def _q_access(self, request):
user = auth.login_user(quiet=True)
p = self.pic()
if not p.mayView(user):
user = auth.login_user()
if not p.mayView(user):
raise AccessError('may not view picture')
def handle_upload(self):
request = quixote.get_request()
response = quixote.get_response()
user = auth.login_user()
perm = self.db.permissions(user)
mayupload = (user and user.mayUpload) or (perm and perm.mayUpload)
if not mayupload:
raise AccessError('You may not upload images')
if 'image' not in request.form:
response.set_status(204) # no content
return ''
added = []
skipped = {}
if isinstance(request.form['image'], list):
for img in request.form['image']:
self.do_upload(img, user, added, skipped)
else:
img = request.form['image']
self.do_upload(img, user, added, skipped)
added = [ image.Image(self, id) for id in added ]
added = [ (p.path(), p.meta.get_meta()) for p in added ]
http.json_response()
response.set_status(201) # created
return json.write({ 'added': added, 'skipped': skipped })
def _q_index(self, request):
sess_user = auth.login_user(quiet=True)
if sess_user is None:
return quixote.redirect(path(sess_user))
return user_page.user_page(request)
def _q_access(self, request):
user = auth.login_user()
perm = self.collection.db.permissions(user)
mayupload = (user and user.mayUpload) or (perm and perm.mayUpload)
if not mayupload:
raise AccessError, 'You may not upload images'
def _q_index(self, request):
user = auth.login_user(quiet=True)
if self.year is None:
self.year = self.calendar.most_recent(user).year
y = self.calendar.yearview(self.year, user=user)
return self.ui.formatyear(y, user)
def mayEdit(self, p, quiet=False):
user = auth.login_user(quiet=quiet)
if user is None:
return False
perms = self.db.permissions(user)
return (perms and perms.mayEdit) or p.mayEdit(user)
def mayViewCollection(self, quiet=False):
user = auth.login_user(quiet=quiet)
if self.db.visibility == 'public':
return True
if user and self.db.visibility == 'private':
perms = self.db.permissions(user)
return user.mayAdmin or self.db.ownerID == user.id or (perms and perms.mayView)
return False
def set_meta(self, name, value):
user = auth.login_user()
p = self.image.pic()
if not p.mayEdit(user):
raise AccessError('Must log in to change picture')
if name not in self.set_fields:
raise http.ForbiddenError("can't change '%s' field" % name)
return self.set_fields[name](self, value)
def mayUpload(self, quiet=False):
user = auth.login_user(quiet=quiet)
if not user:
return False;
if user.mayAdmin or user.mayUpload:
return True
p = self.db.permissions(user)
if p and p.mayUpload:
return True
return False
def mayView(self, p, quiet=False):
user = auth.login_user(quiet=quiet)
if self.db.visibility == 'public':
return p.mayView(user)
if user is None:
return False
if self.db.owner == user:
return p.mayView(user)
perms = self.db.permissions(user)
if p.visibility == 'restricted' and perms.mayViewRestricted:
return True
return False
def mayAdminCol(self, quiet=False):
user = auth.login_user(quiet=quiet)
if user is None:
return False
if user.id == self.db.ownerID:
return True
if user.mayAdmin:
return True
p = self.db.permissions(user)
if p and p.mayAdmin:
return True
return False
def mayViewOrig(self, p, quiet=False):
user = auth.login_user(quiet=quiet)
if self.db.visibility == 'public' and self.db.showOriginal:
return p.mayView(user)
if user is None:
return False
if self.db.owner == user or p.owner == user:
return p.mayView(user)
perms = self.db.permissions(user)
if perms is not None and (perms.mayAdmin or perms.mayViewall):
return p.mayView(user)
return False
def _q_access(self, request):
if not self.mayViewCollection(quiet=True):
raise AccessError, "You may not view this collection"
m = menu.SubMenu(heading='Collection: %s' % self.db.name)
if self.mayAdminCol(quiet=True):
m += [ menu.Link(link='Administer',
url=self.admin_path()) ]
if self.mayUpload(quiet=True):
um = menu.SubMenu(heading=menu.Link(link='Upload', url=self.upload.path()))
if False and self.upload.have_pending(auth.login_user(quiet=True)):
um += [ menu.Link(link='Pending', url=self.upload.pending_path()) ]
m += [ um ]
request.context_menu += [ menu.Separator(), m ]
request.context_menu += [ self.calendar.menupane_extra() ]
request.context_menu += self.search.menupane_extra()
def _q_access(request):
""" This _q_access is not really used for access checking, but as
a hook which is always called when the path is traversed. It installs
the state needed for the context menu, which is hung off the request. """
request = quixote.get_request()
request.context_menu = menu.SubMenu()
user = auth.login_user(quiet=True)
# Add collection list
collections = db.Collection.select(dbfilters.mayViewCollectionFilter(user),
orderBy=db.Collection.q.id)
request.context_menu += [ menu.Separator(),
menu.SubMenu(heading='Collections:',
items=[ menu.Link(link=c.name,
url=collection.Collection(c, imagestore).path(),
extra={ 'title': c.description })
for c in collections ]) ]
# add navigation
request.navigation = nav.Nav(request)
def _q_index(self, request):
request = quixote.get_request()
method = request.get_method()
user = auth.login_user()
if method == 'POST':
if request.form.get('file') is None:
raise QueryError('Missing file')
dbu = db.Upload(user=user, collection=self.collection.db)
pending = PendingUpload(self, dbu)
if isinstance(request.form['file'], list):
files = request.form['file']
else:
files = [ request.form['file'] ]
response = quixote.get_response()
response.buffered = False
return pending.do_upload(files,
request.form['visibility'])
elif method == 'GET':
uploads = self.uploads(user)
if http.want_json():
ret = [ (u.import_time.year, u.import_time.month, u.import_time.day,
u.import_time.hour, u.import_time.minute, u.import_time.second)
for u in uploads
if len(u.pictures) > 0 ]
http.json_response()
return json.write(ret)
else:
return self.ui.uploadform(uploads)
else:
raise http.MethodError(['GET', 'POST'])
def _q_access(request):
sess_user = auth.login_user(quiet=True)
if sess_user and sess_user.mayAdmin:
request.context_menu += [ menu.Separator(),
menu.Link('User admin', '%suser/editusers' % imagestore.path()) ]
def _q_index(self, request):
user = auth.login_user(quiet=True)
return self.ui._q_index(self.date, self.interval, user)
def _q_access(self, request):
request = quixote.get_request()
if request.get_method() in ('POST', 'PUT'):
auth.login_user()
def _q_access(self, request):
sess_user = auth.login_user()
if not sess_user or (sess_user != self.user and not sess_user.mayAdmin):
raise AccessError("You may not view this user's details")
