def test_is_moderator(): user = User(id=1, name="test", first_name="utilisateur", email="*****@*****.**") db.session.add(user) u = User.query.get(1) assert is_moderator(u) == False a= Authorization(channel_id=1,user_id=1,permission=2) db.session.add(a) assert is_moderator(u) == True
def index(): # Team06: Export to PDF feature if request.method == "POST": action = request.form.get('@action', '') if action == "export": post_id = request.form.get("id") chan_id = request.form.get("template") return pdf.export(post_id, chan_id) # end addition user = User.query.get(session.get("user_id", "")) if session.get( "logged_in", False) else None posts = [] flattened_list_pubs = [] # TEAM06: add – pdf pdf_chans = db.session.query(Channel).filter( Channel.module == 'superform.plugins.pdf' ) # end add chans = [] if user is not None: setattr(user, 'is_mod', is_moderator(user)) posts = db.session.query(Post).filter( Post.user_id == session.get("user_id", "")) chans = get_moderate_channels_for_user(user) pubs_per_chan = (db.session.query(Publishing).filter( (Publishing.channel_id == c.id) & (Publishing.state == 0)) for c in chans) flattened_list_pubs = [y for x in pubs_per_chan for y in x] # TEAM06: changes in the render_template, templates return render_template("index.html", user = user, posts = posts, channels = chans, publishings = flattened_list_pubs, templates = pdf_chans)
def search_post() : ''' Searching in query for posts with a specific filter :param no param, except request.form from front-end. This form contains all filters possible for a search :return: data, JSON containing all data retrieved from queries, based on filters. ''' user = User.query.get(session.get("user_id", "")) if session.get("logged_in", False) else None posts=[] data = [] print(str(request.form)) if user is not None: setattr(user,'is_mod',is_moderator(user)) posts = db.session.query(Post).filter((Post.user_id==session.get("user_id", "")) & (Post.title.like('%'+request.form['subject']+'%')) & (Post.description.like('%'+request.form['body']+'%')) ).order_by(request.form['sorted']) for item in posts : row = {} row["id"] = str(item.id) row["title"] = item.title row["description"] = str(item.description.splitlines()) row["hrefEdit"] = "#" #Add here after creating buttons function row["hrefCopy"] = "#" row["hrefDelete"] = "#" row["hrefExportPdf"] = str(item.id) data.append(row) return json.dumps(data)
def search_publishings() : ''' Searching in query for publishings with a specific filter :param no param, except request.form from front-end. This form contains all filters possible for a search :return: data, JSON containing all data retrieved from queries, based on filters. ''' data = [] user = User.query.get(session.get("user_id", "")) if session.get("logged_in", False) else None posts = [] chans = [] flattened_list_pubs = [] if user is not None: setattr(user, 'is_mod', is_moderator(user)) chans = get_moderate_channels_for_user(user) pubs_per_chan = (db.session.query(Publishing).filter((Publishing.channel_id == c.id) & (Publishing.title.like('%'+request.form['subject']+'%')) & (Publishing.description.like('%' + request.form['body'] + '%')) & (Publishing.state == 0)) for c in chans) flattened_list_pubs = [y for x in pubs_per_chan for y in x] print(str(flattened_list_pubs)) for p in flattened_list_pubs : #request.form['author'] in p.get_author() and if str(p.channel_id) in request.form.getlist('channels[]'): row = {} for c in chans : if c.id == p.channel_id: row["channel"] = c.name row["subject"] = p.title row["body"] = str(p.description.splitlines()) row["author"] = p.get_author() row["button"] = url_for('publishings.moderate_publishing',id=p.post_id,idc=p.channel_id) data.append(row) return json.dumps(data)
def callback(): auth = OneLogin_Saml2_Auth(prepare_saml_request(request), current_app.config["SAML"]) auth.process_response() errors = auth.get_errors() if len(errors) == 0: auth_attrs = auth.get_attributes() mappings = current_app.config["SAML"]["attributes"] attrs = {key: auth_attrs[mapping][0] for key, mapping in mappings.items()} user = User.query.get(attrs["uid"]) if not user: user = User(id=attrs["uid"], name=attrs["sn"], first_name=attrs["givenName"], email=attrs["email"]) db.session.add(user) db.session.commit() session["logged_in"] = True session["user_id"] = user.id session["first_name"] = user.first_name session["name"] = user.name session["email"] = user.email session["admin"] = user.admin session["moderator"] = is_moderator(user) # Redirect to desired url self_url = OneLogin_Saml2_Utils.get_self_url(prepare_saml_request(request)) if 'RelayState' in request.form and self_url != request.form['RelayState']: return redirect(auth.redirect_to(request.form['RelayState'])) else: return make_response(", ".join(errors), 500) return make_response("saml_acs_error", 500)
def get_publications(user): if user is None: return [] setattr(user, 'is_mod', is_moderator(user)) my_pubs = [] if user is not None: my_pubs = [pub for _, _, pub in db.session.query(Channel, Post, Publishing) .filter(Channel.id == Publishing.channel_id) .filter(Publishing.post_id == Post.id) .filter(Post.user_id == user.id).order_by(desc(Publishing.post_id))] return my_pubs
