Exemple #1
0
def edit_blog(slug):
    try:
        blog = sqla.session.query(sqlm.Blog).filter_by(slug=slug)[0]
    except IndexError:
        sqla.session.rollback()
        return abort(404)

    if current_user != blog.author:
        if not current_user.is_admin and not current_user.is_mod:
            if current_user not in blog.editors:
                return abort(404)

    form = BlogSettingsForm(csrf_enabled=False)
    if form.validate_on_submit():
        blog.name = form.title.data
        cleaner = ForumHTMLCleaner()
        try:
            blog.description = cleaner.clean(form.description.data)
        except:
            return abort(500)
        blog.privacy_setting = form.privacy_setting.data
        sqla.session.add(blog)
        sqla.session.commit()
        return redirect("/blog/" + str(blog.slug))
    else:
        form.description.data = blog.description
        form.privacy_setting.data = blog.privacy_setting
        form.title.data = blog.name

    return render_template("blogs/edit_blog.jade",
                           form=form,
                           blog=blog,
                           page_title="Edit Blog - %s" %
                           (app.get_site_config("core.site-name"), ))
Exemple #2
0
def edit_gallery_image(slug):
    request_json = request.get_json(force=True)

    try:
        character = sqla.session.query(sqlm.Character).filter_by(slug=slug.strip().lower())[0]
    except IndexError:
        return abort(404)

    if current_user != character.author and not current_user.is_admin:
        return abort(404)

    try:
        attachment = sqla.session.query(sqlm.Attachment).filter_by(id=request_json["pk"])[0]
    except IndexError:
        return abort(404)

    if attachment.character != character:
        return abort(404)

    cleaner = ForumHTMLCleaner()

    attachment.caption=cleaner.basic_escape(request_json.get("author", ""))
    attachment.alt=cleaner.basic_escape(request_json.get("caption", ""))
    attachment.origin_url=cleaner.basic_escape(request_json.get("source", ""))

    sqla.session.add(attachment)
    sqla.session.commit()

    return app.jsonify(success=True)
Exemple #3
0
def new_signature(login_name):
    try:
        user = sqla.session.query(
            sqlm.User).filter_by(my_url=login_name.strip().lower())[0]
    except IndexError:
        abort(404)

    if user != current_user:
        abort(404)

    form = NewSignature(csrf_enabled=False)
    if form.validate_on_submit():
        signature = sqlm.Signature()
        signature.name = form.name.data
        cleaner = ForumHTMLCleaner()
        signature.html = cleaner.clean(form.signature.data)
        signature.active = form.active.data
        signature.owner = user
        signature.owner_name = user.login_name
        signature.created = arrow.utcnow().datetime.replace(tzinfo=None)
        sqla.session.add(signature)
        sqla.session.commit()
        return redirect("/member/" + str(user.my_url) + "/signatures")

    return render_template("profile/new_signature.jade",
                           form=form,
                           profile=user,
                           page_title="New Signature - %s" %
                           (app.get_site_config("core.site-name"), ))
Exemple #4
0
def edit_signature(login_name, id):
    try:
        user = sqla.session.query(
            sqlm.User).filter_by(my_url=login_name.strip().lower())[0]
    except IndexError:
        abort(404)

    if user != current_user and not current_user.is_admin:
        abort(404)

    try:
        signature = sqla.session.query(sqlm.Signature).filter_by(id=id)[0]
    except IndexError:
        abort(404)

    form = NewSignature(csrf_enabled=False)
    if form.validate_on_submit():
        signature.name = form.name.data
        cleaner = ForumHTMLCleaner()
        signature.html = cleaner.clean(form.signature.data)
        signature.active = form.active.data
        sqla.session.add(signature)
        sqla.session.commit()
        return redirect("/member/" + str(user.my_url) + "/signatures")
    else:
        form.active.data = signature.active
        form.signature.data = signature.html
        form.name.data = signature.name

    return render_template("profile/edit_signature.jade",
                           form=form,
                           profile=user,
                           signature=signature,
                           page_title="Edit Signature - %s" %
                           (app.get_site_config("core.site-name"), ))
Exemple #5
0
def edit_profile(login_name):
    try:
        user = sqla.session.query(
            sqlm.User).filter_by(my_url=login_name.strip().lower())[0]
    except IndexError:
        abort(404)

    if current_user != user and not current_user.is_admin:
        abort(404)

    try:
        if len(request.form.get("about_me")) > 50000:
            return app.jsonify(error="Your profile text is too large.")
    except TypeError:
        pass

