def post(self, topic_id):
logged_user = users.get_current_user()
if not logged_user:
return self.write("Please, login first")
csrf_token = self.request.get('csrf-token')
mem_token = memcache.get(key=csrf_token)
if not mem_token or mem_token != logged_user.email():
return self.write("This website is protected against CSRF")
comment = self.request.get('comment')
topic = Topic.get_by_id(int(topic_id))
if not comment:
return self.write("Text field is requiered")
Comment.create(content=comment, user=logged_user, topic=topic)
# new_comment = Comment(
# content = comment,
# author_email = logged_user.email(),
# topic_id = int(topic_id),
# topic_title = Topic.get_by_id(int(topic_id)).title,
# )
#new_comment.put()
return self.redirect_to("topic-details", topic_id=topic_id)
def post(self, topic_id):
current_user = self.request.cookies.get("current-user")
user_email = self.request.cookies.get("user-email")
if not current_user:
return self.write(
"Please login before you're allowed to post a topic.")
# CSRF protection
csrf_token = self.request.get("csrf_token")
csrf_value = memcache.get(csrf_token)
if str(csrf_value) != user_email:
return self.write("You are hecker!")
current_topic = Topic.get_by_id(int(topic_id))
content = self.request.get("get_comment")
new_comment = Comment(content=content,
author_username=current_user,
topic_id=int(topic_id),
topic_title=current_topic.title)
new_comment.put()
if is_local():
time.sleep(0.1)
return self.redirect_to("topic-details", topic_id=int(topic_id))
def post(self, topic_id):
topic = Topic.get_by_id(int(topic_id))
jwt_token = self.get_jwt_token()
payload = self.decode_jwt_token(jwt_token)
user_id = payload.get('user_id')
user = self.user_model.get_by_id(user_id)
json_data = self.request.body
form_values = json.loads(json_data)
comment_key = Comment(
body=cgi.escape(form_values.get('comment')),
author_key=user.key,
topic_key=topic.key, ).put()
# topicのupdatedを更新するためにtopicもput()しておく
topic.put()
json_response = {
'alert': 'コメントを投稿しました。',
'id': comment_key.id(),
}
json_response = json.dumps(json_response)
self.response_json(json_response)
def topic_details(topic_id):
topic = Topic.get_by_id(topic_id=topic_id)
# get current user
session_token = request.cookies.get("session_token")
user = User.get_by_session_token(session_token=session_token)
# START test background tasks TODO: delete this code
if os.getenv('REDIS_URL'):
from tasks import get_random_num
get_random_num()
# END test background tasks
csrf_token = None
if user:
csrf_token = set_csrf_token(username=user.username)
# get comments
comments = Comment.get_comments(topic_id=topic_id)
return render_template("topic/topic_details.html",
topic=topic,
user=user,
csrf_token=csrf_token,
comments=comments)
def post(self, topic_id):
topic = Topic.get_by_id(int(topic_id))
user = users.get_current_user()
if topic.author_email == user.email() or users.is_current_user_admin():
topic.deleted = True
topic.put()
return self.redirect("/")
def get(self, topic_id):
topic = Topic.get_by_id(int(topic_id))
comments = Comment.filter_by_topic(int(topic_id)).order(
Comment.created).fetch()
logged_user = users.get_current_user()
is_subscribed = logged_user and topic.author_email == logged_user.email(
)
if logged_user and not is_subscribed:
# check if user asked to be subscribed
is_subscribed = TopicSubscription.is_user_subscribed(
logged_user, topic)
context = {
"topic":
topic,
"comments":
comments,
"can_delete":
users.is_current_user_admin()
or (logged_user and topic.author_email == logged_user.email()),
"is_subscribed":
is_subscribed,
