def delete(self, id): if 'cancel' in request.params: h.redirect_to(controller='group', action='edit', id=id) context = { 'model': model, 'session': model.Session, 'user': c.user or c.author } try: check_access('group_delete', context, {'id': id}) except NotAuthorized: abort(401, _('Unauthorized to delete group %s') % '') try: if request.method == 'POST': get_action('group_delete')(context, {'id': id}) h.flash_notice(_('Group has been deleted.')) h.redirect_to(controller='group', action='index') c.group_dict = get_action('group_show')(context, {'id': id}) except NotAuthorized: abort(401, _('Unauthorized to delete group %s') % '') except NotFound: abort(404, _('Group not found')) return render('group/confirm_delete.html')
def logged_in(self): # we need to set the language via a redirect lang = session.pop('lang', None) session.save() # we need to set the language explicitly here or the flash # messages will not be translated. i18n.set_lang(lang) if c.user: is_new = False is_sysadmin = new_authz.is_sysadmin(c.user) # Retrieve information about the current user context = {'model': model, 'session': model.Session, 'user': c.user or c.author, 'schema': schema.user_new_form_schema()} data_dict = {'id': c.user} user_dict = get_action('user_show')(context, data_dict) # This check is not needed (or correct) for sys admins if not is_sysadmin: # Get all organizations and all groups the user belongs to orgs_q = model.Session.query(model.Group) \ .filter(model.Group.is_organization == True) \ .filter(model.Group.state == 'active') q = model.Session.query(model.Member) \ .filter(model.Member.table_name == 'user') \ .filter(model.Member.table_id == user_dict['id']) group_ids = [] for row in q.all(): group_ids.append(row.group_id) if not group_ids: is_new = True else: orgs_q = orgs_q.filter(model.Group.id.in_(group_ids)) orgs_list = model_dictize.group_list_dictize(orgs_q.all(), context) if len(orgs_list) == 0: is_new = True h.flash_success(_("<p><strong>Note</strong></p>" "<p>%s is now logged in</p>") % user_dict['display_name'], allow_html=True) if is_new: return h.redirect_to(controller='ckanext.canada.controller:CanadaController', action='view_new_user', locale=lang) else: return h.redirect_to(controller='package', action='search', locale=lang) else: h.flash_error(_('Login failed. Bad username or password.')) return h.redirect_to(controller='user', action='login', locale=lang)
def file(self, label): exists = self.ofs.exists(BUCKET, label) if not exists: # handle erroneous trailing slash by redirecting to url w/o slash if label.endswith("/"): label = label[:-1] # This may be best being cached_url until we have moved it into # permanent storage file_url = h.url_for("storage_file", label=label) h.redirect_to(file_url) else: abort(404) file_url = self.ofs.get_url(BUCKET, label) if file_url.startswith("file://"): metadata = self.ofs.get_metadata(BUCKET, label) filepath = file_url[len("file://") :] headers = { # 'Content-Disposition':'attachment; filename="%s"' % label, "Content-Type": metadata.get("_format", "text/plain") } fapp = FileApp(filepath, headers=None, **headers) return fapp(request.environ, self.start_response) else: h.redirect_to(file_url)
def preview_table(self, resource_name, owner_org, errors=None): if not c.user: h.redirect_to(controller='user', action='login') lc = ckanapi.LocalCKAN(username=c.user) try: chromo = get_chromo(resource_name) except RecombinantException: abort(404, _('Recombinant resource_name not found')) try: dataset = lc.action.recombinant_show( dataset_type=chromo['dataset_type'], owner_org=owner_org) except ckanapi.NotFound: abort(404, _('Table for this organization not found')) org = lc.action.organization_show(id=owner_org) for r in dataset['resources']: if r['name'] == resource_name: break else: abort(404, _('Resource not found')) return render('recombinant/resource_edit.html', extra_vars={ 'dataset': dataset, 'resource': r, 'organization': org, 'errors': errors, })
def delete(self, id): """Provide a delete action, but only for UKLP datasets""" from ckan.lib.search import SearchIndexError context = { 'model': model, 'session': model.Session, 'user': c.user, } pkg_dict = get_action('package_show')(context, { 'id': id }) # has side-effect of populating context.get('package') if request.params: # POST if 'cancel' in request.params: h.redirect_to(controller='package', action='read', id=id) elif 'delete' in request.params: try: package_name = pkg_dict['name'] get_action('package_delete')(context, {'id': id}) h.flash_success(_('Successfully deleted package.')) self._form_save_redirect(package_name, 'edit') except NotAuthorized: abort(401, _('Unauthorized to delete package %s') % id) except ObjectNotFound, e: abort(404, _('Package not found')) except DataError: abort(400, _(u'Integrity Error')) except SearchIndexError, e: abort(500, _(u'Unable to update search index.') + repr(e.args))
def _add_users( self, group, parameters ): if not group: h.flash_error(_("There was a problem with your submission, " "please correct it and try again")) errors = {"reason": ["No reason was supplied"]} return self.apply(group.id, errors=errors, error_summary=action.error_summary(errors)) data_dict = logic.clean_dict(dict_func.unflatten( logic.tuplize_dict(logic.parse_params(request.params)))) data_dict['id'] = group.id # Temporary fix for strange caching during dev l = data_dict['users'] for d in l: d['capacity'] = d.get('capacity','editor') context = { "group" : group, "schema": schema.default_group_schema(), "model": model, "session": model.Session } # Temporary cleanup of a capacity being sent without a name users = [d for d in data_dict['users'] if len(d) == 2] data_dict['users'] = users model.repo.new_revision() model_save.group_member_save(context, data_dict, 'users') model.Session.commit() h.redirect_to( controller='group', action='edit', id=group.name)
