def delete_my_account(self):
if hasattr(self, 'form_result'):
h.flash(_('Your account has been successfully removed!'))
c.user.delete_user()
meta.Session.commit()
redirect(url(controller='home', action='logout'))
redirect(url(controller='profile', action='login_settings'))
def feed_rss(self):
q = db.session.query(Dataset)
if not (c.account and c.account.admin):
q = q.filter_by(private=False)
feed_items = q.order_by(Dataset.created_at.desc()).limit(20)
items = []
for feed_item in feed_items:
items.append({
'title': feed_item.label,
'pubdate': feed_item.updated_at,
'link': url(controller='dataset', action='view',
dataset=feed_item.name, qualified=True),
'description': feed_item.description,
'author_name': ', '.join([person.fullname for person in
feed_item.managers if
person.fullname]),
})
feed = Rss201rev2Feed(_('Recently Created Datasets'), url(
controller='home', action='index', qualified=True),
_('Recently created datasets in the OpenSpending Platform'),
author_name='Openspending')
for item in items:
feed.add_item(**item)
sio = StringIO()
feed.write(sio, 'utf-8')
response.content_type = 'application/xml'
return sio.getvalue()
def create_comment(self):
content = None
node = None
if 'comment' in request.params:
content = request.params['comment']
if not content:
return redirect(
url(controller='nodes', action='show', id=id))
if 'node' in request.params:
id = request.params['node']
node = Session.query(Node)\
.filter(Node.id == id).first()
if node:
if not node.comments:
node.comments = []
comment = NodeComment()
comment.node_id = id
user = Session.query(User).filter(
User.id == session['active_user']['user_id']).first()
comment.user_id = session['active_user']['user_id']
comment.description = content
node.comments.append(comment)
Session.add(node)
Session.add(comment)
Session.commit()
return redirect(url(controller='nodes', action='show', id=id))
def test_new_wrong_user(self):
# First we add a Dataset with user 'test_new'
user = Account.by_name('test_new')
assert user.api_key == 'd0610659-627b-4403-8b7f-6e2820ebc95d'
u = url(controller='api/version2', action='create')
params = {
'metadata':
'https://dl.dropbox.com/u/3250791/sample-openspending-model.json',
'csv_file':
'http://mk.ucant.org/info/data/sample-openspending-dataset.csv'
}
apikey_header = 'apikey {0}'.format(user.api_key)
response = self.app.post(u, params, {'Authorization': apikey_header})
assert "200" in response.status
assert Dataset.by_name('openspending-example') is not None
# After that we try to update the Dataset with user 'test_new2'
user = Account.by_name('test_new2')
assert user.api_key == 'c011c340-8dad-419c-8138-1c6ded86ead5'
u = url(controller='api/version2', action='create')
params = {
'metadata':
'https://dl.dropbox.com/u/3250791/sample-openspending-model.json',
'csv_file':
'http://mk.ucant.org/info/data/sample-openspending-dataset.csv'
}
apikey_header = 'apikey {0}'.format(user.api_key)
response = self.app.post(u, params, {'Authorization': apikey_header},
expect_errors=True)
assert '403' in response.status
def image(image):
if image.unauthenticated_access:
http_url = url('get_raw_by_user', user=image.owner.user_name,
image=image.name, hypervisor='__hypervisor__', protocol='http')
else:
http_url = None
return {'uuid':image.uuid,
'name':image.name,
'owner_user_name':image.owner.user_name,
'owner':url('user', user=image.owner.user_name, qualified=True),
'uploaded':ctime_or_none(image.uploaded),
'modified':ctime_or_none(image.modified),
'expires':ctime_or_none(image.expires),
'checksum':{'type':image.checksum.ctype, 'value':image.checksum.cvalue},
'os_variant':image.os_variant,
'os_type':image.os_type,
'os_arch':image.os_arch,
'hypervisor':image.hypervisor,
'description':image.description,
'read_only':image.read_only,
'unauthenticated_access':image.unauthenticated_access,
'http_file_url':http_url,
'raw_file_uploaded':image.raw_uploaded,
'version':image.version,
'size':image.size,
'file_url':url('get_raw_by_user', user=image.owner.user_name,
image=image.name, hypervisor='__hypervisor__', qualified=True),
'shared_with':{'groups':[url('group', group=g.name, qualified=True)
for g in image.shared.groups],
'users':[url('user', user=u.user_name, qualified=True)
for u in image.shared.users], },
}
def login_validate(self):
if (c.userid != "false"):
redirect(url('/users/login?m=2'))
session['logged_in'] = True
session.save()
if request.method == 'POST':
loginform = LoginForm(request.POST)
if loginform.is_valid():
userid = authenticate_user(loginform.cleaned_data['email'], \
loginform.cleaned_data['password'])
if (userid != "invalid" ):
session['userid'] = userid
session.save()
print session['userid']
c.login = "******"
print loginform.cleaned_data['redirect']
if request.POST['redirect']=='null':
redirect(url('/'))
else:
redirect(url(str(loginform.cleaned_data['redirect'])))
else:
c.login = "******"
c.form = LoginForm(request.POST)
return render("/users/login.mako")
else:
c.form = LoginForm(request.POST)
return render("/users/login.mako")
redirect(url('/'))
def support(self):
if not c.user:
redirect(url(controller='home',
action='login',
came_from=url(controller='profile', action='support'),
context_type='support'))
return render('/profile/support.mako')
def rss(self, repo_name):
"""Produce an rss2 feed via feedgenerator module"""
feed = Rss201rev2Feed(
title=self.title % repo_name,
link=url('summary_home', repo_name=repo_name,
qualified=True),
description=self.description % repo_name,
language=self.language,
ttl=self.ttl
)
for cs in reversed(list(c.rhodecode_repo[-self.feed_nr:])):
desc_msg = []
desc_msg.append('%s - %s<br/><pre>' % (cs.author, cs.date))
desc_msg.append(self.__changes(cs))
feed.add_item(title=self._get_title(cs),
link=url('changeset_home', repo_name=repo_name,
revision=cs.raw_id, qualified=True),
author_name=cs.author,
description=''.join(desc_msg),
)
response.content_type = feed.mime_type
return feed.writeString('utf-8')
def land_fb(self):
fb_user = facebook.get_user_from_cookie(request.cookies,
config['facebook.appid'], config['facebook.secret'])
if not fb_user or 'uid' not in fb_user or 'access_token' not in fb_user:
h.flash(_("Failed to link Facebook account"))
redirect(url('frontpage'))
facebook_id = int(fb_user['uid'])
fb_access_token = fb_user['access_token']
registration = meta.Session.query(UserRegistration).\
filter_by(completed=False, facebook_id=facebook_id).first()
if registration is None:
h.flash(_("Your invitation has expired."))
