def bookmarks(): # Handle forms and redirect to clear post data on browser if request.method == "POST": return utils.common_molt_actions() # Display page elif session.get("current_user") is not None: current_user = utils.get_current_user() page_n = request.args.get("p", 1, type=int) bookmarks = current_user.query_bookmarks() bookmarks = utils.get_current_user().filter_molt_query(bookmarks) bookmarks = bookmarks.paginate(page_n, config.MOLTS_PER_PAGE, False) if request.args.get("ajax_json"): blocks = dict() for block in ("title", "heading", "body"): blocks[block] = render_template( f"bookmarks-ajax-{block}.html", current_page="bookmarks", page_n=page_n, bookmarks=bookmarks, ) return jsonify(blocks) else: return render_template( "bookmarks-content.html" if request.args.get("ajax_content") else "bookmarks.html", current_page="bookmarks", page_n=page_n, bookmarks=bookmarks, ) else: return redirect("/login")
def user_following(username, tab): # Handle forms and redirect to clear post data on browser if request.method == "POST": return utils.common_molt_actions() # Display page elif session.get("current_user") is not None: this_user = models.Crab.get_by_username(username) if this_user is None: return render_template("not-found.html", noun="user") elif this_user.banned: return render_template( "not-found.html", message="This user has been banned.", ) else: followx = None if tab == "ing": followx = this_user.following elif tab == "ers": followx = this_user.followers elif tab == "ers_you_know": followx = utils.get_current_user().get_mutuals_for(this_user) return render_template( "followx.html", current_page=("own-profile" if this_user == utils.get_current_user() else ""), followx=followx, this_user=this_user, tab="follow" + tab, ) else: return redirect("/login")
def profile(profile_id): user = get_current_user() print(user) if current_user.id != int(profile_id): articles, events = collect_from_db_for_index() return render_template('index.html', error="You can only view your own profile", current_user=get_current_user(), articles=articles, events=events) return render_template('profiles.html', profile=user, current_user=user)
def inject_global_template_variables(): return dict( idle=status.idle, current_status=status.current_status, now_building=status.now_building, rev_pending=status.pending_review, user=get_current_user(), current_user=get_current_user(), _all_packages=status.all_packages, pkg_groups=status.package_groups, )
def get(self): google_user = users.get_current_user() if not google_user: self.redirect(users.create_login_url(self.request.uri)) else: app_user = utils.get_current_user() if google_user and not app_user: app_user = utils.init_new_user(google_user) share_hash = utils.url_to_share_key(self.request.uri) q = db.GqlQuery( "SELECT * FROM Playlist WHERE share_hash = :share_hash", share_hash=share_hash) playlist = q.get() if playlist: if not app_user.has_playlist(playlist): last_position = app_user.last_lib_position() library_item = models.Library(user=app_user, position=last_position + 1, playlist=playlist, is_owner=False) library_item.put() flash = "add_shared_playlist" else: flash = "playlist_already_in_lib" else: flash = "playlist_not_found" self.redirect("/?flash=" + flash)
def crabtags(crabtag): # Handle forms and redirect to clear post data on browser if request.method == "POST": return utils.common_molt_actions() # Display page elif session.get("current_user") is not None: page_n = request.args.get("p", 1, type=int) if request.args.get("ajax_json"): blocks = dict() for block in ("title", "heading", "body"): blocks[block] = render_template( f"crabtag-ajax-{block}.html", current_page="crabtag", crabtag=crabtag, page_n=page_n, ) return jsonify(blocks) else: molts = models.Molt.query_fast_with_tag(crabtag) molts = utils.get_current_user().filter_molt_query(molts) molts = molts.paginate(page_n, config.MOLTS_PER_PAGE, False) return render_template( ("crabtag-content.html" if request.args.get("ajax_content") else "crabtag.html"), current_page="crabtag", page_n=page_n, molts=molts, crabtag=crabtag, ) else: return redirect("/login")
def latest_issue(self): user = get_current_user() # Staff can see non-live issues if user and user.is_staff: return self.all()[0] # Otherwise, only show live issues return self.filter(is_live=True)[0]
def notifications(): # Handle forms and redirect to clear post data on browser if request.method == "POST": return utils.common_molt_actions() # Display page elif session.get("current_user") is not None: page_n = request.args.get("p", 1, type=int) notifications = utils.get_current_user().get_notifications( paginated=True, page=page_n) if request.args.get("ajax_json"): blocks = dict() for block in ("title", "heading", "body"): blocks[block] = render_template( f"notifications-ajax-{block}.html", current_page="notifications", notifications=notifications, ) return jsonify(blocks) else: return render_template( "notifications.html", current_page="notifications", notifications=notifications, ) else: return redirect("/login")
