def purchase_do(request, product):
if not product:
raise Http404("Product cannot be found")
if UserProduct.get_product(auth.get_current_user(request), product):
return render_to_response('store/details.html',
{'p': product,
'msg': "You already own this application - to associate with a different device please contact support or use another account."},
RequestContext(request))
if request.method == "POST":
form = PurchaseForm(data=request.POST)
if form.is_valid():
data = form.cleaned_data
pin = data["pin"]
email = data["email"]
user = auth.get_current_user(request)
user.preferred_email = email
user.put()
else:
return render_to_response('store/purchase_info.html',
{ 'form': form },
RequestContext(request))
else:
pin = request.GET.get("pin", None)
email = auth.get_current_user(request).preferred_email
if not (pin and email):
form = PurchaseForm(data={'email': email, 'pin': pin})
return render_to_response('store/purchase_info.html',
{ 'form': form, 'product': product },
RequestContext(request))
tx = PaypalRequest.prepare(product, auth.get_current_user(request), pin)
return render_to_response('store/purchase.html',
{'product': product,
'pin': pin,
'txid': tx.key() },
RequestContext(request))
def get(self):
user = get_current_user(self.request)
if (user.permissions == wmodels.DEACTIVATED_USER or user.permissions == wmodels.PENDING_USER):
self.redirect('/')
return
item_id = ndb.Key(urlsafe=self.request.get('item_id'))
item = item_id.get()
item = findUpdatedItem(item_id)
user = get_current_user(self.request)
template = JINJA_ENVIRONMENT.get_template('templates/edit_item.html')
page = template.render({'item': item, 'user':user})
page = page.encode('utf-8')
self.response.write(validateHTML(page))
def post(self):
user = get_current_user(self.request)
l = ndb.Key(urlsafe=self.request.get('list')).get()
if l.owner == user.key:
l.public = self.request.get('public') == 'public'
l.put()
self.redirect('/view_list?list=' + l.key.urlsafe())
def createSpot(request):
user = auth.get_current_user(request)
all_clear = False
if request.method == 'POST':
spot_form = forms.SpotForm(request.POST, {'author': user})
constraint_form = forms.SpotConstraintForm(request.POST)
if constraint_form.is_valid() and spot_form.is_valid():
constraint_keys = saveConstraint(constraint_form.cleaned_data)
spot = spot_form.save()
spot.author = user
AutoRetry(spot).put()
connectConstraintsAndSpot(constraint_keys, spot.key())
all_clear = True
else:
spot_form = forms.SpotForm()
constraint_form = forms.SpotConstraintForm()
if all_clear:
return HttpResponseRedirect(reverse('traffic_log.listSpots'))
return render_to_response('traffic_log/create_edit_spot.html',
context(spot=spot_form,
constraint_form=constraint_form,
Author=user,
formaction="/traffic_log/spot/create/"),
context_instance=RequestContext(request))
def post(self):
user = get_current_user(self.request)
name = self.request.get('name')
public = self.request.get('public') == 'public'
l = List(name=name, owner=user.key, public=public)
k = l.put()
self.redirect('/view_lists')
def show_product():
productId = int(request.args.get('productId'))
form = ProductForm(request.form)
product = Product.query.get(productId)
dto = ProductDetailDTO(product)
if request.method == 'POST':
if not get_current_user().isAdmin:
return Response('', status=401)
if form.validate():
product = Product.query.get(productId)
product.price = form.price.data
product.name = form.name.data
if form.hidden.data == "1":
photo = request.files['photo']
photo.save(os.getenv('photo_dir') + fr'\{product.code}.jpg')
db.session.commit()
return flask.redirect(url_for('products'))
return render_template('product.html', product=dto, form=form)
form.price.default = product.price
form.name.default = product.name
form.process()
return render_template('product.html', product=dto, form=form)
def post(self):
if get_current_user(self.request).permissions == "Standard user":
self.redirect('/')
return
if self.request.get('revert') == "True":
selected_item = ndb.Key(urlsafe=self.request.get('item_id'))
si = selected_item.get()
si.approved = True
si.outdated = False
si.child = None
si.put()
discarded_item = ndb.Key(urlsafe=self.request.get('newest_id'))
while discarded_item != selected_item:
next_item = discarded_item.parent()
discarded_item.delete()
discarded_item = next_item
else:
item = ndb.Key(urlsafe=self.request.get('item_id')).get()
for thing in item.suggested_edits:
thing.delete()
item.suggested_edits = []
