def admin_set_accesslevel(user, level):
pd = PageData()
if pd.authuser.accesslevel != 255 and pd.authuser.accesslevel <= int(
level):
app.logger.error('Accesslevel change was denied for user: '******'index')
try:
moduser = SiteUser.create(user)
if pd.authuser.accesslevel != 255 and moduser.accesslevel >= pd.authuser.accesslevel:
flash("Please contact an admin to modify this user's account.")
return redirect_back('index')
except NoUser:
app.logger.error('Accesslevel change attempted for invalid user by: ' +
pd.authuser.username)
pd.title = "User does not exist"
pd.errortext = "The user does not exist"
return render_template('error.html', pd=pd)
moduser.newaccesslevel(level)
flash('User ' + user + '\'s accesslevel has been set to ' + level)
return redirect('/user/' + moduser.username)
def show_item(item_id, edit=None):
pd = PageData()
if item_id is 'new':
return redirect("/item/" + item_id + "/edit")
try:
showitem = SiteItem(item_id)
if edit:
showitem.old = True
showitem.description = edit
showitem.description_html = markdown.markdown(
escape_html(str(showitem.body(edit))), md_extensions)
except NoItem:
return page_not_found(404)
if 'username' in session:
try:
user = SiteUser.create(session['username'])
pd.iteminfo = user.query_collection(showitem.uid)
except (NoUser, NoItem):
pass
pd.title = showitem.name
pd.item = showitem
return render_template('item.html', pd=pd)
def pm(username):
pd = PageData()
try:
pd.recipient = SiteUser.create(username)
except (NoItem, NoUser):
return page_not_found(404)
if 'username' in session:
if request.method == 'POST':
message = request.form['body']
subject = request.form['subject']
if 'parent' in request.form:
parent = deobfuscate(request.form['parent'])
else:
parent = None
if message and subject:
messageid = send_pm(pd.authuser.uid, pd.recipient.uid, subject, message, messagestatus['unread_pm'], parent)
if messageid:
flash('Message sent!')
if parent:
return redirect_back('/user/' + username + '/pm')
else:
return redirect('/user/' + pd.authuser.username + '/pm/' + obfuscate((messageid)))
else:
# TODO re-fill form
flash('No message or subject')
return redirect_back('/user/' + username + '/pm')
return render_template('sendpm.html', pd=pd)
def new_facebook_user():
pd = PageData();
logger.info('Started Facebook new user for {}, referrer was {}'.format(request.remote_addr, request.referrer))
if not check_new_user(request, nopass=True):
pd.username = request.form['username']
pd.email = request.form['email']
return redirect_back(url_for('index'))
password = ''.join(random.choice(string.printable) for _ in range(100))
if not new_user(request.form['username'], password, request.form['email'], request.remote_addr):
return render_template('error.html', pd=pd)
user_key = 'oauth-facebook-{}'.format(session['facebook_id'])
new_key(user_key, request.form['username'])
try:
user = SiteUser.create(request.form['username'])
session['username'] = user.username
profile = user.profile()
profile.profile['facebook_id'] = session['facebook_id']
profile.update()
except (NoUser, AuthFail):
return render_template('error.html', pd=pd)
logger.info('New Facebook user {} ID {} ip {}'.format(user.username, session['facebook_id'], request.remote_addr))
flash('Welcome ' + request.form['username'])
return redirect(url_for('index'))
def newuser():
pd = PageData();
pd.title = "New User"
if 'username' in session:
flash('You are already logged in.')
return redirect(url_for('index'))
else:
if request.method == 'POST':
if not check_new_user(request):
pd.username = request.form['username']
pd.email = request.form['email']
return render_template('new_user.html', pd=pd)
if not new_user(request.form['username'], request.form['password'], request.form['email'], request.remote_addr):
return render_template('error.html', pd=pd)
try:
user = SiteUser.create(request.form['username'])
user.authenticate(request.form['password'])
session['username'] = user.username
except (NoUser, AuthFail):
return render_template('error.html', pd=pd)
flash('Welcome ' + request.form['username'])
return redirect(url_for('index'))
return render_template('new_user.html', pd=pd)
def new_facebook_user():
pd = PageData()
logger.info('Started Facebook new user for {}, referrer was {}'.format(
request.remote_addr, request.referrer))
if not check_new_user(request, nopass=True):
pd.username = request.form['username']
pd.email = request.form['email']
return redirect_back(url_for('index'))
password = ''.join(random.choice(string.printable) for _ in range(100))
if not new_user(request.form['username'], password, request.form['email'],
request.remote_addr):
return render_template('error.html', pd=pd)
user_key = 'oauth-facebook-{}'.format(session['facebook_id'])
new_key(user_key, request.form['username'])
try:
user = SiteUser.create(request.form['username'])
session['username'] = user.username
profile = user.profile()
profile.profile['facebook_id'] = session['facebook_id']
profile.update()
except (NoUser, AuthFail):
return render_template('error.html', pd=pd)
logger.info('New Facebook user {} ID {} ip {}'.format(
user.username, session['facebook_id'], request.remote_addr))
flash('Welcome ' + request.form['username'])
return redirect(url_for('index'))
def admin_set_accesslevel(user, level):
"""
:URL: /admin/users/<user>/accesslevel/<level>
Change a user's access level. The user requesting the access level change must be more privileged
than the level they are setting.
