def admin_set_accesslevel(user, level): pd = PageData() if pd.authuser.accesslevel != 255 and pd.authuser.accesslevel <= int( level): app.logger.error('Accesslevel change was denied for user: '******'index') try: moduser = SiteUser.create(user) if pd.authuser.accesslevel != 255 and moduser.accesslevel >= pd.authuser.accesslevel: flash("Please contact an admin to modify this user's account.") return redirect_back('index') except NoUser: app.logger.error('Accesslevel change attempted for invalid user by: ' + pd.authuser.username) pd.title = "User does not exist" pd.errortext = "The user does not exist" return render_template('error.html', pd=pd) moduser.newaccesslevel(level) flash('User ' + user + '\'s accesslevel has been set to ' + level) return redirect('/user/' + moduser.username)
def show_item(item_id, edit=None): pd = PageData() if item_id is 'new': return redirect("/item/" + item_id + "/edit") try: showitem = SiteItem(item_id) if edit: showitem.old = True showitem.description = edit showitem.description_html = markdown.markdown( escape_html(str(showitem.body(edit))), md_extensions) except NoItem: return page_not_found(404) if 'username' in session: try: user = SiteUser.create(session['username']) pd.iteminfo = user.query_collection(showitem.uid) except (NoUser, NoItem): pass pd.title = showitem.name pd.item = showitem return render_template('item.html', pd=pd)
def pm(username): pd = PageData() try: pd.recipient = SiteUser.create(username) except (NoItem, NoUser): return page_not_found(404) if 'username' in session: if request.method == 'POST': message = request.form['body'] subject = request.form['subject'] if 'parent' in request.form: parent = deobfuscate(request.form['parent']) else: parent = None if message and subject: messageid = send_pm(pd.authuser.uid, pd.recipient.uid, subject, message, messagestatus['unread_pm'], parent) if messageid: flash('Message sent!') if parent: return redirect_back('/user/' + username + '/pm') else: return redirect('/user/' + pd.authuser.username + '/pm/' + obfuscate((messageid))) else: # TODO re-fill form flash('No message or subject') return redirect_back('/user/' + username + '/pm') return render_template('sendpm.html', pd=pd)
def new_facebook_user(): pd = PageData(); logger.info('Started Facebook new user for {}, referrer was {}'.format(request.remote_addr, request.referrer)) if not check_new_user(request, nopass=True): pd.username = request.form['username'] pd.email = request.form['email'] return redirect_back(url_for('index')) password = ''.join(random.choice(string.printable) for _ in range(100)) if not new_user(request.form['username'], password, request.form['email'], request.remote_addr): return render_template('error.html', pd=pd) user_key = 'oauth-facebook-{}'.format(session['facebook_id']) new_key(user_key, request.form['username']) try: user = SiteUser.create(request.form['username']) session['username'] = user.username profile = user.profile() profile.profile['facebook_id'] = session['facebook_id'] profile.update() except (NoUser, AuthFail): return render_template('error.html', pd=pd) logger.info('New Facebook user {} ID {} ip {}'.format(user.username, session['facebook_id'], request.remote_addr)) flash('Welcome ' + request.form['username']) return redirect(url_for('index'))
def newuser(): pd = PageData(); pd.title = "New User" if 'username' in session: flash('You are already logged in.') return redirect(url_for('index')) else: if request.method == 'POST': if not check_new_user(request): pd.username = request.form['username'] pd.email = request.form['email'] return render_template('new_user.html', pd=pd) if not new_user(request.form['username'], request.form['password'], request.form['email'], request.remote_addr): return render_template('error.html', pd=pd) try: user = SiteUser.create(request.form['username']) user.authenticate(request.form['password']) session['username'] = user.username except (NoUser, AuthFail): return render_template('error.html', pd=pd) flash('Welcome ' + request.form['username']) return redirect(url_for('index')) return render_template('new_user.html', pd=pd)
