Python match_right Examples

Example #1

File: articles.py Project: ondratu/morias

def admin_articles(req):
    check_login(req)
    match_right(req, module_rights)

    show = req.args.getfirst('show', '', uni)

    pager = Pager(sort='desc')
    pager.bind(req.args)

    kwargs = {}

    if show == 'ready':
        pager.set_params(show=show)
        kwargs['state'] = 2
        kwargs['public_date'] = 0
    elif show == 'drafts':
        pager.set_params(show=show)
        kwargs['state'] = 1
    else:
        show = None

    if not do_check_right(req, right_editor):
        kwargs['author_id'] = req.login.id

    items = Article.list(req, pager, **kwargs)
    return generate_page(req, "admin/articles.html", pager=pager, items=items,
                         show=show)

Example #2

File: page_file.py Project: ondratu/morias

def admin_pages_mod(req, id):
    """Edit page could:

    * author of page, if still have pages_author right
    * admin with pages_modify right
    * admin with pages_listall right and right which must have page too
    """
    check_login(req)
    match_right(req, module_rights)
    token = do_create_token(req, '/admin/pages/%d' % id)

    page = Page(id)
    if (not do_check_right(req, 'pages_modify')) \
            and (not page.check_right(req)):
        raise SERVER_RETURN(state.HTTP_FORBIDDEN)

    if req.method == 'POST':
        check_token(req, req.form.get('token'))
        page.bind(req.form)
        error = page.mod(req)
        if error:
            return generate_page(req, "admin/pages_mod.html", token=token,
                                 page=page, rights=rights, error=error,
                                 extra_rights=req.cfg.pages_extra_rights)
    # endif
    if not page.get(req):
        raise SERVER_RETURN(state.HTTP_NOT_FOUND)
    return generate_page(req, "admin/pages_mod.html", token=token,
                         page=page, rights=rights,
                         extra_rights=req.cfg.pages_extra_rights)

Example #3

File: articles.py Project: ondratu/morias

def admin_articles_mod(req, id):
    check_login(req)
    match_right(req, module_rights)

    article = Article(id)
    if not article.get(req):
        raise SERVER_RETURN(state.HTTP_NOT_FOUND)
    if (not do_check_right(req, right_editor)
            and article.author_id != req.login.id):
        raise SERVER_RETURN(state.HTTP_FORBIDDEN)

    Codebook = build_class('tags')
    pager = Pager(order='value', limit=-1)
    tags = Codebook.list(req, Codebook, pager)

    if req.method == 'POST':
        article.bind(req.form)
        error = article.mod(req)
        if error != article:
            return generate_page(req, "admin/articles_mod.html",
                                 article=article, error=error)

        if not article.get(req):
            raise SERVER_RETURN(state.HTTP_NOT_FOUND)

    return generate_page(req, "admin/articles_mod.html", article=article,
                         token=create_token(req), tags=tags)

Example #4

File: articles.py Project: ondratu/morias

def articles_remove_tag(req, id, tag_id):
    check_login(req)
    match_right(req, module_rights)
    check_token(req, req.form.get('token'), uri='/admin/articles/%d' % id)

    article = Article(id)
    article.remove_tag(req, tag_id)
    req.content_type = 'application/json'
    return '{}'

Example #5

File: attachments.py Project: ondratu/morias

def attachments_detach(req, object_type, object_id, path, webid):
    check_login(req)
    match_right(req, [R_ADMIN, 'attachments_author'])
    check_origin(req)
    attachment = Attachment(Attachment.web_to_id(webid))
    attachment.detach(req, object_type, object_id)
    if attachment.delete(req) is None:
        raise SERVER_RETURN(state.HTTP_NOT_FOUND)

    return js_items(req, object_type=object_type, object_id=object_id)

Example #6

File: attachments.py Project: ondratu/morias

def admin_attachments_images_thumb_check(req):
    check_login(req)
    match_right(req, [R_ADMIN, 'attachments_modify'])
    check_referer(req, '/admin/attachments')

    job = Job(path=req.uri)
    req.content_type = 'application/json'
    if job.get(req):
        req.status = state.HTTP_CREATED
        return json.dumps(job.data)
    return '{}'     # job not found, so it could be run again

Example #7

File: articles.py Project: ondratu/morias

def articles_append_tag(req, id, tag_id):
    check_login(req)
    match_right(req, module_rights)
    check_token(req, req.form.get('token'), uri='/admin/articles/%d' % id)

    article = Article(id)

    if not article.append_tag(req, tag_id):
        return send_json(req, {'reason': 'integrity_error'})
    req.content_type = 'application/json'
    return '{}'

Example #8

File: attachments.py Project: ondratu/morias

def admin_attachments_images_thumb(req):
    check_login(req)
    match_right(req, [R_ADMIN, 'attachments_modify'])
    check_origin(req)

