def media_edit_save(blog_id, media_id):
'''
Save changes to a media entry.
'''
user = auth.is_logged_in(request)
blog = Blog.load(blog_id)
is_member = auth.is_blog_member(user, blog)
media = Media.load(media_id)
permission = auth.is_media_owner(user, media)
friendly_name = request.forms.getunicode('media_friendly_name')
changes = False
if friendly_name != media.friendly_name:
changes = True
media.friendly_name = friendly_name
import datetime
if changes is True:
media.modified_date = datetime.datetime.utcnow()
media.save()
status = utils.Status(
type='success',
message='Changes to media <b>{}</b> saved successfully.'.format(
media.for_display))
else:
status = utils.Status(
type='warning',
no_sure=True,
message='No discernible changes submitted for media <b>{}</b>.'.
format(media.id, media.for_display))
logger.info("Media {} edited by user {}.".format(media.for_log,
user.for_log))
from core.ui import kv
kv_ui_data = kv.ui(media.kv_list())
tags = template_tags(blog=blog, media=media, status=status, user=user)
tags.sidebar = sidebar.render_sidebar(panel_set='edit_media',
status_badge=status_badge,
kv_object='Media',
kv_objectid=media.id,
kv_ui=kv_ui_data)
return media_edit_output(tags)
def page_edit(page_id):
'''
UI for editing a page in a blog
'''
user = auth.is_logged_in(request)
page = Page.load(page_id)
permission = auth.is_page_editor(user, page)
status = None
referer = request.headers.get('Referer')
if (referer is None or page.modified_date is None
or re.match(re.escape(BASE_URL + "/blog/" + str(page.blog.id)),
referer) is None):
referer = BASE_URL + "/blog/" + str(page.blog.id)
if page.modified_date is None:
status = utils.Status(type='info',
message="Page <b>{}</b> created.".format(
page.for_log))
page.modified_date = datetime.datetime.utcnow()
page.save(user)
tags = template_tags(page=page, user=user, status=status)
from core.ui import kv
kv_ui_data = kv.ui(page.kv_list())
tpl = template(
'edit/page',
menu=generate_menu('edit_page', page),
parent_path=referer,
# search_context=(search_context['blog'], page.blog),
html_editor_settings=html_editor_settings(page.blog),
sidebar=sidebar.render_sidebar(panel_set='edit_page',
status_badge=status_badge,
save_action_list=save_action_list,
save_action=save_action,
kv_ui=kv_ui_data,
kv_object='Page',
kv_objectid=page.id,
**tags.__dict__),
msg_float=False,
**tags.__dict__)
logger.info("Page {} opened for editing by {}.".format(
page.for_log, user.for_log))
return tpl
def page_revision_restore(page_id, revision_id):
user = auth.is_logged_in(request)
page = Page.load(page_id)
permission = auth.is_page_editor(user, page)
page_revision = PageRevision.select().where(
PageRevision.id == revision_id).get()
status = utils.Status(
type='success',
message='Page <b>{}</b> has been restored from backup dated {}.'.
format(page.for_log, page_revision.modified_date))
tags = template_tags(page=page, user=user, status=status)
page_revision.id = page.id
tags.page = page_revision
referer = BASE_URL + "/blog/" + str(page.blog.id)
# from core.cms import save_action_list
# from core.ui_kv import kv_ui
from core.ui import kv
kv_ui_data = kv.ui(page.kv_list())
# TODO: save action from this doesn't trigger queue run
tpl = template('edit/page',
status_badge=status_badge,
save_action=save_action,
menu=generate_menu('edit_page', page),
search_context=(search_contexts['blog'], page.blog),
html_editor_settings=html_editor_settings(page.blog),
sidebar=sidebar.render_sidebar(
panel_set='edit_page',
status_badge=status_badge,
save_action=save_action,
save_action_list=save_action_list,
kv_ui=kv_ui_data,
kv_object='Page',
kv_objectid=page.id,
**tags.__dict__),
**tags.__dict__)
return tpl
def login_verify():
'''
Verifies user login, provides session cookie if successful
'''
_forms = request.forms
email = _forms.get('email')
password = _forms.get('password')
if login_verify_core(email, password) is True:
if request.query.action:
utils.safe_redirect(request.query.action)
else:
redirect(BASE_URL)
else:
tags = template_tags()
tags.status = utils.Status(type='danger',
no_sure=True,
message="Email or password not found.")
return template('ui/ui_login', **tags.__dict__)
def system_new_user():
from core.models import db
user = auth.is_logged_in(request)
permission = auth.is_sys_admin(user)
nav_tabs = None
status = None
from core.models import User
if request.method == 'POST':
new_name = request.forms.getunicode('user_name')
new_email = request.forms.getunicode('user_email')
new_password = request.forms.getunicode('user_password')
new_password_confirm = request.forms.getunicode(
'user_password_confirm')
from core.error import UserCreationError
from core.libs import peewee
# TODO: make this into a confirmation function a la what we did with blog settings
new_user = User(name=new_name,
email=new_email,
password=new_password,
password_confirm=new_password_confirm)
try:
new_user.save_pwd()
except UserCreationError as e:
status = utils.Status(
type='danger',
no_sure=True,
message='There were problems creating the new user:'******'danger',
no_sure=True,
message='There were problems creating the new user:'******'The new user\'s email or username is the same as another user\'s. Emails and usernames must be unique.'
