def activity_view(request): """ /<username>/activity/<id> - Display activity This should display a HTML presentation of the activity this is NOT an API endpoint. """ # Get the user object. username = request.matchdict["username"] user = User.query.filter_by(username=username).first() activity_id = request.matchdict["id"] if request.user is None: return render_404(request) activity = Activity.query.filter_by( id=activity_id, author=user.id ).first() if activity is None: return render_404(request) return render_to_response( request, "mediagoblin/api/activity.html", {"activity": activity} )
def user_collection(request, page, url_user=None): """A User-defined Collection""" collection = Collection.query.filter_by( get_creator=url_user, slug=request.matchdict['collection']).first() if not collection: return render_404(request) cursor = collection.get_collection_items() pagination = Pagination(page, cursor) collection_items = pagination() # if no data is available, return NotFound # TODO: Should an empty collection really also return 404? if collection_items == None: return render_404(request) return render_to_response( request, 'mediagoblin/user_pages/collection.html', {'user': url_user, 'collection': collection, 'collection_items': collection_items, 'pagination': pagination})
def user_home(request, page): """'Homepage' of a User()""" user = User.query.filter_by(username=request.matchdict['user']).first() if not user: return render_404(request) elif not user.has_privilege(u'active'): return render_to_response( request, 'mediagoblin/user_pages/user_nonactive.html', {'user': user}) cursor = MediaEntry.query.\ filter_by(uploader = user.id, state = u'processed').order_by(MediaEntry.created.desc()) pagination = Pagination(page, cursor) media_entries = pagination() #if no data is available, return NotFound if media_entries == None: return render_404(request) user_gallery_url = request.urlgen( 'mediagoblin.user_pages.user_gallery', user=user.username) return render_to_response( request, 'mediagoblin/user_pages/user.html', {'user': user, 'user_gallery_url': user_gallery_url, 'media_entries': media_entries, 'pagination': pagination})
def wrapper(request, *args, **kwargs): user = request.db.User.find_one( {'username': request.matchdict['user']}) if not user: return render_404(request) media = request.db.MediaEntry.find_one( {'slug': request.matchdict['media'], 'state': u'processed', 'uploader': user._id}) # no media via slug? Grab it via ObjectId if not media: try: media = request.db.MediaEntry.find_one( {'_id': ObjectId(request.matchdict['media']), 'state': u'processed', 'uploader': user._id}) except InvalidId: return render_404(request) # Still no media? Okay, 404. if not media: return render_404(request) return controller(request, media=media, *args, **kwargs)
def user_home(request, page): """'Homepage' of a User()""" # TODO: decide if we only want homepages for active users, we can # then use the @get_active_user decorator and also simplify the # template html. user = User.query.filter_by(username=request.matchdict['user']).first() if not user: return render_404(request) elif user.status != u'active': return render_to_response(request, 'mediagoblin/user_pages/user.html', {'user': user}) cursor = MediaEntry.query.\ filter_by(uploader = user.id, state = u'processed').order_by(MediaEntry.created.desc()) pagination = Pagination(page, cursor) media_entries = pagination() #if no data is available, return NotFound if media_entries == None: return render_404(request) user_gallery_url = request.urlgen('mediagoblin.user_pages.user_gallery', user=user.username) return render_to_response( request, 'mediagoblin/user_pages/user.html', { 'user': user, 'user_gallery_url': user_gallery_url, 'media_entries': media_entries, 'pagination': pagination })
def user_home(request, page): """'Homepage' of a LocalUser()""" user = LocalUser.query.filter_by( username=request.matchdict['user']).first() if not user: return render_404(request) elif not user.has_privilege('active'): return render_to_response( request, 'mediagoblin/user_pages/user_nonactive.html', {'user': user}) cursor = MediaEntry.query.\ filter_by(actor = user.id).order_by(MediaEntry.created.desc()) pagination = Pagination(page, cursor) media_entries = pagination() # if no data is available, return NotFound if media_entries == None: return render_404(request) user_gallery_url = request.urlgen('mediagoblin.user_pages.user_gallery', user=user.username) return render_to_response( request, 'mediagoblin/user_pages/user.html', { 'user': user, 'user_gallery_url': user_gallery_url, 'media_entries': media_entries, 'pagination': pagination })
def activity_view(request): """ /<username>/activity/<id> - Display activity This should display a HTML presentation of the activity this is NOT an API endpoint. """ # Get the user object. username = request.matchdict["username"] user = LocalUser.query.filter_by(username=username).first() activity_id = request.matchdict["id"] if request.user is None: return render_404(request) activity = Activity.query.filter_by(id=activity_id, author=user.id).first() # There isn't many places to check that the public_id is filled so this # will do, it really should be, lets try and fix that if it isn't. activity.get_public_id(request.urlgen) if activity is None: return render_404(request) return render_to_response(request, "mediagoblin/api/activity.html", {"activity": activity})
