def get(self, user_id):
# Session request handler
current_session = Session(self)
JINJA_ENVIRONMENT.globals['session'] = current_session
# Language request handler
Language.language(self)
# Retrieved user_id to integer
user_id = int(user_id)
# Retrieve user data
user = database.UserManager.select_by_id(user_id)
# Check if user can see the profile photo
if user.photo is not None:
profilePhoto = database.PhotosManager.get_photo_by_id(int(user.photo))
if current_session.get_id() is None:
profilePhotoAllowed = False
else:
requestUser = database.UserManager.select_by_id(current_session.get_id())
if security.PhotoSecurity.user_is_allowed_to_watch_photo(profilePhoto, requestUser):
profilePhotoAllowed = True
else:
profilePhotoAllowed = False
else:
profilePhotoAllowed = False
# Prompt page
template = JINJA_ENVIRONMENT.get_template('static/templates/profile.html')
self.response.write(template.render(user=user, profilePhotoAllowed=profilePhotoAllowed))
def get(self, option):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template('static/templates/api.json')
self.response.headers['Content-Type'] = 'application/json'
if option == "list":
# List all accesible photos
photos = database.PhotosManager.retrieveAllPhotos()
if current_session.get_id() is None:
user = None
else:
user = database.UserManager.select_by_id(current_session.get_id())
data = '{"photos":['
isAnyPhotoAllowed = False
for photo in photos:
if security.PhotoSecurity.user_is_allowed_to_watch_photo(photo, user): # Check user has permission to retrieve
isAnyPhotoAllowed = True
id = photo.key.id()
username = photo.owner.get().name
date = photo.date
name = photo.name
data += '{"photo_id": ' + str(id) + ', "username": "******", "date": "' + str(
date) + '", "name": "' + name + '"},'
if isAnyPhotoAllowed:
data = data[:-1]
data += ']}'
result = "OK"
else:
# Print method not allowed
data = '{"error": "Method not allowed"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def get(self, option):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template("static/templates/api.json")
self.response.headers["Content-Type"] = "application/json"
if option == "list":
# List all accesible photos
photos = database.PhotosManager.retrieveAllPhotos()
if current_session.get_id() is None:
user = None
else:
user = database.UserManager.select_by_id(current_session.get_id())
data = '{"photos":['
isAnyPhotoAllowed = False
for photo in photos:
if security.PhotoSecurity.user_is_allowed_to_watch_photo(
photo, user
): # Check user has permission to retrieve
isAnyPhotoAllowed = True
id = photo.key.id()
username = photo.owner.get().name
date = photo.date
name = photo.name
data += (
'{"photo_id": '
+ str(id)
+ ', "username": "******", "date": "'
+ str(date)
+ '", "name": "'
+ name
+ '"},'
)
if isAnyPhotoAllowed:
data = data[:-1]
data += "]}"
result = "OK"
else:
# Print method not allowed
data = '{"error": "Method not allowed"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def get(self):
# Session request handler
current_session = Session(self)
JINJA_ENVIRONMENT.globals['session'] = current_session
# Language request handler
Language.language(self)
# Check if user is already logged in
if current_session.get_id() is not None:
self.redirect("/")
return None
template = JINJA_ENVIRONMENT.get_template('static/templates/register.html')
self.response.write(template.render())
def get(self, photo_id):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template("static/templates/api.json")
# Retrieve photo url for photo_id
photo = database.PhotosManager.get_photo_by_id(int(photo_id))
if current_session.get_id() is None:
user = None
else:
user = database.UserManager.select_by_id(current_session.get_id())
if not photo:
self.response.write("No photo")
elif not blobstore_2.get(photo.image):
self.response.write("No blob")
else:
# Check visualization permissions to current user
if security.PhotoSecurity.user_is_allowed_to_watch_photo(photo, user):
self.send_blob(photo.image)
else:
self.error(404)
def get(self, photo_id):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template('static/templates/api.json')
# Retrieve photo url for photo_id
photo = database.PhotosManager.get_photo_by_id(int(photo_id))
if current_session.get_id() is None:
user = None
else:
user = database.UserManager.select_by_id(current_session.get_id())
if not photo:
self.response.write("No photo")
elif not blobstore_2.get(photo.image):
self.response.write("No blob")
else:
# Check visualization permissions to current user
if security.PhotoSecurity.user_is_allowed_to_watch_photo(photo, user):
self.send_blob(photo.image)
else:
self.error(404)
def get(self):
# Session request handler
current_session = Session(self)
JINJA_ENVIRONMENT.globals['session'] = current_session
# Language request handler
Language.language(self)
# Check if user has session started
if current_session.get_id() is None:
self.redirect("/")
# Logout user
current_session.logout(self)
# Prompt logout page
JINJA_ENVIRONMENT.globals['session'] = current_session
template = JINJA_ENVIRONMENT.get_template('static/templates/logout.html')
self.response.write(template.render())
def post(self):
# Session request handler
current_session = Session(self)
JINJA_ENVIRONMENT.globals['session'] = current_session
# Language request handler
Language.language(self)
# Check if user is already logged in
if current_session.get_id() is not None:
self.redirect("/")
# Language task
Language.language(self)
# Load form
template = JINJA_ENVIRONMENT.get_template('static/templates/login.html')
# Check user and password
submitted_username = cgi.escape(self.request.get("username"))
submitted_password = hashlib.sha1(cgi.escape(self.request.get("password"))).hexdigest()
user = database.UserManager.select_by_username(submitted_username)
# Check user exists
if user is not None:
# Check if user account is blocked or not
if user.attempts < 3:
# Check if user and password matches
if submitted_username == user.name and submitted_password == user.password:
# Session initialization
current_session.set(self, user.key.id())
# Login attempts to zero
database.UserManager.modify_user(user.key, attempts=0)
# Redirection to initial page
self.redirect("/")
else:
# Add an attempt to user login
database.UserManager.modify_user(user.key, attempts=user.attempts+1)
self.response.write(template.render(error=_("InvalidUsernameOrPassword")))
else:
self.response.write(template.render(error=_("AccountBlocked")))
else:
self.response.write(template.render(error=_("InvalidUsernameOrPassword")))
def get(self, user_id, option):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template("static/templates/api.json")
self.response.headers["Content-Type"] = "application/json"
user_id = int(user_id)
# If user is not admin and not himself, not allow to query anything
if current_session.get_role_level() < 3 and current_session.get_id() != user_id:
role_level = str(current_session.get_role_level())
data = '{"error": "Permission denied' + role_level + '"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
return None
# Check if user exists
user = database.UserManager.select_by_id(int(user_id))
# If user not exists
if user is None:
data = '{"error": "User not exists."}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
return None
# Options
if option == "activateAccountByAdmin":
# Only admin is allowed to change permissions
if current_session.get_role_level() < 3:
data = '{"error": "You cannot change your permission level."}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
return None
# If user has not his account activated, admin cannot active it
if user.role_level != 1:
data = '{"error": "User has not his account activated yet."}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
return None
# Activate account by admin
database.UserManager.modify_user(user.key, role_level=2)
data = '{"message": "Account activated by admin."}'
result = "OK"
elif option == "deactivateAccountByAdmin":
# Only admin is allowed to change permissions
if current_session.get_role_level() < 3:
data = '{"error": "You cannot change your permission level."}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
return None
# If user has not his account activated, admin cannot active it
if user.role_level != 2:
data = '{"error": "User account can not deactivated."}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
return None
# Activate account by admin
database.UserManager.modify_user(user.key, role_level=1)
data = '{"message": "Account deactivated by admin."}'
result = "OK"
elif option == "blockAccount":
# Only admin is allowed to block account
if current_session.get_role_level() < 3:
data = '{"error": "You cannot change your block status."}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
return None
# No anyone is allowed to block an admin
if user.role_level == 3:
data = '{"error": "You cannot block an admin account."}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
return None