def new_facebook_user(): pd = PageData() logger.info('Started Facebook new user for {}, referrer was {}'.format( request.remote_addr, request.referrer)) if not check_new_user(request, nopass=True): pd.username = request.form['username'] pd.email = request.form['email'] return redirect_back(url_for('index')) password = ''.join(random.choice(string.printable) for _ in range(100)) if not new_user(request.form['username'], password, request.form['email'], request.remote_addr): return render_template('error.html', pd=pd) user_key = 'oauth-facebook-{}'.format(session['facebook_id']) new_key(user_key, request.form['username']) try: user = SiteUser.create(request.form['username']) session['username'] = user.username profile = user.profile() profile.profile['facebook_id'] = session['facebook_id'] profile.update() except (NoUser, AuthFail): return render_template('error.html', pd=pd) logger.info('New Facebook user {} ID {} ip {}'.format( user.username, session['facebook_id'], request.remote_addr)) flash('Welcome ' + request.form['username']) return redirect(url_for('index'))
def admin_set_accesslevel(user, level): """ :URL: /admin/users/<user>/accesslevel/<level> Change a user's access level. The user requesting the access level change must be more privileged than the level they are setting. Redirects back if there was an error, otherwise redirects to the user's profile. """ pd = PageData() if pd.authuser.accesslevel != 255 and pd.authuser.accesslevel <= int(level): app.logger.error('Accesslevel change was denied for user: '******'index') try: moduser = SiteUser.create(user) if pd.authuser.accesslevel != 255 and moduser.accesslevel >= pd.authuser.accesslevel: flash("Please contact an admin to modify this user's account.") return redirect_back('index') except NoUser: app.logger.error('Accesslevel change attempted for invalid user by: ' + pd.authuser.username) pd.title = "User does not exist" pd.errortext = "The user does not exist" return render_template('error.html', pd=pd) moduser.newaccesslevel(level) flash('User ' + user + '\'s accesslevel has been set to ' + level) return redirect_back('index')
def admin_set_accesslevel(user, level): """ :URL: /admin/users/<user>/accesslevel/<level> Change a user's access level. The user requesting the access level change must be more privileged than the level they are setting. Redirects back if there was an error, otherwise redirects to the user's profile. """ pd = PageData() if pd.authuser.accesslevel != 255 and pd.authuser.accesslevel <= int( level): app.logger.error('Accesslevel change was denied for user: '******'index') try: moduser = SiteUser.create(user) if pd.authuser.accesslevel != 255 and moduser.accesslevel >= pd.authuser.accesslevel: flash("Please contact an admin to modify this user's account.") return redirect_back('index') except NoUser: app.logger.error('Accesslevel change attempted for invalid user by: ' + pd.authuser.username) pd.title = "User does not exist" pd.errortext = "The user does not exist" return render_template('error.html', pd=pd) moduser.newaccesslevel(level) flash('User ' + user + '\'s accesslevel has been set to ' + level) return redirect('/user/' + moduser.username)
def edititem(item_id=None): pd = PageData() if request.method == 'POST': if 'username' in session: userid = pd.authuser.uid else: userid = 0 if 'desc' in request.form: if request.form['name'] == '': flash('No name for this item?') return redirect_back("/item/new") try: item = SiteItem.create(request.form['uid']) item_id = uid_by_item(request.form['name']) if not item_id or item_id == int(request.form['uid']): uid = request.form['uid'] ip = request.remote_addr if item.name != request.form['name']: item.name = request.form['name'] item.update() old = core.digest(item.body()) new = core.digest(request.form['desc']) # silently discard null edits if old != new: new_edit(uid, request.form['desc'], userid, ip) logger.info('item {} edited by user {} ({})'.format(uid, userid, ip)) else: logger.info('null edit discarded for item {} by user {} ({})'.format(uid, userid, ip)) return redirect('/item/' + str(uid)) else: flash(item.name + " already exists!") item_id = request.form['uid'] except NoItem: if uid_by_item(request.form['name']): flash(request.form['name'] + " already exists!") return redirect_back("/item/new") uid = new_item(request.form['name'], request.form['desc'], userid, request.remote_addr) return redirect('/item/' + str(uid)) if item_id: try: pd.item = SiteItem.create(item_id) except NoItem: return page_not_found() pd.title="Editing: %s" % pd.item.name else: pd.title="Editing: New Item" return render_template('edititem.html', pd=pd)
