def bookmarks():
# Handle forms and redirect to clear post data on browser
if request.method == "POST":
return utils.common_molt_actions()
# Display page
elif session.get("current_user") is not None:
current_user = utils.get_current_user()
page_n = request.args.get("p", 1, type=int)
bookmarks = current_user.query_bookmarks()
bookmarks = utils.get_current_user().filter_molt_query(bookmarks)
bookmarks = bookmarks.paginate(page_n, config.MOLTS_PER_PAGE, False)
if request.args.get("ajax_json"):
blocks = dict()
for block in ("title", "heading", "body"):
blocks[block] = render_template(
f"bookmarks-ajax-{block}.html",
current_page="bookmarks",
page_n=page_n,
bookmarks=bookmarks,
)
return jsonify(blocks)
else:
return render_template(
"bookmarks-content.html"
if request.args.get("ajax_content") else "bookmarks.html",
current_page="bookmarks",
page_n=page_n,
bookmarks=bookmarks,
)
else:
return redirect("/login")
def user_following(username, tab):
# Handle forms and redirect to clear post data on browser
if request.method == "POST":
return utils.common_molt_actions()
# Display page
elif session.get("current_user") is not None:
this_user = models.Crab.get_by_username(username)
if this_user is None:
return render_template("not-found.html", noun="user")
elif this_user.banned:
return render_template(
"not-found.html",
message="This user has been banned.",
)
else:
followx = None
if tab == "ing":
followx = this_user.following
elif tab == "ers":
followx = this_user.followers
elif tab == "ers_you_know":
followx = utils.get_current_user().get_mutuals_for(this_user)
return render_template(
"followx.html",
current_page=("own-profile" if this_user
== utils.get_current_user() else ""),
followx=followx,
this_user=this_user,
tab="follow" + tab,
)
else:
return redirect("/login")
def profile(profile_id):
user = get_current_user()
print(user)
if current_user.id != int(profile_id):
articles, events = collect_from_db_for_index()
return render_template('index.html',
error="You can only view your own profile",
current_user=get_current_user(),
articles=articles,
events=events)
return render_template('profiles.html', profile=user, current_user=user)
def inject_global_template_variables():
return dict(
idle=status.idle,
current_status=status.current_status,
now_building=status.now_building,
rev_pending=status.pending_review,
user=get_current_user(),
current_user=get_current_user(),
_all_packages=status.all_packages,
pkg_groups=status.package_groups,
)
def inject_global_template_variables():
return dict(
idle=status.idle,
current_status=status.current_status,
now_building=status.now_building,
rev_pending=status.pending_review,
user=get_current_user(),
current_user=get_current_user(),
_all_packages=status.all_packages,
pkg_groups=status.package_groups,
)
def get(self):
google_user = users.get_current_user()
if not google_user:
self.redirect(users.create_login_url(self.request.uri))
else:
app_user = utils.get_current_user()
if google_user and not app_user:
app_user = utils.init_new_user(google_user)
share_hash = utils.url_to_share_key(self.request.uri)
q = db.GqlQuery(
"SELECT * FROM Playlist WHERE share_hash = :share_hash",
share_hash=share_hash)
playlist = q.get()
if playlist:
if not app_user.has_playlist(playlist):
last_position = app_user.last_lib_position()
library_item = models.Library(user=app_user,
position=last_position + 1,
playlist=playlist,
is_owner=False)
library_item.put()
flash = "add_shared_playlist"
else:
flash = "playlist_already_in_lib"
else:
flash = "playlist_not_found"
self.redirect("/?flash=" + flash)
def crabtags(crabtag):
# Handle forms and redirect to clear post data on browser
if request.method == "POST":
return utils.common_molt_actions()
# Display page
elif session.get("current_user") is not None:
page_n = request.args.get("p", 1, type=int)
if request.args.get("ajax_json"):
blocks = dict()
for block in ("title", "heading", "body"):
blocks[block] = render_template(
f"crabtag-ajax-{block}.html",
current_page="crabtag",
crabtag=crabtag,
page_n=page_n,
)
return jsonify(blocks)
else:
molts = models.Molt.query_fast_with_tag(crabtag)
molts = utils.get_current_user().filter_molt_query(molts)
molts = molts.paginate(page_n, config.MOLTS_PER_PAGE, False)
return render_template(
("crabtag-content.html"
if request.args.get("ajax_content") else "crabtag.html"),
current_page="crabtag",
page_n=page_n,
molts=molts,
crabtag=crabtag,
)
else:
return redirect("/login")
def latest_issue(self):
user = get_current_user()
# Staff can see non-live issues
if user and user.is_staff:
return self.all()[0]
# Otherwise, only show live issues
return self.filter(is_live=True)[0]
def notifications():
# Handle forms and redirect to clear post data on browser
if request.method == "POST":
return utils.common_molt_actions()
# Display page
elif session.get("current_user") is not None:
page_n = request.args.get("p", 1, type=int)
notifications = utils.get_current_user().get_notifications(
paginated=True, page=page_n)
if request.args.get("ajax_json"):
blocks = dict()
for block in ("title", "heading", "body"):
blocks[block] = render_template(
f"notifications-ajax-{block}.html",
current_page="notifications",
notifications=notifications,
)
return jsonify(blocks)
else:
return render_template(
"notifications.html",
current_page="notifications",
notifications=notifications,
)
else:
return redirect("/login")
def post(self):
"""Creates a new feed for the logged in user"""
user = utils.get_current_user()
url = self.request.get('url')
if not user:
self.error(403)
return
feed = feedparser.parse(url)
feed = feed.get('feed')
id = feed.get('id')
logo = feed.get('gd_image', {'src': '/img/rss-placeholder.png'}).get('src')
title = feed.get('title')
link = feed.get('link')
