From 61ef2ce6c90896d39ca61f8aea6b452dc31f2744 Mon Sep 17 00:00:00 2001 From: Max Meinhold Date: Sat, 16 May 2020 15:48:34 -0400 Subject: [PATCH 1/8] Update lxml and MarkupSafe --- requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 093dd36..bafa400 100644 --- a/requirements.txt +++ b/requirements.txt @@ -21,9 +21,9 @@ isort==4.3.4 itsdangerous==0.24 Jinja2~=2.10.3 lazy-object-proxy==1.3.1 -lxml==4.2.1 +lxml==4.5.0 Mako==1.0.7 -MarkupSafe==1.0 +MarkupSafe==1.1.1 mccabe==0.6.1 oic==0.11.0.1 Pillow==6.2.2 From 8ddf83f5d8a85084578ee93b963f40d22ec23d08 Mon Sep 17 00:00:00 2001 From: Max Meinhold Date: Sat, 16 May 2020 20:13:26 -0400 Subject: [PATCH 2/8] Update pylint and cleanup some dependencies --- requirements.txt | 65 ++++++++++++++++++++++++------------------------ 1 file changed, 33 insertions(+), 32 deletions(-) diff --git a/requirements.txt b/requirements.txt index bafa400..af268dc 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,50 +1,51 @@ -alabaster==0.7.10 +alabaster==0.7.12 alembic==0.9.9 -asn1crypto==0.24.0 -astroid==1.6.2 -Beaker==1.9.0 +astroid==2.4.1 +Beaker==1.11.0 blinker==1.4 -certifi==2018.1.18 +certifi==2020.4.5.1 cffi==1.14.0 chardet==3.0.4 -click==6.7 -cryptography==2.3 +click==7.1.2 +cryptography==2.9.2 csh-ldap==2.2.0 -Flask==1.0 +dnspython==1.16.0 +Flask==1.1.2 Flask-Migrate==2.1.1 Flask-pyoidc==1.2.0 Flask-SQLAlchemy==2.3.2 -future==0.16.0 +future==0.18.2 gunicorn==19.7.1 -idna==2.6 -isort==4.3.4 -itsdangerous==0.24 -Jinja2~=2.10.3 -lazy-object-proxy==1.3.1 +idna==2.9 +isort==4.3.21 +itsdangerous==1.1.0 +Jinja2==2.11.2 +lazy-object-proxy==1.4.3 lxml==4.5.0 -Mako==1.0.7 +Mako==1.1.2 MarkupSafe==1.1.1 mccabe==0.6.1 oic==0.11.0.1 -Pillow==6.2.2 -pyasn1==0.4.2 -pyasn1-modules==0.2.1 -pycparser==2.18 -pycryptodomex==3.5.1 -pyjwkest==1.4.0 -pyldap==3.0.0.post1 -pylint==1.8.3 +Pillow==7.1.2 +pyasn1==0.4.8 +pyasn1-modules==0.2.8 +pycparser==2.20 +pycryptodomex==3.9.7 +pyjwkest==1.4.2 +pylint==2.5.2 PyMySQL==0.8.0 -pyOpenSSL==17.5.0 -python-dateutil==2.7.2 +pyOpenSSL==19.1.0 +python-dateutil==2.8.1 python-docx==0.8.6 -python-editor==1.0.3 +python-editor==1.0.4 python-ldap==3.0.0 python-resize-image==1.1.11 -requests==2.20.0 -six==1.11.0 +requests==2.23.0 sentry-sdk==0.14.3 -SQLAlchemy~=1.3.0 -urllib3==1.24.2 -Werkzeug==0.15.5 -wrapt==1.10.11 +six==1.14.0 +SQLAlchemy==1.3.17 +srvlookup==2.0.0 +toml==0.10.1 +urllib3==1.25.9 +Werkzeug==1.0.1 +wrapt==1.12.1 From 6efdefe8fe23086b8786ea824e9c2d7a269bc06e Mon Sep 17 00:00:00 2001 From: Max Meinhold Date: Sat, 16 May 2020 20:15:06 -0400 Subject: [PATCH 3/8] Fix 500 when rtp/evals is not in a team --- selections/__init__.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/selections/__init__.py b/selections/__init__.py index 602bd67..0cb50ae 100644 --- a/selections/__init__.py +++ b/selections/__init__.py @@ -82,7 +82,7 @@ def main(info=None): reviewers[application.id] = [] evaluated[application.id] = bool(submission.query.filter_by(application=application.id, medium="Phone").all()) - if member and member.team or is_evals or is_rtp: + if member and member.team: team = members.query.filter_by(team=member.team) reviewed_apps = [a.application for a in submission.query.filter_by( member=info['uid']).all()] @@ -104,6 +104,15 @@ def main(info=None): averages=averages, evaluated=evaluated, reviewers=reviewers) + elif is_evals or is_rtp: + return render_template( + 'index.html', + info=info, + all_applications=all_applications, + all_users=all_users, + averages=averages, + evaluated=evaluated, + reviewers=reviewers) if __name__ == "__main__": From d8d41772200d62159cb15f45d363dfa5e36eceda Mon Sep 17 00:00:00 2001 From: Max Meinhold Date: Sat, 16 May 2020 22:03:38 -0400 Subject: [PATCH 4/8] Comply to pylint --- .pylintrc | 7 ++- selections/__init__.py | 48 ++++++++++--------- selections/blueprints/application.py | 69 ++++++++++++++-------------- selections/blueprints/teams.py | 20 ++++---- selections/ldap.py | 48 +++++++++---------- selections/models.py | 8 ++-- selections/utils.py | 17 +++---- 7 files changed, 110 insertions(+), 107 deletions(-) diff --git a/.pylintrc b/.pylintrc index 99e8cc9..290deb9 100644 --- a/.pylintrc +++ b/.pylintrc @@ -14,7 +14,9 @@ disable = global-statement, cyclic-import, locally-disabled, - file-ignored + file-ignored, + inconsistent-return-statements, + no-else-return [REPORTS] output-format = text @@ -28,6 +30,9 @@ single-line-if-stmt = no no-space-check = trailing-comma,dict-separator max-module-lines = 1000 indent-string = ' ' +string-quote=single-avoid-escape +triple-quote=single +docstring-quote=double [MISCELLANEOUS] notes = FIXME,XXX,TODO diff --git a/selections/__init__.py b/selections/__init__.py index 0cb50ae..f81ff23 100644 --- a/selections/__init__.py +++ b/selections/__init__.py @@ -1,3 +1,4 @@ +# pylint: disable=wrong-import-position import os from collections import defaultdict @@ -52,46 +53,49 @@ def main(info=None): is_evals = "eboard-evaluations" in info['member_info']['group_list'] is_rtp = "rtp" in info['member_info']['group_list'] - member = members.query.filter_by(username=info['uid']).first() + member = Members.query.filter_by(username=info['uid']).first() - all_applications = applicant.query.all() - all_users = [u.username for u in members.query.all()] + all_applications = Applicant.query.all() + all_users = [u.username for u in Members.query.all()] averages = {} reviewers = defaultdict(list) evaluated = {} - for application in all_applications: + for applicant in all_applications: score_sum = 0 - results = submission.query.filter_by( - application=application.id, + results = Submission.query.filter_by( + application=applicant.id, medium="Paper").all() - phone_r = submission.query.filter_by( - application=application.id, + phone_r = Submission.query.filter_by( + application=applicant.id, medium="Phone").first() for result in results: score_sum += int(result.score) - reviewers[application.id].append(result.member) - reviewers[application.id] = sorted(reviewers[application.id]) + reviewers[applicant.id].append(result.member) + reviewers[applicant.id] = sorted(reviewers[applicant.id]) if len(results) != 0: avg = int(score_sum / len(results)) if phone_r: avg += phone_r.score - averages[application.id] = avg + averages[applicant.id] = avg else: - averages[application.id] = 0 - reviewers[application.id] = [] - evaluated[application.id] = bool(submission.query.filter_by(application=application.id, medium="Phone").all()) + averages[applicant.id] = 0 + reviewers[applicant.id] = [] + evaluated[applicant.id] = bool(Submission.query.filter_by(application=applicant.id, medium="Phone").all()) if member and member.team: - team = members.query.filter_by(team=member.team) - reviewed_apps = [a.application for a in submission.query.filter_by( + team = Members.query.filter_by(team=member.team) + reviewed_apps = [a.application for a in Submission.query.filter_by( member=info['uid']).all()] - applications = [{ - "id": a.id, - "gender": a.gender, - "reviewed": a.id in reviewed_apps, - "interview": a.phone_int, - "review_count": submission.query.filter_by(application=a.id).count()} for a in applicant.query.filter_by(team=member.team).all()] + applications = [ + { + "id": a.id, + "gender": a.gender, + "reviewed": a.id in reviewed_apps, + "interview": a.phone_int, + "review_count": Submission.query.filter_by(application=a.id).count() + } for a in Applicant.query.filter_by(team=member.team).all() + ] return render_template( 'index.html', diff --git a/selections/blueprints/application.py b/selections/blueprints/application.py index e5bc6e1..5e3eb25 100644 --- a/selections/blueprints/application.py +++ b/selections/blueprints/application.py @@ -1,28 +1,27 @@ -from flask import render_template, redirect, url_for, flash, request - -from selections.utils import before_request, assign_pending_applicants -from selections import app, auth -from selections.models import * - from collections import defaultdict from zipfile import BadZipFile import docx +from flask import render_template, redirect, url_for, flash, request + +from selections.utils import before_request, assign_pending_applicants +from selections import app, auth +from selections.models import Applicant, Criteria, db, Members, Submission @app.route("/application/") @auth.oidc_auth @before_request def get_application(app_id, info=None): - reviewed = submission.query.filter_by( + reviewed = Submission.query.filter_by( id=app_id).filter_by(member=info['uid']).first() if reviewed: flash("You already reviewed that application!") return redirect(url_for("main")) - applicant_info = applicant.query.filter_by(id=app_id).first() + applicant_info = Applicant.query.filter_by(id=app_id).first() split_body = applicant_info.body.split("\n") - fields = criteria.query.filter_by(medium="Paper").all() + fields = Criteria.query.filter_by(medium="Paper").all() return render_template( "vote.html", application=applicant_info, @@ -34,14 +33,14 @@ def get_application(app_id, info=None): @app.route("/application", methods=["POST"]) @auth.oidc_auth @before_request -def create_application(info=None): - id = request.form.get("id") - member = applicant( - id=id, +def create_application(): + applicant_id = request.form.get("id") + applicant = Applicant( + id=applicant_id, body=request.form.get("application"), team=request.form.get("team"), gender=request.form.get("gender")) - db.session.add(member) + db.session.add(applicant) db.session.flush() db.session.commit() return get_application_creation() @@ -50,7 +49,7 @@ def create_application(info=None): @app.route("/application/import", methods=["POST"]) @auth.oidc_auth @before_request -def import_application(info=None): +def import_application(): word_file = request.files['file'] if not word_file: return "No file", 400 @@ -61,7 +60,7 @@ def import_application(info=None): unparsed_applications = defaultdict(list) applications = {} - old_apps = [int(app.id) for app in applicant.query.all()] + old_apps = [int(app.id) for app in Applicant.query.all()] try: document = docx.Document(word_file) @@ -92,7 +91,7 @@ def import_application(info=None): app_text += "\n{}".format(line) applications[app_id] = [app_gender, app_text] - new_app = applicant( + new_app = Applicant( id=app_id, body=app_text, team=-1, @@ -113,8 +112,8 @@ def delete_application(app_id, info=None): is_evals = "eboard-evaluations" in info['member_info']['group_list'] is_rtp = "rtp" in info['member_info']['group_list'] if is_evals or is_rtp: - scores = submission.query.filter_by(application=app_id).all() - applicant_info = applicant.query.filter_by(id=app_id).first() + scores = Submission.query.filter_by(application=app_id).all() + applicant_info = Applicant.query.filter_by(id=app_id).first() for score in scores: db.session.delete(score) db.session.flush() @@ -152,10 +151,10 @@ def submit_application(app_id, info=None): "value": request.form.get(crit.name), "weight": crit.weight, "max": crit.max_score, - "min": crit.min_score} for crit in criteria.query.filter_by(medium="Paper").all()] - applicant_info = applicant.query.filter_by(id=app_id).first() - member = members.query.filter_by(username=info['uid']).first() - submissions = [sub.member for sub in submission.query.filter_by( + "min": crit.min_score} for crit in Criteria.query.filter_by(medium="Paper").all()] + applicant_info = Applicant.query.filter_by(id=app_id).first() + member = Members.query.filter_by(username=info['uid']).first() + submissions = [sub.member for sub in Submission.query.filter_by( application=app_id).all()] if info['uid'] in submissions: @@ -175,7 +174,7 @@ def submit_application(app_id, info=None): for field in fields: total_score += (int(field["value"]) * field["weight"]) - member_score = submission( + member_score = Submission( application=app_id, member=member.username, medium="Paper", score=total_score) db.session.add(member_score) db.session.flush() @@ -188,9 +187,9 @@ def submit_application(app_id, info=None): @auth.oidc_auth @before_request def review_application(app_id, info=None): - applicant_info = applicant.query.filter_by(id=app_id).first() - evaluated = bool(submission.query.filter_by(application=app_id, medium="Phone").all()) - scores = submission.query.filter_by(application=app_id).all() + applicant_info = Applicant.query.filter_by(id=app_id).first() + evaluated = bool(Submission.query.filter_by(application=app_id, medium="Phone").all()) + scores = Submission.query.filter_by(application=app_id).all() split_body = applicant_info.body.split("\n") return render_template( 'review_app.html', @@ -198,16 +197,16 @@ def review_application(app_id, info=None): application=applicant_info, scores=scores, split_body=split_body, - evaluated = evaluated) + evaluated=evaluated) @app.route("/application/phone/", methods=['GET']) @auth.oidc_auth @before_request def get_phone_application(app_id, info=None): - applicant_info = applicant.query.filter_by(id=app_id).first() + applicant_info = Applicant.query.filter_by(id=app_id).first() split_body = applicant_info.body.split("\n") - scores = [subs.score for subs in submission.query.filter_by(application=app_id).all()] + scores = [subs.score for subs in Submission.query.filter_by(application=app_id).all()] total = 0 if scores: for score in scores: @@ -228,11 +227,11 @@ def get_phone_application(app_id, info=None): @before_request def promote_application(app_id, info=None): score = request.form.get("score") - new_submit = submission( - application = app_id, - member = info['uid'], - medium = "Phone", - score = score) + new_submit = Submission( + application=app_id, + member=info['uid'], + medium="Phone", + score=score) db.session.add(new_submit) db.session.flush() db.session.commit() diff --git a/selections/blueprints/teams.py b/selections/blueprints/teams.py index 5a7d8ba..33989bd 100644 --- a/selections/blueprints/teams.py +++ b/selections/blueprints/teams.py @@ -1,8 +1,8 @@ -from flask import render_template, redirect, url_for, flash, request +from flask import render_template, redirect, request from selections.utils import before_request from selections import app, auth, db -from selections.models import * +from selections.models import Members @app.route("/teams") @@ -14,8 +14,8 @@ def get_teams(info=None): if not is_evals and not is_rtp: return "Not Evals or an RTP" - - team_numbers = set([member.team for member in members.query.all()]) + + team_numbers = {member.team for member in Members.query.all()} if None in team_numbers: team_numbers.remove(None) @@ -23,7 +23,7 @@ def get_teams(info=None): teams = {} for team in team_numbers: teams[team] = [ - member.username for member in members.query.filter_by(team=team)] + member.username for member in Members.query.filter_by(team=team)] return render_template( 'teams.html', @@ -53,11 +53,11 @@ def create_team(info=None): usernames.append(new_members) for new_member in usernames: - member_data = members.query.filter_by(username=new_member).first() + member_data = Members.query.filter_by(username=new_member).first() if member_data: member_data.team = team_number else: - person = members(username=new_member, team=team_number) + person = Members(username=new_member, team=team_number) print(person.username) db.session.add(person) @@ -85,11 +85,11 @@ def add_to_team(team_id, info=None): usernames.append(form_input) for new_member in usernames: - member_data = members.query.filter_by(username=new_member).first() + member_data = Members.query.filter_by(username=new_member).first() if member_data: member_data.team = team_id else: - person = members(username=new_member, team=team_id) + person = Members(username=new_member, team=team_id) print(person.username) db.session.add(person) @@ -108,7 +108,7 @@ def remove_from_team(username, info=None): if not is_evals and not is_rtp: return "Not Evals or an RTP" - member = members.query.filter_by(username=username).first() + member = Members.query.filter_by(username=username).first() member.team = None db.session.commit() return redirect("/teams", 302) diff --git a/selections/ldap.py b/selections/ldap.py index 0029efc..dc7fec5 100644 --- a/selections/ldap.py +++ b/selections/ldap.py @@ -187,41 +187,41 @@ def ldap_set_non_current_student(account): ldap_get_member.cache_clear() -def ldap_update_profile(dict, uid): +def ldap_update_profile(profile_dict, uid): account = _ldap.get_member(uid, uid=True) - if not dict["name"] == account.cn: - account.cn = dict["name"] + if not profile_dict["name"] == account.cn: + account.cn = profile_dict["name"] - if not dict["birthday"] == account.birthday: - account.birthday = dict["birthday"] + if not profile_dict["birthday"] == account.birthday: + account.birthday = profile_dict["birthday"] - if not dict["phone"] == account.mobile: - account.mobile = dict["phone"] + if not profile_dict["phone"] == account.mobile: + account.mobile = profile_dict["phone"] - if not dict["plex"] == account.plex: - account.plex = dict["plex"] + if not profile_dict["plex"] == account.plex: + account.plex = profile_dict["plex"] - if not dict["major"] == account.major: - account.major = dict["major"] + if not profile_dict["major"] == account.major: + account.major = profile_dict["major"] - if not dict["ritYear"] == account.ritYear: - account.ritYear = dict["ritYear"] + if not profile_dict["ritYear"] == account.ritYear: + account.ritYear = profile_dict["ritYear"] - if not dict["website"] == account.homepageURL: - account.homepageURL = dict["website"] + if not profile_dict["website"] == account.homepageURL: + account.homepageURL = profile_dict["website"] - if not dict["github"] == account.github: - account.github = dict["github"] + if not profile_dict["github"] == account.github: + account.github = profile_dict["github"] - if not dict["twitter"] == account.twitterName: - account.twitterName = dict["twitter"] + if not profile_dict["twitter"] == account.twitterName: + account.twitterName = profile_dict["twitter"] - if not dict["blog"] == account.blogURL: - account.blogURL = dict["blog"] + if not profile_dict["blog"] == account.blogURL: + account.blogURL = profile_dict["blog"] - if not dict["google"] == account.googleScreenName: - account.googleScreenName = dict["google"] + if not profile_dict["google"] == account.googleScreenName: + account.googleScreenName = profile_dict["google"] def ldap_get_roomnumber(account): @@ -240,7 +240,7 @@ def ldap_search_members(query): # "(uid=%s)" % query, # ['uid']) - active = ldap_get_all_members(); + active = ldap_get_all_members() results = [] query = query.lower() diff --git a/selections/models.py b/selections/models.py index a2abee5..1356986 100644 --- a/selections/models.py +++ b/selections/models.py @@ -7,7 +7,7 @@ interview_enum = Enum('Paper', 'Phone', name='interview_enum') -class applicant(db.Model): +class Applicant(db.Model): __tablename__ = "application" id = Column(Integer, primary_key=True) created = Column(DateTime(timezone=True), server_default=func.now(), nullable=False) @@ -18,12 +18,12 @@ class applicant(db.Model): -class members(db.Model): +class Members(db.Model): username = Column(String(50), primary_key=True) team = Column(Integer) -class submission(db.Model): +class Submission(db.Model): id = Column(Integer, primary_key=True) created = Column(DateTime(timezone=True), server_default=func.now(), nullable=False) application = Column(Integer, ForeignKey("application.id"), nullable=False) @@ -32,7 +32,7 @@ class submission(db.Model): score = Column(Integer, nullable=False) -class criteria(db.Model): +class Criteria(db.Model): id = Column(Integer, primary_key=True) name = Column(String(25), nullable=False) description = Column(String(100)) diff --git a/selections/utils.py b/selections/utils.py index 81f21f8..a467bf1 100644 --- a/selections/utils.py +++ b/selections/utils.py @@ -1,12 +1,13 @@ import subprocess from functools import wraps from itertools import zip_longest -from flask import session from math import ceil +from flask import session + from selections import _ldap, db -from selections.ldap import * -from selections.models import applicant, members +from selections.ldap import ldap_get_groups, ldap_get_member, ldap_get_roomnumber, ldap_is_active, ldap_is_onfloor +from selections.models import Applicant, Members def before_request(func): @@ -32,17 +33,11 @@ def wrapped_function(*args, **kwargs): def get_member_info(uid): account = ldap_get_member(uid) - if ldap_is_active(account): - alumInfo = None - else: - alumInfo = parse_alum_name(account.gecos) - member_info = { "user_obj": account, "group_list": ldap_get_groups(account), "uid": account.uid, "name": account.cn, - "alumInfo": alumInfo, "active": ldap_is_active(account), "onfloor": ldap_is_onfloor(account), "room": ldap_get_roomnumber(account), @@ -54,8 +49,8 @@ def get_member_info(uid): def assign_pending_applicants(): - pending = applicant.query.filter_by(team=-1).all() - teams = set([member.team for member in members.query.all()]) + pending = Applicant.query.filter_by(team=-1).all() + teams = {member.team for member in Members.query.all()} if None in teams: teams.remove(None) From 1faaa1e643ff797f8d3504a833df44268873e592 Mon Sep 17 00:00:00 2001 From: Max Meinhold Date: Sat, 16 May 2020 22:13:31 -0400 Subject: [PATCH 5/8] Add quote linting, standardise quote marks --- .travis.yml | 2 +- requirements.txt | 1 + selections/__init__.py | 34 ++++---- selections/blueprints/application.py | 114 +++++++++++++-------------- selections/blueprints/teams.py | 52 ++++++------ selections/ldap.py | 82 +++++++++---------- selections/models.py | 8 +- selections/utils.py | 36 ++++----- 8 files changed, 165 insertions(+), 164 deletions(-) diff --git a/.travis.yml b/.travis.yml index 47c5b71..713e851 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,4 +5,4 @@ python: install: - "pip install -r requirements.txt" script: - - "pylint selections" + - "pylint --load-plugins pylint_quotes selections" diff --git a/requirements.txt b/requirements.txt index af268dc..8d57961 100644 --- a/requirements.txt +++ b/requirements.txt @@ -33,6 +33,7 @@ pycparser==2.20 pycryptodomex==3.9.7 pyjwkest==1.4.2 pylint==2.5.2 +pylint-quotes==0.2.1 PyMySQL==0.8.0 pyOpenSSL==19.1.0 python-dateutil==2.8.1 diff --git a/selections/__init__.py b/selections/__init__.py index f81ff23..4549dbd 100644 --- a/selections/__init__.py +++ b/selections/__init__.py @@ -15,13 +15,13 @@ app = Flask(__name__) # Check if deployed on OpenShift, if so use environment. -if os.path.exists(os.path.join(os.getcwd(), "config.py")): - app.config.from_pyfile(os.path.join(os.getcwd(), "config.py")) +if os.path.exists(os.path.join(os.getcwd(), 'config.py')): + app.config.from_pyfile(os.path.join(os.getcwd(), 'config.py')) else: - app.config.from_pyfile(os.path.join(os.getcwd(), "config.env.py")) + app.config.from_pyfile(os.path.join(os.getcwd(), 'config.env.py')) -auth = OIDCAuthentication(app, issuer=app.config["OIDC_ISSUER"], - client_registration_info=app.config["OIDC_CLIENT_CONFIG"]) +auth = OIDCAuthentication(app, issuer=app.config['OIDC_ISSUER'], + client_registration_info=app.config['OIDC_CLIENT_CONFIG']) # Create a connection to CSH LDAP _ldap = csh_ldap.CSHLDAP( @@ -47,12 +47,12 @@ from selections.utils import before_request, get_member_info -@app.route("/") +@app.route('/') @auth.oidc_auth @before_request def main(info=None): - is_evals = "eboard-evaluations" in info['member_info']['group_list'] - is_rtp = "rtp" in info['member_info']['group_list'] + is_evals = 'eboard-evaluations' in info['member_info']['group_list'] + is_rtp = 'rtp' in info['member_info']['group_list'] member = Members.query.filter_by(username=info['uid']).first() all_applications = Applicant.query.all() @@ -65,10 +65,10 @@ def main(info=None): score_sum = 0 results = Submission.query.filter_by( application=applicant.id, - medium="Paper").all() + medium='Paper').all() phone_r = Submission.query.filter_by( application=applicant.id, - medium="Phone").first() + medium='Phone').first() for result in results: score_sum += int(result.score) reviewers[applicant.id].append(result.member) @@ -81,7 +81,7 @@ def main(info=None): else: averages[applicant.id] = 0 reviewers[applicant.id] = [] - evaluated[applicant.id] = bool(Submission.query.filter_by(application=applicant.id, medium="Phone").all()) + evaluated[applicant.id] = bool(Submission.query.filter_by(application=applicant.id, medium='Phone').all()) if member and member.team: team = Members.query.filter_by(team=member.team) @@ -89,11 +89,11 @@ def main(info=None): member=info['uid']).all()] applications = [ { - "id": a.id, - "gender": a.gender, - "reviewed": a.id in reviewed_apps, - "interview": a.phone_int, - "review_count": Submission.query.filter_by(application=a.id).count() + 'id': a.id, + 'gender': a.gender, + 'reviewed': a.id in reviewed_apps, + 'interview': a.phone_int, + 'review_count': Submission.query.filter_by(application=a.id).count() } for a in Applicant.query.filter_by(team=member.team).all() ] @@ -119,7 +119,7 @@ def main(info=None): reviewers=reviewers) -if __name__ == "__main__": +if __name__ == '__main__': app.run() application = app diff --git a/selections/blueprints/application.py b/selections/blueprints/application.py index 5e3eb25..1b71325 100644 --- a/selections/blueprints/application.py +++ b/selections/blueprints/application.py @@ -9,53 +9,53 @@ from selections.models import Applicant, Criteria, db, Members, Submission -@app.route("/application/") +@app.route('/application/') @auth.oidc_auth @before_request def get_application(app_id, info=None): reviewed = Submission.query.filter_by( id=app_id).filter_by(member=info['uid']).first() if reviewed: - flash("You already reviewed that application!") - return redirect(url_for("main")) + flash('You already reviewed that application!') + return redirect(url_for('main')) applicant_info = Applicant.query.filter_by(id=app_id).first() - split_body = applicant_info.body.split("\n") - fields = Criteria.query.filter_by(medium="Paper").all() + split_body = applicant_info.body.split('\n') + fields = Criteria.query.filter_by(medium='Paper').all() return