def get(self, database, table, page, full, user=None): """ Get user's records """ if user is None: user = current_user.id if user == current_user.id: if not current_user.role_is( (UserRole.ADMIN, UserRole.DATA_MANAGER, UserRole.DATA_FILLER)): abort( 403, message= 'user access deny. You do not have permission to database') elif not current_user.role_is((UserRole.ADMIN, UserRole.DATA_MANAGER)): abort( 403, message= "user access deny. You do not have permission to see another user's data" ) entity = Loader.get_database(database)[table == 'REACTION'] q = entity.select(lambda x: x.user_id == user).order_by(lambda x: x.id).prefetch(entity.metadata)\ .page(page, pagesize=RESULTS_PER_PAGE) return marshal([x for x in q for x in x.metadata], (RecordStructureResponseFields if full else RecordResponseFields).resource_fields)
def get(self): """ Get available users list """ if current_user.role_is(UserRole.ADMIN): return User.select(lambda x: x._role in (UserRole.ADMIN.value, UserRole.DATA_MANAGER. value, UserRole.DATA_FILLER.value))[:], 200 elif current_user.role_is(UserRole.DATA_MANAGER): return User.select(lambda x: x._role in (UserRole.DATA_MANAGER.value, UserRole. DATA_FILLER.value))[:], 200 else: return User.select(lambda x: x.id == current_user.id)[:], 200
def download(file, name): a = Attachment.get(file=file) if a and a.post.classtype != 'Thesis' or current_user.is_authenticated and \ (current_user.role_is(UserRole.ADMIN) or current_user.role_is(UserRole.SECRETARY) or a.post.author == current_user.get_user()): resp = make_response() resp.headers['X-Accel-Redirect'] = '/file/%s' % file resp.headers['Content-Description'] = 'File Transfer' resp.headers['Content-Transfer-Encoding'] = 'binary' resp.headers['Content-Disposition'] = 'attachment; filename=%s' % name resp.headers['Content-Type'] = 'application/octet-stream' return resp abort(404)
def top_nav(): lsg = LeftSubgroup( View('News', '.blog'), View('About Us', '.about'), Subgroup('Education', View('Students', '.students'), View('Lessons', '.lessons'))) if current_user.is_authenticated: user_menu = [ View('My Events', '.events'), View('Submitted Abstracts', '.theses'), Separator(), View('Profile', '.user', _user=current_user.id), View('Edit Profile', '.profile'), Separator(), View('Logout', '.logout') ] if current_user.role_is(UserRole.ADMIN): user_menu.insert(2, View('Email Templates', '.emails')) rsg = RightSubgroup( Subgroup('Searching', View('Search', '.search'), Separator(), View('History', '.queries')), Subgroup('Modeling', View('Modeling', '.predictor'), Separator(), View('History', '.results')), Subgroup(current_user.full_name, *user_menu)) else: rsg = RightSubgroup( View('Searching', '.search'), View('Modeling', '.predictor'), View('Login', '.login', next=get_redirect_target() or request.path)) return Navbar(View(LAB_SHORT, '.index'), *[lsg, rsg])
def post(self, task, database, table, job, ended_at): """ add new records from task """ if job['type'] != TaskType.POPULATING: abort(406, message='Task type is invalid') if not current_user.role_is( (UserRole.ADMIN, UserRole.DATA_MANAGER, UserRole.DATA_FILLER)): abort(403, message= 'User access deny. You do not have permission to database') entity = Loader.get_database(database)[table == 'REACTION'] res = [] for s in job['structures']: if s['status'] != StructureStatus.CLEAR or s[ 'type'] != StructureType[table]: continue data = marshal(s, RecordStructureFields.resource_fields) structure = data.pop('data') in_db = entity.find_structure(structure) if not in_db: in_db = entity(structure, current_user.get_user()) res.append(in_db.add_metadata(data, current_user.get_user())) flush() return res, 201
def remove(file, name): form = DeleteButtonForm() if form.validate_on_submit(): a = Attachment.get(file=file) if a and (current_user.role_is(UserRole.ADMIN) or a.post.classtype == 'Thesis' and a.post.author.id == current_user.id and a.post.meeting.thesis_deadline > datetime.utcnow()): a.delete() return form.redirect() return render_template('button.html', form=form, title='Delete', subtitle=name)
