def item_update(id, slug): item = Item.get_or_404(id, slug) if not item.editable_by(current_user): abort(403) form = ItemForm() if form.validate_on_submit(): item.title = form.title.data item.description = form.description.data item.price = Price(fixed_value=form.price.data*100, currency='USD') item.active = form.active.data item.expiry = datetime.datetime.now() + datetime.timedelta(days=form.expires_in.data) private_viewer_emails = [_.strip() for _ in form.private_viewers.data.split(',')] item.private_viewer_keys = [user.key for user in UserProfile.query(UserProfile.email.IN(private_viewer_emails))] if form.image.has_file(): app.logger.debug(form.image.data) app.logger.debug(dir(form.image.data)) app.logger.debug(form.image.data.mimetype_params) blob = blobstore.parse_blob_info(to_fieldstorage(form.image.data)) item.image = blob.key() item.put() flash(_T('Item updated'), 'success') return redirect(url_for('item', id=id, slug=slug)) form = ItemForm(title=item.title, description=item.description, price=item.price.fixed_value / 100, youtube=item.youtube, private_viewers=','.join([user.username for user in ndb.get_multi(item.private_viewer_keys)]), active=item.active) return render_template('item/update.html', form=form, id=id, slug=slug, action=blobstore.create_upload_url(url_for('item_update', id=id, slug=slug)), title=_T('Update Item') + ' %s' % item.title)
def item_create(): form = ItemForm() if form.validate_on_submit(): item = Item() item.title = form.title.data item.seller_id = current_user.get_id() item.slug = slugify(form.title.data) item.description = form.description.data item.price = Price(fixed_value=form.price.data*100, currency='USD') if form.image.has_file(): blob = blobstore.parse_blob_info(to_fieldstorage(form.image.data)) item.image = blob.key() item.youtube = form.youtube.data item.active = form.active.data item.expiry = datetime.datetime.now() + datetime.timedelta(days=form.expires_in.data) private_viewer_emails = [_.strip() for _ in form.private_viewers.data.split(',')] item.private_viewer_keys = [user.key for user in UserProfile.query(UserProfile.email.IN(private_viewer_emails))] k = item.put() flash(_T('Your item has been created!'), 'success') return redirect(url_for('item', id=k.id(), slug=item.slug)) return render_template('item/create.html', form=form, action=blobstore.create_upload_url(url_for('item_create')), title=_T('Create Item'))
def login(): user = users.get_current_user() if user is not None: user_profile = UserProfile.for_user(user) if login_user(user_profile): flash(_T('You\'ve successfully been logged in!'), 'success') else: flash(_T('You cannot login using this account as it has been deactivated.'), 'warning') return redirect(users.create_logout_url(url_for('index'))) return redirect(url_for('index')) else: return redirect(users.create_login_url(url_for('login')))
def message_send(): form = forms.MessageSendForm(to=request.args.get('to', ''), subject=request.args.get('subject', '')) if form.validate_on_submit(): to = UserProfile.query(UserProfile.email.IN(map(lambda un: un.strip(), form.to.data.split(',')))).fetch(1000) if form.subject.data: item = None try: item = Item.get_by_id(long(form.subject.data)) except ValueError: pass if not item: flash(_LT('Subject must be a valid item ID.'), 'error') return redirect(url_for('message_send')) if item.seller_id != to[0].get_id() or len(to) > 1: flash(_LT('Messages about items can only be sent to their sellers!'), 'error') return redirect(item.url()) message_key, conv_key = Message.send(current_user, to, form.subject.data, form.message.data) return redirect(url_for('message_conversation', id=conv_key.id()) + '#message_%s' % message_key.id()) return render_template('message/send.html', message_send_form=form, title=_T('Send Message'))
def item_index(): # TODO Paginate results properly, and add restrictions on kinds of queries possible. # TODO Partial-match search orderings = Item.get_orderings() # HACK ordering = request.args.get('o', 'created (descending)') if ordering not in orderings.keys(): ordering = 'created (descending)' ext_results = [] if 'q' in request.args: orderings = Item.get_search_orderings() current_ordering = [orderings.get(ordering)] if request.args['q'].strip().lower() == 'htcpcp': abort(418, TEAPOT) elif request.args['q'].strip().lower() == 'about:credits': return redirect('/humans.txt') iq = ItemQuery.search(request.args['q'].strip().lower(), current_ordering) # external results # TODO FIXME r = apiclient.search('https://syscan-buybase.appspot.com', '11BB3F480D328E6190ECE40CC19965D29A84139996C6B0FD00BF2A34155E4BB7', query='abyss', limit=1) logging.error(r.get_result().content) else: current_ordering = orderings.get(ordering) iq = ItemQuery.query(None, current_ordering, request.args.get('c')) try: items, cursor, more = iq.fetch(10) except QueryError: flash(_T('Sorry, but your query failed.'), 'error') return redirect(url_for('index')) return render_template('item/index.html', items=items, cursor=cursor, has_more=more, item_orderings=orderings.keys(), title=_T('Items'))
