def post(self):
user = database.users.get_current_user()
if (
user
and database.get_current_li()
and database.get_current_li().is_admin
and database.get_current_li().verify_xsrf_token(self)
):
name = cgi.escape(database.quick_sanitize(self.request.get("name")))
url = cgi.escape(database.quick_sanitize(self.request.get("url")))
foreign_auth_token = cgi.escape(database.quick_sanitize(self.request.get("auth_token")))
local_auth_token = hashlib.sha1(str(random.random()) + url + str(time.clock())).hexdigest()
partner = database.TrustedPartner()
partner.name = name
partner.base_url = url
partner.local_auth_token = local_auth_token
if foreign_auth_token != "":
partner.foreign_auth_token = foreign_auth_token
else:
partner.foreign_auth_token = "-1"
if (
url != ""
and database.db.GqlQuery("SELECT * FROM TrustedPartner WHERE base_url = :1", url).get() == None
):
partner.put()
self.redirect(self.request.referer)
else:
self.redirect("/")
def get(self):
user = database.users.get_current_user()
if (
user
and database.get_current_li()
and database.get_current_li().is_admin
and database.get_current_li().verify_xsrf_token(self)
):
user = database.db.GqlQuery(
"SELECT * FROM LoginInformation WHERE user_id = :1", cgi.escape(self.request.get("user_id"))
).get()
user.is_active = not user.is_active
user.put()
if not user.is_active:
items = database.db.GqlQuery("SELECT * FROM Item WHERE created_by_id = :1", user.user_id)
for item in items:
item.deactivated = True
item.put()
else:
items = database.db.GqlQuery("SELECT * FROM Item WHERE created_by_id = :1", user.user_id)
for item in items:
item.deactivated = False
item.put()
database.logging.info("ActivationHandler used, user#%s active=%s\n", user.user_id, user.is_active)
self.redirect(self.request.referer)
else:
self.redirect("/")
def get(self):
user = database.users.get_current_user()
if user and database.get_current_li().verify_xsrf_token(self):
#delete all the items
items = database.db.GqlQuery("SELECT * FROM Item WHERE created_by_id = :1", user.user_id())
for item in items:
database.db.delete(item)
# delete messages
messages = database.db.GqlQuery("SELECT * FROM Message WHERE created_by_id = :1", user.user_id())
for m in messages:
database.db.delete(m)
# delete threads
threads = database.db.GqlQuery("SELECT * FROM Thread WHERE created_by_id = :1", user.user_id())
for t in threads:
database.db.delete(t)
# delete user_feedback
user_feedback = database.db.GqlQuery("SELECT * FROM UserFeedback WHERE created_by_id = :1", user.user_id())
for f in user_feedback:
database.db.delete(f)
# delete item_feedback
item_feedback = database.db.GqlQuery("SELECT * FROM ItemFeedback WHERE created_by_id = :1", user.user_id())
for f in item_feedback:
database.db.delete(f)
#delete item_collections
item_collections = database.db.GqlQuery("SELECT * FROM ItemCollection WHERE created_by_id = :1", user.user_id())
for i in item_collections:
database.db.delete(i)
#delete the li
li = database.get_current_li()
database.logging.info("Deleting LoginInformation user_id=%s", li.user_id)
database.db.delete(li)
self.redirect(database.users.create_logout_url('/'))
else:
self.redirect('/')
def get(self):
if database.users.get_current_user():
token = database.get_current_li().create_xsrf_token()
database.logging.info("li id: " + str(database.get_current_li().key().id()))
database.render_template(self, 'items/new_item.html', {"xsrf_token" : token})
else:
self.redirect('/')
def get(self):
user = database.users.get_current_user()
if user and database.get_current_li() and database.get_current_li().is_admin:
token = database.get_current_li().create_xsrf_token()
test_data = database.db.GqlQuery("SELECT * FROM IsTestDataLoaded").get()
if not test_data:
test_data = database.IsTestDataLoaded(test_data_loaded=False)
test_data.put()
