def post(self):
if not self.user.is_super_admin:
raise HttpErrorException.not_found()
if self.json_request.get('clear_indexes'):
orgs = Organization.query().fetch()
for org in orgs:
indexes = org.get_indexes()
for index in indexes:
ttindex.clear_index(index)
users = User.query(User.organization == None).fetch()
for user in users:
indexes = user.get_indexes()
for index in indexes:
ttindex.clear_index(index)
project_ids = self.json_request.get('project_ids')
if project_ids:
if project_ids == 'all':
self.project_keys = Project.query().fetch(keys_only=True)
else:
if type(project_ids) is not list:
raise HttpErrorException.bad_request(
'project ids must be list')
for pro_id in project_ids:
pro = Project.get_by_id(pro_id)
if not pro:
raise HttpErrorException.bad_request(
'invalid project id given: ' + str(pro_id))
self.project_keys.append(pro.key)
t = background_thread.BackgroundThread(target=self.index_project)
t.start()
def post(self, project_id=None):
self.get_channel_token()
if not project_id and not Project.valid_id(project_id):
raise HttpErrorException.bad_request('no project id')
self.project = Project.get_by_id(project_id)
if not self.project:
raise HttpErrorException.bad_request('invalid project id')
self.get_analytic_session()
if self.json_request.get('permission'):
self._add_perm()
if not self.json_request.get('permission') and self.json_request.get(
'group_id'):
self._rm_perm()
if self.json_request.get('remove_group'):
self._remove_group()
if self.json_request.get('add_attribute'):
self._add_attribute()
if self.json_request.get('title'):
self._set_title()
if self.json_request.get('up_vote'):
self._up_vote()
if self.json_request.get('down_vote'):
self._down_vote()
if self.json_request.get('shared'):
self._shared()
self.project.pw_modified_ts = datetime.datetime.now()
self.project.put()
self.user.put()
self.write_json_response(self.project.to_dict(self.user))
def delete(self, project_id=None):
if self.request.get('token_id') is None:
raise HttpErrorException.bad_request('no token id')
self.user.current_token_id = self.request.get('token_id')
if not project_id and not Project.valid_id(project_id):
raise HttpErrorException.bad_request('no project id')
project = Project.get_by_id(project_id)
if not project:
raise HttpErrorException.bad_request('invaild project id')
if not project.has_permission_delete(self.user):
raise HttpErrorException.forbidden()
trans = Transaction(action='pro_del',
user=self.user.key,
artifact=project.key,
project=project.key)
trans.put()
self.get_channel_token()
channel_tokens = ChannelToken.get_by_project_key(
project.key, self.user_channel_token)
channel_tokens = ChannelToken.remove_unauthorized_users(
channel_tokens, [project])
message = {
'user': self.get_user_channel_data(),
'transaction': trans.to_dict(self.user)
}
ChannelToken.broadcast_message(channel_tokens, message)
project.delete(self.user)
def get(self):
if not self.request.get('project', None):
raise HttpErrorException.bad_request('invalid project id')
project = Project.get_by_id(self.request.get('project'))
if not project:
raise HttpErrorException.bad_request('invalid project id')
channel_id = server.create_uuid()
client_auth_token = auth.create_custom_token(self.user.key.id())
color = self.get_previous_color(project)
if not color:
color = ChannelToken.generate_color()
channel_token = ChannelToken(
key=ChannelToken.create_key(channel_id),
project=project.key,
user=self.user.key,
color=color,
)
channel_token.set_status(True)
channel_token.send_message({'channel_op': 'ping'})
channel_token.put()
self.write_json_response({
'channel_id': channel_id,
'auth_token': client_auth_token,
})
def get(self):
if self.json_request.get('project') is None:
raise HttpErrorException.bad_request('invalid project id')
project = Project.get_by_id(self.json_request.get('project'))
if not project:
raise HttpErrorException.bad_request('invalid project id')
if self.json_request.get('document') is None:
raise HttpErrorException.bad_request('invalid document id')
document = Document.get_by_id(self.json_request.get('document'))
if not document:
raise HttpErrorException.bad_request('invalid document id')
if not document.has_permission_read(self.user):
raise HttpErrorException.forbidden()
try:
