def shouts_(request): form = request.web_input(userid="", name="", backid=None, nextid=None) form.name = request.matchdict.get('name', form.name) form.userid = define.get_int(form.userid) otherid = profile.resolve(request.userid, form.userid, form.name) if not otherid: raise WeasylError("userRecordMissing") elif not request.userid and "h" in define.get_config(otherid): raise WeasylError('noGuests') userprofile = profile.select_profile(otherid, viewer=request.userid) if otherid != request.userid and not define.is_vouched_for(otherid): can_vouch = request.userid != 0 and define.is_vouched_for( request.userid) return Response( define.webpage( request.userid, "error/unverified.html", [request, otherid, userprofile['username'], can_vouch], ), status=403, ) has_fullname = userprofile[ 'full_name'] is not None and userprofile['full_name'].strip() != '' page_title = u"%s's shouts" % (userprofile['full_name'] if has_fullname else userprofile['username'], ) page = define.common_page_start(request.userid, title=page_title) page.append( define.render( 'user/shouts.html', [ # Profile information userprofile, # User information profile.select_userinfo(otherid, config=userprofile['config']), # Relationship profile.select_relation(request.userid, otherid), # Myself profile.select_myself(request.userid), # Comments shout.select(request.userid, ownerid=otherid), # Feature "shouts", ])) return Response(define.common_page_end(request.userid, page))
def submit_visual_post_(request): form = request.web_input(submitfile="", thumbfile="", title="", folderid="", subtype="", rating="", friends="", critique="", content="", tags="", imageURL="") tags = searchtag.parse_tags(form.tags) if not define.config_read_bool("allow_submit"): raise WeasylError("FeatureDisabled") if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") rating = ratings.CODE_MAP.get(define.get_int(form.rating)) if not rating: raise WeasylError("ratingInvalid") s = orm.Submission() s.title = form.title s.rating = rating s.content = form.content s.folderid = define.get_int(form.folderid) or None s.subtype = define.get_int(form.subtype) s.submitter_ip_address = request.client_addr s.submitter_user_agent_id = get_user_agent_id(ua_string=request.user_agent) submitid = submission.create_visual( request.userid, s, friends_only=form.friends, tags=tags, imageURL=form.imageURL, thumbfile=form.thumbfile, submitfile=form.submitfile, critique=form.critique, create_notifications=('nonotification' not in form)) if 'customthumb' in form: raise HTTPSeeOther(location="/manage/thumbnail?submitid=%i" % (submitid,)) else: raise HTTPSeeOther(location="/submission/%i/%s" % (submitid, slug_for(form.title)))
def submit_comment_(request): if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") form = request.web_input(submitid="", charid="", journalid="", updateid="", parentid="", content="", format="") updateid = define.get_int(form.updateid) commentid = comment.insert(request.userid, charid=define.get_int(form.charid), parentid=define.get_int(form.parentid), submitid=define.get_int(form.submitid), journalid=define.get_int(form.journalid), updateid=updateid, content=form.content) if form.format == "json": return { "id": commentid, "html": markdown(form.content), } if define.get_int(form.submitid): raise HTTPSeeOther(location="/submission/%i#cid%i" % (define.get_int(form.submitid), commentid)) elif define.get_int(form.charid): raise HTTPSeeOther(location="/character/%i#cid%i" % (define.get_int(form.charid), commentid)) elif define.get_int(form.journalid): raise HTTPSeeOther(location="/journal/%i#cid%i" % (define.get_int(form.journalid), commentid)) elif updateid: raise HTTPSeeOther(location="/site-updates/%i#cid%i" % (updateid, commentid)) else: raise WeasylError("Unexpected")
def submit_character_post_(request): form = request.web_input(submitfile="", thumbfile="", title="", age="", gender="", height="", weight="", species="", rating="", friends="", content="", tags="") tags = searchtag.parse_tags(form.tags) if not define.config_read_bool("allow_submit"): raise WeasylError("FeatureDisabled") if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") rating = ratings.CODE_MAP.get(define.get_int(form.rating)) if not rating: raise WeasylError("ratingInvalid") c = orm.Character() c.age = form.age c.gender = form.gender c.height = form.height c.weight = form.weight c.species = form.species c.char_name = form.title c.content = form.content c.rating = rating charid = character.create(request.userid, c, form.friends, tags, form.thumbfile, form.submitfile) raise HTTPSeeOther(location="/manage/thumbnail?charid=%i" % (charid,))
