def _check_security(self): requirement = getattr(self, 'allow_only', None) if requirement is None: return True if hasattr(requirement, 'predicate'): # It is a full requirement, let it build the response requirement._check_authorization() return True # It is directly a predicate, build the response ourselves predicate = requirement try: predicate.check_authorization(tg.request.environ) except NotAuthorizedError as e: reason = unicode_text(e) if hasattr(self, '_failed_authorization'): # Should shortcircuit the rest, but if not we will still # deny authorization self._failed_authorization(reason) if not_anonymous().is_met(tg.request.environ): # The user is authenticated but not allowed. code = 403 status = 'error' else: # The user has not been not authenticated. code = 401 status = 'warning' tg.response.status = code flash(reason, status=status) abort(code, comment=reason)
def add_transaction(self, **values): values["validation_status"] = request.validation flash(values["validation_status"]) user = request.identity["user"] transaction = Transaction(user=user) transaction.amount = float(values["amount"]) transaction.date = RelativeDatetime.str2date(values["datetime"]) if values["foreign-currency-amount"]: transaction.foreignCurrencyAmount = float(values["foreign-currency-amount"]) transaction.foreignCurrency = "EUR" income_tags_names = Tag.get_names_from_str(values["income-tags"]) if income_tags_names: transaction.incomeTagGroup = Tag.new_from_name_list(income_tags_names) expense_tags_names = Tag.get_names_from_str(values["expense-tags"]) if expense_tags_names: transaction.expenseTagGroup = Tag.new_from_name_list(income_tags_names) db.add(transaction) db.flush() redirect("/transaction")
def default_denial_handler(self, reason): """Authorization denial handler for protectors.""" if response.status_int == 401: status = 'warning' else: # Status is a 403 status = 'error' flash(reason, status=status) abort(response.status_int, reason)
def default_denial_handler(self, reason): """Authorization denial handler for protectors.""" status = 'warning' if response.status_int == 401 else 'error' if not self.smart_denial: flash(reason, status=status) else: if response.content_type not in ['application/json', 'text/xml']: flash(reason, status=status) abort(response.status_int, reason)
def save(self, **kw): product = app_globals.shop.product.get(_id=kw.pop('product_id')) bucket = self.photos.get_bucket() kw['product_photos'] = bucket.photos product_info = dict(name=kw.pop('name'), description=kw.pop('description'), weight=kw.pop('weight'), categories_ids=kw.pop('categories_ids'), product_photos=kw.pop('product_photos')) del kw['photos'] app_globals.shop.product.edit(product, **product_info) app_globals.shop.product.edit_configuration(product, 0, **kw) flash(_('Product edited')) return redirect(plug_url('stroller2', '/manage/product/index'))
def create(self, **kw): user_id = tg.request.identity['user']._id new_address = app_model.UserAddress(user_id=user_id, shipping_address={ 'receiver': kw.get('receiver'), 'address': kw.get('address'), 'city': kw.get('city'), 'province': kw.get('province'), 'state': kw.get('state'), 'country': kw.get('country'), 'zip': kw.get('zip'), 'details': kw.get('details') }) image = app_model.AvatarImage(image=kw.get('image'), address_id=new_address._id) flash(_('User address created')) return redirect(plug_url('stroller2', '/manage/address/index'))
def default_denial_handler(self, reason): """Authorization denial handler for protectors.""" passthrough_abort = False if self.smart_denial: response_type = response.content_type or request.response_type if response_type in self.smart_denial: # It's an API response, use a pass-through abort passthrough_abort = True if response_type == 'application/json': passthrough_abort = 'json' if passthrough_abort is False: # Plain HTML page status = 'warning' if response.status_int == 401 else 'error' flash(reason, status=status) abort(response.status_int, reason, passthrough=passthrough_abort)
def save(self, **kw): app_model.UserAddress.query.update( {'_id': ObjectId(kw.get('address_id'))}, { '$set': { 'shipping_address': { 'receiver': kw.get('receiver'), 'address': kw.get('address'), 'city': kw.get('city'), 'province': kw.get('province'), 'state': kw.get('state'), 'country': kw.get('country'), 'zip': kw.get('zip'), 'details': kw.get('details') } } }) flash(_('Address updated succesfully')) return redirect(plug_url('stroller2', '/manage/address/index'))
def _check_security(self): predicate = getattr(self, 'allow_only', None) if predicate is None: return True try: predicate.check_authorization(request.environ) except NotAuthorizedError, e: reason = unicode(e) if hasattr(self, '_failed_authorization'): # Should shortcircuit the rest, but if not we will still # deny authorization self._failed_authorization(reason) if not_anonymous().is_met(request.environ): # The user is authenticated but not allowed. code = 403 status = 'error' else: # The user has not been not authenticated. code = 401 status = 'warning' pylons.response.status = code flash(reason, status=status) abort(code, comment=reason)
def _check_security(self): predicate = getattr(self, 'allow_only', None) if predicate is None: return True try: predicate.check_authorization(pylons.request.environ) except WhatNotAuthorizedError, e: reason = unicode(e) if hasattr(self, '_failed_authorization'): # Should shortcircut the rest, but if not we will still # deny authorization self._failed_authorization(reason) if not_anonymous().is_met(request.environ): # The user is authenticated but not allowed. code = 403 status = 'error' else: # The user has not been not authenticated. code = 401 status = 'warning' pylons.response.status = code flash(reason, status=status) abort(code, comment=reason)
