def get_publish(self, document, group): document = Document.get_by_id(document) if not document: raise HttpErrorException.bad_request('invalid document id') if not document.has_permission_read(self.user): raise HttpErrorException.forbidden() group = Group.get_by_id(group) if not group: raise HttpErrorException.bad_request('invalid group id') self.project = document.project.get() version = self.request.get('v', 'latest') pub = PublishDocument.get(document, group, version) if not pub: raise HttpErrorException.not_found() if pub.group not in self.user.groups and pub.group != Group.get_worldshare_key( ): raise HttpErrorException.forbidden() self._create_analytic_session() self.project.record_analytic('pro_opn', self.analytic_session) template_index = JINJA_ENVIRONMENT.get_template('document_public.html') return template_index.render({ 'title': self.project.title, 'version': pub.version, 'created_at': pub.created_ts, 'published_to': pub.group.get().name, 'an_token': self.analytic_session.key.id(), 'project_id': self.project.id, 'html': pub.html, })
def put(self, user=None): gc = GlobalConfig.get_configs() if not gc.allow_user_registration: self.redirect('/register/disabled/', abort=True) if self.json_request.get('organization'): return HttpErrorException.forbidden() User.new(self.json_request, request=self.request, worldshare_group=Group.get_worldshare_key()) creds = GenericCredentials(self.json_request.get('username'), self.json_request.get('password')) if not creds.authenticate(): raise HttpErrorException.bad_request('faild to authinicate') session = login(self.request, creds, User) self.response.set_cookie('auth_user', base64.b64encode(creds.username)) self.response.set_cookie('user', creds.username) self.response.set_cookie('auth_token', session.token)
def put(self, user_id=None): if not self.user.is_admin: lr = tt_logging.construct_log( msg_short='Non-Admin User Try Create New User', msg='User (%s) attemped to create a new user' % (self.user.key.id()), log_type=tt_logging.SECURITY, request_user=self.user, request=self.request ) log.warning(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.forbidden() if self.json_request.get('username'): org = None if self.json_request.get('organization'): org = Organization.get_by_id(self.json_request.get('organization')) User.new(self.json_request, verify_email=False, request=self.request, worldshare_group=Group.get_worldshare_key(), organization=org)