Redirects back if there was an error, otherwise redirects to the user's profile.
"""
pd = PageData()
if pd.authuser.accesslevel != 255 and pd.authuser.accesslevel <= int(level):
app.logger.error('Accesslevel change was denied for user: '******'index')
try:
moduser = SiteUser.create(user)
if pd.authuser.accesslevel != 255 and moduser.accesslevel >= pd.authuser.accesslevel:
flash("Please contact an admin to modify this user's account.")
return redirect_back('index')
except NoUser:
app.logger.error('Accesslevel change attempted for invalid user by: ' + pd.authuser.username)
pd.title = "User does not exist"
pd.errortext = "The user does not exist"
return render_template('error.html', pd=pd)
moduser.newaccesslevel(level)
flash('User ' + user + '\'s accesslevel has been set to ' + level)
return redirect_back('index')
def admin_set_accesslevel(user, level):
"""
:URL: /admin/users/<user>/accesslevel/<level>
Change a user's access level. The user requesting the access level change must be more privileged
than the level they are setting.
Redirects back if there was an error, otherwise redirects to the user's profile.
"""
pd = PageData()
if pd.authuser.accesslevel != 255 and pd.authuser.accesslevel <= int(
level):
app.logger.error('Accesslevel change was denied for user: '******'index')
try:
moduser = SiteUser.create(user)
if pd.authuser.accesslevel != 255 and moduser.accesslevel >= pd.authuser.accesslevel:
flash("Please contact an admin to modify this user's account.")
return redirect_back('index')
except NoUser:
app.logger.error('Accesslevel change attempted for invalid user by: ' +
pd.authuser.username)
pd.title = "User does not exist"
pd.errortext = "The user does not exist"
return render_template('error.html', pd=pd)
moduser.newaccesslevel(level)
flash('User ' + user + '\'s accesslevel has been set to ' + level)
return redirect('/user/' + moduser.username)
def edititem(item_id=None):
pd = PageData()
if request.method == 'POST':
if 'username' in session:
userid = pd.authuser.uid
else:
userid = 0
if 'desc' in request.form:
if request.form['name'] == '':
flash('No name for this item?')
return redirect_back("/item/new")
try:
item = SiteItem.create(request.form['uid'])
item_id = uid_by_item(request.form['name'])
if not item_id or item_id == int(request.form['uid']):
uid = request.form['uid']
ip = request.remote_addr
if item.name != request.form['name']:
item.name = request.form['name']
item.update()
old = core.digest(item.body())
new = core.digest(request.form['desc'])
# silently discard null edits
if old != new:
new_edit(uid, request.form['desc'], userid, ip)
logger.info('item {} edited by user {} ({})'.format(uid, userid, ip))
else:
logger.info('null edit discarded for item {} by user {} ({})'.format(uid, userid, ip))
return redirect('/item/' + str(uid))
else:
flash(item.name + " already exists!")
item_id = request.form['uid']
except NoItem:
if uid_by_item(request.form['name']):
flash(request.form['name'] + " already exists!")
