def add_new_post(request):
succ = False
#if not authenticated_userid(request):
# request.session.flash({
# 'class' : 'warning',
# 'text' : 'Войдите чтобы увидеть эту страницу'
# })
# return HTTPSeeOther(location=request.route_url('login'))
if not request.POST:
return HTTPSeeOther(location=request.route_url('home'))
else:
csrf = request.POST.get('csrf', '')
message = request.POST.get('userpost', None)
ppage = request.POST.get('ppage', None)
aid = request.POST.get('aid', None)
captcha = request.POST.get('g-recaptcha-response', None)
if authenticated_userid(request):
username = authenticated_userid(request)
if message and csrf == request.session.get_csrf_token() and ppage:
newpost = Post(date = datetime.datetime.now(), page=ppage, name=username, ip=request.remote_addr, post=message, articleid=aid )
DBSession.add(newpost)
else:
username = request.POST.get('username', None)
resp = urlopen("https://www.google.com/recaptcha/api/siteverify?secret={0}&response={1}".format("6Lf5AP8SAAAAAHKklOunO0NxX3UOBiFNZPYJslId", captcha))
captcharesp = json.loads(resp.read().decode("utf-8"))
if captcharesp.get('success') is True:
if message and csrf == request.session.get_csrf_token() and ppage:
newpost = Post(date = datetime.datetime.now(), page=ppage, name=username, ip=request.remote_addr, post=message )
DBSession.add(newpost)
return HTTPSeeOther(location=request.referrer)
def add_article(request):
if not authenticated_userid(request):
# add error message processing in the template
request.session.flash({
'class' : 'warning',
'text' : 'Войдите чтобы увидеть эту страницу'
})
return HTTPSeeOther(location=request.route_url('login'))
if not request.POST:
tpldef = {}
article_series = set([s.series for s in DBSession.query(Article).all()])
tpldef.update({'authuser':authenticated_userid(request), 'auth':True, 'article_status':article_status, 'article_series':article_series, 'pagename':'Новая статья'})
return tpldef
else:
csrf = request.POST.get('csrf', '')
if csrf == request.session.get_csrf_token():
art_name = request.POST.get('inputMainname', None)
art_uppername = art_name
art_kwords = request.POST.get('inputKeywords', None)
art_descr = request.POST.get('inputDescr', None)
art_text = request.POST.get('inputArticle', None)
art_url = request.POST.get('inputURL', None)
art_leftbr = request.POST.get('inputLeftBracket', None)
art_rightbr = request.POST.get('inputRightBracket', None)
art_sep = request.POST.get('inputSep', None)
art_prevtext = request.POST.get('inputPrevText', None)
art_prevpict = request.POST.get('inputPrevPict', None)
newarticle = Article(art_name, art_uppername, art_kwords, art_url, art_text, art_descr, datetime.datetime.now(), authenticated_userid(request), art_sep, art_rightbr, art_leftbr, art_prevtext, art_prevpict)
DBSession.add(newarticle)
# new article added here
return HTTPSeeOther(location=request.route_url('main'))
def my_view(request):
userid=authenticated_userid(request)
if userid:
email, nick = split_remembering(userid)
return {'project': 'MyProject', 'login': authenticated_userid(request), 'name':nick, 'email':email}
else:
return HTTPFound(location = request.route_url('login'))
def add_robot(request):
message = ""
if "form.submitted" in request.params:
number = request.params["number"]
wheels = request.params["wheels"]
gearbox = request.params["gearbox"]
drive_motors = request.params["drive_motors"]
description = request.params["description"]
shooter = "shooter" in request.params
climb = "climb" in request.params
human_loading = "human_loading" in request.params
ground_loading = "ground_loading" in request.params
scout = request.params["scout"]
robot = Robot(
number=number,
wheels=wheels,
gearbox=gearbox,
description=description,
shooter=shooter,
climb=climb,
human_loading=human_loading,
scout=scout,
ground_loading=ground_loading,
is_scouted=True,
)
message = "A robot with that number allready exists"
if DBSession.query(Robot).filter_by(number=number).first() is not None:
return dict(robot=robot, message=message)
DBSession.add(robot)
robot = Robot()
message = "Robot number {0} has been added".format(number)
return dict(robot=robot, message=message, logged_in=authenticated_userid(request))
robot = Robot()
return dict(robot=robot, message=message, logged_in=authenticated_userid(request))
def view_page(request):
all_posts = []
pagename = request.matchdict['pagename']
page = DBSession.query(Page).filter_by(name=pagename).first()
if page is None:
return HTTPNotFound('No such page')
editor = has_permission('edit',RootFactory,request)
def check(match):
word = match.group(1)
exists = DBSession.query(Page).filter_by(name=word).all()
if exists:
view_url = request.route_url('view_page', pagename=word)
return '<a href="%s">%s</a>' % (view_url, word)
else:
add_url = request.route_url('add_page', pagename=word)
return '<a href="%s">%s</a>' % (add_url, word)
content = publish_parts(page.data, writer_name='html')['html_body']
content = wikiwords.sub(check, content)
edit_url = request.route_url('edit_page', pagename=pagename)
delete_post_url = request.route_url('delete_post', pagename=pagename)
if 'form.submitted' in request.params:
DBSession.add(Posts(authenticated_userid(request), pagename, request.params['message'], datetime.now()))
for post in DBSession.query(Posts).filter_by(page_name=pagename):
all_posts.append(post)
return dict(page=page, content=content, all_posts=all_posts, edit_url=edit_url, delete_post_url=delete_post_url, editor = editor,
logged_in=authenticated_userid(request))
def view_index(request):
"""
View associated with the home page of the app.
"""
main = get_renderer('templates/master.pt').implementation()
if authenticated_userid(request) == None or 'user' not in request.session.keys():
return HTTPFound(location='/')
if 'current_test' in request.session.keys():
request.session.pop('current_test') #remove current_test from session
userinfo = request.session['user']
messages = []
messages.append("Welcome " + userinfo['name'] + " to pyquiz.")
dbsession = DBSession()
if authenticated_userid(request) == 'teacher':
messages.append('You are currently teaching the following classes:')
if authenticated_userid(request) == 'student':
messages.append('You are currently enrolled in the following classes:')
sections = []
for c in userinfo['courses']:
section = dbsession.query(Section).filter(
Section.course_id == c).first()
if section != None:
sections.append(section)
messages.append('')
# if len(courses) == 0:
# messages[2] == 'You have no classes' ##Depreceated due to SchoolTool integration?
for section in sections:
section.url = 'course?id='+str(section.id)
return {'messages': messages, 'sections': sections, 'main': main}
def view_index(request):
"""
View associated with the home page of the app.
