def CrowdReportFormPost(author, request):
"""Handles a form submission of a crowd report from the browser UI."""
# The form parameter names all start with "cm-" because our form protection
# mechanism uses the DOM element IDs as parameter names, and we prefix our
# element IDs with "cm-" to avoid collision. See protect.py and xhr.js.
if not protect.Verify(
request, ['cm-topic-ids', 'cm-answers-json', 'cm-ll', 'cm-text']):
raise base_handler.ApiError(403, 'Unauthorized crowd report.')
topic_ids = request.get('cm-topic-ids', '').replace(',', ' ').split()
try:
answers = dict(json.loads(request.get('cm-answers-json') or '{}'))
except (TypeError, ValueError):
raise base_handler.ApiError(400, 'Invalid answers JSON.')
ll = ParseGeoPt(request.get('cm-ll'))
text = request.get('cm-text', '')
now = datetime.datetime.utcnow()
if ContainsSpam(text):
# TODO(kpy): Consider applying a big downvote here instead of a 403.
raise base_handler.ApiError(403, 'Crowd report text rejected as spam.')
model.CrowdReport.Create(source=request.root_url, author=author,
effective=now, text=text, topic_ids=topic_ids,
answers=answers, location=ll)
card.InvalidateReportCache(topic_ids, ll)
def Post(self, map_id):
new_json = self.request.get('new_json')
try:
new_map_root = json.loads(new_json)
except ValueError:
raise base_handler.ApiError(400, 'Invalid or missing JSON data.')
map_object = model.Map.Get(map_id)
if not map_object:
raise base_handler.ApiError(404, 'Map %s not found.' % map_id)
from_maproot = ToNormalizedJson(map_object.map_root)
to_maproot = ToNormalizedJson(new_map_root)
html_diff = difflib.HtmlDiff(wrapcolumn=60)
saved_diff = html_diff.make_file(from_maproot.splitlines(),
to_maproot.splitlines(),
context=True,
fromdesc='Saved',
todesc='Current')
catalog_diffs = []
for entry in model.CatalogEntry.GetByMapId(map_id):
from_maproot = ToNormalizedJson(entry.map_root)
catalog_diffs.append({
'name':
entry.domain + '/' + entry.label,
'diff':
html_diff.make_file(from_maproot.splitlines(),
to_maproot.splitlines(),
fromdesc=entry.domain + '/' + entry.label,
todesc='Current',
context=True)
})
self.WriteJson({
'saved_diff': saved_diff,
'catalog_diffs': catalog_diffs
})
def Post(self, map_id, domain=''): # pylint: disable=unused-argument
"""Stores a new version of the MapRoot JSON for the specified map."""
map_object = model.Map.Get(map_id)
if not map_object:
raise base_handler.ApiError(404, 'Map %s not found.' % map_id)
map_object.PutNewVersion(self.GetRequestJson())
self.response.set_status(201)
def CrowdReportJsonPost(auth, report_dicts):
"""Handles a POST submission of crowd report JSON."""
if not (auth and auth.crowd_report_write_permission):
raise base_handler.ApiError(403, 'Not authorized to submit crowd reports.')
now = utils.UtcToTimestamp(datetime.datetime.utcnow())
return [DictToReport(report, auth, now, auth.crowd_report_spam_check)
for report in report_dicts]
def Get(self, map_id, domain=''): # pylint: disable=unused-argument
"""Returns the MapRoot JSON for the specified map."""
if (self.auth and self.auth.map_read_permission and
map_id in self.auth.map_ids):
map_object = model.Map.Get(map_id, user=perms.ROOT)
else:
map_object = model.Map.Get(map_id)
if not map_object:
raise base_handler.ApiError(404, 'Map %s not found.' % map_id)
self.WriteJson(map_object.map_root)
def Post(self):
"""Stores a vote on a report, replacing any existing vote by this user.
The query parameters are cm-report-id, which identifies the report, and
cm-vote-code, which is a vote code: 'u' or 'd' or '', where '' causes any
previously cast vote by this user on this report to be removed.
"""
if not protect.Verify(self.request, ['cm-report-id', 'cm-vote-code']):
raise base_handler.ApiError(403, 'Unauthorized crowd vote.')
voter = self.GetCurrentUserUrl()
report_id = self.request.get('cm-report-id', '')
vote_type = VOTE_TYPES_BY_CODE.get(self.request.get('cm-vote-code'))
model.CrowdVote.Put(report_id, voter, vote_type)