render_template( - "vote.html", + 'vote.html', application=applicant_info, split_body=split_body, info=info, fields=fields) -@app.route("/application", methods=["POST"]) +@app.route('/application', methods=['POST']) @auth.oidc_auth @before_request def create_application(): - applicant_id = request.form.get("id") + applicant_id = request.form.get('id') applicant = Applicant( id=applicant_id, - body=request.form.get("application"), - team=request.form.get("team"), - gender=request.form.get("gender")) + body=request.form.get('application'), + team=request.form.get('team'), + gender=request.form.get('gender')) db.session.add(applicant) db.session.flush() db.session.commit() return get_application_creation() -@app.route("/application/import", methods=["POST"]) +@app.route('/application/import', methods=['POST']) @auth.oidc_auth @before_request def import_application(): word_file = request.files['file'] if not word_file: - return "No file", 400 + return 'No file', 400 - gender = {"M": "Male", - "F": "Female"} + gender = {'M': 'Male', + 'F': 'Female'} unparsed_applications = defaultdict(list) applications = {} @@ -65,18 +65,18 @@ def import_application(): try: document = docx.Document(word_file) except BadZipFile: - return "Not a valid Word file!" + return 'Not a valid Word file!' iteration = 0 for paragraph in document.paragraphs: - if "Entry" not in paragraph.text: + if 'Entry' not in paragraph.text: unparsed_applications[iteration].append(paragraph.text[1:]) else: iteration += 1 for array in unparsed_applications: - app_info = unparsed_applications[array][0].split("\t") + app_info = unparsed_applications[array][0].split('\t') app_id = app_info[0] app_gender = gender[app_info[1]] app_text = app_info[2] @@ -85,10 +85,10 @@ def import_application(): continue for line in unparsed_applications[array][1:]: - if line[-1:] == " ": + if line[-1:] == ' ': app_text += line else: - app_text += "\n{}".format(line) + app_text += '\n{}'.format(line) applications[app_id] = [app_gender, app_text] new_app = Applicant( @@ -105,12 +105,12 @@ def import_application(): return get_application_creation() -@app.route("/application/delete/", methods=["GET"]) +@app.route('/application/delete/', methods=['GET']) @auth.oidc_auth @before_request def delete_application(app_id, info=None): - is_evals = "eboard-evaluations" in info['member_info']['group_list'] - is_rtp = "rtp" in info['member_info']['group_list'] + is_evals = 'eboard-evaluations' in info['member_info']['group_list'] + is_rtp = 'rtp' in info['member_info']['group_list'] if is_evals or is_rtp: scores = Submission.query.filter_by(application=app_id).all() applicant_info = Applicant.query.filter_by(id=app_id).first() @@ -121,76 +121,76 @@ def delete_application(app_id, info=None): db.session.delete(applicant_info) db.session.flush() db.session.commit() - return redirect("/", 302) + return redirect('/', 302) -@app.route("/application/create") +@app.route('/application/create') @auth.oidc_auth @before_request def get_application_creation(info=None): - is_evals = "eboard-evaluations" in info['member_info']['group_list'] - is_rtp = "rtp" in info['member_info']['group_list'] + is_evals = 'eboard-evaluations' in info['member_info']['group_list'] + is_rtp = 'rtp' in info['member_info']['group_list'] if is_evals or is_rtp: - return render_template("create.html", info=info) + return render_template('create.html', info=info) else: flash("You aren't allowed to see that page!") - return redirect(url_for("main")) + return redirect(url_for('main')) -@app.route("/logout") +@app.route('/logout') @auth.oidc_logout def logout(): - return redirect("/", 302) + return redirect('/', 302) -@app.route("/application/", methods=['POST']) +@app.route('/application/', methods=['POST']) @auth.oidc_auth @before_request def submit_application(app_id, info=None): fields = [{ - "value": request.form.get(crit.name), - "weight": crit.weight, - "max": crit.max_score, - "min": crit.min_score} for crit in Criteria.query.filter_by(medium="Paper").all()] + 'value': request.form.get(crit.name), + 'weight': crit.weight, + 'max': crit.max_score, + 'min': crit.min_score} for crit in Criteria.query.filter_by(medium='Paper').all()] applicant_info = Applicant.query.filter_by(id=app_id).first() member = Members.query.filter_by(username=info['uid']).first() submissions = [sub.member for sub in Submission.query.filter_by( application=app_id).all()] if info['uid'] in submissions: - flash("You have already reviewed this application!") - return redirect(url_for("main")) + flash('You have already reviewed this application!') + return redirect(url_for('main')) if applicant_info.team != member.team: - flash("You are not on the correct team to review that application!") - return redirect(url_for("main")) + flash('You are not on the correct team to review that application!') + return redirect(url_for('main')) for field in fields: - if not field["min"] <= int(field["value"]) <= field["max"]: - flash("Please make sure that the data you submitted is valid!") - return redirect(url_for("main")) + if not field['min'] <= int(field['value']) <= field['max']: + flash('Please make sure that the data you submitted is valid!') + return redirect(url_for('main')) total_score = 0 for field in fields: - total_score += (int(field["value"]) * field["weight"]) + total_score += (int(field['value']) * field['weight']) member_score = Submission( - application=app_id, member=member.username, medium="Paper", score=total_score) + application=app_id, member=member.username, medium='Paper', score=total_score) db.session.add(member_score) db.session.flush() db.session.commit() - flash("Thanks for evaluating application #{}!".format(app_id)) - return redirect("/", 302) + flash('Thanks for evaluating application #{}!'