def get(self):
if not access.can_see_most_pages(users.GetCurrentUser(),
users.IsCurrentUserAdmin()):
raise Forbidden
img = images.Image.get_by_key(self.request.get("key"))
data = {
"meta":
img.get_info(),
"key":
img.get_key(),
"versions": [
("thumbnail", img.get_url(75, True), img.get_code(75, True)),
("small", img.get_url(200, False), img.get_code(200, False)),
("medium", img.get_url(500, False), img.get_code(500, False)),
("original", img.get_url(), img.get_code()),
]
}
page_title = "Image:" + img.get_key()
data["pages"] = model.WikiContent.find_backlinks_for(page_title)
html = view.view_image(data,
user=users.GetCurrentUser(),
is_admin=users.IsCurrentUserAdmin())
self.reply(html, 'text/html')
def Respond(request, template_name, params=None):
"""Helper to render a response, passing standard stuff to the response.
Args:
request: The request object.
template_name: The template name; '.html' is appended automatically.
params: A dict giving the template parameters; modified in-place.
Returns:
Whatever render_to_response(template_name, params) returns.
Raises:
Whatever render_to_response(template_name, params) raises.
"""
user, _, _ = GetUser(request)
if params is None:
params = {}
if user:
params['user'] = user
params['sign_out'] = users.CreateLogoutURL('/')
params['show_admin_link'] = (users.IsCurrentUserAdmin()
and 'Dev' in os.getenv('SERVER_SOFTWARE'))
params['show_dashboard_link'] = (users.IsCurrentUserAdmin() and 'Dev'
not in os.getenv('SERVER_SOFTWARE'))
else:
params['sign_in'] = users.CreateLoginURL(request.path)
params['help_contact'] = HELP_CONTACT
params['help_phone'] = HELP_PHONE
params['help_person'] = HELP_PERSON
if not template_name.endswith('.html'):
template_name += '.html'
return shortcuts.render_to_response(template_name, params)
def get(self):
if not access.can_see_most_pages(users.GetCurrentUser(),
users.IsCurrentUserAdmin()):
raise Forbidden
lst = images.Image.find_all()
html = view.view_image_list(lst, users.GetCurrentUser(),
users.IsCurrentUserAdmin())
self.reply(html, "text/html")
def testIsCurrentUserAdmin(self):
self.assertFalse(users.is_current_user_admin())
self.assertFalse(users.IsCurrentUserAdmin())
os.environ['USER_IS_ADMIN'] = '0'
self.assertFalse(users.is_current_user_admin())
self.assertFalse(users.IsCurrentUserAdmin())
os.environ['USER_IS_ADMIN'] = '1'
self.assertTrue(users.is_current_user_admin())
self.assertTrue(users.IsCurrentUserAdmin())
def Respond(request, user, template_name, params=None):
"""Helper to render a response, passing standard stuff to the response.
Args:
request: The request object.
user: The User object representing the current user; or None if nobody
is logged in.
template_name: The template name; '.html' is appended automatically.
params: A dict giving the template parameters; modified in-place.
Returns:
Whatever render_to_response(template_name, params) returns.
Raises:
Whatever render_to_response(template_name, params) raises.
"""
if user is None:
user = users.GetCurrentUser()
if params is None:
params = {}
if user:
params['user'] = user
params['sign_out'] = users.CreateLogoutURL('/')
params['is_admin'] = (users.IsCurrentUserAdmin()
and 'Dev' in os.getenv('SERVER_SOFTWARE'))
else:
params['sign_in'] = users.CreateLoginURL(request.path)
params['help_contact'] = HELP_CONTACT
if not template_name.endswith('.html'):
template_name += '.html'
return shortcuts.render_to_response(template_name, params)
def show_home_page(self):
self.response.headers = {
'Content-Type': 'text/html; charset=utf-8',
'Strict-Transport-Security': 'max-age=31536000; preload'
}
if ADMINS_ONLY and not users.IsCurrentUserAdmin():
if users.get_current_user():
self.response.status_int = 403
self.response.write('<h1>Forbidden</h1>')
else:
self.redirect(str(users.create_login_url(
self.request.path_qs)))
return
url = self.request.path_qs[1:]
token = self.get_token_from_cookie()
if not token:
token = self.get_new_token()
else:
if len(url) > 11 and re.search(r'^https?:\/\/', url.lower()):
self.redirect(str(self.encode_url(url, token)), code=307)
return
if len(url) < 5:
url = random.choice(SAMPLE_HOSTS or [''])
