Ejemplo n.º 1
0
    def test_user_with_no_perms(self):
        u = User(passwordhash='123')
        f = Feed()

        u.save()
        f.save()

        self.assertEqual(u.writeable_feeds(), [])
    def test_user_with_no_perms(self):
        u = User(passwordhash='123')
        f = Feed()

        u.save()
        f.save()

        self.assertEqual(u.writeable_feeds(), [])
Ejemplo n.º 3
0
    def test_user_with_one_feed(self):
        u = User(passwordhash='123')
        f = Feed()

        u.save()
        f.save()

        f.grant('Write', user=u)

        self.assertEqual(u.writeable_feeds(), [f])
Ejemplo n.º 4
0
    def test_user_with_one_feed_via_group(self):
        u = User(passwordhash='123')
        g = Group(name='group_with_a_name')
        f = Feed()

        u.save()
        f.save()
        g.save()

        g.set_users([u.id])

        f.grant('Write', group=g)

        self.assertEqual(u.writeable_feeds(), [f])
Ejemplo n.º 5
0
def try_to_set_feed(post, new_feed_id, user):
    ''' Is this user actually allowed to set the feed of this post to what
        the form is saying they want to?  If so, cool. Return that feed. '''

    try:
        if post.feed:
            oldfeedid = post.feed.id
        else:
            oldfeedid = False
    except:
        oldfeedid = False

    if new_feed_id and new_feed_id != oldfeedid:
        # new or changed feed.
        try:
            feed = Feed.get(Feed.id == new_feed_id)
        except Feed.DoesNotExist:
            raise PleaseRedirect(None,
                                 "Odd. You somehow tried to post "
                                 "to a non-existant feed. It didn't work.")

        if feed.user_can_write(user):
            flash('Posted to ' + feed.name)
            return feed

        else:
            # This shouldn't happen very often - so don't worry about
            # losing post data.  If it's an issue, refactor so it's stored
            # but not written to the feed...
            raise PleaseRedirect(
                url_for('index'),
                "Sorry, you don't have permission to write to " + feed.name)
        return feed

    return post.feed
Ejemplo n.º 6
0
def feeds():
    ''' the back end list of feeds. '''

    if request.method == 'POST':
        if not user_session.is_admin():
            flash('Only Admins can do this!')
            return redirect(url_for('feeds'))

        action = request.form.get('action', 'create')

        if action == 'create':
            if not request.form.get('title', '').strip():
                flash("I'm not making you an un-named feed!")
                return redirect(url_for('feeds'))
            Feed(name=request.form.get('title', 'blank').strip()).save()

    try:
        user = user_session.get_user()
    except user_session.NotLoggedIn as e:
        user = User()

    return render_template('feeds.html',
                           feeds=Feed.select(),
                           user=user,
                           external_sources=ExternalSource.select(),
                           source_types=external_source_types.types())
Ejemplo n.º 7
0
    def test_post_count_empty(self):
        f = Feed(name='123')
        f.save()

        self.assertEqual(f.post_count(), 0)
        self.assertEqual(f.post_count(published=True), 0)
        self.assertEqual(f.post_count(expired=True), 0)
        self.assertEqual(f.post_count(published=True, expired=True), 0)
Ejemplo n.º 8
0
    def test_no_users(self):
        f = Feed(name='123')
        f.save()

        self.assertEqual(f.authors(), [])
        self.assertEqual(f.publishers(), [])
        self.assertEqual(f.author_groups(), [])
        self.assertEqual(f.publisher_groups(), [])
Ejemplo n.º 9
0
def screenedit(screenid):
    ''' edit one screen '''

    try:
        if int(screenid) == -1:
            flash('New Screen')
            screen = Screen() # pylint: disable=no-value-for-parameter
        else:
            screen = Screen().get(Screen.id == int(screenid)) # pylint: disable=no-value-for-parameter

