def project_delete(profile, project, event):
if not lastuser.has_permission('siteadmin') and g.user not in project.users:
abort(403)
form = ConfirmDeleteForm()
if form.validate_on_submit():
if 'delete' in request.form:
# FIXME: All of this should cascade. No need to delete one at a time
members = ProjectMember.query.filter_by(project_id=project.id).all()
comments = Comment.query.filter_by(commentspace=project.comments).all()
votes = Vote.query.filter_by(votespace=project.votes).all()
for comment in comments:
db.session.delete(comment)
for vote in votes:
db.session.delete(vote)
for member in members:
db.session.delete(member)
db.session.delete(project.comments)
db.session.delete(project.votes)
db.session.delete(project)
db.session.commit()
flash("Project removed", "success")
return render_redirect(event.url_for(), code=303)
elif 'cancel' in request.form:
return render_redirect(project.url_for(), code=303)
return render_template('baseframe/delete.html', form=form, title=u"Confirm delete",
message=u"Delete '%s' ? It will remove comments, votes and all information related to the project. This operation cannot be undone." % (project.title))
def verify_phone(phoneclaim):
if phoneclaim.verification_expired:
flash(_("You provided an incorrect verification code too many times"), 'danger')
# Block attempts to verify this number, but also keep the claim so that a new
# claim cannot be made. A periodic sweep to delete old claims is needed.
return render_redirect(url_for('.account'), code=303)
form = VerifyPhoneForm()
form.phoneclaim = phoneclaim
if form.validate_on_submit():
if UserPhone.get(phoneclaim.phone) is None:
if not current_auth.user.phones:
primary = True
else:
primary = False
userphone = UserPhone(user=current_auth.user, phone=phoneclaim.phone, gets_text=True)
userphone.primary = primary
db.session.add(userphone)
db.session.delete(phoneclaim)
db.session.commit()
flash(_("Your phone number has been verified"), 'success')
user_data_changed.send(current_auth.user, changes=['phone'])
return render_redirect(url_for('.account'), code=303)
else:
db.session.delete(phoneclaim)
db.session.commit()
flash(_("This phone number has already been claimed by another user"), 'danger')
elif request.method == 'POST':
phoneclaim.verification_attempts += 1
db.session.commit()
return render_form(form=form, title=_("Verify phone number"), formid='phone_verify',
submit=_("Verify"), ajax=True)
def event_apply(profile, event):
workflow = event.workflow()
if not workflow.can_apply():
flash("Hacknight is not accepting participants now, please try after sometime.")
return render_redirect(event.url_for())
values = {'profile': profile.name, 'event': event.name}
participant = Participant.get(g.user, event)
if not participant:
# If no participant is found create a new participant entry
# First collect some information about the new participant
user = g.user
form = ParticipantForm(obj=user)
if form.validate_on_submit():
total_participants = Participant.query.filter_by(event_id=event.id).count()
participant = Participant(user=user, event=event)
form.populate_obj(participant)
participant.save_defaults()
participant.status = PARTICIPANT_STATUS.PENDING if event.maximum_participants < total_participants else PARTICIPANT_STATUS.WL
db.session.add(participant)
db.session.commit()
flash(u"Your request to participate has been recorded; you will be notified by the event manager", "success")
else:
return render_form(form=form, message=Markup(event.apply_instructions) if event.apply_instructions else "",
title="Participant Details", submit=u"Participate",
cancel_url=event.url_for(), ajax=False)
# FIXME: Don't change anything unless this is a POST request
elif participant.status == PARTICIPANT_STATUS.WITHDRAWN:
participant.status = PARTICIPANT_STATUS.PENDING
db.session.commit()
flash(u"Your request to participate has been recorded; you will be notified by the event manager", "success")
else:
flash(u"Your request is pending", "error")
return render_redirect(event.url_for(), code=303)
def funnel_view(profile, workspace, proposal):
comments = sorted(commentease.Comment.query.filter_by(commentspace=proposal.comments).order_by('created_at').all(),
key=lambda c: c.votes.count, reverse=True)
commentform = CommentForm()
commentform.message.flags.markdown = True
delcommentform = DeleteCommentForm()
if request.method == 'POST':
if request.form.get('form.id') == 'newcomment' and commentform.validate():
if commentform.edit_id.data:
comment = commentease.Comment.query.get(int(commentform.edit_id.data))
if comment:
if comment.user == g.user:
comment.message = commentform.message.data
comment._message_html = markdown(comment.message)
comment.edited_at = datetime.utcnow()
flash("Your comment has been edited", "info")
else:
flash("You can only edit your own comments", "info")
else:
flash("No such comment", "error")
else:
comment = commentease.Comment(user=g.user, commentspace=proposal.comments, message=commentform.message.data)
if commentform.reply_to_id.data:
parent = commentease.Comment.query.get(int(commentform.reply_to_id.data))
if parent and parent.commentspace == proposal.comments:
comment.parent = parent
comment._message_html = markdown(comment.message)
proposal.comments.count += 1
comment.votes.vote(g.user) # Vote for your own comment
db.session.add(comment)
flash("Your comment has been posted", "info")
db.session.commit()
# Redirect despite this being the same page because HTTP 303 is required to not break
# the browser Back button
return render_redirect(proposal.url_for() + "#c" + str(comment.id), code=303)
elif request.form.get('form.id') == 'delcomment' and delcommentform.validate():
comment = commentease.Comment.query.get(int(delcommentform.comment_id.data))
if comment:
if comment.user == g.user:
comment.delete()
proposal.comments.count -= 1
db.session.commit()
flash("Your comment was deleted.", "info")
else:
flash("You did not post that comment.", "error")
else:
flash("No such comment.", "error")
return render_redirect(proposal.url_for(), code=303)
confirmform = ConfirmSessionForm()
return render_template('proposal.html', workspace=workspace, proposal=proposal,
comments=comments, commentform=commentform, delcommentform=delcommentform,
breadcrumbs=[(proposal.url_for(), workspace.title)], confirmform=confirmform)
def activity_delete(event, venue, activity):
if activity.from_funnel:
flash("You cannot delete activities created by Funnel", "danger")
return render_redirect(url_for('event_venues', event=event.id))
form = ConfirmDeleteForm()
if form.validate_on_submit():
if 'delete' in request.form:
db.session.delete(activity)
flash("Deleted activity %s" % activity.title)
db.session.commit()