m = InputFeed(
parent=user,
logo=logo,
url=url,
title=title,
link=link,
)
m.put()
m.fetch_entries(fetch_all=True)
self.response.headers['Content-Type'] = 'application/json; charset=utf-8'
self.response.headers['Access-Control-Allow-Origin'] = '*'
self.response.out.write(json.dumps(m.to_struct()))
def get_token(self):
user = get_current_user()
if user:
oauth_info = get_oauth_by(oauth_type=self.name, uid=g.session['user_id'])
if not oauth_info:
return
return oauth_info.oauth_token
def delete(self, title):
"""Delete the specified tag for the current user"""
user = utils.get_current_user()
title = title.decode('utf-8')
if not user:
self.error(403)
return
m = Tag.all().ancestor(user).filter('title_lower =', title.lower()).get()
if not m:
# Original tag not found
self.error(404)
return
entries = Entry.all().filter('tags =', m.key())
# Remove tag from entries
for entry in entries:
logging.info(entry)
entry.tags.remove(m.key())
entry.save()
m.delete()
self.response.headers['Content-Type'] = 'text/plain; charset=utf-8'
self.response.headers['Access-Control-Allow-Origin'] = '*'
self.response.out.write('ok')
def post(self, user_id, feed_id, entry_id):
"""Updates a specific entry"""
current_user = utils.get_current_user()
if not current_user:
self.error(403)
return
user = User.get_by_id(int(user_id))
if user == None:
self.error(404)
return
if current_user.key() != user.key():
self.error(401)
return
feed = InputFeed.get_by_id(int(feed_id), parent=user)
if feed == None:
self.error(404)
return
entry = Entry.get_by_id(int(entry_id), parent=feed)
published = self.request.get('published')
if published != None:
entry.published = bool(int(published))
entry.save()
self.response.headers['Content-Type'] = 'application/json; charset=utf-8'
self.response.headers['Access-Control-Allow-Origin'] = '*'
self.response.out.write(json.dumps(entry.to_struct()))
def change_requests_list_outcome():
"""
get list of DocLostChangeRequest with pagination
frontend table required 'page' and 'per_page' parameters, if not then 400
allows filtering and ordered_by "-created_at"
"""
if 'page' not in request.args.keys(
) and 'per_page' not in request.args.keys():
return abort(400)
user = get_current_user()
page = int(request.args.get('page'))
per_page = int(request.args.get('per_page'))
change_request_schema = DocLostChangeRequestListSchema()
queryset = filter_queryset(request.args, DocLostChangeRequest)
queryset = queryset.filter_by(user_add_id=user.get(
'id')) # filter that show only outcome change requests
queryset = queryset.order_by(desc("created_at"))
change_requests = queryset.paginate(page=page, per_page=per_page)
dump = {
'data': change_request_schema.jsonify(change_requests.items,
many=True).json,
'page': change_requests.page,
'per_page': change_requests.per_page,
'total': change_requests.total,
'total_pages': change_requests.pages
}
return jsonify(dump)
def get(self):
google_user = users.get_current_user()
if not google_user:
self.redirect(users.create_login_url(self.request.uri))
else:
app_user = utils.get_current_user()
if google_user and not app_user:
app_user = utils.init_new_user(google_user)
share_hash = utils.url_to_entity_key(self.request.uri)
q = db.GqlQuery("SELECT * FROM Playlist WHERE share_hash = :share_hash", share_hash=share_hash)
playlist = q.get()
if playlist:
if not app_user.has_playlist(playlist):
last_position = app_user.last_lib_position()
library_item = models.Library(user=app_user, position=last_position+1 , playlist=playlist, is_owner=False)
library_item.put()
flash = "add_shared_playlist"
else:
flash = "playlist_already_in_lib"
else:
flash = "playlist_not_found"
self.redirect("/?flash="+flash)
def test_login_user(self):
method_func = self._get_base_method('post')
url = '/login'
create_url = '/users'
user_data = {'login': '******', 'password': '******'}
method_func(create_url, params=user_data)
resp = method_func(url, params=user_data)
self.assertEqual(
get_current_user(request).get_id(),
User.get(User.login == user_data.get('login')).get_id())
self.assertEqual(resp.status_int, 200)
resp = method_func(url, params={'login': '******', 'password': '******'})
self.assertEqual(resp.status_int, 400)
self.assertListEqual(['Password incorrect.'],
resp.json.get('errors',
{}).get('fields').get('password'))
resp = method_func(url,
params={
'login': '******',
'password': '******'
})
self.assertEqual(resp.status_int, 400)
self.assertListEqual(['Login not found.'],
resp.json.get('errors',
{}).get('fields').get('login'))
def current_user():
user = utils.get_current_user()
if not user:
return flask.Response(status=401)
return user.to_dict()
def document_inactive_edit(doc_id):
doc_lost = DocLost.query.get_or_404(doc_id)
json_data = request.get_json()
if not json_data:
return jsonify({'message': 'Invalid request'}), 400
user = get_current_user()
user_dmsudep_id = user.get('dmsudep_id')
if doc_lost.dmsudep_issue_id != int(user_dmsudep_id):
return jsonify({'message': f'Only dep with id:{user_dmsudep_id} could update the document'}), 403
json_data['user_edit_id'] = user.get('id')
doc_lost_schema = DocLostAliensSchema()
errors = doc_lost_schema.validate(json_data, partial=True)
if errors:
return jsonify(errors), 400
################# save to history model #################
rows = db.inspect(DocLost).columns.keys()
history_data = {key: getattr(doc_lost, key) for key in rows if key not in ('id', 'updated_at', 'created_at')}
history_data['source_id'] = doc_id
db.session.bulk_insert_mappings(DocLostHistory, (history_data,))
data = doc_lost_schema.load(json_data, instance=doc_lost)
db.session.add(data)
db.session.commit()
return jsonify(message='Successfully updated'), 201
def kill_post(post):
'''Page confirming the deletion of a post.