def untag_item(item_id, tag_ob): try: item = SiteItem.create(item_id) except NoItem: return page_not_found() pd = PageData() item.remove_tag(pd.decode(tag_ob)) return redirect('/item/' + str(item.uid))
def show_user_profile(username): pd = PageData() pd.title = "Profile for " + username try: pd.profileuser = SiteUser.create(username) except NoUser: return page_not_found() return render_template('profile/main.html', pd=pd)
def show_image(img_id): pd = PageData() try: pd.img = SiteImage.create(img_id) pd.title = pd.img.tag except NoImage: return page_not_found(404) return render_template('image.html', pd=pd)
def show_image(img_id): pd = PageData() try: pd.img = SiteImage.create(img_id) pd.title=pd.img.tag except NoImage: return page_not_found(404) return render_template('image.html', pd=pd)
def show_user_profile(username): pd = PageData() pd.title = "Profile for " + username pd.timezones = get_timezones() try: pd.profileuser = SiteUser.create(username) except NoUser: return page_not_found(404) return render_template('profile.html', pd=pd)
def show_user_profile_collections(username): pd = PageData() pd.title = "Collections for " + username pd.timezones = get_timezones() try: pd.profileuser = SiteUser.create(username) except NoUser: return page_not_found() return render_template('profile/collections.html', pd=pd)
def mod_tag_delete(tag): pd = PageData() tree = Tags() decode_tag = pd.decode(tag) parent = tree.parent_of(decode_tag) if tree.delete(decode_tag): return redirect('/tag/' + pd.encode(parent)) else: flash('Unable to delete tag: ' + decode_tag) return redirect_back('/tag/' + tag)
def show_item_history(item_id): pd = PageData() try: showitem = SiteItem.create(item_id) except NoItem: return redirect("/item/" + item_id + "/edit") pd.title = showitem.name pd.item = showitem return render_template('itemhistory.html', pd=pd)
def edititem(item_id=None): pd = PageData() if request.method == 'POST': if 'username' in session: userid = pd.authuser.uid else: userid = 0 if 'desc' in request.form: if request.form['name'] == '': flash('No name for this item?') return redirect_back("/item/new") try: item = SiteItem.create(request.form['uid']) item_id = uid_by_item(request.form['name']) if not item_id or item_id == int(request.form['uid']): item.name = request.form['name'] item.update() # todo: check for null edits new_edit(request.form['uid'], request.form['desc'], userid, request.remote_addr) uid = request.form['uid'] flash('Edited item!') return redirect('/item/' + str(uid)) else: flash(item.name + " already exists!") item_id = request.form['uid'] except NoItem: if uid_by_item(request.form['name']): flash(request.form['name'] + " already exists!") return redirect_back("/item/new") uid = new_item(request.form['name'], request.form['desc'], userid, request.remote_addr) return redirect('/item/' + str(uid)) if item_id: try: pd.item = SiteItem.create(item_id) except NoItem: return page_not_found() pd.title = "Editing: %s" % pd.item.name else: pd.title = "Editing: New Item" return render_template('edititem.html', pd=pd)
def show_user_profile_collections(username): pd = PageData() pd.title = "Collections for " + username pd.timezones = get_timezones() try: pd.profileuser = SiteUser.create(username) except NoUser: return page_not_found() if pd.profileuser.accesslevel == 0: return page_not_found() return render_template('profile/collections.html', pd=pd)
def show_user_profile_prefs(username): pd = PageData() pd.title = "Preferences for " + username pd.timezones = get_timezones() if not hasattr(pd, 'authuser') or pd.authuser.username != username: return page_not_found() try: pd.profileuser = SiteUser.create(username) except NoUser: return page_not_found() return render_template('profile/preferences.html', pd=pd)
def show_image(img_id): """ :URL: /image/<img_id> Render a template for viewing an image. """ pd = PageData() try: pd.img = SiteImage.create(img_id) pd.title=pd.img.tag except NoImage: return page_not_found() return render_template('image.html', pd=pd)
def revert_item_edit(item_id, edit): pd = PageData() try: item = SiteItem.create(item_id) item.old = True item.edit = edit except NoItem: return page_not_found() pd.title = "Reverting: " + item.name pd.item_name = item.name pd.item = item return render_template('edititem.html', pd=pd)