    if request.method == 'POST':
        cleaner = ForumHTMLCleaner()
        user.about_me = cleaner.clean(request.form.get("about_me"))
        sqla.session.add(user)
        sqla.session.commit()
        parser = ForumPostParser()
        # user.about_me = parser.parse(user.about_me)
        return json.jsonify(about_me=parser.parse(user.about_me, _object=user))
    else:
        return json.jsonify(content=user.about_me)
def status_update_replies(status):
    try:
        status = sqla.session.query(sqlm.StatusUpdate).filter_by(id=status)[0]
    except:
        return abort(404)

    request.canonical = app.config['BASE'] + "/status/%s" % (status, )

    if status.hidden == True and (current_user.is_admin != True
                                  or current_user.is_mod != True):
        return abort(404)

    cleaner = ForumHTMLCleaner()

    replies = []
    for reply in sqla.session.query(sqlm.StatusComment).filter_by(
            status=status, hidden=False).order_by(sqlm.StatusComment.created):
        parsed_reply = {}
        parsed_reply["text"] = cleaner.escape(reply.message)
        parsed_reply["user_name"] = reply.author.display_name
        parsed_reply["author_login_name"] = reply.author.my_url
        parsed_reply["user_avatar"] = reply.author.get_avatar_url("60")
        parsed_reply["user_avatar_x"] = reply.author.avatar_60_x
        parsed_reply["user_avatar_y"] = reply.author.avatar_60_y
        parsed_reply["is_admin"] = current_user.is_admin
        parsed_reply["time"] = humanize_time(reply.created)
        parsed_reply["idx"] = reply.id
        replies.append(parsed_reply)

    return app.jsonify(replies=replies, count=status.get_comment_count())
Exemple #7
0
def edit_post_in_pm_topic(pk):
    try:
        topic = sqla.session.query(sqlm.PrivateMessage).filter_by(id=pk)[0]
    except IndexError:
        return abort(404)

    try:
        pm_user = sqla.session.query(sqlm.PrivateMessageUser).filter_by(
            pm=topic, author=current_user)[0]
    except IndexError:
        return abort(404)

    request_json = request.get_json(force=True)

    try:
        message = sqla.session.query(sqlm.PrivateMessageReply).filter_by(
            id=request_json.get("pk"), pm=topic)[0]
    except IndexError:
        return abort(404)

    if current_user != message.author:
        return abort(404)

    if request_json.get("text", "").strip() == "":
        return app.jsonify(error="Your post is empty.")

    if len(request_json.get("text", "")) > 50000:
        return app.jsonify(error="Your post is too large.")

    cleaner = ForumHTMLCleaner()
    try:
        post_html = cleaner.clean(request_json.get("post", ""))
    except:
        return abort(500)

    message.message = post_html
    message.modified = arrow.utcnow().datetime

    sqla.session.add(message)
    sqla.session.commit()

    clean_html_parser = ForumPostParser()
    return app.jsonify(html=clean_html_parser.parse(message.message,
                                                    _object=message),
                       success=True)
Exemple #8
0
def edit_blog_comment(slug, entry_slug, comment_id):
    try:
        blog = sqla.session.query(sqlm.Blog).filter_by(slug=slug)[0]
    except IndexError:
        sqla.session.rollback()
        return abort(404)

    try:
        entry = sqla.session.query(sqlm.BlogEntry).filter_by(
            blog=blog, slug=entry_slug)[0]
    except IndexError:
        sqla.session.rollback()
        return abort(404)

    try:
        comment = sqla.session.query(sqlm.BlogComment).filter_by(
            blog=blog, id=comment_id, blog_entry=entry)[0]
    except IndexError:
        sqla.session.rollback()
        return abort(404)

    if current_user != comment.author:
        return abort(404)

    form = BlogCommentForm(csrf_enabled=False)
    if form.validate_on_submit():
        cleaner = ForumHTMLCleaner()
        try:
            comment.html = cleaner.clean(form.comment.data)
        except:
            return abort(500)
        sqla.session.add(comment)
        sqla.session.commit()
        return redirect("/blog/" + str(blog.slug) + "/e/" + str(entry_slug))
    else:
        form.comment.data = comment.html

    return render_template("blogs/edit_blog_entry_comment.jade",
                           form=form,
                           blog=blog,
                           entry=entry,
                           comment=comment,
                           page_title="Edit Blog Comment - %s" %
                           (app.get_site_config("core.site-name"), ))
Exemple #9
0
def new_blog():
    form = BlogSettingsForm(csrf_enabled=False)
    if form.validate_on_submit():
        b = sqlm.Blog()
        b.name = form.title.data
        cleaner = ForumHTMLCleaner()
        try:
            b.description = cleaner.clean(form.description.data)
        except:
            return abort(500)
        b.privacy_setting = form.privacy_setting.data
        b.slug = sqlm.find_blog_slug(b.name)
        b.author = current_user
        sqla.session.add(b)
        sqla.session.commit()
        return redirect("/blog/" + str(b.slug))

