def show_dash():
""" Metodo que nos servirá para mostrar el dashboard principal una ves se haya iniciado sesión."""
# session.clear()
# Si hemos dado al boton cambio de modo user activaremos ese modo, solo cuando seamos Admin
if not request.args.get('change_user'):
userMode = False
else:
userMode = request.args.get('change_user')
# Entramos si el usuario es un Admin xq en el caso que el usuario tenga todos los roles,
# empezara por el que tiene mayor privilegio
if current_user.has_roles('Admin') and not userMode:
if current_user.ksat:
existKSAT_user = True
return render_template('manage/dashboard_admin.html',
title='Dashboard Admin',
exist_KSAT=existKSAT_user)
return render_template('manage/dashboard_admin.html',
title='Dashboard Admin')
# Si es usuario normal entra por aqui
elif current_user.has_roles(['User', 'Admin']):
existKSAT_user = False
if current_user.ksat:
existKSAT_user = True
change_admin = True
if 'task_id' in session:
return render_template('general/dashboard.html',
title='Dashboard',
exist_KSAT=existKSAT_user,
change_admin=change_admin)
else:
courses = True
return render_template('general/dashboard.html',
title='Dashboard',
courses=courses,
exist_KSAT=existKSAT_user,
change_admin=change_admin)
if not 'task_id' in session:
change_admin = True
courses = True
return render_template('general/dashboard.html',
title='Dashboard',
courses=courses,
change_admin=change_admin)
else:
change_admin = True
return render_template('general/dashboard.html',
title='Dashboard',
change_admin=change_admin)
change_admin = True
return render_template('general/dashboard.html',
title='Dashboard',
change_admin=change_admin)
def is_accessible(self):
if not current_user.is_authenticated:
return False
if current_user.has_roles("editor"):
self.can_delete = True
self.can_create = True
self.can_edit = True
elif current_user.has_roles("student"):
self.can_delete = False
self.can_create = False
self.can_edit = False
return True
def upload_images():
if not hasattr(current_user, "has_roles") or not current_user.has_roles("editor"):
return redirect(url_for('index'))
# pass
# print(request.files)
# print(request.form)
result = []
if request.method == "POST":
files = request.files.getlist("file")
for file in files:
# print(os.path.join(app.config['UPLOAD_FOLDER'], file.filename))
image = GImages(image_name=file.filename)
db.session.add(image)
db.session.flush()
db.session.refresh(image)
image.image_file = f"{image.id}.{file.filename.split('.')[-1]}"
db.session.flush()
db.session.refresh(image)
file.save(os.path.join(GALLERY_PATH, image.image_file))
# print(os.path.join(GALLERY_PATH, image.image_file))
result.append((image.id, image.image_file, image.image_name))
db.session.commit()
result = pd.DataFrame(result, columns=["id", "file", "name"])
return render_template("upload_images.html", result=result.to_html(), df_len=result.shape[0])
def rsvp():
if current_user.has_roles("admin"):
return abort(404)
party_id = current_user.party_id
db_state = RSVPState.init_from_party_id(party_id, db.session)
form = db_state.build_form(request=request)
if form.validate_on_submit():
before_rsvp = db_state.to_frozen()
db_state.update_db_with_form_data(form, db.session)
# Re-fetch state from the DB to make sure the data isn't stale
new_db_state = RSVPState.init_from_party_id(party_id, db.session)
RSVPChange.insert(party_id, before_rsvp, new_db_state.to_frozen(),
db.session)
if not new_db_state.party.is_attending:
return render_template("rsvp_declined.html.jinja2")
else:
return render_template("rsvp_accepted.html.jinja2",
booking=new_db_state.booking)
return render_template("rsvp.html.jinja2",
booking=db_state.booking,
guests=db_state.guests,
form=form,
attending=db_state.attending)
def block_handling():
""" Log out a user that's blocked and send them to the index page. """
if not current_user.is_anonymous and current_user.has_roles('blocked'):
flash("There was a problem with your login.", 'error')
current_app.logger.warn("Logged out blocked user %s",
current_user.id)
return redirect(url_for('auth.logout'))
def index():
"""
Home path for the site
:return:
"""
if not current_user.is_anonymous and current_user.has_roles("Admin"):
results = db.session.query(User.name, DeviceQueue.webUrl).join(
User.deviceQueueEntry).filter_by(state='in-use').all()
show_streams = False
else:
results = db.session.query(User.name, DeviceQueue.roUrl).join(
User.deviceQueueEntry).filter_by(state='in-use').all()
show_streams = True
if not current_user.is_anonymous:
devices = get_devices()['result']
else:
devices = []
from .queue import list_queues
return render_template('index.html',