def user_gallery(request, page): """'Gallery' of a User()""" user = request.db.User.find_one({ 'username': request.matchdict['user'], 'status': u'active'}) if not user: return render_404(request) cursor = request.db.MediaEntry.find( {'uploader': user._id, 'state': u'processed'}).sort('created', DESCENDING) pagination = Pagination(page, cursor) media_entries = pagination() #if no data is available, return NotFound if media_entries == None: return render_404(request) return render_to_response( request, 'mediagoblin/user_pages/gallery.html', {'user': user, 'media_entries': media_entries, 'pagination': pagination})
def user_collection(request, page): """A User-defined Collection""" user = request.db.User.find_one({ 'username': request.matchdict['user'], 'status': u'active'}) if not user: return render_404(request) collection = request.db.Collection.find_one( {'slug': request.matchdict['collection']}) cursor = request.db.CollectionItem.find( {'collection': collection.id}) pagination = Pagination(page, cursor) collection_items = pagination() #if no data is available, return NotFound if collection_items == None: return render_404(request) return render_to_response( request, 'mediagoblin/user_pages/collection.html', {'user': user, 'collection': collection, 'collection_items': collection_items, 'pagination': pagination})
def user_home(request, page): """'Homepage' of a User()""" # TODO: decide if we only want homepages for active users, we can # then use the @get_active_user decorator and also simplify the # template html. user = User.query.filter_by(username=request.matchdict["user"]).first() if not user: return render_404(request) elif user.status != u"active": return render_to_response(request, "mediagoblin/user_pages/user.html", {"user": user}) cursor = MediaEntry.query.filter_by(uploader=user.id, state=u"processed").order_by(MediaEntry.created.desc()) pagination = Pagination(page, cursor) media_entries = pagination() # if no data is available, return NotFound if media_entries == None: return render_404(request) user_gallery_url = request.urlgen("mediagoblin.user_pages.user_gallery", user=user.username) return render_to_response( request, "mediagoblin/user_pages/user.html", {"user": user, "user_gallery_url": user_gallery_url, "media_entries": media_entries, "pagination": pagination}, )
def user_collection(request, page, url_user=None): """A User-defined Collection""" collection = Collection.query.filter_by( get_actor=url_user, slug=request.matchdict['collection']).first() if not collection: return render_404(request) cursor = collection.get_collection_items() pagination = Pagination(page, cursor) collection_items = pagination() # if no data is available, return NotFound # TODO: Should an empty collection really also return 404? if collection_items == None: return render_404(request) return render_to_response( request, 'mediagoblin/user_pages/collection.html', { 'user': url_user, 'collection': collection, 'collection_items': collection_items, 'pagination': pagination })
def activity_view(request): """ /<username>/activity/<id> - Display activity This should display a HTML presentation of the activity this is NOT an API endpoint. """ # Get the user object. username = request.matchdict["username"] user = LocalUser.query.filter_by(username=username).first() activity_id = request.matchdict["id"] if request.user is None: return render_404(request) activity = Activity.query.filter_by( id=activity_id, author=user.id ).first() # There isn't many places to check that the public_id is filled so this # will do, it really should be, lets try and fix that if it isn't. activity.get_public_id(request.urlgen) if activity is None: return render_404(request) return render_to_response( request, "mediagoblin/api/activity.html", {"activity": activity} )
def wrapper(request, *args, **kwargs): try: page = int(request.GET.get('page', 1)) if page < 0: return render_404(request) except ValueError: return render_404(request) return controller(request, page=page, *args, **kwargs)
def media_confirm_delete(request): allowed_state = [u'failed', u'processed'] media = None for media_state in allowed_state: media = request.db.MediaEntry.query.filter_by(id=request.matchdict['media_id'], state=media_state).first() if media: break if not media: return render_404(request) given_username = request.matchdict.get('user') if given_username and (given_username != media.get_uploader.username): return render_404(request) uploader_id = media.uploader if not (request.user.is_admin or request.user.id == uploader_id): raise Forbidden() form = user_forms.ConfirmDeleteForm(request.form) if request.method == 'POST' and form.validate(): if form.confirm.data is True: username = media.get_uploader.username # Delete MediaEntry and all related files, comments etc. media.delete() messages.add_message( request, messages.SUCCESS, _('You deleted the media.')) location = media.url_to_next(request.urlgen) if not location: location=media.url_to_prev(request.urlgen) if not location: location=request.urlgen("mediagoblin.user_pages.user_home", user=username) return redirect(request, location=location) else: messages.add_message( request, messages.ERROR, _("The media was not deleted because you didn't check that you were sure.")) return redirect_obj(request, media) if ((request.user.is_admin and request.user.id != media.uploader)): messages.add_message( request, messages.WARNING, _("You are about to delete another user's media. " "Proceed with caution.")) return render_to_response( request, 'mediagoblin/user_pages/media_confirm_delete.html', {'media': media, 'form': form})
