from flask import Blueprint, render_template, request, abort from todosrht.access import get_tracker, get_access from todosrht.tickets import get_participant_for_user from todosrht.types import Tracker, Ticket, Event, EventNotification, EventType from todosrht.types import User, Participant from srht.config import cfg from srht.oauth import current_user from srht.flask import paginate_query, session from sqlalchemy import and_, or_ html = Blueprint('html', __name__) def filter_authorized_events(events): events = (events .join(Ticket, Ticket.id == Event.ticket_id) .join(Tracker, Tracker.id == Ticket.tracker_id)) if current_user: participant = get_participant_for_user(current_user) events = (events.filter( or_( and_( Ticket.submitter_perms != None, Ticket.submitter_id == participant.id, Ticket.submitter_perms > 0), and_( Ticket.user_perms != None, Ticket.user_perms > 0), and_( Ticket.anonymous_perms != None, Ticket.anonymous_perms > 0), and_( Ticket.submitter_perms == None, Ticket.submitter_id == participant.id, Tracker.default_submitter_perms > 0), and_( Ticket.user_perms == None, Tracker.default_user_perms > 0), and_( Ticket.anonymous_perms == None, Tracker.default_anonymous_perms > 0)))) else: events = (events.filter( or_( and_( Ticket.anonymous_perms != None, Ticket.anonymous_perms > 0), and_( Ticket.anonymous_perms == None, Tracker.default_anonymous_perms > 0)))) return events @html.route("/") def index(): if not current_user: return render_template("index.html") trackers = (Tracker.query .filter(Tracker.owner_id == current_user.id) .order_by(Tracker.updated.desc()) ) limit_trackers = 10 total_trackers = trackers.count() trackers = trackers.limit(limit_trackers).all() events = (Event.query .join(EventNotification) .filter(EventNotification.user_id == current_user.id) .order_by(Event.created.desc())) events = events.limit(10).all() notice = session.get("notice") if notice: del session["notice"] return render_template("dashboard.html", trackers=trackers, notice=notice, tracker_list_msg="Your Trackers", more_trackers=total_trackers > limit_trackers, events=events, EventType=EventType) @html.route("/~") def user_GET(username): user = User.query.filter(User.username == username.lower()).first() if not user: abort(404) trackers = Tracker.query.filter(Tracker.owner_id == user.id) if current_user and current_user != user: trackers = trackers.filter(Tracker.default_user_perms > 0) elif not current_user: trackers = trackers.filter(Tracker.default_anonymous_perms > 0) limit_trackers = 10 total_trackers = trackers.count() trackers = (trackers .order_by(Tracker.updated.desc()) .limit(limit_trackers) ).all() # TODO: Join on stuff the user has explicitly been granted access to events = (Event.query .join(Participant, Event.participant_id == Participant.id) .filter(Participant.user_id == user.id) .order_by(Event.created.desc())) if not current_user or current_user.id != user.id: events = filter_authorized_events(events) events = events.limit(10).all() return render_template("dashboard.html", user=user, trackers=trackers, tracker_list_msg="Trackers", more_trackers=total_trackers > limit_trackers, events=events, EventType=EventType) @html.route("/trackers/~") def trackers_for_user(username): user = User.query.filter(User.username == username.lower()).first() if not user: abort(404) trackers = Tracker.query.filter(Tracker.owner_id == user.id) if current_user and current_user != user: trackers = trackers.filter(Tracker.default_user_perms > 0) elif not current_user: trackers = trackers.filter(Tracker.default_anonymous_perms > 0) search = request.args.get("search") if search: trackers = trackers.filter(or_( Tracker.name.ilike("%" + search + "%"), Tracker.description.ilike("%" + search + "%"))) trackers = trackers.order_by(Tracker.updated.desc()) trackers, pagination = paginate_query(trackers) return render_template("trackers.html", user=user, trackers=trackers, search=search, **pagination)