def edit(self, address_id, **kw): address = app_model.UserAddress.query.find({ '_id': ObjectId(address_id) }).first() if address is None: flash(_('Address not find')) return redirect(plug_url('stroller2', '/manage/user_address/index')) value = { 'address_id': str(address._id), 'receiver': address.shipping_address['receiver'], 'address': address.shipping_address['address'], 'city': address.shipping_address['city'], 'province': address.shipping_address['province'], 'state': address.shipping_address['state'], 'country': address.shipping_address['country'], 'zip': address.shipping_address['zip'], 'details': address.shipping_address['details'] } return dict(form=get_edit_user_address_form(), value=value, action=plug_url('stroller2', '/manage/address/save'))
def _check_security(self): if not hasattr(self, "allow_only") or self.allow_only is None: log.debug('No controller-wide authorization at %s', request.path) return True try: predicate = self.allow_only predicate.check_authorization(request.environ) except NotAuthorizedError, e: reason = unicode(e) if hasattr(self, '_failed_authorization'): # Should shortcircut the rest, but if not we will still # deny authorization self._failed_authorization(reason) if not_anonymous().is_met(request.environ): # The user is authenticated but not allowed. code = 403 status = 'error' else: # The user has not been not authenticated. code = 401 status = 'warning' pylons.response.status = code flash(reason, status=status) abort(code, comment=reason)
def create(self, **kw): kw['type'] = 'product' bucket = self.photos.get_bucket() kw['product_photos'] = bucket.photos del kw['photos'] try: app_globals.shop.product.create(**kw) flash(_('Product created')) except AlreadyExistingSlugException: flash(_('There is already a product with this slug'), 'error') except AlreadyExistingSkuException: flash(_('There is already a product with this SKU'), 'error') return redirect(plug_url('stroller2', '/manage/product/index'))
def add_to_cart(self, product=None, quantity=1, **kw): print kw return product = app_globals.shop.product.get(_id=product) if product is None: abort(404, 'Product not found') try: cart = app_globals.shop.cart.create_or_get(request.identity['user'].user_id) except CartLockedException: flash(_('The cart is unavailable, try again later'), 'error') return redirect('/product/%s' % product.slug) if not app_globals.shop.product.buy(cart, product, 0, quantity): flash(_('The product is sold out'), 'error') else: flash(_('Product %s added to cart') % product.i18n_name) return redirect('/product/%s' % product.slug)
def add_to_cart(self, product=None, quantity=1, **kw): return product = app_globals.shop.product.get(_id=product) if product is None: abort(404, 'Product not found') try: cart = app_globals.shop.cart.create_or_get( request.identity['user'].user_id) except CartLockedException: flash(_('The cart is unavailable, try again later'), 'error') return redirect('/product/%s' % product.slug) if not app_globals.shop.product.buy(cart, product, 0, quantity): flash(_('The product is sold out'), 'error') else: flash(_('Product %s added to cart') % product.i18n_name) return redirect('/product/%s' % product.slug)
code = 403 status = 'error' else: # The user has not been not authenticated. code = 401 status = 'warning' pylons.response.status = code flash(reason, status=status) abort(code, comment=reason) except NotAuthorizedError, e: reason = getattr(e, 'msg', 'You are not Authorized to access this Resource') code = getattr(e, 'code', 401) status = getattr(e, 'status', 'error') pylons.response.status = code flash(reason, status=status) abort(code, comment=reason) def _configured_engines(): """ Returns a set containing the names of the currently configured template engines from the active application's globals """ g = pylons.app_globals._current_obj() if not hasattr(g, 'tg_configured_engines'): g.tg_configured_engines = set() return g.tg_configured_engines __all__ = ["DecoratedController"]
# The user is authenticated but not allowed. code = 403 status = 'error' else: # The user has not been not authenticated. code = 401 status = 'warning' pylons.response.status = code flash(reason, status=status) abort(code, comment=reason) except NotAuthorizedError, e: reason = getattr(e, 'msg', 'You are not Authorized to access this Resource') code = getattr(e, 'code', 401) status = getattr(e, 'status', 'error') pylons.response.status = code flash(reason, status=status) abort(code, comment=reason) def _configured_engines(): """ Returns a set containing the names of the currently configured template engines from the active application's globals """ g = pylons.app_globals._current_obj() if not hasattr(g, 'tg_configured_engines'): g.tg_configured_engines = set() return g.tg_configured_engines __all__ = [ "DecoratedController" ]
def delete(self, product_id): product = product_id app_globals.shop.product.delete(product) flash(_('Product deleted')) return redirect(plug_url('stroller2', '/manage/product/index'))
def before_validate(self, remainder, params): if '_signals_subkey' not in params: flash('Not subscribed', status='warning') abort(401, 'Not subscribed')
def delete(self, address_id): app_model.UserAddress.query.remove({'_id': ObjectId(address_id)}) flash(_('Address deleted')) return redirect(plug_url('stroller2', '/manage/address/index'))