limit = int(self.request.get('limit', 30))
except ValueError:
raise HttpErrorException.bad_request('limit must be int')
try:
before_date = int(self.request.get('before_date', 0))
except ValueError:
raise HttpErrorException.bad_request('before_date must be int')
if limit > 100:
limit = 100
if before_date and before_date > 0:
before_date = datetime.fromtimestamp(before_date / 1000.0)
chat_query = ChatMessage.query(
ndb.AND(ChatMessage.project == project.key,
ChatMessage.document == document.key,
ChatMessage.created_ts < before_date))
else:
chat_query = ChatMessage.query(
ndb.AND(ChatMessage.project == project.key,
ChatMessage.document == document.key))
chat_messages = chat_query.order(
ChatMessage.created_ts).fetch(limit=limit)
chat_messages_dict = []
for chat in chat_messages:
chat_messages_dict.append(chat.to_dict())
self.write_json_response(chat_messages_dict)
def post(self, project, concept, action):
project = Project.get_by_id(project)
if not project:
raise HttpErrorException.bad_request('invalid project id')
concept = Concept.get_by_id(concept)
if not concept:
raise HttpErrorException.bad_request('invalid concept id')
if action.rstrip() == '' or not Analytics.is_valid_action(action):
raise HttpErrorException.bad_request('invalid action')
self.get_analytic_session()
concept.record_analytic(action,
self.analytic_session,
project=project.key)
def get(self, selected_phrasing_id=None):
selected_phrasing_dict = {}
q = SelectedPhrasing.query()
if self.request.get('project_id').strip() != '':
q = q.filter(SelectedPhrasing.project == Project.get_by_id(
self.request.get('project_id').strip()).key)
if self.request.get('document_id').strip() != '':
q = q.filter(SelectedPhrasing.document == Document.get_by_id(
self.request.get('document_id').strip()).key)
if self.request.get('phrasing_id').strip() != '':
q = q.filter(SelectedPhrasing.phrasing == Phrasing.get_by_id(
self.request.get('phrasing_id').strip()).key)
for phrase in q.iter():
phrase_dict = phrase.to_dict()
selected_phrasing_dict[phrase.key.id()] = phrase_dict
self.write_json_response(selected_phrasing_dict)
def post(self):
if self.json_request.get('project') is None:
raise HttpErrorException.bad_request('invalid project id')
project = Project.get_by_id(self.json_request.get('project'))
if not project:
raise HttpErrorException.bad_request('invalid project id')
if self.json_request.get('document') is None:
raise HttpErrorException.bad_request('invalid document id')
document = Document.get_by_id(self.json_request.get('document'))
if not document:
raise HttpErrorException.bad_request('invalid document id')
if not document.has_permission_read(self.user):
raise HttpErrorException.forbidden()
msg = self.json_request.get('msg')
if not msg or msg.strip() == '':
raise HttpErrorException.bad_request('no message given')
chat = ChatMessage(key=ChatMessage.create_key(),
project=project.key,
document=document.key,
user=self.user.key,
message=msg)
chat.put()
self.get_channel_token()
channel_tokens = ChannelToken.get_by_project_key(
project.key, self.user_channel_token)
channel_tokens = ChannelToken.remove_unauthorized_users(
channel_tokens, [project, document])
message = {
'user': self.get_user_channel_data(),
'chat': chat.to_dict()
}
ChannelToken.broadcast_message(channel_tokens, message)
def get(self, project_id=None):
if project_id:
if not Project.valid_id(project_id):
raise HttpErrorException.bad_request('invalid project id')
self.project = Project.get_by_id(project_id)
if not self.project:
raise HttpErrorException.bad_request('invalid project id')
if not self.project.has_permission_read(self.user):
lr = tt_logging.construct_log(
msg_short=
'User does not have permission to access this project',
log_type=tt_logging.SECURITY,
request=self.request,
artifact=self.project,
request_user=self.user)
log.info(lr['dict_msg']['msg'], extra=lr)
self.redirect('/', abort=True)
self._serve_page()
elif self.request.get('type') == 'json':
self._serve_json()
def get(self):
if not self.request.get('project', None):
raise HttpErrorException.bad_request('invalid project id')
project = Project.get_by_id(self.request.get('project'))
if not project:
raise HttpErrorException.bad_request('invalid project id')
self.get_user_channel_data()