    return render_template("blogs/create_new_blog.jade",
                           form=form,
                           page_title="New Blog - %s" %
                           (app.get_site_config("core.site-name"), ))
Exemple #10
0
def create_character():
    form = CharacterForm(csrf_enabled=False)
    if form.validate_on_submit():
        cleaner = ForumHTMLCleaner()
        try:
            name = cleaner.basic_escape(form.name.data)
        except:
            return abort(500)
        try:
            species = cleaner.basic_escape(form.species.data)
        except:
            return abort(500)
        try:
            motto = cleaner.basic_escape(form.motto.data)
        except:
            return abort(500)
        try:
            age = cleaner.basic_escape(form.age.data)
        except:
            return abort(500)

        character = sqlm.Character()
        character.age = form.age.data
        character.species =form.species.data
        character.name = form.name.data
        character.motto = form.motto.data
        character.appearance = form.appearance.data
        character.personality = form.personality.data
        character.backstory = form.backstory.data
        character.other = form.other.data
        character.created = arrow.utcnow().datetime.replace(tzinfo=None)
        character.post_count = 0
        character.slug = sqlm.get_character_slug(character.name)
        character.author = current_user
        sqla.session.add(character)
        sqla.session.commit()
        return redirect("/characters/"+str(character.slug))
    else:
        pass

    return render_template("roleplay/new_character.jade", form=form, page_title="Create a Character - %s" % (app.get_site_config("core.site-name"),))
def make_status_update_reply(status):
    try:
        status = sqla.session.query(sqlm.StatusUpdate).filter_by(id=status)[0]
    except:
        return abort(404)

    if status.hidden == True and (current_user.is_admin != True
                                  or current_user.is_mod != True):
        return abort(404)

    if status.muted and current_user != status.author:
        return app.jsonify(error="This status update is silenced. Shhh!")

    if (current_user in [u.ignoring for u in status.author.ignored_users
                         ]) and not current_user.is_admin:
        return app.jsonify(error="User has blocked you.")

    try:
        if not (current_user.is_admin or current_user.is_mod) and \
                (sqla.session.query(sqlm.StatusUpdateUser). \
                filter_by(status=status, author=current_user)[0].blocked):
            return app.jsonify(
                error="You have been blocked from this status update.")
    except IndexError:
        pass

    if status.locked:
        return app.jsonify(error="This status update is locked.")

    if status.get_comment_count() > 199:
        return app.jsonify(error="This status update is full!")

    request_json = request.get_json(force=True)

    if request_json.get("reply", "").strip() == "":
        return app.jsonify(error="Your status update is empty.")

    if len(request_json.get("reply", "")) > 1000:
        return app.jsonify(error="Your status update is too long.")

    cleaner = ForumHTMLCleaner()
    try:
        cleaner.escape(request_json.get("reply", ""))
    except:
        return abort(500)

    _html = request_json.get("reply", "").strip()

    user_last_comment = False
    for comment in status.comments:
        if comment.author == current_user:
            user_last_comment = comment
    if user_last_comment:
        difference = (arrow.utcnow().datetime -
                      arrow.get(user_last_comment.created).datetime).seconds
        if difference < 2:
            return app.jsonify(
                error="Please wait %s seconds before you can reply again." %
                (2 - difference))

    sc = sqlm.StatusComment()
    sc.created = arrow.utcnow().datetime.replace(tzinfo=None)
    sc.message = _html
    sc.author = current_user
    sc.status = status

    sqla.session.add(sc)
    sqla.session.commit()

    status.replies = status.get_comment_count()
    status.last_replied = arrow.utcnow().datetime.replace(tzinfo=None)

    sqla.session.add(status)
    sqla.session.commit()

    if not current_user in status.participants:
        status.participants.append(current_user)

    clean_html_parser = ForumPostParser()
    parsed_reply = {}
    parsed_reply["text"] = cleaner.escape(sc.message)
    parsed_reply["user_name"] = sc.author.display_name
    parsed_reply["user_avatar"] = sc.author.get_avatar_url("60")
    parsed_reply["user_avatar_x"] = sc.author.avatar_60_x
    parsed_reply["author_login_name"] = sc.author.my_url
    parsed_reply["user_avatar_y"] = sc.author.avatar_60_y
    parsed_reply["time"] = humanize_time(sc.created)

    send_notify_to_users = []
    exclude_from_mention = []
    for user in sqla.session.query(
            sqlm.StatusUpdateUser).filter_by(status=status).all():
        if user.author == current_user:
            exclude_from_mention.append(user.author.id)
            continue

        if user.ignoring:
            exclude_from_mention.append(user.author.id)
            continue