.format(app_id)) + return redirect('/', 302) -@app.route("/application/review/", methods=['GET']) +@app.route('/application/review/', methods=['GET']) @auth.oidc_auth @before_request def review_application(app_id, info=None): applicant_info = Applicant.query.filter_by(id=app_id).first() - evaluated = bool(Submission.query.filter_by(application=app_id, medium="Phone").all()) + evaluated = bool(Submission.query.filter_by(application=app_id, medium='Phone').all()) scores = Submission.query.filter_by(application=app_id).all() - split_body = applicant_info.body.split("\n") + split_body = applicant_info.body.split('\n') return render_template( 'review_app.html', info=info, @@ -200,12 +200,12 @@ def review_application(app_id, info=None): evaluated=evaluated) -@app.route("/application/phone/", methods=['GET']) +@app.route('/application/phone/', methods=['GET']) @auth.oidc_auth @before_request def get_phone_application(app_id, info=None): applicant_info = Applicant.query.filter_by(id=app_id).first() - split_body = applicant_info.body.split("\n") + split_body = applicant_info.body.split('\n') scores = [subs.score for subs in Submission.query.filter_by(application=app_id).all()] total = 0 if scores: @@ -215,24 +215,24 @@ def get_phone_application(app_id, info=None): total = total / len(scores) return render_template( - "phone.html", + 'phone.html', info=info, app_score=total, application=applicant_info, split_body=split_body) -@app.route("/application/phone/", methods=["POST"]) +@app.route('/application/phone/', methods=['POST']) @auth.oidc_auth @before_request def promote_application(app_id, info=None): - score = request.form.get("score") + score = request.form.get('score') new_submit = Submission( application=app_id, member=info['uid'], - medium="Phone", + medium='Phone', score=score) db.session.add(new_submit) db.session.flush() db.session.commit() - return redirect("/", 302) + return redirect('/', 302) diff --git a/selections/blueprints/teams.py b/selections/blueprints/teams.py index 33989bd..023892c 100644 --- a/selections/blueprints/teams.py +++ b/selections/blueprints/teams.py @@ -5,15 +5,15 @@ from selections.models import Members -@app.route("/teams") +@app.route('/teams') @auth.oidc_auth @before_request def get_teams(info=None): - is_evals = "eboard-evaluations" in info['member_info']['group_list'] - is_rtp = "rtp" in info['member_info']['group_list'] + is_evals = 'eboard-evaluations' in info['member_info']['group_list'] + is_rtp = 'rtp' in info['member_info']['group_list'] if not is_evals and not is_rtp: - return "Not Evals or an RTP" + return 'Not Evals or an RTP' team_numbers = {member.team for member in Members.query.all()} @@ -32,23 +32,23 @@ def get_teams(info=None): teams=teams) -@app.route("/teams", methods=["POST"]) +@app.route('/teams', methods=['POST']) @auth.oidc_auth @before_request def create_team(info=None): - is_evals = "eboard-evaluations" in info['member_info']['group_list'] - is_rtp = "rtp" in info['member_info']['group_list'] + is_evals = 'eboard-evaluations' in info['member_info']['group_list'] + is_rtp = 'rtp' in info['member_info']['group_list'] if not is_evals and not is_rtp: - return "Not Evals or an RTP" + return 'Not Evals or an RTP' - team_number = request.form.get("number") - new_members = request.form.get("members") + team_number = request.form.get('number') + new_members = request.form.get('members') usernames = [] - if "," in new_members: - usernames = new_members.replace(" ", "").split(",") + if ',' in new_members: + usernames = new_members.replace(' ', '').split(',') else: usernames.append(new_members) @@ -63,24 +63,24 @@ def create_team(info=None): db.session.commit() - return redirect("/teams", 302) + return redirect('/teams', 302) -@app.route("/teams/", methods=["POST"]) +@app.route('/teams/', methods=['POST']) @auth.oidc_auth @before_request def add_to_team(team_id, info=None): - is_evals = "eboard-evaluations" in info['member_info']['group_list'] - is_rtp = "rtp" in info['member_info']['group_list'] + is_evals = 'eboard-evaluations' in info['member_info']['group_list'] + is_rtp = 'rtp' in info['member_info']['group_list'] if not is_evals and not is_rtp: - return "Not Evals or an RTP" + return 'Not Evals or an RTP' - form_input = request.form.get("username") + form_input = request.form.get('username') usernames = [] - if "," in form_input: - usernames = form_input.replace(" ", "").split(",") + if ',' in form_input: + usernames = form_input.replace(' ', '').split(',') else: usernames.append(form_input) @@ -95,20 +95,20 @@ def add_to_team(team_id, info=None): db.session.commit() - return redirect("/teams", 302) + return redirect('/teams', 302) -@app.route("/teams/remove/", methods=["GET"]) +@app.route('/teams/remove/', methods=['GET']) @auth.oidc_auth @before_request def remove_from_team(username, info=None): - is_evals = "eboard-evaluations" in info['member_info']['group_list'] - is_rtp = "rtp" in info['member_info']['group_list'] + is_evals = 'eboard-evaluations' in info['member_info']['group_list'] + is_rtp = 'rtp' in info['member_info']['group_list'] if not is_evals and not is_rtp: - return "Not Evals or an RTP" + return 'Not Evals or an RTP' member = Members.query.filter_by(username=username).first() member.team = None db.session.commit() - return redirect("/teams", 302) + return redirect('/teams', 302) diff --git a/selections/ldap.py b/selections/ldap.py index dc7fec5..9795c8f 100644 --- a/selections/ldap.py +++ b/selections/ldap.py @@ -9,9 +9,9 @@ def _ldap_get_group_members(group): def _ldap_is_member_of_group(member, group): - group_list = member.get("memberOf") + group_list = member.get('memberOf') for group_dn in group_list: - if group == group_dn.split(",")[0][3:]: + if group == group_dn.split(',')[0][3:]: return True return False @@ -44,44 +44,44 @@ def ldap_get_member(username): @lru_cache(maxsize=1024) def ldap_get_active_members(): - return _ldap_get_group_members("active") + return _ldap_get_group_members('active') @lru_cache(maxsize=1024) def ldap_get_intro_members(): - return _ldap_get_group_members("intromembers") + return _ldap_get_group_members('intromembers') @lru_cache(maxsize=1024) def ldap_get_onfloor_members(): - return _ldap_get_group_members("onfloor") + return _ldap_get_group_members('onfloor') @lru_cache(maxsize=1024) def ldap_get_current_students(): - return _ldap_get_group_members("current_student") + return _ldap_get_group_members('current_student') @lru_cache(maxsize=1024) def ldap_get_all_members(): - return _ldap_get_group_members("member") + return _ldap_get_group_members('member') @lru_cache(maxsize=1024) def ldap_get_groups(account): - group_list = account.get("memberOf") + group_list = account.get('memberOf') groups = [] for group_dn in group_list: - groups.append(group_dn.split(",")[0][3:]) + groups.append(group_dn.split(',')[0][3:]) return groups @lru_cache(maxsize=1024) def ldap_get_eboard(): - members = _ldap_get_group_members("eboard-chairman") + _ldap_get_group_members( - "eboard-evaluations") + _ldap_get_group_members("eboard-financial") + _ldap_get_group_members( - "eboard-history") + _ldap_get_group_members("eboard-imps") + _ldap_get_group_members( - "eboard-opcomm") + _ldap_get_group_members("eboard-research") + _ldap_get_group_members("eboard-social") + members = _ldap_get_group_members('eboard-chairman') + _ldap_get_group_members( + 'eboard-evaluations') + _ldap_get_group_members('eboard-financial') + _ldap_get_group_members( + 'eboard-history') + _ldap_get_group_members('eboard-imps') + _ldap_get_group_members( + 'eboard-opcomm') + _ldap_get_group_members('eboard-research') + _ldap_get_group_members('eboard-social') return members @@ -156,7 +156,7 @@ def ldap_set_housingpoints(account, housing_points): def ldap_set_roomnumber(account, room_number): - if room_number == "": + if room_number == '': room_number = None account.roomNumber = room_number ldap_get_current_students.cache_clear() @@ -190,54 +190,54 @@ def ldap_set_non_current_student(account): def ldap_update_profile(profile_dict, uid): account = _ldap.get_member(uid, uid=True) - if not profile_dict["name"] == account.cn: - account.cn = profile_dict["name"] + if not profile_dict['name'] == account.cn: + account.cn = profile_dict['name'] - if not profile_dict["birthday"] == account.birthday: - account.birthday = profile_dict["birthday"] + if not profile_dict['birthday'] == account.birthday: + account.birthday = profile_dict['birthday'] - if not profile_dict["phone"] == account.mobile: - account.mobile = profile_dict["phone"] + if not profile_dict['phone'] == account.mobile: + account.mobile = profile_dict['phone'] - if not profile_dict["plex"] == account.plex: - account.plex = profile_dict["plex"] + if not profile_dict['plex'] == account.plex: + account.plex = profile_dict['plex'] - if not profile_dict["major"] == account.major: - account.major = profile_dict["major"] + if not profile_dict['major'] == account.major: + account.major = profile_dict['major'] - if not profile_dict["ritYear"] == account.ritYear: - account.ritYear = profile_dict["ritYear"] + if not profile_dict['ritYear'] == account.ritYear: + account.ritYear = profile_dict['ritYear'] - if not profile_dict["website"] == account.homepageURL: - account.homepageURL = profile_dict["website"] + if not profile_dict['website'] == account.homepageURL: + account.homepageURL = profile_dict['website'] - if not profile_dict["github"] == account.github: - account.github = profile_dict["github"] + if not profile_dict['github'] == account.github: + account.github = profile_dict['github'] - if not profile_dict["twitter"] == account.twitterName: - account.twitterName = profile_dict["twitter"] + if not profile_dict['twitter'] == account.twitterName: + account.twitterName = profile_dict['twitter'] - if not profile_dict["blog"] == account.blogURL: - account.blogURL = profile_dict["blog"] + if not profile_dict['blog'] == account.blogURL: + account.blogURL = profile_dict['blog'] - if not profile_dict["google"] == account.googleScreenName: - account.googleScreenName = profile_dict["google"] + if not profile_dict['google'] == account.googleScreenName: + account.googleScreenName = profile_dict['google'] def ldap_get_roomnumber(account): try: return account.roomNumber except AttributeError: - return "" + return '' @lru_cache(maxsize=1024) def ldap_search_members(query): # con = _ldap.get_con() # results= con.search_s( - # "dc=csh,dc=rit,dc=edu", + # 'dc=csh,dc=rit,dc=edu', # ldap.SCOPE_SUBTREE, - # "(uid=%s)" % query, + # '(uid=%s)' % query, # ['uid']) active = ldap_get_all_members() @@ -263,7 +263,7 @@ def get_image(uid): @lru_cache(maxsize=1024) def get_gravatar(uid): - addr = uid + "@csh.rit.edu" - url = "https://gravatar.com/avatar/" + hashlib.md5(addr.encode('utf8')).hexdigest() + ".jpg?d=mm&s=250" + addr = uid + '@csh.rit.edu' + url = 'https://gravatar.com/avatar/' + hashlib.md5(addr.encode('utf8')).hexdigest() + '.jpg?d=mm&s=250' return url diff --git a/selections/models.py b/selections/models.py index 1356986..5131cd5 100644 --- a/selections/models.py +++ b/selections/models.py @@ -8,13 +8,13 @@ class Applicant(db.Model): - __tablename__ = "application" + __tablename__ = 'application' id = Column(Integer, primary_key=True) created = Column(DateTime(timezone=True), server_default=func.now(), nullable=False) body = Column(String(6000), nullable=False) team = Column(Integer, nullable=False) gender = Column(gender_enum, nullable=False) - phone_int = Column(Boolean, server_default="0", nullable=False) + phone_int = Column(Boolean, server_default='0', nullable=False) @@ -26,8 +26,8 @@ class Members(db.Model): class Submission(db.Model): id = Column(Integer, primary_key=True) created = Column(DateTime(timezone=True), server_default=func.now(), nullable=False) - application = Column(Integer, ForeignKey("application.id"), nullable=False) - member = Column(String(50), ForeignKey("members.username"), nullable=False) + application = Column(Integer, ForeignKey('application.id'), nullable=False) + member = Column(String(50), ForeignKey('members.username'), nullable=False) medium = Column(interview_enum, primary_key=True) score = Column(Integer, nullable=False) diff --git a/selections/utils.py b/selections/utils.py index a467bf1..69ab233 100644 --- a/selections/utils.py +++ b/selections/utils.py @@ -14,17 +14,17 @@ def before_request(func): @wraps(func) def wrapped_function(*args, **kwargs): git_revision = subprocess.check_output(['git', 'rev-parse', '--short', 'HEAD']).decode('utf-8').rstrip() - uuid = str(session["userinfo"].get("sub", "")) - uid = str(session["userinfo"].get("preferred_username", "")) + uuid = str(session['userinfo'].get('sub', '')) + uid = str(session['userinfo'].get('preferred_username', '')) user_obj = _ldap.get_member(uid, uid=True) info = { - "git_revision": git_revision, - "uuid": uuid, - "uid": uid, - "user_obj": user_obj, - "member_info": get_member_info(uid) + 'git_revision': git_revision, + 'uuid': uuid, + 'uid': uid, + 'user_obj': user_obj, + 'member_info': get_member_info(uid) } - kwargs["info"] = info + kwargs['info'] = info return func(*args, **kwargs) return wrapped_function @@ -34,16 +34,16 @@ def get_member_info(uid): account = ldap_get_member(uid) member_info = { - "user_obj": account, - "group_list": ldap_get_groups(account), - "uid": account.uid, - "name": account.cn, - "active": ldap_is_active(account), - "onfloor": ldap_is_onfloor(account), - "room": ldap_get_roomnumber(account), - "hp": account.housingPoints, - "plex": account.plex, - "rn": ldap_get_roomnumber(account) + 'user_obj': account, + 'group_list': ldap_get_groups(account), + 'uid': account.uid, + 'name': account.cn, + 'active': ldap_is_active(account), + 'onfloor': ldap_is_onfloor(account), + 'room': ldap_get_roomnumber(account), + 