def wrapper(request, *args, **kwargs): media = MediaEntry.query.filter_by(id=request.matchdict["media_id"], state=u"processed").first() # Still no media? Okay, 404. if not media: return render_404(request) given_username = request.matchdict.get("user") if given_username and (given_username != media.get_uploader.username): return render_404(request) return controller(request, media=media, *args, **kwargs)
def wrapper(request, *args, **kwargs): media = MediaEntry.query.filter_by(id=request.matchdict['media_id'], state=u'processed').first() # Still no media? Okay, 404. if not media: return render_404(request) given_username = request.matchdict.get('user') if given_username and (given_username != media.get_uploader.username): return render_404(request) return controller(request, media=media, *args, **kwargs)
def wrapper(request, *args, **kwargs): user = request.db.User.find_one({"username": request.matchdict["user"]}) if not user: return render_404(request) collection = request.db.Collection.find_one({"slug": request.matchdict["collection"], "creator": user.id}) # Still no collection? Okay, 404. if not collection: return render_404(request) return controller(request, collection=collection, *args, **kwargs)
def wrapper(request, *args, **kwargs): try: media = request.db.MediaEntry.find_one( {'_id': ObjectId(request.matchdict['media']), 'state': u'processed'}) except InvalidId: return render_404(request) # Still no media? Okay, 404. if not media: return render_404(request) return controller(request, media=media, *args, **kwargs)
def wrapper(request, *args, **kwargs): user = request.db.User.find_one({"username": request.matchdict["user"]}) if not user: return render_404(request) collection_item = request.db.CollectionItem.find_one({"id": request.matchdict["collection_item"]}) # Still no collection item? Okay, 404. if not collection_item: return render_404(request) return controller(request, collection_item=collection_item, *args, **kwargs)
def verify_forgot_password(request): """ Check the forgot-password verification and possibly let the user change their password because of it. """ # get form data variables, and specifically check for presence of token formdata = _process_for_token(request) if not formdata['has_userid_and_token']: return render_404(request) formdata_token = formdata['vars']['token'] formdata_userid = formdata['vars']['userid'] formdata_vars = formdata['vars'] # check if it's a valid Id try: user = request.db.User.find_one( {'_id': ObjectId(unicode(formdata_userid))}) except InvalidId: return render_404(request) # check if we have a real user and correct token if ((user and user.fp_verification_key and user.fp_verification_key == unicode(formdata_token) and datetime.datetime.now() < user.fp_token_expire and user.email_verified and user.status == 'active')): cp_form = auth_forms.ChangePassForm(formdata_vars) if request.method == 'POST' and cp_form.validate(): user.pw_hash = auth_lib.bcrypt_gen_password_hash( request.form['password']) user.fp_verification_key = None user.fp_token_expire = None user.save() messages.add_message( request, messages.INFO, _("You can now log in using your new password.")) return redirect(request, 'mediagoblin.auth.login') else: return render_to_response( request, 'mediagoblin/auth/change_fp.html', {'cp_form': cp_form}) # in case there is a valid id but no user whit that id in the db # or the token expired else: return render_404(request)
def wrapper(request, *args, **kwargs): user = request.db.User.query.filter_by( username=request.matchdict['user']).first() if not user: return render_404(request) collection_item = request.db.CollectionItem.query.filter_by( id=request.matchdict['collection_item']).first() # Still no collection item? Okay, 404. if not collection_item: return render_404(request) return controller(request, collection_item=collection_item, *args, **kwargs)
def wrapper(request, *args, **kwargs): user = request.db.User.query.filter_by( username=request.matchdict['user']).first() if not user: return render_404(request) collection = request.db.Collection.query.filter_by( slug=request.matchdict['collection'], creator=user.id).first() # Still no collection? Okay, 404. if not collection: return render_404(request) return controller(request, collection=collection, *args, **kwargs)
def verify_email(request): """ Email verification view for changing email address """ # If no token, we can't do anything if not "token" in request.GET: return render_404(request) # Catch error if token is faked or expired token = None try: token = get_timed_signer_url("mail_verification_token").loads(request.GET["token"], max_age=10 * 24 * 3600) except BadSignature: messages.add_message(request, messages.ERROR, _("The verification key or user id is incorrect.")) return redirect(request, "index") user = User.query.filter_by(id=int(token["user"])).first() if user: user.email = token["email"] user.save() messages.add_message(request, messages.SUCCESS, _("Your email address has been verified.")) else: messages.add_message(request, messages.ERROR, _("The verification key or user id is incorrect.")) return redirect(request, "mediagoblin.user_pages.user_home", user=user.username)