item.approved = True
item.put()
#sleep(0.1)
self.redirect('/review_edits')
def createSpot(request):
user = auth.get_current_user(request)
all_clear = False
if request.method == 'POST':
spot_form = forms.SpotForm(request.POST, {'author':user})
constraint_form = forms.SpotConstraintForm(request.POST)
if constraint_form.is_valid() and spot_form.is_valid():
constraint_keys = saveConstraint(constraint_form.cleaned_data)
spot = spot_form.save()
spot.author = user
AutoRetry(spot).put()
connectConstraintsAndSpot(constraint_keys, spot.key())
all_clear = True
else:
spot_form = forms.SpotForm()
constraint_form = forms.SpotConstraintForm()
if all_clear:
return HttpResponseRedirect(reverse('traffic_log.listSpots'))
return render_to_response('traffic_log/create_edit_spot.html',
context(spot=spot_form,
constraint_form=constraint_form,
Author=user,
formaction="/traffic_log/spot/create/"
), context_instance=RequestContext(request))
def filter_entities(entity, entitiesList):
"""
Return the list entities filtered if privateData is on for the entities.
"""
onlyUsersEntities = False
if auth_enabled:
# If auth_enabled is true, getting the current user becomes
# possible because authentification_verify decorator has been
# already checked.
currentUser = get_current_user()
onlyUsersEntities = check_private_data_for_entity(
currentUser, entity)
if onlyUsersEntities:
# if private data is applied and the entities' owner is different from
# current user, then the entities will not be added to the list to
# show if auth disabled, onlyUsersEntities becomes always False and all
# the entities are added to the list to show
return dict((k, v) for k, v in entitiesList.iteritems()
if ((entity == 'reservations' and currentUser.login in
v['users']) or (entity == 'jobs' and
currentUser.login == v['login'])))
return entitiesList
def editSpot(request, spot_key=None):
spot = AutoRetry(models.Spot).get(spot_key)
user = auth.get_current_user(request)
if request.method == 'POST':
spot_form = forms.SpotForm(request.POST)
constraint_form = forms.SpotConstraintForm(request.POST)
# check if spot is changed
# check if new constraint to be added
if spot_form.is_valid():
for field in spot_form.fields.keys():
setattr(spot,field,spot_form.cleaned_data[field])
spot.author = user
AutoRetry(models.Spot).put(spot)
if constraint_form.is_valid():
connectConstraintsAndSpot(
saveConstraint(constraint_form.cleaned_data), spot.key()
)
return HttpResponseRedirect('/traffic_log/spot/%s'%spot.key())
else:
return render_to_response('traffic_log/create_edit_spot.html',
context(spot=forms.SpotForm(instance=spot),
spot_key=spot_key,
constraints=spot.constraints,
constraint_form=forms.SpotConstraintForm(),
edit=True,
dow_dict=constants.DOW_DICT,
formaction="/traffic_log/spot/edit/%s"%spot.key()
), context_instance=RequestContext(request))
def editSpot(request, spot_key=None):
spot = AutoRetry(models.Spot).get(spot_key)
user = auth.get_current_user(request)
if request.method == 'POST':
spot_form = forms.SpotForm(request.POST)
constraint_form = forms.SpotConstraintForm(request.POST)
# check if spot is changed
# check if new constraint to be added
if spot_form.is_valid():
for field in spot_form.fields.keys():
setattr(spot, field, spot_form.cleaned_data[field])
spot.author = user
AutoRetry(models.Spot).put(spot)
if constraint_form.is_valid():
connectConstraintsAndSpot(
saveConstraint(constraint_form.cleaned_data), spot.key())
return HttpResponseRedirect('/traffic_log/spot/%s' % spot.key())
else:
return render_to_response(
'traffic_log/create_edit_spot.html',
context(spot=forms.SpotForm(instance=spot),
spot_key=spot_key,
constraints=spot.constraints,
constraint_form=forms.SpotConstraintForm(),
edit=True,
dow_dict=constants.DOW_DICT,
formaction="/traffic_log/spot/edit/%s" % spot.key()),
context_instance=RequestContext(request))
def post(self):
user = get_current_user(self.request)
l = ndb.Key(urlsafe=self.request.get('list')).get()
updateList(l)
codes = [i.get().qr_code for i in l.items]
item = ndb.Key(urlsafe=self.request.get('item')).get()
if (l.public and user.permissions in [wmodels.TRUSTED_USER, wmodels.ADMIN]) or user.key == l.owner:
if item.qr_code in codes:
removeFromList(l.key, i)
def create_post():
form = forms.ComposePostForm()
if form.validate_on_submit():
try:
query.save_post(form.title.data, form.text.data, auth.get_current_user().id)
return redirect(url_for("routes.posts"))
except:
flash("Something went wrong!")
