def from_category(request): c_id = request.matchdict['category_id'] category = PropertyCategory.get_by_id(c_id) if category.parent: title = "%s in Nigeria" % (category.name) ptype = category.id listings=DBSession.query(Listings).filter(Listings.approved==True).filter(Listings.declined==False).\ filter(Listings.category==category).order_by(Listings.modified.desc()).all() else: ptype = '' title = "%s Properties in Nigeria" % (category.name) category_children = [x.name for x in category.children] listings = DBSession.query(Listings).join(PropertyCategory).filter(Listings.approved==True).\ filter(Listings.declined==False).filter(PropertyCategory.name.in_(category_children)).order_by(Listings.modified.desc()).all() page_url = PageURL_WebOb(request) page = int(request.params.get("page", 1)) paginator = Page(listings, page=page, items_per_page=10, url=page_url) form = Form(request) return dict(title=title, paginator=paginator, category=category, form=FormRenderer(form), type='', min_price='', max_price='', state_id='', lga_id='', lgas=[], ptype=ptype, beds='', baths='', area_size='', covered_area='', transaction_type='')
def approve(self): params = self.request.params id = params['id'] listing = Listings.get_by_id(id) if listing: listing.approved = True listing.declined = False DBSession.flush() body = """<html><head></head><body> <p>Dear %s,<p><br> <p>Your Listing <a href="%s">%s</a> at Nairabricks has just been approved.</p> <p>Yours sincerely,</p> <p>The Happy Nairabricks Info Robot</p> </body> </html> """ % (listing.user.fullname, self.request.route_url( 'property_view', name=listing.name), listing.serial) html_email_sender(self.request, subject="Listing %s Approved" % listing.serial, recipients=listing.user.email, body=body) return dict(isOk=1, message="Listing approved") return dict(isOk=0, message="No such listing")
def user_listing(self): form = Form(self.request) path = self.request.matchdict['prefix'] user = Users.get_by_path(path) page = int(self.request.params.get("page", 1)) page_url = PageURL_WebOb(self.request) active_listings = DBSession.query(Listings).filter(Listings.user == user).filter(Listings.approved==True).\ filter(Listings.declined==False).filter(Listings.status==True).all() past_sales = DBSession.query(Listings).filter( Listings.user == user).filter(Listings.status == False).all() active_paginator = Page(active_listings, page=int(self.request.params.get("page", 1)), items_per_page=10, url=page_url) pastsales_paginator = Page(past_sales, page=int(self.request.params.get("page", 1)), items_per_page=10, url=page_url) title = user.fullname + "'s Listings" return dict(user=user, pastsales_paginator=pastsales_paginator, lis="d", form=FormRenderer(form), active_paginator=active_paginator, title=title)
def my_sub(request): user = request.user plan = None active_sub = None total_premium_listings = 0 total_premium_blogs = 0 if user.active_subscription: plan = user.active_subscription[0].plan active_sub = user.active_subscription[0] subscriptions = DBSession.query(Subscription).filter_by( user=user).order_by(Subscription.id.desc()).all() premium = DBSession.query(Featured_Content).filter( Featured_Content.name == 'Premium').first() if premium: premium_lis = premium.featured_properties if premium_lis: for item in premium_lis: if item.user == user: total_premium_listings += 1 premium_blogs = premium.featured_blogs if premium_blogs: for item in premium_blogs: if item.user == user: total_premium_blogs += 1 return dict(title="My subscriptions", total_premium_listings=total_premium_listings, total_premium_blogs=total_premium_blogs, user=user, subscriptions=subscriptions, plan=plan, active_sub=active_sub)