def insert(userid, target_user, parentid, content, staffnotes): # Check invalid content if not content: raise WeasylError("commentInvalid") elif not target_user or not d.is_vouched_for(target_user): raise WeasylError("Unexpected") # Determine parent userid if parentid: parentuserid = d.engine.scalar( "SELECT userid FROM comments WHERE commentid = %(parent)s", parent=parentid, ) if parentuserid is None: raise WeasylError("shoutRecordMissing") else: parentuserid = None # Check permissions if userid not in staff.MODS: if ignoreuser.check(target_user, userid): raise WeasylError("pageOwnerIgnoredYou") elif ignoreuser.check(userid, target_user): raise WeasylError("youIgnoredPageOwner") elif ignoreuser.check(parentuserid, userid): raise WeasylError("replyRecipientIgnoredYou") elif ignoreuser.check(userid, parentuserid): raise WeasylError("youIgnoredReplyRecipient") _, is_banned, _ = d.get_login_settings(target_user) profile_config = d.get_config(target_user) if is_banned or "w" in profile_config or "x" in profile_config and not frienduser.check( userid, target_user): raise WeasylError("insufficientActionPermissions") # Create comment settings = 's' if staffnotes else '' co = d.meta.tables['comments'] db = d.connect() commentid = db.scalar(co.insert().values(userid=userid, target_user=target_user, parentid=parentid or None, content=content, unixtime=arrow.utcnow(), settings=settings).returning( co.c.commentid)) # Create notification if parentid and userid != parentuserid: if not staffnotes or parentuserid in staff.MODS: welcome.shoutreply_insert(userid, commentid, parentuserid, parentid, staffnotes) elif not staffnotes and target_user and userid != target_user: welcome.shout_insert(userid, commentid, otherid=target_user) d.metric('increment', 'shouts') return commentid
def submit_shout_(request): form = request.web_input(userid="", parentid="", content="", staffnotes="", format="") if form.staffnotes and request.userid not in staff.MODS: raise WeasylError("InsufficientPermissions") if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") commentid = shout.insert( request.userid, target_user=define.get_int(form.userid or form.staffnotes), parentid=define.get_int(form.parentid), content=form.content, staffnotes=bool(form.staffnotes), ) if form.format == "json": return {"id": commentid} if form.staffnotes: raise HTTPSeeOther(location='/staffnotes?userid=%i#cid%i' % (define.get_int(form.staffnotes), commentid)) else: raise HTTPSeeOther(location="/shouts?userid=%i#cid%i" % (define.get_int(form.userid), commentid))
def frienduser_(request): if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") form = request.web_input(userid="") otherid = define.get_int(form.userid) if request.userid == otherid: raise WeasylError('cannotSelfFriend') if form.action == "sendfriendrequest": if not frienduser.check(request.userid, otherid) and not frienduser.already_pending( request.userid, otherid): frienduser.request(request.userid, otherid) elif form.action == "withdrawfriendrequest": if frienduser.already_pending(request.userid, otherid): frienduser.remove_request(request.userid, otherid) elif form.action == "unfriend": frienduser.remove(request.userid, otherid) if form.feature == "pending": raise HTTPSeeOther(location="/manage/friends?feature=pending") else: # typical value will be user raise HTTPSeeOther( location="/~%s" % (define.get_sysname(define.get_display_name(otherid))))
def submit_journal_post_(request): form = request.web_input(title="", rating="", friends="", members="", content="", tags="") tags = searchtag.parse_tags(form.tags) if not define.config_read_bool("allow_submit"): raise WeasylError("FeatureDisabled") if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") rating = ratings.CODE_MAP.get(define.get_int(form.rating)) if not rating: raise WeasylError("ratingInvalid") j = orm.Journal() j.title = form.title j.rating = rating j.content = form.content j.submitter_ip_address = request.client_addr j.submitter_user_agent_id = get_user_agent_id(ua_string=request.user_agent) journalid = journal.create(request.userid, j, friends_only=form.friends, tags=tags) raise HTTPSeeOther(location="/journal/%i/%s" % (journalid, slug_for(form.title)))
def vouch_(request): if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") targetid = int(request.POST['targetid']) updated = define.engine.execute( "UPDATE login SET voucher = %(voucher)s WHERE userid = %(target)s AND voucher IS NULL RETURNING email", voucher=request.userid, target=targetid, ).first() target_username = define.get_display_name(targetid) if updated is not None: define._get_all_config.invalidate(targetid) emailer.send(updated.email, "Weasyl Account Verified", define.render("email/verified.html", [target_username])) if target_username is None: assert updated is None raise WeasylError("Unexpected") raise HTTPSeeOther(location=request.route_path( 'profile_tilde', name=define.get_sysname(target_username)))
