Ejemplo n.º 1
0
def is_user_allowed_admin_action(user_id, target_id, request = None, target_class = 'user_post',):
    """
    @param user_id: the user id of the person initiating the request
    @param target_id: the id of the item the person is attempting to act upon
    @param request: optional request passed to query for session info etc
    @param target_class: optional class of item being targeted
    """
    allow = False
    from raggregate import queries

    if user_id is None:
        return None

    u = get_user_by_id(user_id)

    try:
        # instantly grant whatever action this is to the admin
        if u.is_user_admin():
            return True

        if target_class == 'user_post':
            target = queries.find_by_id(target_id)
            if type(target) == Comment or type(target) == Submission:
                allow = (str(target.submitter.id) == user_id)
        elif target_class == 'user_info':
            allow = (str(target_id) == str(user_id))
    except:
        # always return False in case of exception.
        pass

    return allow
Ejemplo n.º 2
0
 def load_parent(self):
     # raggregate.queries depends on the models defined in this file
     # so it shouldn't be imported until it's ready to be used in a function
     # as it's being imported here. Otherwise, we die with dependency problems.
     # it is probably not advisable to do things this way, but it is much nicer
     from raggregate import queries
     if self.parent_id == None:
         print("No parent id on comment {0}, this is a problem...".format(self.id))
         return None
     p = queries.find_by_id(self.parent_id)
     return p
Ejemplo n.º 3
0
 def test_find_by_id_user(self):
     # depends on functional test_create_user
     u = queries.create_user(username = '******', password='******')
     res = queries.find_by_id(u.id)
     self.assertEqual(res.id, u.id)
     self.assertEqual(res.name, u.name)
Ejemplo n.º 4
0
def epistle(request):
    message = ''
    dbsession = DBSession()
    s = request.session
    p = request.session['safe_post']

    if 'logged_in' not in s:
        s['message'] = 'Sorry, you must be logged in to use the messaging feature.'
        return {'success': False, 'code': 'ENOLOGIN'}

    if p and 'recipient' in p:
        if p['recipient'] == '' and p['recipient-name'] == '':
            s['message'] = "No recipient provided."
            return {'code': 'ENORECP', 'success': False}
        if p['recipient'] == '':
            # look up recipient-name
            try:
                recp = queries.get_user_by_name(p['recipient-name'])
            except sqlalchemy.orm.exc.NoResultFound:
                #@TODO: discuss facebook name sending implications
                s['message'] = "Could not find that user."
                return {'code': 'ENORECP', 'success': False}
        else:
            try:
                recp = queries.get_user_by_id(p['recipient'])
            except:
                s['message'] = "Could not find that user."
                return {'code': 'ENORECP', 'success': False}

        if p['subject'] == '':
            subject = None
        else:
            subject = p['subject']

        if 'parent_id' not in p or p['parent_id'] == '':
            parent_id = None
            parent_type = 'epistle'
        else:
            parent_id = p['parent_id']
            parent_obj = queries.find_by_id(parent_id)
            if isinstance(parent_obj, Comment):
                parent_type = 'comment'
                c = Comment(parent_obj.submission_id, s['users.id'], parent_obj.id, p['body'], in_reply_to = parent_obj.user_id)
                dbsession.add(c)
            else:
                parent_type = 'reply'

        if parent_type != 'comment':
            ep = Epistle(recp.id, s['users.id'], p['body'], parent=parent_id, parent_type=parent_type, subject=subject)
            dbsession.add(ep)
        message = 'Message sent.'

    box = request.matchdict['box']

    if box == 'in':
        comments = queries.get_unread_comments_by_user_id(s['users.id'])
    elif box == 'comments':
        comments = queries.get_read_comments_by_user_id(s['users.id'])
    else:
        comments = []

    if box != 'comments':
        ep = queries.get_epistle_roots(id=s['users.id'], target=box)
        epistle_children = {}

        for e in ep:
            e_id = str(e.id)
            epistle_children[e_id] = queries.get_epistle_children(e.id)

        flat_eps = []
        [flat_eps.append(e) for e in _unwrap_list(ep)]
        [flat_eps.append(e) for e in _unwrap_list(epistle_children.values())]

        for e in flat_eps:
            if str(e.recipient) == s['users.id']:
                queries.mark_epistle_read(e)
            e = _assign_epistle_parent(e)

        for c in comments:
            queries.mark_comment_read(c)
    else:
        ep = {}
        epistle_children = {}

    return {'epistles': {'roots': ep, 'children': epistle_children}, 'comments': comments, 'success': True, 'code': 0,}