def updateprefs(username): pd = PageData() if 'username' in session: ret = False if request.method == 'POST': try: user = SiteUser.create(session['username']) profile = user.profile() except NoUser: return render_template('error.html', pd=pd) if request.form['timezone'] in pytz.common_timezones: logger.info('timezone updated for for {}'.format(username)) profile.profile['timezone'] = request.form['timezone'] profile.profile['summary'] = request.form['summary'] profile.profile['gameday'] = request.form['gameday'] profile.profile['whitewhale'] = request.form['whitewhale'] profile.update() flash("Your profile has been updated.") logger.info('profile updated for for {}'.format(username)) return redirect('/user/' + user.username) return redirect(url_for('index'))
def revert_item_edit(item_id, edit): pd = PageData() try: item = SiteItem.create(item_id) item.old = True item.edit = edit except NoItem: return page_not_found() pd.title="Reverting: " + item.name pd.item_name = item.name pd.item = item return render_template('edititem.html', pd=pd)
def link_facebook_account(username): pd = PageData() logger.info('Started Facebook auth for {} ({}), referrer was {}'.format( username, request.remote_addr, request.referrer)) if 'username' in session: try: user = SiteUser.create(session['username']) user.authenticate(request.form['password']) except (NoUser, AuthFail): flash( 'Authentication failed, please check your password and try again.' ) logger.info( 'Facebook auth link failed for username {} ip {}'.format( user.username, request.remote_addr)) return redirect_back(url_for('index')) user_key = 'oauth-facebook-{}'.format(session['facebook_id']) new_key(user_key, session['username']) profile = user.profile() profile.profile['facebook_id'] = session['facebook_id'] profile.update() flash('Your account is now linked to Facebook.') logger.info('Facebook auth linked for username {} ID {} ip {}'.format( user.username, session['facebook_id'], request.remote_addr)) return redirect(url_for('index')) return redirect_back(url_for('index'))
def show_image(img_id): """ :URL: /image/<img_id> Render a template for viewing an image. """ pd = PageData() try: pd.img = SiteImage.create(img_id) pd.title = pd.img.tag except NoImage: return page_not_found() return render_template('image.html', pd=pd)
def pm_action(username, messageid, action): """ :URL: /user/<username>/pm/<messageid>/<action> :Methods: GET, POST :Actions: * read * unread * delete * undelete Setting the accept:application/json header will return JSON instead of a redirect. """ pd = PageData() dmid = deobfuscate(messageid) if not 'username' in session or pd.authuser.username != username or dmid is None: return render_template('pm_error.html', pd=pd) pm = TradeMessage.create(dmid) if action == 'read': pm.read(pd.authuser.username) elif action == 'unread': pm.unread(pd.authuser.username) elif action == 'delete': pm.delete(pd.authuser.username) elif action == 'undelete': pm.undelete(pd.authuser.username) if request_wants_json(): return '{}' else: return redirect_back('/')
def newimg(): """ :URL: /newimg :Method: POST Upload a new image. """ pd = PageData() if request.method == 'POST': if 'img' in request.files: if request.form['title'] == '': title = request.files['img'].filename else: title = request.form['title'] if 'username' in session: userid = pd.authuser.uid else: userid = None img = new_img(request.files['img'], title, request.form['parent'], userid, request.remote_addr) if img: flash('Uploaded {}'.format(request.files['img'].filename)) return redirect_back('/image/' + str(img)) else: flash('An error occurred while processing {}'.format( request.files['img'].filename)) return redirect_back(url_for('index'))
def emailupdate(): pd = PageData() if 'username' in session: if request.method == 'POST': try: user = SiteUser.create(session['username']) except NoUser: return render_template('error.html', pd=pd) try: user.authenticate(request.form['password']) except AuthFail: flash("Please check your current password and try again") return redirect('/user/' + user.username) email = request.form['email'] if not re.match("[^@]+@[^@]+\.[^@]+", request.form['email']): flash("Invalid email address") return redirect('/user/' + user.username) user.newemail(email) flash("Your email address has been changed.") return redirect('/user/' + user.username) return redirect(url_for('index'))
