示例#1
0
文件: routes.py 项目: ASCIT/donut 
def campus_positions():
    '''Renders the campus positions template. We collect a list of
    groups that the currently loged in user is the admin of. We
    also collect the total list of positions and pass it in'''
    approved_group_ids = []
    approved_group_names = []

    def approve_group(group):
        approved_group_ids.append(group['group_id'])
        approved_group_names.append(group['group_name'])

    if is_admin():
        groups = groups_helpers.get_group_list_data(('group_id', 'group_name'))
        for group in groups:
            approve_group(group)
    else:
        username = flask.session.get('username')
        if username:
            user_id = get_user_id(username)
            for group in helpers.get_group_list_of_member(user_id):
                if group["control"]:
                    approve_group(group)
    all_positions = groups_helpers.get_position_data(
        include_house_and_ug=False, order_by=("group_name", "pos_name"))
    return flask.render_template('campus_positions.html',
                                 approved_group_ids=approved_group_ids,
                                 approved_group_names=approved_group_names,
                                 all_positions=all_positions)
示例#2
0
文件: routes.py 项目: dqu123/donut 
def add_news():
    if not is_admin():
        flask.abort(403)

    news = flask.request.form.get('news')
    if news:
        helpers.add_news(news)
    return flask.redirect(flask.url_for('.home'))
示例#3
0
文件: helpers.py 项目: dqu123/donut 
def is_admin():
    """
    Checks if user can control the settings.
    """
    if 'username' not in flask.session:
        return False
    user_id = auth_utils.get_user_id(flask.session['username'])
    ascit_id = groups.get_group_id('ASCIT')
    return auth_utils.is_admin() or groups.is_user_in_group(user_id, ascit_id)
示例#4
0
def can_control(user_id, group_id):
    """
    Returns whether the given user has control privileges for the given group.
    """
    if is_admin():
        return True

    query = """
        SELECT pos_id
        FROM current_position_holders NATURAL JOIN positions
        WHERE user_id = %s AND group_id = %s AND control = 1
        LIMIT 1
    """
    with flask.g.pymysql_db.cursor() as cursor:
        cursor.execute(query, (user_id, group_id))
        return cursor.fetchone() is not None
示例#5
0
文件: routes.py 项目: dqu123/donut 
def delete_news(news_id):
    if not is_admin():
        flask.abort(403)

    helpers.delete_news(news_id)
    return flask.redirect(flask.url_for('.home'))
示例#6
0
文件: routes.py 项目: dqu123/donut 
def home():
    news = helpers.get_news()
    return flask.render_template('donut.html', news=news, is_admin=is_admin())