def test_user_with_no_perms(self):
u = User(passwordhash='123')
f = Feed()
u.save()
f.save()
self.assertEqual(u.writeable_feeds(), [])
def test_user_with_no_perms(self):
u = User(passwordhash='123')
f = Feed()
u.save()
f.save()
self.assertEqual(u.writeable_feeds(), [])
def test_user_with_one_feed(self):
u = User(passwordhash='123')
f = Feed()
u.save()
f.save()
f.grant('Write', user=u)
self.assertEqual(u.writeable_feeds(), [f])
def test_user_with_one_feed_via_group(self):
u = User(passwordhash='123')
g = Group(name='group_with_a_name')
f = Feed()
u.save()
f.save()
g.save()
g.set_users([u.id])
f.grant('Write', group=g)
self.assertEqual(u.writeable_feeds(), [f])
def try_to_set_feed(post, new_feed_id, user):
''' Is this user actually allowed to set the feed of this post to what
the form is saying they want to? If so, cool. Return that feed. '''
try:
if post.feed:
oldfeedid = post.feed.id
else:
oldfeedid = False
except:
oldfeedid = False
if new_feed_id and new_feed_id != oldfeedid:
# new or changed feed.
try:
feed = Feed.get(Feed.id == new_feed_id)
except Feed.DoesNotExist:
raise PleaseRedirect(None,
"Odd. You somehow tried to post "
"to a non-existant feed. It didn't work.")
if feed.user_can_write(user):
flash('Posted to ' + feed.name)
return feed
else:
# This shouldn't happen very often - so don't worry about
# losing post data. If it's an issue, refactor so it's stored
# but not written to the feed...
raise PleaseRedirect(
url_for('index'),
"Sorry, you don't have permission to write to " + feed.name)
return feed
return post.feed
def feeds():
''' the back end list of feeds. '''
if request.method == 'POST':
if not user_session.is_admin():
flash('Only Admins can do this!')
return redirect(url_for('feeds'))
action = request.form.get('action', 'create')
if action == 'create':
if not request.form.get('title', '').strip():
flash("I'm not making you an un-named feed!")
return redirect(url_for('feeds'))
Feed(name=request.form.get('title', 'blank').strip()).save()
try:
user = user_session.get_user()
except user_session.NotLoggedIn as e:
user = User()
return render_template('feeds.html',
feeds=Feed.select(),
user=user,
external_sources=ExternalSource.select(),
source_types=external_source_types.types())
def test_post_count_empty(self):
f = Feed(name='123')
f.save()
self.assertEqual(f.post_count(), 0)
self.assertEqual(f.post_count(published=True), 0)
self.assertEqual(f.post_count(expired=True), 0)
self.assertEqual(f.post_count(published=True, expired=True), 0)
def test_no_users(self):
f = Feed(name='123')
f.save()
self.assertEqual(f.authors(), [])
self.assertEqual(f.publishers(), [])
self.assertEqual(f.author_groups(), [])
self.assertEqual(f.publisher_groups(), [])
def screenedit(screenid):
''' edit one screen '''
try:
if int(screenid) == -1:
flash('New Screen')
screen = Screen() # pylint: disable=no-value-for-parameter
else:
screen = Screen().get(Screen.id == int(screenid)) # pylint: disable=no-value-for-parameter
backgrounds = [basename(x) for x in \
glob(app.config['SITE_VARS']['user_dir'] + '*')
if allow_filetype(x)]
except Screen.DoesNotExist:
flash('Invalid Screen ID! Screen does NOT exist!')
return redirect(url_for('index'))
if request.method == 'POST':
if not user_session.logged_in():
flash("You're not logged in!")
return redirect(url_for('posts'))
user = user_session.get_user()
if not user.is_admin:
flash('Sorry. You are NOT an admin!')
return redirect(url_for('index'))
if request.form.get('action', 'update') == 'delete':
screen.delete_instance()
flash('deleted')
return redirect(request.referrer)
# first check that name is OK:
try:
oldname = screen.urlname
screen.urlname = urllib.quote(request.form.get('urlname'), '')
screen.save()
except sqlite3.IntegrityError:
screen.urlname = oldname
flash("Sorry! That name is already being used!")
screen.background = request.form.get('background')
screen.settings = request.form.get('settings', '')
screen.css = request.form.get('css', '').replace('"',"'")
screen.zones = form_json('zones', {})
screen.save()
flash('saved.')