        backgrounds = [basename(x) for x in \
                       glob(app.config['SITE_VARS']['user_dir']  + '*')
                       if allow_filetype(x)]

    except Screen.DoesNotExist:
        flash('Invalid Screen ID! Screen does NOT exist!')
        return redirect(url_for('index'))

    if request.method == 'POST':
        if not user_session.logged_in():
            flash("You're not logged in!")
            return redirect(url_for('posts'))

        user = user_session.get_user()
        if not user.is_admin:
            flash('Sorry. You are NOT an admin!')
            return redirect(url_for('index'))

        if request.form.get('action', 'update') == 'delete':
            screen.delete_instance()
            flash('deleted')
            return redirect(request.referrer)

        # first check that name is OK:
        try:
            oldname = screen.urlname
            screen.urlname = urllib.quote(request.form.get('urlname'), '')
            screen.save()
        except sqlite3.IntegrityError:
            screen.urlname = oldname
            flash("Sorry! That name is already being used!")

        screen.background = request.form.get('background')
        screen.settings = request.form.get('settings', '')
        screen.css = request.form.get('css', '').replace('"',"'")
        screen.zones = form_json('zones', {})
        screen.save()
        flash('saved.')

        if int(screenid) == -1:
            return redirect(url_for('screenedit', screenid=screen.id))

    return render_template('screen_editor.html',
                           feeds=Feed.select(),
                           backgrounds=backgrounds,
                           screen=screen)
Ejemplo n.º 10
0
def feedpage(feedid):
    ''' the back end settings for one feed. '''

    try:
        feed = Feed.get(id=feedid)
        user = user_session.get_user()
    except user_session.NotLoggedIn:
        user = User()
    except:
        flash('invalid feed id! (' + str(feedid) + ')')
        return redirect(url_for('feeds'))

    if request.method == 'POST':
        if not user_session.logged_in():
            flash("You're not logged in!")
            return redirect(url_for('feeds'))

        if not user.is_admin:
            flash('Sorry! Only Admins can change these details.')
            return redirect(request.referrer)

        action = request.form.get('action', 'none')

        if action == 'edit':
            feed.name = request.form.get('title', feed.name).strip()

            inlist = request.form.getlist

            feed.post_types = ', '.join(inlist('post_types'))

            feed.set_authors(by_id(User, inlist('authors')))
            feed.set_publishers(by_id(User, inlist('publishers')))
            feed.set_author_groups(by_id(Group, inlist('author_groups')))
            feed.set_publisher_groups(by_id(Group, inlist('publisher_groups')))

            feed.save()
            flash('Saved')
        elif action == 'delete':

            for post in feed.posts:
                post_type_module = post_types.load(post.type)
                delete_post_and_run_callback(post, post_type_module)

            feed.delete_instance(True, True) # cascade/recursive delete.
            flash('Deleted')
            return redirect(url_for('feeds'))

    return render_template('feed.html',
                           feed=feed,
                           user=user,
                           all_posttypes=post_types.types(),
                           allusers=User.select(),
                           allgroups=Group.select()
                          )
Ejemplo n.º 11
0
def feedsrss(ids_raw):
    ''' get a bunch of feeds posts as an RSS stream '''

    ids = []
    feed_names = []

    for i in ids_raw.split(','):
        try:
            feedid = int(i)
            if feedid in ids:
                continue

            feed = Feed.get(id=feedid)
            ids.append(feedid)
            feed_names.append(feed.name)
        except ValueError:
            continue
        except Feed.DoesNotExist:
            continue

    time_now = now()
    feed_posts = [p for p in \
                  Post.select().join(Feed).where(
                      (Feed.id << ids)
                      &(Post.status == 0)
                      &(Post.active_start < time_now)
                      &(Post.active_end > time_now)
                      &(Post.published)
                      )]

    feed = RSSFeed()

    feed.feed["title"] = ",".join(feed_names)
    feed.feed["link"] = url_for('feeds')
    feed.feed["description"] = "Posts from " + (','.join(feed_names))

    for post in feed_posts:
        contents = json.loads(post.content)
        cleantext = bleach.clean(contents["content"], tags=[], strip=True)
        if len(cleantext) > 20:
            cleantext = cleantext[0:20] + "..."

