Esempio n. 1
0
    def create(self, format='html'):
        c.scope = self.form_result.get('scope')
        require.delegation.create(c.scope)
        agents = filter(lambda f: f is not None, self.form_result.get('agent'))
        if not len(agents) or agents[0] == c.user:
            h.flash(_("Invalid delegation recipient"), 'error')
            return self.new()

        existing = model.Delegation.find_by_agent_principal_scope(agents[0],
                                                                  c.user,
                                                                  c.scope)
        if existing is not None:
            h.flash(_("You have already delegated voting to %s in %s") %
                    (agents[0].name, c.scope.label),
                    'notice')
            return self.new()

        delegation = model.Delegation.create(
            c.user, agents[0], c.scope,
            replay=self.form_result.get('replay') == 1)
        model.meta.Session.commit()

        event.emit(event.T_DELEGATION_CREATE, c.user,
                   instance=c.instance,
                   topics=[c.scope], scope=c.scope,
                   agent=agents[0], delegation=delegation)

        return ret_success(entity=delegation.scope, format=format)
Esempio n. 2
0
    def vote(self, id, format):
        c.poll = self._get_open_poll(id)
        if c.poll.action != model.Poll.ADOPT:
            abort(400, _("This is not an adoption poll."))
        require.poll.vote(c.poll)
        decision = democracy.Decision(c.user, c.poll)
        votes = decision.make(self.form_result.get("position"))
        model.meta.Session.commit()

        if not asbool(config.get('adhocracy.hide_individual_votes', 'false')):
            for vote in votes:
                event.emit(event.T_VOTE_CAST,
                           vote.user,
                           instance=c.instance,
                           topics=[c.poll.scope],
                           vote=vote,
                           poll=c.poll)

        if format == 'json':
            vdetail = votedetail.calc_votedetail_dict(c.instance, c.poll)\
                if votedetail.is_enabled() else None
            return render_json(
                dict(decision=decision,
                     score=c.poll.tally.score,
                     votedetail=vdetail))
        else:
            redirect(h.entity_url(c.poll.subject))
Esempio n. 3
0
    def update(self, id, format='html'):
        c.comment = get_entity_or_abort(model.Comment, id)
        require.comment.edit(c.comment)
        rev = c.comment.create_revision(
            self.form_result.get('text'),
            c.user,
            sentiment=self.form_result.get('sentiment'))
        model.meta.Session.commit()
        if can.user.vote():
            decision = democracy.Decision(c.user, c.comment.poll)
            if not decision.result == model.Vote.YES:
                decision.make(model.Vote.YES)
        model.meta.Session.commit()

        # do not modify watch state as comments are always watched

        event.emit(event.T_COMMENT_EDIT,
                   c.user,
                   instance=c.instance,
                   topics=[c.comment.topic],
                   comment=c.comment,
                   topic=c.comment.topic,
                   rev=rev)
        if len(request.params.get('ret_url', '')):
            redirect(request.params.get('ret_url') + "#c" + str(c.comment.id))
        if format != 'html':
            return ret_success(entity=c.comment, format=format)
        else:
            return ret_success(entity=c.comment, format='fwd')
Esempio n. 4
0
    def _create(self, user_name, email, domain, domain_user,
                email_verified=False, display_name=None,
                redirect_url=None):
        """
        Create a user based on data gathered from velruse.
        """

        model.meta.Session.begin(subtransactions=True)

        try:
            user = User.find_by_email(email)
            if user is None:
                user = model.User.create(user_name,
                                         email,
                                         locale=c.locale,
                                         display_name=display_name)

            if email_verified:
                user.set_email_verified()

            v = Velruse(unicode(domain), unicode(domain_user), user)
            model.meta.Session.add(v)

            model.meta.Session.commit()

            event.emit(event.T_USER_CREATE, user)
            return user, v

        except Exception as e:
            model.meta.Session.rollback()
            raise e
Esempio n. 5
0
    def update(self, id, format='html'):
        c.comment = get_entity_or_abort(model.Comment, id)
        require.comment.edit(c.comment)
        rev = c.comment.create_revision(
            self.form_result.get('text'),
            c.user,
            sentiment=self.form_result.get('sentiment'))
        model.meta.Session.commit()
        if can.user.vote():
            decision = democracy.Decision(c.user, c.comment.poll)
            if not decision.result == model.Vote.YES:
                decision.make(model.Vote.YES)
        model.meta.Session.commit()

        # do not modify watch state as comments are always watched

        event.emit(event.T_COMMENT_EDIT, c.user, instance=c.instance,
                   topics=[c.comment.topic], comment=c.comment,
                   topic=c.comment.topic, rev=rev)
        if c.came_from != u'':
            redirect(c.came_from + "#c" + str(c.comment.id))
        if format != 'html':
            return ret_success(entity=c.comment, format=format)
        else:
            return ret_success(entity=c.comment, format='fwd')
Esempio n. 6
0
 def delete(self, id, format="html"):
     c.page_instance = self._get_current_instance(id)
     require.instance.delete(c.page_instance)
     c.page_instance.delete()
     model.meta.Session.commit()
     event.emit(event.T_INSTANCE_DELETE, c.user, instance=c.instance, topics=[])
     return ret_success(format=format, message=_("The instance %s has been deleted.") % c.page_instance.label)
Esempio n. 7
0
    def create(self, format='html'):
        c.scope = self.form_result.get('scope')
        require.delegation.create(c.scope)
        agents = filter(lambda f: f is not None, self.form_result.get('agent'))
        if not len(agents) or agents[0] == c.user:
            h.flash(_("Invalid delegation recipient"), 'error')
            return self.new()

        existing = model.Delegation.find_by_agent_principal_scope(
            agents[0], c.user, c.scope)
        if existing is not None:
            h.flash(
                _("You have already delegated voting to %s in %s") %
                (agents[0].name, c.scope.label), 'notice')
            return self.new()

        delegation = model.Delegation.create(
            c.user,
            agents[0],
            c.scope,
            replay=self.form_result.get('replay') == 1)
        model.meta.Session.commit()

        event.emit(event.T_DELEGATION_CREATE,
                   c.user,
                   instance=c.instance,
                   topics=[c.scope],
                   scope=c.scope,
                   agent=agents[0],
                   delegation=delegation)

        return ret_success(entity=delegation.scope, format=format)
Esempio n. 8
0
    def create(self):
        require.user.create()
        if self.email_is_blacklisted(self.form_result['email']):
            return ret_abort(_("Sorry, but we don't accept registrations with "
                               "this email address."), category='error',
                             code=403)