def tagreparent(): pd = PageData() if request.method == 'POST': if 'username' in session: userid = pd.authuser.uid else: userid = 0 if 'reparent' in request.form: try: Tags().reparent(pd.decode(request.form['name']), pd.decode(request.form['reparent'])) except IndexError: flash('Error reparenting tag!') return redirect_back('index')
def mod_img(image, scale=2): pd = PageData() pd.scale = float(scale) try: modimg = SiteImage.create(image) except NoImage: return page_not_found() pd.image = modimg try: sql = 'select uid name from items where uid = %(uid)s;' pd.parent = doquery(sql, {"uid": modimg.parent})[0][0] sql = 'select * from imgmods where imgid = %(uid)s;' result = doquery(sql, {"uid": modimg.uid}) if result[0][3] is None: user = '******' else: user = user_by_uid(result[0][3]) pd.moduser = user except IndexError: return page_not_found() pd.ascii = SiteImage.create(modimg.uid).ascii(scale=pd.scale) return render_template('mod_img.html', pd=pd)
def pm(username): pd = PageData() try: pmuser = SiteUser.create(username) except (NoItem, NoUser): return page_not_found() if 'username' in session: if session['username'] == username: pd.profileuser = pmuser return render_template('profile/messages.html', pd=pd) else: pd.recipient = pmuser if request.method == 'POST': message = request.form['body'] subject = request.form['subject'] if 'parent' in request.form: parent = deobfuscate(request.form['parent']) else: parent = None if message and subject: messageid = send_pm(pd.authuser.uid, pd.recipient.uid, subject, message, None, parent) if messageid: flash('Message sent!') if parent: return redirect_back('/user/' + username + '/pm') else: return redirect('/user/' + pd.authuser.username + '/pm/' + obfuscate((messageid))) else: # TODO re-fill form flash('No message or subject') return redirect_back('/user/' + username + '/pm') return render_template('sendpm.html', pd=pd)
def dashboard(): ds = act.getDebts(session['id'])[:5] if ds is not None: ds = ds[:5] ts = act.getTransactions(session['id']) if ts is not None: ts = ts[:5] return render_template('dashboard.html', page=PageData('dashboard', 'Dashboard'), transactions=ts, debts=ds)
def flag_image(img_id): pd = PageData() try: flagimg = SiteImage.create(img_id) flagimg.flag() except NoImage: return page_not_found(404) flash("The image has been flagged and will be reviewed by a moderator.") return redirect_back('index')
def mod_img_approve(imageid): pd = PageData() try: modimg = SiteImage.create(imageid) except NoImage: flash('Error during moderation') return redirect(url_for('moderate')) modimg.approve() return redirect(url_for('moderate'))
def newtag(): pd = PageData() if request.method == 'POST': if 'username' in session: userid = pd.authuser.uid else: userid = 0 if 'tag' in request.form: if request.form['tag'] == '': return redirect_back('index') try: Tags().retrieve(request.form['tag'].strip()) flash('Tag already exists!') except IndexError: Tags().insert_children([request.form['tag']], pd.decode(request.form['parent'])) return redirect_back('index')
def admin_reset_pw(user): pd = PageData() try: user = SiteUser.create(user) user.forgot_pw_reset(ip='0.0.0.0', admin=True) except NoUser: return page_not_found(404) flash('A new password has been e-mailed to ' + user.username + '.') return redirect_back('/admin')
def mod_ban_user(user): pd = PageData() pd.title = "Banning user " + user pd.accessreq = 10 pd.conftext = "Banning user " + user pd.conftarget = "/admin/users/" + user + "/accesslevel/0" pd.conflinktext = "Yup, I'm sure." return render_template('confirm.html', pd=pd)
def stats(): pd = PageData() pd.title = "Scarf Stats" pd.topcollectors = get_whores_table() pd.topcontributors = get_contribs_table() pd.topneedy = get_needy_table() pd.topwilltrade = get_willtrade_table() return render_template('stats.html', pd=pd)
def viewpm(username, messageid): pd = PageData() dmid = deobfuscate(messageid) if not 'username' in session or pd.authuser.username != username or dmid is None: return render_template('pm_error.html', pd=pd) if 'username' in session: pm = TradeMessage.create(dmid) if pm.messagestatus < messagestatus['unread_pm']: pm = TradeMessage.create(messageid) if session['username'] is pm.to_user: pd.tradeuser = pm.from_user pm.read() else: pd.tradeuser = pm.to_user pd.pm = pm pd.title = pm.subject return render_template('pm.html', pd=pd)
