def _extract_article_sub(request, article):
"""
Extract placeholders substitution strings from the article object
"""
article_url = h.article_url(request, article)
res = {
'article_title': article.title,
'article_url': article_url
}
return res
def latest_rss(request):
"""
Create rss feed with the latest published articles and return them as the atom feed
"""
_ = request.translate
dbsession = DBSession()
q = dbsession.query(Article).options(joinedload('tags'))\
.options(joinedload('user'))\
.filter(Article.is_draft==False).order_by(Article.updated.desc())
articles = q[0:10]
rss_title = get_config('site_title') + ' - ' + _('Latest articles feed')
site_base_url = get_config('site_base_url')
items = []
'''
feed = Rss201rev2Feed(
title=rss_title,
link=site_base_url,
description='',
language='en')
'''
for a in articles:
link = h.article_url(request, a)
tags_list = []
for t in a.tags:
tags_list.append(t.tag)
items.append(RSSItem(title=a.title, link=link, description=a.rendered_preview, pubDate=h.timestamp_to_dt(a.published),
guid=str(a.id)))
feed = RSS2(
title=rss_title,
link=site_base_url,
description='',
items=items
)
response = Response(body=feed.to_xml(encoding='utf-8'), content_type='application/rss+xml')
return response
def view_article(request):
shortcut_date = request.matchdict['shortcut_date']
shortcut = request.matchdict['shortcut']
dbsession = DBSession()
q = dbsession.query(Article).filter(Article.shortcut_date == shortcut_date)\
.filter(Article.shortcut == shortcut)
user = request.user
if not user.has_role('editor'):
q = q.filter(Article.is_draft==False)
article = q.first()
if article is None:
return HTTPNotFound()
if 'commentid' in request.GET:
# redirect to comment URL, this trick is required because some
# browsers don't reload page after changing page anchor (e.g. http://example.com/index#abc)
comment_url = h.article_url(request, article) + '#comment-' + request.GET['commentid']
return HTTPFound(location=comment_url)
return _view_article(request, article=article)
def _extract_comment_sub(request, comment):
"""
Extract placeholders substitution strings from the comment object
"""
author_name = comment.display_name
author_email = comment.email
if comment.user is not None:
author_name = comment.user.display_name
author_email = comment.user.email
# construct comment link
article = comment.article
comment_url = h.article_url(request, article) + '#comment-' + str(comment.id)
comment_date = h.timestamp_to_str(comment.published)
res = {
'comment_author_email': author_email,
'comment_author_name': author_name,
'comment_text': comment.body,
'comment_date': comment_date,
'comment_url': comment_url
}
return res
def add_article_comment_ajax(request):
_ = request.translate
article_id = int(request.matchdict['article_id'])
dbsession = DBSession()
q = dbsession.query(Article).filter(Article.id == article_id)
user = request.user
if not user.has_role('editor') or not user.has_role('admin'):
q = q.filter(Article.is_draft==False)
article = q.first()
if article is None or not article.is_commentable:
return HTTPNotFound()
if 's' not in request.POST:
return HTTPBadRequest()
json = {}
key = request.POST['s']
# all data elements are constructed from the string "key" as substrings
body_ind = key[3:14]
parent_ind = key[4:12]
display_name_ind = key[0:5]
email_ind = key[13:25]
website_ind = key[15:21]
is_subscribed_ind = key[19:27]
for ind in (body_ind, parent_ind, display_name_ind, email_ind, website_ind):
if ind not in request.POST:
return HTTPBadRequest()
body = request.POST[body_ind]
if len(body) == 0:
return {'error': _('Empty comment body is not allowed.')}
comment = Comment()
comment.set_body(body)
user = request.user
if user.kind != 'anonymous':
comment.user_id = user.id
else:
# get "email", "display_name" and "website" arguments
comment.display_name = request.POST[display_name_ind]
comment.email = request.POST[email_ind]
comment.website = request.POST[website_ind]
# remember email, display_name and website in browser cookies
request.response.set_cookie('comment_display_name', comment.display_name, max_age=31536000)