"""
if authenticated_userid(request) == None or 'user' not in request.session.keys():
return HTTPFound(location='/')
if 'current_test' in request.session.keys():
request.session.pop('current_test') #remove current_test from session
userinfo = request.session['user']
messages = []
messages.append("Welcome " + userinfo['name'] + " to pyquiz.")
dbsession = DBSession()
if authenticated_userid(request) == 'teacher':
messages.append('You are currently teaching the following classes:')
if authenticated_userid(request) == 'student':
messages.append('You are currently enrolled in the following classes:')
courses = []
for c in userinfo['courses']:
course = dbsession.query(Course).filter(
Course.course_id == c[0]).first()
if course != None:
courses.append(course)
messages.append('')
if len(courses) == 0:
messages[2] == 'You have no classes'
for course in courses:
course.url = 'course?id='+str(course.id)
return {'messages': messages, 'courses': courses}
def edit_admin(request):
changed = False
all_group_names = []
user_name = authenticated_userid(request)
logged_in = authenticated_userid(request)
home_url = request.route_url('home')
login_url = request.route_url('login')
view_url = request.route_url('view')
alert_url = request.route_url('alert')
admin_url = request.route_url('admin')
add_admin_url = request.route_url('add_admin')
edit_admin_url = request.route_url('edit_admin')
add_streetlight_url = request.route_url('add_streetlight')
logout_url = request.route_url('logout')
delete_admin_url = request.route_url('delete_admin')
alert = DBSession.query(StreetLight).filter(
"voltage > 220.0 or current > 30.0").all()
for group_name in DBSession.query(Group).all():
all_group_names.append(group_name)
if 'form.submitted' in request.params:
password = request.params['password']
user_group = request.params['user_group']
admin = DBSession.query(Admin).filter_by(user_name=user_name).one()
admin.password = password
admin.user_group = user_group
DBSession.flush()
headers = forget(request)
return HTTPFound(location=request.route_url('login'),
headers=headers)
return dict(locals())
def login(request):
login_url = request.route_url('login')
# detectem des de quina URL ve el visitant
referrer = request.url
# retornem l'usuari a la home page si ha vingut directe al login
if referrer == login_url:
referrer = '/' # never use the login form itself as came_from
came_from = request.params.get('came_from', referrer)
user = authenticated_userid(request)
if user:
lloc = came_from.split("/")
message = "Ets %s, i com a tal no pots entrar a %s" % (user,lloc[len(lloc)-1])
else:
message = "Identifica't"
login = ''
password = ''
if 'form.submitted' in request.params:
login = request.params['login']
password = request.params['password']
if comprova_usuari(login,password):
headers = remember(request, login)
return HTTPFound(location = came_from,
headers = headers)
message = 'Failed login'
return dict(
message = message,
url = request.application_url + '/login',
came_from = came_from,
login = login,
password = password,
user = authenticated_userid(request), # afegim usuari autenticat si l'hi ha
)
def edit_robot(request):
message = ""
original_number = request.params["original_number"]
robot = DBSession.query(Robot).filter_by(number=original_number).first()
if "form.submitted" in request.params:
robot.wheels = request.params["wheels"]
robot.gearbox = request.params["gearbox"]
robot.drive_motors = request.params["drive_motors"]
robot.description = request.params["description"]
robot.shooter = "shooter" in request.params
robot.climb_10 = "climb_10" in request.params
robot.climb = "climb" in request.params
robot.human_loading = "human_loading" in request.params
robot.ground_loading = "ground_loading" in request.params
robot.is_scouted = "is_scouted" in request.params
robot.scout = request.params["scout"]
if (
request.params["number"] != original_number
and DBSession.query(Robot).filter_by(number=request.params["number"]).first() is not None
):
message = "Robot number {0} allready exists".format(request.params["number"])
return dict(
robot=robot, original_number=original_number, logged_in=authenticated_userid(request), message=message
)
else:
robot.number = request.params["number"]
DBSession.add(robot)
return HTTPFound(location=request.route_url("view_robot", number=robot.number))
robot.is_scouted = True
return dict(robot=robot, original_number=original_number, logged_in=authenticated_userid(request), message=message)
def pub_remove(request):
loc = get_localizer(request)
if not authenticated_userid(request):
request.session.flash({
'class' : 'warning',
'text' : request.translate(_('Войдите чтобы увидеть эту страницу'))
})
return HTTPSeeOther(location=request.route_url('login'))
else:
pubtype = request.matchdict['pub']
pubid = request.matchdict['id']
if pubtype == 'post':
post = DBSession.query(Post).filter(Post.id==pubid).first()
if post.page == 'discuss':
if post.name == authenticated_userid(request):
DBSession.delete(post)
transaction.commit()
return HTTPSeeOther(location=request.referrer)
else:
DBSession.delete(post)
transaction.commit()
return HTTPSeeOther(location=request.referrer)
elif pubtype == 'article':
article = DBSession.query(Article).filter(Article.id==pubid).first()
#if article.user == authenticated_userid(request):
DBSession.delete(article)
transaction.commit()
#session.flash article deleted
return HTTPSeeOther(location=request.route_url('main'))
return HTTPSeeOther(location=request.referrer)
def public_room(request):
if authenticated_userid(request):
login_flag = 1
user_id = authenticated_userid(request)
_id = ObjectId(user_id)
user_data = user.find_one({"_id":_id})
user_data['_id'] = str(user_data['_id'])
else:
##login_flag = 0
##user_data = {}
##headers = remember(request, 10)
return HTTPFound(location='/login')
if request.POST.get('e_nickname'):
user_id = request.POST.get('e_user_id')
_id = ObjectId(user_id)
nickname = request.POST.get('e_nickname')
textcolor = request.POST.get('e_textcolor')
user.update({"_id":_id},{"$set":{"nickname":nickname,"textcolor":textcolor}})
user_data = user.find_one({"_id":_id})
user_data['_id'] = str(user_data['_id'])
return {'login_flag': login_flag,
'user_data': user_data}
def handle_submit(self, converted):
context = self.context
request = self.request
workflow = self.workflow
# *will be* modified event
objectEventNotify(ObjectWillBeModifiedEvent(context))
if workflow is not None:
if 'security_state' in converted:
workflow.transition_to_state(context, request,
converted['security_state'])
context.title = converted['title']
context.text = converted['text']
context.description = extract_description(converted['text'])
# Save the tags on it
set_tags(context, request, converted['tags'])
# Save new attachments
creator = authenticated_userid(request)
if support_attachments(context):
upload_attachments(converted['attachments'], context['attachments'],
creator, request)
# Modified
context.modified_by = authenticated_userid(request)
objectEventNotify(ObjectModifiedEvent(context))
location = resource_url(context, request,
query={'status_message':'Forum Topic Edited'})
return HTTPFound(location=location)
def prepare_request(event): #{{{
"""Add some additional information to the request object.
