def upload_file(request):
"""
Process file upload request
"""
c = {'errors': {}}
c['file'] = File()
# process file upload
# extract file params etc
req = ('filedata', 'filename', 'dltype')
for x in req:
if x not in request.POST:
return HTTPBadRequest()
hfile = request.POST['filedata']
# guess content type
content_type = guess_type(hfile.filename)[0] or 'application/octet-stream'
dbsession = DBSession()
now = datetime.utcnow()
file = dbsession.query(File).filter(File.name==request.POST['filename']).first()
if file is None:
file = File()
file.name = request.POST['filename']
file.size = len(hfile.value)
file.dltype = 'download' if request.POST['dltype'] == 'download' else 'auto'
file.content_type = content_type
file.updated = h.dt_to_timestamp(now)
# save file to the storage
storage_dirs = get_storage_dirs()
orig_filename = os.path.join(storage_dirs['orig'], file.name)
fp = open(orig_filename, 'wb')
shutil.copyfileobj(hfile.file, fp)
hfile.file.close()
fp.close()
dbsession.add(file)
dbsession.flush()
dbsession.expunge(file)
try:
transaction.commit()
except IntegrityError:
# display error etc
transaction.abort()
return HTTPFound(location=route_url('admin_list_files', request))
return HTTPFound(location=route_url('admin_list_files', request))
def edit_article_comment_ajax(request):
"""
Update comment and return updated and rendered data
"""
comment_id = int(request.matchdict['comment_id'])
dbsession = DBSession()
comment = dbsession.query(Comment).options(joinedload('user')).options(joinedload('user.roles')).get(comment_id)
# passed POST parameters are: 'body', 'name', 'email', 'website', 'date', 'ip', 'xffip'
params = {
'body': 'body',
'name': 'display_name',
'email': 'email',
'website': 'website',
'ip': 'ip_address',
'xffip': 'xff_ip_address'
}
for k, v in params.items():
value = request.POST[k]
if value == '':
value = None
setattr(comment, v, value)
comment.set_body(request.POST['body'])
comment.is_subscribed = 'is_subscribed' in request.POST
comment.published = h.str_to_timestamp(request.POST['date'])
dbsession.flush()
#comment_user = None
#if comment.user is not None:
# comment_user = dbsession.query(User).options(joinedload('roles')).get(comment.user)
dbsession.expunge(comment)
if comment.user is not None:
dbsession.expunge(comment.user)
for p in comment.user.roles:
dbsession.expunge(p)
data = {}
# without "unicode" or "str" it generates broken HTML
# because render() returns webhelpers.html.builder.literal
renderer_dict = {'comment': comment}
if comment.user is not None:
comment._real_email = comment.user.email
else:
comment._real_email = comment.email
if comment._real_email == '':
comment._real_email = None
data['rendered'] = render('/blog/single_comment.mako', renderer_dict, request)
return data
def add_article_comment_ajax(request):
_ = request.translate
article_id = int(request.matchdict['article_id'])
dbsession = DBSession()
q = dbsession.query(Article).filter(Article.id == article_id)
user = request.user
if not user.has_role('editor') or not user.has_role('admin'):
q = q.filter(Article.is_draft==False)
article = q.first()
if article is None or not article.is_commentable:
return HTTPNotFound()
if 's' not in request.POST:
return HTTPBadRequest()
json = {}
key = request.POST['s']
# all data elements are constructed from the string "key" as substrings
body_ind = key[3:14]
parent_ind = key[4:12]
display_name_ind = key[0:5]
email_ind = key[13:25]
website_ind = key[15:21]
is_subscribed_ind = key[19:27]
for ind in (body_ind, parent_ind, display_name_ind, email_ind, website_ind):
if ind not in request.POST:
return HTTPBadRequest()
body = request.POST[body_ind]
if len(body) == 0:
return {'error': _('Empty comment body is not allowed.')}
comment = Comment()
comment.set_body(body)
user = request.user
if user.kind != 'anonymous':
comment.user_id = user.id
else:
# get "email", "display_name" and "website" arguments
comment.display_name = request.POST[display_name_ind]
comment.email = request.POST[email_ind]
comment.website = request.POST[website_ind]
# remember email, display_name and website in browser cookies
request.response.set_cookie('comment_display_name', comment.display_name, max_age=31536000)