content = home_page.replace('%%host%%', self.root_host)
content = content.replace('%%url%%', url)
content = content.replace('%%token%%', token)
content = content.replace('%%year%%',
str(datetime.datetime.now().year))
self.response.write(content)
def post(self):
img = images.Image.get_by_key(self.request.get("key"))
is_admin = users.IsCurrentUserAdmin()
if not is_admin:
raise Forbidden
img.delete()
self.redirect('/w/image/list')
taskqueue.add(url="/w/cache/purge", params={})
def get(self):
user = users.GetCurrentUser()
is_admin = users.IsCurrentUserAdmin()
if not access.can_upload_image(user, is_admin):
raise Forbidden
submit_url = blobstore.create_upload_url(self.request.path)
html = view.view_image_upload_page(user, is_admin, submit_url)
self.reply(html, "text/html")
def post(self):
title = urllib.unquote(str(self.request.get('name'))).decode('utf-8')
is_admin = users.IsCurrentUserAdmin()
if not is_admin:
raise Forbidden
page = model.WikiContent.get_by_title(title)
page.update(body=None, author=None, delete=self.request.get('delete'))
self.redirect(
'/' + urllib.quote(page.title.encode('utf-8').replace(' ', '_')))
taskqueue.add(url="/w/cache/purge", params={})
def get(self):
img = images.Image.get_by_key(self.request.get("key"))
data = {
"meta": img.get_info(),
"key": img.get_key(),
}
is_admin = users.IsCurrentUserAdmin()
if not is_admin:
raise Forbidden
self.reply(view.delete_image(data), 'text/html')
def get(self):
if not access.can_see_most_pages(users.GetCurrentUser(),
users.IsCurrentUserAdmin()):
raise Forbidden
data = {
"pagecount": len(model.WikiContent.get_all()),
"imagecount": len(images.Image.find_all()),
"usercount": len(model.WikiUser.get_all()),
}
self.reply(view.show_statistics_page(data), "text/html")
def get(self):
if not users.IsCurrentUserAdmin():
self.redirect("/admin/notadmin")
template_values = {'templatepath': templatepath, 'dash_active': True}
path = os.path.join(os.path.dirname(__file__),
'../templates/admin/AdminDashboard.html')
self.response.write(template.render(path, template_values))
def get(self):
if not users.IsCurrentUserAdmin():
raise Forbidden
pages = dict([(p.title, {
'author': p.author and p.author.wiki_user.email(),
'updated': p.updated.strftime('%Y-%m-%d %H:%M:%S'),
'body': p.body,
}) for p in model.WikiContent.get_all()])
self.reply(simplejson.dumps(pages),
'application/json',
save_as='gae-wiki.json')
def edit_page(self, title, body=None):
page = model.WikiContent.get_by_title(title)
if body:
page.body = body
user = users.GetCurrentUser()
is_admin = users.IsCurrentUserAdmin()
if not access.can_edit_page(title, user, is_admin):
raise Forbidden
if not body and not page.is_saved():
page.load_template(user, is_admin)
self.reply(view.edit_page(page), 'text/html')
def post(self):
if not access.can_upload_image(users.GetCurrentUser(),
users.IsCurrentUserAdmin()):
raise Forbidden
# After the file is uploaded, grab the blob key and return the image URL.
upload_files = self.get_uploads(
'file') # 'file' is file upload field in the form
blob_info = upload_files[0]
image_page_url = "/w/image/view?key=" + str(blob_info.key())
return self.redirect(image_page_url)
def get(self):
"""Ensure that the user is an admin."""
if not users.GetCurrentUser():
loginUrl = users.CreateLoginURL(self.request.uri)
self.response.out.write('<a href="%s">Login</a>' % loginUrl)
return
if not users.IsCurrentUserAdmin():
self.response.out.write('You must be an admin to view this page.')
return
self._handleRequest()
def post(self):
if not users.IsCurrentUserAdmin():
raise Forbidden
merge = self.request.get('merge') != ''
loaded = simplejson.loads(self.request.get('file'))
for title, content in loaded.items():
page = model.WikiContent.get_by_title(title)
author = content['author'] and users.User(content['author'])
page.update(content['body'], author, False)
self.reply("Done.")
def post(self):
"""Processes requests to move the pointer. Expects arguments
'page_name' and 'll'."""
page = model.WikiContent.get_by_title(self.request.get('page_name'))
if page is None:
raise NotFound('Page not found.')