def verify_email(request): """ Email verification view validates GET parameters against database and unlocks the user account, if you are lucky :) """ # If we don't have userid and token parameters, we can't do anything; 404 if not 'userid' in request.GET or not 'token' in request.GET: return render_404(request) user = request.db.User.find_one( {'_id': ObjectId(unicode(request.GET['userid']))}) if user and user.verification_key == unicode(request.GET['token']): user.status = u'active' user.email_verified = True user.verification_key = None user.save() messages.add_message( request, messages.SUCCESS, _("Your email address has been verified. " "You may now login, edit your profile, and submit images!")) else: messages.add_message( request, messages.ERROR, _('The verification key or user id is incorrect')) return redirect( request, 'mediagoblin.user_pages.user_home', user=user.username)
def user_gallery(request, page, url_user=None): """'Gallery' of a User()""" tag = request.matchdict.get('tag', None) cursor = MediaEntry.query.filter_by( uploader=url_user.id, state=u'processed').order_by(MediaEntry.created.desc()) # Filter potentially by tag too: if tag: cursor = cursor.filter( MediaEntry.tags_helper.any( MediaTag.slug == request.matchdict['tag'])) # Paginate gallery pagination = Pagination(page, cursor) media_entries = pagination() #if no data is available, return NotFound # TODO: Should we really also return 404 for empty galleries? if media_entries == None: return render_404(request) return render_to_response( request, 'mediagoblin/user_pages/gallery.html', {'user': url_user, 'tag': tag, 'media_entries': media_entries, 'pagination': pagination})
def atom_feed(request): """ generates the atom feed with the newest images """ user = User.query.filter_by( username = request.matchdict['user']).first() if not user or not user.has_privilege(u'active'): return render_404(request) cursor = MediaEntry.query.filter_by( uploader = user.id, state = u'processed').\ order_by(MediaEntry.created.desc()).\ limit(ATOM_DEFAULT_NR_OF_UPDATED_ITEMS) """ ATOM feed id is a tag URI (see http://en.wikipedia.org/wiki/Tag_URI) """ atomlinks = [{ 'href': request.urlgen( 'mediagoblin.user_pages.user_home', qualified=True, user=request.matchdict['user']), 'rel': 'alternate', 'type': 'text/html' }] if mg_globals.app_config["push_urls"]: for push_url in mg_globals.app_config["push_urls"]: atomlinks.append({ 'rel': 'hub', 'href': push_url}) feed = AtomFeed( "MediaGoblin: Feed for user '%s'" % request.matchdict['user'], feed_url=request.url, id='tag:{host},{year}:gallery.user-{user}'.format( host=request.host, year=datetime.datetime.today().strftime('%Y'), user=request.matchdict['user']), links=atomlinks) for entry in cursor: feed.add(entry.get('title'), entry.description_html, id=entry.url_for_self(request.urlgen, qualified=True), content_type='html', author={ 'name': entry.get_uploader.username, 'uri': request.urlgen( 'mediagoblin.user_pages.user_home', qualified=True, user=entry.get_uploader.username)}, updated=entry.get('created'), links=[{ 'href': entry.url_for_self( request.urlgen, qualified=True), 'rel': 'alternate', 'type': 'text/html'}]) return feed.get_response()
def user_gallery(request, page, url_user=None): """'Gallery' of a LocalUser()""" tag = request.matchdict.get('tag', None) cursor = MediaEntry.query.filter_by(actor=url_user.id, state='processed').order_by( MediaEntry.created.desc()) # Filter potentially by tag too: if tag: cursor = cursor.filter( MediaEntry.tags_helper.any( MediaTag.slug == request.matchdict['tag'])) # Paginate gallery pagination = Pagination(page, cursor) media_entries = pagination() #if no data is available, return NotFound # TODO: Should we really also return 404 for empty galleries? if media_entries == None: return render_404(request) return render_to_response( request, 'mediagoblin/user_pages/gallery.html', { 'user': url_user, 'tag': tag, 'media_entries': media_entries, 'pagination': pagination })
def wrapper(request, *args, **kwargs): user = LocalUser.query.filter_by( username=request.matchdict['user']).first() if user is None: return render_404(request) return controller(request, *args, url_user=user, **kwargs)
def wrapper(request, *args, **kwargs): user = request.db.User.find_one( {'username': request.matchdict['user']}) if not user: return render_404(request) collection = request.db.Collection.find_one( {'slug': request.matchdict['collection'], 'creator': user._id}) # Still no collection? Okay, 404. if not collection: return render_404(request) return controller(request, collection=collection, *args, **kwargs)
def file_a_report(request, media, comment): """ This view handles the filing of a Report. """ if comment is not None: if not comment.target().id == media.id: return render_404(request) form = user_forms.CommentReportForm(request.form) context = {'media': comment.target(), 'comment': comment, 'form': form} else: form = user_forms.MediaReportForm(request.form) context = {'media': media, 'form': form} form.reporter_id.data = request.user.id if request.method == "POST": report_object = build_report_object(form, media_entry=media, comment=comment) # if the object was built successfully, report_table will not be None if report_object: report_object.save() return redirect(request, 'index') return render_to_response(request, 'mediagoblin/user_pages/report.html', context)