        if user.author == status.author:
            exclude_from_mention.append(user.author.id)
            continue

        send_notify_to_users.append(user.author)
        exclude_from_mention.append(user.author.id)

    broadcast(to=send_notify_to_users,
              category="status",
              url="/status/" + str(status.id),
              title="replied to %s's status update" %
              (str(status.author.display_name), ),
              description=status.message,
              content=status,
              author=current_user)

    try:
        status_user = sqla.session.query(sqlm.StatusUpdateUser).filter_by(
            status=status, author=status.author)[0]
    except IndexError:
        status_user = None

    if current_user != status.author:
        if status_user == None:
            broadcast(to=[status.author],
                      category="status",
                      url="/status/" + str(status.id),
                      title="replied to your status update",
                      description=status.message,
                      content=status,
                      author=current_user)
        else:
            if not status_user.ignoring:
                broadcast(to=[status.author],
                          category="status",
                          url="/status/" + str(status.id),
                          title="replied to your status update",
                          description=status.message,
                          content=status,
                          author=current_user)

    scan_status_for_mentions(sc, exclude_from_mention, is_reply=True)

    return app.jsonify(newest_reply=parsed_reply,
                       count=status.get_comment_count(),
                       success=True)
def status_update_index():
    count = session.get("count", 15)
    authors = session.get("authors", [])
    search = session.get("search", "")

    if request.method == 'POST':
        request_json = request.get_json(force=True)

        count = int(request_json.get("count", 15))
        if count > 1000:
            count = 1000
        session["count"] = count

        search = request_json.get("search", "")[0:100]
        session["search"] = search

        if request_json.get("authors"):
            author_objects = list(
                        sqla.session.query(sqlm.User) \
                            .filter(sqlm.User.id.in_(request_json.get("authors"))) \
                            .all()
                    )
            session["authors"] = [{
                "id": a.id,
                "text": a.display_name
            } for a in author_objects]
            authors = [{
                "id": a.id,
                "text": a.display_name
            } for a in author_objects]

    query_ = sqla.session.query(sqlm.StatusUpdate).filter_by(hidden=False)
    if authors:
        query_ = query_.filter(
            sqlm.StatusUpdate.author_id.in_([a["id"] for a in authors]))
    status_updates = parse_search_string(search, sqlm.StatusUpdate, query_, [
        "message",
    ]).order_by(sqla.desc(sqlm.StatusUpdate.created))[:count]

    cleaner = ForumHTMLCleaner()

    if request.method == 'POST':
        parsed_statuses = []
        for status in status_updates:
            parsed_status = {}

            parsed_status["_id"] = status.id
            parsed_status["profile_address"] = url_for(
                'view_profile', login_name=status.author.my_url)
            parsed_status["user_name"] = status.author.display_name
            parsed_status["message"] = cleaner.escape(status.message)
            parsed_status["user_avatar"] = status.author.get_avatar_url("60")
            if status.attached_to_user != None:
                parsed_status[
                    "attached_to_user"] = status.attached_to_user.display_name
                parsed_status["attached_to_user_url"] = url_for(
                    'view_profile', login_name=status.attached_to_user.my_url)
            else:
                parsed_status["attached_to_user"] = False
            parsed_status["user_avatar_x"] = status.author.avatar_60_x
            parsed_status["user_avatar_y"] = status.author.avatar_60_y
            parsed_status["created"] = humanize_time(status.created)
            parsed_status["comment_count"] = status.get_comment_count()
            parsed_statuses.append(parsed_status)
        return app.jsonify(status_updates=parsed_statuses)
    else:
        return render_template("core/status_index.jade",
                               page_title="Status Updates - %s" %
                               (app.get_site_config("core.site-name"), ),
                               status_updates=status_updates,
                               count=count,
                               search=search,
                               authors=json.dumps(authors))
Exemple #13
0
def new_message_in_pm_topic(pk):
    try:
        topic = sqla.session.query(sqlm.PrivateMessage).filter_by(id=pk)[0]
    except IndexError:
        return abort(404)

    try:
        pm_user = sqla.session.query(sqlm.PrivateMessageUser).filter_by(
            pm=topic, author=current_user)[0]
    except IndexError:
        return abort(404)

    difference = (arrow.utcnow().datetime -
                  arrow.get(topic.last_reply.created).datetime).seconds
    if difference < 10 and topic.last_reply.author == current_user:
        return app.jsonify(
            error="Please wait %s seconds before you can reply again." %
            (10 - difference))

    request_json = request.get_json(force=True)

    if len(request_json.get("text", "")) > 50000:
        return app.jsonify(error="Your post is too large.")

    if request_json.get("text", "").strip() == "":
        return app.jsonify(error="Your post is empty.")