devices=devices,
queues=list_queues()['result'],
terminals=results,
show_streams=show_streams)
def decorator(*args, **kwargs):
# User must have the required roles
if not user.has_roles(*role_names):
# Redirect to the unauthorized page
return app.login_manager.unauthorized()
# It's OK to call the view
return view_function(*args, **kwargs)
def index():
if current_user.is_authenticated:
if current_user.has_roles('Admin'):
return redirect(url_for('main.da_list'))
else:
return redirect(url_for('main.agent_view'))
else:
return redirect(url_for('auth.login'))
def decorator(*args, **kwargs):
# User must have the required roles
if not user.has_roles(*role_names):
# Redirect to the unauthorized page
return app.login_manager.unauthorized()
# It's OK to call the view
return view_function(*args, **kwargs)
def decorator(*args, **kwargs):
if None in role_names and current_user.is_authenticated:
return f(*args, **kwargs)
else:
return current_app.login_manager.unauthorized()
if not current_user.has_roles(*role_names):
return current_app.login_manager.unauthorized()
return f(*args, **kwargs)
def index():
global check
check = 0
if current_user.is_active == 1:
if current_user.has_roles('Admin'):
return render_template("admin-index.html")
else:
return render_template("logged-in-index.html")
else:
return render_template("index.html")
def decorator(*args, **kwargs):
if (not current_user.is_authenticated):
# Redirect to unauthenticated page
return redirect(url_for("admin_route.login"))
# User must have the required roles
if (not current_user.has_roles(*role_names)):
# Redirect to the unauthorized page
return redirect(url_for("main.home"))
# It's OK to call the view
return view_function(*args, **kwargs)
def decorated_view(*args, **kwargs):
# User must be logged
if not _call_or_get(current_user.is_authenticated):
# Redirect to the unauthenticated page
return current_app.user_manager.unauthenticated_view_function()
# User must have the required roles
if not current_user.has_roles(*role_names):
# Redirect to the unauthorized page
return current_app.user_manager.unauthorized_view_function()
# Call the actual view
return func(*args, **kwargs)
def decorated_view(*args, **kwargs):
# User must be logged
if not is_authenticated():
# Redirect to the unauthenticated page
return current_app.user_manager.unauthenticated_view_function()
# User must have the required roles
if not current_user.has_roles(*role_names):
# Redirect to the unauthorized page
return current_app.user_manager.unauthorized_view_function()
# Call the actual view
return func(*args, **kwargs)
def login():
""" """
if current_user.is_authenticated:
return redirect(url_for('home'))
form = LoginForm()
# Validate Login
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).first()
# Login and validate the user.
if user is not None and user.password is not None \
and user.verify_password(form.password.data):
login_user(user, remember=False)
current_user.authenticated = True
current_user.logged_in = True
session['user_id'] = current_user.id
# Tell Flask-Principal the identity changed
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
# update the database
db.session.add(current_user)
db.session.commit()
flash('Logged in successfully.')
# if user is a user direct to userdashboard
if current_user.has_roles("user"):
return redirect(url_for('user_dashboard', user=current_user))
# if user is a driver direct to driver dashboard
if current_user.has_roles("driver"):
return redirect(
url_for('driver_dashboard', driver=current_user))
else:
flash('Invalid username or passowrd')
return redirect(url_for('login'))
return render_template('login.html', title='Sign In', form=form)
def decorator(*args, **kwargs):
login_manager = current_app.login_manager
# Must be logged in
if not current_user.is_authenticated:
# Redirect to unauthenticated page (401)
return login_manager.unauthorized()
# User must have the required roles
if not current_user.has_roles(*role_names):
# Redirect to the unauthorized page (403)
return abort(403)
# It's OK to call the view
return view_function(*args, **kwargs)
def validate(self, user_id, admin_id):
user_manager = current_app.user_manager
rv = UserProfileForm.validate(self)
if not rv:
return False
user, user_email = user_manager.find_user_by_email(self.email.data)
if user is not None and user.id != user_id:
self.email.errors.append(word('That e-mail address is already taken.'))
return False
if current_user.id == user_id and current_user.has_roles('admin'):
if admin_id not in self.role_id.data:
self.role_id.errors.append(word('You cannot take away your own admin privilege.'))
