def handler(req):
cookie = PoorSession(req)
if 'login' not in cookie.data:
req.log_error('Login cookie not found.', state.LOG_INFO)
redirect(req, '/', text='Login required')
return fn(req)
def admin_orders_action(req, id):
check_login(req)
check_token(req, req.form.get('token'))
check_right(req, module_right)
if req.uri.endswith('/storno'):
ostate = STATE_STORNED
elif req.uri.endswith('/process'):
ostate = STATE_PROCESS
elif req.uri.endswith('/sent'):
ostate = STATE_SENT
elif req.uri.endswith('/close'):
ostate = STATE_CLOSED
elif req.uri.endswith('/wait_for_paid'):
ostate = STATE_WAIT_FOR_PAID
elif req.uri.endswith('/wait_for_pick_up'):
ostate = STATE_WAIT_FOR_PICK_UP
else:
raise SERVER_RETURN(state.HTTP_BAD_REQUEST)
note = req.form.getfirst('note', '', uni)
order = Order(id)
if order.set_state(req, ostate, note) is None:
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
if ostate != STATE_CLOSED:
send_order_status(req, order)
redirect(req, '/admin/eshop/orders/%d' % id)
def logout(req):
req.log_error("Input cookies: %s" % repr(req.cookies), state.LOG_DEBUG)
cookie = PoorSession(req)
cookie.destroy()
cookie.header(req, req.headers_out)
req.log_error("Output headers: %s" % req.headers_out, state.LOG_DEBUG)
redirect(req, '/')
def login(req):
# password check is missing !
cookie = PoorSession(req)
cookie.data['hash'] = random_string()
# cookie data are crypted with poorwsgi secret key
cookie.header(req, req.headers_out)
redirect(req, '/')
def admin_pages_regenerate_all(req):
check_login(req, '/log_in?referer=/admin/pages')
check_right(req, 'pages_modify')
Page.regenerate_all(req)
# TODO: redirect to same page
redirect(req, '/admin/pages?error=%d' % SUCCESS)
def check_origin(req, redirect=None):
if not do_check_origin(req):
req.log_error("Origin not check", state.LOG_ALERT)
if redirect:
redirect(req, redirect)
req.precondition = Object()
req.precondition.origin = "%s://%s" % (req.scheme, req.hostname)
raise SERVER_RETURN(state.HTTP_PRECONDITION_FAILED)
def admin_pages_del(req, pid):
check_login(req, '/log_in?referer=/admin/jopbs')
check_right(req, 'super')
check_referer(req, '/admin/jobs')
job = Job(pid=pid)
job.delete(req)
redirect(req, '/admin/jobs')
def redirect_ruri(req, *args):
item = Redirect()
item.src = req.uri_rule
item.get(req, key='src')
dst = item.dst.format(*args)
print args
redirect(req, dst,
permanent=int(item.code == state.HTTP_MOVED_PERMANENTLY))
def check_token(req, token, redirect=None, uri=None):
if not do_check_token(req, token, uri):
req.log_error("Token {0!r} not check".format(token), state.LOG_ALERT)
if redirect:
redirect(req, redirect)
req.precondition = Object()
req.precondition.csrf = True
raise SERVER_RETURN(state.HTTP_PRECONDITION_FAILED)
def check_referer(req, uri, redirect=None):
full_referer = create_referer(req, uri)
if not req.referer or full_referer != req.referer.split("?")[0]:
req.log_error("Referer %s not check" % uri, state.LOG_ALERT)
if redirect:
redirect(req, redirect)
req.precondition = Object()
req.precondition.referer = full_referer
raise SERVER_RETURN(state.HTTP_PRECONDITION_FAILED)
def articles_comment(req, arg):
id = arg if isinstance(arg, int) else None
uri = arg if isinstance(arg, unicode) else None
article, rv = articles_comment_internal(req, uri, id)
if hasattr(rv, 'reason'):
return articles_detail_internal(req, article, error=rv, form=req.form)
elif rv is None:
raise SERVER_RETURN(state.HTTP_INTERNAL_SERVER_ERROR)
redirect(req, req.uri+'#comment_%s' % rv.id)
def verify(req, servis_hash):
login = Login()
status = login.verify(req, servis_hash)
if status is True:
do_login(req, login.simple())
redirect(req, "/")
elif status == OK:
return generate_page(req, "/login/email_verificated.html")
else:
return generate_page(req, "/login/email_verificated.html", error=status, item=login)
def admin_logins_enable(req, id):
check_login(req, "/log_in?referer=/admin/logins")
check_right(req, R_ADMIN)
check_token(req, req.form.get("token"))
login = Login(id)
if req.login.id == login.id: # not good idea to
raise SERVER_RETURN(state.HTTP_FORBIDDEN) # disable himself
login.enabled = int(req.uri.endswith("/enable"))
login.enable(req)
redirect(req, "/admin/logins")
def handler(req):
session = PoorSession(app.secret_key)
try:
session.load(req.cookies)
except SessionError:
pass
if 'login' not in session.data:
log.info('Login cookie not found.')
