def admin_articles(req): check_login(req) match_right(req, module_rights) show = req.args.getfirst('show', '', uni) pager = Pager(sort='desc') pager.bind(req.args) kwargs = {} if show == 'ready': pager.set_params(show=show) kwargs['state'] = 2 kwargs['public_date'] = 0 elif show == 'drafts': pager.set_params(show=show) kwargs['state'] = 1 else: show = None if not do_check_right(req, right_editor): kwargs['author_id'] = req.login.id items = Article.list(req, pager, **kwargs) return generate_page(req, "admin/articles.html", pager=pager, items=items, show=show)
def admin_pages_mod(req, id): """Edit page could: * author of page, if still have pages_author right * admin with pages_modify right * admin with pages_listall right and right which must have page too """ check_login(req) match_right(req, module_rights) token = do_create_token(req, '/admin/pages/%d' % id) page = Page(id) if (not do_check_right(req, 'pages_modify')) \ and (not page.check_right(req)): raise SERVER_RETURN(state.HTTP_FORBIDDEN) if req.method == 'POST': check_token(req, req.form.get('token')) page.bind(req.form) error = page.mod(req) if error: return generate_page(req, "admin/pages_mod.html", token=token, page=page, rights=rights, error=error, extra_rights=req.cfg.pages_extra_rights) # endif if not page.get(req): raise SERVER_RETURN(state.HTTP_NOT_FOUND) return generate_page(req, "admin/pages_mod.html", token=token, page=page, rights=rights, extra_rights=req.cfg.pages_extra_rights)
def admin_articles_mod(req, id): check_login(req) match_right(req, module_rights) article = Article(id) if not article.get(req): raise SERVER_RETURN(state.HTTP_NOT_FOUND) if (not do_check_right(req, right_editor) and article.author_id != req.login.id): raise SERVER_RETURN(state.HTTP_FORBIDDEN) Codebook = build_class('tags') pager = Pager(order='value', limit=-1) tags = Codebook.list(req, Codebook, pager) if req.method == 'POST': article.bind(req.form) error = article.mod(req) if error != article: return generate_page(req, "admin/articles_mod.html", article=article, error=error) if not article.get(req): raise SERVER_RETURN(state.HTTP_NOT_FOUND) return generate_page(req, "admin/articles_mod.html", article=article, token=create_token(req), tags=tags)
def check_right(self, req): """ check if any of login.rights metch any of page.rights """ m = driver(req) m.load_rights(self, req) if do_match_right(req, 'pages_modify'): return True # user is editor elif do_check_right(req, 'pages_author') \ and self.author_id == req.login.id: return True # user is author elif self.rights and do_match_right(req, self.rights): return True # user has special right which have page return False
def admin_articles_add(req): check_login(req) match_right(req, module_rights) article = Article() if req.method == 'POST': article.bind(req.form, req.login.id) error = article.add(req) if error: return generate_page(req, "admin/articles_mod.html", article=article, error=error) redirect(req, '/admin/articles/%d' % article.id) # end article.state = 2 if do_check_right(req, right_editor) else 1 return generate_page(req, "admin/articles_mod.html", article=article)
def admin_articles_enable(req, id): check_login(req, '/log_in?referer=/admin/articles') match_right(req, module_rights) check_referer(req, '/admin/articles') article = Article(id) if not article.get(req): raise SERVER_RETURN(state.HTTP_NOT_FOUND) if (not do_check_right(req, right_editor)) \ and (not (article.author_id == req.login.id and article.public_date.year == 1970)): raise SERVER_RETURN(state.HTTP_FORBIDDEN) n_state = int(req.uri.endswith('/enable')) n_state = (n_state * 2) if article.public_date.year > 1970 else n_state article.set_state(req, n_state) redirect(req, '/admin/articles')
def articles_detail(req, arg): id = arg if isinstance(arg, int) else None uri = arg if isinstance(arg, unicode) else None article = Article(id) article.uri = uri if uri and not article.get(req, key='uri'): raise SERVER_RETURN(state.HTTP_NOT_FOUND) if id and not article.get(req): raise SERVER_RETURN(state.HTTP_NOT_FOUND) if article.public_date.year == 1970: if req.login is None: raise SERVER_RETURN(state.HTTP_FORBIDDEN) if not do_match_right(req, module_rights): raise SERVER_RETURN(state.HTTP_FORBIDDEN) if (not do_check_right(req, right_editor) and article.author_id != req.login.id): raise SERVER_RETURN(state.HTTP_FORBIDDEN) return articles_detail_internal(req, article)