def admin_set_accesslevel(user, level): pd = PageData() if pd.authuser.accesslevel != 255 and pd.authuser.accesslevel <= int(level): app.logger.error('Accesslevel change was denied for user: '******'index') try: moduser = SiteUser.create(user) if pd.authuser.accesslevel != 255 and moduser.accesslevel >= pd.authuser.accesslevel: flash("Please contact an admin to modify this user's account.") return redirect_back('index') except NoUser: app.logger.error('Accesslevel change attempted for invalid user by: ' + pd.authuser.username) pd.title = "User does not exist" pd.errortext = "The user does not exist" return render_template('error.html', pd=pd) moduser.newaccesslevel(level) flash('User ' + user + '\'s accesslevel has been set to ' + level) return redirect('/user/' + moduser.username)
def admin_users(): pd = PageData() pd.sf_conf = config pd.title = "Admin" new_string('welcomebanner', 'Placeholder...') pd.welcomebanner = SiteString('welcomebanner').string pd.users = get_users() try: with open(config.DEPFILE, 'r') as depfile: frozen = depfile.read() pd.deployment = jsonpickle.decode(frozen) pd.mode = 'prod' except (OSError, IOError): pd.mode = "dev" return render_template('admin.html', pd=pd)
def reallydelete_image(img_id): pd = PageData() try: delimg = SiteImage.create(img_id) delimg.delete() except NoImage: return page_not_found(404) pd.title = delimg.tag + " has been deleted" pd.accessreq = 10 pd.conftext = delimg.tag + " has been deleted. I hope you meant to do that." pd.conftarget = "" pd.conflinktext = "" return render_template('confirm.html', pd=pd)
def delete_item(item_id): try: delitem = SiteItem.create(item_id) except NoItem: return page_not_found() pd = PageData() pd.title=delitem.name pd.accessreq = 255 pd.conftext = "Items may take some time to disappear from the indexes." pd.conftarget = "/item/" + str(delitem.uid) + "/reallydelete" pd.conflinktext = "I want to delete '{}' and accept the consequences of this action.".format(delitem.name) return render_template('confirm.html', pd=pd)
def delete_image(img_id): pd = PageData() try: delimg = SiteImage.create(img_id) except NoImage: return page_not_found(404) pd.title=delimg.tag pd.accessreq = 10 pd.conftext = "Deleting image " + delimg.tag pd.conftarget = "/image/" + img_id + "/reallydelete" pd.conflinktext = "Yup, I'm sure" return render_template('confirm.html', pd=pd)
def moderate(): pd = PageData() sql = read('imgmods') result = doquery(sql) pd.mods = [] pd.tags = Tree('tags') for mod in result: try: imgid = mod[0] flag = mod[2] user = mod[3] if user is None: user = '******' else: user = user_by_uid(user) if mod[1] == 0 or flag == 1: sql = 'select tag from images where uid = %(uid)s;' img = doquery(sql, {"uid": imgid}) class Mod: pass mod = Mod() if img: mod.uid = imgid mod.tag = img[0][0] mod.user = user mod.flag = flag pd.mods.append(mod) else: flash('Error loading data for image ' + str(imgid)) except IndexError as e: pd.title = "SQL error" pd.errortext = "SQL error" return render_template('error.html', pd=pd) pd.title = "Unmoderated images" return render_template('moderation.html', pd=pd)
def mod_tag(tag): pd = PageData() pd.tree = Tags() try: pd.tag = pd.decode(tag) all_tags = pd.tree.all_children_of(pd.tree.root) # remove children and ourself from the reparent list subtract = pd.tree.all_children_of(pd.tag) subtract.append(pd.tag) pd.reparent_list = list(set(all_tags) ^ set(subtract)) pd.root_tree = pd.tree.draw_tree(pd.tree.root) return render_template('tag.html', pd=pd) except TypeError: return page_not_found(404)
def trade(username, itemid=None, messageid=None): pd = PageData() status = messagestatus['unread_trade'] try: pd.tradeuser = SiteUser.create(username) except NoUser: return page_not_found(404) if 'username' in session: if request.method == 'POST': authuseritems = request.form.getlist('authuseritem') tradeuseritems = request.form.getlist('tradeuseritem') message = request.form['body'] subject = request.form['subject'] if 'parent' in request.form: parent = request.form['parent'] else: if messageid: parent = core.deobfuscate(messageid) messageid = parent status = messagestatus['unread_pm'] flashmsg = 'Message sent!' else: parent = None messageid = None flashmsg = 'Submitted trade request!' if message and subject: pmid = send_pm(pd.authuser.uid, pd.tradeuser.uid, subject, message, status, parent) if not messageid: messageid = pmid elif tradeuseritems or authuseritems: flashmsg = 'Trade updated' for item