def wrapped(*args, **kwargs):
if request.method in methods:
try:
user_session.get_user()
except user_session.NotLoggedIn:
flash('Sorry! You need to be logged in!')
return permission_denied('You must be logged in!')
return f(*args, **kwargs)
def wrapped(*args, **kwargs):
if request.method in methods:
try:
user_session.get_user()
except user_session.NotLoggedIn:
flash('Sorry! You need to be logged in!')
return permission_denied('You must be logged in!')
return f(*args, **kwargs)
def posts():
''' (HTML) list of ALL posts. (also deletes broken posts, if error) '''
try:
user = user_session.get_user()
except user_session.NotLoggedIn:
user = User()
try:
if user.is_admin:
return render_template('posts.html', posts=Post.select(), user=user)
else:
return render_template('posts.html',
posts=Post.select() \
.where(Post.status == 0), user=user)
except Feed.DoesNotExist:
# Ah. Database inconsistancy! Not good, lah.
ps = Post.raw('select post.id from post'
' left join feed on feed.id = post.feed_id'
' where feed.id is null;')
for p in ps:
p.delete_instance()
flash('Cleaned up old posts...')
if user.is_admin:
return render_template('posts.html', posts=Post.select(), user=user)
else:
return render_template('posts.html',
posts=Post.select()\
.where(Post.status == 0), user=user)
def user_files_list(dir_name=""):
''' HTML list of user-uploaded files. '''
user = user_session.get_user()
full_path = pathjoin(g.site_vars['user_dir'], dir_name)
if not isdir(full_path):
makedirs(full_path)
if request.method == 'POST' and user.is_admin:
if request.form.get('action') == 'upload':
f = request.files['image_file']
if f and allow_filetype(f.filename):
filename = secure_filename(f.filename)
f.save(pathjoin(full_path, filename))
flash('Uploaded file:' + filename)
else:
flash('Sorry. Invalid Filetype')
elif request.form.get('action') == 'delete':
filename = secure_filename(request.form.get('filename'))
full_filename = pathjoin(full_path, filename)
remove(full_filename)
flash('Deleted ' + filename)
files = make_dirlist(dir_name)
return render_template('user_files.html',
full_path=full_path,
file_list=files,
dirname=dir_name)
def posts():
''' (HTML) list of ALL posts. (also deletes broken posts, if error) '''
try:
user = user_session.get_user()
except user_session.NotLoggedIn:
user = User()
try:
if user.is_admin:
return render_template('posts.html',
posts=Post.select(),
user=user)
else:
return render_template('posts.html',
posts=Post.select() \
.where(Post.status == 0), user=user)
except Feed.DoesNotExist:
# Ah. Database inconsistancy! Not good, lah.
ps = Post.raw('select post.id from post'
' left join feed on feed.id = post.feed_id'
' where feed.id is null;')
for p in ps:
p.delete_instance()
flash('Cleaned up old posts...')
if user.is_admin:
return render_template('posts.html', posts=Post.select(), user=user)
else:
return render_template('posts.html',
posts=Post.select()\
.where(Post.status == 0), user=user)
def feeds():
''' the back end list of feeds. '''
if request.method == 'POST':
if not user_session.is_admin():
flash('Only Admins can do this!')
return redirect(url_for('feeds'))
action = request.form.get('action', 'create')
if action == 'create':
if not request.form.get('title', '').strip():
flash("I'm not making you an un-named feed!")
return redirect(url_for('feeds'))
Feed(name=request.form.get('title', 'blank').strip()).save()
try:
user = user_session.get_user()
except user_session.NotLoggedIn as e:
user = User()
return render_template('feeds.html',
feeds=Feed.select(),
user=user,
external_sources=ExternalSource.select(),
source_types=external_source_types.types())
def save_aliases():
''' save the current aliases. '''
try:
user = user_session.get_user()
except user_session.NotLoggedIn:
flash('Sorry, you need to be logged in!')
return redirect(url_for('index'))
if not user.is_admin:
flash('Sorry. You are NOT an admin!')
