def delete_page(self, context):
self.load_visit(context)
page_context = self.new_page_context(context)
if context.group is None:
raise wsgi.PageNotAuthorized
try:
query = context.get_query()
key = odata.uri_literal_from_str(query.get('id', '')).value
with context.group['Notices'].open() \
as collection:
collection.set_expand({'User': None})
entity = collection[key]
user = entity['User'].get_entity()
if (not (context.user and context.user == user) and
not (context.permissions & self.WRITE_PERMISSION)):
# only the owner or user with write permissions can delete
raise wsgi.PageNotAuthorized
page_context['id_attr'] = xml.escape_char_data7(
odata.FormatURILiteral(entity['ID']), True)
page_context['title'] = entity['Title'].value
page_context['description'] = entity['Description'].value
page_context[self.csrf_token] = context.session.sid()
except ValueError:
raise wsgi.BadRequest
except KeyError:
raise wsgi.PageNotFound
data = self.render_template(context, 'notices/del_form.html',
page_context)
context.set_status(200)
return self.html_response(context, data)
def delete_action(self, context):
if context.environ['REQUEST_METHOD'].upper() != 'POST':
raise wsgi.MethodNotAllowed
self.load_visit(context)
# we must have both a user and a group
if context.group is None:
raise wsgi.PageNotAuthorized
try:
key = odata.uri_literal_from_str(
context.get_form_string('id')).value
with context.group['Notices'].open() \
as collection:
collection.set_expand({'User': None})
entity = collection[key]
user = entity['User'].get_entity()
if (not (context.user and context.user == user) and
not (context.permissions & self.WRITE_PERMISSION)):
# only the owner or user with write permissions can delete
raise wsgi.PageNotAuthorized
entity.delete()
except ValueError:
raise wsgi.BadRequest
except KeyError:
raise wsgi.PageNotFound
link = URI.from_octets("view").resolve(context.get_url())
return self.redirect_page(context, link, 303)
def edit_action(self, context):
if context.environ['REQUEST_METHOD'].upper() != 'POST':
raise wsgi.MethodNotAllowed
self.load_visit(context)
# we must have both a user and a group
if context.group is None:
raise wsgi.PageNotAuthorized
try:
key = odata.uri_literal_from_str(
context.get_form_string('id')).value
with context.group['Notices'].open() \
as collection:
collection.set_expand({'User': None})
entity = collection[key]
user = entity['User'].get_entity()
if not (context.user and context.user == user):
# only the owner can edit their post
raise wsgi.PageNotAuthorized
now = time.time()
entity['Title'].set_from_value(
context.get_form_string('title'))
entity['Description'].set_from_value(
context.get_form_string('description'))
entity['Updated'].set_from_value(now)
collection.update_entity(entity)
except ValueError:
raise wsgi.BadRequest
except KeyError:
raise wsgi.PageNotFound
link = URI.from_octets("view").resolve(context.get_url())
return self.redirect_page(context, link, 303)
def edit_page(self, context):
self.load_visit(context)
context_dict = self.new_context_dictionary(context)
if context.group is None:
raise wsgi.PageNotAuthorized
try:
query = context.get_query()
logging.debug("edit key=%s", query['id'])
key = odata.uri_literal_from_str(query.get('id', '')).value
with context.group['Notices'].open() \
as collection:
collection.set_expand({'User': None})
entity = collection[key]
user = entity['User'].get_entity()
if not (context.user and context.user == user):
# only the owner can edit their post
raise wsgi.PageNotAuthorized
context_dict['id_attr'] = xml.escape_char_data7(
odata.FormatURILiteral(entity['ID']), True)
context_dict['title_attr'] = xml.escape_char_data7(
entity['Title'].value, True)
context_dict['description'] = entity['Description'].value
context_dict[self.csrf_token] = context.session.sid
except ValueError:
raise wsgi.BadRequest
except KeyError:
raise wsgi.PageNotFound
data = self.render_template(context, 'notices/edit_form.html',
context_dict)
context.set_status(200)
return self.html_response(context, data)
def consumer_del_page(self, context):
page_context = self.new_context_dictionary(context)
owner = self.get_owner(context)
if owner is None:
# we require an owner to be logged in
raise wsgi.PageNotAuthorized
page_context["owner"] = owner
silo = owner["Silo"].get_entity()
page_context["silo"] = silo
query = context.get_query()
cid = odata.uri_literal_from_str(query.get("cid", "")).value
with silo["Consumers"].open() as collection:
try:
consumer = collection[cid]
except KeyError:
raise wsgi.PageNotAuthorized
page_context["consumer"] = consumer
page_context[self.csrf_token] = context.session.sid
data = self.render_template(context, "consumers/del_form.html", page_context)
context.set_status(200)
return self.html_response(context, data)
def consumer_del_page(self, context):
page_context = self.new_page_context(context)
owner = context.session.get_owner()
if owner is None:
# we require an owner to be logged in
raise wsgi.PageNotAuthorized
page_context['owner'] = owner
silo = owner['Silo'].get_entity()
page_context['silo'] = silo
query = context.get_query()
cid = odata.uri_literal_from_str(query.get('cid', '')).value
with silo['Consumers'].open() as collection:
try:
consumer = collection[cid]
except KeyError:
raise wsgi.PageNotAuthorized
page_context['consumer'] = consumer
page_context[self.csrf_token] = context.session.sid()
data = self.render_template(context, 'consumers/del_form.html',
page_context)
context.set_status(200)
return self.html_response(context, data)
def consumer_del_page(self, context):
page_context = self.new_page_context(context)
owner = context.session.get_owner()
if owner is None:
# we require an owner to be logged in
raise wsgi.PageNotAuthorized
page_context['owner'] = owner
silo = owner['Silo'].get_entity()
page_context['silo'] = silo
query = context.get_query()
cid = odata.uri_literal_from_str(query.get('cid', '')).value
with silo['Consumers'].open() as collection:
try:
consumer = collection[cid]
except KeyError:
raise wsgi.PageNotAuthorized
page_context['consumer'] = consumer
page_context[self.csrf_token] = context.session.sid()
data = self.render_template(context, 'consumers/del_form.html',
page_context)
context.set_status(200)
return self.html_response(context, data)
def consumer_edit_page(self, context):
page_context = self.new_context_dictionary(context)
owner = self.get_owner(context)
if owner is None:
# we require an owner to be logged in
raise wsgi.PageNotAuthorized
page_context['owner'] = owner
silo = owner['Silo'].get_entity()
page_context['silo'] = silo
query = context.get_query()
cid = odata.uri_literal_from_str(query.get('cid', '')).value
with silo['Consumers'].open() as collection:
try:
consumer = lti.ToolConsumer(collection[cid], self.app_cipher)
except KeyError:
raise wsgi.PageNotAuthorized
page_context['consumer'] = consumer
page_context['cid_attr'] = xml.escape_char_data7(str(cid), True)
page_context[self.csrf_token] = context.session.sid
data = self.render_template(context, 'consumers/edit_form.html',
page_context)
context.set_status(200)
return self.html_response(context, data)
