def add_new_post(request): succ = False #if not authenticated_userid(request): # request.session.flash({ # 'class' : 'warning', # 'text' : 'Войдите чтобы увидеть эту страницу' # }) # return HTTPSeeOther(location=request.route_url('login')) if not request.POST: return HTTPSeeOther(location=request.route_url('home')) else: csrf = request.POST.get('csrf', '') message = request.POST.get('userpost', None) ppage = request.POST.get('ppage', None) aid = request.POST.get('aid', None) captcha = request.POST.get('g-recaptcha-response', None) if authenticated_userid(request): username = authenticated_userid(request) if message and csrf == request.session.get_csrf_token() and ppage: newpost = Post(date = datetime.datetime.now(), page=ppage, name=username, ip=request.remote_addr, post=message, articleid=aid ) DBSession.add(newpost) else: username = request.POST.get('username', None) resp = urlopen("https://www.google.com/recaptcha/api/siteverify?secret={0}&response={1}".format("6Lf5AP8SAAAAAHKklOunO0NxX3UOBiFNZPYJslId", captcha)) captcharesp = json.loads(resp.read().decode("utf-8")) if captcharesp.get('success') is True: if message and csrf == request.session.get_csrf_token() and ppage: newpost = Post(date = datetime.datetime.now(), page=ppage, name=username, ip=request.remote_addr, post=message ) DBSession.add(newpost) return HTTPSeeOther(location=request.referrer)
def add_article(request): if not authenticated_userid(request): # add error message processing in the template request.session.flash({ 'class' : 'warning', 'text' : 'Войдите чтобы увидеть эту страницу' }) return HTTPSeeOther(location=request.route_url('login')) if not request.POST: tpldef = {} article_series = set([s.series for s in DBSession.query(Article).all()]) tpldef.update({'authuser':authenticated_userid(request), 'auth':True, 'article_status':article_status, 'article_series':article_series, 'pagename':'Новая статья'}) return tpldef else: csrf = request.POST.get('csrf', '') if csrf == request.session.get_csrf_token(): art_name = request.POST.get('inputMainname', None) art_uppername = art_name art_kwords = request.POST.get('inputKeywords', None) art_descr = request.POST.get('inputDescr', None) art_text = request.POST.get('inputArticle', None) art_url = request.POST.get('inputURL', None) art_leftbr = request.POST.get('inputLeftBracket', None) art_rightbr = request.POST.get('inputRightBracket', None) art_sep = request.POST.get('inputSep', None) art_prevtext = request.POST.get('inputPrevText', None) art_prevpict = request.POST.get('inputPrevPict', None) newarticle = Article(art_name, art_uppername, art_kwords, art_url, art_text, art_descr, datetime.datetime.now(), authenticated_userid(request), art_sep, art_rightbr, art_leftbr, art_prevtext, art_prevpict) DBSession.add(newarticle) # new article added here return HTTPSeeOther(location=request.route_url('main'))
def my_view(request): userid=authenticated_userid(request) if userid: email, nick = split_remembering(userid) return {'project': 'MyProject', 'login': authenticated_userid(request), 'name':nick, 'email':email} else: return HTTPFound(location = request.route_url('login'))
def add_robot(request): message = "" if "form.submitted" in request.params: number = request.params["number"] wheels = request.params["wheels"] gearbox = request.params["gearbox"] drive_motors = request.params["drive_motors"] description = request.params["description"] shooter = "shooter" in request.params climb = "climb" in request.params human_loading = "human_loading" in request.params ground_loading = "ground_loading" in request.params scout = request.params["scout"] robot = Robot( number=number, wheels=wheels, gearbox=gearbox, description=description, shooter=shooter, climb=climb, human_loading=human_loading, scout=scout, ground_loading=ground_loading, is_scouted=True, ) message = "A robot with that number allready exists" if DBSession.query(Robot).filter_by(number=number).first() is not None: return dict(robot=robot, message=message) DBSession.add(robot) robot = Robot() message = "Robot number {0} has been added".format(number) return dict(robot=robot, message=message, logged_in=authenticated_userid(request)) robot = Robot() return dict(robot=robot, message=message, logged_in=authenticated_userid(request))
def view_page(request): all_posts = [] pagename = request.matchdict['pagename'] page = DBSession.query(Page).filter_by(name=pagename).first() if page is None: return HTTPNotFound('No such page') editor = has_permission('edit',RootFactory,request) def check(match): word = match.group(1) exists = DBSession.query(Page).filter_by(name=word).all() if exists: view_url = request.route_url('view_page', pagename=word) return '<a href="%s">%s</a>' % (view_url, word) else: add_url = request.route_url('add_page', pagename=word) return '<a href="%s">%s</a>' % (add_url, word) content = publish_parts(page.data, writer_name='html')['html_body'] content = wikiwords.sub(check, content) edit_url = request.route_url('edit_page', pagename=pagename) delete_post_url = request.route_url('delete_post', pagename=pagename) if 'form.submitted' in request.params: DBSession.add(Posts(authenticated_userid(request), pagename, request.params['message'], datetime.now())) for post in DBSession.query(Posts).filter_by(page_name=pagename): all_posts.append(post) return dict(page=page, content=content, all_posts=all_posts, edit_url=edit_url, delete_post_url=delete_post_url, editor = editor, logged_in=authenticated_userid(request))
def view_index(request): """ View associated with the home page of the app. """ main = get_renderer('templates/master.pt').implementation() if authenticated_userid(request) == None or 'user' not in request.session.keys(): return HTTPFound(location='/') if 'current_test' in request.session.keys(): request.session.pop('current_test') #remove current_test from session userinfo = request.session['user'] messages = [] messages.append("Welcome " + userinfo['name'] + " to pyquiz.") dbsession = DBSession() if authenticated_userid(request) == 'teacher': messages.append('You are currently teaching the following classes:') if authenticated_userid(request) == 'student': messages.append('You are currently enrolled in the following classes:') sections = [] for c in userinfo['courses']: section = dbsession.query(Section).filter( Section.course_id == c).first() if section != None: sections.append(section) messages.append('') # if len(courses) == 0: # messages[2] == 'You have no classes' ##Depreceated due to SchoolTool integration? for section in sections: section.url = 'course?id='+str(section.id) return {'messages': messages, 'sections': sections, 'main': main}
def view_index(request): """ View associated with the home page of the app. """ if authenticated_userid(request) == None or 'user' not in request.session.keys(): return HTTPFound(location='/') if 'current_test' in request.session.keys(): request.session.pop('current_test') #remove current_test from session userinfo = request.session['user'] messages = [] messages.append("Welcome " + userinfo['name'] + " to pyquiz.") dbsession = DBSession() if authenticated_userid(request) == 'teacher': messages.append('You are currently teaching the following classes:') if authenticated_userid(request) == 'student': messages.append('You are currently enrolled in the following classes:') courses = [] for c in userinfo['courses']: course = dbsession.query(Course).filter( Course.course_id == c[0]).first() if course != None: courses.append(course) messages.append('') if len(courses) == 0: messages[2] == 'You have no classes' for course in courses: course.url = 'course?id='+str(course.id) return {'messages': messages, 'courses': courses}