        # SPAM protection recaptcha
        captacha_enabled = config.get('recaptcha.public_key', "")
        if captacha_enabled:
            recaptcha_response = h.recaptcha.submit()
            if not recaptcha_response.is_valid:
                c.recaptcha = h.recaptcha.displayhtml(
                    use_ssl=True,
                    error=recaptcha_response.error_code)
                redirect("/register")
        # SPAM protection hidden input
        input_css = self.form_result.get("input_css")
        input_js = self.form_result.get("input_js")
        if input_css or input_js:
            redirect("/")

        #create user
        user = model.User.create(self.form_result.get("user_name"),
                                 self.form_result.get("email").lower(),
                                 password=self.form_result.get("password"),
                                 locale=c.locale)
        model.meta.Session.commit()

        event.emit(event.T_USER_CREATE, user)
        libmail.send_activation_link(user)

        if c.instance:
            membership = user.instance_membership(c.instance)
            if membership is None:
                membership = model.Membership(user, c.instance,
                                              c.instance.default_group)
                model.meta.Session.expunge(membership)
                model.meta.Session.add(membership)
                model.meta.Session.commit()

        # authenticate the new registered member using the repoze.who
        # api. This is done here and not with an redirect to the login
        # to omit the generic welcome message
        who_api = get_api(request.environ)
        login = self.form_result.get("user_name").encode('utf-8')
        credentials = {
            'login': login,
            'password': self.form_result.get("password").encode('utf-8')}
        authenticated, headers = who_api.login(credentials)
        if authenticated:
            # redirect to dashboard with login message
            session['logged_in'] = True
            session.save()
            location = h.base_url('/user/%s/dashboard' % login)
            raise HTTPFound(location=location, headers=headers)
        else:
            raise Exception('We have added the user to the Database '
                            'but cannot authenticate him: '
                            '%s (%s)' % (credentials['login'], user))
Esempio n. 9
0
 def groupmod(self, id):
     c.page_user = get_entity_or_abort(model.User, id)
     require.user.supervise(c.page_user)
     to_group = self.form_result.get("to_group")
     if not to_group.code in model.Group.INSTANCE_GROUPS:
         h.flash(
             _("Cannot make %(user)s a member of %(group)s") % {
                 'user': c.page_user.name,
                 'group': to_group.group_name
             }, 'error')
         redirect(h.entity_url(c.page_user))
     had_vote = c.page_user._has_permission("vote.cast")
     for membership in c.page_user.memberships:
         if (not membership.is_expired()
                 and membership.instance == c.instance):
             membership.group = to_group
     model.meta.Session.commit()
     event.emit(event.T_INSTANCE_MEMBERSHIP_UPDATE,
                c.page_user,
                instance=c.instance,
                group=to_group,
                admin=c.user)
     if had_vote and not c.page_user._has_permission("vote.cast"):
         # user has lost voting privileges
         c.page_user.revoke_delegations(c.instance)
     model.meta.Session.commit()
     redirect(h.entity_url(c.page_user))
Esempio n. 10
0
    def update(self, id):
        c.page_user = get_entity_or_abort(model.User, id,
                                          instance_filter=False)
        require.user.edit(c.page_user)
        if self.form_result.get("password_change"):
            c.page_user.password = self.form_result.get("password_change")
        c.page_user.display_name = self.form_result.get("display_name")
        c.page_user.page_size = self.form_result.get("page_size")
        c.page_user.no_help = self.form_result.get("no_help")
        c.page_user.bio = self.form_result.get("bio")
        email = self.form_result.get("email").lower()
        email_changed = email != c.page_user.email
        c.page_user.email = email
        c.page_user.email_priority = self.form_result.get("email_priority")
        #if c.page_user.twitter:
        #    c.page_user.twitter.priority = \
        #        self.form_result.get("twitter_priority")
        #    model.meta.Session.add(c.page_user.twitter)
        locale = Locale(self.form_result.get("locale"))
        if locale and locale in i18n.LOCALES:
            c.page_user.locale = locale
        model.meta.Session.add(c.page_user)
        model.meta.Session.commit()
        if email_changed:
            libmail.send_activation_link(c.page_user)

        if c.page_user == c.user:
            event.emit(event.T_USER_EDIT, c.user)
        else:
            event.emit(event.T_USER_ADMIN_EDIT, c.page_user, admin=c.user)
        redirect(h.entity_url(c.page_user))
Esempio n. 11
0
    def leave(self, id, format='html'):
        c.page_instance = self._get_current_instance(id)
        if not c.page_instance in c.user.instances:
            return ret_abort(
                entity=c.page_instance, format=format,
                message=_("You're not a member of %(instance)s.") % {
                    'instance': c.page_instance.label})
        elif c.user == c.page_instance.creator:
            return ret_abort(
                entity=c.page_instance, format=format,
                message=_("You're the founder of %s, cannot leave.") % {
                    'instance': c.page_instance.label})
        require.instance.leave(c.page_instance)

        for membership in c.user.memberships:
            if membership.is_expired():
                continue
            if membership.instance == c.page_instance:
                membership.expire()
                model.meta.Session.add(membership)

                c.user.revoke_delegations(c.page_instance)

                event.emit(event.T_INSTANCE_LEAVE, c.user,
                           instance=c.page_instance)
        model.meta.Session.commit()
        return ret_success(entity=c.page_instance, format=format,
                           message=_("You've left %(instance)s.") % {
                               'instance': c.page_instance.label})
Esempio n. 12
0
    def leave(self, id, format='html'):
        c.page_instance = self._get_current_instance(id)
        if not c.page_instance in c.user.instances:
            return ret_abort(
                entity=c.page_instance, format=format,
                message=_("You're not a member of %(instance)s.") % {
                                    'instance': c.page_instance.label})
        elif c.user == c.page_instance.creator:
            return ret_abort(
                entity=c.page_instance, format=format,
                message=_("You're the founder of %s, cannot leave.") % {
                                    'instance': c.page_instance.label})
        require.instance.leave(c.page_instance)

        for membership in c.user.memberships:
            if membership.is_expired():
                continue
            if membership.instance == c.page_instance:
                membership.expire()
                model.meta.Session.add(membership)

                c.user.revoke_delegations(c.page_instance)