def delete_publishing(post_id, channel_id): user = User.query.get(session.get("user_id", "")) if session.get( "logged_in", False) else None if user is not None: setattr(user, 'is_mod', is_moderator(user)) post = db.session.query(Post).filter_by(id=post_id).first() if post is not None: post_user_id = post.user_id if post_user_id == user.id or user.is_mod: publishings = db.session.query(Publishing).filter( Publishing.post_id == post_id).all() channel = db.session.query(Channel).filter( Channel.id == channel_id).first() for pub in publishings: if pub.channel_id == channel.id: fb_connected = True # The publishing has been posted if pub.state == 1: # It is posted on Facebook if channel.module == "superform.plugins.facebook": print("ALERT") from superform.plugins.facebook import fb_token if fb_token == 0: # User is not connected on Facebook flash("You are not connected on Facebook!") fb_connected = False else: extra = json.loads(pub.extra) fb_delete(extra["facebook_post_id"]) # It is posted on Wiki elif channel.module == "superform.plugins.wiki": wiki_delete(pub.title, channel.config) if fb_connected: db.session.delete(pub) db.session.commit() else: # The user is trying to delete the publishing linked to a post he did not create flash( "You don't have the rights to delete this post (not the creator)" ) else: # The post does not exist return render_template('404.html'), 404 else: # User is not connected return render_template('403.html'), 403 return redirect(url_for('delete.delete', id=post_id))
def index(): user = User.query.get(session.get("user_id", "")) if session.get("logged_in", False) else None posts = [] flattened_list_pubs = [] if user is not None: setattr(user, 'is_mod', is_moderator(user)) posts = db.session.query(Post).filter(Post.user_id == session.get("user_id", "")) chans = get_moderate_channels_for_user(user) pubs_per_chan = ( db.session.query(Publishing).filter((Publishing.channel_id == c.id) & (Publishing.state == 0)) for c in chans) flattened_list_pubs = [y for x in pubs_per_chan for y in x] return render_template("index.html", user=user, posts=posts, publishings=flattened_list_pubs)
def index(): user = User.query.get(session.get("user_id", "")) if session.get( "logged_in", False) else None user_posts = [] moderable_pubs_per_chan = [] my_accepted_pubs = [] my_refused_pubs = [] if user is not None: setattr(user, 'is_mod', is_moderator(user)) from sqlalchemy import desc user_posts = db.session.query(Post).filter(Post.user_id == session.get("user_id", "")).order_by(desc(Post.id))\ .limit(5).all() moderable_pubs_per_chan = [ pub for _, _, pub in db.session.query(Authorization, Channel, Publishing).filter( Authorization.user_id == user.id, Authorization.permission == Permission.MODERATOR.value).filter( Authorization.channel_id == Publishing.channel_id).filter( Publishing.post_id == Post.id).filter( Channel.id == Publishing.channel_id).filter( Publishing.state == State.NOTVALIDATED.value). order_by(desc(Publishing.post_id)).limit(5).all() ] my_refused_pubs = [ pub for _, _, pub in db.session.query(Channel, Post, Publishing). filter(Channel.id == Publishing.channel_id).filter( Publishing.post_id == Post.id).filter( Publishing.state == State.REFUSED.value).filter( Post.user_id == user.id).order_by(desc(Post.id)).limit( 5).all() ] my_accepted_pubs = [ pub for _, _, pub in db.session.query(Channel, Post, Publishing). filter(Channel.id == Publishing.channel_id).filter( Publishing.post_id == Post.id).filter( Publishing.state == State.VALIDATED.value).filter( Post.user_id == user.id).order_by(desc(Post.id)).limit( 5).all() ] return render_template("index.html", user=user, posts=user_posts, publishings=moderable_pubs_per_chan, my_refused_publishings=my_refused_pubs, my_accepted_publishings=my_accepted_pubs, states=State)
def delete_publishing(post_id, channel_id): user = User.query.get(session.get("user_id", "")) if session.get( "logged_in", False) else None if user is not None: setattr(user, 'is_mod', is_moderator(user)) post = db.session.query(Post).filter_by(id=post_id).first() if post is not None: post_user_id = post.user_id if post_user_id == user.id or user.is_mod: publishings = db.session.query(Publishing).filter( Publishing.post_id == post_id).all() channel = db.session.query(Channel).filter( Channel.id == channel_id).first() for pub in publishings: if pub.channel_id == channel.id: # The publishing has been posted if pub.state == State.VALIDATED.value: # Do specific actions depending of the channel # flash("The publishing has been posted") # return redirect(url_for('delete.delete', id=post_id)) # Default: remove publishing as it was not validated pass db.session.delete(pub) db.session.commit() else: # The user is trying to delete the publishing linked to a post he did not create flash( "You don't have the rights to delete this post (not the creator)" ) else: # The post does not exist return render_template('404.html'), 404 else: # User is not connected return render_template('403.html'), 403 return redirect(url_for('delete.delete', id=post_id))
