Compare commits
No commits in common. "c7675b5e28135f2fdd1f6a2f8347cc0050345590" and "df4f2eaf81eb74597b968811dee5fb809d7899ec" have entirely different histories.
c7675b5e28
...
df4f2eaf81
5
app.py
5
app.py
|
@ -16,12 +16,10 @@ import requests
|
|||
import sys
|
||||
from sanic.log import logger, logging, access_logger
|
||||
from metrics import *
|
||||
from utils import isSessionAdmin
|
||||
from email_util import killSmptClient
|
||||
import pretixClient
|
||||
import traceback
|
||||
|
||||
|
||||
app = Sanic(__name__)
|
||||
app.static("/res", "res/")
|
||||
|
||||
|
@ -82,7 +80,6 @@ async def main_start(*_):
|
|||
app.ctx.tpl = Environment(loader=FileSystemLoader("tpl"), autoescape=True)
|
||||
app.ctx.tpl.globals.update(time=time)
|
||||
app.ctx.tpl.globals.update(PROPIC_DEADLINE=PROPIC_DEADLINE)
|
||||
app.ctx.tpl.globals.update(ROOM_DEADLINE=ROOM_DEADLINE)
|
||||
app.ctx.tpl.globals.update(LOCALES=LOCALES)
|
||||
app.ctx.tpl.globals.update(ITEMS_ID_MAP=ITEMS_ID_MAP)
|
||||
app.ctx.tpl.globals.update(ITEM_VARIATIONS_MAP=ITEM_VARIATIONS_MAP)
|
||||
|
@ -159,7 +156,7 @@ async def welcome(request, order: Order, quota: Quotas):
|
|||
room_members.append(await app.ctx.om.get_order(code=member_id, cached=True))
|
||||
|
||||
tpl = app.ctx.tpl.get_template('welcome.html')
|
||||
return html(tpl.render(order=order, quota=quota, room_members=room_members, pending_roommates=pending_roommates, ROOM_ERROR_MESSAGES=ROOM_ERROR_TYPES, isSessionAdmin=await isSessionAdmin(request, order)))
|
||||
return html(tpl.render(order=order, quota=quota, room_members=room_members, pending_roommates=pending_roommates, ROOM_ERROR_MESSAGES=ROOM_ERROR_TYPES))
|
||||
|
||||
|
||||
@app.route("/manage/download_ticket")
|
||||
|
|
|
@ -17,8 +17,6 @@ PROPIC_MAX_FILE_SIZE = 5 * 1024 * 1024 # 5MB
|
|||
PROPIC_MAX_SIZE = (2048, 2048) # (Width, Height)
|
||||
PROPIC_MIN_SIZE = (125, 125) # (Width, Height)
|
||||
|
||||
ROOM_DEADLINE = 9999999999
|
||||
|
||||
# This is used for feedback sending inside of the app. Feedbacks will be sent to the specified chat using the bot api id.
|
||||
TG_BOT_API = '123456789:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
|
||||
TG_CHAT_ID = -1234567
|
||||
|
|
|
@ -3,7 +3,6 @@ from sanic import Blueprint, exceptions, response
|
|||
from ext import *
|
||||
from urllib.parse import unquote
|
||||
from config import ADMINS
|
||||
from utils import isSessionAdmin
|
||||
import json
|
||||
|
||||
bp = Blueprint("karaoke", url_prefix="/manage/karaoke")
|
||||
|
@ -11,7 +10,7 @@ bp = Blueprint("karaoke", url_prefix="/manage/karaoke")
|
|||
@bp.get("/admin")
|
||||
async def show_songs(request, order: Order):
|
||||
|
||||
if not await isSessionAdmin(request, order):
|
||||
if not order.isAdmin():
|
||||
raise exceptions.Forbidden("Birichino")
|
||||
|
||||
orders = [x for x in request.app.ctx.om.cache.values() if x.karaoke_songs]
|
||||
|
@ -29,7 +28,7 @@ async def show_songs(request, order: Order):
|
|||
@bp.post("/approve")
|
||||
async def approve_songs(request, order: Order):
|
||||
|
||||
if not await isSessionAdmin(request, order):
|
||||
if not order.isAdmin():
|
||||
raise exceptions.Forbidden("Birichino")
|
||||
|
||||
for song in request.form:
|
||||
|
@ -45,7 +44,7 @@ async def sing_song(request, order: Order, songname):
|
|||
|
||||
if not order: raise exceptions.Forbidden("You have been logged out. Please access the link in your E-Mail to login again!")