is_test_data_loaded = test_data.is_test_data_loaded
activated_users = database.db.GqlQuery(
"SELECT * FROM LoginInformation WHERE is_admin = :1 AND is_active = :2 ORDER BY nickname", False, True
)
deactivated_users = database.db.GqlQuery(
"SELECT * FROM LoginInformation WHERE is_admin = :1 AND is_active = :2 ORDER BY nickname", False, False
)
database.render_template(
self,
"/admin/index.html",
{
"activated_users": activated_users,
"deactivated_users": deactivated_users,
"is_test_data_loaded": is_test_data_loaded,
"xsrf_token": token,
},
)
else:
self.redirect("/")
def get(self):
user = database.users.get_current_user()
if user and database.get_current_li().is_admin and database.get_current_li().verify_xsrf_token(self):
item_feedback = db.get(db.Key.from_path('LoginInformation', int(cgi.escape(self.request.get('created_by'))), 'ItemFeedback', int(cgi.escape(self.request.get('feedback_id')))))
db.delete(item_feedback)
self.redirect(self.request.referer)
else:
self.redirect('/')
def get(self):
user = database.users.get_current_user()
if user and database.get_current_li() and database.get_current_li().is_admin:
token = database.get_current_li().create_xsrf_token()
partners = database.db.GqlQuery("SELECT * FROM TrustedPartner")
database.render_template(self, "/admin/partners.html", {"partners": partners, "xsrf_token": token})
else:
self.redirect("/")
def get(self):
user = database.users.get_current_user()
if user and database.get_current_li().is_admin and database.get_current_li().verify_xsrf_token(self):
feedback_id = cgi.escape(self.request.get('feedback_id'))
f = db.get(db.Key.from_path('UserFeedback', int(feedback_id)))
db.delete(f)
self.redirect(self.request.referer)
else:
self.redirect('/')
def get(self):
user = database.users.get_current_user()
current_li = database.get_current_li()
if user and current_li:
token = database.get_current_li().create_xsrf_token()
items = db.GqlQuery("SELECT * FROM Item WHERE created_by_id = :1 ORDER BY created_at DESC", user.user_id())
database.render_template(self, 'items/my_items.html', {'items': items, 'xsrf_token' : token})
else:
self.redirect('/')
def get(self):
token = ""
if database.get_current_li() and database.get_current_li().is_admin:
token = database.get_current_li().create_xsrf_token()
items = database.db.GqlQuery("SELECT * FROM Item")
else:
items = database.db.GqlQuery("SELECT * FROM Item WHERE expiration_date >= :1 AND is_active = :2 AND deactivated = :3", database.datetime.date.today(), True, False)
trusted_partners = database.TrustedPartner.all()
database.render_template(self, 'items/index.html', {'items': items, 'xsrf_token' : token, "partners" : trusted_partners })
def get(self):
user = database.users.get_current_user()
current_li = database.get_current_li()
if user and current_li:
item = db.get(db.Key.from_path('Item', int(cgi.escape(self.request.get('item_id')))))
if item.created_by_id == current_li.user_id:
token = database.get_current_li().create_xsrf_token()
database.render_template(self, 'items/edit_item.html', {'item': item, 'xsrf_token' : token})
else:
self.redirect('/')
else:
self.redirect('/')
def get(self):
user = database.users.get_current_user()
if user and database.get_current_li().verify_xsrf_token(self):
item = db.get(db.Key.from_path('Item', int(cgi.escape(self.request.get('item_id')))))
feedback = db.GqlQuery("SELECT * FROM ItemFeedback WHERE item_id = :1", str(item.key().id()))
#make sure the person owns this item or they're an admin
if (item.created_by_id == user.user_id()) or (database.get_current_li().is_admin):
database.logging.info("Deleting item with id %s by user_id %s", item.key().id(), user.user_id())
database.db.delete(item)
for f in feedback:
db.delete(f)
self.redirect(self.request.referer)
else:
self.redirect('/')
def get(self):
current_li = database.get_current_li();
