def edit_journal_post_(request):
form = request.web_input(journalid="", title="", rating="", friends="", content="")
rating = ratings.CODE_MAP.get(define.get_int(form.rating))
if not rating:
raise WeasylError("ratingInvalid")
j = orm.Journal()
j.journalid = define.get_int(form.journalid)
j.title = form.title
j.rating = rating
j.content = form.content
journal.edit(request.userid, j, friends_only=form.friends)
raise HTTPSeeOther(location="/journal/%i/%s%s" % (
define.get_int(form.journalid),
slug_for(form.title),
("?anyway=true" if request.userid in staff.MODS else '')
))
def admincontrol_manageuser_get_(request):
form = request.web_input(name="")
otherid = profile.resolve(None, None, form.name)
if not otherid:
raise WeasylError("userRecordMissing")
if request.userid != otherid and otherid in staff.ADMINS and request.userid not in staff.TECHNICAL:
return Response(d.errorpage(request.userid, errorcode.permission))
return Response(
d.webpage(
request.userid,
"admincontrol/manageuser.html",
[
# Manage user information
profile.select_manage(otherid),
],
title="User Management"))
def submissions_(request):
form = request.web_input(userid="", name="", backid=None, nextid=None, folderid=None)
form.name = request.matchdict.get('name', form.name)
form.userid = define.get_int(form.userid)
config = define.get_config(request.userid)
rating = define.get_rating(request.userid)
otherid = profile.resolve(request.userid, form.userid, form.name)
folderid = define.get_int(form.folderid) or None
if not otherid:
raise WeasylError("userRecordMissing")
elif not request.userid and "h" in define.get_config(otherid):
return Response(define.errorpage(request.userid, errorcode.no_guest_access))
userprofile = profile.select_profile(otherid, images=True, viewer=request.userid)
has_fullname = userprofile['full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's submissions" % (userprofile['full_name'] if has_fullname else userprofile['username'],)
page = define.common_page_start(request.userid, title=page_title)
url_format = "/submissions/{username}?%s{folderquery}".format(
username=define.get_sysname(userprofile['username']),
folderquery="&folderid=%d" % folderid if folderid else "")
result = pagination.PaginatedResult(
submission.select_list, submission.select_count, 'submitid', url_format, request.userid, rating,
60, otherid=otherid, folderid=folderid, backid=define.get_int(form.backid),
nextid=define.get_int(form.nextid), config=config, profile_page_filter=not folderid)
page.append(define.render('user/submissions.html', [
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
# Relationship
profile.select_relation(request.userid, otherid),
# Recent submissions
result,
# Folders
folder.select_list(otherid, "sidebar/all"),
# Current folder
folderid,
]))
return Response(define.common_page_end(request.userid, page))
def api_user_gallery_(request):
userid = profile.resolve_by_username(request.matchdict['login'])
if not userid:
raise WeasylError('userRecordMissing')
form = request.web_input(since=None,
count=0,
folderid=0,
backid=0,
nextid=0)
since = None
try:
if form.since:
since = d.parse_iso8601(form.since)
count = int(form.count)
folderid = int(form.folderid)
backid = int(form.backid)
nextid = int(form.nextid)
except ValueError:
raise HTTPUnprocessableEntity(json=_ERROR_UNEXPECTED)
else:
count = min(count or 100, 100)
submissions = submission.select_list(request.userid,
d.get_rating(request.userid),
count + 1,
otherid=userid,
folderid=folderid,
backid=backid,
nextid=nextid)
backid, nextid = d.paginate(submissions, backid, nextid, count, 'submitid')
ret = []
for sub in submissions:
if since is not None and since >= sub['unixtime']:
break
tidy_submission(sub)
ret.append(sub)
return {
'backid': backid,
'nextid': nextid,
'submissions': ret,
}
def select_manage(userid):
"""Selects a user's information for display in the admin user management page.
Args:
userid (int): ID of user to fetch information for.
Returns:
Relevant user information as a dict.
