def post(self, project_id=None): self.get_channel_token() if not project_id and not Project.valid_id(project_id): raise HttpErrorException.bad_request('no project id') self.project = Project.get_by_id(project_id) if not self.project: raise HttpErrorException.bad_request('invalid project id') self.get_analytic_session() if self.json_request.get('permission'): self._add_perm() if not self.json_request.get('permission') and self.json_request.get( 'group_id'): self._rm_perm() if self.json_request.get('remove_group'): self._remove_group() if self.json_request.get('add_attribute'): self._add_attribute() if self.json_request.get('title'): self._set_title() if self.json_request.get('up_vote'): self._up_vote() if self.json_request.get('down_vote'): self._down_vote() if self.json_request.get('shared'): self._shared() self.project.pw_modified_ts = datetime.datetime.now() self.project.put() self.user.put() self.write_json_response(self.project.to_dict(self.user))
def delete(self, project_id=None): if self.request.get('token_id') is None: raise HttpErrorException.bad_request('no token id') self.user.current_token_id = self.request.get('token_id') if not project_id and not Project.valid_id(project_id): raise HttpErrorException.bad_request('no project id') project = Project.get_by_id(project_id) if not project: raise HttpErrorException.bad_request('invaild project id') if not project.has_permission_delete(self.user): raise HttpErrorException.forbidden() trans = Transaction(action='pro_del', user=self.user.key, artifact=project.key, project=project.key) trans.put() self.get_channel_token() channel_tokens = ChannelToken.get_by_project_key( project.key, self.user_channel_token) channel_tokens = ChannelToken.remove_unauthorized_users( channel_tokens, [project]) message = { 'user': self.get_user_channel_data(), 'transaction': trans.to_dict(self.user) } ChannelToken.broadcast_message(channel_tokens, message) project.delete(self.user)
def put(self, project_id=None): if self.json_request.get('title') is None: raise HttpErrorException.bad_request('invalid project title') if self.json_request.get('distilled_document') is None: raise HttpErrorException.bad_request('invalid document') distilled_document = self.json_request.get('distilled_document') if not distilled_document.get('title'): raise HttpErrorException.bad_request('invalid document title') doc_perm = Permission(permissions=Permission.init_perm_struct( Document.operations_list), key=Permission.create_key()) doc = Document( key=Document.create_key(), title=distilled_document.get('title'), subtitle=distilled_document.get('subtitle'), author=distilled_document.get('author', self.user.full_name), version=distilled_document.get('version', 'v0.1'), date=distilled_document.get('date', datetime.datetime.now().year), copyright_text=distilled_document.get('copyright', ''), description=distilled_document.get('description', ''), owner=[self.user.key], permissions=doc_perm.key, ) doc_perm.artifact = doc.key pro_perm = Permission(permissions=Permission.init_perm_struct( Project.operations_list), key=Permission.create_key()) pro = Project( key=Project.create_key(), title=self.json_request.get('title'), distilled_document=doc.key, permissions=pro_perm.key, owner=[self.user.key], ) pro_perm.artifact = pro.key pro_perm.project = pro.key doc_perm.project = pro.key doc.project = pro.key doc.parent_perms.append(pro_perm.key) if self.user.in_org(): doc.organization = self.user.organization pro.organization = self.user.organization ndb.put_multi([doc_perm, doc, pro_perm, pro]) index = self.user.get_put_index() doc.index(index) pro.index(index) self.write_json_response(pro.to_dict(self.user))
def post(self, phrasing_id=None): self.get_channel_token() if not Phrasing.valid_id(phrasing_id): raise HttpErrorException.bad_request('invalid phrasing id') self.phrasing = Phrasing.get_by_id(phrasing_id) if not self.phrasing: raise HttpErrorException.bad_request('invalid phrasing id') if not self.phrasing.has_permission_read(self.user): raise HttpErrorException.forbidden() if self.json_request.get('text'): self._set_text() if self.json_request.get('permission'): self._add_perm() if not self.json_request.get('permission') and self.json_request.get( 'group_id'): self._rm_perm() if self.json_request.get('remove_group'): self._remove_group() self.phrasing.modified_ts = datetime.datetime.now() project = self.phrasing.project.get() project.pw_modified_ts = datetime.datetime.now() ndb.put_multi([project, self.phrasing])