def submit_showcase_rating(self, package, rating): context = {'model': model, 'user': c.user or c.author} data_dict = {'package': package, 'rating': rating} if p.toolkit.check_access('check_access_user', context, data_dict): p.toolkit.get_action('rating_package_create')(context, data_dict) h.redirect_to(str('/showcase/' + package)) return p.toolkit.render('showcase/showcase_info.html')
def delete(self, id): """Provide a delete action, but only for UKLP datasets""" from ckan.lib.search import SearchIndexError context = { 'model': model, 'session': model.Session, 'user': c.user, } pkg_dict = get_action('package_show')(context, {'id':id}) # has side-effect of populating context.get('package') if request.params: # POST if 'cancel' in request.params: h.redirect_to(controller='package', action='read', id=id) elif 'delete' in request.params: try: package_name = pkg_dict['name'] get_action('package_delete')(context, {'id':id}) h.flash_success(_('Successfully deleted package.')) self._form_save_redirect(package_name, 'edit') except NotAuthorized: abort(401, _('Unauthorized to delete package %s') % id) except ObjectNotFound, e: abort(404, _('Package not found')) except DataError: abort(400, _(u'Integrity Error')) except SearchIndexError, e: abort(500, _(u'Unable to update search index.') + repr(e.args))
def report_abuse(self, id): """ When a user reports something as offensive, this action will mark it ready for moderation. If the user reporting is a system administrator it will be marked, but also made invisible so that it no longer shows up """ import ckan.model as model from ckanext.dgu.model.feedback import Feedback fb = Feedback.get(id) if fb: fb.moderated = False fb.moderation_required = True if is_sysadmin(): fb.visible = False flash_notice( "Queued. As you are an administrator, this item has been hidden" ) else: flash_notice( "Thank you for your feedback, the item has been queued for moderation" ) model.Session.add(fb) model.Session.commit() h.redirect_to(request.referer or '/data')
def admin(self): # Redirect to /news if not authorized: try: context = {'user': c.user} toolkit.check_access('blog_admin', context) except toolkit.NotAuthorized: h.redirect_to('/news') c.title = '' c.content = '' if request.method == 'POST': try: title, content = _validate_blog_post(request.POST) except ValidationError as err: return toolkit.render('blog/admin.html', extra_vars={'data_dict': request.POST, 'error': err.args}) # We assume nothing will go wrong here, since the data has been # validated. from ckanext.sweden.blog.model.post import Post newPost = Post(title, content, c.userobj.id) model.Session.add(newPost) model.Session.commit() flash_notice(toolkit._("Your blog post has been saved!")) controller = 'ckanext.sweden.blog.controllers.blog:BlogController' h.redirect_to(controller=controller, action='admin_index') return toolkit.render('blog/admin.html', extra_vars={'data_dict': {}, 'error': ''})
def file(self, label): exists = self.ofs.exists(BUCKET, label) if not exists: # handle erroneous trailing slash by redirecting to url w/o slash if label.endswith('/'): label = label[:-1] # This may be best being cached_url until we have moved it into # permanent storage file_url = h.url_for('storage_file', label=label) h.redirect_to(file_url) else: abort(404) file_url = self.ofs.get_url(BUCKET, label) if file_url.startswith("file://"): metadata = self.ofs.get_metadata(BUCKET, label) filepath = file_url[len("file://"):] headers = { # 'Content-Disposition':'attachment; filename="%s"' % label, 'Content-Type': metadata.get('_format', 'text/plain') } fapp = FileApp(filepath, headers=None, **headers) return fapp(request.environ, self.start_response) else: h.redirect_to(file_url.encode('ascii', 'ignore'))
def _download_file(self, res, label): # We need this as a resource object to check access so create a dummy # obj and trick CKAN resource = model.Resource() for k in res.keys(): setattr(resource, k, res[k]) context = {'model': model, 'session': model.Session, 'user': c.user or c.author, 'for_view': True, 'auth_user_obj': c.userobj, 'resource': resource} data_dict = {'id': resource.id} try: logic.check_access('resource_show', context, data_dict) except logic.NotAuthorized: redirect_url = h.url_for(controller='user', action='login', came_from=resource.url) r = generate_response(303, u'Not authorized to read file ' + resource.id, other_headers={'Location': redirect_url, 'X-CKAN-Error': '403 Access Denied'}) return r exists = self.ofs.exists(BUCKET, label) if not exists: # handle erroneous trailing slash by redirecting to url w/o slash if label.endswith('/'): label = label[:-1] # This may be best being cached_url until we have moved it into # permanent storage file_url = h.url_for('storage_file', label=label) h.redirect_to(file_url) else: # abort(404) r = generate_response(404, u'File not found') return r file_url = self.ofs.get_url(BUCKET, label) if file_url.startswith("file://") or file_url.endswith('xlsx'): metadata = self.ofs.get_metadata(BUCKET, label) filepath = file_url[len("file://"):] headers = { # 'Content-Disposition':'attachment; filename="%s"' % label, 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-store, no-cache', 'Content-Type': metadata.get('_format', 'text/plain')} if resource.name: res_name = resource.name.replace('"', '_') res_name_encoded = res_name.encode('utf-8', 'ignore') file_name, file_extension = os.path.splitext(res_name_encoded) if file_extension == '' and resource.format: file_name = file_name + '.' + resource.format else: file_name = res_name_encoded headers[ 'Content-Disposition'] = 'inline; filename="{}"'.format(file_name) fapp = FileApp(filepath, headers=None, **headers) return fapp(request.environ, self.start_response) else: h.redirect_to(file_url.encode('ascii', 'ignore'))