def edit_admin(request): changed = False all_group_names = [] user_name = authenticated_userid(request) logged_in = authenticated_userid(request) home_url = request.route_url('home') login_url = request.route_url('login') view_url = request.route_url('view') alert_url = request.route_url('alert') admin_url = request.route_url('admin') add_admin_url = request.route_url('add_admin') edit_admin_url = request.route_url('edit_admin') add_streetlight_url = request.route_url('add_streetlight') logout_url = request.route_url('logout') delete_admin_url = request.route_url('delete_admin') alert = DBSession.query(StreetLight).filter( "voltage > 220.0 or current > 30.0").all() for group_name in DBSession.query(Group).all(): all_group_names.append(group_name) if 'form.submitted' in request.params: password = request.params['password'] user_group = request.params['user_group'] admin = DBSession.query(Admin).filter_by(user_name=user_name).one() admin.password = password admin.user_group = user_group DBSession.flush() headers = forget(request) return HTTPFound(location=request.route_url('login'), headers=headers) return dict(locals())
def login(request): login_url = request.route_url('login') # detectem des de quina URL ve el visitant referrer = request.url # retornem l'usuari a la home page si ha vingut directe al login if referrer == login_url: referrer = '/' # never use the login form itself as came_from came_from = request.params.get('came_from', referrer) user = authenticated_userid(request) if user: lloc = came_from.split("/") message = "Ets %s, i com a tal no pots entrar a %s" % (user,lloc[len(lloc)-1]) else: message = "Identifica't" login = '' password = '' if 'form.submitted' in request.params: login = request.params['login'] password = request.params['password'] if comprova_usuari(login,password): headers = remember(request, login) return HTTPFound(location = came_from, headers = headers) message = 'Failed login' return dict( message = message, url = request.application_url + '/login', came_from = came_from, login = login, password = password, user = authenticated_userid(request), # afegim usuari autenticat si l'hi ha )
def edit_robot(request): message = "" original_number = request.params["original_number"] robot = DBSession.query(Robot).filter_by(number=original_number).first() if "form.submitted" in request.params: robot.wheels = request.params["wheels"] robot.gearbox = request.params["gearbox"] robot.drive_motors = request.params["drive_motors"] robot.description = request.params["description"] robot.shooter = "shooter" in request.params robot.climb_10 = "climb_10" in request.params robot.climb = "climb" in request.params robot.human_loading = "human_loading" in request.params robot.ground_loading = "ground_loading" in request.params robot.is_scouted = "is_scouted" in request.params robot.scout = request.params["scout"] if ( request.params["number"] != original_number and DBSession.query(Robot).filter_by(number=request.params["number"]).first() is not None ): message = "Robot number {0} allready exists".format(request.params["number"]) return dict( robot=robot, original_number=original_number, logged_in=authenticated_userid(request), message=message ) else: robot.number = request.params["number"] DBSession.add(robot) return HTTPFound(location=request.route_url("view_robot", number=robot.number)) robot.is_scouted = True return dict(robot=robot, original_number=original_number, logged_in=authenticated_userid(request), message=message)
def pub_remove(request): loc = get_localizer(request) if not authenticated_userid(request): request.session.flash({ 'class' : 'warning', 'text' : request.translate(_('Войдите чтобы увидеть эту страницу')) }) return HTTPSeeOther(location=request.route_url('login')) else: pubtype = request.matchdict['pub'] pubid = request.matchdict['id'] if pubtype == 'post': post = DBSession.query(Post).filter(Post.id==pubid).first() if post.page == 'discuss': if post.name == authenticated_userid(request): DBSession.delete(post) transaction.commit() return HTTPSeeOther(location=request.referrer) else: DBSession.delete(post) transaction.commit() return HTTPSeeOther(location=request.referrer) elif pubtype == 'article': article = DBSession.query(Article).filter(Article.id==pubid).first() #if article.user == authenticated_userid(request): DBSession.delete(article) transaction.commit() #session.flash article deleted return HTTPSeeOther(location=request.route_url('main')) return HTTPSeeOther(location=request.referrer)
def public_room(request): if authenticated_userid(request): login_flag = 1 user_id = authenticated_userid(request) _id = ObjectId(user_id) user_data = user.find_one({"_id":_id}) user_data['_id'] = str(user_data['_id']) else: ##login_flag = 0 ##user_data = {} ##headers = remember(request, 10) return HTTPFound(location='/login') if request.POST.get('e_nickname'): user_id = request.POST.get('e_user_id') _id = ObjectId(user_id) nickname = request.POST.get('e_nickname') textcolor = request.POST.get('e_textcolor') user.update({"_id":_id},{"$set":{"nickname":nickname,"textcolor":textcolor}}) user_data = user.find_one({"_id":_id}) user_data['_id'] = str(user_data['_id']) return {'login_flag': login_flag, 'user_data': user_data}
def handle_submit(self, converted): context = self.context request = self.request workflow = self.workflow # *will be* modified event objectEventNotify(ObjectWillBeModifiedEvent(context)) if workflow is not None: if 'security_state' in converted: workflow.transition_to_state(context, request, converted['security_state']) context.title = converted['title'] context.text = converted['text'] context.description = extract_description(converted['text']) # Save the tags on it set_tags(context, request, converted['tags']) # Save new attachments creator = authenticated_userid(request) if support_attachments(context): upload_attachments(converted['attachments'], context['attachments'], creator, request) # Modified context.modified_by = authenticated_userid(request) objectEventNotify(ObjectModifiedEvent(context)) location = resource_url(context, request, query={'status_message':'Forum Topic Edited'}) return HTTPFound(location=location)
def prepare_request(event): #{{{ """Add some additional information to the request object. """ request = event.request request.settings = settings request.db_session = DBSession request.userid = authenticated_userid(request) request.interpretid = authenticated_userid(request) # request.without_interpret = True if request.userid is not None: request.user = request.db_session.query(User).\ filter(User.id == request.userid).\ first() if request.interpretid is not None: request.interpret = request.db_session.query(Interpret).filter(Interpret.user_id == request.userid).first() else: request.interpret = None else: request.user = None if request.registry and 'mailer' in request.registry: mailer = request.registry['mailer'] request.mailer = mailer request.authenticator = Authenticator(request.db_session, request)
def add_user(request): message = '' if 'form.submitted' in request.params: login = request.params['login'].strip() password_0 = request.params['password_0'].strip() password_1 = request.params['password_1'].strip() if login == '': message = 'Login must have at least one character' return dict(login=login, message=message, password_0=password_0, password_1=password_1, logged_in=authenticated_userid(request)) if DBSession.query(User).filter_by(name=login).first() is not None: message = 'That login has allready been taken' return dict(login=login, message=message, password_0=password_0, password_1=password_1, logged_in=authenticated_userid(request)) if password_0 != password_1: message = 'Entered passwords are not identical' return dict(login=login, message=message, password_0=password_0, password_1=password_1, logged_in=authenticated_userid(request)) if len(password_0) < 4: message = 'Password must be at least 4 characters long' return dict(login=login, message=message, logged_in=authenticated_userid(request)) user = User(name=login, password=password_0, permission='unapproved') DBSession.add(user) headers = remember(request, login) return HTTPFound(location = '/', headers = headers) return dict(login='', message=message, logged_in=authenticated_userid(request))
