def delete_my_account(self): if hasattr(self, 'form_result'): h.flash(_('Your account has been successfully removed!')) c.user.delete_user() meta.Session.commit() redirect(url(controller='home', action='logout')) redirect(url(controller='profile', action='login_settings'))
def feed_rss(self): q = db.session.query(Dataset) if not (c.account and c.account.admin): q = q.filter_by(private=False) feed_items = q.order_by(Dataset.created_at.desc()).limit(20) items = [] for feed_item in feed_items: items.append({ 'title': feed_item.label, 'pubdate': feed_item.updated_at, 'link': url(controller='dataset', action='view', dataset=feed_item.name, qualified=True), 'description': feed_item.description, 'author_name': ', '.join([person.fullname for person in feed_item.managers if person.fullname]), }) feed = Rss201rev2Feed(_('Recently Created Datasets'), url( controller='home', action='index', qualified=True), _('Recently created datasets in the OpenSpending Platform'), author_name='Openspending') for item in items: feed.add_item(**item) sio = StringIO() feed.write(sio, 'utf-8') response.content_type = 'application/xml' return sio.getvalue()
def create_comment(self): content = None node = None if 'comment' in request.params: content = request.params['comment'] if not content: return redirect( url(controller='nodes', action='show', id=id)) if 'node' in request.params: id = request.params['node'] node = Session.query(Node)\ .filter(Node.id == id).first() if node: if not node.comments: node.comments = [] comment = NodeComment() comment.node_id = id user = Session.query(User).filter( User.id == session['active_user']['user_id']).first() comment.user_id = session['active_user']['user_id'] comment.description = content node.comments.append(comment) Session.add(node) Session.add(comment) Session.commit() return redirect(url(controller='nodes', action='show', id=id))
def test_new_wrong_user(self): # First we add a Dataset with user 'test_new' user = Account.by_name('test_new') assert user.api_key == 'd0610659-627b-4403-8b7f-6e2820ebc95d' u = url(controller='api/version2', action='create') params = { 'metadata': 'https://dl.dropbox.com/u/3250791/sample-openspending-model.json', 'csv_file': 'http://mk.ucant.org/info/data/sample-openspending-dataset.csv' } apikey_header = 'apikey {0}'.format(user.api_key) response = self.app.post(u, params, {'Authorization': apikey_header}) assert "200" in response.status assert Dataset.by_name('openspending-example') is not None # After that we try to update the Dataset with user 'test_new2' user = Account.by_name('test_new2') assert user.api_key == 'c011c340-8dad-419c-8138-1c6ded86ead5' u = url(controller='api/version2', action='create') params = { 'metadata': 'https://dl.dropbox.com/u/3250791/sample-openspending-model.json', 'csv_file': 'http://mk.ucant.org/info/data/sample-openspending-dataset.csv' } apikey_header = 'apikey {0}'.format(user.api_key) response = self.app.post(u, params, {'Authorization': apikey_header}, expect_errors=True) assert '403' in response.status
def image(image): if image.unauthenticated_access: http_url = url('get_raw_by_user', user=image.owner.user_name, image=image.name, hypervisor='__hypervisor__', protocol='http') else: http_url = None return {'uuid':image.uuid, 'name':image.name, 'owner_user_name':image.owner.user_name, 'owner':url('user', user=image.owner.user_name, qualified=True), 'uploaded':ctime_or_none(image.uploaded), 'modified':ctime_or_none(image.modified), 'expires':ctime_or_none(image.expires), 'checksum':{'type':image.checksum.ctype, 'value':image.checksum.cvalue}, 'os_variant':image.os_variant, 'os_type':image.os_type, 'os_arch':image.os_arch, 'hypervisor':image.hypervisor, 'description':image.description, 'read_only':image.read_only, 'unauthenticated_access':image.unauthenticated_access, 'http_file_url':http_url, 'raw_file_uploaded':image.raw_uploaded, 'version':image.version, 'size':image.size, 'file_url':url('get_raw_by_user', user=image.owner.user_name, image=image.name, hypervisor='__hypervisor__', qualified=True), 'shared_with':{'groups':[url('group', group=g.name, qualified=True) for g in image.shared.groups], 'users':[url('user', user=u.user_name, qualified=True) for u in image.shared.users], }, }
def login_validate(self): if (c.userid != "false"): redirect(url('/users/login?m=2')) session['logged_in'] = True session.save() if request.method == 'POST': loginform = LoginForm(request.POST) if loginform.is_valid(): userid = authenticate_user(loginform.cleaned_data['email'], \ loginform.cleaned_data['password']) if (userid != "invalid" ): session['userid'] = userid session.save() print session['userid'] c.login = "******" print loginform.cleaned_data['redirect'] if request.POST['redirect']=='null': redirect(url('/')) else: redirect(url(str(loginform.cleaned_data['redirect']))) else: c.login = "******" c.form = LoginForm(request.POST) return render("/users/login.mako") else: c.form = LoginForm(request.POST) return render("/users/login.mako") redirect(url('/'))
def support(self): if not c.user: redirect(url(controller='home', action='login', came_from=url(controller='profile', action='support'), context_type='support')) return render('/profile/support.mako')
def rss(self, repo_name): """Produce an rss2 feed via feedgenerator module""" feed = Rss201rev2Feed( title=self.title % repo_name, link=url('summary_home', repo_name=repo_name, qualified=True), description=self.description % repo_name, language=self.language, ttl=self.ttl ) for cs in reversed(list(c.rhodecode_repo[-self.feed_nr:])): desc_msg = [] desc_msg.append('%s - %s<br/><pre>' % (cs.author, cs.date)) desc_msg.append(self.__changes(cs)) feed.add_item(title=self._get_title(cs), link=url('changeset_home', repo_name=repo_name, revision=cs.raw_id, qualified=True), author_name=cs.author, description=''.join(desc_msg), ) response.content_type = feed.mime_type return feed.writeString('utf-8')