def post(self): """Creates a new feed for the logged in user""" user = utils.get_current_user() url = self.request.get('url') if not user: self.error(403) return feed = feedparser.parse(url) feed = feed.get('feed') id = feed.get('id') logo = feed.get('gd_image', {'src': '/img/rss-placeholder.png'}).get('src') title = feed.get('title') link = feed.get('link') m = InputFeed( parent=user, logo=logo, url=url, title=title, link=link, ) m.put() m.fetch_entries(fetch_all=True) self.response.headers['Content-Type'] = 'application/json; charset=utf-8' self.response.headers['Access-Control-Allow-Origin'] = '*' self.response.out.write(json.dumps(m.to_struct()))
def get_token(self): user = get_current_user() if user: oauth_info = get_oauth_by(oauth_type=self.name, uid=g.session['user_id']) if not oauth_info: return return oauth_info.oauth_token
def delete(self, title): """Delete the specified tag for the current user""" user = utils.get_current_user() title = title.decode('utf-8') if not user: self.error(403) return m = Tag.all().ancestor(user).filter('title_lower =', title.lower()).get() if not m: # Original tag not found self.error(404) return entries = Entry.all().filter('tags =', m.key()) # Remove tag from entries for entry in entries: logging.info(entry) entry.tags.remove(m.key()) entry.save() m.delete() self.response.headers['Content-Type'] = 'text/plain; charset=utf-8' self.response.headers['Access-Control-Allow-Origin'] = '*' self.response.out.write('ok')
def post(self, user_id, feed_id, entry_id): """Updates a specific entry""" current_user = utils.get_current_user() if not current_user: self.error(403) return user = User.get_by_id(int(user_id)) if user == None: self.error(404) return if current_user.key() != user.key(): self.error(401) return feed = InputFeed.get_by_id(int(feed_id), parent=user) if feed == None: self.error(404) return entry = Entry.get_by_id(int(entry_id), parent=feed) published = self.request.get('published') if published != None: entry.published = bool(int(published)) entry.save() self.response.headers['Content-Type'] = 'application/json; charset=utf-8' self.response.headers['Access-Control-Allow-Origin'] = '*' self.response.out.write(json.dumps(entry.to_struct()))
def change_requests_list_outcome(): """ get list of DocLostChangeRequest with pagination frontend table required 'page' and 'per_page' parameters, if not then 400 allows filtering and ordered_by "-created_at" """ if 'page' not in request.args.keys( ) and 'per_page' not in request.args.keys(): return abort(400) user = get_current_user() page = int(request.args.get('page')) per_page = int(request.args.get('per_page')) change_request_schema = DocLostChangeRequestListSchema() queryset = filter_queryset(request.args, DocLostChangeRequest) queryset = queryset.filter_by(user_add_id=user.get( 'id')) # filter that show only outcome change requests queryset = queryset.order_by(desc("created_at")) change_requests = queryset.paginate(page=page, per_page=per_page) dump = { 'data': change_request_schema.jsonify(change_requests.items, many=True).json, 'page': change_requests.page, 'per_page': change_requests.per_page, 'total': change_requests.total, 'total_pages': change_requests.pages } return jsonify(dump)
def get(self): google_user = users.get_current_user() if not google_user: self.redirect(users.create_login_url(self.request.uri)) else: app_user = utils.get_current_user() if google_user and not app_user: app_user = utils.init_new_user(google_user) share_hash = utils.url_to_entity_key(self.request.uri) q = db.GqlQuery("SELECT * FROM Playlist WHERE share_hash = :share_hash", share_hash=share_hash) playlist = q.get() if playlist: if not app_user.has_playlist(playlist): last_position = app_user.last_lib_position() library_item = models.Library(user=app_user, position=last_position+1 , playlist=playlist, is_owner=False) library_item.put() flash = "add_shared_playlist" else: flash = "playlist_already_in_lib" else: flash = "playlist_not_found" self.redirect("/?flash="+flash)
def test_login_user(self): method_func = self._get_base_method('post') url = '/login' create_url = '/users' user_data = {'login': '******', 'password': '******'} method_func(create_url, params=user_data) resp = method_func(url, params=user_data) self.assertEqual( get_current_user(request).get_id(), User.get(User.login == user_data.get('login')).get_id()) self.assertEqual(resp.status_int, 200) resp = method_func(url, params={'login': '******', 'password': '******'}) self.assertEqual(resp.status_int, 400) self.assertListEqual(['Password incorrect.'], resp.json.get('errors', {}).get('fields').get('password')) resp = method_func(url, params={ 'login': '******', 'password': '******' }) self.assertEqual(resp.status_int, 400) self.assertListEqual(['Login not found.'], resp.json.get('errors', {}).get('fields').get('login'))