request.response.set_cookie('comment_email', comment.email, max_age=31536000)
request.response.set_cookie('comment_website', comment.website, max_age=31536000)
# set parent comment
parent_id = request.POST[parent_ind]
try:
parent_id = int(parent_id)
except ValueError:
parent_id = None
if parent_id:
parent = dbsession.query(Comment).filter(Comment.id == parent_id)\
.filter(Comment.article_id == article_id).first()
if parent is not None:
if not parent.is_approved:
#
data = { 'error': _('Answering to not approved comment')}
return json.dumps(data)
comment.parent_id = parent_id
comment.article_id = article_id
if is_subscribed_ind in request.POST:
comment.is_subscribed = True
# this list contains notifications
ns = []
# if user has subscribed to answer then check is his/her email verified
# if doesn't send verification message to the email
if is_subscribed_ind in request.POST:
vrf_email = ''
if user.kind != 'anonymous':
vrf_email = user.email
elif request.POST[email_ind]:
vrf_email = request.POST[email_ind]
vrf_email = normalize_email(vrf_email)
if vrf_email:
# email looks ok so proceed
send_evn = False
vf = dbsession.query(VerifiedEmail).filter(VerifiedEmail.email == vrf_email).first()
vf_token = ''
if vf is not None:
if not vf.is_verified:
diff = time() - vf.last_verify_date
#if diff > 86400:
if diff > 1:
# delay between verifications requests must be more than 24 hours
send_evn = True
vf.last_verify_date = time()
vf_token = vf.verification_code
else:
send_evn = True
vf = VerifiedEmail(vrf_email)
vf_token = vf.verification_code
dbsession.add(vf)
if send_evn:
ns.append(notifications.gen_email_verification_notification(request, vrf_email, vf_token))
request.response.set_cookie('is_subscribed', 'true' if comment.is_subscribed else 'false', max_age=31536000)
# automatically approve comment if user has role "admin", "writer" or "editor"
if user.has_role('admin') or user.has_role('writer') \
or user.has_role('editor'):
comment.is_approved = True
# TODO: also automatically approve comment if it's considered as safe:
# i.e. without hyperlinks, spam etc
# check how much hyperlinks in the body string
if len(re.findall('https?://', body, flags=re.IGNORECASE)) <= 1:
comment.is_approved = True
# record commenter ip address
comment.ip_address = request.environ.get('REMOTE_ADDR', 'unknown')
comment.xff_ip_address = request.environ.get('X_FORWARDED_FOR', None)
dbsession.add(comment)
_update_comments_counters(dbsession, article)
dbsession.flush()
dbsession.expunge(comment) # remove object from the session, object state is preserved
dbsession.expunge(article)
transaction.commit() # to delete, probably
# comment added, now send notifications
loop_limit = 100
comment = dbsession.query(Comment).get(comment.id)
parent = comment.parent
admin_email = get_config('admin_notifications_email')
vf_q = dbsession.query(VerifiedEmail)
notifications_emails = []
while parent is not None and loop_limit > 0:
loop_limit -= 1
c = parent
parent = c.parent
# walk up the tree
if not c.is_subscribed:
continue
# find email
email = None
if c.user is None:
email = c.email
else:
email = c.user.email
if email is None or email == admin_email:
continue
email = normalize_email(email)
if email in notifications_emails:
continue
vf = vf_q.filter(VerifiedEmail.email == email).first()
if vf is not None and vf.is_verified:
# send notification to "email"
ns.append(notifications.gen_comment_response_notification(request, article, comment, c, email))
admin_notifications_email = normalize_email(get_config('admin_notifications_email'))
for nfn in ns:
if nfn is None:
continue
if nfn.to == admin_notifications_email:
continue
nfn.send()
# create special notification for the administrator
nfn = notifications.gen_new_comment_admin_notification(request, article, comment)
if nfn is not None:
nfn.send()
# cosntruct comment_id
# we're not using route_url() for the article because stupid Pyramid urlencodes fragments
comment_url = h.article_url(request, article) + '?commentid=' + str(comment.id)
# return rendered comment
data = {
'body': comment.rendered_body,
'approved': comment.is_approved,
'id': comment.id,
'url': comment_url
}
return data