"""
request = event.request
request.settings = settings
request.db_session = DBSession
request.userid = authenticated_userid(request)
request.interpretid = authenticated_userid(request)
# request.without_interpret = True
if request.userid is not None:
request.user = request.db_session.query(User).\
filter(User.id == request.userid).\
first()
if request.interpretid is not None:
request.interpret = request.db_session.query(Interpret).filter(Interpret.user_id == request.userid).first()
else:
request.interpret = None
else:
request.user = None
if request.registry and 'mailer' in request.registry:
mailer = request.registry['mailer']
request.mailer = mailer
request.authenticator = Authenticator(request.db_session, request)
def add_user(request):
message = ''
if 'form.submitted' in request.params:
login = request.params['login'].strip()
password_0 = request.params['password_0'].strip()
password_1 = request.params['password_1'].strip()
if login == '':
message = 'Login must have at least one character'
return dict(login=login, message=message,
password_0=password_0, password_1=password_1,
logged_in=authenticated_userid(request))
if DBSession.query(User).filter_by(name=login).first() is not None:
message = 'That login has allready been taken'
return dict(login=login, message=message,
password_0=password_0, password_1=password_1,
logged_in=authenticated_userid(request))
if password_0 != password_1:
message = 'Entered passwords are not identical'
return dict(login=login, message=message,
password_0=password_0, password_1=password_1,
logged_in=authenticated_userid(request))
if len(password_0) < 4:
message = 'Password must be at least 4 characters long'
return dict(login=login, message=message,
logged_in=authenticated_userid(request))
user = User(name=login, password=password_0, permission='unapproved')
DBSession.add(user)
headers = remember(request, login)
return HTTPFound(location = '/',
headers = headers)
return dict(login='', message=message,
logged_in=authenticated_userid(request))
def swordfish(context,request):
logged_in = authenticated_userid(request)
t_path = "../templates/register.pt"
main = get_renderer(t_path).implementation()
if not 'god' in context:
context["god"] = User("god",
hashlib.sha1("eden".encode('UTF-8')).digest(),
777777,
firstName = "Jesus",
lastName = "Christ",
email = "*****@*****.**",
phone = "777-777-7707",
gradYear = 2013,
inductionYear = 0,
isofficer=True,
isadvisor=True)
context["god"].__parent__ = context
return {'red':'',
'main':get_renderer(t_path).implementation(),
'content':'And on the eighth day, Man created God',
'logged_in':authenticated_userid(request),
'name':'Apotheosis Sucessful (:',
'TutText': getTutText(context, view='')}
return {'red':'',
'main':get_renderer(t_path).implementation(),
'content':'You already have a God',
'logged_in':authenticated_userid(request),
'name':'Apotheosis Failed D:',
'TutText': getTutText(context, view='')}
def user(request):
userid = authenticated_userid(request)
if not userid:
request.session.flash('Please login')
return HTTPFound(location=request.route_url('login'))
username = request.matchdict.get('username', userid)
profile = (username == userid)
if not profile and not has_permission('approve_run', request.context, request):
request.session.flash('You cannot inspect users')
return HTTPFound(location=request.route_url('tests'))
user = request.userdb.get_user(username)
if 'user' in request.POST:
if profile:
if len(request.params.get('password')) > 0:
if request.params.get('password') != request.params.get('password2', ''):
request.session.flash('Matching verify password required')
return {'user': user, 'profile': profile}
user['password'] = request.params.get('password')
if len(request.params.get('email')) > 0:
user['email'] = request.params.get('email')
else:
user['blocked'] = ('blocked' in request.POST)
request.actiondb.block_user(authenticated_userid(request), {'user': username, 'blocked': user['blocked']})
request.session.flash(('Blocked' if user['blocked'] else 'Unblocked') + ' user ' + username)
request.userdb.save_user(user)
return HTTPFound(location=request.route_url('tests'))
userc = request.userdb.user_cache.find_one({'username': username})
hours = int(userc['cpu_hours']) if userc is not None else 0
return {'user': user, 'limit': request.userdb.get_machine_limit(username), 'hours': hours, 'profile': profile}
def builder(request):
if authenticated_userid(request):
awarded_assertions = request.db.get_assertions_by_email(
authenticated_userid(request))
else:
awarded_assertions = None
# set came_from so we can get back home after openid auth.
request.session['came_from'] = request.route_url('builder')
# get default creator field
default_creator = None
user = request.db.get_person(person_email=authenticated_userid(request))
if user:
default_creator = user.nickname or user.email
badge_yaml = None
if request.POST:
badge_yaml = generate_badge_yaml(request.POST)
return dict(
auth_principals=effective_principals(request),
awarded_assertions=awarded_assertions,
default_creator=default_creator,
badge_yaml=badge_yaml,
)
def license_add_ws(request):
viewer_username = authenticated_userid(request)
request.session.flash(authenticated_userid(request))
if viewer_username == None:
viewer_username = "******"
#form = Form(request, LicenseSchema)
form = Form(request)
if 'form.submitted' in request.POST:
# request.session.flash("Here comes request.str_POST")
# request.session.flash(request.str_POST)
# request.session.flash("And this is request.POST")
# request.session.flash(request.POST)
my_results_dict = request.str_POST
request.session.flash(my_results_dict.keys())
request.session.flash(my_results_dict['cc_js_want_cc_license'])
request.session.flash(my_results_dict['cc_js_result_uri'])
request.session.flash(my_results_dict['cc_js_result_img'])
request.session.flash(my_results_dict[u'cc_js_result_name'])
# so here is what we need to store:
#the_license = License(
# cc_license = my_results_dict['cc_js_want_cc_license'])
#request.session.flash(
# "license? :" + form.data['cc_js_want_cc_license'])
# request.session.flash("sharing? :" + form.data['cc_js_share'])
# request.session.flash("remixing? :" + form.data['cc_js_remix'])
# request.session.flash("locale :" + form.data['cc_js_jurisdiction'])
# request.session.flash("URI :" + request.POST.cc_js_result_uri)
# request.session.flash("img :" + form.data['cc_js_result_img'])
# request.session.flash("name :" + form.data['cc_js_result_name'])
# if 'form.submitted' in request.POST and not form.validate():
# # form didn't validate
# request.session.flash('form does not validate!')
# request.session.flash(form.data['license_name'])
# request.session.flash(form.data['license_url'])
# if 'form.submitted' in request.POST and form.validate():
# request.session.flash('form validated!')
# license_name = form.data['license_name']
# license = License(
# license_name = form.data['license_name'],
# license_album = form.data['license_album'],
# license_url = form.data['license_url'],
# )
# dbsession.add(license)
# request.session.flash(u'writing to database ...')
# # ToDo: https://redmine.local/issues/5
return {
'viewer_username': viewer_username,
'form': FormRenderer(form)
}
def invitation_claim(request):
""" Action that awards a person a badge after scanning a qrcode. """
settings = request.registry.settings
if request.context.expires_on < datetime.now():
return HTTPGone("That invitation is expired.")
if not authenticated_userid(request):
request.session['came_from'] = request.resource_url(
request.context, 'claim')
return HTTPFound(location=request.route_url('login'))
person = request.db.get_person(person_email=authenticated_userid(request))
# Check to see if the user already has the badge.
if request.context.badge in [a.badge for a in person.assertions]:
# TODO: Flash a message explaining that they already have the badge
return HTTPFound(location=request.route_url('home'))
result = request.db.add_assertion(request.context.badge_id,
person.email,
datetime.now())
