def post(self, menu_identifier=None): if menu_identifier is None or not Menu.isRightIdentifier(menu_identifier): self.siteError( SiteErrorType.ERROR_MENU_NOT_EXIST ) return user = self.context['user'].get_current_user() if not user: self.redirect( users.create_login_url("/write/"+menu_identifier ) ) remote_addr = self.request.remote_addr if not remote_addr: self.siteError( getSiteErrorMessage("invalid_access") ) return self.context['menu_id'] = Menu.getMenuIdWithIdentifier( menu_identifier ) self.context['menu_label'] = Menu.getLabel( self.context['menu_id'] ) self.context['menu_identifier'] = menu_identifier if self.context['user'] and User.isUserNeedCaptcha( self.get_current_user() ): entry_form = EntryRecaptchaForm(remote_addr, data=self.request.POST) else: entry_form = EntryForm(data=self.request.POST) if entry_form.is_valid(): # insert # check user User.insertUser(user, remote_addr) menu_id = self.context['menu_id'] Entry.insert( entry_form.cleaned_data['title'], entry_form.cleaned_data['link'], entry_form.cleaned_data['content'], menu_id, user, remote_addr ) self.redirect("/list/"+Menu.getMenuIdentifier( menu_id) ) else: self.createCSRFToken() self.context['entry_form'] = entry_form self.render( "write.html" )
def post(self, index=None): if not self.context['user'].get_current_user(): self.siteError( SiteErrorType.ERROR_INVALID_ACCESS ) return self.context['index'] = index entry = Entry.get_entry( index ) if not entry or entry.is_removed: self.siteError( getSiteErrorMessage("entry_not_exist") ) return remote_addr = self.request.remote_addr if not remote_addr: self.siteError( getSiteErrorMessage("invalid_access") ) return user = self.context['user'].get_current_user() User.insertUser(user, remote_addr) if self.context['user'] and User.isUserNeedCaptcha( self.get_current_user() ): comment_form = CommentRecaptchaForm(self.request.remote_addr, data = self.request.POST) else: comment_form = CommentForm(data = self.request.POST) if comment_form.is_valid(): comment = Comment.insert(entry, comment_form.cleaned_data['content'], user, remote_addr) entry.comment_count = entry.comment_count + 1 entry.updated_on = datetime.datetime.now() entry.put() PagingCursorMasterKey.clearModelKey("Comment") self.redirect("/entry/%s#comment%d"%(index, comment.id())) else: self.createCSRFToken() self.context['entry'] = entry self.context['comment_form'] = comment_form self.render("view.html")
def createCSRFToken(self): if not self.context['user'].get_current_user(): return siteUser = User.getSiteUser( self.context['user'].get_current_user() ) if not siteUser: siteUser = User.insertUser( self.context['user'].get_current_user(), self.request.remote_addr ) m = hashlib.md5() # prepare salt if siteUser.last_write_on: m.update( siteUser.last_write_on.strftime("%Y/%m/%d %H:%M:%S.%f") ) else: m.update( siteUser.join_on.strftime("%Y/%m/%d %H:%M:%S.%f") ) m.update( str( siteUser.key().id() ) ) self.context['csrf_token'] = m.hexdigest() cookies = Cookies( self ) cookies['csrf_token'] = self.context['csrf_token']
def get(self, cursor=None): siteUser = User.getSiteUser( self.context['user'].get_current_user() ) if not siteUser: siteUser = User.insertUser(self.context['user'].get_current_user(), self.request.remote_addr ) self.context['siteUser'] = siteUser LIST_NUMS = 10 query = Entry.all() query.filter("site_user_id", User.getSiteUserId( self.context['user'].get_current_user() ) ) query.filter("is_removed", False ) query.order("-created_on") paging = Paging( query ) paging.setCurrentCursor( cursor ) paging.setLimit( LIST_NUMS ) paging.execute() self.context['paging'] = paging self.render("user.html")