redirect(url('frontpage'))
name, email = self._facebook_name_and_email(facebook_id, fb_access_token)
if not email:
h.flash(_("Facebook did not provide your email address."))
redirect(url('frontpage'))
registration.fullname = name
registration.email = registration.facebook_email = email
registration.email_confirmed = True
registration.update_logo_from_facebook()
meta.Session.commit()
redirect(registration.url(action='university_info'))
def welcome(self):
identity = request.environ.get("repoze.who.identity")
came_from = request.params.get('came_from') or "/"
came_from = unquote(came_from)
came_from = unquote(came_from)
came_from = unquote(came_from)
came_from = str(came_from)
if identity:
# Login succeeded
userid = identity['repoze.who.userid']
#user_det = get_mediator_details(userid)
#if user_det['name']:
# session['user_name'] = user_det['name']
#if user_det['uri']:
# session['user_uri'] = str(user_det['uri'])
session['user_id'] = userid
session.save()
return redirect(url(came_from))
else:
# Login failed
try:
login_counter = request.environ['repoze.who.logins'] + 1
except:
login_counter = 0
destination = "/login?came_from=%s&logins=%s" % (came_from, login_counter)
return redirect(url(destination))
def make_request(
self,
controller,
action,
method='GET',
params=None,
headers=None,
cookies=None,
):
"""
Makes a request using WebTest app self.app
"""
assert controller and action
assert method in ['GET', 'POST']
# Clear state (e.g. cookies)
self.app.reset()
if cookies:
for key in cookies:
TestController.set_cookie(self.app, key, cookies[key])
if method == 'GET':
return self.app.get(
url(controller=controller, action=action),
params=params,
headers=headers,
)
else:
return self.app.post(
url(controller=controller, action=action),
params=params,
headers=headers,
)
def logout(self):
'''
This action deletes the cookie and redirects to the
/openid/status to show the login status
If the logout is called in the context of an openid authentication,
the user is already logged in as a different user. In this case we
forward to the /openid/login page after the logout was made.
Another option for the openid authentication context would be to
redirect to the return_to url by setting
redirect_to = params["openid.return_to"]
p["openid.mode"] = "setup_needed"
which advises the openid relying party to restart the login process.
'''
response.delete_cookie(COOKIE_NAME)
params = {}
params.update(request.params)
p = {}
## are we are called during an openid auth request?
if "openid.return_to" in params:
redirect_to = "/openid/login"
p.update(params)
do_redirect = url(str("%s?%s" % (redirect_to, urlencode(p))))
else:
redirect_to = "/openid/status"
do_redirect = url(str("%s?%s" % (redirect_to, urlencode(p))))
redirect(do_redirect)
def register(self):
name = request.POST.get('name')
email = request.POST.get('email')
location_id = request.POST.get('location_id')
accept_terms = request.POST.get('accept_terms')
person = request.POST.get('person')
c.universities = self._universities(limit=12)
c.all_universities = self._universities()
# checks if email, name, person are not empty
if not email or not name or not person or accept_terms != '1':
redirect(url('frontpage'))
# redirect to login if user is already registered
if User.get_all(email):
redirect(url(controller='home', action='login', email=email))
# otherwise we validate the form properly
try:
self.form_result = RegistrationForm().to_python(request.POST)
except validators.Invalid, e:
return htmlfill.render(self._sign_up_form(),
defaults=request.POST,
errors=e.error_dict,
error_formatters=u_error_formatters)
def login(self):
"login"
if request.remote_addr in session:
if session[request.remote_addr] > now():
abort(409, _('You have been banned after'
' several failed logins'))
else:
del session[request.remote_addr]
session.save()
identity = request.environ.get('repoze.who.identity')
came_from = unquote(str(request.GET.get('came_from', '')))
if not came_from or ' ' in came_from:
came_from = url('home')
if '://' in came_from:
from_url = urlparse(came_from)
came_from = from_url[2]
if identity:
redirect(url(came_from))
else:
c.came_from = came_from
c.login_counter = request.environ['repoze.who.logins']
if c.login_counter >= 3:
ban_until = now() + timedelta(minutes=5)
if request.remote_addr not in session:
session[request.remote_addr] = ban_until
session.save()
else:
if now() > session[request.remote_addr]:
del session[request.remote_addr]
session.save()
c.form = ResetPwForm(request.POST, csrf_context=session)
return render('/accounts/login.html')
def loggedout(self):
"Logged out page"
session.clear()
session.save()
came_from = (unquote(str(request.params.get('came_from', '')))
or url('/accounts/login'))
redirect(url(came_from))
def delete(self, userid):
"""/accounts/delete/id"""
user = self._get_user(userid)
if not user:
abort(404)
c.form = EditUserForm(request.POST, user, csrf_context=session)
del c.form.domains
if request.POST and c.form.validate():
username = user.username
user_id = unicode(user.id)
Session.delete(user)
Session.commit()
update_serial.delay()
flash(_('The account has been deleted'))
info = DELETEACCOUNT_MSG % dict(u=username)
audit_log(c.user.username,
4, unicode(info), request.host,
request.remote_addr, now())
if userid == user_id:
redirect(url('/logout'))
redirect(url(controller='accounts', action='index'))
else:
flash_info(_('The account: %(a)s and all associated data'
' will be deleted, This action is not reversible.') %
dict(a=user.username))
c.fields = FORM_FIELDS
c.id = userid
return render('/accounts/delete.html')
def authenticate(self):
user = User()
user.login = request.POST["login"]
user.password = request.POST["password"]
try:
user.exists()
except UserDoesntExistsException:
flash(u"Niepoprawne dane autoryzacyjne. Sprawdź swój login i hasło.", "error")
return redirect(url(controller="users", action="login"))
user = User.query.filter(User.login == request.POST["login"]).first()
flash(u"Witamy w systemie")
try:
session["user"] = {"id": user.id, "login": user.login}
groups = []
for group in user.groups:
groups.append(str(group.name).lower())
session["user"].update({"groups": groups})
except KeyError:
pass
else:
session.save()
return redirect(url("/"))
def submit(self):
"""
Verify username and password
"""