"""
query = d.execute("""
SELECT
lo.userid, lo.last_login, lo.email, pr.unixtime, pr.username, pr.full_name, pr.catchphrase, ui.birthday,
ui.gender, ui.country, pr.config
FROM login lo
INNER JOIN profile pr USING (userid)
INNER JOIN userinfo ui USING (userid)
WHERE lo.userid = %i
""", [userid], ["single"])
if not query:
raise WeasylError("Unexpected")
user_link_rows = d.engine.execute("""
SELECT link_type, ARRAY_AGG(link_value)
FROM user_links
WHERE userid = %(userid)s
GROUP BY link_type
""", userid=userid)
return {
"userid": query[0],
"last_login": query[1],
"email": query[2],
"unixtime": query[3],
"username": query[4],
"full_name": query[5],
"catchphrase": query[6],
"birthday": query[7],
"gender": query[8],
"country": query[9],
"config": query[10],
"staff_notes": shout.count(userid, staffnotes=True),
"sorted_user_links": sort_user_links(user_link_rows),
}
def verify(token):
lo = d.meta.tables["login"]
lc = d.meta.tables["logincreate"]
query = d.engine.execute(lc.select().where(lc.c.token == token)).first()
if not query:
raise WeasylError("logincreateRecordMissing")
db = d.connect()
with db.begin():
# Create login record
userid = db.scalar(lo.insert().returning(lo.c.userid), {
"login_name": d.get_sysname(query.username),
"last_login": arrow.now(),
"email": query.email,
})
# Create profile records
db.execute(d.meta.tables["authbcrypt"].insert(), {
"userid": userid,
"hashsum": query.hashpass,
})
db.execute(d.meta.tables["profile"].insert(), {
"userid": userid,
"username": query.username,
"full_name": query.username,
"unixtime": arrow.now(),
"config": "kscftj",
})
db.execute(d.meta.tables["userinfo"].insert(), {
"userid": userid,
"birthday": query.birthday,
})
db.execute(d.meta.tables["userstats"].insert(), {
"userid": userid,
})
db.execute(d.meta.tables["welcomecount"].insert(), {
"userid": userid,
})
# Update logincreate records
db.execute(lc.delete().where(lc.c.token == token))
d.metric('increment', 'verifiedusers')
def _select_journal_and_check(userid,
journalid,
rating=None,
ignore=True,
anyway=False,
increment_views=True):
"""Selects a journal, after checking if the user is authorized, etc.
Args:
userid (int): Currently authenticating user ID.
journalid (int): Character ID to fetch.
rating (int): Maximum rating to display. Defaults to None.
ignore (bool): Whether to respect ignored or blocked tags. Defaults to True.
anyway (bool): Whether ignore checks and display anyway. Defaults to False.
increment_views (bool): Whether to increment the number of views on the submission. Defaults to True.
Returns:
A journal and all needed data as a dict.
"""
query = d.engine.execute("""
SELECT jo.userid, pr.username, jo.unixtime, jo.title, jo.content, jo.rating, jo.settings, jo.page_views, pr.config
FROM journal jo JOIN profile pr ON jo.userid = pr.userid
WHERE jo.journalid = %(id)s
""",
id=journalid).first()
if not query:
# If there's no query result, there's no record, so fast-fail.
raise WeasylError('journalRecordMissing')
elif journalid and userid in staff.MODS and anyway:
pass
elif not query or 'h' in query.settings:
raise WeasylError('journalRecordMissing')
elif query.rating > rating and (
(userid != query.userid and userid not in staff.MODS)
or d.is_sfw_mode()):
raise WeasylError('RatingExceeded')
elif 'f' in query.settings and not frienduser.check(userid, query.userid):
raise WeasylError('FriendsOnly')
elif ignore and ignoreuser.check(userid, query.userid):
raise WeasylError('UserIgnored')
elif ignore and blocktag.check(userid, journalid=journalid):
raise WeasylError('TagBlocked')
query = dict(query)
if increment_views and d.common_view_content(userid, journalid, 'journal'):
query['page_views'] += 1
return query
def select_by_id(updateid):
su = d.meta.tables['siteupdate']
pr = d.meta.tables['profile']
q = (sa.select([
pr.c.userid,
pr.c.username,
su.c.title,
su.c.content,