# TODO -- return them to a page that auto-exports their badges.
# TODO -- flash and tell them they got the badge
return HTTPFound(location=request.route_url('home'))
def handle_submit(self, converted):
context = self.context
request = self.request
workflow = self.workflow
# *will be* modified event
objectEventNotify(ObjectWillBeModifiedEvent(context))
if 'security_state' in converted:
if workflow is not None:
workflow.transition_to_state(context, request,
converted['security_state'])
context.title = converted['title']
context.text = converted['text']
context.description = extract_description(converted['text'])
# Tags and attachments
set_tags(context, request, converted['tags'])
creator = authenticated_userid(request)
attachments_folder = context['attachments']
upload_attachments(
filter(lambda x: x is not None, converted['attachments']),
attachments_folder,
creator, request)
# modified
context.modified_by = authenticated_userid(request)
objectEventNotify(ObjectModifiedEvent(context))
location = resource_url(context, request)
self.filestore.clear()
return HTTPFound(location=location)
def success(self, appstruct):
super(Done, self).success(appstruct)
if appstruct.get('is_favorite', False):
self.favorite.set(
name=appstruct.get('favorite_name'),
state=self.wizard_state.dump())
self.favorite.save()
source_type = self.wizard_state.get('wizard_source')['source']
if source_type == 'wizard_upload':
inputs = appstruct_to_inputs(self.request, self.wizard_state.get('wizard_literal_inputs', {}))
resource = self.wizard_state.get('wizard_complex_inputs')['identifier']
for url in self.wizard_state.get('wizard_storage')['url']:
inputs.append( (resource, url) )
logger.debug('storage inputs=%s', inputs)
result = execute_process.delay(
userid=authenticated_userid(self.request),
url=self.wps.url,
identifier=self.wizard_state.get('wizard_process')['identifier'],
inputs=inputs, outputs=[])
self.request.registry.notify(JobStarted(self.request, result.id))
else:
result = execute_workflow.delay(
userid=authenticated_userid(self.request),
url=self.request.wps.url,
workflow=self.workflow_description())
self.request.registry.notify(JobStarted(self.request, result.id))
def add_new_post(request):
succ = False
sess = DBSession()
cfg = request.registry.settings
recaptcha_secret = cfg.get('recaptcha.secret', False)
if not request.POST:
return HTTPSeeOther(location=request.route_url('home'))
else:
csrf = request.POST.get('csrf', '')
message = request.POST.get('userpost', None)
ppage = request.POST.get('ppage', None)
aid = request.POST.get('aid', None)
captcha = request.POST.get('g-recaptcha-response', None)
if authenticated_userid(request):
username = authenticated_userid(request)
if message and csrf == request.session.get_csrf_token() and ppage:
newpost = Post(date = datetime.datetime.now(), page=ppage, name=username, ip=request.remote_addr, post=message, articleid=aid )
DBSession.add(newpost)
transaction.commit()
else:
username = request.POST.get('username', None)
resp = urlopen("https://www.google.com/recaptcha/api/siteverify?secret={0}&response={1}".format(recaptcha_secret, captcha))
captcharesp = json.loads(resp.read().decode("utf-8"))
if captcharesp.get('success') is True:
if message and csrf == request.session.get_csrf_token() and ppage:
newpost = Post(date = datetime.datetime.now(), page=ppage, name=username, ip=request.remote_addr, post=message, articleid=aid )
DBSession.add(newpost)
transaction.commit()
return HTTPSeeOther(location=request.referrer)
def group_post(self):
group = Category.objects.with_id(ObjectId(self.request.matchdict['id']))
me = User.by_username(authenticated_userid(self.request))
if not (group and (group.public or group.owner == me or me in group.members)):
raise NotFound
if self.request.method == 'POST':
content = self.request.POST['tx_content'].replace("'", "'").replace("\r\n", "")
post = Post(title=self.request.POST['title'],
content=content,
category=group,
modified=datetime.now(),
author=User.by_username(authenticated_userid(self.request)))
for attach in self.request.POST.getall('tx_attach_image'):
post.images.append(attach)
for attach in self.request.POST.getall('tx_attach_file'):
post.files.append(attach)
post.save(safe=True)
# 내가 새글을 추가한 경우, 나를 제외한 블로그 그룹의 모든 사람에게 알람을 전송한다.
msg = AlarmMessage(me=me, command=AlarmMessage.CMD_BLOG_ADD, post=post)
thread_alarmer.send(msg)
return HTTPFound(location=self.request.route_path('blog_view', id=str(post.id)))
else:
return dict(post=None,
group=group,
save_url=self.request.route_path('group_post', id=self.request.matchdict['id']),
)
def article_view(request):
article_url = request.matchdict.get('url', None)
article = DBSession.query(Article).filter(Article.url==article_url).first()
comments = DBSession.query(Post).filter(Post.page==article_url)
tpldef = {'article':article, 'pagename':article.mainname, 'comments':comments}
if authenticated_userid(request):
tpldef.update({'auth':True, 'authuser':authenticated_userid(request)})
return tpldef
def view_customer(self):
user = DBSession.query(User).filter_by(sales_id = authenticated_userid(self.request)).filter_by(
user_id = int(self.request.matchdict.get('id'))).first()
sales = DBSession.query(User).filter_by(user_id = authenticated_userid(self.request)).first()
if sales.block == False:
return {'fullname': user.first_name +" "+user.last_name, 'phone':user.phone1,
'email':user.email,'location':user.location}
def index(request):
n = 5 # n is the number of items displayed in each column.
if authenticated_userid(request):
awarded_assertions = request.db.get_assertions_by_email(
authenticated_userid(request))
else:
awarded_assertions = None
# set came_from so we can get back home after openid auth.
request.session['came_from'] = request.route_url('home')
persons_assertions = request.db.get_all_assertions().join(
m.Person).filter(
m.Person.opt_out == False)
from collections import defaultdict
top_persons = defaultdict(int) # person: assertion count
for item in persons_assertions:
top_persons[item.person] += 1
top_persons_sorted = sorted(sorted(top_persons,
key=lambda person: person.id),
key=top_persons.get,
reverse=True)
# Limit the sorted top persons to the top 10% and then take
# a random sample of 5 persons from that pool.
num_users_at_top = max(int(len(top_persons_sorted) * 0.1),
min(len(top_persons_sorted), 5))
# This is not actually a sample yet, but it's about to be...
top_persons_sample = top_persons_sorted[:num_users_at_top]
try:
top_persons_sample = random.sample(top_persons_sample, 5)
except ValueError:
# The sample is probably larger than the num of top users,
# so let's just take all the users in the top 10%, in a
# random order.
random.shuffle(top_persons_sample)
# Get latest awards.
latest_awards = persons_assertions.order_by(
sa.desc(m.Assertion.issued_on)).limit(n).all()
# Register our websocket handler callback
if asbool(request.registry.settings['tahrir.use_websockets']):
socket = make_websocket_handler(request.registry.settings)
socket.display()
return dict(
auth_principals=effective_principals(request),
latest_awards=latest_awards,
newest_persons=request.db.get_all_persons().filter(
m.Person.opt_out == False).order_by(
sa.desc(m.Person.created_on)).limit(n).all(),
top_persons=top_persons,
top_persons_sample=top_persons_sample,
awarded_assertions=awarded_assertions,
moksha_socket=get_moksha_socket(request.registry.settings),
)
def leaderboard(request):
""" Render a top users view. """
if authenticated_userid(request):
awarded_assertions = request.db.get_assertions_by_email(
authenticated_userid(request))
else:
awarded_assertions = None
# Get top persons.
persons_assertions = request.db.get_all_assertions().join(m.Person)
from collections import defaultdict
top_persons = defaultdict(int) # person: assertion count
for item in persons_assertions:
top_persons[item.person] += 1
# top_persons and top_persons_sorted contain all persons, ordered
top_persons_sorted = sorted(sorted(top_persons,
key=lambda person: person.id),
key=top_persons.get,
reverse=True)
# Get total user count.
user_count = len(top_persons)
if authenticated_userid(request):
# Get rank.
try:
rank = top_persons_sorted.index(request.db.get_person(
person_email=authenticated_userid(
request))) + 1
except ValueError:
rank = 0
# Get percentile.
try:
percentile = (float(rank) / float(user_count)) * 100
except ZeroDivisionError:
percentile = 0
# Get a list of nearby competetors (5 users above the current
# user and 5 users ranked below).
competitors = top_persons_sorted[max(rank - 3, 0):\
min(rank + 2, len(top_persons_sorted))]
else:
rank = None
percentile = None
competitors = None
return dict(
auth_principals=effective_principals(request),
awarded_assertions=awarded_assertions,
top_persons=top_persons,
top_persons_sorted=top_persons_sorted,
rank=rank,
user_count=user_count,
percentile=percentile,
competitors=competitors,
)
def leaderboard(request):
""" Render a top users view. """
user, awarded_assertions = None, None
if authenticated_userid(request):
user = request.db.get_person(
person_email=authenticated_userid(request))
query = request.db.session.query(
m.Person
).order_by(
m.Person.rank,
m.Person.created_on,
).filter(
m.Person.opt_out == False
)
leaderboard = query.filter(m.Person.rank != None).all()
# Get total user count.
user_count = len(leaderboard)
leaderboard.extend(query.filter(m.Person.rank == None).all())
user_to_rank = request.db._make_leaderboard()
if user:
awarded_assertions = user.assertions
rank = user.rank or 0
idx = rank - 1
# Handle the case of leaderboard[-2:2] which will be [] always.
if idx < 2:
idx = 2
competitors = leaderboard[(idx - 2):(idx + 3)]
try:
percentile = (float(rank) / float(user_count)) * 100
except ZeroDivisionError:
percentile = 0
else:
awarded_assertions = None
rank = None
competitors = None
percentile = None
return dict(
auth_principals=effective_principals(request),
awarded_assertions=awarded_assertions,
top_persons_sorted=leaderboard,
rank=rank,
user_count=user_count,
percentile=percentile,
competitors=competitors,
user_to_rank=user_to_rank,
)
def view_course_teacher(request):
if authenticated_userid(request) == None or 'user' not in request.session.keys():
return HTTPFound(location='/')
if 'current_test' in request.session.keys():
request.session.pop('current_test')
course_id = int(request.GET["id"])
if authenticated_userid(request) == 'student':
return HTTPFound(location='/course?id='+str(course_id))
main = get_renderer('templates/master.pt').implementation()
dbsession = DBSession()
section = dbsession.query(Section).filter(Section.id == course_id).first()
tests = dbsession.query(Test).filter(Test.course == course_id).all() #load all tests
for test in tests:
test.edit = "edit_test?id="+str(test.id)
taken_tests = dbsession.query(TakenTest).filter(TakenTest.test_id == test.id).all()
ungraded = False
for taken_test in taken_tests:
if taken_test.has_ungraded:
ungraded = True
test.url = "ungraded_tests?id="+str(test.id)
if ungraded:
taken_tests = dbsession.query(TakenTest).filter(TakenTest.test_id == test.id).all()
ungraded_tests = 0
for taken_test in taken_tests:
if taken_test.has_ungraded:
ungraded_tests +=1
test.ungraded_tests = ungraded_tests
else:
test.ungraded_tests = 0
#for t in tests:
#if 'url' not in dir(t):
#tests.remove(t) #this can never happen - see line 400. Tests, therefore, are incapable of covering it
old_tests = []
current_tests = []
upcoming_tests = []
for test in tests:
if (test.start_time - datetime.datetime.now()) > (datetime.timedelta(0)):
upcoming_tests.append(test)
elif (test.end_time - datetime.datetime.now()) < (datetime.timedelta(0)):
old_tests.append(test)
else: current_tests.append(test)
messages = []
messages.append("Course: "+section.course_name)
instructors = section.instructor.split('%&')
m = "Instructor(s): " + instructors[0]
i = 1
while i < len(instructors):
m += ', ' + instructors[i]
i += 1
messages.append(m)
if len(tests) > 0:
messages.append('There are ungraded tests in the following tests.')
else: messages.append('There are no tests to grade.')
link = ('/create_test?id='+str(section.id),
'Create A New Test')
return {'old_tests':old_tests, 'current_tests':current_tests,'upcoming_tests':upcoming_tests,
'messages':messages, 'link':link, 'main': main}
def event_processor(event, hint):
# type: (Dict[str, Any], Dict[str, Any]) -> Dict[str, Any]
request = weak_request()
if request is None:
return event
try:
if integration.transaction_style == "route_name":
event["transaction"] = request.matched_route.name
elif integration.transaction_style == "route_pattern":
event["transaction"] = request.matched_route.pattern
except Exception:
pass
with capture_internal_exceptions():
PyramidRequestExtractor(request).extract_into_event(event)
if _should_send_default_pii():
with capture_internal_exceptions():
user_info = event.setdefault("user", {})
user_info["id"] = authenticated_userid(request)
return event
def view(self):
"""Show a single post."""
post = self.resource
req = self.request
if has_permission('edit', post, req):
edit_url = req.resource_url(post, 'edit')
else:
edit_url = None
if has_permission('delete', post, req):
delete_url = req.resource_url(post, 'delete')
else:
delete_url = None
return dict(
post=post,
edit_url=edit_url,
delete_url=delete_url,
journal_url=self.journal_url,
logged_in=authenticated_userid(req),
)
def view_page(request):
pagename = request.matchdict['pagename']
page = DBSession.query(Page).filter_by(name=pagename).first()
if page is None:
return HTTPNotFound('No such page')
def check(match):
word = match.group(1)
exists = DBSession.query(Page).filter_by(name=word).all()
if exists:
view_url = request.route_url('view_page', pagename=word)
return '<a href="%s">%s</a>' % (view_url, word)
else:
add_url = request.route_url('add_page', pagename=word)
return '<a href="%s">%s</a>' % (add_url, word)
content = publish_parts(page.data, writer_name='html')['html_body']
content = wikiwords.sub(check, content)
edit_url = request.route_url('edit_page', pagename=pagename)
return dict(page=page,
content=content,
edit_url=edit_url,
logged_in=authenticated_userid(request))
def forbidden_view(request):
"""
The forbidden view :
* handles the redirection to login form
* return a json dict in case of xhr requests
:param obj request: The pyramid request object
"""
log.debug("We are in a forbidden view")
login = authenticated_userid(request)
if login:
log.warn(u"An access has been forbidden to '{0}'".format(login))
if request.is_xhr:
return_datas = HTTPForbidden()
else:
bootstrap.need()
return_datas = {
"title": u"Accès refusé",
}
else:
log.debug(u"An access has been forbidden to an unauthenticated user")
# redirecting to the login page with the current path as param
nextpage = request.path
# If it's an api call, we raise HTTPUnauthorized
if nextpage.startswith('/api'):
return_datas = HTTPUnauthorized()
else:
loc = request.route_url('login', _query=(('nextpage', nextpage), ))
if request.is_xhr:
return_datas = dict(redirect=loc)
else:
return_datas = HTTPFound(location=loc)
return return_datas
def display_users_landing(request):
""" Display a list of all the users """
page_renderer = get_renderer("../templates/user_landing.pt")
body = page_renderer.implementation().macros['body']
SCRIPTS = getCommonScripts() + [
"modals/modal.js",
"modals/user_modal.js",
"pages/users.js",
]
ampy = initAmpy(request)
if ampy is None:
print("Error starting ampy during item request")
return None
users = ampy.get_users()
banopts = getBannerOptions(request)