def edit_metadata(request, media): # If media is not processed, return NotFound. if not media.state == 'processed': return render_404(request) form = forms.EditMetaDataForm(request.method == 'POST' and request.form or None) if request.method == "POST" and form.validate(): metadata_dict = { row['identifier']: row['value'] for row in form.media_metadata.data } json_ld_metadata = None json_ld_metadata = compact_and_validate(metadata_dict) media.media_metadata = json_ld_metadata media.save() return redirect_obj(request, media) if len(form.media_metadata) == 0: for identifier, value in media.media_metadata.items(): if identifier == "@context": continue form.media_metadata.append_entry({ 'identifier': identifier, 'value': value }) return render_to_response(request, 'mediagoblin/edit/metadata.html', { 'form': form, 'media': media })
def atom_feed(request): """ generates the atom feed with the newest images """ user = LocalUser.query.filter_by( username=request.matchdict['user']).first() if not user or not user.has_privilege('active'): return render_404(request) feed_title = "MediaGoblin Feed for user '%s'" % request.matchdict['user'] link = request.urlgen('mediagoblin.user_pages.user_home', qualified=True, user=request.matchdict['user']) cursor = MediaEntry.query.filter_by(actor=user.id, state='processed') cursor = cursor.order_by(MediaEntry.created.desc()) cursor = cursor.limit(ATOM_DEFAULT_NR_OF_UPDATED_ITEMS) """ ATOM feed id is a tag URI (see http://en.wikipedia.org/wiki/Tag_URI) """ atomlinks = [] if mg_globals.app_config["push_urls"]: for push_url in mg_globals.app_config["push_urls"]: atomlinks.append({'rel': 'hub', 'href': push_url}) feed = AtomFeedWithLinks( title=feed_title, link=link, description='', id='tag:{host},{year}:gallery.user-{user}'.format( host=request.host, year=datetime.datetime.today().strftime('%Y'), user=request.matchdict['user']), feed_url=request.url, links=atomlinks, ) for entry in cursor: # Include a thumbnail image in content. file_urls = get_media_file_paths(entry.media_files, request.urlgen) if 'thumb' in file_urls: content = '<img src="{thumb}" alt=' ' /> {desc}'.format( thumb=file_urls['thumb'], desc=entry.description_html) else: content = entry.description_html feed.add_item( title=entry.get('title'), link=entry.url_for_self(request.urlgen, qualified=True), description=content, unique_id=entry.url_for_self(request.urlgen, qualified=True), author_name=entry.get_actor.username, author_link=request.urlgen('mediagoblin.user_pages.user_home', qualified=True, user=entry.get_actor.username), updateddate=entry.get('created'), ) response = Response(feed.writeString(encoding='utf-8'), mimetype='application/atom+xml') return response
def wrapper(request, *args, **kwargs): media = MediaEntry.query.filter_by( id=request.matchdict['media'], state=u'processed').first() # Still no media? Okay, 404. if not media: return render_404(request) return controller(request, media=media, *args, **kwargs)
def atom_feed(request): """ generates the atom feed with the newest images """ user = User.query.filter_by(username=request.matchdict["user"], status=u"active").first() if not user: return render_404(request) cursor = ( MediaEntry.query.filter_by(uploader=user.id, state=u"processed") .order_by(MediaEntry.created.desc()) .limit(ATOM_DEFAULT_NR_OF_UPDATED_ITEMS) ) """ ATOM feed id is a tag URI (see http://en.wikipedia.org/wiki/Tag_URI) """ atomlinks = [ { "href": request.urlgen("mediagoblin.user_pages.user_home", qualified=True, user=request.matchdict["user"]), "rel": "alternate", "type": "text/html", } ] if mg_globals.app_config["push_urls"]: for push_url in mg_globals.app_config["push_urls"]: atomlinks.append({"rel": "hub", "href": push_url}) feed = AtomFeed( "MediaGoblin: Feed for user '%s'" % request.matchdict["user"], feed_url=request.url, id="tag:{host},{year}:gallery.user-{user}".format( host=request.host, year=datetime.datetime.today().strftime("%Y"), user=request.matchdict["user"] ), links=atomlinks, ) for entry in cursor: feed.add( entry.get("title"), entry.description_html, id=entry.url_for_self(request.urlgen, qualified=True), content_type="html", author={ "name": entry.get_uploader.username, "uri": request.urlgen( "mediagoblin.user_pages.user_home", qualified=True, user=entry.get_uploader.username ), }, updated=entry.get("created"), links=[ {"href": entry.url_for_self(request.urlgen, qualified=True), "rel": "alternate", "type": "text/html"} ], ) return feed.get_response()
def media_preview_comment(request): """Runs a comment through markdown so it can be previewed.""" # If this isn't an ajax request, render_404 if not request.is_xhr: return render_404(request) comment = unicode(request.form["comment_content"]) cleancomment = {"content": cleaned_markdown_conversion(comment)} return Response(json.dumps(cleancomment))
def media_preview_comment(request): """Runs a comment through markdown so it can be previewed.""" # If this isn't an ajax request, render_404 if not request.is_xhr: return render_404(request) comment = str(request.form['comment_content']) cleancomment = {"content": cleaned_markdown_conversion(comment)} return Response(json.dumps(cleancomment))
def wrapper(request, *args, **kwargs): if 'comment' in request.matchdict: comment = MediaComment.query.filter_by( id=request.matchdict['comment']).first() if comment is None: return render_404(request) return controller(request, comment=comment, *args, **kwargs) else: return controller(request, comment=None, *args, **kwargs)
def wrapper(request, *args, **kwargs): if 'comment' in request.matchdict: comment = Comment.query.filter_by( id=request.matchdict['comment']).first() if comment is None: return render_404(request) return controller(request, comment=comment, *args, **kwargs) else: return controller(request, comment=None, *args, **kwargs)