def __get_record(database, table, metadata): try: data = getattr( Loader.get_schema(database), 'MoleculeProperties' if table == 'MOLECULE' else 'ReactionConditions')[metadata] except ObjectNotFound: abort(404, message='invalid record id') if data.user_id != current_user.id: if not current_user.role_is( (UserRole.ADMIN, UserRole.DATA_MANAGER)): abort( 403, message= "user access deny. You do not have permission to see another user's data" ) elif not current_user.role_is( (UserRole.DATA_FILLER, UserRole.ADMIN, UserRole.DATA_MANAGER)): abort(403, message= 'user access deny. You do not have permission to database') return data
def dispatch_request(self, post): admin = current_user.is_authenticated and current_user.role_is(UserRole.ADMIN) secretary = current_user.is_authenticated and current_user.role_is(UserRole.SECRETARY) special_form = special_field = children = title = None p = Post.get(id=post) if not p: return redirect(url_for('.blog')) opened_by_author = current_user.is_authenticated and p.author.id == current_user.id if p.classtype == 'Meeting': x = self.meeting_page(p) if not isinstance(x, tuple): return x crumb, title, children, special_form = x elif p.classtype == 'Thesis': crumb = dict(url=url_for('.abstracts', event=p.meeting_id), title='Abstract', parent='Event abstracts') special_form = self.thesis_page(p, opened_by_author) special_field = '**Presentation Type**: *%s*' % p.type.fancy elif p.classtype == 'TeamPost': crumb = dict(url=url_for('.students'), title='Student', parent='Laboratory') \ if p.type == TeamPostType.STUDENT else \ dict(url=url_for('.about'), title='Member', parent='Laboratory') special_field = get_articles(p.scopus) if p.scopus else None elif p.type == BlogPostType.ABOUT: crumb = dict(url=url_for('.about'), title='Description', parent='Laboratory') else: crumb = dict(url=url_for('.blog'), title='Post', parent='News') attachments = list(p.attachments) if admin or secretary or p.classtype != 'Thesis' or opened_by_author else None deletable = admin or p.classtype == 'Thesis' and (opened_by_author or secretary) and p.meeting.deadline > datetime.utcnow() return render_template('post.html', title=title or p.title, post=p, crumb=crumb, children=children, attachments=attachments, deletable=deletable, special_form=special_form, special_field=special_field)
def participants(event): m = Meeting.get(id=event, _type=MeetingPostType.MEETING.value) if not m: return redirect(url_for('.blog')) _admin = True if current_user.is_authenticated and (current_user.role_is(UserRole.ADMIN) or current_user.role_is(UserRole.SECRETARY)) else False header = ('#', 'Participant', 'Country', 'Status', 'Degree', 'Presentation type', 'Town', 'Affiliation', 'Email') \ if _admin else ('#', 'Participant', 'Country', 'Status', 'Degree', 'Presentation type') # cache users entities list(left_join(x for x in User for s in x.subscriptions if s.meeting == m)) subs = Subscription.select(lambda x: x.meeting == m).order_by(Subscription.id.desc()) data = [row_admin(n, cell(url_for('.user', _user=x.user.id), x.user.full_name), x.user.country_name, x.user.sci_status.fancy, x.user.sci_degree.fancy, x.type.fancy, x.user.town, x.user.affiliation, x.user.email) if _admin else row(n, cell(url_for('.user', _user=x.user.id), x.user.full_name), x.user.country_name, x.user.sci_status.fancy, x.user.sci_degree.fancy, x.type.fancy) for n, x in enumerate(subs, start=1)] return render_template('table.html', table=table(header=header, rows=data), title=m.title, subtitle='Participants', crumb=dict(url=url_for('.blog_post', post=event), title='Participants', parent='Event page'))
