def get_user_has_permission(request):
discussion_id = int(request.matchdict['discussion_id'])
permission = request.matchdict['permission']
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound("Discussion %d does not exist" % (discussion_id,))
return a_users_with_permission(discussion_id, permission)
def save_synthesis(request):
synthesis_id = request.matchdict['id']
discussion_id = int(request.matchdict['discussion_id'])
if synthesis_id == 'next_synthesis':
discussion = Discussion.get_instance(discussion_id)
synthesis = discussion.get_next_synthesis()
else:
synthesis = Synthesis.get_instance(synthesis_id)
if not synthesis:
raise HTTPBadRequest("Synthesis with id '%s' not found." %
synthesis_id)
synthesis_data = json.loads(request.body)
user_id = request.authenticated_userid
permissions = get_permissions(user_id, discussion_id)
for key in ('subject', 'introduction', 'conclusion'):
if key in synthesis_data:
ls_data = synthesis_data[key]
if ls_data is None:
continue
assert isinstance(ls_data, dict)
current = LangString.create_from_json(ls_data,
user_id,
permissions=permissions)
setattr(synthesis, key, current)
Synthesis.default_db.add(synthesis)
Synthesis.default_db.flush()
return {'ok': True, 'id': synthesis.uri()}
def discussion_from_request(request):
from ..models import Discussion
from assembl.views.traversal import TraversalContext
if request.matchdict:
if 'discussion_id' in request.matchdict:
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound("No discussion ID %d" % (discussion_id, ))
return discussion
elif 'discussion_slug' in request.matchdict:
slug = request.matchdict['discussion_slug']
discussion = find_discussion_from_slug(slug)
if not discussion:
raise HTTPNotFound("No discussion found for slug=%s" %
(slug, ))
return discussion
if getattr(request, "context", None) and isinstance(
request.context, TraversalContext):
discussion_id = request.context.get_discussion_id()
if discussion_id:
return Discussion.get(discussion_id)
if request.session.get("discussion", None):
slug = request.session["discussion"]
discussion = find_discussion_from_slug(slug)
if not discussion:
raise HTTPNotFound("No discussion found for slug=%s" % (slug, ))
return discussion
def put_discussion_roles_for_user(request):
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound("Discussion %d does not exist" % (discussion_id, ))
user_id = request.matchdict['user_id']
user = User.get_instance(user_id)
if not user:
raise HTTPNotFound("User id %d does not exist" % (user_id, ))
try:
data = json.loads(request.body)
except Exception as e:
raise HTTPBadRequest("Malformed Json")
session = Discussion.default_db
if not isinstance(data, list):
raise HTTPBadRequest("Not a list")
if data and frozenset((type(x) for x in data)) != frozenset((str, )):
raise HTTPBadRequest("not strings")
roles = set(session.query(Role).filter(Role.name.in_(data)).all())
data = set(data)
if len(roles) != len(data):
raise HTTPBadRequest("Not valid roles: %s" %
(repr(data - set((p.name for p in roles))), ))
known_lu_roles = session.query(LocalUserRole).join(Role).filter(
user=user, discussion=discussion).all()
lur_by_role = {lur.role.name: lur for lur in known_lu_roles}
known_roles = set(lur_by_role.keys())
for role in known_roles - roles:
session.query.delete(lur_by_role[role])
for role in roles - known_roles:
session.add(LocalUserRole(user=user, role=role, discussion=discussion))
return {
"added": list(roles - known_roles),
"removed": list(known_roles - roles)
}
def test_simultaneous_ajax_calls(request):
g = lambda x: request.GET.get(x, None)
session = User.default_db
discussion_id = g('discussion_id')
widget_id = g('widget_id')
if not discussion_id:
return HTTPBadRequest(
explanation="Please provide a discussion_id parameter")
if not widget_id:
return HTTPBadRequest(
explanation="Please provide a widget_id parameter")
widget_id = int(widget_id)
discussion_id = int(discussion_id)
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound("Discussion with id '%d' not found." %
(discussion_id, ))
user_id = authenticated_userid(request)
assert user_id
context = dict(get_default_context(request),
discussion=discussion,
discussion_id=discussion_id,
widget_id=widget_id)
return render_to_response('admin/test_simultaneous_ajax_calls.jinja2',
context,
request=request)
def get_user_has_permission(request):
discussion_id = int(request.matchdict['discussion_id'])
permission = request.matchdict['permission']
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound("Discussion %d does not exist" % (discussion_id, ))
return a_users_with_permission(discussion_id, permission)
def discussion_edit(request):
discussion_id = int(request.matchdict["discussion_id"])
discussion = Discussion.get_instance(discussion_id)
user_id = authenticated_userid(request)
assert user_id
permissions = get_permissions(user_id, discussion_id)
partners = json.dumps(
[p.generic_json(user_id=user_id, permissions=permissions) for p in discussion.partner_organizations]
)
if not discussion:
raise HTTPNotFound("Discussion with id '%d' not found." % (discussion_id,))
context = dict(
get_default_context(request),
discussion=discussion,
admin_discussion_permissions_url=request.route_url("discussion_permissions", discussion_id=discussion.id),
partners=partners,
)
if request.method == "POST":
g = lambda x: request.POST.get(x, None)
(topic, slug, objectives) = (g("topic"), g("slug"), g("objectives"))
discussion.topic = topic
discussion.slug = slug
discussion.objectives = objectives
return render_to_response("admin/discussion_edit.jinja2", context, request=request)
def put_discussion_roles_for_user(request):
discussion_id = request.matchdict['discussion_id']
user_id = request.matchdict['user_id']
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound("Discussion %s does not exist" % (discussion_id,))
user = User.get_instance(user_id)
if not user:
raise HTTPNotFound("User id %s does not exist" % (user_id,))
try:
data = json.loads(request.body)
except Exception as e:
raise HTTPBadRequest("Malformed Json")
session = Discussion.db()
if not isinstance(data, list):
raise HTTPBadRequest("Not a list")
if data and frozenset((type(x) for x in data)) != frozenset((str,)):
raise HTTPBadRequest("not strings")
roles = set(session.query(Role).filter(name in data).all())
data = set(data)
if len(roles) != len(data):
raise HTTPBadRequest("Not valid roles: %s" % (repr(
data - set((p.name for p in roles))),))
known_lu_roles = session.query(LocalUserRole).join(Role).filter(
user=user, discussion=discussion).all()
lur_by_role = {lur.role.name: lur for lur in known_lu_roles}
known_roles = set(lur_by_role.keys())
for role in known_roles - roles:
session.query.delete(lur_by_role(role))
for role in roles - known_roles:
session.add(LocalUserRole(
user=user, role=role, discussion=discussion))
return {"added": list(roles - known_roles),
"removed": list(known_roles - roles)}
def test_simultaneous_ajax_calls(request):
g = lambda x: request.GET.get(x, None)
session = User.default_db
discussion_id = g('discussion_id')
widget_id = g('widget_id')
if not discussion_id:
return HTTPBadRequest(
explanation="Please provide a discussion_id parameter")
if not widget_id:
return HTTPBadRequest(
explanation="Please provide a widget_id parameter")
widget_id = int(widget_id)
discussion_id = int(discussion_id)
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound("Discussion with id '%d' not found." % (
discussion_id,))
user_id = authenticated_userid(request)
assert user_id
context = dict(
get_default_context(request),
discussion=discussion,
discussion_id=discussion_id,
widget_id=widget_id)
return render_to_response(
