def friend_set(request): curr_user = get_user(request) id1 = int(request.matchdict['id1']) id2 = int(request.matchdict['id2']) id3 = int(request.matchdict['id3']) if (not curr_user) or (curr_user.id != id1) or id1 == id2: return Response("1") else: is_error = False u2 = DBSession.query(Student).filter(Student.id == id2).one() if not u2: return Response("1") if id3 > 0 and u2 not in curr_user.friends: try: curr_user.friends.append(u2) except: is_error = True if id3 <= 0 and u2 in curr_user.friends: try: curr_user.friends.remove(u2) except: is_error = True if is_error: return Response("1") else: return Response("0")
def job_detail_view(context, request): jquery.need() pos_id = request.matchdict['id'] pos_id = int(pos_id) user = get_user(request) interest = "" if user.interest: interest = user.interest industry = "" if user.industry: industry = user.industry if interest == "" and industry == "": pos_like = DBSession.query(Position).all()[0:5] else: pos_like = DBSession.query(Position).join(CompanyInfo).filter( or_(Position.title.like(interest) , CompanyInfo.industry.like(industry)) )[0:5] pos = DBSession.query(Position).get(pos_id) return { 'pos': pos, 'pos_like': pos_like, }
def view_index(request): if get_user(request): return HTTPFound("/home") result = DBSession.query(Act).limit(6) return {'meetups': result}
def resume_view(context, request): jquery.need() user = get_user(request) if not user: raise UserNotFount() if "add_resume" in request.POST: title = request.POST['resume_title'] if title.strip() != '': resume = resources.Resume(title=title, user=user) #DBSession.add(resume) #DBSession.flush() #return HTTPFound(location='/resume_edit2/%d' % resume.id) elif "operator" in request.POST: ops = request.POST['operator'] print ops if ops == 'del_resume': id = request.POST['operator_id'] resume = DBSession.query(resources.Resume).get(id) if resume and resume.user_id == user.id: DBSession.delete(resume) return wrap_user(request,{ 'resumes':user.resumes, 'pcs':user.position_items, })
def get_lineage(context, request, location): # [TODO] Move these function calls out to caller. user = get_user(request) settings = navigation_settings() show_hidden = asbool( settings['{0}_show_hidden_while_logged_in'.format(location)]) content_types_to_include = \ settings['{0}_include_content_types'.format(location)] content_types_to_exclude = \ settings['{0}_exclude_content_types'.format(location)] if show_hidden and user: if content_types_to_include: items = [item for item in list(lineage(context)) if item.__class__ not in content_types_to_exclude and item.__class__ in content_types_to_include] else: items = [item for item in list(lineage(context)) if item.__class__ not in content_types_to_exclude] else: if content_types_to_include: items = [item for item in list(lineage(context)) if item.__class__ in content_types_to_include and item.in_navigation and item.__class__ not in content_types_to_exclude] else: items = [item for item in list(lineage(context)) if item.in_navigation and item.__class__ not in content_types_to_exclude] return items
def job_manager_view(context, request): print 'hear' user = get_user(request) if not user: raise UserNotFount() pos_apply = DBSession.query(Position).join(PositionResume).filter(PositionResume.resume_id==user.id) return {'pos_apply':pos_apply, 'collects':user.positions}
def view_review(context, request): jquery.need() contextbody = jinja2.Markup(context.body) user = get_user(request) if request.POST : if user is None: request.session.flash(u"请先登陆..","info") came_from = request.url return HTTPFound("/login?came_from=%s" % came_from) if 'submit' in request.POST: comment_content = request.params.get("review-comment-input") comment = Comment() comment.type = comment.TYPE_MEETUP_REVIEW comment.user_id = user.id comment.document_id = context.id # ACTION!!!: There is a SQL injection risk here! should be prevented comment.content = comment_content DBSession.add( comment) DBSession.flush() return wrap_user2(request, {'context':context, 'contextbody': contextbody, 'comments_count': len(context.comments) })