def current_user(): user = utils.get_current_user() if not user: return flask.Response(status=401) return user.to_dict()
def document_inactive_edit(doc_id): doc_lost = DocLost.query.get_or_404(doc_id) json_data = request.get_json() if not json_data: return jsonify({'message': 'Invalid request'}), 400 user = get_current_user() user_dmsudep_id = user.get('dmsudep_id') if doc_lost.dmsudep_issue_id != int(user_dmsudep_id): return jsonify({'message': f'Only dep with id:{user_dmsudep_id} could update the document'}), 403 json_data['user_edit_id'] = user.get('id') doc_lost_schema = DocLostAliensSchema() errors = doc_lost_schema.validate(json_data, partial=True) if errors: return jsonify(errors), 400 ################# save to history model ################# rows = db.inspect(DocLost).columns.keys() history_data = {key: getattr(doc_lost, key) for key in rows if key not in ('id', 'updated_at', 'created_at')} history_data['source_id'] = doc_id db.session.bulk_insert_mappings(DocLostHistory, (history_data,)) data = doc_lost_schema.load(json_data, instance=doc_lost) db.session.add(data) db.session.commit() return jsonify(message='Successfully updated'), 201
def kill_post(post): '''Page confirming the deletion of a post. Accessed by the user via a link at the top of the edit page. Only this code can delete post after validting the user has access. The database query is run using the same configuration that declares login status to insure user has needed access to delete a post. ''' target_post = Post.gql("WHERE url = :url AND author = :author",\ url ='/' + post, \ author = utils.get_current_user()).get() if not target_post: abort(401) if request.method == "POST": # Upon confirmation, empty post requet is sent. target_post.delete() print 'post delete confirmed' print target_post print 'no longer stored' flash(" '{}' is gone.".format(target_post.url)) return redirect( url_for('starter', username=target_post.author.username)) else: flash('!! this will delete post') return render_template('confirm_kill.html')
def get_post_list(**kwargs): """get post list""" user = get_current_user() if user is None: return None current_point = [kwargs['longitude'], kwargs['latitude']] start = kwargs.pop('start', 0) end = kwargs.pop('end', DEFAULT_ITEMS) q1 = Q(active_time__lte=datetime.datetime.utcnow()) q2 = [] for index, value in enumerate(DISTANCE): q2.append( Q(distance=index) & Q(location__near=current_point, location__max_distance=value)) q3 = [] q3.append(Q(category=CATEGORY['PUBLIC'])) q3.append(Q(category=CATEGORY['ADS'])) q3.append(Q(category=CATEGORY['PRIVATE']) & Q(author=user)) q3.append(Q(category=CATEGORY['PROTECTED']) & Q(receivers=user)) return [ obj for obj in Post.objects(q1 & (q2[0] | q2[1] | q2[2] | q2[3]) & (q3[0] | q3[1] | q3[2] | q3[3]))[start:end] ]
def get(self): google_user = users.get_current_user() app_user = utils.get_current_user() if google_user and not app_user: app_user = utils.init_new_user(google_user) self.response.out.write(template.render('player.html', {'user':app_user,'rando': random.random(), 'login_url': users.create_login_url("/"), 'logout_url':users.create_logout_url("/"), 'in_development_enviroment':utils.in_development_enviroment()}))
def put(self, id): self.response.headers['Content-Type'] = 'application/json' user = get_current_user() if user: url = self.request.get('url') title = self.request.get('title') description = self.request.get('description') id = int(self.request.get('id')) domain = reg.search(url) if domain: domain = domain.group() bookmark = Bookmark.get_by_id(id) if bookmark: if bookmark.user.email == user.email: bookmark.url=url bookmark.title=title bookmark.domain=domain bookmark.description=unicode(description) bookmark.changedate=int(time()*1000) bookmark.put() self.response.out.write(json.dumps({'status':'success', 'b':description, 'item':bookmark.to_dict()})) else: self.response.out.write(json.dumps({'status':'error', 'error_type':'Not allowed', "u1":bookmark.user.email, "u2":user.email})) else: self.response.out.write(json.dumps({'status':'error', 'error_type':'Bad id'})) else: self.response.out.write(json.dumps({'status':'error', 'error_type':'Bad link'})) else: self.response.out.write(json.dumps({'status':'error', 'error_type':'Not authorized'}))
def update_response(game_title, post_id, comment_parent_id, comment_id): user = get_current_user() #user=User.query.get(1) comment = Comment.query.filter_by(comment_uuid=comment_id).filter_by( comment_parent_uuid=comment_parent_id).first() comment_parent = Comment.query.filter_by( comment_uuid=comment_parent_id).first() res = {} res['links'] = [{ 'rel': 'return to original post', 'href': f'{url_for("game.post_page", game_title=game_title, post_id=post_id)}' }] if comment.author != user: res['msg'] = 'you are not the author of this comment' return jsonify(res), 400 if not request.json.get('comment_text'): res['msg'] = 'missing comment_text' return jsonify(res), 400 responses = table.query(KeyConditionExpression=Key('comment_id').eq( comment_parent_id))['Items'][0]['responses'] #print(responses) for response in responses: if response['comment_id'] == comment_id: response['comment_text'] = request.json.get('comment_text') response['version_id'] = str(uuid4()) break table.update_item(Key={ 'comment_id': comment_parent_id, }, UpdateExpression='SET responses=:val', ExpressionAttributeValues={':val': responses}) res['msg'] = 'success' return jsonify(res), 200