                event.emit(event.T_INSTANCE_LEAVE, c.user,
                           instance=c.page_instance)
        model.meta.Session.commit()
        return ret_success(entity=c.page_instance, format=format,
                           message=_("You've left %(instance)s.") % {
                                'instance': c.page_instance.label})
Esempio n. 13
0
 def delete(self, id, format):
     c.poll = self._get_open_poll(id)
     require.poll.delete(c.poll)
     c.poll.end()
     model.meta.Session.commit()
     event.emit(event.T_PROPOSAL_STATE_REDRAFT, c.user, instance=c.instance,
                topics=[c.poll.scope], proposal=c.poll.scope, poll=c.poll)
     return ret_success(message=_("The poll has ended."),
                        entity=c.poll.subject)
Esempio n. 14
0
File: poll.py Progetto: whausen/part
 def delete(self, id, format):
     c.poll = self._get_open_poll(id)
     require.poll.delete(c.poll)
     c.poll.end()
     model.meta.Session.commit()
     event.emit(event.T_PROPOSAL_STATE_REDRAFT, c.user, instance=c.instance,
                topics=[c.poll.scope], proposal=c.poll.scope, poll=c.poll)
     return ret_success(message=_("The poll has ended."),
                        entity=c.poll.subject)
Esempio n. 15
0
 def create(self, format='html'):
     require.instance.create()
     instance = model.Instance.create(
         self.form_result.get('key'), self.form_result.get('label'),
         c.user, description=self.form_result.get('description'),
         locale=c.locale)
     model.meta.Session.commit()
     event.emit(event.T_INSTANCE_CREATE, c.user, instance=instance)
     return ret_success(entity=instance, format=format)
Esempio n. 16
0
 def create(self, format='html'):
     require.instance.create()
     instance = model.Instance.create(
         self.form_result.get('key'), self.form_result.get('label'),
         c.user, description=self.form_result.get('description'),
         locale=c.locale)
     model.meta.Session.commit()
     event.emit(event.T_INSTANCE_CREATE, c.user, instance=instance)
     return ret_success(entity=instance, format=format)
Esempio n. 17
0
 def delete(self, id, format='html'):
     c.page_instance = self._get_current_instance(id)
     require.instance.delete(c.page_instance)
     c.page_instance.delete()
     model.meta.Session.commit()
     event.emit(event.T_INSTANCE_DELETE, c.user, instance=c.instance,
                topics=[])
     return ret_success(format=format,
                        message=_("The instance %s has been deleted.") %
                        c.page_instance.label)
Esempio n. 18
0
 def _create(self, user_name, email, identity):
     """
     Create a user based on data gathered from OpenID
     """
     user = model.User.create(user_name, email, locale=c.locale,
                              openid_identity=identity)
     # trust provided email:
     user.activation_code = None
     model.meta.Session.commit()
     event.emit(event.T_USER_CREATE, user)
     return user
Esempio n. 19
0
 def _create(self, user_name, email, identity):
     """
     Create a user based on data gathered from OpenID
     """
     user = model.User.create(user_name, email, locale=c.locale,
                              openid_identity=identity)
     # trust provided email:
     user.activation_code = None
     model.meta.Session.commit()
     event.emit(event.T_USER_CREATE, user)
     return user
Esempio n. 20
0
 def create(self, format='html'):
     instance = model.Instance.create(
         self.form_result.get('key'), self.form_result.get('label'),
         c.user, description=self.form_result.get('description'),
         locale=c.locale)
     model.meta.Session.commit()
     event.emit(event.T_INSTANCE_CREATE, c.user, instance=instance)
     return ret_success(
         message=_('Instance created successfully. You can now configure it'
                   ' as you like.'), category='success',
         entity=instance, member='settings', format=None)
Esempio n. 21
0
    def delete(self, id, format='html'):
        c.comment = get_entity_or_abort(model.Comment, id)
        require.comment.delete(c.comment)
        c.comment.delete()
        model.meta.Session.commit()

        event.emit(event.T_COMMENT_DELETE, c.user, instance=c.instance,
                   topics=[c.comment.topic], comment=c.comment,
                   topic=c.comment.topic)
        return ret_success(message=_("The comment has been deleted."),
                           entity=c.comment.topic,
                           format=format)
Esempio n. 22
0
 def create(self, format='html'):
     require.instance.create()
     instance = model.Instance.create(
         self.form_result.get('key'), self.form_result.get('label'),
         c.user, description=self.form_result.get('description'),
         locale=c.locale)
     model.meta.Session.commit()
     event.emit(event.T_INSTANCE_CREATE, c.user, instance=instance)
     return ret_success(
         message=_('Instance created successfully. You can now configure it'
                   ' as you like.'), category='success',
         entity=instance, member='settings', format=None)
Esempio n. 23
0
    def rate(self, id, format):
        # rating is like polling but steps via abstention, i.e. if you have
        # first voted "for", rating will first go to "abstain" and only
        # then produce "against"-
        c.poll = self._get_open_poll(id)
        if c.poll.action not in [model.Poll.RATE, model.Poll.SELECT]:
            abort(400, _("This is not a rating poll."))
        require.poll.vote(c.poll)

        decision = democracy.Decision(c.user, c.poll)
        old = decision.result
        new = self.form_result.get("position")
        positions = {
            (model.Vote.YES, model.Vote.YES): model.Vote.YES,
            (model.Vote.ABSTAIN, model.Vote.YES): model.Vote.YES,
            (model.Vote.NO, model.Vote.YES): model.Vote.ABSTAIN,
            (model.Vote.YES, model.Vote.NO): model.Vote.ABSTAIN,
            (model.Vote.ABSTAIN, model.Vote.NO): model.Vote.NO,
            (model.Vote.NO, model.Vote.NO): model.Vote.NO
        }
        position = positions.get((old, new), new)
        votes = decision.make(position)
        tally = model.Tally.create_from_poll(c.poll)
        event_type = {
            model.Poll.RATE: event.T_RATING_CAST,
            model.Poll.SELECT: event.T_SELECT_VARIANT
        }.get(c.poll.action)
        model.meta.Session.commit()

        if not asbool(config.get('adhocracy.hide_individual_votes', 'false')):
            for vote in votes:
                event.emit(event_type,
                           vote.user,
                           instance=c.instance,
                           topics=[c.poll.scope],
                           vote=vote,
                           poll=c.poll)

