def signout_confirm(self, id=None):
""" Confirm user wants to sign out
"""
if id is not None:
redirect_to(action='signout_confirm', id=None)
return render('/person/signout.mako')
def do_email_students(self):
log.debug(str(request.params))
user = h.get_user(request.environ)
student_ids_str = request.params['student_ids']
student_ids = ah.fileset_id_string_to_id_list(student_ids_str)
students = Student.query.filter(Student.id.in_(student_ids)).all()
students = filter(lambda student: request.params.has_key(str(student.id)), students)
for student in students:
check_student_access(student)
subject = request.params['subject']
body = request.params['body']
from_addr = (user.givenName+" "+user.surName,user.name + '@illinois.edu')
reply_to = user.name + '@illinois.edu'
to_addrs = map(lambda student: (student.displayName, student.netid + "@illinois.edu"), students)
from turbomail import Message
message = Message()
message.subject = subject
message.plain = body
message.author = from_addr
message.reply_to = reply_to
message.to = to_addrs
message.cc = from_addr
message.send()
if request.params.has_key('assignment_id'):
return redirect_to(controller='view_analysis', action='view', id=request.params['assignment_id'])
else:
return redirect_to(controller='view_analysis', action='list')
def pending(self, id):
volunteer = Volunteer.find_by_id(id)
volunteer.accepted = None
volunteer.ticket_type = None
meta.Session.commit()
h.flash("Status Updated")
redirect_to(action="index", id=None)
def _new(self):
# Do we allow account creation?
if lca_info['account_creation']:
"""Create a new person submit.
"""
# Remove fields not in class
results = self.form_result['person']
del results['password_confirm']
del results['email_address2']
c.person = Person(**results)
c.person.email_address = c.person.email_address.lower()
meta.Session.add(c.person)
#for sn in self.form_result['social_network']:
# network = SocialNetwork.find_by_name(sn['name'])
# if sn['account_name']:
# c.person.social_networks[network] = sn['account_name']
meta.Session.commit()
if lca_rego['confirm_email_address'] == 'no':
redirect_to(controller='person', action='confirm', confirm_hash=c.person.url_hash)
else:
email(c.person.email_address, render('/person/new_person_email.mako'))
return render('/person/thankyou.mako')
else:
return render('/not_allowed.mako')
def _edit(self, id):
results = self.form_result["volunteer"]
c.volunteer = Volunteer.find_by_id(id)
for key in self.form_result["volunteer"]:
setattr(c.volunteer, key, self.form_result["volunteer"][key])
meta.Session.commit()
redirect_to(action="view", id=c.volunteer.id)
def create(self):
propertyId = request.POST['propertyId']
input = request.POST['units']
input = input.strip(' ')
if input.startswith(('x ', 'X ')):
errorslist = self.deleteValidate()
if errorslist:
unitJSON = {
'errors': errorslist
}
return json.dumps(unitJSON)
input = input.strip(' ')
input = input.lstrip('x')
input = input.lstrip('X')
input = input.replace(' ', '')
model.Unit.delete_units(input, propertyId)
else:
errorslist = self.addValidate()
if errorslist:
unitJSON = {
'errors': errorslist
}
return json.dumps(unitJSON)
input = input.replace(' ', '')
model.Unit.add_units(input, propertyId)
redirect_to(protocol=settings.PROTOCOL, controller='property', action='json', id=propertyId)
def index(self):
# Check access and redirect
if not h.auth.authorized(h.auth.has_organiser_role):
redirect_to(action="new")
c.volunteer_collection = Volunteer.find_all()
return render("volunteer/list.mako")
def submit(self):
"""
Verify username and password
"""
# Both fields filled?
form_username = str(request.params.get('username'))
form_password = str(request.params.get('password'))
# Get user data from database
db_user = meta.Session.query(User).filter(User.username==form_username).first()
if db_user is None: # User does not exist
return render('login.mako')
# AUTHENTIC USER HERE
#if db_user.passwd != md5.md5(form_password).hexdigest():
# return render('login.mako')
# Mark user as logged in
session['user'] = form_username
session.save()
# Send user back to the page he originally wanted to get to
if session.get('path_before_login'):
redirect_to(session['path_before_login'])
else: # if previous target is unknown just send the user to a welcome page
return redirect_to(controller='application', action='index')
def save(self):
up = UserProperty(session['identifier'],
self.form_result['nickname'],
int(self.form_result['time_diff']))
self.ups.save(up)
redirect_to('now')
def _delete(self, id):
c.rego_note = RegoNote.find_by_id(id)
meta.Session.delete(c.rego_note)
meta.Session.commit()
h.flash("Rego note has been deleted.")
redirect_to("index")
def changepassword (self, id=None):
user = h.checkuser(id)
h.requirerights(user_is=id)
user.password = md5(self.form_result['newpass'].encode('utf-8')).hexdigest()
meta.Session.commit()
h.flashmsg (u"Пароль был изменён")
redirect_to(h.url_for(controller='usercontrol', action='list', id=None))
def take(self, id=None):
order = h.checkorder(id)
# Теперь - проверка прав доступа (ответственный подразделения, могущего выполнять заявки)
if not (h.have_role("appointer") and order.status_id == 1):
abort(403)
elif h.have_role("guest"):
abort(401)
act = model.Action()
act.order_id = order.id
act.status = meta.Session.query(model.Status).get(2)
act.div_id = session["division"]
# Заполним исполнителей заявки
for pid in self.form_result["performers"]:
perf = meta.Session.query(model.Person).get(pid)
act.performers.append(perf)
order.order_performers.append(model.OrderPerformer(person=perf, current=True))
order.status = meta.Session.query(model.Status).get(2)
order.perf_id = session["division"]
meta.Session.add(act)
# Готово!
meta.Session.commit()
h.flashmsg(
u"Вы взяли заявку № "
+ h.strong(order.id)
+ u" для выполнения себе. Исполнители: %s" % (u", ".join([h.name(x) for x in act.performers]))
)
redirect_to(h.url_for(controller="order", action="view", id=order.id))
def revoke(self, id=None):
"""Отзыв заявки её создателем (например, решили проблему сами или «ложная тревога»)."""