return False
self.active.data = True
return True
def decorator(*args, **kwargs):
user_manager = current_app.user_manager
# User must be logged in with a confirmed email address
allowed = _is_logged_in_with_confirmed_email(user_manager)
if not allowed:
# Redirect to unauthenticated page
return user_manager.unauthenticated_view()
# User must have the required roles
if not current_user.has_roles(*role_names):
# Redirect to the unauthorized page
return user_manager.unauthorized_view()
# It's OK to call the view
return view_function(*args, **kwargs)
def decorator(*args, **kwargs):
user_manager = current_app.user_manager
# User must be logged in with a confirmed email address
allowed = _is_logged_in_with_confirmed_email(user_manager)
if not allowed:
# Redirect to unauthenticated page
return user_manager.unauthenticated_view()
# User must have the required roles
if not current_user.has_roles(*role_names):
# Redirect to the unauthorized page
return user_manager.unauthorized_view()
# It's OK to call the view
return view_function(*args, **kwargs)
def decorator(*args, **kwargs):
auth = current_app.auth
# User must be logged in with a confirmed account
allowed = False
# User must be logged in
if current_user.is_authenticated:
# User must be verified (if required)
if auth.AUTH_ENABLE_CONFIRM_ACCOUNT and current_user.verified:
allowed = True
# User can be not verified (if allowed)
elif not auth.AUTH_ENABLE_CONFIRM_ACCOUNT:
allowed = True
if not allowed:
# Redirect to unauthenticated page
return auth.unauthenticated()
# User must have the required roles
if not current_user.has_roles(*role_names):
# Redirect to the unauthorized page
return auth.unauthorized()
# It's OK to call the view
return view_function(*args, **kwargs)
def decorated_view(*args, **kwargs):
if current_user.is_active() is False:
flash('SVP confirmez votre compte!', 'warning')
return redirect(url_for('user_param.unconfirmed'))
if not current_user.is_authenticated() or not session.get(
'user_id'):
flash('Connectez-vous SVP.', 'danger')
return redirect(url_for('user.logout'))
if not current_user.is_authenticated() and session.get('user_id'):
flash('Connectez-vous SVP.', 'danger')
return redirect(url_for('user.logout'))
# User must have the required roles
if not current_user.has_roles(required_roles, required_droits):
# Redirect to the unauthorized page
return redirect(url_for('server_Unauthorized'))
# Call the actual view
return func(*args, **kwargs)
def wrapped(*args, **kwargs):
if current_user.has_roles(*roles):
return f(*args, **kwargs)
abort(401)
def is_admin():
return current_user.has_roles("admin")
def new_rider(carpool_uuid):
carpool = Carpool.uuid_or_404(carpool_uuid)
if carpool.canceled:
flash("This carpool has been canceled and can no longer be edited.", 'error')
return redirect(url_for('carpool.details', uuid=carpool.uuid))
if current_user.is_driver(carpool):
flash("You can't request a ride on a carpool you're driving in", 'error')
return redirect(url_for('carpool.details', uuid=carpool.uuid))
if not current_user.gender:
flash("Please specify your gender before creating a carpool request")
session['next'] = url_for('carpool.new_rider', carpool_uuid=carpool.uuid)
return redirect(url_for('auth.profile'))
# max 10 rides for non-admin users
if not current_user.has_roles('admin'):
now = datetime.datetime.now().replace(tzinfo=tz.gettz('UTC'))
# ride requests in future, active carpools
pending_req = current_user.get_ride_requests_query().\
filter(RideRequest.carpool_id == Carpool.id).\
filter(Carpool.canceled.is_(False)).\
filter(Carpool.leave_time > now)
driving = current_user.get_driving_carpools().\
filter(Carpool.canceled.is_(False)).\
filter(Carpool.leave_time > now)
if pending_req.count() + driving.count() >= 10:
flash('''
Sorry, you can be in at most ten carpools.
Please try again after some of your carpools have finished.
''', 'error')
return render_template('carpools/error.html')
rider_form = RiderForm()
if rider_form.validate_on_submit():
if carpool.seats_available < 1:
flash("There isn't enough space for you on "
"this ride. Try another one?", 'error')
return redirect(url_for('carpool.details', uuid=carpool.uuid))
if current_user.get_ride_request_in_carpool(carpool):
flash("You've already requested a seat on "
"this ride. Try another one or cancel your "
"existing request.", 'error')
return redirect(url_for('carpool.details', uuid=carpool.uuid))
rr = RideRequest(
carpool_id=carpool.id,
person_id=current_user.id,
notes=rider_form.notes.data,
status='requested',
)
db.session.add(rr)
db.session.commit()
flash("Your ride request has been sent to the driver for approval! "
"You'll get an email when you are approved.", 'success')
_email_driver_ride_requested(carpool, rr, current_user)
return redirect(url_for('carpool.details', uuid=carpool.uuid))
return render_template('carpools/add_rider.html', form=rider_form)
def wrapped(*args, **kwargs):
if not current_user.has_roles(*roles):
abort(403)
return f(*args, **kwargs)
def is_accessible(self):
if not current_user.is_authenticated:
return False
return current_user.has_roles("guest")
def is_accessible(self):
return current_user.has_roles('Admin')
def is_visible(self):
return current_user.is_authenticated and current_user.has_roles("Admin", "Developer")
def is_accessible(self):
return current_user.is_authenticated and current_user.has_roles(
"Admin")
def decorated_view(*args, **kwargs):
if current_user.is_authenticated:
if current_user.has_roles(roles):
return func(*args, **kwargs)
return abort(401)
def decorator(*args, **kwargs):
# User must have the required roles
if not current_user.has_roles(*role_names):
abort(403)
return view_function(*args, **kwargs)
def is_accessible(self):
access = current_user.is_authenticated and current_user.has_roles(
[self.role])
return access