su.c.unixtime,
]).select_from(su.join(
pr, su.c.userid == pr.c.userid)).where(su.c.updateid == updateid))
db = d.connect()
results = db.execute(q).fetchall()
if not results:
raise WeasylError('RecordMissing')
results = dict(results[0])
results['user_media'] = media.get_user_media(results['userid'])
results['timestamp'] = results['unixtime'].timestamp + UNIXTIME_OFFSET
return results
def select_profile(userid, viewer=None):
query = d.engine.execute("""
SELECT pr.username, pr.full_name, pr.catchphrase, pr.created_at, pr.profile_text,
pr.settings, pr.stream_url, pr.config, pr.stream_text, us.end_time
FROM profile pr
INNER JOIN login lo USING (userid)
LEFT JOIN user_streams us USING (userid)
WHERE userid = %(user)s
""",
user=userid).first()
if not query:
raise WeasylError('userRecordMissing')
is_banned, is_suspended = d.get_login_settings(userid)
streaming_status = "stopped"
if query[6]: # profile.stream_url
if 'l' in query[5]:
streaming_status = "later"
elif query[9] is not None and query[9] > d.get_time(
): # user_streams.end_time
streaming_status = "started"
return {
"userid": userid,
"user_media": media.get_user_media(userid),
"username": query[0],
"full_name": query[1],
"catchphrase": query[2],
"unixtime": query[3],
"profile_text": query[4],
"settings": query[5],
"stream_url": query[6],
"stream_text": query[8],
"config": query[7],
"show_favorites_bar": "u" not in query[7] and "v" not in query[7],
"show_favorites_tab": userid == viewer or "v" not in query[7],
"commish_slots": 0,
"banned": is_banned,
"suspended": is_suspended,
"streaming_status": streaming_status,
}
def control_streaming_get_(request):
form = request.web_input(target='')
if form.target and request.userid not in staff.MODS:
raise WeasylError('InsufficientPermissions')
elif form.target:
target = define.get_int(form.target)
else:
target = request.userid
return Response(
define.webpage(
request.userid,
"control/edit_streaming.html",
[
# Profile
profile.select_profile(target),
form.target,
],
title="Edit Streaming Settings"))
def request(email):
token = security.generate_key(25,
key_characters=string.digits +
string.ascii_lowercase)
token_sha256 = _hash_token(token)
email = emailer.normalize_address(email)
if email is None:
raise WeasylError("emailInvalid")
d.engine.execute(
"INSERT INTO forgotpassword (email, token_sha256)"
" VALUES (%(email)s, %(token_sha256)s)",
email=email,
token_sha256=bytearray(token_sha256))
# Generate and send an email to the user containing a password reset link
emailer.send(email, "Weasyl Account Recovery",
d.render("email/reset_password.html", [token]))
def clean_display_name(text):
"""
Process a user's selection of their own username into the username that will be stored.
- Leading and trailing whitespace is removed.
- Non-ASCII characters are removed.
- Control characters are removed.
- Semicolons are removed.
- Only the first 25 characters are kept.
Throws a WeasylError("usernameInvalid") if a well-formed username isn't produced by this process.
"""
cleaned = "".join(c for c in text.strip() if " " <= c <= "~" and c != ";")[:_USERNAME]
sysname = d.get_sysname(cleaned)
if sysname and sysname not in _BANNED_SYSNAMES:
return cleaned
else:
raise WeasylError("usernameInvalid")
def GET(self, name=None):
form = web.input(userid="")
otherid = profile.resolve(self.user_id, define.get_int(form.userid),
name)
if not otherid:
raise WeasylError("userRecordMissing")
userprofile = profile.select_profile(otherid,
images=True,
viewer=self.user_id)
has_fullname = userprofile[
'full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's staff notes" % (userprofile['full_name']
if has_fullname else
userprofile['username'], )
page = define.common_page_start(self.user_id, title=page_title)
userinfo = profile.select_userinfo(otherid,
config=userprofile['config'])
reportstats = profile.select_report_stats(otherid)