def land_fb(self): fb_user = facebook.get_user_from_cookie(request.cookies, config['facebook.appid'], config['facebook.secret']) if not fb_user or 'uid' not in fb_user or 'access_token' not in fb_user: h.flash(_("Failed to link Facebook account")) redirect(url('frontpage')) facebook_id = int(fb_user['uid']) fb_access_token = fb_user['access_token'] registration = meta.Session.query(UserRegistration).\ filter_by(completed=False, facebook_id=facebook_id).first() if registration is None: h.flash(_("Your invitation has expired.")) redirect(url('frontpage')) name, email = self._facebook_name_and_email(facebook_id, fb_access_token) if not email: h.flash(_("Facebook did not provide your email address.")) redirect(url('frontpage')) registration.fullname = name registration.email = registration.facebook_email = email registration.email_confirmed = True registration.update_logo_from_facebook() meta.Session.commit() redirect(registration.url(action='university_info'))
def welcome(self): identity = request.environ.get("repoze.who.identity") came_from = request.params.get('came_from') or "/" came_from = unquote(came_from) came_from = unquote(came_from) came_from = unquote(came_from) came_from = str(came_from) if identity: # Login succeeded userid = identity['repoze.who.userid'] #user_det = get_mediator_details(userid) #if user_det['name']: # session['user_name'] = user_det['name'] #if user_det['uri']: # session['user_uri'] = str(user_det['uri']) session['user_id'] = userid session.save() return redirect(url(came_from)) else: # Login failed try: login_counter = request.environ['repoze.who.logins'] + 1 except: login_counter = 0 destination = "/login?came_from=%s&logins=%s" % (came_from, login_counter) return redirect(url(destination))
def make_request( self, controller, action, method='GET', params=None, headers=None, cookies=None, ): """ Makes a request using WebTest app self.app """ assert controller and action assert method in ['GET', 'POST'] # Clear state (e.g. cookies) self.app.reset() if cookies: for key in cookies: TestController.set_cookie(self.app, key, cookies[key]) if method == 'GET': return self.app.get( url(controller=controller, action=action), params=params, headers=headers, ) else: return self.app.post( url(controller=controller, action=action), params=params, headers=headers, )
def logout(self): ''' This action deletes the cookie and redirects to the /openid/status to show the login status If the logout is called in the context of an openid authentication, the user is already logged in as a different user. In this case we forward to the /openid/login page after the logout was made. Another option for the openid authentication context would be to redirect to the return_to url by setting redirect_to = params["openid.return_to"] p["openid.mode"] = "setup_needed" which advises the openid relying party to restart the login process. ''' response.delete_cookie(COOKIE_NAME) params = {} params.update(request.params) p = {} ## are we are called during an openid auth request? if "openid.return_to" in params: redirect_to = "/openid/login" p.update(params) do_redirect = url(str("%s?%s" % (redirect_to, urlencode(p)))) else: redirect_to = "/openid/status" do_redirect = url(str("%s?%s" % (redirect_to, urlencode(p)))) redirect(do_redirect)
def register(self): name = request.POST.get('name') email = request.POST.get('email') location_id = request.POST.get('location_id') accept_terms = request.POST.get('accept_terms') person = request.POST.get('person') c.universities = self._universities(limit=12) c.all_universities = self._universities() # checks if email, name, person are not empty if not email or not name or not person or accept_terms != '1': redirect(url('frontpage')) # redirect to login if user is already registered if User.get_all(email): redirect(url(controller='home', action='login', email=email)) # otherwise we validate the form properly try: self.form_result = RegistrationForm().to_python(request.POST) except validators.Invalid, e: return htmlfill.render(self._sign_up_form(), defaults=request.POST, errors=e.error_dict, error_formatters=u_error_formatters)
def login(self): "login" if request.remote_addr in session: if session[request.remote_addr] > now(): abort(409, _('You have been banned after' ' several failed logins')) else: del session[request.remote_addr] session.save() identity = request.environ.get('repoze.who.identity') came_from = unquote(str(request.GET.get('came_from', ''))) if not came_from or ' ' in came_from: came_from = url('home') if '://' in came_from: from_url = urlparse(came_from) came_from = from_url[2] if identity: redirect(url(came_from)) else: c.came_from = came_from c.login_counter = request.environ['repoze.who.logins'] if c.login_counter >= 3: ban_until = now() + timedelta(minutes=5) if request.remote_addr not in session: session[request.remote_addr] = ban_until session.save() else: if now() > session[request.remote_addr]: del session[request.remote_addr] session.save() c.form = ResetPwForm(request.POST, csrf_context=session) return render('/accounts/login.html')
def loggedout(self): "Logged out page" session.clear() session.save() came_from = (unquote(str(request.params.get('came_from', ''))) or url('/accounts/login')) redirect(url(came_from))
def delete(self, userid): """/accounts/delete/id""" user = self._get_user(userid) if not user: abort(404) c.form = EditUserForm(request.POST, user, csrf_context=session) del c.form.domains if request.POST and c.form.validate(): username = user.username user_id = unicode(user.id) Session.delete(user) Session.commit() update_serial.delay() flash(_('The account has been deleted')) info = DELETEACCOUNT_MSG % dict(u=username) audit_log(c.user.username, 4, unicode(info), request.host, request.remote_addr, now()) if userid == user_id: redirect(url('/logout')) redirect(url(controller='accounts', action='index')) else: flash_info(_('The account: %(a)s and all associated data' ' will be deleted, This action is not reversible.') % dict(a=user.username)) c.fields = FORM_FIELDS c.id = userid return render('/accounts/delete.html')