order = h.checkorder(id)
# Заявка должна быть свободна!
if order.status.id != 1:
abort(403)
# Проверка прав доступа (админ либо ответственный подразделения, создавшего заявку)
if not (
h.have_role("admin")
or (
session.has_key("division")
and session.has_key("creator")
and session["creator"]
and order.cust_id == session["division"]
)
):
abort(401)
# Заявка готова, но никто её не сделал
order.status = meta.Session.query(model.Status).get(15)
order.performers = []
order.performer = None
# Добавление записи в журнал действий над заявкой
act = model.Action()
act.order_id = order.id
act.status = meta.Session.query(model.Status).get(15)
act.division = meta.Session.query(model.Division).get(session["division"])
act.performers.append(meta.Session.query(model.Person).get(session["id"]))
if session.has_key("operator_id") and session["id"] != session["operator_id"]:
act.performers.append(meta.Session.query(model.Person).get(session["operator_id"]))
meta.Session.add(act)
# Готово
meta.Session.commit()
h.flashmsg(u"Заявка № " + h.strong(order.id) + u" отозвана.")
redirect_to(h.url_for(controller="order", action="view", id=order.id))
def _delete(self, id):
c.special_offer = SpecialOffer.find_by_id(id)
meta.Session.delete(c.special_offer)
meta.Session.commit()
h.flash("Special Offer has been deleted.")
redirect_to('index')
def add(self):
if request.POST:
c.name = request.POST.get('name')
c.description = request.POST.get('description')
c.identifier = request.POST.get('identifier')
c.homepage = request.POST.get('homepage')
c.is_public = request.POST.get('is_public') or False
if not c.name:
c.error = 'You must enter a name'
return render('/projects/add.mao')
if not c.identifier:
c.error = 'You must enter an identifier'
return render('/projects/add.mao')
project = Project()
project.name = c.name
project.description = c.description
project.homepage = c.homepage
project.is_public = c.is_public
project.identifier = c.identifier
db.add(project)
db.commit()
redirect_to(action='show', id=c.identifier)
return render('/projects/add.mao')
def update(self):
errorslist = self.validate()
if errorslist:
conJSON = {'errors': errorslist}
return json.dumps(conJSON)
contact_id = request.POST['contactId']
type = request.POST['type']
if int(request.POST['newtype']):
type_id = str(uuid.uuid1())
model.Contact_type.create(id=type_id, label=type)
else:
type_id = type
model.Contact.update(
id=contact_id,
typeid=type_id,
label=request.POST['label'],
address=request.POST['address'],
city=request.POST['city'],
state=request.POST['state'],
zip=request.POST['zip'],
phone=request.POST['phone'],
email=request.POST['email'],
description=request.POST['description']
)
redirect_to(controller='contacts', action='json', type='all')
def _delete(self, id):
c.event = Event.find_by_id(id)
meta.Session.delete(c.event)
meta.Session.commit()
h.flash("Event has been deleted.")
redirect_to('index')
def _delete(self, id):
c.time_slot = TimeSlot.find_by_id(id)
meta.Session.delete(c.time_slot)
meta.Session.commit()
h.flash("Time Slot has been deleted.")
redirect_to('index')
def _delete(self, id):
c.rego_room = RegoRoom.find_by_id(id)
meta.Session.delete(c.rego_room)
meta.Session.commit()
h.flash("Rego room has been deleted.")
redirect_to('index')
def makecomplaint (self):
order = meta.Session.query(model.Order).filter_by(id=self.form_result['id']).first()
if order is None:
abort(404)
if order.deleted:
abort(410)
# Теперь - проверка прав доступа (ответственный подразделения, подавшего эту заявку)
if not (session.has_key('division') and session['division']):
abort(401)
if not (h.have_role('creator') and order.cust_id == session['division']):
abort(403)
complaint = model.Action()
complaint.order_id = order.id
complaint.status = meta.Session.query(model.Status).get(6)
complaint.div_id = session['division']
perf = meta.Session.query(model.Person).get(session['id'])
complaint.performers.append(perf)
# Если претензию подаёт оператор, то и его добавим
if session.has_key("operator_id") and session["id"] != session["operator_id"]:
complaint.performers.append(meta.Session.query(model.Person).get(session["operator_id"]))
complaint.description = self.form_result['description']
meta.Session.add (complaint)
order.status = meta.Session.query(model.Status).get(6)
# Обновляем создателей заявки
if perf not in order.customers:
order.customers.append(perf)
meta.Session.commit()
h.flashmsg (u"Жалоба подана. Всех лишат зарплаты. Дело заявки № " + h.strong(order.id) + u" будет сделано.")
redirect_to(h.url_for(controller='order', action='view', id=order.id))
def makethank (self):
order = meta.Session.query(model.Order).filter_by(id=self.form_result['id']).first()
if order is None:
abort(404)
if order.deleted:
abort(410)
# Теперь - проверка прав доступа (ответственный подразделения, подавшего эту заявку)
if not (session.has_key('division') and session['division']):
abort(401)
if not (h.have_role('creator') and order.cust_id == session['division']):
abort(403)
thank = model.Action()
thank.order_id = order.id
thank.status = meta.Session.query(model.Status).get(14)
thank.div_id = session['division']
perf = meta.Session.query(model.Person).get(session['id'])
thank.performers.append(perf)
# Если претензию подаёт оператор, то и его добавим
if session.has_key("operator_id") and session["id"] != session["operator_id"]:
thank.performers.append(meta.Session.query(model.Person).get(session["operator_id"]))
thank.description = self.form_result['description']
meta.Session.add (thank)
meta.Session.commit()
h.flashmsg (u"Спасибо за " + h.literal("«") + u"спасибо" + h.literal("»") + "!")
redirect_to(h.url_for(controller='order', action='view', id=order.id))
def _review(self, id):
"""Review a funding application.