def get(self, database, table, user=None): """ Get user's records count """ if user is None: user = current_user.id if user == current_user.id: if not current_user.role_is( (UserRole.ADMIN, UserRole.DATA_MANAGER, UserRole.DATA_FILLER)): abort( 403, message= 'user access deny. You do not have permission to database') elif not current_user.role_is((UserRole.ADMIN, UserRole.DATA_MANAGER)): abort( 403, message= "user access deny. You do not have permission to see another user's data" ) entity = Loader.get_database(database)[table == 'REACTION'] q = entity.select(lambda x: x.user_id == user).count() return dict(data=q, pages=ceil(q / RESULTS_PER_PAGE))
def dispatch_request(self, action=4): form = FormRoute.get(action) if not form or not form.is_profile(): return redirect(url_for('.profile')) tabs = [ dict(title='Edit Profile', glyph='pencil', active=False, url=url_for('.profile', action=FormRoute.EDIT_PROFILE.value)), dict(title='Log out on all devices', glyph='remove', active=False, url=url_for('.profile', action=FormRoute.LOGOUT_ALL.value)), dict(title='Change Password', glyph='qrcode', active=False, url=url_for('.profile', action=FormRoute.CHANGE_PASSWORD.value)) ] admin = current_user.role_is(UserRole.ADMIN) if admin: tabs.extend([ dict(title='New Blog Post', glyph='font', active=False, url=url_for('.profile', action=FormRoute.NEW_BLOG_POST.value)), dict(title='New Meeting Page', glyph='resize-small', active=False, url=url_for('.profile', action=FormRoute.NEW_MEETING_PAGE.value)), dict(title='New Email Template', glyph='envelope', active=False, url=url_for('.profile', action=FormRoute.NEW_EMAIL_TEMPLATE.value)), dict(title='New Team Member', glyph='knight', active=False, url=url_for('.profile', action=FormRoute.NEW_MEMBER_PAGE.value)), dict(title='Ban User', glyph='remove-circle', active=False, url=url_for('.profile', action=FormRoute.BAN_USER.value)), dict(title='Change Role', glyph='arrow-up', active=False, url=url_for('.profile', action=FormRoute.CHANGE_USER_ROLE.value)) ]) if form == FormRoute.EDIT_PROFILE: message = 'Edit Profile' tabs[0]['active'] = True active_form = ProfileForm(obj=current_user.get_user()) if active_form.validate_on_submit(): u = User.get(id=current_user.id) u.name = active_form.name.data u.surname = active_form.surname.data u.country = active_form.country.data u.degree = active_form.degree.data u.status = active_form.status.data if active_form.banner_field.data: u.banner = save_upload(active_form.banner_field.data, images=True) if active_form.affiliation.data: u.affiliation = active_form.affiliation.data elif u.affiliation: u.affiliation = '' if active_form.position.data: u.position = active_form.position.data elif u.position: u.position = '' if active_form.town.data: u.town = active_form.town.data elif u.town: u.town = '' flash('Profile updated') elif form == FormRoute.LOGOUT_ALL: message = 'Log out on all devices' tabs[1]['active'] = True active_form = ReLoginForm() if active_form.validate_on_submit(): u = User.get(id=current_user.id) u.change_token() logout_user() flash('Successfully logged out from all devices') return redirect(url_for('.login')) elif form == FormRoute.CHANGE_PASSWORD: message = 'Change Password' tabs[2]['active'] = True active_form = ChangePasswordForm() if active_form.validate_on_submit(): u = User.get(id=current_user.id) u.change_password(active_form.password.data) logout_user() flash('Successfully changed password') return redirect(url_for('.login')) elif admin and form == FormRoute.NEW_BLOG_POST: message = 'New Blog Post' tabs[3]['active'] = True active_form = PostForm() if active_form.validate_on_submit(): banner_name, file_name = combo_save(active_form.banner_field, active_form.attachment) p = BlogPost(type=active_form.type, title=active_form.title.data, slug=active_form.slug.data, body=active_form.body.data, banner=banner_name, attachments=file_name, author=current_user.get_user()) commit() return redirect(url_for('.blog_post', post=p.id)) elif admin