diff --git a/jm2l/__init__.py b/jm2l/__init__.py index 01b1148..0301231 100644 --- a/jm2l/__init__.py +++ b/jm2l/__init__.py @@ -13,7 +13,6 @@ import locale def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ - locale.setlocale(locale.LC_ALL, "fr_FR.UTF-8") engine = engine_from_config(settings, 'sqlalchemy.') DBSession.configure(bind=engine) @@ -54,12 +53,14 @@ def main(global_config, **settings): # Session setting Routes config.add_route('year', '/year/{year:\d+}') + config.add_route('vote_logo', '/vote_logo/{num:\d+}') # HTML Routes - Staff config.add_route('list_task', '/Staff') config.add_route('handle_pole', '/Staff/poles{sep:/*}{pole_id:(\d+)?}') config.add_route('handle_task', '/Staff/tasks{sep:/*}{task_id:(\d+)?}') config.add_route('action_task', '/Staff/{action:(\w+)}/{task_id:(\d+)}') + config.add_route('action_task_area', '/Staff/pole/{action:(\w+)}/{pole_id:(\d+)}') # HTML Routes - Public config.add_route('home', '/') diff --git a/jm2l/models.py b/jm2l/models.py index fe56d9b..c57783b 100644 --- a/jm2l/models.py +++ b/jm2l/models.py @@ -62,6 +62,8 @@ class Tasks(Base): description = Column(UnicodeText) area = relationship(TasksArea, backref=backref("tasks") ) + assignee = relationship('User', backref=backref("task_assoc") ) + @classmethod def by_id(cls, id): return DBSession.query(cls).filter(cls.uid == id).first() @@ -122,14 +124,15 @@ class User(Base): fonction = Column(Unicode(80)) website = Column(Unicode(100)) phone = Column(Unicode(10)) - created = Column(DateTime, default=datetime.datetime.now) + created = Column(DateTime, default=datetime.datetime.now) last_logged = Column(DateTime, default=datetime.datetime.now) last_change = Column(DateTime, default=datetime.datetime.now) active = Column(Integer, default=1) - bio = Column(UnicodeText) - gpg_key = Column(UnicodeText) + bio = Column(UnicodeText) + gpg_key = Column(UnicodeText) soc_link = Column(UnicodeText) Staff = Column(Integer, default=0) + vote_logo = Column(Integer, default=0) # relations tiers = relationship('Tiers', secondary='user_tiers_link' ) events = relationship('Event', secondary='user_event_link' ) diff --git a/jm2l/scripts/initializedb.py b/jm2l/scripts/initializedb.py index 38776dd..8f93e52 100644 --- a/jm2l/scripts/initializedb.py +++ b/jm2l/scripts/initializedb.py @@ -17,7 +17,10 @@ from pyramid.paster import ( get_appsettings, setup_logging, ) - +from string import printable +from random import choice + + from jm2l.models import * from datetime import datetime @@ -37,7 +40,8 @@ def main(argv=sys.argv): engine = engine_from_config(settings, 'sqlalchemy.') DBSession.configure(bind=engine) Base.metadata.create_all(engine) - with transaction.manager: + if 0: + with transaction.manager: admin = User(nom=u'jm2l', prenom='contact', slug='contact jm2l', password=u'jm2l', mail=u'contact@jm2l.linux-azur.org', @@ -64,4 +68,15 @@ def main(argv=sys.argv): salle = Salles(name=u"Mystère", description=u"Salle Mystère", phy_salle_id = phy_salle.uid, year_uid = jm2l.year_uid) - DBSession.add(salle) \ No newline at end of file + DBSession.add(salle) + + with transaction.manager: + # Re-Generate passwords + for u in DBSession.query(User).filter(User.Staff==None): + # Fix empty fields + password = ''.join(choice(printable[:-6]) for _ in range(12)) + u.password = password + u.Staff = 0 + DBSession.merge(u) + print u.nom, u.prenom, u.Staff + \ No newline at end of file diff --git a/jm2l/static/img/error403.png b/jm2l/static/img/error403.png new file mode 100644 index 0000000..e344bf3 Binary files /dev/null and b/jm2l/static/img/error403.png differ diff --git a/jm2l/static/js/jm2l.js b/jm2l/static/js/jm2l.js index a700c4a..0ea6453 100644 --- a/jm2l/static/js/jm2l.js +++ b/jm2l/static/js/jm2l.js @@ -183,3 +183,4 @@ $(document).ready(function() { }); }); + diff --git a/jm2l/static/404.html b/jm2l/templates/Errors/403.mako similarity index 79% rename from jm2l/static/404.html rename to jm2l/templates/Errors/403.mako index 8d7925a..7c0d8f5 100644 --- a/jm2l/static/404.html +++ b/jm2l/templates/Errors/403.mako @@ -34,7 +34,7 @@ p { margin: 0 auto; - width: 280px; + width: 380px; } @media only screen and (max-width: 280px) { @@ -53,8 +53,13 @@ -

Page Not Found

-

Sorry, but the page you were trying to view does not exist.