def restpass(request): title = "Reset password" submitted_hmac = request.matchdict.get('hmac') user_id = request.matchdict.get('user_id') form = Form(request, schema=ResetPasswordForm) if 'form_submitted' in request.POST and form.validate(): user = Users.get_by_id(user_id) current_time = time.time() time_key = int(base64.b64decode(submitted_hmac[10:])) if current_time < time_key: hmac_key = hmac.new( '%s:%s:%d' % (str(user.id), 'r5$55g35%4#$:l3#24&', time_key), user.email).hexdigest()[0:10] if hmac_key == submitted_hmac[0:10]: #Fix me reset email, no such attribute email user.password = form.data['password'] DBSession.merge(user) DBSession.flush() request.session.flash( 'success; Password Changed. Please log in') return HTTPFound(location=request.route_url('login')) else: request.session.flash( 'warning; Invalid request, please try again') return HTTPFound(location=request.route_url('forgot_password')) action_url = request.route_url("reset_password", user_id=user_id, hmac=submitted_hmac) return { 'title': title, 'form': FormRenderer(form), 'action_url': action_url }
def company_uploadx(request): user = request.user filename = request.storage.save(request.POST['company_pix'], folder="logos") user.company_logo = filename DBSession.flush() return HTTPFound(location=request.route_url("user_edit"))
def delete(self): name = self.request.matchdict['name'] blog = Blogs.get_by_name(name) user = blog.user if not blog: self.session.flash("warning; no such blog") return HTTPFound(location=self.request.route_url('blog_list')) body = '''<html><head></head><body> <p>Dear %s,<p><br> <p>Your blog post <a href="%s">%s</a> have just been deleted. This might be because of self promotion, abuse or outright violation of our good neighbor policy</p> <p>Please, you are only allowed to write articles that will help our community</p> <p>Yours sincerely,<br> The Happy Nairabricks Info Robot</p> </body> </html> ''' % (user.fullname, self.request.route_url('blog_view', name=blog.name), blog.title) #html_email_sender(self.request, # subject = "Blog Post deleted", # recipients=user.email, # body = body # ) DBSession.delete(blog) DBSession.flush() self.session.flash("success; blog_deleted") return HTTPFound(location=self.request.route_url('blog_list'))
def update_personal(self): user = self.request.user form = Form(self.request, schema=PersonalSchema, obj=user) if 'personal_submitted' in self.request.POST and form.validate(): form.bind(user) DBSession.add(user) if form.data['prefix'] and form.data['prefix'] != user.prefix: user.prefix = create_path(form.data['prefix'], is_unique) DBSession.flush() if self.request.is_xhr: html = """<div class="alert alert-success alert-dismissable col-xs-12"> <button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button> Update Successful </div>""" return Response(html) self.request.session.flash("success; Update successful") return HTTPFound(location=self.request.route_url("user_edit")) if self.request.is_xhr: html = """<div class="alert alert-danger alert-dismissable col-xs-12"> <button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button> Update Not Successful </div>""" return Response(html) self.request.session.flash("success; Update successful") return HTTPFound(location=self.request.route_url("user_edit"))
def ratings(self): form = Form(self.request, schema=UserRatingSchema) prefix = self.request.matchdict['prefix'] user = Users.get_by_path(prefix) title = 'Rate ' + user.fullname if 'form_submitted' in self.request.POST and form.validate(): if user.id == self.request.user.id: self.request.session.flash("danger; You can't rate yourself") return HTTPFound( location=self.request.route_url('profile', prefix=prefix)) if user.rating: for rating in user.rating: if rating.rater_id == self.request.user.id: self.request.session.flash( "warning; You have rated %s before" % user.fullname) return HTTPFound(location=self.request.route_url( 'profile', prefix=prefix)) rating = UserRating(rater_id=self.request.user.id, rated_id=user.id, rating=form.data['rating'], review=form.data['review']) DBSession.add(rating) DBSession.flush() self.request.session.flash("success; Success") return HTTPFound( location=self.request.route_url('profile', prefix=prefix)) self.request.session.flash("danger; An Error occured") return HTTPFound( location=self.request.route_url('profile', prefix=prefix))