def submit_character_get_(request): if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") return Response(define.webpage(request.userid, "submit/character.html", [ profile.get_user_ratings(request.userid), ], title="Character Profile"))
def submit_visual_get_(request): if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") form = request.web_input(title='', tags=[], description='', imageURL='', baseURL='') if form.baseURL: form.imageURL = urlparse.urljoin(form.baseURL, form.imageURL) return Response( define.webpage( request.userid, "submit/visual.html", [ # Folders folder.select_list(request.userid, "drop/all"), # Subtypes [i for i in macro.MACRO_SUBCAT_LIST if 1000 <= i[0] < 2000], profile.get_user_ratings(request.userid), form, ], title="Visual Artwork"))
def submit_(request): if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") return Response( define.webpage(request.userid, "submit/submit.html", title="Submit Artwork"))
def submit_tags_(request): if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") form = request.web_input(submitid="", charid="", journalid="", preferred_tags_userid="", optout_tags_userid="", tags="") tags = searchtag.parse_tags(form.tags) submitid = define.get_int(form.submitid) charid = define.get_int(form.charid) journalid = define.get_int(form.journalid) preferred_tags_userid = define.get_int(form.preferred_tags_userid) optout_tags_userid = define.get_int(form.optout_tags_userid) result = searchtag.associate(request.userid, tags, submitid, charid, journalid, preferred_tags_userid, optout_tags_userid) if result: failed_tag_message = "" if result["add_failure_restricted_tags"] is not None: failed_tag_message += "The following tags have been restricted from being added to this item by the content owner, or Weasyl staff: **" + result[ "add_failure_restricted_tags"] + "**. \n" if result["remove_failure_owner_set_tags"] is not None: failed_tag_message += "The following tags were not removed from this item as the tag was added by the owner: **" + result[ "remove_failure_owner_set_tags"] + "**.\n" failed_tag_message += "Any other changes to this item's tags were completed." if submitid: location = "/submission/%i" % (submitid, ) if not result: raise HTTPSeeOther(location=location) else: return Response( define.errorpage(request.userid, failed_tag_message, [["Return to Content", location]])) elif charid: location = "/character/%i" % (charid, ) if not result: raise HTTPSeeOther(location=location) else: return Response( define.errorpage(request.userid, failed_tag_message, [["Return to Content", location]])) elif journalid: location = "/journal/%i" % (journalid, ) if not result: raise HTTPSeeOther(location=location) else: return Response( define.errorpage(request.userid, failed_tag_message, [["Return to Content", location]])) else: raise HTTPSeeOther(location="/control/editcommissionsettings")
def submit_journal_get_(request): if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") return Response( define.webpage(request.userid, "submit/journal.html", [profile.get_user_ratings(request.userid)], title="Journal Entry"))
def control_(request): return Response( define.webpage( request.userid, "control/control.html", [ # Premium define.get_premium(request.userid), define.is_vouched_for(request.userid), ], title="Settings"))
def select_myself(userid): if not userid: return None return { "userid": userid, "username": d.get_display_name(userid), "is_mod": userid in staff.MODS, "is_verified": d.is_vouched_for(userid), "user_media": media.get_user_media(userid), }
def submit_literary_get_(request): if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") return Response(define.webpage(request.userid, "submit/literary.html", [ # Folders folder.select_flat(request.userid), # Subtypes [i for i in macro.MACRO_SUBCAT_LIST if 2000 <= i[0] < 3000], profile.get_user_ratings(request.userid), ], title="Literary Artwork"))
def notes_compose_get_(request): if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") form = request.web_input(recipient="") return Response( define.webpage( request.userid, "note/compose.html", [ # Recipient form.recipient.strip(), profile.select_myself(request.userid), ]))
def notes_compose_post_(request): if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") form = request.web_input(recipient="", title="", content="", mod_copy='', staff_note='') try: note.send(request.userid, form) except ValueError: raise WeasylError('recipientInvalid') else: raise HTTPSeeOther(location="/notes") # todo (send to /note/xxx ?)
