def get(self, randomID): util.insertUsersideCookies(self) randomID = randomID.replace("/", "") sketch = Sketch.get_by_randomID(randomID) # this big blot inserted by Davide Della Casa self.session = True user = UserInfo() user.whoIs(self) sketch.sourceCodeForTextArea = sourcecode_for_text_area( sketch.sourceCode) sketch.blogdate = "" sketch.entrytype = "" sketch.status = "published" sketch.author_email = user.email sketch.author_user_id = user.user_id if user.user: sketch.author_nickname = user.nickname else: sketch.author_nickname = "anonymous" # this big blot inserted by Davide Della Casa template_values = { 'sketch': sketch, 'action': "copyBlog", 'published': sketch.published, 'headerTitle': "Copy sketch", } self.generate('newSketchTemplate.html', template_values)
def post(self, randomID): # Only an admin can upload full pictures # Note that non-admins can still do lengthy posts to this address, which should ideally be avoided self.session = True user = UserInfo() user.whoIs(self) if ((user.is_current_user_admin)): logging.info('you are an admin: OK') else: logging.info('you are an not an admin: not OK') return self.response.headers['Content-Type'] = "text/html" logging.info('you are doing a get to the full picture uploader') self.response.out.write("from page:") logging.info("from page: <br>") logging.info('randomID is: ' + randomID) # In order to check who the user is, the flash applet needs to include the same # session cookie that the browser uses to keep the identity of the user # if users.get_current_user().email().lower() != "*****@*****.**": # raise web.HTTPError(501) # return # for myModel in MyModel.all(): # myModel.delete() file_contents = self.request.get("fullPicture") # self.response.out.write(file_contents) # in the local environment logging.info('about to create the full picture object') # self.response.out.write('<br> unescaped: <br>') # self.response.out.write(urllib.unquote(file_contents).replace(chr(45),chr(43))) # self.response.out.write('<br> over <br>') # logging.info('<br> unescaped: <br>') # logging.info(urllib.unquote(file_contents).replace(chr(45),chr(43))) # logging.info('<br> over <br>') fullPictureBinary = base64.standard_b64decode( urllib.unquote(file_contents).replace(chr(45), chr(43))) q0 = db.GqlQuery("SELECT * FROM FullPicture WHERE randomID = :1", randomID).fetch(1) if (q0): logging.info('updated an existing full picture record') q0[0].fullPicture = db.Blob(fullPictureBinary) q0[0].put() else: logging.info('created a new full picture record') fullPictureRecord = FullPicture() fullPictureRecord.randomID = randomID fullPictureRecord.fullPicture = db.Blob(fullPictureBinary) fullPictureRecord.put() self.response.out.write('<br> ...done <br>') logging.info('created the full picture object and put it in datastore')
def get(self,randomID): util.insertUsersideCookies(self) randomID = randomID.replace("/","") sketch = Sketch.get_by_randomID(randomID) # this big blot inserted by Davide Della Casa self.session = True user = UserInfo() user.whoIs(self) sketch.sourceCodeForTextArea = sourcecode_for_text_area(sketch.sourceCode) if ((sketch.author_user_id == user.user_id) or (user.is_current_user_admin)): template_values = { 'sketch': sketch, 'published': sketch.published, 'action': "editBlog", 'headerTitle':"Edit sketch", } self.generate(self.template_path,template_values) else: if self.request.method == 'GET': self.redirect("/403.html") else: self.error(403) # User didn't meet role.
def get(self, randomID): util.insertUsersideCookies(self) randomID = randomID.replace("/", "") sketch = Sketch.get_by_randomID(randomID) # this big blot inserted by Davide Della Casa self.session = True user = UserInfo() user.whoIs(self) sketch.sourceCodeForTextArea = sourcecode_for_text_area( sketch.sourceCode) if ((sketch.author_user_id == user.user_id) or (user.is_current_user_admin)): template_values = { 'sketch': sketch, 'published': sketch.published, 'action': "editBlog", 'headerTitle': "Edit sketch", } self.generate(self.template_path, template_values) else: if self.request.method == 'GET': self.redirect("/403.html") else: self.error(403) # User didn't meet role.
def post(self,randomID): # Only an admin can upload full pictures # Note that non-admins can still do lengthy posts to this address, which should ideally be avoided self.session = True user = UserInfo() user.whoIs(self) if ((user.is_current_user_admin)): logging.info('you are an admin: OK') else: logging.info('you are an not an admin: not OK') return self.response.headers['Content-Type'] = "text/html" logging.info('you are doing a get to the full picture uploader') self.response.out.write("from page:") logging.info("from page: <br>") logging.info('randomID is: ' + randomID) # In order to check who the user is, the flash applet needs to include the same # session cookie that the browser uses to keep the identity of the user # if users.get_current_user().email().lower() != "*****@*****.**": # raise web.HTTPError(501) # return # for myModel in MyModel.all(): # myModel.delete() file_contents = self.request.get("fullPicture") # self.response.out.write(file_contents) # in the local environment logging.info('about to create the full picture object') # self.response.out.write('<br> unescaped: <br>') # self.response.out.write(urllib.unquote(file_contents).replace(chr(45),chr(43))) # self.response.out.write('<br> over <br>') # logging.info('<br> unescaped: <br>') # logging.info(urllib.unquote(file_contents).replace(chr(45),chr(43))) # logging.info('<br> over <br>') fullPictureBinary = base64.standard_b64decode(urllib.unquote(file_contents).replace(chr(45),chr(43)) ) q0 = db.GqlQuery("SELECT * FROM FullPicture WHERE randomID = :1", randomID).fetch(1) if(q0): logging.info('updated an existing full picture record') q0[0].fullPicture = db.Blob(fullPictureBinary) q0[0].put() else: logging.info('created a new full picture record') fullPictureRecord = FullPicture() fullPictureRecord.randomID = randomID fullPictureRecord.fullPicture = db.Blob(fullPictureBinary) fullPictureRecord.put() self.response.out.write('<br> ...done <br>') logging.info('created the full picture object and put it in datastore')
def get(self,randomID): randomID = randomID.replace("/","") sketch = Sketch.get_by_randomID(randomID) if sketch is None: self.redirect("/403.html") # this big blot inserted by Davide Della Casa self.session = True user = UserInfo() user.whoIs(self) if ((sketch.author_user_id == user.user_id) or (user.is_current_user_admin)): q0 = db.GqlQuery("SELECT * FROM MySketchesSketch WHERE randomID = :1", randomID).fetch(1) q1 = db.GqlQuery("SELECT * FROM AuthorSketchesSketch WHERE randomID = :1", randomID).fetch(1) logging.info('key stuff: '+ str(sketch.key())) logging.info('key stuff: '+ sketch.key().name()) q2 = GallerySketch.get_by_key_name(sketch.key().name()) DeletedSketch(key_name = 'sketchRandomID'+randomID).put() if(q0) : q0[0].delete() if(q1) : q1[0].delete() if(q2) : q2.delete() if(sketch): sketch.delete() # deletion of comments is missing self.redirect('/mySketches') else: if self.request.method == 'GET': self.redirect("/403.html") else: self.error(403) # User didn't meet role.