def populate_userTypes(): usertypes = [u'Buyer/Seller',u'Real Estate Developer/Builder',u'Real Estate Agent',u'Mortgage Lender',u'LandLord', u'Real Estate Broker',u'Property Manager',u'Other/just Looking'] with transaction.manager: for name in usertypes: typs = User_types( name) DBSession.add(typs)
def reg(self): title = 'Registration' usertypes = userTypes() states = get_states() msg = '' form = Form(self.request, schema=Registration) if 'form_submitted' in self.request.POST and form.validate(): try: resp = self.request.POST['g-recaptcha-response'] except: self.request.session.flash( 'danger; Failed captcha due to slow network') return HTTPFound(location=self.request.route_url('reg')) recaptcha_r = requests.post( recaptcha_endpoint, dict(secret=buddy_settings('recaptcha_secret'), response=resp)) rdata = recaptcha_r.json() if rdata: if not rdata['success']: msg = 'Failed recaptcha, please solve again' return dict(form=FormRenderer(form), msg=msg, title=title, usertypes=usertypes, states=states) user = form.bind(Users()) if 'ref_email' in self.request.session: referrer = Users.get_by_email( self.request.session['ref_email']) if referrer: user.parent_id = referrer.id with transaction.manager: DBSession.add(user) user.prefix = create_path(user.user_fullname, is_unique) DBSession.flush() timestamp = time.time() + 3600 hmac_key = hmac.new( '%s:%s:%d' % (str(user.id), 'r5$55g35%4#$:l3#24&', timestamp), user.email).hexdigest()[0:10] time_key = base64.urlsafe_b64encode('%d' % timestamp) email_hash = '%s%s' % (hmac_key, time_key) user_regmail(self.request, user.id, user.email, email_hash) headers = buddy_remember(self.request, user, event='R') self.session.flash( "success;You should be receiving an email with a link to activate your " "account within 10 minutes. Doing so will let you post properties/blog on this website." ) return HTTPFound(location=self.request.route_url('account'), headers=headers) return dict(form=FormRenderer(form), title=title, usertypes=usertypes, msg=msg, states=states)
def listplans(request): plans = DBSession.query(Plans).order_by(Plans.id).all() form = Form(request, schema=PlanSchema()) if 'form_submitted' in request.POST and form.validate(): plan = form.bind(Plans()) DBSession.add(plan) DBSession.flush() return HTTPFound(location=request.route_url('list_plans')) return dict(form=FormRenderer(form), plans=plans, title="List of plans")
def view(self): id = self.request.matchdict['id'] message = Messages.get_by_id(id) if not message: self.session.flash('info; No such message') return HTTPFound(location=self.request.route_url('home')) message.is_read = True DBSession.flush() return dict(message=message, mess='mess')
def delete(self): id = self.request.matchdict['id'] listing = Listings.get_by_id(id) if listing: DBSession.delete(listing) DBSession.flush() return HTTPFound(location=self.request.route_url('home')) else: self.request.session.flash("warning; Listing not found") return HTTPFound(location='/')
def editplans(request): pid = request.matchdict.get('id') plan = DBSession.query(Plans).get(pid) form = Form(request, schema=PlanSchema(), obj=plan) if 'form_submitted' in request.POST and form.validate(): form.bind(plan) DBSession.add(plan) DBSession.flush() return HTTPFound(location=request.route_url('list_plans')) return dict(form=FormRenderer(form), plan=plan, title=plan.name + " Edit")
def populate_location(): states=[u"Abuja",u"Abia",u"Anambra",u"Adamawa",u"Akwa Ibom",u"Bauchi",u"Benue", u"Bayelsa",u"Borno",u"Cross River",u"Enugu",u"Ebonyi",u"Edo",u"Ekiti",u"Delta", u"Gombe",u"Imo",u"Jigawa",u"Kebbi",u"Kogi",u"Kwara",u"Kano",u"Kaduna",u"Katsina", u"Lagos",u"Nasarawa",u"Niger",u"Osun",u"Ogun",u"Oyo",u"Ondo",u"Rivers",u"Plateau", u"Taraba",u"Sokoto",u"Yobe",u"Zamfara"] with transaction.manager: for state in states: s = State(state) DBSession.add(s)
def delete(self): prefix = self.request.matchdict['prefix'] user = Users.get_by_path(prefix) if user: DBSession.delete(user) DBSession.flush() return HTTPFound(location=self.request.route_url('home')) else: self.request.session.flash("warning; User not found") return HTTPFound(location='/')
