def admin_articles(req):
check_login(req)
match_right(req, module_rights)
show = req.args.getfirst('show', '', uni)
pager = Pager(sort='desc')
pager.bind(req.args)
kwargs = {}
if show == 'ready':
pager.set_params(show=show)
kwargs['state'] = 2
kwargs['public_date'] = 0
elif show == 'drafts':
pager.set_params(show=show)
kwargs['state'] = 1
else:
show = None
if not do_check_right(req, right_editor):
kwargs['author_id'] = req.login.id
items = Article.list(req, pager, **kwargs)
return generate_page(req, "admin/articles.html", pager=pager, items=items,
show=show)
def admin_pages_mod(req, id):
"""Edit page could:
* author of page, if still have pages_author right
* admin with pages_modify right
* admin with pages_listall right and right which must have page too
"""
check_login(req)
match_right(req, module_rights)
token = do_create_token(req, '/admin/pages/%d' % id)
page = Page(id)
if (not do_check_right(req, 'pages_modify')) \
and (not page.check_right(req)):
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
if req.method == 'POST':
check_token(req, req.form.get('token'))
page.bind(req.form)
error = page.mod(req)
if error:
return generate_page(req, "admin/pages_mod.html", token=token,
page=page, rights=rights, error=error,
extra_rights=req.cfg.pages_extra_rights)
# endif
if not page.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
return generate_page(req, "admin/pages_mod.html", token=token,
page=page, rights=rights,
extra_rights=req.cfg.pages_extra_rights)
def admin_articles_mod(req, id):
check_login(req)
match_right(req, module_rights)
article = Article(id)
if not article.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
if (not do_check_right(req, right_editor)
and article.author_id != req.login.id):
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
Codebook = build_class('tags')
pager = Pager(order='value', limit=-1)
tags = Codebook.list(req, Codebook, pager)
if req.method == 'POST':
article.bind(req.form)
error = article.mod(req)
if error != article:
return generate_page(req, "admin/articles_mod.html",
article=article, error=error)
if not article.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
return generate_page(req, "admin/articles_mod.html", article=article,
token=create_token(req), tags=tags)
def articles_remove_tag(req, id, tag_id):
check_login(req)
match_right(req, module_rights)
check_token(req, req.form.get('token'), uri='/admin/articles/%d' % id)
article = Article(id)
article.remove_tag(req, tag_id)
req.content_type = 'application/json'
return '{}'
def attachments_detach(req, object_type, object_id, path, webid):
check_login(req)
match_right(req, [R_ADMIN, 'attachments_author'])
check_origin(req)
attachment = Attachment(Attachment.web_to_id(webid))
attachment.detach(req, object_type, object_id)
if attachment.delete(req) is None:
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
return js_items(req, object_type=object_type, object_id=object_id)
def admin_attachments_images_thumb_check(req):
check_login(req)
match_right(req, [R_ADMIN, 'attachments_modify'])
check_referer(req, '/admin/attachments')
job = Job(path=req.uri)
req.content_type = 'application/json'
if job.get(req):
req.status = state.HTTP_CREATED
return json.dumps(job.data)
return '{}' # job not found, so it could be run again
def articles_append_tag(req, id, tag_id):
check_login(req)
match_right(req, module_rights)
check_token(req, req.form.get('token'), uri='/admin/articles/%d' % id)
article = Article(id)
if not article.append_tag(req, tag_id):
return send_json(req, {'reason': 'integrity_error'})
req.content_type = 'application/json'
return '{}'
def admin_attachments_images_thumb(req):
check_login(req)
match_right(req, [R_ADMIN, 'attachments_modify'])
check_origin(req)
# job must be singleton
pid, status = run_job(req, req.uri, thumb_images, True)
req.content_type = 'application/json'
if not status:
req.status = state.HTTP_NOT_ACCEPTABLE
return '{}'
req.status = state.HTTP_CREATED
return json.dumps({'pid': pid})
def admin_attachments_add_update(req, id=None):
check_login(req)
match_right(req, [R_ADMIN, 'attachments_author'])
check_origin(req)
attachment = Attachment()
attachment.bind(req.form, req.login.id)
status = attachment.add(req)
if not status == attachment:
req.status = state.HTTP_BAD_REQUEST
req.content_type = 'application/json'
return json.dumps({'reason': Attachment.error(status)})
req.content_type = 'application/json'
return json.dumps({'attachment': attachment.dumps()})
def admin_pages(req):
check_login(req)
match_right(req, module_rights)
error = req.args.getfirst('error', 0, int)
pager = Pager()
pager.bind(req.args)
if not do_match_right(req, ('pages_modify', 'pages_listall')):
rows = Page.list(req, pager, author_id=req.login.id)
else:
rows = Page.list(req, pager)
return generate_page(req, "admin/pages.html",
token=do_create_token(req, '/admin/pages'),
pager=pager, rows=rows, error=error)
def admin_pages_del(req, id):
""" Delete page, could:
* author of page if have still pages_author right
* admin with pages_modify
"""
check_login(req, '/log_in?referer=/admin/pages')
match_right(req, ('pages_author', 'pages_modify'))
check_token(req, req.form.get('token'))
page = Page(id)
if not page.check_right(req):
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
page.delete(req)
# TODO: redirect to same page
redirect(req, '/admin/pages?error=%d' % SUCCESS)
def admin_articles_add(req):
check_login(req)
match_right(req, module_rights)
article = Article()
if req.method == 'POST':
article.bind(req.form, req.login.id)
error = article.add(req)
if error:
return generate_page(req, "admin/articles_mod.html",
article=article, error=error)
redirect(req, '/admin/articles/%d' % article.id)
# end
article.state = 2 if do_check_right(req, right_editor) else 1
return generate_page(req, "admin/articles_mod.html", article=article)
def admin_articles_enable(req, id):
check_login(req, '/log_in?referer=/admin/articles')
match_right(req, module_rights)
check_referer(req, '/admin/articles')
article = Article(id)
if not article.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
if (not do_check_right(req, right_editor)) \
and (not (article.author_id == req.login.id
and article.public_date.year == 1970)):
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
n_state = int(req.uri.endswith('/enable'))
n_state = (n_state * 2) if article.public_date.year > 1970 else n_state
article.set_state(req, n_state)
redirect(req, '/admin/articles')
def admin_pagse_add(req):
check_login(req)
match_right(req, ('pages_author', 'pages_modify'))
token = do_create_token(req, '/admin/pages/add')
if req.method == 'POST':
check_token(req, req.form.get('token'))
page = Page()
page.bind(req.form, req.login.id)
error = page.add(req)
if error:
return generate_page(req, "admin/pages_mod.html", token=token,
rights=rights, page=page, error=error)
redirect(req, '/admin/pages/%d' % page.id)
# end
return generate_page(req, "admin/pages_mod.html", token=token,
rights=rights)
def admin_pages_rst(req):
check_login(req)
match_right(req, module_rights)
return check_rst(req)
def articles_tags(req, id):
check_login(req)
match_right(req, module_rights)
return send_json(req, {'tags': Article.tags(req, id)}, cls=ObjectEncoder)
def attachments_view_not(req, object_type, object_id):
check_login(req)
match_right(req, [R_ADMIN, 'attachments_author'])
check_origin(req)
return js_items(req, object_type=object_type, object_id=object_id,
NOT=True)