class UserRank(db.Model):
id = db.Column(db.Integer(), primary_key=True)
user_id = db.Column(db.ForeignKey("users.id"), nullable=False)
rank_id = db.Column(db.ForeignKey("ranks.id"))
user = db.relationship(
User,
backref=db.backref("user_rank",
uselist=False,
cascade="all, delete-orphan",
lazy="joined"),
uselist=False,
lazy="joined",
foreign_keys=[user_id],
)
rank = db.relationship(
Rank,
backref=db.backref("user_ranks",
lazy="joined",
cascade="all, delete-orphan"),
uselist=False,
lazy="joined",
foreign_keys=[rank_id],
)
name = association_proxy("rank", "rank_name")
code = association_proxy("rank", "rank_code")
def is_custom(self):
return self.rank.is_custom()
def __repr__(self):
return "<UserRank user={} name={}>".format(self.user.username,
self.name)
class Report(db.Model, CRUDMixin):
__tablename__ = "reports"
# TODO: Store in addition to the info below topic title and username
# as well. So that in case a user or post gets deleted, we can
# still view the report
id = db.Column(db.Integer, primary_key=True)
reporter_id = db.Column(db.Integer,
db.ForeignKey("users.id"),
nullable=True)
reported = db.Column(UTCDateTime(timezone=True),
default=time_utcnow,
nullable=False)
post_id = db.Column(db.Integer, db.ForeignKey("posts.id"), nullable=True)
zapped = db.Column(UTCDateTime(timezone=True), nullable=True)
zapped_by = db.Column(db.Integer, db.ForeignKey("users.id"), nullable=True)
reason = db.Column(db.Text, nullable=True)
post = db.relationship("Post",
lazy="joined",
backref=db.backref('report',
cascade='all, delete-orphan'))
reporter = db.relationship("User",
lazy="joined",
foreign_keys=[reporter_id])
zapper = db.relationship("User", lazy="joined", foreign_keys=[zapped_by])
def __repr__(self):
return "<{} {}>".format(self.__class__.__name__, self.id)
def save(self, post=None, user=None):
"""Saves a report.
:param post: The post that should be reported
:param user: The user who has reported the post
:param reason: The reason why the user has reported the post
"""
if self.id:
db.session.add(self)
db.session.commit()
return self
if post and user:
self.reporter = user
self.reported = time_utcnow()
self.post = post
db.session.add(self)
db.session.commit()
return self
class PostLike(db.Model):
__tablename__ = 'vanity_association'
post_id = db.Column(db.ForeignKey('posts.id'), primary_key=True)
post = db.relationship(
Post,
backref=db.backref(
"liked_by_users",
lazy='joined',
cascade='all, delete-orphan'
)
)
user_id = db.Column(db.ForeignKey('users.id'), primary_key=True)
user = db.relationship(
User,
uselist=False,
#lazy='joined', # see: https://github.com/flaskbb/flaskbb/issues/503#issuecomment-415713742
backref=db.backref(
"user_liked_posts",
cascade="all, delete-orphan",
),
)
class Forum(db.Model, CRUDMixin):
__tablename__ = "forums"
__searchable__ = ['title', 'description']
id = db.Column(db.Integer, primary_key=True)
category_id = db.Column(db.Integer,
db.ForeignKey("categories.id"),
nullable=False)
title = db.Column(db.String(255), nullable=False)
description = db.Column(db.Text)
position = db.Column(db.Integer, default=1, nullable=False)
locked = db.Column(db.Boolean, default=False, nullable=False)
show_moderators = db.Column(db.Boolean, default=False, nullable=False)
external = db.Column(db.String(200))
post_count = db.Column(db.Integer, default=0, nullable=False)
topic_count = db.Column(db.Integer, default=0, nullable=False)
# One-to-one
last_post_id = db.Column(db.Integer, db.ForeignKey("posts.id"))
last_post = db.relationship("Post",
backref="last_post_forum",
uselist=False,
foreign_keys=[last_post_id])
# Not nice, but needed to improve the performance
last_post_title = db.Column(db.String(255))
last_post_user_id = db.Column(db.Integer, db.ForeignKey("users.id"))
last_post_username = db.Column(db.String(255))
last_post_created = db.Column(UTCDateTime(timezone=True),
default=time_utcnow)
# One-to-many
topics = db.relationship("Topic",
backref="forum",
lazy="dynamic",
cascade="all, delete-orphan")
# Many-to-many
moderators = db.relationship("User",
secondary=moderators,
primaryjoin=(moderators.c.forum_id == id),
backref=db.backref("forummoderator",
lazy="dynamic"),
lazy="joined")
groups = db.relationship(
"Group",
secondary=forumgroups,
primaryjoin=(forumgroups.c.forum_id == id),
backref="forumgroups",
lazy="joined",
)
# Properties
@property
def slug(self):
"""Returns a slugified version from the forum title"""
return slugify(self.title)
@property
def url(self):
"""Returns the slugified url for the forum"""
if self.external:
return self.external
return url_for("forum.view_forum", forum_id=self.id, slug=self.slug)
@property
def last_post_url(self):
"""Returns the url for the last post in the forum"""
return url_for("forum.view_post", post_id=self.last_post_id)
# Methods
def __repr__(self):
"""Set to a unique key specific to the object in the database.
Required for cache.memoize() to work across requests.