def edit_blog(self): from buddy.models.properties_model import State def get_states(): query = [(s.id, s.name) for s in DBSession.query(State).all()] return query name = self.request.matchdict['name'] categories = get_categories() blog = Blogs.get_by_name(name) if not blog: self.session.flash("danger; No such blog post") return HTTPFound(location=self.request.route_url('blog_list')) title = "Editing " + blog.title form = Form(self.request, schema=BlogPost, obj=blog) if "form_submitted" in self.request.POST and form.validate(): form.bind(blog, exclude=['category_id']) for i, cat in enumerate(blog.categories): if cat.id not in form.data['category_id']: del blog.categories[i] catids = [cat.id for cat in blog.categories] for cate in form.data['category_id']: if cate not in catids: t = DBSession.query(BlogCategory).get(cate) blog.categories.append(t) blog.status = True DBSession.add(blog) DBSession.flush() return HTTPFound( location=self.request.route_url('blog_view', name=blog.name)) elif "draft" in self.request.POST and form.validate(): form.bind(blog, exclude=['category_id']) for i, cat in enumerate(blog.categories): if cat.id not in form.data['category_id']: del blog.categories[i] catids = [cat.id for cat in blog.categories] for cate in form.data['category_id']: if cate not in catids: t = DBSession.query(BlogCategory).get(cate) blog.categories.append(t) blog.status = 0 DBSession.add(blog) DBSession.flush() return HTTPFound( location=self.request.route_url('blog_view', name=blog.name)) return { 'form': FormRenderer(form), 'blog_nav_cat': get_navcategories(), 'title': title, 'categories': categories, 'blog': blog, 'wb': 'wb', 'states': get_states() }
def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ engine = engine_from_config(settings, 'sqlalchemy.') DBSession.configure(bind=engine) Base.metadata.bind = engine authn_policy = AuthTktAuthenticationPolicy(settings['buddy.site_secret'], callback=groupfinder,hashalg='sha512',max_age=864000, timeout=3600,reissue_time=120) authz_policy = ACLAuthorizationPolicy() hex_secret = settings['buddy.session_secret'].strip() secret = binascii.unhexlify(hex_secret) session_factory = EncryptedCookieSessionFactory(secret) config = Configurator(settings=settings, authentication_policy=authn_policy, authorization_policy=authz_policy, session_factory=session_factory) cache = RootFactory.__acl__ config.set_root_factory(RootFactory) config.add_request_method(get_user, 'user', reify=True) config.add_subscriber(add_renderer_globals, BeforeRender) config.set_default_csrf_options(require_csrf=True) config.add_static_view('static', 'static',cache_max_age=5184000) config.add_cache_buster( 'buddy:static/', QueryStringConstantCacheBuster(str(int(time.time())))) config.add_static_view('deform_static', 'deform_bootstrap:static',cache_max_age=5184000) config.add_cache_buster( 'buddy:deform_bootstrap/static/', QueryStringConstantCacheBuster(str(int(time.time())))) config.add_static_view('images','buddy:images') config.add_cache_buster( 'buddy:images/', QueryStringConstantCacheBuster(str(int(time.time())))) config.include('pyramid_mailer') config.include("pyramid_mako") config.include("pyramid_retry") config.include('buddy.views.noprefix_include') config.include('buddy.views.profile_include') config.include('buddy.views.advice.noprefix_route') config.include('buddy.views.listing.noprefix_route') config.include('buddy.views.users_include',route_prefix='users') config.include('buddy.views.listing.add_route',route_prefix='listings') config.include('buddy.views.listing.add_route_listing_ajax',route_prefix="listings-ajax") config.include('buddy.views.dashboard.add_route',route_prefix='dashboard') config.include('buddy.views.advice.blog_route',route_prefix='blogs') config.include('buddy.views.inbox.add_route', route_prefix='message') config.include('buddy.views.document.add_route',route_prefix='corp') config.include("buddy.views.search.add_route", route_prefix="prosearch") config.include("buddy.views.pricing.pricing") config.include("buddy.pyramid_storage.s3") config.scan() return config.make_wsgi_app()