return render_redirect(url_for('venue_activity', event=event.id, venue=venue.id), code=303)
return render_template('baseframe/delete.html.jinja2', form=form, title=u"Delete '%s' ?" % (activity.title),
message=u"Do you really want to delete the activity '%s'? All checkins related to it will be deleted." % (activity.title))
def venue_delete(event, venue):
if venue.from_funnel:
flash("You cannot delete venues created by Funnel", "danger")
return render_redirect(url_for('event_venues', event=event.id))
form = ConfirmDeleteForm()
if form.validate_on_submit():
if 'delete' in request.form:
for activity in venue.activity:
db.session.delete(activity)
db.session.delete(venue)
flash("Deleted venue %s" % venue.title)
db.session.commit()
return render_redirect(url_for('event_venues', event=event.id), code=303)
return render_template('baseframe/delete.html', form=form, title=u"Delete '%s' ?" % (venue.title),
message=u"Do you really want to delete the venue '%s'? All it's activity items and checkins will also get deleted." % (event.title))
def verify_email(md5sum):
useremail = UserEmail.query.filter_by(md5sum=md5sum, user=current_auth.user).first()
if useremail:
flash(_("This email address is already verified"), 'danger')
return render_redirect(url_for('.account'), code=303)
emailclaim = UserEmailClaim.query.filter_by(md5sum=md5sum, user=current_auth.user).first_or_404()
verify_form = VerifyEmailForm()
if verify_form.validate_on_submit():
send_email_verify_link(emailclaim)
flash(_(u"The verification email has been sent to this address"), 'success')
return render_redirect(url_for('.account'), code=303)
return render_form(form=verify_form, title=_("Resend the verification email?"),
message=_("We will resend the verification email to '{email}'".format(email=emailclaim.email)),
formid="email_verify", submit=_("Send"), cancel_url=url_for('.account'))
def profile_edit(newprofile=False):
form = ProfileForm(obj=g.user)
form.fullname.description = current_app.config.get("FULLNAME_REASON")
form.email.description = current_app.config.get("EMAIL_REASON")
form.username.description = current_app.config.get("USERNAME_REASON")
form.description.description = current_app.config.get("BIO_REASON")
form.timezone.description = current_app.config.get("TIMEZONE_REASON")
if g.user.email or newprofile is False:
del form.email
if newprofile is True:
del form.description
if form.validate_on_submit():
# Can't auto-populate here because user.email is read-only
g.user.fullname = form.fullname.data
g.user.username = form.username.data
if not newprofile:
g.user.description = form.description.data
g.user.timezone = form.timezone.data
if newprofile and not g.user.email:
useremail = UserEmailClaim(user=g.user, email=form.email.data)
db.session.add(useremail)
send_email_verify_link(useremail)
db.session.commit()
user_data_changed.send(g.user, changes=["profile", "email-claim"])
flash("Your profile has been updated. We sent you an email to confirm your address", category="success")
else:
db.session.commit()
user_data_changed.send(g.user, changes=["profile"])
flash("Your profile has been updated.", category="success")
if newprofile:
return render_redirect(get_next_url(), code=303)
else:
return render_redirect(url_for("profile"), code=303)
if newprofile:
return render_form(
form,
title="Update profile",
formid="profile_new",
submit="Continue",
message=u"Hello, %s. Please spare a minute to fill out your profile." % g.user.fullname,
ajax=True,
)
else:
return render_form(form, title="Edit profile", formid="profile_edit", submit="Save changes", ajax=True)
def client_edit(client):
form = RegisterClientForm(obj=client)
form.client_owner.choices = available_client_owners()
if request.method == 'GET':
if client.user:
form.client_owner.data = client.user.userid
else:
form.client_owner.data = client.org.userid
if form.validate_on_submit():
if client.user != form.user or client.org != form.org:
# Ownership has changed. Remove existing permission assignments
for perm in UserClientPermissions.query.filter_by(client=client).all():
db.session.delete(perm)
for perm in TeamClientPermissions.query.filter_by(client=client).all():
db.session.delete(perm)
flash("This application’s owner has changed, so all previously assigned permissions "
"have been revoked", "warning")
form.populate_obj(client)
client.user = form.user
client.org = form.org
if not client.team_access:
# This client does not have access to teams in organizations. Remove all existing assignments
for cta in ClientTeamAccess.query.filter_by(client=client).all():
db.session.delete(cta)
db.session.commit()
return render_redirect(url_for('client_info', key=client.key), code=303)
return render_form(form=form, title="Edit application", formid="client_edit",
submit="Save changes", ajax=True)
def team_edit(org, team):
form = TeamForm(obj=team)
if form.validate_on_submit():
form.populate_obj(team)
db.session.commit()
return render_redirect(url_for("org_info", name=org.name), code=303)
return render_form(form=form, title=u"Edit team: %s" % team.title, formid="team_edit", submit="Save", ajax=False)
def add_new_video(channel, playlist):
form = VideoAddForm()
if form.validate_on_submit():
stream_playlist = channel.playlist_for_stream(create=True)
video = Video(playlist=playlist if playlist is not None else stream_playlist)
form.populate_obj(video)
try:
process_video(video, new=True)
process_slides(video)
except (DataProcessingError, ValueError) as e:
flash(e.message, category="error")
return render_form(form=form, title=u"New Video", submit=u"Add",
cancel_url=channel.url_for(), ajax=False)
video.make_name()
if playlist is not None and video not in playlist.videos:
playlist.videos.append(video)
if video not in stream_playlist.videos:
stream_playlist.videos.append(video)
db.session.commit()
flash(u"Added video '%s'." % video.title, 'success')
return render_redirect(video.url_for('edit'))
if playlist is None:
cancel_url = channel.url_for()
else:
cancel_url = playlist.url_for()
return render_form(form=form, title=u"New Video", submit=u"Add",
cancel_url=cancel_url, ajax=False)
def workspace_new():
# Step 1: Get a list of organizations this user owns
existing = Workspace.query.filter(Workspace.userid.in_(g.user.organizations_owned_ids())).all()
existing_ids = [e.userid for e in existing]
# Step 2: Prune list to organizations without a workspace
new_workspaces = []
for org in g.user.organizations_owned():
if org['userid'] not in existing_ids:
new_workspaces.append((org['userid'], org['title']))
if not new_workspaces:
return render_message(
title=u"No organizations remaining",
message=u"You do not have any organizations that do not yet have a workspace.")