        if format == 'json':
            vdetail = votedetail.calc_votedetail_dict(c.instance, c.poll)\
                if votedetail.is_enabled() else None
            return render_json(
                dict(decision=decision,
                     tally=tally.to_dict(),
                     votedetail=vdetail))
        elif format == 'ajax':
            return self.widget(id, format=self.form_result.get('cls'))
        elif c.poll.action == model.Poll.SELECT:
            redirect(h.entity_url(c.poll.selection))
        else:
            redirect(h.entity_url(c.poll.subject))
Esempio n. 24
0
 def _create(self, user_name, email, identity):
     """
     Create a user based on data gathered from OpenID
     """
     user = model.User.create(user_name, email, locale=c.locale, openid_identity=identity)
     if email is not None:
         if is_trusted_provider(identity):
             # trust provided email:
             user.activation_code = None
         else:
             libmail.send_activation_link(user)
     model.meta.Session.commit()
     event.emit(event.T_USER_CREATE, user)
     return user
Esempio n. 25
0
 def delete(self, id):
     c.delegation = get_entity_or_abort(model.Delegation, id)
     require.delegation.delete(c.delegation)
     if not c.delegation.principal == c.user:
         return ret_abort(_("Cannot access delegation %(id)s") %
                          {'id': id}, code=403)
     c.delegation.revoke()
     model.meta.Session.commit()
     event.emit(event.T_DELEGATION_REVOKE, c.user,
                topics=[c.delegation.scope],
                scope=c.delegation.scope, instance=c.instance,
                agent=c.delegation.agent)
     return ret_success(message=_("The delegation is now revoked."),
                        entity=c.delegation.scope)
Esempio n. 26
0
    def join(self, id, format='html'):
        c.page_instance = self._get_current_instance(id)
        require.instance.join(c.page_instance)

        membership = model.Membership(c.user, c.page_instance,
                                      c.page_instance.default_group)
        model.meta.Session.expunge(membership)
        model.meta.Session.add(membership)
        model.meta.Session.commit()

        event.emit(event.T_INSTANCE_JOIN, c.user, instance=c.page_instance)

        return ret_success(entity=c.page_instance,
                           format=format,
                           message=_("Welcome to %(instance)s") %
                           {'instance': c.page_instance.label})
Esempio n. 27
0
    def join(self, id, format='html'):
        c.page_instance = self._get_current_instance(id)
        require.instance.join(c.page_instance)

        membership = model.Membership(c.user, c.page_instance,
                                      c.page_instance.default_group)
        model.meta.Session.expunge(membership)
        model.meta.Session.add(membership)
        model.meta.Session.commit()

        event.emit(event.T_INSTANCE_JOIN, c.user,
                   instance=c.page_instance)

        return ret_success(entity=c.page_instance, format=format,
                           message=_("Welcome to %(instance)s") % {
                            'instance': c.page_instance.label})
Esempio n. 28
0
 def delete(self, id):
     c.delegation = get_entity_or_abort(model.Delegation, id)
     require.delegation.delete(c.delegation)
     if not c.delegation.principal == c.user:
         return ret_abort(_("Cannot access delegation %(id)s") % {'id': id},
                          code=403)
     c.delegation.revoke()
     model.meta.Session.commit()
     event.emit(event.T_DELEGATION_REVOKE,
                c.user,
                topics=[c.delegation.scope],
                scope=c.delegation.scope,
                instance=c.instance,
                agent=c.delegation.agent)
     return ret_success(message=_("The delegation is now revoked."),
                        entity=c.delegation.scope)
Esempio n. 29
0
    def vote(self, id, format="html"):
        c.poll = self._get_open_poll(id)
        if c.poll.action != model.Poll.ADOPT:
            abort(400, _("This is not an adoption poll."))
        require.poll.vote(c.poll)
        decision = democracy.Decision(c.user, c.poll)
        votes = decision.make(self.form_result.get("position"))

        for vote in votes:
            event.emit(event.T_VOTE_CAST, vote.user, instance=c.instance, topics=[c.poll.scope], vote=vote, poll=c.poll)
        model.meta.Session.commit()

        if format == "json":
            return render_json(dict(decision=decision, score=tally.score))

        redirect(h.entity_url(c.poll.subject))
Esempio n. 30
0
 def groupmod(self, id):
     c.page_user = get_entity_or_abort(model.User, id)
     require.user.supervise(c.page_user)
     to_group = self.form_result.get("to_group")
     had_vote = c.page_user._has_permission("vote.cast")
     for membership in c.page_user.memberships:
         if (not membership.is_expired() and
             membership.instance == c.instance):
             membership.group = to_group
     model.meta.Session.commit()
     event.emit(event.T_INSTANCE_MEMBERSHIP_UPDATE, c.page_user,
                instance=c.instance, group=to_group, admin=c.user)
     if had_vote and not c.page_user._has_permission("vote.cast"):
         # user has lost voting privileges
         c.page_user.revoke_delegations(c.instance)
     model.meta.Session.commit()
     redirect(h.entity_url(c.page_user))
Esempio n. 31
0
File: user.py Progetto: whausen/part
    def update(self, id):
        c.page_user = get_entity_or_abort(model.User, id,
                                          instance_filter=False)
        require.user.edit(c.page_user)
        if self.form_result.get("password_change"):
            c.page_user.password = self.form_result.get("password_change")
        c.page_user.display_name = self.form_result.get("display_name")
        c.page_user.page_size = self.form_result.get("page_size")
        c.page_user.no_help = self.form_result.get("no_help")
        c.page_user.bio = self.form_result.get("bio")
        c.page_user.proposal_sort_order = self.form_result.get(
            "proposal_sort_order")
        if c.page_user.proposal_sort_order == "":
            c.page_user.proposal_sort_order = None
        get_gender = self.form_result.get("gender")
        if get_gender in ('f', 'm', 'u'):
            c.page_user.gender = get_gender
        email = self.form_result.get("email")
        old_email = c.page_user.email
        old_activated = c.page_user.is_email_activated()
        email_changed = email != old_email
        c.page_user.email = email
        c.page_user.email_priority = self.form_result.get("email_priority")
        #if c.page_user.twitter:
        #    c.page_user.twitter.priority = \
        #        self.form_result.get("twitter_priority")
        #    model.meta.Session.add(c.page_user.twitter)
        locale = Locale(self.form_result.get("locale"))
        if locale and locale in i18n.LOCALES:
            c.page_user.locale = locale
        model.meta.Session.add(c.page_user)
        model.meta.Session.commit()
        if email_changed:
            # Logging email address changes in order to ensure accountability
            log.info('User %s changed email address from %s%s to %s' % (
                c.page_user.user_name,
                old_email,
                ' (validated)' if old_activated else '',
                email))
            libmail.send_activation_link(c.page_user)