# Both fields filled?
form_username = str(request.params.get("username"))
form_password = str(request.params.get("password"))
m = hashlib.md5()
m.update(form_password)
passhash = m.hexdigest()
# Get user data from database
if app_globals.rpcservice.check_admin(form_username, passhash):
# Mark admin as logged in
session["user"] = form_username
session["passhash"] = passhash
session.save()
return redirect(url(controller="syncuser", action="index"))
if app_globals.rpcservice.check_user(form_username, passhash):
# Mark user as logged in
session["user"] = form_username
session["passhash"] = passhash
session.save()
return redirect(url(controller="account"))
return redirect(url.current(action="invalid"))
def update_perms(self, group_name):
"""
Update permissions for given repository group
:param group_name:
"""
c.repo_group = RepoGroupModel()._get_repo_group(group_name)
valid_recursive_choices = ['none', 'repos', 'groups', 'all']
form_result = RepoGroupPermsForm(valid_recursive_choices)().to_python(request.POST)
if not c.authuser.is_admin:
if self._revoke_perms_on_yourself(form_result):
msg = _('Cannot revoke permission for yourself as admin')
h.flash(msg, category='warning')
return redirect(url('edit_repo_group_perms', group_name=group_name))
recursive = form_result['recursive']
# iterate over all members(if in recursive mode) of this groups and
# set the permissions !
# this can be potentially heavy operation
RepoGroupModel()._update_permissions(c.repo_group,
form_result['perms_new'],
form_result['perms_updates'],
recursive)
#TODO: implement this
#action_logger(self.authuser, 'admin_changed_repo_permissions',
# repo_name, self.ip_addr, self.sa)
Session().commit()
h.flash(_('Repository Group permissions updated'), category='success')
return redirect(url('edit_repo_group_perms', group_name=group_name))
def process(self, entity_type = '1', id=None):
if not h.auth.is_logged_in():
abort(401)
if not h.auth.is_admin():
abort(403)
q = request.params.get('q', None)
label = request.params.get('label', None)
sep_dir = request.params.get('sep_dir', None)
action = request.params.get('action', None)
type = request.params.get("entity_type", '1')
if type == '1':
redirect(url(controller='idea', action='process', q = q, label = label, sep_dir = sep_dir, action2 = action), code=303)
elif type == '3':
print "hi der m tryin to process ur thinker"
redirect(url(controller = 'thinker', action='process', q = q, label = label, sep_dir = sep_dir, action2 = action), code=303)
elif type == '4':
print "hi der m tryin to process ur journal"
redirect(url(controller = 'journal', action='process', q = q, label = label, sep_dir = sep_dir, action2 = action), code=303)
elif type == '5':
print "hi der m tryin to process ur work"
redirect(url(controller = 'work', action='process', q = q, label = label, sep_dir = sep_dir, action2 = action), code=303)
elif type == '6':
print "hi der m tryin to process ur school_of_thought"
redirect(url(controller = 'school_of_thought', action='process', q = q, label = label, sep_dir = sep_dir, action2 = action), code=303)
def job_insert(self):
if (c.userid == "false"):
redirect(url('/users/login?m=1'))
#extra_questions = get_questions(request)
#form = UserCreationForm(request.POST or None, extra=extra_questions)
if request.method == 'POST':
appname = request.POST['appname']
if (appname =='tophatfusion'):
c.form = tophatfusionForm(request.POST,request.POST )
elif (appname =='bfast') :
c.form = bfastForm(request.POST,request.POST )
elif (appname =='chipseq') :
c.form = chipseqForm(request.POST,request.POST )
if c.form.is_valid():
#add using job queue
jobid =add_job(c.userid)
for key in c.form.cleaned_data:
print "key", key
print "value", c.form.cleaned_data[key]
newjobinfo = model.jobinfo()
newjobinfo.key = key
newjobinfo.value = c.form.cleaned_data[key]
newjobinfo.submitted_time = time.asctime()
newjobinfo.jobid = jobid
add_jobinfo(newjobinfo)
update_job_status(jobid, str(JOBSTATES.NEW))
redirect(url('/ngs/job_table_view?m=1&id=' + str(jobid) ))
else:
return render('/forms/chipseq_form.mako')
def test_aggregate_order(self):
def unique(seq):
result = []
for item in seq:
if item not in result:
result.append(item)
return result
response = self.app.get(url(controller='api/version2',
action='aggregate',
dataset='cra', order='year:asc',
drilldown='year'))
assert response.status == '200 OK'
result = json.loads(response.body)
order = [cell['year'] for cell in result['drilldown']]
expected_result = map(unicode, [2003, 2004, 2005, 2006, 2007,
2008, 2009, 2010])
assert unique(order) == expected_result
response = self.app.get(url(controller='api/version2',
action='aggregate',
dataset='cra', order='year:desc',
drilldown='year'))
assert response.status == '200 OK'
result = json.loads(response.body)
order = [cell['year'] for cell in result['drilldown']]
expected_result = map(unicode, [2010, 2009, 2008, 2007, 2006,
2005, 2004, 2003])
assert unique(order) == expected_result
def public_journal_rss(self):
"""
Produce an rss2 feed via feedgenerator module
"""
c.following = self.sa.query(UserFollowing)\
.filter(UserFollowing.user_id == self.rhodecode_user.user_id)\
.options(joinedload(UserFollowing.follows_repository))\
.all()
journal = self._get_journal_data(c.following)
feed = Rss201rev2Feed(title=self.title % 'rss',
link=url('public_journal_rss', qualified=True),
description=_('Public journal'),
language=self.language,
ttl=self.ttl)
for entry in journal[:self.feed_nr]:
#tmpl = h.action_parser(entry)[0]
action, action_extra = h.action_parser(entry, feed=True)
title = "%s - %s %s" % (entry.user.short_contact, action,
entry.repository.repo_name)
desc = action_extra()
feed.add_item(title=title,
pubdate=entry.action_date,
link=url('', qualified=True),
author_email=entry.user.email,