def get(self): if not self.request.get('project', None): raise HttpErrorException.bad_request('invalid project id') project = Project.get_by_id(self.request.get('project')) if not project: raise HttpErrorException.bad_request('invalid project id') channel_id = server.create_uuid() client_auth_token = auth.create_custom_token(self.user.key.id()) color = self.get_previous_color(project) if not color: color = ChannelToken.generate_color() channel_token = ChannelToken( key=ChannelToken.create_key(channel_id), project=project.key, user=self.user.key, color=color, ) channel_token.set_status(True) channel_token.send_message({'channel_op': 'ping'}) channel_token.put() self.write_json_response({ 'channel_id': channel_id, 'auth_token': client_auth_token, })
def new(request): if request.get('group_name') == "": raise HttpErrorException.bad_request('no group name given') if request.get('group_name') == 'super_admin': raise HttpErrorException.bad_request('invalid group name') if request.get('group_name') == 'admin': raise HttpErrorException.bad_request('invalid group name') if request.get('organization_id') == "": raise HttpErrorException.bad_request( 'no orgaization group id given') hidden = False if request.get('hidden') is not None: hidden = request.get('hidden') org = Organization.get_by_id(request.get('organization_id')) q = Group.query( ndb.AND(Group.organization == org.key, Group.name == request.get('group_name'))) if q.count(limit=1) > 0: raise HttpErrorException.bad_request('group name taken') group = Group(key=Group.create_key()) group.name = request.get('group_name') group.organization = org.key group.active = True if hidden: org.hidden_groups.append(group.key) else: org.groups.append(group.key) if request.get('description') is not "": group.description = request.get('description') org.put() group.put() return group.to_dict()
def get(self, organization=None): if not self.user.is_admin: raise HttpErrorException.forbidden() if self.user.is_super_admin and not organization: users = User.query(User.organization == None).fetch() users_dicts = [] for user in users: users_dicts.append(user.to_dict()) self.write_json_response(users_dicts) else: org = Organization.get_by_id(organization) if not org: raise HttpErrorException.bad_request('invalid org id') if not self.user.is_super_admin and self.user.organization != org.key: raise HttpErrorException.forbidden() if self.request.get('username', None): user = User.get_by_id(self.request.get('username')) if not user: raise HttpErrorException.bad_request('invalid username') self.write_json_response(user.to_dict()) else: users = User.query(User.organization == org.key).fetch() users_dicts = [] for user in users: users_dicts.append(user.to_dict()) self.write_json_response(users_dicts)
def get(self, verification_id): if not verification_id: return HttpErrorException.bad_request('no verification id given') if self.request.get('username') == '': return HttpErrorException.bad_request('no username given') user = User.get_by_id(self.request.get('username')) if not user: return HttpErrorException.bad_request('invilad username') if user.email_verification.verify_id == verification_id: user.email_verification.verified = True user.put() lr = tt_logging.construct_log( msg_short='User has verified their email', msg='User has verified their email: ' + user.email, log_type=tt_logging.USER, affected_user=user ) log.info(lr['dict_msg']['msg'], extra=lr) self.redirect('/') else: return HttpErrorException.bad_request('invalid verification id')
def _serve_page(self): self._create_analytic_session() self.project.record_analytic('pro_opn', self.analytic_session) doc = None if self.request.get('doc') != '': doc = Document.get_by_id(self.request.get('doc')) if not doc: raise HttpErrorException.bad_request('invalid doc id given') if doc.project != self.project.key: raise HttpErrorException.bad_request('invalid doc id given') if self.request.get('active_concept') != '': act_con_path = self.request.get('active_concept') elif self.request.get('act_con') != '': act_con_path = self.request.get('act_con') else: act_con_path = None if self.request.get('debug').lower() == 'true': self.client_debug = True if self.request.get('check_auth').lower() == 'false': self.client_check_auth = False self._get_concept_loader_configs() if self.user.is_world_user(): self._serve_worldshare_page(doc, act_con_path) else: self._serve_project_page(doc, act_con_path)