        if c.page_user == c.user:
            event.emit(event.T_USER_EDIT, c.user)
        else:
            event.emit(event.T_USER_ADMIN_EDIT, c.page_user, admin=c.user)
        redirect(h.entity_url(c.page_user))
Esempio n. 32
0
 def revert(self, id, format='html'):
     c.comment = get_entity_or_abort(model.Comment, id)
     require.comment.revert(c.comment)
     revision = self.form_result.get('to')
     if revision.comment != c.comment:
         return ret_abort(_("You're trying to revert to a revision which "
                            "is not partri of this comments history"),
                          code=400, format=format)
     rev = c.comment.create_revision(revision.text,
                                     c.user,
                                     sentiment=revision.sentiment)
     model.meta.Session.commit()
     event.emit(event.T_COMMENT_EDIT, c.user, instance=c.instance,
                topics=[c.comment.topic], comment=c.comment,
                topic=c.comment.topic, rev=rev)
     return ret_success(message=_("The comment has been reverted."),
                        entity=c.comment, format=format)
Esempio n. 33
0
 def _create(self, user_name, email, identity):
     """
     Create a user based on data gathered from OpenID
     """
     user = model.User.create(user_name,
                              email,
                              locale=c.locale,
                              openid_identity=identity)
     if email is not None:
         if is_trusted_provider(identity):
             # trust provided email:
             user.activation_code = None
         else:
             libmail.send_activation_link(user)
     model.meta.Session.commit()
     event.emit(event.T_USER_CREATE, user)
     return user
Esempio n. 34
0
    def vote(self, id, format):
        c.poll = self._get_open_poll(id)
        if c.poll.action != model.Poll.ADOPT:
            abort(400, _("This is not an adoption poll."))
        require.poll.vote(c.poll)
        decision = democracy.Decision(c.user, c.poll)
        votes = decision.make(self.form_result.get("position"))

        for vote in votes:
            event.emit(event.T_VOTE_CAST, vote.user, instance=c.instance,
                       topics=[c.poll.scope], vote=vote, poll=c.poll)
        model.meta.Session.commit()

        if format == 'json':
            return render_json(dict(decision=decision,
                                    score=c.poll.tally.score))

        redirect(h.entity_url(c.poll.subject))
Esempio n. 35
0
    def rate(self, id, format):
        # rating is like polling but steps via abstention, i.e. if you have
        # first voted "for", rating will first go to "abstain" and only
        # then produce "against"-
        c.poll = self._get_open_poll(id)
        if c.poll.action not in [model.Poll.RATE, model.Poll.SELECT]:
            abort(400, _("This is not a rating poll."))
        require.poll.vote(c.poll)

        decision = democracy.Decision(c.user, c.poll)
        old = decision.result
        new = self.form_result.get("position")
        positions = {(model.Vote.YES, model.Vote.YES): model.Vote.YES,
                     (model.Vote.ABSTAIN, model.Vote.YES): model.Vote.YES,
                     (model.Vote.NO, model.Vote.YES): model.Vote.ABSTAIN,
                     (model.Vote.YES, model.Vote.NO): model.Vote.ABSTAIN,
                     (model.Vote.ABSTAIN, model.Vote.NO): model.Vote.NO,
                     (model.Vote.NO, model.Vote.NO): model.Vote.NO}
        position = positions.get((old, new), new)
        votes = decision.make(position)
        tally = model.Tally.create_from_poll(c.poll)
        event_type = {model.Poll.RATE: event.T_RATING_CAST,
                      model.Poll.SELECT: event.T_SELECT_VARIANT
                      }.get(c.poll.action)
        model.meta.Session.commit()

        if not config.get_bool('adhocracy.hide_individual_votes'):
            for vote in votes:
                event.emit(event_type, vote.user, instance=c.instance,
                           topics=[c.poll.scope], vote=vote, poll=c.poll)

        if format == 'json':
            vdetail = votedetail.calc_votedetail_dict(c.instance, c.poll)\
                if votedetail.is_enabled() else None
            return render_json(dict(decision=decision,
                                    tally=tally.to_dict(),
                                    votedetail=vdetail))
        elif format == 'ajax':
            return self.widget(id, format=self.form_result.get('cls'))
        elif c.poll.action == model.Poll.SELECT:
            redirect(h.entity_url(c.poll.selection))
        else:
            redirect(h.entity_url(c.poll.subject))
Esempio n. 36
0
    def create(self):
        require.user.create()
        # SPAM protection recaptcha
        captacha_enabled = config.get('recaptcha.public_key', "")
        if captacha_enabled:
            recaptcha_response = h.recaptcha.submit()
            if not recaptcha_response.is_valid:
                c.recaptcha = h.recaptcha.displayhtml(
                    error=recaptcha_response.error_code)
                redirect("/register")
        # SPAM protection hidden input
        input_css = self.form_result.get("input_css")
        input_js = self.form_result.get("input_js")
        if input_css or input_js:
            redirect("/")

        #create user
        user = model.User.create(self.form_result.get("user_name"),
                                 self.form_result.get("email").lower(),
                                 password=self.form_result.get("password"),
                                 locale=c.locale)
        model.meta.Session.commit()

        event.emit(event.T_USER_CREATE, user)
        libmail.send_activation_link(user)

        if c.instance:
            membership = model.Membership(user, c.instance,
                                          c.instance.default_group)
            model.meta.Session.expunge(membership)
            model.meta.Session.add(membership)
            model.meta.Session.commit()

        # info message
        h.flash(
            _("You have successfully registered as user %s.") % user.name,
            'success')
        redirect("/perform_login?%s" % urllib.urlencode(
            {
                'login': self.form_result.get("user_name").encode('utf-8'),
                'password': self.form_result.get("password").encode('utf-8')
            }))
Esempio n. 37
0
    def create(self):
        require.user.create()
        # SPAM protection recaptcha
        captacha_enabled = config.get('recaptcha.public_key', "")
        if captacha_enabled:
            recaptcha_response = h.recaptcha.submit()
            if not recaptcha_response.is_valid:
                c.recaptcha = h.recaptcha.displayhtml(error=recaptcha_response.error_code) 
                redirect("/register")
        # SPAM protection hidden input
        input_css = self.form_result.get("input_css")
        input_js = self.form_result.get("input_js")
        if input_css or input_js:
            redirect("/")

        #create user
        user = model.User.create(self.form_result.get("user_name"),
                                 self.form_result.get("email").lower(),
                                 password=self.form_result.get("password"),
                                 locale=c.locale)
        model.meta.Session.commit()

        event.emit(event.T_USER_CREATE, user)
        libmail.send_activation_link(user)

        if c.instance:
            membership = model.Membership(user, c.instance,
                                          c.instance.default_group)
            model.meta.Session.expunge(membership)
            model.meta.Session.add(membership)
            model.meta.Session.commit()