request.response.set_cookie('comment_email', comment.email, max_age=31536000)
request.response.set_cookie('comment_website', comment.website, max_age=31536000)
# set parent comment
parent_id = request.POST[parent_ind]
try:
parent_id = int(parent_id)
except ValueError:
parent_id = None
if parent_id:
parent = dbsession.query(Comment).filter(Comment.id == parent_id)\
.filter(Comment.article_id == article_id).first()
if parent is not None:
if not parent.is_approved:
#
data = { 'error': _('Answering to not approved comment')}
return json.dumps(data)
comment.parent_id = parent_id
comment.article_id = article_id
if is_subscribed_ind in request.POST:
comment.is_subscribed = True
# this list contains notifications
ns = []
# if user has subscribed to answer then check is his/her email verified
# if doesn't send verification message to the email
if is_subscribed_ind in request.POST:
vrf_email = ''
if user.kind != 'anonymous':
vrf_email = user.email
elif request.POST[email_ind]:
vrf_email = request.POST[email_ind]
vrf_email = normalize_email(vrf_email)
if vrf_email:
# email looks ok so proceed
send_evn = False
vf = dbsession.query(VerifiedEmail).filter(VerifiedEmail.email == vrf_email).first()
vf_token = ''
if vf is not None:
if not vf.is_verified:
diff = time() - vf.last_verify_date
#if diff > 86400:
if diff > 1:
# delay between verifications requests must be more than 24 hours
send_evn = True
vf.last_verify_date = time()
vf_token = vf.verification_code
else:
send_evn = True
vf = VerifiedEmail(vrf_email)
vf_token = vf.verification_code
dbsession.add(vf)
if send_evn:
ns.append(notifications.gen_email_verification_notification(request, vrf_email, vf_token))
request.response.set_cookie('is_subscribed', 'true' if comment.is_subscribed else 'false', max_age=31536000)
# automatically approve comment if user has role "admin", "writer" or "editor"
if user.has_role('admin') or user.has_role('writer') \
or user.has_role('editor'):
comment.is_approved = True
# TODO: also automatically approve comment if it's considered as safe:
# i.e. without hyperlinks, spam etc
# check how much hyperlinks in the body string
if len(re.findall('https?://', body, flags=re.IGNORECASE)) <= 1:
comment.is_approved = True
# record commenter ip address
comment.ip_address = request.environ.get('REMOTE_ADDR', 'unknown')
comment.xff_ip_address = request.environ.get('X_FORWARDED_FOR', None)
dbsession.add(comment)
_update_comments_counters(dbsession, article)
dbsession.flush()
dbsession.expunge(comment) # remove object from the session, object state is preserved
dbsession.expunge(article)
transaction.commit() # to delete, probably
# comment added, now send notifications
loop_limit = 100
comment = dbsession.query(Comment).get(comment.id)
parent = comment.parent
admin_email = get_config('admin_notifications_email')
vf_q = dbsession.query(VerifiedEmail)
notifications_emails = []
while parent is not None and loop_limit > 0:
loop_limit -= 1
c = parent
parent = c.parent
# walk up the tree
if not c.is_subscribed:
continue
# find email
email = None
if c.user is None:
email = c.email
else:
email = c.user.email
if email is None or email == admin_email:
continue
email = normalize_email(email)
if email in notifications_emails:
continue
vf = vf_q.filter(VerifiedEmail.email == email).first()
if vf is not None and vf.is_verified:
# send notification to "email"
ns.append(notifications.gen_comment_response_notification(request, article, comment, c, email))
admin_notifications_email = normalize_email(get_config('admin_notifications_email'))
for nfn in ns:
if nfn is None:
continue
if nfn.to == admin_notifications_email:
continue
nfn.send()
# create special notification for the administrator
nfn = notifications.gen_new_comment_admin_notification(request, article, comment)
if nfn is not None:
nfn.send()
# cosntruct comment_id
# we're not using route_url() for the article because stupid Pyramid urlencodes fragments
comment_url = h.article_url(request, article) + '?commentid=' + str(comment.id)
# return rendered comment
data = {
'body': comment.rendered_body,
'approved': comment.is_approved,
'id': comment.id,
'url': comment_url
}
return data