def resource_edit(self, id, resource_id, data=None, errors=None, error_summary=None): try: return super(CanadaDatasetController, self).resource_edit( id, resource_id, data, errors, error_summary) except HTTPFound: h.flash_success(_(u'Resource updated.')) # resource read page is unfinished, return to dataset page h.redirect_to(controller='package', action='read', id=id)
def edit(self, id=None): # allow id=None to allow posting c.error = '' group = model.Group.get(id) if group is None: abort(404, '404 Not Found') context = {'model': model, 'user': c.user or c.author, 'group':group} try: check_access('group_update',context) except NotAuthorized: abort(401, _('User %r not authorized to edit %s') % (c.user, group.id)) try: check_access('group_change_state',context) auth_for_change_state = True except NotAuthorized: auth_for_change_state = False if not 'save' in request.params: c.group = group c.groupname = group.name c.grouptitle = group.title fs = forms.get_group_fieldset(is_admin=auth_for_change_state).bind(c.group) c.form = self._render_edit_form(fs) return render('group/edit.html') else: rev = model.repo.new_revision() rev.author = c.author # id is the name (pre-edited state) c.groupname = id # needed because request is nested # multidict which is read only params = dict(request.params) fs = ckan.forms.get_group_fieldset(is_admin=auth_for_change_state) c.fs = fs.bind(group, data=params or None) try: self._update(c.fs, id, group.id) # do not use groupname from id as may have changed c.groupname = c.fs.name.value c.grouptitle = c.fs.title.value except ValidationException, error: fs = error.args[0] c.form = self._render_edit_form(fs) return render('group/edit.html') pkgs = [model.Package.by_name(name) for name in request.params.getall('Group-packages-current')] group.packages = pkgs pkgnames = request.params.getall('Member--package_name') for pkgname in pkgnames: if pkgname: package = model.Package.by_name(pkgname) if package and package not in group.packages: group.packages.append(package) for extension in self.extensions: extension.edit(group) model.repo.commit_and_remove() h.redirect_to(controller='group', action='read', id=c.groupname)
def edit(self, id=None): # allow id=None to allow posting c.error = '' group = model.Group.get(id) if group is None: abort(404, '404 Not Found') context = {'model': model, 'user': c.user or c.author, 'group':group} try: check_access('group_update',context) except NotAuthorized: abort(401, _('User %r not authorized to edit %s') % (c.user, group.id)) try: check_access('group_change_state',context) auth_for_change_state = True except NotAuthorized: auth_for_change_state = False if not 'save' in request.params: c.group = group c.groupname = group.name c.grouptitle = group.title fs = forms.get_group_fieldset(is_admin=auth_for_change_state).bind(c.group) c.form = self._render_edit_form(fs) return render('group/edit.html') else: rev = model.repo.new_revision() rev.author = c.author # id is the name (pre-edited state) c.groupname = id # needed because request is nested # multidict which is read only params = dict(request.params) fs = ckan.forms.get_group_fieldset(is_admin=auth_for_change_state) c.fs = fs.bind(group, data=params or None) try: self._update(c.fs, id, group.id) # do not use groupname from id as may have changed c.groupname = c.fs.name.value c.grouptitle = c.fs.title.value except ValidationException, error: fs = error.args[0] c.form = self._render_edit_form(fs) return render('group/edit.html') pkgs = [model.Package.by_name(name) for name in request.params.getall('Group-packages-current')] group.packages = pkgs pkgnames = request.params.getall('PackageGroup--package_name') for pkgname in pkgnames: if pkgname: package = model.Package.by_name(pkgname) if package and package not in group.packages: group.packages.append(package) for extension in self.extensions: extension.edit(group) model.repo.commit_and_remove() h.redirect_to(controller='group', action='read', id=c.groupname)
def _save_new(self, context): try: data_dict = clean_dict(unflatten(tuplize_dict(parse_params(request.params)))) context["message"] = data_dict.get("log_message", "") group = get_action("group_create")(context, data_dict) h.redirect_to(controller="group", action="read", id=group["name"]) except NotAuthorized: abort(401, _("Unauthorized to read group %s") % "") except NotFound, e: abort(404, _("Package not found"))
def submit_package_rating(self, package, rating): context = {'model': model, 'user': c.user or c.author} data_dict = {'package': package, 'rating': rating} try: p.toolkit.check_access('check_access_user', context, data_dict) p.toolkit.get_action('rating_package_create')(context, data_dict) h.redirect_to(controller='package', action='read', id=package) except NotAuthorized: abort(403, _('Unauthenticated user not allowed to submit ratings.'))
