def GET(self, path): print 'user_preferences', path, web.ctx.site.can_write(path), context.user # only people who can modify the preferences should be able to see them if web.ctx.site.can_write(path): return core.view().GET(path) else: return render.permission_denied(path, "Permission Denied.")
def POST(self, key): i = web.input("v", _comment=None) v = i.v and safeint(i.v, None) if v is None: raise web.seeother(web.changequery({})) if not web.ctx.site.can_write(key) or not user_is_admin_or_librarian(): return render.permission_denied( web.ctx.fullpath, "Permission denied to edit " + key + ".") thing = web.ctx.site.get(key, i.v) if not thing: raise web.notfound() def revert(thing): if thing.type.key == "/type/delete" and thing.revision > 1: prev = web.ctx.site.get(thing.key, thing.revision - 1) if prev.type.key in ["/type/delete", "/type/redirect"]: return revert(prev) else: prev._save("revert to revision %d" % prev.revision) return prev elif thing.type.key == "/type/redirect": redirect = web.ctx.site.get(thing.location) if redirect and redirect.type.key not in [ "/type/delete", "/type/redirect", ]: return redirect else: # bad redirect. Try the previous revision prev = web.ctx.site.get(thing.key, thing.revision - 1) return revert(prev) else: return thing def process(value): if isinstance(value, list): return [process(v) for v in value] elif isinstance(value, client.Thing): if value.key: if value.type.key in ['/type/delete', '/type/revert']: return revert(value) else: return value else: for k in value: value[k] = process(value[k]) return value else: return value for k in thing: thing[k] = process(thing[k]) comment = i._comment or "reverted to revision %d" % v thing._save(comment) raise web.seeother(key)
def POST(self, key): i = web.input("v", _comment=None) v = i.v and safeint(i.v, None) if v is None: raise web.seeother(web.changequery({})) user = accounts.get_current_user() is_admin = user and user.key in [m.key for m in web.ctx.site.get('/usergroup/admin').members] if not (is_admin and web.ctx.site.can_write(key)): return render.permission_denied(web.ctx.fullpath, "Permission denied to edit " + key + ".") thing = web.ctx.site.get(key, i.v) if not thing: raise web.notfound() def revert(thing): if thing.type.key == "/type/delete" and thing.revision > 1: prev = web.ctx.site.get(thing.key, thing.revision-1) if prev.type.key in ["/type/delete", "/type/redirect"]: return revert(prev) else: prev._save("revert to revision %d" % prev.revision) return prev elif thing.type.key == "/type/redirect": redirect = web.ctx.site.get(thing.location) if redirect and redirect.type.key not in ["/type/delete", "/type/redirect"]: return redirect else: # bad redirect. Try the previous revision prev = web.ctx.site.get(thing.key, thing.revision-1) return revert(prev) else: return thing def process(value): if isinstance(value, list): return [process(v) for v in value] elif isinstance(value, client.Thing): if value.key: if value.type.key in ['/type/delete', '/type/revert']: return revert(value) else: return value else: for k in value.keys(): value[k] = process(value[k]) return value else: return value for k in thing.keys(): thing[k] = process(thing[k]) comment = i._comment or "reverted to revision %d" % v thing._save(comment) raise web.seeother(key)
def handle(self, cls, args=()): m = getattr(cls(), web.ctx.method, None) if not m: raise web.nomethod(cls=cls) else: if self.is_admin(): return m(*args) else: return render.permission_denied(web.ctx.path, "Permission denied.")
def GET(self): # make sure the request is coming from the LAN. if web.ctx.ip not in ['127.0.0.1', '0.0.0.0'] and web.ctx.ip.rsplit(".", 1)[0] != local_ip().rsplit(".", 1)[0]: return render.permission_denied(web.ctx.fullpath, "Permission denied to reload templates/macros.") from infogami.plugins.wikitemplates import code as wikitemplates wikitemplates.load_all() from openlibrary.plugins.upstream import code as upstream upstream.reload() return delegate.RawText("done")
def GET(self, key): # only allow admin users to edit yaml if not self.is_admin(): return render.permission_denied(key, 'Permission Denied') try: d = self.get_data(key) except web.HTTPError, e: if web.ctx.status.lower() == "404 not found": d = {"key": key} else: raise
def handle(self, cls, args=()): # Use admin theme context.bodyid = "admin" m = getattr(cls(), web.ctx.method, None) if not m: raise web.nomethod(cls=cls) else: if self.is_admin(): return m(*args) else: return render.permission_denied(web.ctx.path, "Permission denied.")
def GET(self, key): # only allow admin users to edit yaml if not self.is_admin(): return render.permission_denied(key, 'Permission Denied') try: d = self.get_data(key) except web.HTTPError as e: if web.ctx.status.lower() == '404 not found': d = {'key': key} else: raise return render.edit_yaml(key, self.dump(d))
def handle(self, cls, args=(), librarians=False): # Use admin theme context.cssfile = "admin" m = getattr(cls(), web.ctx.method, None) if not m: raise web.nomethod(cls=cls) else: if (self.is_admin() or (librarians and context.user and context.user.is_librarian())): return m(*args) else: return render.permission_denied(web.ctx.path, "Permission denied.")
def GET(self, username, key='loans'): user = web.ctx.site.get('/people/%s' % username) if not user: return render.notfound("User %s" % username, create=False) cur_user = accounts.get_current_user() if not cur_user or cur_user.key.split('/')[-1] != username: return render.permission_denied(web.ctx.path, 'Permission Denied') readlog = ReadingLog(user=user) works = readlog.get_works(key, page=1, limit=2000) works_json = [ { 'title': w.get('title'), 'key': w.key, 'author_keys': [a.author.key for a in w.get('authors', [])], 'first_publish_year': w.first_publish_year or None, 'subjects': w.get('subjects'), 'subject_people': w.get('subject_people'), 'subject_places': w.get('subject_places'), 'subject_times': w.get('subject_times'), } for w in works ] author_keys = set( a for work in works_json for a in work['author_keys'] ) authors_json = [ { 'key': a.key, 'name': a.name, 'birth_date': a.get('birth_date'), } for a in web.ctx.site.get_many(list(author_keys)) ] page = render['account/readinglog_stats']( json.dumps(works_json), json.dumps(authors_json), len(works_json), user.key, user.displayname, web.ctx.path.rsplit('/', 1)[0], key, lang=web.ctx.lang, ) page.v2 = True return page
def POST(self, key): # only allow admin users to edit yaml if not self.is_admin(): return render.permission_denied(key, 'Permission Denied') i = web.input(body='', _comment=None) if '_save' in i: d = self.load(i.body) p = web.ctx.site.new(key, d) try: p._save(i._comment) except (client.ClientException, ValidationException), e: add_flash_message('error', str(e)) return render.edit_yaml(key, i.body) raise web.seeother(key + '.yml')