"""
c.funding = Funding.find_by_id(id)
c.signed_in_person = h.signed_in_person()
c.next_review_id = Funding.find_next_proposal(c.funding.id, c.funding.type.id, c.signed_in_person.id)
person = c.signed_in_person
if person in [ review.reviewer for review in c.funding.reviews]:
h.flash('Already reviewed')
return redirect_to(action='review', id=c.next_review_id)
results = self.form_result['review']
if results['score'] == 'null':
results['score'] = None
review = FundingReview(**results)
meta.Session.add(review)
c.funding.reviews.append(review)
review.reviewer = person
meta.Session.commit()
if c.next_review_id:
return redirect_to(action='review', id=c.next_review_id)
h.flash("No more funding applications to review")
return redirect_to(action='review_index')
def _review(self, id):
"""Review a proposal.
"""
c.proposal = Proposal.find_by_id(id)
c.signed_in_person = h.signed_in_person()
c.next_review_id = Proposal.find_next_proposal(c.proposal.id, c.proposal.type.id, c.signed_in_person.id)
# TODO: currently not enough (see TODOs in model/proposal.py)
#if not h.auth.authorized(h.auth.has_organiser_role):
# # You can't review your own proposal
# for person in c.proposal.people:
# if person.id == c.signed_in_person.id:
# h.auth.no_role()
person = c.signed_in_person
if person in [ review.reviewer for review in c.proposal.reviews]:
h.flash('Already reviewed')
return redirect_to(action='review', id=c.next_review_id)
results = self.form_result['review']
review = Review(**results)
meta.Session.add(review)
c.proposal.reviews.append(review)
review.reviewer = person
meta.Session.commit()
if c.next_review_id:
return redirect_to(action='review', id=c.next_review_id)
h.flash("No more papers to review")
return redirect_to(action='review_index')
def _delete(self, id):
c.location = Location.find_by_id(id)
meta.Session.delete(c.location)
meta.Session.commit()
h.flash("Location has been deleted.")
redirect_to('index')
def save(self, id=None):
"""Save a record and redirect to new or edit."""
rock_q = model.meta.Session.query(model.Rock)
rock = rock_q.filter_by(id=id).first()
if not rock:
# if the record did not exist yet
rock = model.Rock()
rock.geo_zone = request.POST.get("geo_zone", "")
rock.geo_group = request.POST.get("geo_group", "")
rock.rock_number = request.POST.get("rock_number", "")
rock.rock_name = request.POST.get("rock_name", "")
rock.x = request.POST.get("x", "")
rock.y = request.POST.get("y", "")
rock.z = request.POST.get("z", "")
rock.length = request.POST.get("length", "")
rock.width = request.POST.get("width", "")
rock.geo_context_torrent = request.POST.get("geo_context_torrent", "")
rock.geo_context_lake = request.POST.get("geo_context_lake", "")
rock.geo_context_bog = request.POST.get("geo_context_bog", "")
rock.geo_context_pass = request.POST.get("geo_context_pass", "")
rock.geo_context_summit = request.POST.get("geo_context_summit", "")
rock.rock_type = request.POST.get("rock_type", "")
rock.outcrop_type = request.POST.get("outcrop_type", "")
rock.provision = request.POST.get("provision", "")
rock.description = request.POST.get("description", "")
model.meta.Session.save_or_update(rock)
model.meta.Session.commit()
# Issue a redirect based on the submit button
if "new_button" in request.POST.keys():
return redirect_to(action="new")
elif "edit_button" in request.POST.keys():
return redirect_to(url_for(action="edit", id=rock.id))
elif "delete_button" in request.POST.keys():
return redirect_to(url_for(action="delete", id=rock.id))
def save(self):
"""Save user's data to the userId given.
"""
propertyFilter = request.POST['propertyId'] != 'false' and request.POST['propertyId'] or None
userId = request.POST['userId']
fname = request.POST['fname'].strip()
lname = request.POST['lname'].strip()
email = request.POST['email'].strip()
phone = request.POST['phone'].strip()
admin = request.POST['admin']
errorslist = self.validate(action='update')
if errorslist:
userJSON = {
'errors': errorslist
}
return json.dumps(userJSON)
user = meta.Session.query(model.Manager).filter_by(id=userId).first()
user.first_name = fname
user.last_name = lname
user.email = email
user.phone = phone
user.type = int(admin) and 'admin' or 'manager'
meta.Session.commit()
session.save()
redirect_to(controller='user', action='json', id=propertyFilter)
def save(self):
up = UserProperty(request.environ['REMOTE_USER'],
self.form_result['nickname'],
int(self.form_result['time_diff']))
self.ups.put_item(up)
redirect_to('now')
def _delete(self, id):
c.schedule = Schedule.find_by_id(id)
meta.Session.delete(c.schedule)
meta.Session.commit()
h.flash("Schedule has been deleted.")
redirect_to('index')
def _delete(self, id):
c.stream = Stream.find_by_id(id)
meta.Session.delete(c.stream)
meta.Session.commit()
h.flash("Stream has been deleted.")