    non_left_or_blocked_users = sqla.session.query(
        sqlm.PrivateMessageUser).filter_by(pm=topic,
                                           exited=False,
                                           blocked=False).count()

    if non_left_or_blocked_users == 1:
        return app.jsonify(
            error=
            "There is only one participant in this private message. Don't talk to yourself. :)"
        )

    cleaner = ForumHTMLCleaner()
    try:
        post_html = cleaner.clean(request_json.get("post", ""))
    except:
        return abort(500)

    message = sqlm.PrivateMessageReply()
    message.message = post_html
    message.author = current_user
    message.created = arrow.utcnow().datetime.replace(tzinfo=None)
    message.pm = topic
    message.pm_title = topic.title
    sqla.session.add(message)
    sqla.session.commit()

    topic.last_reply = message
    topic.count = topic.count + 1
    sqla.session.add(topic)
    sqla.session.commit()

    clean_html_parser = ForumPostParser()
    parsed_post = {}
    parsed_post["created"] = humanize_time(message.created, "MMM D YYYY")
    parsed_post["modified"] = humanize_time(message.modified, "MMM D YYYY")
    parsed_post["html"] = clean_html_parser.parse(message.message,
                                                  _object=message)
    parsed_post["user_avatar"] = message.author.get_avatar_url()
    parsed_post["user_avatar_x"] = message.author.avatar_full_x
    parsed_post["user_avatar_y"] = message.author.avatar_full_y
    parsed_post["user_avatar_60"] = message.author.get_avatar_url("60")
    parsed_post["user_avatar_x_60"] = message.author.avatar_60_x
    parsed_post["user_avatar_y_60"] = message.author.avatar_60_y
    parsed_post["user_title"] = message.author.title
    parsed_post["_id"] = message.id
    parsed_post["author_name"] = message.author.display_name
    parsed_post["author_login_name"] = message.author.my_url
    parsed_post["author_actual_login_name"] = message.author.login_name
    post_count = sqla.session.query(
        sqlm.PrivateMessageReply).filter_by(pm=topic).count()

    notify_users = []
    for u in sqla.session.query(sqlm.PrivateMessageUser).filter_by(pm=topic):
        if u.author == message.author:
            continue
        if u.exited or u.blocked or u.ignoring:
            continue
        notify_users.append(u.author)

    broadcast(to=notify_users,
              category="pm",
              url="/messages/%s/page/1/post/%s" %
              (str(topic.id), str(message.id)),
              title="replied to %s" % (str(topic.title)),
              description=message.message,
              content=topic,
              author=message.author)

    return app.jsonify(newest_post=parsed_post, count=post_count, success=True)
Exemple #14
0
def new_blog_entry(slug):
    try:
        blog = sqla.session.query(sqlm.Blog).filter_by(slug=slug)[0]
    except IndexError:
        sqla.session.rollback()
        return abort(404)

    if current_user != blog.author:
        if current_user not in blog.editors:
            return abort(404)

    form = BlogEntryForm(csrf_enabled=False)
    if form.validate_on_submit():
        e = sqlm.BlogEntry()
        e.blog = blog
        e.title = form.title.data
        e.author = current_user
        e.slug = sqlm.find_blog_entry_slug(e.title, blog)
        e.draft = form.draft.data
        cleaner = ForumHTMLCleaner()
        try:
            e.html = cleaner.clean(form.entry.data)
        except:
            return abort(500)
        e.created = arrow.utcnow().datetime.replace(tzinfo=None)
        if e.draft == False:
            e.published = arrow.utcnow().datetime.replace(tzinfo=None)
        e.b_title = blog.name
        sqla.session.add(e)
        sqla.session.commit()
        entry = e

        if e.draft == False:
            blog.recent_entry = e
            sqla.session.add(blog)
            sqla.session.commit()

            for subscriber in blog.subscribers:
                e.subscribers.append(subscriber)
            sqla.session.add(e)
            sqla.session.commit()

            if entry.author != blog.author:
                broadcast(to=[
                    blog.author,
                ],
                          category="blog",
                          url="""/blog/%s/e/%s""" % (slug, entry.slug),
                          title="posted %s on blog %s" %
                          (str(entry.title), str(blog.name)),
                          description=entry.html,
                          content=entry,
                          author=current_user)