author_name=entry.user.full_contact,
description=desc)
response.content_type = feed.mime_type
return feed.writeString('utf-8')
def delete(self, group_name):
"""DELETE /repos_groups/group_name: Delete an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="DELETE" />
# Or using helpers:
# h.form(url('repos_group', group_name=GROUP_NAME),
# method='delete')
# url('repos_group', group_name=GROUP_NAME)
gr = c.repos_group = ReposGroupModel()._get_repo_group(group_name)
repos = gr.repositories.all()
if repos:
h.flash(_('This group contains %s repositores and cannot be '
'deleted') % len(repos), category='warning')
return redirect(url('repos_groups'))
children = gr.children.all()
if children:
h.flash(_('This group contains %s subgroups and cannot be deleted'
% (len(children))), category='warning')
return redirect(url('repos_groups'))
try:
ReposGroupModel().delete(group_name)
Session().commit()
h.flash(_('Removed repository group %s') % group_name,
category='success')
#TODO: in future action_logger(, '', '', '', self.sa)
except Exception:
log.error(traceback.format_exc())
h.flash(_('Error occurred during deletion of repository group %s')
% group_name, category='error')
return redirect(url('repos_groups'))
def _process_contact(self):
# Validate secure_form's (CSRF protection) token
if not (request.params.get(secure_form.token_key) == secure_form.authentication_token()):
abort (403, detail=u'Not permitted (possible CSRF attack)')
# If cancelled, dont do anything
if request.params.get('op') != 'Submit':
session.pop('contactform.errors', None)
session.pop('contactform.values', None)
return url(controller='contactform', action='nevermind')
# Validate form fields ...
schema = ContactForm()
try:
fields = schema.to_python(dict(request.params))
session.pop('contactform.errors', None)
session.pop('contactform.values', None)
self._save_contact(fields, schema)
return url(controller='contactform', action='thanks')
except formencode.Invalid, ex:
session.update({
'contactform.errors': ex.error_dict,
'contactform.values': ex.value,
})
return url(controller='contactform', action='contact')
def test_give_badge_form(self):
"""
Test if badge giving form is only present for admin users on about
page. Only administrators should see a form to award a badge on the
about page for a given dataset.
"""
# Get badge create url
badge_give_url = url(controller='badge', action='give',
dataset=self.dataset.name)
# Check for non-users (visitors/guests)
response = self.app.get(url(controller='dataset', action='about',
dataset=self.dataset.name))
assert badge_give_url not in response.body, \
"URL to give dataset a badge is in about page for non-users"
# Check for normal users
response = self.app.get(url(controller='dataset', action='about',
dataset=self.dataset.name),
extra_environ={'REMOTE_USER': '******'})
assert badge_give_url not in response.body, \
"URL to give dataset a badge is in about page for normal users"
response = self.app.get(url(controller='dataset', action='about',
dataset=self.dataset.name),
extra_environ={'REMOTE_USER': '******'})
assert badge_give_url in response.body, \
"URL to give dataset a badge isn't in about page for admins"
def test_create_badge_form(self):
"""
Test to see if create badge form is present on badge index page.
The test should only be available to administrators. For this we
check whether badge creation url is present on the html sites.
"""
# Get badge create url
create_url = url(controller='badge', action='create')
# Check for non-users (visitors/guests)
response = self.app.get(url(controller='badge', action='index'))
assert create_url not in response.body, \
"URL to create a badge is present in badge index for non-users"
# Check for normal users
response = self.app.get(url(controller='badge', action='index'),
extra_environ={'REMOTE_USER': '******'})
assert create_url not in response.body, \
"URL to create a badge is present in badge index for normal users"
response = self.app.get(url(controller='badge', action='index'),
extra_environ={'REMOTE_USER': '******'})
assert create_url in response.body, \
"URL to create a badge is not present in badge index for admins"
def delete(self, repo_name):
"""DELETE /repos/repo_name: Delete an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="DELETE" />
# Or using helpers:
# h.form(url('repo_settings_delete', repo_name=ID),
# method='delete')
# url('repo_settings_delete', repo_name=ID)
repo_model = RepoModel()
repo = repo_model.get_by_repo_name(repo_name)
if not repo:
h.not_mapped_error(repo_name)
return redirect(url('home'))
try:
action_logger(self.rhodecode_user, 'user_deleted_repo',
repo_name, self.ip_addr, self.sa)
repo_model.delete(repo)
invalidate_cache('get_repo_cached_%s' % repo_name)
h.flash(_('deleted repository %s') % repo_name, category='success')
Session().commit()
except Exception:
log.error(traceback.format_exc())
h.flash(_('An error occurred during deletion of %s') % repo_name,
category='error')
return redirect(url('admin_settings_my_account', anchor='my'))
def login_validate(self):
if (c.userid != "false"):
redirect(url('/users/login?m=2'))
session['logged_in'] = True
session.save()
if request.method == 'POST':
c.form = LoginForm(request.POST)
if c.form.is_valid():
userid = authenticate_user(c.form.cleaned_data['email'], \
c.form.cleaned_data['password'])
print "hellooooo", c.form.cleaned_data['email'], c.form.cleaned_data['password']
if (userid != "invalid" ):
session['userid'] = userid
session.save()
print session['userid']
redirect(url('/'))
c.login = "******"
else:
c.login = "******"
else:
c.form = LoginForm(request.POST)
return render("/users/login.mako")
def post_edit_statement(self, id):
if not c.user:
# should not happen therefore no c.returnTo
redirect(url(controller='login', action='signin', id=id))