def get(self,randomID): util.insertUsersideCookies(self) randomID = randomID.replace("/","") sketch = Sketch.get_by_randomID(randomID) # this big blot inserted by Davide Della Casa self.session = True user = UserInfo() user.whoIs(self) sketch.sourceCodeForTextArea = sourcecode_for_text_area(sketch.sourceCode) sketch.blogdate = ""; sketch.entrytype=""; sketch.status="published"; sketch.author_email = user.email sketch.author_user_id = user.user_id if user.user: sketch.author_nickname = user.nickname else: sketch.author_nickname = "anonymous" # this big blot inserted by Davide Della Casa template_values = { 'sketch': sketch, 'action': "copyBlog", 'published': sketch.published, 'headerTitle':"Copy sketch", } self.generate('newSketchTemplate.html',template_values)
def get(self, randomID): NUMBER_OF_COMMENTS_PREVIEWED = 3 logging.info('you are doing a get to the latest comments downloader') """ if not authorized.checkIfUserIsInWhiteList(): self.redirect(authorized.getLoginPage()) """ self.session = True user = UserInfo() user.whoIs(self) startKey = Key.from_path('SketchComment', "-" + randomID + "sketch00000000000000000000") endKey = Key.from_path('SketchComment', "-" + randomID + "sketch99999999999999999999") # in the local environment myModels = db.GqlQuery( "SELECT * FROM SketchComment WHERE __key__ >= :1 AND __key__ < :2", startKey, endKey).fetch(NUMBER_OF_COMMENTS_PREVIEWED + 1) more = False if len(myModels) == 4: more = True myModels = myModels[:3] if len(myModels) == 0: self.response.out.write("<br>no comments yet") return for myModel in myModels: self.response.out.write('<div class="usercomments">') self.response.out.write( "<br /><strong><A class=timestamp-link href=\"/byUploader/" + myModel.author_nickname + "-" + myModel.author_string_user_id + "/\">" + myModel.author_nickname + "</A> comment: </strong> <br />") self.response.out.write(myModel.body.replace('\n', "<br>")) self.response.out.write('<div class="commentdelete">') # also check that the user is not anonymous before providing the delete link if ((user.user) and (myModel.author_user_id == user.user_id or user.is_current_user_admin or myModel.sketch_author_user_id == user.user_id)): self.response.out.write( '<A href=\"/deleteComment/' + myModel.key().name() + '/?backTo=/view/' + randomID + '/\"><img src="/imgs/delete.gif" alt="delete" height="25px" /> Delete</A>' ) self.response.out.write('</div>') self.response.out.write("</div><br />") if more: self.response.out.write( "<p><A class=timestamp-link href=\"/comments/" + randomID + "/\">more...</A></p>") return
def get(self): next = None PAGESIZE = 30 util.insertUsersideCookies(self) self.session = True user = UserInfo() user.whoIs(self) bookmark = self.request.get("bookmark") if bookmark: bookmark = Key(self.request.get("bookmark")) else: if user.user: bookmark = Key.from_path('MySketchesSketch','-%023d' % (int(user.user_id)) + SKETCH_ZEROS) else: bookmark = Key.from_path('MySketchesSketch','-%023d' % (0) + SKETCH_ZEROS) if user.user: endKey = Key.from_path('MySketchesSketch','-%023d' % (int(user.user_id) + 1) + SKETCH_ZEROS) else: endKey = Key.from_path('MySketchesSketch','-%023d' % (1) + SKETCH_ZEROS) logging.info('starting key ' + str(bookmark)) logging.info('starting key name' + bookmark.name()) q = db.GqlQuery("SELECT * FROM MySketchesSketch WHERE __key__ >= :1 AND __key__ < :2",bookmark,endKey) sketches = q.fetch(PAGESIZE+1) if len(sketches) == PAGESIZE + 1: next = str(sketches[-1].key()) sketches = sketches[:PAGESIZE] logging.info('next key ' + next) logging.info('next key name ' + sketches[-1].key().name()) if next is None: next = "" for sketch in sketches: sketch.stringtags = util.shorten(" ".join(sketch.tags),18) template_values = { 'sketches':sketches, 'bookmark':bookmark, 'next':next, 'action':"mySketches", 'headerTitle':"My sketches", } self.generate('galleryTemplate.html',template_values)
def get(self): next = None PAGESIZE = 30 util.insertUsersideCookies(self) user = UserInfo() user.whoIs(self) if user.email == '*****@*****.**': self.generate('limboPage.html') return; bookmark = self.request.get("bookmark") if bookmark: bookmark = Key(self.request.get("bookmark")) else: bookmark = Key.from_path('GallerySketch',SKETCH_ZEROS) logging.info('starting key ' + str(bookmark)) logging.info('starting key name' + bookmark.name()) q = db.GqlQuery("SELECT * FROM GallerySketch WHERE __key__ >= :1", bookmark) sketches = q.fetch(PAGESIZE+1) if len(sketches) == PAGESIZE + 1: next = str(sketches[-1].key()) sketches = sketches[:PAGESIZE] logging.info('next key ' + next) logging.info('next key name ' + sketches[-1].key().name()) if next is None: next = "" for sketch in sketches: sketch.stringtags = util.shorten(" ".join(sketch.tags),18) template_values = { 'sketches':sketches, 'bookmark':bookmark, 'next':next, 'action':"gallery", 'headerTitle':"Gallery", } self.generate('galleryTemplate.html',template_values)
def get(self,randomID): next = None PAGESIZE = 5 """ if not authorized.checkIfUserIsInWhiteList(): self.redirect(authorized.getLoginPage()) """ util.insertUsersideCookies(self) self.session = True user = UserInfo() user.whoIs(self) bookmark = self.request.get("bookmark") if bookmark: bookmark = Key(self.request.get("bookmark")) else: bookmark = Key.from_path('SketchComment',"-" + randomID + 'sketch00000000000000000000') endKey = Key.from_path('SketchComment',"-" + randomID + 'sketch99999999999999999999') q = db.GqlQuery("SELECT * FROM SketchComment WHERE __key__ >= :1 AND __key__ < :2", bookmark, endKey) sketchComments = q.fetch(PAGESIZE+1) if len(sketchComments) == PAGESIZE + 1: next = str(sketchComments[-1].key()) sketchComments = sketchComments[:PAGESIZE] if next is None: next = "" for sketchComment in sketchComments: sketchComment.keyname = sketchComment.key().name() template_values = { 'sketchComments':sketchComments, 'bookmark':bookmark, 'next':next, 'randomID':randomID, } self.generate('commentsTemplate.html',template_values)
def get(self,randomID): NUMBER_OF_COMMENTS_PREVIEWED = 3 logging.info('you are doing a get to the latest comments downloader') """ if not authorized.checkIfUserIsInWhiteList(): self.redirect(authorized.getLoginPage()) """ self.session = True user = UserInfo() user.whoIs(self) startKey = Key.from_path('SketchComment' , "-" + randomID + "sketch00000000000000000000") endKey = Key.from_path('SketchComment' , "-" + randomID + "sketch99999999999999999999") # in the local environment myModels = db.GqlQuery("SELECT * FROM SketchComment WHERE __key__ >= :1 AND __key__ < :2", startKey, endKey).fetch(NUMBER_OF_COMMENTS_PREVIEWED+1) more = False if len(myModels) == 4: more = True myModels = myModels[:3] if len(myModels) == 0: self.response.out.write("<br>no comments yet") return for myModel in myModels: self.response.out.write('<div class="usercomments">') self.response.out.write("<br /><strong><A class=timestamp-link href=\"/byUploader/" + myModel.author_nickname+"-"+ myModel.author_string_user_id+"/\">"+myModel.author_nickname+"</A> comment: </strong> <br />") self.response.out.write(myModel.body.replace('\n', "<br>")) self.response.out.write('<div class="commentdelete">') # also check that the user is not anonymous before providing the delete link if ((user.user)and(myModel.author_user_id == user.user_id or user.is_current_user_admin or myModel.sketch_author_user_id == user.user_id)) : self.response.out.write('<A href=\"/deleteComment/'+myModel.key().name()+'/?backTo=/view/'+randomID+'/\"><img src="/imgs/delete.gif" alt="delete" height="25px" /> Delete</A>') self.response.out.write('</div>') self.response.out.write("</div><br />") if more: self.response.out.write("<p><A class=timestamp-link href=\"/comments/" + randomID+"/\">more...</A></p>") return