'admin/test_simultaneous_ajax_calls.jinja2',
context,
request=request)
def save_synthesis(request):
synthesis_id = request.matchdict['id']
discussion_id = int(request.matchdict['discussion_id'])
if synthesis_id == 'next_synthesis':
discussion = Discussion.get_instance(discussion_id)
synthesis = discussion.get_next_synthesis()
else:
synthesis = Synthesis.get_instance(synthesis_id)
if not synthesis:
raise HTTPBadRequest("Synthesis with id '%s' not found." % synthesis_id)
synthesis_data = json.loads(request.body)
user_id = request.authenticated_userid
permissions = get_permissions(user_id, discussion_id)
for key in ('subject', 'introduction', 'conclusion'):
if key in synthesis_data:
ls_data = synthesis_data[key]
if ls_data is None:
continue
assert isinstance(ls_data, dict)
current = LangString.create_from_json(
ls_data, user_id, permissions=permissions)
setattr(synthesis, key, current)
Synthesis.default_db.add(synthesis)
Synthesis.default_db.flush()
return {'ok': True, 'id': synthesis.uri()}
def delete_discussion(request):
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound(
"Discussion with id '%s' not found." % discussion_id)
discussion.delete()
return HTTPNoContent()
def delete_discussion(request):
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound("Discussion with id '%s' not found." %
discussion_id)
discussion.delete()
return HTTPNoContent()
def get_permissions_for_user(request):
discussion_id = request.matchdict['discussion_id']
user_id = request.matchdict['user_id']
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound("Discussion %s does not exist" % (discussion_id,))
if user_id not in (Authenticated, Everyone):
user = User.get_instance(user_id)
if not user:
raise HTTPNotFound("User id %s does not exist" % (user_id,))
return a_permissions_for_user(discussion_id, user_id)
def get_permissions_for_user(request):
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound("Discussion %d does not exist" % (discussion_id, ))
user_id = request.matchdict['user_id']
if user_id not in (Authenticated, Everyone):
user = User.get_instance(user_id)
if not user:
raise HTTPNotFound("User id %s does not exist" % (user_id, ))
user_id = user.id
return get_permissions(user_id, discussion_id)
def get_discussion(request):
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
view_def = request.GET.get('view') or 'default'
user_id = authenticated_userid(request) or Everyone
permissions = get_permissions(user_id, discussion_id)
if not discussion:
raise HTTPNotFound(
"Discussion with id '%s' not found." % discussion_id)
return discussion.generic_json(view_def, user_id, permissions)
def get_discussion(request):
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
view_def = request.GET.get('view') or 'default'
user_id = authenticated_userid(request)
permissions = get_permissions(user_id, discussion_id)
if not discussion:
raise HTTPNotFound(
"Discussion with id '%s' not found." % discussion_id)
return discussion.generic_json(view_def, user_id, permissions)
def get_user_has_permission(request):
discussion_id = int(request.matchdict['discussion_id'])
user_id = request.matchdict['user_id']
permission = request.matchdict['permission']
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound("Discussion %d does not exist" % (discussion_id,))
if user_id not in (Authenticated, Everyone):
user = User.get_instance(user_id)
if not user:
raise HTTPNotFound("User id %s does not exist" % (user_id,))
user_id = user.id
return a_user_has_permission(discussion_id, user_id, permission)
def get_discussion(request):
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
is_etalab_request = request.matched_route.name == 'etalab_discussion'
view_def = request.GET.get(
'view', 'etalab' if is_etalab_request else 'default')
user_id = request.authenticated_userid or Everyone
permissions = get_permissions(user_id, discussion_id)
if not discussion:
raise HTTPNotFound(
"Discussion with id '%s' not found." % discussion_id)
return discussion.generic_json(view_def, user_id, permissions)
def get_discussion(request):
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
is_etalab_request = request.matched_route.name == 'etalab_discussion'
view_def = request.GET.get('view',
'etalab' if is_etalab_request else 'default')
user_id = request.authenticated_userid or Everyone
permissions = get_permissions(user_id, discussion_id)
if not discussion:
raise HTTPNotFound("Discussion with id '%s' not found." %
discussion_id)
return discussion.generic_json(view_def, user_id, permissions)
def post_discussion(request):
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound("Discussion with id '%s' not found." %
discussion_id)
discussion_data = json.loads(request.body)
discussion.topic = discussion_data.get('topic', discussion.slug)
discussion.slug = discussion_data.get('slug', discussion.slug)
discussion.objectives = discussion_data.get('objectives',
discussion.objectives)
return {'ok': True}
def get_sources(request):
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
view_def = request.GET.get('view') or 'default'
if not discussion:
raise HTTPNotFound(
"Discussion with id '%s' not found." % discussion_id
)
user_id = authenticated_userid(request)
permissions = get_permissions(user_id, discussion_id)
res = [source.generic_json(view_def, user_id, permissions)
for source in discussion.sources]
return [x for x in res if x is not None]
def get_sources(request):
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
view_def = request.GET.get('view') or 'default'
if not discussion:
raise HTTPNotFound(
"Discussion with id '%s' not found." % discussion_id
)
user_id = request.authenticated_userid or Everyone
permissions = get_permissions(user_id, discussion_id)
res = [source.generic_json(view_def, user_id, permissions)
for source in discussion.sources]
return [x for x in res if x is not None]
def post_discussion(request):
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound(
"Discussion with id '%s' not found." % discussion_id)
discussion_data = json.loads(request.body)
discussion.topic = discussion_data.get('topic', discussion.slug)
discussion.slug = discussion_data.get('slug', discussion.slug)
discussion.objectives = discussion_data.get(
'objectives', discussion.objectives)
return {'ok': True}
def get_synthesis(request):
synthesis_id = request.matchdict['id']
if synthesis_id == 'next_synthesis':
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
synthesis = discussion.get_next_synthesis()
else:
synthesis = Synthesis.get_instance(synthesis_id)
if not synthesis:
raise HTTPNotFound("Synthesis with id '%s' not found." % synthesis_id)
view_def = request.GET.get('view') or 'default'
discussion_id = int(request.matchdict['discussion_id'])
user_id = authenticated_userid(request) or Everyone
permissions = get_permissions(user_id, discussion_id)
return synthesis.generic_json(view_def, user_id, permissions)
def get_synthesis(request):
synthesis_id = request.matchdict['id']
if synthesis_id == 'next_synthesis':
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
synthesis = discussion.get_next_synthesis()
else:
synthesis = Synthesis.get_instance(synthesis_id)
if not synthesis:
raise HTTPNotFound("Synthesis with id '%s' not found." % synthesis_id)
view_def = request.GET.get('view') or 'default'
discussion_id = int(request.matchdict['discussion_id'])
user_id = authenticated_userid(request) or Everyone
permissions = get_permissions(user_id, discussion_id)
return synthesis.generic_json(view_def, user_id, permissions)
def mark_post_read(request):
"""Mark this post as un/read. Return the read post count for all affected ideas."""