def ajax_person(request): ret = None user = get_user(request) if not user: return RetDict(errcode=RetDict.ERR_CODE_NOT_LOGIN) method = request.POST.get("method", None) if not method and method not in ['update_privacy_level']: return RetDict(errcode=RetDict.ERR_CODE_WRONG_PARAM) try: email_privacy_level = request.POST.get("email-privacy-level", 5) title_privacy_level = request.POST.get("title-privacy-level", 5) phone_privacy_level = request.POST.get("phone-privacy-level", 5) company_privacy_level = request.POST.get("company-privacy-level", 9) user.email_privacy_level = email_privacy_level user.title_privacy_level = title_privacy_level user.phone_privacy_level = phone_privacy_level user.company_privacy_level = company_privacy_level ret = RetDict(retval="OK") except Exception,ex: ret = RetDict(errmsg="%s" % ex)
def get_messages(type, context, request): jquery.need() cur_user = get_user(request) if not cur_user: return HTTPFound(location="/login?came_from=%s" % request.url) messages = [] if type == 'all_messages': messages = DBSession.query(Message).filter_by(reciever_id=cur_user.id).all() elif type == 'system_messages': messages = DBSession.query(Message).filter( and_( Message.reciever_id==cur_user.id, or_(Message.type==0 , Message.type==1 , Message.type==10) )).all() elif type == 'friend_messages': messages = DBSession.query(Message).filter_by(reciever_id=cur_user.id, type=2).all() elif type == 'view_invitation_person': messages = DBSession.query(Message).filter_by(reciever_id=cur_user.id, type=11).all() elif type == 'view_invitation_meetup': messages = DBSession.query(Message).filter_by(reciever_id=cur_user.id, type=12).all() elif type == 'view_invitation_code': messages = view_or_generate_inviation_code(user) return {'type': type, 'messages': messages}
def api_infobox(context, request): PROMPT_FRIEND = 'prompt_friend' #推荐好友给好友 PROMPT_MEETUP = 'prompt_meetup' #推荐活动给好友 MARK_AS_READ = 'mark_as_read' cur_user = get_user(request) if not cur_user: return RetDict(errcode=RetDict.ERR_CODE_NOT_LOGIN) if not request.POST : return {} method = request.POST.get('method',None) if method not in [PROMPT_FRIEND, MARK_AS_READ, PROMPT_MEETUP]: return RetDict(errcode=RetDict.ERR_CODE_WRONG_PARAM) if method == PROMPT_FRIEND: return prompt_friend(cur_user, context, request) elif method == MARK_AS_READ: return mark_msg_read(cur_user, context, request) elif method == PROMPT_MEETUP: return prompt_meetup(cur_user, context, request) return {}
def avatar_upload(context, request): user = get_user(request) if not user: return {"code":401, "msg": u"请先登陆", "pid": 0} # print(img) # img.save("abc.png") # img.save("abc.jpg") # img.save("abc80.jpg", quality=80) try: # learn from :http://stackoverflow.com/questions/19816033/converting-binary-file-into-pil-image-datatype-in-google-app-engine imgfile = StringIO(request.body) img = Image.open(imgfile) now = datetime.now() img_name = "avatar%d_%s.jpg" % ( user.id, now.strftime("%Y%m%d%H%M%S") ) img.save('mba/static/img/avatars/%s' % img_name, quality=85) user.avatar = '/fanstatic/mba/img/avatars/%s' % img_name return {"code":200, "msg": user.avatar, "pid": 0} except Exception, ex: errmsg = "%s" % ex return {"code":500, "msg": errmsg, "pid": 0}
def view_my_meetups(context, request): user = get_user(request) jquery.need() my_participate = None if user is not None: my_participate = DBSession.query(Participate).filter_by(user_id=user.id).limit(5) return {'my_meetups': my_participate}
def admin_home_banners(context, request): jquery.need() user = get_user(request) if not user: return HTTPFound(location="/login?came_from=%s" % request.url) if 'method' in request.POST: # mt stands for meetup-type try: method = request.POST['method'] # del-banner if method == 'del-banner': mt_id = int(request.POST['banner-id']) to_op_mt = DBSession.query(Banner).filter_by(id=mt_id).first() banner_id = request.POST.get('banner-id', None) if not banner_id : return RetDict(errcode=RetDict.ERR_CODE_WRONG_PARAM) try: banner_id = int(banner_id) except ValueError,e: return RetDict(errcode=RetDict.ERR_CODE_WRONG_PARAM) banner = DBSession.query(Banner).filter_by(id=banner_id).first() if not banner: return RetDict(errcode=RetDict.ERR_CODE_WRONG_PARAM) DBSession.delete(banner) msg = u"成功删除BANNER %d" % banner_id request.session.flash(msg, 'success') return RetDict(retval=msg) except Exception,ex: err_msg = "错误:%s" % ex request.session.flash(err_msg, 'danger') return RetDict(errmsg=err_msg)
def user(self) -> Optional[Principal]: """ Add the authenticated user to the request object. :result: the currently authenticated user :rtype: :class:`kotti.security.Principal` or whatever is returned by the custom principals database defined in the ``kotti.principals_factory`` setting """ return get_user(self)