"""
return "<{} {}>".format(self.__class__.__name__, self.id)
def update_last_post(self):
"""Updates the last post in the forum."""
last_post = Post.query.\
filter(Post.topic_id == Topic.id,
Topic.forum_id == self.id).\
order_by(Post.date_created.desc()).\
first()
# Last post is none when there are no topics in the forum
if last_post is not None:
# a new last post was found in the forum
if not last_post.id == self.last_post_id:
self.last_post_id = last_post.id
self.last_post_title = last_post.topic.title
self.last_post_user_id = last_post.user_id
self.last_post_username = last_post.username
self.last_post_created = last_post.date_created
# No post found..
else:
self.last_post_id = None
self.last_post_title = None
self.last_post_user_id = None
self.last_post_username = None
self.last_post_created = None
db.session.commit()
def update_read(self, user, forumsread, topicsread):
"""Updates the ForumsRead status for the user. In order to work
correctly, be sure that `topicsread is **not** `None`.
:param user: The user for whom we should check if he has read the
forum.
:param forumsread: The forumsread object. It is needed to check if
if the forum is unread. If `forumsread` is `None`
and the forum is unread, it will create a new entry
in the `ForumsRead` relation, else (and the forum
is still unread) we are just going to update the
entry in the `ForumsRead` relation.
:param topicsread: The topicsread object is used in combination
with the forumsread object to check if the
forumsread relation should be updated and
therefore is unread.
"""
if not user.is_authenticated or topicsread is None:
return False
read_cutoff = None
if flaskbb_config['TRACKER_LENGTH'] > 0:
read_cutoff = time_utcnow() - timedelta(
days=flaskbb_config['TRACKER_LENGTH'])
# fetch the unread posts in the forum
unread_count = Topic.query.\
outerjoin(TopicsRead,
db.and_(TopicsRead.topic_id == Topic.id,
TopicsRead.user_id == user.id)).\
outerjoin(ForumsRead,
db.and_(ForumsRead.forum_id == Topic.forum_id,
ForumsRead.user_id == user.id)).\
filter(Topic.forum_id == self.id,
Topic.last_updated > read_cutoff,
db.or_(TopicsRead.last_read == None,
TopicsRead.last_read < Topic.last_updated)).\
count()
# No unread topics available - trying to mark the forum as read
if unread_count == 0:
if forumsread and forumsread.last_read > topicsread.last_read:
return False
# ForumRead Entry exists - Updating it because a new topic/post
# has been submitted and has read everything (obviously, else the
# unread_count would be useless).
elif forumsread:
forumsread.last_read = time_utcnow()
forumsread.save()
return True
# No ForumRead Entry existing - creating one.
forumsread = ForumsRead()
forumsread.user_id = user.id
forumsread.forum_id = self.id
forumsread.last_read = time_utcnow()
forumsread.save()
return True
# Nothing updated, because there are still more than 0 unread
# topicsread
return False
def recalculate(self, last_post=False):
"""Recalculates the post_count and topic_count in the forum.
Returns the forum with the recounted stats.
:param last_post: If set to ``True`` it will also try to update
the last post columns in the forum.
"""
topic_count = Topic.query.filter_by(forum_id=self.id).count()
post_count = Post.query.\
filter(Post.topic_id == Topic.id,
Topic.forum_id == self.id).\
count()
self.topic_count = topic_count
self.post_count = post_count
if last_post:
self.update_last_post()
self.save()
return self
def save(self, groups=None):
"""Saves a forum
:param moderators: If given, it will update the moderators in this
forum with the given iterable of user objects.
:param groups: A list with group objects.
"""
if self.id:
db.session.merge(self)
else:
if groups is None:
# importing here because of circular dependencies
from flaskbb.user.models import Group
self.groups = Group.query.order_by(Group.name.asc()).all()
db.session.add(self)
db.session.commit()
return self
def delete(self, users=None):
"""Deletes forum. If a list with involved user objects is passed,
it will also update their post counts
:param users: A list with user objects
"""
# Delete the forum
db.session.delete(self)
db.session.commit()
# Delete the entries for the forum in the ForumsRead and TopicsRead
# relation
ForumsRead.query.filter_by(forum_id=self.id).delete()
TopicsRead.query.filter_by(forum_id=self.id).delete()
# Update the users post count
if users:
users_list = []
for user in users:
user.post_count = Post.query.filter_by(user_id=user.id).count()
users_list.append(user)
db.session.add_all(users_list)
db.session.commit()
return self
def move_topics_to(self, topics):
"""Moves a bunch a topics to the forum. Returns ``True`` if all
topics were moved successfully to the forum.
:param topics: A iterable with topic objects.
"""
status = False
for topic in topics:
status = topic.move(self)
return status
# Classmethods
@classmethod
def get_forum(cls, forum_id, user):
"""Returns the forum and forumsread object as a tuple for the user.
:param forum_id: The forum id
:param user: The user object is needed to check if we also need their
forumsread object.
"""
if user.is_authenticated:
forum, forumsread = Forum.query.\
filter(Forum.id == forum_id).\
options(db.joinedload("category")).\
outerjoin(ForumsRead,
db.and_(ForumsRead.forum_id == Forum.id,
ForumsRead.user_id == user.id)).\
add_entity(ForumsRead).\
first_or_404()
else:
forum = Forum.query.filter(Forum.id == forum_id).first_or_404()
forumsread = None
return forum, forumsread
@classmethod
def get_topics(cls, forum_id, user, page=1, per_page=20):
"""Get the topics for the forum. If the user is logged in,
it will perform an outerjoin for the topics with the topicsread and
forumsread relation to check if it is read or unread.