channel_tokens = ChannelToken.get_by_project_key(
project.key, self.user_channel_token)
channel_tokens_list = []
for channel_token in channel_tokens:
user = channel_token.user.get()
if channel_token:
channel_tokens_list.append({
'username':
user.username,
'display_name':
user.display_name,
'channel_id':
channel_token.id,
'link_id':
channel_token.link_id,
'color':
channel_token.color,
'concept':
channel_token.concept.id()
if channel_token.concept else '',
'document':
channel_token.document.id()
if channel_token.document else '',
})
self.write_json_response(channel_tokens_list)
self.ping_test(project)
def put(self):
pro = Project.get_by_id(self.json_request.get('project', 'none'))
if not pro:
raise HttpErrorException.bad_request('invalid project id')
doc = Document.get_by_id(self.json_request.get('document', 'none'))
if not doc:
raise HttpErrorException.bad_request('invalid document id')
if not doc.has_permission_write(self.user):
raise HttpErrorException.forbidden()
if doc.key != pro.distilled_document and doc.key not in pro.documents:
raise HttpErrorException.bad_request(
'document does not belong to project')
pres_doc = PresentationDocument(key=PresentationDocument.create_key(),
project=pro.key,
document=doc.key)
doc.presentation_document = pres_doc.key
pro.pw_modified_ts = datetime.datetime.now()
ndb.put_multi([pres_doc, doc, pro])
self.write_json_response(pres_doc.to_dict())
def put(self, document_id=None):
if not self.json_request.get('project') and not Project.valid_id(
self.json_request.get('project')):
raise HttpErrorException.bad_request('invalid project id')
pro = Project.get_by_id(self.json_request.get('project'))
if not pro:
raise HttpErrorException.bad_request('invalid project id')
if not pro.has_permission_read(self.user):
raise HttpErrorException.forbidden()
if not self.json_request.get('title'):
raise HttpErrorException.bad_request('invalid title')
doc = Document(key=Document.create_key())
doc.project = pro.key
doc.title = self.json_request.get('title')
doc.subtitle = self.json_request.get('subtitle')
doc.author = self.json_request.get('author')
doc.version = self.json_request.get('version')
doc.date = self.json_request.get('date')
doc.copyright_text = self.json_request.get('copyright')
doc.description = self.json_request.get('description')
doc.owner.append(self.user.key)
doc_perm = Permission(permissions=Permission.init_perm_struct(
Document.operations_list),
key=Permission.create_key(),
project=pro.key)
doc_perm.artifact = doc.key
doc_perm.put()
doc.permissions = doc_perm.key
if self.user.in_org():
doc.organization = self.user.organization
doc.parent_perms = [
pro.permissions,
pro.distilled_document.get().permissions
]
doc.put()
pro.documents.append(doc.key)
indexes = self.user.get_put_index()
doc.index(indexes)
pro.pw_modified_ts = datetime.datetime.now()
pro.put()
self.write_json_response(doc.to_dict(self.user))
action_data = {'document': doc.to_dict(self.user)}
trans = Transaction(action='doc_new',
user=self.user.key,
artifact=doc.key,
project=pro.key,
action_data=action_data)
trans.put()
self.get_channel_token()
channel_tokens = ChannelToken.get_by_project_key(
pro.key, self.user_channel_token)
channel_tokens = ChannelToken.remove_unauthorized_users(
channel_tokens, [doc])
for channel_token in channel_tokens:
trans.action_data['document'] = doc.to_dict(
channel_token.user.get())
message = {
'user': self.get_user_channel_data(),
'transaction': trans.to_dict(self.user)
}
ChannelToken.broadcast_message([channel_token], message)
def get(self, project, document, group):
if not project:
raise HttpErrorException.bad_request('invalid project given')
project = Project.get_by_id(project)
if not project:
raise HttpErrorException.bad_request('invalid project given')
if not project.has_permission_read(self.user):
raise HttpErrorException.forbidden()
if not document:
raise HttpErrorException.bad_request('invalid document given')
document = Document.get_by_id(document)
if not document:
raise HttpErrorException.bad_request('invalid document given')
if not document.has_permission_read(self.user):
raise HttpErrorException.forbidden()
if not group:
raise HttpErrorException.bad_request('invalid group given')
group = Group.get_by_id(group)
if not group:
raise HttpErrorException.bad_request('invalid group given')
if document.key not in project.documents and document.key != project.distilled_document:
raise HttpErrorException.bad_request(
'document does not belong to project')
temp_user = User()
temp_user.groups = [group.key, Group.get_worldshare().key]
org = self.user.organization if self.user.organization else None
if org:
temp_user.organization = org
if not document.has_permission_read(temp_user):
raise HttpErrorException.bad_request(
'Group does not have permission to read the document')
pubs = document.get_presentation_published(group=group)
version_int = PublishDocument.get_largest_version(pubs)
if version_int is None:
version_int = 1
else:
version_int += 1
version = self.request.get('version', str(version_int))
if version == 'latest':
raise HttpErrorException.bad_request('invalid version given')
for pub in pubs:
if pub.version == version:
raise HttpErrorException.bad_request(
'version name already taken')
try:
slide_count = int(self.request.get('slide_count', 15))
except ValueError:
raise HttpErrorException.bad_request(
'invalid slide count, must be integer')
if slide_count < 1:
raise HttpErrorException.bad_request(
'invalid slide_count given min 1')
if slide_count > 100:
raise HttpErrorException.bad_request(
'invalid slide_count given max 100')
try:
min_bullet = int(self.request.get('min_bullet', 4))
except ValueError:
raise HttpErrorException.bad_request(
'invalid min bullet, must be integer')
if min_bullet < 1:
raise HttpErrorException.bad_request(
'invalid min_bullet given min 1')
if min_bullet > 15:
raise HttpErrorException.bad_request(
'invalid min_bullet given max 15')
try:
max_bullet = int(self.request.get('max_bullet', 6))
except ValueError:
raise HttpErrorException.bad_request(
'invalid max bullet, must be integer')
if max_bullet < 1:
raise HttpErrorException.bad_request(
'invalid max_bullet given min 1')
if max_bullet > 15:
raise HttpErrorException.bad_request(
'invalid max_bullet given max 15')
if min_bullet > max_bullet:
raise HttpErrorException.bad_request(
'min_bullet can not be greater than max_bullet')
publisher = PresentationPublisherThread()
publisher.id = server.create_uuid()
publisher.request = self
publisher.project = project
publisher.document = document
publisher.slide_count = slide_count
publisher.min_bullet = min_bullet
publisher.max_bullet = max_bullet
publisher.group = group
publisher.user = self.user
publisher.version = version
if publisher.is_lock():
raise HttpErrorException.bad_request('publisher already running')
publisher.start()
self.write_json_response({'id': publisher.id})
self.get_analytic_session()
document.record_analytic('pres_publish',
self.analytic_session,
project=project.key)
def get(self, project, document, group):
if not project:
raise HttpErrorException.bad_request('invalid project given')
project = Project.get_by_id(project)
if not project:
raise HttpErrorException.bad_request('invalid project given')
if not project.has_permission_read(self.user):
raise HttpErrorException.forbidden()
if not document:
raise HttpErrorException.bad_request('invalid document given')
document = Document.get_by_id(document)
if not document:
raise HttpErrorException.bad_request('invalid document given')
if not document.has_permission_read(self.user):
raise HttpErrorException.forbidden()
if not group:
raise HttpErrorException.bad_request('invalid group given')
group = Group.get_by_id(group)
if not group:
raise HttpErrorException.bad_request('invalid group given')
temp_user = User()
temp_user.groups = [group.key, Group.get_worldshare().key]
org = self.user.organization if self.user.organization else None
if org:
temp_user.organization = org
if not document.has_permission_read(temp_user):
raise HttpErrorException.bad_request(
'Group does not have permission to read the document')
if document.key not in project.documents and document.key != project.distilled_document:
raise HttpErrorException.bad_request(
'document does not belong to project')
pubs = document.get_published(group=group)
version_int = PublishDocument.get_largest_version(pubs)
if version_int is None:
version_int = 1
else:
version_int += 1
version = self.request.get('version', str(version_int))
if version == 'latest':
