def describe_extension(doc): if doc.filetype == "image": return _("Images") elif doc.filetype == "folder": return _("Folders") elif doc.extension in (".txt|.rtf|.rtf|.doc|.docx|.odt|" ".odc|.odp|.pdf|.ppt|.xls|.xlsx"): return _("Documents") elif doc.extension in ".zip|.rar|.tar|.gz|.bz|.tgz|.arj|.7z": return _("Archives") else: return _("Files")
def GET(self, page_path): try: page = get_page_by_path(page_path) if not page.is_published and not auth.get_user(): raise flash.redirect(_(page_access_forbidden_text), "/login") load_page_data(page) if auth.has_role("admin"): json_data = web.storage( page=page_to_json(page), pages=pages_to_json(get_pages_in_tree_order()), ) else: json_data = web.storage() if "edit" in web.input() and auth.has_role("admin"): json_data.update( page_block=block_to_json( get_page_block_by_page_id(page.id)), template_blocks=template_blocks_to_json() ) else: load_page_blocks(page.id) return render.pages.page(json_data) except IndexError: raise web.notfound()
def create_document(document): """Creates new document and saves upload""" parent = get_document_by_id(document.parent_id) document.update( ids=(parent.ids or "") + "," + str(parent.id), level=parent.level + 1, parent_id=int(document.parent_id), created_at=web.SQLLiteral("CURRENT_TIMESTAMP"), user_id=auth.get_user().id, is_published=True, # True for the new documents ) if document.type == "folder": del document["upload"] if not document.title: document.title = _("Untitled Folder") else: upload = document.pop("upload") try: mimetype, encoding = mimetypes.guess_type(upload.filename) filename, filesize = save_document(upload.file) title, extension = os.path.splitext(upload.filename) document.update( title=document.title or title, filename=filename, extension=extension.lower(), mimetype=mimetype, type="image" if "image" in mimetype else "document", filesize=filesize, ) except: raise flash.error(_("File upload error.")) if document.position: document.position = int(document.position) # Shift positions to free the space to insert document expand_tree_siblings("documents", document) else: document.position = get_last_position("documents", document.parent_id) document.id = db.insert("documents", **document) # TODO: fix created_at return document
def GET(self, user_id, method): user = auth.get_user(user_id=user_id, is_deleted=True) if user.id != auth.get_user().id: auth.update_user(user.id, is_deleted=method == "delete") if method == "delete": flash.set(_(undo_user_text) % link_to("users", user, "undelete")) applog.info(_(deleted_user_text) % user.title, "users", user.id, "warn") else: flash.set(_(undelete_user_text)) applog.info(undeleted_user_text % user.title, "users", user.id, "warn") auth.delete_session(user.id) else: flash.set(_(cannot_delete_self_text), "error") raise web.seeother("/a/users")
def POST(self): form = passwordResetForm() if form.validates(): try: user = auth.get_user(email=form.d.email, with_password=True) token_url = "%s%s/%s$%s" % (web.ctx.home, "/password_reset", user.id, make_token(user)) mailer.send( user.email, render_email.password_reset(user, token_url), send_now=True, is_secure=True, ) flash.set(_(sent_text)) raise web.seeother("/") except IndexError: form.note = _(email_doesnt_exist_text) return render.auth.reset_token(form)
def POST(self, uid, token): # artificial delay (to slow down brute force attacks) sleep(0.5) form = passwordChangeForm(web.input()) if form.valid: try: user = auth.get_user(user_id=uid, with_password=True) if not user or not check_token(user, token, auth.config.reset_expire_after): raise AuthError auth.set_password(user.email, form.d.password) auth.login(user) flash.set(_(changed_text)) except AuthError: flash.set(_(reset_text)) raise web.seeother("/") else: return render.auth.reset_change(form)
def GET(self, page_id): try: page = get_page_by_id(page_id) if auth.get_user() or is_page_published(page): raise web.seeother(page.path) else: raise flash.redirect(_(page_access_forbidden_text), "/login") except IndexError: raise web.notfound()
def GET(self, uid, token): # artificial delay (to slow down brute force attacks) sleep(0.5) try: user = auth.get_user(user_id=uid, with_password=True) if not user or not check_token(user, token, auth.config.reset_expire_after): raise AuthError return render.auth.reset_change(passwordChangeForm) except AuthError: flash.set(_(reset_text)) raise web.seeother("/")
def delete_document_by_id(document_id): document = get_document_by_id(document_id) # cannot delete system files and folders if document.is_system: raise flash.error( _("Cannot edit or delete system files and folders.")) # Collapse positions collapse_tree_siblings("documents", document) # Delete branch recursively return delete_tree_branch("documents", document, func=delete_document_file)
def download_document(document): if (not auth.has_role("admin", "editor", "user") and not document.is_published): raise flash.redirect(_("Cannot download this document")) web.header("Content-Disposition", "attachment; filename=%s" % slugify(document.title) + document.extension) web.header("Content-Type", document.mimetype) f = open(os.path.join(config.upload_dir, document.filename), 'rb') while 1: buf = f.read(1024 * 8) if not buf: break yield buf
def update_document_by_id(document_id, data): document = get_document_by_id(document_id) # Cannot edit system files and folders if document.is_system: raise flash.error( _("Cannot edit or delete system files and folders.")) parent = get_document_by_id(data.parent_id) # TODO: custom input field that returns integer value data.update( ids=(parent.ids or "") + "," + str(parent.id), level=parent.level + 1, position=int(data.position), parent_id=parent.id, updated_at=web.SQLLiteral("CURRENT_TIMESTAMP"), ) with db.transaction(): # Transact changes to positions if (data.position != document.position or data.parent_id != document.parent_id): # Collapse positions for the removed document collapse_tree_siblings("documents", document) # Shift positions to free the space to insert document expand_tree_siblings("documents", data) # Cannot change documents type and upload del data["type"] del data["upload"] db.update( "documents", where="id = $document_id", vars=locals(), **data) # Update document with data # TODO: fix updated_at document.update(data) return document
def filesize(doc): return unicode((doc.filesize or 0) / 1024) + u" " + _("kb")