def home(self): if not c.user: h.redirect_to(controller='user', action='login') is_new = not h.check_access('package_create') if is_new: return h.redirect_to(controller='package', action='search') return h.redirect_to( controller='ckanext.canada.controller:CanadaController', action='links')
def _save_new(self, context): try: data_dict = clean_dict(unflatten( tuplize_dict(parse_params(request.params)))) context['message'] = data_dict.get('log_message', '') group = get_action('group_create')(context, data_dict) h.redirect_to(controller='group', action='read', id=group['name']) except NotAuthorized: abort(401, _('Unauthorized to read group %s') % '') except NotFound, e: abort(404, _('Package not found'))
def _save_new(self, context): try: data_dict = clean_dict( unflatten(tuplize_dict(parse_params(request.params)))) context['message'] = data_dict.get('log_message', '') group = get_action('group_create')(context, data_dict) h.redirect_to(controller='group', action='read', id=group['name']) except NotAuthorized: abort(401, _('Unauthorized to read group %s') % '') except NotFound, e: abort(404, _('Package not found'))
def _save_edit(self, id, context): try: data_dict = clean_dict( unflatten(tuplize_dict(parse_params(request.params)))) context['message'] = data_dict.get('log_message', '') data_dict['id'] = id group = get_action('group_update')(context, data_dict) h.redirect_to('%s_read' % str(group['type']), id=group['name']) except NotAuthorized: abort(401, _('Unauthorized to read group %s') % id) except NotFound, e: abort(404, _('Group not found'))
def _save_edit(self, id, context): try: data_dict = clean_dict(unflatten( tuplize_dict(parse_params(request.params)))) context['message'] = data_dict.get('log_message', '') data_dict['id'] = id group = get_action('group_update')(context, data_dict) h.redirect_to('%s_read' % str(group['type']), id=group['name']) except NotAuthorized: abort(401, _('Unauthorized to read group %s') % id) except NotFound, e: abort(404, _('Group not found'))
def _download_file(self, res, label): # We need this as a resource object to check access so create a dummy # obj and trick CKAN resource = model.Resource() for k in res.keys(): setattr(resource, k, res[k]) context = {'model': model, 'session': model.Session, 'user': c.user or c.author, 'for_view': True, 'auth_user_obj': c.userobj, 'resource': resource} data_dict = {'id': resource.id} try: logic.check_access('resource_show', context, data_dict) except logic.NotAuthorized: redirect_url = h.url_for(controller='user', action='login', came_from=resource.url) r = generate_response(303, u'Not authorized to read file ' + resource.id, other_headers={'Location': redirect_url, 'X-CKAN-Error': '403 Access Denied'}) return r exists = self.ofs.exists(BUCKET, label) if not exists: # handle erroneous trailing slash by redirecting to url w/o slash if label.endswith('/'): label = label[:-1] # This may be best being cached_url until we have moved it into # permanent storage file_url = h.url_for('storage_file', label=label) h.redirect_to(file_url) else: # abort(404) r = generate_response(404, u'File not found') return r file_url = self.ofs.get_url(BUCKET, label) if file_url.startswith("file://") or file_url.endswith('xlsx'): metadata = self.ofs.get_metadata(BUCKET, label) filepath = file_url[len("file://"):] headers = { # 'Content-Disposition':'attachment; filename="%s"' % label, 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-store, no-cache', 'Content-Type': metadata.get('_format', 'text/plain')} if resource.name: res_name = resource.name.replace('"', '_') res_name_encoded = res_name.encode('utf-8', 'ignore') headers[ 'Content-Disposition'] = 'inline; filename="{}"'.format(res_name_encoded) fapp = FileApp(filepath, headers=None, **headers) return fapp(request.environ, self.start_response) else: h.redirect_to(file_url.encode('ascii', 'ignore'))
def new(self, data={}, errors={}, error_summary={}): if not self.authz.am_authorized(c, Action.PACKAGE_CREATE, System()): abort(401, _('Unauthorized to create an application')) if request.method == 'POST' and not errors: try: data_dict = dict(request.params) idea = create_idea(data_dict) h.redirect_to(action='read', id=idea.name) except ValidationError, e: errors = e.error_dict error_summary = e.error_summary return self.new(data_dict, errors, error_summary)
def unsubscribe_all(self): subscriber_email = request.POST.get('subscriber_email') unsubscribe_token = request.POST.get('unsubscribe_token') p.toolkit.get_action('unsubscribe_all')( context={'model': model, 'user': c.user or c.author}, data_dict={'subscriber_email': subscriber_email, 'unsubscribe_token': unsubscribe_token} ) h.redirect_to(controller='ckanext.reminder.controller:ReminderController', action='unsubscribe_index', subscriber_email=subscriber_email, unsubscribe_token=unsubscribe_token) return p.toolkit.render('reminder/unsubscribe.html')
def _redirect_if_previous_name(self, id): # If we can find id in the extras for any group we will use it # to re-direct the user to the new name for the group. If not then # we'll just let it fail. If we find multiple groups with the name # we'll just redirect to the first match. import ckan.model as model match = model.Session.query(model.GroupExtra).\ filter(model.GroupExtra.key.like('previous-name-%')).\ filter(model.GroupExtra.value == id).\ filter(model.GroupExtra.state=='active').order_by('key desc').first() if match: h.redirect_to('organisation_read', id=match.group.name)
def new(self): record = model.Group c.error = '' try: context = {'model': model, 'user': c.user or c.author} check_access('group_create', context) except NotAuthorized: abort(401, _('Unauthorized to create a group')) is_admin = self.authorizer.is_sysadmin(c.user) fs = ckan.forms.get_group_fieldset(is_admin=is_admin) if request.params.has_key('save'): rev = model.repo.new_revision() rev.author = c.author # needed because request is nested # multidict which is read only params = dict(request.params) c.fs = fs.bind(record, data=params or None, session=model.Session) try: self._update(c.fs, id, record.id) except ValidationException, error: fs = error.args[0] c.form = self._render_edit_form(fs) return render('group/edit.html') # do not use groupname from id as may have changed c.groupname = c.fs.name.value c.grouptitle = c.fs.title.value group = model.Group.get(c.groupname) assert group admins = [] user = model.User.by_name(c.user) admins = [user] model.setup_default_user_roles(group, admins) group = model.Group.get(c.groupname) pkgs = [ model.Package.by_name(name) for name in request.params.getall('Group-packages-current') ] group.packages = pkgs pkgnames = request.params.getall('PackageGroup--package_name') for pkgname in pkgnames: if pkgname: package = model.Package.by_name(pkgname) if package and package not in group.packages: group.packages.append(package) for extension in self.extensions: extension.create(group) model.repo.commit_and_remove() h.redirect_to(controller='group', action='read', id=c.groupname)