|
||||
|
||||
if not await isSessionAdmin(request, order):
|
||||
if not order.isAdmin():
|
||||
raise exceptions.Forbidden("Birichino")
|
||||
|
||||
songname = unquote(songname)
|
||||
|
|
|
@ -6,7 +6,6 @@ from PIL import Image
|
|||
from io import BytesIO
|
||||
from hashlib import sha224
|
||||
from time import time
|
||||
from utils import isSessionAdmin
|
||||
import os
|
||||
|
||||
bp = Blueprint("propic", url_prefix="/manage/propic")
|
||||
|
@ -39,7 +38,7 @@ async def upload_propic(request, order: Order):
|
|||
if order.propic_locked:
|
||||
raise exceptions.BadRequest("You have been limited from further editing the propic.")
|
||||
|
||||
if request.form.get('submit') != 'Upload' and (time() > PROPIC_DEADLINE and not await isSessionAdmin(request, order)):
|
||||
if request.form.get('submit') != 'Upload' and time() > PROPIC_DEADLINE:
|
||||
raise exceptions.BadRequest("The deadline has passed. You cannot modify the badges at this moment.")
|
||||
|
||||
if request.form.get('submit') == 'Delete main image':
|
||||
|
|
11
room.py
11
room.py
|
@ -6,18 +6,9 @@ from config import headers
|
|||
import os
|
||||
from image_util import generate_room_preview, get_room
|
||||
from utils import confirm_room_by_order
|
||||
from time import time
|
||||
|
||||
bp = Blueprint("room", url_prefix="/manage/room")
|
||||
|
||||
@bp.middleware
|
||||
async def deadline_check(request: Request):
|
||||
order = await get_order(request)
|
||||
if not order:
|
||||
raise exceptions.Forbidden("You have been logged out. Please access the link in your E-Mail to login again!")
|
||||
if time() > ROOM_DEADLINE and not await isSessionAdmin(request, order):
|
||||
raise exceptions.BadRequest("The deadline has passed. You cannot modify the room at this moment.")
|
||||
|
||||
@bp.post("/create")
|
||||
async def room_create_post(request, order: Order):
|
||||
if not order: raise exceptions.Forbidden("You have been logged out. Please access the link in your E-Mail to login again!")
|
||||
|
@ -313,7 +304,7 @@ async def confirm_room(request, order: Order, quotas: Quotas):
|
|||
#if quotas.get_left(len(order.room_members)) == 0:
|
||||
# raise exceptions.BadRequest("There are no more rooms of this size to reserve.")
|
||||
|
||||
await confirm_room_by_order(order, request)
|
||||
confirm_room_by_order(order, request)
|
||||
|
||||
return redirect('/manage/welcome')
|
||||
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
# python merda
|
||||
import asyncio
|
||||
|
||||
async def a():
|
||||
print("a")
|
||||
|
||||
def b():
|
||||
loop = asyncio.get_event_loop()
|
||||
print(loop)
|
||||
|
||||
b()
|
|
@ -32,7 +32,7 @@
|
|||
{% endif %}
|
||||
</div>
|
||||
|
||||
{% if time() > PROPIC_DEADLINE and not isSessionAdmin %}
|
||||
{% if time() > PROPIC_DEADLINE %}
|
||||
<p class="notice">⚠️ The deadline to upload pictures for the badge has expired. For last-minute changes, please contact the support over at <a href="mailto:info@furizon.net">info@furizon.net</a>. If your badge has been printed already, changing it will incur in a 2€ fee. You can also get extra badges at the reception for the same price. If you upload a propic now, it might not be printed on time.</p>
|
||||
{% else %}
|
||||
<p><em>
|
||||
|
@ -43,9 +43,9 @@
|
|||
{% endif %}
|
||||
|
||||
<div class="grid grid_2x2">
|
||||
<input style="grid-area: 1 / 1 / 2 / 3;" type="submit" name="submit" value="Upload" {{'disabled' if ((order.ans('propic') and order.ans('propic_fursuiter'))) or (time() > PROPIC_DEADLINE and not isSessionAdmin) else ''}} />
|
||||
<input style="grid-area: 2 / 1 / 3 / 2;" type="submit" name="submit" value="Delete main image" {{'disabled' if ((time() > PROPIC_DEADLINE and not isSessionAdmin) or not order.ans('propic')) else ''}} />
|
||||
<input style="grid-area: 2 / 2 / 3 / 3;" type="submit" name="submit" value="Delete fursuit image" {{'disabled' if ((time() > PROPIC_DEADLINE and not isSessionAdmin) or not order.ans('propic_fursuiter')) else ''}} />
|
||||
<input style="grid-area: 1 / 1 / 2 / 3;" type="submit" name="submit" value="Upload" {{'disabled' if (order.ans('propic') and order.ans('propic_fursuiter')) else ''}} />