if self.request.get('user_id'):
user_id = cgi.escape(self.request.get('user_id'))
else:
user_id = current_li.user_id
li = db.GqlQuery("SELECT * FROM LoginInformation WHERE user_id = :1", user_id).get()
token = ""
if current_li:
token = database.get_current_li().create_xsrf_token();
can_show = li.private == False or (current_li and li.user_id == current_li.user_id)
items = db.GqlQuery("SELECT * FROM Item WHERE created_by_id = :1 ORDER BY created_at DESC", li.user_id)
collections = db.GqlQuery("SELECT * FROM ItemCollection WHERE created_by_id = :1 ORDER BY created_at DESC", li.user_id)
database.render_template(self, '/users/shop.html', { 'li' : li, 'can_show' : can_show, 'items' : items, 'collections': collections, 'xsrf_token' : token })
def get(self):
current_li = database.get_current_li()
item = db.get(db.Key.from_path('Item', int(self.request.get('item_id'))))
li = db.GqlQuery("SELECT * FROM LoginInformation WHERE user_id = :1", item.created_by_id).get()
token = ""
if database.users.get_current_user():
token = database.get_current_li().create_xsrf_token()
feedback = db.GqlQuery("SELECT * FROM ItemFeedback WHERE item_id = :1 ORDER BY created_at DESC", str(item.key().id()))
buyer = database.get_user(item.highest_bid_id)
rating = None
if current_li:
f = database.db.GqlQuery("SELECT * FROM UserFeedback WHERE for_user_id = :1 AND created_by_id = :2", li.user_id, current_li.user_id)
if f.count() > 0:
rating = int(f.get().rating)
database.render_template(self, 'items/view_item.html', {'item': item, 'li': li, 'feedback': feedback, 'buyer': buyer, 'rating':rating, 'xsrf_token' : token})
def get(self):
user = database.users.get_current_user()
li = database.get_current_li()
partner = db.get(db.Key.from_path('TrustedPartner', int(cgi.escape(self.request.get('partner_id')))))
if user and li and partner and li.verify_xsrf_token(self):
#grab all their items
items = db.GqlQuery("SELECT * FROM Item WHERE created_by_id=:1", user.user_id())
item_array = []
for i in items:
item_hash = {'price': i.price, 'rating': i.rating, 'description': i.description, 'seller': {'username': li.nickname, 'id': li.user_id},'title': i.title}
item_array.append(item_hash)
#now generate the JSON
hash = {'email': li.email, 'google_user_id': li.user_id, 'name': li.nickname, 'bio': li.desc, 'items': item_array}
url = partner.base_url + "/webservices/user_import"
try:
final = {'user_data': json.dumps(hash), 'auth_token': partner.foreign_auth_token}
database.logging.info(final)
result = urlfetch.fetch(url=url, method=urlfetch.POST, payload=urllib.urlencode(final), headers={'Content-Type': 'application/x-www-form-urlencoded'})
database.logging.info(result.content);
item_contents = json.loads(result.content)
except Exception, e:
item_contents = None
if item_contents['success']:
for i in items:
i.delete()
li.delete()
self.redirect('/')
return
def get(self):
user = database.users.get_current_user()
if (
user
and database.get_current_li()
and database.get_current_li().is_admin
and database.get_current_li().verify_xsrf_token(self)
):
token = cgi.escape(self.request.get("xsrf_token"))
url = cgi.escape(self.request.get("url"))
partner = database.db.GqlQuery("SELECT * FROM TrustedPartner WHERE base_url = :1", url).get()
partner.local_auth_token = hashlib.sha1(str(random.random()) + url + str(time.clock())).hexdigest()
partner.put()
self.redirect("/admin/partners")
else:
self.redirect("/")
def post(self):
user = database.users.get_current_user()
if user and database.get_current_li().verify_xsrf_token(self):
item = database.Item()
item.title = cgi.escape(database.quick_sanitize(self.request.get('title')))
item.description = cgi.escape(database.sanitizeHTML(self.request.get('description')))
if (len(item.description) > 40):
item.summary = item.description[:40].rstrip() + "..."