def delete_post(id): user = User.query.get(session.get("user_id", "")) if session.get( "logged_in", False) else None if user is not None: setattr(user, 'is_mod', is_moderator(user)) post = db.session.query(Post).filter_by(id=id).first() if post is not None: post_user_id = post.user_id if post_user_id == user.id or user.is_mod: publishings = db.session.query(Publishing).filter( Publishing.post_id == id).all() post_del_cond = True for _ in publishings: # If there is any publishing post_del_cond = False # If every publishing linked to the post has been deleted (otherwise violation of constraint in db) if post_del_cond: db.session.delete(post) db.session.commit() else: flash( "At least one publishing remains, cannot delete post", category='error') else: # The user trying to delete the post is not the one who created it flash( "You don't have the rights to delete this post (not the creator)" ) else: # The post does not exist return render_template('404.html'), 404 else: # User is not connected return render_template('403.html'), 403 return redirect(url_for('index'))
def delete(id): user = User.query.get(session.get("user_id", "")) if session.get( "logged_in", False) else None drafts = [] unmoderated = [] posted = [] has_draft = False has_unmoderated = False has_posted = False if not user: # User is not connected return render_template('403.html'), 403 setattr(user, 'is_mod', is_moderator(user)) post = db.session.query(Post).get(id) if post is not None: post_user_id = post.user_id if post_user_id == user.id or user.is_mod: publishings = db.session.query(Publishing).filter( Publishing.post_id == id).all() for pub in publishings: # The publishing is a draft if pub.state == State.INCOMPLETE.value: drafts.append(pub) has_draft = True # The publishing has been submitted for review elif pub.state == State.NOT_VALIDATED.value: unmoderated.append(pub) has_unmoderated = True # The publishing has been refused elif pub.state == State.REFUSED.value: unmoderated.append(pub) has_unmoderated = True # The publishing has been posted elif pub.state == State.VALIDATED.value: channel = db.session.query(Channel).filter( Channel.id == pub.channel_id).first() # The channel is Facebook if channel.module == "superform.plugins.facebook": posted.append((pub, "fb")) has_posted = True # The channel is Wiki elif channel.module == "superform.plugins.wiki": posted.append((pub, "wiki")) has_posted = True else: posted.append((pub, "0")) has_posted = True # The publishing has been archived else: pass else: # The user trying to delete the post is not the one who created it flash( "You don't have the rights to delete this post (not the creator)" ) else: # The post does not exist return render_template('404.html'), 404 if has_draft or has_unmoderated or has_posted: return render_template("delete.html", user=user, post=post, draft_pubs=drafts, unmoderated_pubs=unmoderated, posted_pubs=posted, has_draft=has_draft, has_unmoderated=has_unmoderated, has_posted=has_posted) else: return delete_post(id)
def index(): # Team06: Export to PDF feature if request.method == "POST": action = request.form.get('@action', '') if action == "export": post_id = request.form.get("id") chan_id = request.form.get("template") return export(post_id, chan_id) # end addition user_id = session.get("user_id", "") if session.get("logged_in", False) else -1 user = User.query.get(user_id) if session.get("logged_in", False) else None # TEAM06: add – pdf pdf_chans = db.session.query(Channel).filter( Channel.module == 'superform.plugins.pdf') # end add posts_var = [] pubs_unvalidated = [] chans = [] if user is not None and user_id != -1: setattr(user, 'is_mod', is_moderator(user)) chans = get_moderate_channels_for_user(user) # AJOUTER Post.user_id == user_id dans posts DANS QUERY? posts_var = db.session.query(Post).filter( Post.user_id == user_id).order_by(Post.date_created.desc()) for post in posts_var: publishings_var = db.session.query(Publishing).filter( Publishing.post_id == post.id).all() channels_var = set() for publishing in publishings_var: channels_var.add( db.session.query(Channel).filter( Channel.id == publishing.channel_id).first()) setattr(post, "channels", channels_var) posts_user = db.session.query(Post).filter( Post.user_id == user_id).all() pubs_unvalidated = db.session.query(Publishing).filter( Publishing.state == State.REFUSED.value).filter( Publishing.user_id == user_id).order_by( Publishing.post_id).order_by(Publishing.channel_id).all() post_ids = [p.id for p in posts_user] for pub_unvalidated in pubs_unvalidated: if pub_unvalidated.post_id in post_ids: size_comment = current_app.config["SIZE_COMMENT"] channels_var = [ db.session.query(Channel).filter( Channel.id == pub_unvalidated.channel_id).first() ] setattr(pub_unvalidated, "channels", channels_var) last_comment = db.session.query(Comment).filter( Comment.publishing_id == pub_unvalidated.publishing_id).first() comm = comm_short = last_comment.moderator_comment[: size_comment] if len(last_comment.moderator_comment) > size_comment: comm_short = comm + "..." comm = last_comment.moderator_comment setattr(pub_unvalidated, "comment_short", comm_short) setattr(pub_unvalidated, "comment", comm) # TEAM06: changes in the render_template, templates return render_template("index.html", posts=posts_var[:5], pubs_unvalidated=pubs_unvalidated, templates=pdf_chans, user=user, channels=chans)