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
post_id = request.matchdict['id']
post = Post.get_instance(post_id)
if not post:
raise HTTPNotFound("Post with id '%s' not found." % post_id)
post_id = post.id
user_id = authenticated_userid(request)
if not user_id:
raise HTTPUnauthorized()
read_data = json.loads(request.body)
db = discussion.db
change = False
with transaction.manager:
if read_data.get('read', None) is False:
view = db.query(ViewPost).filter_by(post_id=post_id,
actor_id=user_id,
tombstone_date=None).first()
if view:
change = True
view.is_tombstone = True
else:
count = db.query(ViewPost).filter_by(post_id=post_id,
actor_id=user_id,
tombstone_date=None).count()
if not count:
change = True
db.add(ViewPost(post=post, actor_id=user_id))
new_counts = []
if change:
new_counts = Idea.idea_read_counts(discussion_id, post_id, user_id)
return {
"ok":
True,
"ideas": [{
"@id": Idea.uri_generic(idea_id),
"num_read_posts": read_posts
} for (idea_id, read_posts) in new_counts]
}
def mark_post_read(request):
discussion_id = int(request.matchdict["discussion_id"])
discussion = Discussion.get_instance(discussion_id)
post_id = request.matchdict["id"]
post = Post.get_instance(post_id)
if not post:
raise HTTPNotFound("Post with id '%s' not found." % post_id)
post_id = post.id
user_id = authenticated_userid(request)
if not user_id:
raise HTTPUnauthorized()
read_data = json.loads(request.body)
db = Discussion.db()
change = False
with transaction.manager:
if read_data.get("read", None) is False:
view = db.query(ViewPost).filter(ViewPost.post_id == post_id).filter(Action.actor_id == user_id).first()
if view:
change = True
db.delete(view)
else:
count = db.query(ViewPost).filter(ViewPost.post_id == post_id).filter(Action.actor_id == user_id).count()
if not count:
change = True
db.add(ViewPost(post=post, actor_id=user_id))
new_counts = []
if change:
new_counts = Idea.idea_counts(discussion_id, post_id, user_id)
return {
"ok": True,
"ideas": [
{
"@id": Idea.uri_generic(idea_id),
"@type": db.query(Idea).get(idea_id).external_typename(),
"num_posts": total_posts,
"num_read_posts": read_posts,
}
for (idea_id, total_posts, read_posts) in new_counts
],
}
def save_synthesis(request):
synthesis_id = request.matchdict['id']
if synthesis_id == 'next_synthesis':
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
synthesis = discussion.get_next_synthesis()
else:
synthesis = Synthesis.get_instance(synthesis_id)
if not synthesis:
raise HTTPBadRequest("Synthesis with id '%s' not found." % synthesis_id)
synthesis_data = json.loads(request.body)
synthesis.subject = synthesis_data.get('subject')
synthesis.introduction = synthesis_data.get('introduction')
synthesis.conclusion = synthesis_data.get('conclusion')
Synthesis.default_db.add(synthesis)
Synthesis.default_db.flush()
return {'ok': True, 'id': synthesis.uri()}
def save_synthesis(request):
synthesis_id = request.matchdict['id']
if synthesis_id == 'next_synthesis':
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
synthesis = discussion.get_next_synthesis()
else:
synthesis = Synthesis.get_instance(synthesis_id)
if not synthesis:
raise HTTPBadRequest("Synthesis with id '%s' not found." % synthesis_id)
synthesis_data = json.loads(request.body)
synthesis.subject = synthesis_data.get('subject')
synthesis.introduction = synthesis_data.get('introduction')
synthesis.conclusion = synthesis_data.get('conclusion')
Synthesis.default_db.add(synthesis)
Synthesis.default_db.flush()
return {'ok': True, 'id': synthesis.uri()}
def mark_post_read(request):
"""Mark this post as un/read. Return the read post count for all affected ideas."""
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
post_id = request.matchdict['id']
post = Post.get_instance(post_id)
if not post:
raise HTTPNotFound("Post with id '%s' not found." % post_id)
post_id = post.id
user_id = request.authenticated_userid
if not user_id:
raise HTTPUnauthorized()
read_data = json.loads(request.body)
db = discussion.db
change = False
with transaction.manager:
if read_data.get('read', None) is False:
view = db.query(ViewPost).filter_by(
post_id=post_id, actor_id=user_id,
tombstone_date=None).first()
if view:
change = True
view.is_tombstone = True
else:
count = db.query(ViewPost).filter_by(
post_id=post_id, actor_id=user_id,
tombstone_date=None).count()
if not count:
change = True
db.add(ViewPost(post=post, actor_id=user_id))
new_counts = []
if change:
new_counts = Idea.idea_read_counts(discussion_id, post_id, user_id)
return { "ok": True, "ideas": [
{"@id": Idea.uri_generic(idea_id),
"num_read_posts": read_posts
} for (idea_id, read_posts) in new_counts] }
def discussion_edit(request):
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
user_id = authenticated_userid(request)
assert user_id
permissions = get_permissions(user_id, discussion_id)
partners = json.dumps([
p.generic_json(user_id=user_id, permissions=permissions)
for p in discussion.partner_organizations
])
if not discussion:
raise HTTPNotFound("Discussion with id '%d' not found." %
(discussion_id, ))
context = dict(get_default_context(request),
discussion=discussion,
admin_discussion_permissions_url=request.route_url(
'discussion_permissions', discussion_id=discussion.id),
partners=partners)
if request.method == 'POST':
g = lambda x: request.POST.get(x, None)
(topic, slug, objectives) = (
g('topic'),
g('slug'),
g('objectives'),
)
discussion.topic = topic
discussion.slug = slug
discussion.objectives = objectives
return render_to_response('admin/discussion_edit.jinja2',
context,
request=request)
def discussion_permissions(request):
user_id = authenticated_userid(request)
assert user_id
db = Discussion.default_db
discussion_id = int(request.matchdict["discussion_id"])
discussion = Discussion.get_instance(discussion_id)
error = ""
if not discussion:
raise HTTPNotFound("Discussion with id '%d' not found." % (discussion_id,))
roles = db.query(Role).all()
roles_by_name = {r.name: r for r in roles}
role_names = [r.name for r in roles]
permissions = db.query(Permission).all()
perms_by_name = {p.name: p for p in permissions}
permission_names = [p.name for p in permissions]
disc_perms = db.query(DiscussionPermission).filter_by(discussion_id=discussion_id).join(Role, Permission).all()