def add_g(request): title = 'Add group' groups = DBSession.query(Groups).all() form = Form(request, schema=AddGroup) if 'form_submitted' in request.POST and form.validate(): group = form.bind(Groups()) DBSession.add(group) DBSession.flush() redir_url = request.route_url('dashboard') return HTTPFound(location=redir_url) return dict(form=FormRenderer(form), groups=groups, title=title)
def delete_m(self): id = self.request.matchdict['id'] user_id = self.request.matchdict['user_id'] message = Messages.get_by_id(id) if not message: self.session.flash('info; No such message') return HTTPFound(location=self.request.route_url('home')) DBSession.delete(message) DBSession.flush() return HTTPFound(location=self.request.route_url('inbox', id=user_id))
def user_pix(request): user = request.user fileO = request.POST['profile_pix'] data = StringIO(fileO.file.read()) resized_data = make_thumbnail(data) filename = request.storage.save_file_io(resized_data, fileO.filename, randomize=True, folder="profilepics") user.photo = filename DBSession.flush() return HTTPFound(location=request.route_url("user_edit"))
def company_upload(request): user = request.user fileO = request.POST['cover_pix'] data = StringIO(fileO.file.read()) optimized_data = optimize(data) filename = request.storage.save_file_io(optimized_data, fileO.filename, randomize=True, folder="coverphotos") user.cover_photo = filename DBSession.flush() return HTTPFound(location=request.route_url("user_edit"))
def buddy_remember(request, user, event='L'): if asbool(buddy_settings('log_logins')): if buddy_settings('log_login_header'): ip_addr = request.environ.get( buddy_settings('log_login_header'), u'invalid value - buddy.log_login_header') else: ip_addr = unicode(request.environ['REMOTE_ADDR']) record = AuthUserLog(user_id=user.id, ip_addr=ip_addr, event=event) DBSession.add(record) DBSession.flush() return remember(request, user.id) return remember(request, user.id)
def verify(request): prefix = request.matchdict['prefix'] user = Users.get_by_path(prefix) if not user: request.session.flash('danger; user not found') user.is_verified = True user_parent = user.parent silver_plan = DBSession.query(Plans).filter(Plans.name == 'Silver').first() if user_parent: if not user_parent.earned_benefit: if user.active_subscription: active_sub = user.active_subscription[0] subscription = Subscription(user=user, plan=silver_plan, amount=0, no_of_months=1, discount=u"100%", status=u"Active") subscription.start_date = active_sub.end_date subscription.end_date = active_sub.end_date + timedelta( days=30) else: subscription = Subscription(user=request.user, plan=silver_plan, amount=0, no_of_months=1, discount=u"100%", start_date=datetime.today(), end_date=datetime.today() + timedelta(days=30), status=u"Active") DBSession.add(subscription) DBSession.flush() body = """<html><head><title>Verified on nairabricks.com</title></head><body> <p>Dear %s,<p><br> <p>You are now verified as a professional in Nairabricks</p> <p>However, please note that we still have the right to decline your listings if they violate our property listing policy</p> <p>Moreso, ensure that your listings are not duplicated. Instead of having duplicate listings, update your listing frequently to keep it at the top</p> <p>Yours sincerely,</p> <p>The Happy Nairabricks Info Robot</p> </body> </html> """ % user.fullname html_email_sender(request, subject="Congratulations", recipients=user.email, body=body) request.session.flash('success; user verified') return HTTPFound(location=request.route_url('user_list'))
def promo_sub(request): id = request.matchdict['id'] user = Users.get_by_id(id) if not user: return HTTPNotFound() form = Form(request, schema=PromoSubSchema) if 'submit' in request.POST and form.validate(): plan_id = form.data['plan'] plan = DBSession.query(Plans).get(plan_id) if plan: subscription = Subscription(user=user, plan=plan, amount=0, no_of_months=1, discount="100%", status="Active", start_date=datetime.today(), end_date=datetime.today() + timedelta(days=30)) DBSession.add(subscription) DBSession.flush() if request.is_xhr: html = """<div class="alert alert-success alert-dismissable col-xs-12"> <button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button> User