def logout(): form = forms.LogoutForm() try: if form.validate_on_submit(): logout_user() flash(_T('You have successfully been logged out.'), 'success') return redirect(users.create_logout_url(url_for('index'))) else: abort(403) except ValidationError: abort(403)
def user_delete(id): form = forms.UserDeleteForm() user_profile = UserProfile.get_or_404(id) if current_user.has_role('admin'): flash(_T('Sorry, but administrators cannot delete their accounts.'), 'error') flash(_T('Please ask another administrator to deactivate your account, or to make you a regular user.'), 'info') return redirect(url_for('user', id=id)) if form.validate_on_submit(): logout_user() user.delete() flash(_T('Your account has successfully been deleted.')) if user_profile != current_user: logging.info('%s\'s account has been deleted', user_profile.display_name) return redirect(url_for('index')) return render_template('user/delete.html', user_profile=user_profile, user_delete_form=form, title=_T('Delete User'))
def item_delete(id, slug): item = Item.get_or_404(id, slug) if not item.editable_by(current_user): abort(403) form = forms.ItemDeleteForm() if form.validate_on_submit(): item.key.delete() flash(_T('The item has been deleted successfully.'), 'success') return redirect(url_for('item_index')) else: abort(403)
def user_deactivate(id): form = forms.UserDeactivateForm() user_profile = UserProfile.get_or_404(id) if current_user.has_role('admin') and user_profile == current_user: flash(_T('Sorry, but administrators cannot deactivate their own accounts.'), 'error') flash(_T('Please ask another administrator to deactivate your account.'), 'info') return redirect(user_profile.url()) if form.validate_on_submit(): user_profile.active = not user_profile.active user_profile.put() # flipped, because we've just activated/deactivated flash('%s has successfully been %sactivated!' % (user_profile.display_name, '' if user_profile.active else 'de'), 'success') if user_profile != current_user: logging.info('%s\'s account has been deactivated', user_profile.display_name) return redirect(user_profile.url()) else: abort(403)
def collection_create(): collection_form = forms.CollectionForm() # XXX This could potentially be a problem, but given the current scale of the app, it shouldn't # cause much trouble. # NOTE: Because we populate the choices here and validate_on_submit later, even if the user # modifies the options by hand, they'll still be verified against these choices. collection_form.item_ids.choices = [(item.key.id(), '#%s - %s' % (item.key.id(), item.title)) for item in Item.query(Item.seller_id == current_user.get_id()).fetch(100000)] if collection_form.validate_on_submit(): c = Collection() c.title = collection_form.title.data c.description = collection_form.description.data c.author = current_user c.item_keys = [ndb.Key(Item, id) for id in collection_form.item_ids.data] k = c.put() flash(_LT('Your collection has been created successfully!'), 'success') return redirect(url_for('collection', id=k.id())) return render_template('collection/create.html', collection_form=collection_form, title=_T('Create Collection'))
def collection_index(): cq = Collection.query(Collection.author_key == current_user.key) collections, cursor, has_more = cq.fetch_page(10) return render_template('collection/index.html', collections=collections, cursor=cursor, has_more=has_more, title=_T('Collections'))
def message_index(): c_page = Conversation.list_query(current_user).fetch_page(10) return render_template('message/index.html', conversations=c_page[0], cursor=c_page[1], has_more=c_page[2], title=_T('Messages'))
def user_index(): users_profiles = UserProfile.query().fetch(10) return render_template('user/index.html', user_profiles=users_profiles, title=_T('Users'))
def bootstrap(): if not Item.query().get(): do_bootstrap() flash(_T('The app was bootstrapped (first run only); please reload the page.'))