:param forum_id: The forum id
:param user: The user object
:param page: The page whom should be loaded
:param per_page: How many topics per page should be shown
"""
if user.is_authenticated:
topics = Topic.query.filter_by(forum_id=forum_id).\
outerjoin(TopicsRead,
db.and_(TopicsRead.topic_id == Topic.id,
TopicsRead.user_id == user.id)).\
add_entity(TopicsRead).\
order_by(Topic.important.desc(), Topic.last_updated.desc()).\
paginate(page, per_page, True)
else:
topics = Topic.query.filter_by(forum_id=forum_id).\
order_by(Topic.important.desc(), Topic.last_updated.desc()).\
paginate(page, per_page, True)
topics.items = [(topic, None) for topic in topics.items]
return topics
class User(db.Model, UserMixin, CRUDMixin):
__tablename__ = "users"
__searchable__ = ['username', 'email']
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String(200), unique=True, nullable=False)
email = db.Column(db.String(200), unique=True, nullable=False)
_password = db.Column('password', db.String(120), nullable=False)
date_joined = db.Column(db.DateTime, default=datetime.utcnow())
lastseen = db.Column(db.DateTime, default=datetime.utcnow())
birthday = db.Column(db.DateTime)
gender = db.Column(db.String(10))
website = db.Column(db.String(200))
location = db.Column(db.String(100))
signature = db.Column(db.Text)
avatar = db.Column(db.String(200))
notes = db.Column(db.Text)
last_failed_login = db.Column(db.DateTime)
login_attempts = db.Column(db.Integer, default=0)
activated = db.Column(db.Boolean, default=False)
theme = db.Column(db.String(15))
language = db.Column(db.String(15), default="en")
posts = db.relationship("Post", backref="user", lazy="dynamic")
topics = db.relationship("Topic", backref="user", lazy="dynamic")
post_count = db.Column(db.Integer, default=0)
primary_group_id = db.Column(db.Integer,
db.ForeignKey('groups.id'),
nullable=False)
primary_group = db.relationship('Group',
lazy="joined",
backref="user_group",
uselist=False,
foreign_keys=[primary_group_id])
secondary_groups = \
db.relationship('Group',
secondary=groups_users,
primaryjoin=(groups_users.c.user_id == id),
backref=db.backref('users', lazy='dynamic'),
lazy='dynamic')
tracked_topics = \
db.relationship("Topic", secondary=topictracker,
primaryjoin=(topictracker.c.user_id == id),
backref=db.backref("topicstracked", lazy="dynamic"),
lazy="dynamic")
# Properties
@property
def is_active(self):
"""Returns the state of the account.
If the ``ACTIVATE_ACCOUNT`` option has been disabled, it will always
return ``True``. Is the option activated, it will, depending on the
state of the account, either return ``True`` or ``False``.
"""
if flaskbb_config["ACTIVATE_ACCOUNT"]:
if self.activated:
return True
return False
return True
@property
def last_post(self):
"""Returns the latest post from the user."""
return Post.query.filter(Post.user_id == self.id).\
order_by(Post.date_created.desc()).first()
@property
def url(self):
"""Returns the url for the user."""
return url_for("user.profile", username=self.username)
@property
def permissions(self):
"""Returns the permissions for the user."""
return self.get_permissions()
@property
def groups(self):
"""Returns the user groups."""
return self.get_groups()
@property
def unread_messages(self):
"""Returns the unread messages for the user."""
return self.get_unread_messages()
@property
def unread_count(self):
"""Returns the unread message count for the user."""
return len(self.unread_messages)
@property
def days_registered(self):
"""Returns the amount of days the user is registered."""
days_registered = (datetime.utcnow() - self.date_joined).days
if not days_registered:
return 1
return days_registered
@property
def topic_count(self):
"""Returns the thread count."""
return Topic.query.filter(Topic.user_id == self.id).count()
@property
def posts_per_day(self):
"""Returns the posts per day count."""
return round((float(self.post_count) / float(self.days_registered)), 1)
@property
def topics_per_day(self):
"""Returns the topics per day count."""
return round((float(self.topic_count) / float(self.days_registered)),
1)
# Methods
def __repr__(self):
"""Set to a unique key specific to the object in the database.
Required for cache.memoize() to work across requests.
"""
return "<{} {}>".format(self.__class__.__name__, self.username)
def _get_password(self):
"""Returns the hashed password."""
return self._password
def _set_password(self, password):
"""Generates a password hash for the provided password."""
if not password:
return
self._password = generate_password_hash(password)
# Hide password encryption by exposing password field only.
password = db.synonym('_password',
descriptor=property(_get_password, _set_password))
def check_password(self, password):
"""Check passwords. If passwords match it returns true, else false."""
if self.password is None:
return False
return check_password_hash(self.password, password)
@classmethod
def authenticate(cls, login, password):
"""A classmethod for authenticating users.
It returns the user object if the user/password combination is ok.
If the user has entered too often a wrong password, he will be locked
out of his account for a specified time.
:param login: This can be either a username or a email address.
:param password: The password that is connected to username and email.
"""
user = cls.query.filter(
db.or_(User.username == login, User.email == login)).first()
if user:
if user.check_password(password):
# reset them after a successful login attempt
user.login_attempts = 0
user.save()
return user
# user exists, wrong password
user.login_attempts += 1
user.last_failed_login = datetime.utcnow()
user.save()
# protection against account enumeration timing attacks
dummy_password = os.urandom(15).encode("base-64")
check_password_hash(dummy_password, password)
raise AuthenticationError
def recalculate(self):
"""Recalculates the post count from the user."""
post_count = Post.query.filter_by(user_id=self.id).count()
self.post_count = post_count
self.save()
return self
def all_topics(self, page):
"""Returns a paginated result with all topics the user has created."""
return Topic.query.filter(Topic.user_id == self.id).\
filter(Post.topic_id == Topic.id).\
order_by(Post.id.desc()).\
paginate(page, flaskbb_config['TOPICS_PER_PAGE'], False)
def all_posts(self, page):
"""Returns a paginated result with all posts the user has created."""
return Post.query.filter(Post.user_id == self.id).\
paginate(page, flaskbb_config['TOPICS_PER_PAGE'], False)
def track_topic(self, topic):
"""Tracks the specified topic.