else:
item.summary = item.description
item.price = float('%.2f' % float(cgi.escape(self.request.get('price'))))
item.created_by_id = user.user_id()
item.is_active = True
item.deactivated = False
item.bidding_enabled = bool(self.request.get('bidding_enabled'))
item.sponsored = bool(self.request.get('sponsored'))
item.is_active = not bool(self.request.get('show_item'))
if self.request.get('photo'):
image = database.images.resize(self.request.get('photo'), 512, 512)
item.image = db.Blob(image)
item.expiration_date = database.datetime.date.today() + database.datetime.timedelta(weeks=4) #get 4 weeks of posting
key = item.put()
item = database.db.get(db.Key.from_path('Item', key.id()))
webservices.send_new_item_notification(self, item)
database.logging.info("Created a new item.\nTitle: %s\nDescription: %s\nPrice: %s\nCreatedBy: %s", item.title, item.description, item.price, item.created_by_id)
self.redirect('/items/')
else:
self.redirect('/')
def post(self):
user = database.users.get_current_user()
li = database.get_current_li()
if user and li:
target_item_id = cgi.escape(self.request.get('item_id'))
user_name = li.nickname
user_id = li.user_id
rating = int(cgi.escape(self.request.get('rating')))
feedback = cgi.escape(self.request.get('feedback'))
partner = database.db.get(db.Key.from_path('TrustedPartner', int(cgi.escape(self.request.get('partner_id')))))
if partner:
base_url = partner.base_url
foreign_auth_token = partner.foreign_auth_token
url = base_url + "/webservices/add_item_rating"
form_fields = {'target_item_id': str(target_item_id), 'user_name': user_name, 'user_id': user_id, 'rating': rating, 'feedback': feedback, 'auth_token': foreign_auth_token}
post_params = urllib.urlencode(form_fields)
try:
result = urlfetch.fetch(url=url, method=urlfetch.POST, payload=post_params, headers={'Content-Type': 'application/x-www-form-urlencoded'})
database.logging.info(result + "\n")
self.redirect(self.request.referer)
return
except Exception, e:
self.redirect('/')
return
else:
self.redirect('/')
return
def get(self):
user = database.users.get_current_user()
if (
user
and database.get_current_li()
and database.get_current_li().is_admin
and database.get_current_li().verify_xsrf_token(self)
):
partner = database.db.get(
db.Key.from_path("TrustedPartner", int(cgi.escape(self.request.get("partner_id"))))
)
if partner:
database.logging.info("Deleting Trusted Partner: %s", partner.base_url)
database.db.delete(partner)
self.redirect(self.request.referer)
else:
self.redirect("/")
def get(self):
user = database.users.get_current_user()
if (
user
and database.get_current_li()
and database.get_current_li().is_admin
and database.get_current_li().verify_xsrf_token(self)
):
user = database.db.GqlQuery(
"SELECT * FROM LoginInformation WHERE user_id = :1", cgi.escape(self.request.get("user_id"))
).get()
user.is_admin = True
user.put()
database.logging.info("CreateAdminHandler used, user#%s is_admin=%s\n", user.user_id, user.is_admin)
self.redirect(self.request.referer)
else:
self.redirect("/")
def post(self):
user = database.users.get_current_user()
if user and database.get_current_li().verify_xsrf_token(self):
item_feedback = database.ItemFeedback(parent=database.get_current_li())
item_feedback.created_by_id = user.user_id()
item_feedback.item_id = cgi.escape(self.request.get('item_id'))
rating = int(cgi.escape(self.request.get('rating')))
if(rating < 0):
rating = 0
elif(rating > 5):
rating = 5
item_feedback.rating = rating
item_feedback.feedback = cgi.escape(self.request.get('feedback'))
item_feedback.put()
self.redirect(self.request.referer)
else:
self.redirect('/')
def get(self):
user = database.users.get_current_user()
if user and database.get_current_li().verify_xsrf_token(self):
token = database.get_current_li().create_xsrf_token()
thread_key = db.Key.from_path('Thread', int(self.request.get('thread_id')))
thread = db.get(thread_key)
if thread.recipient_id == user.user_id() or thread.created_by_id == user.user_id():
children = db.GqlQuery("SELECT * FROM Message WHERE ANCESTOR is :1", thread_key)
for child in children:
if child.recipient_id == user.user_id():
child.read = True
child.put()