query = meta.Session.query(model.Statement)
thesis = query.filter_by(id=id).first().attachTrueFalseCount()
if not c.user.allow_edit(thesis):
raise Exception('no you dont')
newMsg = request.params.get('msg')
if len(stripMarkup(newMsg)) > int(statement_length):
h.flash(_("Error: Only %s characters are allowed!") % statement_length)
c.previousMessage = newMsg
return self.edit_statement(id)
thesis.message = newMsg
meta.Session.commit()
search.update_index(thesis)
redirect(url(controller, 'statements', action='show', id=id))
def create(self):
student = Session.query(model.Users).filter_by(
email=request.environ['REMOTE_USER']).first()
print(request.environ['REMOTE_USER'])
print("Email la : ")
print(student)
course_id = request.params['code']
course = Session.query(model.Course).filter_by(code=course_id).first()
if not course:
abort(404, '404 Course Not Found')
register = Session.query(model.association_table).filter_by(
user_id=student.id, course_id=course_id).first()
if register:
print('Da dang ki tu truoc')
else:
student.courses.append(course)
Session.commit()
return redirect(
url(controller='students', action='show', id=student.id))
def test_search_expand_facet_dimensions(self):
response = self.app.get(
url(controller='api/version2',
action='search',
dataset='cra',
pagesize=0,
facet_field="from|to.name",
expand_facet_dimensions="1"))
result = json.loads(response.body)
hra = {
"taxonomy": "from",
"description": "",
"id": 5,
"name": "999",
"label": "ENG_HRA"
}
assert result['facets']['from'][0][0] == hra
assert result['facets']['to.name'][0][0] == 'society'
def __before__(self):
super(BaseRepoController, self).__before__()
if c.repo_name:
dbr = c.rhodecode_db_repo = Repository.get_by_repo_name(c.repo_name)
c.rhodecode_repo = c.rhodecode_db_repo.scm_instance
# update last change according to VCS data
dbr.update_changeset_cache(dbr.get_changeset())
if c.rhodecode_repo is None:
log.error('%s this repository is present in database but it '
'cannot be created as an scm instance', c.repo_name)
redirect(url('home'))
# some globals counter for menu
c.repository_followers = self.scm_model.get_followers(dbr)
c.repository_forks = self.scm_model.get_forks(dbr)
c.repository_pull_requests = self.scm_model.get_pull_requests(dbr)
c.repository_following = self.scm_model.is_following_repo(c.repo_name,
self.rhodecode_user.user_id)
def create(self):
"""Insert new Category data into database.
"""
category = model.SyntacticCategory()
category.name = h.NFD(self.form_result['name'])
category.description = h.NFD(self.form_result['description'])
# Enter the data
meta.Session.add(category)
meta.Session.commit()
# Update the syncats variable in app_globals
tags = h.getSecondaryObjects(['syncats'])
app_globals.syncats = tags['syncats']
# Issue an HTTP redirect
response.status_int = 302
response.headers['location'] = url(controller='category',
action='view',
id=category.id)
return "Moved temporarily"
def mailq_detail(self, queueid):
"View a queued message's details"
query = Session.query(MailQueueItem)
uquery = UserFilter(Session, c.user, query, model=MailQueueItem)
query = uquery.filter()
try:
mailqitem = query.filter(MailQueueItem.id == queueid).one()
except NoResultFound:
# abort(404)
flash_alert(_('The requested queued message was not found.'))
redirect(url('mailq-status'))
c.mailqitem = mailqitem
c.form = MailQueueProcessForm(request.POST, csrf_context=session)
session['queue_choices'] = [
(queueid, queueid),
]
session.save()
return self.render('/status/detail.html')
def add(self):
"""/accounts/new"""
c.form = AddUserForm(request.POST, csrf_context=session)
if c.user.is_domain_admin:
account_types = (('3', 'User'), )
c.form.account_type.choices = account_types
c.form.domains.query = Session.query(Domain).join(dom_owns,
(oas, dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)
else:
c.form.domains.query = Session.query(Domain)
if request.POST and c.form.validate():
try:
user = User(username=c.form.username.data,
email=c.form.email.data)
for attr in [
'firstname', 'lastname', 'email', 'active',
'account_type', 'send_report', 'spam_checks',
'low_score', 'high_score', 'timezone'
]:
setattr(user, attr, getattr(c.form, attr).data)
user.local = True
user.set_password(c.form.password1.data)
if int(user.account_type) == 3:
user.domains = c.form.domains.data
Session.add(user)
Session.commit()
update_serial.delay()
info = ADDACCOUNT_MSG % dict(u=user.username)
audit_log(c.user.username, 3, info, request.host,
request.remote_addr, now())
flash(
_('The account: %(user)s was created successfully') %
{'user': c.form.username.data})
redirect(url('account-detail', userid=user.id))
except IntegrityError:
Session.rollback()
flash_alert(
_('Either the username or email address already exist'))
return render('/accounts/new.html')
def index(self, repo_name, revision=None, f_path=None):
limit = 100
default = 20
if request.GET.get('size'):
c.size = max(min(safe_int(request.GET.get('size')), limit), 1)
session['changelog_size'] = c.size
session.save()
else:
c.size = int(session.get('changelog_size', default))
# min size must be 1
c.size = max(c.size, 1)
p = safe_int(request.GET.get('page', 1), 1)
branch_name = request.GET.get('branch', None)
if (branch_name and branch_name not in c.rhodecode_repo.branches
and branch_name not in c.rhodecode_repo.closed_branches
and not revision):
return redirect(
url('changelog_file_home',
repo_name=c.repo_name,
revision=branch_name,
f_path=f_path or ''))
c.changelog_for_path = f_path
try:
if f_path:
log.debug('generating changelog for path %s' % f_path)
# get the history for the file !
tip_cs = c.rhodecode_repo.get_changeset()
try:
collection = tip_cs.get_file_history(f_path)
except (NodeDoesNotExistError, ChangesetError):
#this node is not present at tip !