def get(self, randomID): randomID = randomID.replace("/", "") sketch = Sketch.get_by_randomID(randomID) if sketch is None: self.redirect("/403.html") # this big blot inserted by Davide Della Casa self.session = True user = UserInfo() user.whoIs(self) if ((sketch.author_user_id == user.user_id) or (user.is_current_user_admin)): q0 = db.GqlQuery( "SELECT * FROM MySketchesSketch WHERE randomID = :1", randomID).fetch(1) q1 = db.GqlQuery( "SELECT * FROM AuthorSketchesSketch WHERE randomID = :1", randomID).fetch(1) logging.info('key stuff: ' + str(sketch.key())) logging.info('key stuff: ' + sketch.key().name()) q2 = GallerySketch.get_by_key_name(sketch.key().name()) DeletedSketch(key_name='sketchRandomID' + randomID).put() if (q0): q0[0].delete() if (q1): q1[0].delete() if (q2): q2.delete() if (sketch): sketch.delete() # deletion of comments is missing self.redirect('/mySketches') else: if self.request.method == 'GET': self.redirect("/403.html") else: self.error(403) # User didn't meet role.
def generate(self, template_name, template_values={}): self.session = True user = UserInfo() user.whoIs(self) if user.user: values = { 'usernickname': user.nickname, 'useremail': user.email, 'usersiscurrentuseradmin' : user.is_current_user_admin, 'userid': user.user_id, } else: values = { 'usernickname': "anonymous", 'useremail': None, 'usersiscurrentuseradmin' : False, 'userid': "anonymous", } values.update(template_values) directory = os.path.dirname(__file__) view.ViewPage(cache_time=0).render(self, template_name,values)
def get(self): util.insertUsersideCookies(self) user = UserInfo() user.whoIs(self) if user.email == '*****@*****.**': self.generate('limboPage.html') return q = db.GqlQuery("SELECT * FROM GallerySketch") sketches = q.fetch(28) counter = 28 for sketch in sketches: sketch.stringtags = util.shorten(" ".join(sketch.tags), 18) sketch.counter = counter counter = counter + 1 template_values = { 'sketches': sketches, } self.generate('frontPageTemplate.html', template_values)
def get(self): util.insertUsersideCookies(self) user = UserInfo() user.whoIs(self) if user.email == '*****@*****.**': self.generate('limboPage.html') return; q = db.GqlQuery("SELECT * FROM GallerySketch") sketches = q.fetch(28) counter = 28 for sketch in sketches: sketch.stringtags = util.shorten(" ".join(sketch.tags),18) sketch.counter = counter counter = counter + 1 template_values = { 'sketches':sketches, } self.generate('frontPageTemplate.html',template_values)
def post(self, randomID): logging.info('editing the sketch') randomID = randomID.replace("/", "") sketch = Sketch.get_by_randomID(randomID) # this big blot inserted by Davide Della Casa self.session = True user = UserInfo() user.whoIs(self) if ((sketch.author_user_id == user.user_id) or (user.is_current_user_admin)): if (sketch is None): self.redirect('/index.html') ################################################################################ ################################################################################ # and now for some serious tiptapping. On top of the sketch table, there are other # tables to change. # first, if the published flag changes, then the entries in the gallery and in the by_author # table need to either be inserted or be deleted # that said, also if the title or the tags change, then you need to modify the entries # in all the three tables (unless you just deleted or added them) AuthorSketchesSketch_add = False AuthorSketchesSketch_change = False AuthorSketchesSketch_delete = False GallerySketch_add = False GallerySketch_change = False GallerySketch_delete = False if 'published' in self.request.arguments(): logging.info( 'editing a sketch and the published field has been sent') # check if the edited sketch has become suspicious sketch_title = self.request.get('title_input') sketch_tags_commas = self.request.get('tags') suspiciousContent = False if is_suspicious(sketch_title, sketch_tags_commas): suspiciousContent = True if util.doesItContainProfanity(sketch_title): suspiciousContent = True logging.info('this sketch is dirrrrrrrty') # Anonymous users can't create unpublished sketches, # so we override the flag of the form if the case if suspiciousContent == True: logging.info( 'forcing the sketch to unpublishing because it is so dirty' ) shouldItBePublished = False elif user.user: shouldItBePublished = ('published' in self.request.arguments()) else: shouldItBePublished = True # first, check if the title or the tags changed # if so, then you modify the MySketchesSketch table right away # and you mark the AuthorSketchesSketch and the GallerySketch table as # *potentially* to be modified ( *potentially* because you might have to just add those # entries anew or delete them, depending on whether the published flag has changed) if ((sketch.title != sketch_title) or (sketch.tags_commas != self.request.get('tags'))): q0 = db.GqlQuery( "SELECT * FROM MySketchesSketch WHERE randomID = :1", randomID).fetch(1) q0[0].title = sketch_title q0[0].tags_commas = self.request.get('tags') q0[0].published = (shouldItBePublished) q0[0].put() # AuthorSketchesSketch_change = True GallerySketch_change = True # now you check how the published flag changes to see if the entries # in the other two tables need to be added or deleted if ((sketch.published == True) and (shouldItBePublished == False)): logging.info('unpublishing a sketch') AuthorSketchesSketch_delete = True GallerySketch_delete = True if ((sketch.published == False) and (shouldItBePublished == True)): logging.info('making a sketch public') AuthorSketchesSketch_add = True GallerySketch_add = True # if you have to add, add, and set the "change" flag to false so that # you don't blindly change this record soon after you've added it if AuthorSketchesSketch_add: authorSketchesSketch = AuthorSketchesSketch( key_name='-%023d' % int(user.user_id) + sketch.key().name()) authorSketchesSketch.title = self.request.get('title_input') authorSketchesSketch.published = shouldItBePublished authorSketchesSketch.randomID = sketch.randomID authorSketchesSketch.tags_commas = self.request.get('tags') authorSketchesSketch.put() AuthorSketchesSketch_change = False if GallerySketch_add: gallerySketch = GallerySketch(key_name=sketch.key().name()) if user.user: gallerySketch.author_nickname = user.nickname else: gallerySketch.author_nickname = "anonymous" gallerySketch.title = self.request.get('title_input') gallerySketch.published = shouldItBePublished gallerySketch.randomID = sketch.randomID gallerySketch.tags_commas = self.request.get('tags') gallerySketch.put() GallerySketch_change = False # if you have to delete, delete, and set the "change" flag to false so that # you don't blindly change those