redirect_to('index')
def _delete_me(self, deck_id=None):
if users.is_current_user_admin():
deck = Deck.get_all_by_id_base30(deck_id)
db.delete(deck)
redirect_to(h.url_for("/"))
else:
abort(401)
def set_subreddit():
#the r parameter gets added by javascript for POST requests so we
#can reference c.site in api.py
sr_name = request.environ.get("subreddit", request.POST.get('r'))
domain = request.environ.get("domain")
can_stale = request.method.upper() in ('GET', 'HEAD')
c.site = Frontpage
if not sr_name:
#check for cnames
cname = request.environ.get('legacy-cname')
if cname:
sr = Subreddit._by_domain(cname) or Frontpage
domain = g.domain
if g.domain_prefix:
domain = ".".join((g.domain_prefix, domain))
redirect_to('http://%s%s' % (domain, sr.path), _code=301)
elif sr_name == 'r':
#reddits
c.site = Sub
elif '+' in sr_name:
sr_names = sr_name.split('+')
srs = Subreddit._by_name(sr_names, stale=can_stale).values()
if All in srs:
c.site = All
elif Friends in srs:
c.site = Friends
else:
srs = [sr for sr in srs if not isinstance(sr, FakeSubreddit)]
if not srs:
c.site = MultiReddit([], sr_name)
elif len(srs) == 1:
c.site = srs[0]
else:
c.site = MultiReddit(srs, sr_name)
elif '-' in sr_name:
sr_names = sr_name.split('-')
if not sr_names[0].lower() == All.name.lower():
redirect_to("/subreddits/search?q=%s" % sr_name)
srs = Subreddit._by_name(sr_names[1:], stale=can_stale).values()
srs = [sr for sr in srs if not isinstance(sr, FakeSubreddit)]
if not srs:
c.site = All
else:
c.site = AllMinus(srs)
else:
try:
c.site = Subreddit._by_name(sr_name, stale=can_stale)
except NotFound:
sr_name = chksrname(sr_name)
if sr_name:
redirect_to("/subreddits/search?q=%s" % sr_name)
elif not c.error_page and not request.path.startswith(
"/api/login/"):
abort(404)
#if we didn't find a subreddit, check for a domain listing
if not sr_name and isinstance(c.site, DefaultSR) and domain:
c.site = DomainSR(domain)
if isinstance(c.site, FakeSubreddit):
c.default_sr = True
def GET_wiki_redirect(self, page='index'):
return redirect_to(str("%s/%s" % (c.wiki_base_url, page)), _code=301)
def GET_redirect(self, dest):
return redirect_to(str(dest))
def _check_perms(self, checks=PERM_CHECK_WS | PERM_CHECK_USER):
log.debug("_check_perms() called.")
if checks & PERM_CHECK_WS:
# Get workspace flags from KCD.
kcd_workspace = KcdKwsList.get_by(kws_id=c.workspace.id)
kcd_ws_flags = kcd_workspace.flags
# Detect if workspace is deleted.
if kcd_ws_flags & KANP_KWS_FLAG_DELETE:
log.debug(
"_check_perms(): workspace deleted... unlogging and redirecting."
)
init_session(c.workspace, reinit=True)
redirect_to(
url('message_show',
workspace_id=c.workspace.id,
warning_code='workspace_deleted'))
# Detect if workspace was changed from non-secure to secure.
if kcd_ws_flags & KANP_KWS_FLAG_SECURE and not session['secure']:
log.debug(
"Reinitializing session because workspace changed from non-secure to secure."
)
if not c.workspace.public:
email_id = None
if 'email_id' in session and session['email_id']:
email_id = session['email_id']
if email_id:
init_session(c.workspace, reinit=True)
return redirect_to(
url('invitation_url',
workspace_id=c.workspace.id,
email_id=email_id,
warning_code='nstos'))
init_session(c.workspace, reinit=True)
return redirect_to(url('teambox', workspace_id=c.workspace.id))
if checks & PERM_CHECK_USER:
if 'user' in session and session['user']:
# Get user flags from KCD.
kcd_user = KcdUser.get_by(kws_id=c.workspace.id,
user_id=session['user']['id'])
kcd_user_flags = kcd_user.flags
# Detect if user is out.
user_locked = bool(kcd_user_flags & KANP_USER_FLAG_LOCK)
user_banned = bool(kcd_user_flags & KANP_USER_FLAG_BAN)
user_generic_out = False
if session['mode'] == MODE_WS and not c.is_admin:
# User is logged as a regular user (workspace mode).
if not Invitation.get_by(email_id=session['email_id']):
# Invitation email no longer exist.
user_generic_out = True
# Destroy session if needed.
if user_locked or user_banned or user_generic_out:
init_session(c.workspace, reinit=True)
# Set URL for redirecting.
u = None
if user_locked:
u = url('message_show',
workspace_id=c.workspace.id,
warning_code='user_locked')
log.debug(
"_check_perms(): user locked... redirecting to '%s'." %
(str(u)))
elif user_banned:
u = url('message_show',
workspace_id=c.workspace.id,
warning_code='user_banned')
log.debug(
"_check_perms(): user banned... redirecting to '%s'." %
(str(u)))
elif user_generic_out:
u = url('message_show',
workspace_id=c.workspace.id,
warning_code='user_generic_out')
log.debug(
"_check_perms(): user out, we don't know why... redirecting to '%s'."
% (str(u)))
if u: redirect_to(u)
def pre(self):
record_timings = g.admin_cookie in request.cookies or g.debug
admin_bar_eligible = response.content_type == 'text/html'
if admin_bar_eligible and record_timings:
g.stats.start_logging_timings()