def authenticate(self): user = User() user.login = request.POST["login"] user.password = request.POST["password"] try: user.exists() except UserDoesntExistsException: flash(u"Niepoprawne dane autoryzacyjne. Sprawdź swój login i hasło.", "error") return redirect(url(controller="users", action="login")) user = User.query.filter(User.login == request.POST["login"]).first() flash(u"Witamy w systemie") try: session["user"] = {"id": user.id, "login": user.login} groups = [] for group in user.groups: groups.append(str(group.name).lower()) session["user"].update({"groups": groups}) except KeyError: pass else: session.save() return redirect(url("/"))
def submit(self): """ Verify username and password """ # Both fields filled? form_username = str(request.params.get("username")) form_password = str(request.params.get("password")) m = hashlib.md5() m.update(form_password) passhash = m.hexdigest() # Get user data from database if app_globals.rpcservice.check_admin(form_username, passhash): # Mark admin as logged in session["user"] = form_username session["passhash"] = passhash session.save() return redirect(url(controller="syncuser", action="index")) if app_globals.rpcservice.check_user(form_username, passhash): # Mark user as logged in session["user"] = form_username session["passhash"] = passhash session.save() return redirect(url(controller="account")) return redirect(url.current(action="invalid"))
def update_perms(self, group_name): """ Update permissions for given repository group :param group_name: """ c.repo_group = RepoGroupModel()._get_repo_group(group_name) valid_recursive_choices = ['none', 'repos', 'groups', 'all'] form_result = RepoGroupPermsForm(valid_recursive_choices)().to_python(request.POST) if not c.authuser.is_admin: if self._revoke_perms_on_yourself(form_result): msg = _('Cannot revoke permission for yourself as admin') h.flash(msg, category='warning') return redirect(url('edit_repo_group_perms', group_name=group_name)) recursive = form_result['recursive'] # iterate over all members(if in recursive mode) of this groups and # set the permissions ! # this can be potentially heavy operation RepoGroupModel()._update_permissions(c.repo_group, form_result['perms_new'], form_result['perms_updates'], recursive) #TODO: implement this #action_logger(self.authuser, 'admin_changed_repo_permissions', # repo_name, self.ip_addr, self.sa) Session().commit() h.flash(_('Repository Group permissions updated'), category='success') return redirect(url('edit_repo_group_perms', group_name=group_name))
def process(self, entity_type = '1', id=None): if not h.auth.is_logged_in(): abort(401) if not h.auth.is_admin(): abort(403) q = request.params.get('q', None) label = request.params.get('label', None) sep_dir = request.params.get('sep_dir', None) action = request.params.get('action', None) type = request.params.get("entity_type", '1') if type == '1': redirect(url(controller='idea', action='process', q = q, label = label, sep_dir = sep_dir, action2 = action), code=303) elif type == '3': print "hi der m tryin to process ur thinker" redirect(url(controller = 'thinker', action='process', q = q, label = label, sep_dir = sep_dir, action2 = action), code=303) elif type == '4': print "hi der m tryin to process ur journal" redirect(url(controller = 'journal', action='process', q = q, label = label, sep_dir = sep_dir, action2 = action), code=303) elif type == '5': print "hi der m tryin to process ur work" redirect(url(controller = 'work', action='process', q = q, label = label, sep_dir = sep_dir, action2 = action), code=303) elif type == '6': print "hi der m tryin to process ur school_of_thought" redirect(url(controller = 'school_of_thought', action='process', q = q, label = label, sep_dir = sep_dir, action2 = action), code=303)
def job_insert(self): if (c.userid == "false"): redirect(url('/users/login?m=1')) #extra_questions = get_questions(request) #form = UserCreationForm(request.POST or None, extra=extra_questions) if request.method == 'POST': appname = request.POST['appname'] if (appname =='tophatfusion'): c.form = tophatfusionForm(request.POST,request.POST ) elif (appname =='bfast') : c.form = bfastForm(request.POST,request.POST ) elif (appname =='chipseq') : c.form = chipseqForm(request.POST,request.POST ) if c.form.is_valid(): #add using job queue jobid =add_job(c.userid) for key in c.form.cleaned_data: print "key", key print "value", c.form.cleaned_data[key] newjobinfo = model.jobinfo() newjobinfo.key = key newjobinfo.value = c.form.cleaned_data[key] newjobinfo.submitted_time = time.asctime() newjobinfo.jobid = jobid add_jobinfo(newjobinfo) update_job_status(jobid, str(JOBSTATES.NEW)) redirect(url('/ngs/job_table_view?m=1&id=' + str(jobid) )) else: return render('/forms/chipseq_form.mako')
def test_aggregate_order(self): def unique(seq): result = [] for item in seq: if item not in result: result.append(item) return result response = self.app.get(url(controller='api/version2', action='aggregate', dataset='cra', order='year:asc', drilldown='year')) assert response.status == '200 OK' result = json.loads(response.body) order = [cell['year'] for cell in result['drilldown']] expected_result = map(unicode, [2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010]) assert unique(order) == expected_result response = self.app.get(url(controller='api/version2', action='aggregate', dataset='cra', order='year:desc', drilldown='year')) assert response.status == '200 OK' result = json.loads(response.body) order = [cell['year'] for cell in result['drilldown']] expected_result = map(unicode, [2010, 2009, 2008, 2007, 2006, 2005, 2004, 2003]) assert unique(order) == expected_result