return redirect(url_for('index'))
if request.method == 'POST':
aliases = form_json('aliases', [])
try:
alias_configvar = ConfigVar.get(ConfigVar.id == 'screens.aliases')
except ConfigVar.DoesNotExist:
alias_configvar = ConfigVar()
alias_configvar.id='screens.aliases'
alias_configvar.save(force_insert=True)
alias_configvar.value = aliases
alias_configvar.save()
return jsonify(aliases=json.loads(alias_configvar.value))
return jsonify(aliases=config_var('screens.aliases', []))
def user_files_list(dir_name=""):
''' HTML list of user-uploaded files. '''
user = user_session.get_user()
full_path = pathjoin(g.site_vars['user_dir'], dir_name)
if not isdir(full_path):
makedirs(full_path)
if request.method == 'POST' and user.is_admin:
if request.form.get('action') == 'upload':
f = request.files['image_file']
if f and allow_filetype(f.filename):
filename = secure_filename(f.filename)
f.save(pathjoin(full_path, filename))
flash('Uploaded file:' + filename)
else:
flash('Sorry. Invalid Filetype')
elif request.form.get('action') == 'delete':
filename = secure_filename(request.form.get('filename'))
full_filename = pathjoin(full_path, filename)
remove(full_filename)
flash('Deleted ' + filename)
files = make_dirlist(dir_name)
return render_template('user_files.html',
full_path=full_path,
file_list=files,
dirname=dir_name)
def wrapped(*args, **kwargs):
if request.method in methods:
try:
user = user_session.get_user()
except user_session.NotLoggedIn:
flash('Sorry! You need to be logged in!')
return redirect(url_for('index'))
return f(*args, **kwargs)
def screenedit(screenid):
''' edit one screen '''
try:
if int(screenid) == -1:
flash('New Screen')
screen = Screen() # pylint: disable=no-value-for-parameter
else:
screen = Screen().get(Screen.id == int(screenid)) # pylint: disable=no-value-for-parameter
backgrounds = [basename(x) for x in \
glob(app.config['SITE_VARS']['user_dir'] + '*')
if allow_filetype(x)]
except Screen.DoesNotExist:
flash('Invalid Screen ID! Screen does NOT exist!')
return redirect(url_for('index'))
if request.method == 'POST':
if not user_session.logged_in():
flash("You're not logged in!")
return redirect(url_for('posts'))
user = user_session.get_user()
if not user.is_admin:
flash('Sorry. You are NOT an admin!')
return redirect(url_for('index'))
if request.form.get('action', 'update') == 'delete':
screen.delete_instance()
flash('deleted')
return redirect(request.referrer)
# first check that name is OK:
try:
oldname = screen.urlname
screen.urlname = urllib.quote(request.form.get('urlname'), '')
screen.save()
except sqlite3.IntegrityError:
screen.urlname = oldname
flash("Sorry! That name is already being used!")
screen.background = request.form.get('background')
screen.settings = request.form.get('settings', '')
screen.css = request.form.get('css', '').replace('"',"'")
screen.zones = form_json('zones', {})
screen.save()
flash('saved.')
if int(screenid) == -1:
return redirect(url_for('screenedit', screenid=screen.id))
return render_template('screen_editor.html',
feeds=Feed.select(),
backgrounds=backgrounds,
screen=screen)
def feedpage(feedid):
''' the back end settings for one feed. '''
try:
feed = Feed.get(id=feedid)
user = user_session.get_user()
except user_session.NotLoggedIn:
user = User()
except:
flash('invalid feed id! (' + str(feedid) + ')')
return redirect(url_for('feeds'))
if request.method == 'POST':
if not user_session.logged_in():
flash("You're not logged in!")
return redirect(url_for('feeds'))
if not user.is_admin:
flash('Sorry! Only Admins can change these details.')