disc_perms_as_set = set((dp.role.name, dp.permission.name) for dp in disc_perms)
disc_perms_dict = {(dp.role.name, dp.permission.name): dp for dp in disc_perms}
local_roles = db.query(LocalUserRole).filter_by(discussion_id=discussion_id).join(Role, User).all()
local_roles_as_set = set((lur.user.id, lur.role.name) for lur in local_roles)
local_roles_dict = {(lur.user.id, lur.role.name): lur for lur in local_roles}
users = set(lur.user for lur in local_roles)
num_users = ""
if request.POST:
if "submit_role_permissions" in request.POST:
for role in role_names:
if role == R_SYSADMIN:
continue
for permission in permission_names:
allowed_text = "allowed_%s_%s" % (role, permission)
if (role, permission) not in disc_perms_as_set and allowed_text in request.POST:
dp = DiscussionPermission(
role=roles_by_name[role], permission=perms_by_name[permission], discussion_id=discussion_id
)
disc_perms_dict[(role, permission)] = dp
disc_perms_as_set.add((role, permission))
db.add(dp)
elif (role, permission) in disc_perms_as_set and allowed_text not in request.POST:
dp = disc_perms_dict[(role, permission)]
del disc_perms_dict[(role, permission)]
disc_perms_as_set.remove((role, permission))
db.delete(dp)
if not role in SYSTEM_ROLES and "delete_" + role in request.POST:
db.delete(roles_by_name[role])
del roles_by_name[role]
role_names.remove(role)
elif "submit_add_role" in request.POST:
# TODO: Sanitize role
role = Role(name="r:" + request.POST["new_role"])
roles_by_name[role.name] = role
role_names.append(role.name)
db.add(role)
elif "submit_user_roles" in request.POST:
user_ids = {u.id for u in users}
for role in role_names:
if role == R_SYSADMIN:
continue
prefix = "has_" + role + "_"
for name in request.POST:
if name.startswith(prefix):
a_user_id = int(name[len(prefix) :])
if a_user_id not in user_ids:
users.add(User.get_instance(a_user_id))
user_ids.add(a_user_id)
for user in users:
has_role_text = "has_%s_%d" % (role, user.id)
if (user.id, role) not in local_roles_as_set and has_role_text in request.POST:
lur = LocalUserRole(role=roles_by_name[role], user=user, discussion_id=discussion_id)
local_roles.append(lur)
local_roles_dict[(user.id, role)] = lur
local_roles_as_set.add((user.id, role))
db.add(lur)
elif (user.id, role) in local_roles_as_set and has_role_text not in request.POST:
lur = local_roles_dict[(user.id, role)]
del local_roles_dict[(user.id, role)]
local_roles_as_set.remove((user.id, role))
local_roles.remove(lur)
db.delete(lur)
elif "submit_look_for_user" in request.POST:
search_string = "%" + request.POST["user_search"] + "%"
other_users = (
db.query(User)
.outerjoin(Username)
.filter(
AgentProfile.name.ilike(search_string)
| Username.username.ilike(search_string)
| User.preferred_email.ilike(search_string)
)
.all()
)
users.update(other_users)
elif "submit_user_file" in request.POST:
role = request.POST["add_with_role"] or R_PARTICIPANT
if role == R_SYSADMIN and not user_has_permission(discussion_id, user_id, P_SYSADMIN):
role = R_ADMINISTRATOR
if "user_csvfile" in request.POST:
try:
num_users = add_multiple_users_csv(request.POST["user_csvfile"].file, discussion_id, role)
except Exception as e:
error = repr(e)
else:
error = request.localizer.translate(_("No file given."))
def allowed(role, permission):
if role == R_SYSADMIN:
return True
return (role, permission) in disc_perms_as_set
def has_local_role(user_id, role):
return (user_id, role) in local_roles_as_set
context = dict(
get_default_context(request),
discussion=discussion,
allowed=allowed,
roles=role_names,
permissions=permission_names,
users=users,
error=error,
num_users=num_users,
has_local_role=has_local_role,
is_system_role=lambda r: r in SYSTEM_ROLES,
)
return render_to_response("admin/discussion_permissions.jinja2", context, request=request)
def create_post(request):
"""
We use post, not put, because we don't know the id of the post
"""
localizer = request.localizer
request_body = json.loads(request.body)
user_id = authenticated_userid(request)
if not user_id:
raise HTTPUnauthorized()
user = Post.default_db.query(User).filter_by(id=user_id).one()
body = request_body.get('body', None)
html = request_body.get('html', None) # BG: Is this used now? I cannot see it.
reply_id = request_body.get('reply_id', None)
idea_id = request_body.get('idea_id', None)
subject = request_body.get('subject', None)
publishes_synthesis_id = request_body.get('publishes_synthesis_id', None)
if not body and not publishes_synthesis_id:
# Should we allow empty messages otherwise?
raise HTTPBadRequest(localizer.translate(
_("Your message is empty")))
if reply_id:
in_reply_to_post = Post.get_instance(reply_id)
else:
in_reply_to_post = None
if idea_id:
in_reply_to_idea = Idea.get_instance(idea_id)
else:
in_reply_to_idea = None
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound(localizer.translate(_(
"No discussion found with id=%s")) % (discussion_id,)
)
ctx = DummyContext({Discussion: discussion})
if html:
log.warning("Still using html")
# how to guess locale in this case?
body = LangString.create(html)
elif body:
body = LangString.create_from_json(
body, context=ctx, user_id=user_id)
else:
body = LangString.EMPTY(discussion.db)
if subject:
subject = LangString.create_from_json(
subject, context=ctx, user_id=user_id)
else:
# print(in_reply_to_post.subject, discussion.topic)
if in_reply_to_post:
subject = (in_reply_to_post.get_title().first_original().value
if in_reply_to_post.get_title() else '')
elif in_reply_to_idea:
# TODO: THis should use a cascade like the frontend
subject = (in_reply_to_idea.short_title
if in_reply_to_idea.short_title else '')
else:
subject = discussion.topic if discussion.topic else ''
# print subject
if subject is not None and len(subject):
new_subject = "Re: " + restrip_pat.sub('', subject).strip()
if (in_reply_to_post and new_subject == subject and
in_reply_to_post.get_title()):
# reuse subject and translations
subject = in_reply_to_post.get_title()
else:
# how to guess locale in this case?
subject = LangString.create(new_subject)
else:
raven_client = get_raven_client()
if raven_client:
raven_client.captureMessage(
"A message is about to be written to the database with an "
"empty subject. This is not supposed to happen.")
