def authenticate(self, oauth_client): """Verify authentication by calling get_self on the User. This will verify against the API endpoint for returning the authenticated user. """ http = typepad.client http.clear_credentials() http.add_credentials(oauth_client.consumer, oauth_client.token) typepad.client.batch_request() u = User.get_self(http=http) try: typepad.client.complete_batch() except (User.Unauthorized, User.Forbidden): u = AnonymousUser() return u
def lastface(request, xid, spec): cache_key = 'lastface:%s' % xid face = cache.get(cache_key) if face is None: try: face = Lastface.objects.get(owner=xid) except Lastface.DoesNotExist: # Get that person's userpic. with typepad.client.batch_request(): user = User.get_by_url_id(xid) face = user.avatar_link.by_width(200).url if 'default-userpics' in face: return HttpResponseNotFound('no such face', content_type='text/plain') face = face.rsplit('/', 1)[-1].split('-', 1)[0] else: face = face.face cache.set(cache_key, face) url = 'http://a0.typepad.com/%s-%s' % (face, spec) return HttpResponseRedirect(url)
def moderate(request): """ Moderation actions for the moderation queue. Approve or delete. Return OK. """ if not hasattr(request, 'typepad_user'): typepad.client.batch_request() request.typepad_user = get_user(request) typepad.client.complete_batch() if not (request.typepad_user.is_authenticated() and \ request.typepad_user.is_superuser): return http.HttpResponseForbidden() res = 'OK' item_ids = request.POST.getlist('item_id') if item_ids is None: raise http.Http404 action = request.POST.get('action', None) success = [] fail = [] ban_list = [] for item_id in item_ids: queue = None user = None if action.endswith('_user'): try: user = Blacklist.objects.get(user_id=item_id) except Blacklist.DoesNotExist: if action == 'approve_user': success.append(item_id) continue else: fail.append(item_id) continue else: try: queue = Queue.objects.get(id=item_id) except: fail.append(item_id) continue if action == 'approve': queue.approve() success.append(item_id) elif action in ('delete', 'ban'): # outright delete it?? or do we have a status for this? if action == 'ban': if queue.user_id not in ban_list: # also ban this user typepad.client.batch_request() user_memberships = User.get_by_url_id(queue.user_id).memberships.filter(by_group=request.group) typepad.client.complete_batch() try: user_membership = user_memberships[0] if user_membership.is_admin(): # cannot ban/unban another admin fail.append(item_id) continue user_membership.block() signals.member_banned.send(sender=moderate, membership=user_membership, group=request.group) ban_list.append(queue.user_id) except IndexError: pass # no membership exists; ignore ban tp_asset = None if queue.asset_id: # we need to remove from typepad typepad.client.batch_request() tp_asset = typepad.Asset.get_by_url_id(queue.asset_id) try: typepad.client.complete_batch() except typepad.Asset.NotFound: # already deleted on TypePad... tp_asset = None if tp_asset: tp_asset.delete() content = queue.content if content is not None: if content.attachment is not None and content.attachment.name: # delete the attachment ourselves; this handles # the case where the file may not actually still be # on disk; we'll just ignore that since we're deleting # the row anyway try: content.attachment.delete() except IOError, ex: # something besides "file couldn't be opened"; reraise if ex.errno != 2: raise ex content.attachment = None content.save() queue.delete() success.append(item_id) if tp_asset is not None: signals.asset_deleted.send(sender=moderate, instance=tp_asset, group=request.group) elif action == 'view': if queue.status in (Queue.MODERATED, Queue.SPAM): content = QueueContent.objects.get(queue=queue) data = json.loads(content.data) # supplement with a fake author member, since this isn't # populated into the POSTed data for pre-moderation/spam assets data['author'] = { 'displayName': queue.user_display_name, 'links': [{ 'rel': 'avatar', 'href': queue.user_userpic, 'width': 50, 'height': 50 }] } tp_asset = typepad.Asset.from_dict(data) tp_asset.published = queue.ts else: typepad.client.batch_request() tp_asset = typepad.Asset.get_by_url_id(queue.asset_id) typepad.client.complete_batch() event = typepad.Event() event.object = tp_asset event.actor = tp_asset.author event.published = tp_asset.published # 'view' of 'permalink' causes the full content to render data = { 'entry': tp_asset, 'event': event, 'view': 'permalink' } res = render_to_string("motion/assets/asset.html", data, context_instance=RequestContext(request)) return http.HttpResponse(res)
event = typepad.Event() event.object = tp_asset event.actor = tp_asset.author event.published = tp_asset.published # 'view' of 'permalink' causes the full content to render data = { 'entry': tp_asset, 'event': event, 'view': 'permalink' } res = render_to_string("motion/assets/asset.html", data, context_instance=RequestContext(request)) return http.HttpResponse(res) elif action == 'ban_user': typepad.client.batch_request() user_memberships = User.get_by_url_id(item_id).memberships.filter(by_group=request.group) typepad.client.complete_batch() try: user_membership = user_memberships[0] if user_membership.is_admin(): # cannot ban/unban another admin fail.append(item_id) continue user_membership.block() signals.member_banned.send(sender=moderate, membership=user_membership, group=request.group) ban_list.append(item_id)
def get_user(self, user_id): """Return the authed TypePad user""" return User.get_by_id(user_id)