def try_to_set_feed(post, new_feed_id, user): ''' Is this user actually allowed to set the feed of this post to what the form is saying they want to? If so, cool. Return that feed. ''' try: if post.feed: oldfeedid = post.feed.id else: oldfeedid = False except: oldfeedid = False if new_feed_id and new_feed_id != oldfeedid: # new or changed feed. try: feed = Feed.get(Feed.id == new_feed_id) except Feed.DoesNotExist: raise PleaseRedirect(None, "Odd. You somehow tried to post " "to a non-existant feed. It didn't work.") if feed.user_can_write(user): flash('Posted to ' + feed.name) return feed else: # This shouldn't happen very often - so don't worry about # losing post data. If it's an issue, refactor so it's stored # but not written to the feed... raise PleaseRedirect( url_for('index'), "Sorry, you don't have permission to write to " + feed.name) return feed return post.feed
def test_one_user_group_write_and_publish(self): f = Feed(name='123') f.save() u = User(passwordhash='123') u.save() g = Group(name='usergroup') g.save() g.set_users([u.id]) self.assertEqual(f.authors(), []) self.assertEqual(f.publishers(), []) self.assertEqual(f.author_groups(), []) self.assertEqual(f.publisher_groups(), []) self.assertFalse(f.user_can_write(u)) self.assertFalse(f.user_can_publish(u)) f.grant('Write', group=g) f.grant('Publish', group=g) f = Feed.get(id=f.id) self.assertEqual(f.authors(), []) self.assertEqual(f.publishers(), []) self.assertEqual(f.author_groups(), [g]) self.assertEqual(f.publisher_groups(), [g]) self.assertTrue(f.user_can_write(u)) self.assertTrue(f.user_can_publish(u))
def try_to_set_feed(post, new_feed_id, user): ''' Is this user actually allowed to set the feed of this post to what the form is saying they want to? If so, cool. Return that feed. ''' try: if post.feed: oldfeedid = post.feed.id else: oldfeedid = False except: oldfeedid = False if new_feed_id and new_feed_id != oldfeedid: # new or changed feed. try: feed = Feed.get(Feed.id == new_feed_id) except Feed.DoesNotExist: raise PleaseRedirect( None, "Odd. You somehow tried to post " "to a non-existant feed. It didn't work.") if feed.user_can_write(user): flash('Posted to ' + feed.name) return feed else: # This shouldn't happen very often - so don't worry about # losing post data. If it's an issue, refactor so it's stored # but not written to the feed... raise PleaseRedirect( url_for('index'), "Sorry, you don't have permission to write to " + feed.name) return feed return post.feed
def feedpage(feedid): ''' the back end settings for one feed. ''' try: feed = Feed.get(id=feedid) user = user_session.get_user() except user_session.NotLoggedIn: user = User() except: flash('invalid feed id! (' + str(feedid) + ')') return redirect(url_for('feeds')) if request.method == 'POST': if not user_session.logged_in(): flash("You're not logged in!") return redirect(url_for('feeds')) if not user.is_admin: flash('Sorry! Only Admins can change these details.') return redirect(request.referrer) action = request.form.get('action', 'none') if action == 'edit': feed.name = request.form.get('title', feed.name).strip() inlist = request.form.getlist feed.post_types = ', '.join(inlist('post_types')) feed.set_authors(by_id(User, inlist('authors'))) feed.set_publishers(by_id(User, inlist('publishers'))) feed.set_author_groups(by_id(Group, inlist('author_groups'))) feed.set_publisher_groups(by_id(Group, inlist('publisher_groups'))) feed.save() flash('Saved') elif action == 'delete': for post in feed.posts: post_type_module = post_types.load(post.type) delete_post_and_run_callback(post, post_type_module) feed.delete_instance(True, True) # cascade/recursive delete. flash('Deleted') return redirect(url_for('feeds')) return render_template('feed.html', feed=feed, user=user, all_posttypes=post_types.types(), allusers=User.select(), allgroups=Group.select() )
