def _check_security(self):
requirement = getattr(self, 'allow_only', None)
if requirement is None:
return True
if hasattr(requirement, 'predicate'):
# It is a full requirement, let it build the response
requirement._check_authorization()
return True
# It is directly a predicate, build the response ourselves
predicate = requirement
try:
predicate.check_authorization(tg.request.environ)
except NotAuthorizedError as e:
reason = unicode_text(e)
if hasattr(self, '_failed_authorization'):
# Should shortcircuit the rest, but if not we will still
# deny authorization
self._failed_authorization(reason)
if not_anonymous().is_met(tg.request.environ):
# The user is authenticated but not allowed.
code = 403
status = 'error'
else:
# The user has not been not authenticated.
code = 401
status = 'warning'
tg.response.status = code
flash(reason, status=status)
abort(code, comment=reason)
def _check_security(self):
requirement = getattr(self, 'allow_only', None)
if requirement is None:
return True
if hasattr(requirement, 'predicate'):
# It is a full requirement, let it build the response
requirement._check_authorization()
return True
# It is directly a predicate, build the response ourselves
predicate = requirement
try:
predicate.check_authorization(tg.request.environ)
except NotAuthorizedError as e:
reason = unicode_text(e)
if hasattr(self, '_failed_authorization'):
# Should shortcircuit the rest, but if not we will still
# deny authorization
self._failed_authorization(reason)
if not_anonymous().is_met(tg.request.environ):
# The user is authenticated but not allowed.
code = 403
status = 'error'
else:
# The user has not been not authenticated.
code = 401
status = 'warning'
tg.response.status = code
flash(reason, status=status)
abort(code, comment=reason)
def add_transaction(self, **values):
values["validation_status"] = request.validation
flash(values["validation_status"])
user = request.identity["user"]
transaction = Transaction(user=user)
transaction.amount = float(values["amount"])
transaction.date = RelativeDatetime.str2date(values["datetime"])
if values["foreign-currency-amount"]:
transaction.foreignCurrencyAmount = float(values["foreign-currency-amount"])
transaction.foreignCurrency = "EUR"
income_tags_names = Tag.get_names_from_str(values["income-tags"])
if income_tags_names:
transaction.incomeTagGroup = Tag.new_from_name_list(income_tags_names)
expense_tags_names = Tag.get_names_from_str(values["expense-tags"])
if expense_tags_names:
transaction.expenseTagGroup = Tag.new_from_name_list(income_tags_names)
db.add(transaction)
db.flush()
redirect("/transaction")
def default_denial_handler(self, reason):
"""Authorization denial handler for protectors."""
if response.status_int == 401:
status = 'warning'
else:
# Status is a 403
status = 'error'
flash(reason, status=status)
abort(response.status_int, reason)
def default_denial_handler(self, reason):
"""Authorization denial handler for protectors."""
status = 'warning' if response.status_int == 401 else 'error'
if not self.smart_denial:
flash(reason, status=status)
else:
if response.content_type not in ['application/json', 'text/xml']:
flash(reason, status=status)
abort(response.status_int, reason)
def default_denial_handler(self, reason):
"""Authorization denial handler for protectors."""
if response.status_int == 401:
status = 'warning'
else:
# Status is a 403
status = 'error'
flash(reason, status=status)
abort(response.status_int, reason)
def default_denial_handler(self, reason):
"""Authorization denial handler for protectors."""
status = 'warning' if response.status_int == 401 else 'error'
if not self.smart_denial:
flash(reason, status=status)
else:
if response.content_type not in ['application/json', 'text/xml']:
flash(reason, status=status)
abort(response.status_int, reason)
def save(self, **kw):
product = app_globals.shop.product.get(_id=kw.pop('product_id'))
bucket = self.photos.get_bucket()
kw['product_photos'] = bucket.photos
product_info = dict(name=kw.pop('name'), description=kw.pop('description'), weight=kw.pop('weight'),
categories_ids=kw.pop('categories_ids'),
product_photos=kw.pop('product_photos'))
del kw['photos']
app_globals.shop.product.edit(product, **product_info)
app_globals.shop.product.edit_configuration(product, 0, **kw)
flash(_('Product edited'))
return redirect(plug_url('stroller2', '/manage/product/index'))
def create(self, **kw):
user_id = tg.request.identity['user']._id
new_address = app_model.UserAddress(user_id=user_id,
shipping_address={
'receiver': kw.get('receiver'),
'address': kw.get('address'),
'city': kw.get('city'),
'province': kw.get('province'),
'state': kw.get('state'),
'country': kw.get('country'),
'zip': kw.get('zip'),
'details': kw.get('details')
})
image = app_model.AvatarImage(image=kw.get('image'),
address_id=new_address._id)
flash(_('User address created'))
return redirect(plug_url('stroller2', '/manage/address/index'))
def default_denial_handler(self, reason):
"""Authorization denial handler for protectors."""
