def settings(request):
"""
View configuration for the personal settings view. Only logged in user can reach this page.
:param request: current request of the server
:return: dictionary with title and project name as well as a value, weather the user is logged in
"""
LOG.debug("Show settings %s", request.params)
ui_locales = get_language_from_cookie(request)
old_pw, new_pw, confirm_pw, message = '', '', '', ''
success, error = False, False
db_user: User = request.validated['user']
if 'form.passwordchange.submitted' in request.params:
old_pw = escape_string(request.params['passwordold'])
new_pw = escape_string(request.params['password'])
confirm_pw = escape_string(request.params['passwordconfirm'])
message, success = change_password(db_user, old_pw, new_pw, confirm_pw, ui_locales)
error = not success
settings_dict = DictionaryHelper(ui_locales).prepare_settings_dict(success, old_pw, new_pw, confirm_pw, error,
message, db_user, request.application_url,
request.decorated['extras']['use_with_ldap'])
prep_dict = main_dict(request, Translator(ui_locales).get(_.settings))
prep_dict.update({
'settings': settings_dict
})
return prep_dict
def create_issue_after_validation(request):
LOG.debug("Set a new issue: %s", request.json_body)
info = escape_string(request.validated['info'])
long_info = escape_string(request.validated['long_info'])
title = escape_string(request.validated['title'])
lang = request.validated['lang']
is_public = request.validated['is_public']
is_read_only = request.validated['is_read_only']
return issue_handler.set_issue(request.validated['user'], info, long_info,
title, lang, is_public, is_read_only)
def send_news(request):
"""
ajax interface for settings news
:param request: current request of the server
:return: json-set with new news
"""
LOG.debug("Set news via AJAX: %s", request.json_body)
title = escape_string(request.validated['title'])
text = escape_string(request.validated['text'])
db_user = request.validated['user']
return news_handler.set_news(title, text, db_user, request.registry.settings['pyramid.default_locale_name'],
request.application_url)
def set_references(request):
"""
Sets a reference for a statement or an arguments
:param request: current request of the server
:return: json-dict()
"""
LOG.debug("Set a reference for a statement or an argument. Request: %s", request.json_body)
db_statement = request.validated['statement']
text = escape_string(request.validated['text'])
source = escape_string(request.validated['ref_source'])
db_user = request.validated['user']
db_issue = request.validated['issue']
return set_reference(text, source, db_user, db_statement, db_issue.uid)
def test_escape_string(self):
self.assertEqual('', lib.escape_string(text=''))
# normal string
self.assertEqual('str', lib.escape_string(text='str'))
# strings with html special chars
self.assertEqual('&', lib.escape_string(text='&'))
self.assertEqual('" str & str2', lib.escape_string(text='" str & str2'))
long_str_with_special_char = 'str' + '"' * 1000
long_str_without_special_char = 'str' + '"' * 1000
self.assertEqual(long_str_without_special_char, lib.escape_string(long_str_with_special_char))
def set_references(request):
"""
Sets a reference for a statement or an arguments
:param request: current request of the server
:return: json-dict()
"""
logger('views', 'main: {}'.format(request.json_body))
db_statement = request.validated['statement']
reference = escape_string(request.validated['reference'])
source = escape_string(request.validated['ref_source'])
db_user = request.validated['user']
return set_reference(reference, source, db_user, db_statement,
db_statement.issue_uid)
def set_statement(text: str, db_user: User, is_position: bool,
db_issue: Issue) -> Tuple[Statement, bool]:
"""
Saves statement for user
:param text: given statement
:param db_user: User of given user
:param is_position: if it is a start statement
:param db_issue: Issue
:return: Statement, is_duplicate or -1, False on error
"""
LOG.debug("User_id: %s, text: %s, issue: %s", db_user.uid, text,
db_issue.uid)
# escaping and cleaning
text = escape_string(' '.join(text.strip().split()))
_tn = Translator(db_issue.lang)
if text.startswith(_tn.get(_.because).lower() + ' '):
text = text[len(_tn.get(_.because) + ' '):]
while text.endswith(('.', '?', '!', ',')):
text = text[:-1]
# check, if the text already exists
db_dupl = __check_duplicate(db_issue, text)
if db_dupl:
return db_dupl, True
db_statement = __add_statement(is_position)
__add_textversion(text, db_user.uid, db_statement.uid)
__add_statement2issue(db_statement.uid, db_issue.uid)
return db_statement, False
def set_new_issue(request):
"""
:param request: current request of the server
:return:
"""
LOG.debug("Set a new issue: %s", request.json_body)
info = escape_string(request.validated['info'])
long_info = escape_string(request.validated['long_info'])
title = escape_string(request.validated['title'])
lang = request.validated['lang']
is_public = request.validated['is_public']
is_read_only = request.validated['is_read_only']
return issue_handler.set_issue(request.validated['user'], info, long_info,
title, lang, is_public, is_read_only)
def set_new_issue(request):
"""
:param request: current request of the server
:return:
"""
logger('views', 'main {}'.format(request.json_body))
info = escape_string(request.validated['info'])
long_info = escape_string(request.validated['long_info'])
title = escape_string(request.validated['title'])
lang = request.validated['lang']
is_public = request.validated['is_public']
is_read_only = request.validated['is_read_only']
return issue_handler.set_issue(request.validated['user'], info, long_info,
title, lang, is_public, is_read_only)
def escape_if_string(data: dict, key: str):
"""
Escape string if key exists.