# set up stuff needed in base templates at error time here.
c.js_preload = JSPreload()
MinimalController.pre(self)
set_cnameframe()
# populate c.cookies unless we're on the unsafe media_domain
if request.host != g.media_domain or g.media_domain == g.domain:
cookie_counts = collections.Counter()
try:
for k, v in request.cookies.iteritems():
# minimalcontroller can still set cookies
if k not in c.cookies:
# we can unquote even if it's not quoted
c.cookies[k] = Cookie(value=unquote(v), dirty=False)
cookie_counts[Cookie.classify(k)] += 1
except CookieError:
#pylons or one of the associated retarded libraries
#can't handle broken cookies
request.environ['HTTP_COOKIE'] = ''
for cookietype, count in cookie_counts.iteritems():
g.stats.simple_event("cookie.%s" % cookietype, count)
delete_obsolete_cookies()
# the user could have been logged in via one of the feeds
maybe_admin = False
is_otpcookie_valid = False
# no logins for RSS feed unless valid_feed has already been called
if not c.user:
if c.extension != "rss":
authenticate_user()
admin_cookie = c.cookies.get(g.admin_cookie)
if c.user_is_loggedin and admin_cookie:
maybe_admin, first_login = valid_admin_cookie(
admin_cookie.value)
if maybe_admin:
self.enable_admin_mode(c.user, first_login=first_login)
else:
self.disable_admin_mode(c.user)
otp_cookie = read_user_cookie(g.otp_cookie)
if c.user_is_loggedin and otp_cookie:
is_otpcookie_valid = valid_otp_cookie(otp_cookie)
if not c.user:
c.user = UnloggedUser(get_browser_langs())
# patch for fixing mangled language preferences
if (not isinstance(c.user.pref_lang, basestring) or not all(
isinstance(x, basestring)
for x in c.user.pref_content_langs)):
c.user.pref_lang = g.lang
c.user.pref_content_langs = [g.lang]
c.user._commit()
if c.user_is_loggedin:
if not c.user._loaded:
c.user._load()
c.modhash = c.user.modhash()
if hasattr(c.user, 'msgtime') and c.user.msgtime:
c.have_messages = c.user.msgtime
c.show_mod_mail = Subreddit.reverse_moderator_ids(c.user)
c.have_mod_messages = getattr(c.user, "modmsgtime", False)
c.user_is_admin = maybe_admin and c.user.name in g.admins
c.user_special_distinguish = c.user.special_distinguish()
c.user_is_sponsor = c.user_is_admin or c.user.name in g.sponsors
c.otp_cached = is_otpcookie_valid
if not isinstance(c.site,
FakeSubreddit) and not g.disallow_db_writes:
c.user.update_sr_activity(c.site)
c.over18 = over18()
set_obey_over18()
#set_browser_langs()
set_host_lang()
set_iface_lang()
set_content_lang()
set_recent_clicks()
# used for HTML-lite templates
set_colors()
# set some environmental variables in case we hit an abort
if not isinstance(c.site, FakeSubreddit):
request.environ['REDDIT_NAME'] = c.site.name
# random reddit trickery -- have to do this after the content lang is set
if c.site == Random:
c.site = Subreddit.random_reddit(user=c.user)
redirect_to("/" + c.site.path.strip('/') + request.path)
elif c.site == RandomSubscription:
if c.user.gold:
c.site = Subreddit.random_subscription(c.user)
redirect_to('/' + c.site.path.strip('/') + request.path)
else:
redirect_to('/gold/about')
elif c.site == RandomNSFW:
c.site = Subreddit.random_reddit(over18=True, user=c.user)
redirect_to("/" + c.site.path.strip('/') + request.path)
if not request.path.startswith("/api/login/"):
# is the subreddit banned?
if c.site.spammy() and not c.user_is_admin and not c.error_page:
ban_info = getattr(c.site, "ban_info", {})
if "message" in ban_info:
message = ban_info['message']
else:
sitelink = url_escape(add_sr("/"))
subject = ("/r/%s has been incorrectly banned" %
c.site.name)
link = ("/r/redditrequest/submit?url=%s&title=%s" %
(sitelink, subject))
message = strings.banned_subreddit_message % dict(
link=link)
errpage = pages.RedditError(strings.banned_subreddit_title,
message,
image="subreddit-banned.png")
request.environ['usable_error_content'] = errpage.render()
self.abort404()
# check if the user has access to this subreddit
if not c.site.can_view(c.user) and not c.error_page:
public_description = c.site.public_description
errpage = pages.RedditError(strings.private_subreddit_title,
strings.private_subreddit_message,
image="subreddit-private.png",
sr_description=public_description)
request.environ['usable_error_content'] = errpage.render()
self.abort403()
#check over 18
if (c.site.over_18 and not c.over18
and request.path not in ("/frame", "/over18")
and c.render_style == 'html'):
return self.intermediate_redirect("/over18")
#check whether to allow custom styles
c.allow_styles = True
c.can_apply_styles = self.allow_stylesheets
if g.css_killswitch:
c.can_apply_styles = False
#if the preference is set and we're not at a cname
elif not c.user.pref_show_stylesheets and not c.cname:
c.can_apply_styles = False
#if the site has a cname, but we're not using it
elif c.site.domain and c.site.css_on_cname and not c.cname:
c.can_apply_styles = False
c.show_admin_bar = admin_bar_eligible and (c.user_is_admin or g.debug)
if not c.show_admin_bar:
g.stats.end_logging_timings()
hooks.get_hook("reddit.request.begin").call()
c.request_timer.intermediate("base-pre")
def demo_up(self):
event = meta.Session.query(model.Event).filter(
model.Event.id == 1
).one()
user = meta.Session.query(model.User).filter(
model.User.nickname == 'demo'
).one()
for node in event.persons: meta.Session.delete(node)
for node in event.reports: meta.Session.delete(node)
for node in event.albums: meta.Session.delete(node)
meta.Session.commit()
dir = config['demo_dir']
info_file = os.path.join(dir, 'info.yml')
info = codecs.open(info_file, 'r', 'utf-8')
info = yaml.load(info)
event.title = info['title']
if 'summary' in info:
event.summary = info['summary']
if 'start' in info:
event.start = info['start']
if 'finish' in info:
event.finish = info['finish']
event.node_user = user
event.created = datetime.now()
if 'albums' in info:
for album in info['albums']:
node = model.Album()
node.settings = picasa.photos(album['user'], album['albumid'], 15)
node.node_user = user
node.event = event
meta.Session.add(node)
persons_dir = os.path.join(dir, u'persons')
for file in os.listdir(persons_dir):
path = os.path.join(persons_dir, file)
if os.path.isfile(path):
node = model.Person()
node.fullname = file.split('.')[0]
node.avatar = avatar_prepare(open(path, 'r'))
node.node_user = user
node.event = event
meta.Session.add(node)
reports_dir = os.path.join(dir, u'reports')
for file in os.listdir(reports_dir):
path = os.path.join(reports_dir, file)
if os.path.isfile(path):
text = codecs.open(path, 'r', 'utf-8').read()
node = model.Report()
node.title = file.split('.')[0]
node.content = text
node.node_user = user
node.event = event
meta.Session.add(node)
meta.Session.commit()
flash(u'Демонстрация обновлена')
return redirect_to('demo')
def __before__(self, action, controller, workspace_id=None, email_id=None):
log.debug("Request to %s.%s, workspace_id=%s, email_id=%s, session_id=%s." % \
( controller, action, str(workspace_id), str(email_id), str(session.id) ) )