Accessed by the user via a link at the top of the edit page.
Only this code can delete post after validting the user has access.
The database query is run using the same configuration that declares
login status to insure user has needed access to delete a post.
'''
target_post = Post.gql("WHERE url = :url AND author = :author",\
url ='/' + post, \
author = utils.get_current_user()).get()
if not target_post:
abort(401)
if request.method == "POST":
# Upon confirmation, empty post requet is sent.
target_post.delete()
print 'post delete confirmed'
print target_post
print 'no longer stored'
flash(" '{}' is gone.".format(target_post.url))
return redirect(
url_for('starter', username=target_post.author.username))
else:
flash('!! this will delete post')
return render_template('confirm_kill.html')
def get_post_list(**kwargs):
"""get post list"""
user = get_current_user()
if user is None:
return None
current_point = [kwargs['longitude'], kwargs['latitude']]
start = kwargs.pop('start', 0)
end = kwargs.pop('end', DEFAULT_ITEMS)
q1 = Q(active_time__lte=datetime.datetime.utcnow())
q2 = []
for index, value in enumerate(DISTANCE):
q2.append(
Q(distance=index)
& Q(location__near=current_point, location__max_distance=value))
q3 = []
q3.append(Q(category=CATEGORY['PUBLIC']))
q3.append(Q(category=CATEGORY['ADS']))
q3.append(Q(category=CATEGORY['PRIVATE']) & Q(author=user))
q3.append(Q(category=CATEGORY['PROTECTED']) & Q(receivers=user))
return [
obj
for obj in Post.objects(q1 & (q2[0] | q2[1] | q2[2] | q2[3])
& (q3[0] | q3[1] | q3[2] | q3[3]))[start:end]
]
def get(self):
google_user = users.get_current_user()
app_user = utils.get_current_user()
if google_user and not app_user:
app_user = utils.init_new_user(google_user)
self.response.out.write(template.render('player.html', {'user':app_user,'rando': random.random(), 'login_url': users.create_login_url("/"), 'logout_url':users.create_logout_url("/"), 'in_development_enviroment':utils.in_development_enviroment()}))
def put(self, id):
self.response.headers['Content-Type'] = 'application/json'
user = get_current_user()
if user:
url = self.request.get('url')
title = self.request.get('title')
description = self.request.get('description')
id = int(self.request.get('id'))
domain = reg.search(url)
if domain:
domain = domain.group()
bookmark = Bookmark.get_by_id(id)
if bookmark:
if bookmark.user.email == user.email:
bookmark.url=url
bookmark.title=title
bookmark.domain=domain
bookmark.description=unicode(description)
bookmark.changedate=int(time()*1000)
bookmark.put()
self.response.out.write(json.dumps({'status':'success', 'b':description, 'item':bookmark.to_dict()}))
else:
self.response.out.write(json.dumps({'status':'error', 'error_type':'Not allowed', "u1":bookmark.user.email, "u2":user.email}))
else:
self.response.out.write(json.dumps({'status':'error', 'error_type':'Bad id'}))
else:
self.response.out.write(json.dumps({'status':'error', 'error_type':'Bad link'}))
else:
self.response.out.write(json.dumps({'status':'error', 'error_type':'Not authorized'}))
def update_response(game_title, post_id, comment_parent_id, comment_id):
user = get_current_user()
#user=User.query.get(1)
comment = Comment.query.filter_by(comment_uuid=comment_id).filter_by(
comment_parent_uuid=comment_parent_id).first()
comment_parent = Comment.query.filter_by(
comment_uuid=comment_parent_id).first()
res = {}
res['links'] = [{
'rel':
'return to original post',
'href':
f'{url_for("game.post_page", game_title=game_title, post_id=post_id)}'
}]
if comment.author != user:
res['msg'] = 'you are not the author of this comment'
return jsonify(res), 400
if not request.json.get('comment_text'):
res['msg'] = 'missing comment_text'
return jsonify(res), 400
responses = table.query(KeyConditionExpression=Key('comment_id').eq(
comment_parent_id))['Items'][0]['responses']
#print(responses)
for response in responses:
if response['comment_id'] == comment_id:
response['comment_text'] = request.json.get('comment_text')
response['version_id'] = str(uuid4())
break
table.update_item(Key={
'comment_id': comment_parent_id,
},
UpdateExpression='SET responses=:val',
ExpressionAttributeValues={':val': responses})
res['msg'] = 'success'
return jsonify(res), 200