"user":
logged_user,
}
return self.render_template("topic_details.html",
params=context,
generate_csrf_token=True)
def get(self, topic_id):
topic = Topic.get_by_id(int(topic_id))
return self.write(
json.dumps({
"title": topic.title,
"content": topic.content,
}))
def post(self, topicid):
user = users.get_current_user()
if not user:
return self.write("Please, login before")
csrf_token = self.request.get("paco")
mem_token = memcache.get(key=csrf_token)
if not mem_token:
return self.write("This website es protected")
comment_value = self.request.get("comment")
if "<script>" in comment_value:
return self.write("No Hack script")
if not comment_value:
return self.write("Required")
topic = Topic.get_by_id(int(topicid))
#new_comment = Comment(
# content=comment_value,
# author_email=user.email(),
# topicid=topic.key.id(),
#topic_title=topic.title
#)
#new_comment.put()
Comment.create(content=comment_value, user=user, topic=topic)
return self.redirect_to("topic-detail", topicid=topic.key.id())
def get(self, topic_id):
topic = Topic.get_by_id(int(topic_id))
user = users.get_current_user()
comments = Comment.query(Comment.topic_id == topic.key.id(),
Comment.deleted == False).order(
Comment.created).fetch()
comments_sum = len(comments)
if user:
subscriber = Subscription.query(
Subscription.topic_id == topic.key.id(),
Subscription.deleted == False,
Subscription.subscriber_email == user.email()).get()
else:
subscriber = ""
params = {
"topic": topic,
"comments": comments,
"comments_sum": comments_sum,
"user": user,
"subscriber": subscriber
}
return self.render_template("topic.html", params=params)
def post(self, topic_id):
topic = Topic.get_by_id(int(topic_id))
user = users.get_current_user()
Subscription.delete_sub(topic=topic, subscriber_email=user.email())
return self.redirect_to("topic", topic_id=topic.key.id())
def post(self, topic_id):
if not topic_id:
return self.write(
'Error trying to write a comment into undefined topic!')
topic = Topic.get_by_id(int(topic_id))
logged_user = users.get_current_user()
if not logged_user:
return self.write(
'Please login to be allowed to post a new comment.')
content = self.request.get('comment')
if (not content) or (not content.strip()):
return self.write('Empty comments are not allowed!')
new_comment = Comment.create(
content=content,
user=logged_user,
topic=topic,
)
flash = {
'flash_message': 'Comment added successfully',
'flash_class': 'alert-success',
}
return self.redirect_to('topic-details', topic_id=topic_id, **flash)
def get(self, topic_id):
topic = Topic.get_by_id(int(topic_id))
comments = Comment.query(Comment.topic_id == topic.key.id(),
Comment.deleted == False).count()
return self.write(comments)
def get(self, topic_id):
topic = Topic.get_by_id(int(topic_id))
comments = Comment.query(Comment.topic_id == topic.key.id(), Comment.deleted == False).order(Comment.created).fetch()
params = {"topic": topic, "comments": comments}
return self.render_template_with_csrf("topic_details.html", params=params)
def topic_edit(topic_id):
topic = Topic.get_by_id(topic_id=topic_id)
if request.method == "GET":
return render_template("topic/topic_edit.html", topic=topic)
elif request.method == "POST":
title = request.form.get("title")
text = request.form.get("text")
# get current user (author)
session_token = request.cookies.get("session_token")
user = User.get_by_session_token(session_token=session_token)
# check if user is logged in and user is author
if not user:
return redirect(url_for('auth.login'))
elif topic.author_id != user._id:
return "You are not the author!"