:param topic: The topic which should be added to the topic tracker.
"""
if not self.is_tracking_topic(topic):
self.tracked_topics.append(topic)
return self
def untrack_topic(self, topic):
"""Untracks the specified topic.
:param topic: The topic which should be removed from the
topic tracker.
"""
if self.is_tracking_topic(topic):
self.tracked_topics.remove(topic)
return self
def is_tracking_topic(self, topic):
"""Checks if the user is already tracking this topic.
:param topic: The topic which should be checked.
"""
return self.tracked_topics.filter(
topictracker.c.topic_id == topic.id).count() > 0
def add_to_group(self, group):
"""Adds the user to the `group` if he isn't in it.
:param group: The group which should be added to the user.
"""
if not self.in_group(group):
self.secondary_groups.append(group)
return self
def remove_from_group(self, group):
"""Removes the user from the `group` if he is in it.
:param group: The group which should be removed from the user.
"""
if self.in_group(group):
self.secondary_groups.remove(group)
return self
def in_group(self, group):
"""Returns True if the user is in the specified group.
:param group: The group which should be checked.
"""
return self.secondary_groups.filter(
groups_users.c.group_id == group.id).count() > 0
@cache.memoize(timeout=max_integer)
def get_groups(self):
"""Returns all the groups the user is in."""
return [self.primary_group] + list(self.secondary_groups)
@cache.memoize(timeout=max_integer)
def get_permissions(self, exclude=None):
"""Returns a dictionary with all permissions the user has"""
if exclude:
exclude = set(exclude)
else:
exclude = set()
exclude.update(['id', 'name', 'description'])
perms = {}
# Get the Guest group
for group in self.groups:
columns = set(group.__table__.columns.keys()) - set(exclude)
for c in columns:
perms[c] = getattr(group, c) or perms.get(c, False)
return perms
@cache.memoize(timeout=max_integer)
def get_unread_messages(self):
"""Returns all unread messages for the user."""
unread_messages = Conversation.query.\
filter(Conversation.unread, Conversation.user_id == self.id).all()
return unread_messages
def invalidate_cache(self, permissions=True, messages=True):
"""Invalidates this objects cached metadata.
:param permissions_only: If set to ``True`` it will only invalidate
the permissions cache. Otherwise it will
also invalidate the user's unread message
cache.
"""
if messages:
cache.delete_memoized(self.get_unread_messages, self)
if permissions:
cache.delete_memoized(self.get_permissions, self)
cache.delete_memoized(self.get_groups, self)
def ban(self):
"""Bans the user. Returns True upon success."""
if not self.get_permissions()['banned']:
banned_group = Group.query.filter(Group.banned == True).first()
self.primary_group_id = banned_group.id
self.save()
self.invalidate_cache()
return True
return False
def unban(self):
"""Unbans the user. Returns True upon success."""
if self.get_permissions()['banned']:
member_group = Group.query.filter(Group.admin == False,
Group.super_mod == False,
Group.mod == False,
Group.guest == False,
Group.banned == False).first()
self.primary_group_id = member_group.id
self.save()
self.invalidate_cache()
return True
return False
def save(self, groups=None):
"""Saves a user. If a list with groups is provided, it will add those
to the secondary groups from the user.
:param groups: A list with groups that should be added to the
secondary groups from user.
"""
if groups is not None:
# TODO: Only remove/add groups that are selected
secondary_groups = self.secondary_groups.all()
for group in secondary_groups:
self.remove_from_group(group)
db.session.commit()
for group in groups:
# Do not add the primary group to the secondary groups
if group.id == self.primary_group_id:
continue
self.add_to_group(group)
self.invalidate_cache()
db.session.add(self)
db.session.commit()
return self
def delete(self):
"""Deletes the User."""
# This isn't done automatically...
Conversation.query.filter_by(user_id=self.id).delete()
ForumsRead.query.filter_by(user_id=self.id).delete()
TopicsRead.query.filter_by(user_id=self.id).delete()
# This should actually be handeld by the dbms.. but dunno why it doesnt
# work here
from flaskbb.forum.models import Forum
last_post_forums = Forum.query.\
filter_by(last_post_user_id=self.id).all()
for forum in last_post_forums:
forum.last_post_user_id = None
forum.save()
db.session.delete(self)
db.session.commit()
return self
class User(db.Model, UserMixin, CRUDMixin):
__tablename__ = "users"
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String(200), unique=True, nullable=False)
email = db.Column(db.String(200), unique=True, nullable=False)
_password = db.Column('password', db.String(120), nullable=False)
date_joined = db.Column(UTCDateTime(timezone=True),
default=time_utcnow,
nullable=False)
lastseen = db.Column(UTCDateTime(timezone=True),
default=time_utcnow,
nullable=True)
birthday = db.Column(db.DateTime, nullable=True)
gender = db.Column(db.String(10), nullable=True)
website = db.Column(db.String(200), nullable=True)
location = db.Column(db.String(100), nullable=True)
signature = db.Column(db.Text, nullable=True)
avatar = db.Column(db.String(200), nullable=True)
notes = db.Column(db.Text, nullable=True)
last_failed_login = db.Column(UTCDateTime(timezone=True), nullable=True)
login_attempts = db.Column(db.Integer, default=0, nullable=False)
activated = db.Column(db.Boolean, default=False, nullable=False)
theme = db.Column(db.String(15), nullable=True)
language = db.Column(db.String(15), default="en", nullable=True)
post_count = db.Column(db.Integer, default=0)
primary_group_id = db.Column(db.Integer,
db.ForeignKey('groups.id'),
nullable=False)
posts = db.relationship("Post",
backref="user",
primaryjoin="User.id == Post.user_id",
lazy="dynamic")
topics = db.relationship("Topic",
backref="user",
primaryjoin="User.id == Topic.user_id",
lazy="dynamic")
primary_group = db.relationship("Group",
backref="user_group",
uselist=False,
lazy="joined",
foreign_keys=[primary_group_id])
secondary_groups = db.relationship(
"Group",
secondary=groups_users,
primaryjoin=(groups_users.c.user_id == id),
backref=db.backref("users", lazy="dynamic"),
lazy="dynamic")
tracked_topics = db.relationship(
"Topic",
secondary=topictracker,
primaryjoin=(topictracker.c.user_id == id),
backref=db.backref("topicstracked", lazy="dynamic"),
lazy="dynamic",
single_parent=True)
# Properties
@property
def is_active(self):
"""Returns the state of the account.