in authuseritems: add_tradeitem(item, messageid, pd.authuser.uid, tradeitemstatus['accepted']) for item in tradeuseritems: add_tradeitem(item, messageid, pd.tradeuser.uid, tradeitemstatus['unmarked']) flash(flashmsg) return redirect('/user/' + pd.authuser.username + '/pm/' + obfuscate(messageid)) if message == '': flash('Please add a message') return redirect_back('/') pd.title = "Trading with {}".format(username) try: pd.authuser.ownwant = pd.authuser.query_collection(itemid) except AttributeError: pass try: pd.tradeuser.ownwant = pd.tradeuser.query_collection(itemid) pd.item = SiteItem(itemid) except NoItem: if messageid: try: pd.trademessage = TradeMessage.create(deobfuscate(messageid)) except NoItem: return page_not_found(404) else: return page_not_found(404) return render_template('trade.html', pd=pd)
def search(): """ :URL: /item/search?page=<page>&type=<query type>&limit=<max results>&query=<search query>&sort=<sort type> :Method: GET :Query Types: * item - Item Search * user - User Search :Sort Types: * name - Alphabetical by name * added - By added date, latest first * modified - Last modified :Sample Response: Setting the accept:application/json header will return JSON. .. code-block:: javascript { "limit": 2, "num_pages": 4, "num_results": 8, "query": "Cascadia", "results": [ { "added": "2016-05-22 17:52:36", "body": "Blue/White (Cascadia Fringe, Gisele Currier Memorial Fundraiser)", "description": 460, "images": [ 388, 389 ], "modified": "2016-05-24 22:45:33", "name": "No Pity MLS Blue White Fringe (Cascadia Fringe) 2012", "uid": 362 }, { "added": "2016-05-22 17:02:15", "body": "", "description": 317, "images": [ 364, 365 ], "modified": "2016-05-22 17:02:15", "name": "Cascadia", "uid": 350 } ] } """ pd = PageData() pd.search_type = request.args.get('type') pd.query = request.args.get('query') pd.limit = request.args.get('limit') pd.page = request.args.get('page') pd.sort = request.args.get('sort') try: if not pd.limit: pd.limit = 20 else: pd.limit = int(pd.limit) if not pd.page: pd.page = 1 else: pd.page = int(pd.page) except ValueError: return page_not_found() if pd.search_type == "items": return item_search(pd) elif pd.search_type == "users": return user_search(pd) elif pd.search_type == "tags": return tag_search(pd) else: pd.search_type = "items" return item_search(pd)
def edit_image(img_id): """ :URL: /image/<img_id>/edit Very basic image editor. Applies a list of operations to an image and either presents a preview back to the user or saves it to the database as a new image. """ pd = PageData() min_size = 200 try: img = SiteImageEditor(img_id) except NoImage: return page_not_found() preview = request.args.get('preview') save = request.args.get('save') pd.img = img pd.ops = '' pd.num_ops = 0 for op in range(1,20): command = request.args.get('op{}'.format(op)) if command: if command == 'rotate': degrees = request.args.get('op{}_degrees'.format(op)) try: degrees = int(degrees) except: return page_not_found() img.rotate(degrees) pd.ops = "{}&op{}=rotate&op{}_degrees={}".format(pd.ops, op, op, degrees) pd.num_ops = op elif command == 'crop': x1 = request.args.get('op{}_x1'.format(op)) y1 = request.args.get('op{}_y1'.format(op)) x2 = request.args.get('op{}_x2'.format(op)) y2 = request.args.get('op{}_y2'.format(op)) try: x1 = int(x1) y1 = int(y1) x2 = int(x2) y2 = int(y2) except: return page_not_found() new_width = x2 - x1 new_height = y2 - y1 if new_width < min_size: flash("The selection is too narrow, please make a larger selection. If your image is below {} pixels in width you will not be able to crop it.".format(min_size)) return redirect_back(url_for('index')) if new_height < min_size: flash("The selection is too short, please make a larger selection. If your image is below {} pixels in width you will not be able to crop it.".format(min_size)) return redirect_back(url_for('index')) img.crop(x1, y1, x2, y2) pd.ops = "{base}&op{op}=crop&op{op}_x1={x1}&op{op}_y1={y1}&op{op}_x2={x2}&op{op}_y2={y2}".format(base=pd.ops, op=op, x1=x1, y1=y1, x2=x2, y2=y2) pd.num_ops = op else: return page_not_found() if preview == 'true': return send_file(img.preview(), mimetype='image/jpeg') if save: if 'username' in session: userid = pd.authuser.uid else: userid = None new_img = img.save(userid, request.remote_addr) return redirect('/image/' + str(new_img)) return render_template('imageedit.html', pd=pd)