def describe_extension(doc):
if doc.filetype == "image":
return _("Images")
elif doc.filetype == "folder":
return _("Folders")
elif doc.extension in (".txt|.rtf|.rtf|.doc|.docx|.odt|"
".odc|.odp|.pdf|.ppt|.xls|.xlsx"):
return _("Documents")
elif doc.extension in ".zip|.rar|.tar|.gz|.bz|.tgz|.arj|.7z":
return _("Archives")
else:
return _("Files")
def GET(self, page_path):
try:
page = get_page_by_path(page_path)
if not page.is_published and not auth.get_user():
raise flash.redirect(_(page_access_forbidden_text), "/login")
load_page_data(page)
if auth.has_role("admin"):
json_data = web.storage(
page=page_to_json(page),
pages=pages_to_json(get_pages_in_tree_order()),
)
else:
json_data = web.storage()
if "edit" in web.input() and auth.has_role("admin"):
json_data.update(
page_block=block_to_json(
get_page_block_by_page_id(page.id)),
template_blocks=template_blocks_to_json()
)
else:
load_page_blocks(page.id)
return render.pages.page(json_data)
except IndexError:
raise web.notfound()
def create_document(document):
"""Creates new document and saves upload"""
parent = get_document_by_id(document.parent_id)
document.update(
ids=(parent.ids or "") + "," + str(parent.id),
level=parent.level + 1,
parent_id=int(document.parent_id),
created_at=web.SQLLiteral("CURRENT_TIMESTAMP"),
user_id=auth.get_user().id,
is_published=True, # True for the new documents
)
if document.type == "folder":
del document["upload"]
if not document.title:
document.title = _("Untitled Folder")
else:
upload = document.pop("upload")
try:
mimetype, encoding = mimetypes.guess_type(upload.filename)
filename, filesize = save_document(upload.file)
title, extension = os.path.splitext(upload.filename)
document.update(
title=document.title or title,
filename=filename,
extension=extension.lower(),
mimetype=mimetype,
type="image" if "image" in mimetype else "document",
filesize=filesize,
)
except:
raise flash.error(_("File upload error."))
if document.position:
document.position = int(document.position)
# Shift positions to free the space to insert document
expand_tree_siblings("documents", document)
else:
document.position = get_last_position("documents", document.parent_id)
document.id = db.insert("documents", **document)
# TODO: fix created_at
return document
def GET(self, user_id, method):
user = auth.get_user(user_id=user_id, is_deleted=True)
if user.id != auth.get_user().id:
auth.update_user(user.id, is_deleted=method == "delete")
if method == "delete":
flash.set(_(undo_user_text) %
link_to("users", user, "undelete"))
applog.info(_(deleted_user_text) %
user.title, "users", user.id, "warn")
else:
flash.set(_(undelete_user_text))
applog.info(undeleted_user_text %
user.title, "users", user.id, "warn")
auth.delete_session(user.id)
else:
flash.set(_(cannot_delete_self_text), "error")
raise web.seeother("/a/users")
def POST(self):
form = passwordResetForm()
if form.validates():
try:
user = auth.get_user(email=form.d.email, with_password=True)
token_url = "%s%s/%s$%s" % (web.ctx.home, "/password_reset",
user.id, make_token(user))
mailer.send(
user.email,
render_email.password_reset(user, token_url),
send_now=True,
is_secure=True,
)
flash.set(_(sent_text))
raise web.seeother("/")
except IndexError:
form.note = _(email_doesnt_exist_text)
return render.auth.reset_token(form)
def POST(self, uid, token):
# artificial delay (to slow down brute force attacks)
sleep(0.5)
form = passwordChangeForm(web.input())
if form.valid:
try:
user = auth.get_user(user_id=uid, with_password=True)
if not user or not check_token(user, token,
auth.config.reset_expire_after):
raise AuthError
auth.set_password(user.email, form.d.password)
auth.login(user)
flash.set(_(changed_text))
except AuthError:
flash.set(_(reset_text))
raise web.seeother("/")
else:
return render.auth.reset_change(form)
def GET(self, page_id):
try:
page = get_page_by_id(page_id)
if auth.get_user() or is_page_published(page):
raise web.seeother(page.path)
else:
raise flash.redirect(_(page_access_forbidden_text), "/login")
except IndexError:
raise web.notfound()
def GET(self, uid, token):
# artificial delay (to slow down brute force attacks)
sleep(0.5)
try:
user = auth.get_user(user_id=uid, with_password=True)
if not user or not check_token(user, token,
auth.config.reset_expire_after):
raise AuthError
return render.auth.reset_change(passwordChangeForm)
except AuthError:
flash.set(_(reset_text))
raise web.seeother("/")
def delete_document_by_id(document_id):
document = get_document_by_id(document_id)
# cannot delete system files and folders
if document.is_system:
raise flash.error(
_("Cannot edit or delete system files and folders."))
# Collapse positions
collapse_tree_siblings("documents", document)
# Delete branch recursively
return delete_tree_branch("documents", document, func=delete_document_file)
def download_document(document):
if (not auth.has_role("admin", "editor", "user") and
not document.is_published):
raise flash.redirect(_("Cannot download this document"))
web.header("Content-Disposition", "attachment; filename=%s" %
slugify(document.title) + document.extension)
web.header("Content-Type", document.mimetype)
f = open(os.path.join(config.upload_dir, document.filename), 'rb')
while 1:
buf = f.read(1024 * 8)
if not buf:
break
yield buf
def update_document_by_id(document_id, data):
document = get_document_by_id(document_id)
# Cannot edit system files and folders
if document.is_system:
raise flash.error(
_("Cannot edit or delete system files and folders."))
parent = get_document_by_id(data.parent_id)
# TODO: custom input field that returns integer value
data.update(
ids=(parent.ids or "") + "," + str(parent.id),
level=parent.level + 1,
position=int(data.position),
parent_id=parent.id,
updated_at=web.SQLLiteral("CURRENT_TIMESTAMP"),
)
with db.transaction():
# Transact changes to positions
if (data.position != document.position or
data.parent_id != document.parent_id):
# Collapse positions for the removed document
collapse_tree_siblings("documents", document)
# Shift positions to free the space to insert document
expand_tree_siblings("documents", data)
# Cannot change documents type and upload
del data["type"]
del data["upload"]
db.update(
"documents",
where="id = $document_id",
vars=locals(),
**data)
# Update document with data
# TODO: fix updated_at
document.update(data)
return document
def filesize(doc):
return unicode((doc.filesize or 0) / 1024) + u" " + _("kb")