return redirect(request.referrer)
action = request.form.get('action', 'none')
if action == 'edit':
feed.name = request.form.get('title', feed.name).strip()
inlist = request.form.getlist
feed.post_types = ', '.join(inlist('post_types'))
feed.set_authors(by_id(User, inlist('authors')))
feed.set_publishers(by_id(User, inlist('publishers')))
feed.set_author_groups(by_id(Group, inlist('author_groups')))
feed.set_publisher_groups(by_id(Group, inlist('publisher_groups')))
feed.save()
flash('Saved')
elif action == 'delete':
for post in feed.posts:
post_type_module = post_types.load(post.type)
delete_post_and_run_callback(post, post_type_module)
feed.delete_instance(True, True) # cascade/recursive delete.
flash('Deleted')
return redirect(url_for('feeds'))
return render_template('feed.html',
feed=feed,
user=user,
all_posttypes=post_types.types(),
allusers=User.select(),
allgroups=Group.select()
)
def feedpage(feedid):
''' the back end settings for one feed. '''
try:
feed = Feed.get(id=feedid)
user = user_session.get_user()
except user_session.NotLoggedIn:
user = User()
except:
flash('invalid feed id! (' + str(feedid) + ')')
return redirect(url_for('feeds'))
if request.method == 'POST':
if not user_session.logged_in():
flash("You're not logged in!")
return redirect(url_for('feeds'))
if not user.is_admin:
flash('Sorry! Only Admins can change these details.')
return redirect(request.referrer)
action = request.form.get('action', 'none')
if action == 'edit':
feed.name = request.form.get('title', feed.name).strip()
inlist = request.form.getlist
feed.post_types = ', '.join(inlist('post_types'))
feed.set_authors(by_id(User, inlist('authors')))
feed.set_publishers(by_id(User, inlist('publishers')))
feed.set_author_groups(by_id(Group, inlist('author_groups')))
feed.set_publisher_groups(by_id(Group, inlist('publisher_groups')))
feed.save()
flash('Saved')
elif action == 'delete':
for post in feed.posts:
post_type_module = post_types.load(post.type)
delete_post_and_run_callback(post, post_type_module)
feed.delete_instance(True, True) # cascade/recursive delete.
flash('Deleted')
return redirect(url_for('feeds'))
return render_template('feed.html',
feed=feed,
user=user,
all_posttypes=post_types.types(),
allusers=User.select(),
allgroups=Group.select()
)
def index():
''' main front page / dashboard / index. '''
try:
user = user_session.get_user()
except user_session.NotLoggedIn as e:
user = User()
if not user:
user = User()
publishable_feeds = user.publishable_feeds()
posts_to_publish = Post.select()\
.where((Post.published==False) &
(Post.feed << publishable_feeds))
screens = Screen.select()
aliases = config_var('screens.aliases', [])
for alias in aliases:
for screen in screens:
if screen.urlname == alias['screen_name']:
alias['screen'] = screen
break
else:
alias['screen'] = None
return render_template('dashboard.html',
aliases=aliases,
feeds=Feed.select(),
publishable_feeds=publishable_feeds,
posts=Post.select().where(Post.author == user)\
.order_by(Post.write_date.desc())\
.limit(15),
posts_to_publish=posts_to_publish,
screens=screens,
user=user)
def feeds():
''' the back end list of feeds. '''
if request.method == 'POST':
action = request.form.get('action', 'create')
if action == 'create':
if not request.form.get('title', '').strip():
flash("I'm not making you an un-named feed!")
