[odrs-web/oscp] Use flash in more places in the admin view

From: Richard Hughes <rhughes src gnome org>
To: commits-list gnome org
Cc:
Subject: [odrs-web/oscp] Use flash in more places in the admin view
Date: Mon, 1 Jul 2019 13:27:41 +0000 (UTC)
commit c3a69dff2c3448808043321ff03013510762b6c7
Author: Richard Hughes <richard hughsie com>
Date:   Fri Jun 28 16:01:08 2019 +0100

    Use flash in more places in the admin view

 app_data/odrs/tests/odrs_test.py |  4 +--
 app_data/odrs/util.py            | 10 +-----
 app_data/odrs/views_admin.py     | 73 ++++++++++++++++++++++++----------------
 3 files changed, 47 insertions(+), 40 deletions(-)
---
diff --git a/app_data/odrs/tests/odrs_test.py b/app_data/odrs/tests/odrs_test.py
index 49a5abf..285c097 100644
--- a/app_data/odrs/tests/odrs_test.py
+++ b/app_data/odrs/tests/odrs_test.py
@@ -148,8 +148,8 @@ class OdrsTest(unittest.TestCase):
         assert b'Confirm Removal?' in rv.data, rv.data
         rv = self.app.get('/admin/delete/1/force', follow_redirects=True)
         assert b'Deleted review' in rv.data, rv.data
-        rv = self.app.get('/admin/review/1')
-        assert b'no review with that ID' in rv.data, rv.data
+        rv = self.app.get('/admin/review/1', follow_redirects=True)
+        assert b'No review with that ID' in rv.data, rv.data
 
     def _admin_moderator_add(self, username='dave', password='foobarbaz123.', email='dave dave com'):
 
diff --git a/app_data/odrs/util.py b/app_data/odrs/util.py
index d00f0b6..f55aef0 100644
--- a/app_data/odrs/util.py
+++ b/app_data/odrs/util.py
@@ -10,7 +10,7 @@ import hashlib
 
 from sqlalchemy import text
 
-from flask import Response, abort, flash
+from flask import Response
 
 def json_success(msg=None, errcode=200):
     """ Success handler: JSON output """
@@ -34,14 +34,6 @@ def json_error(msg=None, errcode=400):
                     status=errcode, \
                     mimetype='application/json')
 
-def _error_permission_denied(msg=None):
-    flash('Permission denied: %s' % msg)
-    abort(401)
-
-def _error_internal(msg=None):
-    flash('Internal error: %s' % msg)
-    abort(400)
-
 def _get_datestr_from_dt(when):
     return int('%04i%02i%02i' % (when.year, when.month, when.day))
 
diff --git a/app_data/odrs/views_admin.py b/app_data/odrs/views_admin.py
index a357ff7..60edbc1 100644
--- a/app_data/odrs/views_admin.py
+++ b/app_data/odrs/views_admin.py
@@ -19,7 +19,7 @@ from flask_login import login_required, current_user
 from odrs import app, db
 from .models import Review, User, Moderator, Vote
 from .models import _vote_exists
-from .util import _get_datestr_from_dt, _error_permission_denied, _error_internal
+from .util import _get_datestr_from_dt
 
 def _get_chart_labels_months():
     """ Gets the chart labels """
@@ -178,7 +178,8 @@ def admin_show_stats():
     """
     # security check
     if not current_user.is_admin:
-        return _error_permission_denied('Unable to show stats as non-admin')
+        flash('Unable to show stats as non-admin', 'error')
+        return redirect(url_for('.odrs_index'))
 
     stats = {}
 
@@ -244,7 +245,8 @@ def admin_distros():
     """
     # security check
     if not current_user.is_admin:
-        return _error_permission_denied('Unable to show admin_distros as non-admin')
+        flash('Unable to show distros as non-admin', 'error')
+        return redirect(url_for('.odrs_index'))
     rs = db.session.execute("SELECT DISTINCT(distro), COUNT(distro) AS total " # pylint: disable=no-member
                             "FROM reviews GROUP BY distro ORDER BY total DESC "
                             "LIMIT 8;")
@@ -267,7 +269,8 @@ def admin_show_review(review_id):
     """
     review = db.session.query(Review).filter(Review.review_id == review_id).first()
     if not review:
-        return _error_internal('no review with that ID')
+        flash('No review with that ID')
+        return redirect(url_for('.odrs_index'))
 