def blog_delete(request, **kwargs): """ Deletes a blog and media entries, tags associated with it. """ url_user = request.matchdict.get('user') owner_user = request.db.LocalUser.query.filter( LocalUser.username==url_user ).first() blog_slug = request.matchdict.get('blog_slug', None) blog = get_blog_by_slug(request, blog_slug, author=owner_user.id) if not blog: return render_404(request) form = blog_forms.ConfirmDeleteForm(request.form) if request.user.id == blog.author or request.user.has_privilege(u'admin'): if request.method == 'POST' and form.validate(): if form.confirm.data is True: blog.delete() messages.add_message( request, messages.SUCCESS, _('You deleted the Blog.')) return redirect(request, "mediagoblin.media_types.blog.blog_admin_dashboard", user=request.user.username) else: messages.add_message( request, messages.ERROR, _("The media was not deleted because you didn't check " "that you were sure.")) return redirect(request, "mediagoblin.media_types.blog.blog_admin_dashboard", user=request.user.username) else: if request.user.has_privilege(u'admin'): messages.add_message( request, messages.WARNING, _("You are about to delete another user's Blog. " "Proceed with caution.")) return render_to_response( request, 'mediagoblin/blog/blog_confirm_delete.html', {'blog':blog, 'form':form }) else: messages.add_message( request, messages.ERROR, _("The blog was not deleted because you have no rights.")) return redirect(request, "mediagoblin.media_types.blog.blog_admin_dashboard", user=request.user.username)
def processing_panel(request): """ Show to the user what media is still in conversion/processing... and what failed, and why! """ # Get the user user = request.db.User.find_one( {'username': request.matchdict['user'], 'status': u'active'}) # Make sure the user exists and is active if not user: return render_404(request) elif user.status != u'active': return render_to_response( request, 'mediagoblin/user_pages/user.html', {'user': user}) # XXX: Should this be a decorator? # # Make sure we have permission to access this user's panel. Only # admins and this user herself should be able to do so. if not (user._id == request.user._id or request.user.is_admin): # No? Let's simply redirect to this user's homepage then. return redirect( request, 'mediagoblin.user_pages.user_home', user=request.matchdict['user']) # Get media entries which are in-processing processing_entries = request.db.MediaEntry.find( {'uploader': user._id, 'state': u'processing'}).sort('created', DESCENDING) # Get media entries which have failed to process failed_entries = request.db.MediaEntry.find( {'uploader': user._id, 'state': u'failed'}).sort('created', DESCENDING) processed_entries = request.db.MediaEntry.find( {'uploader': user._id, 'state': u'processed'}).sort('created', DESCENDING).limit(10) # Render to response return render_to_response( request, 'mediagoblin/user_pages/processing_panel.html', {'user': user, 'processing_entries': processing_entries, 'failed_entries': failed_entries, 'processed_entries': processed_entries})
def wrapper(request, *args, **kwargs): user = request.db.User.find_one( {'username': request.matchdict['user']}) if not user: return render_404(request) media = request.db.MediaEntry.find_one( {'slug': request.matchdict['media'], 'state': u'processed', 'uploader': user.id}) # no media via slug? Grab it via object id if not media: media = MediaEntry.query.filter_by( id=request.matchdict['media'], state=u'processed', uploader=user.id).first() # Still no media? Okay, 404. if not media: return render_404(request) return controller(request, media=media, *args, **kwargs)
def blog_delete(request, **kwargs): """ Deletes a blog and media entries, tags associated with it. """ url_user = request.matchdict.get('user') owner_user = request.db.LocalUser.query.filter( LocalUser.username == url_user).first() blog_slug = request.matchdict.get('blog_slug', None) blog = get_blog_by_slug(request, blog_slug, author=owner_user.id) if not blog: return render_404(request) form = blog_forms.ConfirmDeleteForm(request.form) if request.user.id == blog.author or request.user.has_privilege(u'admin'): if request.method == 'POST' and form.validate(): if form.confirm.data is True: blog.delete() messages.add_message(request, messages.SUCCESS, _('You deleted the Blog.')) return redirect( request, "mediagoblin.media_types.blog.blog_admin_dashboard", user=request.user.username) else: messages.add_message( request, messages.ERROR, _("The media was not deleted because you didn't check " "that you were sure.")) return redirect( request, "mediagoblin.media_types.blog.blog_admin_dashboard", user=request.user.username) else: if request.user.has_privilege(u'admin'): messages.add_message( request, messages.WARNING, _("You are about to delete another user's Blog. " "Proceed with caution.")) return render_to_response( request, 'mediagoblin/blog/blog_confirm_delete.html', { 'blog': blog, 'form': form }) else: messages.add_message( request, messages.ERROR, _("The blog was not deleted because you have no rights.")) return redirect(request, "mediagoblin.media_types.blog.blog_admin_dashboard", user=request.user.username)