def create_response(game_title, post_id, comment_id):
'''
create response of a comment
response_id: uuid,
parent_id: uuid of parents
comment_text: string,
email: current user email,
datetime: str(datetime.utcnow())
version_id: uuid
'''
user = get_current_user()
#user=User.query.get(1)
#print(user)
if not request.json.get('comment_text'):
return jsonify({'msg': 'missing comment_text'}), 400
add_response(user, game_title, post_id, comment_id,
request.json.get('comment_text'))
return jsonify({
'msg':
'success',
'links': [{
'rel':
'return to original post',
'href':
f'{url_for("game.post_page",game_title=game_title,post_id=post_id)}'
}]
}), 200
def unfollow(game_title):
user = get_current_user()
game = Game.query.filter_by(title=game_title).first()
res = {}
res['links'] = [
{
'rel': 'game home page',
'href': f'{url_for("game.home")}'
},
{
'rel': f'{game_title}',
'href': f'{url_for("game.game_posts",game_title=game_title)}'
},
]
if not user:
res['msg'] = 'user not found'
return jsonify(res), 404
if not game:
res['msg'] = 'game not found'
return jsonify(res), 404
if game not in user.following_games:
res['msg'] = 'you did not follow this game'
return jsonify(res), 400
user.following_games.remove(game)
db.session.commit()
res['msg'] = f'{game_title} successfully unfollowed'
return jsonify(res), 200
def delete_response(game_title, post_id, comment_parent_id, comment_id):
user = get_current_user()
#user=User.query.get(1)
comment = Comment.query.filter_by(comment_uuid=comment_id).filter_by(
comment_parent_uuid=comment_parent_id).first()
comment_parent = Comment.query.filter_by(
comment_uuid=comment_parent_id).first()
res = {}
res['links'] = [{
'rel':
'return to original post',
'href':
f'{url_for("game.post_page", game_title=game_title, post_id=post_id)}'
}]
if comment.author != user:
res['msg'] = 'you are not the author of this comment'
return jsonify(res), 400
db.session.delete(comment)
db.session.commit()
responses = table.query(KeyConditionExpression=Key('comment_id').eq(
comment_parent_id))['Items'][0]['responses']
for i in range(len(responses)):
if responses[i]['comment_id'] == comment_id:
responses = responses[:i] + responses[i + 1:]
break
table.update_item(Key={
'comment_id': comment_parent_id,
},
UpdateExpression='SET responses=:val',
ExpressionAttributeValues={':val': responses})
res['msg'] = 'success'
return jsonify(res), 200
def upload_inactive():
if not request.files: # if no files than 400
return 'There is no file in request', 400
upload = request.files['doc_lost']
is_valid, message, dmsudep_owner_id = upload_file_validation(
upload) # the validation used from passport
user = get_current_user()
user_dmsudep_id = user.get('dmsudep_id')
if is_valid:
save_path = os.path.join(INACTIVE_CSV_DIR, upload.filename)
if not os.path.exists(INACTIVE_CSV_DIR):
os.makedirs(INACTIVE_CSV_DIR)
upload.save(save_path)
doc_schema = DocLostUploadSchema()
obj = doc_schema.load(data={ # save all data and send to celery
"file_upload": save_path,
"dep_add_id": user_dmsudep_id,
"user_add_id": user.get('id'),
})
db.session.add(obj)
db.session.commit()
task = celery.send_task('tasks.save_docs_lost',
args=[obj.id],
kwargs={})
# tasks.save_docs_lost(obj.id)
return '', 200
else:
return message, 400
def update_comment(game_title, post_id, comment_id):
'''
similar to update post
'''
user = get_current_user()
comment = Comment.query.filter_by(comment_uuid=comment_id).filter_by(
comment_parent_uuid=comment_id).first()
res = {}
res['inks'] = [{
'rel':
'original post',
'href':
f'{url_for("game.post_page", game_title=game_title, post_id=post_id)}'
}]
if comment.author != user:
res['msg'] = 'you are not the author of this comment'
return jsonify(res), 400
if request.method == 'GET':
try:
comment = table.get_item(Key={
'comment_id': comment_id,
})['Item']
res['version_id'] = comment['version_id']
return jsonify(res), 200
except:
res['msg'] = 'somethign wrong eith dynamodb'
return jsonify(res), 400
if not request.json.get('comment_text'):
res['msg'] = 'missing comment_text'
return jsonify(res), 400
if not request.json.get('version_id'):
res['msg'] = 'missing version_id'
return jsonify(res), 400
try:
table.update_item(
Key={
'comment_id': comment_id,
},
UpdateExpression='SET comment_text=:val, version_id=:vid',