def create_response(game_title, post_id, comment_id): ''' create response of a comment response_id: uuid, parent_id: uuid of parents comment_text: string, email: current user email, datetime: str(datetime.utcnow()) version_id: uuid ''' user = get_current_user() #user=User.query.get(1) #print(user) if not request.json.get('comment_text'): return jsonify({'msg': 'missing comment_text'}), 400 add_response(user, game_title, post_id, comment_id, request.json.get('comment_text')) return jsonify({ 'msg': 'success', 'links': [{ 'rel': 'return to original post', 'href': f'{url_for("game.post_page",game_title=game_title,post_id=post_id)}' }] }), 200
def unfollow(game_title): user = get_current_user() game = Game.query.filter_by(title=game_title).first() res = {} res['links'] = [ { 'rel': 'game home page', 'href': f'{url_for("game.home")}' }, { 'rel': f'{game_title}', 'href': f'{url_for("game.game_posts",game_title=game_title)}' }, ] if not user: res['msg'] = 'user not found' return jsonify(res), 404 if not game: res['msg'] = 'game not found' return jsonify(res), 404 if game not in user.following_games: res['msg'] = 'you did not follow this game' return jsonify(res), 400 user.following_games.remove(game) db.session.commit() res['msg'] = f'{game_title} successfully unfollowed' return jsonify(res), 200
def delete_response(game_title, post_id, comment_parent_id, comment_id): user = get_current_user() #user=User.query.get(1) comment = Comment.query.filter_by(comment_uuid=comment_id).filter_by( comment_parent_uuid=comment_parent_id).first() comment_parent = Comment.query.filter_by( comment_uuid=comment_parent_id).first() res = {} res['links'] = [{ 'rel': 'return to original post', 'href': f'{url_for("game.post_page", game_title=game_title, post_id=post_id)}' }] if comment.author != user: res['msg'] = 'you are not the author of this comment' return jsonify(res), 400 db.session.delete(comment) db.session.commit() responses = table.query(KeyConditionExpression=Key('comment_id').eq( comment_parent_id))['Items'][0]['responses'] for i in range(len(responses)): if responses[i]['comment_id'] == comment_id: responses = responses[:i] + responses[i + 1:] break table.update_item(Key={ 'comment_id': comment_parent_id, }, UpdateExpression='SET responses=:val', ExpressionAttributeValues={':val': responses}) res['msg'] = 'success' return jsonify(res), 200
def upload_inactive(): if not request.files: # if no files than 400 return 'There is no file in request', 400 upload = request.files['doc_lost'] is_valid, message, dmsudep_owner_id = upload_file_validation( upload) # the validation used from passport user = get_current_user() user_dmsudep_id = user.get('dmsudep_id') if is_valid: save_path = os.path.join(INACTIVE_CSV_DIR, upload.filename) if not os.path.exists(INACTIVE_CSV_DIR): os.makedirs(INACTIVE_CSV_DIR) upload.save(save_path) doc_schema = DocLostUploadSchema() obj = doc_schema.load(data={ # save all data and send to celery "file_upload": save_path, "dep_add_id": user_dmsudep_id, "user_add_id": user.get('id'), }) db.session.add(obj) db.session.commit() task = celery.send_task('tasks.save_docs_lost', args=[obj.id], kwargs={}) # tasks.save_docs_lost(obj.id) return '', 200 else: return message, 400
def update_comment(game_title, post_id, comment_id): ''' similar to update post ''' user = get_current_user() comment = Comment.query.filter_by(comment_uuid=comment_id).filter_by( comment_parent_uuid=comment_id).first() res = {} res['inks'] = [{ 'rel': 'original post', 'href': f'{url_for("game.post_page", game_title=game_title, post_id=post_id)}' }] if comment.author != user: res['msg'] = 'you are not the author of this comment' return jsonify(res), 400 if request.method == 'GET': try: comment = table.get_item(Key={ 'comment_id': comment_id, })['Item'] res['version_id'] = comment['version_id'] return jsonify(res), 200 except: res['msg'] = 'somethign wrong eith dynamodb' return jsonify(res), 400 if not request.json.get('comment_text'): res['msg'] = 'missing comment_text' return jsonify(res), 400 if not request.json.get('version_id'): res['msg'] = 'missing version_id' return jsonify(res), 400 try: table.update_item( Key={ 'comment_id': comment_id, }, UpdateExpression='SET comment_text=:val, version_id=:vid', ConditionExpression='version_id=:version_id', ExpressionAttributeValues={ ':val': request.json.get('comment_text'), ':version_id': request.json.get('version_id'), ':vid': str(uuid4()) }) comment = table.get_item(Key={'comment_id': comment_id})['Item'] comment.pop('responses') requests.post(url + comment_id, auth=awsauth, json=comment, headers=headers) res['msg'] = 'comment updated' return jsonify(res), 200 except: res['msg'] = 'version_id dose not match' return jsonify(res), 417