return render_template("create_post.html", form=form)
def post(self):
if get_current_user(self.request).permissions == "Standard user":
self.redirect('/')
return
item = ndb.Key(urlsafe=self.request.get('item_id')).get()
item.approved = False
item.put()
#sleep(0.1)
self.redirect('/review_edits')
def get(self):
user = get_current_user(self.request)
firebase_name = auth.get_user_name(self.request)
# Rare case that someone changed their name.
if user.name != firebase_name:
user.name = firebase_name
# TODO: search all edits by this user and change the names there.
user.put()
self.redirect('/')
def post(self):
user = get_current_user(self.request)
l = ndb.Key(urlsafe=self.request.get('list')).get()
if l.public and user.permissions in [wmodels.TRUSTED_USER, wmodels.ADMIN]:
l.key.delete()
elif l.owner == user.key:
l.key.delete()
self.redirect('/view_lists')
def finishReadingSpotCopy(request, spot_copy_key=None):
dow, hour, slot = _get_slot_from_request(request)
# Check if a single spot constraint exists for the dow, hour, slot.
q = (models.SpotConstraint.all()
.filter("dow =", dow)
.filter("hour =", hour)
.filter("slot =", slot))
count = AutoRetry(q).count(1)
if count == 0:
raise ValueError("No spot constraint found for dow=%r, hour=%r, slot=%r" % (
dow, hour, slot))
elif count > 1:
# kumar: not sure if this will actually happen
raise ValueError("Multiple spot constraints found for dow=%r, hour=%r, slot=%r" % (
dow, hour, slot))
constraint = AutoRetry(q).fetch(1)[0]
spot_copy = AutoRetry(models.SpotCopy).get(spot_copy_key)
# Check if spot has already been read (i.e., logged).
today = time_util.chicago_now().date()
q = (models.TrafficLogEntry.all()
.filter("log_date =", today)
.filter("spot =", spot_copy.spot)
.filter("dow =", dow)
.filter("hour =", hour)
.filter("slot =", slot))
if AutoRetry(q).count(1):
existing_logged_spot = AutoRetry(q).fetch(1)[0]
raise RuntimeError("This spot %r at %r has already been read %s" % (
spot_copy.spot, constraint, existing_logged_spot.reader))
# Remove spot copy from the spot's list.
spot_copy.spot.finish_spot_copy()
# Log spot read.
logged_spot = models.TrafficLogEntry(
log_date = today,
spot = spot_copy.spot,
spot_copy = spot_copy,
dow = dow,
hour = hour,
slot = slot,
scheduled = constraint,
readtime = time_util.chicago_now(),
reader = auth.get_current_user(request)
)
AutoRetry(logged_spot).put()
return {
'spot_copy_key': str(spot_copy.key()),
'spot_constraint_key': str(constraint.key()),
'logged_spot': str(logged_spot.key())
}
def create(request, keyname):
"Backdoor to create a new entity"
u = auth.get_current_user(request)
if u.is_admin:
p = Product(key_name=keyname)
p.name = "New Product"
p.description = "The description"
p.put()
return HttpResponseRedirect(reverse('store-edit', args=(p.key(),)))
return HttpResponseRedirect(reverse('store-index'))
def get(self):
user = get_current_user(self.request)
lists = List.query(ndb.OR(
List.owner == user.key,
List.public == True,
)).fetch()
template = JINJA_ENVIRONMENT.get_template('templates/view_lists.html')
page = template.render({'lists': lists, 'user': user})
page = page.encode('utf-8')
self.response.write(validateHTML(page))
def finishReadingSpotCopy(request, spot_copy_key=None):
dow, hour, slot = _get_slot_from_request(request)