entries soon after you've added if AuthorSketchesSketch_delete: q1 = db.GqlQuery( "SELECT * FROM AuthorSketchesSketch WHERE randomID = :1", randomID).fetch(1) q1[0].delete() AuthorSketchesSketch_change = False if GallerySketch_delete: q2 = GallerySketch.get_by_key_name(sketch.key().name()) q2.delete() GallerySketch_change = False # any change to the AuthorSketches or GallerySketch tables only happens if the sketch is public, # cause otherwise those two sketch records aren't just going to be there in the first place! if (sketch.published): # ok now check the "change" flags. If they are still on, it means that the title or # tag have changed, and the published flag hasn't changed (so it's not like you just # added or deleted the records), so you have to effectively # go and fish the records out of the database and change them if AuthorSketchesSketch_change: # need to fetch the other tables (gallery, my page and by author) and change them q3 = db.GqlQuery( "SELECT * FROM AuthorSketchesSketch WHERE randomID = :1", randomID).fetch(1) q3[0].title = self.request.get('title_input') q3[0].tags_commas = self.request.get('tags') q3[0].put() if GallerySketch_change: q4 = GallerySketch.get_by_key_name(sketch.key().name()) q4.title = self.request.get('title_input') q4.tags_commas = self.request.get('tags') q4.put() ################################################################################ ################################################################################ sketch.set_title(self.request.get('title_input')) sketch.description = util.Sanitize(self.request.get('text_input')) sketch.published = (shouldItBePublished) sketch.sourceCode = self.request.get( 'text_input2').rstrip().lstrip() sketch.sourceCode = sketch.sourceCode.replace('&', '&') sketch.sourceCode = sketch.sourceCode.replace('<', '<') sketch.sourceCode = sketch.sourceCode.replace(' ', ' ') sketch.sourceCode = sketch.sourceCode.replace('\r\n', '<br>') sketch.sourceCode = sketch.sourceCode.replace('\n', '<br>') sketch.sourceCode = sketch.sourceCode.replace('\r', '<br>') sketch.sourceCode = sketch.sourceCode.replace( '\t', ' ') sketch.sourceCode = sketch.sourceCode.replace('"', '"') sketch.sourceCode = sketch.sourceCode.replace("'", ''') sketch.tags_commas = self.request.get('tags') sketch.update() ## now, finally, this uploads the thumbnail thumbnailData = self.request.get('thumbnailData') #logging.info('thumbnail data: ' + thumbnailData) if thumbnailData != "": logging.info( 'thumbnail data not empty - adding/overwriting thumbnail') thumbnailUploaderObject = thumbnailUploaderClass() thumbnailUploaderObject.doTheUpload(sketch.randomID, thumbnailData) else: logging.info('no thumbnail data') # note that we don't tell anonymous users what happened - this is to make # bots' life a tiny little bit more complicated if user.user and suspiciousContent and ( 'published' in self.request.arguments()): self.redirect("/sketchNotMadePublicNotice.html?sketchID=" + sketch.randomID) else: self.redirect(sketch.full_permalink()) else: if self.request.method == 'GET': self.redirect("/403.html") else: self.error(403) # User didn't meet role.
def post(self): self.session = True user = UserInfo() user.whoIs(self) if 'published' in self.request.arguments(): logging.info( 'adding a sketch and the published field has been sent') preview = self.request.get('preview') submitted = self.request.get('submitted') published = ('published' in self.request.arguments()) theKey = Sketch.generateKey() sketch = Sketch(key_name=theKey) sketch.sourceCode = self.request.get('text_input2').rstrip().lstrip() sketch.description = util.Sanitize(self.request.get('text_input')) # minimal protection against spammers, redirect to root if the program contains too many urls #logging.info('occurrences of http ' + str(sketch.sourceCode.count("http"))) sketch_sourceCode_count_http = sketch.sourceCode.count("http://") sketch_sourceCode_count_url_http = sketch.sourceCode.count( "[url=http://") sketch_description_count_http = sketch.description.count("http://") if sketch_sourceCode_count_http > 10: self.redirect("/") return if sketch_sourceCode_count_url_http > 0: self.redirect("/") return if sketch_description_count_http > 7: self.redirect("/") return if sketch_description_count_http + sketch_sourceCode_count_http > 12: self.redirect("/") return sketch_title = self.request.get('title_input') # now let's check in some other ways if the content is suspicious suspiciousContent = False sketch_title = self.request.get('title_input') sketch_tags_commas = self.request.get('tags') suspiciousContent = False if is_suspicious(sketch_title, sketch_tags_commas): suspiciousContent = True if any(util.doesItContainProfanity(text)\ for text in(sketch_title, sketch.sourceCode, sketch.description) ): suspiciousContent = True gallerySketch = GallerySketch( key_name=theKey ) # the gallery must be ordered by time, most recent first if user.user: #authorSketchesSketch = AuthorSketchesSketch(key_name = "-"+util.convDecToBase(string._long(user.user_id),62) + theKey) #mySketchesSketch = MySketchesSketch(key_name = "-"+util.convDecToBase(string._long(user.user_id),62) + theKey) user_id_in_fixed_digits = '-%023d' % (int(user.user_id)) authorSketchesSketch = AuthorSketchesSketch( key_name=user_id_in_fixed_digits + theKey) mySketchesSketch = MySketchesSketch( key_name=user_id_in_fixed_digits + theKey) authorSketchesSketch.user_id_string = util.convDecToBase( string._long(user.user_id), 62) mySketchesSketch.user_id_string = util.convDecToBase( string._long(user.user_id), 62) else: authorSketchesSketch = AuthorSketchesSketch(key_name='-%023d' % (0) + theKey) mySketchesSketch = MySketchesSketch(key_name='-%023d' % (0) + theKey) authorSketchesSketch.user_id_string = "anonymous" mySketchesSketch.user_id_string = "anonymous" # propagate the "suspicious" flag in all the records that we are adding sketch.suspiciousContent = suspiciousContent gallerySketch.suspiciousContent = suspiciousContent authorSketchesSketch.suspiciousContent = suspiciousContent mySketchesSketch.suspiciousContent = suspiciousContent sketch.set_title(sketch_title) gallerySketch.title = sketch.title authorSketchesSketch.title = sketch.title mySketchesSketch.title = sketch.title if suspiciousContent == True: sketch.published = False authorSketchesSketch.published = False mySketchesSketch.published = False elif user.user: sketch.published = published authorSketchesSketch.published = published mySketchesSketch.published = published else: sketch.published = True authorSketchesSketch.published = True mySketchesSketch.published = True sketch.sourceCode = clean_sourcecode(sketch.sourceCode) #sketch.author_user = user.user sketch.author_email = user.email sketch.author_user_id = user.user_id if user.user: sketch.author_string_user_id = util.convDecToBase( string._long(user.user_id), 62) sketch.author_nickname = user.nickname else: sketch.author_string_user_id = "anonymous" sketch.author_nickname = "anonymous" if user.user: gallerySketch.author_nickname = user.nickname else: gallerySketch.author_nickname = "anonymous" sketch.tags_commas = self.request.get('tags') gallerySketch.tags_commas = self.request.get('tags') authorSketchesSketch.tags_commas = self.request.get('tags') mySketchesSketch.tags_commas = self.request.get('tags') template_values = { 'sketch': sketch, 'published': sketch.published, 'preview': preview, 'submitted': submitted, 'action': "addBlog", 'tags': self.request.get('tags'), } sketch.set_randomID() sketch.parentSketchRandomID = self.request.get('parentSketchRandomID') if sketch.parentSketchRandomID is None: sketch.parentSketchRandomID = '' if sketch.parentSketchRandomID == '': sketch.oldestParentSketchRandomID = sketch.randomID else: sketch.oldestParentSketchRandomID = self.request.get( 'oldestParentSketchRandomID') sketch.set_parents(self.request.get('parent_idList'), self.request.get('parent_nicknamesList')) gallerySketch.randomID = sketch.randomID authorSketchesSketch.randomID = sketch.randomID mySketchesSketch.randomID = sketch.randomID sketch.save() # if this is an anonymous user adding a sketch, we have forced this flag to True if sketch.published: authorSketchesSketch.save() gallerySketch.save() mySketchesSketch.save() ## now, finally, this uploads the thumbnail thumbnailData = self.request.get('thumbnailData') #logging.info('add blog, thumbnail data: ' + thumbnailData) if thumbnailData != "": logging.info( 'add blog, thumbnail data not empty - adding/overwriting thumbnail' ) thumbnailUploaderObject = thumbnailUploaderClass() thumbnailUploaderObject.doTheUpload(sketch.randomID, thumbnailData) else: logging.info('add blog, no thumbnail data') if user.user and suspiciousContent and ('published' in self.request.arguments()): self.redirect("/sketchNotMadePublicNotice.html?sketchID=" + sketch.randomID) else: self.redirect(sketch.full_permalink())
def post(self,randomID): logging.info('editing the sketch') randomID = randomID.replace("/","") sketch = Sketch.get_by_randomID(randomID) # this big blot inserted by Davide Della Casa self.session = True user = UserInfo() user.whoIs(self) if ((sketch.author_user_id == user.user_id) or (user.is_current_user_admin)): if(sketch is None): self.redirect('/index.html') ################################################################################ ################################################################################ # and now for some serious tiptapping. On top of the sketch table, there are other # tables to change. # first, if the published flag changes, then the entries in the gallery and in the by_author # table need to either be inserted or be deleted # that said, also if the title or the tags change, then you need to modify the entries # in all the three tables (unless you just deleted or added them) AuthorSketchesSketch_add = False AuthorSketchesSketch_change = False AuthorSketchesSketch_delete = False GallerySketch_add = False GallerySketch_change = False GallerySketch_delete = False if 'published' in self.request.arguments(): logging.info('editing a sketch and the published field has been sent') # check if the edited sketch has become suspicious sketch_title = self.request.get('title_input') sketch_tags_commas = self.request.get('tags') suspiciousContent = False if is_suspicious(sketch_title,sketch_tags_commas): suspiciousContent = True if util.doesItContainProfanity(sketch_title): suspiciousContent = True logging.info('this sketch is dirrrrrrrty') # Anonymous users can't create unpublished sketches, # so we override the flag of the form if the case if suspiciousContent == True: logging.info('forcing the sketch to unpublishing because it is so dirty') shouldItBePublished = False elif user.user: shouldItBePublished = ('published' in self.request.arguments()) else: shouldItBePublished = True # first, check if the title or the tags changed # if so, then you modify the MySketchesSketch table right away # and you mark the AuthorSketchesSketch and the GallerySketch table as # *potentially* to be modified ( *potentially* because you might have to just add those # entries anew or delete them, depending on whether the published flag has changed) if ((sketch.title != sketch_title) or (sketch.tags_commas != self.request.get('tags'))): q0 = db.GqlQuery("SELECT * FROM MySketchesSketch WHERE randomID = :1", randomID).fetch(1) q0[0].title = sketch_title q0[0].tags_commas = self.request.get('tags') q0[0].published = (shouldItBePublished) q0[0].put() # AuthorSketchesSketch_change = True GallerySketch_change = True # now you check how the published flag changes to see if the entries # in the other two tables need to be added or deleted if ((sketch.published == True) and (shouldItBePublished==False)): logging.info('unpublishing a sketch') AuthorSketchesSketch_delete = True GallerySketch_delete = True if ((sketch.published == False) and (shouldItBePublished==True)): logging.info('making a sketch public') AuthorSketchesSketch_add = True GallerySketch_add = True # if you have to add, add, and set the "change" flag to false so that # you don't blindly change this record soon after you've added it if AuthorSketchesSketch_add : authorSketchesSketch = AuthorSketchesSketch(key_name = '-%023d' % int(user.user_id) + sketch.key().name()) authorSketchesSketch.title = self.request.get('title_input') authorSketchesSketch.published = shouldItBePublished authorSketchesSketch.randomID = sketch.randomID authorSketchesSketch.tags_commas = self.request.get('tags') authorSketchesSketch.put() AuthorSketchesSketch_change = False if GallerySketch_add : gallerySketch = GallerySketch(key_name = sketch.key().name()) if user.user: gallerySketch.author_nickname = user.nickname else: gallerySketch.author_nickname = "anonymous" gallerySketch.title = self.request.get('title_input') gallerySketch.published = shouldItBePublished gallerySketch.randomID = sketch.randomID gallerySketch.tags_commas = self.request.get('tags') gallerySketch.put() GallerySketch_change = False # if you have to delete, delete, and set the "change" flag to false so that # you don't blindly change those entries soon after you've added if AuthorSketchesSketch_delete : q1 = db.GqlQuery("SELECT * FROM AuthorSketchesSketch WHERE randomID = :1", randomID).fetch(1) q1[0].delete() AuthorSketchesSketch_change = False if GallerySketch_delete : q2 = GallerySketch.get_by_key_name(sketch.key().name()) q2.delete() GallerySketch_change = False # any change to the AuthorSketches or GallerySketch tables only happens if the sketch is public, # cause otherwise those two sketch records aren't just going to be there in the first place! if (sketch.published) : # ok now check the "change" flags. If they are still on, it means that the title or # tag have changed, and the published flag hasn't changed (so it's not like you just # added or deleted the records), so you have to effectively # go and fish the records out of the database and change them if AuthorSketchesSketch_change : # need to fetch the other tables (gallery, my page and by author) and change them q3 = db.GqlQuery("SELECT * FROM AuthorSketchesSketch WHERE randomID = :1", randomID).fetch(1) q3[0].title = self.request.get('title_input') q3[0].tags_commas = self.request.get('tags') q3[0].put() if GallerySketch_change : q4 = GallerySketch.get_by_key_name(sketch.key().name()) q4.title = self.request.get('title_input') q4.tags_commas = self.request.get('tags') q4.put() ################################################################################ ################################################################################ sketch.set_title(self.request.get('title_input')) sketch.description = util.Sanitize(self.request.get('text_input')) sketch.published = (shouldItBePublished) sketch.sourceCode = self.request.get('text_input2').rstrip().lstrip() sketch.sourceCode = sketch.sourceCode.replace('&','&') sketch.sourceCode = sketch.sourceCode.replace('<','<') sketch.sourceCode = sketch.sourceCode.replace(' ',' ') sketch.sourceCode = sketch.sourceCode.replace('\r\n','<br>') sketch.sourceCode = sketch.sourceCode.replace('\n','<br>') sketch.sourceCode = sketch.sourceCode.replace('\r','<br>') sketch.sourceCode = sketch.sourceCode.replace('\t',' ') sketch.sourceCode = sketch.sourceCode.replace('"','"') sketch.sourceCode = sketch.sourceCode.replace("'", ''') sketch.tags_commas = self.request.get('tags') sketch.update() ## now, finally, this uploads the thumbnail thumbnailData = self.request.get('thumbnailData') #logging.info('thumbnail data: ' + thumbnailData) if thumbnailData != "": logging.info('thumbnail data not empty - adding/overwriting thumbnail') thumbnailUploaderObject = thumbnailUploaderClass() thumbnailUploaderObject.doTheUpload(sketch.randomID,thumbnailData) else: logging.info('no thumbnail data') # note that we don't tell anonymous users what happened - this is to make # bots' life a tiny little bit more complicated if user.user and suspiciousContent and ('published' in self.request.arguments()): self.redirect("/sketchNotMadePublicNotice.html?sketchID="+sketch.randomID) else: self.redirect(sketch.full_permalink()) else: if self.request.method == 'GET': self.redirect("/403.html") else: self.error(403) # User didn't meet role.
def get(self): originaluserIDasString = "anonymous" # this big blot inserted by Davide Della Casa self.session = True user = UserInfo() user.whoIs(self) if not user.is_current_user_admin: self.redirect('/index.html') next = None PAGESIZE = 30 util.insertUsersideCookies(self) # we get it in the form davidedc-2jaidlbSQRSE and we only want 2jaidlbSQRSE userIDasString = "anonymous" userIDasString = '%023d' % (0) logging.info('searching for anonymous sketches, user id is 23 zeroes') self.session = True user = UserInfo() user.whoIs(self) # we'll be using this variable later and it better not be null if user.user_id == None: user.user_id = "0"; logging.info('comparing ' + ('%023d' % int(user.user_id)) + " to " + userIDasString) logging.info('admin looking at anonymous sketches') # note that we can fetch the sketches from the AuthorSketchesSketch table # because all anonymous sketches are public. bookmark = self.request.get("bookmark") if self.request.get("bookmark"): bookmark = Key(self.request.get("bookmark")) else: bookmark = Key.from_path('AuthorSketchesSketch',"-"+userIDasString + ZERO_FILL) endKey = Key.from_path('AuthorSketchesSketch','-%023d' % (int(userIDasString) + 1) + ZERO_FILL) q = db.GqlQuery("SELECT * FROM AuthorSketchesSketch WHERE __key__ >= :1 AND __key__ < :2",bookmark,endKey) logging.info('starting key ' + str(bookmark)) logging.info('end key ' + str(endKey)) ANONYMOUSSKETCHESFETCHSIZE = 1000 sketches = q.fetch(ANONYMOUSSKETCHESFETCHSIZE+1) logging.info('number of sketches found: ' + str(len(sketches))) if len(sketches) == ANONYMOUSSKETCHESFETCHSIZE + 1: next = str(sketches[-1].key()) sketches = sketches[:ANONYMOUSSKETCHESFETCHSIZE] if next is None: next = "" for sketch in sketches: sketch.stringtags = util.shorten(" ".join(sketch.tags),18) template_values = { 'sketches':sketches, 'bookmark':bookmark, 'next':next, 'action':"sketchesByUploader", 'userIDasString':originaluserIDasString, 'headerTitle':"By submitter", } self.generate('allAnonymousSketchesTemplate.html',template_values)
def get(self,originaluserIDasString): next = None PAGESIZE = 30 util.insertUsersideCookies(self) # we get it in the form davidedc-2jaidlbSQRSE and we only want 2jaidlbSQRSE userIDasString = originaluserIDasString.partition('-')[2] logging.info('most weird: sometimes this ends with justcorners.js : ' + userIDasString) userIDasString = userIDasString.partition('/')[0] if userIDasString != "anonymous": userIDasString = '%023d' % (util.toBase10(userIDasString,62)) logging.info('coverting to 23 digits: ' + userIDasString) logging.info('after cleanup, query starts from ' + "-"+userIDasString + ZERO_FILL) logging.info('query ends at ' + '-%023d' % (int(userIDasString) + 1) + ZERO_FILL) else: userIDasString = '%023d' % (0) logging.info('searching for anonymous sketches, user id is 23 zeroes') self.session = True user = UserInfo() user.whoIs(self) # we'll be using this variable later and it better not be null if user.user_id == None: user.user_id = "0"; logging.info('comparing ' + ('%023d' % int(user.user_id)) + " to " + userIDasString) if ('%023d' % int(user.user_id)) != userIDasString: logging.info('user is looking at someone else\'s sketches, showing only public sketches from AuthorSketchesSketch table') bookmark = self.request.get("bookmark") if self.request.get("bookmark"): bookmark = Key(self.request.get("bookmark")) else: bookmark = Key.from_path('AuthorSketchesSketch',"-"+userIDasString + ZERO_FILL) endKey = Key.from_path('AuthorSketchesSketch','-%023d' % (int(userIDasString) + 1) + ZERO_FILL) q = db.GqlQuery("SELECT * FROM AuthorSketchesSketch WHERE __key__ >= :1 AND __key__ < :2",bookmark,endKey) else: logging.info('user is looking at his own sketches, showing private and public sketches from MySketchesSketch table') if self.request.get("bookmark"): bookmark = Key(self.request.get("bookmark")) else: bookmark = Key.from_path('MySketchesSketch','-%023d' % (int(user.user_id)) + SKETCH_ZEROS) endKey = Key.from_path('MySketchesSketch','-%023d' % (int(user.user_id) + 1) + SKETCH_ZEROS) q = db.GqlQuery("SELECT * FROM MySketchesSketch WHERE __key__ >= :1 AND __key__ < :2",bookmark,endKey) logging.info('starting key ' + str(bookmark)) logging.info('end key ' + str(endKey)) sketches = q.fetch(PAGESIZE+1) logging.info('number of sketches found: ' + str(len(sketches))) if len(sketches) == PAGESIZE + 1: next = str(sketches[-1].key()) sketches = sketches[:PAGESIZE] if next is None: next = "" for sketch in sketches: sketch.stringtags = util.shorten(" ".join(sketch.tags),18) template_values = { 'sketches':sketches, 'bookmark':bookmark, 'next':next, 'action':"sketchesByUploader", 'userIDasString':originaluserIDasString, 'headerTitle':"By submitter", } self.generate('galleryTemplate.html',template_values)