    # job must be singleton
    pid, status = run_job(req, req.uri, thumb_images, True)
    req.content_type = 'application/json'
    if not status:
        req.status = state.HTTP_NOT_ACCEPTABLE
        return '{}'

    req.status = state.HTTP_CREATED
    return json.dumps({'pid': pid})

Example #9

File: attachments.py Project: ondratu/morias

def admin_attachments_add_update(req, id=None):
    check_login(req)
    match_right(req, [R_ADMIN, 'attachments_author'])
    check_origin(req)

    attachment = Attachment()
    attachment.bind(req.form, req.login.id)
    status = attachment.add(req)
    if not status == attachment:
        req.status = state.HTTP_BAD_REQUEST
        req.content_type = 'application/json'
        return json.dumps({'reason': Attachment.error(status)})

    req.content_type = 'application/json'
    return json.dumps({'attachment': attachment.dumps()})

Example #10

File: page_file.py Project: ondratu/morias

def admin_pages(req):
    check_login(req)
    match_right(req, module_rights)

    error = req.args.getfirst('error', 0, int)

    pager = Pager()
    pager.bind(req.args)

    if not do_match_right(req, ('pages_modify', 'pages_listall')):
        rows = Page.list(req, pager, author_id=req.login.id)
    else:
        rows = Page.list(req, pager)
    return generate_page(req, "admin/pages.html",
                         token=do_create_token(req, '/admin/pages'),
                         pager=pager, rows=rows, error=error)

Example #11

File: page_file.py Project: ondratu/morias

def admin_pages_del(req, id):
    """ Delete page, could:
            * author of page if have still pages_author right
            * admin with pages_modify
    """

    check_login(req, '/log_in?referer=/admin/pages')
    match_right(req, ('pages_author', 'pages_modify'))
    check_token(req, req.form.get('token'))

    page = Page(id)
    if not page.check_right(req):
        raise SERVER_RETURN(state.HTTP_FORBIDDEN)

    page.delete(req)
    # TODO: redirect to same page
    redirect(req, '/admin/pages?error=%d' % SUCCESS)

Example #12

File: articles.py Project: ondratu/morias

def admin_articles_add(req):
    check_login(req)
    match_right(req, module_rights)

    article = Article()
    if req.method == 'POST':
        article.bind(req.form, req.login.id)
        error = article.add(req)

        if error:
            return generate_page(req, "admin/articles_mod.html",
                                 article=article, error=error)

        redirect(req, '/admin/articles/%d' % article.id)
    # end

    article.state = 2 if do_check_right(req, right_editor) else 1
    return generate_page(req, "admin/articles_mod.html", article=article)

Example #13

File: articles.py Project: ondratu/morias

def admin_articles_enable(req, id):
    check_login(req, '/log_in?referer=/admin/articles')
    match_right(req, module_rights)
    check_referer(req, '/admin/articles')

    article = Article(id)
    if not article.get(req):
        raise SERVER_RETURN(state.HTTP_NOT_FOUND)

    if (not do_check_right(req, right_editor)) \
            and (not (article.author_id == req.login.id
                 and article.public_date.year == 1970)):
        raise SERVER_RETURN(state.HTTP_FORBIDDEN)

    n_state = int(req.uri.endswith('/enable'))
    n_state = (n_state * 2) if article.public_date.year > 1970 else n_state
    article.set_state(req, n_state)

    redirect(req, '/admin/articles')

Example #14

File: page_file.py Project: ondratu/morias

def admin_pagse_add(req):
    check_login(req)
    match_right(req, ('pages_author', 'pages_modify'))
    token = do_create_token(req, '/admin/pages/add')

    if req.method == 'POST':
        check_token(req, req.form.get('token'))
        page = Page()
        page.bind(req.form, req.login.id)
        error = page.add(req)

        if error:
            return generate_page(req, "admin/pages_mod.html", token=token,
                                 rights=rights, page=page, error=error)

        redirect(req, '/admin/pages/%d' % page.id)
    # end

    return generate_page(req, "admin/pages_mod.html", token=token,
                         rights=rights)

Example #15

File: page_file.py Project: ondratu/morias

def admin_pages_rst(req):
    check_login(req)
    match_right(req, module_rights)
    return check_rst(req)

Example #16

File: articles.py Project: ondratu/morias

def articles_tags(req, id):
    check_login(req)
    match_right(req, module_rights)
    return send_json(req, {'tags': Article.tags(req, id)}, cls=ObjectEncoder)

Example #17

File: attachments.py Project: ondratu/morias

def attachments_view_not(req, object_type, object_id):
    check_login(req)
    match_right(req, [R_ADMIN, 'attachments_author'])
    check_origin(req)
    return js_items(req, object_type=object_type, object_id=object_id,
                    NOT=True)