else: # if user IS logged in and current user IS author
Topic.edit_topic(topic_id=topic_id,
updates_dict={
"title": title,
"text": text
})
return redirect(url_for('topic.topic_details', topic_id=topic_id))
def post(self, topic_id):
# Check if there is an user and if it's either an admin or the topic author
user = CustomUser.get_current_user(self)
if not user:
return self.redirect("/")
if not user.is_current_user_admin() and not user.is_author(topic_id):
return self.redirect("/")
if not CSRF.validate_token(self.request.get('csrf_token')):
return self.write("CSRF fail")
# Delete the topic
topic = Topic.get_by_id(int(topic_id))
topic.deleted = True
topic.put()
# Also delete all comments belonging to the topic
comments = Comment.query(Comment.topic_id == int(topic_id)).fetch()
for comment in comments:
comment.deleted = True
comment.put()
return self.redirect("/")
def get(self, topic_id):
user = users.get_current_user()
if user.nickname() in ADMINS or user.nickname() == Topic.get_by_id(
int(topic_id)).author:
args = {}
self.base_args(user, args)
self.render_template("open-topic.html", args)
def is_author(self, topic_id):
current_topic = Topic.get_by_id(int(topic_id))
if (current_topic.user_email == self.str_email):
return True
else:
return False
def post(self, topic_id):
content = cgi.escape(self.request.get("content"))
topic = Topic.get_by_id(int(topic_id))
Comment.create_comment(topic_id, content)
return self.redirect_to("topic-details", topic_id=topic.key.id())
def topic_details(topic_id):
topic = Topic.get_by_id(topic_id=topic_id)
# get current user
session_token = request.cookies.get("session_token")
user = User.get_by_session_token(session_token=session_token)
return render_template("topic_details.html", topic=topic, user=user)
def post(self, topic_id):
user = users.get_current_user()
if not user:
return self.write("You're not logged in.")
text = cgi.escape(self.request.get("comment"))
topic = Topic.get_by_id(int(topic_id))
new_comment = Comment.create(text, user, topic)
return self.redirect_to("topic-details", topic_id=topic.key.id())
def get(self, topic_id):
user=users.get_current_user()
topic = Topic.get_by_id(int(topic_id))
comment=Comment.query(Comment.topic_id==topic.key.id(), Comment.deleted==False).order(Comment.created).fetch()
csrf_token=str(uuid.uuid4())
memcache.add(key=user.email(), value=csrf_token, time=600)
params={"topic": topic, "comments": comment, "csrf_token": csrf_token}
return self.render_template("topic_details.html", params=params)
def post(self, topic_id):
user = users.get_current_user()
topic = Topic.get_by_id(int(topic_id))
if topic.author_email == user.email() or users.is_current_user_admin():
Topic.delete(topic=topic)
return self.redirect_to("main-page")
def post(self, topic_id):
current_topic = Topic.get_by_id(int(topic_id))
current_topic.deleted = True
current_topic.put()
if is_local():
time.sleep(0.1)
return self.redirect_to("main-page")
def post(self, topic_id):
""" save new comment to database """
user = User.logged_in_user()
topic = Topic.get_by_id(int(topic_id))
content = self.request.get('content')
Comment.create(content, user, topic)
return self.redirect_to('topic-details', topic_id=int(topic_id))
def post(self, topic_id):
topic = Topic.get_by_id(int(topic_id))
user = users.get_current_user()
#check if the user is admin or author otherwise can't delete
if topic.user_email == user.email() or users.is_current_user_admin():
topic.deleted = True
topic.put()
return self.redirect('/')
def get(self, topicid):
topic_value = Topic.get_by_id(int(topicid))
comment = Comment.query(Comment.topicid == topic_value.key.id(), Comment.deleted == False).order(Comment.created).fetch()
csrf_token = str(uuid.uuid4())
memcache.add(key=csrf_token, value=True, time=600)
context = {"topic": topic_value, "comment": comment, "csrf_token": csrf_token}
return self.render_template("detail.html", params=context)
def get(self, details_id):