try:
cs = self.__get_cs_or_redirect(revision, repo_name)
collection = cs.get_file_history(f_path)
except RepositoryError, e:
h.flash(safe_str(e), category='warning')
redirect(h.url('changelog_home', repo_name=repo_name))
collection = list(reversed(collection))
else:
def save(self, id=None):
if id is None:
abort(404)
if h.forms.validate(h.forms.PostForm()):
if id == '0':
# new post
new = h.post.new()
for k, v in c.form_result.items():
if k <> 'tags':
setattr(new, k, v)
new.posted = h.timehelpers.now()
identity = request.environ.get('repoze.who.identity')
new.author = h.auth.get_user_id(identity['repoze.who.userid'])
else:
# edit
new = h.post.get(int(id))
new.body = request.POST['body']
new.subject = request.POST['subject']
# save to db
h.post.save(new)
# tags
self._create_and_link_tags(request.POST['tags'], new.id)
# flash message
session['flash'] = 'Post successfully saved.'
session.save()
# redirect to post
c.post = new
redirect(url(controller='blog',
action='view',
id=new.id,
subject=h.urlify(new.subject)),
code=303)
else:
session[
'flash'] = 'Erros in the submitted post, please correct and try again.'
session.save()
c.post = None
html = render('/blog/write.mako')
return htmlfill.render(html,
defaults=c.form_result,
errors=c.form_errors)
def make_thingy_url(thingy, subpage=None, controller='dex'):
u"""Given a thingy (Pokémon, move, type, whatever), returns a URL to it.
"""
# Using the table name as an action directly looks kinda gross, but I can't
# think of anywhere I've ever broken this convention, and making a
# dictionary to get data I already have is just silly
args = {}
# Pokémon with forms need the form attached to the URL
if isinstance(thingy, tables.PokemonForm):
action = 'pokemon'
args['form'] = thingy.form_identifier.lower()
args['name'] = thingy.pokemon.species.name.lower()
if not thingy.is_default:
subpage = 'flavor'
elif isinstance(thingy, tables.PokemonSpecies):
action = 'pokemon'
args['name'] = thingy.name.lower()
else:
action = thingy.__tablename__
args['name'] = thingy.name.lower()
# Items are split up by pocket
if isinstance(thingy, tables.Item):
args['pocket'] = thingy.pocket.identifier
if (thingy.__tablename__.startswith('conquest_') or
(isinstance(thingy, tables.Ability) and not thingy.is_main_series)
or subpage == 'conquest'):
# Conquest stuff needs to go to the Conquest controller
if action == 'conquest_warrior_skills':
action = 'skills'
else:
action = action.replace('conquest_', '')
controller = 'dex_conquest'
elif subpage:
action += '_' + subpage
return url(controller=controller, action=action, **args)
def conquest_evolution_description(evolution, _=_):
"""Crafts a human-readable description from a `conquest_pokemon_evolution`
row object.
"""
chunks = []
# Trigger
if evolution.recruiting_ko_required:
chunks.append(
'Score a KO that makes a warrior offer to join your army')
elif evolution.item_id is not None:
chunks.append('Win a battle')
else:
chunks.append('Perform any action')
# Conditions
if evolution.kingdom_id is not None:
chunks.append(
h.literal(_(u'in {0}')).format(
h.HTML.a(evolution.kingdom.name,
href=url(controller='dex_conquest',
action='kingdoms',
name=evolution.kingdom.name.lower()))))
if evolution.item_id is not None:
chunks.append(
h.literal(_(u'with {article} {item} equipped')).format(
article=article(evolution.item.name),
item=item_link(evolution.item, include_icon=False)))
if evolution.required_stat_id is not None:
chunks.append(
_(u'with at least {number} {stat} afterwards').format(
number=evolution.minimum_stat, stat=evolution.stat.name))
if evolution.minimum_link is not None:
chunks.append(
_(u'with at least {0}% link afterwards').format(
evolution.minimum_link))
if evolution.warrior_gender_id is not None:
chunks.append(
_(u'{0} warriors only').format(evolution.gender.identifier))
return h.literal(u', ').join(chunks)
def new(self):
"Add an organization"
c.form = OrgForm(request.POST, csrf_context=session)
c.form.domains.query = Session.query(Domain)
c.form.admins.query = Session.query(User).filter(
User.account_type == 2)
if request.POST and c.form.validate():
try:
org = Group()
org.name = c.form.name.data
org.domains = c.form.domains.data
Session.add(org)
Session.commit()
info = ADDORG_MSG % dict(o=org.name)
audit_log(c.user.username, 3, info, request.host,
request.remote_addr, datetime.now())
flash(_('The organization has been created'))
redirect(url(controller='organizations'))
except IntegrityError:
flash_alert(_('The organization already exists'))
return render('/organizations/add.html')
def edit_advanced_journal(self, repo_name):
"""
Set's this repository to be visible in public journal,
in other words assing default user to follow this repo
:param repo_name:
"""
try:
repo_id = Repository.get_by_repo_name(repo_name).repo_id
user_id = User.get_default_user().user_id
self.scm_model.toggle_following_repo(repo_id, user_id)
h.flash(_('Updated repository visibility in public journal'),
category='success')
Session().commit()
except Exception:
h.flash(_('An error occurred during setting this'
' repository in public journal'),
category='error')
return redirect(url('edit_repo_advanced', repo_name=repo_name))
def authenticate(self):
"""Checks whether username and password match any records in the User
table.