def feedsrss(ids_raw): ''' get a bunch of feeds posts as an RSS stream ''' ids = [] feed_names = [] for i in ids_raw.split(','): try: feedid = int(i) if feedid in ids: continue feed = Feed.get(id=feedid) ids.append(feedid) feed_names.append(feed.name) except ValueError: continue except Feed.DoesNotExist: continue time_now = now() feed_posts = [p for p in \ Post.select().join(Feed).where( (Feed.id << ids) &(Post.status == 0) &(Post.active_start < time_now) &(Post.active_end > time_now) &(Post.published) )] feed = RSSFeed() feed.feed["title"] = ",".join(feed_names) feed.feed["link"] = url_for('feeds') feed.feed["description"] = "Posts from " + (','.join(feed_names)) for post in feed_posts: contents = json.loads(post.content) cleantext = bleach.clean(contents["content"], tags=[], strip=True) if len(cleantext) > 20: cleantext = cleantext[0:20] + "..." item = { "title": cleantext, "description": contents["content"], "guid": str(post.id), } feed.items.append(item) resp = make_response(feed.format_rss2_string()) resp.headers["Content-Type"] = "application/xml" return resp
def external_data_source_edit(source_id): ''' Editing a external data source ''' if not user_session.is_admin(): flash('Only Admins can do this!') return redirect(url_for('feeds')) # first find the data type: if request.method == 'DELETE': ExternalSource.delete() \ .where(ExternalSource.id == int(source_id)) \ .execute() return 'deleted' if source_id == None: try: source = ExternalSource() source.type = request.args['type'] source.name = "new " + source.type + " source" source.feed = Feed.get() # set initial feed except KeyError: return 'No type specified.', 500 else: try: source = ExternalSource.get(id=source_id) except peewee.DoesNotExist: return 'Invalid id.', 404 # Try and load the external source type ( and check it's valid): try: module = external_source_types.load(source.type) except ImportError: return 'Invalid External Source Type', 404 # if it's a post, then update the data with 'receive': if request.method == 'POST': source.post_as_user = user_session.get_user() source.settings = json.dumps(module.receive(request)) source.name = request.form.get('name', source.name) source.frequency = getint('frequency', 60) source.publish = getbool('publish', False) source.lifetime_start = request.form.get('active_start', source.lifetime_start) source.lifetime_end = request.form.get('active_end', source.lifetime_end) source.display_time = getint('display_time', source.display_time) source.post_template = request.form.get('post_template', source.post_template) try: source.feed = Feed.get(Feed.id == getint('feed', 100)) source.save() if source_id == None: # new source! return redirect(url_for('external_data_source_edit', source_id=source.id)) else: flash('Updated.') except Feed.DoesNotExist: flash("Can't save! Invalid Feed!{}".format( getint('feed', '-11'))) return render_template("external_source.html", source=source, feeds=Feed.select(), form=module.form(json.loads(source.settings)))
def postpage(postid): ''' Edit a post. ''' if not user_session.logged_in(): flash("You're not logged in!") return redirect(url_for('posts')) try: post = Post.get(Post.id == postid) post_type_module = post_types.load(post.type) user = user_session.get_user() except Post.DoesNotExist: flash('Sorry! Post id:{0} not found!'.format(postid)) return redirect(url_for('posts')) if request.method == 'POST': try: # check for write permission, and if the post is # already published, publish permission. if_i_cant_write_then_i_quit(post, user) # if the user is allowed to set the feed to what they've # requested, then do it. post.feed = try_to_set_feed(post, request.form.get('post_feed', False), user) except PleaseRedirect as e: flash(str(e.msg)) redirect(e.url) # if it's a publish or delete request, handle that instead: action = request.form.get('action', 'edit') if action == 'delete': # don't need extra guards, as if_i_cant... deals with it above delete_post_and_run_callback(post, post_type_module) flash('Deleted') elif action == 'publish': try: post.publish(user) flash("Published") except PermissionDenied: flash("Sorry, you don't have permission to publish" " posts in this feed.") elif action == 'unpublish': try: post.publish(user, False) flash("Published!") except PermissionDenied: flash('Sorry, you do NOT have permission' \ ' to unpublish on this feed.') elif action == 'move': if not user_session.is_admin(): flash('Sorry! You are not an admin!') return jsonify({'error': 'permission denied'}) post.feed = Feed.get(Feed.id == getint('feed', post.feed)) post.save() return jsonify({'message': 'Moved to ' + post.feed.name}) if action not in ('edit', 'update'): return