def swordfish(context,request): logged_in = authenticated_userid(request) t_path = "../templates/register.pt" main = get_renderer(t_path).implementation() if not 'god' in context: context["god"] = User("god", hashlib.sha1("eden".encode('UTF-8')).digest(), 777777, firstName = "Jesus", lastName = "Christ", email = "*****@*****.**", phone = "777-777-7707", gradYear = 2013, inductionYear = 0, isofficer=True, isadvisor=True) context["god"].__parent__ = context return {'red':'', 'main':get_renderer(t_path).implementation(), 'content':'And on the eighth day, Man created God', 'logged_in':authenticated_userid(request), 'name':'Apotheosis Sucessful (:', 'TutText': getTutText(context, view='')} return {'red':'', 'main':get_renderer(t_path).implementation(), 'content':'You already have a God', 'logged_in':authenticated_userid(request), 'name':'Apotheosis Failed D:', 'TutText': getTutText(context, view='')}
def user(request): userid = authenticated_userid(request) if not userid: request.session.flash('Please login') return HTTPFound(location=request.route_url('login')) username = request.matchdict.get('username', userid) profile = (username == userid) if not profile and not has_permission('approve_run', request.context, request): request.session.flash('You cannot inspect users') return HTTPFound(location=request.route_url('tests')) user = request.userdb.get_user(username) if 'user' in request.POST: if profile: if len(request.params.get('password')) > 0: if request.params.get('password') != request.params.get('password2', ''): request.session.flash('Matching verify password required') return {'user': user, 'profile': profile} user['password'] = request.params.get('password') if len(request.params.get('email')) > 0: user['email'] = request.params.get('email') else: user['blocked'] = ('blocked' in request.POST) request.actiondb.block_user(authenticated_userid(request), {'user': username, 'blocked': user['blocked']}) request.session.flash(('Blocked' if user['blocked'] else 'Unblocked') + ' user ' + username) request.userdb.save_user(user) return HTTPFound(location=request.route_url('tests')) userc = request.userdb.user_cache.find_one({'username': username}) hours = int(userc['cpu_hours']) if userc is not None else 0 return {'user': user, 'limit': request.userdb.get_machine_limit(username), 'hours': hours, 'profile': profile}
def builder(request): if authenticated_userid(request): awarded_assertions = request.db.get_assertions_by_email( authenticated_userid(request)) else: awarded_assertions = None # set came_from so we can get back home after openid auth. request.session['came_from'] = request.route_url('builder') # get default creator field default_creator = None user = request.db.get_person(person_email=authenticated_userid(request)) if user: default_creator = user.nickname or user.email badge_yaml = None if request.POST: badge_yaml = generate_badge_yaml(request.POST) return dict( auth_principals=effective_principals(request), awarded_assertions=awarded_assertions, default_creator=default_creator, badge_yaml=badge_yaml, )
def license_add_ws(request): viewer_username = authenticated_userid(request) request.session.flash(authenticated_userid(request)) if viewer_username == None: viewer_username = "******" #form = Form(request, LicenseSchema) form = Form(request) if 'form.submitted' in request.POST: # request.session.flash("Here comes request.str_POST") # request.session.flash(request.str_POST) # request.session.flash("And this is request.POST") # request.session.flash(request.POST) my_results_dict = request.str_POST request.session.flash(my_results_dict.keys()) request.session.flash(my_results_dict['cc_js_want_cc_license']) request.session.flash(my_results_dict['cc_js_result_uri']) request.session.flash(my_results_dict['cc_js_result_img']) request.session.flash(my_results_dict[u'cc_js_result_name']) # so here is what we need to store: #the_license = License( # cc_license = my_results_dict['cc_js_want_cc_license']) #request.session.flash( # "license? :" + form.data['cc_js_want_cc_license']) # request.session.flash("sharing? :" + form.data['cc_js_share']) # request.session.flash("remixing? :" + form.data['cc_js_remix']) # request.session.flash("locale :" + form.data['cc_js_jurisdiction']) # request.session.flash("URI :" + request.POST.cc_js_result_uri) # request.session.flash("img :" + form.data['cc_js_result_img']) # request.session.flash("name :" + form.data['cc_js_result_name']) # if 'form.submitted' in request.POST and not form.validate(): # # form didn't validate # request.session.flash('form does not validate!') # request.session.flash(form.data['license_name']) # request.session.flash(form.data['license_url']) # if 'form.submitted' in request.POST and form.validate(): # request.session.flash('form validated!') # license_name = form.data['license_name'] # license = License( # license_name = form.data['license_name'], # license_album = form.data['license_album'], # license_url = form.data['license_url'], # ) # dbsession.add(license) # request.session.flash(u'writing to database ...') # # ToDo: https://redmine.local/issues/5 return { 'viewer_username': viewer_username, 'form': FormRenderer(form) }
def invitation_claim(request): """ Action that awards a person a badge after scanning a qrcode. """ settings = request.registry.settings if request.context.expires_on < datetime.now(): return HTTPGone("That invitation is expired.") if not authenticated_userid(request): request.session['came_from'] = request.resource_url( request.context, 'claim') return HTTPFound(location=request.route_url('login')) person = request.db.get_person(person_email=authenticated_userid(request)) # Check to see if the user already has the badge. if request.context.badge in [a.badge for a in person.assertions]: # TODO: Flash a message explaining that they already have the badge return HTTPFound(location=request.route_url('home')) result = request.db.add_assertion(request.context.badge_id, person.email, datetime.now()) # TODO -- return them to a page that auto-exports their badges. # TODO -- flash and tell them they got the badge return HTTPFound(location=request.route_url('home'))
def handle_submit(self, converted): context = self.context request = self.request workflow = self.workflow # *will be* modified event objectEventNotify(ObjectWillBeModifiedEvent(context)) if 'security_state' in converted: if workflow is not None: workflow.transition_to_state(context, request, converted['security_state']) context.title = converted['title'] context.text = converted['text'] context.description = extract_description(converted['text']) # Tags and attachments set_tags(context, request, converted['tags']) creator = authenticated_userid(request) attachments_folder = context['attachments'] upload_attachments( filter(lambda x: x is not None, converted['attachments']), attachments_folder, creator, request) # modified context.modified_by = authenticated_userid(request) objectEventNotify(ObjectModifiedEvent(context)) location = resource_url(context, request) self.filestore.clear() return HTTPFound(location=location)