redirect(
"/",
message="Login required",
)
return fun(req)
def admin_pages_del(req, id):
""" Delete page, could:
* author of page if have still pages_author right
* admin with pages_modify
"""
check_login(req, '/log_in?referer=/admin/pages')
match_right(req, ('pages_author', 'pages_modify'))
check_token(req, req.form.get('token'))
page = Page(id)
if not page.check_right(req):
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
page.delete(req)
# TODO: redirect to same page
redirect(req, '/admin/pages?error=%d' % SUCCESS)
def root(req):
check_login(req)
check_right(req, 'admin')
no_section = Menu('')
no_section.items = list(item for item in admin_sections if isitem(item))
x_menu = Menu(admin_sections.label)
x_menu.append(no_section)
x_menu.items += [item for item in admin_sections if ismenu(item)]
x_menu = correct_menu(req, x_menu)
# if there is only one link, redirect to it
if len(x_menu) == 1 and len(x_menu[0]) == 1:
redirect(req, x_menu[0][0].uri)
return generate_page(req, "admin/admin.html", admin_sections=x_menu)
def admin_news_add(req):
check_login(req)
match_right(req, module_rights)
new = New()
if req.method == "POST":
new.bind(req.form, req.login.id)
error = new.add(req)
if error:
return generate_page(req, "admin/news_mod.html", new=new, error=error)
redirect(req, "/admin/news/%d" % new.id)
# end
new.state = 2 if do_check_right(req, "news_editor") else 1
return generate_page(req, "admin/news_mod.html", new=new)
def root(req):
check_login(req)
no_section = Menu("")
no_section.items = list(item for item in user_sections if isitem(item))
x_menu = Menu(user_sections.label)
x_menu.append(no_section)
x_menu.items += [item for item in user_sections if ismenu(item)]
x_menu = correct_menu(req, x_menu)
# if there is only one link, redirect to it
if len(x_menu) == 1 and len(x_menu[0]) == 1:
redirect(req, x_menu[0][0].uri)
return generate_page(req, "user/user.html", user_sections=x_menu)
def admin_item_state(req, id):
check_login(req, '/log_in?referer=/admin/eshop/store')
check_right(req, module_right)
check_token(req, req.form.get('token'), uri='/admin/eshop/store')
item = Item(id)
if not item.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
if req.uri.endswith('/visible'):
item.set_state(req, STATE_VISIBLE)
elif req.uri.endswith('/hidden'):
item.set_state(req, STATE_HIDDEN)
else:
item.set_state(req, STATE_DISABLED)
redirect(req, req.referer)
def admin_articles_add(req):
check_login(req)
match_right(req, module_rights)
article = Article()
if req.method == 'POST':
article.bind(req.form, req.login.id)
error = article.add(req)
if error:
return generate_page(req, "admin/articles_mod.html",
article=article, error=error)
redirect(req, '/admin/articles/%d' % article.id)
# end
article.state = 2 if do_check_right(req, right_editor) else 1
return generate_page(req, "admin/articles_mod.html", article=article)
def user_orders_storno(req, id):
check_login(req)
# TODO: check_token
check_referer(req, '/eshop/orders/%d' % id)
message = req.form.getfirst('message', '', uni)
order = Order(id)
if order.get(req) is None:
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
if order.client_id != req.login.id:
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
if order.set_state(req, STATE_STORNED, usernote=message) is None:
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
send_order_status(req, order)
redirect(req, '/eshop/orders/%d' % id)
def admin_news_enable(req, id):
check_login(req, "/log_in?referer=/admin/news")
match_right(req, module_rights)
check_referer(req, "/admin/news")
new = New(id)
if not new.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
if (not do_check_right(req, "news_editor")) and (
not (new.author_id == req.login.id and new.public_date.year == 1970)
):
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
n_state = int(req.uri.endswith("/enable"))
n_state = (n_state * 2) if new.public_date.year > 1970 else n_state
new.set_state(req, n_state)
redirect(req, "/admin/news")
def admin_articles_enable(req, id):