def report(self): """ Generates a simple report of open/closed counts both as totals and per-category """ from ckanext.redmine.client import RedmineClient import ckan.model as model # Ensure only sysadmins can view this report for now. try: context = {'model': model, 'user': c.user} check_access('issue_list', context) except NotAuthorized, e: h.redirect_to('/')
def report(self): """ Generates a simple report of open/closed counts both as totals and per-category """ from ckanext.redmine.client import RedmineClient import ckan.model as model # Ensure only sysadmins can view this report for now. try: context = {'model':model,'user': c.user} check_access('issue_list',context) except NotAuthorized, e: h.redirect_to('/')
def _save_new(self, context, group_type=None): try: data_dict = clean_dict(unflatten(tuplize_dict(parse_params(request.params)))) data_dict["type"] = group_type or "group" context["message"] = data_dict.get("log_message", "") data_dict["users"] = [{"name": c.user, "capacity": "admin"}] group = get_action("group_create")(context, data_dict) # Redirect to the appropriate _read route for the type of group h.redirect_to(group["type"] + "_read", id=group["name"]) except NotAuthorized: abort(401, _("Unauthorized to read group %s") % "") except NotFound, e: abort(404, _("Group not found"))
def edit(self, id=None): # allow id=None to allow posting c.error = "" group = model.Group.get(id) if group is None: abort(404, "404 Not Found") am_authz = self.authorizer.am_authorized(c, model.Action.EDIT, group) if not am_authz: abort(401, _("User %r not authorized to edit %r") % (c.user, id)) auth_for_change_state = self.authorizer.am_authorized(c, model.Action.CHANGE_STATE, group) if not "save" in request.params: c.group = group c.groupname = group.name c.grouptitle = group.title fs = forms.get_group_fieldset(is_admin=auth_for_change_state).bind(c.group) c.form = self._render_edit_form(fs) return render("group/edit.html") else: rev = model.repo.new_revision() rev.author = c.author # id is the name (pre-edited state) c.groupname = id # needed because request is nested # multidict which is read only params = dict(request.params) fs = ckan.forms.get_group_fieldset(is_admin=auth_for_change_state) c.fs = fs.bind(group, data=params or None) try: self._update(c.fs, id, group.id) # do not use groupname from id as may have changed c.groupname = c.fs.name.value c.grouptitle = c.fs.title.value except ValidationException, error: fs = error.args[0] c.form = self._render_edit_form(fs) return render("group/edit.html") pkgs = [model.Package.by_name(name) for name in request.params.getall("Group-packages-current")] group.packages = pkgs pkgnames = request.params.getall("PackageGroup--package_name") for pkgname in pkgnames: if pkgname: package = model.Package.by_name(pkgname) if package and package not in group.packages: group.packages.append(package) for extension in self.extensions: extension.edit(group) model.repo.commit_and_remove() h.redirect_to(controller="group", action="read", id=c.groupname)
def _save_new(self, context, group_type=None): try: data_dict = clean_dict(unflatten( tuplize_dict(parse_params(request.params)))) data_dict['type'] = group_type or 'group' context['message'] = data_dict.get('log_message', '') group = get_action('group_create')(context, data_dict) # Redirect to the appropriate _read route for the type of group h.redirect_to( group['type'] + '_read', id=group['name']) except NotAuthorized: abort(401, _('Unauthorized to read group %s') % '') except NotFound, e: abort(404, _('Package not found'))
def history(self, id): if 'diff' in request.params or 'selected1' in request.params: try: params = {'id':request.params.getone('pkg_name'), 'diff':request.params.getone('selected1'), 'oldid':request.params.getone('selected2'), } except KeyError, e: if dict(request.params).has_key('pkg_name'): id = request.params.getone('pkg_name') c.error = _('Select two revisions before doing the comparison.') else: params['diff_entity'] = 'package' h.redirect_to(controller='revision', action='diff', **params)
def subscribe_to_package(self, package_id): try: p.toolkit.get_action('subscribe_to_package')( context={'model': model, 'user': c.user or c.author}, data_dict={'package': package_id, 'subscriber_email': request.POST['subscriber_email']} ) c.package_subscription_successful = True h.redirect_to(controller='package', action='read', id=package_id) return p.toolkit.render('package/read_base.html') except logic.ValidationError, error: abort(400, _('Invalid request: {error_message}').format(error_message=str(error)))
def admin_index(self): # Redirect to /news if not authorized: try: context = {'user': c.user} toolkit.check_access('blog_admin', context) except toolkit.NotAuthorized: h.redirect_to('/news') from ckanext.sweden.blog.model.post import Post c.posts = model.Session.query(Post).\ filter(Post.visible == True).order_by('created desc') return toolkit.render('blog/admin_list.html')
def apply(self, id=None, data=None, errors=None, error_summary=None): """ Form for a user to request to be an editor for a organisation. It sends an email to a suitable admin. """ if not c.user: abort(401, _('You must be logged in to apply for membership')) if 'parent' in request.params and not id: id = request.params['parent'] if id: c.group = model.Group.get(id) if not c.group: log.warning('Could not find organisation for name %s', id) abort(404, _('Publisher not found')) if 'save' in request.params and not errors: from ckanext.dgu_orgs.model.organisation_request import OrganisationRequest reason = request.params.get('reason', None) if model.Session.query(OrganisationRequest).filter_by( user_name=c.user, group_name=id).all(): h.flash_error( 'A request for this organisation is already in the system. If you have waited more than a couple of days then <a href="http://data.gov.uk/contact">contact the data.gov.uk team</a>', allow_html=True) h.redirect_to('organisation_apply', id=id) return else: req = OrganisationRequest(user_name=c.user, group_name=id, reason=reason) model.Session.add(req) model.Session.commit() return self._send_application(c.group, reason) else: c.possible_parents = model.Session.query(model.Group)\ .filter(model.Group.state=='active').order_by(model.Group.title).all() data = data or {} errors = errors or {} error_summary = error_summary or {} data.update(request.params) vars = {'data': data, 'errors': errors, 'error_summary': error_summary} c.form = render('organisation/apply_form.html', extra_vars=vars) return render('organisation/apply.html')
