def post(self): if self.user: if not self.check_state(): logging.warning("Possible CSRF attack detected!") self.redirect("/") return input_delete_article = self.request.get('delete_article') if input_delete_article: Article.remove(input_delete_article) # Show message: Confirm deletion of article. self.render('message.html', message_delete_article = True) else: input_edit_article = self.request.get('edit_article') input_title = self.request.get('title') input_body = self.request.get('body') article = Article.by_id(input_edit_article) error_title="" error_body="" have_error = False if not valid_title(input_title): # Show the error-message: not a valid title. error_title = True have_error = True if not valid_body(input_body): # Show the error-message: not a valid body. error_body = True have_error = True if have_error: state = self.make_state() # Render page with error-messages. self.render('edit_article.html', user = self.user, article = article, error_title = error_title, error_body = error_body, title_form = input_title, body_form = input_body, state = state) else: # Edit article-entity and commit to Article-DB. article.title = input_title article.body = input_body article.put() # Update memcache Article.update_article_cache(article) # Redirect to homepage self.redirect("/") else: # Prompt user to login. self.render('message.html', message_new_article_1 = True)
def post(self): if self.user: if not self.check_state(): self.redirect("/") return input_title = self.request.get('title') input_body = self.request.get('body') error_title="" error_body="" have_error = False if not valid_title(input_title): # Show the error-message: not a valid title. error_title = True have_error = True if not valid_body(input_body): # Show the error-message: not a valid body. error_body = True have_error = True if have_error: state = self.make_state() # Render page with error-messages. self.render('new_article.html', user = self.user, error_title = error_title, error_body = error_body, title_form = input_title, body_form = input_body, state = state) else: # Create new entry in the Article-DB. article = Article.create(input_title, input_body, self.user.key().id()) article.put() # Update memcache Article.update_article_cache(article) # Redirect to homepage self.redirect("/") else: # Prompt user to login. self.session.add_flash('message_new_article_1', key='homepage_flashes') self.redirect("/")
def post(self): if self.user: if not self.check_state(): self.redirect("/") return # Deactivate account by deleting from User database and # adding to the DeactAccounts database. d = DeactAccounts.create(self.user.key().id(), self.user.name, self.user.email) # Delete user User.remove(self.user.key().id()) # Genrate list of article-keys for the deleted user. article_key_list = Article.keys_by_author(self.user.key().id()) for key in article_key_list: # Store article in DeletdArticle DB article = Article.by_id(key.id()) del_art = DeletdArticle.create(article.title, article.body, article.author) del_art.put() # Delete article from Article DB Article.remove(key.id()) # Logout (delete coockie) self.logout() # Send email notification self.send_email(d.email, 'email_subject.html', 'email_account_deleted.html', subject_type = 'account_deleted') # Render page with message that account was deleted self.session.add_flash('message_delete_account_1', key='homepage_flashes') self.session.add_flash(d.email, key='deleted_email') self.redirect("/") else: # Prompt user to login. self.session.add_flash('message_user_settings_1', key='homepage_flashes') self.redirect("/")
def get(self): article_list = Article.recent(100) for article in article_list: t = article.created.isoformat() article.time = t author = User.by_id(article.author) if author: article.author_name = author.name else: article.author_name = 'Unknown' flashes = self.session.get_flashes('homepage_flashes') input_email = self.session.get_flashes('input_email') if input_email: input_email = input_email.pop()[0] deleted_email = self.session.get_flashes('deleted_email') if deleted_email: deleted_email = deleted_email.pop()[0] if self.user: self.render('homepage.html', user = self.user, article_list = article_list, flashes = flashes, input_email = input_email, deleted_email = deleted_email) else: self.render('homepage.html', article_list = article_list, flashes = flashes, input_email = input_email, deleted_email = deleted_email)
def get(self): article_list = Article.recent(100) for article in article_list: t = article.created.isoformat() article.time = t author = User.by_id(article.author) if author: article.author_name = author.name else: article.author_name = 'Unknown' if self.user: self.render('homepage.html', user = self.user, article_list = article_list) else: self.render('homepage.html', article_list = article_list)
def get(self): if self.user: input_article_id = self.request.get("article") article = Article.get_by_id(int(input_article_id)) if self.user.key().id() == article.author: state = self.make_state() self.render('edit_article.html', user = self.user, article = article, title_form = article.title, body_form = article.body, state = state) else: # Show message that user is not authorized to edit. self.render('message.html', message_edit_article_2 = True) else: # Prompt user to login. self.render('message.html', message_edit_article_1 = True)
def post(self): if self.user: if not self.check_state(): logging.warning("Possible CSRF attack detected!") self.redirect("/") return # Get user input input_password = self.request.get('password') # Check input and set error messages. error_password="" have_error = False if not valid_pw(self.user.email, input_password, self.user.pw_hash): # Set the error-message: incorrect password. error_password = True have_error = True if have_error: state = self.make_state() # Render page with error-messages. self.render('delete_account.html', user = self.user, error_password = error_password, state = state) else: # Deactivate account by deleting from User database and # adding to the DeactAccounts database. d = DeactAccounts.create(self.user.key().id(), self.user.name, self.user.email) d.put() # Delete user User.remove(self.user.key().id()) # Genrate list of article-keys for the deleted user. article_key_list = Article.keys_by_author(self.user.key().id()) for key in article_key_list: # Store article in DeletdArticle DB article = Article.by_id(key.id()) del_art = DeletdArticle.create(article.title, article.body, article.author) del_art.put() # Delete article from Article DB Article.remove(key.id()) # Logout (delete coockie) self.logout() # Send email notification self.send_email(d.email, 'email_subject.html', 'email_account_deleted.html', subject_type = 'account_deleted') # Render page with message that account was deleted self.render('message.html', message_delete_account_1 = True, deleted_email = d.email) else: # Prompt user to login. self.render('message.html', message_user_settings_1 = True)