def change_requests_list_income(): page = int(request.args.get('page')) per_page = int(request.args.get('per_page')) change_request_schema = DocLostChangeRequestListSchema() queryset = filter_queryset(request.args, DocLostChangeRequest) user = get_current_user() user_groups = user.get('groups').values() user_dmsudep_id = user.get('dmsudep_id') if PERMISSIONS[ 'edit_region'] in user_groups: # if user has "edit_region" show all request from region url = f'{EIAS_BASE_URL}{EIAS_GET_DEP}{user_dmsudep_id}/' dep = request_to_passport(url).json() queryset = queryset.filter_by(region_add_id=dep.get('region')) elif PERMISSIONS[ 'edit_own'] in user_groups: # if user has "edit_own" show all request from his dmsudep queryset = queryset.join(DocLostChangeRequest.doc_lost).filter( DocLost.dmsu_add_id == user_dmsudep_id) queryset = queryset.order_by(desc("created_at")) change_requests = queryset.paginate( page=page, per_page=per_page) # for pagination page and per_page is required dump = { 'data': change_request_schema.jsonify(change_requests.items, many=True).json, 'page': change_requests.page, 'per_page': change_requests.per_page, 'total': change_requests.total, 'total_pages': change_requests.pages } return jsonify(dump)
def change_requests_approve(change_request_id): """ Make changes to DocLostChangeRequest object makes the object inactive -> active=False if json_data['approve'] is True? approved field change to True if json_data['approve'] is False, approved field do not change """ user = get_current_user() user_dmsudep_id = user.get('dmsudep_id') change_request = DocLostChangeRequest.query.get_or_404(change_request_id) change_request.active = False # make it False by default change_request.user_processed_id = user.get('id') change_request.dep_processed_id = user_dmsudep_id url = f'{EIAS_BASE_URL}{EIAS_GET_DEP}{user_dmsudep_id}/' dep = request_to_passport(url).json() change_request.region_processed_id = dep.get( 'region') # request to passport in order to get dep region json_data = request.get_json() if json_data['approve']: change_request.approved = json_data[ 'approve'] # if json_data['approve'] is True, approved field change to True else: change_request.reject_text = json_data['reject_text'] db.session.add(change_request) db.session.commit() return jsonify(message='Successfully updated'), 200
def handle_send_command(self, data, sender): ''' Handle send_command event. @type data: Packet @param data: First packet of the communication. @type sender: utils.IPv4Address @param sender: Sender IP address. ''' # 1. packet (task_id, user, cmd) = send_command.parse_packet_1(data) if not user: user = utils.get_current_user() sudo_cmd = self.config.get_sudo_cmd() cmd = "%s -u '%s' %s" % (sudo_cmd, user, cmd) ### Create task task = Task(task_id, user, cmd) # 2. packet packet2 = send_command.make_packet_2() self.network.write(packet2, sender) ### Run task and add task to the running task list task.run() self.tasklist.add_task(sender, task) # 3. packet packet3 = send_command.make_packet_3(task.get_task_id()) self.network.write(packet3, sender) # 4. packet packet4_data = self.network.read_from(sender) packet4 = send_command.parse_packet_4(packet4_data)
def doc_lost_change_request(): """ Add change_request with POST :table DocLostChangeRequestSchema """ sleep( uniform(0, 1) ) # sleep for situation with double click to prevent saving duplicated json_data = request.get_json() doc_lost = DocLost.query.get_or_404(json_data.get('doc_lost_id')) change_request = doc_lost.change_requests.filter_by( active=True).first() # validate if the change_requests exists if change_request: return "The doc already has change request", 400 doc_lost_change_request_schema = DocLostChangeRequestSchema() errors = doc_lost_change_request_schema.validate( json_data) # validate for errors in exists status_code is 400 if errors: return jsonify(errors), 400 user = get_current_user() user_dmsudep_id = user.get('dmsudep_id') json_data['user_add_id'] = user.get('id') json_data['dep_add_id'] = int( user.get('dmsudep_id')) # add save user credentials url = f'{EIAS_BASE_URL}{EIAS_GET_DEP}{user_dmsudep_id}/' dep = request_to_passport( url).json() # request to passport in order to get dep region json_data['region_add_id'] = dep.get('region') data = doc_lost_change_request_schema.load(json_data) db.session.add(data) db.session.commit() return jsonify(message='Successfully created'), 201