def submit_multimedia_get_(request): if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") return Response( define.webpage( request.userid, "submit/multimedia.html", [ # Folders folder.select_list(request.userid, "drop/all"), # Subtypes [i for i in macro.MACRO_SUBCAT_LIST if 3000 <= i[0] < 4000], profile.get_user_ratings(request.userid), ], title="Multimedia Artwork"))
def note_(request): if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") form = request.web_input() data = note.select_view(request.userid, int(form.noteid)) return Response( define.webpage( request.userid, "note/message_view.html", [ # Private message data, profile.select_myself(request.userid), ]))
def followuser_(request): if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") form = request.web_input(userid="") otherid = define.get_int(form.userid) if request.userid == otherid: raise WeasylError("cannotSelfFollow") if form.action == "follow": followuser.insert(request.userid, otherid) elif form.action == "unfollow": followuser.remove(request.userid, otherid) raise HTTPSeeOther(location="/~%s" % (define.get_sysname(define.get_display_name(otherid))))
def collection_request_(request): if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") form = request.web_input(submitid="") form.submitid = int(form.submitid) form.otherid = define.get_ownerid(submitid=form.submitid) if not form.otherid: raise WeasylError("userRecordMissing") if request.userid == form.otherid: raise WeasylError("cannotSelfCollect") collection.request(request.userid, form.submitid, form.otherid) return Response(define.errorpage( request.userid, "**Success!** Your collection request has been sent. " "The submission author may approve or reject this request.", [["Go Back", "/submission/%i" % (form.submitid,)], ["Return to the Home Page", "/index"]]))
def notes_(request): if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") form = request.web_input(folder="inbox", filter="", backid="", nextid="") backid = int(form.backid) if form.backid else None nextid = int(form.nextid) if form.nextid else None filter_ = define.get_userid_list(form.filter) if form.folder == "inbox": return Response( define.webpage( request.userid, "note/message_list.html", [ # Folder "inbox", # Private messages note.select_inbox(request.userid, 50, backid=backid, nextid=nextid, filter=filter_), ])) if form.folder == "outbox": return Response( define.webpage( request.userid, "note/message_list.html", [ # Folder "outbox", # Private messages note.select_outbox(request.userid, 50, backid=backid, nextid=nextid, filter=filter_), ])) raise WeasylError("unknownMessageFolder")
def vouch_(request): if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") targetid = int(request.POST['targetid']) result = define.engine.execute( "UPDATE login SET voucher = %(voucher)s WHERE userid = %(target)s AND voucher IS NULL", voucher=request.userid, target=targetid, ) if result.rowcount != 0: define._get_all_config.invalidate(targetid) target_username = define.get_display_name(targetid) if target_username is None: assert result.rowcount == 0 raise WeasylError("Unexpected") raise HTTPSeeOther(location=request.route_path( 'profile_tilde', name=define.get_sysname(target_username)))
def profile_(request): name = request.params.get('name', '') name = request.matchdict.get('name', name) userid = define.get_int(request.params.get('userid')) rating = define.get_rating(request.userid) otherid = profile.resolve(request.userid, userid, name) if not otherid: raise WeasylError("userRecordMissing") userprofile = profile.select_profile(otherid, viewer=request.userid) is_unverified = otherid != request.userid and not define.is_vouched_for( otherid) if is_unverified and request.userid not in staff.MODS: can_vouch = request.userid != 0 and define.is_vouched_for( request.userid) return Response( define.webpage( request.userid, "error/unverified.html", [request, otherid, userprofile['username'], can_vouch], ), status=403, ) extras = { "canonical_url": "/~" + define.get_sysname(userprofile['username']) } if not request.userid: # Only generate the Twitter/OGP meta headers if not authenticated (the UA viewing is likely automated). twit_card = profile.twitter_card(otherid) if define.user_is_twitterbot(): extras['twitter_card'] = twit_card # The "og:" prefix is specified in page_start.html, and og:image is required by the OGP spec, so something must be in there. extras['ogp'] = { 'title': twit_card['title'], 'site_name': "Weasyl", 'type': "website", 'url': twit_card['url'], 'description': twit_card['description'], 'image': twit_card['image:src'] if 'image:src' in twit_card else define.get_resource_url('img/logo-mark-light.svg'), } if not request.userid and "h" in userprofile['config']: raise WeasylError('noGuests') has_fullname = userprofile[ 'full_name'] is not None and userprofile['full_name'].strip() != '' extras['title'] = u"%s's profile" % (userprofile['full_name'] if has_fullname else userprofile['username'], ) page = define.common_page_start(request.userid, **extras) define.common_view_content(request.userid, otherid, "profile") if 'O' in userprofile['config']: submissions = collection.select_list(request.userid, rating, 11, otherid=otherid) more_submissions = 'collections' featured = None elif 'A' in userprofile['config']: submissions = character.select_list(request.userid, rating, 11, otherid=otherid) more_submissions = 'characters' featured = None else: submissions = submission.select_list(request.userid, rating, 11, otherid=otherid, profile_page_filter=True) more_submissions = 'submissions' featured = submission.select_featured(request.userid, otherid, rating) if userprofile['show_favorites_bar']: favorites = favorite.select_submit(request.userid, rating, 11, otherid=otherid) else: favorites = None statistics, show_statistics = profile.select_statistics(otherid) page.append( define.render( 'user/profile.html', [ request, # Profile information userprofile, # User information profile.select_userinfo(otherid, config=userprofile['config']), macro.SOCIAL_SITES, # Relationship profile.select_relation(request.userid, otherid), # Myself profile.select_myself(request.userid), # Recent submissions submissions, more_submissions, favorites, featured, # Folders preview folder.select_preview(request.userid, otherid, rating), # Latest journal journal.select_latest(request.userid, rating, otherid=otherid), # Recent shouts shout.select(request.userid, ownerid=otherid, limit=8), # Statistics information statistics, show_statistics, # Commission information commishinfo.select_list(otherid), # Friends lambda: frienduser.has_friends(otherid), is_unverified, ])) return Response(define.common_page_end(request.userid, page))