userinfo['reportstats'] = reportstats
userinfo['reporttotal'] = sum(reportstats.values())
page.append(
define.render(
template.user_shouts,
[
# Profile information
userprofile,
# User information
userinfo,
# Relationship
profile.select_relation(self.user_id, otherid),
# Myself
profile.select_myself(self.user_id),
# Comments
shout.select(
self.user_id, ownerid=otherid, staffnotes=True),
# Feature
"staffnotes",
]))
return define.common_page_end(self.user_id, page, now=time.time())
def GET(self, name=""):
now = time.time()
form = web.input(userid="", name="", backid=None, nextid=None)
form.name = name if name else form.name
form.userid = define.get_int(form.userid)
otherid = profile.resolve(self.user_id, form.userid, form.name)
if not otherid:
raise WeasylError("userRecordMissing")
elif not self.user_id and "h" in define.get_config(otherid):
return define.errorpage(self.user_id, errorcode.no_guest_access)
userprofile = profile.select_profile(otherid,
images=True,
viewer=self.user_id)
has_fullname = userprofile[
'full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's shouts" % (userprofile['full_name'] if has_fullname
else userprofile['username'], )
page = define.common_page_start(self.user_id, title=page_title)
page.append(
define.render(
template.user_shouts,
[
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid,
config=userprofile['config']),
# Relationship
profile.select_relation(self.user_id, otherid),
# Myself
profile.select_myself(self.user_id),
# Comments
shout.select(self.user_id, ownerid=otherid),
# Feature
"shouts",
]))
return define.common_page_end(self.user_id, page, now=now)
def reset(form):
from weasyl import login
# Raise an exception if `password` does not enter `passcheck` (indicating
# that the user mistyped one of the fields) or if `password` does not meet
# the system's password security requirements
if form.password != form.passcheck:
raise WeasylError("passwordMismatch")
elif not login.password_secure(form.password):
raise WeasylError("passwordInsecure")
# Select the user information and record data from the forgotpassword table
# pertaining to `token`, requiring that the link associated with the record
# be visited no more than five minutes prior; if the forgotpassword record is
# not found or does not meet this requirement, raise an exception
query = d.engine.execute("""
SELECT lo.userid, lo.login_name, lo.email, fp.link_time, fp.address
FROM login lo
INNER JOIN userinfo ui USING (userid)
INNER JOIN forgotpassword fp USING (userid)
WHERE fp.token = %(token)s AND fp.link_time > %(cutoff)s
""",
token=form.token,
cutoff=d.get_time() - 300).first()
if not query:
raise WeasylError("forgotpasswordRecordMissing")
USERID, USERNAME, EMAIL, LINKTIME, ADDRESS = query
# Check `username` and `email` against known correct values and raise an
# exception if there is a mismatch
if emailer.normalize_address(
form.email) != emailer.normalize_address(EMAIL):
raise WeasylError("emailIncorrect")
elif d.get_sysname(form.username) != USERNAME:
raise WeasylError("usernameIncorrect")
elif d.get_address() != ADDRESS:
raise WeasylError("addressInvalid")
# Update the authbcrypt table with a new password hash
d.engine.execute(
'INSERT INTO authbcrypt (userid, hashsum) VALUES (%(user)s, %(hash)s) '
'ON CONFLICT (userid) DO UPDATE SET hashsum = %(hash)s',
user=USERID,
hash=login.passhash(form.password))
d.engine.execute("DELETE FROM forgotpassword WHERE token = %(token)s",
token=form.token)
def _resize(filename, width, height, destination=None):
in_place = False
if not destination:
destination = filename + '.new'
in_place = True
im = read(filename)
if not images.image_extension(im):
raise WeasylError("FileType")
im = images.resize_image(im, width, height)
if im is not None:
im.write(destination)
if in_place:
os.rename(destination, filename)