'hp': account.housingPoints, + 'plex': account.plex, + 'rn': ldap_get_roomnumber(account) } return member_info From 395acec711f9b227acd77480aab31dc767a8317f Mon Sep 17 00:00:00 2001 From: Max Meinhold Date: Sat, 16 May 2020 22:56:35 -0400 Subject: [PATCH 6/8] Refine permission checking --- selections/__init__.py | 6 ++++++ selections/blueprints/application.py | 16 ++++++++++++++-- selections/blueprints/teams.py | 11 +++++++---- selections/templates/index.html | 1 + 4 files changed, 28 insertions(+), 6 deletions(-) diff --git a/selections/__init__.py b/selections/__init__.py index 4549dbd..f3c9916 100644 --- a/selections/__init__.py +++ b/selections/__init__.py @@ -109,6 +109,7 @@ def main(info=None): evaluated=evaluated, reviewers=reviewers) elif is_evals or is_rtp: + all_users.append(info['uid']) return render_template( 'index.html', info=info, @@ -117,6 +118,11 @@ def main(info=None): averages=averages, evaluated=evaluated, reviewers=reviewers) + else: + return render_template( + 'index.html', + info=info, + all_users=all_users) if __name__ == '__main__': diff --git a/selections/blueprints/application.py b/selections/blueprints/application.py index 1b71325..4ce2e63 100644 --- a/selections/blueprints/application.py +++ b/selections/blueprints/application.py @@ -13,13 +13,19 @@ @auth.oidc_auth @before_request def get_application(app_id, info=None): + applicant_info = Applicant.query.filter_by(id=app_id).first() + member = Members.query.filter_by(username=info['uid']).first() + is_evals = 'eboard-evaluations' in info['member_info']['group_list'] + is_rtp = 'rtp' in info['member_info']['group_list'] + if not member and not (is_rtp or is_evals): + return redirect(url_for('main')) + reviewed = Submission.query.filter_by( id=app_id).filter_by(member=info['uid']).first() if reviewed: flash('You already reviewed that application!') return redirect(url_for('main')) - applicant_info = Applicant.query.filter_by(id=app_id).first() split_body = applicant_info.body.split('\n') fields = Criteria.query.filter_by(medium='Paper').all() return render_template( @@ -122,6 +128,8 @@ def delete_application(app_id, info=None): db.session.flush() db.session.commit() return redirect('/', 302) + flash("You can't delete applications.") + redirect(url_for('main')) @app.route('/application/create') @@ -147,13 +155,17 @@ def logout(): @auth.oidc_auth @before_request def submit_application(app_id, info=None): + member = Members.query.filter_by(username=info['uid']).first() + if not member: + flash("You can't score applications.") + return redirect(url_for('main')) + fields = [{ 'value': request.form.get(crit.name), 'weight': crit.weight, 'max': crit.max_score, 'min': crit.min_score} for crit in Criteria.query.filter_by(medium='Paper').all()] applicant_info = Applicant.query.filter_by(id=app_id).first() - member = Members.query.filter_by(username=info['uid']).first() submissions = [sub.member for sub in Submission.query.filter_by( application=app_id).all()] diff --git a/selections/blueprints/teams.py b/selections/blueprints/teams.py index 023892c..5880e5e 100644 --- a/selections/blueprints/teams.py +++ b/selections/blueprints/teams.py @@ -1,4 +1,4 @@ -from flask import render_template, redirect, request +from flask import render_template, redirect, url_for, flash, request from selections.utils import before_request from selections import app, auth, db @@ -13,7 +13,8 @@ def get_teams(info=None): is_rtp = 'rtp' in info['member_info']['group_list'] if not is_evals and not is_rtp: - return 'Not Evals or an RTP' + flash('Not Evals or an RTP') + return redirect(url_for('main')) team_numbers = {member.team for member in Members.query.all()} @@ -40,7 +41,8 @@ def create_team(info=None): is_rtp = 'rtp' in info['member_info']['group_list'] if not is_evals and not is_rtp: - return 'Not Evals or an RTP' + flash('Not Evals or an RTP') + return redirect(url_for('main')) team_number = request.form.get('number') new_members = request.form.get('members') @@ -74,7 +76,8 @@ def add_to_team(team_id, info=None): is_rtp = 'rtp' in info['member_info']['group_list'] if not is_evals and not is_rtp: - return 'Not Evals or an RTP' + flash('Not Evals or an RTP') + return redirect(url_for('main')) form_input = request.form.get('username') usernames = [] diff --git a/selections/templates/index.html b/selections/templates/index.html index 229e658..89ed589 100644 --- a/selections/templates/index.html +++ b/selections/templates/index.html @@ -1,4 +1,5 @@ {% extends 'base.html' %} + {% block body %}
{% with messages = get_flashed_messages() %} From 141e8e715405ce5e72dbb59a162d7e7a428ba98a Mon Sep 17 00:00:00 2001 From: Max Meinhold Date: Sat, 16 May 2020 22:57:51 -0400 Subject: [PATCH 7/8] Logout is not relevant to applications --- selections/__init__.py | 6 ++++++ selections/blueprints/application.py | 6 ------ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/selections/__init__.py b/selections/__init__.py index f3c9916..5486746 100644 --- a/selections/__init__.py +++ b/selections/__init__.py @@ -125,6 +125,12 @@ def main(info=None): all_users=all_users) +@app.route('/logout') +@auth.oidc_logout +def logout(): + return redirect('/', 302) + + if __name__ == '__main__': app.run() diff --git a/selections/blueprints/application.py b/selections/blueprints/application.py index 4ce2e63..cc18457 100644 --- a/selections/blueprints/application.py +++ b/selections/blueprints/application.py @@ -145,12 +145,6 @@ def get_application_creation(info=None): return redirect(url_for('main')) -@app.route('/logout') -@auth.oidc_logout -def logout(): - return redirect('/', 302) - - @app.route('/application/', methods=['POST']) @auth.oidc_auth @before_request From 9a21937acf73f0cdedbe5aaea02764e5b4d28c40 Mon Sep 17 00:00:00 2001 From: Galen Guyer Date: Tue, 2 Jun 2020 13:53:52 -0700 Subject: [PATCH 8/8] Allow LDAP connections with self-signed certs --- selections/__init__.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/selections/__init__.py b/selections/__init__.py index 602bd67..5699174 100644 --- a/selections/__init__.py +++ b/selections/__init__.py @@ -1,6 +1,7 @@ import os from collections import defaultdict +import ldap import csh_ldap from flask import Flask from flask_migrate import Migrate @@ -23,6 +24,7 @@ client_registration_info=app.config["OIDC_CLIENT_CONFIG"]) # Create a connection to CSH LDAP +ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW) _ldap = csh_ldap.CSHLDAP( app.config['LDAP_BIND_DN'], app.config['LDAP_BIND_PASS'])