def __init__(self, environ, app=None): RequestBase.__init__(self, environ) request_groups = set() current_user = self.user # We can add Group associations to the current user # by assigning its `transient_groups` property to # a list of Group objects. Here we'll add one Group # if the user is authenticated, and a different one # if the user is anonymous; and we'll also give the # HTTP request a chance to add an additional group. # Note that the groups must exist in the database; # we create them here if they don't exist. if current_user.is_somebody: request_groups.add("Authenticated") else: request_groups.add("Anonymous") group = environ.get("HTTP_X_REMOTE_GROUP", None) if group: request_groups.add(group) _request_groups = [] for group_name in request_groups: group = Group.query.filter_by(name=group_name).first() if group is None: group = Group(group_name) db.session.add(group) _request_groups.append(group) db.commit() self.user.transient_groups = _request_groups
def delete_group(self): """Deletes a group.""" if self.data['action'] == 'relocate': new_group = Group.query.filter_by(data['reassign_to'].id).first() for user in self.group.users: if not new_group in user.groups: user.groups.append(new_group) db.commit() #! plugins can use this to react to user deletes. They can't stop #! the deleting of the group but they can delete information in #! their own tables so that the database is consistent afterwards. #! Additional to the group object the form data is submitted. emit_event('before-group-deleted', self.group, self.data) db.delete(self.group)
def get_user(self): # This overrides Zine's default session-based authentication # with a custom method that looks for environ["REMOTE_USER"] # and creates the appropriate user in the database if it doesn't # exist yet. If there is no user logged in, this method should # return None. The caller will handle the AnonymousUser creation # in that case. app = self.app username = self.environ.get("REMOTE_USER", None) if not username: return None user = User.query.filter_by(username=username).first() if user is None: user = User(username, None, "*****@*****.**" % username) db.session.add(user) db.commit() return user
def create_if_valid(self, req): """The one-trick pony for commenting. Passed a req it tries to use the req data to submit a comment to the post. If the req is not a post req or the form is invalid the return value is None, otherwise a redirect response to the new comment. """ if req.method != 'POST' or not self.validate(req.form): return # if we don't have errors let's save it and emit an # `before-comment-saved` event so that plugins can do # block comments so that administrators have to approve it comment = self.make_comment() #! use this event to block comments before they are saved. This #! is useful for antispam and other ways of moderation. emit_event('before-comment-saved', req, comment) # Moderate Comment? Now that the spam check any everything # went through the processing we explicitly set it to # unmodereated if the blog configuration demands that if not comment.blocked and comment.requires_moderation: comment.status = COMMENT_UNMODERATED comment.blocked_msg = _(u'Comment waiting for approval') #! this is sent directly after the comment was saved. Useful if #! you want to send mail notifications or whatever. emit_event('after-comment-saved', req, comment) # Commit so that make_visible_for_request can access the comment id. db.commit() # Still allow the user to see his comment if it's blocked if comment.blocked: comment.make_visible_for_request(req) return redirect_to(self.post)
def _perform_import(app, blog, d): # import models here because they have the same names as our # importer objects this module exports from zine.models import User, Tag, Category, Post, Comment author_mapping = {} tag_mapping = {} category_mapping = {} def prepare_author(author): """Adds an author to the author mapping and returns it.""" if author.id not in author_mapping: author_rewrite = d['authors'][author.id] if author_rewrite != '__zine_create_user': user = User.query.get(int(author_rewrite)) else: query = User.query.filter_by(username=author.username) user = query.first() if user is None: user = User(author.username, None, author.email, author.real_name, author.description, author.www, author.is_author) if author.pw_hash: user.pw_hash = author.pw_hash user.own_privileges.update(author.privileges) author_mapping[author.id] = user return author_mapping[author.id] def prepare_tag(tag): """Get a tag for a tag.""" t = tag_mapping.get(tag.slug) if t is not None: return t t = Tag.query.filter_by(slug=tag.slug).first() if t is not None: tag_mapping[tag.slug] = t return t t = Tag.query.filter_by(name=tag.name).first() if t is not None: tag_mapping[tag.slug] = t return t t = tag_mapping[tag.id] = Tag(tag.name, tag.slug) return t def prepare_category(category): """Get a category for a category.""" c = category_mapping.get(category.slug) if c is not None: return c c = Category.query.filter_by(slug=category.slug).first() if c is not None: category_mapping[category.slug] = c return c c = Category.query.filter_by(name=category.name).first() if c is not None: category_mapping[category.slug] = c return c c = category_mapping[category.id] = Category(category.name, category.description, category.slug) return c # start debug output yield u'<ul>' # update blog configuration if user wants that if d['title']: app.cfg.change_single('blog_title', blog.title) yield u'<li>%s</li>\n' % _('set blog title from dump') if d['description']: app.cfg.change_single('blog_tagline', blog.description) yield u'<li>%s</li>\n' % _('set blog tagline from dump') # convert the posts now for old_post in blog.posts: # in theory that will never happen because there are no # checkboxes for already imported posts on the form, but # who knows what users manage to do and also skip posts # we don't want converted if old_post.already_imported or not d['posts'][old_post.id]: continue slug = old_post.slug while Post.query.autoflush(False).filter_by(slug=slug) \ .limit(1).count(): slug = increment_string(slug) post = Post(old_post.title, prepare_author(old_post.author), old_post.text, slug, old_post.pub_date, old_post.updated, old_post.comments_enabled, old_post.pings_enabled, parser=old_post.parser, uid=old_post.uid, content_type=old_post.content_type, status=old_post.status, extra=old_post.extra) if old_post.parser_data is not None: post.parser_data.clear() post.parser_data.update(old_post.parser_data) yield u'<li><strong>%s</strong>' % escape(post.title) for tag in old_post.tags: post.tags.append(prepare_tag(tag)) yield u'.' for category in old_post.categories: post.categories.append(prepare_category(category)) yield u'.' # now the comments if user wants them. if d['comments'][old_post.id]: to_create = set(old_post.comments) created = {} def _create_comment(comment): parent = None if comment.parent is not None: if comment.parent in created: parent = created[comment.parent] else: parent = _create_comment(comment.parent) to_create.discard(comment.parent) if isinstance(comment.author, Author): author = prepare_author(comment.author) else: author = comment.author rv = Comment(post, author, comment.body, comment.author_email, comment.author_url, parent, comment.pub_date, comment.remote_addr, comment.parser, comment.is_pingback, comment.status) if comment.blocked_msg: rv.blocked_msg = comment.blocked_msg created[comment] = rv return rv while to_create: _create_comment(to_create.pop()) yield u'.' yield u' <em>%s</em></li>\n' % _('done') # send to the database yield u'<li>%s' % _('Committing transaction...') db.commit() # write config if we have if d['load_config']: yield u'<li>%s' % _('Updating configuration...') t = app.cfg.edit() for key, value in blog.config.iteritems(): if key in t and key not in ignored_config_keys: t.set_from_string(key, value) t.commit() yield u' <em>%s</em></li></ul>' % _('done')