diff options
author | Alexander Sulfrian <alex@spline.inf.fu-berlin.de> | 2016-01-10 05:08:36 +0100 |
---|---|---|
committer | Alexander Sulfrian <alex@spline.inf.fu-berlin.de> | 2016-01-10 05:08:36 +0100 |
commit | 1ec270de4390f215f874e8fad23736ce978c1bbd (patch) | |
tree | f56ebd30ec7648f785b558e499148d424bc55147 /views.py | |
parent | 915c05c05a5b510d53042944582dc62c7d3f28d1 (diff) | |
download | padlite-teams-1ec270de4390f215f874e8fad23736ce978c1bbd.tar.gz padlite-teams-1ec270de4390f215f874e8fad23736ce978c1bbd.tar.bz2 padlite-teams-1ec270de4390f215f874e8fad23736ce978c1bbd.zip |
Use sqlalchemy, flask-migrate, flask-login and flask-script
No peewee anymore. All dependencies are available as debian packages now.
Diffstat (limited to 'views.py')
-rw-r--r-- | views.py | 342 |
1 files changed, 229 insertions, 113 deletions
@@ -1,64 +1,110 @@ -from app import app -from auth import auth from flask import g, request, redirect, render_template, url_for, flash, \ - session, get_flashed_messages, abort -from flask_peewee.utils import get_object_or_404 -from models import Group, Member, Pad, Session -from forms import CreateGroup, DeleteForm, ChangeGroup, CreatePad, ChangePad -from utils import templated, after_this_request -from pagination import Pagination + session, get_flashed_messages, abort +from flask.ext.login import login_required, login_user, logout_user, \ + current_user from urlparse import urlparse -from filters import * +from sqlalchemy import and_ +from datetime import datetime +import uuid + +from app import app, db +from models import User, Group, Member, Pad, Session +from forms import CreateGroup, DeleteForm, ChangeGroup, CreatePad, ChangePad, \ + LoginForm +from utils.login import auth +from utils.viewdecorators import templated +from utils.request import after_this_request +from utils.filters import * +import utils.pagination + + +@app.route('/login', methods=['GET', 'POST']) +@templated() +def login(): + form = LoginForm() + if form.validate_on_submit(): + user = auth(app.config['LDAP'], User, + form.user.data, form.password.data) + + if user is not None: + user.last_login = datetime.now() + db.session.commit() + login_user(user) + db.session.commit() + + session['uuid'] = unicode(uuid.uuid4()) + return form.redirect('index') + + flash('Wrong user or password') -def get_group_or_404(*query): - group = get_object_or_404(Group.select().join(Member), - Member.user == g.user, *query) - return group + return dict(form=form) -@app.after_request -def call_after_request_callbacks(response): - for callback in getattr(g, 'after_request_callbacks', ()): - callback(response) - return response +@app.route('/logout', methods=['GET']) +def logout(): + logout_user() + if 'uuid' in session: + Session.query.filter(Session.uuid == session['uuid']).delete() + del session['uuid'] + return redirect(url_for('index')) @app.route('/', methods=['GET', 'POST']) -@templated('index.html') -@auth.login_required +@templated() +@login_required def index(): form = CreateGroup(request.form) if form.validate_on_submit(): group = Group() form.populate_obj(group) - group.save() - Member.create(user=g.user, group=group, admin=True, active=True) + db.session.add(group) form = CreateGroup() - groups = [member.group for member in g.user.groups if member.active] - return {'groups': groups, 'create_form': form} + + Member.create(user=current_user, group=group, + admin=True, active=True) + db.session.commit() + + memberships = Member.query.filter( + Member.user == current_user, + Member.active == True, + ).all() + + groups = [member.group for member in memberships] + return dict(groups=groups, create_form=form) @app.route('/_all/', defaults={'page': 1}) @app.route('/_all/_page/<int:page>') -@templated('all.html') +@templated() +@login_required def all(page): - user_groups = Group.select().join(Member).where(Member.user == g.user) - public_groups = Group.select().where(~(Group.id << user_groups)).where(Group.browsable == True) - count = public_groups.count() - return {'groups': public_groups.paginate(page, 10), - 'count': count, - 'pagination': Pagination(page, 10, count), + public_groups = Group.query.filter( + ~Group.members.any(Member.user == current_user), + Group.browsable == True, + ) + + pageination = public_groups.paginate(page, 10) + return {'groups': pageination.items, + 'count': pageination.total, + 'pagination': pageination, 'breadcrumbs': [{'text': 'Public groups'}]} @app.route('/_all/<group_name>/', methods=['GET', 'POST']) @templated('group.html') +@login_required def public_group(group_name): - user_groups = Group.select().join(Member).where(Member.user == g.user) - group = get_object_or_404(Group.select(), ~(Group.id << user_groups), Group.name == group_name, Group.public == True) + group = Group.query.filter( + ~Group.members.any(Member.user == current_user), + Group.name == group_name, + Group.browsable == True, + ).first_or_404() + if request.method == 'POST': - Member.create(user=g.user, group=group) + Member.create(user=current_user, group=group) + db.session.commit() return redirect(url_for('all')) + return {'group': group, 'public_view': True, 'breadcrumbs': [ @@ -67,161 +113,223 @@ def public_group(group_name): @app.route('/<group_name>/_delete/', methods=['GET', 'POST']) -@templated('group_delete.html') -@auth.login_required +@templated() +@login_required def group_delete(group_name): - group = get_group_or_404(Group.name == group_name, Member.admin == True) + group = Group.query.filter( + Group.name == group_name, + Group.members.any(and_(Member.user == current_user, + Member.admin == True, + Member.active == True)), + ).first_or_404() + form = DeleteForm(request.form) if form.validate_on_submit(): if form.sure.data == 'yes': - group.delete_instance(recursive=True) + db.session.delete(group) + db.session.commit() return redirect(url_for('index')) return {'group': group, 'delete_form': form, - 'breadcrumbs': [{'href': url_for('group', group_name=group.name), 'text': group}, + 'breadcrumbs': [{'href': url_for('group', group_name=group.name), + 'text': group}, {'text': 'Delete group'}]} @app.route('/<group_name>/_change/', methods=['GET', 'POST']) -@templated('group_change.html') -@auth.login_required +@templated() +@login_required def group_change(group_name): - group = get_group_or_404(Group.name == group_name, Member.admin == True) + group = Group.query.filter( + Group.name == group_name, + Group.members.any(and_(Member.user == current_user, + Member.admin == True, + Member.active == True)), + ).first_or_404() + form = ChangeGroup(request.form, obj=group) if form.validate_on_submit(): del form.name form.populate_obj(group) - group.save() + db.session.commit() return redirect(url_for('group', group_name=group.name)) + return {'group': group, 'change_form': form, - 'breadcrumbs': [{'href': url_for('group', group_name=group.name), 'text': group}, + 'breadcrumbs': [{'href': url_for('group', group_name=group.name), + 'text': group}, {'text': 'Edit group'}]} @app.route('/<group_name>/_join/<int:member_id>/<accept>/') -@auth.login_required +@login_required def group_join(group_name, member_id, accept): - group = get_group_or_404(Group.name == group_name, Member.admin == True) - member = get_object_or_404(Member, Member.id == member_id, Member.group == group) + group = Group.query.filter( + Group.name == group_name, + Group.members.any(and_(Member.user == current_user, + Member.admin == True, + Member.active == True)), + ).first_or_404() + + member = Member.query.filter( + Member.id == member_id, + Member.group == group, + Member.active == False, + ).first_or_404() + if accept == 'yes': member.active = True - member.save() + db.session.commit() elif accept == 'no': - member.delete_instance() + db.session.delete(member) + db.session.commit() + return redirect(url_for('group', group_name=group_name)) @app.route('/<group_name>/_create_pad/', methods=['GET', 'POST']) @templated('pad_change.html') -@auth.login_required +@login_required def pad_create(group_name): - group = get_group_or_404(Group.name == group_name, Member.admin == True) + group = Group.query.filter( + Group.name == group_name, + Group.members.any(and_(Member.user == current_user, + Member.admin == True, + Member.active == True)), + ).first_or_404() + form = CreatePad(request.form, group=group) if form.validate_on_submit(): pad = Pad() form.populate_obj(pad) pad.group = group - pad.save() + db.session.add(pad) + db.session.commit() return redirect(url_for('group', group_name = group_name)) return {'group': group, 'change_form': form, - 'breadcrumbs': [{'href': url_for('group', group_name=group.name), 'text': group}, + 'breadcrumbs': [{'href': url_for('group', group_name=group.name), + 'text': group}, {'text': 'Create pad'}]} @app.route('/<group_name>/<pad_name>/_edit/', methods=['GET', 'POST']) -@templated('pad_change.html') -@auth.login_required +@templated() +@login_required def pad_change(group_name, pad_name): - group = get_group_or_404(Group.name == group_name, Member.admin == True) - - try: - pad = Pad.get(Pad.name == pad_name, Pad.group == group) - except Pad.DoesNotExist: - if member.admin == True: - return redirect(url_for('group', group_name = group_name)) - abort(404) + group = Group.query.filter( + Group.name == group_name, + Group.members.any(and_(Member.user == current_user, + Member.admin == True, + Member.active == True)), + ).first_or_404() + + pad = Pad.query.filter( + Pad.name == pad_name, + Pad.group == group, + ).first_or_404() form = ChangePad(request.form, obj=pad) if