def _save_edit(self, id, context): try: data_dict = clean_dict(unflatten(tuplize_dict(parse_params(request.params)))) context["message"] = data_dict.get("log_message", "") data_dict["id"] = id group = get_action("group_update")(context, data_dict) if id != group["name"]: self._force_reindex(group) h.redirect_to("%s_read" % str(group["type"]), id=group["name"]) except NotAuthorized: abort(401, _("Unauthorized to read group %s") % id) except NotFound, e: abort(404, _("Group not found"))
def history(self, id): if "diff" in request.params or "selected1" in request.params: try: params = { "id": request.params.getone("group_name"), "diff": request.params.getone("selected1"), "oldid": request.params.getone("selected2"), } except KeyError, e: if dict(request.params).has_key("group_name"): id = request.params.getone("group_name") c.error = _("Select two revisions before doing the comparison.") else: params["diff_entity"] = "group" h.redirect_to(controller="revision", action="diff", **params)
def add(self, id): """ Adds new feedback from a user, first checking that the user is a. Logged in (in which case they are redirected) b. Not blocked """ from ckanext.dgu.model.feedback import Feedback, FeedbackBlockedUser self._get_package(id) # Redirect to login if not logged in try: context = {'model':model,'user': c.user} check_access('feedback_create',context) except NotAuthorized, e: h.redirect_to('/user?destination={0}'.format(request.path[1:]))
def index(self): """ This function renders the contribute landing page for a node-in-a-box and the harvest page for the central node. """ if not c.user: h.redirect_to(controller='user', action='login', came_from=h.url_for(controller='ckanext.ngds.ngdsui.controllers.contribute:ContributeController',action='index')) if g.central: #TODO: Need to change this to point the correct controller url = h.url_for_static(controller='ckanext.harvest.controllers.view:ViewController') h.redirect_to(url) else: return render('contribute/contribute.html')
def _save_edit(self, name_or_id, context): try: data_dict = clean_dict(unflatten( tuplize_dict(parse_params(request.POST)))) context['message'] = data_dict.get('log_message', '') data_dict['id'] = name_or_id pkg = get_action('package_update')(context, data_dict) c.pkg = context['package'] c.pkg_dict = pkg h.redirect_to(controller='package', action='read', id=pkg['name']) except NotAuthorized: abort(401, 'Not authorized to save package') except ObjectNotFound, e: abort(404, _('Dataset not found'))
def add(self, id): """ Adds new feedback from a user, first checking that the user is a. Logged in (in which case they are redirected) b. Not blocked """ from ckanext.dgu.model.feedback import Feedback, FeedbackBlockedUser self._get_package(id) # Redirect to login if not logged in try: context = {'model': model, 'user': c.user} check_access('feedback_create', context) except NotAuthorized, e: h.redirect_to('/user?destination={0}'.format(request.path[1:]))
def _save_new(self, context, group_type=None): try: data_dict = clean_dict(unflatten( tuplize_dict(parse_params(request.params)))) data_dict['type'] = group_type or 'group' context['message'] = data_dict.get('log_message', '') data_dict['users'] = [{'name': c.user, 'capacity': 'admin'}] group = get_action('group_create')(context, data_dict) # Redirect to the appropriate _read route for the type of group h.redirect_to(group['type'] + '_read', id=group['name']) except NotAuthorized: abort(401, _('Unauthorized to read group %s') % '') except NotFound, e: abort(404, _('Group not found'))
def _save_edit(self, name_or_id, context): try: data_dict = clean_dict( unflatten(tuplize_dict(parse_params(request.POST)))) context['message'] = data_dict.get('log_message', '') data_dict['id'] = name_or_id pkg = get_action('package_update')(context, data_dict) c.pkg = context['package'] c.pkg_dict = pkg h.redirect_to(controller='package', action='read', id=pkg['name']) except NotAuthorized: abort(401, 'Not authorized to save package') except ObjectNotFound, e: abort(404, _('Dataset not found'))
def new(self): record = model.Group c.error = '' try: context = {'model': model, 'user': c.user or c.author} check_access('group_create',context) except NotAuthorized: abort(401, _('Unauthorized to create a group')) is_admin = self.authorizer.is_sysadmin(c.user) fs = ckan.forms.get_group_fieldset(is_admin=is_admin) if request.params.has_key('save'): rev = model.repo.new_revision() rev.author = c.author # needed because request is nested # multidict which is read only params = dict(request.params) c.fs = fs.bind(record, data=params or None, session=model.Session) try: self._update(c.fs, id, record.id) except ValidationException, error: fs = error.args[0] c.form = self._render_edit_form(fs) return render('group/edit.html') # do not use groupname from id as may have changed c.groupname = c.fs.name.value c.grouptitle = c.fs.title.value group = model.Group.get(c.groupname) assert group admins = [] user = model.User.by_name(c.user) admins = [user] model.setup_default_user_roles(group, admins) group = model.Group.get(c.groupname) pkgs = [model.Package.by_name(name) for name in request.params.getall('Group-packages-current')] group.packages = pkgs pkgnames = request.params.getall('PackageGroup--package_name') for pkgname in pkgnames: if pkgname: package = model.Package.by_name(pkgname) if package and package not in group.packages: group.packages.append(package) for extension in self.extensions: extension.create(group) model.repo.commit_and_remove() h.redirect_to(controller='group', action='read', id=c.groupname)
