org_users.py

from flask import render_template, g, redirect, url_for, flash, request
from flask_wtf import FlaskForm
import werkzeug.exceptions
import wtforms
from sqlalchemy import or_

from typing import Optional
from wtforms import validators

from wtforms.validators import Required

import mo
import mo.db as db
import mo.rights
import mo.util
import mo.users
from mo.web import app


class PagerForm(FlaskForm):
    limit = wtforms.IntegerField()
    offset = wtforms.IntegerField()
    next = wtforms.SubmitField("Další")
    previous = wtforms.SubmitField("Předchozí")


class UsersFilterForm(PagerForm):
    # participants
    year = wtforms.IntegerField("Ročník")
    school_code = wtforms.StringField("Škola")

    # rounds->participations
    round_year = wtforms.IntegerField("Ročník")
    round_category = wtforms.SelectField("Kategorie", choices=['*'] + sorted(db.get_categories()))
    round_seq = wtforms.SelectField("Kolo", choices=['*'] + sorted(db.get_seqs()))
    contest_site_code = wtforms.StringField("Soutěžní místo")
    participation_state = wtforms.SelectField('Účast', choices=[('*', '*')] + list(db.PartState.choices()))

    submit = wtforms.SubmitField("Filtrovat")


@app.route('/org/user/')
def org_users():
    sess = db.get_session()
    rr = mo.rights.Rights(g.user)
    rr.get_generic()

    q = sess.query(db.User).filter_by(is_admin=False, is_org=False)
    filter = UsersFilterForm(request.args)

    filter_errors = []

    participant_filter = sess.query(db.Participant.user_id)
    participant_filter_apply = False
    if filter.year.data:
        participant_filter = participant_filter.filter_by(year=filter.year.data)
        participant_filter_apply = True
    if filter.school_code.data:
        place = db.place_by_code(filter.school_code.data)
        if place:
            participant_filter = participant_filter.filter_by(school=place.place_id)
            participant_filter_apply = True
        else:
            filter_errors.append("Neexistující kód školy")

    if participant_filter_apply:
        q = q.filter(db.User.user_id.in_(participant_filter))

    round_filter = sess.query(db.Round.round_id)
    round_filter_apply = False
    if filter.round_year.data:
        round_filter = round_filter.filter_by(year=filter.round_year.data)
        round_filter_apply = True
    if filter.round_category.data and filter.round_category.data != "*":
        round_filter = round_filter.filter_by(category=filter.round_category.data)
        round_filter_apply = True
    if filter.round_seq.data and filter.round_seq.data != "*":
        round_filter = round_filter.filter_by(seq=filter.round_seq.data)
        round_filter_apply = True

    contest_filter = sess.query(db.Contest.contest_id)
    contest_filter_apply = False
    if round_filter_apply:
        contest_filter = contest_filter.filter(db.Contest.round_id.in_(round_filter))
        contest_filter_apply = True
    if filter.contest_site_code.data:
        place = db.place_by_code(filter.contest_site_code.data)
        if place:
            contest_filter = contest_filter.filter_by(place_id=place.place_id)
            contest_filter_apply = True
        else:
            filter_errors.append("Neexistující kód soutěžního místa")

    participation_filter = sess.query(db.Participation.user_id)
    participation_filter_apply = False
    if contest_filter_apply:
        participation_filter = participation_filter.filter(db.Participation.contest_id.in_(contest_filter))
        participation_filter_apply = True
    if filter.participation_state.data and filter.participation_state.data != '*':
        participation_filter = participation_filter.filter_by(state=filter.participation_state.data)
        participation_filter_apply = True

    if participation_filter_apply:
        q = q.filter(db.User.user_id.in_(participation_filter))

    # print(str(q))
    count = q.count()

    if not filter.offset.data:
        filter.offset.data = 0
    if not filter.limit.data:
        filter.limit.data = 50

    if filter.previous.data:
        filter.offset.data = max(0, filter.offset.data - 50)
    if filter.next.data:
        filter.offset.data = min(count // 50 * 50, filter.offset.data + 50)

    q = q.offset(filter.offset.data)
    q = q.limit(filter.limit.data)
    users = q.all()

    return render_template(
        'org_users.html', users=users, count=count,
        filter=filter, filter_errors=filter_errors,
        can_edit=rr.have_right(mo.rights.Right.edit_users),
        can_add=rr.have_right(mo.rights.Right.add_users),
    )


class OrgsFilterForm(PagerForm):
    # TODO: filtering by roles?
    submit = wtforms.SubmitField("Filtrovat")