check_login(req, '/log_in?referer=/admin/articles')
match_right(req, module_rights)
check_referer(req, '/admin/articles')
article = Article(id)
if not article.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
if (not do_check_right(req, right_editor)) \
and (not (article.author_id == req.login.id
and article.public_date.year == 1970)):
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
n_state = int(req.uri.endswith('/enable'))
n_state = (n_state * 2) if article.public_date.year > 1970 else n_state
article.set_state(req, n_state)
redirect(req, '/admin/articles')
def admin_item_add(req):
check_login(req)
check_right(req, module_right)
item = Item()
if req.method == 'POST':
check_token(req, req.form.get('token'), uri='/admin/eshop/store/add')
item.bind(req.form)
error = item.add(req)
if error != item:
return generate_page(req, "admin/eshop/item_mod.html",
item=item, error=error)
redirect(req, '/admin/eshop/store/%d' % item.id)
# endif
return generate_page(req, "admin/eshop/item_mod.html",
token=create_token(req), item=item)
def admin_pagse_add(req):
check_login(req)
match_right(req, ('pages_author', 'pages_modify'))
token = do_create_token(req, '/admin/pages/add')
if req.method == 'POST':
check_token(req, req.form.get('token'))
page = Page()
page.bind(req.form, req.login.id)
error = page.add(req)
if error:
return generate_page(req, "admin/pages_mod.html", token=token,
rights=rights, page=page, error=error)
redirect(req, '/admin/pages/%d' % page.id)
# end
return generate_page(req, "admin/pages_mod.html", token=token,
rights=rights)
def login(req):
referer = req.args.getfirst("referer", "", str)
data = Object(referer=referer, email="")
if req.method == "POST":
login = Login()
login.bind(req.form, req.cfg.login_rounds)
ip = "ip" in req.form
if login.find(req):
do_login(req, login.simple(), ip)
if referer:
redirect(req, referer)
if "admin" in login.rights or "super" in login.rights:
redirect(req, "/admin")
redirect(req, "/")
data.ip = ip
data.email = login.email
data.error = BAD_LOGIN
return generate_page(
req, "login.html", data=data, sign_up=req.cfg.login_sign_up, password_link=req.cfg.login_forget_password_link
)
def admin_logins_add(req):
check_login(req)
check_right(req, R_ADMIN)
token = do_create_token(req, "/admin/logins/add")
if req.method == "POST":
check_token(req, req.form.get("token"))
login = Login()
login.bind(req.form, req.cfg.login_rounds)
if not req.cfg.login_created_verify_link:
login.enabled = 1
login.rights = ["user"]
error = login.add(req)
if error:
return generate_page(req, "admin/logins_mod.html", token=token, rights=rights, item=login, error=error)
if req.cfg.login_created_verify_link:
send_login_created(req, login)
redirect(req, "/admin/logins/%d" % login.id)
# endif
return generate_page(req, "admin/logins_mod.html", token=token, rights=rights)
def eshop_cart_pay_and_order(req):
do_check_mgc(req)
check_token(req, req.form.get('token'), uri='/eshop/cart/recapitulation')
cart = ShoppingCart(req)
# TODO: payment page if could be (paypal, card, transfer)
order = Order.from_cart(cart)
if not order:
redirect(req, '/eshop')
order.client_id = req.login.id if req.login else None
retval = order.add(req)
if retval == order:
cart.clean(req)
send_order_status(req, order)
return generate_page(req, "eshop/shopping_accept.html",
order=order)
if retval[0] == EMPTY_ITEMS:
redirect(req, '/eshop')
if retval[0] == NOT_ENOUGH_ITEMS:
cart.set_not_enought(retval[1])
cart.store(req)
redirect(req, '/eshop/cart')
def check_right(req, right, redirect_uri=None):
if not do_check_right(req, right):
req.log_error("Right %s not check" % right, state.LOG_ALERT)
if redirect_uri:
redirect(req, redirect_uri)
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
def root(req):
redirect(req, '/index.html', text="static index")
def match_right(req, rights, redirect_uri=None):
if not do_match_right(req, rights):
req.log_error("Rights %s not match" % rights, state.LOG_ALERT)
if redirect_uri:
redirect(req, redirect_uri)
raise SERVER_RETURN(state.HTTP_FORBIDDEN)