# Step 3: Ask user to select organization
form = NewWorkspaceForm()
form.workspace.choices = new_workspaces
if form.validate_on_submit():
# Step 4: Make a workspace
org = [org for org in g.user.organizations_owned() if org['userid'] == form.workspace.data][0]
workspace = Workspace(name=org['name'], title=org['title'], userid=org['userid'],
currency=form.currency.data, fullname=form.fullname.data, address=form.address.data,
cin=form.cin.data,pan=form.pan.data,tin=form.tin.data,tan=form.tan.data)
db.session.add(workspace)
db.session.commit()
flash("Created new workspace for %s" % workspace.title, "success")
return render_redirect(url_for('workspace_view', workspace=workspace.name), code=303)
return render_form(form=form, title="Create a new organization workspace", submit="Create",
formid="workspace_new", cancel_url=url_for('index'), ajax=False)
def login():
# If user is already logged in, send them back
if g.user:
return redirect(get_next_url(referrer=True), code=303)
loginform = LoginForm()
openidform = OpenIdForm()
if request.method == 'GET':
openidform.openid.data = 'http://'
formid = request.form.get('form.id')
if request.method == 'POST' and formid == 'openid':
if openidform.validate():
return oid.try_login(openidform.openid.data,
ask_for=['email', 'fullname', 'nickname'])
elif request.method == 'POST' and formid == 'login':
if loginform.validate():
user = loginform.user
login_internal(user)
if loginform.remember.data:
session.permanent = True
else:
session.permanent = False
db.session.commit()
flash('You are now logged in', category='success')
return render_redirect(get_next_url(session=True), code=303)
if request.is_xhr and formid == 'login':
return render_template('forms/loginform.html', loginform=loginform, Markup=Markup)
else:
return render_template('login.html', openidform=openidform, loginform=loginform,
oiderror=oid.fetch_error(), oidnext=oid.get_next_url(), Markup=Markup)
def event_withdraw(profile, event):
user_id = g.user.id
participant = Participant.query.filter_by(event_id=event.id, user_id=user_id).first()
if participant:
workflow = participant.workflow()
if not workflow.can_withdraw():
abort(403)
withdraw_call = {
0: workflow.withdraw_pending,
1: workflow.withdraw_waiting_list,
2: workflow.withdraw_confirmed,
3: workflow.withdraw_rejected,
}
form = ConfirmWithdrawForm()
if form.validate_on_submit():
if 'delete' in request.form:
try:
withdraw_call[participant.status]()
except KeyError:
pass
db.session.commit()
flash(u"Your request to withdraw from {0} is recorded".format(event.title), "success")
values = {'profile': profile.name, 'event': event.name}
return render_redirect(event.url_for(), code=303)
return render_template('withdraw.html', form=form, title=u"Confirm withdraw",
message=u"Withdraw from '%s' ? You can come back anytime." % (event.title))
else:
abort(404)
def login():
# If user is already logged in, send them back
if g.user:
return redirect(get_next_url(referrer=True), code=303)
loginform = LoginForm()
service_forms = {}
for service, provider in login_registry.items():
if provider.at_login and provider.form is not None:
service_forms[service] = provider.get_form()
loginmethod = None
if request.method == 'GET':
loginmethod = request.cookies.get('login')
formid = request.form.get('form.id')
if request.method == 'POST' and formid == 'passwordlogin':
if loginform.validate():
user = loginform.user
login_internal(user)
db.session.commit()
flash('You are now logged in', category='success')
return set_loginmethod_cookie(render_redirect(get_next_url(session=True), code=303),
'password')
elif request.method == 'POST' and formid in service_forms:
form = service_forms[formid]['form']
if form.validate():
return set_loginmethod_cookie(login_registry[formid].do(form=form), formid)
elif request.method == 'POST':
abort(500)
if request.is_xhr and formid == 'passwordlogin':
return render_template('forms/loginform.html', loginform=loginform, Markup=Markup)
else:
return render_template('login.html', loginform=loginform, lastused=loginmethod,
service_forms=service_forms, Markup=Markup)
def profile_new():
form = ProfileNewForm(obj=g.user)
form.fullname.description = app.config.get('FULLNAME_REASON')
form.email.description = app.config.get('EMAIL_REASON')
form.username.description = app.config.get('USERNAME_REASON')
form.description.description = app.config.get('BIO_REASON')
if form.validate_on_submit():
# Can't auto-populate here because user.email is read-only
g.user.fullname = form.fullname.data
g.user.username = form.username.data
g.user.description = form.description.data
if form.existing_email is None:
useremail = UserEmailClaim(user=g.user, email=form.email.data)
db.session.add(useremail)
db.session.commit()
send_email_verify_link(useremail)
flash("Your profile was successfully updated. We sent you an email to confirm your address", category='success')
else:
db.session.commit()
flash("Your profile was successfully updated.", category='success')
return render_redirect(get_next_url(), code=303)
return render_form(form, title="Update profile", formid="profile_new", submit="Continue",
message=u"Hello, %s. Please spare a minute to fill out your profile." % g.user.fullname,
ajax=True)
def event_edit(profile, event):
workflow = event.workflow()
if not workflow.can_edit():
abort(403)
form = EventForm(obj=event)
if form.venue.data:
form.start_datetime.timezone = form.venue.data.timezone
form.end_datetime.timezone = form.venue.data.timezone
else:
form.start_datetime.timezone = app.config['TIMEZONE']
form.end_datetime.timezone = app.config['TIMEZONE']
if form.validate_on_submit():
old_name = event.name
form.populate_obj(event)
if not event.name:
event.make_name()
if event.name != old_name:
redirect_to = EventRedirect.query.filter_by(name=old_name, profile=profile).first()
if redirect_to:
redirect_to.event = event
else:
redirect_to = EventRedirect(name=old_name, profile=profile, event=event)
db.session.add(redirect_to)