        # info message
        h.flash(_("You have successfully registered as user %s.") % user.name,
                'success')
        redirect("/perform_login?%s" % urllib.urlencode({
                 'login': self.form_result.get("user_name").encode('utf-8'),
                 'password': self.form_result.get("password").encode('utf-8')
                }))
Esempio n. 38
0
    def vote(self, id, format):
        c.poll = self._get_open_poll(id)
        if c.poll.action != model.Poll.ADOPT:
            abort(400, _("This is not an adoption poll."))
        require.poll.vote(c.poll)
        decision = democracy.Decision(c.user, c.poll)
        votes = decision.make(self.form_result.get("position"))
        model.meta.Session.commit()

        if not config.get_bool('adhocracy.hide_individual_votes'):
            for vote in votes:
                event.emit(event.T_VOTE_CAST, vote.user, instance=c.instance,
                           topics=[c.poll.scope], vote=vote, poll=c.poll)

        if format == 'json':
            vdetail = votedetail.calc_votedetail_dict(c.instance, c.poll)\
                if votedetail.is_enabled() else None
            return render_json(dict(decision=decision,
                                    score=c.poll.tally.score,
                                    votedetail=vdetail))
        else:
            redirect(h.entity_url(c.poll.subject))
Esempio n. 39
0
def _send(message,
          force_resend=False,
          massmessage=True,
          email_subject_format=None,
          email_body_template=None):
    from adhocracy.model import Notification
    from adhocracy.lib import mail, event

    if massmessage:
        event_type = event.T_MASSMESSAGE_SEND
    else:
        event_type = event.T_MESSAGE_SEND

    e = event.emit(event_type,
                   message.creator,
                   instance=message.instance,
                   message=message,
                   sender=message.creator)
    notification = Notification(e, message.creator)
    meta.Session.add(notification)

    for r in message.recipients:
        if force_resend or not r.email_sent:
            if (r.recipient.is_email_activated()
                    and r.recipient.email_messages):

                body = render_body(message.body, r.recipient)

                mail.to_user(r.recipient,
                             email_subject(message, r.recipient,
                                           email_subject_format),
                             email_body(message,
                                        r.recipient,
                                        body,
                                        email_body_template,
                                        massmessage=massmessage),
                             headers={},
                             decorate_body=False,
                             email_from=message.email_from,
                             name_from=message.name_from)

            # creator already got a notification
            if r.recipient != message.creator:
                notification = Notification(e,
                                            r.recipient,
                                            type=event.N_MESSAGE_RECEIVE)
                meta.Session.add(notification)

            r.email_sent = True

    meta.Session.commit()
Esempio n. 40
0
 def update(self, id, format='html'):
     c.comment = get_entity_or_abort(model.Comment, id)
     require.comment.edit(c.comment)
     rev = c.comment.create_revision(
         self.form_result.get('text'),
         c.user,
         sentiment=self.form_result.get('sentiment'))
     model.meta.Session.commit()
     if can.user.vote():
         decision = democracy.Decision(c.user, c.comment.poll)
         if not decision.result == model.Vote.YES:
             decision.make(model.Vote.YES)
     model.meta.Session.commit()
     watchlist.check_watch(c.comment)
     #watch = model.Watch.create(c.user, c.comment)
     event.emit(event.T_COMMENT_EDIT, c.user, instance=c.instance,
                topics=[c.comment.topic], comment=c.comment,
                topic=c.comment.topic, rev=rev)
     if len(request.params.get('ret_url', '')):
         redirect(request.params.get('ret_url') + "#c" + str(c.comment.id))
     if format != 'html':
         return ret_success(entity=c.comment, format=format)
     return ret_success(entity=c.comment, format='fwd')
Esempio n. 41
0
 def groupmod(self, id):
     c.page_user = get_entity_or_abort(model.User, id)
     require.user.supervise(c.page_user)
     to_group = self.form_result.get("to_group")
     if not to_group.code in model.Group.INSTANCE_GROUPS:
         h.flash(_("Cannot make %(user)s a member of %(group)s") % {
                     'user': c.page_user.name,
                     'group': to_group.group_name},
                 'error')
         redirect(h.entity_url(c.page_user))
     had_vote = c.page_user._has_permission("vote.cast")
     for membership in c.page_user.memberships:
         if (not membership.is_expired() and
             membership.instance == c.instance):
             membership.group = to_group
     model.meta.Session.commit()
     event.emit(event.T_INSTANCE_MEMBERSHIP_UPDATE, c.page_user,
                instance=c.instance, group=to_group, admin=c.user)
     if had_vote and not c.page_user._has_permission("vote.cast"):
         # user has lost voting privileges
         c.page_user.revoke_delegations(c.instance)
     model.meta.Session.commit()
     redirect(h.entity_url(c.page_user))
Esempio n. 42
0
    def rate(self, id, format="html"):
        # rating is like polling but steps via abstention, i.e. if you have
        # first voted "for", rating will first go to "abstain" and only
        # then produce "against"-
        c.poll = self._get_open_poll(id)
        if c.poll.action not in [model.Poll.RATE, model.Poll.SELECT]:
            abort(400, _("This is not a rating poll."))
        require.poll.vote(c.poll)

        decision = democracy.Decision(c.user, c.poll)
        old = decision.result
        new = self.form_result.get("position")
        positions = {
            (model.Vote.YES, model.Vote.YES): model.Vote.YES,
            (model.Vote.ABSTAIN, model.Vote.YES): model.Vote.YES,
            (model.Vote.NO, model.Vote.YES): model.Vote.ABSTAIN,
            (model.Vote.YES, model.Vote.NO): model.Vote.ABSTAIN,
            (model.Vote.ABSTAIN, model.Vote.NO): model.Vote.NO,
            (model.Vote.NO, model.Vote.NO): model.Vote.NO,
        }
        position = positions.get((old, new), new)
        votes = decision.make(position)
        tally = model.Tally.create_from_poll(c.poll)
        event_type = {model.Poll.RATE: event.T_RATING_CAST, model.Poll.SELECT: event.T_SELECT_VARIANT}.get(
            c.poll.action
        )
        for vote in votes:
            event.emit(event_type, vote.user, instance=c.instance, topics=[c.poll.scope], vote=vote, poll=c.poll)
        model.meta.Session.commit()

        if format == "json":
            return render_json(dict(decision=decision, tally=tally.to_dict()))

        if c.poll.action == model.Poll.SELECT:
            redirect(h.entity_url(c.poll.selection))

        redirect(h.entity_url(c.poll.subject))
Esempio n. 43
0
    def _settings_result(self, updated, instance, setting_name, message=None):
        '''
        Sets a redirect code and location header, stores a flash
        message and returns the message. If *message* is not None, a
        message is chosen depending on the boolean value of
        *updated*. The redirect *location* URL is chosen based on the
        instance and *setting_name*.