def post(self): """Send an invitation mail to the provided email address""" user = utils.get_current_user() if not user: self.error(403) return email = self.request.get('email') token = uuid.uuid1().hex mail.send_invite_email(email, token) m = InviteToken( sender=user.key().id(), email=email, token=token ) m.put() self.response.headers['Content-Type'] = 'application/json; charset=utf-8' self.response.headers['Access-Control-Allow-Origin'] = '*' self.response.out.write(json.dumps({ 'message': 'An invitation email was sent to %s' % email, 'email': email, 'token': token, }))
def post(self): """ Changes the current users nickname """ new_nickname = self.request.get('nickname') if not new_nickname: self.error(409) return new_nickname_lower = new_nickname.lower() user = utils.get_current_user() if not user: self.error(403) return if new_nickname != user.nickname: others = User.all().filter('nickname_lower =', new_nickname_lower).get() if others and others.key() != user.key(): self.error(409) return user.nickname_lower = new_nickname_lower user.nickname = new_nickname user.save() self.response.headers['Content-Type'] = 'application/json; charset=utf-8' self.response.headers['Access-Control-Allow-Origin'] = '*' self.response.out.write(json.dumps(user.to_struct()))
def get(self): self.response.headers['Content-Type'] = 'application/json' user = get_current_user() if user: self.response.out.write(json.dumps(user.to_dict())) else: self.response.out.write(json.dumps({'status':'error', 'error_type':'Not authorized'}))
def delete_comment(game_title, post_id, comment_id): ''' similar to delete post ''' user = get_current_user() #user=User.query.get(1) comment = Comment.query.filter_by(comment_uuid=comment_id).filter_by( comment_parent_uuid=comment_id).first() if comment.author != user: return jsonify({'msg': 'you are not the author of this comment'}), 400 for row in Comment.query.filter_by(comment_parent_uuid=comment_id): db.session.delete(row) db.session.commit() table.delete_item(Key={'comment_id': comment_id}) requests.delete(url + comment_id, auth=awsauth, headers=headers) return jsonify({ 'msg': 'comment deleted', 'links': [{ 'rel': 'original post', 'href': f'{url_for("game.post_page",game_title=game_title,post_id=post_id)}' }] }), 200
def get(self): """ Return info about current logged in user Automatically create internal user models for admin google users. """ user = utils.get_current_user() if not user: google_user = users.get_current_user() if not google_user: self.error(403) return if users.is_current_user_admin(): user = utils.create_user(google_user) else: self.error(401) return data = user.to_struct() data['is_admin'] = users.is_current_user_admin() self.response.headers['Content-Type'] = 'application/json; charset=utf-8' self.response.headers['Access-Control-Allow-Origin'] = '*' self.response.out.write(json.dumps(data))
def search(): # Handle forms and redirect to clear post data on browser if request.method == "POST": return utils.common_molt_actions() # Display page elif session.get("current_user") is not None: query = request.args.get("q") page_n = request.args.get("p", 1, type=int) ajax_content = request.args.get("ajax_content") if request.args.get("ajax_json"): blocks = dict() for block in ("title", "heading", "body"): blocks[block] = render_template( f"search-ajax-{block}.html", current_page="search", query=query, page_n=page_n, ) return jsonify(blocks) else: if query: crab_results = models.Crab.search(query) crab_results = (utils.get_current_user(). filter_user_query_by_not_blocked(crab_results)) molt_results = models.Molt.search(query) molt_results = utils.get_current_user().filter_molt_query( molt_results) molt_results = molt_results.paginate(page_n, config.MOLTS_PER_PAGE, False) else: molt_results = tuple() crab_results = tuple() return render_template( "search-results.html" if ajax_content else "search.html", current_page="search", query=query, page_n=page_n, molt_results=molt_results, crab_results=crab_results, ) else: return redirect("/login")
def post(self): app_user = utils.get_current_user() if(self.request.get('nickname')): app_user.nickname = self.request.get('nickname') app_user.put() self.response.out.write(utils.status_code_json(200))
def post(self): app_user = utils.get_current_user() if (self.request.get('nickname')): app_user.nickname = self.request.get('nickname') app_user.put() self.response.out.write(utils.status_code_json(200))
def add_comment(**kwargs): start=0 end=DEFAULT_ITEMS post=Post.objects.get(id=kwargs['post_id']) user=get_current_user() comment=Comment(author=user,post=post,content=kwargs['content']) comment.save() comments=[obj for obj in Comment.objects(post=post)[start:end]] return comments
def add_comment(**kwargs): start = 0 end = DEFAULT_ITEMS post = Post.objects.get(id=kwargs['post_id']) user = get_current_user() comment = Comment(author=user, post=post, content=kwargs['content']) comment.save() comments = [obj for obj in Comment.objects(post=post)[start:end]] return comments
