def _get_article(article_id): article = db.select_one('select * from articles where id=?', article_id) if article.website_id != ctx.website.id: raise APIPermissionError('cannot get article that does not belong to current website.') if article.draft and (ctx.user is None or ctx.user.role_id==ROLE_GUESTS): raise APIPermissionError('cannot get draft article.') return article
def extract_session_cookie(): ''' Decode a secure client session cookie and return user object, or None if invalid cookie. Returns: user as object, or None if cookie is invalid. ''' try: s = str(ctx.request.cookie(_SESSION_COOKIE_NAME, '')) logging.debug('read cookie: %s' % s) if not s: return None ss = base64.urlsafe_b64decode(s.replace('_', '=')).split(':') if len(ss)!=3: raise ValueError('bad cookie: %s' % s) uid, exp, md5 = ss if float(exp) < time.time(): raise ValueError('expired cookie: %s' % s) user = db.select_one('select * from users where id=?', uid) expected_pwd = str(user.passwd) expected = ':'.join([uid, exp, expected_pwd, _SESSION_COOKIE_SALT]) if hashlib.md5(expected).hexdigest()!=md5: raise ValueError('bad cookie: unexpected md5.') # clear password in memory: user.passwd = '******' return user except BaseException, e: logging.debug('something wrong when extract cookie: %s' % e.message) delete_session_cookie() return None
def find_first(cls, where, *args): ''' Find by where clause and return one result. If multiple results found, only the first one returned. If no result found, return None. ''' d = db.select_one('select * from %s %s' % (cls.__table__, where), *args) return cls(**d) if d else None
def _get_page(page_id): page = db.select_one('select * from pages where id=?', page_id) if page.website_id != ctx.website.id: raise APIPermissionError('cannot get page that does not belong to current website.') if page.draft and (ctx.user is None or ctx.user.role_id==ROLE_GUESTS): raise APIPermissionError('cannot get draft page.') return page
def delete_attachment(attr_id): att = db.select_one('select * from attachments where id=?', attr_id) if att.website_id != ctx.website.id: raise APIPermissionError('Cannot delete resource that not belong to current website.') # FIXME: check user_id: store.delete_resources(attr_id) db.update('delete from attachments where id=?', attr_id)
def api_create_navigation(): i = ctx.request.input(name='', url='') name = assert_not_empty(i.name, 'name') url = assert_not_empty(i.url, 'url') max_display = db.select_one('select max(display_order) as max from navigations').max nav = Navigations(_id=db.next_id(), name=name, url=url, display_order=max_display+1).insert() _clear_navigations_cache() return nav
def _get_resource(rid, url=None): logging.info('Get resource: %s, %s' % (rid, url)) r = db.select_one('select url, mime, size, data from resources where _id=?', rid) if url and r.url!=url: raise notfound() resp = ctx.response resp.content_type = r.mime resp.content_length = r.size return r.data
def _get_resource(rid, url=None): logging.info('Get resource: %s, %s' % (rid, url)) r = db.select_one( 'select url, mime, size, data from resources where _id=?', rid) if url and r.url != url: raise notfound() resp = ctx.response resp.content_type = r.mime resp.content_length = r.size return r.data
def _get_wikipage(wp_id, wiki_id=None): """ get a wiki page by id. raise APIPermissionError if wiki is not belong to current website. if the wiki_id is not None, it also check if the page belongs to wiki. """ wp = db.select_one("select * from wiki_pages where id=?", wp_id) if wp.website_id != ctx.website.id: raise APIPermissionError("cannot get wiki page that is not belong to current website.") if wiki_id and wp.wiki_id != wiki_id: raise APIValueError("wiki_id", "bad wiki id.") return wp
def api_delete_category(): i = ctx.request.input(id='') if not i.id: raise APIValueError('id', 'id cannot be empty') cat = _get_category(i.id) if cat.locked: raise APIError('operation:failed', 'category', 'cannot delete category that is locked.') uncategorized = db.select_one('select id from categories where website_id=? and locked=?', ctx.website.id, True) db.update('delete from categories where id=?', i.id) db.update('update articles set category_id=?, version=version + 1 where category_id=?', uncategorized.id, i.id) return True
def api_create_navigation(): i = ctx.request.input(name='', url='') name = assert_not_empty(i.name, 'name') url = assert_not_empty(i.url, 'url') max_display = db.select_one( 'select max(display_order) as max from navigations').max nav = Navigations(_id=db.next_id(), name=name, url=url, display_order=max_display + 1).insert() _clear_navigations_cache() return nav
def _get_wikipage(wp_id, wiki_id=None): ''' get a wiki page by id. raise APIPermissionError if wiki is not belong to current website. if the wiki_id is not None, it also check if the page belongs to wiki. ''' wp = db.select_one('select * from wiki_pages where id=?', wp_id) if wp.website_id != ctx.website.id: raise APIPermissionError( 'cannot get wiki page that is not belong to current website.') if wiki_id and wp.wiki_id != wiki_id: raise APIValueError('wiki_id', 'bad wiki id.') return wp
def http_basic_auth(auth): try: s = base64.b64decode(auth) logging.warn(s) u, p = s.split(':', 1) user = db.select_one('select * from users where email=?', u) if user.passwd==hashlib.md5(p).hexdigest(): logging.info('Basic auth ok: %s' % u) return user return None except BaseException, e: logging.exception('auth failed.') return None
def update_section(): _check_user() i = ctx.request.input(id='', title='', description='') if not i.id: raise APIError('value', 'id', 'id is empty.') title = i.title.strip() description = i.description.strip() if not title: raise APIError('value', 'title', 'title is empty') section = db.select_one('select * from sections where id=?', i.id) _check_user_id(section.user_id) db.update('update sections set title=?, description=?, version=version+1 where id=?', title, description, section.id) db.update('update resumes set version=version+1 where id=?', section.resume_id) return dict(result=True)