def success(self, appstruct): super(Done, self).success(appstruct) if appstruct.get('is_favorite', False): self.favorite.set( name=appstruct.get('favorite_name'), state=self.wizard_state.dump()) self.favorite.save() source_type = self.wizard_state.get('wizard_source')['source'] if source_type == 'wizard_upload': inputs = appstruct_to_inputs(self.request, self.wizard_state.get('wizard_literal_inputs', {})) resource = self.wizard_state.get('wizard_complex_inputs')['identifier'] for url in self.wizard_state.get('wizard_storage')['url']: inputs.append( (resource, url) ) logger.debug('storage inputs=%s', inputs) result = execute_process.delay( userid=authenticated_userid(self.request), url=self.wps.url, identifier=self.wizard_state.get('wizard_process')['identifier'], inputs=inputs, outputs=[]) self.request.registry.notify(JobStarted(self.request, result.id)) else: result = execute_workflow.delay( userid=authenticated_userid(self.request), url=self.request.wps.url, workflow=self.workflow_description()) self.request.registry.notify(JobStarted(self.request, result.id))
def add_new_post(request): succ = False sess = DBSession() cfg = request.registry.settings recaptcha_secret = cfg.get('recaptcha.secret', False) if not request.POST: return HTTPSeeOther(location=request.route_url('home')) else: csrf = request.POST.get('csrf', '') message = request.POST.get('userpost', None) ppage = request.POST.get('ppage', None) aid = request.POST.get('aid', None) captcha = request.POST.get('g-recaptcha-response', None) if authenticated_userid(request): username = authenticated_userid(request) if message and csrf == request.session.get_csrf_token() and ppage: newpost = Post(date = datetime.datetime.now(), page=ppage, name=username, ip=request.remote_addr, post=message, articleid=aid ) DBSession.add(newpost) transaction.commit() else: username = request.POST.get('username', None) resp = urlopen("https://www.google.com/recaptcha/api/siteverify?secret={0}&response={1}".format(recaptcha_secret, captcha)) captcharesp = json.loads(resp.read().decode("utf-8")) if captcharesp.get('success') is True: if message and csrf == request.session.get_csrf_token() and ppage: newpost = Post(date = datetime.datetime.now(), page=ppage, name=username, ip=request.remote_addr, post=message, articleid=aid ) DBSession.add(newpost) transaction.commit() return HTTPSeeOther(location=request.referrer)
def group_post(self): group = Category.objects.with_id(ObjectId(self.request.matchdict['id'])) me = User.by_username(authenticated_userid(self.request)) if not (group and (group.public or group.owner == me or me in group.members)): raise NotFound if self.request.method == 'POST': content = self.request.POST['tx_content'].replace("'", "'").replace("\r\n", "") post = Post(title=self.request.POST['title'], content=content, category=group, modified=datetime.now(), author=User.by_username(authenticated_userid(self.request))) for attach in self.request.POST.getall('tx_attach_image'): post.images.append(attach) for attach in self.request.POST.getall('tx_attach_file'): post.files.append(attach) post.save(safe=True) # 내가 새글을 추가한 경우, 나를 제외한 블로그 그룹의 모든 사람에게 알람을 전송한다. msg = AlarmMessage(me=me, command=AlarmMessage.CMD_BLOG_ADD, post=post) thread_alarmer.send(msg) return HTTPFound(location=self.request.route_path('blog_view', id=str(post.id))) else: return dict(post=None, group=group, save_url=self.request.route_path('group_post', id=self.request.matchdict['id']), )
def article_view(request): article_url = request.matchdict.get('url', None) article = DBSession.query(Article).filter(Article.url==article_url).first() comments = DBSession.query(Post).filter(Post.page==article_url) tpldef = {'article':article, 'pagename':article.mainname, 'comments':comments} if authenticated_userid(request): tpldef.update({'auth':True, 'authuser':authenticated_userid(request)}) return tpldef
def view_customer(self): user = DBSession.query(User).filter_by(sales_id = authenticated_userid(self.request)).filter_by( user_id = int(self.request.matchdict.get('id'))).first() sales = DBSession.query(User).filter_by(user_id = authenticated_userid(self.request)).first() if sales.block == False: return {'fullname': user.first_name +" "+user.last_name, 'phone':user.phone1, 'email':user.email,'location':user.location}
def index(request): n = 5 # n is the number of items displayed in each column. if authenticated_userid(request): awarded_assertions = request.db.get_assertions_by_email( authenticated_userid(request)) else: awarded_assertions = None # set came_from so we can get back home after openid auth. request.session['came_from'] = request.route_url('home') persons_assertions = request.db.get_all_assertions().join( m.Person).filter( m.Person.opt_out == False) from collections import defaultdict top_persons = defaultdict(int) # person: assertion count for item in persons_assertions: top_persons[item.person] += 1 top_persons_sorted = sorted(sorted(top_persons, key=lambda person: person.id), key=top_persons.get, reverse=True) # Limit the sorted top persons to the top 10% and then take # a random sample of 5 persons from that pool. num_users_at_top = max(int(len(top_persons_sorted) * 0.1), min(len(top_persons_sorted), 5)) # This is not actually a sample yet, but it's about to be... top_persons_sample = top_persons_sorted[:num_users_at_top] try: top_persons_sample = random.sample(top_persons_sample, 5) except ValueError: # The sample is probably larger than the num of top users, # so let's just take all the users in the top 10%, in a # random order. random.shuffle(top_persons_sample) # Get latest awards. latest_awards = persons_assertions.order_by( sa.desc(m.Assertion.issued_on)).limit(n).all() # Register our websocket handler callback if asbool(request.registry.settings['tahrir.use_websockets']): socket = make_websocket_handler(request.registry.settings) socket.display() return dict( auth_principals=effective_principals(request), latest_awards=latest_awards, newest_persons=request.db.get_all_persons().filter( m.Person.opt_out == False).order_by( sa.desc(m.Person.created_on)).limit(n).all(), top_persons=top_persons, top_persons_sample=top_persons_sample, awarded_assertions=awarded_assertions, moksha_socket=get_moksha_socket(request.registry.settings), )
def leaderboard(request): """ Render a top users view. """ if authenticated_userid(request): awarded_assertions = request.db.get_assertions_by_email( authenticated_userid(request)) else: awarded_assertions = None # Get top persons. persons_assertions = request.db.get_all_assertions().join(m.Person) from collections import defaultdict top_persons = defaultdict(int) # person: assertion count for item in persons_assertions: top_persons[item.person] += 1 # top_persons and top_persons_sorted contain all persons, ordered top_persons_sorted = sorted(sorted(top_persons, key=lambda person: person.id), key=top_persons.get, reverse=True) # Get total user count. user_count = len(top_persons) if authenticated_userid(request): # Get rank. try: rank = top_persons_sorted.index(request.db.get_person( person_email=authenticated_userid( request))) + 1 except ValueError: rank = 0 # Get percentile. try: percentile = (float(rank) / float(user_count)) * 100 except ZeroDivisionError: percentile = 0 # Get a list of nearby competetors (5 users above the current # user and 5 users ranked below). competitors = top_persons_sorted[max(rank - 3, 0):\ min(rank + 2, len(top_persons_sorted))] else: rank = None percentile = None competitors = None return dict( auth_principals=effective_principals(request), awarded_assertions=awarded_assertions, top_persons=top_persons, top_persons_sorted=top_persons_sorted, rank=rank, user_count=user_count, percentile=percentile, competitors=competitors, )