        This method will *not raise an redirect exception* but set the
        headers and return the message string.

        *updated* (bool)
           Indicate that a value was updated. Used to choose a generic
           message if *message* is not given explicitly.
        *instance* (:class:`adhocracy.model.Instance`)
           The instance to generate the redirct URL for.
        *setting_name* (str)
           The setting name for which the URL will be build.
        *message* (unicode)
           An explicit message to use instead of the generic message.

        Returns
           The message generated or given.
        '''
        if updated:
            event.emit(event.T_INSTANCE_EDIT, c.user, instance=c.page_instance)
            message = message if message else unicode(INSTANCE_UPDATED_MSG)
            category = 'success'
        else:
            message = message if message else unicode(NO_UPDATE_REQUIRED)
            category = 'notice'
        h.flash(message, category=category)
        response.status_int = 303
        url = settings_menu(instance, setting_name).url_for(setting_name)
        response.headers['location'] = url
        return unicode(message)
Esempio n. 44
0
    def _create(self,
                user_name,
                email,
                domain,
                domain_user,
                email_verified=False,
                display_name=None,
                redirect_url=None):
        """
        Create a user based on data gathered from velruse.
        """

        model.meta.Session.begin(subtransactions=True)

        try:
            user = User.find_by_email(email)
            if user is None:
                user = model.User.create(user_name,
                                         email,
                                         locale=c.locale,
                                         display_name=display_name)

            if email_verified:
                user.set_email_verified()

            v = Velruse(unicode(domain), unicode(domain_user), user)
            model.meta.Session.add(v)

            model.meta.Session.commit()

            event.emit(event.T_USER_CREATE, user)
            return user, v

        except Exception as e:
            model.meta.Session.rollback()
            raise e
Esempio n. 45
0
    def settings_result(self, updated, instance, setting_name, message=None):
        '''
        Sets a redirect code and location header, stores a flash
        message and returns the message. If *message* is not None, a
        message is choosen depending on the boolean value of
        *updated*. The redirect *location* URL is choosen based on the
        instance and *setting_name*.

        This method will *not raise an redirect exception* but set the
        headers and return the message string.

        *updated* (bool)
           Indicate that a value was updated. Used to choose a generic
           message if *message* is not given explicitly.
        *instance* (:class:`adhocracy.model.Instance`)
           The instance to generate the redirct URL for.
        *setting_name* (str)
           The setting name for which the URL will be build.
        *message* (unicode)
           An explicit message to use instead of the generic message.

        Returns
           The message generated or given.
        '''
        if updated:
            event.emit(event.T_INSTANCE_EDIT, c.user, instance=c.page_instance)
            message = message if message else INSTANCE_UPDATED_MSG
            category = 'success'
        else:
            message = message if message else NO_UPDATE_REQUIRED
            category = 'notice'
        h.flash(message, category=category)
        response.status_int = 303
        url = self.settings_menu(instance, setting_name).url_for(setting_name)
        response.headers['location'] = url
        return unicode(message)
Esempio n. 46
0
def _send(message, force_resend=False, massmessage=True,
          email_subject_format=None, email_body_template=None):
    from adhocracy.model import Notification
    from adhocracy.lib import mail, event

    if massmessage:
        event_type = event.T_MASSMESSAGE_SEND
    else:
        event_type = event.T_MESSAGE_SEND

    e = event.emit(event_type, message.creator, instance=message.instance,
                   message=message,
                   sender=message.creator)
    notification = Notification(e, message.creator)
    meta.Session.add(notification)

    for r in message.recipients:
        if force_resend or not r.email_sent:
            if (r.recipient.is_email_activated() and
                    r.recipient.email_messages):

                body = render_body(message.body, r.recipient)

                mail.to_user(r.recipient,
                             email_subject(message, r.recipient,
                                           email_subject_format),
                             email_body(message, r.recipient, body,
                                        email_body_template,
                                        massmessage=massmessage),
                             headers={},
                             decorate_body=False,
                             email_from=message.email_from,
                             name_from=message.name_from)

            # creator already got a notification
            if r.recipient != message.creator:
                notification = Notification(e, r.recipient,
                                            type=event.N_MESSAGE_RECEIVE)
                meta.Session.add(notification)

            r.email_sent = True

    meta.Session.commit()
Esempio n. 47
0
class InstanceController(BaseController):
    def index(self, format='html'):
        require.instance.index()
        h.add_meta(
            "description",
            _("An index of instances run at this site. "
              "Select which ones you would like to join "
              "and participate!"))
        instances = model.Instance.all()

        if format == 'json':
            return render_json(instances)

        c.instances_pager = pager.instances(instances)
        return render("/instance/index.html")

    def new(self):
        require.instance.create()
        return render("/instance/new.html")

    @csrf.RequireInternalRequest(methods=['POST'])
    @validate(schema=InstanceCreateForm(), form="new", post_only=True)
    def create(self, format='html'):
        require.instance.create()
        instance = model.Instance.create(
            self.form_result.get('key'),
            self.form_result.get('label'),
            c.user,
            description=self.form_result.get('description'),
            locale=c.locale)
        model.meta.Session.commit()
        event.emit(event.T_INSTANCE_CREATE, c.user, instance=instance)
        return ret_success(entity=instance, format=format)

    #@RequireInstance
    def show(self, id, format='html'):
        c.page_instance = get_entity_or_abort(model.Instance, id)
        require.instance.show(c.page_instance)

        if format == 'json':
            return render_json(c.page_instance)

        if format == 'rss':
            return self.activity(id, format)

        if c.page_instance != c.instance:
            redirect(h.entity_url(c.page_instance))

        c.tile = tiles.instance.InstanceTile(c.page_instance)
        proposals = model.Proposal.all(instance=c.page_instance)
        c.new_proposals_pager = pager.proposals(
            proposals,
            size=7,
            enable_sorts=False,
            enable_pages=False,
            default_sort=sorting.entity_newest)
        #pages = model.Page.all(instance=c.page_instance,
        #        functions=[model.Page.NORM])
        #c.top_pages_pager = pager.pages(
        #    pages, size=7, enable_sorts=False,
        #    enable_pages=False, default_sort=sorting.norm_selections)
        #tags = model.Tag.popular_tags(limit=40)
        #c.tags = sorted(text.tag_cloud_normalize(tags),
        #                key=lambda (k, c, v): k.name)
        if c.page_instance.milestones:
            c.milestones = model.Milestone.all(instance=c.page_instance)
        c.stats = {
            'comments': model.Comment.all_q().count(),
            'proposals':
            model.Proposal.all_q(instance=c.page_instance).count(),
            'members': model.Membership.all_q().count()
        }
        return render("/instance/show.html")