def public_journal_rss(self): """ Produce an rss2 feed via feedgenerator module """ c.following = self.sa.query(UserFollowing)\ .filter(UserFollowing.user_id == self.rhodecode_user.user_id)\ .options(joinedload(UserFollowing.follows_repository))\ .all() journal = self._get_journal_data(c.following) feed = Rss201rev2Feed(title=self.title % 'rss', link=url('public_journal_rss', qualified=True), description=_('Public journal'), language=self.language, ttl=self.ttl) for entry in journal[:self.feed_nr]: #tmpl = h.action_parser(entry)[0] action, action_extra = h.action_parser(entry, feed=True) title = "%s - %s %s" % (entry.user.short_contact, action, entry.repository.repo_name) desc = action_extra() feed.add_item(title=title, pubdate=entry.action_date, link=url('', qualified=True), author_email=entry.user.email, author_name=entry.user.full_contact, description=desc) response.content_type = feed.mime_type return feed.writeString('utf-8')
def delete(self, group_name): """DELETE /repos_groups/group_name: Delete an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="DELETE" /> # Or using helpers: # h.form(url('repos_group', group_name=GROUP_NAME), # method='delete') # url('repos_group', group_name=GROUP_NAME) gr = c.repos_group = ReposGroupModel()._get_repo_group(group_name) repos = gr.repositories.all() if repos: h.flash(_('This group contains %s repositores and cannot be ' 'deleted') % len(repos), category='warning') return redirect(url('repos_groups')) children = gr.children.all() if children: h.flash(_('This group contains %s subgroups and cannot be deleted' % (len(children))), category='warning') return redirect(url('repos_groups')) try: ReposGroupModel().delete(group_name) Session().commit() h.flash(_('Removed repository group %s') % group_name, category='success') #TODO: in future action_logger(, '', '', '', self.sa) except Exception: log.error(traceback.format_exc()) h.flash(_('Error occurred during deletion of repository group %s') % group_name, category='error') return redirect(url('repos_groups'))
def _process_contact(self): # Validate secure_form's (CSRF protection) token if not (request.params.get(secure_form.token_key) == secure_form.authentication_token()): abort (403, detail=u'Not permitted (possible CSRF attack)') # If cancelled, dont do anything if request.params.get('op') != 'Submit': session.pop('contactform.errors', None) session.pop('contactform.values', None) return url(controller='contactform', action='nevermind') # Validate form fields ... schema = ContactForm() try: fields = schema.to_python(dict(request.params)) session.pop('contactform.errors', None) session.pop('contactform.values', None) self._save_contact(fields, schema) return url(controller='contactform', action='thanks') except formencode.Invalid, ex: session.update({ 'contactform.errors': ex.error_dict, 'contactform.values': ex.value, }) return url(controller='contactform', action='contact')
def test_give_badge_form(self): """ Test if badge giving form is only present for admin users on about page. Only administrators should see a form to award a badge on the about page for a given dataset. """ # Get badge create url badge_give_url = url(controller='badge', action='give', dataset=self.dataset.name) # Check for non-users (visitors/guests) response = self.app.get(url(controller='dataset', action='about', dataset=self.dataset.name)) assert badge_give_url not in response.body, \ "URL to give dataset a badge is in about page for non-users" # Check for normal users response = self.app.get(url(controller='dataset', action='about', dataset=self.dataset.name), extra_environ={'REMOTE_USER': '******'}) assert badge_give_url not in response.body, \ "URL to give dataset a badge is in about page for normal users" response = self.app.get(url(controller='dataset', action='about', dataset=self.dataset.name), extra_environ={'REMOTE_USER': '******'}) assert badge_give_url in response.body, \ "URL to give dataset a badge isn't in about page for admins"
def test_create_badge_form(self): """ Test to see if create badge form is present on badge index page. The test should only be available to administrators. For this we check whether badge creation url is present on the html sites. """ # Get badge create url create_url = url(controller='badge', action='create') # Check for non-users (visitors/guests) response = self.app.get(url(controller='badge', action='index')) assert create_url not in response.body, \ "URL to create a badge is present in badge index for non-users" # Check for normal users response = self.app.get(url(controller='badge', action='index'), extra_environ={'REMOTE_USER': '******'}) assert create_url not in response.body, \ "URL to create a badge is present in badge index for normal users" response = self.app.get(url(controller='badge', action='index'), extra_environ={'REMOTE_USER': '******'}) assert create_url in response.body, \ "URL to create a badge is not present in badge index for admins"
def delete(self, repo_name): """DELETE /repos/repo_name: Delete an existing item""" # Forms posted to this method should contain a hidden field: # <input type="hidden" name="_method" value="DELETE" /> # Or using helpers: # h.form(url('repo_settings_delete', repo_name=ID), # method='delete') # url('repo_settings_delete', repo_name=ID) repo_model = RepoModel() repo = repo_model.get_by_repo_name(repo_name) if not repo: h.not_mapped_error(repo_name) return redirect(url('home')) try: action_logger(self.rhodecode_user, 'user_deleted_repo', repo_name, self.ip_addr, self.sa) repo_model.delete(repo) invalidate_cache('get_repo_cached_%s' % repo_name) h.flash(_('deleted repository %s') % repo_name, category='success') Session().commit() except Exception: log.error(traceback.format_exc()) h.flash(_('An error occurred during deletion of %s') % repo_name, category='error') return redirect(url('admin_settings_my_account', anchor='my'))
def login_validate(self): if (c.userid != "false"): redirect(url('/users/login?m=2')) session['logged_in'] = True session.save() if request.method == 'POST': c.form = LoginForm(request.POST) if c.form.is_valid(): userid = authenticate_user(c.form.cleaned_data['email'], \ c.form.cleaned_data['password']) print "hellooooo", c.form.cleaned_data['email'], c.form.cleaned_data['password'] if (userid != "invalid" ): session['userid'] = userid session.save() print session['userid'] redirect(url('/')) c.login = "******" else: c.login = "******" else: c.form = LoginForm(request.POST) return render("/users/login.mako")