])
except Exception as e:
raise e
else:
db.commit()
from settings import BASE_URL
return redirect(BASE_URL + '/system/user/{}'.format(new_user.id))
else:
new_user = User(name='', email='', password='')
tags = template_tags(user=user)
tags.status = status
tpl = template('edit/user_settings',
edit_user=new_user,
menu=generate_menu('system_create_user', new_user),
search_context=(search_contexts['sites'], None),
nav_tabs=nav_tabs,
nav_default='basic',
**tags.__dict__)
return tpl
def user_edit(user_id, path, context, permission):
# Obtains user edit in system context.
user = auth.is_logged_in(request)
permission = permission(user)
user_to_edit = User.find(user_id=user_id) if user_id is not None else user
status = None
from core.error import PermissionsException
if request.method == 'POST':
if request.forms.getunicode('submit_settings') is not None:
from core.libs import peewee
user_to_edit.name = request.forms.getunicode('user_name')
user_to_edit.email = request.forms.getunicode('user_email')
try:
user_to_edit.save()
except peewee.IntegrityError:
status = utils.Status(
type='danger',
no_sure=True,
message=
'Error: user <b>{}</b> cannot be changed to the same name or email as another user.'
.format(user_to_edit.for_display))
else:
status = utils.Status(
type='success',
message='Data for user <b>{}</b> successfully updated.'.
format(user_to_edit.for_display))
# TODO: all actions could be consolidated w/o multiple status lines
if request.forms.getunicode('delete_permissions') is not None:
deletes = request.forms.getall('del')
try:
user.remove_permissions(deletes)
except PermissionsException as e:
raise e
status = utils.Status(
type='success',
message='Data for user <b>{}</b> successfully updated.'.format(
user_to_edit.for_display))
if request.forms.getunicode('submit_permissions') is not None:
permission_to_add = int(
request.forms.getunicode('permission_list'))
permission_target = request.forms.getunicode(
'permission_target_list')
target_site = None
target_blog = None
if permission_to_add != auth.role.SYS_ADMIN:
permission_target_item = permission_target[:5]
if permission_target_item == 'site-':
target_site = Site.load(permission_target[5:])
else:
target_blog = Blog.load(permission_target[5:])
user_to_edit.add_permission(permission=permission_to_add,
site=target_site,
blog=target_blog)
'''
what we should do:
- get any existing permission
- update it with the proper bitmask
then, when listing permissions,
go through and compare each bitmask against it
the bitmask needs to be all in one entry per site/blog/user object
it *might* work as we have it now but we'll need to test
we might need to order by level to make sure it works
'''
else:
if user_to_edit.last_login is None:
status = utils.Status(
type='success',
message='User <b>{}</b> successfully created.'.format(
user_to_edit.for_display),
)
import datetime
user_to_edit.last_login = datetime.datetime.utcnow()
user_to_edit.save()
tags = template_tags(user=User.find(user_id=user.id))
tags.status = status
try:
tags.permissions = auth.get_permissions(user_to_edit)
except PermissionsException:
tags.permissions = []
tags.editor_permissions = auth.get_permissions(user)
return edit_user(user_to_edit,
editing_user=user,
context=context(user_to_edit, path),
tags=tags)
def blog_create_save(site_id):
user = auth.is_logged_in(request)
site = Site.load(site_id)
permission = auth.is_site_admin(user, site)
errors = []
new_blog = Blog(
site=site,
name=request.forms.getunicode('blog_name'),
description=request.forms.getunicode('blog_description'),
url=request.forms.getunicode('blog_url'),
path=request.forms.getunicode('blog_path'),
set_timezone=request.forms.getunicode('blog_timezone'),
# theme=get_default_theme(),
theme=Theme.default_theme())
try:
new_blog.validate()
except Exception as e:
errors.extend(e.args[0])
if len(errors) == 0:
from core.libs.peewee import IntegrityError
try:
new_blog.setup(user, Theme.default_theme())
# new_blog.theme)
except IntegrityError as e:
from core.utils import field_error
errors.append(field_error(e))
if len(errors) > 0:
status = utils.Status(
type='danger',
no_sure=True,
message=
'The blog could not be created due to the following problems:',
message_list=errors)
from core.libs import pytz
tags = template_tags(site=site, user=user)
tags.status = status
tags.blog = new_blog
themes = Theme.select()
return template(
'ui/ui_blog_settings',
section_title="Create new blog",
# search_context=(search_context['sites'], None),
menu=generate_menu('site_create_blog', site),
nav_default='all',
themes=themes,
timezones=pytz.all_timezones,
**tags.__dict__)
else:
tags = template_tags(user=user, site=site, blog=new_blog)
status = utils.Status(type='success',
message='''
Blog <b>{}</b> was successfully created. You can <a href="{}/blog/{}/newpage">start posting</a> immediately.
'''.format(new_blog.for_display, BASE_URL, new_blog.id))
tags.status = status
return report(tags, 'site_create_blog', site)