and form == FormRoute.NEW_MEETING_PAGE: message = 'New Meeting Page' tabs[4]['active'] = True active_form = MeetingForm() def add_post(): banner_name, file_name = combo_save(active_form.banner_field, active_form.attachment) p = Meeting( meeting=active_form.meeting_id.data, deadline=active_form.deadline.data, poster_deadline=active_form.poster_deadline.data, participation_types=active_form.participation_types, thesis_types=active_form.thesis_types, order=active_form.order.data, type=active_form.type, author=current_user.get_user(), title=active_form.title.data, slug=active_form.slug.data, body_name=active_form.body_name.data, body=active_form.body.data, banner=banner_name, attachments=file_name) commit() return p.id if active_form.validate_on_submit(): if active_form.type != MeetingPostType.MEETING: if active_form.meeting_id.data and Meeting.exists( id=active_form.meeting_id.data, post_type=MeetingPostType.MEETING.value): return redirect(url_for('.blog_post', post=add_post())) active_form.meeting_id.errors = ['Bad parent'] else: if active_form.deadline.data and active_form.poster_deadline.data: return redirect(url_for('.blog_post', post=add_post())) active_form.deadline.errors = ["Need deadline"] active_form.poster_deadline.errors = ["Need deadline"] elif admin and form == FormRoute.NEW_EMAIL_TEMPLATE: message = 'New Email Template' tabs[5]['active'] = True active_form = EmailForm() def add_post(): banner_name, file_name = combo_save(active_form.banner_field, active_form.attachment) p = Email(from_name=active_form.from_name.data, reply_name=active_form.reply_name.data, reply_mail=active_form.reply_mail.data, meeting=active_form.meeting_id.data, type=active_form.type, author=current_user.get_user(), title=active_form.title.data, slug=active_form.slug.data, body=active_form.body.data, banner=banner_name, attachments=file_name) commit() return p.id if active_form.validate_on_submit(): if active_form.type.is_meeting: if active_form.meeting_id.data and Meeting.exists( id=active_form.meeting_id.data, post_type=MeetingPostType.MEETING.value): return redirect(url_for('.blog_post', post=add_post())) active_form.meeting_id.errors = ['Bad parent'] else: return redirect(url_for('.blog_post', post=add_post())) elif admin and form == FormRoute.NEW_MEMBER_PAGE: message = 'New Member' tabs[6]['active'] = True active_form = TeamForm() if active_form.validate_on_submit(): banner_name, file_name = combo_save(active_form.banner_field, active_form.attachment) p = TeamPost(type=active_form.type, title=active_form.title.data, slug=active_form.slug.data, body=active_form.body.data, banner=banner_name, attachments=file_name, author=current_user.get_user(), role=active_form.role.data, scopus=active_form.scopus.data, order=active_form.order.data) commit() return redirect(url_for('.blog_post', post=p.id)) elif admin and form == FormRoute.BAN_USER: message = 'Ban User' tabs[7]['active'] = True active_form = BanUserForm() if active_form.validate_on_submit(): u = User.get(email=active_form.email.data.lower()) u.active = False flash('Successfully banned %s %s (%s)' % (u.name, u.surname, u.email)) elif admin and form == FormRoute.CHANGE_USER_ROLE: message = 'Change Role' tabs[8]['active'] = True active_form = ChangeRoleForm() if active_form.validate_on_submit(): u = User.get(email=active_form.email.data.lower()) u.user_role = active_form.type.value flash('Successfully changed %s %s (%s) role' % (u.name, u.surname, u.email)) else: # admin or GTFO return redirect(url_for('.profile')) return render_template("forms.html", subtitle='Profile', title=current_user.full_name, tabs=tabs, form=active_form, message=message)
def dispatch_request(self, page=1): if not current_user.role_is(UserRole.ADMIN): return redirect(url_for('.index')) q = select(x for x in Email).order_by(Email.id.desc()) return blog_viewer(page, q, '.emails', 'E-mail templates', 'list')