"""
username = self.form_result['username']
password = unicode(
hashlib.sha224(self.form_result['password']).hexdigest())
user_q = meta.Session.query(model.User)
user = user_q.filter(model.User.username == username).filter(
model.User.password == password).first()
if user:
# Successful login
# Update session and app_globals data (function located in lib/functions.py)
h.updateSessionAndGlobals(user)
redirect(url(controller='home', action='index'))
else:
session['flash'] = 'Authentication failed.'
return render('/derived/login/login.html')
def users(self):
checkLogin()
c.site = "User administration"
c.name = session['project_id']
c.menu = genMenu(self)
p = Project()
p.load(c.name, getConfig())
c.header = ('Login', 'EMail', "Remove?")
c.rows = [(x[0], mail_to(x[3]), link_to("Remove", \
url(controller="project", action='userRemove', id = x[0]), \
confirm="Are You sure?")) \
for x in p.getUsers()]
c.style = "width: 70%; text-align: center;"
c.content = render("/table.html")
return render("/temp.html")
def r(self, institutionid):
uuid = '0'
sol = solr.SolrConnection(solrconfig.solr_urls['institutions'])
sol_response = sol.query(
"dcterms_identifier-edit_:edit_cofk_union_institution-" +
institutionid,
fields='uuid',
score=False,
rows=1,
start=0)
sol.close()
if sol_response.numFound > 0:
uuid = sol_response.results[0]['uuid']
return redirect(url(controller='profile',
action='institution',
id=uuid),
code=301)
def delete(self, id):
"""Delete the BLD collection with ID=id."""
if id is None:
abort(404)
collection_q = meta.Session.query(model.Collection)
collection = collection_q.get(int(id))
if collection is None:
abort(404)
# Back up Form to formbackup table
backupCollection(collection)
# Delete Collection info in database
meta.Session.delete(collection)
meta.Session.commit()
# Create the flash message
session['flash'] = "Collection %s has been deleted" % id
session.save()
redirect(url(controller='collection', action='results'))
def __before__(self):
# Set language according to what the browser requested
user_agent_language = request.languages[0][0:2]
if user_agent_language in app_globals.supported_languages:
set_lang(user_agent_language)
else:
set_lang(app_globals.default_language)
if self.requires_auth and 'user_id' not in session:
# Remember where we came from so that the user can be sent there
# after a successful login
session['path_before_login'] = request.path_info
session.save()
redirect(url(controller='login', action='index'))
c.config = config
# The templates require the submenu to be existing
# If no controller added a submenu, its fair enough to instantiate an empty
# object here
if not hasattr(c, 'submenu'):
c.submenu = SubMenu()
def __get_cs_or_redirect(self, rev, repo_name, redirect_after=True):
"""
Safe way to get changeset if error occur it redirects to tip with
proper message
:param rev: revision to fetch
:param repo_name: repo name to redirect after
"""
try:
return c.rhodecode_repo.get_changeset(rev)
except EmptyRepositoryError, e:
if not redirect_after:
return None
url_ = url('files_add_home',
repo_name=c.repo_name,
revision=0, f_path='')
add_new = h.link_to(_('Click here to add new file'), url_)
h.flash(h.literal(_('There are no files yet %s') % add_new),
category='warning')
redirect(h.url('summary_home', repo_name=repo_name))
def test_view(self):
"""
Test view page for a dataset
"""
# Get the view page for the dataset
response = self.app.get(
url(controller='dataset', action='view', dataset='cra'))
# The dataset label should be present in the response
assert 'Country Regional Analysis v2009' in response, \
"'Country Regional Analysis v2009' not in response!"
# Assertions about time range
assert 'Time range' in response.body, \
'Time range is not present on view page for dataset'
# Start date comes from looking at the test fixture for cra
assert '2003-01-01' in response.body, \
'Starting date of time range not on view page for dataset'
# End date comes from looking at the test fixture for cra
assert '2010-01-01' in response.body, \
'End date of time range not on view page for dataset'
def delete(self, userid):
"""/accounts/delete/id"""
user = self._get_user(userid)
if not user:
abort(404)
c.form = EditUserForm(request.POST, user, csrf_context=session)
del c.form.domains
if request.method == 'POST':
if c.form.validate():
delete_user(user, c.user, request.host, request.remote_addr)
flash(_('The account has been deleted'))
redirect(url(controller='accounts', action='index'))
else:
flash_info(
_('The account: %(a)s and all associated data'
' will be deleted, This action is not reversible.') %
dict(a=user.username))
c.fields = FORM_FIELDS
c.id = userid
return self.render('/accounts/delete.html')
def make_userservice_request(self, action, params=None,
auth_user=None):
if not params:
params = {}
if not hasattr(self, 'user_service'):
setattr(self, 'user_service', {})
user, password = auth_user
auth_cookie = self.user_service.get(user,
self._user_service_init(user, password))
TestController.set_cookie(self.app, 'userauthcookie', auth_cookie)
params['session'] = auth_cookie
params['user'] = user
response = self.app.get(url(controller='userservice',
action=action),
params=params)
return response
def creategroup(self):
name = None
if 'name' in request.params:
name = request.params['name']
description = None
if 'description' in request.params:
description = request.params['description']
try:
dh = DirectoryHelper(
directoryCN, directoryPassword, directoryDomain)
dh.ldap.create_group(name, description)
session['flash'] = 'Successfully created group %s' % name
session.save()
except:
session['flash'] = 'Group %s already exists' % name
session.save()
return redirect(url(
controller='users', action='groups'))
def repo_link(groups_and_repos):
"""
Makes a breadcrumbs link to repo within a group
joins » on each group to create a fancy link
ex::
group >> subgroup >> repo
:param groups_and_repos:
:param last_url:
"""
groups, just_name, repo_name = groups_and_repos
last_url = url('summary_home', repo_name=repo_name)
last_link = link_to(just_name, last_url)
def make_link(group):
return link_to(group.name,
url('repos_group_home', group_name=group.group_name))
return literal(' » '.join(
map(make_link, groups) + ['<span>%s</span>' % last_link]))
def delete(self, domainid):
"Delete a domain"
domain = self._get_domain(domainid)