def leaderboard(request): """ Render a top users view. """ user, awarded_assertions = None, None if authenticated_userid(request): user = request.db.get_person( person_email=authenticated_userid(request)) query = request.db.session.query( m.Person ).order_by( m.Person.rank, m.Person.created_on, ).filter( m.Person.opt_out == False ) leaderboard = query.filter(m.Person.rank != None).all() # Get total user count. user_count = len(leaderboard) leaderboard.extend(query.filter(m.Person.rank == None).all()) user_to_rank = request.db._make_leaderboard() if user: awarded_assertions = user.assertions rank = user.rank or 0 idx = rank - 1 # Handle the case of leaderboard[-2:2] which will be [] always. if idx < 2: idx = 2 competitors = leaderboard[(idx - 2):(idx + 3)] try: percentile = (float(rank) / float(user_count)) * 100 except ZeroDivisionError: percentile = 0 else: awarded_assertions = None rank = None competitors = None percentile = None return dict( auth_principals=effective_principals(request), awarded_assertions=awarded_assertions, top_persons_sorted=leaderboard, rank=rank, user_count=user_count, percentile=percentile, competitors=competitors, user_to_rank=user_to_rank, )
def view_course_teacher(request): if authenticated_userid(request) == None or 'user' not in request.session.keys(): return HTTPFound(location='/') if 'current_test' in request.session.keys(): request.session.pop('current_test') course_id = int(request.GET["id"]) if authenticated_userid(request) == 'student': return HTTPFound(location='/course?id='+str(course_id)) main = get_renderer('templates/master.pt').implementation() dbsession = DBSession() section = dbsession.query(Section).filter(Section.id == course_id).first() tests = dbsession.query(Test).filter(Test.course == course_id).all() #load all tests for test in tests: test.edit = "edit_test?id="+str(test.id) taken_tests = dbsession.query(TakenTest).filter(TakenTest.test_id == test.id).all() ungraded = False for taken_test in taken_tests: if taken_test.has_ungraded: ungraded = True test.url = "ungraded_tests?id="+str(test.id) if ungraded: taken_tests = dbsession.query(TakenTest).filter(TakenTest.test_id == test.id).all() ungraded_tests = 0 for taken_test in taken_tests: if taken_test.has_ungraded: ungraded_tests +=1 test.ungraded_tests = ungraded_tests else: test.ungraded_tests = 0 #for t in tests: #if 'url' not in dir(t): #tests.remove(t) #this can never happen - see line 400. Tests, therefore, are incapable of covering it old_tests = [] current_tests = [] upcoming_tests = [] for test in tests: if (test.start_time - datetime.datetime.now()) > (datetime.timedelta(0)): upcoming_tests.append(test) elif (test.end_time - datetime.datetime.now()) < (datetime.timedelta(0)): old_tests.append(test) else: current_tests.append(test) messages = [] messages.append("Course: "+section.course_name) instructors = section.instructor.split('%&') m = "Instructor(s): " + instructors[0] i = 1 while i < len(instructors): m += ', ' + instructors[i] i += 1 messages.append(m) if len(tests) > 0: messages.append('There are ungraded tests in the following tests.') else: messages.append('There are no tests to grade.') link = ('/create_test?id='+str(section.id), 'Create A New Test') return {'old_tests':old_tests, 'current_tests':current_tests,'upcoming_tests':upcoming_tests, 'messages':messages, 'link':link, 'main': main}
def event_processor(event, hint): # type: (Dict[str, Any], Dict[str, Any]) -> Dict[str, Any] request = weak_request() if request is None: return event try: if integration.transaction_style == "route_name": event["transaction"] = request.matched_route.name elif integration.transaction_style == "route_pattern": event["transaction"] = request.matched_route.pattern except Exception: pass with capture_internal_exceptions(): PyramidRequestExtractor(request).extract_into_event(event) if _should_send_default_pii(): with capture_internal_exceptions(): user_info = event.setdefault("user", {}) user_info["id"] = authenticated_userid(request) return event
def view(self): """Show a single post.""" post = self.resource req = self.request if has_permission('edit', post, req): edit_url = req.resource_url(post, 'edit') else: edit_url = None if has_permission('delete', post, req): delete_url = req.resource_url(post, 'delete') else: delete_url = None return dict( post=post, edit_url=edit_url, delete_url=delete_url, journal_url=self.journal_url, logged_in=authenticated_userid(req), )
def view_page(request): pagename = request.matchdict['pagename'] page = DBSession.query(Page).filter_by(name=pagename).first() if page is None: return HTTPNotFound('No such page') def check(match): word = match.group(1) exists = DBSession.query(Page).filter_by(name=word).all() if exists: view_url = request.route_url('view_page', pagename=word) return '<a href="%s">%s</a>' % (view_url, word) else: add_url = request.route_url('add_page', pagename=word) return '<a href="%s">%s</a>' % (add_url, word) content = publish_parts(page.data, writer_name='html')['html_body'] content = wikiwords.sub(check, content) edit_url = request.route_url('edit_page', pagename=pagename) return dict(page=page, content=content, edit_url=edit_url, logged_in=authenticated_userid(request))
def forbidden_view(request): """ The forbidden view : * handles the redirection to login form * return a json dict in case of xhr requests :param obj request: The pyramid request object """ log.debug("We are in a forbidden view") login = authenticated_userid(request) if login: log.warn(u"An access has been forbidden to '{0}'".format(login)) if request.is_xhr: return_datas = HTTPForbidden() else: bootstrap.need() return_datas = { "title": u"Accès refusé", } else: log.debug(u"An access has been forbidden to an unauthenticated user") # redirecting to the login page with the current path as param nextpage = request.path # If it's an api call, we raise HTTPUnauthorized if nextpage.startswith('/api'): return_datas = HTTPUnauthorized() else: loc = request.route_url('login', _query=(('nextpage', nextpage), )) if request.is_xhr: return_datas = dict(redirect=loc) else: return_datas = HTTPFound(location=loc) return return_datas
def display_users_landing(request): """ Display a list of all the users """ page_renderer = get_renderer("../templates/user_landing.pt") body = page_renderer.implementation().macros['body'] SCRIPTS = getCommonScripts() + [ "modals/modal.js", "modals/user_modal.js", "pages/users.js", ] ampy = initAmpy(request) if ampy is None: print("Error starting ampy during item request") return None users = ampy.get_users() banopts = getBannerOptions(request) # TODO enforce username policy so this isn't required? #for user in users: # user["urlname"] = escapeURIComponent(user["username"]) return { "title": "AMP Measurement Users", "body": body, "scripts": SCRIPTS, "styles": ["bootstrap.min.css"], "users": users, "gtag": getGATrackingID(request), "show_dash": banopts['showdash'], "show_matrix": banopts['showmatrix'], "show_config": has_permission("viewconfig", request.context, request), "show_users": has_permission("editusers", request.context, request), "logged_in": authenticated_userid(request), "bannertitle": banopts['title'], }
def upload_file(request): """ POSTing a file upload is very different than any other endpoint in assembl API because all of the content will be passed in using a MULTIPART_HEADER, with all of data as well as the file (along with its metadata) """ # Testing purposes on front-end # raise Exception("Upload file exception occured!") db = Document.default_db ctx = request.context user_id = authenticated_userid(request) or Everyone discusison_id = ctx.get_discussion_id() discussion = Discussion.get(discusison_id) permissions = get_permissions(user_id, discusison_id) mime = request.POST['mime_type'] file_name = request.POST['name'] with request.POST['file'].file as f: data = f.read() # Check if the file has previously existed, if so, change the name by appending "(n)" # to it's name try: blob = File(discussion=discussion, mime_type=mime, title=file_name, data=data) db.add(blob) db.flush() except: raise HTTPServerError view = 'default' return blob.generic_json(view, user_id, permissions)