:param data:
:param key:
:return: Return escaped value if it was a string
"""
val = data.get(key)
if val and isinstance(val, str):
return escape_string(val)
return val
def store_reference(reference: str, host: str, path: str, user: User, statement: Statement,
issue: Issue) -> StatementReference:
"""
Store reference to database.
:param reference: String from external website
:param user: user which adds the reference
:param host: external website, where the reference comes from
:param path: path on website to reference
:param statement: assign reference to this statement
:param issue: assign issue to reference
:return: newly stored reference
"""
reference_text = escape_string(reference)
log.debug("New Reference for Statement.uid {}: {}".format(statement.uid, reference_text))
db_ref: StatementReference = StatementReference(escape_string(reference_text), host, path, user.uid,
statement.uid, issue.uid)
DBDiscussionSession.add(db_ref)
DBDiscussionSession.flush()
transaction.commit()
return db_ref
def register_user_with_json_data(data, lang, mailer: Mailer):
"""
Consume the ajax data for an login attempt
:param data: validated params of webserver's request
:param lang: language
:param mailer: Mailer
:return: Boolean, String, User
"""
_tn = Translator(lang)
success = ''
firstname = escape_string(data.get('firstname', ''))
lastname = escape_string(data.get('lastname', ''))
nickname = escape_string(data.get('nickname', ''))
email = escape_string(data.get('email', ''))
gender = escape_string(data.get('gender', ""))
password = escape_string(data.get('password', ''))
passwordconfirm = escape_string(data.get('passwordconfirm', ''))
db_new_user = None
msg = __check_login_params(firstname, lastname, nickname, email, password,
passwordconfirm)
if msg:
return success, _tn.get(msg), db_new_user
# getting the authors group
db_group = DBDiscussionSession.query(Group).filter_by(name="users").first()
# does the group exists?
if not db_group:
msg = _tn.get(_.errorTryLateOrContant)
LOG.debug("Error occured")
return success, msg, db_new_user
user_data = {
'firstname': firstname,
'lastname': lastname,
'nickname': nickname,
'gender': gender,
'email': email
}
ret_dict = user.set_new_user(mailer, user_data, password, _tn)
success = ret_dict['success']
error = ret_dict['error']
db_new_user = ret_dict['user']
msg = error
if success:
msg = _tn.get(_.accountWasAdded).format(nickname)
return success, msg, db_new_user
def valid_q_parameter(request):
"""
Validate that a q-GET parameter is given.
:param request: Request
:return:
"""
query_string: str = request.params.get('q')
if not query_string:
add_error(
request,
'GET-Parameter \'q\' is missing or empty',
'Provide a \'q\'-GET Parameter, which is the query-string to search in the database',
location='querystring')
return False
request.validated['query'] = escape_string(query_string)
return True
def send_notification(from_user, to_user, topic, content, mainpage):
"""
Sends message to an user and places a copy in the outbox of current user. Returns the uid and timestamp
:param from_user: User
:param to_user: User
:param topic: String
:param content: String
:param mainpage: String
:return:
"""
content = escape_string(content)
notification_in = Message(from_author_uid=from_user.uid,
to_author_uid=to_user.uid,
topic=topic,
content=content,
is_inbox=True)
notification_out = Message(from_author_uid=from_user.uid,
to_author_uid=to_user.uid,
topic=topic,
content=content,
is_inbox=False,
read=True)
DBDiscussionSession.add_all([notification_in, notification_out])
DBDiscussionSession.flush()
transaction.commit()
db_settings = to_user.settings
if db_settings.should_send_notifications:
user_lang = DBDiscussionSession.query(Language).get(
db_settings.lang_uid).ui_locales
_t_user = Translator(user_lang)
send_request_for_info_popup_to_socketio(to_user.nickname,
_t_user.get(_.newNotification),
mainpage + '/notifications',
increase_counter=True)
db_inserted_notification = DBDiscussionSession.query(Message).filter(
Message.from_author_uid == from_user.uid,
Message.to_author_uid == to_user.uid, Message.topic == topic,
Message.content == content,
Message.is_inbox == True).order_by(Message.uid.desc()).first()
return db_inserted_notification
def set_statement(text: str, db_user: User, is_start: bool, db_issue: Issue) -> Tuple[Statement, bool]:
"""
Saves statement for user
:param text: given statement
:param db_user: User of given user
:param is_start: if it is a start statement
:param db_issue: Issue
:return: Statement, is_duplicate or -1, False on error
"""
logger('StatementsHelper', 'user: '******', user_id: ' + str(db_user.uid) +
', text: ' + str(text) + ', issue: ' + str(db_issue.uid))
# escaping and cleaning
text = text.strip()
text = ' '.join(text.split())
text = escape_string(text)
_tn = Translator(db_issue.lang)
if text.startswith(_tn.get(_.because).lower() + ' '):
text = text[len(_tn.get(_.because) + ' '):]
while text.endswith(('.', '?', '!', ',')):
text = text[:-1]
# check, if the text already exists
db_duplicate = DBDiscussionSession.query(TextVersion).filter(
func.lower(TextVersion.content) == text.lower()).first()
if db_duplicate:
db_statement = DBDiscussionSession.query(Statement).filter(Statement.uid == db_duplicate.statement_uid,
Statement.issue_uid == db_issue.uid).one()
return db_statement, True
# add text
statement = Statement(is_position=is_start, issue=db_issue.uid)
DBDiscussionSession.add(statement)
DBDiscussionSession.flush()
# add textversion
textversion = TextVersion(content=text, author=db_user.uid, statement_uid=statement.uid)
DBDiscussionSession.add(textversion)
DBDiscussionSession.flush()
transaction.commit()
return statement, False