            _to_notify = []
            for u in blog.subscribers:
                if u.id != current_user.id:
                    _to_notify.append(u)

            mentions = mention_re.findall(e.html)
            to_notify_m = {}
            for mention in mentions:
                try:
                    to_notify_m[mention] = sqla.session.query(
                        sqlm.User).filter_by(login_name=mention)[0]
                except:
                    continue

            broadcast(to=list(to_notify_m.values()),
                      category="mention",
                      url="""/blog/%s/e/%s""" % (slug, entry.slug),
                      title="mentioned you in blog %s" % (str(entry.title)),
                      description=e.html,
                      content=e,
                      author=e.author)

            if len(_to_notify) > 0:
                broadcast(to=_to_notify,
                          category="blog",
                          url="""/blog/%s/e/%s""" % (slug, entry.slug),
                          title="posted %s on blog %s" %
                          (str(entry.title), str(blog.name)),
                          description=entry.html,
                          content=entry,
                          author=current_user)
        return redirect("/blog/" + str(blog.slug))

    return render_template("blogs/new_blog_entry.jade",
                           form=form,
                           blog=blog,
                           page_title="New Blog Entry - %s" %
                           (app.get_site_config("core.site-name"), ))
Exemple #15
0
def character_edit_profile(slug):
    try:
        character = sqla.session.query(sqlm.Character).filter_by(slug=slug.strip().lower())[0]
    except IndexError:
        return abort(404)

    if current_user != character.author and not current_user.is_admin:
        return abort(404)

    form = CharacterForm(csrf_enabled=False)
    if form.validate_on_submit():
        cleaner = ForumHTMLCleaner()
        try:
            name = form.name.data
        except:
            return abort(500)
        try:
            species = form.species.data
        except:
            return abort(500)
        try:
            motto = form.motto.data
        except:
            return abort(500)
        try:
            age = form.age.data
        except:
            return abort(500)

        c = {
                "author": current_user.id,
                "created": str(arrow.utcnow().datetime),
                "data": {
                        "age": character.age+"",
                        "species": character.species+"",
                        "name": character.name+"",
                        "motto": character.motto+"",
                        "appearance": character.appearance+"",
                        "personality": character.personality+"",
                        "backstory": character.backstory+"",
                        "other": character.other+""
                }
            }

        if character.character_history == None:
            character.character_history = []
        character.character_history.append(c)

        character.age = form.age.data
        character.species =form.species.data
        character.name = form.name.data
        character.motto = form.motto.data
        character.appearance = form.appearance.data
        character.personality = form.personality.data
        character.backstory = form.backstory.data
        character.other = form.other.data

        sqla.session.add(character)
        sqla.session.commit()

        return redirect("/characters/"+str(character.slug))
    else:
        form.name.data = character.name
        if character.age != None:
            form.age.data = character.age
        if character.species != None:
            form.species.data = character.species
        if character.motto != None:
            form.motto.data = character.motto
        if character.appearance != None:
            form.appearance.data = character.appearance
        if character.personality != None:
            form.personality.data = character.personality
        if character.backstory != None:
            form.backstory.data = character.backstory
        if character.other != None:
            form.other.data = character.other

    return render_template("roleplay/edit_character_profile.jade", character=character, form=form, page_title="Editing %s - Character Database - %s" % (str(character.name),app.get_site_config("core.site-name")))
Exemple #16
0
def edit_blog_entry(slug, entry_slug):
    try:
        blog = sqla.session.query(sqlm.Blog).filter_by(slug=slug)[0]
    except IndexError:
        sqla.session.rollback()
        return abort(404)

    if current_user != blog.author:
        if current_user not in blog.editors:
            return abort(404)

    try:
        e = sqla.session.query(sqlm.BlogEntry).filter_by(blog=blog,
                                                         slug=entry_slug)[0]
    except IndexError:
        sqla.session.rollback()
        return abort(404)

    already_published = not e.draft

    form = BlogEntryForm(csrf_enabled=False)
    if form.validate_on_submit():
        e.title = form.title.data
        if current_user != e.author:
            e.editor = current_user
        e.draft = form.draft.data
        cleaner = ForumHTMLCleaner()
        try:
            e.html = cleaner.clean(form.entry.data)
        except:
            return abort(500)

        if e.draft == False and already_published == False:
            e.published = arrow.utcnow().datetime.replace(tzinfo=None)
            recent_entry = True

            for subscriber in blog.subscribers:
                e.subscribers.append(subscriber)
            sqla.session.add(e)
            sqla.session.commit()
        else:
            recent_entry = False
        e.b_title = blog.name
        sqla.session.add(e)
        sqla.session.commit()

        if recent_entry:
            blog.recent_entry = e
            sqla.session.add(blog)
            sqla.session.commit()
        return redirect("/blog/" + str(blog.slug))
    else:
        form.draft.data = e.draft
        form.title.data = e.title
        form.entry.data = e.html

    return render_template("blogs/edit_blog_entry.jade",
                           form=form,
                           blog=blog,
                           entry=e,
                           page_title="Edit Blog Entry - %s" %
                           (app.get_site_config("core.site-name"), ))
def create_new_status(target):
    request_json = request.get_json(force=True)
    attached_to_user = False

    if target:
        try:
            target_user = sqla.session.query(
                sqlm.User).filter_by(login_name=target)[0]
            if target_user == current_user:
                return app.jsonify(error="No talking to yourself.")