# Check if a single spot constraint exists for the dow, hour, slot.
q = (models.SpotConstraint.all().filter("dow =", dow).filter(
"hour =", hour).filter("slot =", slot))
count = AutoRetry(q).count(1)
if count == 0:
raise ValueError(
"No spot constraint found for dow=%r, hour=%r, slot=%r" %
(dow, hour, slot))
elif count > 1:
# kumar: not sure if this will actually happen
raise ValueError(
"Multiple spot constraints found for dow=%r, hour=%r, slot=%r" %
(dow, hour, slot))
constraint = AutoRetry(q).fetch(1)[0]
spot_copy = AutoRetry(models.SpotCopy).get(spot_copy_key)
# Check if spot has already been read (i.e., logged).
today = time_util.chicago_now().date()
q = (models.TrafficLogEntry.all().filter("log_date =", today).filter(
"spot =",
spot_copy.spot).filter("dow =",
dow).filter("hour =",
hour).filter("slot =", slot))
if AutoRetry(q).count(1):
existing_logged_spot = AutoRetry(q).fetch(1)[0]
raise RuntimeError(
"This spot %r at %r has already been read %s" %
(spot_copy.spot, constraint, existing_logged_spot.reader))
# Remove spot copy from the spot's list.
spot_copy.spot.finish_spot_copy()
# Log spot read.
logged_spot = models.TrafficLogEntry(log_date=today,
spot=spot_copy.spot,
spot_copy=spot_copy,
dow=dow,
hour=hour,
slot=slot,
scheduled=constraint,
readtime=time_util.chicago_now(),
reader=auth.get_current_user(request))
AutoRetry(logged_spot).put()
return {
'spot_copy_key': str(spot_copy.key()),
'spot_constraint_key': str(constraint.key()),
'logged_spot': str(logged_spot.key())
}
def delete_post(id):
post = query.get_post_by_id(id)
if post.user_id.id == auth.get_current_user().id:
try:
query.delete_post(id)
return redirect(url_for("routes.posts"))
except:
flash("Something went wrong!")
abort(500)
else:
abort(403)
def update_rating(self, productId, rating):
userId = get_current_user().id
vote = Vote.query.filter_by(productId=productId, userId=userId).first() or \
Vote(productId=productId, userId=userId)
vote.vote = rating
db.session.add(vote)
db.session.commit()
return Product.query.get(productId).get_formatted_votes()
def get_vars(request):
current_user = auth.get_current_user(request)
if request.method == "POST":
form = PlaylistTrackForm(data=request.POST)
else:
form = PlaylistTrackForm()
form.current_user = current_user
vars = {"form": form, "playlist": form.playlist}
vars.update(common_context)
return vars
def delete_event(request, event_key):
e = None
try:
e = AutoRetry(PlaylistEvent).get(event_key)
except BadKeyError:
pass
else:
if e and e.selector.key() == auth.get_current_user(request).key():
e.delete()
playlist_event_listeners.delete(event_key)
return HttpResponseRedirect(reverse('playlists_landing_page'))
def handle_upload(request):
form = UploadForm(request.POST, request.FILES)
if form.is_valid():
user = auth.get_current_user(request)
q = ImportList.gql("where user = :1", user)
for result in q:
result.delete()
lst = ImportList()
lst.user = user
lst.data = request.FILES['file'].read()
lst.put()
return form
def get_vars(request):
current_user = auth.get_current_user(request)
if request.method == 'POST':
form = PlaylistTrackForm(data=request.POST)
else:
form = PlaylistTrackForm()
form.current_user = current_user
vars = {'form': form, 'playlist': form.playlist}
vars.update(common_context)
return vars
def post(self):
name = flask.request.form.get('name')
url = flask.request.form.get('url')
secondary_url = flask.request.form.get('secondary_url')
if name is None or url is None:
return '"name" and "url" params required', 400
shortcut = Shortcut.query.filter(Shortcut.name == name).first()
if not shortcut:
return flask.redirect('/?error=%s+does+not+exist' % name)
shortcut.url = url
shortcut.secondary_url = secondary_url
if auth.get_current_user() != shortcut.owner:
# Transfer 'ownership'.
# TODO: Email notification.
shortcut.owner = auth.get_current_user()
db.session.add(shortcut)
db.session.commit()
return flask.redirect('/?edited=%s' % name)
def delete_event(request, event_key):
e = None
try:
e = AutoRetry(PlaylistEvent).get(event_key)
except BadKeyError:
pass
else:
if e and e.selector.key() == auth.get_current_user(request).key():
e.delete()
playlist_event_listeners.delete(event_key)
return HttpResponseRedirect(reverse("playlists_landing_page"))
def get(self):
user = get_current_user(self.request)
l = ndb.Key(urlsafe=self.request.get('list')).get()
updateList(l)
if not l.public and user.key != l.owner:
self.redirect('/view_lists')
return
items = [k.get() for k in l.items]
template = JINJA_ENVIRONMENT.get_template('templates/view_list.html')
page = template.render({'list': l, 'items': items, 'user': user})
page = page.encode('utf-8')
self.response.write(validateHTML(page))
def put(self, is_guest=False):
"""User could be built from sessions, need write through these users"""
super(User, self).put()
if is_guest:
return
from auth import get_current_user, update_current_user
user = get_current_user()
if user and user.username == self.username:
update_current_user(self)
def get(self):
# logging.info("View Item Details")
user = get_current_user(self.request)
template = JINJA_ENVIRONMENT.get_template('templates/item_details.html')
item = ndb.Key(urlsafe=self.request.get('item_id')).get()
pending_edit = (len(item.suggested_edits) > 0)
lists = List.query(ndb.OR(List.owner == user.key, List.public == True)).fetch()
page = template.render({'item':item,
'pending_edit':pending_edit,
'user':user,
'lists':lists})
page = page.encode('utf-8')
self.response.write(validateHTML(page))
def put(self, is_guest=False):
"""User could be built from sessions, need write through these users"""
super(User, self).put()
if is_guest:
return
from auth import get_current_user, update_current_user
user = get_current_user()
if user and user.username == self.username:
update_current_user(self)
def get(self):
user = get_current_user(self.request)
template = JINJA_ENVIRONMENT.get_template('templates/index.html')
lists = List.query(ndb.OR(List.owner == user.key, List.public == True)).fetch()
item_name_filter = self.request.get('filter_by_name')
item_type_filter = self.request.get('filter_by_item_type')
item_condition_filter = self.request.get_all('filter_by_condition')
item_color_filter = self.request.get_all('filter_by_color')
item_color_grouping_filter = self.request.get('filter_by_color_grouping')
item_article_filter = self.request.get('filter_by_article')
costume_size_string_filter = self.request.get('filter_by_costume_size_string')
costume_size_number_min = self.request.get('filter_by_costume_size_min')
costume_size_number_max = self.request.get('filter_by_costume_size_max')
if not costume_size_number_max:
costume_size_number_max = "26"
if not costume_size_number_min:
costume_size_number_min = "0"
exclude_unknown_size = self.request.get('excludeUnknownSize', '') == "true"
tags_filter = self.request.get('filter_by_tags')
tags_grouping_filter = self.request.get('filter_by_tag_grouping')
availability_filter = self.request.get('filter_by_availability')
user_id = auth.get_user_id(self.request)
items = filterItems(
user_id,
item_name_filter,
item_type_filter,
item_condition_filter,
item_color_filter,
item_color_grouping_filter,
item_article_filter,
costume_size_string_filter,
costume_size_number_min,
costume_size_number_max,
exclude_unknown_size,
tags_filter,
tags_grouping_filter,
availability_filter,
outdated=False)
# send to display
page = template.render({
'lists': lists,
'user': user,
'items': items,
'user_id': user_id})
page = page.encode('utf-8')
self.response.write(validateHTML(page))
def post(self):
user = auth.get_user_id(self.request)
to_check_out = self.request.get_all('keys')
reason = self.request.get('reason')
while to_check_out:
urlsafe_key = to_check_out.pop()
item = ndb.Key(urlsafe=urlsafe_key).get()
if item.key.parent() != None:
to_check_out.append(item.key.parent().urlsafe())
item.checked_out = True
item.checked_out_by = user
item.checked_out_by_name = get_current_user(self.request).name
item.checked_out_reason = reason
item.put()
self.redirect("/")
def update_post(id):
form = forms.ComposePostForm()
post = query.get_post_by_id(id)
if post.user_id.id == auth.get_current_user().id:
if form.validate_on_submit():
try:
query.update_post(id, form.title.data, form.text.data)
return redirect(url_for("routes.posts"))
except:
flash("Something went wrong!")