    @RequireInstance
    def activity(self, id, format='html'):
        c.page_instance = get_entity_or_abort(model.Instance, id)
        require.instance.show(c.page_instance)

        if format == 'sline':
            sline = event.sparkline_samples(instance_activity, c.page_instance)
            return render_json(dict(activity=sline))

        events = model.Event.find_by_instance(c.page_instance)

        if format == 'rss':
            return event.rss_feed(events, _('%s News' % c.page_instance.label),
                                  h.base_url(c.page_instance),
                                  _("News from %s") % c.page_instance.label)

        c.tile = tiles.instance.InstanceTile(c.page_instance)
        c.events_pager = pager.events(events)
        return render("/instance/activity.html")

    @RequireInstance
    def edit(self, id):
        c.page_instance = self._get_current_instance(id)
        require.instance.edit(c.page_instance)

        c._Group = model.Group
        c.locales = i18n.LOCALES
        default_group = c.page_instance.default_group.code if \
                        c.page_instance.default_group else \
                        model.Group.INSTANCE_DEFAULT
        return htmlfill.render(render("/instance/edit.html"),
                               defaults={
                                   '_method': 'PUT',
                                   'label': c.page_instance.label,
                                   'description': c.page_instance.description,
                                   'css': c.page_instance.css,
                                   'required_majority':
                                   c.page_instance.required_majority,
                                   'activation_delay':
                                   c.page_instance.activation_delay,
                                   'allow_adopt': c.page_instance.allow_adopt,
                                   'allow_delegate':
                                   c.page_instance.allow_delegate,
                                   'allow_propose':
                                   c.page_instance.allow_propose,
                                   'allow_index': c.page_instance.allow_index,
                                   'hidden': c.page_instance.hidden,
                                   'milestones': c.page_instance.milestones,
                                   'frozen': c.page_instance.frozen,
                                   'locale': c.page_instance.locale,
                                   'use_norms': c.page_instance.use_norms,
                                   '_tok': csrf.token_id(),
                                   'default_group': default_group
                               })

    @RequireInstance
    @csrf.RequireInternalRequest(methods=['POST'])
    @validate(schema=InstanceEditForm(), form="edit", post_only=True)
    def update(self, id, format='html'):
        c.page_instance = self._get_current_instance(id)
        require.instance.edit(c.page_instance)
        c.page_instance.description = self.form_result.get('description')
        c.page_instance.label = self.form_result.get('label')
        c.page_instance.required_majority = self.form_result.get(
            'required_majority')
        c.page_instance.activation_delay = self.form_result.get(
            'activation_delay')
        c.page_instance.allow_adopt = self.form_result.get('allow_adopt')
        c.page_instance.allow_delegate = self.form_result.get('allow_delegate')
        c.page_instance.allow_propose = self.form_result.get('allow_propose')
        c.page_instance.allow_index = self.form_result.get('allow_index')
        c.page_instance.hidden = self.form_result.get('hidden')
        c.page_instance.frozen = self.form_result.get('frozen')
        c.page_instance.milestones = self.form_result.get('milestones')
        c.page_instance.css = self.form_result.get('css')
        c.page_instance.use_norms = self.form_result.get('use_norms')

        locale = Locale(self.form_result.get("locale"))
        if locale and locale in i18n.LOCALES:
            c.page_instance.locale = locale

        if (self.form_result.get('default_group').code
                in model.Group.INSTANCE_GROUPS):
            c.page_instance.default_group = self.form_result.get(
                'default_group')

        try:
            if ('logo' in request.POST
                    and hasattr(request.POST.get('logo'), 'file')
                    and request.POST.get('logo').file):
                logo.store(c.page_instance, request.POST.get('logo').file)
        except Exception, e:
            h.flash(unicode(e), 'error')
            log.debug(e)
        model.meta.Session.commit()
        event.emit(event.T_INSTANCE_EDIT, c.user, instance=c.page_instance)
        return ret_success(entity=c.page_instance, format=format)
Esempio n. 48
0
class CommentController(BaseController):

    @RequireInstance
    def index(self, format='html'):
        require.comment.index()
        comments = model.Comment.all()
        c.comments_pager = NamedPager(
            'comments', comments, tiles.comment.row, count=10,
            sorts={_("oldest"): sorting.entity_oldest,
                   _("newest"): sorting.entity_newest},
            default_sort=sorting.entity_newest)
        if format == 'json':
            return render_json(c.comments_pager)

        return self.not_implemented(format=format)

    @RequireInstance
    @validate(schema=CommentNewForm(), form="bad_request",
              post_only=False, on_get=True)
    def new(self, errors=None):
        c.topic = self.form_result.get('topic')
        c.reply = self.form_result.get('reply')
        c.wiki = self.form_result.get('wiki')
        c.variant = self.form_result.get('variant')
        defaults = dict(request.params)
        if c.reply:
            require.comment.reply(c.reply)
        else:
            require.comment.create_on(c.topic)
        return htmlfill.render(render('/comment/new.html'), defaults=defaults,
                               errors=errors, force_defaults=False)

    @RequireInstance
    @csrf.RequireInternalRequest(methods=['POST'])
    def create(self, format='html'):
        require.comment.create()
        try:
            self.form_result = CommentCreateForm().to_python(request.params)
        except Invalid, i:
            return self.new(errors=i.unpack_errors())

        topic = self.form_result.get('topic')
        reply = self.form_result.get('reply')

        if reply:
            require.comment.reply(reply)
        else:
            require.comment.create_on(topic)

        variant = self.form_result.get('variant')
        if hasattr(topic, 'variants') and not variant in topic.variants:
            return ret_abort(_("Comment topic has no variant %s") % variant,
                             code=400)

        comment = model.Comment.create(
            self.form_result.get('text'),
            c.user, topic,
            reply=reply,
            wiki=self.form_result.get('wiki'),
            variant=variant,
            sentiment=self.form_result.get('sentiment'),
            with_vote=can.user.vote())

        # watch comments by default!
        model.Watch.create(c.user, comment)
        model.meta.Session.commit()
        #watchlist.check_watch(comment)
        event.emit(event.T_COMMENT_CREATE, c.user, instance=c.instance,
                   topics=[topic], comment=comment, topic=topic,
                   rev=comment.latest)
        if len(request.params.get('ret_url', '')):
            redirect(request.params.get('ret_url') + "#c" + str(comment.id))
        if format != 'html':
            return ret_success(entity=comment, format=format)
        return ret_success(entity=comment, format='fwd')