subject = LangString.EMPTY(discussion.db)
post_constructor_args = {
'discussion': discussion,
'creator_id': user_id,
'subject': subject,
'body': body
}
if publishes_synthesis_id:
published_synthesis = Synthesis.get_instance(publishes_synthesis_id)
post_constructor_args['publishes_synthesis'] = published_synthesis
new_post = SynthesisPost(**post_constructor_args)
else:
new_post = AssemblPost(**post_constructor_args)
discussion.db.add(new_post)
discussion.db.flush()
if in_reply_to_post:
new_post.set_parent(in_reply_to_post)
if in_reply_to_idea:
idea_post_link = IdeaRelatedPostLink(
creator_id=user_id,
content=new_post,
idea=in_reply_to_idea
)
discussion.db.add(idea_post_link)
idea = in_reply_to_idea
while idea:
idea.send_to_changes()
parents = idea.get_parents()
idea = next(iter(parents)) if parents else None
else:
discussion.root_idea.send_to_changes()
for source in discussion.sources:
if 'send_post' in dir(source):
source.send_post(new_post)
permissions = get_permissions(user_id, discussion_id)
return new_post.generic_json('default', user_id, permissions)
def create_post(request):
"""
We use post, not put, because we don't know the id of the post
"""
localizer = get_localizer(request)
request_body = json.loads(request.body)
user_id = authenticated_userid(request)
user = Post.db.query(User).filter_by(id=user_id).one()
message = request_body.get("message", None)
html = request_body.get("html", None)
reply_id = request_body.get("reply_id", None)
idea_id = request_body.get("idea_id", None)
subject = request_body.get("subject", None)
publishes_synthesis_id = request_body.get("publishes_synthesis_id", None)
if not user_id:
raise HTTPUnauthorized()
if not message:
raise HTTPUnauthorized()
if reply_id:
in_reply_to_post = Post.get_instance(reply_id)
else:
in_reply_to_post = None
if idea_id:
in_reply_to_idea = Idea.get_instance(idea_id)
else:
in_reply_to_idea = None
discussion_id = request.matchdict["discussion_id"]
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound(localizer.translate(_("No discussion found with id=%s" % discussion_id)))
if subject:
subject = subject
elif in_reply_to_post:
subject = in_reply_to_post.subject
elif in_reply_to_idea:
subject = in_reply_to_idea.short_title
else:
subject = discussion.topic
subject = "Re: " + restrip_pat.sub("", subject)
post_constructor_args = {
"discussion": discussion,
"message_id": uuid.uuid1().urn,
"creator_id": user_id,
"subject": subject,
"body": html if html else message,
}
if publishes_synthesis_id:
published_synthesis = Synthesis.get_instance(publishes_synthesis_id)
post_constructor_args["publishes_synthesis"] = published_synthesis
new_post = SynthesisPost(**post_constructor_args)
else:
new_post = AssemblPost(**post_constructor_args)
new_post.db.add(new_post)
new_post.db.flush()
if in_reply_to_post:
new_post.set_parent(in_reply_to_post)
if in_reply_to_idea:
idea_post_link = IdeaRelatedPostLink(creator_id=user_id, content=new_post, idea=in_reply_to_idea)
IdeaRelatedPostLink.db.add(idea_post_link)
for source in discussion.sources:
source.send_post(new_post)
return {"ok": True}
def discussion_permissions(request):
user_id = authenticated_userid(request)
db = Discussion.db()
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound("Discussion with id '%d' not found." % (
discussion_id,))
roles = db.query(Role).all()
roles_by_name = {r.name: r for r in roles}
role_names = [r.name for r in roles]
permissions = db.query(Permission).all()
perms_by_name = {p.name: p for p in permissions}
permission_names = [p.name for p in permissions]
disc_perms = db.query(DiscussionPermission).filter_by(
discussion_id=discussion_id).join(Role, Permission).all()
disc_perms_as_set = set((dp.role.name, dp.permission.name)
for dp in disc_perms)
disc_perms_dict = {(dp.role.name, dp.permission.name): dp
for dp in disc_perms}
local_roles = db.query(LocalUserRole).filter_by(
discussion_id=discussion_id).join(Role, User).all()
local_roles_as_set = set((lur.user.id, lur.role.name)
for lur in local_roles)
local_roles_dict = {(lur.user.id, lur.role.name):lur
for lur in local_roles}
users = set(lur.user for lur in local_roles)
if request.POST:
if 'submit_role_permissions' in request.POST:
for role in role_names:
if role == R_SYSADMIN:
continue
for permission in permission_names:
allowed_text = 'allowed_%s_%s' % (role, permission)
if (role, permission) not in disc_perms_as_set and \
allowed_text in request.POST:
dp = DiscussionPermission(
role=roles_by_name[role],
permission=perms_by_name[permission],
discussion_id=discussion_id)
disc_perms_dict[(role, permission)] = dp
disc_perms_as_set.add((role, permission))
db.add(dp)
elif (role, permission) in disc_perms_as_set and \
allowed_text not in request.POST:
dp = disc_perms_dict[(role, permission)]
del disc_perms_dict[(role, permission)]
disc_perms_as_set.remove((role, permission))
db.delete(dp)
if not role in SYSTEM_ROLES and\
'delete_'+role in request.POST:
db.delete(roles_by_name[role])
del roles_by_name[role]
role_names.remove(role)
elif 'submit_add_role' in request.POST:
#TODO: Sanitize role
role = Role(name='r:'+request.POST['new_role'])
roles_by_name[role.name] = role
role_names.append(role.name)
db.add(role)
elif 'submit_user_roles' in request.POST:
user_ids = {u.id for u in users}
for role in role_names:
if role == R_SYSADMIN:
continue
prefix = 'has_'+role+'_'
for name in request.POST:
if name.startswith(prefix):
user_id = int(name[len(prefix):])
if user_id not in user_ids:
users.add(User.get_instance(user_id))
user_ids.add(user_id)
for user in users:
has_role_text = 'has_%s_%d' % (role, user.id)
if (user.id, role) not in local_roles_as_set and \
has_role_text in request.POST:
lur = LocalUserRole(
role=roles_by_name[role],
user=user,
discussion_id=discussion_id)
local_roles.append(lur)
local_roles_dict[(user.id, role)] = lur
local_roles_as_set.add((user.id, role))
db.add(lur)
elif (user.id, role) in local_roles_as_set and \
has_role_text not in request.POST:
lur = local_roles_dict[(user.id, role)]
del local_roles_dict[(user.id, role)]
local_roles_as_set.remove((user.id, role))
local_roles.remove(lur)
db.delete(lur)
elif 'submit_look_for_user' in request.POST:
search_string = '%' + request.POST['user_search'] + '%'
other_users = db.query(User).join(AgentProfile).filter(AgentProfile.name.ilike(search_string)).union(
db.query(User).outerjoin(Username).filter(Username.username.ilike(search_string))).union(
db.query(User).filter(User.preferred_email.ilike(search_string))).all()
users.update(other_users)
def allowed(role, permission):
if role == R_SYSADMIN:
return True
return (role, permission) in disc_perms_as_set
def has_local_role(user_id, role):
return (user_id, role) in local_roles_as_set
context = dict(
discussion=discussion,
allowed=allowed,
roles=role_names,
permissions=permission_names,
users=users,
has_local_role=has_local_role,
is_system_role=lambda r: r in SYSTEM_ROLES
)
return render_to_response(
'admin/discussion_permissions.jinja2',
context,
request=request)
def discussion_permissions(request):
user_id = authenticated_userid(request)
assert user_id
db = Discussion.default_db
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
error = ''
if not discussion:
raise HTTPNotFound("Discussion with id '%d' not found." % (
discussion_id,))
roles = db.query(Role).all()
roles_by_name = {r.name: r for r in roles}
role_names = [r.name for r in roles]
role_names.sort()
permissions = db.query(Permission).all()
perms_by_name = {p.name: p for p in permissions}
permission_names = [p.name for p in permissions]
permission_names.sort()