If the ``ACTIVATE_ACCOUNT`` option has been disabled, it will always
return ``True``. Is the option activated, it will, depending on the
state of the account, either return ``True`` or ``False``.
"""
if flaskbb_config["ACTIVATE_ACCOUNT"]:
if self.activated:
return True
return False
return True
@property
def last_post(self):
"""Returns the latest post from the user."""
return Post.query.filter(Post.user_id == self.id).\
order_by(Post.date_created.desc()).first()
@property
def url(self):
"""Returns the url for the user."""
return url_for("user.profile", username=self.username)
@property
def permissions(self):
"""Returns the permissions for the user."""
return self.get_permissions()
@property
def groups(self):
"""Returns the user groups."""
return self.get_groups()
@property
def days_registered(self):
"""Returns the amount of days the user is registered."""
days_registered = (time_utcnow() - self.date_joined).days
if not days_registered:
return 1
return days_registered
@property
def topic_count(self):
"""Returns the thread count."""
return Topic.query.filter(Topic.user_id == self.id).count()
@property
def posts_per_day(self):
"""Returns the posts per day count."""
return round((float(self.post_count) / float(self.days_registered)), 1)
@property
def topics_per_day(self):
"""Returns the topics per day count."""
return round((float(self.topic_count) / float(self.days_registered)),
1)
# Methods
def __repr__(self):
"""Set to a unique key specific to the object in the database.
Required for cache.memoize() to work across requests.
"""
return "<{} {}>".format(self.__class__.__name__, self.username)
def _get_password(self):
"""Returns the hashed password."""
return self._password
def _set_password(self, password):
"""Generates a password hash for the provided password."""
if not password:
return
self._password = generate_password_hash(password)
# Hide password encryption by exposing password field only.
password = db.synonym('_password',
descriptor=property(_get_password, _set_password))
def check_password(self, password):
"""Check passwords. If passwords match it returns true, else false."""
if self.password is None:
return False
return check_password_hash(self.password, password)
@classmethod
@deprecated("Use authentication services instead.")
def authenticate(cls, login, password):
"""A classmethod for authenticating users.
It returns the user object if the user/password combination is ok.
If the user has entered too often a wrong password, he will be locked
out of his account for a specified time.
:param login: This can be either a username or a email address.
:param password: The password that is connected to username and email.
"""
user = cls.query.filter(
db.or_(User.username == login, User.email == login)).first()
if user is not None:
if user.check_password(password):
# reset them after a successful login attempt
user.login_attempts = 0
user.save()
return user
# user exists, wrong password
# never had a bad login before
if user.login_attempts is None:
user.login_attempts = 1
else:
user.login_attempts += 1
user.last_failed_login = time_utcnow()
user.save()
# protection against account enumeration timing attacks
check_password_hash("dummy password", password)
raise AuthenticationError
def recalculate(self):
"""Recalculates the post count from the user."""
self.post_count = Post.query.filter_by(user_id=self.id).count()
self.save()
return self
def all_topics(self, page, viewer):
"""Topics made by a given user, most recent first.
:param page: The page which should be displayed.
:param viewer: The user who is viewing the page. Only posts
accessible to the viewer will be returned.
:rtype: flask_sqlalchemy.Pagination
"""
group_ids = [g.id for g in viewer.groups]
topics = Topic.query.\
filter(Topic.user_id == self.id,
Forum.id == Topic.forum_id,
Forum.groups.any(Group.id.in_(group_ids))).\
order_by(Topic.id.desc()).\
paginate(page, flaskbb_config['TOPICS_PER_PAGE'], False)
return topics
def all_posts(self, page, viewer):
"""Posts made by a given user, most recent first.
:param page: The page which should be displayed.
:param viewer: The user who is viewing the page. Only posts
accessible to the viewer will be returned.
:rtype: flask_sqlalchemy.Pagination
"""
group_ids = [g.id for g in viewer.groups]
posts = Post.query.\
filter(Post.user_id == self.id,
Post.topic_id == Topic.id,
Topic.forum_id == Forum.id,
Forum.groups.any(Group.id.in_(group_ids))).\
order_by(Post.id.desc()).\
paginate(page, flaskbb_config['TOPICS_PER_PAGE'], False)
return posts
def track_topic(self, topic):
"""Tracks the specified topic.
:param topic: The topic which should be added to the topic tracker.
"""
if not self.is_tracking_topic(topic):
self.tracked_topics.append(topic)
return self
def untrack_topic(self, topic):
"""Untracks the specified topic.
:param topic: The topic which should be removed from the
topic tracker.
"""
if self.is_tracking_topic(topic):
self.tracked_topics.remove(topic)
return self
def is_tracking_topic(self, topic):
"""Checks if the user is already tracking this topic.
:param topic: The topic which should be checked.
"""
return self.tracked_topics.filter(
topictracker.c.topic_id == topic.id).count() > 0
def add_to_group(self, group):
"""Adds the user to the `group` if he isn't in it.
:param group: The group which should be added to the user.