return redirect(url_for('feeds'))
Feed(name=request.form.get('title', 'blank').strip()).save()
try:
user = user_session.get_user()
except user_session.NotLoggedIn:
user = User()
return render_template('feeds.html',
feeds=Feed.select(),
user=user,
external_sources=ExternalSource.select(),
source_types=external_source_types.types())
def index():
''' main front page / dashboard / index. '''
try:
user = user_session.get_user()
except user_session.NotLoggedIn:
user = User()
if not user:
user = User()
publishable_feeds = user.publishable_feeds()
posts_to_publish = Post.select()\
.where((Post.published == False) &
(Post.feed << publishable_feeds))
screens = Screen.select()
aliases = config_var('screens.aliases', [])
for alias in aliases:
for screen in screens:
if screen.urlname == alias['screen_name']:
alias['screen'] = screen
break
else:
alias['screen'] = None
return render_template('dashboard.html',
aliases=aliases,
feeds=Feed.select(),
publishable_feeds=publishable_feeds,
posts=Post.select().where(Post.author == user)\
.order_by(Post.write_date.desc())\
.limit(15),
posts_to_publish=posts_to_publish,
screens=screens,
user=user)
def user_edit(userid=-1):
''' edit one user. Admins can edit any user, but other users
can only edit themselves. if userid is -1, create a new user. '''
try:
current_user = user_session.get_user()
except user_session.NotLoggedIn as e:
flash("Sorry, you're not logged in!")
return permission_denied("You're not logged in!")
userid = int(userid)
if userid != -1:
try:
user = User.get(id=userid)
except User.DoesNotExist:
return not_found(title="User doesn't exist",
message="Sorry, that user does not exist!")
else:
if not current_user.is_admin:
flash('Sorry! Only admins can create new users!')
return permission_denied("Admins only!")
try:
user = User.get(loginname=request.form.get('loginname', ''))
return permission_denied("Username already exists!")
except peewee.DoesNotExist:
pass
user = User() #pylint: disable=no-value-for-parameter
if request.method == 'POST':
if current_user != user and not current_user.is_admin:
return permission_denied("Sorry, you may not edit this user.")
update_user(user, request.form, current_user)
# save:
try:
user.save()
if userid == -1:
flash('New user created.')
return redirect(url_for('user_edit', userid=user.id))
else:
flash('Saved')
except peewee.IntegrityError as err:
flash('Cannot Save:' + str(err))
elif request.method == 'DELETE':
if not current_user.is_admin:
return 'Sorry, only admins can delete users', 403
if user.id == current_user.id:
return 'Sorry! You cannot delete yourself!', 403
user.delete_instance(recursive=True)
return 'User: %s deleted. (And all their posts)' % user.displayname
users_posts = Post.select().where(Post.author == user) \
.order_by(Post.write_date.desc()) \
.limit(10)
return render_template('user.html',
allgroups=Group.select(),
posts=users_posts,
user=user)
def post_new(feed_id):
''' create a new post! '''
#if not user_session.logged_in():
# flash("You're not logged in!")
# return redirect(url_for('index'))
user = user_session.get_user()
try:
feed = Feed.get(id=feed_id)
except Feed.DoesNotExist:
flash('Sorry, Feed does not exist!')
return redirect(url_for('feeds'))
if not feed.user_can_write(user):
flash("Sorry! You don't have permission to write here!")
return redirect(request.referrer if request.referrer else '/')
if request.method == 'GET':
# send a blank form for the user:
post = Post()
post.feed = feed
# give list of available post types:
all_posttypes = dict([(x['id'], x) for x in post_types.types()])
if post.feed.post_types:
allowed_post_types = []
for post_type in post.feed.post_types_as_list():
if post_type in all_posttypes:
allowed_post_types.append(all_posttypes[post_type])
else:
allowed_post_types = list(all_posttypes.values())
# return the page:
return render_template('postnew.html',
current_feed=feed,
post=post,
user=user,
post_types=allowed_post_types)
else: # POST. new post!
post_type = request.form.get('post_type')
try:
post_type_module = post_types.load(post_type)
except:
flash('Sorry! invalid post type.')
return redirect(request.referrer if request.referrer else '/')
if feed.post_types and post_type not in feed.post_types_as_list():
flash('sorry! this post type is not allowed in this feed!')
return redirect(request.referrer if request.referrer else '/')
post = Post(type=post_type, author=user)
try:
post.feed = feed
if_i_cant_write_then_i_quit(post, user)
post_form_intake(post, request.form, post_type_module)
except PleaseRedirect as e:
flash(str(e.msg))
return redirect(e.url if e.url else request.url)
post.save()
post.publish(user) # publish all posts by default
flash('Saved!')
