def media_edit_save(blog_id, media_id): ''' Save changes to a media entry. ''' user = auth.is_logged_in(request) blog = Blog.load(blog_id) is_member = auth.is_blog_member(user, blog) media = Media.load(media_id) permission = auth.is_media_owner(user, media) friendly_name = request.forms.getunicode('media_friendly_name') changes = False if friendly_name != media.friendly_name: changes = True media.friendly_name = friendly_name import datetime if changes is True: media.modified_date = datetime.datetime.utcnow() media.save() status = utils.Status( type='success', message='Changes to media <b>{}</b> saved successfully.'.format( media.for_display)) else: status = utils.Status( type='warning', no_sure=True, message='No discernible changes submitted for media <b>{}</b>.'. format(media.id, media.for_display)) logger.info("Media {} edited by user {}.".format(media.for_log, user.for_log)) from core.ui import kv kv_ui_data = kv.ui(media.kv_list()) tags = template_tags(blog=blog, media=media, status=status, user=user) tags.sidebar = sidebar.render_sidebar(panel_set='edit_media', status_badge=status_badge, kv_object='Media', kv_objectid=media.id, kv_ui=kv_ui_data) return media_edit_output(tags)
def page_edit(page_id): ''' UI for editing a page in a blog ''' user = auth.is_logged_in(request) page = Page.load(page_id) permission = auth.is_page_editor(user, page) status = None referer = request.headers.get('Referer') if (referer is None or page.modified_date is None or re.match(re.escape(BASE_URL + "/blog/" + str(page.blog.id)), referer) is None): referer = BASE_URL + "/blog/" + str(page.blog.id) if page.modified_date is None: status = utils.Status(type='info', message="Page <b>{}</b> created.".format( page.for_log)) page.modified_date = datetime.datetime.utcnow() page.save(user) tags = template_tags(page=page, user=user, status=status) from core.ui import kv kv_ui_data = kv.ui(page.kv_list()) tpl = template( 'edit/page', menu=generate_menu('edit_page', page), parent_path=referer, # search_context=(search_context['blog'], page.blog), html_editor_settings=html_editor_settings(page.blog), sidebar=sidebar.render_sidebar(panel_set='edit_page', status_badge=status_badge, save_action_list=save_action_list, save_action=save_action, kv_ui=kv_ui_data, kv_object='Page', kv_objectid=page.id, **tags.__dict__), msg_float=False, **tags.__dict__) logger.info("Page {} opened for editing by {}.".format( page.for_log, user.for_log)) return tpl
def page_revision_restore(page_id, revision_id): user = auth.is_logged_in(request) page = Page.load(page_id) permission = auth.is_page_editor(user, page) page_revision = PageRevision.select().where( PageRevision.id == revision_id).get() status = utils.Status( type='success', message='Page <b>{}</b> has been restored from backup dated {}.'. format(page.for_log, page_revision.modified_date)) tags = template_tags(page=page, user=user, status=status) page_revision.id = page.id tags.page = page_revision referer = BASE_URL + "/blog/" + str(page.blog.id) # from core.cms import save_action_list # from core.ui_kv import kv_ui from core.ui import kv kv_ui_data = kv.ui(page.kv_list()) # TODO: save action from this doesn't trigger queue run tpl = template('edit/page', status_badge=status_badge, save_action=save_action, menu=generate_menu('edit_page', page), search_context=(search_contexts['blog'], page.blog), html_editor_settings=html_editor_settings(page.blog), sidebar=sidebar.render_sidebar( panel_set='edit_page', status_badge=status_badge, save_action=save_action, save_action_list=save_action_list, kv_ui=kv_ui_data, kv_object='Page', kv_objectid=page.id, **tags.__dict__), **tags.__dict__) return tpl
def login_verify(): ''' Verifies user login, provides session cookie if successful ''' _forms = request.forms email = _forms.get('email') password = _forms.get('password') if login_verify_core(email, password) is True: if request.query.action: utils.safe_redirect(request.query.action) else: redirect(BASE_URL) else: tags = template_tags() tags.status = utils.Status(type='danger', no_sure=True, message="Email or password not found.") return template('ui/ui_login', **tags.__dict__)
def system_new_user(): from core.models import db user = auth.is_logged_in(request) permission = auth.is_sys_admin(user) nav_tabs = None status = None from core.models import User if request.method == 'POST': new_name = request.forms.getunicode('user_name') new_email = request.forms.getunicode('user_email') new_password = request.forms.getunicode('user_password') new_password_confirm = request.forms.getunicode( 'user_password_confirm') from core.error import UserCreationError from core.libs import peewee # TODO: make this into a confirmation function a la what we did with blog settings new_user = User(name=new_name, email=new_email, password=new_password, password_confirm=new_password_confirm) try: new_user.save_pwd() except UserCreationError as e: status = utils.Status( type='danger', no_sure=True, message='There were problems creating the new user:'******'danger', no_sure=True, message='There were problems creating the new user:'******'The new user\'s email or username is the same as another user\'s. Emails and usernames must be unique.' ]) except Exception as e: raise e else: db.commit() from settings import BASE_URL return redirect(BASE_URL + '/system/user/{}'.format(new_user.id)) else: new_user = User(name='', email='', password='') tags = template_tags(user=user) tags.status = status tpl = template('edit/user_settings', edit_user=new_user, menu=generate_menu('system_create_user', new_user), search_context=(search_contexts['sites'], None), nav_tabs=nav_tabs, nav_default='basic', **tags.__dict__) return tpl
