def edit(userid, journal, friends_only=False): if not journal.title: raise WeasylError("titleInvalid") elif not journal.content: raise WeasylError("contentInvalid") elif not journal.rating: raise WeasylError("ratingInvalid") profile.check_user_rating_allowed(userid, journal.rating) query = d.execute("SELECT userid, settings FROM journal WHERE journalid = %i", [journal.journalid], options="single") if not query or "h" in query[1]: raise WeasylError("Unexpected") elif userid != query[0] and userid not in staff.MODS: raise WeasylError("InsufficientPermissions") settings = [query[1].replace("f", "")] settings.append("f" if friends_only else "") settings = "".join(settings) if "f" in settings: welcome.journal_remove(journal.journalid) d.execute("UPDATE journal SET (title, content, rating, settings) = ('%s', '%s', %i, '%s') WHERE journalid = %i", [journal.title, journal.content, journal.rating.code, settings, journal.journalid]) if userid != query[0]: moderation.note_about( userid, query[0], 'The following journal was edited:', '- ' + text.markdown_link(journal.title, '/journal/%s?anyway=true' % (journal.journalid,)))
def modcontrol_spam_remove_post_(request): """ Submits content to the spam filtering backend, and hides it from view. Either `submitid` or `journalid` must be present in the request's parameters. :param request: The Pyramid request. :subparam request.params['submitid']: If present, the submission's ID number. :subparam request.params['journalid']: If present, the journal's ID number. :return/raises: HTTPSeeOther to /modcontrol/suspenduser. """ submitid = request.params.get('submitid') journalid = request.params.get('journalid') # Only one parameter should ever be set if sum(item is not None for item in [submitid, journalid]) != 1: raise WeasylError("Unexpected") submitid = int(submitid) if submitid is not None else None journalid = int(journalid) if journalid is not None else None # Only pkey_value is untrusted input to this statement. statement = """ SELECT userid, content, submitter_user_agent_id, submitter_ip_address FROM {table_name} WHERE {pkey_name} = %(pkey_value)s """ if submitid: # The content_type parameter which will be used to signal to the filtering backend what kind of content this is. content_type = "submission" statement = statement.format(table_name="submission", pkey_name="submitid") record_identifier = submitid welcome.submission_remove(submitid=submitid) moderation.hidesubmission(submitid=submitid) elif journalid: content_type = "journal" statement = statement.format(table_name="journal", pkey_name="journalid") record_identifier = journalid welcome.journal_remove(journalid=journalid) moderation.hidejournal(journalid=journalid) userid, content, user_agent_id, ip_addr = define.engine.execute( statement, pkey_value=record_identifier).first() spam_filtering.submit( is_spam=True, user_ip=ip_addr, user_agent_id=user_agent_id, user_id=userid, comment_type=content_type, comment_content=content, ) index.recent_submissions.invalidate() raise HTTPSeeOther("/modcontrol/suspenduser")
def hidejournal(journalid): """ Hides a journal item from view, and removes it from the welcome table. """ d.engine.execute(""" UPDATE journal SET settings = settings || 'h' WHERE journalid = %(journalid)s AND settings !~ 'h' """, journalid=journalid) welcome.journal_remove(journalid=journalid)
def remove(userid, journalid): ownerid = d.get_ownerid(journalid=journalid) if userid not in staff.MODS and userid != ownerid: raise WeasylError("InsufficientPermissions") query = d.execute("UPDATE journal SET settings = settings || 'h'" " WHERE journalid = %i AND settings !~ 'h' RETURNING journalid", [journalid]) if query: welcome.journal_remove(journalid) return ownerid
def edit(userid, journal, friends_only=False): if not journal.title: raise WeasylError("titleInvalid") elif not journal.content: raise WeasylError("contentInvalid") elif not journal.rating: raise WeasylError("ratingInvalid") profile.check_user_rating_allowed(userid, journal.rating) query = d.engine.execute( "SELECT userid, settings FROM journal WHERE journalid = %(id)s", id=journal.journalid, ).first() if not query or "h" in query[1]: raise WeasylError("Unexpected") elif userid != query[0] and userid not in staff.MODS: raise WeasylError("InsufficientPermissions") settings = query[1].replace("f", "") if friends_only: settings += "f" welcome.journal_remove(journal.journalid) jo = d.meta.tables['journal'] d.engine.execute( jo.update().where(jo.c.journalid == journal.journalid).values({ 'title': journal.title, 'content': journal.content, 'rating': journal.rating, 'settings': settings, })) if userid != query[0]: moderation.note_about( userid, query[0], 'The following journal was edited:', '- ' + text.markdown_link( journal.title, '/journal/%s?anyway=true' % (journal.journalid, )))
def edit(userid, journal, friends_only=False): if not journal.title: raise WeasylError("titleInvalid") elif not journal.content: raise WeasylError("contentInvalid") elif not journal.rating: raise WeasylError("ratingInvalid") profile.check_user_rating_allowed(userid, journal.rating) query = d.execute( "SELECT userid, settings FROM journal WHERE journalid = %i", [journal.journalid], options="single") if not query or "h" in query[1]: raise WeasylError("Unexpected") elif userid != query[0] and userid not in staff.MODS: raise WeasylError("InsufficientPermissions") settings = [query[1].replace("f", "")] settings.append("f" if friends_only else "") settings = "".join(settings) if "f" in settings: welcome.journal_remove(journal.journalid) # TODO(kailys): use ORM d.execute( "UPDATE journal SET (title, rating, settings) = ('%s', %i, '%s') WHERE journalid = %i", [journal.title, journal.rating.code, settings, journal.journalid]) # Write journal file files.write( files.make_resource(userid, journal.journalid, "journal/submit"), journal.content) if userid != query[0]: from weasyl import moderation moderation.note_about( userid, query[0], 'The following journal was edited:', '- ' + text.markdown_link( journal.title, '/journal/%s?anyway=true' % (journal.journalid, )))