def post(self): self.session = True user = UserInfo() user.whoIs(self) if 'published' in self.request.arguments(): logging.info('adding a sketch and the published field has been sent') preview = self.request.get('preview') submitted = self.request.get('submitted') published = ('published' in self.request.arguments()) theKey = Sketch.generateKey() sketch = Sketch(key_name = theKey) sketch.sourceCode = self.request.get('text_input2').rstrip().lstrip() sketch.description = util.Sanitize(self.request.get('text_input')) # minimal protection against spammers, redirect to root if the program contains too many urls #logging.info('occurrences of http ' + str(sketch.sourceCode.count("http"))) sketch_sourceCode_count_http = sketch.sourceCode.count("http://") sketch_sourceCode_count_url_http = sketch.sourceCode.count("[url=http://") sketch_description_count_http = sketch.description.count("http://") if sketch_sourceCode_count_http > 10: self.redirect("/") return if sketch_sourceCode_count_url_http > 0: self.redirect("/") return if sketch_description_count_http > 7: self.redirect("/") return if sketch_description_count_http + sketch_sourceCode_count_http > 12: self.redirect("/") return sketch_title = self.request.get('title_input') # now let's check in some other ways if the content is suspicious suspiciousContent = False sketch_title = self.request.get('title_input') sketch_tags_commas = self.request.get('tags') suspiciousContent = False if is_suspicious(sketch_title,sketch_tags_commas): suspiciousContent = True if any(util.doesItContainProfanity(text)\ for text in(sketch_title, sketch.sourceCode, sketch.description) ): suspiciousContent = True gallerySketch = GallerySketch(key_name = theKey) # the gallery must be ordered by time, most recent first if user.user: #authorSketchesSketch = AuthorSketchesSketch(key_name = "-"+util.convDecToBase(string._long(user.user_id),62) + theKey) #mySketchesSketch = MySketchesSketch(key_name = "-"+util.convDecToBase(string._long(user.user_id),62) + theKey) user_id_in_fixed_digits = '-%023d' % (int(user.user_id)) authorSketchesSketch = AuthorSketchesSketch(key_name = user_id_in_fixed_digits + theKey) mySketchesSketch = MySketchesSketch(key_name = user_id_in_fixed_digits + theKey) authorSketchesSketch.user_id_string = util.convDecToBase(string._long(user.user_id),62) mySketchesSketch.user_id_string = util.convDecToBase(string._long(user.user_id),62) else: authorSketchesSketch = AuthorSketchesSketch(key_name = '-%023d' % (0) + theKey) mySketchesSketch = MySketchesSketch(key_name = '-%023d' % (0) + theKey) authorSketchesSketch.user_id_string = "anonymous" mySketchesSketch.user_id_string = "anonymous" # propagate the "suspicious" flag in all the records that we are adding sketch.suspiciousContent = suspiciousContent gallerySketch.suspiciousContent = suspiciousContent authorSketchesSketch.suspiciousContent = suspiciousContent mySketchesSketch.suspiciousContent = suspiciousContent sketch.set_title(sketch_title) gallerySketch.title = sketch.title authorSketchesSketch.title = sketch.title mySketchesSketch.title = sketch.title if suspiciousContent == True: sketch.published = False authorSketchesSketch.published = False mySketchesSketch.published = False elif user.user: sketch.published = published authorSketchesSketch.published = published mySketchesSketch.published = published else: sketch.published = True authorSketchesSketch.published = True mySketchesSketch.published = True sketch.sourceCode = clean_sourcecode(sketch.sourceCode) #sketch.author_user = user.user sketch.author_email = user.email sketch.author_user_id = user.user_id if user.user: sketch.author_string_user_id = util.convDecToBase(string._long(user.user_id),62) sketch.author_nickname = user.nickname else: sketch.author_string_user_id = "anonymous" sketch.author_nickname = "anonymous" if user.user: gallerySketch.author_nickname = user.nickname else: gallerySketch.author_nickname = "anonymous" sketch.tags_commas = self.request.get('tags') gallerySketch.tags_commas = self.request.get('tags') authorSketchesSketch.tags_commas = self.request.get('tags') mySketchesSketch.tags_commas = self.request.get('tags') template_values = { 'sketch': sketch, 'published': sketch.published, 'preview': preview, 'submitted': submitted, 'action': "addBlog", 'tags': self.request.get('tags'), } sketch.set_randomID() sketch.parentSketchRandomID = self.request.get('parentSketchRandomID') if sketch.parentSketchRandomID is None: sketch.parentSketchRandomID = '' if sketch.parentSketchRandomID == '': sketch.oldestParentSketchRandomID = sketch.randomID; else: sketch.oldestParentSketchRandomID = self.request.get('oldestParentSketchRandomID') sketch.set_parents(self.request.get('parent_idList'),self.request.get('parent_nicknamesList')) gallerySketch.randomID = sketch.randomID authorSketchesSketch.randomID = sketch.randomID mySketchesSketch.randomID = sketch.randomID sketch.save() # if this is an anonymous user adding a sketch, we have forced this flag to True if sketch.published: authorSketchesSketch.save() gallerySketch.save() mySketchesSketch.save() ## now, finally, this uploads the thumbnail thumbnailData = self.request.get('thumbnailData') #logging.info('add blog, thumbnail data: ' + thumbnailData) if thumbnailData != "": logging.info('add blog, thumbnail data not empty - adding/overwriting thumbnail') thumbnailUploaderObject = thumbnailUploaderClass() thumbnailUploaderObject.doTheUpload(sketch.randomID,thumbnailData) else: logging.info('add blog, no thumbnail data') if user.user and suspiciousContent and ('published' in self.request.arguments()): self.redirect("/sketchNotMadePublicNotice.html?sketchID="+sketch.randomID) else: self.redirect(sketch.full_permalink())
def insertUsersideCookies(requester): """ firstLogin = requester.request.cookies.get('firstLogin', '') """ # firstLogin = False # if not firstLogin: """ if not users.get_current_user(): requester.redirect(authorized.getLoginPage()) return logging.info('firstLogin' + str(users.get_current_user())) requester.response.headers.add_header('Set-Cookie', 'user.is_current_user_admin=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % users.is_current_user_admin()) requester.response.headers.add_header('Set-Cookie', 'user.user=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % str(users.get_current_user())) requester.response.headers.add_header('Set-Cookie', 'user.user_id=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % users.get_current_user().user_id()) requester.response.headers.add_header('Set-Cookie', 'firstLogin=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % "True") requester.response.headers.add_header('Set-Cookie', 'user.nickname=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % (users.get_current_user().nickname()).partition("@"))[0].replace(".","_") """ # user = UserInfo() user.whoIs(requester) if user.user: requester.response.headers.add_header( 'Set-Cookie', 'user.is_current_user_admin=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % str(user.is_current_user_admin)) requester.response.headers.add_header( 'Set-Cookie', 'user.user=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % str(user.user)) requester.response.headers.add_header( 'Set-Cookie', 'user.user_id=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % str(user.user_id)) requester.response.headers.add_header( 'Set-Cookie', 'firstLogin=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % "True") requester.response.headers.add_header( 'Set-Cookie', 'user.nickname=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % str(user.nickname)) else: requester.response.headers.add_header( 'Set-Cookie', 'groupLoginCode=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % "None") requester.response.headers.add_header( 'Set-Cookie', 'user.user_id=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % "None") requester.response.headers.add_header( 