return redirect(url_for('feedpage', feedid=post.feed.id))
def postpage(postid):
''' Edit a post. '''
if not user_session.logged_in():
flash("You're not logged in!")
return redirect(url_for('posts'))
try:
post = Post.get(Post.id == postid)
post_type_module = post_types.load(post.type)
user = user_session.get_user()
except Post.DoesNotExist:
flash('Sorry! Post id:{0} not found!'.format(postid))
return redirect(url_for('posts'))
if request.method == 'POST':
try:
# check for write permission, and if the post is
# already published, publish permission.
if_i_cant_write_then_i_quit(post, user)
# if the user is allowed to set the feed to what they've
# requested, then do it.
post.feed = try_to_set_feed(post,
request.form.get('post_feed', False),
user)
except PleaseRedirect as e:
flash(str(e.msg))
redirect(e.url)
# if it's a publish or delete request, handle that instead:
action = request.form.get('action', 'edit')
if action == 'delete':
# don't need extra guards, as if_i_cant... deals with it above
delete_post_and_run_callback(post, post_type_module)
flash('Deleted')
elif action == 'publish':
try:
post.publish(user)
flash("Published")
except PermissionDenied:
flash("Sorry, you don't have permission to publish"
" posts in this feed.")
elif action == 'unpublish':
try:
post.publish(user, False)
flash("Published!")
except PermissionDenied:
flash('Sorry, you do NOT have permission' \
' to unpublish on this feed.')
elif action == 'move':
if not user_session.is_admin():
flash('Sorry! You are not an admin!')
return jsonify({'error': 'permission denied'})
post.feed = Feed.get(Feed.id == getint('feed', post.feed))
post.save()
return jsonify({'message': 'Moved to ' + post.feed.name})
if action not in ('edit', 'update'):
return redirect(request.referrer if request.referrer else '/')
# finally get around to editing the content of the post...
try:
post_form_intake(post, request.form, post_type_module)
post.save()
flash('Updated.')
except Exception as e:
flash('invalid content for this data type!')
flash(str(e))
# Should we bother displaying 'Post' button, and editable controls
# if the user can't write to this post anyway?
#can_write, can_publish = can_user_write_and_publish(user, post)
return render_template('post_editor.html',
post=post,
current_feed=post.feed.id,
feedlist=user.writeable_feeds(),
user=user,
form_content=post_type_module.form(
json.loads(post.content)))
def user_edit(userid=-1):
''' edit one user. Admins can edit any user, but other users
can only edit themselves. if userid is -1, create a new user. '''
try:
current_user = user_session.get_user()
except user_session.NotLoggedIn as e:
flash("Sorry, you're not logged in!")
return permission_denied("You're not logged in!")
userid = int(userid)
if userid != -1:
try:
user = User.get(id=userid)
except User.DoesNotExist:
return not_found(title="User doesn't exist",
message="Sorry, that user does not exist!")
else:
if not current_user.is_admin:
flash('Sorry! Only admins can create new users!')
return permission_denied("Admins only!")
try:
user = User.get(loginname=request.form['loginname'])
return permission_denied("Username already exists!")
except peewee.DoesNotExist:
pass
user = User() #pylint: disable=no-value-for-parameter
if request.method == 'POST':
if current_user != user and not current_user.is_admin:
return permission_denied("Sorry, you may not edit this user.")
update_user(user, request.form, current_user)
# save:
try:
user.save()
if userid == -1:
flash('New user created.')
return redirect(url_for('user_edit', userid=user.id))
else:
flash('Saved')
except peewee.IntegrityError as err:
flash('Cannot Save:' + str(err))
elif request.method == 'DELETE':
if not current_user.is_admin:
return 'Sorry, only admins can delete users', 403
if user.id == current_user.id:
return 'Sorry! You cannot delete yourself!', 403
user.delete_instance(recursive=True)
return 'User: %s deleted. (And all their posts)' % user.displayname
users_posts = Post.select().where(Post.author == user) \
.order_by(Post.write_date.desc()) \
.limit(10)
return render_template('user.html',
allgroups=Group.select(),
posts=users_posts, user=user)
def external_data_source_edit(source_id):
''' Editing a external data source '''
if not user_session.is_admin():
flash('Only Admins can do this!')