def get_publish(self, document, group): document = Document.get_by_id(document) if not document: raise HttpErrorException.bad_request('invalid document id') if not document.has_permission_read(self.user): raise HttpErrorException.forbidden() group = Group.get_by_id(group) if not group: raise HttpErrorException.bad_request('invalid group id') self.project = document.project.get() version = self.request.get('v', 'latest') pub = PublishDocument.get(document, group, version) if not pub: raise HttpErrorException.not_found() if pub.group not in self.user.groups and pub.group != Group.get_worldshare_key( ): raise HttpErrorException.forbidden() self._create_analytic_session() self.project.record_analytic('pro_opn', self.analytic_session) template_index = JINJA_ENVIRONMENT.get_template('document_public.html') return template_index.render({ 'title': self.project.title, 'version': pub.version, 'created_at': pub.created_ts, 'published_to': pub.group.get().name, 'an_token': self.analytic_session.key.id(), 'project_id': self.project.id, 'html': pub.html, })
def put(self): if not self.json_request.get('organization') and \ not Organization.valid_id(self.json_request.get('organization')): raise HttpErrorException.bad_request('invalid organization id') org = Organization.get_by_id(self.json_request.get('organization')) if not org: raise HttpErrorException.bad_request('invalid organization id') name = self.json_request.get('name', None) hidden = self.json_request.get('hidden', False) description = self.json_request.get('description', '') if not name or name == 'super_admin' or name == 'admin': raise HttpErrorException.bad_request('invalid group name') if type(hidden) != bool: raise HttpErrorException.bad_request('invalid hidden type must be boolean') if Group.query(ndb.AND(Group.organization == org.key, Group.name == name)).count() > 0: raise HttpErrorException.bad_request('group name taken') group = Group(key=Group.create_key(), name=name, description=description, organization=org.key, active=True) if hidden: org.hidden_groups.append(group.key) else: org.groups.append(group.key) ndb.put_multi([group, org]) if self.json_request.get('return', '') == 'group_dict': self.write_json_response(group.to_dict())
def post(self): doc = Document.get_by_id(self.json_request.get('document', 'none')) if not doc: raise HttpErrorException.bad_request('invalid document id') if not doc.has_permission_write(self.user): raise HttpErrorException.forbidden() if not doc.summary_document: raise HttpErrorException.bad_request('no summary document') sum_doc = doc.summary_document.get() if not sum_doc: raise HttpErrorException.bad_request('no summary document') word_count = self.json_request.get('word_count') try: word_count = int(word_count) except (ValueError, TypeError): raise HttpErrorException.bad_request('word_count must be int') if word_count < 100 or word_count > 2500 or word_count % 50 != 0: raise HttpErrorException.bad_request( 'word_count must be 100 to 2500 in 50 inc') sum_doc.word_count = word_count sum_doc.put()
def post(self): if not self.user.is_super_admin: raise HttpErrorException.not_found() if self.json_request.get('clear_indexes'): orgs = Organization.query().fetch() for org in orgs: indexes = org.get_indexes() for index in indexes: ttindex.clear_index(index) users = User.query(User.organization == None).fetch() for user in users: indexes = user.get_indexes() for index in indexes: ttindex.clear_index(index) project_ids = self.json_request.get('project_ids') if project_ids: if project_ids == 'all': self.project_keys = Project.query().fetch(keys_only=True) else: if type(project_ids) is not list: raise HttpErrorException.bad_request( 'project ids must be list') for pro_id in project_ids: pro = Project.get_by_id(pro_id) if not pro: raise HttpErrorException.bad_request( 'invalid project id given: ' + str(pro_id)) self.project_keys.append(pro.key) t = background_thread.BackgroundThread(target=self.index_project) t.start()