db.session.commit()
flash(u"Your edits to %s are saved" % event.title, "success")
return render_redirect(event.url_for(), code=303)
return render_form(form=form, title="Edit Event", submit=u"Save",
cancel_url=event.url_for(), ajax=False)
def board_new():
# Step 1: Get a list of organizations this user owns
existing = Board.query.filter(Board.userid.in_(g.user.organizations_owned_ids())).all()
existing_ids = [e.userid for e in existing]
# Step 2: Prune list to organizations without a board
new_boards = []
for org in g.user.organizations_owned():
if org['userid'] not in existing_ids:
new_boards.append((org['userid'], org['title']))
if not new_boards:
return render_message(
title=u"No organizations found",
message=Markup(u"You do not have any organizations that do not already have a board. "
u'Would you like to <a href="%s">create a new organization</a>?' %
lastuser.endpoint_url('/organizations/new')))
# Step 3: Ask user to select organization
form = NewBoardForm()
form.board.choices = new_boards
if request.method == 'GET':
form.board.data = new_boards[0][0]
if form.validate_on_submit():
# Step 4: Make a board
org = [org for org in g.user.organizations_owned() if org['userid'] == form.board.data][0]
board = Board(name=org['name'], title=org['title'], userid=org['userid'])
db.session.add(board)
db.session.commit()
flash(u"Created a board for %s" % board.title, 'success')
return render_redirect(url_for('board_edit', board=board.name), code=303)
return render_form(form=form, title="Create a board for your organization...", submit="Next",
formid="board_new", cancel_url=url_for('index'), ajax=False)
def video_edit(channel, playlist, video, kwargs):
"""
Edit video
"""
if video.channel.userid not in g.user.user_organization_ids():
# User isn't authorized to edit
abort(403)
if playlist != video.playlist:
# This video isn't in this playlist. Redirect to canonical URL
return redirect(url_for('video_edit', channel=video.channel.name, playlist=video.playlist.name, video=video.url_name))
if kwargs['video'] != video.url_name:
# Video's URL has changed. Redirect user to prevent old/invalid names
# showing in the URL
return redirect(url_for('video_delete', channel=channel.name, playlist=playlist.name, video=video.url_name))
form = VideoEditForm(obj=video)
if form.validate_on_submit():
form.populate_obj(video)
video.process_slides()
db.session.commit()
flash(u"Edited video '%s'." % video.title, 'success')
return render_redirect(url_for('video_view', channel=channel.name, playlist=playlist.name, video=video.url_name))
return render_form(form=form, title=u"Edit video", submit=u"Save",
cancel_url=url_for('video_view', channel=channel.name, playlist=playlist.name, video=video.url_name),
ajax=True)
def process_form(self):
if self.node is None:
# Creating a new object
self.node = self.model(folder=self.folder, user=g.user)
db.session.add(self.node)
# Name isn't in revision history, so name changes
# are applied to the node. TODO: Move this into a separate
# rename action
self.node.name = self.form.name.data
# Make a revision and apply changes to it
revision = self.node.revise()
# FIXME: Not all form fields are in the revision object. Don't
# use populate_obj here
self.form.populate_obj(revision)
self.node.properties = self.form.properties.data
self.process_node()
if not self.node.title:
# New object. Copy title from first revision
self.node.title = revision.title
elif not self.node.is_published:
# There is no published version, so use title from the draft
self.node.title = revision.title
if not self.node.id and not self.node.name:
self.node.make_name()
db.session.commit()
# FIXME: Say created when created
flash(u"Edited node '%s'." % self.node.title, 'success')
return render_redirect(url_for('folder', website=self.website.name, folder=self.folder.name), code=303)
def profile_edit(newprofile=False):
form = ProfileForm(obj=g.user)
form.edit_user = g.user
form.fullname.description = current_app.config.get('FULLNAME_REASON')
form.email.description = current_app.config.get('EMAIL_REASON')
form.username.description = current_app.config.get('USERNAME_REASON')
form.description.description = current_app.config.get('BIO_REASON')
form.timezone.description = current_app.config.get('TIMEZONE_REASON')
if g.user.email or newprofile is False:
del form.email
if newprofile is True:
del form.description
if form.validate_on_submit():
# Can't auto-populate here because user.email is read-only
g.user.fullname = form.fullname.data
g.user.username = form.username.data
if not newprofile:
g.user.description = form.description.data
g.user.timezone = form.timezone.data
if newprofile and not g.user.email:
useremail = UserEmailClaim.get(user=g.user, email=form.email.data)
if useremail is None:
useremail = UserEmailClaim(user=g.user, email=form.email.data)
db.session.add(useremail)
send_email_verify_link(useremail)
db.session.commit()
user_data_changed.send(g.user, changes=['profile', 'email-claim'])
flash("Your profile has been updated. We sent you an email to confirm your address", category='success')
else:
db.session.commit()
user_data_changed.send(g.user, changes=['profile'])
flash("Your profile has been updated.", category='success')
if newprofile:
return render_redirect(get_next_url(), code=303)
else:
return render_redirect(url_for('profile'), code=303)
if newprofile:
return render_form(form, title="Update profile", formid="profile_new", submit="Continue",
message=Markup(u"Hello, <strong>{fullname}</strong>. Please spare a minute to fill out your profile.".format(
fullname=escape(g.user.fullname))),
ajax=True)
else:
return render_form(form, title="Edit profile", formid="profile_edit", submit="Save changes", ajax=True)
def resource_edit(client, resource):
form = ResourceForm(obj=resource)
if form.validate_on_submit():
form.populate_obj(resource)
db.session.commit()
flash("Your resource has been edited", 'success')
return render_redirect(url_for('client_info', key=client.key), code=303)
