user_db()
user = user_db.to_dict(include=User.get_private_properties())
traveler_key = getattr(user_db,'fellow_traveler',None)
if traveler_key:
traveler = traveler_key.get()
else:
traveler = model.FellowTraveler(name=user_db.name,
email=user_db.email,
avatar_url=user_db.avatar_url,
added_by=user_db.key)
traveler_key =traveler.put()
user_db.fellow_traveler = traveler_key
user_future = user_db.put_async()
user["fellow_traveler"] = traveler.to_dict(include=model.FellowTraveler.get_public_properties())
if user_future:
user_future.get_result()
return {
'user': user
}
def login():
if auth.is_logged_in(session):
return redirect_to_home()
if request.method == 'POST':
user = auth.get_user(request.form['username'],
request.form['password'])
app.logger.debug(user)
if user is not None:
if user['suspended'] == 1:
flash("Your account is suspended")
else:
session['user_id'] = user['user_id']
# Technically we shouldn't store this information in session variables because changes made in the DB
# won't reflect on the frontend until they sign out and sign back in (that clears the session variables)
session['email'] = user['email']
session['is_admin'] = user['is_admin']
session['name'] = user['name']
flash("Successfully logged in", category="success")
return redirect_to_home()
else:
flash("Invalid email or password")
return render_template('auth/login.html')
def is_logged_in_hook():
return auth.is_logged_in(session)
def login():
if auth.is_logged_in():
return redirect('/events')
return g.eb_api.authorize(callback=url_for('authorize', _external=True))
def create_view():
if not auth.is_logged_in():
return redirect('/')
return render_template('create.html')
def _check_owner(file_):
return file_.is_public \
or (is_logged_in() and (current_user_db().admin
or current_user_key() == file_.owner))
def submit_new_event():
if not auth.is_logged_in():
return redirect('/')
create.create_new_event(request.values.to_dict())
return redirect('/events')
def index():
if auth.is_logged_in():
return redirect('/events')
return render_template('index.html', app=g.frippery_app)
def test_data():
if not auth.is_logged_in():
return redirect('/')
storage.add_event(g.user_id, 456, {'name': 'EVENT!', 'descr': 'DESCRIPERINO', 'type': 'secret-santa'})
storage.start_event(g.user_id, 456)
storage.save_event_view(456, [[
{
'first': 'Jay',
'last': 'Chan',
'email': '*****@*****.**',
},
{
'first': 'Eyal',
'last': 'Reuveni',
'email': '*****@*****.**',
},
{
'first': 'Mica',
'last': 'Swyers',
'email': '*****@*****.**',
},
{
'first': 'Nicole',
'last': 'Zuckercorn',
'email': '*****@*****.**',
},
], {'notified': False}])
storage.add_event(g.user_id, 457, {'name': 'EVENT DOS!', 'descr': 'OTHER ONE!', 'type': 'tourney'})
storage.add_event(g.user_id, 458, {'name': 'NUMERO 3', 'descr': 'ANOTHER!', 'type': 'tourney'})
storage.start_event(g.user_id, 458)
storage.save_event_view(458, [[
{
'first': 'Jay',
'last': 'Chan',
'email': '*****@*****.**',
},
{
'first': 'Eyal',
'last': 'Reuveni',
'email': '*****@*****.**',
},
{
'first': 'Mica',
'last': 'Swyers',
'email': '*****@*****.**',
},
{
'first': 'Nicole',
'last': 'Zuckercorn',
'email': '*****@*****.**',
},
{
'first': 'Kevin',
'last': 'Hartz',
'email': '*****@*****.**',
},
{
'first': 'Julia',
'last': 'Hartz',
'email': '*****@*****.**',
},
], {'1:2': 2, '4:5': 5, '0:2':2, '3:5':3, '2:3': 3}])
return str(storage.list_events(g.user_id))
def _check_owner(file_):
return file_.is_public \
or (is_logged_in() and (current_user_db().admin
or current_user_key() == file_.owner))
def home():
if not auth.is_logged_in(session):
return redirect_to_login(STRINGS['SIGNED_OUT'])
return render_template("home.html",
session=session,
trips=trip.get_user_trips(session['user_id']))
def __init__(self):
if self.require_logged_in and not auth.is_logged_in():
raise web.notfound()
def is_logged_in_hook():
return auth.is_logged_in(session)