# TODO enforce username policy so this isn't required?
#for user in users:
# user["urlname"] = escapeURIComponent(user["username"])
return {
"title": "AMP Measurement Users",
"body": body,
"scripts": SCRIPTS,
"styles": ["bootstrap.min.css"],
"users": users,
"gtag": getGATrackingID(request),
"show_dash": banopts['showdash'],
"show_matrix": banopts['showmatrix'],
"show_config": has_permission("viewconfig", request.context, request),
"show_users": has_permission("editusers", request.context, request),
"logged_in": authenticated_userid(request),
"bannertitle": banopts['title'],
}
def upload_file(request):
"""
POSTing a file upload is very different than any other endpoint in assembl
API because all of the content will be passed in using a MULTIPART_HEADER,
with all of data as well as the file (along with its metadata)
"""
# Testing purposes on front-end
# raise Exception("Upload file exception occured!")
db = Document.default_db
ctx = request.context
user_id = authenticated_userid(request) or Everyone
discusison_id = ctx.get_discussion_id()
discussion = Discussion.get(discusison_id)
permissions = get_permissions(user_id, discusison_id)
mime = request.POST['mime_type']
file_name = request.POST['name']
with request.POST['file'].file as f:
data = f.read()
# Check if the file has previously existed, if so, change the name by appending "(n)"
# to it's name
try:
blob = File(discussion=discussion,
mime_type=mime,
title=file_name,
data=data)
db.add(blob)
db.flush()
except:
raise HTTPServerError
view = 'default'
return blob.generic_json(view, user_id, permissions)
def tests_modify(request):
if 'num-games' in request.POST:
run = request.rundb.get_run(request.POST['run'])
before = copy.deepcopy(run)
if not can_modify_run(request, run):
request.session.flash('Unable to modify another users run!')
return HTTPFound(location=request.route_url('tests'))
existing_games = 0
for chunk in run['tasks']:
existing_games += chunk['num_games']
num_games = int(request.POST['num-games'])
if num_games > run['args']['num_games'] and not (
'sprt' in run['args'] or 'spsa' in run['args']):
request.session.flash(
'Unable to modify number of games in a fixed game test!')
return HTTPFound(location=request.route_url('tests'))
if num_games > existing_games:
# Create new chunks for the games
new_chunks = request.rundb.generate_tasks(num_games -
existing_games)
run['tasks'] += new_chunks
run['finished'] = False
run['args']['num_games'] = num_games
run['args']['priority'] = int(request.POST['priority'])
run['args']['throughput'] = int(request.POST['throughput'])
request.rundb.buffer(run, True)
request.rundb.task_time = 0
request.actiondb.modify_run(authenticated_userid(request), before, run)
cached_flash(request, 'Run successfully modified!')
return HTTPFound(location=request.route_url('tests'))
def inject_globals(event):
"""Injects global variables into every template after the view
is processed but before the template is rendered."""
# request is available in every template, and we can just pull it
# in like so...
request = event['request']
settings = request.registry.settings
# ... and then set a couple global variables that will be available
# in every template, so we don't have to pass them through the
# dict returned by the view every time!
event['title'] = settings['tahrir.title']
event['base_url'] = settings['tahrir.base_url']
event['theme_name'] = settings.get('tahrir.theme_name', 'tahrir')
event['tahrir_version'] = get_distribution('tahrir').version
event['tahrir_api_version'] = get_distribution('tahrir-api').version
event['logged_in'] = authenticated_userid(request)
person = request.db.get_person(event['logged_in'])
event['logged_in_person'] = person
event['footer'] = tahrir.views.load_docs(request, 'footer')
event['twitter'] = asbool(settings.get('tahrir.social.twitter'))
event['twitter_user_text'] = settings.get(
'tahrir.social.twitter_user_text')
event['twitter_user_hash'] = settings.get(
'tahrir.social.twitter_user_hash')
event['gplus'] = asbool(settings.get('tahrir.social.gplus'))
event['auth_principals'] = effective_principals(request)
# Cause jquery.js to be injected into the page.
tw2.jquery.jquery_js.display()
def forbidden_view(context, request):
user = authenticated_userid(request)
if user is not None:
try:
reason = context.explanation
except AttributeError:
reason = 'unknown'
logger.debug("User %s tripped Forbidden view, request %s, "
"reason %s" % (str(user), str(request), str(reason)))
mmode = request.db.settings.find_one({'key': 'maintenance_mode'})
if (mmode is not None) and mmode.get('value', False):
msg = request.db.settings.find_one({'key': 'maintenance_message'})
if msg is not None:
msg = msg['value']
response = Response(
render('templates/maintenance.jinja2', {
'request': request,
'maintenance_msg': msg
}))
request.session.delete()
response.status_int = 200
else:
response = Response(
render('templates/forbidden.jinja2', {'request': request}))
response.status_int = 403
return response
if user is None and (request.is_xhr or request.headers.get('content-type')
== 'application/json'):
response = Response(
render('templates/forbidden.jinja2', {'request': request}))
response.status_int = 403
return response
logger.debug("No user and forbidden access! --> redirect to login")
loginurl = request.route_url('login', _query=(('next', request.path), ))
return HTTPFound(location=loginurl)
def office_edit(request):
try:
account_id = long(request.session['aid'])
user_id = long(request.session['uid'])
account = DBSession.query(Account).filter_by(id=account_id).first()
user = DBSession.query(User).filter_by(id=user_id).first()
if user is None or account is None or user.is_administrator == False:
return HTTPFound(request.application_url)
office_id = request.matchdict['office_id']
if request.method == "POST":
name = request.params["name"].lower()
off = DBSession.query(Office).filter_by(
account_id=long(request.session['aid'])).filter_by(
name=name).first()
if off is None or str(off.id) == office_id:
benefits_and_bonus = long(request.params["benefits_and_bonus"])
DBSession.query(Office).filter_by(id=office_id).filter_by(
account_id=account_id).update({
'name':
name,
'benefits_and_bonus':
benefits_and_bonus
})
DBSession.flush()
return HTTPFound(request.application_url +
"/administration/company")
office = DBSession.query(Office).filter_by(id=office_id).first()
return dict(logged_in=authenticated_userid(request),
header=Header("administration"),
office=office,
user=user)
except:
return HTTPFound(request.application_url)
def handle_submit(self, converted):
context = self.context
request = self.request
objectEventNotify(ObjectWillBeModifiedEvent(context))
workflow = self.workflow
if workflow is not None:
if 'security_state' in converted:
workflow.transition_to_state(context, request,
converted['security_state'])
context.title = converted['title']
context.description = converted['description']
context.text = converted['text']
context.modified_by = authenticated_userid(request)
# NB: this is an edit form, so tags are added immediately via
# AJAX; we needn't deal with setting them in the form post
tools_present = [None]
available_tools = self.available_tools
for info in available_tools:
component = info['component']
tool_name = info['name']
tools_present.append(tool_name)
present = component.is_present(context, request)
if (not present) and tool_name in converted['tools']:
component.add(context, request)
if present and (tool_name not in converted['tools']):
component.remove(context, request)
tools_present.remove(tool_name)
if converted['default_tool'] in tools_present:
context.default_tool = converted['default_tool']
elif not (context.default_tool in tools_present):
context.default_tool = None
context.sendalert_default = converted['sendalert_default']
# *modified* event
objectEventNotify(ObjectModifiedEvent(context))
location = resource_url(context, request)
return HTTPFound(location=location)
def post(self):
request = self.request
company = authenticated_userid(request)
form = validate_form(PlanCreateForm, request)
plan_type = form.data['plan_type']
amount = form.data['amount']
frequency = form.data['frequency']
interval = form.data['interval']
if interval is None:
interval = 1
# TODO: make sure user cannot create a post to a deleted company
model = request.model_factory.create_plan_model()
with db_transaction.manager:
plan = model.create(
company=company,
plan_type=plan_type,
amount=amount,
frequency=frequency,
interval=interval,
)
return plan
def handle_submit(self, converted):
context = self.context
request = self.request
workflow = self.workflow
name = make_unique_name(context, converted['title'])
creator = authenticated_userid(request)
topic = create_content(
IForumTopic,
converted['title'],
converted['text'],
creator,
)
topic.description = extract_description(converted['text'])
context[name] = topic
# Set up workflow
if workflow is not None:
workflow.initialize(topic)
if 'security_state' in converted:
workflow.transition_to_state(topic, request,
converted['security_state'])
# send the temp images to their final place
relocate_temp_images(topic, request)
# Tags and attachments
set_tags(topic, request, converted['tags'])
if support_attachments(topic):
upload_attachments(converted['attachments'], topic['attachments'],
creator, request)
location = resource_url(topic, request)
return HTTPFound(location=location)
def forbidden(request):
logging.info("Going into forbidden")
m = re.match("^/?(ajax|api).*$", request.path)
if m is not None:
'''we're trying to hit an api or ajax query without authentication'''
logging.warn(
"Someone tried to hit an ajax/api without authentication. Route: {route}"
.format(route=request.path))
return Response("{'status':'Forbidden'}")
userid = authenticated_userid(request)
if userid:
logging.info("User exists but some other problem occured, FORBIDDEN.")