return redirect_back("/item/new")
uid = new_item(request.form['name'], request.form['desc'], userid, request.remote_addr)
return redirect('/item/' + str(uid))
if item_id:
try:
pd.item = SiteItem.create(item_id)
except NoItem:
return page_not_found()
pd.title="Editing: %s" % pd.item.name
else:
pd.title="Editing: New Item"
return render_template('edititem.html', pd=pd)
def untag_item(item_id, tag_ob):
try:
item = SiteItem.create(item_id)
except NoItem:
return page_not_found()
pd = PageData()
item.remove_tag(pd.decode(tag_ob))
return redirect('/item/' + str(item.uid))
def untag_item(item_id, tag_ob):
try:
item = SiteItem.create(item_id)
except NoItem:
return page_not_found()
pd = PageData()
item.remove_tag(pd.decode(tag_ob))
return redirect('/item/' + str(item.uid))
def show_user_profile(username):
pd = PageData()
pd.title = "Profile for " + username
try:
pd.profileuser = SiteUser.create(username)
except NoUser:
return page_not_found()
return render_template('profile/main.html', pd=pd)
def show_image(img_id):
pd = PageData()
try:
pd.img = SiteImage.create(img_id)
pd.title = pd.img.tag
except NoImage:
return page_not_found(404)
return render_template('image.html', pd=pd)
def show_user_profile(username):
pd = PageData()
pd.title = "Profile for " + username
try:
pd.profileuser = SiteUser.create(username)
except NoUser:
return page_not_found()
return render_template('profile/main.html', pd=pd)
def show_image(img_id):
pd = PageData()
try:
pd.img = SiteImage.create(img_id)
pd.title=pd.img.tag
except NoImage:
return page_not_found(404)
return render_template('image.html', pd=pd)
def show_user_profile(username):
pd = PageData()
pd.title = "Profile for " + username
pd.timezones = get_timezones()
try:
pd.profileuser = SiteUser.create(username)
except NoUser:
return page_not_found(404)
return render_template('profile.html', pd=pd)
def show_user_profile_collections(username):
pd = PageData()
pd.title = "Collections for " + username
pd.timezones = get_timezones()
try:
pd.profileuser = SiteUser.create(username)
except NoUser:
return page_not_found()
return render_template('profile/collections.html', pd=pd)
def show_user_profile(username):
pd = PageData()
pd.title = "Profile for " + username
pd.timezones = get_timezones()
try:
pd.profileuser = SiteUser.create(username)
except NoUser:
return page_not_found(404)
return render_template('profile.html', pd=pd)
def mod_tag_delete(tag):
pd = PageData()
tree = Tags()
decode_tag = pd.decode(tag)
parent = tree.parent_of(decode_tag)
if tree.delete(decode_tag):
return redirect('/tag/' + pd.encode(parent))
else:
flash('Unable to delete tag: ' + decode_tag)
return redirect_back('/tag/' + tag)
def show_item_history(item_id):
pd = PageData()
try:
showitem = SiteItem.create(item_id)
except NoItem:
return redirect("/item/" + item_id + "/edit")
pd.title = showitem.name
pd.item = showitem
return render_template('itemhistory.html', pd=pd)
def show_item_history(item_id):
pd = PageData()
try:
showitem = SiteItem.create(item_id)
except NoItem:
return redirect("/item/" + item_id + "/edit")
pd.title = showitem.name
pd.item = showitem
return render_template('itemhistory.html', pd=pd)
def mod_tag_delete(tag):
pd = PageData()
tree = Tags()
decode_tag = pd.decode(tag)
parent = tree.parent_of(decode_tag)
if tree.delete(decode_tag):
return redirect('/tag/' + pd.encode(parent))
else:
flash('Unable to delete tag: ' + decode_tag)
return redirect_back('/tag/' + tag)
def edititem(item_id=None):
pd = PageData()
if request.method == 'POST':
if 'username' in session:
userid = pd.authuser.uid
else:
userid = 0
if 'desc' in request.form:
if request.form['name'] == '':
flash('No name for this item?')
return redirect_back("/item/new")
try:
item = SiteItem.create(request.form['uid'])
item_id = uid_by_item(request.form['name'])
if not item_id or item_id == int(request.form['uid']):
item.name = request.form['name']
item.update()
# todo: check for null edits
new_edit(request.form['uid'], request.form['desc'], userid,
request.remote_addr)
uid = request.form['uid']
flash('Edited item!')
return redirect('/item/' + str(uid))
else:
flash(item.name + " already exists!")
item_id = request.form['uid']
except NoItem:
if uid_by_item(request.form['name']):
flash(request.form['name'] + " already exists!")