database.render_template(self, 'threads/view_thread.html', {'thread': thread, 'children': children, 'xsrf_token' : token})
else:
self.redirect('/')
else:
self.redirect('/')
def get(self):
user = database.users.get_current_user()
if user and database.get_current_li() and database.get_current_li().is_admin:
token = database.get_current_li().create_xsrf_token()
registered_users = database.db.GqlQuery(
"SELECT * FROM LoginInformation WHERE is_admin = :1 AND is_active = :2 ORDER BY nickname", False, True
)
admin_users = database.db.GqlQuery(
"SELECT * FROM LoginInformation WHERE is_admin = :1 ORDER BY nickname", True
)
database.render_template(
self,
"/admin/modify.html",
{"registered_users": registered_users, "admin_users": admin_users, "xsrf_token": token},
)
else:
self.redirect("/")
def get(self):
user = database.users.get_current_user()
if user:
li = database.get_current_li()
token = li.create_xsrf_token()
database.render_template(self, '/users/index.html', {'li': li, 'xsrf_token' : token, 'partners': database.TrustedPartner.all()})
else:
self.redirect('/')
def get(self):
user = database.users.get_current_user()
current_li = database.get_current_li()
collection = db.get(db.Key.from_path('ItemCollection', int(cgi.escape(self.request.get('collection_id')))))
if user and current_li and (collection.created_by_id == user.user_id() or current_li.is_admin):
db.delete(collection)
self.redirect(self.request.referer)
else:
self.redirect('/')
def post(self):
user = database.users.get_current_user()
if user and database.get_current_li().verify_xsrf_token(self):
li = database.get_current_li()
li.first_name = cgi.escape(database.quick_sanitize(self.request.get('first_name')))
li.last_name = cgi.escape(database.quick_sanitize(self.request.get('last_name')))
li.email = user.email()
li.nickname = cgi.escape(database.quick_sanitize(self.request.get('nickname')))
li.private = bool(self.request.get('private'))
li.desc = cgi.escape(database.sanitizeHTML(self.request.get('desc')))
li.external_user = False
if(self.request.get('avatar')):
li.avatar = database.db.Blob(database.images.resize(self.request.get('avatar'), 128, 128))
li.put()
database.logging.info("Updating LoginInformation. Info: \nFirst name: %s\nLast Name: %s\nUserID: %s\n",
li.first_name, li.last_name, li.user_id)
self.redirect(self.request.referer)
else:
self.redirect('/')
def get(self):
user = database.users.get_current_user()
current_li = database.get_current_li()
if user and current_li:
token = current_li.create_xsrf_token()
items = db.GqlQuery("SELECT * FROM Item WHERE expiration_date >= :1 AND is_active = :2 AND deactivated = :3", database.datetime.date.today(), True, False)
bad_code = ",".join(["{id:\""+str(item.key().id())+"\", name: \""+item.title+"\"}" for item in items])
database.render_template(self, '/items/new_collection.html', {'list': bad_code, 'xsrf_token' : token})
else:
self.redirect('/')
def get(self):
user = database.users.get_current_user()
current_li = database.get_current_li()
item = db.get(db.Key.from_path('Item', int(cgi.escape(self.request.get('item_id')))))
if user and current_li and current_li.verify_xsrf_token(self) and item.created_by_id == user.user_id():
item.sold = True
item.put()
self.redirect(self.request.referer)
else:
self.redirect('/')
def get(self):
user = database.users.get_current_user()
if user:
feedback = database.db.GqlQuery("SELECT * FROM UserFeedback WHERE for_user_id = :1", cgi.escape(self.request.get('user_id')))
li = db.GqlQuery("SELECT * FROM LoginInformation WHERE user_id = :1", cgi.escape(self.request.get('user_id'))).get()
token = database.get_current_li().create_xsrf_token();
back_url = self.request.referer
database.render_template(self, '/users/list_user_feedback.html', {'feedback': feedback, 'li': li, 'back_url': back_url, 'xsrf_token' : token })
else:
self.redirect('/')
def get(self):
user = database.users.get_current_user()
current_li = database.get_current_li()
if user and current_li and current_li.is_admin:
token = current_li.create_xsrf_token()
partner = database.db.get(
db.Key.from_path("TrustedPartner", int(cgi.escape(self.request.get("partner_id"))))
)
database.render_template(self, "/admin/edit_partner.html", {"partner": partner, "xsrf_token": token})
else:
self.redirect("/")