+ +

Vous n'avez pas l'autorisation d'effectuer cette action.

+ % if reason: +

${reason}

+ % else: +

Vous n'êtes pas authentifié, ou n'avez pas les autorisations nécessaires.

+ % endif diff --git a/jm2l/templates/Public/Plan.mako b/jm2l/templates/Public/Plan.mako index 93adb7f..2f12596 100644 --- a/jm2l/templates/Public/Plan.mako +++ b/jm2l/templates/Public/Plan.mako @@ -63,10 +63,10 @@
diff --git a/jm2l/templates/Staff/list.mako b/jm2l/templates/Staff/list.mako index 690edfc..a8cd61f 100644 --- a/jm2l/templates/Staff/list.mako +++ b/jm2l/templates/Staff/list.mako @@ -61,7 +61,10 @@ from slugify import slugify ${task.name} - ${task.due_date.strftime("%d %b").decode("utf-8")} + + - ${task.assignee.pseudo or ' '.join([task.assignee.nom, task.assignee.prenom]) } + - ${task.due_date.strftime("%d %b").decode("utf-8")} + % endif diff --git a/jm2l/templates/Staff/pole.mako b/jm2l/templates/Staff/pole.mako index 0808137..2eecc61 100644 --- a/jm2l/templates/Staff/pole.mako +++ b/jm2l/templates/Staff/pole.mako @@ -22,8 +22,10 @@ Retour à la liste - % if 'uid' in form._fields.keys(): + + Supprimer ce pôle +

Editer un Pôle

% else:

Ajouter un Pôle

diff --git a/jm2l/templates/Staff/tasks.mako b/jm2l/templates/Staff/tasks.mako index 6e1f634..b49f9f7 100644 --- a/jm2l/templates/Staff/tasks.mako +++ b/jm2l/templates/Staff/tasks.mako @@ -32,12 +32,19 @@ Retour à la liste +% if 'uid' in form._fields.keys(): + + Supprimer cette tâche + +%endif % if 'uid' in form._fields.keys():

Editer une tâche

% else:

Ajouter une tâche

%endif + + <% DicForm = { 'name': {'PlaceHolder':u"Nom de la tâche", "FieldStyle":"width:90%;" }, diff --git a/jm2l/templates/edit_tiers.mako b/jm2l/templates/edit_tiers.mako index 452471b..3cac25b 100644 --- a/jm2l/templates/edit_tiers.mako +++ b/jm2l/templates/edit_tiers.mako @@ -63,7 +63,7 @@ DicForm = { id="membership-{{row-count-placeholder}}-user_uid" /> - + @@ -154,7 +154,7 @@ DicForm = { - +% if request.user: + +% endif diff --git a/jm2l/templates/view_tiers.mako b/jm2l/templates/view_tiers.mako index 95a5e23..bb5636b 100644 --- a/jm2l/templates/view_tiers.mako +++ b/jm2l/templates/view_tiers.mako @@ -13,9 +13,9 @@
${The_entity_type.entity_subtype}
-%if entity.tiers_id: - Link - -%endif +##%if entity.tiers_id: +## Link - +##%endif % if request.user and (request.user.Staff or request.user in entity.members): Editer % endif diff --git a/jm2l/views.py b/jm2l/views.py index bdf95ef..8fee2a2 100644 --- a/jm2l/views.py +++ b/jm2l/views.py @@ -77,7 +77,7 @@ def JSON_User_Request(request): UserQuery = request.params.get('searchTerm', u"") # Don't answer to users that aren't logged if not request.user: - return HTTPUnauthorized('You have to be logged to hope an answer.') + raise HTTPForbidden('You have to be logged to hope an answer.') # Check consistancy of parameters if pageSize.isdigit() and current_page.isdigit(): current_page = int(current_page) @@ -102,7 +102,7 @@ def JSON_Tiers_Request(request): TiersQuery = request.params.get('searchTerm', u"") # Don't answer to users that aren't logged if not request.user: - return HTTPUnauthorized('You have to be logged to hope an answer.') + raise HTTPForbidden('You have to be logged to hope an answer.') # Check consistancy of parameters if pageSize.isdigit() and current_page.isdigit(): current_page = int(current_page) @@ -341,13 +341,28 @@ def action_task(request): Task = Tasks.by_id(int(task_id)) if action=='close': Task.closed = True - request.session.flash(('info','Task was successfully closed!')) + request.session.flash(('info', u'La tâche a été fermé, Félicitations !')) + DBSession.merge(Task) if action=='open': Task.closed = False - request.session.flash(('info','Task was successfully re-opened!')) - DBSession.merge(Task) + request.session.flash(('info', u'La tâche a été ré-ouverte !')) + DBSession.merge(Task) + if action=='delete': + request.session.flash(('info', u'La tâche a été supprimée !')) + DBSession.delete(Task) return HTTPFound(location=request.route_url('list_task')+"#"+slugify(Task.area.name)) +@view_config(route_name='action_task_area') +def action_task_area(request): + action = request.matchdict.get('action') + pole_id = request.matchdict.get('pole_id') + Pole = TasksArea.by_id(int(pole_id)) + if not Pole: + raise HTTPNotFound() + if action=='delete': + request.session.flash(('info', u'Le pôle a été supprimé !')) + DBSession.delete(Pole) + return HTTPFound(location=request.route_url('list_task')) ## =-=- Here, We handle HTTP requests - User Logged Part -=-= @view_config(route_name='exchange', renderer="jm2l:templates/Logistique/Logistique.mako") @@ -403,16 +418,36 @@ def exchange(request): def sejour(request): if request.user is None: # Don't answer to users that aren't logged - return HTTPUnauthorized('You have to be logged to hope an answer.') + raise HTTPForbidden('You have to be logged to hope an answer.') if request.method == 'POST': print request.POST return HTTPFound(location='/MesJM2L#Sejour') +@view_config(route_name='vote_logo') +def vote_logo(request): + if request.user is None: + # Don't answer to users that aren't logged + raise HTTPForbidden('You have to be logged to hope an answer.') + else: + vote = int(request.matchdict.get('num', -1)) + come = request.params.get('come_from') + if vote: + request.user.vote_logo=vote + DBSession.merge(request.user) + request.session.flash(('info',u'Votre vote à été pris en compte.')) + return HTTPFound('/') + else: + request.session.flash(('warning',u"Votre vote n'a été pris en compte.")) + if come: + return HTTPFound(location=come) + raise HTTPForbidden('You have to be logged to hope an answer.') + + @view_config(route_name='jm2l', renderer="jm2l:templates/jm2l.mako") def jm2l_page(request): if request.user is None: # Don't answer to users that aren't logged - return HTTPUnauthorized('You have to be logged to hope an answer.') + raise HTTPForbidden('You have to be logged to hope an answer.') page = int(request.params.get('page', 1)) UserNum = request.params.get('user') @@ -686,7 +721,7 @@ def participer(request): body=body, html=html) message.add_bcc("spam@style-python.fr") - #mailer.send(message) + mailer.send(message) MainTab = {'programme':'','presse':'', 'plan':'', 'participer':'active', 'form':form, "link": MyLink, @@ -911,6 +946,9 @@ def show_tiers(request): def edit_tiers(request): entity_id = request.matchdict.get('entity_id', None) TargetList = list() + if request.user is None: + # Don't answer to users that aren't logged + raise HTTPForbidden('You have to be logged to hope an answer.') entity_types = DBSession.query(TiersOpt.entity_type).group_by(TiersOpt.entity_type).all() for entity_type in entity_types: entity_subtypes = DBSession.query(TiersOpt)\ @@ -1052,6 +1090,8 @@ def edit_tiers_category(request): @view_config(route_name='show_user', renderer="jm2l:templates/view_user.mako") def show_user(request): user_slug = request.matchdict.get('user_slug', None) + if user_slug is None or len(user_slug)==0: + raise HTTPNotFound(u"Cet utilisateur n'a pas été reconnu") # Query database DispUser = User.by_slug(user_slug) if DispUser is None: @@ -1080,6 +1120,13 @@ def link_role_entity(request): raise HTTPNotFound() return HTTPFound(location=request.route_url('edit_entity', uid=uid) ) +@forbidden_view_config() +def forbidden(reason, request): + #return Response('forbidden') + request.response.status = 403 + return render_to_response('jm2l:templates/Errors/403.mako', { "reason":reason }, + request=request) + @notfound_view_config() def notfound(reason, request): request.response.status = 404 @@ -1087,9 +1134,3 @@ def notfound(reason, request): request=request) -@forbidden_view_config() -def forbidden(reason, request): - #return Response('forbidden') - request.response.status = 404 - return render_to_response('jm2l:templates/Errors/404.mako', { "reason":reason }, - request=request)