group = groupfinder(userid, request)
logging.info("User {user} access level {access}".format(user=userid,
access=group))
return ("")
if groupfinder(None, request) is None:
request.session['goingto'] = request.path
logging.info("Should be shunting to login page")
loc = request.route_url('velruse.google-login',
_query=(('next', request.path), ))
return exc.HTTPFound(location=loc)
def maybe_merge(backend,
details,
user=None,
other_users=None,
*args,
**kwargs):
# If we do not already have a user, see if we're in a situation
# where we're adding an account to an existing user, and maybe
# even merging
request = backend.strategy.request
adding_account = request.session.get("add_account", None)
if adding_account is not None:
del request.session["add_account"]
# current discussion and next?
logged_in = authenticated_userid(request)
if logged_in:
logged_in = User.get(logged_in)
if adding_account:
if user and user != logged_in:
# logged_in presumably newer?
logged_in.merge(user)
logged_in.db.delete(user)
logged_in.db.flush()
user = logged_in
else:
forget(request)
user = None
logged_in = None
if other_users:
if not user:
user = other_users.pop(0)
# Merge other accounts with same verified email
for profile in other_users:
user.merge(profile)
profile.delete()
return {"user": user}
def project_new_grid(request):
_ = request.translate
user_id = authenticated_userid(request)
user = DBSession.query(User).get(user_id)
try:
project = Project(_(u'Untitled project'), user)
DBSession.add(project)
DBSession.flush()
tile_size = int(request.params['tile_size'])
geometry = request.params['geometry']
geoms = parse_geojson(geometry)
multipolygon = convert_to_multipolygon(geoms)
geometry = shape.from_shape(multipolygon, 4326)
geom_3857 = DBSession.execute(ST_Transform(geometry, 3857)).scalar()
geom_3857 = shape.to_shape(geom_3857)
zoom = get_zoom_for_tile_size(geom_3857, tile_size)
project.area = Area(geometry)
project.auto_fill(zoom)
request.session.flash(
_("Project #${project_id} created successfully",
mapping={'project_id': project.id}), 'success')
return HTTPFound(
location=route_path('project_edit', request, project=project.id))
except Exception, e:
msg = _("Sorry, could not create the project. <br />%s") % e.message
request.session.flash(msg, 'alert')
raise HTTPFound(location=route_path('project_new', request))
def ideas_main(request):
hitpct = Idea.ideas_bunch(Idea.hit_percentage.desc())
top = Idea.ideas_bunch(Idea.hits.desc())
bottom = Idea.ideas_bunch(Idea.misses.desc())
last10 = Idea.ideas_bunch(Idea.idea_id.desc())
toplists = [
{'title': 'Latest shots', 'items': last10},
{'title': 'Most hits', 'items': top},
{'title': 'Most misses', 'items': bottom},
{'title': 'Best performance', 'items': hitpct},
]
login_form = login_form_view(request)
return {
'title': 'ideas',
'username': authenticated_userid(request),
'toolbar': toolbar_view(request),
'cloud': cloud_view(request),
'latest': latest_view(request),
'login_form': login_form,
'toplists': toplists,
}
def update_(request):
'Update account'
params = request.params
if params.get('token') != request.session.get_csrf_token():
return dict(isOk=0, message='Invalid session token')
userID = authenticated_userid(request)
# If the user is trying to update account information, send confirmation email
if 'username' in params:
return save_user_(request, dict(params), 'update',
db.query(User).get(userID))
# Make sure the smsAddressID belongs to the user
smsAddressID = params.get('smsAddressID')
smsAddress = db.query(
SMSAddress).filter((SMSAddress.id == smsAddressID)
& (SMSAddress.user_id == userID)).first()
if not smsAddress:
return dict(
isOk=0,
message='Could not find smsAddressID=%s corresponding to userID=%s'
% (smsAddressID, userID))
# Load
smsAddressAction = params.get('smsAddressAction')
# If the user is activating an SMS address,
if 'activate' == smsAddressAction:
smsAddress.is_active = True
return dict(isOk=1, is_active=smsAddress.is_active)
# If the user is deactivating an SMS address,
if 'deactivate' == smsAddressAction:
smsAddress.is_active = False
return dict(isOk=1, is_active=smsAddress.is_active)
# If the user is removing an SMS address,
elif 'remove' == smsAddressAction:
db.delete(smsAddress)
return dict(isOk=1)
# If the command is not recognized,
return dict(isOk=0, message='Command not recognized')
def project_message_all(request):
_ = request.translate
ngettext = request.plural_translate
if not request.POST.get('message', None) or \
not request.POST.get('subject', None):
return {
'error': True,
'error_msg': _('A subject and message are required.')
}
id = request.matchdict['project']
project = DBSession.query(Project).get(id)
user_id = authenticated_userid(request)
user = DBSession.query(User).get(user_id)
recipients = get_contributors(project)
subject = _('Project #') + str(id) + ': ' + request.POST['subject']
for recipient in recipients:
userid = username_to_userid(recipient)
to = DBSession.query(User).get(userid)
send_message(subject, user, to, request.POST['message'])
DBSession.flush()
num = len(recipients)
if num == 0:
msg = _('No users to message.')