@app.route('/org/org/')
def org_orgs():
    sess = db.get_session()
    rr = mo.rights.Rights(g.user)
    rr.get_generic()

    q = sess.query(db.User).filter(or_(db.User.is_admin, db.User.is_org))
    filter = OrgsFilterForm(request.args)
    # TODO: filtering by roles?

    count = q.count()

    if not filter.offset.data:
        filter.offset.data = 0
    if not filter.limit.data:
        filter.limit.data = 50

    if filter.previous.data:
        filter.offset.data = max(0, filter.offset.data - 50)
    if filter.next.data:
        filter.offset.data = min(count // 50 * 50, filter.offset.data + 50)

    q = q.offset(filter.offset.data)
    q = q.limit(filter.limit.data)
    users = q.all()

    return render_template(
        'org_orgs.html', users=users, count=count,
        filter=filter, filter_errors=None,
        can_edit=rr.have_right(mo.rights.Right.edit_orgs),
        can_add=rr.have_right(mo.rights.Right.add_orgs),
    )


class FormAddRole(FlaskForm):
    role = wtforms.SelectField('Role', choices=[(name.name, role.name) for (name, role) in mo.rights.roles_by_type.items()])
    place_code = wtforms.StringField('Oblast')
    year = wtforms.IntegerField('Ročník', validators=[validators.Optional()])
    category = wtforms.StringField("Kategorie")
    seq = wtforms.IntegerField("Kolo", validators=[validators.Optional()])

    submit = wtforms.SubmitField('Přidat roli')


class FormRemoveRole(FlaskForm):
    remove_role_id = wtforms.IntegerField()
    remove = wtforms.SubmitField('Odebrat roli')


@app.route('/org/org/<int:id>/', methods=('GET', 'POST'))
def org_org(id: int):
    sess = db.get_session()
    user = sess.query(db.User).get(id)
    if not user or (not user.is_org and not user.is_admin):
        raise werkzeug.exceptions.NotFound()

    rr = mo.rights.Rights(g.user)
    rr.get_generic()
    can_assign_rights = rr.have_right(mo.rights.Right.assign_rights)

    form_add_role = FormAddRole()
    form_remove_role = FormRemoveRole()
    role_errors = []
    if can_assign_rights:
        if form_add_role.submit.data and form_add_role.validate_on_submit():
            new_role = db.UserRole()
            form_add_role.populate_obj(new_role)

            new_role.user_id = id
            new_role.place = db.get_root_place()
            new_role.assigned_by = g.user.user_id

            ok = True
            place_code = form_add_role.place_code.data
            if place_code:
                place = db.get_place_by_code(place_code)
                if not place:
                    role_errors.append("Nepovedlo se nalézt místo podle kódu")
                    ok = False
                else:
                    new_role.place = place

            if not rr.can_set_role(new_role):
                role_errors.append(f'Roli "{new_role}" nelze přidělit, není podmnožinou žádné vaší role')
                ok = False

            if ok:
                sess.add(new_role)
                sess.flush()
                mo.util.log(
                    type=db.LogType.user_role,
                    what=id,
                    details={'action': 'new', 'role': db.row2dict(new_role)},
                )
                sess.commit()
                app.logger.info(f"New role for user id {id} added: {db.row2dict(new_role)}")
                flash(f'Role "{new_role}" úspěšně přidána', 'success')
                return redirect(url_for('org_user', id=id))

        if form_remove_role.remove_role_id.data and form_remove_role.validate_on_submit():
            role = sess.query(db.UserRole).get(form_remove_role.remove_role_id.data)
            if not role:
                raise werkzeug.exceptions.NotFound

            if id == g.user.user_id:
                role_errors.append('Nelze odebrat vlastní roli')
            elif not rr.can_set_role(role):
                role_errors.append(f'Roli "{role}" nelze odebrat, není podmnožinou žádné vaší role')
            else:
                sess.delete(role)
                mo.util.log(
                    type=db.LogType.user_role,
                    what=id,
                    details={'action': 'delete', 'role': db.row2dict(role)},
                )
                sess.commit()
                app.logger.info(f"Role for user {id} removed: {db.row2dict(role)}")
                flash(f'Role "{role}" úspěšně odebrána', 'success')
                return redirect(url_for('org_user', id=id))

    return render_template(
        'org_org.html', user=user,
        can_edit=rr.can_edit_user(user), can_assign_rights=can_assign_rights,
        roles_by_type=mo.rights.roles_by_type, role_errors=role_errors,
        form_add_role=form_add_role, form_remove_role=form_remove_role,
    )