def post_edit_statement(self, id): if not c.user: # should not happen therefore no c.returnTo redirect(url(controller='login', action='signin', id=id)) query = meta.Session.query(model.Statement) thesis = query.filter_by(id=id).first().attachTrueFalseCount() if not c.user.allow_edit(thesis): raise Exception('no you dont') newMsg = request.params.get('msg') if len(stripMarkup(newMsg)) > int(statement_length): h.flash(_("Error: Only %s characters are allowed!") % statement_length) c.previousMessage = newMsg return self.edit_statement(id) thesis.message = newMsg meta.Session.commit() search.update_index(thesis) redirect(url(controller, 'statements', action='show', id=id))
def create(self): student = Session.query(model.Users).filter_by( email=request.environ['REMOTE_USER']).first() print(request.environ['REMOTE_USER']) print("Email la : ") print(student) course_id = request.params['code'] course = Session.query(model.Course).filter_by(code=course_id).first() if not course: abort(404, '404 Course Not Found') register = Session.query(model.association_table).filter_by( user_id=student.id, course_id=course_id).first() if register: print('Da dang ki tu truoc') else: student.courses.append(course) Session.commit() return redirect( url(controller='students', action='show', id=student.id))
def test_search_expand_facet_dimensions(self): response = self.app.get( url(controller='api/version2', action='search', dataset='cra', pagesize=0, facet_field="from|to.name", expand_facet_dimensions="1")) result = json.loads(response.body) hra = { "taxonomy": "from", "description": "", "id": 5, "name": "999", "label": "ENG_HRA" } assert result['facets']['from'][0][0] == hra assert result['facets']['to.name'][0][0] == 'society'
def __before__(self): super(BaseRepoController, self).__before__() if c.repo_name: dbr = c.rhodecode_db_repo = Repository.get_by_repo_name(c.repo_name) c.rhodecode_repo = c.rhodecode_db_repo.scm_instance # update last change according to VCS data dbr.update_changeset_cache(dbr.get_changeset()) if c.rhodecode_repo is None: log.error('%s this repository is present in database but it ' 'cannot be created as an scm instance', c.repo_name) redirect(url('home')) # some globals counter for menu c.repository_followers = self.scm_model.get_followers(dbr) c.repository_forks = self.scm_model.get_forks(dbr) c.repository_pull_requests = self.scm_model.get_pull_requests(dbr) c.repository_following = self.scm_model.is_following_repo(c.repo_name, self.rhodecode_user.user_id)
def create(self): """Insert new Category data into database. """ category = model.SyntacticCategory() category.name = h.NFD(self.form_result['name']) category.description = h.NFD(self.form_result['description']) # Enter the data meta.Session.add(category) meta.Session.commit() # Update the syncats variable in app_globals tags = h.getSecondaryObjects(['syncats']) app_globals.syncats = tags['syncats'] # Issue an HTTP redirect response.status_int = 302 response.headers['location'] = url(controller='category', action='view', id=category.id) return "Moved temporarily"
def mailq_detail(self, queueid): "View a queued message's details" query = Session.query(MailQueueItem) uquery = UserFilter(Session, c.user, query, model=MailQueueItem) query = uquery.filter() try: mailqitem = query.filter(MailQueueItem.id == queueid).one() except NoResultFound: # abort(404) flash_alert(_('The requested queued message was not found.')) redirect(url('mailq-status')) c.mailqitem = mailqitem c.form = MailQueueProcessForm(request.POST, csrf_context=session) session['queue_choices'] = [ (queueid, queueid), ] session.save() return self.render('/status/detail.html')
def add(self): """/accounts/new""" c.form = AddUserForm(request.POST, csrf_context=session) if c.user.is_domain_admin: account_types = (('3', 'User'), ) c.form.account_type.choices = account_types c.form.domains.query = Session.query(Domain).join(dom_owns, (oas, dom_owns.c.organization_id == oas.c.organization_id))\ .filter(oas.c.user_id == c.user.id) else: c.form.domains.query = Session.query(Domain) if request.POST and c.form.validate(): try: user = User(username=c.form.username.data, email=c.form.email.data) for attr in [ 'firstname', 'lastname', 'email', 'active', 'account_type', 'send_report', 'spam_checks', 'low_score', 'high_score', 'timezone' ]: setattr(user, attr, getattr(c.form, attr).data) user.local = True user.set_password(c.form.password1.data) if int(user.account_type) == 3: user.domains = c.form.domains.data Session.add(user) Session.commit() update_serial.delay() info = ADDACCOUNT_MSG % dict(u=user.username) audit_log(c.user.username, 3, info, request.host, request.remote_addr, now()) flash( _('The account: %(user)s was created successfully') % {'user': c.form.username.data}) redirect(url('account-detail', userid=user.id)) except IntegrityError: Session.rollback() flash_alert( _('Either the username or email address already exist')) return render('/accounts/new.html')
def index(self, repo_name, revision=None, f_path=None): limit = 100 default = 20 if request.GET.get('size'): c.size = max(min(safe_int(request.GET.get('size')), limit), 1) session['changelog_size'] = c.size session.save() else: c.size = int(session.get('changelog_size', default)) # min size must be 1 c.size = max(c.size, 1) p = safe_int(request.GET.get('page', 1), 1) branch_name = request.GET.get('branch', None) if (branch_name and branch_name not in c.rhodecode_repo.branches and branch_name not in c.rhodecode_repo.closed_branches and not revision): return redirect( url('changelog_file_home', repo_name=c.repo_name, revision=branch_name, f_path=f_path or '')) c.changelog_for_path = f_path try: if f_path: log.debug('generating changelog for path %s' % f_path) # get the history for the file ! tip_cs = c.rhodecode_repo.get_changeset() try: collection = tip_cs.get_file_history(f_path) except (NodeDoesNotExistError, ChangesetError): #this node is not present at tip ! try: cs = self.__get_cs_or_redirect(revision, repo_name) collection = cs.get_file_history(f_path) except RepositoryError, e: h.flash(safe_str(e), category='warning') redirect(h.url('changelog_home', repo_name=repo_name)) collection = list(reversed(collection)) else:
def save(self, id=None): if id is None: abort(404) if h.forms.validate(h.forms.PostForm()): if id == '0': # new post new = h.post.new() for k, v in c.form_result.items(): if k <> 'tags': setattr(new, k, v) new.posted = h.timehelpers.now() identity = request.environ.get('repoze.who.identity') new.author = h.auth.get_user_id(identity['repoze.who.userid']) else: # edit new = h.post.get(int(id)) new.body = request.POST['body'] new.subject = request.POST['subject'] # save to db h.post.save(new) # tags self._create_and_link_tags(request.POST['tags'], new.id) # flash message session['flash'] = 'Post successfully saved.' session.save() # redirect to post c.post = new redirect(url(controller='blog', action='view', id=new.id, subject=h.urlify(new.subject)), code=303) else: session[ 'flash'] = 'Erros in the submitted post, please correct and try again.' session.save() c.post = None html = render('/blog/write.mako') return htmlfill.render(html, defaults=c.form_result, errors=c.form_errors)
def make_thingy_url(thingy, subpage=None, controller='dex'): u"""Given a thingy (Pokémon, move, type, whatever), returns a URL to it. """ # Using the table name as an action directly looks kinda gross, but I can't # think of anywhere I've ever broken this convention, and making a # dictionary to get data I already have is just silly args = {} # Pokémon with forms need the form attached to the URL if isinstance(thingy, tables.PokemonForm): action = 'pokemon' args['form'] = thingy.form_identifier.lower() args['name'] = thingy.pokemon.species.name.lower() if not thingy.is_default: subpage = 'flavor' elif isinstance(thingy, tables.PokemonSpecies): action = 'pokemon' args['name'] = thingy.name.lower() else: action = thingy.__tablename__ args['name'] = thingy.name.lower() # Items are split up by pocket if isinstance(thingy, tables.Item): args['pocket'] = thingy.pocket.identifier if (thingy.__tablename__.startswith('conquest_') or (isinstance(thingy, tables.Ability) and not thingy.is_main_series) or subpage == 'conquest'): # Conquest stuff needs to go to the Conquest controller if action == 'conquest_warrior_skills': action = 'skills' else: action = action.replace('conquest_', '') controller = 'dex_conquest' elif subpage: action += '_' + subpage return url(controller=controller, action=action, **args)
def conquest_evolution_description(evolution, _=_): """Crafts a human-readable description from a `conquest_pokemon_evolution` row object. """ chunks = [] # Trigger if evolution.recruiting_ko_required: chunks.append( 'Score a KO that makes a warrior offer to join your army') elif evolution.item_id is not None: chunks.append('Win a battle') else: chunks.append('Perform any action') # Conditions if evolution.kingdom_id is not None: chunks.append( h.literal(_(u'in {0}')).format( h.HTML.a(evolution.kingdom.name, href=url(controller='dex_conquest', action='kingdoms', name=evolution.kingdom.name.lower())))) if evolution.item_id is not None: chunks.append( h.literal(_(u'with {article} {item} equipped')).format( article=article(evolution.item.name), item=item_link(evolution.item, include_icon=False))) if evolution.required_stat_id is not None: chunks.append( _(u'with at least {number} {stat} afterwards').format( number=evolution.minimum_stat, stat=evolution.stat.name)) if evolution.minimum_link is not None: chunks.append( _(u'with at least {0}% link afterwards').format( evolution.minimum_link)) if evolution.warrior_gender_id is not None: chunks.append( _(u'{0} warriors only').format(evolution.gender.identifier)) return h.literal(u', ').join(chunks)
def new(self): "Add an organization" c.form = OrgForm(request.POST, csrf_context=session) c.form.domains.query = Session.query(Domain) c.form.admins.query = Session.query(User).filter( User.account_type == 2) if request.POST and c.form.validate(): try: org = Group() org.name = c.form.name.data org.domains = c.form.domains.data Session.add(org) Session.commit() info = ADDORG_MSG % dict(o=org.name) audit_log(c.user.username, 3, info, request.host, request.remote_addr, datetime.now()) flash(_('The organization has been created')) redirect(url(controller='organizations')) except IntegrityError: flash_alert(_('The organization already exists')) return render('/organizations/add.html')
def edit_advanced_journal(self, repo_name): """ Set's this repository to be visible in public journal, in other words assing default user to follow this repo :param repo_name: """ try: repo_id = Repository.get_by_repo_name(repo_name).repo_id user_id = User.get_default_user().user_id self.scm_model.toggle_following_repo(repo_id, user_id) h.flash(_('Updated repository visibility in public journal'), category='success') Session().commit() except Exception: h.flash(_('An error occurred during setting this' ' repository in public journal'), category='error') return redirect(url('edit_repo_advanced', repo_name=repo_name))
def authenticate(self): """Checks whether username and password match any records in the User table. """ username = self.form_result['username'] password = unicode( hashlib.sha224(self.form_result['password']).hexdigest()) user_q = meta.Session.query(model.User) user = user_q.filter(model.User.username == username).filter( model.User.password == password).first() if user: # Successful login # Update session and app_globals data (function located in lib/functions.py) h.updateSessionAndGlobals(user) redirect(url(controller='home', action='index')) else: session['flash'] = 'Authentication failed.' return render('/derived/login/login.html')
