def delete_banner_view(self):
if not check_csrf_token(self.request):
raise HTTPBadRequest
bid = int(self.request.matchdict['id'])
if bid is None:
raise HTTPNotFound
try:
banner = DBSession.query(Banner).filter(Banner.id == bid).first()
if banner is None:
raise HTTPNotFound
if os.path.exists(f"server/{banner.image_path}" or ""):
os.remove(f"server/{banner.image_path}")
DBSession.delete(banner)
except Exception as e:
log.debug(e)
raise HTTPInternalServerError
url = self.request.route_url('admin_view')
return HTTPFound(url)
def main(global_config, **settings):
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.bind = engine
serializer = JSONSerializerWithPickleFallback()
session_factory = SignedCookieSessionFactory("qweqweqwe",
serializer=serializer)
config = Configurator(settings=settings,
root_factory='server.resources.Root')
config.set_session_factory(session_factory)
config.include('pyramid_mako')
config.include('pyramid_tm')
csrf_policy = LegacySessionCSRFStoragePolicy()
config.set_csrf_storage_policy(csrf_policy)
authn_policy = AuthTktAuthenticationPolicy(settings['server.secret'],
callback=groupfinder,
hashalg='sha512')
authz_policy = ACLAuthorizationPolicy()
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
config.include(admin_include, route_prefix='/')
config.include(banner_include, route_prefix='/')
config.add_static_view('static', 'server:static/')
return config.make_wsgi_app()
def main(argv=sys.argv):
if len(argv) != 2:
usage(argv)
config_uri = argv[1]
setup_logging(config_uri)
settings = get_appsettings(config_uri)
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.create_all(engine)
with transaction.manager:
# Create default models
group = Group(name="group:admin")
DBSession.add(group)
user = User(name='Test', password=hash_password('1234'))
DBSession.add(user)
new_group_id = int(
DBSession.query(Group).filter(Group.name == group.name).first().id)
new_user_id = int(
DBSession.query(User).filter(User.name == user.name).first().id)
user_in_group = UserInGroup(user_id=new_user_id, group_id=new_group_id)
DBSession.add(user_in_group)
def add_banner_view(self):
form = self.banner_form.render()
if 'submit' in self.request.params:
controls = self.request.POST.items()
try:
appstruct = self.banner_form.validate(controls)
except deform.ValidationFailure as e:
log.debug(400)
return dict(form=e.render())
new_title = appstruct.get("title", "default")
new_url = appstruct.get("url", "default")
new_visible = appstruct.get("visible", True)
new_banner = Banner(title=new_title,
url=new_url,
visible=new_visible)
try:
DBSession.add(new_banner)
banner = DBSession.query(Banner).filter(
Banner.title == new_title, Banner.url == new_url,
Banner.visible == new_visible).order_by(
Banner.id.desc()).first()
if appstruct.get("image") is None:
img_scr = ""
else:
img_type = mimetypes.guess_extension(
appstruct.get("image").get("mimetype"))
img_scr = f"static/banner_img/{banner.id}{img_type}"
crop_image(
appstruct.get("image").get("fp"), banner.id, img_type)
banner.image_path = img_scr
banner.position = banner.id
url = self.request.route_url('admin_view')
return HTTPFound(url)
except Exception as e:
log.debug(e)
raise HTTPInternalServerError()
log.debug(200)
return dict(form=form)
def banners_view(self):
try:
banners = DBSession.query(Banner).filter(
Banner.visible == True).order_by(Banner.position,
Banner.id).limit(15)
user = DBSession.query(User).filter(
User.name == self.request.unauthenticated_userid).first()
except Exception as e:
log.debug(e)
raise HTTPInternalServerError()
return dict(banners=banners, user=user)
def filter_banners_by_search(search_request: dict):
search_title = search_request.get("title", "")
search_url = search_request.get("url", "")
search_visible = search_request.get("visible", 0)
search_column = search_request.get("column", "position")
search_sort = search_request.get("sort", "asc")
prev = datetime.datetime.now()
print("\n\n\n", search_column, "////", search_sort, "\n\n\n")
banners = DBSession.query(Banner).order_by(
text(f"Banner.{search_column} {search_sort}")).filter(