# if there's no need to resize, in-place resize is a no-op. otherwise copy
# the source to the destination.
elif not in_place:
files.copy(filename, destination)
def staffnotes_(request):
form = request.web_input(userid="")
otherid = profile.resolve(request.userid, define.get_int(form.userid),
request.matchdict.get('name', None))
if not otherid:
raise WeasylError("userRecordMissing")
userprofile = profile.select_profile(otherid,
images=True,
viewer=request.userid)
has_fullname = userprofile[
'full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's staff notes" % (userprofile['full_name']
if has_fullname else
userprofile['username'], )
page = define.common_page_start(request.userid, title=page_title)
userinfo = profile.select_userinfo(otherid, config=userprofile['config'])
reportstats = profile.select_report_stats(otherid)
userinfo['reportstats'] = reportstats
userinfo['reporttotal'] = sum(reportstats.values())
page.append(
define.render(
'user/shouts.html',
[
# Profile information
userprofile,
# User information
userinfo,
# Relationship
profile.select_relation(request.userid, otherid),
# Myself
profile.select_myself(request.userid),
# Comments
shout.select(request.userid, ownerid=otherid, staffnotes=True),
# Feature
"staffnotes",
]))
return Response(define.common_page_end(request.userid, page))
def shouts_(request):
form = request.web_input(userid="", name="", backid=None, nextid=None)
form.name = request.matchdict.get('name', form.name)
form.userid = define.get_int(form.userid)
otherid = profile.resolve(request.userid, form.userid, form.name)
if not otherid:
raise WeasylError("userRecordMissing")
elif not request.userid and "h" in define.get_config(otherid):
return Response(
define.errorpage(request.userid, errorcode.no_guest_access))
userprofile = profile.select_profile(otherid,
images=True,
viewer=request.userid)
has_fullname = userprofile[
'full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's shouts" % (userprofile['full_name'] if has_fullname
else userprofile['username'], )
page = define.common_page_start(request.userid, title=page_title)
page.append(
define.render(
'user/shouts.html',
[
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
# Relationship
profile.select_relation(request.userid, otherid),
# Myself
profile.select_myself(request.userid),
# Comments
shout.select(request.userid, ownerid=otherid),
# Feature
"shouts",
]))
return Response(define.common_page_end(request.userid, page))
def comment_insert(userid, commentid, otherid, submitid, charid, journalid):
ownerid = d.get_ownerid(submitid, charid, journalid)
if not otherid:
otherid = ownerid
if submitid:
notiftype = 4020 if ownerid == otherid else 4050
elif charid:
notiftype = 4040
elif journalid:
notiftype = 4030
else:
raise WeasylError("Unexpected")
d.execute(
"INSERT INTO welcome (userid, otherid, referid, targetid, unixtime, type) VALUES (%i, %i, %i, %i, %i, %i)",
[
otherid, userid,
d.get_targetid(submitid, charid, journalid), commentid,
d.get_time(), notiftype
])
def POST(self):
form = web.input(journalid="",
title="",
rating="",
friends="",
content="")
rating = ratings.CODE_MAP.get(define.get_int(form.rating))
if not rating:
raise WeasylError("ratingInvalid")
j = orm.Journal()
j.journalid = define.get_int(form.journalid)
j.title = form.title
j.rating = rating
j.content = form.content
journal.edit(self.user_id, j, friends_only=form.friends)
raise web.seeother(
"/journal/%i/%s%s" %
(define.get_int(form.journalid), slug_for(form.title),
("?anyway=true" if self.user_id in staff.MODS else '')))
def edit_submission_get_(request):
form = request.web_input(submitid="", anyway="")
form.submitid = define.get_int(form.submitid)
detail = submission.select_view(request.userid, form.submitid, ratings.EXPLICIT.code, False, anyway=form.anyway)
if request.userid != detail['userid'] and request.userid not in staff.MODS:
raise WeasylError('InsufficientPermissions')
submission_category = detail['subtype'] // 1000 * 1000
return Response(define.webpage(request.userid, "edit/submission.html", [
# Submission detail
detail,
# Folders
folder.select_flat(detail['userid']),
# Subtypes
[i for i in macro.MACRO_SUBCAT_LIST
if submission_category <= i[0] < submission_category + 1000],
profile.get_user_ratings(detail['userid']),
], title="Edit Submission"))
def get_global_tag_restrictions(userid):
"""
Retrieves a list of tags on the globally restricted tag list for display to a director.
Parameters:
userid: The userid of the director requesting the list of tags.
Returns:
A dict mapping from globally restricted tag titles to the name of the director who added the tag.