return render_form(form=form, title="Edit resource", formid="resource_edit", submit="Save changes", ajax=True)
def delete(self):
if self.obj == self.obj.project.primary_venue:
flash(_(u"You can not delete the primary venue"), 'danger')
return render_redirect(self.obj.project.url_for('venues'), code=303)
return render_delete_sqla(self.obj, db, title=u"Confirm delete",
message=_(u"Delete venue “{title}”? This cannot be undone".format(title=self.obj.title)),
success=_(u"You have deleted venue “{title}”".format(title=self.obj.title)),
next=self.obj.project.url_for('venues'))
def venue_edit(event, venue):
form = VenueForm(obj=venue)
if form.validate_on_submit():
form.populate_obj(venue)
db.session.commit()
flash("Venue updated")
return render_redirect(url_for('event_venues', event=event.id))
return render_template('form.html', form=form, cancel_url=url_for('event_venues', event=event.id))
def activity_edit(event, venue, activity):
form = ActivityEditForm(obj=activity)
if form.validate_on_submit():
form.populate_obj(activity)
db.session.commit()
flash("Activity updated")
return render_redirect(url_for('venue_activity', event=event.id, venue=venue.id))
return render_template('form.html.jinja2', form=form, title=u"Edit Activity: %s — %s - %s" % (activity.title, venue.title, event.title), submit=u"Update", cancel_url=url_for('venue_activity', event=event.id, venue=venue.id))
def process_form(self):
if self.node is None:
self.node = self.model(folder=self.folder, user=g.user)
db.session.add(self.node)
self.form.populate_obj(self.node)
db.session.commit()
flash(u"Edited redirect '%s'." % self.node.title, 'success')
return render_redirect(url_for('folder', website=self.website.name, folder=self.folder.name), code=303)
def resource_action_edit(client, resource, action):
form = ResourceActionForm(obj=action)
form.edit_resource = resource
if form.validate_on_submit():
form.populate_obj(action)
db.session.commit()
flash("Your action has been edited", 'success')
return render_redirect(url_for('client_info', key=client.key), code=303)
return render_form(form=form, title="Edit action", formid="action_edit", submit="Save changes", ajax=True)
def edit(self):
form = VenueRoomForm(obj=self.obj)
if form.validate_on_submit():
form.populate_obj(self.obj)
self.obj.make_name(reserved=RESERVED_VENUEROOM)
db.session.commit()
flash(_(u"Saved changes to this room"), 'success')
return render_redirect(self.obj.venue.project.url_for('venues'), code=303)
return render_form(form=form, title=_("Edit room"), submit=_("Save"), cancel_url=self.obj.venue.project.url_for('venues'), ajax=False)
def event_publish(profile, event):
workflow = event.workflow()
if not workflow.can_edit():
abort(403)
workflow.openit()
db.session.add(event)
db.session.commit()
flash(u"You have published the event %s" % event.title, "success")
return render_redirect(event.url_for(), code=303)
def kiosk_delete(event, kiosk):
form = ConfirmDeleteForm()
if form.validate_on_submit():
if 'delete' in request.form:
db.session.delete(kiosk)
db.session.commit()
return render_redirect(url_for('event_kiosks', event=event.id), code=303)
return render_template('baseframe/delete.html', form=form, title=u"Delete '%s' ?" % (kiosk.name),
message=u"Do you really want to delete the kiosk '%s' from event %s?" % (kiosk.name, event.title))
def channel_edit(channel):
form = ChannelForm(obj=channel)
if channel.userid == g.user.userid:
form.type.choices = [(1, channel_types[1])]
else:
choices = channel_types.items()
choices.sort()
choices.pop(0)
choices.pop(0)
form.type.choices = choices
if form.validate_on_submit():
form.populate_obj(channel)
db.session.commit()
flash(u"Edited description for channel", 'success')
return render_redirect(channel.url_for(), code=303)
return render_form(form=form,
title=u"Edit channel",
submit=u"Save",
cancel_url=channel.url_for(),
ajax=True)
def process_form(self):
if self.node is None:
self.node = Map(folder=self.folder,
name=self.form.name.data,
title=self.form.title.data)
db.session.add(self.node)
flash(u"Created new list '%s'" % self.node.title, 'success')
else:
self.node.name = self.form.name.data
self.node.title = self.form.title.data
flash(u"Edited list '%s'" % self.node.title, 'success')
self.node.populate_map([
json.loads(row, use_decimal=True)
for row in self.form.list.data.split('\n') if row.strip()
])
db.session.commit()
return render_redirect(url_for('folder',
website=self.website.name,
folder=self.folder.name),
code=303)
def profile_edit(profile):
if profile.userid not in g.user.user_organizations_owned_ids():
abort(403)
form = ProfileForm(obj=profile)
# FIXME: The way "choices" are populated is very confusing. Make this clearer.
if profile.userid == g.user.userid:
form.type.choices = [(1, profile_types[1])]
else:
choices = profile_types.items()
choices.sort()
choices.pop(0)
choices.pop(0)
form.type.choices = choices
if form.validate_on_submit():
form.populate_obj(profile)
db.session.commit()
flash(u"Edited description for profile", 'success')
return render_redirect(profile.url_for(), code=303)
return render_form(form=form, title=u"Edit profile", submit=u"Save",
cancel_url=profile.url_for(), ajax=True)
def add_email():
form = NewEmailAddressForm()
if form.validate_on_submit():
useremail = UserEmailClaim.get(user=current_auth.user,
email=form.email.data)
if useremail is None:
useremail = UserEmailClaim(user=current_auth.user,
email=form.email.data,
type=form.type.data)
db.session.add(useremail)
db.session.commit()
send_email_verify_link(useremail)
flash(_("We sent you an email to confirm your address"), 'success')
user_data_changed.send(current_auth.user, changes=['email-claim'])
return render_redirect(url_for('.account'), code=303)
return render_form(form=form,
title=_("Add an email address"),
formid='email_add',
submit=_("Add email"),
ajax=True)
def permission_new():
form = PermissionForm()
form.context.choices = available_client_owners()