        item = {
            "title": cleantext,
            "description": contents["content"],
            "guid": str(post.id),

            }
        feed.items.append(item)

    resp = make_response(feed.format_rss2_string())
    resp.headers["Content-Type"] = "application/xml"

    return resp
    def test_user_with_one_feed(self):
        u = User(passwordhash='123')
        f = Feed()

        u.save()
        f.save()

        f.grant('Write', user=u)

        self.assertEqual(u.writeable_feeds(), [f])
    def test_user_with_one_feed_via_group(self):
        u = User(passwordhash='123')
        g = Group(name='group_with_a_name')
        f = Feed()

        u.save()
        f.save()
        g.save()

        g.set_users([u.id])

        f.grant('Write', group=g)

        self.assertEqual(u.writeable_feeds(), [f])
Ejemplo n.º 14
0
def index():
    ''' main front page / dashboard / index. '''
    try:
        user = user_session.get_user()
    except user_session.NotLoggedIn as e:
        user = User()

    if not user:
        user = User()


    publishable_feeds = user.publishable_feeds()


    posts_to_publish = Post.select()\
                           .where((Post.published==False) &
                                  (Post.feed << publishable_feeds))

    screens = Screen.select()
    aliases = config_var('screens.aliases', [])

    for alias in aliases:
        for screen in screens:
            if screen.urlname == alias['screen_name']:
                alias['screen'] = screen
                break
        else:
            alias['screen'] = None

    return render_template('dashboard.html',
        aliases=aliases,
        feeds=Feed.select(),
        publishable_feeds=publishable_feeds,
        posts=Post.select().where(Post.author == user)\
                  .order_by(Post.write_date.desc())\
                  .limit(15),
        posts_to_publish=posts_to_publish,
        screens=screens,
        user=user)
Ejemplo n.º 15
0
def external_data_source_edit(source_id):
    ''' Editing a external data source '''

    if not user_session.is_admin():
        flash('Only Admins can do this!')
        return redirect(url_for('feeds'))

    # first find the data type:

    if request.method == 'DELETE':
        ExternalSource.delete() \
                      .where(ExternalSource.id == int(source_id)) \
                      .execute()
        return 'deleted'

    if source_id == None:
        try:
            source = ExternalSource()
            source.type = request.args['type']
            source.name = "new " + source.type + " source"
            source.feed = Feed.get() # set initial feed
        except KeyError:
            return 'No type specified.', 500
    else:
        try:
            source = ExternalSource.get(id=source_id)
        except peewee.DoesNotExist:
            return 'Invalid id.', 404

    # Try and load the external source type ( and check it's valid):

    try:
        module = external_source_types.load(source.type)
    except ImportError:
        return 'Invalid External Source Type', 404

    # if it's a post, then update the data with 'receive':

    if request.method == 'POST':
        source.post_as_user = user_session.get_user()

        source.settings = json.dumps(module.receive(request))
        source.name = request.form.get('name', source.name)

        source.frequency = getint('frequency', 60)
        source.publish = getbool('publish', False)
        source.lifetime_start = request.form.get('active_start',
                                                 source.lifetime_start)
        source.lifetime_end = request.form.get('active_end',
                                               source.lifetime_end)
        source.display_time = getint('display_time', source.display_time)
        source.post_template = request.form.get('post_template',
                                                source.post_template)
        try:
            source.feed = Feed.get(Feed.id == getint('feed', 100))
            source.save()
            if source_id == None:
                # new source!
                return redirect(url_for('external_data_source_edit',
                                        source_id=source.id))
            else:
                flash('Updated.')
        except Feed.DoesNotExist:
            flash("Can't save! Invalid Feed!{}".format(
                getint('feed', '-11')))