database.UserManager.modify_user(user.key, attempts=3) # Account is blocked with 3 attempts
data = '{"message": "Account blocked by admin."}'
result = "OK"
elif option == "unblockAccount":
# Only admin is allowed to unblock account
if current_session.get_role_level() < 3:
data = '{"error": "You cannot change your permission level."}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
return None
database.UserManager.modify_user(user.key, attempts=0) # Account is unblocked with 0 attempts
data = '{"message": "Account unblock by admin."}'
result = "OK"
elif option == "profileChangeRequest":
# Only user himself is allowed to change profile
if current_session.get_id() == user_id:
token = database.TokenManager.create_token(user.key)
email_handler.Email.send_change_profile(user.name, token.id(), user.email)
data = '{"message": "Change profile email send"}'
result = "OK"
else:
data = '{"error": "Method not allowed"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def post(self, user_id, option):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template("static/templates/api.json")
self.response.headers["Content-Type"] = "application/json"
# Check if request is done by admin or himself
user_id = int(user_id)
if current_session.get_role_level() < 3 and current_session.get_id() != user_id:
role_level = str(current_session.get_role_level())
data = '{"error": "Permission denied"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
return None
# Check if user exists
user = database.UserManager.select_by_id(int(user_id))
# If user not exists
if user is None:
data = '{"error": "User not exists."}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
return None
# Options
if option == "changeUserData": # update email and user
email = self.request.get("email", None)
username = self.request.get("username", None)
background = self.request.get("background", None)
photo_id = self.request.get("photo", None)
if email is not None:
userbyemail = database.UserManager.select_by_email(email)
if userbyemail is None:
database.UserManager.modify_user(user.key, email=email)
else:
data = '{"error": "Field exists", "field": "email"}'
result = "FAIL"
self.response.write(
template.render(feature="user", data=data, query=self.request.url, result=result)
)
if username is not None:
userbyname = database.UserManager.select_by_username(username)
if userbyname is None:
database.UserManager.modify_user(user.key, username=username)
else:
data = '{"error": "Field exists", "field": "username"}'
result = "FAIL"
self.response.write(
template.render(feature="user", data=data, query=self.request.url, result=result)
)
if background is not None:
# Check if photo exists
background_photo = database.PhotosManager.get_photo_by_id(int(background))
if background_photo is not None:
# Change user background image
database.UserManager.modify_user(user.key, background=background_photo.key.id())
else:
data = '{"error": "Field not exists", "field": "background"}'
result = "FAIL"
self.response.write(
template.render(feature="user", data=data, query=self.request.url, result=result)
)
if photo_id is not None:
# Check if photo exists
photo = database.PhotosManager.get_photo_by_id(int(photo_id))
if photo is not None:
# Change user background image
database.UserManager.modify_user(user.key, photo=photo.key.id())
else:
data = '{"error": "Field not exists", "field": "background"}'
result = "FAIL"
self.response.write(
template.render(feature="user", data=data, query=self.request.url, result=result)
)
data = '{"message": "User updated"}'
result = "OK"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def post(self):
# Session request handler
current_session = Session(self)
JINJA_ENVIRONMENT.globals['session'] = current_session
# Language request handler
Language.language(self)
# Check if user is already logged in
if current_session.get_id() is not None:
self.redirect("/")
return None
# Retrieve request data
username = cgi.escape(self.request.get('username'))
password1 = cgi.escape(self.request.get('password1'))
password2 = cgi.escape(self.request.get('password2'))
email = cgi.escape(self.request.get('email'))
# Load success and fail templates
register_template = JINJA_ENVIRONMENT.get_template('static/templates/register.html')
registered_template = JINJA_ENVIRONMENT.get_template('static/templates/registered.html')
# Check email is well formed
if not re.match(r"[^@]+@[^@]+\.[^@]+", email):
self.response.write(register_template.render(error=_("BadEmail.")))