def tests_modify(request): if 'num-games' in request.POST: run = request.rundb.get_run(request.POST['run']) before = copy.deepcopy(run) if not can_modify_run(request, run): request.session.flash('Unable to modify another users run!') return HTTPFound(location=request.route_url('tests')) existing_games = 0 for chunk in run['tasks']: existing_games += chunk['num_games'] num_games = int(request.POST['num-games']) if num_games > run['args']['num_games'] and not ( 'sprt' in run['args'] or 'spsa' in run['args']): request.session.flash( 'Unable to modify number of games in a fixed game test!') return HTTPFound(location=request.route_url('tests')) if num_games > existing_games: # Create new chunks for the games new_chunks = request.rundb.generate_tasks(num_games - existing_games) run['tasks'] += new_chunks run['finished'] = False run['args']['num_games'] = num_games run['args']['priority'] = int(request.POST['priority']) run['args']['throughput'] = int(request.POST['throughput']) request.rundb.buffer(run, True) request.rundb.task_time = 0 request.actiondb.modify_run(authenticated_userid(request), before, run) cached_flash(request, 'Run successfully modified!') return HTTPFound(location=request.route_url('tests'))
def inject_globals(event): """Injects global variables into every template after the view is processed but before the template is rendered.""" # request is available in every template, and we can just pull it # in like so... request = event['request'] settings = request.registry.settings # ... and then set a couple global variables that will be available # in every template, so we don't have to pass them through the # dict returned by the view every time! event['title'] = settings['tahrir.title'] event['base_url'] = settings['tahrir.base_url'] event['theme_name'] = settings.get('tahrir.theme_name', 'tahrir') event['tahrir_version'] = get_distribution('tahrir').version event['tahrir_api_version'] = get_distribution('tahrir-api').version event['logged_in'] = authenticated_userid(request) person = request.db.get_person(event['logged_in']) event['logged_in_person'] = person event['footer'] = tahrir.views.load_docs(request, 'footer') event['twitter'] = asbool(settings.get('tahrir.social.twitter')) event['twitter_user_text'] = settings.get( 'tahrir.social.twitter_user_text') event['twitter_user_hash'] = settings.get( 'tahrir.social.twitter_user_hash') event['gplus'] = asbool(settings.get('tahrir.social.gplus')) event['auth_principals'] = effective_principals(request) # Cause jquery.js to be injected into the page. tw2.jquery.jquery_js.display()
def forbidden_view(context, request): user = authenticated_userid(request) if user is not None: try: reason = context.explanation except AttributeError: reason = 'unknown' logger.debug("User %s tripped Forbidden view, request %s, " "reason %s" % (str(user), str(request), str(reason))) mmode = request.db.settings.find_one({'key': 'maintenance_mode'}) if (mmode is not None) and mmode.get('value', False): msg = request.db.settings.find_one({'key': 'maintenance_message'}) if msg is not None: msg = msg['value'] response = Response( render('templates/maintenance.jinja2', { 'request': request, 'maintenance_msg': msg })) request.session.delete() response.status_int = 200 else: response = Response( render('templates/forbidden.jinja2', {'request': request})) response.status_int = 403 return response if user is None and (request.is_xhr or request.headers.get('content-type') == 'application/json'): response = Response( render('templates/forbidden.jinja2', {'request': request})) response.status_int = 403 return response logger.debug("No user and forbidden access! --> redirect to login") loginurl = request.route_url('login', _query=(('next', request.path), )) return HTTPFound(location=loginurl)
def office_edit(request): try: account_id = long(request.session['aid']) user_id = long(request.session['uid']) account = DBSession.query(Account).filter_by(id=account_id).first() user = DBSession.query(User).filter_by(id=user_id).first() if user is None or account is None or user.is_administrator == False: return HTTPFound(request.application_url) office_id = request.matchdict['office_id'] if request.method == "POST": name = request.params["name"].lower() off = DBSession.query(Office).filter_by( account_id=long(request.session['aid'])).filter_by( name=name).first() if off is None or str(off.id) == office_id: benefits_and_bonus = long(request.params["benefits_and_bonus"]) DBSession.query(Office).filter_by(id=office_id).filter_by( account_id=account_id).update({ 'name': name, 'benefits_and_bonus': benefits_and_bonus }) DBSession.flush() return HTTPFound(request.application_url + "/administration/company") office = DBSession.query(Office).filter_by(id=office_id).first() return dict(logged_in=authenticated_userid(request), header=Header("administration"), office=office, user=user) except: return HTTPFound(request.application_url)
def handle_submit(self, converted): context = self.context request = self.request objectEventNotify(ObjectWillBeModifiedEvent(context)) workflow = self.workflow if workflow is not None: if 'security_state' in converted: workflow.transition_to_state(context, request, converted['security_state']) context.title = converted['title'] context.description = converted['description'] context.text = converted['text'] context.modified_by = authenticated_userid(request) # NB: this is an edit form, so tags are added immediately via # AJAX; we needn't deal with setting them in the form post tools_present = [None] available_tools = self.available_tools for info in available_tools: component = info['component'] tool_name = info['name'] tools_present.append(tool_name) present = component.is_present(context, request) if (not present) and tool_name in converted['tools']: component.add(context, request) if present and (tool_name not in converted['tools']): component.remove(context, request) tools_present.remove(tool_name) if converted['default_tool'] in tools_present: context.default_tool = converted['default_tool'] elif not (context.default_tool in tools_present): context.default_tool = None context.sendalert_default = converted['sendalert_default'] # *modified* event objectEventNotify(ObjectModifiedEvent(context)) location = resource_url(context, request) return HTTPFound(location=location)
def post(self): request = self.request company = authenticated_userid(request) form = validate_form(PlanCreateForm, request) plan_type = form.data['plan_type'] amount = form.data['amount'] frequency = form.data['frequency'] interval = form.data['interval'] if interval is None: interval = 1 # TODO: make sure user cannot create a post to a deleted company model = request.model_factory.create_plan_model() with db_transaction.manager: plan = model.create( company=company, plan_type=plan_type, amount=amount, frequency=frequency, interval=interval, ) return plan
def handle_submit(self, converted): context = self.context request = self.request workflow = self.workflow name = make_unique_name(context, converted['title']) creator = authenticated_userid(request) topic = create_content( IForumTopic, converted['title'], converted['text'], creator, ) topic.description = extract_description(converted['text']) context[name] = topic # Set up workflow if workflow is not None: workflow.initialize(topic) if 'security_state' in converted: workflow.transition_to_state(topic, request, converted['security_state']) # send the temp images to their final place relocate_temp_images(topic, request) # Tags and attachments set_tags(topic, request, converted['tags']) if support_attachments(topic): upload_attachments(converted['attachments'], topic['attachments'], creator, request) location = resource_url(topic, request) return HTTPFound(location=location)