'Set-Cookie', 'user.is_current_user_admin=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % "None") requester.response.headers.add_header( 'Set-Cookie', 'user.user=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % "None") requester.response.headers.add_header( 'Set-Cookie', 'user.nickname=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % "Anonymous") # else: requester.session = True user = UserInfo(requester.session) user.whoIs(requester) # if the user is logged in, then have him to remember his userID on the client side # this is so the page can independently format themselves on the client side # depending on who the user is. We validate his permissions on the server side too, # but we delegate the presentation details to the client so we don't have to generate # different pages, we can keep one in cache and we are happy. if user.user: user_id = requester.request.cookies.get('user.user_id', '') if not user_id: logging.info('user.user_id: ' + str(user.user_id)) requester.response.headers.add_header( 'Set-Cookie', 'user.user_id=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % str(user.user_id)) is_current_user_admin = requester.request.cookies.get( 'user.is_current_user_admin', '') if not is_current_user_admin: logging.info('user.is_current_user_admin: ' + str(user.is_current_user_admin)) requester.response.headers.add_header( 'Set-Cookie', 'user.is_current_user_admin=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % str(user.is_current_user_admin)) useruser = requester.request.cookies.get('user.user', '') if not useruser: logging.info('user.user: '******'Set-Cookie', 'user.user=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % str(user.user)) usernickname = requester.request.cookies.get('user.nickname', '') if not usernickname: logging.info('user.nickname: ' + str(user.user)) requester.response.headers.add_header( 'Set-Cookie', 'user.nickname=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % str(user.nickname)) else: requester.response.headers.add_header( 'Set-Cookie', 'user.user_id=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % "None") requester.response.headers.add_header( 'Set-Cookie', 'user.is_current_user_admin=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % "None") requester.response.headers.add_header( 'Set-Cookie', 'user.user=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % "None") requester.response.headers.add_header( 'Set-Cookie', 'user.nickname=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % "Anonymous")
def insertUsersideCookies(requester): """ firstLogin = requester.request.cookies.get('firstLogin', '') """ # firstLogin = False # if not firstLogin: """ if not users.get_current_user(): requester.redirect(authorized.getLoginPage()) return logging.info('firstLogin' + str(users.get_current_user())) requester.response.headers.add_header('Set-Cookie', 'user.is_current_user_admin=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % users.is_current_user_admin()) requester.response.headers.add_header('Set-Cookie', 'user.user=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % str(users.get_current_user())) requester.response.headers.add_header('Set-Cookie', 'user.user_id=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % users.get_current_user().user_id()) requester.response.headers.add_header('Set-Cookie', 'firstLogin=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % "True") requester.response.headers.add_header('Set-Cookie', 'user.nickname=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % (users.get_current_user().nickname()).partition("@"))[0].replace(".","_") """ # user = UserInfo() user.whoIs(requester) if user.user: requester.response.headers.add_header('Set-Cookie', 'user.is_current_user_admin=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % str(user.is_current_user_admin)) requester.response.headers.add_header('Set-Cookie', 'user.user=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % str(user.user)) requester.response.headers.add_header('Set-Cookie', 'user.user_id=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % str(user.user_id)) requester.response.headers.add_header('Set-Cookie', 'firstLogin=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % "True") requester.response.headers.add_header('Set-Cookie', 'user.nickname=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % str(user.nickname)) else: requester.response.headers.add_header('Set-Cookie', 'groupLoginCode=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % "None") requester.response.headers.add_header('Set-Cookie', 'user.user_id=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % "None") requester.response.headers.add_header('Set-Cookie', 'user.is_current_user_admin=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % "None") requester.response.headers.add_header('Set-Cookie', 'user.user=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % "None") requester.response.headers.add_header('Set-Cookie', 'user.nickname=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % "Anonymous") # else: requester.session = True user = UserInfo(requester.session) user.whoIs(requester) # if the user is logged in, then have him to remember his userID on the client side # this is so the page can independently format themselves on the client side # depending on who the user is. We validate his permissions on the server side too, # but we delegate the presentation details to the client so we don't have to generate # different pages, we can keep one in cache and we are happy. if user.user: user_id = requester.request.cookies.get('user.user_id', '') if not user_id: logging.info('user.user_id: '+ str(user.user_id)) requester.response.headers.add_header('Set-Cookie', 'user.user_id=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % str(user.user_id)) is_current_user_admin = requester.request.cookies.get('user.is_current_user_admin', '') if not is_current_user_admin: logging.info('user.is_current_user_admin: '+ str(user.is_current_user_admin)) requester.response.headers.add_header('Set-Cookie', 'user.is_current_user_admin=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % str(user.is_current_user_admin)) useruser = requester.request.cookies.get('user.user', '') if not useruser: logging.info('user.user: '******'Set-Cookie', 'user.user=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % str(user.user)) usernickname = requester.request.cookies.get('user.nickname', '') if not usernickname: logging.info('user.nickname: '+str(user.user)) requester.response.headers.add_header('Set-Cookie', 'user.nickname=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % str(user.nickname)) else: requester.response.headers.add_header('Set-Cookie', 'user.user_id=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % "None") requester.response.headers.add_header('Set-Cookie', 'user.is_current_user_admin=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % "None") requester.response.headers.add_header('Set-Cookie', 'user.user=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % "None") requester.response.headers.add_header('Set-Cookie', 'user.nickname=%s; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/' % "Anonymous")