def single_entry(request, entry_id): entry_dict = session.query(Entry).filter(Entry.id == entry_id).one().to_api_dict() entry_dict["comments"] = [ comment.to_api_dict() for comment in session.query(Comment).filter(Comment.entry == entry_id).order_by(Comment.created) ] return render_json(entry_dict)
def password_salt(): try: salt = session.query(ConfigOption.value).filter(ConfigOption.key=='password_salt').one().value except NoResultFound: salt = b64encode(os.urandom(16)) co = ConfigOption('password_salt', salt) session.add(co) return salt
def __call__(self, request, *args, **kwargs): try: user = session.query(User).filter(User.id==request.client_session['user_id']).one() if not user.editor: return InsufficientPermissions except (KeyError, NoResultFound): return InsufficientPermissions request.user = user return self.f(request, *args, **kwargs)
def create_user(request): try: u = session.query(User).filter(User.username == request.form["username"]).one() logging.debug("Not creating user %s, username already in use." % request.form["username"]) return DuplicateError except NoResultFound: pass u = User( request.form["username"], request.form["fullname"], hash_password(request.form["password"]), request.form["editor"] == "true", request.form["superuser"] == "true", ) # handle query errors and return a valid response session.add(u) session.commit() u = session.query(User).filter(User.username == request.form["username"]).one() return render_json(u.to_api_dict())
def user_login(request): if request.form["username"] == "admin" and request.form["password"] == ADMIN_PASSWORD: request.client_session["user_id"] = -1 return user_profile(request, -1) user = ( session.query(User) .filter(User.username == request.form["username"]) .filter(User.password == hash_password(request.form["password"])) .one() ) request.client_session["user_id"] = user.id return render_json(user.to_api_dict())
def __call__(self, request, *args, **kwargs): is_admin = False try: is_admin = int(request.client_session['user_id']) == -1 except KeyError: pass if is_admin: return self.f(request, *args, **kwargs) try: user = session.query(User).filter(User.id==request.client_session['user_id']).one() except (KeyError, NoResultFound): return InsufficientPermissions request.user = user return self.f(request, *args, **kwargs)
def __call__(self, request, *args, **kwargs): # handle admin is_admin = False try: is_admin = int(request.client_session['user_id']) == -1 except KeyError: pass if is_admin: return self.f(request, *args, **kwargs) # check db try: user = session.query(User).filter(User.id==request.client_session['user_id']).one() if not user.superuser: return InsufficientPermissions except KeyError: return InsufficientPermissions except NoResultFound: logging.debug('Invalid user ID (%d) supplied in valid cookie' % request.client_session['user_id']) return self.f(request, *args, **kwargs)
def user_profile(request, user_id): if user_id == -1: user = User("admin", "Administrator User", "", False, True, True) user.id = -1 return render_json(user.to_api_dict()) return render_json(session.query(User).filter(User.id == user_id).one().to_api_dict())
def delete_entry(request, entry_id): session.query(Entry).filter(Entry.id == entry_id).delete() session.commit()
def latest_entries(request, count, offset): return render_json( [entry.to_api_dict() for entry in session.query(Entry).order_by(Entry.created).offset(offset).limit(count)] )
def users_list(request, count, offset): user_q = session.query(User).order_by(User.username).offset(offset).limit(count) users_list = [u.to_api_dict() for u in user_q] print users_list return render_json(users_list)
def delete_user(request, user_id): session.query(User).filter(User.id == user_id).delete() session.commit() return render_json({"id": user_id})