return redirect_back("/item/new")
uid = new_item(request.form['name'], request.form['desc'],
userid, request.remote_addr)
return redirect('/item/' + str(uid))
if item_id:
try:
pd.item = SiteItem.create(item_id)
except NoItem:
return page_not_found()
pd.title = "Editing: %s" % pd.item.name
else:
pd.title = "Editing: New Item"
return render_template('edititem.html', pd=pd)
def show_user_profile_collections(username):
pd = PageData()
pd.title = "Collections for " + username
pd.timezones = get_timezones()
try:
pd.profileuser = SiteUser.create(username)
except NoUser:
return page_not_found()
if pd.profileuser.accesslevel == 0:
return page_not_found()
return render_template('profile/collections.html', pd=pd)
def show_user_profile_prefs(username):
pd = PageData()
pd.title = "Preferences for " + username
pd.timezones = get_timezones()
if not hasattr(pd, 'authuser') or pd.authuser.username != username:
return page_not_found()
try:
pd.profileuser = SiteUser.create(username)
except NoUser:
return page_not_found()
return render_template('profile/preferences.html', pd=pd)
def show_user_profile_prefs(username):
pd = PageData()
pd.title = "Preferences for " + username
pd.timezones = get_timezones()
if not hasattr(pd, 'authuser') or pd.authuser.username != username:
return page_not_found()
try:
pd.profileuser = SiteUser.create(username)
except NoUser:
return page_not_found()
return render_template('profile/preferences.html', pd=pd)
def show_image(img_id):
"""
:URL: /image/<img_id>
Render a template for viewing an image.
"""
pd = PageData()
try:
pd.img = SiteImage.create(img_id)
pd.title=pd.img.tag
except NoImage:
return page_not_found()
return render_template('image.html', pd=pd)
def revert_item_edit(item_id, edit):
pd = PageData()
try:
item = SiteItem.create(item_id)
item.old = True
item.edit = edit
except NoItem:
return page_not_found()
pd.title = "Reverting: " + item.name
pd.item_name = item.name
pd.item = item
return render_template('edititem.html', pd=pd)
def updateprefs(username):
pd = PageData()
if 'username' in session:
ret = False
if request.method == 'POST':
try:
user = SiteUser.create(session['username'])
profile = user.profile()
except NoUser:
return render_template('error.html', pd=pd)
if request.form['timezone'] in pytz.common_timezones:
logger.info('timezone updated for for {}'.format(username))
profile.profile['timezone'] = request.form['timezone']
profile.profile['summary'] = request.form['summary']
profile.profile['gameday'] = request.form['gameday']
profile.profile['whitewhale'] = request.form['whitewhale']
profile.update()
flash("Your profile has been updated.")
logger.info('profile updated for for {}'.format(username))
return redirect('/user/' + user.username)
return redirect(url_for('index'))
def revert_item_edit(item_id, edit):
pd = PageData()
try:
item = SiteItem.create(item_id)
item.old = True
item.edit = edit
except NoItem:
return page_not_found()
pd.title="Reverting: " + item.name
pd.item_name = item.name
pd.item = item
return render_template('edititem.html', pd=pd)
def link_facebook_account(username):
pd = PageData()
logger.info('Started Facebook auth for {} ({}), referrer was {}'.format(
username, request.remote_addr, request.referrer))
if 'username' in session:
try:
user = SiteUser.create(session['username'])
user.authenticate(request.form['password'])
except (NoUser, AuthFail):
flash(
'Authentication failed, please check your password and try again.'
)
logger.info(
'Facebook auth link failed for username {} ip {}'.format(
user.username, request.remote_addr))
return redirect_back(url_for('index'))
user_key = 'oauth-facebook-{}'.format(session['facebook_id'])
new_key(user_key, session['username'])
profile = user.profile()
profile.profile['facebook_id'] = session['facebook_id']
profile.update()
flash('Your account is now linked to Facebook.')
logger.info('Facebook auth linked for username {} ID {} ip {}'.format(
user.username, session['facebook_id'], request.remote_addr))
return redirect(url_for('index'))
return redirect_back(url_for('index'))
def show_image(img_id):
"""
:URL: /image/<img_id>
Render a template for viewing an image.
"""
pd = PageData()
try:
pd.img = SiteImage.create(img_id)
pd.title = pd.img.tag
except NoImage:
return page_not_found()
return render_template('image.html', pd=pd)
def pm_action(username, messageid, action):
"""
:URL: /user/<username>/pm/<messageid>/<action>
:Methods: GET, POST
:Actions:
* read
* unread
* delete
* undelete
Setting the accept:application/json header will return JSON instead of a redirect.
"""
pd = PageData()
dmid = deobfuscate(messageid)
if not 'username' in session or pd.authuser.username != username or dmid is None:
return render_template('pm_error.html', pd=pd)
pm = TradeMessage.create(dmid)
if action == 'read':
pm.read(pd.authuser.username)
elif action == 'unread':
pm.unread(pd.authuser.username)
elif action == 'delete':
pm.delete(pd.authuser.username)
elif action == 'undelete':
pm.undelete(pd.authuser.username)
if request_wants_json():
return '{}'
else:
return redirect_back('/')
def newimg():
"""
:URL: /newimg
:Method: POST
Upload a new image.