def user(self): """ Add the authenticated user to the request object. :result: the currently authenticated user :rtype: :class:`kotti.security.Principal` or whatever is returned by the custom principals database defined in the ``kotti.principals_factory`` setting """ return get_user(self)
def default_caching_policy_chooser(context, request, response): if request.method != 'GET' or response.status_int != 200: return None elif isinstance(response, FileResponse): return 'Cache Resource' elif get_user(request) is not None: return 'No Cache' elif response.headers['content-type'].startswith('text/html'): return 'Cache HTML' else: return 'Cache Media Content'
def default_caching_policy_chooser(context, request, response): if request.method != "GET" or response.status_int != 200: return None elif isinstance(response, FileResponse): return "Cache Resource" elif get_user(request) is not None: return "No Cache" elif response.headers["content-type"].startswith("text/html"): return "Cache HTML" else: return "Cache Media Content"
def login(context, request): user = get_user(request) if user : # already login, redirect to home page return HTTPFound(location="/") schema = LoginSchema(validator=user_password_match_validator).bind(request=request) form = deform.Form(schema, buttons=[deform.form.Button(u'submit', title=u'登录', css_class="btn btn-primary")], css_class="border-radius: 4px;box-shadow: 0 1px 3px rgba(0,0,0,0.075);" ) rendered_form = None principals = get_principals() came_from = request.params.get( 'came_from', request.resource_url(context)) login, password = u'', u'' if 'submit' in request.POST: try: appstruct = form.validate(request.POST.items()) except ValidationFailure, e: # msg = [ _(u"%s is %s") for (k,v) in e.error.items() ] # msg = u",".join( [m for m in e.error.messages] ) request.session.flash(_(u"登陆失败" ), 'danger') #request.session.flash(_(u"登陆失败:%s" % e.error), 'error') # showing 登陆失败 {'password': u'shorting than miminum length 6'} rendered_form = e.render() else: user = _find_user(appstruct['email_or_username']) if (user is not None and user.status == user.ACTIVE and principals.validate_password(appstruct['password'], user.password)): headers = remember(request, user.name) # TODO: i18n does not work # request.session.flash( # _(u"欢迎登陆, ${user}!", # mapping={'user': '******' }), 'success') # request.session.flash( # _(u"欢迎登陆, %s!" % (user.real_name or user.name ) ), 'success') user.last_login_date = datetime.now() if came_from == 'login': came_from = '/' return HTTPFound(location=came_from, headers=headers) elif user.status == user.INACTIVE: return HTTPFound(location='/register_finish') elif user.status == user.TO_FULLFIL_DATA: headers = remember(request, user.name) return HTTPFound(location='/register_details', headers=headers) request.session.flash(_(u"登陆失败,用户名或密码错误."), 'danger')
def job_collect_view(context, request): pos_id = request.matchdict['id'] pos_id = int(pos_id) user = get_user(request) try: pos = DBSession.query(Position).get(pos_id) if pos not in user.positions: user.positions.append(pos) except: return Response("error") return Response("ok")
def view_job(request): resumes = [] user = get_user(request) if not user: raise UserNotFount() if not user.resume: user.resume = Resume(title=u'默认简历') DBSession.flush() resumes.append(user.resume) return { 'resumes': resumes }
def wrap_user(request, ret_dict_to_update): user = get_user(request) if user : if user.status == user.INACTIVE : return HTTPFound(location="/register_finish") elif user.status == user.TO_FULLFIL_DATA: return HTTPFound(location="/register_details") elif user.status == user.BANNED: return Response("USER BANNED") ret_dict_to_update.update({'user':user}) return ret_dict_to_update
def get_children(context, request): settings = navigation_settings() user = get_user(request) show_hidden = asbool(settings['show_hidden_while_logged_in']) ex_cts = settings['exclude_content_types'] if show_hidden and user: children = [c for c in context.children_with_permission(request) if c.__class__ not in ex_cts] else: children = [c for c in context.children_with_permission(request) if c.in_navigation and c.__class__ not in ex_cts] return children
def get_lineage(context, request): settings = navigation_settings() user = get_user(request) show_hidden = asbool(settings['show_hidden_while_logged_in']) ex_cts = settings['exclude_content_types'] if show_hidden and user: items = [item for item in list(lineage(context)) if item.__class__ not in ex_cts] else: items = [item for item in list(lineage(context)) if item.in_navigation and item.__class__ not in ex_cts] return items