redirect(request.referrer if request.referrer else '/') # finally get around to editing the content of the post... try: post_form_intake(post, request.form, post_type_module) post.save() flash('Updated.') except Exception as e: flash('invalid content for this data type!') flash(str(e)) # Should we bother displaying 'Post' button, and editable controls # if the user can't write to this post anyway? #can_write, can_publish = can_user_write_and_publish(user, post) return render_template('post_editor.html', post=post, current_feed=post.feed.id, feedlist=user.writeable_feeds(), user=user, form_content=post_type_module.form(json.loads(post.content)))
def post_new(feed_id): ''' create a new post! ''' if not user_session.logged_in(): flash("You're not logged in!") return redirect(url_for('index')) user = user_session.get_user() try: feed = Feed.get(id=feed_id) except Feed.DoesNotExist: flash('Sorry, Feed does not exist!') return redirect(url_for('feeds')) if not feed.user_can_write(user): flash("Sorry! You don't have permission to write here!") return redirect(request.referrer if request.referrer else '/') if request.method == 'GET': # send a blank form for the user: post = Post() post.feed = feed # give list of available post types: all_posttypes = dict([(x['id'], x) for x in post_types.types()]) if post.feed.post_types: allowed_post_types = [] for post_type in post.feed.post_types_as_list(): if post_type in all_posttypes: allowed_post_types.append(all_posttypes[post_type]) else: allowed_post_types = all_posttypes.values() # return the page: return render_template('postnew.html', current_feed=feed, post=post, user=user, post_types=allowed_post_types) else: # POST. new post! post_type = request.form.get('post_type') try: post_type_module = post_types.load(post_type) except: flash('Sorry! invalid post type.') return redirect(request.referrer if request.referrer else '/') if feed.post_types and post_type not in feed.post_types_as_list(): flash('sorry! this post type is not allowed in this feed!') return redirect(request.referrer if request.referrer else '/') post = Post(type=post_type, author=user) try: post.feed = feed if_i_cant_write_then_i_quit(post, user) post_form_intake(post, request.form, post_type_module) except PleaseRedirect as e: flash(str(e.msg)) return redirect(e.url if e.url else request.url) post.save() flash('Saved!') return redirect(url_for('feedpage', feedid=post.feed.id))
def external_data_source_edit(source_id): ''' Editing a external data source ''' if not user_session.is_admin(): flash('Only Admins can do this!') return redirect(url_for('feeds')) # first find the data type: if request.method == 'DELETE': ExternalSource.delete() \ .where(ExternalSource.id == int(source_id)) \ .execute() return 'deleted' if source_id == None: try: source = ExternalSource() source.type = request.args['type'] source.name = "new " + source.type + " source" source.feed = Feed.get() # set initial feed except KeyError: return 'No type specified.', 500 else: try: source = ExternalSource.get(id=source_id) except peewee.DoesNotExist: return 'Invalid id.', 404 # Try and load the external source type ( and check it's valid): try: module = external_source_types.load(source.type) except ImportError: return 'Invalid External Source Type', 404 # if it's a post, then update the data with 'receive': if request.method == 'POST': source.post_as_user = user_session.get_user() source.settings = json.dumps(module.receive(request)) source.name = request.form.get('name', source.name) source.frequency = getint('frequency', 60) source.publish = getbool('publish', False) source.lifetime_start = getstr('active_start', source.lifetime_start, validate=DATESTR) source.lifetime_end = getstr('active_end', source.lifetime_end, validate=DATESTR) source.display_time = getint('display_time', source.display_time) source.post_template = request.form.get('post_template', source.post_template) try: source.feed = Feed.get(Feed.id == getint('feed', 100)) source.save() if source_id == None: # new source! return redirect( url_for('external_data_source_edit', source_id=source.id)) else: flash('Updated.') except Feed.DoesNotExist: flash("Can't save! Invalid Feed!{}".format(getint('feed', '-11'))) return render_template("external_source.html", source=source, feeds=Feed.select(), form=module.form(json.loads(source.settings)))