disc_perms = db.query(DiscussionPermission).filter_by(
discussion_id=discussion_id).join(Role, Permission).all()
disc_perms_as_set = set((dp.role.name, dp.permission.name)
for dp in disc_perms)
disc_perms_dict = {(dp.role.name, dp.permission.name): dp
for dp in disc_perms}
local_roles = db.query(LocalUserRole).filter_by(
discussion_id=discussion_id).join(Role, User).all()
local_roles_as_set = set((lur.user.id, lur.role.name)
for lur in local_roles)
local_roles_dict = {(lur.user.id, lur.role.name): lur
for lur in local_roles}
users = set(lur.user for lur in local_roles)
num_users = ''
if request.POST:
if 'submit_role_permissions' in request.POST:
for role in role_names:
if role == R_SYSADMIN:
continue
for permission in permission_names:
allowed_text = 'allowed_%s_%s' % (role, permission)
if (role, permission) not in disc_perms_as_set and \
allowed_text in request.POST:
dp = DiscussionPermission(
role=roles_by_name[role],
permission=perms_by_name[permission],
discussion_id=discussion_id)
disc_perms_dict[(role, permission)] = dp
disc_perms_as_set.add((role, permission))
db.add(dp)
elif (role, permission) in disc_perms_as_set and \
allowed_text not in request.POST:
dp = disc_perms_dict[(role, permission)]
del disc_perms_dict[(role, permission)]
disc_perms_as_set.remove((role, permission))
db.delete(dp)
if not role in SYSTEM_ROLES and\
'delete_'+role in request.POST:
db.delete(roles_by_name[role])
del roles_by_name[role]
role_names.remove(role)
elif 'submit_add_role' in request.POST:
#TODO: Sanitize role
role = Role(name='r:'+request.POST['new_role'])
roles_by_name[role.name] = role
role_names.append(role.name)
db.add(role)
elif 'submit_user_roles' in request.POST:
user_ids = {u.id for u in users}
for role in role_names:
if role == R_SYSADMIN:
continue
prefix = 'has_'+role+'_'
for name in request.POST:
if name.startswith(prefix):
a_user_id = int(name[len(prefix):])
if a_user_id not in user_ids:
users.add(User.get_instance(a_user_id))
user_ids.add(a_user_id)
for user in users:
has_role_text = 'has_%s_%d' % (role, user.id)
if (user.id, role) not in local_roles_as_set and \
has_role_text in request.POST:
lur = LocalUserRole(
role=roles_by_name[role],
user=user,
discussion_id=discussion_id)
local_roles.append(lur)
# TODO revisit this if Roles and Subscription are
# de-coupled
if role == 'r:participant':
user.update_agent_status_subscribe(discussion)
local_roles_dict[(user.id, role)] = lur
local_roles_as_set.add((user.id, role))
db.add(lur)
elif (user.id, role) in local_roles_as_set and \
has_role_text not in request.POST:
lur = local_roles_dict[(user.id, role)]
del local_roles_dict[(user.id, role)]
local_roles_as_set.remove((user.id, role))
local_roles.remove(lur)
# TODO revisit this if Roles and Subscription are
# de-coupled
if role == 'r:participant':
user.update_agent_status_unsubscribe(discussion)
db.delete(lur)
elif 'submit_look_for_user' in request.POST:
search_string = '%' + request.POST['user_search'] + '%'
other_users = db.query(User).outerjoin(Username).filter(
AgentProfile.name.ilike(search_string)
| Username.username.ilike(search_string)
| User.preferred_email.ilike(search_string)).all()
users.update(other_users)
elif 'submit_user_file' in request.POST:
role = request.POST['add_with_role'] or R_PARTICIPANT
if role == R_SYSADMIN and not user_has_permission(
discussion_id, user_id, P_SYSADMIN):
role = R_ADMINISTRATOR
if 'user_csvfile' in request.POST:
try:
num_users = add_multiple_users_csv(
request, request.POST['user_csvfile'].file,
discussion_id, role,
request.POST.get('send_invite', False),
request.POST['email_subject'],
request.POST['text_email_message'],
request.POST['html_email_message'],
request.POST['sender_name'],
request.POST.get('resend_notloggedin', False))
except Exception as e:
error = repr(e)
transaction.doom()
else:
error = request.localizer.translate(_('No file given.'))
def allowed(role, permission):
if role == R_SYSADMIN:
return True
return (role, permission) in disc_perms_as_set
def has_local_role(user_id, role):
return (user_id, role) in local_roles_as_set
users = list(users)
users.sort(key=order_by_domain_and_name)
context = dict(
get_default_context(request),
discussion=discussion,
allowed=allowed,
roles=role_names,
permissions=permission_names,
users=users,
error=error,
num_users=num_users,
has_local_role=has_local_role,
is_system_role=lambda r: r in SYSTEM_ROLES
)
return render_to_response(
'admin/discussion_permissions.jinja2',
context,
request=request)
def create_post(request):
"""
Create a new post in this discussion.
We use post, not put, because we don't know the id of the post
"""
localizer = request.localizer
request_body = json.loads(request.body)
user_id = request.authenticated_userid
if not user_id:
raise HTTPUnauthorized()
user = Post.default_db.query(User).filter_by(id=user_id).one()
body = request_body.get('body', None)
html = request_body.get('html', None) # BG: Is this used now? I cannot see it.
reply_id = request_body.get('reply_id', None)
idea_id = request_body.get('idea_id', None)
subject = request_body.get('subject', None)
publishes_synthesis_id = request_body.get('publishes_synthesis_id', None)
message_classifier = request_body.get('message_classifier', None)
if not body and not publishes_synthesis_id:
# Should we allow empty messages otherwise?
raise HTTPBadRequest(localizer.translate(
_("Your message is empty")))
if reply_id:
in_reply_to_post = Post.get_instance(reply_id)
else:
in_reply_to_post = None
if idea_id:
in_reply_to_idea = Idea.get_instance(idea_id)
else:
in_reply_to_idea = None
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound(localizer.translate(_(
"No discussion found with id=%s")) % (discussion_id,)
)
ctx = DummyContext({Discussion: discussion})
if html:
log.warning("Still using html")
# how to guess locale in this case?
body = LangString.create(sanitize_html(html))
# TODO: AssemblPosts are pure text right now.
# Allowing HTML requires changes to the model.
elif body:
# TODO: Accept HTML body.
for e in body['entries']:
e['value'] = sanitize_text(e['value'])
body = LangString.create_from_json(
body, context=ctx, user_id=user_id)
else:
body = LangString.EMPTY(discussion.db)
if subject:
for e in subject['entries']:
e['value'] = sanitize_text(e['value'])
subject = LangString.create_from_json(
subject, context=ctx, user_id=user_id)
else:
from assembl.models import Locale
locale = Locale.UNDEFINED
# print(in_reply_to_post.subject, discussion.topic)
if in_reply_to_post and in_reply_to_post.get_title():
original_subject = in_reply_to_post.get_title().first_original()
if original_subject:
locale = original_subject.locale_code
subject = (
original_subject.value or ''
if in_reply_to_post.get_title() else '')
elif in_reply_to_idea:
# TODO: THis should use a cascade like the frontend
# also, some ideas have extra langstring titles
subject = (in_reply_to_idea.short_title
if in_reply_to_idea.short_title else '')
locale = discussion.main_locale
else:
subject = discussion.topic if discussion.topic else ''
locale = discussion.main_locale
# print subject
if subject is not None and len(subject):
new_subject = "Re: " + restrip_pat.sub('', subject).strip()
if (in_reply_to_post and new_subject == subject and
in_reply_to_post.get_title()):
# reuse subject and translations
subject = in_reply_to_post.get_title().clone(discussion.db)
else:
# how to guess locale in this case?
subject = LangString.create(new_subject, locale)
else:
capture_message(
"A message is about to be written to the database with an "
"empty subject. This is not supposed to happen.")