    return render_template("external_source.html",
                           source=source,
                           feeds=Feed.select(),
                           form=module.form(json.loads(source.settings)))
Ejemplo n.º 16
0
def postpage(postid):
    ''' Edit a post. '''

    if not user_session.logged_in():
        flash("You're not logged in!")
        return redirect(url_for('posts'))

    try:
        post = Post.get(Post.id == postid)
        post_type_module = post_types.load(post.type)
        user = user_session.get_user()

    except Post.DoesNotExist:
        flash('Sorry! Post id:{0} not found!'.format(postid))
        return redirect(url_for('posts'))

    if request.method == 'POST':
        try:
            # check for write permission, and if the post is
            # already published, publish permission.

            if_i_cant_write_then_i_quit(post, user)

            # if the user is allowed to set the feed to what they've
            # requested, then do it.

            post.feed = try_to_set_feed(post,
                                        request.form.get('post_feed', False),
                                        user)

        except PleaseRedirect as e:
            flash(str(e.msg))
            redirect(e.url)

        # if it's a publish or delete request, handle that instead:
        action = request.form.get('action', 'edit')

        if action == 'delete':
            # don't need extra guards, as if_i_cant... deals with it above
            delete_post_and_run_callback(post, post_type_module)
            flash('Deleted')
        elif action == 'publish':
            try:
                post.publish(user)
                flash("Published")
            except PermissionDenied:
                flash("Sorry, you don't have permission to publish"
                      " posts in this feed.")
        elif action == 'unpublish':
            try:
                post.publish(user, False)
                flash("Published!")
            except PermissionDenied:
                flash('Sorry, you do NOT have permission' \
                       ' to unpublish on this feed.')
        elif action == 'move':
            if not user_session.is_admin():
                flash('Sorry! You are not an admin!')
                return jsonify({'error': 'permission denied'})
            post.feed = Feed.get(Feed.id == getint('feed', post.feed))
            post.save()
            return jsonify({'message': 'Moved to ' + post.feed.name})

        if action not in ('edit', 'update'):
            return redirect(request.referrer if request.referrer else '/')

        # finally get around to editing the content of the post...
        try:
            post_form_intake(post, request.form, post_type_module)
            post.save()
            flash('Updated.')
        except Exception as e:
            flash('invalid content for this data type!')
            flash(str(e))

    # Should we bother displaying 'Post' button, and editable controls
    # if the user can't write to this post anyway?

    #can_write, can_publish = can_user_write_and_publish(user, post)

    return render_template('post_editor.html',
                           post=post,
                           current_feed=post.feed.id,
                           feedlist=user.writeable_feeds(),
                           user=user,
                           form_content=post_type_module.form(json.loads(post.content)))
Ejemplo n.º 17
0
def post_new(feed_id):
    ''' create a new post! '''

    if not user_session.logged_in():
        flash("You're not logged in!")
        return redirect(url_for('index'))

    user = user_session.get_user()

    try:
        feed = Feed.get(id=feed_id)
    except Feed.DoesNotExist:
        flash('Sorry, Feed does not exist!')
        return redirect(url_for('feeds'))

    if not feed.user_can_write(user):
        flash("Sorry! You don't have permission to write here!")
        return redirect(request.referrer if request.referrer else '/')

    if request.method == 'GET':
        # send a blank form for the user:

        post = Post()
        post.feed = feed

        # give list of available post types:

        all_posttypes = dict([(x['id'], x) for x in post_types.types()])

        if post.feed.post_types:

            allowed_post_types = []

            for post_type in post.feed.post_types_as_list():
                if post_type in all_posttypes:
                    allowed_post_types.append(all_posttypes[post_type])
        else:
            allowed_post_types = all_posttypes.values()