            if (current_user in [
                    u.ignoring for u in target_user.ignored_users
            ]) and not current_user.is_admin:
                return app.jsonify(error="User has blocked you.")

            attached_to_user = target_user
        except IndexError:
            target_user = None
    else:
        target_user = None

    if len(request_json.get("message", "").strip()) == 0:
        return app.jsonify(error="Your status update is empty.")

    if len(request_json.get("message", "")) > 1000:
        return app.jsonify(error="Your status update is too long.")

    cleaner = ForumHTMLCleaner()
    # try:
    cleaner.escape(request_json.get("message", "").strip())
    # except:
    #     return abort(500)

    _html = request_json.get("message", "").strip()

    status = sqlm.StatusUpdate()
    if attached_to_user:
        status.attached_to_user = attached_to_user
        status.participants.append(attached_to_user)
    status.author = current_user
    status.message = _html
    status.participants.append(status.author)
    status.created = arrow.utcnow().datetime.replace(tzinfo=None)
    status.replies = 0
    sqla.session.add(status)
    sqla.session.commit()

    if target_user:
        send_notify_to_users = []
        broadcast(to=[
            target_user,
        ],
                  category="profile_comment",
                  url="/status/" + str(status.id),
                  title="commented on your profile",
                  description=status.message,
                  content=status,
                  author=status.author)
    else:
        send_notify_to_users = []
        for user in status.author.followed_by():
            if target_user:
                if user == target_user:
                    continue
            send_notify_to_users.append(user)

        broadcast(to=send_notify_to_users,
                  category="user_activity",
                  url="/status/" + str(status.id),
                  title="created a status update",
                  description=status.message,
                  content=status,
                  author=status.author)

    exclude_from_mention = [u.id for u in send_notify_to_users]
    if target_user:
        exclude_from_mention.append(target_user.id)

    scan_status_for_mentions(status, exclude_from_mention, is_reply=False)

    return app.jsonify(url="/status/" + str(status.id))
Exemple #18
0
def create_blog_comment(slug, entry_slug, page):
    try:
        blog = sqla.session.query(sqlm.Blog).filter_by(slug=slug)[0]
    except IndexError:
        sqla.session.rollback()
        return abort(404)

    try:
        page = int(page)
    except:
        return abort(500)

    if blog.privacy_setting == "you" and current_user != blog.author:
        return abort(404)
    elif blog.privacy_setting == "editors" and (
            current_user != blog.author and current_user not in blog.editors):
        return abort(404)
    elif blog.privacy_setting == "members" and not current_user.is_authenticated:
        return abort(404)

    try:
        entry = sqla.session.query(
            sqlm.BlogEntry).filter_by(slug=entry_slug)[0]
    except IndexError:
        sqla.session.rollback()
        return abort(404)

    if (current_user in [u.ignoring for u in entry.author.ignored_users
                         ]) and not current_user.is_admin:
        return app.jsonify(error="You cannot comment on this entry.")

    request_json = request.get_json(force=True)

    if request_json.get("text", "").strip() == "":
        return app.jsonify(no_content=True)

    if len(request_json.get("text", "")) > 50000:
        return app.jsonify(error="Your comment is too large.")

    cleaner = ForumHTMLCleaner()
    try:
        post_html = cleaner.clean(request_json.get("post", ""))
    except:
        return abort(500)

    new_blog_comment = sqlm.BlogComment()
    new_blog_comment.blog_entry = entry
    new_blog_comment.blog = blog
    new_blog_comment.author = current_user
    new_blog_comment.html = post_html
    new_blog_comment.created = arrow.utcnow().datetime.replace(tzinfo=None)
    new_blog_comment.hidden = False
    new_blog_comment.b_e_title = entry.title
    sqla.session.add(new_blog_comment)
    sqla.session.commit()

    max_pages = int(math.ceil(float(entry.comment_count()) / 10.0))
    e = entry

    replies = reply_re.findall(new_blog_comment.html)
    to_notify = {}
    for reply_ in replies:
        try:
            to_notify[reply_] = sqla.session.query(
                sqlm.BlogComment).filter_by(id=reply_[0])[0].author
        except:
            continue

    broadcast(to=list(to_notify.values()),
              category="topic_reply",
              url="""/blog/%s/e/%s""" % (slug, entry.slug),
              title="replied to you in %s" % (str(entry.title)),
              description=new_blog_comment.html,
              content=new_blog_comment,
              author=new_blog_comment.author)