ConditionExpression='version_id=:version_id',
ExpressionAttributeValues={
':val': request.json.get('comment_text'),
':version_id': request.json.get('version_id'),
':vid': str(uuid4())
})
comment = table.get_item(Key={'comment_id': comment_id})['Item']
comment.pop('responses')
requests.post(url + comment_id,
auth=awsauth,
json=comment,
headers=headers)
res['msg'] = 'comment updated'
return jsonify(res), 200
except:
res['msg'] = 'version_id dose not match'
return jsonify(res), 417
def change_requests_list_income():
page = int(request.args.get('page'))
per_page = int(request.args.get('per_page'))
change_request_schema = DocLostChangeRequestListSchema()
queryset = filter_queryset(request.args, DocLostChangeRequest)
user = get_current_user()
user_groups = user.get('groups').values()
user_dmsudep_id = user.get('dmsudep_id')
if PERMISSIONS[
'edit_region'] in user_groups: # if user has "edit_region" show all request from region
url = f'{EIAS_BASE_URL}{EIAS_GET_DEP}{user_dmsudep_id}/'
dep = request_to_passport(url).json()
queryset = queryset.filter_by(region_add_id=dep.get('region'))
elif PERMISSIONS[
'edit_own'] in user_groups: # if user has "edit_own" show all request from his dmsudep
queryset = queryset.join(DocLostChangeRequest.doc_lost).filter(
DocLost.dmsu_add_id == user_dmsudep_id)
queryset = queryset.order_by(desc("created_at"))
change_requests = queryset.paginate(
page=page,
per_page=per_page) # for pagination page and per_page is required
dump = {
'data': change_request_schema.jsonify(change_requests.items,
many=True).json,
'page': change_requests.page,
'per_page': change_requests.per_page,
'total': change_requests.total,
'total_pages': change_requests.pages
}
return jsonify(dump)
def change_requests_approve(change_request_id):
"""
Make changes to DocLostChangeRequest object
makes the object inactive -> active=False
if json_data['approve'] is True? approved field change to True
if json_data['approve'] is False, approved field do not change
"""
user = get_current_user()
user_dmsudep_id = user.get('dmsudep_id')
change_request = DocLostChangeRequest.query.get_or_404(change_request_id)
change_request.active = False # make it False by default
change_request.user_processed_id = user.get('id')
change_request.dep_processed_id = user_dmsudep_id
url = f'{EIAS_BASE_URL}{EIAS_GET_DEP}{user_dmsudep_id}/'
dep = request_to_passport(url).json()
change_request.region_processed_id = dep.get(
'region') # request to passport in order to get dep region
json_data = request.get_json()
if json_data['approve']:
change_request.approved = json_data[
'approve'] # if json_data['approve'] is True, approved field change to True
else:
change_request.reject_text = json_data['reject_text']
db.session.add(change_request)
db.session.commit()
return jsonify(message='Successfully updated'), 200
def handle_send_command(self, data, sender):
''' Handle send_command event.
@type data: Packet
@param data: First packet of the communication.
@type sender: utils.IPv4Address
@param sender: Sender IP address.
'''
# 1. packet
(task_id, user, cmd) = send_command.parse_packet_1(data)
if not user:
user = utils.get_current_user()
sudo_cmd = self.config.get_sudo_cmd()
cmd = "%s -u '%s' %s" % (sudo_cmd, user, cmd)
### Create task
task = Task(task_id, user, cmd)
# 2. packet
packet2 = send_command.make_packet_2()
self.network.write(packet2, sender)
### Run task and add task to the running task list
task.run()
self.tasklist.add_task(sender, task)
# 3. packet
packet3 = send_command.make_packet_3(task.get_task_id())
self.network.write(packet3, sender)
# 4. packet
packet4_data = self.network.read_from(sender)
packet4 = send_command.parse_packet_4(packet4_data)
def doc_lost_change_request():
"""
Add change_request with POST
:table DocLostChangeRequestSchema
"""
sleep(
uniform(0, 1)
) # sleep for situation with double click to prevent saving duplicated
json_data = request.get_json()
doc_lost = DocLost.query.get_or_404(json_data.get('doc_lost_id'))
change_request = doc_lost.change_requests.filter_by(
active=True).first() # validate if the change_requests exists
if change_request:
return "The doc already has change request", 400
doc_lost_change_request_schema = DocLostChangeRequestSchema()
