def get_package_tabs(user: User, package: Package):
if package is None or not package.checkPerm(user, Permission.EDIT_PACKAGE):
return []
return [{
"id": "edit",
"title": "Edit Details",
"url": package.getURL("packages.create_edit")
}, {
"id": "releases",
"title": "Releases",
"url": package.getURL("packages.list_releases")
}, {
"id": "screenshots",
"title": "Screenshots",
"url": package.getURL("packages.screenshots")
}, {
"id": "maintainers",
"title": "Maintainers",
"url": package.getURL("packages.edit_maintainers")
}, {
"id": "audit",
"title": "Audit Log",
"url": package.getURL("packages.audit")
}, {
"id": "share",
"title": "Share and Badges",
"url": package.getURL("packages.share")
}, {
"id": "remove",
"title": "Remove",
"url": package.getURL("packages.remove")
}]
def do_create_screenshot(user: User, package: Package, title: str, file, reason: str = None):
thirty_minutes_ago = datetime.datetime.now() - datetime.timedelta(minutes=30)
count = package.screenshots.filter(PackageScreenshot.created_at > thirty_minutes_ago).count()
if count >= 20:
raise LogicError(429, "Too many requests, please wait before trying again")
uploaded_url, uploaded_path = upload_file(file, "image", "a PNG or JPG image file")
counter = 1
for screenshot in package.screenshots.all():
screenshot.order = counter
counter += 1
ss = PackageScreenshot()
ss.package = package
ss.title = title or "Untitled"
ss.url = uploaded_url
ss.approved = package.checkPerm(user, Permission.APPROVE_SCREENSHOT)
ss.order = counter
db.session.add(ss)
if reason is None:
msg = "Created screenshot {}".format(ss.title)
else:
msg = "Created screenshot {} ({})".format(ss.title, reason)
addNotification(package.maintainers, user, NotificationType.PACKAGE_EDIT, msg, package.getURL("packages.view"), package)
addAuditLog(AuditSeverity.NORMAL, user, msg, package.getURL("packages.view"), package)
db.session.commit()
return ss
def check_can_create_release(user: User, package: Package):
if not package.checkPerm(user, Permission.MAKE_RELEASE):
raise LogicError(403, "You do not have permission to make releases")
five_minutes_ago = datetime.datetime.now() - datetime.timedelta(minutes=5)
count = package.releases.filter(
PackageRelease.releaseDate > five_minutes_ago).count()
if count >= 5:
raise LogicError(
429,
"You've created too many releases for this package in the last 5 minutes, please wait before trying again"
)
def order_screenshots(token: APIToken, package: Package):
if not token:
error(401, "Authentication needed")
if not package.checkPerm(token.owner, Permission.ADD_SCREENSHOTS):
error(403, "You do not have the permission to delete screenshots")
if not token.canOperateOnPackage(package):
error(403, "API token does not have access to the package")
json = request.json
if json is None or not isinstance(json, list):
error(400, "Expected order body to be array")
return api_order_screenshots(token, package, request.json)
def create_screenshot(token: APIToken, package: Package):
if not token:
error(401, "Authentication needed")
if not package.checkPerm(token.owner, Permission.ADD_SCREENSHOTS):
error(403, "You do not have the permission to create screenshots")
data = request.form
if "title" not in data:
error(400, "Title is required in the POST data")
file = request.files.get("file")
if file is None:
error(400, "Missing 'file' in multipart body")
return api_create_screenshot(token, package, data["title"], file)
def delete_screenshot(token: APIToken, package: Package, id: int):
ss = PackageScreenshot.query.get(id)
if ss is None or ss.package != package:
error(404, "Screenshot not found")
if not token:
error(401, "Authentication needed")
if not package.checkPerm(token.owner, Permission.ADD_SCREENSHOTS):
error(403, "You do not have the permission to delete screenshots")
if not token.canOperateOnPackage(package):
error(403, "API token does not have access to the package")
if package.cover_image == ss:
package.cover_image = None
db.session.merge(package)
db.session.delete(ss)
db.session.commit()
return jsonify({"success": True})
def do_edit_package(user: User,
package: Package,
was_new: bool,
data: dict,
reason: str = None):
if not package.checkPerm(user, Permission.EDIT_PACKAGE):
raise LogicError(403,
"You do not have permission to edit this package")
if "name" in data and package.name != data["name"] and \
not package.checkPerm(user, Permission.CHANGE_NAME):
raise LogicError(
403, "You do not have permission to change the package name")
for alias, to in ALIASES.items():
if alias in data:
data[to] = data[alias]
validate(data)
if "type" in data:
data["type"] = PackageType.coerce(data["type"])
if "license" in data:
data["license"] = get_license(data["license"])
if "media_license" in data:
data["media_license"] = get_license(data["media_license"])
for key in [
"name", "title", "short_desc", "desc", "type", "license",
"media_license", "repo", "website", "issueTracker", "forums"
]:
if key in data:
setattr(package, key, data[key])
if package.type == PackageType.TXP:
package.license = package.media_license
if was_new and package.type == PackageType.MOD:
m = MetaPackage.GetOrCreate(package.name, {})
package.provides.append(m)
if "tags" in data:
package.tags.clear()
for tag_id in data["tags"]:
if is_int(tag_id):
package.tags.append(Tag.query.get(tag_id))
else:
tag = Tag.query.filter_by(name=tag_id).first()
if tag is None:
raise LogicError(400, "Unknown tag: " + tag_id)
package.tags.append(tag)
if "content_warnings" in data:
package.content_warnings.clear()
for warning_id in data["content_warnings"]:
if is_int(warning_id):
package.content_warnings.append(
ContentWarning.query.get(warning_id))
else:
warning = ContentWarning.query.filter_by(
name=warning_id).first()
if warning is None:
raise LogicError(400, "Unknown warning: " + warning_id)
package.content_warnings.append(warning)
if not was_new:
if reason is None:
msg = "Edited {}".format(package.title)
else:
msg = "Edited {} ({})".format(package.title, reason)
severity = AuditSeverity.NORMAL if user in package.maintainers else AuditSeverity.EDITOR
addAuditLog(severity, user, msg, package.getDetailsURL(), package)
db.session.commit()
return package