form.title.data = post.title
form.text.data = post.text
return render_template("update_post.html", id=id, form=form)
else:
abort(403)
def delete_event(request, event_key):
e = None
try:
e = AutoRetry(PlaylistEvent).get(event_key)
except BadKeyError:
pass
else:
if e and e.selector.key() == auth.get_current_user(request).key():
e.delete()
# This avoids seeing dupes after deleting the last
# submitted track.
memcache.delete('playlist.last_track')
playlist_event_listeners.delete(event_key)
return HttpResponseRedirect(reverse('playlists_landing_page'))
def get(self):
# logging.info("Manage Deletions")
user = get_current_user(self.request)
if (user.permissions == "Standard user"):
self.redirect('/')
return
template = JINJA_ENVIRONMENT.get_template('templates/review_deletions.html')
items = Item.query().order(-Item.updated).fetch()
deleted = []
for item in items:
if (item.marked_for_deletion or item.deleted) and item.child == None:
deleted.append(item)
page = template.render({'deleted':deleted})
page = page.encode('utf-8')
self.response.write(validateHTML(page))
def download(request):
user = auth.get_current_user(request)
if not user:
pin = request.GET["pin"].upper()
code = request.GET["code"]
product = Product.get_by_key_name("ContactLoader")
userproduct = UserProduct.gql("where product = :1 and pin = :2",
product, pin).get()
if not userproduct or not userproduct.validate_code(code):
raise Http404("Could not find activation data")
user = userproduct.parent()
lst = ImportList.gql("where user = :1", user).get()
if not lst:
raise Http404("No list has been uploaded on the account yet")
return HttpResponse(lst.data, "text/csv")
def delete_event(request, event_key):
e = None
try:
e = AutoRetry(PlaylistEvent).get(event_key)
except BadKeyError:
pass
else:
if e and e.selector.key() == auth.get_current_user(request).key():
e.delete()
# This avoids seeing dupes after deleting the last
# submitted track.
memcache.delete('playlist.last_track')
playlist_event_listeners.delete(event_key)
return HttpResponseRedirect(reverse('playlists_landing_page'))
def createEditSpotCopy(request, spot_copy_key=None, spot_key=None):
if spot_copy_key:
spot_copy = AutoRetry(models.SpotCopy).get(spot_copy_key)
spot_key = spot_copy.spot.key(
) # so that dropdown box is selected when editing
formaction = reverse('traffic_log.editSpotCopy',
args=(spot_copy_key, ))
else:
if spot_key:
formaction = reverse('traffic_log.views.addCopyForSpot',
args=(spot_key, ))
else:
formaction = reverse('traffic_log.createSpotCopy')
spot_copy = None
user = auth.get_current_user(request)
if request.method == 'POST':
spot_copy_form = forms.SpotCopyForm(request.POST, {
'author': user,
'spot_key': spot_key
},
instance=spot_copy)
if spot_copy_form.is_valid():
spot_copy = spot_copy_form.save()
old_spot = spot_copy.spot
spot_copy.author = user
spot_copy.spot = AutoRetry(models.Spot).get(
spot_copy_form['spot_key'].data)
