def edit(userid, journal, friends_only=False):
if not journal.title:
raise WeasylError("titleInvalid")
elif not journal.content:
raise WeasylError("contentInvalid")
elif not journal.rating:
raise WeasylError("ratingInvalid")
profile.check_user_rating_allowed(userid, journal.rating)
query = d.execute("SELECT userid, settings FROM journal WHERE journalid = %i", [journal.journalid], options="single")
if not query or "h" in query[1]:
raise WeasylError("Unexpected")
elif userid != query[0] and userid not in staff.MODS:
raise WeasylError("InsufficientPermissions")
settings = [query[1].replace("f", "")]
settings.append("f" if friends_only else "")
settings = "".join(settings)
if "f" in settings:
welcome.journal_remove(journal.journalid)
d.execute("UPDATE journal SET (title, content, rating, settings) = ('%s', '%s', %i, '%s') WHERE journalid = %i",
[journal.title, journal.content, journal.rating.code, settings, journal.journalid])
if userid != query[0]:
moderation.note_about(
userid, query[0], 'The following journal was edited:',
'- ' + text.markdown_link(journal.title, '/journal/%s?anyway=true' % (journal.journalid,)))
def modcontrol_spam_remove_post_(request):
"""
Submits content to the spam filtering backend, and hides it from view.
Either `submitid` or `journalid` must be present in the request's parameters.
:param request: The Pyramid request.
:subparam request.params['submitid']: If present, the submission's ID number.
:subparam request.params['journalid']: If present, the journal's ID number.
:return/raises: HTTPSeeOther to /modcontrol/suspenduser.
"""
submitid = request.params.get('submitid')
journalid = request.params.get('journalid')
# Only one parameter should ever be set
if sum(item is not None for item in [submitid, journalid]) != 1:
raise WeasylError("Unexpected")
submitid = int(submitid) if submitid is not None else None
journalid = int(journalid) if journalid is not None else None
# Only pkey_value is untrusted input to this statement.
statement = """
SELECT userid, content, submitter_user_agent_id, submitter_ip_address
FROM {table_name}
WHERE {pkey_name} = %(pkey_value)s
"""
if submitid:
# The content_type parameter which will be used to signal to the filtering backend what kind of content this is.
content_type = "submission"
statement = statement.format(table_name="submission",
pkey_name="submitid")
record_identifier = submitid
welcome.submission_remove(submitid=submitid)
moderation.hidesubmission(submitid=submitid)
elif journalid:
content_type = "journal"
statement = statement.format(table_name="journal",
pkey_name="journalid")
record_identifier = journalid
welcome.journal_remove(journalid=journalid)
moderation.hidejournal(journalid=journalid)
userid, content, user_agent_id, ip_addr = define.engine.execute(
statement, pkey_value=record_identifier).first()
spam_filtering.submit(
is_spam=True,
user_ip=ip_addr,
user_agent_id=user_agent_id,
user_id=userid,
comment_type=content_type,
comment_content=content,
)
index.recent_submissions.invalidate()
raise HTTPSeeOther("/modcontrol/suspenduser")
def hidejournal(journalid):
""" Hides a journal item from view, and removes it from the welcome table. """
d.engine.execute("""
UPDATE journal
SET settings = settings || 'h'
WHERE journalid = %(journalid)s
AND settings !~ 'h'
""", journalid=journalid)
welcome.journal_remove(journalid=journalid)
def remove(userid, journalid):
ownerid = d.get_ownerid(journalid=journalid)
if userid not in staff.MODS and userid != ownerid:
raise WeasylError("InsufficientPermissions")
query = d.execute("UPDATE journal SET settings = settings || 'h'"
" WHERE journalid = %i AND settings !~ 'h' RETURNING journalid", [journalid])
if query:
welcome.journal_remove(journalid)
return ownerid
def remove(userid, journalid):
ownerid = d.get_ownerid(journalid=journalid)
if userid not in staff.MODS and userid != ownerid:
raise WeasylError("InsufficientPermissions")
query = d.execute("UPDATE journal SET settings = settings || 'h'"
" WHERE journalid = %i AND settings !~ 'h' RETURNING journalid", [journalid])
if query:
welcome.journal_remove(journalid)
return ownerid
def edit(userid, journal, friends_only=False):
if not journal.title:
raise WeasylError("titleInvalid")
elif not journal.content:
raise WeasylError("contentInvalid")
elif not journal.rating:
raise WeasylError("ratingInvalid")
profile.check_user_rating_allowed(userid, journal.rating)
query = d.engine.execute(
"SELECT userid, settings FROM journal WHERE journalid = %(id)s",
id=journal.journalid,
).first()
if not query or "h" in query[1]:
raise WeasylError("Unexpected")
elif userid != query[0] and userid not in staff.MODS:
raise WeasylError("InsufficientPermissions")
settings = query[1].replace("f", "")
if friends_only:
settings += "f"
welcome.journal_remove(journal.journalid)
jo = d.meta.tables['journal']
d.engine.execute(
jo.update().where(jo.c.journalid == journal.journalid).values({
'title':
journal.title,
'content':
journal.content,
'rating':
journal.rating,
'settings':
settings,
}))
if userid != query[0]:
moderation.note_about(
userid, query[0], 'The following journal was edited:',
'- ' + text.markdown_link(
journal.title, '/journal/%s?anyway=true' %
(journal.journalid, )))
def edit(userid, journal, friends_only=False):
if not journal.title:
raise WeasylError("titleInvalid")
elif not journal.content:
raise WeasylError("contentInvalid")
elif not journal.rating:
raise WeasylError("ratingInvalid")
profile.check_user_rating_allowed(userid, journal.rating)
query = d.execute(
"SELECT userid, settings FROM journal WHERE journalid = %i",
[journal.journalid],
options="single")
if not query or "h" in query[1]:
raise WeasylError("Unexpected")
elif userid != query[0] and userid not in staff.MODS:
raise WeasylError("InsufficientPermissions")
settings = [query[1].replace("f", "")]
settings.append("f" if friends_only else "")
settings = "".join(settings)
if "f" in settings:
welcome.journal_remove(journal.journalid)
# TODO(kailys): use ORM
d.execute(
"UPDATE journal SET (title, rating, settings) = ('%s', %i, '%s') WHERE journalid = %i",
[journal.title, journal.rating.code, settings, journal.journalid])
# Write journal file
files.write(
files.make_resource(userid, journal.journalid, "journal/submit"),
journal.content)
if userid != query[0]:
from weasyl import moderation
moderation.note_about(
userid, query[0], 'The following journal was edited:',
'- ' + text.markdown_link(
journal.title, '/journal/%s?anyway=true' %
(journal.journalid, )))