def dispatch_request(self, post): admin = current_user.is_authenticated and current_user.role_is( UserRole.ADMIN) edit_post = None remove_post_form = None special_form = None special_field = None children = [] title = None info = None p = Post.get(id=post) if not p: return redirect(url_for('.blog')) opened_by_author = current_user.is_authenticated and p.author.id == current_user.id downloadable = admin or p.classtype != 'Thesis' or opened_by_author deletable = admin or p.classtype == 'Thesis' and opened_by_author and p.meeting.deadline > datetime.utcnow( ) """ admin page """ if admin: remove_post_form = DeleteButtonForm(prefix='delete') if p.classtype == 'BlogPost': edit_post = PostForm(obj=p) elif p.classtype == 'Meeting': edit_post = MeetingForm(obj=p) elif p.classtype == 'Thesis': edit_post = ThesisForm(obj=p) elif p.classtype == 'Email': edit_post = EmailForm(obj=p) elif p.classtype == 'TeamPost': edit_post = TeamForm(obj=p) else: # BAD POST return redirect(url_for('.blog')) if remove_post_form.validate_on_submit(): p.delete() return remove_post_form.redirect('.blog') elif edit_post.validate_on_submit(): p.body = edit_post.body.data p.title = edit_post.title.data p.date = datetime.utcnow() if hasattr(edit_post, 'slug') and edit_post.slug.data: p.slug = edit_post.slug.data if edit_post.banner_field.data: p.banner = save_upload(edit_post.banner_field.data, images=True) if edit_post.attachment.data: p.add_attachment(*save_upload(edit_post.attachment.data)) if hasattr(p, 'update_type'): try: p.update_type(edit_post.type) if p.classtype == 'Thesis': sub = Subscription.get(user=p.author, meeting=p.meeting) sub.update_type(edit_post.type.participation_type) except Exception as e: edit_post.post_type.errors = [str(e)] if hasattr(p, 'update_meeting') and p.can_update_meeting( ) and edit_post.meeting_id.data: p.update_meeting(edit_post.meeting_id.data) if hasattr(p, 'update_order') and edit_post.order.data: p.update_order(edit_post.order.data) if hasattr(p, 'update_role'): p.update_role(edit_post.role.data) if hasattr(p, 'update_scopus'): p.update_scopus(edit_post.scopus.data) if hasattr(p, 'update_from_name'): p.update_from_name(edit_post.from_name.data) if hasattr(p, 'update_reply_name'): p.update_reply_name(edit_post.reply_name.data) if hasattr(p, 'update_reply_mail'): p.update_reply_mail(edit_post.reply_mail.data) if hasattr(p, 'update_body_name'): p.update_body_name(edit_post.body_name.data) if hasattr(p, 'update_deadline') and edit_post.deadline.data: p.update_deadline(edit_post.deadline.data) if hasattr(p, 'update_poster_deadline' ) and edit_post.poster_deadline.data: p.update_poster_deadline(edit_post.poster_deadline.data) if hasattr(p, 'update_participation_types' ) and edit_post.participation_types: p.update_participation_types(edit_post.participation_types) if hasattr(p, 'update_thesis_types') and edit_post.thesis_types: p.update_thesis_types(edit_post.thesis_types) """ Meetings sidebar and title """ if p.classtype == 'Meeting': title = p.meeting.title children.append( dict(title='Event main page', url=url_for('.blog_post', post=p.meeting_id))) children.extend( dict(title=x.title, url=url_for('.blog_post', post=x.id)) for x in p.meeting.children.filter( lambda x: x.classtype == 'Meeting').order_by( lambda x: x.special['order'])) children.append( dict(title='Participants', url=url_for('.participants', event=p.meeting_id))) children.append( dict(title='Abstracts', url=url_for('.abstracts', event=p.meeting_id))) if p.type != MeetingPostType.MEETING: crumb = dict(url=url_for('.blog_post', post=p.meeting_id), title=p.title, parent='Event main page') if current_user.is_authenticated and p.type == MeetingPostType.REGISTRATION \ and p.deadline > datetime.utcnow(): sub = Subscription.get(user=current_user.get_user(), meeting=p.meeting) special_form = MeetForm( prefix='special', obj=sub, types=p.meeting.participation_types) if