def users(self): checkLogin() c.site = "User administration" c.name = session['project_id'] c.menu = genMenu(self) p = Project() p.load(c.name, getConfig()) c.header = ('Login', 'EMail', "Remove?") c.rows = [(x[0], mail_to(x[3]), link_to("Remove", \ url(controller="project", action='userRemove', id = x[0]), \ confirm="Are You sure?")) \ for x in p.getUsers()] c.style = "width: 70%; text-align: center;" c.content = render("/table.html") return render("/temp.html")
def r(self, institutionid): uuid = '0' sol = solr.SolrConnection(solrconfig.solr_urls['institutions']) sol_response = sol.query( "dcterms_identifier-edit_:edit_cofk_union_institution-" + institutionid, fields='uuid', score=False, rows=1, start=0) sol.close() if sol_response.numFound > 0: uuid = sol_response.results[0]['uuid'] return redirect(url(controller='profile', action='institution', id=uuid), code=301)
def delete(self, id): """Delete the BLD collection with ID=id.""" if id is None: abort(404) collection_q = meta.Session.query(model.Collection) collection = collection_q.get(int(id)) if collection is None: abort(404) # Back up Form to formbackup table backupCollection(collection) # Delete Collection info in database meta.Session.delete(collection) meta.Session.commit() # Create the flash message session['flash'] = "Collection %s has been deleted" % id session.save() redirect(url(controller='collection', action='results'))
def __before__(self): # Set language according to what the browser requested user_agent_language = request.languages[0][0:2] if user_agent_language in app_globals.supported_languages: set_lang(user_agent_language) else: set_lang(app_globals.default_language) if self.requires_auth and 'user_id' not in session: # Remember where we came from so that the user can be sent there # after a successful login session['path_before_login'] = request.path_info session.save() redirect(url(controller='login', action='index')) c.config = config # The templates require the submenu to be existing # If no controller added a submenu, its fair enough to instantiate an empty # object here if not hasattr(c, 'submenu'): c.submenu = SubMenu()
def __get_cs_or_redirect(self, rev, repo_name, redirect_after=True): """ Safe way to get changeset if error occur it redirects to tip with proper message :param rev: revision to fetch :param repo_name: repo name to redirect after """ try: return c.rhodecode_repo.get_changeset(rev) except EmptyRepositoryError, e: if not redirect_after: return None url_ = url('files_add_home', repo_name=c.repo_name, revision=0, f_path='') add_new = h.link_to(_('Click here to add new file'), url_) h.flash(h.literal(_('There are no files yet %s') % add_new), category='warning') redirect(h.url('summary_home', repo_name=repo_name))
def test_view(self): """ Test view page for a dataset """ # Get the view page for the dataset response = self.app.get( url(controller='dataset', action='view', dataset='cra')) # The dataset label should be present in the response assert 'Country Regional Analysis v2009' in response, \ "'Country Regional Analysis v2009' not in response!" # Assertions about time range assert 'Time range' in response.body, \ 'Time range is not present on view page for dataset' # Start date comes from looking at the test fixture for cra assert '2003-01-01' in response.body, \ 'Starting date of time range not on view page for dataset' # End date comes from looking at the test fixture for cra assert '2010-01-01' in response.body, \ 'End date of time range not on view page for dataset'
def delete(self, userid): """/accounts/delete/id""" user = self._get_user(userid) if not user: abort(404) c.form = EditUserForm(request.POST, user, csrf_context=session) del c.form.domains if request.method == 'POST': if c.form.validate(): delete_user(user, c.user, request.host, request.remote_addr) flash(_('The account has been deleted')) redirect(url(controller='accounts', action='index')) else: flash_info( _('The account: %(a)s and all associated data' ' will be deleted, This action is not reversible.') % dict(a=user.username)) c.fields = FORM_FIELDS c.id = userid return self.render('/accounts/delete.html')
def make_userservice_request(self, action, params=None, auth_user=None): if not params: params = {} if not hasattr(self, 'user_service'): setattr(self, 'user_service', {}) user, password = auth_user auth_cookie = self.user_service.get(user, self._user_service_init(user, password)) TestController.set_cookie(self.app, 'userauthcookie', auth_cookie) params['session'] = auth_cookie params['user'] = user response = self.app.get(url(controller='userservice', action=action), params=params) return response
def creategroup(self): name = None if 'name' in request.params: name = request.params['name'] description = None if 'description' in request.params: description = request.params['description'] try: dh = DirectoryHelper( directoryCN, directoryPassword, directoryDomain) dh.ldap.create_group(name, description) session['flash'] = 'Successfully created group %s' % name session.save() except: session['flash'] = 'Group %s already exists' % name session.save() return redirect(url( controller='users', action='groups'))
def repo_link(groups_and_repos): """ Makes a breadcrumbs link to repo within a group joins » on each group to create a fancy link ex:: group >> subgroup >> repo :param groups_and_repos: :param last_url: """ groups, just_name, repo_name = groups_and_repos last_url = url('summary_home', repo_name=repo_name) last_link = link_to(just_name, last_url) def make_link(group): return link_to(group.name, url('repos_group_home', group_name=group.group_name)) return literal(' » '.join( map(make_link, groups) + ['<span>%s</span>' % last_link]))
def delete(self, domainid): "Delete a domain" domain = self._get_domain(domainid) if not domain: abort(404) c.id = domainid c.form = EditDomainForm(request.POST, domain, csrf_context=session) del c.form.organizations if request.method == 'POST': if c.form.validate(): delete_domain(domain, c.user, request.host, request.remote_addr) flash(_('The domain has been deleted')) redirect(url(controller='domains')) else: flash( _('The domain: %(name)s and all associated data will' ' be deleted, This action cannot be reversed.') % dict(name=domain.name)) return self.render('/domains/delete.html')