def verify_email(request): """ Email verification view validates GET parameters against database and unlocks the user account, if you are lucky :) """ # If we don't have userid and token parameters, we can't do anything; 404 if not 'token' in request.GET: return render_404(request) # Catch error if token is faked or expired try: token = get_timed_signer_url("mail_verification_token") \ .loads(request.GET['token'], max_age=10*24*3600) except BadSignature: messages.add_message( request, messages.ERROR, _('The verification key or user id is incorrect.')) return redirect( request, 'index') user = User.query.filter_by(id=int(token)).first() if user and user.has_privilege(u'active') is False: user.verification_key = None user.all_privileges.append( Privilege.query.filter( Privilege.privilege_name==u'active').first()) user.save() messages.add_message( request, messages.SUCCESS, _("Your email address has been verified. " "You may now login, edit your profile, and submit images!")) else: messages.add_message( request, messages.ERROR, _('The verification key or user id is incorrect')) return redirect( request, 'mediagoblin.user_pages.user_home', user=user.username)
def edit_media(request, media): # If media is not processed, return NotFound. if not media.state == 'processed': return render_404(request) if not may_edit_media(request, media): raise Forbidden("User may not edit this media") defaults = dict(title=media.title, slug=media.slug, description=media.description, tags=media_tags_as_string(media.tags), license=media.license) form = forms.EditForm(request.method == 'POST' and request.form or None, **defaults) if request.method == 'POST' and form.validate(): # Make sure there isn't already a MediaEntry with such a slug # and userid. slug = slugify(form.slug.data) slug_used = check_media_slug_used(media.actor, slug, media.id) if slug_used: form.slug.errors.append( _('An entry with that slug already exists for this user.')) else: media.title = form.title.data media.description = form.description.data media.tags = convert_to_tag_list_of_dicts(form.tags.data) media.license = str(form.license.data) or None media.slug = slug media.save() return redirect_obj(request, media) if request.user.has_privilege('admin') \ and media.actor != request.user.id \ and request.method != 'POST': messages.add_message( request, messages.WARNING, _("You are editing another user's media. Proceed with caution.")) return render_to_response(request, 'mediagoblin/edit/edit.html', { 'media': media, 'form': form })
def draft_view(request): blog_slug = request.matchdict.get('blog_slug', None) blog_post_slug = request.matchdict.get('blog_post_slug', None) user = request.matchdict.get('user') blog = get_blog_by_slug(request, blog_slug, author=request.user.id) blogpost = request.db.MediaEntry.query.filter_by( state=u'failed', actor=request.user.id, slug=blog_post_slug).first() if not blog or not blogpost: return render_404(request) return render_to_response(request, 'mediagoblin/blog/blogpost_draft_view.html', { 'blogpost': blogpost, 'blog': blog })
def blog_post_listing(request): blog_owner = request.matchdict.get('user') blog_slug = request.matchdict.get('blog_slug', None) owner_user = User.query.filter_by(username=blog_owner).one() blog = request.db.Blog.query.filter_by(author=request.user.id, slug=blog_slug).first() if not owner_user or not blog: return render_404(request) all_blog_posts = get_all_blogposts_of_blog(request, blog, u'processed') return render_to_response(request, 'mediagoblin/blog/blog_post_listing.html', { 'blog_posts': all_blog_posts, 'blog_owner': blog_owner })
def blogpost_create(request): form = blog_forms.BlogPostEditForm(request.form, license=request.user.license_preference) if request.method == 'POST' and form.validate(): blog_slug = request.matchdict.get('blog_slug') blog = request.db.Blog.query.filter_by(slug=blog_slug, author=request.user.id).first() if not blog: return render_404(request) blogpost = request.db.MediaEntry() blogpost.media_type = 'mediagoblin.media_types.blogpost' blogpost.title = unicode(form.title.data) blogpost.description = unicode( cleaned_markdown_conversion((form.description.data))) blogpost.tags = convert_to_tag_list_of_dicts(form.tags.data) blogpost.license = unicode(form.license.data) or None blogpost.uploader = request.user.id blogpost.generate_slug() set_blogpost_state(request, blogpost) blogpost.save() # connect this blogpost to its blog blog_post_data = request.db.BlogPostData() blog_post_data.blog = blog.id blog_post_data.media_entry = blogpost.id blog_post_data.save() add_message(request, SUCCESS, _('Woohoo! Submitted!')) add_comment_subscription(request.user, blogpost) return redirect(request, "mediagoblin.media_types.blog.blog-dashboard", user=request.user.username, blog_slug=blog.slug) return render_to_response( request, 'mediagoblin/blog/blog_post_edit_create.html', { 'form': form, 'app_config': mg_globals.app_config, 'user': request.user.username })
def blogpost_edit(request): blog_slug = request.matchdict.get('blog_slug', None) blog_post_slug = request.matchdict.get('blog_post_slug', None) blogpost = request.db.MediaEntry.query.filter_by( slug=blog_post_slug, uploader=request.user.id).first() blog = get_blog_by_slug(request, blog_slug, author=request.user.id) if not blogpost or not blog: return render_404(request) defaults = dict(title=blogpost.title, description=cleaned_markdown_conversion( blogpost.description), tags=media_tags_as_string(blogpost.tags), license=blogpost.license) form = blog_forms.BlogPostEditForm(request.form, **defaults) if request.method == 'POST' and form.validate(): blogpost.title = six.text_type(form.title.data) blogpost.description = six.text_type( cleaned_markdown_conversion((form.description.data))) blogpost.tags = convert_to_tag_list_of_dicts(form.tags.data) blogpost.license = six.text_type(form.license.data) set_blogpost_state(request, blogpost) blogpost.generate_slug() blogpost.save() add_message(request, SUCCESS, _('Woohoo! edited blogpost is submitted')) return redirect(request, "mediagoblin.media_types.blog.blog-dashboard", user=request.user.username, blog_slug=blog.slug) return render_to_response( request, 'mediagoblin/blog/blog_post_edit_create.html', { 'form': form, 'app_config': mg_globals.app_config, 'user': request.user.username, 'blog_post_slug': blog_post_slug })