# Detect changes in configuration.
def config_has_changed():
model.new_engine()
kcd_model.new_engine()
detect_cached_config_change(config_has_changed,
config['master_file_path'])
# Get cached master configuration.
c.mc = get_cached_master_config()
# Initialize models in local thread.
model.init_local()
kcd_model.init_local()
# Initialize context variables.
c.perms = KWMOPermissions()
c.logout_url = None
c.glob_messages = []
# Prevent page caching.
response.headers['Cache-Control'] = 'no-cache, must-revalidate'
response.headers['Max-Age'] = '0'
response.headers['Expires'] = 'Sat, 26 Jul 1997 05:00:00 GMT'
# Detect global message passed in session (flash).
if 'uimessage' in session:
c.glob_messages.append(session['uimessage'])
del session['uimessage']
session.save()
# Detect global message passed in a GET variable.
for var_name, callable in self.glob_msg_var_name_to_callable_map.items(
):
code = request.GET.get(var_name, None)
if code:
callable(code=code)
break
if workspace_id:
# Get workspace.
ws = Workspace.get_by(id=workspace_id)
if not ws:
log.warn("Workspace %s does not exit." % (workspace_id))
abort(404) # Not reliable here!
# Initialize some context variables.
c.workspace = ws
c.is_admin = False
if 'admin' in session and session['admin'] == True:
c.is_admin = True
if 'user_id' in session and session['user_id']:
# User is logged.
c.logout_url = url('teambox_logout',
workspace_id=c.workspace.id)
if c.is_admin:
# User is admin.
c.logout_url = url('teambox_admin_logout',
workspace_id=c.workspace.id)
if 'initialized' in session:
# Session is initialized.
if not 'version' in session:
# Update session.
log.debug("Updating session.")
from kwmo.lib.updates import update_session_v1
update_session_v1(c, session)
# Save session.
session.save()
# Fill the permission object with the session permissions dictionary.
c.perms.from_dict(session['perms'])
else:
# Initialize session.
init_session(ws)
# Detect some workspace property changes.
self._check_workspace_prop(controller, action)
# Detect perm_check.
if ws.last_perm_check_id > session['last_perm_check_id']:
session['last_perm_check_id'] = ws.last_perm_check_id
session.save()
self._check_perms()
# Set welcome name to use in the header partial
if (('user_id' in session) and ('user' in session)
and session['user']):
if c.is_admin:
c.welcome_name = 'Administrator'
elif session['user']['admin_name']:
c.welcome_name = session['user']['admin_name']
elif session['user']['real_name']:
c.welcome_name = session['user']['real_name']
else:
c.welcome_name = session['user']['email']
# Check session expiration if set.
if 'expiration_time' in session and \
not (controller == 'admin_teambox' and action == 'login'):
if time.time() > session['expiration_time']:
log.debug("Admin session expired.")
init_session(c.workspace, reinit=True)
redirect_to(
url('message_show',
workspace_id=c.workspace.id,
warning_code='admin_sess_expired'))
# Authenticate
if action in self.requires_auth:
if 'user_id' not in session:
redirect_to(
url('invite_resend_show', workspace_id=workspace_id))
def logout(self):
c.message = u'Logout success'
return redirect_to('/')
def do_wordpress_login_logout(self, environ, new_headers):
'''Looks at cookies and auth_tkt and may tell auth_tkt to log-in or log-out
to a WordPress user.'''
is_ckan_cookie, wordpress_session_id = self._parse_cookies(environ)
# Is there a WordPress cookie? We may want to do a log-in for it.
if wordpress_session_id:
#log.error('Got this:' + wordpress_session_id)
# Look at any authtkt logged in user details
authtkt_identity = environ.get('repoze.who.identity')
if authtkt_identity:
authtkt_user_name = authtkt_identity[
'repoze.who.userid'] #same as environ.get('REMOTE_USER', '')
authtkt_wordpress_session_id = authtkt_identity['userdata']
else:
authtkt_user_name = ''
authtkt_wordpress_session_id = ''
if not authtkt_user_name:
# authtkt not logged in, so log-in with the WordPress cookie
self._do_wordpress_login(environ, wordpress_session_id,
new_headers)
return
#elif authtkt_user_name.startswith(self._user_name_prefix):
else:
# A WordPress user is logged in with authtkt.
# See if that the authtkt matches the wp cookie's session
if authtkt_wordpress_session_id != wordpress_session_id:
# WordPress cookie session has changed, so tell authkit to forget the old one
# before we do the new login.
log.error(
'WordPress cookie session has changed from %r to %r.',
authtkt_wordpress_session_id, wordpress_session_id)
self._log_out(environ, new_headers)
self._do_wordpress_login(environ, wordpress_session_id,
new_headers)
return
else:
log.debug('WordPress cookie session stayed the same.')
# WordPress cookie session matches the authtkt - leave user logged in
# Just check that authtkt cookie is not too old - in the
# mean-time, WordPress may have invalidated the user, for example.
if self.is_authtkt_cookie_too_old(authtkt_identity):
log.info('Rechecking WordPress cookie')
self._log_out(environ, new_headers)
self._do_wordpress_login(environ, wordpress_session_id,
new_headers)
return
#else:
# There's a WordPress cookie, but user is logged in as a normal CKAN user.
# Ignore the WordPress cookie.
#return
elif not wordpress_session_id and is_ckan_cookie:
# Deal with the case where user is logged out of WordPress
# i.e. user WAS were logged in with WordPress and the cookie was
# deleted (probably because WordPress logged out)
# Is the logged in user a WordPress user?
user_name = environ.get('REMOTE_USER', '')
if user_name and user_name.startswith(self._user_name_prefix):
log.error(
'Was logged in as WordPress user %r but WordPress cookie no longer there. Forcing logout.',
user_name)
else:
log.error(
'User %r was logged into CKAN but not WordPress. Forcing logout.',
user_name)
# Force log out.
self._log_out(environ, new_headers)