        # return the page:

        return render_template('postnew.html',
                               current_feed=feed,
                               post=post,
                               user=user,
                               post_types=allowed_post_types)

    else: # POST. new post!
        post_type = request.form.get('post_type')
        try:
            post_type_module = post_types.load(post_type)
        except:
            flash('Sorry! invalid post type.')
            return redirect(request.referrer if request.referrer else '/')

        if feed.post_types and post_type not in feed.post_types_as_list():
            flash('sorry! this post type is not allowed in this feed!')
            return redirect(request.referrer if request.referrer else '/')

        post = Post(type=post_type, author=user)

        try:
            post.feed = feed

            if_i_cant_write_then_i_quit(post, user)

            post_form_intake(post, request.form, post_type_module)

        except PleaseRedirect as e:
            flash(str(e.msg))
            return redirect(e.url if e.url else request.url)

        post.save()
        flash('Saved!')

        return redirect(url_for('feedpage', feedid=post.feed.id))
Ejemplo n.º 18
0
    def test_one_user_write_and_publish(self):
        f = Feed(name='123')
        f.save()

        u = User(passwordhash='123')
        u.save()

        f.grant('Write', user=u)
        f.grant('Publish', user=u)

        self.assertEqual(f.authors(), [u])
        self.assertEqual(f.publishers(), [u])
        self.assertEqual(f.author_groups(), [])
        self.assertEqual(f.publisher_groups(), [])

        self.assertTrue(f.user_can_write(u))
        self.assertTrue(f.user_can_publish(u))
Ejemplo n.º 19
0
    def test_one_user_group_write_and_publish(self):
        f = Feed(name='123')
        f.save()

        u = User(passwordhash='123')
        u.save()

        g = Group(name='usergroup')
        g.save()
        g.set_users([u.id])

        self.assertEqual(f.authors(), [])
        self.assertEqual(f.publishers(), [])
        self.assertEqual(f.author_groups(), [])
        self.assertEqual(f.publisher_groups(), [])

        self.assertFalse(f.user_can_write(u))
        self.assertFalse(f.user_can_publish(u))

        f.grant('Write', group=g)
        f.grant('Publish', group=g)

        f = Feed.get(id=f.id)

        self.assertEqual(f.authors(), [])
        self.assertEqual(f.publishers(), [])
        self.assertEqual(f.author_groups(), [g])
        self.assertEqual(f.publisher_groups(), [g])

        self.assertTrue(f.user_can_write(u))
        self.assertTrue(f.user_can_publish(u))
Ejemplo n.º 20
0
 def test_users_none(self):
     self.assertEqual(Feed.select().count(), 0)
Ejemplo n.º 21
0
    def test_one_user_group_read_only(self):
        f = Feed(name='123')
        f.save()

        u = User(passwordhash='123')
        u.save()

        g = Group(name='usergroup')
        g.set_users([u.id])
        g.save()

        self.assertEqual(f.authors(), [])
        self.assertEqual(f.publishers(), [])
        self.assertEqual(f.author_groups(), [])
        self.assertEqual(f.publisher_groups(), [])

        self.assertFalse(f.user_can_write(u))
        self.assertFalse(f.user_can_publish(u))

        f.grant('Read', group=g)

        self.assertEqual(f.authors(), [])
        self.assertEqual(f.publishers(), [])
        self.assertEqual(f.author_groups(), [])
        self.assertEqual(f.publisher_groups(), [])

        self.assertFalse(f.user_can_write(u))
        self.assertFalse(f.user_can_publish(u))
Ejemplo n.º 22
0
    def test_one_user_read_only(self):
        f = Feed(name='123')
        f.save()

        u = User(passwordhash='123')
        u.save()

        f.grant('Read', user=u)

        self.assertEqual(f.authors(), [])
        self.assertEqual(f.publishers(), [])
        self.assertEqual(f.author_groups(), [])
        self.assertEqual(f.publisher_groups(), [])

        self.assertFalse(f.user_can_write(u))
        self.assertFalse(f.user_can_publish(u))