comments = Comment.query().fetch()
topic = Topic.get_by_id(int(details_id))
output = {
"topic": topic,
"comments": comments
}
return self.render_template("topic_details.html", output)
def get(self, topic_id):
topic = Topic.get_by_id(int(topic_id))
context = {
"topic": topic,
}
return self.render_template_with_csrf("topic_subscribe.html",
params=context)
def post(self, comment_id):
comment = Comment.get_by_id(int(comment_id))
comment.deleted = True
comment.put()
topic = Topic.get_by_id(comment.the_topic_id)
topic.num_comments -= 1
topic.put()
self.redirect("/topic/" + str(comment.the_topic_id))
def post(self, topic_id):
user = users.get_current_user()
text = self.request.get('comment-text')
topic = Topic.get_by_id(int(topic_id))
Comment.create(content=text, user=user, topic=topic)
return self.redirect_to("topic-details", topic_id=topic.key.id())
def post(self, topic_id):
user = users.get_current_user()
topic = Topic.get_by_id(int(topic_id))
new_subscription = Subscription(email=user.email(),
topic_id=topic.key.id())
# subscriptions = Subscription.query().fetch()
new_subscription.put()
return self.redirect_to("topic-details", topic_id=topic.key.id())
def post(self, topic_id):
topic = Topic.get_by_id(int(topic_id))
topic.title = self.request.get("title")
topic.content = self.request.get("content")
topic.tags = self.request.get("all-tags").split(",")
topic.updated = datetime.datetime.now()
topic.updated_by = users.get_current_user().nickname()
topic.put()
self.redirect("/topic/" + str(topic_id))
def post(self, topic_id):
user = users.get_current_user()
author = user.nickname()
content = self.request.get("content")
post_comment = self.request.get("post-comment")
subscribe_button = self.request.get("subscribe-button")
if post_comment:
if content:
comment = Comment.create(author, content, int(topic_id))
Topic.add_comment(int(topic_id), comment.created, comment.author)
the_user = ""
for usr in User.query(User.email == user.email()).fetch():
the_user = usr
topic = Topic.get_by_id(int(topic_id))
subscriber_query = topic.subscribers
for email in subscriber_query:
if email != user.email(): # don't send email update to the author of the comment
email_new_comment(the_user.first_name, Topic.get_by_id(int(topic_id)).title, str(topic_id), email)
self.redirect('/topic/' + str(topic_id))
else:
self.redirect('/topic/' + str(topic_id))
elif subscribe_button:
topic = Topic.get_by_id(int(topic_id))
user = users.get_current_user()
user_email = user.email()
if user_email in topic.subscribers:
topic.subscribers.remove(user_email)
else:
topic.subscribers.append(user_email)
topic.put()
self.redirect("/topic/" + str(topic_id))
def get(self, topic_id):
user = users.get_current_user()
topic = Topic.get_by_id(int(topic_id))
if user.nickname() in ADMINS or user.nickname() == topic.author:
args = {}
args["topic_title"] = topic.title
args["topic_content"] = topic.content
args["tags"] = topic.tags
self.base_args(user, args)
self.render_template("edit-topic.html", args)
else:
self.redirect('/topic/' + topic_id)
def get(self, topic_id):
user = users.get_current_user()
args = {}
topic = Topic.get_by_id(int(topic_id))
args["topic"] = topic
if user:
if user.nickname() in ADMINS:
args["admin"]=True
if user.email() in topic.subscribers:
args["subscribed"] = True
self.base_args(user, args)
args["comments"] = Comment.query(Comment.deleted==False, Comment.the_topic_id==int(topic_id)).order(Comment.created).fetch()
self.render_template("topic.html", args)
def post(self, topic_id):
topic = Topic.get_by_id(int(topic_id))
topic.closed=False
topic.put()
self.redirect("/topic/" + topic_id)
def post(self, topic_id):
topic = Topic.get_by_id(int(topic_id))
topic.deleted = True
topic.put()
self.redirect("/")
def get(self, topic_id):
user = users.get_current_user()
if user.nickname() in ADMINS or user.nickname() == Topic.get_by_id(int(topic_id)).author:
args = {}
self.base_args(user, args)
self.render_template("open-topic.html", args)