class CommentController(BaseController): def add(self, dataset_id): return self._add_or_reply(dataset_id) def edit(self, dataset_id, comment_id): context = {'model': model, 'user': c.user} # Auth check to make sure the user can see this package data_dict = {'id': dataset_id} check_access('package_show', context, data_dict) try: c.pkg_dict = get_action('package_show')(context, {'id': dataset_id}) c.pkg = context['package'] except: abort(403) if request.method == 'POST': data_dict = clean_dict(unflatten( tuplize_dict(parse_params(request.POST)))) data_dict['id'] = comment_id success = False try: res = get_action('comment_update')(context, data_dict) success = True except ValidationError, ve: log.debug(ve) except Exception, e: log.debug(e) abort(403) if success: h.redirect_to(str('/dataset/%s#comment_%s' % (c.pkg.name, res['id'])))
def follow(self, id): '''Start following this group.''' context = {'model': model, 'session': model.Session, 'user': c.user or c.author} data_dict = {'id': id} try: get_action('follow_group')(context, data_dict) h.flash_success(_("You are now following {0}").format(id)) except ValidationError as e: error_message = (e.extra_msg or e.message or e.error_summary or e.error_dict) h.flash_error(error_message) except NotAuthorized as e: h.flash_error(e.extra_msg) h.redirect_to(controller='group', action='read', id=id)
def delete(self, id): """Provide a delete ('withdraw') action, but only for UKLP datasets""" from ckan.lib.search import SearchIndexError context = { 'model': model, 'session': model.Session, 'user': c.user, } try: pkg_dict = get_action('package_show')(context, { 'id': id }) # has side-effect of populating context.get('package') except NotAuthorized: abort(401, 'Not authorized to delete package') except ObjectNotFound: abort(404, 'Dataset not found') if request.params: # POST if 'cancel' in request.params: h.redirect_to(controller='package', action='read', id=id) elif 'delete' in request.params: try: package_name = pkg_dict['name'] get_action('package_delete')(context, {'id': id}) is_uklp = get_from_flat_dict(pkg_dict['extras'], 'UKLP') == 'True' if is_uklp: action = 'withdrawn' resource_type = get_from_flat_dict( pkg_dict['extras'], 'resource-type') + ' record' else: action = 'deleted' resource_type = 'dataset' h.flash_success('Successfully %s %s.' \ % (action, resource_type)) self._form_save_redirect(package_name, 'edit') except NotAuthorized: abort(401, _('Unauthorized to delete package %s') % id) except ObjectNotFound, e: abort(404, _('Package not found')) except DataError: abort(400, _(u'Integrity Error')) except SearchIndexError, e: abort(500, _(u'Unable to update search index.') + repr(e.args))
def new(self): record = model.Group c.error = "" auth_for_create = self.authorizer.am_authorized(c, model.Action.GROUP_CREATE, model.System()) if not auth_for_create: abort(401, _("Unauthorized to create a group")) is_admin = self.authorizer.is_sysadmin(c.user) fs = ckan.forms.get_group_fieldset(is_admin=is_admin) if request.params.has_key("save"): rev = model.repo.new_revision() rev.author = c.author # needed because request is nested # multidict which is read only params = dict(request.params) c.fs = fs.bind(record, data=params or None, session=model.Session) try: self._update(c.fs, id, record.id) except ValidationException, error: fs = error.args[0] c.form = self._render_edit_form(fs) return render("group/edit.html") # do not use groupname from id as may have changed c.groupname = c.fs.name.value c.grouptitle = c.fs.title.value group = model.Group.get(c.groupname) assert group admins = [] user = model.User.by_name(c.user) admins = [user] model.setup_default_user_roles(group, admins) group = model.Group.get(c.groupname) pkgs = [model.Package.by_name(name) for name in request.params.getall("Group-packages-current")] group.packages = pkgs pkgnames = request.params.getall("PackageGroup--package_name") for pkgname in pkgnames: if pkgname: package = model.Package.by_name(pkgname) if package and package not in group.packages: group.packages.append(package) for extension in self.extensions: extension.create(group) model.repo.commit_and_remove() h.redirect_to(controller="group", action="read", id=c.groupname)
def history(self, id): package_type = self._get_package_type(id.split("@")[0]) if "diff" in request.params or "selected1" in request.params: try: params = { "id": request.params.getone("pkg_name"), "diff": request.params.getone("selected1"), "oldid": request.params.getone("selected2"), } except KeyError, e: if "pkg_name" in dict(request.params): id = request.params.getone("pkg_name") c.error = _("Select two revisions before doing the comparison.") else: params["diff_entity"] = "package" h.redirect_to(controller="revision", action="diff", **params)
def admin_edit(self, title): data_dict = dict(request.POST) # Redirect to /news if not authorized: try: context = {'user': c.user} toolkit.check_access('blog_admin', context) except toolkit.NotAuthorized: h.redirect_to('/news') try: from ckanext.sweden.blog.model.post import Post c.post = model.Session.query(Post).\ filter(Post.url == title).\ filter(Post.visible == True).\ one() if 'title' not in data_dict: data_dict['title'] = c.post.title if 'content' not in data_dict: data_dict['content'] = c.post.content except NoResultFound: abort(404) if request.method == 'POST': try: title, content = _validate_blog_post( request.POST, original_title=request.urlvars.get('title')) except ValidationError as err: return toolkit.render( 'blog/admin_edit.html', extra_vars={'data_dict': data_dict, 'error': err.args}) c.post.title = title c.post.content = content model.Session.commit() flash_notice(toolkit._("Your blog post has been updated!")) controller = 'ckanext.sweden.blog.controllers.blog:BlogController' h.redirect_to(controller=controller, action='admin_index') return toolkit.render( 'blog/admin_edit.html', extra_vars={'data_dict': data_dict, 'errors': ''})
def _send_application(self, group, reason): from genshi.template.text import NewTextTemplate if not reason: h.flash_error( _("There was a problem with your submission, \ please correct it and try again")) errors = {"reason": ["No reason was supplied"]} return self.apply(group.id, errors=errors, error_summary=action.error_summary(errors)) admins = group.members_of_type(model.User, 'admin').all() recipients = [(u.fullname,u.email) for u in admins] if admins else \ [(config.get('ckan.admin.name', "CKAN Administrator"), config.get('ckan.admin.email', None), )] if not recipients: h.flash_error( _("There is a problem with the system configuration")) errors = {"reason": ["No group administrator exists"]} return self.apply(group.id, data=data, errors=errors, error_summary=action.error_summary(errors)) extra_vars = {'group': group, 'requester': c.userobj, 'reason': reason} email_msg = render("organizations/email/join_publisher_request.txt", extra_vars=extra_vars, loader_class=NewTextTemplate) try: for (name, recipient) in recipients: mailer.mail_recipient(name, recipient, "Publisher request", email_msg) except: h.flash_error( _("There is a problem with the system configuration")) errors = {"reason": ["No mail server was found"]} return self.apply(group.id, errors=errors, error_summary=action.error_summary(errors)) h.flash_success(_("Your application has been submitted")) h.redirect_to('publisher_read', id=group.name)