if request.method == 'GET':
form.context.data = g.user.userid
if form.validate_on_submit():
perm = Permission()
form.populate_obj(perm)
perm.user = form.user
perm.org = form.org
perm.allusers = False
db.session.add(perm)
db.session.commit()
flash("Your new permission has been defined", 'success')
return render_redirect(url_for('.permission_list'), code=303)
return render_form(form=form,
title="Define a new permission",
formid="perm_new",
submit="Define new permission",
ajax=True)
def new(self):
form = OrganizationForm()
form.name.description = current_app.config.get('ORG_NAME_REASON')
form.title.description = current_app.config.get('ORG_TITLE_REASON')
if form.validate_on_submit():
org = Organization()
form.populate_obj(org)
if current_auth.user not in org.owners.users:
org.owners.users.append(current_auth.user)
db.session.add(org)
db.session.commit()
org_data_changed.send(org, changes=['new'], user=current_auth.user)
return render_redirect(org.url_for('view'), code=303)
return render_form(
form=form,
title=_("New organization"),
formid='org_new',
submit=_("Create"),
ajax=False,
)
def edit_banner(self):
form = ProjectBannerForm(obj=self.obj)
if request.method == 'POST':
if form.validate_on_submit():
form.populate_obj(self.obj)
db.session.commit()
flash(_("Your changes have been saved"), 'info')
return render_redirect(self.obj.url_for(), code=303)
else:
return render_form(form=form,
title="",
submit=_("Save banner"),
ajax=True)
return render_form(
form=form,
title="",
submit=_("Save banner"),
ajax=True,
template='img_upload_formlayout.html.jinja2',
)
def folder_new(website):
g.website = website
form = FolderForm()
themes = [('', 'Website Default')] + [(t.identifier, t.name)
for t in get_themes_list()]
form.theme.choices = themes
if form.validate_on_submit():
folder = Folder(website=website)
form.populate_obj(folder)
db.session.add(folder)
db.session.commit()
return render_redirect(url_for('folder',
website=website.name,
folder=folder.name),
code=303)
return render_form(form=form,
title=u"New folder",
submit=u"Create",
cancel_url=url_for('website', website=website.name),
ajax=True)
def permission_edit(perm):
form = PermissionForm(obj=perm)
form.context.choices = available_client_owners()
if request.method == 'GET':
if perm.user:
form.context.data = perm.user.userid
else:
form.context.data = perm.org.userid
if form.validate_on_submit():
form.populate_obj(perm)
perm.user = form.user
perm.org = form.org
db.session.commit()
flash("Your permission has been saved", 'success')
return render_redirect(url_for('.permission_list'), code=303)
return render_form(form=form,
title="Edit permission",
formid="perm_edit",
submit="Save changes",
ajax=True)
def remove_email(md5sum):
useremail = UserEmail.query.filter_by(md5sum=md5sum,
user=current_auth.user).first()
if not useremail:
useremail = UserEmailClaim.query.filter_by(
md5sum=md5sum, user=current_auth.user).first_or_404()
if isinstance(useremail, UserEmail) and useremail.primary:
flash(_("You cannot remove your primary email address"), 'error')
return render_redirect(url_for('.profile'), code=303)
if request.method == 'POST':
# FIXME: Confirm validation success
user_data_changed.send(current_auth.user, changes=['email-delete'])
return render_delete_sqla(
useremail,
db,
title=_(u"Confirm removal"),
message=_(u"Remove email address {email}?").format(
email=useremail.email),
success=_(u"You have removed your email address {email}").format(
email=useremail.email),
next=url_for('.profile'))
def edit(self):
if 'edit-filterset' not in g.board.current_permissions:
abort(403)
form = FiltersetForm(obj=self.obj)
if form.validate_on_submit():
form.populate_obj(self.obj)
try:
db.session.commit()
flash(u"Updated filterset", 'success')
return render_redirect(self.obj.url_for(), code=303)
except ValueError:
db.session.rollback()
flash(
u"There already exists a filterset with the selected criteria",
'interactive')
return render_form(form=form,
title=u"Edit filterset…",
submit="Update",
formid="filterset_edit",
ajax=False)
def new(self):
self.message = u"Campaigns appear around the job board and provide a call to action for users"
form = CampaignForm()
if request.method == 'GET' and g.board:
form.boards.data = [g.board]
if form.validate_on_submit():
campaign = Campaign(user=g.user)
form.populate_obj(campaign)
campaign.name = suuid(
) # Use a random name since it's also used in user action submit forms
db.session.add(campaign)
db.session.commit()
flash(u"Created a campaign", 'success')
return render_redirect(campaign.url_for(), code=303)
return render_form(form=form,
title=u"Create a campaign…",
submit="Next",
formid="campaign_new",
cancel_url=url_for(self.list_current.endpoint),
ajax=False)
def report_edit(workspace, report):
workflow = report.workflow()
form = ExpenseReportForm(obj=report)
return report_edit_internal(workspace, form, report, workflow)
# All okay. Allow editing
if form.validate_on_submit():
form.populate_obj(report)
db.session.commit()
flash("Edited report '%s'." % report.title, 'success')
return render_redirect(url_for('report',
workspace=workspace.name,
report=report.url_name),
code=303)
return render_form(form=form,
title=u"Edit expense report",
formid="report_edit",
submit=u"Save",
cancel_url=url_for('report',
workspace=workspace.name,
report=report.url_name))
def node_unpublish(website, folder, node):
g.website = website
g.folder = folder
if not (hasattr(node, 'unpublish') and callable(node.unpublish)):
abort(404)
form = ConfirmForm(obj=node)
if form.validate_on_submit():
node.unpublish()
db.session.commit()
flash(u"Unpublished '%s'" % node.title, 'success')
return render_redirect(url_for('folder',
website=folder.website.name,
folder=folder.name),
code=303)
return render_form(form=form,
title="Unpublish node",
submit=u"Unpublish",
cancel_url=url_for('folder',
website=folder.website.name,
folder=folder.name),
node=node)
def make_phone_primary():
form = PhonePrimaryForm()
