diff --git a/advlabdb/adminModelViews.py b/advlabdb/adminModelViews.py index 7283fc9..8571fc4 100644 --- a/advlabdb/adminModelViews.py +++ b/advlabdb/adminModelViews.py @@ -138,8 +138,6 @@ class UserView(SecureAdminModelView): generate_new_password = BooleanField("Generate new random password", default=False) - form = EditForm - can_view_details = True column_list = [ @@ -172,10 +170,6 @@ class UserView(SecureAdminModelView): "active", ] - def create_form(self, obj=None): - form = self.CreateForm - return form(get_form_data(), obj=obj) - def create_model(self, form): try: password = randomPassword() @@ -296,8 +290,6 @@ class SemesterView(SecureAdminModelView): default=True, ) - form = CreateForm - can_edit = False can_delete = False can_view_details = True @@ -507,8 +499,6 @@ class PartStudentView(SecureAdminModelView): student = None part = None - form = EditForm - column_list = [ "student", "part", @@ -547,10 +537,6 @@ class PartStudentView(SecureAdminModelView): def queryFilter(self): return PartStudent.part.has(Part.semester == userActiveSemester()) - def create_form(self, obj=None): - form = self.CreateForm - return form(get_form_data(), obj=obj) - def on_model_change(self, form, model, is_created): PartStudent.check(model.group, model.part) @@ -621,12 +607,12 @@ class GroupView(SecureAdminModelView): return Group.customInit(form.part_students.data) def create_form(self, obj=None): - form = GroupView.formFactory(is_created=True, group=None) - return form(get_form_data(), obj=obj) + formClass = GroupView.formFactory(is_created=True, group=None) + return formClass(get_form_data(), obj=obj) def edit_form(self, obj=None): - form = GroupView.formFactory(is_created=False, group=obj) - return form(get_form_data(), obj=obj) + formClass = GroupView.formFactory(is_created=False, group=obj) + return formClass(get_form_data(), obj=obj) class ExperimentView(SecureAdminModelView): @@ -745,8 +731,6 @@ class SemesterExperimentView(SecureAdminModelView): class EditForm(CreateForm): experiment = None - form = EditForm - can_view_details = True column_list = [ @@ -773,10 +757,6 @@ class SemesterExperimentView(SecureAdminModelView): ), ] - def create_form(self, obj=None): - form = self.CreateForm - return form(get_form_data(), obj=obj) - def queryFilter(self): return SemesterExperiment.semester == userActiveSemester() @@ -981,8 +961,6 @@ class GroupExperimentView(SecureAdminModelView): blank_text=assistantBlankText, ) - form = CreateForm - can_edit = False can_view_details = True @@ -1094,7 +1072,7 @@ class AppointmentView(SecureAdminModelView): def customId(self, row): return row.assistant_id - class CreateForm(Form): + class CreateAndEditForm(Form): group_experiment = QuerySelectField( "Group Experiment", query_factory=groupExperimentQueryFactory, @@ -1111,8 +1089,6 @@ class AppointmentView(SecureAdminModelView): blank_text=assistantBlankText, ) - form = CreateForm - column_filters = ( ExperimentFilter(Appointment, "Experiment"), AssistantFilter(Appointment, "Assistant"), @@ -1290,8 +1266,6 @@ class ExperimentMarkView(SecureAdminModelView): description=f"Between {MIN_MARK} and {MAX_MARK}", ) - form = EditForm - column_descriptions = { "oral_mark": f"Between {MIN_MARK} and {MAX_MARK}", "protocol_mark": f"Between {MIN_MARK} and {MAX_MARK}", @@ -1341,10 +1315,6 @@ class ExperimentMarkView(SecureAdminModelView): ) """ - def create_form(self, obj=None): - form = self.CreateForm - return form(get_form_data(), obj=obj) - def customCreateModel(self, form): return ExperimentMark.customInit( part_student=form.part_student.data, group_experiment=form.group_experiment.data diff --git a/advlabdb/assistantModelViews.py b/advlabdb/assistantModelViews.py index f695c5b..1da843d 100644 --- a/advlabdb/assistantModelViews.py +++ b/advlabdb/assistantModelViews.py @@ -150,8 +150,6 @@ class AssistantUserView(SecureAssistantModelView): generate_new_password = BooleanField("Generate new random password", default=False) - form = EditForm - can_edit = True column_display_actions = True diff --git a/advlabdb/customClasses.py b/advlabdb/customClasses.py index e35a89f..2e06595 100644 --- a/advlabdb/customClasses.py +++ b/advlabdb/customClasses.py @@ -1,6 +1,7 @@ from flask import flash, redirect, request, url_for from flask_admin import AdminIndexView, BaseView, expose from flask_admin.contrib.sqla import ModelView +from flask_admin.helpers import get_form_data from flask_admin.model.helpers import get_mdict_item_or_list from flask_admin.model.template import EndpointLinkRowAction from flask_security import current_user @@ -92,25 +93,22 @@ class CustomModelView(ModelView): can_view_details = False - queryFilter = None - customCreateModel = None - def inaccessible_callback(self, name, **kwargs): # Redirect to login page if user doesn't have access return redirect(url_for("security.login", next=request.url)) def get_query(self): - if self.queryFilter: - return super().get_query().filter(self.queryFilter()) - else: + if not hasattr(self, "queryFilter"): return super().get_query() + return super().get_query().filter(self.queryFilter()) + def get_count_query(self): - if self.queryFilter: - return super().get_count_query().filter(self.queryFilter()) - else: + if not hasattr(self, "queryFilter"): return super().get_count_query() + return super().get_count_query().filter(self.queryFilter()) + def handle_view_exception(self, exc): if type(exc) in (ModelViewException, DataBaseException): flash(str(exc), "error") @@ -119,25 +117,45 @@ class CustomModelView(ModelView): return super().handle_view_exception(exc) def create_model(self, form): - if not self.customCreateModel: + if not hasattr(self, "customCreateModel"): return super().create_model(form) + + try: + model = self.customCreateModel(form) + + self.session.add(model) + + self.on_model_change(form, model, True) + + self.session.commit() + except Exception as ex: + flash(str(ex), "error") + + self.session.rollback() else: - try: - model = self.customCreateModel(form) + self.after_model_change(form, model, True) - self.session.add(model) + return model - self.on_model_change(form, model, True) + def create_form(self, obj=None): + if hasattr(self, "CreateForm"): + formClass = self.CreateForm + elif hasattr(self, "CreateAndEditForm"): + formClass = self.CreateAndEditForm + else: + return super().create_form(obj) - self.session.commit() - except Exception as ex: - flash(str(ex), "error") + return formClass(get_form_data(), obj=obj) - self.session.rollback() - else: - self.after_model_change(form, model, True) + def edit_form(self, obj=None): + if hasattr(self, "EditForm"): + formClass = self.EditForm + elif hasattr(self, "CreateAndEditForm"): + formClass = self.CreateAndEditForm + else: + return super().edit_form(obj) - return model + return formClass(get_form_data(), obj=obj) class SecureAdminModelView(CustomModelView): @@ -171,10 +189,10 @@ class SecureAssistantModelView(CustomModelView): details_template = "assistant_details.html" """ - Every variable and method defined below in this class except queryFilter is NOT ALLOWED TO BE (completely) OVERWRITTEN! - You can only extend the methods. - queryFilter has to be implemented by overriding it. - This is because of security reasons! + SECURITY NOTES: + - Every variable and method defined below in this class is NOT ALLOWED TO BE (completely) OVERWRITTEN! + You can only extend the predefined methods. + - The method queryFilter(self) has to be implemented! """ # Assistants are not allowed to create or delete.