if int(screenid) == -1:
return redirect(url_for('screenedit', screenid=screen.id))
return render_template('screen_editor.html',
feeds=Feed.select(),
backgrounds=backgrounds,
screen=screen)
def feedpage(feedid):
''' the back end settings for one feed. '''
try:
feed = Feed.get(id=feedid)
user = user_session.get_user()
except user_session.NotLoggedIn:
user = User()
except:
flash('invalid feed id! (' + str(feedid) + ')')
return redirect(url_for('feeds'))
if request.method == 'POST':
if not user_session.logged_in():
flash("You're not logged in!")
return redirect(url_for('feeds'))
if not user.is_admin:
flash('Sorry! Only Admins can change these details.')
return redirect(request.referrer)
action = request.form.get('action', 'none')
if action == 'edit':
feed.name = request.form.get('title', feed.name).strip()
inlist = request.form.getlist
feed.post_types = ', '.join(inlist('post_types'))
feed.set_authors(by_id(User, inlist('authors')))
feed.set_publishers(by_id(User, inlist('publishers')))
feed.set_author_groups(by_id(Group, inlist('author_groups')))
feed.set_publisher_groups(by_id(Group, inlist('publisher_groups')))
feed.save()
flash('Saved')
elif action == 'delete':
for post in feed.posts:
post_type_module = post_types.load(post.type)
delete_post_and_run_callback(post, post_type_module)
feed.delete_instance(True, True) # cascade/recursive delete.
flash('Deleted')
return redirect(url_for('feeds'))
return render_template('feed.html',
feed=feed,
user=user,
all_posttypes=post_types.types(),
allusers=User.select(),
allgroups=Group.select()
)
def feedsrss(ids_raw):
''' get a bunch of feeds posts as an RSS stream '''
ids = []
feed_names = []
for i in ids_raw.split(','):
try:
feedid = int(i)
if feedid in ids:
continue
feed = Feed.get(id=feedid)
ids.append(feedid)
feed_names.append(feed.name)
except ValueError:
continue
except Feed.DoesNotExist:
continue
time_now = now()
feed_posts = [p for p in \
Post.select().join(Feed).where(
(Feed.id << ids)
&(Post.status == 0)
&(Post.active_start < time_now)
&(Post.active_end > time_now)
&(Post.published)
)]
feed = RSSFeed()
feed.feed["title"] = ",".join(feed_names)
feed.feed["link"] = url_for('feeds')
feed.feed["description"] = "Posts from " + (','.join(feed_names))
for post in feed_posts:
contents = json.loads(post.content)
cleantext = bleach.clean(contents["content"], tags=[], strip=True)
if len(cleantext) > 20:
cleantext = cleantext[0:20] + "..."
item = {
"title": cleantext,
"description": contents["content"],
"guid": str(post.id),
}
feed.items.append(item)
resp = make_response(feed.format_rss2_string())
resp.headers["Content-Type"] = "application/xml"
return resp
def test_user_with_one_feed(self):
u = User(passwordhash='123')
f = Feed()
u.save()
f.save()
f.grant('Write', user=u)
self.assertEqual(u.writeable_feeds(), [f])
def test_user_with_one_feed_via_group(self):
u = User(passwordhash='123')
g = Group(name='group_with_a_name')
f = Feed()
u.save()
f.save()
g.save()
g.set_users([u.id])
f.grant('Write', group=g)
self.assertEqual(u.writeable_feeds(), [f])
def index():
''' main front page / dashboard / index. '''
try:
user = user_session.get_user()
except user_session.NotLoggedIn as e:
user = User()
if not user:
user = User()
publishable_feeds = user.publishable_feeds()
posts_to_publish = Post.select()\
.where((Post.published==False) &
(Post.feed << publishable_feeds))
screens = Screen.select()
aliases = config_var('screens.aliases', [])
for alias in aliases:
for screen in screens:
if screen.urlname == alias['screen_name']:
alias['screen'] = screen
break
else:
alias['screen'] = None
return render_template('dashboard.html',
aliases=aliases,
feeds=Feed.select(),
publishable_feeds=publishable_feeds,
posts=Post.select().where(Post.author == user)\
.order_by(Post.write_date.desc())\
.limit(15),
posts_to_publish=posts_to_publish,
screens=screens,
user=user)
def external_data_source_edit(source_id):
''' Editing a external data source '''
if not user_session.is_admin():
flash('Only Admins can do this!')