return redirect(url_for('feeds'))
# first find the data type:
if request.method == 'DELETE':
ExternalSource.delete() \
.where(ExternalSource.id == int(source_id)) \
.execute()
return 'deleted'
if source_id == None:
try:
source = ExternalSource()
source.type = request.args['type']
source.name = "new " + source.type + " source"
source.feed = Feed.get() # set initial feed
except KeyError:
return 'No type specified.', 500
else:
try:
source = ExternalSource.get(id=source_id)
except peewee.DoesNotExist:
return 'Invalid id.', 404
# Try and load the external source type ( and check it's valid):
try:
module = external_source_types.load(source.type)
except ImportError:
return 'Invalid External Source Type', 404
# if it's a post, then update the data with 'receive':
if request.method == 'POST':
source.post_as_user = user_session.get_user()
source.settings = json.dumps(module.receive(request))
source.name = request.form.get('name', source.name)
source.frequency = getint('frequency', 60)
source.publish = getbool('publish', False)
source.lifetime_start = getstr('active_start',
source.lifetime_start,
validate=DATESTR)
source.lifetime_end = getstr('active_end',
source.lifetime_end,
validate=DATESTR)
source.display_time = getint('display_time', source.display_time)
source.post_template = request.form.get('post_template',
source.post_template)
try:
source.feed = Feed.get(Feed.id == getint('feed', 100))
source.save()
if source_id == None:
# new source!
return redirect(
url_for('external_data_source_edit', source_id=source.id))
else:
flash('Updated.')
except Feed.DoesNotExist:
flash("Can't save! Invalid Feed!{}".format(getint('feed', '-11')))
return render_template("external_source.html",
source=source,
feeds=Feed.select(),
form=module.form(json.loads(source.settings)))
def external_data_source_edit(source_id):
''' Editing a external data source '''
if not user_session.is_admin():
flash('Only Admins can do this!')
return redirect(url_for('feeds'))
# first find the data type:
if request.method == 'DELETE':
ExternalSource.delete() \
.where(ExternalSource.id == int(source_id)) \
.execute()
return 'deleted'
if source_id == None:
try:
source = ExternalSource()
source.type = request.args['type']
source.name = "new " + source.type + " source"
source.feed = Feed.get() # set initial feed
except KeyError:
return 'No type specified.', 500
else:
try:
source = ExternalSource.get(id=source_id)
except peewee.DoesNotExist:
return 'Invalid id.', 404
# Try and load the external source type ( and check it's valid):
try:
module = external_source_types.load(source.type)
except ImportError:
return 'Invalid External Source Type', 404
# if it's a post, then update the data with 'receive':
if request.method == 'POST':
source.post_as_user = user_session.get_user()
source.settings = json.dumps(module.receive(request))
source.name = request.form.get('name', source.name)
source.frequency = getint('frequency', 60)
source.publish = getbool('publish', False)
source.lifetime_start = request.form.get('active_start',
source.lifetime_start)
source.lifetime_end = request.form.get('active_end',
source.lifetime_end)
source.display_time = getint('display_time', source.display_time)
source.post_template = request.form.get('post_template',
source.post_template)
try:
source.feed = Feed.get(Feed.id == getint('feed', 100))
source.save()
if source_id == None:
# new source!
return redirect(url_for('external_data_source_edit',
source_id=source.id))
else:
flash('Updated.')
except Feed.DoesNotExist:
flash("Can't save! Invalid Feed!{}".format(
getint('feed', '-11')))
return render_template("external_source.html",
source=source,
feeds=Feed.select(),
form=module.form(json.loads(source.settings)))
def postpage(postid):
''' Edit a post. '''
if not user_session.logged_in():
flash("You're not logged in!")