def delete_entry(): _check_user() i = ctx.request.input(id='') if not i.id: raise APIError('value', 'id', 'id is empty.') entry = db.select_one('select * from entries where id=?', i.id) _check_user_id(entry.user_id) entries = db.select('select * from entries where section_id=? order by display_order', entry.section_id) display_ids = [en.id for en in entries if en.id != i.id] db.update('delete from entries where id=?', i.id) n = 0 for i in display_ids: db.update('update entries set display_order=? where id=?', n, i) db.update('update sections set version=version+1 where id=?', entry.section_id) return dict(result=True)
def api_delete_category(): i = ctx.request.input(id='') if not i.id: raise APIValueError('id', 'id cannot be empty') cat = _get_category(i.id) if cat.locked: raise APIError('operation:failed', 'category', 'cannot delete category that is locked.') uncategorized = db.select_one( 'select id from categories where website_id=? and locked=?', ctx.website.id, True) db.update('delete from categories where id=?', i.id) db.update( 'update articles set category_id=?, version=version + 1 where category_id=?', uncategorized.id, i.id) return True
def update_section(): _check_user() i = ctx.request.input(id='', title='', description='') if not i.id: raise APIError('value', 'id', 'id is empty.') title = i.title.strip() description = i.description.strip() if not title: raise APIError('value', 'title', 'title is empty') section = db.select_one('select * from sections where id=?', i.id) _check_user_id(section.user_id) db.update( 'update sections set title=?, description=?, version=version+1 where id=?', title, description, section.id) db.update('update resumes set version=version+1 where id=?', section.resume_id) return dict(result=True)
def delete_section(): _check_user() i = ctx.request.input(id='') if not i.id: raise APIError('value', 'id', 'id is empty.') section = db.select_one('select * from sections where id=?', i.id) _check_user_id(section.user_id) cv = get_default_cv(ctx.user.id) sections = db.select('select * from sections where resume_id=? order by display_order', cv.id) display_ids = [s.id for s in sections if s.id != i.id] db.update('delete from entries where section_id=?', i.id) db.update('delete from sections where id=?', i.id) n = 0 for i in display_ids: db.update('update sections set display_order=? where id=?', n, i) db.update('update resumes set version=version+1 where id=?', cv.id) return dict(result=True)
def delete_entry(): _check_user() i = ctx.request.input(id='') if not i.id: raise APIError('value', 'id', 'id is empty.') entry = db.select_one('select * from entries where id=?', i.id) _check_user_id(entry.user_id) entries = db.select( 'select * from entries where section_id=? order by display_order', entry.section_id) display_ids = [en.id for en in entries if en.id != i.id] db.update('delete from entries where id=?', i.id) n = 0 for i in display_ids: db.update('update entries set display_order=? where id=?', n, i) db.update('update sections set version=version+1 where id=?', entry.section_id) return dict(result=True)
def delete_section(): _check_user() i = ctx.request.input(id='') if not i.id: raise APIError('value', 'id', 'id is empty.') section = db.select_one('select * from sections where id=?', i.id) _check_user_id(section.user_id) cv = get_default_cv(ctx.user.id) sections = db.select( 'select * from sections where resume_id=? order by display_order', cv.id) display_ids = [s.id for s in sections if s.id != i.id] db.update('delete from entries where section_id=?', i.id) db.update('delete from sections where id=?', i.id) n = 0 for i in display_ids: db.update('update sections set display_order=? where id=?', n, i) db.update('update resumes set version=version+1 where id=?', cv.id) return dict(result=True)
def _get_wiki(wid): " get wiki by id. raise APIPermissionError if wiki is not belong to current website. " wiki = db.select_one("select * from wikis where id=?", wid) if wiki.website_id != ctx.website.id: raise APIPermissionError("cannot get wiki that does not belong to current website.") return wiki
def _get_category(category_id): cat = db.select_one('select * from categories where id=?', category_id) if cat.website_id != ctx.website.id: raise APIPermissionError('cannot get category that does not belong to current website.') return cat
def cv_by_user(uid): target_user = db.select_one('select * from users where id=?', uid) cv = get_default_cv(uid) return dict(cv=cv, user=ctx.user, target=target_user, editable=ctx.user and ctx.user.id==uid)
def _get_passwd_by_uid(provider, userid): if provider==const.LOCAL_SIGNIN_PROVIDER: return db.select_one('select passwd from users where id=?', userid).passwd return db.select_one('select auth_token from auth_users where user_id=? and provider=?', userid, provider).auth_token
def find_first(cls,where,*args): d=db.select_one('select * from %s %'%(cls.__table__,where),*args) return cls(**d) if d else None
def get_poet(poet_id): return db.select_one('select * from poet where id=?', poet_id)
def _get_category(category_id): cat = db.select_one('select * from categories where id=?', category_id) if cat.website_id != ctx.website.id: raise APIPermissionError( 'cannot get category that does not belong to current website.') return cat
def get(cls, pk): ''' 获得数据通过主键 get by primary key ''' d = db.select_one('select * from %s where %s=?' % (cls.__table__, cls.__primary_key__.name), pk) return cls(**d) if d else None
def find_first(cls, where, *args): ''' 通过where语句查询,返回一个查询结果,如果有多个结果,仅取第一个,如果没有结果则返回第一个 ''' d = db.select_one('select * from %s %s' % (cls.__table__, where), *args) return cls(**d) if d else None
def shortcut(path): s = db.select_one('select * from shortcuts where path=?', path) return cv_by_user(s.user_id)
def get_poem(poem_id): return db.select_one('select * from poem where id=?', poem_id)