def post(self): method = self.request.get("_method") key = utils.url_to_entity_key(self.request.uri) if key: playlist = db.get(db.Key(key)) if playlist: current_user = utils.get_current_user() #Get corresponding link library_item = playlist.library_item_for_user(current_user) if method == "PUT": need_version_control = False playlist_changed = False if(self.request.get('position')): #Rights: Can always update this current_user.re_sort_playlists(library_item, int(self.request.get('position'))) if (playlist.collaborative or library_item.is_owner): #Rights: Owner or collaborators can update this if playlist.smart: utils.parse_smart_filters(playlist, self.request) playlist_changed = True if self.request.get('tracks'): playlist.tracks = self.request.get('tracks') playlist_changed = True need_version_control = playlist.collaborative if library_item.is_owner: #Rights: Only owner can update this if(self.request.get('name') and len(self.request.get('name')) > 0): playlist.name = utils.strip_html(self.request.get('name')) playlist_changed = True if(self.request.get('collaborative')): playlist.collaborative = utils.convert_javascript_bool_to_python(self.request.get('collaborative')) playlist_changed = True if playlist_changed: if need_version_control: if self.request.get('version') and not int(self.request.get('version')) < playlist.version: playlist.version += 1 playlist.put() self.response.out.write(utils.status_code_json(200)) else: self.response.out.write(library_item.serialize()) else: playlist.put() self.response.out.write(utils.status_code_json(200)) else: self.response.out.write(utils.status_code_json(200)) elif method == "DELETE": library_item.delete() current_user.re_index_playlists() if not playlist.has_user(): playlist.delete() self.response.out.write(utils.status_code_json(200))
def del_favourite_item(post_id): """从当前用户删除一条收藏""" user = get_current_user() if user is None: return None upr = User_Post_Relation.objects().get(user=user) post = Post.objects().get(id=post_id) post.update(pull__followers=user) upr.update(pull__favourites=post) return get_favourite_items()
def starter(username): print 'at starter!' '''The starter page shows a logged in user their posts, and renders a single field to start a post by entering the post name. ''' add_form = DataForm() add_form.tags.data = utils.get_current_user().username if add_form.validate_on_submit(): # When the post name is entered, forward the user on to write the # other peices of the post with the name prepopulated (but editable). # The route to do this is coded directly below this one return redirect(url_for('add',\ post = add_form.url.data.strip('/'),\ username = username)) return render_template('user.html', form = add_form, posts = Post.gql("WHERE author = :author",\ author = utils.get_current_user()).fetch(limit = None))
def del_favourite_item(post_id): """从当前用户删除一条收藏""" user=get_current_user() if user is None: return None upr=User_Post_Relation.objects().get(user=user) post=Post.objects().get(id=post_id) post.update(pull__followers=user) upr.update(pull__favourites=post) return get_favourite_items()
def current_user(): user = utils.get_current_user() if not user: return flask.Response(status=401) return { 'email': user.email.id() if user.email else '', 'group': user.group.id() }
def get(self, dir=None): user = get_current_user() if user is None: self.redirect('/login') else: template = jinja_environment.get_template('main.html') params = {"username":user.name, "logout": users.create_logout_url('/')} params['header'] = { 'stream':True } params['dir'] = dir self.response.out.write(template.render(params))
def to_start(): '''this is a switch to render the correct home page, taking a user to the start page if they have logged in and to the sign up page if they have not. The `@utils.login_required` decorator above will send a visitor that is not logged in to the login page, so nothing but the below is required. ''' return redirect(url_for('starter',\ username = utils.get_current_user().username))
def logout(): current_user = get_current_user() if current_user is None: articles, events = collect_from_db_for_index() return render_template("index.html", current_user=None, articles=articles, events=events) logout_user() return redirect("/")
def login(self): next_url = url_for('account.register') user = get_current_user() if user: oauth_info = get_oauth_by(oauth_type=self.name, uid=g.session['user_id']) if oauth_info: return redirect(request.referrer or url_for('index')) next_url = url_for('account.bind') callback = '%s%s' % (config.OAUTH_REDIRECT_DOMAIN, url_for('%s_oauth.authorized' % self.name)) return self.oauth_obj.authorize(callback, next_url)
