Ejemplo n.º 1
0
    def post(self):
        if self.user:
            if not self.check_state():
                logging.warning("Possible CSRF attack detected!")
                self.redirect("/")
                return

            input_delete_article = self.request.get('delete_article')

            if input_delete_article:
                Article.remove(input_delete_article)
                # Show message: Confirm deletion of article.
                self.render('message.html', message_delete_article = True)

            else:
                input_edit_article = self.request.get('edit_article')
                input_title = self.request.get('title')
                input_body = self.request.get('body')

                article = Article.by_id(input_edit_article)
                
                error_title=""
                error_body=""

                have_error = False

                if not valid_title(input_title):
                    # Show the error-message: not a valid title.
                    error_title = True
                    have_error = True
                if not valid_body(input_body):
                    # Show the error-message: not a valid body.
                    error_body = True
                    have_error = True

                if have_error:
                    state = self.make_state()
                    # Render page with error-messages.
                    self.render('edit_article.html',
                                user = self.user,
                                article = article,
                                error_title = error_title,
                                error_body = error_body,
                                title_form = input_title,
                                body_form = input_body,
                                state = state)
                else:
                    # Edit article-entity and commit to Article-DB.
                    article.title = input_title
                    article.body = input_body
                    article.put()
                    # Update memcache
                    Article.update_article_cache(article)
                    # Redirect to homepage
                    self.redirect("/")

        else:
            # Prompt user to login.
            self.render('message.html', message_new_article_1 = True)
Ejemplo n.º 2
0
    def post(self):
        if self.user:
            if not self.check_state():
                self.redirect("/")
                return

            input_title = self.request.get('title')
            input_body = self.request.get('body')

            error_title=""
            error_body=""

            have_error = False

            if not valid_title(input_title):
                # Show the error-message: not a valid title.
                error_title = True
                have_error = True
            if not valid_body(input_body):
                # Show the error-message: not a valid body.
                error_body = True
                have_error = True

            if have_error:
                state = self.make_state()
                # Render page with error-messages.
                self.render('new_article.html',
                            user = self.user,
                            error_title = error_title,
                            error_body = error_body,
                            title_form = input_title,
                            body_form = input_body,
                            state = state)
            else:
                # Create new entry in the Article-DB.
                article = Article.create(input_title, 
                                         input_body, 
                                         self.user.key().id())
                article.put()
                # Update memcache
                Article.update_article_cache(article)
                
                # Redirect to homepage
                self.redirect("/")

        else:
            # Prompt user to login.
            self.session.add_flash('message_new_article_1', 
                                   key='homepage_flashes')
            self.redirect("/")
Ejemplo n.º 3
0
    def post(self):
        if self.user:
            if not self.check_state():
                self.redirect("/")
                return

            # Deactivate account by deleting from User database and 
            # adding to the DeactAccounts database.
            d = DeactAccounts.create(self.user.key().id(), 
                                     self.user.name,
                                     self.user.email)

            # Delete user
            User.remove(self.user.key().id())

            # Genrate list of article-keys for the deleted user.
            article_key_list = Article.keys_by_author(self.user.key().id())

            for key in article_key_list:
                # Store article in DeletdArticle DB
                article = Article.by_id(key.id())
                del_art = DeletdArticle.create(article.title,
                                               article.body, 
                                               article.author)
                del_art.put()
                # Delete article from Article DB
                Article.remove(key.id())
            
            # Logout (delete coockie)
            self.logout()

            # Send email notification
            self.send_email(d.email, 
                            'email_subject.html', 
                            'email_account_deleted.html', 
                            subject_type = 'account_deleted')


            # Render page with message that account was deleted
            self.session.add_flash('message_delete_account_1', 
                                   key='homepage_flashes')
            self.session.add_flash(d.email, key='deleted_email')
            self.redirect("/")

        else:
            # Prompt user to login.
            self.session.add_flash('message_user_settings_1', 
                                   key='homepage_flashes')
            self.redirect("/")
Ejemplo n.º 4
0
    def get(self):
        article_list = Article.recent(100)
        for article in article_list:
            t = article.created.isoformat()
            article.time = t
            author = User.by_id(article.author)
            if author:
                article.author_name = author.name
            else:
                article.author_name = 'Unknown'
        flashes = self.session.get_flashes('homepage_flashes')
        input_email = self.session.get_flashes('input_email')
        if input_email:
            input_email = input_email.pop()[0]
        deleted_email = self.session.get_flashes('deleted_email')
        if deleted_email:
            deleted_email = deleted_email.pop()[0]

        if self.user:
            self.render('homepage.html',
                        user = self.user, 
                        article_list = article_list,
                        flashes = flashes,
                        input_email = input_email,
                        deleted_email = deleted_email)
        else:
            self.render('homepage.html', 
                        article_list = article_list,
                        flashes = flashes,
                        input_email = input_email,
                        deleted_email = deleted_email)
Ejemplo n.º 5
0
    def get(self):
        article_list = Article.recent(100)
        for article in article_list:
            t = article.created.isoformat()
            article.time = t
            author = User.by_id(article.author)
            if author:
                article.author_name = author.name
            else:
                article.author_name = 'Unknown'

        if self.user:
            self.render('homepage.html',
                        user = self.user, 
                        article_list = article_list)
        else:
            self.render('homepage.html', article_list = article_list)
Ejemplo n.º 6
0
 def get(self):
     if self.user:
         input_article_id = self.request.get("article")
         article = Article.get_by_id(int(input_article_id))
         if self.user.key().id() == article.author:
             state = self.make_state()
             self.render('edit_article.html', 
                         user = self.user,  
                         article = article, 
                         title_form = article.title, 
                         body_form = article.body,
                         state = state)
         else:
             # Show message that user is not authorized to edit.
             self.render('message.html', message_edit_article_2 = True)
     else:
         # Prompt user to login.
         self.render('message.html', message_edit_article_1 = True)
Ejemplo n.º 7
0
    def post(self):
        if self.user:
            if not self.check_state():
                logging.warning("Possible CSRF attack detected!")
                self.redirect("/")
                return

            # Get user input
            input_password = self.request.get('password')

            # Check input and set error messages. 
            error_password=""

            have_error = False

            if not valid_pw(self.user.email, input_password, self.user.pw_hash):
                # Set the error-message: incorrect password.
                error_password = True
                have_error = True

            if have_error:
                state = self.make_state()
                # Render page with error-messages.
                self.render('delete_account.html',
                            user = self.user,
                            error_password = error_password,
                            state = state)
            else:
                # Deactivate account by deleting from User database and 
                # adding to the DeactAccounts database.
                d = DeactAccounts.create(self.user.key().id(), 
                                         self.user.name,
                                         self.user.email)
                d.put()

                # Delete user
                User.remove(self.user.key().id())

                # Genrate list of article-keys for the deleted user.
                article_key_list = Article.keys_by_author(self.user.key().id())

                for key in article_key_list:
                    # Store article in DeletdArticle DB
                    article = Article.by_id(key.id())
                    del_art = DeletdArticle.create(article.title,
                                                   article.body, 
                                                   article.author)
                    del_art.put()
                    # Delete article from Article DB
                    Article.remove(key.id())
                
                # Logout (delete coockie)
                self.logout()

                # Send email notification
                self.send_email(d.email, 
                                'email_subject.html', 
                                'email_account_deleted.html', 
                                subject_type = 'account_deleted')


                # Render page with message that account was deleted
                self.render('message.html', 
                            message_delete_account_1 = True, 
                            deleted_email = d.email)

        else:
            # Prompt user to login.
            self.render('message.html', message_user_settings_1 = True)