Banner.title.like(f"{search_title}%"),
Banner.url.like(f"{search_url}%"))
if search_visible != 0:
if search_visible == 1:
visible = True
if search_visible == 2:
visible = False
banners = banners.filter(Banner.visible == visible)
cur = datetime.datetime.now()
print("\n\n\n", cur - prev, "\n\n\n")
return banners
def decrease_banner_position_view(self):
if not check_csrf_token(self.request):
raise HTTPBadRequest
bid = int(self.request.matchdict['id'])
if bid is None:
raise HTTPNotFound
try:
cursor_banner = DBSession.query(Banner).filter(
Banner.id == bid).first()
if cursor_banner is None:
raise HTTPNotFound
except Exception as e:
log.debug(e)
raise HTTPInternalServerError
try:
banners = DBSession.query(Banner).order_by(Banner.position,
Banner.id).all()
except Exception as e:
log.debug(e)
raise HTTPInternalServerError
bindex = banners.index(cursor_banner)
if bindex + 1 != len(banners):
cursor_position = banners[bindex].position
try:
banners[bindex].position = banners[bindex + 1].position
banners[bindex].updated_at = datetime.datetime.utcnow()
banners[bindex + 1].position = cursor_position
banners[bindex + 1].updated_at = datetime.datetime.utcnow()
except Exception as e:
log.debug(e)
raise HTTPInternalServerError
log.debug(201)
url = self.request.route_url('admin_view')
return HTTPFound(url)
def groupfinder(name: str, request):
try:
user = DBSession.query(User).filter(User.name == name).first()
if user is None:
raise HTTPNotFound
return user.groups()
except Exception:
raise HTTPInternalServerError
def name_validator(node, value: str):
try:
user = DBSession.query(User).filter(User.name == value).first()
if user is None:
raise HTTPNotFound()
except Exception:
raise HTTPInternalServerError()
if not user:
raise Invalid(node,
f"User with name {value} does not exist")
def validator(self, node, cstruct):
name = cstruct['name']
password = cstruct['password']
try:
user = DBSession.query(User).filter(User.name == name).first()
if user is None:
raise HTTPNotFound()
except Exception:
raise HTTPInternalServerError()
if not check_password(password, user.password):
raise Invalid(node,
f"Password is not correct")
def update_banner_view(self):
bid = int(self.request.matchdict['id'])
if bid is None:
raise HTTPNotFound
try:
banner = DBSession.query(Banner).filter(Banner.id == bid).first()
if banner is None:
raise HTTPNotFound
except Exception as e:
log.debug(e)
raise HTTPInternalServerError
form = self.banner_form.render({
"title": banner.title,
# "image": image,
"url": banner.url,
"visible": banner.visible
})
image_path = f"server:{banner.image_path}"
try:
form = form.replace(
'<label for="deformField2"\n ' +
'class=\"control-label "\n id="req-deformField2"\n '
+ '> \\n Image\n </label>',
f'<label for="deformField2"\n \
class="control-label "\n id="req-deformField2"\n >\
\n Image\n </label>\n<br><img src=\"\
{self.request.static_url(image_path)}\" alt=\"\" \
draggable="false" width=200 height=200/><br>\n')
except ValueError:
pass
except Exception as e:
log.debug(e)
raise HTTPInternalServerError
if 'submit' in self.request.params:
controls = self.request.POST.items()
try:
appstruct = self.banner_form.validate(controls)
except deform.ValidationFailure as ve:
return dict(form=ve.render())
new_title = appstruct.get("title", "default")
new_url = appstruct.get("url", "default")
new_visible = appstruct.get("visible", True)
if appstruct.get("image") is None and not banner.image_path:
img_scr = ""
elif appstruct.get("image") is not None:
img_type = mimetypes.guess_extension(
appstruct.get("image").get("mimetype"))
img_scr = f"static/banner_img/{banner.id}{img_type}"
crop_image(
appstruct.get("image").get("fp"), banner.id, img_type)
else:
img_scr = banner.image_path
try:
banner.title = new_title
banner.image_path = img_scr
banner.url = new_url
banner.visible = new_visible
banner.updated_at = datetime.datetime.utcnow()
except Exception as e:
log.debug(e)
raise HTTPInternalServerError
url = self.request.route_url('admin_view')
return HTTPFound(url)
return dict(form=form)