def authenticate(self, oauth_client):
"""Verify authentication by calling get_self on the User.
This will verify against the API endpoint for returning
the authenticated user.
"""
http = typepad.client
http.clear_credentials()
http.add_credentials(oauth_client.consumer, oauth_client.token)
typepad.client.batch_request()
u = User.get_self(http=http)
try:
typepad.client.complete_batch()
except (User.Unauthorized, User.Forbidden):
u = AnonymousUser()
return u
def lastface(request, xid, spec):
cache_key = 'lastface:%s' % xid
face = cache.get(cache_key)
if face is None:
try:
face = Lastface.objects.get(owner=xid)
except Lastface.DoesNotExist:
# Get that person's userpic.
with typepad.client.batch_request():
user = User.get_by_url_id(xid)
face = user.avatar_link.by_width(200).url
if 'default-userpics' in face:
return HttpResponseNotFound('no such face', content_type='text/plain')
face = face.rsplit('/', 1)[-1].split('-', 1)[0]
else:
face = face.face
cache.set(cache_key, face)
url = 'http://a0.typepad.com/%s-%s' % (face, spec)
return HttpResponseRedirect(url)
def moderate(request):
"""
Moderation actions for the moderation queue. Approve or delete. Return OK.
"""
if not hasattr(request, 'typepad_user'):
typepad.client.batch_request()
request.typepad_user = get_user(request)
typepad.client.complete_batch()
if not (request.typepad_user.is_authenticated() and \
request.typepad_user.is_superuser):
return http.HttpResponseForbidden()
res = 'OK'
item_ids = request.POST.getlist('item_id')
if item_ids is None:
raise http.Http404
action = request.POST.get('action', None)
success = []
fail = []
ban_list = []
for item_id in item_ids:
queue = None
user = None
if action.endswith('_user'):
try:
user = Blacklist.objects.get(user_id=item_id)
except Blacklist.DoesNotExist:
if action == 'approve_user':
success.append(item_id)
continue
else:
fail.append(item_id)
continue
else:
try:
queue = Queue.objects.get(id=item_id)
except:
fail.append(item_id)
continue
if action == 'approve':
queue.approve()
success.append(item_id)
elif action in ('delete', 'ban'):
# outright delete it?? or do we have a status for this?
if action == 'ban':
if queue.user_id not in ban_list:
# also ban this user
typepad.client.batch_request()
user_memberships = User.get_by_url_id(queue.user_id).memberships.filter(by_group=request.group)
typepad.client.complete_batch()
try:
user_membership = user_memberships[0]
if user_membership.is_admin():
# cannot ban/unban another admin
fail.append(item_id)
continue
user_membership.block()
signals.member_banned.send(sender=moderate,
membership=user_membership, group=request.group)
ban_list.append(queue.user_id)
except IndexError:
pass # no membership exists; ignore ban
tp_asset = None
if queue.asset_id:
# we need to remove from typepad
typepad.client.batch_request()
tp_asset = typepad.Asset.get_by_url_id(queue.asset_id)
try:
typepad.client.complete_batch()
except typepad.Asset.NotFound:
# already deleted on TypePad...
tp_asset = None
if tp_asset:
tp_asset.delete()
content = queue.content
if content is not None:
if content.attachment is not None and content.attachment.name:
# delete the attachment ourselves; this handles
# the case where the file may not actually still be
# on disk; we'll just ignore that since we're deleting
# the row anyway
try:
content.attachment.delete()
except IOError, ex:
# something besides "file couldn't be opened"; reraise
if ex.errno != 2:
raise ex
content.attachment = None
content.save()
queue.delete()
success.append(item_id)
if tp_asset is not None:
signals.asset_deleted.send(sender=moderate, instance=tp_asset, group=request.group)
elif action == 'view':
if queue.status in (Queue.MODERATED, Queue.SPAM):
content = QueueContent.objects.get(queue=queue)
data = json.loads(content.data)
# supplement with a fake author member, since this isn't
# populated into the POSTed data for pre-moderation/spam assets
data['author'] = {
'displayName': queue.user_display_name,
'links': [{
'rel': 'avatar',
'href': queue.user_userpic,
'width': 50,
'height': 50
}]
}
tp_asset = typepad.Asset.from_dict(data)
tp_asset.published = queue.ts
else:
typepad.client.batch_request()
tp_asset = typepad.Asset.get_by_url_id(queue.asset_id)
typepad.client.complete_batch()
event = typepad.Event()
event.object = tp_asset
event.actor = tp_asset.author
event.published = tp_asset.published
# 'view' of 'permalink' causes the full content to render
data = { 'entry': tp_asset, 'event': event, 'view': 'permalink' }
res = render_to_string("motion/assets/asset.html", data,
context_instance=RequestContext(request))
return http.HttpResponse(res)
event = typepad.Event()
event.object = tp_asset
event.actor = tp_asset.author
event.published = tp_asset.published
# 'view' of 'permalink' causes the full content to render
data = { 'entry': tp_asset, 'event': event, 'view': 'permalink' }
res = render_to_string("motion/assets/asset.html", data,
context_instance=RequestContext(request))
return http.HttpResponse(res)
elif action == 'ban_user':
typepad.client.batch_request()
user_memberships = User.get_by_url_id(item_id).memberships.filter(by_group=request.group)
typepad.client.complete_batch()
try:
user_membership = user_memberships[0]
if user_membership.is_admin():
# cannot ban/unban another admin
fail.append(item_id)
continue
user_membership.block()
signals.member_banned.send(sender=moderate,
membership=user_membership, group=request.group)
ban_list.append(item_id)
def get_user(self, user_id):
"""Return the authed TypePad user"""
return User.get_by_id(user_id)