def view_meetup_types(context, request): jquery.need() user = get_user(request) if not user: return HTTPFound(location="/login?came_from=%s" % request.url) err_msg = u"" if 'method' in request.POST: # mt stands for meetup-type try: method = request.POST['method'] # add-mt, del-mt, mdf-mt if method == 'add-mt': new_type_title = request.POST['mt-title'] DBSession.add( MeetupType(title=new_type_title)) request.session.flash((u"成功添加:'%s'" % new_type_title), 'success') else: mt_id = int(request.POST['mt-id']) to_op_mt = DBSession.query(MeetupType).filter_by(id=mt_id).first() mt_title = request.POST['mt-title'] if not to_op_mt: raise Exception(u"错误的参数") if method == 'del-mt': DBSession.delete(to_op_mt) request.session.flash(_(u"成功删除'%s'" % mt_title), 'success') elif method == 'mdf-mt': to_op_mt.title = mt_title request.session.flash(_(u"修改成功!"), 'success') else: err_msg = u"错误的方法" request.session.flash(_(u"错误的参数")) except Exception,ex: err_msg = "%s" % ex request.session.flash(_(u"错误:'%s'" % err_msg), 'danger') finally:
def get_children(context, request): settings = navigation_settings() user = get_user(request) show_hidden = asbool(settings['show_hidden_while_logged_in']) ex_cts = settings['exclude_content_types'] if show_hidden and user: childs = [child for child in context.values() if has_permission('view', child, request) and child.__class__ not in ex_cts] else: childs = [child for child in context.values() if child.in_navigation and has_permission('view', child, request) and child.__class__ not in ex_cts] return childs
def ajax_invitation(context, request): cur_user = get_user(request) if not cur_user: return RetDict(errcode=RetDict.ERR_CODE_NOT_LOGIN) if request.POST : type = request.POST.get('type',None) if type == 'meetup': return api_meetup_invitation(cur_user, context, request) elif type == 'person': pass return {}
def view_my_meetups(context, request): user = get_user(request) jquery.need() generated = DBSession.query(InvitationCode).filter_by(sender_id=user.id).all() if not generated: # TODO: 根据用户组的权限生成相应数量的注册码,暂时为10个 # print user.groups count = 10 toadd = [] import hashlib import datetime def generate_invitation_code(ii): # TODO: F**k! I don't care about the code collision right now! code = str(user.id * 100 + ii) strcode = hashlib.md5(code).hexdigest() return strcode[:6].upper() now = datetime.datetime.now(tz=None) for i in range(count): code = generate_invitation_code(i) expiration = now + datetime.timedelta(days = 7*(i+1)) toadd.append( InvitationCode(code=code, sender_id=user.id, receiver_id=None, expiration=expiration ) ) DBSession.add_all(toadd) DBSession.flush() generated = DBSession.query(InvitationCode).filter_by(sender_id=user.id).all() return {'invitationcode': generated}
def get_my_friends(request): cur_user = get_user(request) if not cur_user: return RetDict(errcode=RetDict.ERR_CODE_NOT_LOGIN) friends = cur_user.all_friends json_friends = [ {'id': i.id, 'name': i.name, 'real_name': i.real_name , 'avatar': i.avatar } for i in friends ] return RetDict(retval=json_friends)
def get_children(context, request, location): """Returns the children of a given context depending on the global settings and the optional location. """ # [TODO] Move these function calls out to caller. user = get_user(request) settings = navigation_settings() show_hidden = asbool( settings['{0}_show_hidden_while_logged_in'.format(location)]) content_types_to_include = \ settings['{0}_include_content_types'.format(location)] content_types_to_exclude = \ settings['{0}_exclude_content_types'.format(location)] if show_hidden and user: if content_types_to_include: children = [ c for c in context.children_with_permission(request) if c.type_info.name not in content_types_to_exclude and c.type_info.name in content_types_to_include ] else: children = [ c for c in context.children_with_permission(request) if c.type_info.name not in content_types_to_exclude ] else: if content_types_to_include: children = \ [c for c in context.children_with_permission(request) if c.type_info.name in content_types_to_include and c.in_navigation and c.type_info.name not in content_types_to_exclude] else: children = \ [c for c in context.children_with_permission(request) if c.in_navigation and c.type_info.name not in content_types_to_exclude] return children