passthrough_abort = False
if self.smart_denial:
response_type = response.content_type or request.response_type
if response_type in self.smart_denial:
# It's an API response, use a pass-through abort
passthrough_abort = True
if response_type == 'application/json':
passthrough_abort = 'json'
if passthrough_abort is False:
# Plain HTML page
status = 'warning' if response.status_int == 401 else 'error'
flash(reason, status=status)
abort(response.status_int, reason, passthrough=passthrough_abort)
def default_denial_handler(self, reason):
"""Authorization denial handler for protectors."""
passthrough_abort = False
if self.smart_denial:
response_type = response.content_type or request.response_type
if response_type in self.smart_denial:
# It's an API response, use a pass-through abort
passthrough_abort = True
if response_type == 'application/json':
passthrough_abort = 'json'
if passthrough_abort is False:
# Plain HTML page
status = 'warning' if response.status_int == 401 else 'error'
flash(reason, status=status)
abort(response.status_int, reason, passthrough=passthrough_abort)
def save(self, **kw):
app_model.UserAddress.query.update(
{'_id': ObjectId(kw.get('address_id'))}, {
'$set': {
'shipping_address': {
'receiver': kw.get('receiver'),
'address': kw.get('address'),
'city': kw.get('city'),
'province': kw.get('province'),
'state': kw.get('state'),
'country': kw.get('country'),
'zip': kw.get('zip'),
'details': kw.get('details')
}
}
})
flash(_('Address updated succesfully'))
return redirect(plug_url('stroller2', '/manage/address/index'))
def _check_security(self):
predicate = getattr(self, 'allow_only', None)
if predicate is None:
return True
try:
predicate.check_authorization(request.environ)
except NotAuthorizedError, e:
reason = unicode(e)
if hasattr(self, '_failed_authorization'):
# Should shortcircuit the rest, but if not we will still
# deny authorization
self._failed_authorization(reason)
if not_anonymous().is_met(request.environ):
# The user is authenticated but not allowed.
code = 403
status = 'error'
else:
# The user has not been not authenticated.
code = 401
status = 'warning'
pylons.response.status = code
flash(reason, status=status)
abort(code, comment=reason)
def _check_security(self):
predicate = getattr(self, 'allow_only', None)
if predicate is None:
return True
try:
predicate.check_authorization(pylons.request.environ)
except WhatNotAuthorizedError, e:
reason = unicode(e)
if hasattr(self, '_failed_authorization'):
# Should shortcircut the rest, but if not we will still
# deny authorization
self._failed_authorization(reason)
if not_anonymous().is_met(request.environ):
# The user is authenticated but not allowed.
code = 403
status = 'error'
else:
# The user has not been not authenticated.
code = 401
status = 'warning'
pylons.response.status = code
flash(reason, status=status)
abort(code, comment=reason)
def edit(self, address_id, **kw):
address = app_model.UserAddress.query.find({
'_id': ObjectId(address_id)
}).first()
if address is None:
flash(_('Address not find'))
return redirect(plug_url('stroller2',
'/manage/user_address/index'))
value = {
'address_id': str(address._id),
'receiver': address.shipping_address['receiver'],
'address': address.shipping_address['address'],
'city': address.shipping_address['city'],
'province': address.shipping_address['province'],
'state': address.shipping_address['state'],
'country': address.shipping_address['country'],
'zip': address.shipping_address['zip'],
'details': address.shipping_address['details']
}
return dict(form=get_edit_user_address_form(),
value=value,
action=plug_url('stroller2', '/manage/address/save'))
def _check_security(self):
if not hasattr(self, "allow_only") or self.allow_only is None:
log.debug('No controller-wide authorization at %s', request.path)
return True
try:
predicate = self.allow_only
predicate.check_authorization(request.environ)
except NotAuthorizedError, e:
reason = unicode(e)
if hasattr(self, '_failed_authorization'):
# Should shortcircut the rest, but if not we will still
# deny authorization
self._failed_authorization(reason)
if not_anonymous().is_met(request.environ):