if not domain:
abort(404)
c.id = domainid
c.form = EditDomainForm(request.POST, domain, csrf_context=session)
del c.form.organizations
if request.method == 'POST':
if c.form.validate():
delete_domain(domain, c.user, request.host,
request.remote_addr)
flash(_('The domain has been deleted'))
redirect(url(controller='domains'))
else:
flash(
_('The domain: %(name)s and all associated data will'
' be deleted, This action cannot be reversed.') %
dict(name=domain.name))
return self.render('/domains/delete.html')
def deletedestination(self, destinationid):
"Delete destination server"
server = self._get_server(destinationid)
if not server:
abort(404)
c.form = AddDeliveryServerForm(request.POST,
server,
csrf_context=session)
if request.method == 'POST':
if c.form.validate():
domainid = delete_destination(server, c.user, request.host,
request.remote_addr)
flash(_('The destination server has been deleted'))
redirect(url('domain-detail', domainid=domainid))
else:
flash(
_('The destination server: %(s)s will be deleted,'
' This action is not reversible') % dict(s=server.address))
c.id = destinationid
c.domainid = server.domain_id
return self.render('/domains/deletedestination.html')
def getLastNotification(self, user_id=None):
# If user ID given - Get notifications directly from db for that user - we do this because if the user is persona we cant just log in and out to get there notifications
if user_id:
notification_list = to_apilist(
Session.query(Message).filter(
and_(Message.source_id == null(),
Message.target_id == user_id)).order_by(
Message.timestamp.desc()),
obj_type='messages',
limit=3,
)
# Else - get notifications using API for currently logged in user
else:
response = self.app.get(url('messages', format='json'),
params={
'list': 'notification',
'limit': 3,
},
status=200)
notification_list = json.loads(response.body)
return notification_list['data']['list']['items'][0]
def job_form(self):
if (c.userid == "false"):
redirect(url('/users/login?m=1'))
try:
formtype = request.params['type']
jobid = request.params['jobid']
except:
jobid = add_job(c.userid, "Generic Job Form")
formtype = "resource"
if formtype == "resource":
try:
resource_type = request.params['rtype']
someid = request.params['sid']
infid = add_jobmeta(jobid, formtype)
data = {'infid': infid, 'jobid': jobid}
if (resource_type == "pbs"):
c.form = pbs_resource_Form(initial=data)
elif (resource_type == "gram"):
c.form = gram_resource_Form(initial=data)
else:
c.form = ssh_resource_Form(initial=data)
except:
pass
infid = add_jobmeta(jobid, formtype)
data = {'infid': infid, 'jobid': jobid}
c.form = resource_type_Form(initial=data)
elif formtype == "wu":
infid = add_jobmeta(jobid, formtype)
data = {'infid': infid, 'jobid': jobid}
c.form = wu_Form(initial=data)
return render('/generic_form.mako')
def settings_labs_update(self):
"""POST /admin/settings/labs: All items in the collection"""
# url('admin_settings/labs', method={'POST'})
c.active = 'labs'
application_form = LabsSettingsForm()()
try:
form_result = application_form.to_python(dict(request.POST))
except formencode.Invalid as errors:
h.flash(_('Some form inputs contain invalid data.'),
category='error')
return htmlfill.render(render('admin/settings/settings.html'),
defaults=errors.value,
errors=errors.error_dict or {},
prefix_error=False,
encoding='UTF-8',
force_defaults=False)
try:
session = Session()
for setting in _LAB_SETTINGS:
setting_name = setting.key[len('rhodecode_'):]
sett = SettingsModel().create_or_update_setting(
setting_name, form_result[setting.key], setting.type)
session.add(sett)
except Exception:
log.exception('Exception while updating lab settings')
h.flash(_('Error occurred during updating labs settings'),
category='error')
else:
Session().commit()
SettingsModel().invalidate_settings_cache()
h.flash(_('Updated Labs settings'), category='success')
return redirect(url('admin_settings_labs'))
return htmlfill.render(render('admin/settings/settings.html'),
defaults=self._form_defaults(),
encoding='UTF-8',
force_defaults=False)
def permission_application_update(self):
c.active = 'application'
self.__load_data()
_form = ApplicationPermissionsForm(
[x[0] for x in c.register_choices],
[x[0] for x in c.extern_activate_choices])()
try:
form_result = _form.to_python(dict(request.POST))
form_result.update({'perm_user_name': User.DEFAULT_USER})
PermissionModel().update_application_permissions(form_result)
settings = [
('register_message', 'default_register_message'),
]
for setting, form_key in settings:
sett = SettingsModel().create_or_update_setting(
setting, form_result[form_key])
Session().add(sett)
Session().commit()
h.flash(_('Application permissions updated successfully'),
category='success')
except formencode.Invalid as errors:
defaults = errors.value
return htmlfill.render(
render('admin/permissions/permissions.html'),
defaults=defaults,
errors=errors.error_dict or {},
prefix_error=False,
encoding="UTF-8",
force_defaults=False)
except Exception:
log.exception("Exception during update of permissions")
h.flash(_('Error occurred during update of permissions'),
category='error')
return redirect(url('admin_permissions_application'))
def edit(self, gist_id):
self._add_gist_to_context(gist_id)
owner = c.gist.gist_owner == c.rhodecode_user.user_id
if not (h.HasPermissionAny('hg.admin')() or owner):
raise HTTPForbidden()
rpost = request.POST
nodes = {}
_file_data = zip(rpost.getall('org_files'), rpost.getall('files'),
rpost.getall('mimetypes'), rpost.getall('contents'))
for org_filename, filename, mimetype, content in _file_data:
nodes[org_filename] = {
'org_filename': org_filename,
'filename': filename,
'content': content,
'lexer': mimetype,
}
try:
GistModel().update(gist=c.gist,
description=rpost['description'],
owner=c.gist.owner,
gist_mapping=nodes,
gist_type=c.gist.gist_type,
lifetime=rpost['lifetime'],
gist_acl_level=rpost['acl_level'])
Session().commit()
h.flash(_('Successfully updated gist content'), category='success')
except NodeNotChangedError:
# raised if nothing was changed in repo itself. We anyway then
# store only DB stuff for gist
Session().commit()
h.flash(_('Successfully updated gist data'), category='success')
except Exception:
log.exception("Exception in gist edit")
h.flash(_('Error occurred during update of gist %s') % gist_id,
category='error')
return redirect(url('gist', gist_id=gist_id))