def post(self, user_id=None): if not user_id: raise HttpErrorException.bad_request('no user id given') user = User.get_by_id(user_id) if not user: raise HttpErrorException.bad_request('invalid user id given') if user != self.user and not self.user.is_super_admin: lr = tt_logging.construct_log( msg_short='Non-Admin User try to Alter Another User\'s Billing', msg='User (%s) attemped to change another user\'s (%s) ' 'billing information' % (self.user.key.id(), user.key.id()), log_type=tt_logging.SECURITY, request_user=self.user, affected_user=user, request=self.request ) log.warning(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.forbidden() if self.json_request.get('subscribe'): pay_plan = self.json_request.get('subscribe') if user.is_billable_account(): raise HttpErrorException.bad_request('user already has billable account') checkout_url = user.setup_billable_account(pay_plan) self.write_json_response({'checkout_url': checkout_url})
def get(self, coupon_code=None): if not coupon_code: raise HttpErrorException.bad_request('no coupon code given') try: coupon_obj = coupon.Coupon.get_coupon(coupon_code.lower()) except coupon.InvalidCouponCodeException: raise HttpErrorException.bad_request('invalid coupon code') self.write_json_response(coupon_obj.to_dict())
def post(self, user_id=None): if not user_id: raise HttpErrorException.bad_request('No user id given') user = User.get_by_id(user_id) if not user: raise HttpErrorException.bad_request('invalid user id given') user.edit(self.request, self.json_request, self.user)
def post(self, org_id=None): if not org_id: raise HttpErrorException.bad_request('no org_id given') org = Organization.get_by_id(org_id) if not org: raise HttpErrorException.bad_request('invalid org_id given') org.edit(self.request, self.json_request, self.user)
def get(self): email = self.request.get('email') if email == '': raise HttpErrorException.bad_request('no email given') user = User.query(User.email == email).get() if not user: raise HttpErrorException.bad_request('invalid email given') user.send_username_email()
def validate_rm_group_request(self, request, user): if not self.has_permission_admin(user): raise HttpErrorException.forbidden() if not Artifact.valid_id(request.get('remove_group')) and not request.get('remove_group') == 'world': raise HttpErrorException.bad_request('invalid group id') group = Group.get_by_id(request.get('remove_group')) if not group: raise HttpErrorException.bad_request('invalid group id') return group
def delete(self, publish): publish = PublishPresentation.get_by_id(publish) if not publish: raise HttpErrorException.bad_request('invalid publish id') document = publish.document.get() if not document: raise HttpErrorException.bad_request('document does not exists') if not document.has_permission_write(self.user): raise HttpErrorException.forbidden() publish.key.delete()
def new(request, request_data, request_user): if not request_user.is_super_admin: lr = tt_logging.construct_log( msg_short='Non-Admin User Tried Creating New Organization', log_type=tt_logging.SECURITY, request_user=request_user, request=request) log.warning(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.forbidden() if request_data.get('name') is None: raise HttpErrorException.bad_request('no name given') if request_data.get('id') is None: raise HttpErrorException.bad_request('no organization id given') org = Organization( key=Organization.create_key(request_data.get('id').strip())) org.name = request_data.get('name').strip() org.groups.append(Group.get_worldshare_key()) if request_data.get('description') is not None: org.description = request_data.get('description') if request_data.get('domain') is not None: org.domain = request_data.get('domain') if request_data.get('owner') is not None: org.owner = request_data.get('owner') if request_data.get('webpage') is not None: org.webpage = request_data.get('webpage') if request_data.get('point_of_contact') is not None: org.point_of_contact = request_data.get('point_of_contact') if request_data.get('email') is not None: org.email = request_data.get('email') if request_data.get('phone') is not None: org.phone = request_data.get('phone') if request_data.get('fax') is not None: org.fax = request_data.get('fax') if request_data.get('account_type') is not None: org.account_type = request_data.get('account_type') group = Group(key=Group.create_key(), name=org.name, description=str(org.name) + '\'s organization group', organization=org.key, active=True) group.put() org.groups.append(group.key) org.org_group = group.key org.put() lr = tt_logging.construct_log(msg_short='New Organization Was Created', log_type=tt_logging.DEFAULT, request_user=request_user, request=request, artifact=org) log.info(lr['dict_msg']['msg'], extra=lr) return org.to_dict()
