Ejemplo n.º 1
0
def get_package_tabs(user: User, package: Package):
    if package is None or not package.checkPerm(user, Permission.EDIT_PACKAGE):
        return []

    return [{
        "id": "edit",
        "title": "Edit Details",
        "url": package.getURL("packages.create_edit")
    }, {
        "id": "releases",
        "title": "Releases",
        "url": package.getURL("packages.list_releases")
    }, {
        "id": "screenshots",
        "title": "Screenshots",
        "url": package.getURL("packages.screenshots")
    }, {
        "id": "maintainers",
        "title": "Maintainers",
        "url": package.getURL("packages.edit_maintainers")
    }, {
        "id": "audit",
        "title": "Audit Log",
        "url": package.getURL("packages.audit")
    }, {
        "id": "share",
        "title": "Share and Badges",
        "url": package.getURL("packages.share")
    }, {
        "id": "remove",
        "title": "Remove",
        "url": package.getURL("packages.remove")
    }]
Ejemplo n.º 2
0
def do_create_screenshot(user: User, package: Package, title: str, file, reason: str = None):
	thirty_minutes_ago = datetime.datetime.now() - datetime.timedelta(minutes=30)
	count = package.screenshots.filter(PackageScreenshot.created_at > thirty_minutes_ago).count()
	if count >= 20:
		raise LogicError(429, "Too many requests, please wait before trying again")

	uploaded_url, uploaded_path = upload_file(file, "image", "a PNG or JPG image file")

	counter = 1
	for screenshot in package.screenshots.all():
		screenshot.order = counter
		counter += 1

	ss = PackageScreenshot()
	ss.package  = package
	ss.title    = title or "Untitled"
	ss.url      = uploaded_url
	ss.approved = package.checkPerm(user, Permission.APPROVE_SCREENSHOT)
	ss.order    = counter
	db.session.add(ss)

	if reason is None:
		msg = "Created screenshot {}".format(ss.title)
	else:
		msg = "Created screenshot {} ({})".format(ss.title, reason)

	addNotification(package.maintainers, user, NotificationType.PACKAGE_EDIT, msg, package.getURL("packages.view"), package)
	addAuditLog(AuditSeverity.NORMAL, user, msg, package.getURL("packages.view"), package)

	db.session.commit()

	return ss
Ejemplo n.º 3
0
def check_can_create_release(user: User, package: Package):
    if not package.checkPerm(user, Permission.MAKE_RELEASE):
        raise LogicError(403, "You do not have permission to make releases")

    five_minutes_ago = datetime.datetime.now() - datetime.timedelta(minutes=5)
    count = package.releases.filter(
        PackageRelease.releaseDate > five_minutes_ago).count()
    if count >= 5:
        raise LogicError(
            429,
            "You've created too many releases for this package in the last 5 minutes, please wait before trying again"
        )
Ejemplo n.º 4
0
def order_screenshots(token: APIToken, package: Package):
    if not token:
        error(401, "Authentication needed")

    if not package.checkPerm(token.owner, Permission.ADD_SCREENSHOTS):
        error(403, "You do not have the permission to delete screenshots")

    if not token.canOperateOnPackage(package):
        error(403, "API token does not have access to the package")

    json = request.json
    if json is None or not isinstance(json, list):
        error(400, "Expected order body to be array")

    return api_order_screenshots(token, package, request.json)
Ejemplo n.º 5
0
def create_screenshot(token: APIToken, package: Package):
    if not token:
        error(401, "Authentication needed")

    if not package.checkPerm(token.owner, Permission.ADD_SCREENSHOTS):
        error(403, "You do not have the permission to create screenshots")

    data = request.form
    if "title" not in data:
        error(400, "Title is required in the POST data")

    file = request.files.get("file")
    if file is None:
        error(400, "Missing 'file' in multipart body")

    return api_create_screenshot(token, package, data["title"], file)
Ejemplo n.º 6
0
def delete_screenshot(token: APIToken, package: Package, id: int):
    ss = PackageScreenshot.query.get(id)
    if ss is None or ss.package != package:
        error(404, "Screenshot not found")

    if not token:
        error(401, "Authentication needed")

    if not package.checkPerm(token.owner, Permission.ADD_SCREENSHOTS):
        error(403, "You do not have the permission to delete screenshots")

    if not token.canOperateOnPackage(package):
        error(403, "API token does not have access to the package")

    if package.cover_image == ss:
        package.cover_image = None
        db.session.merge(package)

    db.session.delete(ss)
    db.session.commit()

    return jsonify({"success": True})
Ejemplo n.º 7
0
def do_edit_package(user: User,
                    package: Package,
                    was_new: bool,
                    data: dict,
                    reason: str = None):
    if not package.checkPerm(user, Permission.EDIT_PACKAGE):
        raise LogicError(403,
                         "You do not have permission to edit this package")

    if "name" in data and package.name != data["name"] and \
      not package.checkPerm(user, Permission.CHANGE_NAME):
        raise LogicError(
            403, "You do not have permission to change the package name")

    for alias, to in ALIASES.items():
        if alias in data:
            data[to] = data[alias]

    validate(data)

    if "type" in data:
        data["type"] = PackageType.coerce(data["type"])

    if "license" in data:
        data["license"] = get_license(data["license"])

    if "media_license" in data:
        data["media_license"] = get_license(data["media_license"])

    for key in [
            "name", "title", "short_desc", "desc", "type", "license",
            "media_license", "repo", "website", "issueTracker", "forums"
    ]:
        if key in data:
            setattr(package, key, data[key])

    if package.type == PackageType.TXP:
        package.license = package.media_license

    if was_new and package.type == PackageType.MOD:
        m = MetaPackage.GetOrCreate(package.name, {})
        package.provides.append(m)

    if "tags" in data:
        package.tags.clear()
        for tag_id in data["tags"]:
            if is_int(tag_id):
                package.tags.append(Tag.query.get(tag_id))
            else:
                tag = Tag.query.filter_by(name=tag_id).first()
                if tag is None:
                    raise LogicError(400, "Unknown tag: " + tag_id)
                package.tags.append(tag)

    if "content_warnings" in data:
        package.content_warnings.clear()
        for warning_id in data["content_warnings"]:
            if is_int(warning_id):
                package.content_warnings.append(
                    ContentWarning.query.get(warning_id))
            else:
                warning = ContentWarning.query.filter_by(
                    name=warning_id).first()
                if warning is None:
                    raise LogicError(400, "Unknown warning: " + warning_id)
                package.content_warnings.append(warning)

    if not was_new:
        if reason is None:
            msg = "Edited {}".format(package.title)
        else:
            msg = "Edited {} ({})".format(package.title, reason)

        severity = AuditSeverity.NORMAL if user in package.maintainers else AuditSeverity.EDITOR
        addAuditLog(severity, user, msg, package.getDetailsURL(), package)

    db.session.commit()

    return package