special_form.validate_on_submit(): thesis = Thesis.get(post_parent=p.meeting, author=current_user.get_user()) if sub: if special_form.type == MeetingPartType.LISTENER and thesis: special_form.part_type.errors = [ 'Listener participation type unavailable. ' 'You sent thesis earlier.' ] flash('Participation type change error', 'error') else: sub.update_type(special_form.type) thesis_type = ThesisPostType.thesis_types( special_form.type)[-1] if thesis and thesis.type != thesis_type: thesis.update_type(thesis_type) flash('Thesis type changed! Check it.') flash('Participation type changed!') else: Subscription(current_user.get_user(), p.meeting, special_form.type) flash('Welcome to meeting!') m = Email.get( post_parent=p.meeting, post_type=EmailPostType.MEETING_THESIS.value) send_mail((m and m.body or '%s\n\nYou registered to meeting') % current_user.full_name, current_user.email, to_name=current_user.full_name, title=m and m.title, subject=m and m.title or 'Welcome to meeting', banner=m and m.banner, from_name=m and m.from_name, reply_mail=m and m.reply_mail, reply_name=m and m.reply_name) elif current_user.is_authenticated and p.type == MeetingPostType.SUBMISSION \ and p.poster_deadline > datetime.utcnow(): sub = Subscription.get(user=current_user.get_user(), meeting=p.meeting) if sub and sub.type != MeetingPartType.LISTENER and \ not Thesis.exists(post_parent=p.meeting, author=current_user.get_user()): thesis_types = p.meeting.thesis_types special_form = ThesisForm( prefix='special', body_name=p.body_name, types=[ x for x in ThesisPostType.thesis_types(sub.type) if x in thesis_types ]) if special_form.validate_on_submit(): banner_name, file_name = combo_save( special_form.banner_field, special_form.attachment) t = Thesis(p.meeting_id, type=special_form.type, title=special_form.title.data, body=special_form.body.data, banner=banner_name, attachments=file_name, author=current_user.get_user()) commit() return redirect(url_for('.blog_post', post=t.id)) else: crumb = dict(url=url_for('.blog'), title='Post', parent='News') elif p.classtype == 'Thesis': if current_user.is_authenticated and opened_by_author and p.meeting.poster_deadline > datetime.utcnow( ): sub = Subscription.get(user=current_user.get_user(), meeting=p.meeting) thesis_types = p.meeting.thesis_types special_form = ThesisForm( prefix='special', obj=p, body_name=p.body_name, types=[ x for x in ThesisPostType.thesis_types(sub.type) if x in thesis_types ]) if special_form.validate_on_submit(): p.title = special_form.title.data p.body = special_form.body.data p.update_type(special_form.type) if special_form.banner_field.data: p.banner = save_upload(special_form.banner_field.data, images=True) if special_form.attachment.data: p.add_attachment( *save_upload(special_form.attachment.data)) crumb = dict(url=url_for('.abstracts', event=p.meeting_id), title='Abstract', parent='Event participants') special_field = '**Presentation Type**: *%s*' % p.type.fancy elif p.classtype == 'TeamPost': crumb = dict(url=url_for('.students'), title='Student', parent='Laboratory') \ if p.type == TeamPostType.STUDENT else dict(url=url_for('.about'), title='Member', parent='Laboratory') if p.scopus: special_field = get_articles(p.scopus) elif p.type == BlogPostType.ABOUT: crumb = dict(url=url_for('.about'), title='Description', parent='Laboratory') else: crumb = dict(url=url_for('.blog'), title='Post', parent='News') """ collect sidebar news """ info = select(x for x in Post if x.id != post and x.post_type in ( BlogPostType.IMPORTANT.value, MeetingPostType.MEETING.value)).order_by( Post.date.desc()).limit(3) return render_template("post.html", title=title or p.title, post=p, info=info, downloadable=downloadable, children=children, deletable=deletable, edit_form=edit_post, remove_form=remove_post_form, crumb=crumb, special_form=special_form, special_field=special_field)