def admin_articles_mod(req, id):
check_login(req)
match_right(req, module_rights)
article = Article(id)
if not article.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
if (not do_check_right(req, right_editor)
and article.author_id != req.login.id):
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
Codebook = build_class('tags')
pager = Pager(order='value', limit=-1)
tags = Codebook.list(req, Codebook, pager)
if req.method == 'POST':
article.bind(req.form)
error = article.mod(req)
if error != article:
return generate_page(req, "admin/articles_mod.html",
article=article, error=error)
if not article.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
return generate_page(req, "admin/articles_mod.html", article=article,
token=create_token(req), tags=tags)
def admin_articles(req):
check_login(req)
match_right(req, module_rights)
show = req.args.getfirst('show', '', uni)
pager = Pager(sort='desc')
pager.bind(req.args)
kwargs = {}
if show == 'ready':
pager.set_params(show=show)
kwargs['state'] = 2
kwargs['public_date'] = 0
elif show == 'drafts':
pager.set_params(show=show)
kwargs['state'] = 1
else:
show = None
if not do_check_right(req, right_editor):
kwargs['author_id'] = req.login.id
items = Article.list(req, pager, **kwargs)
return generate_page(req, "admin/articles.html", pager=pager, items=items,
show=show)
def admin_pages_mod(req, id):
"""Edit page could:
* author of page, if still have pages_author right
* admin with pages_modify right
* admin with pages_listall right and right which must have page too
"""
check_login(req)
match_right(req, module_rights)
token = do_create_token(req, '/admin/pages/%d' % id)
page = Page(id)
if (not do_check_right(req, 'pages_modify')) \
and (not page.check_right(req)):
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
if req.method == 'POST':
check_token(req, req.form.get('token'))
page.bind(req.form)
error = page.mod(req)
if error:
return generate_page(req, "admin/pages_mod.html", token=token,
page=page, rights=rights, error=error,
extra_rights=req.cfg.pages_extra_rights)
# endif
if not page.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
return generate_page(req, "admin/pages_mod.html", token=token,
page=page, rights=rights,
extra_rights=req.cfg.pages_extra_rights)
def admin_options_edit(req, section, option):
check_login(req)
check_right(req, module_right)
if section == 'morias' and option == 'debug':
req.status = state.HTTP_BAD_REQUEST
req.content_type = 'application/json'
return json.dumps({'reason': 'denied_option'})
value = req.form.getfirst('value', None, nuni)
if value is None:
req.status = state.HTTP_BAD_REQUEST
req.content_type = 'application/json'
return json.dumps({'reason': 'value_is_none'})
item = Option(section, option)
item.value = value
error = item.set(req)
if error != item:
req.status = state.HTTP_BAD_REQUEST
req.content_type = 'application/json'
return json.dumps({'reason': option_errors[error]})
req.content_type = 'application/json'
return json.dumps({'value': value})
def admin_pages_regenerate_all(req):
check_login(req, '/log_in?referer=/admin/pages')
check_right(req, 'pages_modify')
Page.regenerate_all(req)
# TODO: redirect to same page
redirect(req, '/admin/pages?error=%d' % SUCCESS)
def admin_pages_del(req, pid):
check_login(req, '/log_in?referer=/admin/jopbs')
check_right(req, 'super')
check_referer(req, '/admin/jobs')
job = Job(pid=pid)
job.delete(req)
redirect(req, '/admin/jobs')
def admin_jobs(req):
check_login(req)
check_right(req, 'super')
pager = Pager()
pager.bind(req.args)
rows = Job.list(req, pager)
return generate_page(req, "admin/jobs.html", pager=pager, rows=rows)
def articles_remove_tag(req, id, tag_id):
check_login(req)
match_right(req, module_rights)
check_token(req, req.form.get('token'), uri='/admin/articles/%d' % id)
article = Article(id)
article.remove_tag(req, tag_id)
req.content_type = 'application/json'
return '{}'
def admin_menu(req):
check_login(req)
check_right(req, module_right)
pager = Pager(limit=-1)
items = MenuItem.list(req, pager)
return generate_page(
req, "admin/page_menu.html", token=do_create_token(req, "/admin/menu"), pager=pager, items=items
)