# Add spot copy to spot's list of shuffled spot copies.
spot_copy.spot.add_spot_copy(spot_copy)
AutoRetry(spot_copy).put()
if old_spot:
# just in case this copy was moved from one spot
# to another, bust the old cache of spot copies
# See Issue 124
old_spot.shuffle_spot_copies()
AutoRetry(old_spot).save()
return HttpResponseRedirect(reverse('traffic_log.listSpots'))
else:
spot_copy_form = forms.SpotCopyForm(initial={'spot_key': spot_key},
instance=spot_copy)
return render_to_response('traffic_log/create_edit_spot_copy.html',
context(spot_copy=spot_copy_form,
formaction=formaction),
context_instance=RequestContext(request))
def post(self):
#template = JINJA_ENVIRONMENT.get_template('templates/index.html')
item_key = ndb.Key(urlsafe=self.request.get('item_id'))
user = get_current_user(self.request)
try:
commitDelete(item_key, user)
removeFromAllLists(item_key)
except TransactionFailedError as e:
# TODO: Expose this message to the user.
logging.info('could not delete the item, please try again')
# Redirect back to items view.
#sleep(0.1)
if user.permissions == "Standard user":
self.redirect('/item_details?'+urllib.urlencode({'item_id':item_key.urlsafe()}))
else:
self.redirect("/search_and_browse")
def edit(request, id):
u = auth.get_current_user(request)
if u.is_admin:
p = Product.get(id)
if not p:
raise Http404("Product cannot be found")
elif request.method == "POST":
form = ProductForm(data=request.POST, instance=p)
if form.is_valid():
form.save()
else:
form = ProductForm(instance=p)
return render_to_response('store/edit.html',
{ 'form': form },
RequestContext(request))
return HttpResponseRedirect(reverse('store-index'))
def index(request):
user = auth.get_current_user(request)
product = Product.get_by_key_name("ContactLoader")
lst = None
form = None
reg = UserProduct.get_product(user, product)
if reg:
if request.method == "POST":
form = handle_upload(request)
else:
form = UploadForm()
lst = ImportList.gql("where user = :1", user).get()
return render_to_response('contactloader/index.html',
{'lst': lst,
'reg': reg,
'product': product,
'form': form },
RequestContext(request))
def test_get_current_user(self):
# Set up a test user.
email = '*****@*****.**'
user = User(email=email)
user.save()
# Create some security tokens.
expired_token = auth._create_security_token(user)
self.now += 0.75 * auth._TOKEN_TIMEOUT_S
stale_token = auth._create_security_token(user)
self.now += 0.75 * auth._TOKEN_TIMEOUT_S
good_token = auth._create_security_token(user)
# Create a test HttpRequest, and test using it against our
# various tokens.
request = http.HttpRequest()
request.COOKIES[auth._CHIRP_SECURITY_TOKEN_COOKIE] = expired_token
self.assertEqual(None, auth.get_current_user(request))
request.COOKIES[auth._CHIRP_SECURITY_TOKEN_COOKIE] = stale_token
user = auth.get_current_user(request)
self.assertEqual(email, user.email)
self.assertTrue(user._credentials.security_token_is_stale)
request.COOKIES[auth._CHIRP_SECURITY_TOKEN_COOKIE] = good_token
user = auth.get_current_user(request)
self.assertEqual(email, user.email)
self.assertFalse(user._credentials.security_token_is_stale)
# Test that a password reset token can be used to authenticate
# when POSTed in a variable named CHIRP_Auth.
request = http.HttpRequest()
request.method = "POST"
self.assertEqual(None, auth.get_current_user(request))
request.POST["CHIRP_Auth"] = base64.urlsafe_b64encode(expired_token)
self.assertEqual(None, auth.get_current_user(request))
request.POST["CHIRP_Auth"] = "bogus!!!"
self.assertEqual(None, auth.get_current_user(request))
request.POST["CHIRP_Auth"] = base64.urlsafe_b64encode(good_token)
user = auth.get_current_user(request)
self.assertEqual(email, user.email)
# Check that we will reject an inactive user.
user.is_active = False
user.save()
self.assertRaises(auth.UserNotAllowedError,
auth.get_current_user, request)
user.is_active = True
user.save()
def user_change_password(user_id):
user = db.User.find_one_or_404({'_id': user_id})
current_user = get_current_user()
@redirect_on_false_decorator(user == current_user or has_role('ROLE_ADMIN', user=current_user))
def action():
error = None
if request.method == 'POST':
if verify_password_change(user):
change_password_for_user(user)
flash('Your password was changed!')