return redirect(url_for('feeds'))
# first find the data type:
if request.method == 'DELETE':
ExternalSource.delete() \
.where(ExternalSource.id == int(source_id)) \
.execute()
return 'deleted'
if source_id == None:
try:
source = ExternalSource()
source.type = request.args['type']
source.name = "new " + source.type + " source"
source.feed = Feed.get() # set initial feed
except KeyError:
return 'No type specified.', 500
else:
try:
source = ExternalSource.get(id=source_id)
except peewee.DoesNotExist:
return 'Invalid id.', 404
# Try and load the external source type ( and check it's valid):
try:
module = external_source_types.load(source.type)
except ImportError:
return 'Invalid External Source Type', 404
# if it's a post, then update the data with 'receive':
if request.method == 'POST':
source.post_as_user = user_session.get_user()
source.settings = json.dumps(module.receive(request))
source.name = request.form.get('name', source.name)
source.frequency = getint('frequency', 60)
source.publish = getbool('publish', False)
source.lifetime_start = request.form.get('active_start',
source.lifetime_start)
source.lifetime_end = request.form.get('active_end',
source.lifetime_end)
source.display_time = getint('display_time', source.display_time)
source.post_template = request.form.get('post_template',
source.post_template)
try:
source.feed = Feed.get(Feed.id == getint('feed', 100))
source.save()
if source_id == None:
# new source!
return redirect(url_for('external_data_source_edit',
source_id=source.id))
else:
flash('Updated.')
except Feed.DoesNotExist:
flash("Can't save! Invalid Feed!{}".format(
getint('feed', '-11')))
return render_template("external_source.html",
source=source,
feeds=Feed.select(),
form=module.form(json.loads(source.settings)))
def postpage(postid):
''' Edit a post. '''
if not user_session.logged_in():
flash("You're not logged in!")
return redirect(url_for('posts'))
try:
post = Post.get(Post.id == postid)
post_type_module = post_types.load(post.type)
user = user_session.get_user()
except Post.DoesNotExist:
flash('Sorry! Post id:{0} not found!'.format(postid))
return redirect(url_for('posts'))
if request.method == 'POST':
try:
# check for write permission, and if the post is
# already published, publish permission.
if_i_cant_write_then_i_quit(post, user)
# if the user is allowed to set the feed to what they've
# requested, then do it.
post.feed = try_to_set_feed(post,
request.form.get('post_feed', False),
user)
except PleaseRedirect as e:
flash(str(e.msg))
redirect(e.url)
# if it's a publish or delete request, handle that instead:
action = request.form.get('action', 'edit')
if action == 'delete':
# don't need extra guards, as if_i_cant... deals with it above
delete_post_and_run_callback(post, post_type_module)
flash('Deleted')
elif action == 'publish':
try:
post.publish(user)
flash("Published")
except PermissionDenied:
flash("Sorry, you don't have permission to publish"
" posts in this feed.")
elif action == 'unpublish':
try:
post.publish(user, False)
flash("Published!")
except PermissionDenied:
flash('Sorry, you do NOT have permission' \
' to unpublish on this feed.')
elif action == 'move':
if not user_session.is_admin():
flash('Sorry! You are not an admin!')
return jsonify({'error': 'permission denied'})
post.feed = Feed.get(Feed.id == getint('feed', post.feed))
post.save()
return jsonify({'message': 'Moved to ' + post.feed.name})
if action not in ('edit', 'update'):
return redirect(request.referrer if request.referrer else '/')
# finally get around to editing the content of the post...
try:
post_form_intake(post, request.form, post_type_module)
post.save()
flash('Updated.')
except Exception as e:
flash('invalid content for this data type!')
flash(str(e))
# Should we bother displaying 'Post' button, and editable controls
# if the user can't write to this post anyway?
#can_write, can_publish = can_user_write_and_publish(user, post)
return render_template('post_editor.html',
post=post,
current_feed=post.feed.id,
feedlist=user.writeable_feeds(),
user=user,
form_content=post_type_module.form(json.loads(post.content)))
def post_new(feed_id):
''' create a new post! '''
if not user_session.logged_in():
flash("You're not logged in!")