return redirect(url_for('posts'))
try:
post = Post.get(Post.id == postid)
post_type_module = post_types.load(post.type)
user = user_session.get_user()
except Post.DoesNotExist:
flash('Sorry! Post id:{0} not found!'.format(postid))
return redirect(url_for('posts'))
if request.method == 'POST':
try:
# check for write permission, and if the post is
# already published, publish permission.
if_i_cant_write_then_i_quit(post, user)
# if the user is allowed to set the feed to what they've
# requested, then do it.
post.feed = try_to_set_feed(post,
request.form.get('post_feed', False),
user)
except PleaseRedirect as e:
flash(str(e.msg))
redirect(e.url)
# if it's a publish or delete request, handle that instead:
action = request.form.get('action', 'edit')
if action == 'delete':
# don't need extra guards, as if_i_cant... deals with it above
delete_post_and_run_callback(post, post_type_module)
flash('Deleted')
elif action == 'publish':
try:
post.publish(user)
flash("Published")
except PermissionDenied:
flash("Sorry, you don't have permission to publish"
" posts in this feed.")
elif action == 'unpublish':
try:
post.publish(user, False)
flash("Published!")
except PermissionDenied:
flash('Sorry, you do NOT have permission' \
' to unpublish on this feed.')
elif action == 'move':
if not user_session.is_admin():
flash('Sorry! You are not an admin!')
return jsonify({'error': 'permission denied'})
post.feed = Feed.get(Feed.id == getint('feed', post.feed))
post.save()
return jsonify({'message': 'Moved to ' + post.feed.name})
if action not in ('edit', 'update'):
return redirect(request.referrer if request.referrer else '/')
# finally get around to editing the content of the post...
try:
post_form_intake(post, request.form, post_type_module)
post.save()
flash('Updated.')
except Exception as e:
flash('invalid content for this data type!')
flash(str(e))
# Should we bother displaying 'Post' button, and editable controls
# if the user can't write to this post anyway?
#can_write, can_publish = can_user_write_and_publish(user, post)
return render_template('post_editor.html',
post=post,
current_feed=post.feed.id,
feedlist=user.writeable_feeds(),
user=user,
form_content=post_type_module.form(json.loads(post.content)))
def post_new(feed_id):
''' create a new post! '''
if not user_session.logged_in():
flash("You're not logged in!")
return redirect(url_for('index'))
user = user_session.get_user()
try:
feed = Feed.get(id=feed_id)
except Feed.DoesNotExist:
flash('Sorry, Feed does not exist!')
return redirect(url_for('feeds'))
if not feed.user_can_write(user):
flash("Sorry! You don't have permission to write here!")
return redirect(request.referrer if request.referrer else '/')
if request.method == 'GET':
# send a blank form for the user:
post = Post()
post.feed = feed
# give list of available post types:
all_posttypes = dict([(x['id'], x) for x in post_types.types()])
if post.feed.post_types:
allowed_post_types = []
for post_type in post.feed.post_types_as_list():
if post_type in all_posttypes:
allowed_post_types.append(all_posttypes[post_type])
else:
allowed_post_types = all_posttypes.values()
# return the page:
return render_template('postnew.html',
current_feed=feed,
post=post,
user=user,
post_types=allowed_post_types)
else: # POST. new post!
post_type = request.form.get('post_type')
try:
post_type_module = post_types.load(post_type)
except:
flash('Sorry! invalid post type.')
return redirect(request.referrer if request.referrer else '/')
if feed.post_types and post_type not in feed.post_types_as_list():
flash('sorry! this post type is not allowed in this feed!')
return redirect(request.referrer if request.referrer else '/')
post = Post(type=post_type, author=user)
try:
post.feed = feed
if_i_cant_write_then_i_quit(post, user)
post_form_intake(post, request.form, post_type_module)
except PleaseRedirect as e:
flash(str(e.msg))
return redirect(e.url if e.url else request.url)
post.save()
flash('Saved!')
return redirect(url_for('feedpage', feedid=post.feed.id))