"""
if not self.in_group(group):
self.secondary_groups.append(group)
return self
def remove_from_group(self, group):
"""Removes the user from the `group` if he is in it.
:param group: The group which should be removed from the user.
"""
if self.in_group(group):
self.secondary_groups.remove(group)
return self
def in_group(self, group):
"""Returns True if the user is in the specified group.
:param group: The group which should be checked.
"""
return self.secondary_groups.filter(
groups_users.c.group_id == group.id).count() > 0
@cache.memoize()
def get_groups(self):
"""Returns all the groups the user is in."""
return [self.primary_group] + list(self.secondary_groups)
@cache.memoize()
def get_permissions(self, exclude=None):
"""Returns a dictionary with all permissions the user has"""
if exclude:
exclude = set(exclude)
else:
exclude = set()
exclude.update(['id', 'name', 'description'])
perms = {}
# Get the Guest group
for group in self.groups:
columns = set(group.__table__.columns.keys()) - set(exclude)
for c in columns:
perms[c] = getattr(group, c) or perms.get(c, False)
return perms
def invalidate_cache(self):
"""Invalidates this objects cached metadata."""
cache.delete_memoized(self.get_permissions, self)
cache.delete_memoized(self.get_groups, self)
def ban(self):
"""Bans the user. Returns True upon success."""
if not self.get_permissions()['banned']:
banned_group = Group.query.filter(Group.banned == True).first()
self.primary_group = banned_group
self.save()
self.invalidate_cache()
return True
return False
def unban(self):
"""Unbans the user. Returns True upon success."""
if self.get_permissions()['banned']:
member_group = Group.query.filter(Group.admin == False,
Group.super_mod == False,
Group.mod == False,
Group.guest == False,
Group.banned == False).first()
self.primary_group = member_group
self.save()
self.invalidate_cache()
return True
return False
def save(self, groups=None):
"""Saves a user. If a list with groups is provided, it will add those
to the secondary groups from the user.
:param groups: A list with groups that should be added to the
secondary groups from user.
"""
if groups is not None:
# TODO: Only remove/add groups that are selected
with db.session.no_autoflush:
secondary_groups = self.secondary_groups.all()
for group in secondary_groups:
self.remove_from_group(group)
for group in groups:
# Do not add the primary group to the secondary groups
if group == self.primary_group:
continue
self.add_to_group(group)
self.invalidate_cache()
db.session.add(self)
db.session.commit()
return self
def delete(self):
"""Deletes the User."""
db.session.delete(self)
db.session.commit()
return self
class User(db.Model, UserMixin, CRUDMixin):
__tablename__ = "users"
__searchable__ = ['username', 'email']
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String(200), unique=True, nullable=False)
email = db.Column(db.String(200), unique=True, nullable=False)
_password = db.Column('password', db.String(120), nullable=False)
date_joined = db.Column(db.DateTime, default=datetime.utcnow())
lastseen = db.Column(db.DateTime, default=datetime.utcnow())
birthday = db.Column(db.DateTime)
gender = db.Column(db.String(10))
website = db.Column(db.String(200))
location = db.Column(db.String(100))
signature = db.Column(db.Text)
avatar = db.Column(db.String(200))
notes = db.Column(db.Text)
theme = db.Column(db.String(15))
language = db.Column(db.String(15), default="en")
posts = db.relationship("Post", backref="user", lazy="dynamic")
topics = db.relationship("Topic", backref="user", lazy="dynamic")
post_count = db.Column(db.Integer, default=0)
primary_group_id = db.Column(db.Integer,
db.ForeignKey('groups.id'),
nullable=False)
primary_group = db.relationship('Group',
lazy="joined",
backref="user_group",
uselist=False,
foreign_keys=[primary_group_id])
secondary_groups = \
db.relationship('Group',
secondary=groups_users,
primaryjoin=(groups_users.c.user_id == id),
backref=db.backref('users', lazy='dynamic'),
lazy='dynamic')
tracked_topics = \
db.relationship("Topic", secondary=topictracker,
primaryjoin=(topictracker.c.user_id == id),
backref=db.backref("topicstracked", lazy="dynamic"),
lazy="dynamic")
# Properties
@property
def last_post(self):
"""Returns the latest post from the user"""
return Post.query.filter(Post.user_id == self.id).\
order_by(Post.date_created.desc()).first()
@property
def url(self):
"""Returns the url for the user"""
return url_for("user.profile", username=self.username)
@property
def permissions(self):
"""Returns the permissions for the user"""
return self.get_permissions()
@property
def groups(self):
"""Returns user groups"""
return self.get_groups()
@property
def days_registered(self):
"""Returns the amount of days the user is registered."""
days_registered = (datetime.utcnow() - self.date_joined).days
if not days_registered:
return 1
return days_registered
@property
def topic_count(self):
"""Returns the thread count"""
return Topic.query.filter(Topic.user_id == self.id).count()
@property
def posts_per_day(self):
"""Returns the posts per day count"""
return round((float(self.post_count) / float(self.days_registered)), 1)
@property
def topics_per_day(self):
"""Returns the topics per day count"""
return round((float(self.topic_count) / float(self.days_registered)),
1)
# Methods
def __repr__(self):
"""Set to a unique key specific to the object in the database.
Required for cache.memoize() to work across requests.
"""
return "<{} {}>".format(self.__class__.__name__, self.username)
def _get_password(self):
"""Returns the hashed password"""
return self._password
def _set_password(self, password):
"""Generates a password hash for the provided password"""
self._password = generate_password_hash(password)
# Hide password encryption by exposing password field only.
password = db.synonym('_password',
descriptor=property(_get_password, _set_password))
def check_password(self, password):
"""Check passwords. If passwords match it returns true, else false"""
if self.password is None:
return False
return check_password_hash(self.password, password)
@classmethod
def authenticate(cls, login, password):
"""A classmethod for authenticating users
It returns true if the user exists and has entered a correct password
:param login: This can be either a username or a email address.