if form.validate_on_submit():
userphone = UserPhone.get_for(user=current_auth.user,
phone=form.phone.data)
if userphone is not None:
if userphone.primary:
flash(_("This is already your primary phone number"), 'info')
else:
current_auth.user.primary_phone = userphone
db.session.commit()
user_data_changed.send(current_auth.user,
changes=['phone-update-primary'])
flash(_("Your primary phone number has been updated"),
'success')
else:
flash(_("No such phone number is linked to this user account"),
'danger')
else:
flash(_("Please select a phone number"), 'danger')
return render_redirect(url_for('.account'), code=303)
def make_email_primary():
form = EmailPrimaryForm()
if form.validate_on_submit():
useremail = UserEmail.get_for(user=current_auth.user,
email=form.email.data)
if useremail is not None:
if useremail.primary:
flash(_("This is already your primary email address"), 'info')
else:
current_auth.user.primary_email = useremail
db.session.commit()
user_data_changed.send(current_auth.user,
changes=['email-update-primary'])
flash(_("Your primary email address has been updated"),
'success')
else:
flash(_("No such email address is linked to this user account"),
'danger')
else:
flash(_("Please select an email address"), 'danger')
return render_redirect(url_for('.account'), code=303)
def org_new():
form = OrganizationForm()
form.domain.choices = user_org_domains(g.user)
form.name.description = current_app.config.get('ORG_NAME_REASON')
form.title.description = current_app.config.get('ORG_TITLE_REASON')
if form.validate_on_submit():
org = Organization()
form.populate_obj(org)
if g.user not in org.owners.users:
org.owners.users.append(g.user)
if g.user not in org.members.users:
org.members.users.append(g.user)
db.session.add(org)
db.session.commit()
org_data_changed.send(org, changes=['new'], user=g.user)
return render_redirect(url_for('.org_info', name=org.name), code=303)
return render_form(form=form,
title=_("New organization"),
formid='org_new',
submit=_("Create"),
ajax=False)
def workspace_edit(workspace):
form = WorkspaceForm(obj=workspace)
form.admin_teams.query = Team.query.filter_by(
orgid=workspace.userid).order_by('title')
form.review_teams.query = form.admin_teams.query
form.access_teams.query = form.admin_teams.query
if form.validate_on_submit():
form.populate_obj(workspace)
db.session.commit()
flash(u"Edited workspace settings.", 'success')
return render_redirect(url_for('workspace_view',
workspace=workspace.name),
code=303)
return render_form(form=form,
title=u"Edit workspace settings",
submit="Save",
formid="workspace_edit",
cancel_url=url_for('workspace_view',
workspace=workspace.name),
ajax=True)
def remove_extid(extid):
num_extids = len(current_auth.user.externalids)
has_pw_hash = bool(current_auth.user.pw_hash)
if not has_pw_hash and num_extids == 1:
flash(
_("You do not have a password set. So you must have at least one external ID enabled."
), 'danger')
return render_redirect(url_for('.account'), code=303)
return render_delete_sqla(
extid,
db,
title=_(u"Confirm removal"),
message=_(u"Remove {service} account ‘{username}’ from your account?"
).format(service=login_registry[extid.service].title,
username=extid.username),
success=_(
u"You have removed the {service} account ‘{username}’").format(
service=login_registry[extid.service].title,
username=extid.username),
next=url_for('.account'),
delete_text=_(u"Remove"))
def event_send_email(profile, event):
form = SendEmailForm()
form.send_to.choices = [(-1, "All participants (confirmed or not)")] + \
[(item.value, item.title) for item in ParticipantWorkflow.states()]
if form.validate_on_submit():
if form.send_to.data == -1:
participants = Participant.query.filter_by(event=event).all()
else:
participants = Participant.query.filter_by(event=event, status=form.send_to.data).all()
subject = form.subject.data
count = 0
for participant in participants:
if participant.email:
message = form.message.data.replace("*|FULLNAME|*", participant.user.fullname)
text_message = html2text(message)
if g.user.email:
send_email(sender=(g.user.fullname, g.user.email), to=participant.email, subject=subject, body=text_message, html=message)
count += 1
flash("Your message was sent to %d participant(s)." % count)
return render_redirect(event.url_for())
return render_form(form=form, title="Send email to participants",
submit=u"Send", cancel_url=event.url_for(), ajax=False)
def email_template_form(profile, event):
form = EmailEventParticipantsForm(obj=event)
if not (form.confirmation_message.data or form.waitlisted_message.data or form.rejected_message.data or form.pending_message.data):
if not form.confirmation_message.data:
form.confirmation_message.data = render_template('confirmed_participants_email.md', event=event)
if not form.waitlisted_message.data:
form.waitlisted_message.data = render_template('waitlisted_participants_email.md', event=event)
if not form.rejected_message.data:
form.rejected_message.data = render_template('rejected_participants_email.md', event=event)
if not form.pending_message.data:
form.pending_message.data = render_template('pending_participants_email.md', event=event)
if form.validate_on_submit():
form.populate_obj(event)
event.confirmation_message_text = html2text(event.confirmation_message)
event.pending_message_text = html2text(event.pending_message)
event.waitlisted_message_text = html2text(event.waitlisted_message)
event.rejected_message_text = html2text(event.rejected_message)
db.session.commit()
flash(u"Participants Email template for %s is saved" % event.title, "success")
return render_redirect(event.url_for(), code=303)
return render_form(form=form, title="Email Participants form", submit=u"Save",
cancel_url=event.url_for(), ajax=False)
def report_edit(report):
workflow = report.workflow()
if not workflow.can_view():
abort(403)
if not workflow.can_edit():
return render_template(
'baseframe/message.html',
message=u"You cannot edit this report at this time.")
