def save_info(id):
intent = request.form.get('intent', 'accept')
group = mdl.Group.one(id=id)
if not current_user.has_role(mdl.Role.ADMIN):
if intent != 'update' or group.user.id != current_user.id:
# For non-admins we only allow "update" permission on owned goups.
return gettext("Access Denied!"), 403
# attributes that don't require admin permissions.
num_vegetarians = request.form.get('num_vegetarians', 0)
num_participants = request.form.get('num_participants', 0)
data = {
'name': request.form['name'],
'phone': request.form['phone'],
'comments': request.form['comments'],
'contact': request.form['contact'],
'email': request.form.get('email', ''),
'num_vegetarians': int(num_vegetarians) if num_vegetarians else 0,
'num_participants': int(num_participants) if num_participants else 0,
'send_email': True,
'notification_recipient': 'admins',
'user_is_admin': False,
}
# ... next, if we are allowed, add admin-only attributes
if current_user.has_role(mdl.Role.ADMIN):
if 'direction' in request.form:
data['direction'] = request.form['direction']
data['start_time'] = request.form['start_time']
data['send_email'] = request.form.get('send_email') == 'true'
data['cancelled'] = request.form.get('cancelled') == 'true'
data['completed'] = request.form.get('completed') == 'true'
if intent == 'accept' and not group.accepted:
loco.accept_registration(current_app.mailer,
group.confirmation_key,
group)
flash(gettext('Accepted registration for group {}').format(
group.name), 'info')
else:
data['accepted'] = request.form.get('accepted') == 'true'
data['notification_recipient'] = 'owner'
data['user_is_admin'] = True
loco.update_group(current_app.mailer, id, data)
flash(gettext('Group {name} successfully updated!').format(
name=data['name']), 'info')
if data['send_email']:
flash(gettext('E-Mail sent successfully!'), 'info')
if current_user.has_role(mdl.Role.ADMIN):
return redirect(url_for('group.edit', name=data['name']))
else:
return redirect(url_for('root.profile'))
def accept(key):
group = mdl.Group.one(key=key)
if group.accepted:
flash(gettext('This group has already been accepted!'), 'info')
loco.accept_registration(current_app.mailer, key, group)
return render_template('edit_group.html',
group=group,
dir_a=mdl.DIR_A,
dir_b=mdl.DIR_B)
def save_group_info(id):
if current_user.is_anonymous() or not current_user.admin:
return "Access denied", 401
group = loco.get_grps_by_id(id)
if not group.finalized:
loco.accept_registration(group.confirmation_key, request.form)
flash(gettext('Accepted registration for group {}').format(group.name),
'info')
return redirect(url_for('index'))
else:
loco.update_group(id,
request.form,
request.form['send_email'] == 'true')
flash(gettext('Group {name} successfully updated!').format(
name=request.form['name']), 'info')
if request.form['send_email'] == 'true':
flash(gettext('E-Mail sent successfully!'), 'info')
return redirect(url_for('tabularadmin', table='group'))