# The user is authenticated but not allowed.
code = 403
status = 'error'
else:
# The user has not been not authenticated.
code = 401
status = 'warning'
pylons.response.status = code
flash(reason, status=status)
abort(code, comment=reason)
def create(self, **kw):
kw['type'] = 'product'
bucket = self.photos.get_bucket()
kw['product_photos'] = bucket.photos
del kw['photos']
try:
app_globals.shop.product.create(**kw)
flash(_('Product created'))
except AlreadyExistingSlugException:
flash(_('There is already a product with this slug'), 'error')
except AlreadyExistingSkuException:
flash(_('There is already a product with this SKU'), 'error')
return redirect(plug_url('stroller2', '/manage/product/index'))
def add_to_cart(self, product=None, quantity=1, **kw):
print kw
return
product = app_globals.shop.product.get(_id=product)
if product is None:
abort(404, 'Product not found')
try:
cart = app_globals.shop.cart.create_or_get(request.identity['user'].user_id)
except CartLockedException:
flash(_('The cart is unavailable, try again later'), 'error')
return redirect('/product/%s' % product.slug)
if not app_globals.shop.product.buy(cart, product, 0, quantity):
flash(_('The product is sold out'), 'error')
else:
flash(_('Product %s added to cart') % product.i18n_name)
return redirect('/product/%s' % product.slug)
def add_to_cart(self, product=None, quantity=1, **kw):
return
product = app_globals.shop.product.get(_id=product)
if product is None:
abort(404, 'Product not found')
try:
cart = app_globals.shop.cart.create_or_get(
request.identity['user'].user_id)
except CartLockedException:
flash(_('The cart is unavailable, try again later'), 'error')
return redirect('/product/%s' % product.slug)
if not app_globals.shop.product.buy(cart, product, 0, quantity):
flash(_('The product is sold out'), 'error')
else:
flash(_('Product %s added to cart') % product.i18n_name)
return redirect('/product/%s' % product.slug)
code = 403
status = 'error'
else:
# The user has not been not authenticated.
code = 401
status = 'warning'
pylons.response.status = code
flash(reason, status=status)
abort(code, comment=reason)
except NotAuthorizedError, e:
reason = getattr(e, 'msg',
'You are not Authorized to access this Resource')
code = getattr(e, 'code', 401)
status = getattr(e, 'status', 'error')
pylons.response.status = code
flash(reason, status=status)
abort(code, comment=reason)
def _configured_engines():
"""
Returns a set containing the names of the currently configured template
engines from the active application's globals
"""
g = pylons.app_globals._current_obj()
if not hasattr(g, 'tg_configured_engines'):
g.tg_configured_engines = set()
return g.tg_configured_engines
__all__ = ["DecoratedController"]
# The user is authenticated but not allowed.
code = 403
status = 'error'
else:
# The user has not been not authenticated.
code = 401
status = 'warning'
pylons.response.status = code
flash(reason, status=status)
abort(code, comment=reason)
except NotAuthorizedError, e:
reason = getattr(e, 'msg', 'You are not Authorized to access this Resource')
code = getattr(e, 'code', 401)
status = getattr(e, 'status', 'error')
pylons.response.status = code
flash(reason, status=status)
abort(code, comment=reason)
def _configured_engines():
"""
Returns a set containing the names of the currently configured template
engines from the active application's globals
"""
g = pylons.app_globals._current_obj()
if not hasattr(g, 'tg_configured_engines'):
g.tg_configured_engines = set()
return g.tg_configured_engines
__all__ = [
"DecoratedController"
]
def delete(self, product_id):
product = product_id
app_globals.shop.product.delete(product)
flash(_('Product deleted'))
return redirect(plug_url('stroller2', '/manage/product/index'))
def before_validate(self, remainder, params):
if '_signals_subkey' not in params:
flash('Not subscribed', status='warning')
abort(401, 'Not subscribed')
def delete(self, address_id):
app_model.UserAddress.query.remove({'_id': ObjectId(address_id)})
flash(_('Address deleted'))
return redirect(plug_url('stroller2', '/manage/address/index'))