"""
# Only directors can view the globally restricted tag list; sanity check against the @director_only decorator
if userid not in staff.DIRECTORS:
raise WeasylError("InsufficientPermissions")
query = d.engine.execute("""
SELECT st.title, lo.login_name
FROM globally_restricted_tags
INNER JOIN searchtag AS st USING (tagid)
INNER JOIN login AS lo USING (userid)
""").fetchall()
return {r.title: r.login_name for r in query}
def reset(form):
import login
# Raise an exception if `password` does not enter `passcheck` (indicating
# that the user mistyped one of the fields) or if `password` does not meet
# the system's password security requirements
if form.password != form.passcheck:
raise WeasylError("passwordMismatch")
elif not login.password_secure(form.password):
raise WeasylError("passwordInsecure")
# Select the user information and record data from the forgotpassword table
# pertaining to `token`, requiring that the link associated with the record
# be visited no more than five minutes prior; if the forgotpassword record is
# not found or does not meet this requirement, raise an exception
query = d.execute("""
SELECT lo.userid, lo.login_name, lo.email, fp.link_time, fp.address
FROM login lo
INNER JOIN userinfo ui USING (userid)
INNER JOIN forgotpassword fp USING (userid)
WHERE fp.token = '%s' AND fp.link_time > %i
""", [form.token, d.get_time() - 300], options="single")
if not query:
raise WeasylError("forgotpasswordRecordMissing")
USERID, USERNAME, EMAIL, LINKTIME, ADDRESS = query
# Check `username` and `email` against known correct values and raise an
# exception if there is a mismatch
if emailer.normalize_address(form.email) != emailer.normalize_address(EMAIL):
raise WeasylError("emailIncorrect")
elif d.get_sysname(form.username) != USERNAME:
raise WeasylError("usernameIncorrect")
elif d.get_address() != ADDRESS:
raise WeasylError("addressInvalid")
# Update the authbcrypt table with a new password hash
""" TODO TEMPORARY """
try:
d.execute("INSERT INTO authbcrypt VALUES (%i, '')", [USERID])
except:
pass
d.execute("UPDATE authbcrypt SET hashsum = '%s' WHERE userid = %i", [login.passhash(form.password), USERID])
d.execute("DELETE FROM forgotpassword WHERE token = '%s'", [form.token])
def select_profile(userid, avatar=False, banner=False, propic=False, images=False, commish=True, viewer=None):
query = d.execute("""
SELECT pr.username, pr.full_name, pr.catchphrase, pr.unixtime, pr.profile_text,
pr.settings, pr.stream_url, pr.config, pr.stream_text, lo.settings, us.end_time
FROM profile pr
INNER JOIN login lo USING (userid)
LEFT JOIN user_streams us USING (userid)
WHERE userid = %i
""", [userid], ["single"])
if not query:
raise WeasylError('RecordMissing')
streaming_status = "stopped"
if query[6]: # profile.stream_url
if query[10] > d.get_time(): # user_streams.end_time
streaming_status = "started"
elif 'l' in query[5]:
streaming_status = "later"
return {
"userid": userid,
"user_media": media.get_user_media(userid),
"username": query[0],
"full_name": query[1],
"catchphrase": query[2],
"unixtime": query[3],
"profile_text": query[4],
"settings": query[5],
"stream_url": query[6],
"stream_text": query[8],
"config": query[7],
"show_favorites_bar": "u" not in query[7] and "v" not in query[7],
"show_favorites_tab": userid == viewer or "v" not in query[7],
"commish_slots": 0,
"banned": "b" in query[9],
"suspended": "s" in query[9],
"streaming_status": streaming_status,
}
def notes_(request):
form = request.web_input(folder="inbox", filter="", backid="", nextid="")
backid = int(form.backid) if form.backid else None
nextid = int(form.nextid) if form.nextid else None
filter_ = define.get_userid_list(form.filter)
if form.folder == "inbox":
return Response(
define.webpage(
request.userid,
"note/message_list.html",
[
# Folder
"inbox",
# Private messages
note.select_inbox(request.userid,
50,
backid=backid,
nextid=nextid,
filter=filter_),
]))
if form.folder == "outbox":
return Response(
define.webpage(
request.userid,
"note/message_list.html",
[
# Folder
"outbox",
# Private messages
note.select_outbox(request.userid,
50,
backid=backid,
nextid=nextid,
filter=filter_),
]))
raise WeasylError("unknownMessageFolder")
def create_price(userid, price, currency="", settings=""):
if not price.title:
raise WeasylError("titleInvalid")
elif price.amount_min > _MAX_PRICE:
raise WeasylError("minamountInvalid")
elif price.amount_max > _MAX_PRICE:
raise WeasylError("maxamountInvalid")
elif price.amount_max and price.amount_max < price.amount_min:
raise WeasylError("maxamountInvalid")
elif not price.classid:
raise WeasylError("classidInvalid")
elif not d.engine.scalar(
"SELECT EXISTS (SELECT 0 FROM commishclass WHERE (classid, userid) = (%(class_)s, %(user)s))",
class_=price.classid,
user=userid):
raise WeasylError("classidInvalid")