errors = doc_lost_change_request_schema.validate(
json_data) # validate for errors in exists status_code is 400
if errors:
return jsonify(errors), 400
user = get_current_user()
user_dmsudep_id = user.get('dmsudep_id')
json_data['user_add_id'] = user.get('id')
json_data['dep_add_id'] = int(
user.get('dmsudep_id')) # add save user credentials
url = f'{EIAS_BASE_URL}{EIAS_GET_DEP}{user_dmsudep_id}/'
dep = request_to_passport(
url).json() # request to passport in order to get dep region
json_data['region_add_id'] = dep.get('region')
data = doc_lost_change_request_schema.load(json_data)
db.session.add(data)
db.session.commit()
return jsonify(message='Successfully created'), 201
def post(self):
"""Send an invitation mail to the provided email address"""
user = utils.get_current_user()
if not user:
self.error(403)
return
email = self.request.get('email')
token = uuid.uuid1().hex
mail.send_invite_email(email, token)
m = InviteToken(
sender=user.key().id(),
email=email,
token=token
)
m.put()
self.response.headers['Content-Type'] = 'application/json; charset=utf-8'
self.response.headers['Access-Control-Allow-Origin'] = '*'
self.response.out.write(json.dumps({
'message': 'An invitation email was sent to %s' % email,
'email': email,
'token': token,
}))
def post(self):
""" Changes the current users nickname """
new_nickname = self.request.get('nickname')
if not new_nickname:
self.error(409)
return
new_nickname_lower = new_nickname.lower()
user = utils.get_current_user()
if not user:
self.error(403)
return
if new_nickname != user.nickname:
others = User.all().filter('nickname_lower =', new_nickname_lower).get()
if others and others.key() != user.key():
self.error(409)
return
user.nickname_lower = new_nickname_lower
user.nickname = new_nickname
user.save()
self.response.headers['Content-Type'] = 'application/json; charset=utf-8'
self.response.headers['Access-Control-Allow-Origin'] = '*'
self.response.out.write(json.dumps(user.to_struct()))
def get(self):
self.response.headers['Content-Type'] = 'application/json'
user = get_current_user()
if user:
self.response.out.write(json.dumps(user.to_dict()))
else:
self.response.out.write(json.dumps({'status':'error', 'error_type':'Not authorized'}))
def delete_comment(game_title, post_id, comment_id):
'''
similar to delete post
'''
user = get_current_user()
#user=User.query.get(1)
comment = Comment.query.filter_by(comment_uuid=comment_id).filter_by(
comment_parent_uuid=comment_id).first()
if comment.author != user:
return jsonify({'msg': 'you are not the author of this comment'}), 400
for row in Comment.query.filter_by(comment_parent_uuid=comment_id):
db.session.delete(row)
db.session.commit()
table.delete_item(Key={'comment_id': comment_id})
requests.delete(url + comment_id, auth=awsauth, headers=headers)
return jsonify({
'msg':
'comment deleted',
'links': [{
'rel':
'original post',
'href':
f'{url_for("game.post_page",game_title=game_title,post_id=post_id)}'
}]
}), 200
def get(self):
""" Return info about current logged in user
Automatically create internal user models for admin google users.
"""
user = utils.get_current_user()
if not user:
google_user = users.get_current_user()
if not google_user:
self.error(403)
return
if users.is_current_user_admin():
user = utils.create_user(google_user)
else:
self.error(401)
return
data = user.to_struct()
data['is_admin'] = users.is_current_user_admin()
self.response.headers['Content-Type'] = 'application/json; charset=utf-8'
self.response.headers['Access-Control-Allow-Origin'] = '*'
self.response.out.write(json.dumps(data))
def search():
# Handle forms and redirect to clear post data on browser
if request.method == "POST":
return utils.common_molt_actions()
# Display page
elif session.get("current_user") is not None:
query = request.args.get("q")
page_n = request.args.get("p", 1, type=int)
ajax_content = request.args.get("ajax_content")
if request.args.get("ajax_json"):
blocks = dict()
for block in ("title", "heading", "body"):
blocks[block] = render_template(
f"search-ajax-{block}.html",
current_page="search",
query=query,
page_n=page_n,
)
return jsonify(blocks)
else:
if query:
crab_results = models.Crab.search(query)
crab_results = (utils.get_current_user().