form = ExpenseReportForm(obj=report)
return report_edit_internal(form, report, workflow)
# All okay. Allow editing
if form.validate_on_submit():
form.populate_obj(report)
db.session.commit()
flash("Edited report '%s'." % report.title, 'success')
return render_redirect(url_for('report', id=report.id), code=303)
return render_form(form=form,
title=u"Edit expense report",
formid="report_edit",
submit=u"Save",
cancel_url=url_for('report', id=report.id))
def verify_phone(phoneclaim):
form = VerifyPhoneForm()
form.phoneclaim = phoneclaim
if form.validate_on_submit():
if not g.user.phones:
primary = True
else:
primary = False
userphone = UserPhone(user=g.user,
phone=phoneclaim.phone,
gets_text=True,
primary=primary)
db.session.add(userphone)
db.session.delete(phoneclaim)
db.session.commit()
flash("Your phone number has been verified.", 'success')
return render_redirect(url_for('profile'), code=303)
return render_form(form=form,
title="Verify phone number",
formid="phone_verify",
submit="Verify",
ajax=True)
def client_new():
form = RegisterClientForm()
form.client_owner.choices = available_client_owners()
if request.method == 'GET':
form.client_owner.data = g.user.userid
if form.validate_on_submit():
client = Client()
form.populate_obj(client)
client.user = form.user
client.org = form.org
client.trusted = False
db.session.add(client)
db.session.commit()
return render_redirect(url_for('.client_info', key=client.key),
code=303)
return render_form(form=form,
title="Register a new client application",
formid="client_new",
submit="Register application",
ajax=True)
def client_edit(client):
form = RegisterClientForm(obj=client, model=Client)
form.edit_user = current_auth.user
form.client_owner.choices = available_client_owners()
if request.method == 'GET':
if client.user:
form.client_owner.data = client.user.buid
else:
form.client_owner.data = client.org.buid
if form.validate_on_submit():
if client.user != form.user or client.org != form.org:
# Ownership has changed. Remove existing permission assignments
for perm in UserClientPermissions.query.filter_by(
client=client).all():
db.session.delete(perm)
for perm in TeamClientPermissions.query.filter_by(
client=client).all():
db.session.delete(perm)
flash(
_(u"This application’s owner has changed, so all previously assigned permissions "
"have been revoked"), 'warning')
form.populate_obj(client)
client.user = form.user
client.org = form.org
if not client.team_access:
# This client does not have access to teams in organizations. Remove all existing assignments
for cta in ClientTeamAccess.query.filter_by(client=client).all():
db.session.delete(cta)
db.session.commit()
return render_redirect(url_for('.client_info', key=client.key),
code=303)
return render_form(form=form,
title=_("Edit application"),
formid='client_edit',
submit=_("Save changes"),
ajax=True)
def event_withdraw(profile, event):
user_id = g.user.id
participant = Participant.query.filter_by(event_id=event.id,
user_id=user_id).first()
if participant:
workflow = participant.workflow()
if not workflow.can_withdraw():
abort(403)
withdraw_call = {
0: workflow.withdraw_pending,
1: workflow.withdraw_waiting_list,
2: workflow.withdraw_confirmed,
3: workflow.withdraw_rejected,
}
form = ConfirmWithdrawForm()
if form.validate_on_submit():
if 'delete' in request.form:
try:
withdraw_call[participant.status]()
except KeyError:
pass
db.session.commit()
flash(
u"Your request to withdraw from {0} is recorded".format(
event.title), "success")
values = {'profile': profile.name, 'event': event.name}
return render_redirect(url_for('event_view', **values), code=303)
return render_template(
'withdraw.html',
form=form,
title=u"Confirm withdraw",
message=u"Withdraw from '%s' ? You can come back anytime." %
(event.title))
else:
abort(404)
def event_apply(profile, event):
values = {'profile': profile.name, 'event': event.name}
participant = Participant.get(g.user, event)
if not participant:
# If no participant is found create a new participant entry
# First collect some information about the new participant
user = g.user
form = ParticipantForm(obj=user)
if form.validate_on_submit():
total_participants = Participant.query.filter_by(
event_id=event.id).count()
participant = Participant(user=user, event=event)
form.populate_obj(participant)
participant.save_defaults()
participant.status = PARTICIPANT_STATUS.PENDING if event.maximum_participants < total_participants else PARTICIPANT_STATUS.WL
db.session.add(participant)
db.session.commit()
flash(
u"Your request to participate has been recorded; you will be notified by the event manager",
"success")
else:
return render_form(form=form,
title="Participant Details",
submit=u"Participate",
cancel_url=url_for('event_view',
event=event.name,
profile=profile.name),
ajax=False)
# FIXME: Don't change anything unless this is a POST request
elif participant.status == PARTICIPANT_STATUS.WITHDRAWN:
participant.status = PARTICIPANT_STATUS.PENDING
db.session.commit()
flash(
u"Your request to participate has been recorded; you will be notified by the event manager",
"success")
else:
flash(u"Your request is pending", "error")
return render_redirect(url_for('event_view', **values), code=303)
def login():
# If user is already logged in, send them back
if g.user:
return redirect(get_next_url(referrer=True), code=303)
loginform = LoginForm()
openidform = OpenIdForm()
if request.method == 'GET':
openidform.openid.data = 'http://'
formid = request.form.get('form.id')
if request.method == 'POST' and formid == 'openid':
if openidform.validate():
return oid.try_login(openidform.openid.data,
ask_for=['email', 'fullname', 'nickname'])
elif request.method == 'POST' and formid == 'login':
if loginform.validate():
user = loginform.user
login_internal(user)
if loginform.remember.data:
session.permanent = True
else:
session.permanent = False
db.session.commit()
flash('You are now logged in', category='success')
return render_redirect(get_next_url(session=True), code=303)
if request.is_xhr and formid == 'login':
return render_template('forms/loginform.html',
loginform=loginform,
Markup=Markup)
else:
return render_template('login.html',
openidform=openidform,
loginform=loginform,
oiderror=oid.fetch_error(),
oidnext=oid.get_next_url(),
Markup=Markup)
def board_new():
form = BoardForm()
if 'siteadmin' not in lastuser.permissions():
# Allow only siteadmins to set this field
del form.options.form.require_pay
form.userid.choices = g.user.allowner_choices()
if form.validate_on_submit():
board = Board()
form.populate_obj(board)
if not board.name:
board.make_name()
db.session.add(board)
if 'add' in request.args:
post = JobPost.get(request.args['add'])
if post:
board.add(post)
db.session.commit()
flash(u"Created a job board named %s" % board.title, 'success')
return render_redirect(url_for('board_view', board=board.name), code=303)
return render_form(form=form, title=u"Create a job board…", submit="Next",
message=u"Make your own job board with just the jobs you want to showcase. "
"Your board will appear as a subdomain",
formid="board_new", cancel_url=url_for('index'), ajax=False)
def event_edit(profile, event):
workflow = event.workflow()
if not workflow.can_edit():
abort(403)
form = EventForm(obj=event)
if form.validate_on_submit():
form.populate_obj(event)
if not event.name:
event.make_name()
event.profile_id = profile.id
db.session.commit()
flash(u"Your edits to %s are saved" % event.title, "success")
return render_redirect(url_for('event_view',
event=event.name,
profile=profile.name),
code=303)
return render_form(form=form,
title="Edit Event",
submit=u"Save",
cancel_url=url_for('event_view',
event=event.name,
profile=profile.name),
ajax=False)