def verify_email(request): """ Email verification view validates GET parameters against database and unlocks the user account, if you are lucky :) """ # If we don't have userid and token parameters, we can't do anything; 404 if not 'token' in request.GET: return render_404(request) # Catch error if token is faked or expired try: token = get_timed_signer_url("mail_verification_token") \ .loads(request.GET['token'], max_age=10*24*3600) except BadSignature: messages.add_message( request, messages.ERROR, _('The verification key or user id is incorrect.')) return redirect(request, 'index') user = User.query.filter_by(id=int(token)).first() if user and user.has_privilege(u'active') is False: user.verification_key = None user.all_privileges.append( Privilege.query.filter( Privilege.privilege_name == u'active').first()) user.save() messages.add_message( request, messages.SUCCESS, _("Your email address has been verified. " "You may now login, edit your profile, and submit images!")) else: messages.add_message(request, messages.ERROR, _('The verification key or user id is incorrect')) return redirect(request, 'mediagoblin.user_pages.user_home', user=user.username)
def verify_email(request): """ Email verification view for changing email address """ # If no token, we can't do anything if not 'token' in request.GET: return render_404(request) # Catch error if token is faked or expired token = None try: token = get_timed_signer_url("mail_verification_token") \ .loads(request.GET['token'], max_age=10*24*3600) except BadSignature: messages.add_message( request, messages.ERROR, _('The verification key or user id is incorrect.')) return redirect( request, 'index') user = User.query.filter_by(id=int(token['user'])).first() if user: user.email = token['email'] user.save() messages.add_message( request, messages.SUCCESS, _('Your email address has been verified.')) else: messages.add_message( request, messages.ERROR, _('The verification key or user id is incorrect.')) return redirect( request, 'mediagoblin.user_pages.user_home', user=user.username)
def blog_about_view(request): """ Page containing blog description and statistics """ blog_slug = request.matchdict.get('blog_slug', None) url_user = request.matchdict.get('user', None) user = request.db.User.query.filter_by(username=url_user).first() blog = get_blog_by_slug(request, blog_slug, author=user.id) if not user or not blog: return render_404(request) else: blog_posts_processed = blog.get_all_blog_posts(u'processed').count() return render_to_response(request, 'mediagoblin/blog/blog_about.html', { 'user': user, 'blog': blog, 'blogpost_count': blog_posts_processed })
def blog_dashboard(request, page, url_user=None): """ Dashboard for a blog, only accessible to the owner of the blog. """ blog_slug = request.matchdict.get('blog_slug', None) blogs = request.db.Blog.query.filter_by(author=url_user.id) config = pluginapi.get_config('mediagoblin.media_types.blog') max_blog_count = config['max_blog_count'] if request.user and (request.user.id == url_user.id or request.user.has_privilege(u'admin')): if blog_slug: blog = get_blog_by_slug(request, blog_slug) if not blog: return render_404(request) else: blog_posts_list = blog.get_all_blog_posts().order_by( MediaEntry.created.desc()) pagination = Pagination(page, blog_posts_list) pagination.per_page = 15 blog_posts_on_a_page = pagination() if may_edit_blogpost(request, blog): return render_to_response( request, 'mediagoblin/blog/blog_admin_dashboard.html', { 'blog_posts_list': blog_posts_on_a_page, 'blog_slug': blog_slug, 'blog': blog, 'user': url_user, 'pagination': pagination }) if not request.user or request.user.id != url_user.id or not blog_slug: blogs = blogs.all() return render_to_response(request, 'mediagoblin/blog/list_of_blogs.html', { 'blogs': blogs, 'user': url_user, 'max_blog_count': max_blog_count })
def blog_post_listing(request, page, url_user=None): """ Page, listing all the blog posts of a particular blog. """ blog_slug = request.matchdict['blog_slug'] blog = get_blog_by_slug(request, blog_slug, author=url_user.id) if not blog: return render_404(request) all_blog_posts = blog.get_all_blog_posts(u'processed').order_by( MediaEntry.created.desc()) pagination = Pagination(page, all_blog_posts) pagination.per_page = 8 blog_posts_on_a_page = pagination() return render_to_response( request, 'mediagoblin/blog/blog_post_listing.html', { 'blog_posts': blog_posts_on_a_page, 'pagination': pagination, 'blog_owner': url_user, 'blog': blog })
def blog_dashboard(request): url_user = request.matchdict.get('user') blog_posts_list = [] blog_slug = request.matchdict.get('blog_slug', None) _log.info(blog_slug) blog = request.db.Blog.query.filter_by(slug=blog_slug).first() if not blog: return render_404(request) blog_posts_list = get_all_blogposts_of_blog(request, blog) blog_post_count = blog_posts_list.count() if may_edit_blogpost(request, blog): return render_to_response( request, 'mediagoblin/blog/blog_admin_dashboard.html', { 'blog_posts_list': blog_posts_list, 'blog_slug': blog_slug, 'blog': blog, 'blog_post_count': blog_post_count })