filter_user_query_by_not_blocked(crab_results))
molt_results = models.Molt.search(query)
molt_results = utils.get_current_user().filter_molt_query(
molt_results)
molt_results = molt_results.paginate(page_n,
config.MOLTS_PER_PAGE,
False)
else:
molt_results = tuple()
crab_results = tuple()
return render_template(
"search-results.html" if ajax_content else "search.html",
current_page="search",
query=query,
page_n=page_n,
molt_results=molt_results,
crab_results=crab_results,
)
else:
return redirect("/login")
def post(self):
app_user = utils.get_current_user()
if(self.request.get('nickname')):
app_user.nickname = self.request.get('nickname')
app_user.put()
self.response.out.write(utils.status_code_json(200))
def post(self):
app_user = utils.get_current_user()
if (self.request.get('nickname')):
app_user.nickname = self.request.get('nickname')
app_user.put()
self.response.out.write(utils.status_code_json(200))
def add_comment(**kwargs):
start=0
end=DEFAULT_ITEMS
post=Post.objects.get(id=kwargs['post_id'])
user=get_current_user()
comment=Comment(author=user,post=post,content=kwargs['content'])
comment.save()
comments=[obj for obj in Comment.objects(post=post)[start:end]]
return comments
def add_comment(**kwargs):
start = 0
end = DEFAULT_ITEMS
post = Post.objects.get(id=kwargs['post_id'])
user = get_current_user()
comment = Comment(author=user, post=post, content=kwargs['content'])
comment.save()
comments = [obj for obj in Comment.objects(post=post)[start:end]]
return comments
def post(self):
method = self.request.get("_method")
key = utils.url_to_entity_key(self.request.uri)
if key:
playlist = db.get(db.Key(key))
if playlist:
current_user = utils.get_current_user()
#Get corresponding link
library_item = playlist.library_item_for_user(current_user)
if method == "PUT":
need_version_control = False
playlist_changed = False
if(self.request.get('position')): #Rights: Can always update this
current_user.re_sort_playlists(library_item, int(self.request.get('position')))
if (playlist.collaborative or library_item.is_owner): #Rights: Owner or collaborators can update this
if playlist.smart:
utils.parse_smart_filters(playlist, self.request)
playlist_changed = True
if self.request.get('tracks'):
playlist.tracks = self.request.get('tracks')
playlist_changed = True
need_version_control = playlist.collaborative
if library_item.is_owner: #Rights: Only owner can update this
if(self.request.get('name') and len(self.request.get('name')) > 0):
playlist.name = utils.strip_html(self.request.get('name'))
playlist_changed = True
if(self.request.get('collaborative')):
playlist.collaborative = utils.convert_javascript_bool_to_python(self.request.get('collaborative'))
playlist_changed = True
if playlist_changed:
if need_version_control:
if self.request.get('version') and not int(self.request.get('version')) < playlist.version:
playlist.version += 1
playlist.put()
self.response.out.write(utils.status_code_json(200))
else:
self.response.out.write(library_item.serialize())
else:
playlist.put()
self.response.out.write(utils.status_code_json(200))
else:
self.response.out.write(utils.status_code_json(200))
elif method == "DELETE":
library_item.delete()
current_user.re_index_playlists()
if not playlist.has_user():
playlist.delete()
self.response.out.write(utils.status_code_json(200))
def del_favourite_item(post_id):
"""从当前用户删除一条收藏"""
user = get_current_user()
if user is None:
return None
upr = User_Post_Relation.objects().get(user=user)
post = Post.objects().get(id=post_id)
post.update(pull__followers=user)
upr.update(pull__favourites=post)
return get_favourite_items()
def starter(username):
print 'at starter!'
'''The starter page shows a logged in user their posts,
and renders a single field to start a post by entering the post name.
'''
add_form = DataForm()
add_form.tags.data = utils.get_current_user().username
if add_form.validate_on_submit():
# When the post name is entered, forward the user on to write the
# other peices of the post with the name prepopulated (but editable).
# The route to do this is coded directly below this one
return redirect(url_for('add',\
post = add_form.url.data.strip('/'),\
username = username))
return render_template('user.html',
form = add_form,
posts = Post.gql("WHERE author = :author",\
author = utils.get_current_user()).fetch(limit = None))
def del_favourite_item(post_id):
"""从当前用户删除一条收藏"""
user=get_current_user()
if user is None:
return None
upr=User_Post_Relation.objects().get(user=user)
post=Post.objects().get(id=post_id)
post.update(pull__followers=user)
upr.update(pull__favourites=post)
return get_favourite_items()
def current_user():
user = utils.get_current_user()
if not user:
return flask.Response(status=401)
return {
'email': user.email.id() if user.email else '',
'group': user.group.id()
}
def get(self, dir=None):
user = get_current_user()
if user is None:
self.redirect('/login')
else:
template = jinja_environment.get_template('main.html')
params = {"username":user.name, "logout": users.create_logout_url('/')}
params['header'] = { 'stream':True }
params['dir'] = dir
self.response.out.write(template.render(params))
def to_start():
'''this is a switch to render the correct home page, taking a user to the
start page if they have logged in and to the sign up page if they have not.
The `@utils.login_required` decorator above will send a visitor that is not
logged in to the login page, so nothing but the below is required.