"""
pd = PageData()
if request.method == 'POST':
if 'img' in request.files:
if request.form['title'] == '':
title = request.files['img'].filename
else:
title = request.form['title']
if 'username' in session:
userid = pd.authuser.uid
else:
userid = None
img = new_img(request.files['img'], title, request.form['parent'],
userid, request.remote_addr)
if img:
flash('Uploaded {}'.format(request.files['img'].filename))
return redirect_back('/image/' + str(img))
else:
flash('An error occurred while processing {}'.format(
request.files['img'].filename))
return redirect_back(url_for('index'))
def emailupdate():
pd = PageData()
if 'username' in session:
if request.method == 'POST':
try:
user = SiteUser.create(session['username'])
except NoUser:
return render_template('error.html', pd=pd)
try:
user.authenticate(request.form['password'])
except AuthFail:
flash("Please check your current password and try again")
return redirect('/user/' + user.username)
email = request.form['email']
if not re.match("[^@]+@[^@]+\.[^@]+", request.form['email']):
flash("Invalid email address")
return redirect('/user/' + user.username)
user.newemail(email)
flash("Your email address has been changed.")
return redirect('/user/' + user.username)
return redirect(url_for('index'))
def tagreparent():
pd = PageData()
if request.method == 'POST':
if 'username' in session:
userid = pd.authuser.uid
else:
userid = 0
if 'reparent' in request.form:
try:
Tags().reparent(pd.decode(request.form['name']), pd.decode(request.form['reparent']))
except IndexError:
flash('Error reparenting tag!')
return redirect_back('index')
def tagreparent():
pd = PageData()
if request.method == 'POST':
if 'username' in session:
userid = pd.authuser.uid
else:
userid = 0
if 'reparent' in request.form:
try:
Tags().reparent(pd.decode(request.form['name']), pd.decode(request.form['reparent']))
except IndexError:
flash('Error reparenting tag!')
return redirect_back('index')
def mod_img(image, scale=2):
pd = PageData()
pd.scale = float(scale)
try:
modimg = SiteImage.create(image)
except NoImage:
return page_not_found()
pd.image = modimg
try:
sql = 'select uid name from items where uid = %(uid)s;'
pd.parent = doquery(sql, {"uid": modimg.parent})[0][0]
sql = 'select * from imgmods where imgid = %(uid)s;'
result = doquery(sql, {"uid": modimg.uid})
if result[0][3] is None:
user = '******'
else:
user = user_by_uid(result[0][3])
pd.moduser = user
except IndexError:
return page_not_found()
pd.ascii = SiteImage.create(modimg.uid).ascii(scale=pd.scale)
return render_template('mod_img.html', pd=pd)
def pm(username):
pd = PageData()
try:
pmuser = SiteUser.create(username)
except (NoItem, NoUser):
return page_not_found()
if 'username' in session:
if session['username'] == username:
pd.profileuser = pmuser
return render_template('profile/messages.html', pd=pd)
else:
pd.recipient = pmuser
if request.method == 'POST':
message = request.form['body']
subject = request.form['subject']
if 'parent' in request.form:
parent = deobfuscate(request.form['parent'])
else:
parent = None
if message and subject:
messageid = send_pm(pd.authuser.uid, pd.recipient.uid, subject,
message, None, parent)
if messageid:
flash('Message sent!')
if parent:
return redirect_back('/user/' + username + '/pm')
else:
return redirect('/user/' + pd.authuser.username +
'/pm/' + obfuscate((messageid)))
else:
# TODO re-fill form
flash('No message or subject')
return redirect_back('/user/' + username + '/pm')
return render_template('sendpm.html', pd=pd)
def dashboard():
ds = act.getDebts(session['id'])[:5]
if ds is not None:
ds = ds[:5]
ts = act.getTransactions(session['id'])
if ts is not None:
ts = ts[:5]
return render_template('dashboard.html',
page=PageData('dashboard', 'Dashboard'),
transactions=ts,
debts=ds)
def flag_image(img_id):
pd = PageData()
try:
flagimg = SiteImage.create(img_id)
flagimg.flag()
except NoImage:
return page_not_found(404)
flash("The image has been flagged and will be reviewed by a moderator.")