return redirect(url_for('index'))
user = user_session.get_user()
try:
feed = Feed.get(id=feed_id)
except Feed.DoesNotExist:
flash('Sorry, Feed does not exist!')
return redirect(url_for('feeds'))
if not feed.user_can_write(user):
flash("Sorry! You don't have permission to write here!")
return redirect(request.referrer if request.referrer else '/')
if request.method == 'GET':
# send a blank form for the user:
post = Post()
post.feed = feed
# give list of available post types:
all_posttypes = dict([(x['id'], x) for x in post_types.types()])
if post.feed.post_types:
allowed_post_types = []
for post_type in post.feed.post_types_as_list():
if post_type in all_posttypes:
allowed_post_types.append(all_posttypes[post_type])
else:
allowed_post_types = all_posttypes.values()
# return the page:
return render_template('postnew.html',
current_feed=feed,
post=post,
user=user,
post_types=allowed_post_types)
else: # POST. new post!
post_type = request.form.get('post_type')
try:
post_type_module = post_types.load(post_type)
except:
flash('Sorry! invalid post type.')
return redirect(request.referrer if request.referrer else '/')
if feed.post_types and post_type not in feed.post_types_as_list():
flash('sorry! this post type is not allowed in this feed!')
return redirect(request.referrer if request.referrer else '/')
post = Post(type=post_type, author=user)
try:
post.feed = feed
if_i_cant_write_then_i_quit(post, user)
post_form_intake(post, request.form, post_type_module)
except PleaseRedirect as e:
flash(str(e.msg))
return redirect(e.url if e.url else request.url)
post.save()
flash('Saved!')
return redirect(url_for('feedpage', feedid=post.feed.id))
def test_one_user_write_and_publish(self):
f = Feed(name='123')
f.save()
u = User(passwordhash='123')
u.save()
f.grant('Write', user=u)
f.grant('Publish', user=u)
self.assertEqual(f.authors(), [u])
self.assertEqual(f.publishers(), [u])
self.assertEqual(f.author_groups(), [])
self.assertEqual(f.publisher_groups(), [])
self.assertTrue(f.user_can_write(u))
self.assertTrue(f.user_can_publish(u))
def test_one_user_group_write_and_publish(self):
f = Feed(name='123')
f.save()
u = User(passwordhash='123')
u.save()
g = Group(name='usergroup')
g.save()
g.set_users([u.id])
self.assertEqual(f.authors(), [])
self.assertEqual(f.publishers(), [])
self.assertEqual(f.author_groups(), [])
self.assertEqual(f.publisher_groups(), [])
self.assertFalse(f.user_can_write(u))
self.assertFalse(f.user_can_publish(u))
f.grant('Write', group=g)
f.grant('Publish', group=g)
f = Feed.get(id=f.id)
self.assertEqual(f.authors(), [])
self.assertEqual(f.publishers(), [])
self.assertEqual(f.author_groups(), [g])
self.assertEqual(f.publisher_groups(), [g])
self.assertTrue(f.user_can_write(u))
self.assertTrue(f.user_can_publish(u))
def test_users_none(self):
self.assertEqual(Feed.select().count(), 0)
def test_one_user_group_read_only(self):
f = Feed(name='123')
f.save()
u = User(passwordhash='123')
u.save()
g = Group(name='usergroup')
g.set_users([u.id])
g.save()
self.assertEqual(f.authors(), [])
self.assertEqual(f.publishers(), [])
self.assertEqual(f.author_groups(), [])
self.assertEqual(f.publisher_groups(), [])
self.assertFalse(f.user_can_write(u))
self.assertFalse(f.user_can_publish(u))
f.grant('Read', group=g)
self.assertEqual(f.authors(), [])
self.assertEqual(f.publishers(), [])
self.assertEqual(f.author_groups(), [])
self.assertEqual(f.publisher_groups(), [])
self.assertFalse(f.user_can_write(u))
self.assertFalse(f.user_can_publish(u))
def test_one_user_read_only(self):
f = Feed(name='123')
f.save()
u = User(passwordhash='123')
u.save()
f.grant('Read', user=u)
self.assertEqual(f.authors(), [])
self.assertEqual(f.publishers(), [])
self.assertEqual(f.author_groups(), [])
self.assertEqual(f.publisher_groups(), [])
self.assertFalse(f.user_can_write(u))
self.assertFalse(f.user_can_publish(u))