def forbidden(request): logging.info("Going into forbidden") m = re.match("^/?(ajax|api).*$", request.path) if m is not None: '''we're trying to hit an api or ajax query without authentication''' logging.warn( "Someone tried to hit an ajax/api without authentication. Route: {route}" .format(route=request.path)) return Response("{'status':'Forbidden'}") userid = authenticated_userid(request) if userid: logging.info("User exists but some other problem occured, FORBIDDEN.") group = groupfinder(userid, request) logging.info("User {user} access level {access}".format(user=userid, access=group)) return ("") if groupfinder(None, request) is None: request.session['goingto'] = request.path logging.info("Should be shunting to login page") loc = request.route_url('velruse.google-login', _query=(('next', request.path), )) return exc.HTTPFound(location=loc)
def maybe_merge(backend, details, user=None, other_users=None, *args, **kwargs): # If we do not already have a user, see if we're in a situation # where we're adding an account to an existing user, and maybe # even merging request = backend.strategy.request adding_account = request.session.get("add_account", None) if adding_account is not None: del request.session["add_account"] # current discussion and next? logged_in = authenticated_userid(request) if logged_in: logged_in = User.get(logged_in) if adding_account: if user and user != logged_in: # logged_in presumably newer? logged_in.merge(user) logged_in.db.delete(user) logged_in.db.flush() user = logged_in else: forget(request) user = None logged_in = None if other_users: if not user: user = other_users.pop(0) # Merge other accounts with same verified email for profile in other_users: user.merge(profile) profile.delete() return {"user": user}
def project_new_grid(request): _ = request.translate user_id = authenticated_userid(request) user = DBSession.query(User).get(user_id) try: project = Project(_(u'Untitled project'), user) DBSession.add(project) DBSession.flush() tile_size = int(request.params['tile_size']) geometry = request.params['geometry'] geoms = parse_geojson(geometry) multipolygon = convert_to_multipolygon(geoms) geometry = shape.from_shape(multipolygon, 4326) geom_3857 = DBSession.execute(ST_Transform(geometry, 3857)).scalar() geom_3857 = shape.to_shape(geom_3857) zoom = get_zoom_for_tile_size(geom_3857, tile_size) project.area = Area(geometry) project.auto_fill(zoom) request.session.flash( _("Project #${project_id} created successfully", mapping={'project_id': project.id}), 'success') return HTTPFound( location=route_path('project_edit', request, project=project.id)) except Exception, e: msg = _("Sorry, could not create the project. <br />%s") % e.message request.session.flash(msg, 'alert') raise HTTPFound(location=route_path('project_new', request))
def ideas_main(request): hitpct = Idea.ideas_bunch(Idea.hit_percentage.desc()) top = Idea.ideas_bunch(Idea.hits.desc()) bottom = Idea.ideas_bunch(Idea.misses.desc()) last10 = Idea.ideas_bunch(Idea.idea_id.desc()) toplists = [ {'title': 'Latest shots', 'items': last10}, {'title': 'Most hits', 'items': top}, {'title': 'Most misses', 'items': bottom}, {'title': 'Best performance', 'items': hitpct}, ] login_form = login_form_view(request) return { 'title': 'ideas', 'username': authenticated_userid(request), 'toolbar': toolbar_view(request), 'cloud': cloud_view(request), 'latest': latest_view(request), 'login_form': login_form, 'toplists': toplists, }
def update_(request): 'Update account' params = request.params if params.get('token') != request.session.get_csrf_token(): return dict(isOk=0, message='Invalid session token') userID = authenticated_userid(request) # If the user is trying to update account information, send confirmation email if 'username' in params: return save_user_(request, dict(params), 'update', db.query(User).get(userID)) # Make sure the smsAddressID belongs to the user smsAddressID = params.get('smsAddressID') smsAddress = db.query( SMSAddress).filter((SMSAddress.id == smsAddressID) & (SMSAddress.user_id == userID)).first() if not smsAddress: return dict( isOk=0, message='Could not find smsAddressID=%s corresponding to userID=%s' % (smsAddressID, userID)) # Load smsAddressAction = params.get('smsAddressAction') # If the user is activating an SMS address, if 'activate' == smsAddressAction: smsAddress.is_active = True return dict(isOk=1, is_active=smsAddress.is_active) # If the user is deactivating an SMS address, if 'deactivate' == smsAddressAction: smsAddress.is_active = False return dict(isOk=1, is_active=smsAddress.is_active) # If the user is removing an SMS address, elif 'remove' == smsAddressAction: db.delete(smsAddress) return dict(isOk=1) # If the command is not recognized, return dict(isOk=0, message='Command not recognized')
def project_message_all(request): _ = request.translate ngettext = request.plural_translate if not request.POST.get('message', None) or \ not request.POST.get('subject', None): return { 'error': True, 'error_msg': _('A subject and message are required.') } id = request.matchdict['project'] project = DBSession.query(Project).get(id) user_id = authenticated_userid(request) user = DBSession.query(User).get(user_id) recipients = get_contributors(project) subject = _('Project #') + str(id) + ': ' + request.POST['subject'] for recipient in recipients: userid = username_to_userid(recipient) to = DBSession.query(User).get(userid) send_message(subject, user, to, request.POST['message']) DBSession.flush() num = len(recipients) if num == 0: msg = _('No users to message.') else: msg = ngettext( 'Message sent to ${num} user.', 'Message sent to ${num} users.', num, mapping={'num': num}) return dict(success=True, msg=msg)
def handle_submit(self, converted): request = self.request context = self.context ordering = getattr(context, 'ordering', None) if ordering is not None: ordering.sync(context.keys()) creator = authenticated_userid(request) reference_object = create_content(self.content_iface, converted['title'], converted['description'], creator, ) name = make_unique_name(context, converted['title']) context[name] = reference_object if ordering is not None: ordering.add(name) # save the tags set_tags(reference_object, request, converted['tags']) location = resource_url(reference_object, request) return HTTPFound(location=location)
def handle_submit(self, converted): request = self.request context = self.context workflow = self.workflow forum = create_content( IForum, converted['title'], converted['description'], authenticated_userid(request), ) name = make_unique_name(context, converted['title']) context[name] = forum # Set up workflow if workflow is not None: workflow.initialize(forum) if 'security_state' in converted: workflow.transition_to_state(forum, request, converted['security_state']) location = resource_url(forum, request) return HTTPFound(location=location)
def get_feeds(request): user_name = request.matchdict['user'] logged_in = authenticated_userid(request) if user_name != logged_in: return HTTPForbidden() user = User.get_by_screen_name(user_name) feeds = Feed.get_by_userid(user.id) feed_list = [] for feed in feeds: feed_dict = { 'name': feed.name, 'feed_uri': request.route_url('view_feed', user=user_name, feedname=feed.name), 'delete_uri': request.route_url('delete_feed', user=user_name, feedname=feed.name) } feed_list.append(feed_dict) return feed_list