return redirect_back('index')
def mod_img_approve(imageid):
pd = PageData()
try:
modimg = SiteImage.create(imageid)
except NoImage:
flash('Error during moderation')
return redirect(url_for('moderate'))
modimg.approve()
return redirect(url_for('moderate'))
def newtag():
pd = PageData()
if request.method == 'POST':
if 'username' in session:
userid = pd.authuser.uid
else:
userid = 0
if 'tag' in request.form:
if request.form['tag'] == '':
return redirect_back('index')
try:
Tags().retrieve(request.form['tag'].strip())
flash('Tag already exists!')
except IndexError:
Tags().insert_children([request.form['tag']], pd.decode(request.form['parent']))
return redirect_back('index')
def newtag():
pd = PageData()
if request.method == 'POST':
if 'username' in session:
userid = pd.authuser.uid
else:
userid = 0
if 'tag' in request.form:
if request.form['tag'] == '':
return redirect_back('index')
try:
Tags().retrieve(request.form['tag'].strip())
flash('Tag already exists!')
except IndexError:
Tags().insert_children([request.form['tag']], pd.decode(request.form['parent']))
return redirect_back('index')
def admin_reset_pw(user):
pd = PageData()
try:
user = SiteUser.create(user)
user.forgot_pw_reset(ip='0.0.0.0', admin=True)
except NoUser:
return page_not_found(404)
flash('A new password has been e-mailed to ' + user.username + '.')
return redirect_back('/admin')
def mod_img(image, scale=2):
pd = PageData()
pd.scale = float(scale)
try:
modimg = SiteImage.create(image)
except NoImage:
return page_not_found()
pd.image = modimg
try:
sql = 'select uid name from items where uid = %(uid)s;'
pd.parent = doquery(sql, {"uid": modimg.parent})[0][0]
sql = 'select * from imgmods where imgid = %(uid)s;'
result = doquery(sql, {"uid": modimg.uid})
if result[0][3] is None:
user = '******'
else:
user = user_by_uid(result[0][3])
pd.moduser = user
except IndexError:
return page_not_found()
pd.ascii = SiteImage.create(modimg.uid).ascii(scale=pd.scale)
return render_template('mod_img.html', pd=pd)
def mod_ban_user(user):
pd = PageData()
pd.title = "Banning user " + user
pd.accessreq = 10
pd.conftext = "Banning user " + user
pd.conftarget = "/admin/users/" + user + "/accesslevel/0"
pd.conflinktext = "Yup, I'm sure."
return render_template('confirm.html', pd=pd)
def stats():
pd = PageData()
pd.title = "Scarf Stats"
pd.topcollectors = get_whores_table()
pd.topcontributors = get_contribs_table()
pd.topneedy = get_needy_table()
pd.topwilltrade = get_willtrade_table()
return render_template('stats.html', pd=pd)
def viewpm(username, messageid):
pd = PageData()
dmid = deobfuscate(messageid)
if not 'username' in session or pd.authuser.username != username or dmid is None:
return render_template('pm_error.html', pd=pd)
if 'username' in session:
pm = TradeMessage.create(dmid)
if pm.messagestatus < messagestatus['unread_pm']:
pm = TradeMessage.create(messageid)
if session['username'] is pm.to_user:
pd.tradeuser = pm.from_user
pm.read()
else:
pd.tradeuser = pm.to_user
pd.pm = pm
pd.title = pm.subject
return render_template('pm.html', pd=pd)
def admin_set_accesslevel(user, level):
pd = PageData()
if pd.authuser.accesslevel != 255 and pd.authuser.accesslevel <= int(level):
app.logger.error('Accesslevel change was denied for user: '******'index')
try:
moduser = SiteUser.create(user)
if pd.authuser.accesslevel != 255 and moduser.accesslevel >= pd.authuser.accesslevel:
flash("Please contact an admin to modify this user's account.")
return redirect_back('index')
except NoUser:
app.logger.error('Accesslevel change attempted for invalid user by: ' + pd.authuser.username)
pd.title = "User does not exist"
pd.errortext = "The user does not exist"
return render_template('error.html', pd=pd)
moduser.newaccesslevel(level)
flash('User ' + user + '\'s accesslevel has been set to ' + level)
return redirect('/user/' + moduser.username)
def admin_users():
pd = PageData()
pd.sf_conf = config
pd.title = "Admin"
new_string('welcomebanner', 'Placeholder...')