if access.can_edit_page(page.title, users.GetCurrentUser(),
users.IsCurrentUserAdmin()):
geo = self.request.get('lat') + ',' + self.request.get('lng')
page.set_property('geo', geo)
page.put()
response = [l.strip() for l in page.get_property('geo').split(',')]
self.reply(simplejson.dumps(response), 'application/json')
def show_error_page(self, status_code):
defaults = {
400: '<p class="alert alert-info">Bad request.</p>',
403:
'<p class="alert alert-warning">Access denied, try logging in.</p>',
500: '<p class="alert alert-danger">Something bad happened.</p>',
}
page = model.WikiContent.get_error_page(status_code,
defaults.get(status_code))
self.reply(
view.view_page(page,
user=users.GetCurrentUser(),
is_admin=users.IsCurrentUserAdmin()), 'text/html')
def HandlePost(self):
data = self.request.params.get('data')
new_config_dict = json.loads(data)
if not _ConfigurationDictIsValid(new_config_dict):
return self.CreateError(
'New configuration settings are not properly formatted.', 400)
# Sort config dict in place.
_SortConfig(new_config_dict)
crash_config = CrashConfigModel.Get()
crash_config.Update(users.get_current_user(),
users.IsCurrentUserAdmin(), **new_config_dict)
return self.HandleGet()
def post(self):
title = urllib.unquote(str(self.request.get('name'))).decode('utf-8')
if self.request.get('Preview'):
self.edit_page(title, self.request.get('body'))
return
user = users.GetCurrentUser()
if not access.can_edit_page(title, user, users.IsCurrentUserAdmin()):
raise Forbidden
page = model.WikiContent.get_by_title(title)
page.update(body=self.request.get('body'), author=user, delete=False)
self.redirect(
'/' + urllib.quote(page.title.encode('utf-8').replace(' ', '_')))
taskqueue.add(url="/w/cache/purge", params={})
def HandlePost(self):
new_config_dict = {}
for name in self.request.params.keys():
if name != 'format':
new_config_dict[name] = json.loads(self.request.params[name])
if not _ConfigurationDictIsValid(new_config_dict): # pragma: no cover
return self.CreateError(
'New configuration settings is not properly formatted.', 400)
wf_config.FinditConfig.Get().Update(users.get_current_user(),
users.IsCurrentUserAdmin(),
**new_config_dict)
return self.HandleGet()
def get_content(self):
page = model.WikiContent.get_by_title(self.title)
if self.raw:
return model.WikiContent.parse_body(page.body or '')
else:
if self.revision:
revision = model.WikiRevision.get_by_key(self.request.get("r"))
if revision is None:
raise NotFound("No such revision.")
page.body = revision.revision_body
page.author = revision.author
page.updated = revision.created
return view.view_page(page,
user=users.GetCurrentUser(),
is_admin=users.IsCurrentUserAdmin(),
revision=self.revision)
def show_page(self, title):
if title.startswith('w/'):
raise Exception('No such page.')
if not access.can_read_page(title, users.GetCurrentUser(),
users.IsCurrentUserAdmin()):
raise Forbidden
self.title = title.replace('_', ' ')
self.raw = self.request.get("format") == "raw"
self.revision = self.request.get("r")
if self.raw:
body = self.get_memcache()
content_type = str(body.get("content-type", "text/plain"))
self.reply(body["text"], content_type=content_type)
else:
self.reply(self.get_memcache(), 'text/html')
def _get_path_list(self, user):
# Parse the path into distinct entities
path_list = self.request.path.strip('/').split('/')
if len(path_list) < 2:
# Invalid query
self.error(http.HTTP_ERROR)
self.response.out.write('Invalid request')
else:
# user email passed - make sure this is that user
email = urllib.unquote(path_list[1])
if (users.IsCurrentUserAdmin() or user.email() == email):
return path_list
else:
self.error(http.HTTP_UNAUTHORIZED)
self.response.out.write('Permissions error for ' + email)
return None
def get(self):
if not users.IsCurrentUserAdmin():
self.redirect("/admin/notadmin")
# get all users
all_streams = Stream.query().fetch()
template_values = {
'streams': all_streams,
'templatepath': templatepath,
'liststreams_active': True
}
path = os.path.join(os.path.dirname(__file__),
'../templates/admin/AdminListStreams.html')
self.response.write(template.render(path, template_values))
def get(self):
user = users.get_current_user()
if user:
nickname = user.nickname()
login_url = users.create_logout_url('/')
login_text = 'Sign out'
# Check to see if user is present in StreamUser table, if not add them.
stream_user = ndb.Key('StreamUser', user.user_id()).get()
email_dup_check = len(StreamUser.query(StreamUser.email == user.email()).fetch()) != 0
if not stream_user:
if email_dup_check:
self.response.write("Uh oh! Duplicate email!!!")