def display_mesh_landing(request): """ Display a list of all the available meshes """ page_renderer = get_renderer("../templates/mesh_landing.pt") body = page_renderer.implementation().macros['body'] SCRIPTS = getCommonScripts() + [ "modals/modal.js", "modals/iteminfo_modal.js", ] ampy = initAmpy(request) if ampy is None: print("Error starting ampy during item request") return None meshes = ampy.get_meshes(None) banopts = getBannerOptions(request) for mesh in meshes: mesh["urlname"] = escapeURIComponent(mesh["ampname"]) return { "title": "AMP Measurement Meshes", "body": body, "scripts": SCRIPTS, "styles": ["bootstrap.min.css"], "meshes": meshes, "gtag": getGATrackingID(request), "show_dash": banopts['showdash'], "show_matrix": banopts['showmatrix'], "can_edit": has_permission("editconfig", request.context, request), "show_config": has_permission("viewconfig", request.context, request), "show_users": has_permission("editusers", request.context, request), "logged_in": authenticated_userid(request), "bannertitle": banopts['title'], }
def handle_submit(self, converted): context = self.context request = self.request parent = context.__parent__ creator = authenticated_userid(request) comment = create_content( IComment, 'Re: %s' % parent.title, converted['add_comment'], extract_description(converted['add_comment']), creator, ) next_id = parent['comments'].next_id parent['comments'][next_id] = comment workflow = get_workflow(IComment, 'security', context) if workflow is not None: workflow.initialize(comment) if 'security_state' in converted: workflow.transition_to_state(comment, request, converted['security_state']) if support_attachments(comment): upload_attachments(converted['attachments'], comment, creator, request) relocate_temp_images(comment, request) blogentry = find_interface(context, IBlogEntry) if converted.get('sendalert'): alerts = queryUtility(IAlerts, default=Alerts()) alerts.emit(comment, request) location = resource_url(parent, request) msg = 'Comment added' location = '%s?status_message=%s' % (location, urllib.quote(msg)) self.filestore.clear() return HTTPFound(location=location)
def login(request): """View to process login credentials and remember the user. This method provides a pyramid view that uses the repoze.who API to authenticate any submitted credentials, then redirects to whatever page the user was trying to view. You can use it as a convenient redirection point for plugins that need to submit credentials via POST, or as the target for a custom login form. """ came_from = request.params.get("came_from", request.referer or "/") # Try to authenticate, either via standard plugin auth # or by using the request parameters at the identity. userid = security.authenticated_userid(request) if userid is not None: headers = security.remember(request, userid) else: api = get_api(request) userid, headers = api.login(dict(request.params)) # If that worked, send them back to where they came from. if userid is not None: return HTTPFound(location=came_from, headers=headers) # If not, trigger the usual forbidden view. # In theory this should eventually post back to us again. raise HTTPForbidden()
def project_invalidate_all(request): _ = request.translate # If user has not entered a comment, return error if not request.POST.get('comment', None): return {'error': True, 'error_msg': _('A comment is required.')} challenge_id = request.POST.get('challenge_id', None) if not passes_project_id_challenge(challenge_id, request.matchdict['project']): return { 'error': True, 'error_msg': _('Please type the project id in the box to confirm') } id = request.matchdict['project'] project = DBSession.query(Project).get(id) user_id = authenticated_userid(request) user = DBSession.query(User).get(user_id) tasks = project.tasks tasks_affected = 0 for task in tasks: if task.cur_state.state == TaskState.state_done: tasks_affected += 1 task.user = None task.states.append( TaskState(user=user, state=TaskState.state_invalidated)) task.locks.append(TaskLock(user=None, lock=False)) add_comment(request, task, user) DBSession.add(task) if tasks_affected == 0: msg = _('No done tasks to invalidate.') else: msg = _('%d tasks invalidated' % tasks_affected) DBSession.flush() return dict(success=True, msg=msg)
def idea_vote(request): post_data = request.POST target = post_data.get('target') session = DBSession() idea = Idea.get_by_id(target, with_joinedload=False) voter_username = authenticated_userid(request) voter = User.get_by_username(voter_username) redirect_url = route_url('idea', request, idea_id=idea.idea_id) response = HTTPMovedPermanently(location=redirect_url) if voter.user_id == idea.author_id: request.session.flash(u'You cannot vote on your own ideas.') return response if post_data.get('form.vote_hit'): idea.vote(voter, True) elif post_data.get('form.vote_miss'): idea.vote(voter, False) session.flush() return response
def discussion_list_view(request): request.session.pop('discussion') user_id = authenticated_userid(request) or Everyone user = None if user_id != Everyone: user = User.get(user_id) roles = get_roles(user_id) context = get_default_context(request) context['discussions'] = [] # Show even anonymous users every discussion one has access to if # authenticated, so they can login and read them discussions = discussions_with_access(Authenticated if user_id == Everyone else user_id) for discussion in discussions: discussionFrontendUrls = FrontendUrls(discussion) discussion_context = { 'topic': discussion.topic, 'slug': discussion.slug, 'url': discussionFrontendUrls.get_discussion_url() } if user_has_permission(discussion.id, user_id, P_ADMIN_DISC): discussion_context[ 'admin_url'] = discussionFrontendUrls.get_discussion_edition_url( ) discussion_context['permissions_url'] = request.route_url( 'discussion_permissions', discussion_id=discussion.id) context['discussions'].append(discussion_context) if R_SYSADMIN in roles: context['discussions_admin_url'] = request.route_url( 'discussion_admin') context['permissions_admin_url'] = request.route_url( 'general_permissions') context['preferences_admin_url'] = request.route_url( 'admin_global_preferences') context['user'] = user return context
def get_token(request): user_id = authenticated_userid(request) if not user_id: raise HTTPUnauthorized() discussion_id = request.context.get_discussion_id() permissions = request.GET.getall('permission') or [ P_READ, P_READ_PUBLIC_CIF ] if P_READ in permissions: permissions.append(P_READ_PUBLIC_CIF) permissions = list(set(permissions)) random_seed = request.GET.get('seed', None) # TODO: Rewrite that crap so randomness is internal, # give a pair of tokens. if random_seed: # We need some determinism random.seed(random_seed) random_str = ''.join([chr(random.randint(0, 256)) for i in range(8)]) # Restore normal randomness random.seed(urandom(8)) else: random_str = urandom(8) data = permission_token(user_id, discussion_id, permissions, random_str) return Response(body=data, content_type="text/text")
def configure_twofactor_view(context, request): page_title = "Profile: %s" % context.title api = TemplateAPI(context, request, page_title) tf = TwoFactor(context, request) if (not tf.enabled or not tf.phone_factor_enabled or not authenticated_userid(request) == context.__name__): return HTTPFound(request.resource_url(context)) form = 'number' number = '' if request.method == 'POST': number = request.POST.get('phonenumber', '') if 'form.verifyemail.submitted' in request.POST: number = ''.join(n for n in number if n in string.digits) if len(number) == 10: context.two_factor_phone = number code = context._two_factor_verify_code = make_random_code(6) msg = "%s phone verification code: %s" % (get_setting( context, 'title'), code) tf.send_text_to_number(number, msg) api.set_status_message( 'Verification code sent to phone number: %s' % number) form = 'verify' else: api.set_status_message('Invalid phone number') elif 'form.verifycode.submitted' in request.POST: form = 'verify' code = request.POST['code'] if code == context._two_factor_verify_code: context._two_factor_verify_code = '' context.two_factor_verified = True form = 'success' else: api.set_status_message('Invalid verification code') return dict(api=api, form=form, number=number, context=context)