def unsubscribe_all(self): subscriber_email = request.POST.get('subscriber_email') unsubscribe_token = request.POST.get('unsubscribe_token') p.toolkit.get_action('unsubscribe_all')(context={ 'model': model, 'user': c.user or c.author }, data_dict={ 'subscriber_email': subscriber_email, 'unsubscribe_token': unsubscribe_token }) h.redirect_to( str('/reminder/' + subscriber_email + '/unsubscribe/' + unsubscribe_token)) return p.toolkit.render('reminder/unsubscribe.html')
def _add_users(self, group, parameters): from ckan.logic.schema import default_group_schema from ckan.logic.action import error_summary from ckan.lib.dictization.model_save import group_member_save if not group: h.flash_error(_("There was a problem with your submission, \ please correct it and try again")) errors = {"reason": ["No reason was supplied"]} return self.apply(group.id, errors=errors, error_summary=error_summary(errors)) data_dict = clean_dict(unflatten( tuplize_dict(parse_params(request.params)))) data_dict['id'] = group.id # Temporary fix for strange caching during dev l = data_dict['users'] for d in l: # Form javascript creates d['capacity'] == 'undefined' for # newly added users. # If javascript in users form is not working (such as in tests) # it will not create a capacity value. if 'capacity' not in d or d['capacity'] == 'undefined': # default to 'editor' d['capacity'] = 'editor' context = { "group" : group, "schema": default_group_schema(), "model": model, "session": model.Session } # Temporary cleanup of a capacity being sent without a name users = [d for d in data_dict['users'] if len(d) == 2] data_dict['users'] = users model.repo.new_revision() group_member_save(context, data_dict, 'users') model.Session.commit() h.redirect_to('/publisher/%s' % str(group.name))
def contact(self, name=None): """ This action allows users to create an issue by filling in a contact form. """ import ckan.model as model from ckanext.redmine.client import RedmineClient print name extra_vars = {"data": {}, "errors": {}} client = RedmineClient(name) c.categories = client.load_categories() c.name = name if request.method == 'POST': data = clean_dict( unflatten(tuplize_dict(parse_params(request.POST)))) context = { 'model': model, 'session': model.Session, 'user': c.user } # Create the issue with the data we were passed. try: newid = get_action('issue_create')(context, data) if newid is None: self._save_on_fail(data) h.flash_success( _('Thank you for contacting us'.format(newid))) else: h.flash_success( _('Thank you for contacting us, please quote #{0} in future correspondence' .format(newid))) h.redirect_to(str(data.get('referer', '/'))) except ValidationError, e: extra_vars["errors"] = e.error_dict extra_vars["error_summary"] = e.error_summary extra_vars["data"] = data c.category_id = data.get('category', '')
class KataPackageController(PackageController): """ Dataset handling modifications and additions. """ def _upload_xml(self, errors=None, error_summary=None): ''' Allow filling dataset form by parsing a user uploaded metadata file. ''' context = {'model': model, 'session': model.Session, 'user': c.user or c.author} try: t.check_access('package_create', context) except t.NotAuthorized: t.abort(401, _('Unauthorized to upload metadata')) xmlfile = u'' field_storage = request.params.get('xmlfile') if isinstance(field_storage, FieldStorage): bffr = field_storage.file xmlfile = bffr.read() url = request.params.get('url', u'') xmltype = request.params.get('xml-format', u'') log.info('Importing from {src}'.format( src='file: ' + field_storage.filename if field_storage else 'url: ' + url)) for harvester in plugins.PluginImplementations(h_interfaces.IHarvester): info = harvester.info() if not info or 'name' not in info: log.error('Harvester %r does not provide the harvester name in the info response' % str(harvester)) continue if xmltype == info['name']: log.debug('_upload_xml: Found harvester for import: {nam}'.format(nam=info['name'])) try: if xmlfile: pkg_dict = harvester.parse_xml(xmlfile, context) elif url: pkg_dict = harvester.fetch_xml(url, context) else: h.flash_error(_('Give upload URL or file.')) return h.redirect_to(controller='package', action='new') return super(KataPackageController, self).new(pkg_dict, errors, error_summary) except (urllib2.URLError, urllib2.HTTPError): log.debug('Could not fetch from url {ur}'.format(ur=url)) h.flash_error(_('Could not fetch from url {ur}'.format(ur=url))) except ValueError, e: log.debug(e) h.flash_error(_('Invalid upload URL')) except etree.XMLSyntaxError: h.flash_error(_('Invalid XML content')) except Exception, e: log.debug(e) log.debug(type(e)) h.flash_error(_("Failed to load file")) return h.redirect_to(controller='package', action='new') # on error
def index(self): """ This function renders the contribute landing page for a node-in-a-box and the harvest page for the central node. """ if not c.user: h.redirect_to( controller='user', action='login', came_from=h.url_for( controller= 'ckanext.ngds.ngdsui.controllers.contribute:ContributeController', action='index')) if g.central: #TODO: Need to change this to point the correct controller url = h.url_for_static( controller='ckanext.harvest.controllers.view:ViewController') h.redirect_to(url) else: return render('contribute/contribute.html')
def _download_file(self, relative_path, label): file_path = BASE_PATH + relative_path + label exists = os.path.isfile(file_path) if not exists: # handle erroneous trailing slash by redirecting to url w/o slash if label.endswith('/'): label = label[:-1] # This may be best being cached_url until we have moved it into # permanent storage file_url = h.url_for('storage_file', label=label) h.redirect_to(file_url) else: # abort(404) r = generate_response(404, None, error=u'File not found') return r with open(file_path, 'rb') as f: image = f.read() return generate_response(200, image, other_headers={'Content-type': 'image'})