def put(self, coupon_code=None): if not self.user.is_super_admin: raise HttpErrorException.forbidden() if not coupon_code: raise HttpErrorException.bad_request('no coupon code given') try: coupon.Coupon.new(coupon_code.lower(), self.json_request) except coupon.InvalidCouponCodeException as e: raise HttpErrorException.bad_request(e.message) except coupon.InvalidPropertyException as e: raise HttpErrorException.bad_request(e.message) except coupon.InvalidCouponEngineException as e: raise HttpErrorException.bad_request(e.message)
def post(self, concept_id=None): if not concept_id and not Concept.valid_id(concept_id): raise HttpErrorException.bad_request('invalid concept id') concept = Concept.get_by_id(concept_id) if not concept: raise HttpErrorException.bad_request('invalid concept id') if not self.json_request.get('document_id') and not Document.valid_id( self.json_request.get('document_id')): raise HttpErrorException.bad_request('invalid document id') document = Document.get_by_id(self.json_request.get('document_id')) if not document: raise HttpErrorException.bad_request('invalid document id') if not document.has_permission_set_crawlcontext(self.user): raise HttpErrorException.forbidden() if document.presentation_document is None: raise HttpErrorException.bad_request('document has not summary') presentation_document = document.presentation_document.get() if document.presentation_document is None: raise HttpErrorException.bad_request('document has not summary') project = document.project.get() if not isinstance(self.json_request.get('crawl'), bool): raise HttpErrorException.bad_request('invalid crawl') temp = self.json_request.get('temp', None) if temp is None: raise HttpErrorException.bad_request('no temp giving') crawlcontexts = ndb.get_multi(concept.presentation_crawlcontext) if temp: for crawl in crawlcontexts: if crawl.document == presentation_document.key: concept.presentation_crawlcontext.remove(crawl.key) concept.put() crawl.key.delete() break else: for crawl in crawlcontexts: if crawl.document == presentation_document.key: crawl.crawl = self.json_request.get('crawl') crawl.put() break else: crawl = PresentationCrawlContext( key=PresentationCrawlContext.create_key(), project=project.key, document=presentation_document.key, crawl=self.json_request.get('crawl')) crawl.put() concept.presentation_crawlcontext.append(crawl.key) concept.put() project.pw_modified_ts = datetime.datetime.now() project.put()
def get(self, hours): if not self.user.is_super_admin: raise HttpErrorException.forbidden() if not hours: raise HttpErrorException.bad_request('no hours given') try: hours = int(hours) except ValueError: raise HttpErrorException.bad_request('hours must be int') start_time = datetime.now() - timedelta(hours=hours) healths = Health.query(Health.ts > start_time).order(Health.ts).fetch() healths_dict = [] for health in healths: healths_dict.append(health.to_dict()) self.response.write(json.dumps(healths_dict))
def edit(request, request_data, request_user): org = None if not request_user.is_admin and org.organization == request_user.key: lr = tt_logging.construct_log( msg_short='Non-Admin User Tried Altering Organization', log_type=tt_logging.SECURITY, request_user=request_user, request=request, artifact=org) log.warning(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.forbidden() if request_data.get('add'): if request_data.get('admin'): if request_data.get('user_id') == '': raise HttpErrorException.bad_request('no user_id given') user = ndb.Key('User', request_data.get('user_id')) if not user: raise HttpErrorException.bad_request( 'invalid user_id given') if user.key not in org.admins: lr = tt_logging.construct_log( msg_short='User Was Added as Organization