return redirect(url_for('index'))
else:
error = 'Incorrect form data'
return render_template('user/change_password.html', user=user, error=error)
return action()
def createEditSpotCopy(request, spot_copy_key=None, spot_key=None):
if spot_copy_key:
spot_copy = AutoRetry(models.SpotCopy).get(spot_copy_key)
spot_key = spot_copy.spot.key() # so that dropdown box is selected when editing
formaction = reverse('traffic_log.editSpotCopy', args=(spot_copy_key,))
else:
if spot_key:
formaction = reverse('traffic_log.views.addCopyForSpot', args=(spot_key,))
else:
formaction = reverse('traffic_log.createSpotCopy')
spot_copy = None
user = auth.get_current_user(request)
if request.method == 'POST':
spot_copy_form = forms.SpotCopyForm(request.POST, {
'author':user,
'spot_key':spot_key
}, instance=spot_copy)
if spot_copy_form.is_valid():
spot_copy = spot_copy_form.save()
old_spot = spot_copy.spot
spot_copy.author = user
spot_copy.spot = AutoRetry(models.Spot).get(spot_copy_form['spot_key'].data)
# Add spot copy to spot's list of shuffled spot copies.
spot_copy.spot.add_spot_copy(spot_copy)
AutoRetry(spot_copy).put()
if old_spot:
# just in case this copy was moved from one spot
# to another, bust the old cache of spot copies
# See Issue 124
old_spot.shuffle_spot_copies()
AutoRetry(old_spot).save()
return HttpResponseRedirect(reverse('traffic_log.listSpots'))
else:
spot_copy_form = forms.SpotCopyForm(initial={'spot_key':spot_key}, instance=spot_copy)
return render_to_response('traffic_log/create_edit_spot_copy.html',
context(spot_copy=spot_copy_form,
formaction=formaction
), context_instance=RequestContext(request))
def process_request(self, request):
# lazy import to make sure we have the right Django!
from django import http
from django.conf import settings
for prefix in settings.PUBLIC_TOP_LEVEL_URLS:
if request.path.startswith(prefix):
# These are special URLs that do not need login protection.
return None
try:
user = auth.get_current_user(request)
except auth.UserNotAllowedError:
return http.HttpResponseForbidden('Access Denied!')
# Un-logged-in users are not redirected away from the /auth/
# namespace. This ensures that the log-in and related pages
# are reachable.
if user is None and not request.path.startswith('/auth/'):
login_url = auth.create_login_url(request.path)
return http.HttpResponseRedirect(login_url)
# Attach the user to the request.
request.user = user
return None
def bucketlist():
""" Return a JSON response with all bucketlists """
user_id = auth.get_current_user()
results_data = None
if request.method == 'GET':
# pagination limit
results = BucketList.get_all(user_id)
limit = request.args.get('limit', 20)
q = request.args.get('q')
page = request.args.get('page', 1)
if page < 1:
raise NotFound('Please specify a valid page (positive number)')
if results.all():
results_data = results
limit = 100 if int(limit) > 100 else limit
if q:
results_data = results.filter(
BucketList.name.ilike('%{0}%'.format(q)))
# serialize result objects to json
result_list = []
for item in results_data.paginate(
page, int(limit), False).items:
if callable(getattr(item, 'to_json')):
result = item.to_json()
result_list.append(result)
return {'message': result_list}
raise NotFound('User has no bucketlist')
else:
name = request.form.get("name")
bucketlist = BucketList(created_by=user_id, name=name)
bucketlist.save()
return {
"message": "Bucketlist was created successfully",
"bucketlist": bucketlist.to_json()}, 201
def logout(request):
if get_current_user(request):
return HttpResponseRedirect(get_logout_url(request))
return HttpResponseRedirect(request.build_absolute_uri("/"))
def user_profile():
user = get_current_user()
return render_template('user/profile.html', user=user)