return
stream_user = StreamUser(email=user.email(), nickName=nickname, id=str(user.user_id()))
stream_user.put()
else:
self.redirect("/")
return
template_values = {
'html_template': 'MasterTemplate.html',
'user': user,
'user_id': user.user_id(),
'isAdmin': users.IsCurrentUserAdmin(),
'login_url': login_url,
'login_text': login_text,
'app': app_identity.get_application_id()
}
# look for any message
msg = self.get_request_param(fh.message_parm)
if msg not in [None, '']:
template_values['msg'] = msg
self.response.content_type = 'text/html'
path = os.path.join(os.path.dirname(__file__), '../templates/Manage.html')
self.response.write(template.render(path, template_values))
def post(self):
# root_host should be target_host, the host to be proxied
self.root_host = str(self.request.path.strip('/').split('-dot-', 1)[0])
self.target_path = str(self.request.path.split('-dot-', 1)[-1])
if self.root_host: # target host is not empty
self.any()
return
if not ADMINS_ONLY and \
detect_spam(self.request.remote_addr, SPAM_DETECTOR_INTERVAL, SPAM_DETECTOR_COUNT):
logging.warning('Spam')
return
if ADMINS_ONLY and not users.IsCurrentUserAdmin():
return
# if user typed invalid address
if not 'url' in self.request.POST or \
len(self.request.POST['url']) < 4 or \
not 'token' in self.request.POST or \
not self.is_valid_token(self.request.POST['token']):
logging.error('Broken init post:\r\n' + self.request.body[:999])
logging.error('\r\n'.join([
'%s: %s' % (k, v) for (k, v) in self.request.headers.items()
]))
self.redirect('https://' + self.request.host)
return
token = self.request.POST['token']
url = self.request.POST['url']
if not re.search(r'^(http:\/\/|https:\/\/)', url, flags=re.IGNORECASE):
url = 'http://' + url
# Fix non-latin url: https://ru.wikipedia.org/wiki/Левковские
percent_encoded_url = ''
for c in url:
if ord(c) < 127:
percent_encoded_url += c
else:
percent_encoded_url += urllib.quote(c.encode('utf-8'))
self.redirect(str(self.encode_url(percent_encoded_url, token)))
def Get(self, user):
"""Our handler for HTTP GET requests - the options are:
1) game_ajax/list/<useremail> - fetches a list of games for the passed
user in least-recently-modified order (permissions check is done)
2) game_ajax//move/<id>/<index> - fetches a list of entries for the game
matching the passed ID. Also takes an optional index URL parameter,
in which case we send only entries with an index > t (useful for
checking for updates)
3) game_ajax/chat/<id>/<index> - fetches a list of chat entries
associated with this game. Takes an optional index param
"""
# make sure the user is logged in
self.response.headers['Content-Type'] = 'text/javascript'
# Parse the path into distinct entities
path_list = self.request.path.strip('/').split('/')
if len(path_list) < 2 or len(path_list) > 4:
# Invalid query
self.error(http.HTTP_ERROR)
self.response.out.write('Invalid request')
elif len(path_list) == 2:
# user email passed - make sure they have permission to view the list
email = urllib.unquote(path_list[1])
if (users.IsCurrentUserAdmin() or user.email() == email):
game_list = self._get_game_list(user.email())
# Emit list as array of json entities
self.response.out.write('[')
for game in game_list:
self.emit_game_as_json(game)
self.response.out.write(']')
else:
self.error(http.HTTP_UNAUTHORIZED)
self.response.out.write('Permissions error for ' + email)
else:
# ID passed, look it up
game = gamemodel.Game.get(path_list[2])
if game is None:
self.error(http.HTTP_GONE)
elif not game.user_can_view(user):
self.error(http.HTTP_UNAUTHORIZED)
else:
if (path_list[1] == "chat"):
# Get the last 200 chats on this channel
chatObj = chat.get_chat(str(game.key()), GAME_CHAT_LIMIT)
# Get the chat data - either starting at the start index, or
# using what the user passed in
index = 0
if len(path_list) > 3:
index = int(path_list[3])
if index == 0:
index = chatObj.index
self.response.out.write(
simplejson.dumps(chatObj.to_dict(index)))
else:
# Get the game data
index = 0
if len(path_list) > 3:
index = int(path_list[3])
result = game.to_dict(user)
result["num_moves"] = len(game.game_data)
result["game_data"] = game.game_data[index:]
self.response.out.write(simplejson.dumps(result))
def get(self, mod_id):
iden = int(mod_id)
mod = db.get(db.Key.from_path('Modulo', iden))
listaCampanyas = mod.listaCampanyas
admin = users.IsCurrentUserAdmin()
self.render_template('campanyasModulo.html', {'listaCampanyas': listaCampanyas,'admin':admin})