def resume_edit2(context, request): jquery.need() jqueryui.need() jquery_form.need() #deform_js.need() timepicker.need() ui_bootstrap_theme.need() resume_edit_js.need() user = get_user(request) if not user: raise UserNotFount() resume_id = request.matchdict['id'] resume_id = int(resume_id) person_schema = PersonInfo().bind(request=request) if "person_info" in request.POST: try: person_info = person_schema.deserialize(request.POST) person2user(user, person_info) person_info['__result'] = 0 except colander.Invalid as e: print e # "1" means validate error in serve person_info = {} person_info['__result'] = 1 return Response(json.dumps(person_info, cls=MyEncoder)) elif "education" in request.POST: return edit_education(request, user, resume_id) elif "experience" in request.POST: return edit_job(request, user, resume_id) elif "project" in request.POST: return edit_project(request, user, resume_id) resume = DBSession.query(resources.Resume).filter_by(user=user, id=resume_id).first() return wrap_user(request,{ 'resume_id':resume_id, 'person_info':person_schema.serialize(user2person(user)), 'edu':EducationsWidget(resume_id, resume.educations), 'exp':JobsWidget(resume_id, resume.jobs), 'prj': ProjectWidget(resume_id, resume.projects), })
def get_lineage(context, request, location): # [TODO] Move these function calls out to caller. user = get_user(request) settings = navigation_settings() show_hidden = asbool( settings['{0}_show_hidden_while_logged_in'.format(location)]) content_types_to_include = \ settings['{0}_include_content_types'.format(location)] content_types_to_exclude = \ settings['{0}_exclude_content_types'.format(location)] if show_hidden and user: if content_types_to_include: items = [ item for item in list(lineage(context)) if item.type_info.name not in content_types_to_exclude and item.type_info.name in content_types_to_include ] else: items = [ item for item in list(lineage(context)) if item.type_info.name not in content_types_to_exclude ] else: if content_types_to_include: items = [ item for item in list(lineage(context)) if item.type_info.name in content_types_to_include and item.in_navigation and item.type_info.name not in content_types_to_exclude ] else: items = [ item for item in list(lineage(context)) if item.in_navigation and item.type_info.name not in content_types_to_exclude ] return items
def view_home(context, request): user = get_user(request) if not user: return HTTPFound("/login") jqueryui.need() first_available_invitation_code = None if len(user.available_invitation_codes)>0: first_available_invitation_code = user.available_invitation_codes[0].code d = query_meetups(request) d.update(query_info(request)) d.update(query_banners(request)) d.update(persons_maybe_know(user)) d.update({'application_url': request.application_url}) d.update({'all_pos': query_by_cities()}) d.update({'first_available_invitation_code': first_available_invitation_code}) return d
def view_person(request): jquery.need() jqueryui.need() jquery_form.need() curr_user = get_user(request) if not curr_user: return HTTPFound(location="/login?came_from=%s" % request.url) if "hd_id" in request.POST: try: post = request.POST userid = int(post['hd_id']) user = DBSession.query(Student).get(userid) if curr_user.id != user.id: return Response("ERROR") #user.email = post['email'] user.phone = post['phone'] user.company = post['company'] user.industry = post['industry'] city = DBSession.query(City).filter_by(name=post['city_name']).first() if city: user.city_id = city.id else: user.city_name = post['city_name'] user.school = post['school'] user.special_skills = [i.strip() for i in post['special_skills'].split(",") ] user.interests = [i.strip() for i in post['interests'].split(",") ] user.between = [i.strip() for i in post['between'].split(",") ] user.introduction = post['introduction'] user.real_name = post['real_name'] user.title = post['title'] person_info_widget = PersonInfoWidget(user, cur_user=curr_user) return Response(person_info_widget.render()) except Exception,ex: print "Error:%s" % ex # raise ex return Response("ERROR")
def user(self): return get_user(self.request)
def user(self): # pragma: no cover return get_user(self.request)
def _safe_get_user(request): try: return get_user(request) except DetachedInstanceError: # XXX need to understand what's happening return not None