     # has the user already voted
     user_hash = _get_hash_for_user(current_user)
@@ -284,7 +287,8 @@ def admin_modify(review_id):
     """ Change details about a review """
     review = db.session.query(Review).filter(Review.review_id == review_id).first()
     if not review:
-        return _error_internal('no review with that ID')
+        flash('No review with that ID')
+        return redirect(url_for('.odrs_index'))
     if 'distro' in request.form:
         review.distro = request.form['distro']
     if 'locale' in request.form:
@@ -309,11 +313,13 @@ def admin_user_ban(user_hash):
     """ Change details about a review """
     # security check
     if not current_user.is_admin:
-        return _error_permission_denied('Unable to ban user as non-admin')
+        flash('Unable to ban user as non-admin', 'error')
+        return redirect(url_for('.odrs_index'))
     print(db.session.query(User).all())
     user = db.session.query(User).filter(User.user_hash == user_hash).first()
     if not user:
-        return _error_internal('no user with that user_hash')
+        flash('No user with that user_hash')
+        return redirect(url_for('.odrs_index'))
     user.is_banned = True
     db.session.commit()
     flash('Banned user')
@@ -325,7 +331,8 @@ def admin_unreport(review_id):
     """ Unreport a perfectly valid review """
     review = db.session.query(Review).filter(Review.review_id == review_id).first()
     if not review:
-        return _error_internal('no review with that ID')
+        flash('No review with that ID')
+        return redirect(url_for('.odrs_index'))
     review.reported = 0
     db.session.commit()
     flash('Review unreported')
@@ -337,7 +344,8 @@ def admin_unremove(review_id):
     """ Unreport a perfectly valid review """
     review = db.session.query(Review).filter(Review.review_id == review_id).first()
     if not review:
-        return _error_internal('no review with that ID')
+        flash('No review with that ID')
+        return redirect(url_for('.odrs_index'))
     review.date_deleted = 0
     db.session.commit()
     flash('Review unremoved')
@@ -349,7 +357,8 @@ def admin_englishify(review_id):
     """ Marks a review as writen in English """
     review = db.session.query(Review).filter(Review.review_id == review_id).first()
     if not review:
-        return _error_internal('no review with that ID')
+        flash('No review with that ID')
+        return redirect(url_for('.odrs_index'))
     parts = review.locale.split('_')
     if len(parts) == 1:
         review.locale = 'en'
@@ -364,7 +373,8 @@ def admin_anonify(review_id):
     """ Removes the username from the review """
     review = db.session.query(Review).filter(Review.review_id == review_id).first()
     if not review:
-        return _error_internal('no review with that ID')
+        flash('No review with that ID')
+        return redirect(url_for('.odrs_index'))
     review.user_display = None
     db.session.commit()
     return redirect(url_for('.admin_show_review', review_id=review_id))
@@ -375,7 +385,8 @@ def admin_delete_force(review_id):
     """ Delete a review """
     review = db.session.query(Review).filter(Review.review_id == review_id).first()
     if not review:
-        return _error_internal('no review with that ID')
+        flash('No review with that ID')
+        return redirect(url_for('.odrs_index'))
     db.session.delete(review)
     db.session.commit()
     flash('Deleted review')
@@ -414,7 +425,8 @@ def odrs_show_unmoderated():
     """
     user_hash = _get_hash_for_user(current_user)
     if not user_hash:
-        return _error_internal('no user_hash...')
+        flash('No user_hash for current user')
+        return redirect(url_for('.odrs_index'))
 