# Redirect to the same URL to ensure no more cookies get set up and our force log out comes in effect.
#redirect_to('http://' + config.get('wordpress_url', 'www.hri.fi') + environ['REQUEST_URI'])
redirect_to('http://' + config.get('wordpress_url', 'www.hri.fi') +
'/fi/wp-login.php?action=logout')
def set_subreddit():
#the r parameter gets added by javascript for POST requests so we
#can reference c.site in api.py
sr_name = request.environ.get("subreddit", request.POST.get('r'))
domain = request.environ.get("domain")
can_stale = request.method.upper() in ('GET', 'HEAD')
c.site = Frontpage
if not sr_name:
#check for cnames
cname = request.environ.get('legacy-cname')
if cname:
sr = Subreddit._by_domain(cname) or Frontpage
domain = g.domain
if g.domain_prefix:
domain = ".".join((g.domain_prefix, domain))
redirect_to('http://%s%s' % (domain, sr.path), _code=301)
elif sr_name == 'r':
#reddits
c.site = Sub
elif '+' in sr_name:
sr_names = sr_name.split('+')
srs = Subreddit._by_name(sr_names, stale=can_stale).values()
if All in srs:
c.site = All
elif Friends in srs:
c.site = Friends
else:
srs = [sr for sr in srs if not isinstance(sr, FakeSubreddit)]
multi_path = '/r/' + sr_name
if not srs:
c.site = MultiReddit(multi_path, [])
elif len(srs) == 1:
c.site = srs[0]
else:
c.site = MultiReddit(multi_path, srs)
elif '-' in sr_name:
sr_names = sr_name.split('-')
base_sr_name, exclude_sr_names = sr_names[0], sr_names[1:]
srs = Subreddit._by_name(sr_names, stale=can_stale)
base_sr = srs.pop(base_sr_name, None)
exclude_srs = [
sr for sr in srs.itervalues() if not isinstance(sr, FakeSubreddit)
]
if base_sr == All:
if exclude_srs:
c.site = AllMinus(exclude_srs)
else:
c.site = All
elif base_sr == Mod:
if exclude_srs:
c.site = ModMinus(exclude_srs)
else:
c.site = Mod
else:
redirect_to("/subreddits/search?q=%s" % sr_name)
else:
try:
c.site = Subreddit._by_name(sr_name, stale=can_stale)
except NotFound:
sr_name = chksrname(sr_name)
if sr_name:
redirect_to("/subreddits/search?q=%s" % sr_name)
elif not c.error_page and not request.path.startswith(
"/api/login/"):
abort(404)
#if we didn't find a subreddit, check for a domain listing
if not sr_name and isinstance(c.site, DefaultSR) and domain:
# Redirect IDN to their IDNA name if necessary
try:
idna = _force_unicode(domain).encode("idna")
if idna != domain:
redirect_to("/domain/%s%s" %
(idna, request.environ["PATH_INFO"]))
except UnicodeError:
domain = '' # Ensure valid_ascii_domain fails
if not c.error_page and not valid_ascii_domain.match(domain):
abort(404)
c.site = DomainSR(domain)
if isinstance(c.site, FakeSubreddit):
c.default_sr = True
def demo(self):
event = meta.Session.query(model.Event).filter(
model.Event.id == 1
).one()
redirect_to(event.url())
def index(self):
# Redirect to help index page
return redirect_to(action="wiki", id="HelpIndex")
def login(self):
c.message = u'Login success'
return redirect_to('/')
def GET_badge(self, meetup, topic):
if meetup.state not in BADGE_STATES:
return redirect_to("/meetup/%s" % str(meetup._id))
content = pages.QrCodeBadge(meetup, c.user, topic)
return pages.MeatspaceBadgePage(content=content).render()
def pre(self):
MinimalController.pre(self)
set_cnameframe()
# populate c.cookies unless we're on the unsafe media_domain
if request.host != g.media_domain or g.media_domain == g.domain:
try:
for k, v in request.cookies.iteritems():
# we can unquote even if it's not quoted
c.cookies[k] = Cookie(value=unquote(v), dirty=False)
except CookieError:
#pylons or one of the associated retarded libraries
#can't handle broken cookies
request.environ['HTTP_COOKIE'] = ''
c.response_wrappers = []
c.firsttime = firsttime()
(c.user, maybe_admin) = \
valid_cookie(c.cookies[g.login_cookie].value
if g.login_cookie in c.cookies
else '')
if c.user:
c.user_is_loggedin = True
else:
c.user = UnloggedUser(get_browser_langs())
# patch for fixing mangled language preferences
if (not isinstance(c.user.pref_lang, basestring) or not all(
isinstance(x, basestring)
for x in c.user.pref_content_langs)):
c.user.pref_lang = g.lang
c.user.pref_content_langs = [g.lang]
c.user._commit()
if c.user_is_loggedin:
if not c.user._loaded:
c.user._load()
c.modhash = c.user.modhash()
if request.method.lower() == 'get':
read_mod_cookie()
if hasattr(c.user, 'msgtime') and c.user.msgtime:
c.have_messages = c.user.msgtime
if hasattr(c.user, 'modmsgtime'):
c.show_mod_mail = True
if c.user.modmsgtime:
c.have_mod_messages = c.user.modmsgtime
else:
c.show_mod_mail = Subreddit.reverse_moderator_ids(c.user)
c.user_is_admin = maybe_admin and c.user.name in g.admins
c.user_is_sponsor = c.user_is_admin or c.user.name in g.sponsors
if not g.disallow_db_writes:
c.user.update_last_visit(c.start_time)
c.over18 = over18()
#set_browser_langs()
set_host_lang()
set_content_type()
set_iface_lang()
set_content_lang()
set_recent_reddits()
set_recent_clicks()
# used for HTML-lite templates
set_colors()
# set some environmental variables in case we hit an abort
if not isinstance(c.site, FakeSubreddit):
request.environ['REDDIT_NAME'] = c.site.name
# random reddit trickery -- have to do this after the content lang is set
if c.site == Random:
c.site = Subreddit.random_reddit()
redirect_to("/" + c.site.path.strip('/') + request.path)
elif c.site == RandomNSFW:
c.site = Subreddit.random_reddit(over18=True)
redirect_to("/" + c.site.path.strip('/') + request.path)
# check that the site is available:
if c.site._spam and not c.user_is_admin and not c.error_page:
abort(404, "not found")
# check if the user has access to this subreddit
if not c.site.can_view(c.user) and not c.error_page:
abort(403, "forbidden")
#check over 18
if (c.site.over_18 and not c.over18
and request.path not in ("/frame", "/over18")
and c.render_style == 'html'):
return self.intermediate_redirect("/over18")
#check whether to allow custom styles
c.allow_styles = self.allow_stylesheets
if g.css_killswitch:
c.allow_styles = False
#if the preference is set and we're not at a cname
elif not c.user.pref_show_stylesheets and not c.cname:
c.allow_styles = False
#if the site has a cname, but we're not using it
elif c.site.domain and c.site.css_on_cname and not c.cname:
c.allow_styles = False
def index(self):
return redirect_to(controller='proposal', action="index", id=None)
def GET_mobile_badge(self, meetup):
if meetup.state not in BADGE_STATES:
return redirect_to("/meetup/%s" % str(meetup._id))
content = pages.MobileQrCodeBadge(meetup, c.user)
return content.render()
def pre(self):
c.response_wrappers = []
MinimalController.pre(self)
set_cnameframe()
# populate c.cookies unless we're on the unsafe media_domain
if request.host != g.media_domain or g.media_domain == g.domain:
try:
for k, v in request.cookies.iteritems():
# minimalcontroller can still set cookies
if k not in c.cookies:
# we can unquote even if it's not quoted
c.cookies[k] = Cookie(value=unquote(v), dirty=False)
except CookieError:
#pylons or one of the associated retarded libraries
#can't handle broken cookies
request.environ['HTTP_COOKIE'] = ''
c.firsttime = firsttime()
# the user could have been logged in via one of the feeds
maybe_admin = False
# no logins for RSS feed unless valid_feed has already been called
if not c.user:
if c.extension != "rss":
session_cookie = c.cookies.get(g.login_cookie)
if session_cookie:
c.user = valid_cookie(session_cookie.value)
if c.user:
c.user_is_loggedin = True
admin_cookie = c.cookies.get(g.admin_cookie)
if c.user_is_loggedin and admin_cookie:
maybe_admin, first_login = valid_admin_cookie(
admin_cookie.value)
if maybe_admin:
self.enable_admin_mode(c.user, first_login=first_login)
else:
self.disable_admin_mode(c.user)
if not c.user:
c.user = UnloggedUser(get_browser_langs())
# patch for fixing mangled language preferences
if (not isinstance(c.user.pref_lang, basestring) or not all(
isinstance(x, basestring)
for x in c.user.pref_content_langs)):
c.user.pref_lang = g.lang
c.user.pref_content_langs = [g.lang]
c.user._commit()
if c.user_is_loggedin:
if not c.user._loaded:
c.user._load()
c.modhash = c.user.modhash()
if request.method.upper() == 'GET':
read_mod_cookie()
if hasattr(c.user, 'msgtime') and c.user.msgtime:
c.have_messages = c.user.msgtime
c.show_mod_mail = Subreddit.reverse_moderator_ids(c.user)
c.have_mod_messages = getattr(c.user, "modmsgtime", False)
c.user_is_admin = maybe_admin and c.user.name in g.admins
c.user_special_distinguish = c.user.special_distinguish()
c.user_is_sponsor = c.user_is_admin or c.user.name in g.sponsors
if request.path != '/validuser' and not g.disallow_db_writes:
c.user.update_last_visit(c.start_time)
c.over18 = over18()
#set_browser_langs()
set_host_lang()
set_iface_lang()
set_content_lang()
set_recent_clicks()
# used for HTML-lite templates
set_colors()
# set some environmental variables in case we hit an abort
if not isinstance(c.site, FakeSubreddit):
request.environ['REDDIT_NAME'] = c.site.name
# random reddit trickery -- have to do this after the content lang is set
if c.site == Random:
c.site = Subreddit.random_reddit()
redirect_to("/" + c.site.path.strip('/') + request.path)
elif c.site == RandomNSFW:
c.site = Subreddit.random_reddit(over18=True)
redirect_to("/" + c.site.path.strip('/') + request.path)
if not request.path.startswith("/api/login/"):
# is the subreddit banned?
if c.site.spammy() and not c.user_is_admin and not c.error_page:
ban_info = getattr(c.site, "ban_info", {})
if "message" in ban_info:
message = ban_info['message']
else:
sitelink = url_escape(add_sr("/"))
subject = ("/r/%s has been incorrectly banned" %
c.site.name)
link = ("/r/redditrequest/submit?url=%s&title=%s" %
(sitelink, subject))
message = strings.banned_subreddit_message % dict(
link=link)
errpage = pages.RedditError(strings.banned_subreddit_title,
message,
image="subreddit-banned.png")
request.environ['usable_error_content'] = errpage.render()
self.abort404()
# check if the user has access to this subreddit
if not c.site.can_view(c.user) and not c.error_page:
errpage = pages.RedditError(strings.private_subreddit_title,
strings.private_subreddit_message,
image="subreddit-private.png")
request.environ['usable_error_content'] = errpage.render()
self.abort403()
#check over 18
if (c.site.over_18 and not c.over18
and request.path not in ("/frame", "/over18")
and c.render_style == 'html'):
return self.intermediate_redirect("/over18")
#check whether to allow custom styles
c.allow_styles = self.allow_stylesheets
if g.css_killswitch:
c.allow_styles = False
#if the preference is set and we're not at a cname
elif not c.user.pref_show_stylesheets and not c.cname:
c.allow_styles = False
#if the site has a cname, but we're not using it
elif c.site.domain and c.site.css_on_cname and not c.cname:
c.allow_styles = False
def GET_configure_badge(self, meetup):
if meetup.state not in BADGE_STATES:
return redirect_to("/meetup/%s" % str(meetup._id))
content = pages.ConversationStarterSelector(meetup, c.user)
return pages.MeatspacePage(content=content).render()