subject = LangString.EMPTY(discussion.db)
post_constructor_args = {
'discussion': discussion,
'creator_id': user_id,
'message_classifier': message_classifier,
'subject': subject,
'body': body
}
if publishes_synthesis_id:
published_synthesis = Synthesis.get_instance(publishes_synthesis_id)
post_constructor_args['publishes_synthesis'] = published_synthesis
new_post = SynthesisPost(**post_constructor_args)
new_post.finalize_publish()
else:
new_post = AssemblPost(**post_constructor_args)
new_post.guess_languages()
discussion.db.add(new_post)
discussion.db.flush()
if in_reply_to_post:
new_post.set_parent(in_reply_to_post)
if in_reply_to_idea:
idea_post_link = IdeaRelatedPostLink(
creator_id=user_id,
content=new_post,
idea=in_reply_to_idea
)
discussion.db.add(idea_post_link)
idea = in_reply_to_idea
while idea:
idea.send_to_changes()
parents = idea.get_parents()
idea = next(iter(parents)) if parents else None
else:
discussion.root_idea.send_to_changes()
for source in discussion.sources:
if 'send_post' in dir(source):
source.send_post(new_post)
permissions = get_permissions(user_id, discussion_id)
return new_post.generic_json('default', user_id, permissions)
def create_post(request):
"""
We use post, not put, because we don't know the id of the post
"""
localizer = request.localizer
request_body = json.loads(request.body)
user_id = authenticated_userid(request)
if not user_id:
raise HTTPUnauthorized()
user = Post.default_db.query(User).filter_by(id=user_id).one()
message = request_body.get('message', None)
html = request_body.get('html', None)
reply_id = request_body.get('reply_id', None)
idea_id = request_body.get('idea_id', None)
subject = request_body.get('subject', None)
publishes_synthesis_id = request_body.get('publishes_synthesis_id', None)
if not message:
raise HTTPBadRequest(localizer.translate(_("Your message is empty")))
if reply_id:
in_reply_to_post = Post.get_instance(reply_id)
else:
in_reply_to_post = None
if idea_id:
in_reply_to_idea = Idea.get_instance(idea_id)
else:
in_reply_to_idea = None
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound(
localizer.translate(
_("No discussion found with id=%s" % discussion_id)))
if subject:
subject = subject
else:
#print(in_reply_to_post.subject, discussion.topic)
if in_reply_to_post:
subject = in_reply_to_post.get_title(
) if in_reply_to_post.get_title() else ''
elif in_reply_to_idea:
#TODO: THis should use a cascade like the frontend
subject = in_reply_to_idea.short_title if in_reply_to_idea.short_title else ''
else:
subject = discussion.topic if discussion.topic else ''
#print subject
subject = "Re: " + restrip_pat.sub('', subject)
post_constructor_args = {
'discussion': discussion,
'message_id': uuid.uuid1().hex + "@" + config.get('public_hostname'),
'creator_id': user_id,
'subject': subject,
'body': html if html else message
}
if publishes_synthesis_id:
published_synthesis = Synthesis.get_instance(publishes_synthesis_id)
post_constructor_args['publishes_synthesis'] = published_synthesis
new_post = SynthesisPost(**post_constructor_args)
else:
new_post = AssemblPost(**post_constructor_args)
discussion.db.add(new_post)
discussion.db.flush()
if in_reply_to_post:
new_post.set_parent(in_reply_to_post)
if in_reply_to_idea:
idea_post_link = IdeaRelatedPostLink(creator_id=user_id,
content=new_post,
idea=in_reply_to_idea)
discussion.db.add(idea_post_link)
for source in discussion.sources:
source.send_post(new_post)
permissions = get_permissions(user_id, discussion_id)
return new_post.generic_json('default', user_id, permissions)
def discussion_permissions(request):
user_id = authenticated_userid(request)
assert user_id
db = Discussion.default_db
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
error = ''
if not discussion:
raise HTTPNotFound("Discussion with id '%d' not found." %
(discussion_id, ))
roles = db.query(Role).all()
roles_by_name = {r.name: r for r in roles}
role_names = [r.name for r in roles]
role_names.sort()
permissions = db.query(Permission).all()
perms_by_name = {p.name: p for p in permissions}
permission_names = [p.name for p in permissions]
permission_names.sort()
disc_perms = db.query(DiscussionPermission).filter_by(
discussion_id=discussion_id).join(Role, Permission).all()
disc_perms_as_set = set(
(dp.role.name, dp.permission.name) for dp in disc_perms)
disc_perms_dict = {(dp.role.name, dp.permission.name): dp
for dp in disc_perms}
local_roles = db.query(LocalUserRole).filter_by(
discussion_id=discussion_id).join(Role, User).all()
local_roles_as_set = set(
(lur.user.id, lur.role.name) for lur in local_roles)
local_roles_dict = {(lur.user.id, lur.role.name): lur
for lur in local_roles}
users = set(lur.user for lur in local_roles)
num_users = ''
if request.POST:
if 'submit_role_permissions' in request.POST:
for role in role_names:
if role == R_SYSADMIN:
continue
for permission in permission_names:
allowed_text = 'allowed_%s_%s' % (role, permission)
if (role, permission) not in disc_perms_as_set and \
allowed_text in request.POST:
dp = DiscussionPermission(
role=roles_by_name[role],
permission=perms_by_name[permission],
discussion_id=discussion_id)
disc_perms_dict[(role, permission)] = dp
disc_perms_as_set.add((role, permission))
db.add(dp)
elif (role, permission) in disc_perms_as_set and \
allowed_text not in request.POST:
dp = disc_perms_dict[(role, permission)]
del disc_perms_dict[(role, permission)]
disc_perms_as_set.remove((role, permission))
db.delete(dp)
if not role in SYSTEM_ROLES and\
'delete_'+role in request.POST:
db.delete(roles_by_name[role])
del roles_by_name[role]
role_names.remove(role)
elif 'submit_add_role' in request.POST:
#TODO: Sanitize role
role = Role(name='r:' + request.POST['new_role'])
roles_by_name[role.name] = role
role_names.append(role.name)
db.add(role)
elif 'submit_user_roles' in request.POST:
user_ids = {u.id for u in users}
for role in role_names:
if role == R_SYSADMIN:
continue
prefix = 'has_' + role + '_'
for name in request.POST:
if name.startswith(prefix):
a_user_id = int(name[len(prefix):])
if a_user_id not in user_ids:
users.add(User.get_instance(a_user_id))
user_ids.add(a_user_id)
for user in users:
has_role_text = 'has_%s_%d' % (role, user.id)
if (user.id, role) not in local_roles_as_set and \
has_role_text in request.POST:
lur = LocalUserRole(role=roles_by_name[role],
user=user,
discussion_id=discussion_id)
local_roles.append(lur)
# TODO revisit this if Roles and Subscription are
# de-coupled
if role == 'r:participant':
user.update_agent_status_subscribe(discussion)
local_roles_dict[(user.id, role)] = lur
local_roles_as_set.add((user.id, role))
db.add(lur)
elif (user.id, role) in local_roles_as_set and \
has_role_text not in request.POST:
lur = local_roles_dict[(user.id, role)]
del local_roles_dict[(user.id, role)]
local_roles_as_set.remove((user.id, role))
local_roles.remove(lur)
# TODO revisit this if Roles and Subscription are
# de-coupled
if role == 'r:participant':
user.update_agent_status_unsubscribe(discussion)
db.delete(lur)
elif 'submit_look_for_user' in request.POST:
search_string = '%' + request.POST['user_search'] + '%'
other_users = db.query(User).outerjoin(Username).filter(
AgentProfile.name.ilike(search_string)
| Username.username.ilike(search_string)
| User.preferred_email.ilike(search_string)).all()
users.update(other_users)
elif 'submit_user_file' in request.POST:
role = request.POST['add_with_role'] or R_PARTICIPANT
if role == R_SYSADMIN and not user_has_permission(
discussion_id, user_id, P_SYSADMIN):
role = R_ADMINISTRATOR
if 'user_csvfile' in request.POST:
try:
num_users = add_multiple_users_csv(
request, request.POST['user_csvfile'].file,
discussion_id, role,
request.POST.get('send_invite',
False), request.POST['email_subject'],
request.POST['text_email_message'],
request.POST['html_email_message'],
request.POST['sender_name'],
request.POST.get('resend_notloggedin', False))
except Exception as e:
error = repr(e)
transaction.doom()
else:
error = request.localizer.translate(_('No file given.'))