def attachments_detach(req, object_type, object_id, path, webid):
check_login(req)
match_right(req, [R_ADMIN, 'attachments_author'])
check_origin(req)
attachment = Attachment(Attachment.web_to_id(webid))
attachment.detach(req, object_type, object_id)
if attachment.delete(req) is None:
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
return js_items(req, object_type=object_type, object_id=object_id)
def admin_redirects_delete(req, id):
check_login(req)
check_right(req, module_right)
check_token(req, req.args.get('token'), uri='/admin/redirects')
item = Redirect(id)
if not item.delete(req):
req.status = state.HTTP_NOT_FOUND
return send_json(req, {})
def articles_append_tag(req, id, tag_id):
check_login(req)
match_right(req, module_rights)
check_token(req, req.form.get('token'), uri='/admin/articles/%d' % id)
article = Article(id)
if not article.append_tag(req, tag_id):
return send_json(req, {'reason': 'integrity_error'})
req.content_type = 'application/json'
return '{}'
def admin_attachments_images_thumb_check(req):
check_login(req)
match_right(req, [R_ADMIN, 'attachments_modify'])
check_referer(req, '/admin/attachments')
job = Job(path=req.uri)
req.content_type = 'application/json'
if job.get(req):
req.status = state.HTTP_CREATED
return json.dumps(job.data)
return '{}' # job not found, so it could be run again
def admin_menu_delete(req, id):
check_login(req)
check_right(req, module_right)
check_token(req, req.args.get("token"))
item = MenuItem(id)
if item.delete(req):
return js_items(req)
req.status = state.HTTP_BAD_REQUEST
req.content_type = "application/json"
return json.dumps({"reason": "integrity_error"})
def admin_attachments_images_thumb(req):
check_login(req)
match_right(req, [R_ADMIN, 'attachments_modify'])
check_origin(req)
# job must be singleton
pid, status = run_job(req, req.uri, thumb_images, True)
req.content_type = 'application/json'
if not status:
req.status = state.HTTP_NOT_ACCEPTABLE
return '{}'
req.status = state.HTTP_CREATED
return json.dumps({'pid': pid})
def admin_attachments_add_update(req, id=None):
check_login(req)
match_right(req, [R_ADMIN, 'attachments_author'])
check_origin(req)
attachment = Attachment()
attachment.bind(req.form, req.login.id)
status = attachment.add(req)
if not status == attachment:
req.status = state.HTTP_BAD_REQUEST
req.content_type = 'application/json'
return json.dumps({'reason': Attachment.error(status)})
req.content_type = 'application/json'
return json.dumps({'attachment': attachment.dumps()})
def admin_pages(req):
check_login(req)
match_right(req, module_rights)
error = req.args.getfirst('error', 0, int)
pager = Pager()
pager.bind(req.args)
if not do_match_right(req, ('pages_modify', 'pages_listall')):
rows = Page.list(req, pager, author_id=req.login.id)
else:
rows = Page.list(req, pager)
return generate_page(req, "admin/pages.html",
token=do_create_token(req, '/admin/pages'),
pager=pager, rows=rows, error=error)
def admin_redirects(req):
check_login(req)
check_right(req, module_right)
search = req.args.getfirst('search', fce=nuni)
pager = Pager(order='value')
pager.bind(req.args)
if search:
pager.set_params(search=search)
items = Redirect.list(req, pager, search=search)
return generate_page(req, "admin/redirects.html",
token=create_token(req),
pager=pager, items=items, search=search)
def admin_redirects_add_update(req, id=None):
check_login(req)
check_right(req, module_right)
check_token(req, req.form.get('token'), uri='/admin/redirects')
item = Redirect(id)
item.bind(req.form)
rv = item.mod(req) if id else item.add(req)
if isinstance(rv, Redirect):
return send_json(req, {})
req.status = state.HTTP_BAD_REQUEST
if isinstance(rv, ErrorValue):
return send_json(req, rv, cls=ObjectEncoder)
return send_json(req, {'reason': 'src_exist'})
def admin_menu_to(req, id):
check_login(req)
check_right(req, module_right)
check_token(req, req.form.get("token"))
item = MenuItem(id)
if req.uri.endswith("to_child"):
status = item.to_child(req)
else:
status = item.to_parent(req)
if status:
return js_items(req)
req.status = state.HTTP_BAD_REQUEST
req.content_type = "application/json"
return json.dumps({"reason": "not_possible"})
def admin_pages_del(req, id):