Admin', log_type=tt_logging.USER, request_user=request_user, request=request, artifact=org, affected_user=user) log.info(lr['dict_msg']['msg'], extra=lr) org.admins.append(user.key) if request_data.get('remove'): if request_data.get('remove') == 'admin': if request_data.get('user_id') == '': raise HttpErrorException.bad_request('no user_id given') user = ndb.Key('User', request_data.get('user_id')) if not user: raise HttpErrorException.bad_request( 'invalid user_id given') if user.key in org.admins: lr = tt_logging.construct_log( msg_short='User Was Removed as Organization Admin', log_type=tt_logging.USER, request_user=request_user, request=request, artifact=org, affected_user=user) log.info(lr['dict_msg']['msg'], extra=lr) org.admins.remove(user.key) org.put()
def get(self, organization=None): if not self.user.is_admin: raise HttpErrorException.forbidden() temp_data = { 'user': { 'display_name': self.user.display_name, 'super_admin': self.user.is_super_admin, }, 'org': False, 'org_json': None, } if not self.user.is_org_admin or (self.user.is_super_admin and organization is not None): if not organization: raise HttpErrorException.forbidden() org = Organization.get_by_id(organization) if not org: raise HttpErrorException.bad_request('invalid organization id') if not self.user.is_super_admin and self.user.organization != org.key: raise HttpErrorException.forbidden() temp_data['org'] = True temp_data['org_id'] = org.key.id() temp_data['org_json'] = json.dumps(org.to_dict()) groups = org.get_all_groups() groups += org.get_all_hidden_groups() temp_data['groups'] = json.dumps(groups) template_index = JINJA_ENVIRONMENT.get_template( 'admin_panel/index.html') self.response.write(template_index.render(temp_data))
def get(self, username=None): try: checkout_info = payment.get_checkout_data(self.user, GlobalConfig.get_configs()) if checkout_info == 'free': self.redirect('/', abort=True) except payment.coupon.InActiveCouponExpcetion as e: lr = tt_logging.construct_log(msg_short='Error Processing User\'s Checkout', msg=e.message, log_type=tt_logging.PAYMENT, request=self.request, request_user=self.user) log.error(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.bad_request('There was an error processing your checkout') except Exception as e: lr = tt_logging.construct_log(msg_short='Error Processing User\'s Checkout', msg=e.message, log_type=tt_logging.PAYMENT, request=self.request, request_user=self.user) log.error(lr['dict_msg']['msg'], extra=lr) raise template_data = { 'title': 'thinkTank Checkout', 'nav_bar_title': 'thinkTank', 'domain': self.request.host_url, 'merchant': self.user.merchant, 'payment_plan': checkout_info['items']['pay_plan'], 'jwt_token': checkout_info['jwt_token'], 'production': server.PRODUCTION, } if 'adjusted_plan' in checkout_info['items']: template_data['adjusted_plan'] = checkout_info['items']['adjusted_plan'] template_index = JINJA_ENVIRONMENT.get_template('checkout.html') self.response.write(template_index.render(template_data))
def post(self, project, concept, action): project = Project.get_by_id(project) if not project: raise HttpErrorException.bad_request('invalid project id') concept = Concept.get_by_id(concept) if not concept: raise HttpErrorException.bad_request('invalid concept id') if action.rstrip() == '' or not Analytics.is_valid_action(action): raise HttpErrorException.bad_request('invalid action') self.get_analytic_session() concept.record_analytic(action, self.analytic_session, project=project.key)
def get(self, document='none'): document = Document.get_by_id(document) if not document: raise HttpErrorException.bad_request('invalid document id') if not document.has_permission_read(self.user): raise HttpErrorException.forbidden() self.write_json_response(document.to_dict(self.user))
def get(self, secret=None): if not secret: raise HttpErrorException.bad_request('no password secret given') user = User.query(User.password_reset_secret == secret).get() if not user: raise HttpErrorException.bad_request('could not find user for password reset') reset_url = ('/account/password/reset/' + user.password_reset_secret) template_data = { 'title': 'Password Reset', 'reset_url': reset_url, } template_index = JINJA_ENVIRONMENT.get_template('password_reset.html') self.response.write(template_index.render(template_data))