Example #1
0
def admin_articles(req):
    check_login(req)
    match_right(req, module_rights)

    show = req.args.getfirst('show', '', uni)

    pager = Pager(sort='desc')
    pager.bind(req.args)

    kwargs = {}

    if show == 'ready':
        pager.set_params(show=show)
        kwargs['state'] = 2
        kwargs['public_date'] = 0
    elif show == 'drafts':
        pager.set_params(show=show)
        kwargs['state'] = 1
    else:
        show = None

    if not do_check_right(req, right_editor):
        kwargs['author_id'] = req.login.id

    items = Article.list(req, pager, **kwargs)
    return generate_page(req, "admin/articles.html", pager=pager, items=items,
                         show=show)
Example #2
0
def admin_pages_mod(req, id):
    """Edit page could:

    * author of page, if still have pages_author right
    * admin with pages_modify right
    * admin with pages_listall right and right which must have page too
    """
    check_login(req)
    match_right(req, module_rights)
    token = do_create_token(req, '/admin/pages/%d' % id)

    page = Page(id)
    if (not do_check_right(req, 'pages_modify')) \
            and (not page.check_right(req)):
        raise SERVER_RETURN(state.HTTP_FORBIDDEN)

    if req.method == 'POST':
        check_token(req, req.form.get('token'))
        page.bind(req.form)
        error = page.mod(req)
        if error:
            return generate_page(req, "admin/pages_mod.html", token=token,
                                 page=page, rights=rights, error=error,
                                 extra_rights=req.cfg.pages_extra_rights)
    # endif
    if not page.get(req):
        raise SERVER_RETURN(state.HTTP_NOT_FOUND)
    return generate_page(req, "admin/pages_mod.html", token=token,
                         page=page, rights=rights,
                         extra_rights=req.cfg.pages_extra_rights)
Example #3
0
def admin_articles_mod(req, id):
    check_login(req)
    match_right(req, module_rights)

    article = Article(id)
    if not article.get(req):
        raise SERVER_RETURN(state.HTTP_NOT_FOUND)
    if (not do_check_right(req, right_editor)
            and article.author_id != req.login.id):
        raise SERVER_RETURN(state.HTTP_FORBIDDEN)

    Codebook = build_class('tags')
    pager = Pager(order='value', limit=-1)
    tags = Codebook.list(req, Codebook, pager)

    if req.method == 'POST':
        article.bind(req.form)
        error = article.mod(req)
        if error != article:
            return generate_page(req, "admin/articles_mod.html",
                                 article=article, error=error)

        if not article.get(req):
            raise SERVER_RETURN(state.HTTP_NOT_FOUND)

    return generate_page(req, "admin/articles_mod.html", article=article,
                         token=create_token(req), tags=tags)
Example #4
0
 def check_right(self, req):
     """ check if any of login.rights metch any of page.rights """
     m = driver(req)
     m.load_rights(self, req)
     if do_match_right(req, 'pages_modify'):
         return True     # user is editor
     elif do_check_right(req, 'pages_author') \
             and self.author_id == req.login.id:
         return True     # user is author
     elif self.rights and do_match_right(req, self.rights):
         return True     # user has special right which have page
     return False
Example #5
0
def admin_articles_add(req):
    check_login(req)
    match_right(req, module_rights)

    article = Article()
    if req.method == 'POST':
        article.bind(req.form, req.login.id)
        error = article.add(req)

        if error:
            return generate_page(req, "admin/articles_mod.html",
                                 article=article, error=error)

        redirect(req, '/admin/articles/%d' % article.id)
    # end

    article.state = 2 if do_check_right(req, right_editor) else 1
    return generate_page(req, "admin/articles_mod.html", article=article)
Example #6
0
def admin_articles_enable(req, id):
    check_login(req, '/log_in?referer=/admin/articles')
    match_right(req, module_rights)
    check_referer(req, '/admin/articles')

    article = Article(id)
    if not article.get(req):
        raise SERVER_RETURN(state.HTTP_NOT_FOUND)

    if (not do_check_right(req, right_editor)) \
            and (not (article.author_id == req.login.id
                 and article.public_date.year == 1970)):
        raise SERVER_RETURN(state.HTTP_FORBIDDEN)

    n_state = int(req.uri.endswith('/enable'))
    n_state = (n_state * 2) if article.public_date.year > 1970 else n_state
    article.set_state(req, n_state)

    redirect(req, '/admin/articles')
Example #7
0
def articles_detail(req, arg):
    id = arg if isinstance(arg, int) else None
    uri = arg if isinstance(arg, unicode) else None

    article = Article(id)
    article.uri = uri

    if uri and not article.get(req, key='uri'):
        raise SERVER_RETURN(state.HTTP_NOT_FOUND)
    if id and not article.get(req):
        raise SERVER_RETURN(state.HTTP_NOT_FOUND)

    if article.public_date.year == 1970:
        if req.login is None:
            raise SERVER_RETURN(state.HTTP_FORBIDDEN)
        if not do_match_right(req, module_rights):
            raise SERVER_RETURN(state.HTTP_FORBIDDEN)
        if (not do_check_right(req, right_editor)
                and article.author_id != req.login.id):
            raise SERVER_RETURN(state.HTTP_FORBIDDEN)

    return articles_detail_internal(req, article)