form.validate_on_submit(): del form.name form.populate_obj(pad) - pad.save() + db.session.commit() return redirect(url_for('group', group_name=group.name)) return {'group': group, 'pad': pad, 'change_form': form, - 'breadcrumbs': [{'href': url_for('group', group_name=group.name), 'text': group}, + 'breadcrumbs': [{'href': url_for('group', group_name=group.name), + 'text': group}, {'text': 'Edit pad: %s' % pad.name}]} @app.route('/<group_name>/<pad_name>/_delete/', methods=['GET', 'POST']) -@templated('pad_delete.html') -@auth.login_required +@templated() +@login_required def pad_delete(group_name, pad_name): - group = get_group_or_404(Group.name == group_name, Member.admin == True) - - try: - pad = Pad.get(Pad.name == pad_name, Pad.group == group) - except Pad.DoesNotExist: - if member.admin == True: - return redirect(url_for('group', group_name = group_name)) - abort(404) + group = Group.query.filter( + Group.name == group_name, + Group.members.any(and_(Member.user == current_user, + Member.admin == True, + Member.active == True)), + ).first_or_404() + + pad = Pad.query.filter( + Pad.name == pad_name, + Pad.group == group, + ).first_or_404() form = DeleteForm(request.form) if form.validate_on_submit(): if form.sure.data == 'yes': - pad.delete_instance(recursive=True) + db.session.delete(pad) + db.session.commit() return redirect(url_for('group', group_name=group.name)) return {'group': group, 'pad': pad, 'delete_form': form, - 'breadcrumbs': [{'href': url_for('group', group_name=group.name), 'text': group}, + 'breadcrumbs': [{'href': url_for('group', group_name=group.name), + 'text': group}, {'text': 'Delete pad: %s' % pad.name}]} @app.route('/<group_name>/<pad_name>/') -@templated('pad.html') -@auth.login_required +@templated() +@login_required def pad(group_name, pad_name): - try: - group = get_object_or_404(Group, Group.name == group_name) - member = Member.get(Member.group == group, Member.user == g.user) - except Member.DoesNotExist: - if group.public == False: + group = Group.query.filter( + Group.name == group_name, + ).first_or_404() + + member = Member.query.filter( + Member.group == group, + Member.user == current_user, + Member.active == True, + ).first() + + if member is None: + if not group.public: abort(404) + flash('You are not member of this group. You may request membership.') return redirect(url_for('public_group', group_name = group.name)) - try: - pad = Pad.get(Pad.name == pad_name, Pad.group == group) - except Pad.DoesNotExist: - if member.admin == True: - return redirect(url_for('group', group_name = group_name)) - abort(404) - - api_session = None - try: - api_session = Session.get(Session.group == group, - Session.user == g.user, - Session.uuid == session['uuid']) - if not api_session.is_valid(): - api_session.delete_instance() - api_session = None - except: - pass - - if api_session is None: - Session.create(user = g.user, group = group, uuid = session['uuid']) - - sessions = Session.select().where(Session.user == g.user, Session.uuid == session['uuid']) + pad = Pad.query.filter( + Pad.name == pad_name, + Pad.group == group, + ).first() + + if pad is None: + if not member.admin: + abort(404) + + flash('Pad "%s" not found.' % pad_name) + return redirect(url_for('group', group_name = group_name)) + + api_session = Session.query.filter( + Session.group == group, + Session.user == current_user, + Session.uuid == session['uuid'], + ).first() + + if api_session is None or not api_session.is_valid(): + if api_session: + db.session.delete(api_session) + + Session.create(user=current_user, group=group, uuid=session['uuid']) + db.session.commit() + + sessions = Session.query.filter( + Session.user == current_user, + Session.uuid == session['uuid'], + ).all() @after_this_request def set_session(response): - response.set_cookie('sessionID' , '%2C'.join([s.api_id for s in sessions])) + response.set_cookie('sessionID' , + '%2C'.join([s.api_id for s in sessions])) # ignore user logged in messages get_flashed_messages() @@ -230,13 +338,21 @@ def pad(group_name, pad_name): @app.route('/<group_name>/') -@templated('group.html') -@auth.login_required +@templated() +@login_required def group(group_name): - group = get_group_or_404(Group.name == group_name) - member = get_object_or_404(Member, Member.user == g.user, Member.group == group) + group = Group.query.filter( + Group.name == group_name, + ).first_or_404() + + member = Member.query.filter( + Member.user == current_user, + Member.group == group, + Member.active == True, + ).first_or_404() + return {'group': group, - 'pads': list(group.pads), + 'pads': group.pads, 'admin': member.admin, - 'members': [m for m in group.members.execute()], + 'members': group.members, 'breadcrumbs': [{'text': group}]} |