pd.welcomebanner = SiteString('welcomebanner').string
pd.users = get_users()
try:
with open(config.DEPFILE, 'r') as depfile:
frozen = depfile.read()
pd.deployment = jsonpickle.decode(frozen)
pd.mode = 'prod'
except (OSError, IOError):
pd.mode = "dev"
return render_template('admin.html', pd=pd)
def reallydelete_image(img_id):
pd = PageData()
try:
delimg = SiteImage.create(img_id)
delimg.delete()
except NoImage:
return page_not_found(404)
pd.title = delimg.tag + " has been deleted"
pd.accessreq = 10
pd.conftext = delimg.tag + " has been deleted. I hope you meant to do that."
pd.conftarget = ""
pd.conflinktext = ""
return render_template('confirm.html', pd=pd)
def delete_item(item_id):
try:
delitem = SiteItem.create(item_id)
except NoItem:
return page_not_found()
pd = PageData()
pd.title=delitem.name
pd.accessreq = 255
pd.conftext = "Items may take some time to disappear from the indexes."
pd.conftarget = "/item/" + str(delitem.uid) + "/reallydelete"
pd.conflinktext = "I want to delete '{}' and accept the consequences of this action.".format(delitem.name)
return render_template('confirm.html', pd=pd)
def delete_image(img_id):
pd = PageData()
try:
delimg = SiteImage.create(img_id)
except NoImage:
return page_not_found(404)
pd.title=delimg.tag
pd.accessreq = 10
pd.conftext = "Deleting image " + delimg.tag
pd.conftarget = "/image/" + img_id + "/reallydelete"
pd.conflinktext = "Yup, I'm sure"
return render_template('confirm.html', pd=pd)
def moderate():
pd = PageData()
sql = read('imgmods')
result = doquery(sql)
pd.mods = []
pd.tags = Tree('tags')
for mod in result:
try:
imgid = mod[0]
flag = mod[2]
user = mod[3]
if user is None:
user = '******'
else:
user = user_by_uid(user)
if mod[1] == 0 or flag == 1:
sql = 'select tag from images where uid = %(uid)s;'
img = doquery(sql, {"uid": imgid})
class Mod:
pass
mod = Mod()
if img:
mod.uid = imgid
mod.tag = img[0][0]
mod.user = user
mod.flag = flag
pd.mods.append(mod)
else:
flash('Error loading data for image ' + str(imgid))
except IndexError as e:
pd.title = "SQL error"
pd.errortext = "SQL error"
return render_template('error.html', pd=pd)
pd.title = "Unmoderated images"
return render_template('moderation.html', pd=pd)
def mod_tag(tag):
pd = PageData()
pd.tree = Tags()
try:
pd.tag = pd.decode(tag)
all_tags = pd.tree.all_children_of(pd.tree.root)
# remove children and ourself from the reparent list
subtract = pd.tree.all_children_of(pd.tag)
subtract.append(pd.tag)
pd.reparent_list = list(set(all_tags) ^ set(subtract))
pd.root_tree = pd.tree.draw_tree(pd.tree.root)
return render_template('tag.html', pd=pd)
except TypeError:
return page_not_found(404)
def trade(username, itemid=None, messageid=None):
pd = PageData()
status = messagestatus['unread_trade']
try:
pd.tradeuser = SiteUser.create(username)
except NoUser:
return page_not_found(404)
if 'username' in session:
if request.method == 'POST':
authuseritems = request.form.getlist('authuseritem')
tradeuseritems = request.form.getlist('tradeuseritem')
message = request.form['body']
subject = request.form['subject']
if 'parent' in request.form:
parent = request.form['parent']
else:
if messageid:
parent = core.deobfuscate(messageid)
messageid = parent
status = messagestatus['unread_pm']
flashmsg = 'Message sent!'
else:
parent = None
messageid = None
flashmsg = 'Submitted trade request!'