raise HttpErrorException.bad_request('invalid version given')
pubs = document.get_published(group=group)
for pub in pubs:
if pub.version == version:
raise HttpErrorException.bad_request(
'version name already taken')
publisher = DocumentPublisherThread()
publisher.id = server.create_uuid()
publisher.request = self
publisher.project = project
publisher.document = document
publisher.group = group
publisher.user = self.user
publisher.version = version
if publisher.is_lock():
raise HttpErrorException.bad_request('publisher already running')
publisher.start()
self.write_json_response({'id': publisher.id})
self.get_analytic_session()
document.record_analytic('doc_publish',
self.analytic_session,
project=project.key)
def _serve_project_json(self):
depth = 0
if self.request.get('depth').strip() != '':
depth = self._to_int(self.request.get('depth'))
if self.request.get('project_id').strip() != '':
project = Project.get_by_id(self.request.get('project_id').strip())
if not project.has_permission_read(self.user):
lr = tt_logging.construct_log(
msg_short=
'User does not have permission to access this project',
log_type=tt_logging.SECURITY,
request=self.request,
artifact=project,
request_user=self.user)
log.info(lr['dict_msg']['msg'], extra=lr)
raise HttpErrorException.forbidden()
project_dict = project.to_dict(
depth,
self.user,
get_treeview=self.request.get('get_treeview'))
else:
q = Project.query(Project.owner == self.user.key)
projects = []
for results in q.iter():
if results.has_permission_read(self.user):
projects.append(results)
groups = ndb.get_multi(self.user.groups)
for group in groups:
pros = ndb.get_multi(group.artifacts)
index = 0
for pro in pros:
if pro is None:
group.artifacts.remove(group.artifacts[index])
lr = tt_logging.construct_log(
msg_short='Found Broken Project Key',
msg=
'Found broken project key (%s) in group artifact list'
'\n Key has been removed' % group.artifacts[index],
log_type=tt_logging.SECURITY,
request=self.request,
request_user=self.user)
log.info(lr['dict_msg']['msg'], extra=lr)
if pro.has_permission_read(self.user):
if pro not in projects:
projects.append(pro)
index += 1
project_dict = []
for project in projects:
project_dict.append(project.to_dict(self.user))
self.write_json_response(project_dict)
def post(self):
query_dict = self.json_request.get('query')
if not query_dict:
raise HttpErrorException.bad_request('no query given')
if not query_dict['pro']:
raise HttpErrorException.bad_request('no project id given')
project = Project.get_by_id(query_dict['pro'])
if not project:
raise HttpErrorException.bad_request('invalid project id given')
if not project.has_permission(self.user, 'read'):
raise HttpErrorException.forbidden()
index = project.get_indexes(create_new=False)
self.get_analytic_session()
query_string = 'pro=%s typ=(phr OR anno_reply) (reply=(%s) OR phr=(%s))' % (
project.key.id(), query_dict.get('string',
''), query_dict.get('string', ''))
if index is not None and len(index) > 0:
search_results = ttindex.ttsearch(index,
query_string,
limit=1000,
use_cursor=False,
user=self.user)
concepts = []
concept_ids = []
while len(concepts) < 20 and search_results is not None:
for sr in search_results:
if sr['fields']['con'] not in concept_ids:
concept_ids.append(sr['fields']['con'])
if sr['fields']['typ'] == 'phr':
concept = Concept.get_by_id(sr['fields']['con'])
phrasing = Phrasing.get_by_id(sr['id'])
if concept.has_permission_read(
self.user
) and phrasing.has_permission_read(self.user):
concepts.append({
'con_id': sr['fields']['con'],
'phr_text': sr['fields']['phr']
})
elif sr['fields']['typ'] == 'anno_reply':
concept = Concept.get_by_id(sr['fields']['con'])
document = Document.get_by_id(sr['fields']['doc'])
if concept.has_permission_read(self.user) and \
document.has_permission_read(self.user) and \
document.has_permission_annotation_read(self.user):
concepts.append({
'con_id':
sr['fields']['con'],
'phr_text':
sr['fields']['reply']
})
if len(concepts) >= 20:
break
else:
search_results = ttindex.ttsearch(index,
query_dict,
limit=1000,
user=self.user)
self.write_json_response({'concepts': concepts})
else:
self.write_json_response({'concepts': ''})
project.record_analytic('pro_search',
self.analytic_session,
meta_data={'sch_query': str(query_dict)})