def postpage(postid): ''' Edit a post. ''' if not user_session.logged_in(): flash("You're not logged in!") return redirect(url_for('posts')) try: post = Post.get(Post.id == postid) post_type_module = post_types.load(post.type) user = user_session.get_user() except Post.DoesNotExist: flash('Sorry! Post id:{0} not found!'.format(postid)) return redirect(url_for('posts')) if request.method == 'POST': try: # check for write permission, and if the post is # already published, publish permission. if_i_cant_write_then_i_quit(post, user) # if the user is allowed to set the feed to what they've # requested, then do it. post.feed = try_to_set_feed(post, request.form.get('post_feed', False), user) except PleaseRedirect as e: flash(str(e.msg)) redirect(e.url) # if it's a publish or delete request, handle that instead: action = request.form.get('action', 'edit') if action == 'delete': # don't need extra guards, as if_i_cant... deals with it above delete_post_and_run_callback(post, post_type_module) flash('Deleted') elif action == 'publish': try: post.publish(user) flash("Published") except PermissionDenied: flash("Sorry, you don't have permission to publish" " posts in this feed.") elif action == 'unpublish': try: post.publish(user, False) flash("Published!") except PermissionDenied: flash('Sorry, you do NOT have permission' \ ' to unpublish on this feed.') elif action == 'move': if not user_session.is_admin(): flash('Sorry! You are not an admin!') return jsonify({'error': 'permission denied'}) post.feed = Feed.get(Feed.id == getint('feed', post.feed)) post.save() return jsonify({'message': 'Moved to ' + post.feed.name}) if action not in ('edit', 'update'): return redirect(request.referrer if request.referrer else '/') # finally get around to editing the content of the post... try: post_form_intake(post, request.form, post_type_module) post.save() flash('Updated.') except Exception as e: flash('invalid content for this data type!') flash(str(e)) # Should we bother displaying 'Post' button, and editable controls # if the user can't write to this post anyway? #can_write, can_publish = can_user_write_and_publish(user, post) return render_template('post_editor.html', post=post, current_feed=post.feed.id, feedlist=user.writeable_feeds(), user=user, form_content=post_type_module.form( json.loads(post.content)))
def post_new(feed_id): ''' create a new post! ''' #if not user_session.logged_in(): # flash("You're not logged in!") # return redirect(url_for('index')) user = user_session.get_user() try: feed = Feed.get(id=feed_id) except Feed.DoesNotExist: flash('Sorry, Feed does not exist!') return redirect(url_for('feeds')) if not feed.user_can_write(user): flash("Sorry! You don't have permission to write here!") return redirect(request.referrer if request.referrer else '/') if request.method == 'GET': # send a blank form for the user: post = Post() post.feed = feed # give list of available post types: all_posttypes = dict([(x['id'], x) for x in post_types.types()]) if post.feed.post_types: allowed_post_types = [] for post_type in post.feed.post_types_as_list(): if post_type in all_posttypes: allowed_post_types.append(all_posttypes[post_type]) else: allowed_post_types = list(all_posttypes.values()) # return the page: return render_template('postnew.html', current_feed=feed, post=post, user=user, post_types=allowed_post_types) else: # POST. new post! post_type = request.form.get('post_type') try: post_type_module = post_types.load(post_type) except: flash('Sorry! invalid post type.') return redirect(request.referrer if request.referrer else '/') if feed.post_types and post_type not in feed.post_types_as_list(): flash('sorry! this post type is not allowed in this feed!') return redirect(request.referrer if request.referrer else '/') post = Post(type=post_type, author=user) try: post.feed = feed if_i_cant_write_then_i_quit(post, user) post_form_intake(post, request.form, post_type_module) except PleaseRedirect as e: flash(str(e.msg)) return redirect(e.url if e.url else request.url) post.save() post.publish(user) # publish all posts by default flash('Saved!') return redirect(url_for('feedpage', feedid=post.feed.id))