def user_edit(user_id, path, context, permission): # Obtains user edit in system context. user = auth.is_logged_in(request) permission = permission(user) user_to_edit = User.find(user_id=user_id) if user_id is not None else user status = None from core.error import PermissionsException if request.method == 'POST': if request.forms.getunicode('submit_settings') is not None: from core.libs import peewee user_to_edit.name = request.forms.getunicode('user_name') user_to_edit.email = request.forms.getunicode('user_email') try: user_to_edit.save() except peewee.IntegrityError: status = utils.Status( type='danger', no_sure=True, message= 'Error: user <b>{}</b> cannot be changed to the same name or email as another user.' .format(user_to_edit.for_display)) else: status = utils.Status( type='success', message='Data for user <b>{}</b> successfully updated.'. format(user_to_edit.for_display)) # TODO: all actions could be consolidated w/o multiple status lines if request.forms.getunicode('delete_permissions') is not None: deletes = request.forms.getall('del') try: user.remove_permissions(deletes) except PermissionsException as e: raise e status = utils.Status( type='success', message='Data for user <b>{}</b> successfully updated.'.format( user_to_edit.for_display)) if request.forms.getunicode('submit_permissions') is not None: permission_to_add = int( request.forms.getunicode('permission_list')) permission_target = request.forms.getunicode( 'permission_target_list') target_site = None target_blog = None if permission_to_add != auth.role.SYS_ADMIN: permission_target_item = permission_target[:5] if permission_target_item == 'site-': target_site = Site.load(permission_target[5:]) else: target_blog = Blog.load(permission_target[5:]) user_to_edit.add_permission(permission=permission_to_add, site=target_site, blog=target_blog) ''' what we should do: - get any existing permission - update it with the proper bitmask then, when listing permissions, go through and compare each bitmask against it the bitmask needs to be all in one entry per site/blog/user object it *might* work as we have it now but we'll need to test we might need to order by level to make sure it works ''' else: if user_to_edit.last_login is None: status = utils.Status( type='success', message='User <b>{}</b> successfully created.'.format( user_to_edit.for_display), ) import datetime user_to_edit.last_login = datetime.datetime.utcnow() user_to_edit.save() tags = template_tags(user=User.find(user_id=user.id)) tags.status = status try: tags.permissions = auth.get_permissions(user_to_edit) except PermissionsException: tags.permissions = [] tags.editor_permissions = auth.get_permissions(user) return edit_user(user_to_edit, editing_user=user, context=context(user_to_edit, path), tags=tags)
def blog_create_save(site_id): user = auth.is_logged_in(request) site = Site.load(site_id) permission = auth.is_site_admin(user, site) errors = [] new_blog = Blog( site=site, name=request.forms.getunicode('blog_name'), description=request.forms.getunicode('blog_description'), url=request.forms.getunicode('blog_url'), path=request.forms.getunicode('blog_path'), set_timezone=request.forms.getunicode('blog_timezone'), # theme=get_default_theme(), theme=Theme.default_theme()) try: new_blog.validate() except Exception as e: errors.extend(e.args[0]) if len(errors) == 0: from core.libs.peewee import IntegrityError try: new_blog.setup(user, Theme.default_theme()) # new_blog.theme) except IntegrityError as e: from core.utils import field_error errors.append(field_error(e)) if len(errors) > 0: status = utils.Status( type='danger', no_sure=True, message= 'The blog could not be created due to the following problems:', message_list=errors) from core.libs import pytz tags = template_tags(site=site, user=user) tags.status = status tags.blog = new_blog themes = Theme.select() return template( 'ui/ui_blog_settings', section_title="Create new blog", # search_context=(search_context['sites'], None), menu=generate_menu('site_create_blog', site), nav_default='all', themes=themes, timezones=pytz.all_timezones, **tags.__dict__) else: tags = template_tags(user=user, site=site, blog=new_blog) status = utils.Status(type='success', message=''' Blog <b>{}</b> was successfully created. You can <a href="{}/blog/{}/newpage">start posting</a> immediately. '''.format(new_blog.for_display, BASE_URL, new_blog.id)) tags.status = status return report(tags, 'site_create_blog', site)