:param password: The password that is connected to username and email.
"""
user = cls.query.filter(
db.or_(User.username == login, User.email == login)).first()
if user:
authenticated = user.check_password(password)
else:
authenticated = False
return user, authenticated
def _make_token(self, data, timeout):
s = Serializer(current_app.config['SECRET_KEY'], timeout)
return s.dumps(data)
def _verify_token(self, token):
s = Serializer(current_app.config['SECRET_KEY'])
data = None
expired, invalid = False, False
try:
data = s.loads(token)
except SignatureExpired:
expired = True
except Exception:
invalid = True
return expired, invalid, data
def make_reset_token(self, expiration=3600):
"""Creates a reset token. The duration can be configured through the
expiration parameter.
:param expiration: The time in seconds how long the token is valid.
"""
return self._make_token({'id': self.id, 'op': 'reset'}, expiration)
def verify_reset_token(self, token):
"""Verifies a reset token. It returns three boolean values based on
the state of the token (expired, invalid, data)
:param token: The reset token that should be checked.
"""
expired, invalid, data = self._verify_token(token)
if data and data.get('id') == self.id and data.get('op') == 'reset':
data = True
else:
data = False
return expired, invalid, data
def recalculate(self):
"""Recalculates the post count from the user."""
post_count = Post.query.filter_by(user_id=self.id).count()
self.post_count = post_count
self.save()
return self
def all_topics(self, page):
"""Returns a paginated result with all topics the user has created."""
return Topic.query.filter(Topic.user_id == self.id).\
filter(Post.topic_id == Topic.id).\
order_by(Post.id.desc()).\
paginate(page, flaskbb_config['TOPICS_PER_PAGE'], False)
def all_posts(self, page):
"""Returns a paginated result with all posts the user has created."""
return Post.query.filter(Post.user_id == self.id).\
paginate(page, flaskbb_config['TOPICS_PER_PAGE'], False)
def track_topic(self, topic):
"""Tracks the specified topic
:param topic: The topic which should be added to the topic tracker.
"""
if not self.is_tracking_topic(topic):
self.tracked_topics.append(topic)
return self
def untrack_topic(self, topic):
"""Untracks the specified topic
:param topic: The topic which should be removed from the
topic tracker.
"""
if self.is_tracking_topic(topic):
self.tracked_topics.remove(topic)
return self
def is_tracking_topic(self, topic):
"""Checks if the user is already tracking this topic
:param topic: The topic which should be checked.
"""
return self.tracked_topics.filter(
topictracker.c.topic_id == topic.id).count() > 0
def add_to_group(self, group):
"""Adds the user to the `group` if he isn't in it.
:param group: The group which should be added to the user.
"""
if not self.in_group(group):
self.secondary_groups.append(group)
return self
def remove_from_group(self, group):
"""Removes the user from the `group` if he is in it.
:param group: The group which should be removed from the user.
"""
if self.in_group(group):
self.secondary_groups.remove(group)
return self
def in_group(self, group):
"""Returns True if the user is in the specified group
:param group: The group which should be checked.
"""
return self.secondary_groups.filter(
groups_users.c.group_id == group.id).count() > 0
@cache.memoize(timeout=max_integer)
def get_groups(self):
"""Returns all the groups the user is in."""
return [self.primary_group] + list(self.secondary_groups)
@cache.memoize(timeout=max_integer)
def get_permissions(self, exclude=None):
"""Returns a dictionary with all the permissions the user has.
:param exclude: a list with excluded permissions. default is None.
"""
exclude = exclude or []
exclude.extend(['id', 'name', 'description'])
perms = {}
groups = self.secondary_groups.all()
groups.append(self.primary_group)
for group in groups:
for c in group.__table__.columns:
# try if the permission already exists in the dictionary
# and if the permission is true, set it to True
try:
if not perms[c.name] and getattr(group, c.name):
perms[c.name] = True
# if the permission doesn't exist in the dictionary
# add it to the dictionary
except KeyError:
# if the permission is in the exclude list,
# skip to the next permission
if c.name in exclude:
continue
perms[c.name] = getattr(group, c.name)
return perms
def invalidate_cache(self):
"""Invalidates this objects cached metadata."""
cache.delete_memoized(self.get_permissions, self)
cache.delete_memoized(self.get_groups, self)
def ban(self):
"""Bans the user. Returns True upon success."""
if not self.get_permissions()['banned']:
banned_group = Group.query.filter(Group.banned == True).first()
self.primary_group_id = banned_group.id
self.save()
self.invalidate_cache()
return True
return False
def unban(self):
"""Unbans the user. Returns True upon success."""
if self.get_permissions()['banned']:
member_group = Group.query.filter(Group.admin == False,
Group.super_mod == False,
Group.mod == False,
Group.guest == False,
Group.banned == False).first()
self.primary_group_id = member_group.id
self.save()
self.invalidate_cache()
return True
return False
def save(self, groups=None):
"""Saves a user. If a list with groups is provided, it will add those
to the secondary groups from the user.
:param groups: A list with groups that should be added to the
secondary groups from user.
"""
if groups is not None:
# TODO: Only remove/add groups that are selected
secondary_groups = self.secondary_groups.all()
for group in secondary_groups:
self.remove_from_group(group)
db.session.commit()
for group in groups:
# Do not add the primary group to the secondary groups
if group.id == self.primary_group_id:
continue
self.add_to_group(group)
self.invalidate_cache()
db.session.add(self)
db.session.commit()
return self
def delete(self):
"""Deletes the User."""