# Settings are at most one currency class, and optionally an 'a' to indicate an add-on price.
# TODO: replace these character codes with an enum.
settings = "%s%s" % ("".join(
i for i in currency
if i in CURRENCY_CHARMAP)[:1], "a" if "a" in settings else "")
# TODO: should have an auto-increment ID
priceid = d.engine.scalar(
"SELECT MAX(priceid) + 1 FROM commishprice WHERE userid = %(user)s",
user=userid)
try:
d.engine.execute(
"INSERT INTO commishprice VALUES (%(newid)s, %(class_)s, %(user)s, %(title)s, %(amount_min)s, %(amount_max)s, %(settings)s)",
newid=priceid if priceid else 1,
class_=price.classid,
user=userid,
title=price.title,
amount_min=price.amount_min,
amount_max=price.amount_max,
settings=settings,
)
except PostgresError:
return WeasylError("titleExists")
def following_(request):
cachename = "user/following.html"
form = request.web_input(userid="", name="", backid=None, nextid=None)
form.name = request.matchdict.get('name', form.name)
form.userid = define.get_int(form.userid)
otherid = profile.resolve(request.userid, form.userid, form.name)
if not otherid:
raise WeasylError("userRecordMissing")
elif not request.userid and "h" in define.get_config(otherid):
return Response(
define.errorpage(request.userid, errorcode.no_guest_access))
userprofile = profile.select_profile(otherid,
images=True,
viewer=request.userid)
return Response(
define.webpage(
request.userid,
cachename,
[
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
# Relationship
profile.select_relation(request.userid, otherid),
# Following
followuser.select_following(request.userid,
otherid,
limit=44,
backid=define.get_int(form.backid),
nextid=define.get_int(
form.nextid)),
]))
def characters_(request):
form = request.web_input(userid="", name="", backid=None, nextid=None)
form.name = request.matchdict.get('name', form.name)
form.userid = define.get_int(form.userid)
config = define.get_config(request.userid)
rating = define.get_rating(request.userid)
otherid = profile.resolve(request.userid, form.userid, form.name)
if not otherid:
raise WeasylError("userRecordMissing")
elif not request.userid and "h" in define.get_config(otherid):
return Response(define.errorpage(request.userid, errorcode.no_guest_access))
userprofile = profile.select_profile(otherid, images=True, viewer=request.userid)
has_fullname = userprofile['full_name'] is not None and userprofile['full_name'].strip() != ''
page_title = u"%s's characters" % (userprofile['full_name'] if has_fullname else userprofile['username'],)
page = define.common_page_start(request.userid, title=page_title)
url_format = "/characters?userid={userid}&%s".format(userid=userprofile['userid'])
result = pagination.PaginatedResult(
character.select_list, character.select_count,
'charid', url_format, request.userid, rating, 60,
otherid=otherid, backid=define.get_int(form.backid),
nextid=define.get_int(form.nextid), config=config)
page.append(define.render('user/characters.html', [
# Profile information
userprofile,
# User information
profile.select_userinfo(otherid, config=userprofile['config']),
# Relationship
profile.select_relation(request.userid, otherid),
# Characters list
result,
]))
return Response(define.common_page_end(request.userid, page))
def edit_journal_get_(request):
form = request.web_input(journalid="", anyway="")
form.journalid = define.get_int(form.journalid)
detail = journal.select_view(request.userid,
ratings.EXPLICIT.code,
form.journalid,
False,
anyway=form.anyway)
if request.userid != detail['userid'] and request.userid not in staff.MODS:
raise WeasylError('InsufficientPermissions')
return Response(
define.webpage(
request.userid,
"edit/journal.html",
[
# Journal detail
detail,
profile.get_user_ratings(detail['userid']),
],
title="Edit Journal"))
def GET(self):
form = web.input(folder="inbox", filter="", backid="", nextid="")
backid = int(form.backid) if form.backid else None
nextid = int(form.nextid) if form.nextid else None
filter_ = define.get_userid_list(form.filter)
if form.folder == "inbox":
return define.webpage(self.user_id, "note/message_list.html", [
# Folder
"inbox",
# Private messages
note.select_inbox(self.user_id, 50, backid=backid, nextid=nextid, filter=filter_),
])
if form.folder == "outbox":
return define.webpage(self.user_id, "note/message_list.html", [
# Folder
"outbox",
# Private messages
note.select_outbox(self.user_id, 50, backid=backid, nextid=nextid, filter=filter_),
])
raise WeasylError("unknownMessageFolder")