    mentions = mention_re.findall(new_blog_comment.html)
    to_notify_m = {}
    for mention in mentions:
        try:
            to_notify_m[mention] = sqla.session.query(
                sqlm.User).filter_by(login_name=mention)[0]
        except:
            continue

    broadcast(to=list(to_notify_m.values()),
              category="mention",
              url="""/blog/%s/e/%s""" % (slug, entry.slug),
              title="mentioned you in a comment on %s" % (str(entry.title)),
              description=new_blog_comment.html,
              content=new_blog_comment,
              author=new_blog_comment.author)

    broadcast(to=[
        entry.author,
    ],
              category="blogcomments",
              url="""/blog/%s/e/%s/page/%s#comments""" %
              (slug, entry_slug, max_pages),
              title="commented on your blog entry %s" % (str(entry.title)),
              description=new_blog_comment.html,
              content=new_blog_comment,
              author=current_user)

    if entry.author != blog.author:
        broadcast(to=[
            blog.author,
        ],
                  category="blogcomments",
                  url="""/blog/%s/e/%s/page/%s#comments""" %
                  (slug, entry_slug, max_pages),
                  title="commented on blog entry %s" % (str(entry.title)),
                  description=new_blog_comment.html,
                  content=new_blog_comment,
                  author=current_user)

    _to_notify = []
    for u in entry.subscribers:
        if u.id != current_user.id:
            _to_notify.append(u)

    if len(_to_notify) > 0:
        broadcast(to=_to_notify,
                  category="blogcomments",
                  url="""/blog/%s/e/%s/page/%s#comments""" %
                  (slug, entry_slug, max_pages),
                  title="commented on %s's blog entry %s" %
                  (str(entry.author.display_name), str(entry.title)),
                  description=new_blog_comment.html,
                  content=new_blog_comment,
                  author=current_user)

    return app.jsonify(success=True,
                       url="""/blog/%s/e/%s/page/%s""" %
                       (slug, entry_slug, max_pages))
Exemple #19
0
    def parse(self, html, strip_images=False, _object=False):
        cleaner = ForumHTMLCleaner()

        try:
            _content_owner = _object.author
        except AttributeError:
            try:
                _content_owner = _object.owner
            except AttributeError:
                if type(_object) == sqlm.User:
                    _content_owner = _object
                else:
                    _content_owner = False

        _mangled_html_image_links = []
        all_html_image_links = html_img_re.findall(html)
        for i, _html_image_link in enumerate(all_html_image_links):
            _mangled_html_image_links.append(
                ["mangled-img-%s" % i, _html_image_link])
            html = html.replace(_html_image_link, "mangled-img-%s" % i, 1)

        _mangled_html_links = []
        all_html_links = href_re.findall(html)
        for i, _html_link in enumerate(all_html_links):
            _mangled_html_links.append(["mangled-%s" % i, _html_link[0]])
            html = html.replace(_html_link[0], "mangled-%s" % i, 1)

        mentions = mention_re.findall(html)
        for mention in mentions:
            user = app.login_name_exists(mention)
            if user:
                html = html.replace(
                    "[@%s]" % str(mention),
                    """<a href="/member/%s" class="hover_user">@%s</a>""" %
                    (user["my_url"], user["display_name"]), 1)
            else:
                html = html.replace("[@%s]" % str(mention), "", 1)

        if not current_user.no_images:
            emoticon_codes = sqlm.get_local_smilies()
            for smiley in emoticon_codes:
                img_html = """<img src="%s" />""" % (os.path.join(
                    "/static/smilies", smiley["filename"]), )
                html = html.replace(":" + smiley["code"] + ":", img_html)

        html = bbcode_parser.format(html,
                                    strip_images=strip_images,
                                    content_owner=_content_owner)

        for _code, _html in _mangled_html_links:
            html = html.replace(_code, _html, 1)

        for _code, _html in _mangled_html_image_links:
            html = html.replace(_code, _html, 1)

        if current_user.no_images:
            for plain_jane_image in raw_image_re.findall(html):
                html = html.replace(
                    "%s" % plain_jane_image[0],
                    """<a href="%s" target="_blank">View External Image : <br>%s.</a>"""
                    % (plain_jane_image[1], plain_jane_image[1]))

        if (app.get_site_config("core.swear-filter-default") == "yes"
                and not current_user.is_authenticated) or (
                    current_user.is_authenticated
                    and current_user.swear_filter == True):
            swear_words_to_filter = sqlm.get_swear_filters()
            for w in swear_words_to_filter:
                html = re.subn(re.escape(w),
                               "****",
                               html,
                               count=0,
                               flags=re.IGNORECASE)[0]

        return "<div class=\"parsed\">" + html + "</div>"