# This isn't done automatically...
Conversation.query.filter_by(user_id=self.id).delete()
ForumsRead.query.filter_by(user_id=self.id).delete()
TopicsRead.query.filter_by(user_id=self.id).delete()
# This should actually be handeld by the dbms.. but dunno why it doesnt
# work here
from flaskbb.forum.models import Forum
last_post_forums = Forum.query.\
filter_by(last_post_user_id=self.id).all()
for forum in last_post_forums:
forum.last_post_user_id = None
forum.save()
db.session.delete(self)
db.session.commit()
return self
class Conversation(db.Model, CRUDMixin):
__tablename__ = "conversations"
id = db.Column(db.Integer, primary_key=True)
user_id = db.Column(db.Integer,
db.ForeignKey("users.id", ondelete="CASCADE"),
nullable=False)
from_user_id = db.Column(db.Integer,
db.ForeignKey("users.id", ondelete="SET NULL"),
nullable=True)
to_user_id = db.Column(db.Integer,
db.ForeignKey("users.id", ondelete="SET NULL"),
nullable=True)
shared_id = db.Column(UUIDType, nullable=False)
subject = db.Column(db.String(255), nullable=True)
date_created = db.Column(UTCDateTime(timezone=True),
default=time_utcnow,
nullable=False)
date_modified = db.Column(UTCDateTime(timezone=True),
default=time_utcnow,
nullable=False)
trash = db.Column(db.Boolean, default=False, nullable=False)
draft = db.Column(db.Boolean, default=False, nullable=False)
unread = db.Column(db.Boolean, default=False, nullable=False)
messages = db.relationship(
"Message",
lazy="joined",
backref="conversation",
primaryjoin="Message.conversation_id == Conversation.id",
order_by="asc(Message.id)",
cascade="all, delete-orphan")
# this is actually the users message box
user = db.relationship("User",
lazy="joined",
backref=db.backref("conversations", lazy="dynamic"),
foreign_keys=[user_id])
# the user to whom the conversation is addressed
to_user = db.relationship("User", lazy="joined", foreign_keys=[to_user_id])
# the user who sent the message
from_user = db.relationship("User",
lazy="joined",
foreign_keys=[from_user_id])
@property
def first_message(self):
"""Returns the first message object."""
return self.messages[0]
@property
def last_message(self):
"""Returns the last message object."""
return self.messages[-1]
def save(self, message=None):
"""Saves a conversation and returns the saved conversation object.
:param message: If given, it will also save the message for the
conversation. It expects a Message object.
"""
if message is not None:
# create the conversation
self.date_created = time_utcnow()
db.session.add(self)
db.session.commit()
# create the actual message for the conversation
message.save(self)
return self
self.date_modified = time_utcnow()
db.session.add(self)
db.session.commit()
return self
class Forum(db.Model):
__tablename__ = "forums"
id = db.Column(db.Integer, primary_key=True)
category_id = db.Column(db.Integer,
db.ForeignKey("categories.id"),
nullable=False)
title = db.Column(db.String(15), nullable=False)
description = db.Column(db.String(255))
position = db.Column(db.Integer, default=1, nullable=False)
locked = db.Column(db.Boolean, default=False, nullable=False)
show_moderators = db.Column(db.Boolean, default=False, nullable=False)
external = db.Column(db.String(63))
post_count = db.Column(db.Integer, default=0, nullable=False)
topic_count = db.Column(db.Integer, default=0, nullable=False)
# One-to-one
last_post_id = db.Column(db.Integer, db.ForeignKey("posts.id"))
last_post = db.relationship("Post",
backref="last_post_forum",
uselist=False,
foreign_keys=[last_post_id])
# One-to-many
topics = db.relationship("Topic",
backref="forum",
lazy="joined",
cascade="all, delete-orphan")
# Many-to-many
moderators = \
db.relationship("User", secondary=moderators,
primaryjoin=(moderators.c.forum_id == id),
backref=db.backref("forummoderator", lazy="dynamic"),
lazy="joined")
# Properties
@property
def slug(self):
"""Returns a slugified version from the forum title"""
return slugify(self.title)
@property
def url(self):
"""Returns the url for the forum"""
return url_for("forum.view_forum", forum_id=self.id, slug=self.slug)
# Methods
def __repr__(self):
"""Set to a unique key specific to the object in the database.
Required for cache.memoize() to work across requests.
"""
return "<{} {}>".format(self.__class__.__name__, self.id)
def update_last_post(self):
"""Updates the last post. This is useful if you move a topic
in another forum
"""
last_post = Post.query.\
filter(Post.topic_id == Topic.id,
Topic.forum_id == self.id).\
order_by(Post.date_created.desc()).\
first()
# Last post is none when there are no topics in the forum
if last_post is not None:
# a new last post was found in the forum
if not last_post.id == self.last_post_id:
self.last_post_id = last_post.id
# No post found..
else:
self.last_post_id = 0
db.session.commit()
def save(self, moderators=None):
"""Saves a forum"""
if moderators is not None:
for moderator in self.moderators:
self.moderators.remove(moderator)
db.session.commit()
for moderator in moderators:
if moderator:
self.moderators.append(moderator)
db.session.add(self)
db.session.commit()
return self
def delete(self, users=None):
"""Deletes forum. If a list with involved user objects is passed,
it will also update their post counts
:param users: A list with user objects
"""
# Delete the forum
db.session.delete(self)
db.session.commit()
# Delete all entries from the ForumsRead and TopicsRead relation
ForumsRead.query.filter_by(forum_id=self.id).delete()
TopicsRead.query.filter_by(forum_id=self.id).delete()
# Update the users post count
if users:
users_list = []
for user in users:
user.post_count = Post.query.filter_by(user_id=user.id).count()
users_list.append(user)
db.session.add_all(users_list)
db.session.commit()
return self