def login(): #print(request.json) user = get_current_user() res = {} res['fields required'] = ['email', 'password'] res['success'] = False res['links'] = [{ 'rel': 'user home page', 'href': f'{url_for("user.home")}', 'type': ['GET'] }] if user: res['msg'] = 'you already logged in' return jsonify(res), 200 #res['msg']='login failed' if request.method == 'GET': #session['msg']='dummy message' return jsonify(res), 200 elif not request.json: return jsonify(res), 400 else: email = request.json.get('email') password = request.json.get('password') if not email: res['error'] = 'Missing email' return jsonify(res), 400 if not password: res['error'] = 'Missing password' return jsonify(res), 400 user = User.query.filter_by(email=email).first() if not user: res['error'] = 'Email not found' res['link'] = [{ 'rel': 'register', 'href': f'{url_for("user.register")}', 'type': ['GET', 'POST'] }] return jsonify(res), 400 if not bcrypt.check_password_hash(user.password, password): res['error'] = 'Wrong password' return jsonify(res), 401 if user.status == 'PENDING': res['error'] = 'please activate your account first, check the activation email' return jsonify(res), 400 res['msg'] = 'login success' res['success'] = True token = user.generate_token(15) res['token'] = token res['token expiry time'] = 15 * 60 res['refresh_token'] = user.generate_token(60) res['refresh_token expiry time'] = 60 * 60 #print(jwt.decode(res['token'],application.config['SECRET_KEY'])) #session['token']=token return jsonify(res), 200
def questionnaire(): user = get_current_user() if user and user.consented: graph = facebook.GraphAPI(user.get_short_term_token().access_token) profile = graph.get_object('me') return render_template('questionnaire.html', form=EpisodeForm(), me=profile, name=FACEBOOK_APP_NAME, user=user, year=datetime.utcnow().year) return redirect('/')
def get_receives(**kwargs): """get the current user's receives list""" user=get_current_user() if user is None: return None start=kwargs.pop('start',0) end=kwargs.pop('end',DEFAULT_ITEMS) try: upr=User_Post_Relation.objects.get(user=user) return [post for post in upr.receives[start:end]] except: return []
def get_favourite_items(**kwargs): """获取当前登录用户的收藏列表""" user =get_current_user() if user is None: return None try: upr=User_Post_Relation.objects().get(user=user) start=kwargs.pop('start',0) end=kwargs.pop('end',DEFAULT_ITEMS) return [post for post in upr.favourites[start:end]] except: return []
def post(self): #Create new playlist current_user = utils.get_current_user() playlist = models.Playlist(name = self.request.get("name"),owner=current_user, smart = utils.convert_javascript_bool_to_python(self.request.get("smart")), share_hash = utils.generate_share_hash()) if playlist.smart: utils.parse_smart_filters(playlist, self.request) playlist.put() library_item = models.Library(user=current_user, playlist=playlist, is_owner=True, position = int(self.request.get("position"))) library_item.put() self.response.out.write(library_item.serialize())
def post(self): """Creates a new tag for the logged in user""" user = utils.get_current_user() title = self.request.get('title') new_title = self.request.get('newTitle') or None if not user: self.error(403) return if not title: self.error(400) # Create new tag if not new_title: m = Tag.all().ancestor(user).filter('title_lower =', title.lower()).get() if m: # Not unique self.error(409) return m = Tag( parent=user, title=title, title_lower=title.lower(), ) m.put() # Rename Tag else: m = Tag.all().ancestor(user).filter('title_lower =', new_title.lower()).get() if m: # Not unique self.error(409) return m = Tag.all().ancestor(user).filter('title_lower =', title.lower()).get() if not m: # Original tag not found self.error(404) return m.title = new_title m.title_lower = new_title.lower() m.save() self.response.headers['Content-Type'] = 'text/plain; charset=utf-8' self.response.headers['Access-Control-Allow-Origin'] = '*' self.response.out.write('ok')
def get(self, last_feed=0): last_feed = int(last_feed) if last_feed == 0: last_feed = inf self.response.headers['Content-Type'] = 'application/json' user = get_current_user() if user: q = Bookmark.all().filter('user ='******'changedate <', last_feed) \ .order('-changedate').run(limit=50) #self.response.out.write(json.dumps({'error': True, 'error_type': 'Bad params', 'original': word})) self.response.out.write(json.dumps([i.to_dict() for i in q])) else: self.response.out.write(json.dumps({'error': True, 'error_type': 'Not authorized'}))
def login(): roles={1:"stu",2:"admin",3:"teacher"} if request.method == 'GET': usr = get_current_user() if usr is not None: return redirect("/"+roles[usr.role]) return render_template('account/login.html') form = LoginForm(request.form) if form.validate(): login_user(form.user) return redirect("/"+roles[form.user.role]) for fieldName, errorMessages in form.errors.iteritems(): for err in errorMessages: flash(err) return render_template('account/login.html')
def get(self): """Gets the tags for the logged in user""" user = utils.get_current_user() if not user: self.error(403) return tags = Tag.all().ancestor(user) self.response.headers['Content-Type'] = 'application/json; charset=utf-8' self.response.headers['Access-Control-Allow-Origin'] = '*' tags = [i.to_struct() for i in tags] self.response.out.write(json.dumps(tags))