subscription </div>""" return Response(html) request.session.flash('success; User subscribed') return HTTPFound( location=request.route_url('profile', prefix=user.prefix)) if request.is_xhr: html = """<div class="alert alert-danger alert-dismissable col-xs-12"> <button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button> An error occured, user Not subscribed </div>""" return Response(html) request.session.flash('danger; An error occured, user subscribed %s' % form.all_errors()) return HTTPFound( location=request.route_url('profile', prefix=user.prefix)) if request.is_xhr: html = """<div class="alert alert-danger alert-dismissable col-xs-12"> <button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button> An error occured, user Not subscribed </div>""" return Response(html) request.session.flash('danger; An error occured, user subscribed %s' % form.all_errors()) return HTTPFound(location=request.route_url('profile', prefix=user.prefix))
def from_area(request): area_id = request.matchdict['area_id'] district = District.get_by_id(area_id) listings=DBSession.query(Listings).filter(Listings.approved==True).\ filter(Listings.declined==False).filter(Listings.district==district).order_by(Listings.modified.desc()).all() page_url = PageURL_WebOb(request) page = int(request.params.get("page", 1)) paginator = Page(listings, page=page, items_per_page=5, url=page_url) form = Form(request) title = "Properties in %s, %s,%s" % (district.name, district.lga.name, district.lga.state.name) return dict(title=title, paginator=paginator, district=district, form=FormRenderer(form), type='', min_price='', max_price='', state_id=district.lga.state.id, lga_id=district.lga.id, lgas=[(a.id, a.name) for a in district.lga.state.lga.all()], ptype='', beds='', baths='', area_size='', covered_area='', transaction_type='')
def index(self): form = Form(self.request) params = self.request.params protype = params.get('type','') location = params.get('cities_auto','') name = params.get('name','') users = DBSession.query(Users) if protype: users = users.join(User_types).filter(User_types.id==protype) if location and name: st = State.get_by_name(location) name="%"+name+"%" filters = or_(Users.fullname.like(name),Users.company_name.like(name)) users = users.filter(Users.state_id==st.id).filter(filters) if location and not name: st = State.get_by_name(location) users = users.filter(Users.state==st) if name and not location: namelike="%"+name+"%" filters = or_(Users.fullname.like(namelike),Users.company_name.like(namelike)) users = users.filter(filters) users = users.filter(and_(Users.email!=u'*****@*****.**',Users.email!=u'*****@*****.**')).order_by((Users.photo!=None).desc()).all() page_url = PageURL_WebOb(self.request) paginator = Page(users, page=int(self.request.params.get("page", 1)), items_per_page=12, url=page_url) return dict(title="Nairabricks Real Estate Professionals", name = name, location = location, protype= protype, form = FormRenderer(form),paginator=paginator)
def autoc(self): term = self.request.params.get('cities_auto') if term: term = '%' + term + '%' data = [] states = DBSession.query(State).filter(State.name.like(term)).all() lga = DBSession.query(LGA).filter(LGA.name.like(term)).all() district = DBSession.query(District).filter( District.name.like(term)).all() for state in states: data.append(state.name) for lg in lga: data.append(lg.name) for d in district: data.append(d.name) return data
def delete_lga(request): dbsession=DBSession() lga_id = request.matchdict['lga_id'] state_id = request.matchdict['state_id'] lga = LGA.get_by_id(lga_id) if lga is None: request.session.flash('info; No such LGA') return HTTPFound(location = request.route_url("view_state",state_id=state_id)) try: dbsession.delete(lga) request.session.flash('success; LGA deleted') return HTTPFound(location = request.route_url("view_state",state_id=state_id)) except IntegrityError: transaction.abort() request.session.flash('info; operation failed') return HTTPFound(location = request.route_url("view_state",state_id=state_id))