|
||||
<input style="grid-area: 2 / 1 / 3 / 2;" type="submit" name="submit" value="Delete main image" {{'disabled' if (time() > PROPIC_DEADLINE or not order.ans('propic')) else ''}} />
|
||||
<input style="grid-area: 2 / 2 / 3 / 3;" type="submit" name="submit" value="Delete fursuit image" {{'disabled' if (time() > PROPIC_DEADLINE or not order.ans('propic_fursuiter')) else ''}} />
|
||||
</div>
|
||||
</form>
|
||||
</details>
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
{% if person.status == 'pending' %}
|
||||
<p><strong style="color:red;">UNPAID</strong></p>
|
||||
{% endif %}
|
||||
{% if order.room_owner and person.code != order.code and (not order.room_confirmed) and (time() <= ROOM_DEADLINE or isSessionAdmin) %}<a href="/manage/room/kick/{{person.code}}">KICK</a>{% endif %}
|
||||
{% if order.room_owner and person.code != order.code and (not order.room_confirmed) %}<a href="/manage/room/kick/{{person.code}}">KICK</a>{% endif %}
|
||||
</div>
|
||||
|
||||
{% if person.status != 'paid' %}
|
||||
|
@ -51,7 +51,7 @@
|
|||
{# {% if order.room_id == order.code and not order.room_confirmed and len(room_members) < 5%} #}
|
||||
{% if order.room_id == order.code and not order.room_confirmed and len(room_members) < order.room_person_no %}
|
||||
<div>
|
||||
<a {% if time() <= ROOM_DEADLINE or isSessionAdmin %} href="javascript:document.getElementById('modal-roominvite').setAttribute('open', 'true');" {% else %} disabled {% endif %}>
|
||||
<a href="javascript:document.getElementById('modal-roominvite').setAttribute('open', 'true');">
|
||||
<div class="propic-container">
|
||||
<img class="propic" src="/res/new.png" />
|
||||
<h3>Invite</h3>
|
||||
|
@ -63,13 +63,13 @@
|
|||
</div>
|
||||
{% elif order.pending_room %}
|
||||
<p>You have have asked to join the room of another member. Wait for them to confirm or reject your request.</p>
|
||||
<a role="button" href="/manage/room/cancel_request" {{'disabled' if time() > ROOM_DEADLINE and not isSessionAdmin else ''}}>Cancel pending join request</a>
|
||||
<a role="button" href="/manage/room/cancel_request">Cancel pending join request</a>
|
||||
{% else %}
|
||||
<p class="notice">🎲 If you don't join a room or create your one within the room deadline, we will randomly put you into a room with free spots.</p>
|
||||
<p>To join a room, ask somebody to send you their room code.</p>
|
||||
<p class="grid">
|
||||
<a role="button" href="/manage/room/create" {{'disabled' if time() > ROOM_DEADLINE and not isSessionAdmin else ''}}>Create a room</a>
|
||||
<a role="button" href="javascript:document.getElementById('modal-joinroom').setAttribute('open', 'true');" {{'disabled' if time() > ROOM_DEADLINE and not isSessionAdmin else ''}}>Join a room</a>
|
||||
<a role="button" href="/manage/room/create">Create a room</a>
|
||||
<a role="button" href="javascript:document.getElementById('modal-joinroom').setAttribute('open', 'true');">Join a room</a>
|
||||
</p>
|
||||
{% endif %}
|
||||
|
||||
|
@ -83,17 +83,17 @@
|
|||
{% if order.room_owner %}
|
||||
|
||||
{% if not order.room_confirmed %}
|
||||
{# <a role="button" {{'disabled' if time() > ROOM_DEADLINE and not isSessionAdmin else ''}} {% if not room.forbidden and quota.get_left(len(room_members)) > 0 %}href="javascript:document.getElementById('modal-roomconfirm').setAttribute('open', 'true');"{% endif %}>Confirm <strong>{{[None,'single','double','triple','quadruple','quintuple'][len(room_members)]}}</strong> room</a> #}
|
||||
{# <a role="button" {% if not room.forbidden and quota.get_left(len(room_members)) > 0 %}href="javascript:document.getElementById('modal-roomconfirm').setAttribute('open', 'true');"{% endif %}>Confirm <strong>{{[None,'single','double','triple','quadruple','quintuple'][len(room_members)]}}</strong> room</a> #}
|
||||
|
||||
<a style="grid-area: 1 / 1 / 2 / 2;" role="button" href="javascript:document.getElementById('modal-roomrename').setAttribute('open', 'true');" {{'disabled' if time() > ROOM_DEADLINE and not isSessionAdmin else ''}}>Rename room</a>