return None
# Check passwords min size is 6
if len(password1) < 6:
self.response.write(register_template.render(error=_("PasswordMinLengthNotReached.")))
return None
# Check passwords match
if password1 != password2:
self.response.write(register_template.render(error=_("PasswordMissmatch")))
return None
# Username not empty
if len(username) < 1:
self.response.write(register_template.render(error=_("EmptyUsername.")))
return None
# Check user exists
user = database.UserManager.select_by_username(username)
if user is not None:
self.response.write(register_template.render(error=_("UsernameExists")))
return None
# Check email exists
user = database.UserManager.select_by_email(email)
if user is not None:
self.response.write(register_template.render(error=_("EmailExists")))
return None
# Save new user in DB
user_key = database.UserManager.create(username, password1, email)
if user_key:
# Create activation token
token_key = database.TokenManager.create_token(user_key)
# Send activation email
email_handler.Email.send_activation(username, str(token_key.id()), email)
# Autologin new user
current_session.set(self, user_key.id())
JINJA_ENVIRONMENT.globals['session'] = current_session
self.response.write(registered_template.render(username=username))
else:
self.response.write(register_template.render(error=_("DatabaseError")))
return None
def get(self, photo_id):
# Session request handler
current_session = Session(self)
JINJA_ENVIRONMENT.globals['session'] = current_session
# Language request handler
Language.language(self)
# Load jinja template
template = JINJA_ENVIRONMENT.get_template('static/templates/photo.html')
# Check permission
photo = database.PhotosManager.get_photo_by_id(int(photo_id))
if current_session.get_id() is None:
request_user = None
else:
request_user = database.UserManager.select_by_id(current_session.get_id())
if not security.PhotoSecurity.user_is_allowed_to_watch_photo(photo, request_user):
self.redirect("/")
# Get photo info to display
user = photo.owner.get()
privacy = photo.privacy
date = photo.date
# Check if user can edit photo attributes
edition_permission = (current_session.get_role_level() is 3) or (photo.owner == current_session.get_user_key())
# Get user allowed to watch photo
if privacy == 1:
allowed_users = database.PhotoUserPermissionManager.get_allowed_users_by_photo(photo)
else:
allowed_users = None
# Count photo visited by user
if current_session.get_id() is None:
database.PhotoViewManager.newView(photo, None)
else:
database.PhotoViewManager.newView(photo, current_session.user)
# Photo visualization count
photo_views = database.PhotoViewManager.select_users_by_photo(photo)
views_counter = {}
for photo_view in photo_views:
if photo_view.user is None:
if "Anonymous" in views_counter:
views_counter["Anonymous"]['count'] += 1
else:
views_counter["Anonymous"] = {'count':1,
'name':"Anonymous",
'id': None}
else:
photo_view_user = photo_view.user
if photo_view_user.get().name in views_counter:
views_counter[photo_view_user.get().name]['count'] += 1
else:
views_counter[photo_view_user.get().name] = {'count':1,
'name':photo_view_user.get().name,
'id': photo_view_user.id()}
# Response page
self.response.write(template.render(
photo_id=photo_id,
owner=user,
name=photo.name,
edition_permission= edition_permission,
date= date,
privacy=privacy,
views=views_counter,
every_user_list=database.UserManager.select(),
allowed_users=allowed_users
))
def get(self, user_id, option):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template('static/templates/api.json')
self.response.headers['Content-Type'] = 'application/json'
user_id = int(user_id)
# If user is not admin and not himself, not allow to query anything
if current_session.get_role_level() < 3 and current_session.get_id() != user_id:
role_level = str(current_session.get_role_level())
data = '{"error": "Permission denied' + role_level + '"}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# Check if user exists
user = database.UserManager.select_by_id(int(user_id))
# If user not exists
if user is None:
data = '{"error": "User not exists."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# Options
if option == "activateAccountByAdmin":
# Only admin is allowed to change permissions
if current_session.get_role_level() < 3:
data = '{"error": "You cannot change your permission level."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# If user has not his account activated, admin cannot active it
if user.role_level != 1:
data = '{"error": "User has not his account activated yet."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# Activate account by admin
database.UserManager.modify_user(user.key, role_level=2)
data = '{"message": "Account activated by admin."}'
result = "OK"
elif option == "deactivateAccountByAdmin":
# Only admin is allowed to change permissions
if current_session.get_role_level() < 3:
data = '{"error": "You cannot change your permission level."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# If user has not his account activated, admin cannot active it
if user.role_level != 2:
data = '{"error": "User account can not deactivated."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# Activate account by admin
database.UserManager.modify_user(user.key, role_level=1)
data = '{"message": "Account deactivated by admin."}'
result = "OK"
elif option == "blockAccount":
# Only admin is allowed to block account
if current_session.get_role_level() < 3:
data = '{"error": "You cannot change your block status."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# No anyone is allowed to block an admin
if user.role_level == 3:
data = '{"error": "You cannot block an admin account."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
database.UserManager.modify_user(user.key, attempts=3) # Account is blocked with 3 attempts
data = '{"message": "Account blocked by admin."}'
result = "OK"
elif option == "unblockAccount":
# Only admin is allowed to unblock account
if current_session.get_role_level() < 3:
data = '{"error": "You cannot change your permission level."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
database.UserManager.modify_user(user.key, attempts=0) # Account is unblocked with 0 attempts
data = '{"message": "Account unblock by admin."}'
result = "OK"
elif option == "profileChangeRequest":
# Only user himself is allowed to change profile
if current_session.get_id() == user_id:
token = database.TokenManager.create_token(user.key)
email_handler.Email.send_change_profile(user.name, token.id(), user.email)
data = '{"message": "Change profile email send"}'
result = "OK"
else:
data = '{"error": "Method not allowed"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def post(self, user_id, option):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template('static/templates/api.json')
self.response.headers['Content-Type'] = 'application/json'
# Check if request is done by admin or himself
user_id = int(user_id)
if current_session.get_role_level() < 3 and current_session.get_id() != user_id:
role_level = str(current_session.get_role_level())
data = '{"error": "Permission denied"}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# Check if user exists
user = database.UserManager.select_by_id(int(user_id))
# If user not exists
if user is None:
data = '{"error": "User not exists."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# Options
if option == "changeUserData": # update email and user
email = self.request.get("email", None)
username = self.request.get("username", None)
background = self.request.get("background", None)
photo_id = self.request.get("photo", None)
if email is not None:
userbyemail = database.UserManager.select_by_email(email)
if userbyemail is None:
database.UserManager.modify_user(user.key, email=email)
else:
data = '{"error": "Field exists", "field": "email"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
if username is not None:
userbyname = database.UserManager.select_by_username(username)
if userbyname is None:
database.UserManager.modify_user(user.key, username=username)
else:
data = '{"error": "Field exists", "field": "username"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
if background is not None:
# Check if photo exists
background_photo = database.PhotosManager.get_photo_by_id(int(background))
if background_photo is not None:
# Change user background image
database.UserManager.modify_user(user.key, background=background_photo.key.id())
else:
data = '{"error": "Field not exists", "field": "background"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
if photo_id is not None:
# Check if photo exists
photo = database.PhotosManager.get_photo_by_id(int(photo_id))
if photo is not None:
# Change user background image
database.UserManager.modify_user(user.key, photo=photo.key.id())
else:
data = '{"error": "Field not exists", "field": "background"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
data = '{"message": "User updated"}'
result = "OK"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