@app.route('/org/user/<int:id>/', methods=('GET', 'POST'))
def org_user(id: int):
    sess = db.get_session()
    user = sess.query(db.User).get(id)
    if not user:
        raise werkzeug.exceptions.NotFound()
    if user.is_org or user.is_admin:
        return redirect(url_for('org_org', id=id))

    rr = mo.rights.Rights(g.user)
    rr.get_generic()

    participants = sess.query(db.Participant).filter_by(user_id=user.user_id)
    rounds = sess.query(db.Participation).filter_by(user_id=user.user_id)

    return render_template(
        'org_user.html', user=user, can_edit=rr.can_edit_user(user),
        participants=participants, rounds=rounds
    )


class UserEditForm(FlaskForm):
    first_name = wtforms.StringField("Jméno", validators=[Required()])
    last_name = wtforms.StringField("Příjmení", validators=[Required()])
    note = wtforms.TextAreaField("Poznámka")
    submit = wtforms.SubmitField("Uložit")


class NewUserForm(UserEditForm):
    email = wtforms.StringField("E-mail", validators=[Required()])
    submit = wtforms.SubmitField("Vytvořit")


@app.route('/org/org/<int:id>/edit', methods=("GET", "POST"), endpoint="org_org_edit")
@app.route('/org/user/<int:id>/edit', methods=("GET", "POST"))
def org_user_edit(id: int):
    sess = db.get_session()
    user = mo.users.user_by_uid(id)
    if not user:
        raise werkzeug.exceptions.NotFound()

    is_org = request.endpoint == "org_org_edit"

    if not is_org and (user.is_admin or user.is_org):
        return redirect(url_for("org_org_edit", id=id))
    if is_org and not (user.is_admin or user.is_org):
        return redirect(url_for("org_user_edit", id=id))

    rr = mo.rights.Rights(g.user)
    rr.get_generic()
    if not rr.can_edit_user(user):
        raise werkzeug.exceptions.Forbidden()

    form = UserEditForm(obj=user)
    if form.validate_on_submit():
        form.populate_obj(user)

        if sess.is_modified(user):
            changes = db.get_object_changes(user)

            app.logger.info(f"User {id} modified, changes: {changes}")
            mo.util.log(
                type=db.LogType.user,
                what=id,
                details={'action': 'edit', 'changes': changes},
            )
            sess.commit()
            flash('Změny uživatele uloženy', 'success')
        else:
            flash(u'Žádné změny k uložení', 'info')

        return redirect(url_for('org_user', id=id))

    return render_template('org_user_edit.html', user=user, form=form, is_org=is_org)


@app.route('/org/org/new/', methods=('GET', 'POST'), endpoint="org_org_new")
@app.route('/org/user/new/', methods=('GET', 'POST'))
def org_user_new():
    sess = db.get_session()
    rr = mo.rights.Rights(g.user)
    rr.get_generic()

    is_org = request.endpoint == "org_org_new"

    if is_org and not rr.have_right(mo.rights.Right.add_orgs):
        raise werkzeug.exceptions.Forbidden()
    elif not rr.have_right(mo.rights.Right.add_users):
        raise werkzeug.exceptions.Forbidden()

    form = NewUserForm()
    if form.validate_on_submit():
        check = True

        if mo.users.user_by_email(form.email.data) is not None:
            flash('Účet s daným e-mailem již existuje', 'danger')
            check = False

        if check:
            new_user = db.User()
            form.populate_obj(new_user)
            new_user.is_org = is_org
            sess.add(new_user)
            sess.flush()

            app.logger.info(f"New user created: {db.row2dict(new_user)}")
            mo.util.log(
                type=db.LogType.user,
                what=new_user.user_id,
                details={'action': 'new', 'user': db.row2dict(new_user)},
            )

            sess.commit()
            flash('Nový uživatel vytvořen', 'success')

            # Send password (re)set link
            token = mo.users.ask_reset_password(new_user)
            link = url_for('reset', token=token, _external=True)
            db.get_session().commit()

            try:
                mo.util.send_password_reset_email(new_user, link)
                flash('E-mail s odkazem pro nastavení hesla odeslán na {}'.format(new_user.email), 'success')
            except RuntimeError as e:
                app.logger.error('Login: problém při posílání e-mailu: {}'.format(e))
                flash('Problém při odesílání e-mailu s odkazem pro nastavení hesla', 'danger')

            if is_org:
                return redirect(url_for('org_org', id=new_user.user_id))
            return redirect(url_for('org_user', id=new_user.user_id))

    return render_template('org_user_new.html', form=form, is_org=is_org)