     # filter by the languages the moderator understands
     reviews = []
@@ -496,7 +508,8 @@ def admin_moderator_show_all():
     """
     # security check
     if not current_user.is_admin:
-        return _error_permission_denied('Unable to show all moderators')
+        flash('Unable to show all moderators', 'error')
+        return redirect(url_for('.odrs_index'))
     mods = db.session.query(Moderator).all()
     return render_template('mods.html', mods=mods)
 
@@ -511,16 +524,13 @@ def admin_moderator_add():
 
     # security check
     if not current_user.is_admin:
-        return _error_permission_denied('Unable to add moderator as non-admin')
-
-    if not 'password_new' in request.form:
-        return _error_permission_denied('Unable to add user as no password_new')
-    if not 'username_new' in request.form:
-        return _error_permission_denied('Unable to add user as no username_new')
-    if not 'display_name' in request.form:
-        return _error_permission_denied('Unable to add user as no display name')
-    if not 'email' in request.form:
-        return _error_permission_denied('Unable to add user as no email')
+        flash('Unable to add moderator as non-admin', 'error')
+        return redirect(url_for('.odrs_index'))
+
+    for key in ['username_new', 'password_new', 'display_name', 'email']:
+        if not key in request.form:
+            flash('Unable to add moderator as {} missing'.format(key), 'error')
+            return redirect(url_for('.odrs_index'))
     if db.session.query(Moderator).\
             filter(Moderator.username == request.form['username_new']).first():
         flash('Already a entry with that username', 'warning')
@@ -560,7 +570,8 @@ def odrs_moderator_show(moderator_id):
     Shows an admin panel for a moderator
     """
     if moderator_id != current_user.moderator_id and not current_user.is_admin:
-        return _error_permission_denied('Unable to show moderator information')
+        flash('Unable to show moderator information', 'error')
+        return redirect(url_for('.odrs_index'))
     mod = db.session.query(Moderator).filter(Moderator.moderator_id == moderator_id).first()
     if not mod:
         flash("No entry with moderator ID {}".format(moderator_id), 'warning')
@@ -574,7 +585,8 @@ def admin_moderate_delete(moderator_id):
 
     # security check
     if not current_user.is_admin:
-        return _error_permission_denied('Unable to delete moderator as not admin')
+        flash('Unable to delete moderator as not admin', 'error')
+        return redirect(url_for('.odrs_index'))
 
     # check whether exists in database
     mod = db.session.query(Moderator).filter(Moderator.moderator_id == moderator_id).first()
@@ -592,7 +604,8 @@ def admin_vote(review_id, val_str):
     """ Up or downvote an existing review by @val karma points """
     user_hash = _get_hash_for_user(current_user)
     if not user_hash:
-        return _error_internal('no user_hash...')
+        flash('No user_hash for current user')
+        return redirect(url_for('.admin_show_review', review_id=review_id))
     if val_str == 'up':
         val = 1
     elif val_str == 'down':
@@ -600,7 +613,8 @@ def admin_vote(review_id, val_str):
     elif val_str == 'meh':
         val = 0
     else:
-        return _error_internal('invalid vote value...')
+        flash('Invalid vote value')
+        return redirect(url_for('.admin_show_review', review_id=review_id))
 
     # the user already has a review
     if _vote_exists(review_id, user_hash):
@@ -624,7 +638,8 @@ def admin_user_modify_by_admin(moderator_id):
 
     # security check
     if moderator_id != current_user.moderator_id and not current_user.is_admin:
-        return _error_permission_denied('Unable to modify user as non-admin')
+        flash('Unable to modify user as non-admin', 'error')
+        return redirect(url_for('.odrs_index'))
 
     mod = db.session.query(Moderator).filter(Moderator.moderator_id == moderator_id).first()
     if not mod:
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]