if message and subject:
pmid = send_pm(pd.authuser.uid, pd.tradeuser.uid, subject, message, status, parent)
if not messageid:
messageid = pmid
elif tradeuseritems or authuseritems:
flashmsg = 'Trade updated'
for item in authuseritems:
add_tradeitem(item, messageid, pd.authuser.uid, tradeitemstatus['accepted'])
for item in tradeuseritems:
add_tradeitem(item, messageid, pd.tradeuser.uid, tradeitemstatus['unmarked'])
flash(flashmsg)
return redirect('/user/' + pd.authuser.username + '/pm/' + obfuscate(messageid))
if message == '':
flash('Please add a message')
return redirect_back('/')
pd.title = "Trading with {}".format(username)
try:
pd.authuser.ownwant = pd.authuser.query_collection(itemid)
except AttributeError:
pass
try:
pd.tradeuser.ownwant = pd.tradeuser.query_collection(itemid)
pd.item = SiteItem(itemid)
except NoItem:
if messageid:
try:
pd.trademessage = TradeMessage.create(deobfuscate(messageid))
except NoItem:
return page_not_found(404)
else:
return page_not_found(404)
return render_template('trade.html', pd=pd)
def search():
"""
:URL: /item/search?page=<page>&type=<query type>&limit=<max results>&query=<search query>&sort=<sort type>
:Method: GET
:Query Types:
* item - Item Search
* user - User Search
:Sort Types:
* name - Alphabetical by name
* added - By added date, latest first
* modified - Last modified
:Sample Response: Setting the accept:application/json header will return JSON.
.. code-block:: javascript
{
"limit": 2,
"num_pages": 4,
"num_results": 8,
"query": "Cascadia",
"results": [
{
"added": "2016-05-22 17:52:36",
"body": "Blue/White (Cascadia Fringe, Gisele Currier Memorial Fundraiser)",
"description": 460,
"images": [
388,
389
],
"modified": "2016-05-24 22:45:33",
"name": "No Pity MLS Blue White Fringe (Cascadia Fringe) 2012",
"uid": 362
},
{
"added": "2016-05-22 17:02:15",
"body": "",
"description": 317,
"images": [
364,
365
],
"modified": "2016-05-22 17:02:15",
"name": "Cascadia",
"uid": 350
}
]
}
"""
pd = PageData()
pd.search_type = request.args.get('type')
pd.query = request.args.get('query')
pd.limit = request.args.get('limit')
pd.page = request.args.get('page')
pd.sort = request.args.get('sort')
try:
if not pd.limit:
pd.limit = 20
else:
pd.limit = int(pd.limit)
if not pd.page:
pd.page = 1
else:
pd.page = int(pd.page)
except ValueError:
return page_not_found()
if pd.search_type == "items":
return item_search(pd)
elif pd.search_type == "users":
return user_search(pd)
elif pd.search_type == "tags":
return tag_search(pd)
else:
pd.search_type = "items"
return item_search(pd)
def edit_image(img_id):
"""
:URL: /image/<img_id>/edit
Very basic image editor. Applies a list of operations to an image
and either presents a preview back to the user or saves it to the
database as a new image.
"""
pd = PageData()
min_size = 200
try:
img = SiteImageEditor(img_id)
except NoImage:
return page_not_found()
preview = request.args.get('preview')
save = request.args.get('save')
pd.img = img
pd.ops = ''
pd.num_ops = 0
for op in range(1,20):
command = request.args.get('op{}'.format(op))
if command:
if command == 'rotate':
degrees = request.args.get('op{}_degrees'.format(op))
try:
degrees = int(degrees)
except:
return page_not_found()
img.rotate(degrees)
pd.ops = "{}&op{}=rotate&op{}_degrees={}".format(pd.ops, op, op, degrees)
pd.num_ops = op
elif command == 'crop':
x1 = request.args.get('op{}_x1'.format(op))
y1 = request.args.get('op{}_y1'.format(op))
x2 = request.args.get('op{}_x2'.format(op))
y2 = request.args.get('op{}_y2'.format(op))
try:
x1 = int(x1)
y1 = int(y1)
x2 = int(x2)
y2 = int(y2)
except:
return page_not_found()
new_width = x2 - x1
new_height = y2 - y1
if new_width < min_size:
flash("The selection is too narrow, please make a larger selection. If your image is below {} pixels in width you will not be able to crop it.".format(min_size))
return redirect_back(url_for('index'))
if new_height < min_size:
flash("The selection is too short, please make a larger selection. If your image is below {} pixels in width you will not be able to crop it.".format(min_size))
return redirect_back(url_for('index'))
img.crop(x1, y1, x2, y2)
pd.ops = "{base}&op{op}=crop&op{op}_x1={x1}&op{op}_y1={y1}&op{op}_x2={x2}&op{op}_y2={y2}".format(base=pd.ops, op=op, x1=x1, y1=y1, x2=x2, y2=y2)
pd.num_ops = op
else:
return page_not_found()
if preview == 'true':
return send_file(img.preview(), mimetype='image/jpeg')
if save:
if 'username' in session:
userid = pd.authuser.uid
else:
userid = None
new_img = img.save(userid, request.remote_addr)
return redirect('/image/' + str(new_img))
return render_template('imageedit.html', pd=pd)