def allowed(role, permission):
if role == R_SYSADMIN:
return True
return (role, permission) in disc_perms_as_set
def has_local_role(user_id, role):
return (user_id, role) in local_roles_as_set
users = list(users)
users.sort(key=order_by_domain_and_name)
context = dict(get_default_context(request),
discussion=discussion,
allowed=allowed,
roles=role_names,
permissions=permission_names,
users=users,
error=error,
num_users=num_users,
has_local_role=has_local_role,
is_system_role=lambda r: r in SYSTEM_ROLES)
return render_to_response('admin/discussion_permissions.jinja2',
context,
request=request)
def create_post(request):
"""
We use post, not put, because we don't know the id of the post
"""
localizer = request.localizer
request_body = json.loads(request.body)
user_id = authenticated_userid(request)
if not user_id:
raise HTTPUnauthorized()
user = Post.default_db.query(User).filter_by(id=user_id).one()
message = request_body.get('message', None)
html = request_body.get('html', None)
reply_id = request_body.get('reply_id', None)
idea_id = request_body.get('idea_id', None)
subject = request_body.get('subject', None)
publishes_synthesis_id = request_body.get('publishes_synthesis_id', None)
if not message:
raise HTTPBadRequest(localizer.translate(
_("Your message is empty")))
if reply_id:
in_reply_to_post = Post.get_instance(reply_id)
else:
in_reply_to_post = None
if idea_id:
in_reply_to_idea = Idea.get_instance(idea_id)
else:
in_reply_to_idea = None
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound(
localizer.translate(_("No discussion found with id=%s" % discussion_id))
)
if subject:
subject = subject
else:
#print(in_reply_to_post.subject, discussion.topic)
if in_reply_to_post:
subject = in_reply_to_post.get_title() if in_reply_to_post.get_title() else ''
elif in_reply_to_idea:
#TODO: THis should use a cascade like the frontend
subject = in_reply_to_idea.short_title if in_reply_to_idea.short_title else ''
else:
subject = discussion.topic if discussion.topic else ''
#print subject
subject = "Re: " + restrip_pat.sub('', subject)
post_constructor_args = {
'discussion': discussion,
'creator_id': user_id,
'subject': subject,
'body': html if html else message
}
if publishes_synthesis_id:
published_synthesis = Synthesis.get_instance(publishes_synthesis_id)
post_constructor_args['publishes_synthesis'] = published_synthesis
new_post = SynthesisPost(**post_constructor_args)
else:
new_post = AssemblPost(**post_constructor_args)
discussion.db.add(new_post)
discussion.db.flush()
if in_reply_to_post:
new_post.set_parent(in_reply_to_post)
if in_reply_to_idea:
idea_post_link = IdeaRelatedPostLink(
creator_id=user_id,
content=new_post,
idea=in_reply_to_idea
)
discussion.db.add(idea_post_link)
idea = in_reply_to_idea
while idea:
idea.send_to_changes()
parents = idea.get_parents()
idea = next(iter(parents)) if parents else None
else:
discussion.root_idea.send_to_changes()
for source in discussion.sources:
if 'send_post' in dir(source):
source.send_post(new_post)
permissions = get_permissions(user_id, discussion_id)
return new_post.generic_json('default', user_id, permissions)
def create_post(request):
"""
Create a new post in this discussion.
We use post, not put, because we don't know the id of the post
"""
localizer = request.localizer
request_body = json.loads(request.body)
user_id = authenticated_userid(request)
if not user_id:
raise HTTPUnauthorized()
user = Post.default_db.query(User).filter_by(id=user_id).one()
body = request_body.get('body', None)
html = request_body.get('html',
None) # BG: Is this used now? I cannot see it.
reply_id = request_body.get('reply_id', None)
idea_id = request_body.get('idea_id', None)
subject = request_body.get('subject', None)
publishes_synthesis_id = request_body.get('publishes_synthesis_id', None)
message_classifier = request_body.get('message_classifier', None)
if not body and not publishes_synthesis_id:
# Should we allow empty messages otherwise?
raise HTTPBadRequest(localizer.translate(_("Your message is empty")))
if reply_id:
in_reply_to_post = Post.get_instance(reply_id)
else:
in_reply_to_post = None
if idea_id:
in_reply_to_idea = Idea.get_instance(idea_id)
else:
in_reply_to_idea = None
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound(
localizer.translate(_("No discussion found with id=%s")) %
(discussion_id, ))
ctx = DummyContext({Discussion: discussion})
if html:
log.warning("Still using html")
# how to guess locale in this case?
body = LangString.create(html)
elif body:
body = LangString.create_from_json(body, context=ctx, user_id=user_id)
else:
body = LangString.EMPTY(discussion.db)
if subject:
subject = LangString.create_from_json(subject,
context=ctx,
user_id=user_id)
else:
# print(in_reply_to_post.subject, discussion.topic)
if in_reply_to_post:
subject = (in_reply_to_post.get_title().first_original().value
or '' if in_reply_to_post.get_title() else '')
elif in_reply_to_idea:
# TODO: THis should use a cascade like the frontend
subject = (in_reply_to_idea.short_title
if in_reply_to_idea.short_title else '')
else:
subject = discussion.topic if discussion.topic else ''
# print subject
if subject is not None and len(subject):
new_subject = "Re: " + restrip_pat.sub('', subject).strip()
if (in_reply_to_post and new_subject == subject
and in_reply_to_post.get_title()):
# reuse subject and translations
subject = in_reply_to_post.get_title().clone(discussion.db)
else:
# how to guess locale in this case?
subject = LangString.create(new_subject)
else:
capture_message(
"A message is about to be written to the database with an "
"empty subject. This is not supposed to happen.")
subject = LangString.EMPTY(discussion.db)
post_constructor_args = {
'discussion': discussion,
'creator_id': user_id,
'message_classifier': message_classifier,
'subject': subject,
'body': body
}
if publishes_synthesis_id:
published_synthesis = Synthesis.get_instance(publishes_synthesis_id)
post_constructor_args['publishes_synthesis'] = published_synthesis
new_post = SynthesisPost(**post_constructor_args)
new_post.finalize_publish()
else:
new_post = AssemblPost(**post_constructor_args)
discussion.db.add(new_post)
discussion.db.flush()
if in_reply_to_post:
new_post.set_parent(in_reply_to_post)
if in_reply_to_idea:
idea_post_link = IdeaRelatedPostLink(creator_id=user_id,
content=new_post,
idea=in_reply_to_idea)
discussion.db.add(idea_post_link)
idea = in_reply_to_idea
while idea:
idea.send_to_changes()
parents = idea.get_parents()
idea = next(iter(parents)) if parents else None
else:
discussion.root_idea.send_to_changes()
for source in discussion.sources:
if 'send_post' in dir(source):
source.send_post(new_post)
permissions = get_permissions(user_id, discussion_id)
return new_post.generic_json('default', user_id, permissions)