|
||||
<a style="grid-area: 1 / 2 / 2 / 3;" href="/manage/room/delete" role="button" {{'disabled' if (len(room_members) > 1) or (time() > ROOM_DEADLINE and not isSessionAdmin) else ''}} >Delete room</a>
|
||||
<a style="grid-area: 2 / 1 / 3 / 3; display:block;" role="button" {{'disabled' if time() > ROOM_DEADLINE and not isSessionAdmin else ''}} {% if not room.forbidden and len(room_members) == order.room_person_no %}href="javascript:document.getElementById('modal-roomconfirm').setAttribute('open', 'true');"{% endif %}>Confirm <strong>{{[None,'single','double','triple','quadruple','quintuple'][order.room_person_no]}}</strong> room</a>
|
||||
<a style="grid-area: 1 / 1 / 2 / 2;" role="button" href="javascript:document.getElementById('modal-roomrename').setAttribute('open', 'true');">Rename room</a>
|
||||
<a style="grid-area: 1 / 2 / 2 / 3;" href="/manage/room/delete" role="button" {{'disabled' if (len(room_members) > 1) else ''}} >Delete room</a>
|
||||
<a style="grid-area: 2 / 1 / 3 / 3; display:block;" role="button" {% if not room.forbidden and len(room_members) == order.room_person_no %}href="javascript:document.getElementById('modal-roomconfirm').setAttribute('open', 'true');"{% endif %}>Confirm <strong>{{[None,'single','double','triple','quadruple','quintuple'][order.room_person_no]}}</strong> room</a>
|
||||
{% else %}
|
||||
{# <a style="grid-area: 1 / 1 / 2 / 2;" role="button" {{'disabled' if time() > ROOM_DEADLINE and not isSessionAdmin else ''}} href="javascript:navigator.share({title: 'Furizon room', text:'Viewing room {{order.room_name}}', url: `${window.location.protocol}//${window.location.host}/manage/room/view/{{order.code}}}`});">Share</a> #}
|
||||
{# <a style="grid-area: 1 / 1 / 2 / 2;" role="button" href="javascript:navigator.share({title: 'Furizon room', text:'Viewing room {{order.room_name}}', url: `${window.location.protocol}//${window.location.host}/manage/room/view/{{order.code}}}`});">Share</a> #}
|
||||
{% endif %}
|
||||
{% else %}
|
||||
{% if order.room_id and not order.room_confirmed %}
|
||||
<a href="/manage/room/leave" role="button" {{'disabled' if time() > ROOM_DEADLINE and not isSessionAdmin else ''}}>Leave room</a>
|
||||
<a href="/manage/room/leave" role="button">Leave room</a>
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
</p>
|
||||
|
@ -111,8 +111,8 @@
|
|||
<td><strong style="color:red;">UNPAID</strong></td>
|
||||
{% endif %}
|
||||
{% if order.room_owner %}
|
||||
<td style="width:1%;white-space: nowrap;"><a role="button" href="/manage/room/approve/{{person.code}}" {{'disabled' if time() > ROOM_DEADLINE and not isSessionAdmin else ''}}>Approve</a></td>
|
||||
<td style="width:1%;white-space: nowrap;"><a role="button" href="/manage/room/reject/{{person.code}}" {{'disabled' if time() > ROOM_DEADLINE and not isSessionAdmin else ''}}>Reject</a></td>
|
||||
<td style="width:1%;white-space: nowrap;"><a role="button" href="/manage/room/approve/{{person.code}}">Approve</a></td>
|
||||
<td style="width:1%;white-space: nowrap;"><a role="button" href="/manage/room/reject/{{person.code}}">Reject</a></td>
|
||||
{% endif %}
|
||||
</tr>
|
||||
</div>
|
||||
|
|
13
utils.py
13
utils.py
|
@ -288,19 +288,6 @@ async def validate_rooms(request, rooms, om):
|
|||
logger.info(f"[ROOM VALIDATION] Sent {sent_count} emails")
|
||||
|
||||
|
||||
# Returns true if the logged used is an admin OR if it's an admin logged as another user
|
||||
async def isSessionAdmin(request, order):
|
||||
if(order.isAdmin()): return True
|
||||
|
||||
orgCode = request.cookies.get("foxo_code_ORG")
|
||||
orgSecret = request.cookies.get("foxo_secret_ORG")
|
||||
if orgCode != None and orgSecret != None:
|
||||
|
||||
user = await request.app.ctx.om.get_order(code=orgCode)
|
||||
if(user == None): return False
|
||||
if(user.secret != orgSecret): raise exceptions.Forbidden("Birichino :)")
|
||||
return user.isAdmin()
|
||||
|
||||
async def check_room(request, order, om=None):
|
||||
room_errors = []
|
||||
room_members = []
|
||||
|
|
Loading…
Reference in New Issue