def deletedestination(self, destinationid): "Delete destination server" server = self._get_server(destinationid) if not server: abort(404) c.form = AddDeliveryServerForm(request.POST, server, csrf_context=session) if request.method == 'POST': if c.form.validate(): domainid = delete_destination(server, c.user, request.host, request.remote_addr) flash(_('The destination server has been deleted')) redirect(url('domain-detail', domainid=domainid)) else: flash( _('The destination server: %(s)s will be deleted,' ' This action is not reversible') % dict(s=server.address)) c.id = destinationid c.domainid = server.domain_id return self.render('/domains/deletedestination.html')
def getLastNotification(self, user_id=None): # If user ID given - Get notifications directly from db for that user - we do this because if the user is persona we cant just log in and out to get there notifications if user_id: notification_list = to_apilist( Session.query(Message).filter( and_(Message.source_id == null(), Message.target_id == user_id)).order_by( Message.timestamp.desc()), obj_type='messages', limit=3, ) # Else - get notifications using API for currently logged in user else: response = self.app.get(url('messages', format='json'), params={ 'list': 'notification', 'limit': 3, }, status=200) notification_list = json.loads(response.body) return notification_list['data']['list']['items'][0]
def job_form(self): if (c.userid == "false"): redirect(url('/users/login?m=1')) try: formtype = request.params['type'] jobid = request.params['jobid'] except: jobid = add_job(c.userid, "Generic Job Form") formtype = "resource" if formtype == "resource": try: resource_type = request.params['rtype'] someid = request.params['sid'] infid = add_jobmeta(jobid, formtype) data = {'infid': infid, 'jobid': jobid} if (resource_type == "pbs"): c.form = pbs_resource_Form(initial=data) elif (resource_type == "gram"): c.form = gram_resource_Form(initial=data) else: c.form = ssh_resource_Form(initial=data) except: pass infid = add_jobmeta(jobid, formtype) data = {'infid': infid, 'jobid': jobid} c.form = resource_type_Form(initial=data) elif formtype == "wu": infid = add_jobmeta(jobid, formtype) data = {'infid': infid, 'jobid': jobid} c.form = wu_Form(initial=data) return render('/generic_form.mako')
def settings_labs_update(self): """POST /admin/settings/labs: All items in the collection""" # url('admin_settings/labs', method={'POST'}) c.active = 'labs' application_form = LabsSettingsForm()() try: form_result = application_form.to_python(dict(request.POST)) except formencode.Invalid as errors: h.flash(_('Some form inputs contain invalid data.'), category='error') return htmlfill.render(render('admin/settings/settings.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding='UTF-8', force_defaults=False) try: session = Session() for setting in _LAB_SETTINGS: setting_name = setting.key[len('rhodecode_'):] sett = SettingsModel().create_or_update_setting( setting_name, form_result[setting.key], setting.type) session.add(sett) except Exception: log.exception('Exception while updating lab settings') h.flash(_('Error occurred during updating labs settings'), category='error') else: Session().commit() SettingsModel().invalidate_settings_cache() h.flash(_('Updated Labs settings'), category='success') return redirect(url('admin_settings_labs')) return htmlfill.render(render('admin/settings/settings.html'), defaults=self._form_defaults(), encoding='UTF-8', force_defaults=False)
def permission_application_update(self): c.active = 'application' self.__load_data() _form = ApplicationPermissionsForm( [x[0] for x in c.register_choices], [x[0] for x in c.extern_activate_choices])() try: form_result = _form.to_python(dict(request.POST)) form_result.update({'perm_user_name': User.DEFAULT_USER}) PermissionModel().update_application_permissions(form_result) settings = [ ('register_message', 'default_register_message'), ] for setting, form_key in settings: sett = SettingsModel().create_or_update_setting( setting, form_result[form_key]) Session().add(sett) Session().commit() h.flash(_('Application permissions updated successfully'), category='success') except formencode.Invalid as errors: defaults = errors.value return htmlfill.render( render('admin/permissions/permissions.html'), defaults=defaults, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8", force_defaults=False) except Exception: log.exception("Exception during update of permissions") h.flash(_('Error occurred during update of permissions'), category='error') return redirect(url('admin_permissions_application'))
def edit(self, gist_id): self._add_gist_to_context(gist_id) owner = c.gist.gist_owner == c.rhodecode_user.user_id if not (h.HasPermissionAny('hg.admin')() or owner): raise HTTPForbidden() rpost = request.POST nodes = {} _file_data = zip(rpost.getall('org_files'), rpost.getall('files'), rpost.getall('mimetypes'), rpost.getall('contents')) for org_filename, filename, mimetype, content in _file_data: nodes[org_filename] = { 'org_filename': org_filename, 'filename': filename, 'content': content, 'lexer': mimetype, } try: GistModel().update(gist=c.gist, description=rpost['description'], owner=c.gist.owner, gist_mapping=nodes, gist_type=c.gist.gist_type, lifetime=rpost['lifetime'], gist_acl_level=rpost['acl_level']) Session().commit() h.flash(_('Successfully updated gist content'), category='success') except NodeNotChangedError: # raised if nothing was changed in repo itself. We anyway then # store only DB stuff for gist Session().commit() h.flash(_('Successfully updated gist data'), category='success') except Exception: log.exception("Exception in gist edit") h.flash(_('Error occurred during update of gist %s') % gist_id, category='error') return redirect(url('gist', gist_id=gist_id))