""" Delete page, could:
* author of page if have still pages_author right
* admin with pages_modify
"""
check_login(req, '/log_in?referer=/admin/pages')
match_right(req, ('pages_author', 'pages_modify'))
check_token(req, req.form.get('token'))
page = Page(id)
if not page.check_right(req):
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
page.delete(req)
# TODO: redirect to same page
redirect(req, '/admin/pages?error=%d' % SUCCESS)
def admin_articles_add(req):
check_login(req)
match_right(req, module_rights)
article = Article()
if req.method == 'POST':
article.bind(req.form, req.login.id)
error = article.add(req)
if error:
return generate_page(req, "admin/articles_mod.html",
article=article, error=error)
redirect(req, '/admin/articles/%d' % article.id)
# end
article.state = 2 if do_check_right(req, right_editor) else 1
return generate_page(req, "admin/articles_mod.html", article=article)
def admin_articles_enable(req, id):
check_login(req, '/log_in?referer=/admin/articles')
match_right(req, module_rights)
check_referer(req, '/admin/articles')
article = Article(id)
if not article.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
if (not do_check_right(req, right_editor)) \
and (not (article.author_id == req.login.id
and article.public_date.year == 1970)):
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
n_state = int(req.uri.endswith('/enable'))
n_state = (n_state * 2) if article.public_date.year > 1970 else n_state
article.set_state(req, n_state)
redirect(req, '/admin/articles')
def admin_menu_add_update(req, id=None):
check_login(req)
check_right(req, module_right)
check_token(req, req.form.get("token"))
item = MenuItem(id)
item.bind(req.form)
if not item.title:
req.status = state.HTTP_BAD_REQUEST
req.content_type = "application/json"
return json.dumps({"reason": "empty_title"})
status = item.mod(req) if id else item.add(req)
if status:
return js_items(req)
req.status = state.HTTP_BAD_REQUEST
req.content_type = "application/json"
return json.dumps({"reason": "title_exist"})
def admin_attachments(req):
check_login(req)
check_right(req, R_ADMIN)
pager = Pager(order='timestamp', sort='desc')
pager.bind(req.args)
kwargs = {}
if 'obty' in req.args:
kwargs['object_type'] = req.args.getfirst('obty', fce=uni) or None
pager.set_params(obty=kwargs['object_type'])
if 'obid' in req.args:
kwargs['object_id'] = req.args.getfirst('obid', fce=int)
pager.set_params(obid=kwargs['object_id'])
rows = Attachment.list(req, pager, **kwargs)
return generate_page(req, "admin/attachments.html",
pager=pager, rows=rows)
def admin_pagse_add(req):
check_login(req)
match_right(req, ('pages_author', 'pages_modify'))
token = do_create_token(req, '/admin/pages/add')
if req.method == 'POST':
check_token(req, req.form.get('token'))
page = Page()
page.bind(req.form, req.login.id)
error = page.add(req)
if error:
return generate_page(req, "admin/pages_mod.html", token=token,
rights=rights, page=page, error=error)
redirect(req, '/admin/pages/%d' % page.id)
# end
return generate_page(req, "admin/pages_mod.html", token=token,
rights=rights)
def admin_options(req):
check_login(req)
check_right(req, module_right)
section = req.args.getfirst('section', '', uni)
module = req.args.getfirst('module', '', uni)
kwargs = {}
if section != 'all':
kwargs['section'] = section
if module != 'all':
kwargs['module'] = module
pager = Pager()
pager.bind(req.args)
options = Option.list(req, pager, **kwargs)
for option in options:
option.defaults_json = json.dumps(list(option.defaults))
return generate_page(req, "admin/options.html", pager=pager,
options=options, sections=Option.sections_list(req),
modules=Option.modules_list(req), section=section,
module=module)
def admin_pages_rst(req):
check_login(req)
match_right(req, module_rights)
return check_rst(req)
def articles_tags(req, id):
check_login(req)
match_right(req, module_rights)
return send_json(req, {'tags': Article.tags(req, id)}, cls=ObjectEncoder)
def attachments_view_not(req, object_type, object_id):
check_login(req)
match_right(req, [R_ADMIN, 'attachments_author'])
check_origin(req)
return js_items(req, object_type=object_type, object_id=object_id,
NOT=True)