'''
return redirect(url_for('starter',\
username = utils.get_current_user().username))
def logout():
current_user = get_current_user()
if current_user is None:
articles, events = collect_from_db_for_index()
return render_template("index.html",
current_user=None,
articles=articles,
events=events)
logout_user()
return redirect("/")
def login(self):
next_url = url_for('account.register')
user = get_current_user()
if user:
oauth_info = get_oauth_by(oauth_type=self.name, uid=g.session['user_id'])
if oauth_info:
return redirect(request.referrer or url_for('index'))
next_url = url_for('account.bind')
callback = '%s%s' % (config.OAUTH_REDIRECT_DOMAIN, url_for('%s_oauth.authorized' % self.name))
return self.oauth_obj.authorize(callback, next_url)
def login():
#print(request.json)
user = get_current_user()
res = {}
res['fields required'] = ['email', 'password']
res['success'] = False
res['links'] = [{
'rel': 'user home page',
'href': f'{url_for("user.home")}',
'type': ['GET']
}]
if user:
res['msg'] = 'you already logged in'
return jsonify(res), 200
#res['msg']='login failed'
if request.method == 'GET':
#session['msg']='dummy message'
return jsonify(res), 200
elif not request.json:
return jsonify(res), 400
else:
email = request.json.get('email')
password = request.json.get('password')
if not email:
res['error'] = 'Missing email'
return jsonify(res), 400
if not password:
res['error'] = 'Missing password'
return jsonify(res), 400
user = User.query.filter_by(email=email).first()
if not user:
res['error'] = 'Email not found'
res['link'] = [{
'rel': 'register',
'href': f'{url_for("user.register")}',
'type': ['GET', 'POST']
}]
return jsonify(res), 400
if not bcrypt.check_password_hash(user.password, password):
res['error'] = 'Wrong password'
return jsonify(res), 401
if user.status == 'PENDING':
res['error'] = 'please activate your account first, check the activation email'
return jsonify(res), 400
res['msg'] = 'login success'
res['success'] = True
token = user.generate_token(15)
res['token'] = token
res['token expiry time'] = 15 * 60
res['refresh_token'] = user.generate_token(60)
res['refresh_token expiry time'] = 60 * 60
#print(jwt.decode(res['token'],application.config['SECRET_KEY']))
#session['token']=token
return jsonify(res), 200
def questionnaire():
user = get_current_user()
if user and user.consented:
graph = facebook.GraphAPI(user.get_short_term_token().access_token)
profile = graph.get_object('me')
return render_template('questionnaire.html', form=EpisodeForm(),
me=profile, name=FACEBOOK_APP_NAME, user=user,
year=datetime.utcnow().year)
return redirect('/')
def get_receives(**kwargs):
"""get the current user's receives list"""
user=get_current_user()
if user is None:
return None
start=kwargs.pop('start',0)
end=kwargs.pop('end',DEFAULT_ITEMS)
try:
upr=User_Post_Relation.objects.get(user=user)
return [post for post in upr.receives[start:end]]
except:
return []
def get_favourite_items(**kwargs):
"""获取当前登录用户的收藏列表"""
user =get_current_user()
if user is None:
return None
try:
upr=User_Post_Relation.objects().get(user=user)
start=kwargs.pop('start',0)
end=kwargs.pop('end',DEFAULT_ITEMS)
return [post for post in upr.favourites[start:end]]
except:
return []
def post(self): #Create new playlist
current_user = utils.get_current_user()
playlist = models.Playlist(name = self.request.get("name"),owner=current_user, smart = utils.convert_javascript_bool_to_python(self.request.get("smart")), share_hash = utils.generate_share_hash())
if playlist.smart:
utils.parse_smart_filters(playlist, self.request)
playlist.put()
library_item = models.Library(user=current_user, playlist=playlist, is_owner=True, position = int(self.request.get("position")))
library_item.put()
self.response.out.write(library_item.serialize())
def post(self):
"""Creates a new tag for the logged in user"""
user = utils.get_current_user()
title = self.request.get('title')
new_title = self.request.get('newTitle') or None
if not user:
self.error(403)
return
if not title:
self.error(400)
# Create new tag
if not new_title:
m = Tag.all().ancestor(user).filter('title_lower =', title.lower()).get()
if m:
# Not unique
self.error(409)
return
m = Tag(
parent=user,
title=title,
title_lower=title.lower(),
)
m.put()
# Rename Tag
else:
m = Tag.all().ancestor(user).filter('title_lower =', new_title.lower()).get()
if m:
# Not unique
self.error(409)
return
m = Tag.all().ancestor(user).filter('title_lower =', title.lower()).get()
if not m:
# Original tag not found
self.error(404)
return
m.title = new_title
m.title_lower = new_title.lower()
m.save()
self.response.headers['Content-Type'] = 'text/plain; charset=utf-8'
self.response.headers['Access-Control-Allow-Origin'] = '*'
self.response.out.write('ok')
def get(self, last_feed=0):
last_feed = int(last_feed)
if last_feed == 0:
last_feed = inf
self.response.headers['Content-Type'] = 'application/json'
user = get_current_user()
if user:
q = Bookmark.all().filter('user ='******'changedate <', last_feed) \
.order('-changedate').run(limit=50)
#self.response.out.write(json.dumps({'error': True, 'error_type': 'Bad params', 'original': word}))
self.response.out.write(json.dumps([i.to_dict() for i in q]))
else:
self.response.out.write(json.dumps({'error': True, 'error_type': 'Not authorized'}))
def login():
roles={1:"stu",2:"admin",3:"teacher"}
if request.method == 'GET':
usr = get_current_user()
if usr is not None:
return redirect("/"+roles[usr.role])
return render_template('account/login.html')
form = LoginForm(request.form)
if form.validate():
login_user(form.user)
return redirect("/"+roles[form.user.role])
for fieldName, errorMessages in form.errors.iteritems():
for err in errorMessages:
flash(err)
return render_template('account/login.html')
def get(self):
"""Gets the tags for the logged in user"""
user = utils.get_current_user()
if not user:
self.error(403)
return
tags = Tag.all().ancestor(user)
self.response.headers['Content-Type'] = 'application/json; charset=utf-8'
self.response.headers['Access-Control-Allow-Origin'] = '*'
tags = [i.to_struct() for i in tags]
self.response.out.write(json.dumps(tags))