else:
msg = ngettext(
'Message sent to ${num} user.',
'Message sent to ${num} users.',
num,
mapping={'num': num})
return dict(success=True, msg=msg)
def handle_submit(self, converted):
request = self.request
context = self.context
ordering = getattr(context, 'ordering', None)
if ordering is not None:
ordering.sync(context.keys())
creator = authenticated_userid(request)
reference_object = create_content(self.content_iface,
converted['title'],
converted['description'],
creator,
)
name = make_unique_name(context, converted['title'])
context[name] = reference_object
if ordering is not None:
ordering.add(name)
# save the tags
set_tags(reference_object, request, converted['tags'])
location = resource_url(reference_object, request)
return HTTPFound(location=location)
def handle_submit(self, converted):
request = self.request
context = self.context
workflow = self.workflow
forum = create_content(
IForum,
converted['title'],
converted['description'],
authenticated_userid(request),
)
name = make_unique_name(context, converted['title'])
context[name] = forum
# Set up workflow
if workflow is not None:
workflow.initialize(forum)
if 'security_state' in converted:
workflow.transition_to_state(forum, request,
converted['security_state'])
location = resource_url(forum, request)
return HTTPFound(location=location)
def get_feeds(request):
user_name = request.matchdict['user']
logged_in = authenticated_userid(request)
if user_name != logged_in:
return HTTPForbidden()
user = User.get_by_screen_name(user_name)
feeds = Feed.get_by_userid(user.id)
feed_list = []
for feed in feeds:
feed_dict = {
'name':
feed.name,
'feed_uri':
request.route_url('view_feed', user=user_name, feedname=feed.name),
'delete_uri':
request.route_url('delete_feed',
user=user_name,
feedname=feed.name)
}
feed_list.append(feed_dict)
return feed_list
def display_mesh_landing(request):
""" Display a list of all the available meshes """
page_renderer = get_renderer("../templates/mesh_landing.pt")
body = page_renderer.implementation().macros['body']
SCRIPTS = getCommonScripts() + [
"modals/modal.js",
"modals/iteminfo_modal.js",
]
ampy = initAmpy(request)
if ampy is None:
print("Error starting ampy during item request")
return None
meshes = ampy.get_meshes(None)
banopts = getBannerOptions(request)
for mesh in meshes:
mesh["urlname"] = escapeURIComponent(mesh["ampname"])
return {
"title": "AMP Measurement Meshes",
"body": body,
"scripts": SCRIPTS,
"styles": ["bootstrap.min.css"],
"meshes": meshes,
"gtag": getGATrackingID(request),
"show_dash": banopts['showdash'],
"show_matrix": banopts['showmatrix'],
"can_edit": has_permission("editconfig", request.context, request),
"show_config": has_permission("viewconfig", request.context, request),
"show_users": has_permission("editusers", request.context, request),
"logged_in": authenticated_userid(request),
"bannertitle": banopts['title'],
}
def handle_submit(self, converted):
context = self.context
request = self.request
parent = context.__parent__
creator = authenticated_userid(request)
comment = create_content(
IComment,
'Re: %s' % parent.title,
converted['add_comment'],
extract_description(converted['add_comment']),
creator,
)
next_id = parent['comments'].next_id
parent['comments'][next_id] = comment
workflow = get_workflow(IComment, 'security', context)
if workflow is not None:
workflow.initialize(comment)
if 'security_state' in converted:
workflow.transition_to_state(comment, request,
converted['security_state'])
if support_attachments(comment):
upload_attachments(converted['attachments'], comment,
creator, request)
relocate_temp_images(comment, request)
blogentry = find_interface(context, IBlogEntry)
if converted.get('sendalert'):
alerts = queryUtility(IAlerts, default=Alerts())
alerts.emit(comment, request)
location = resource_url(parent, request)
msg = 'Comment added'
location = '%s?status_message=%s' % (location, urllib.quote(msg))
self.filestore.clear()
return HTTPFound(location=location)
def login(request):
"""View to process login credentials and remember the user.
This method provides a pyramid view that uses the repoze.who API
to authenticate any submitted credentials, then redirects to
whatever page the user was trying to view. You can use it as
a convenient redirection point for plugins that need to submit
credentials via POST, or as the target for a custom login form.
"""
came_from = request.params.get("came_from", request.referer or "/")
# Try to authenticate, either via standard plugin auth
# or by using the request parameters at the identity.
userid = security.authenticated_userid(request)
if userid is not None:
headers = security.remember(request, userid)
else:
api = get_api(request)
userid, headers = api.login(dict(request.params))
# If that worked, send them back to where they came from.
if userid is not None:
return HTTPFound(location=came_from, headers=headers)
# If not, trigger the usual forbidden view.
# In theory this should eventually post back to us again.
raise HTTPForbidden()
def project_invalidate_all(request):
_ = request.translate
# If user has not entered a comment, return error
if not request.POST.get('comment', None):
return {'error': True, 'error_msg': _('A comment is required.')}
challenge_id = request.POST.get('challenge_id', None)
if not passes_project_id_challenge(challenge_id,
request.matchdict['project']):
return {
'error': True,
'error_msg': _('Please type the project id in the box to confirm')
}
id = request.matchdict['project']
project = DBSession.query(Project).get(id)
user_id = authenticated_userid(request)
user = DBSession.query(User).get(user_id)
tasks = project.tasks
tasks_affected = 0
for task in tasks:
if task.cur_state.state == TaskState.state_done:
tasks_affected += 1
task.user = None
task.states.append(
TaskState(user=user, state=TaskState.state_invalidated))
task.locks.append(TaskLock(user=None, lock=False))
add_comment(request, task, user)
DBSession.add(task)
if tasks_affected == 0:
msg = _('No done tasks to invalidate.')
else:
msg = _('%d tasks invalidated' % tasks_affected)
DBSession.flush()
return dict(success=True, msg=msg)
def idea_vote(request):
post_data = request.POST
target = post_data.get('target')
session = DBSession()
idea = Idea.get_by_id(target, with_joinedload=False)
voter_username = authenticated_userid(request)
voter = User.get_by_username(voter_username)
redirect_url = route_url('idea', request, idea_id=idea.idea_id)
response = HTTPMovedPermanently(location=redirect_url)
if voter.user_id == idea.author_id:
request.session.flash(u'You cannot vote on your own ideas.')
return response
if post_data.get('form.vote_hit'):
idea.vote(voter, True)
elif post_data.get('form.vote_miss'):
idea.vote(voter, False)
session.flush()
return response
def discussion_list_view(request):
request.session.pop('discussion')
user_id = authenticated_userid(request) or Everyone
user = None
if user_id != Everyone:
user = User.get(user_id)
roles = get_roles(user_id)
context = get_default_context(request)
context['discussions'] = []
# Show even anonymous users every discussion one has access to if
# authenticated, so they can login and read them
discussions = discussions_with_access(Authenticated if user_id ==
Everyone else user_id)
for discussion in discussions:
discussionFrontendUrls = FrontendUrls(discussion)
discussion_context = {
'topic': discussion.topic,
'slug': discussion.slug,
'url': discussionFrontendUrls.get_discussion_url()
}
if user_has_permission(discussion.id, user_id, P_ADMIN_DISC):
discussion_context[
'admin_url'] = discussionFrontendUrls.get_discussion_edition_url(
)
discussion_context['permissions_url'] = request.route_url(
'discussion_permissions', discussion_id=discussion.id)
context['discussions'].append(discussion_context)
if R_SYSADMIN in roles:
context['discussions_admin_url'] = request.route_url(
'discussion_admin')
context['permissions_admin_url'] = request.route_url(
'general_permissions')
context['preferences_admin_url'] = request.route_url(
'admin_global_preferences')
context['user'] = user
return context
def get_token(request):
user_id = authenticated_userid(request)
if not user_id:
raise HTTPUnauthorized()
discussion_id = request.context.get_discussion_id()
permissions = request.GET.getall('permission') or [
P_READ, P_READ_PUBLIC_CIF
]
if P_READ in permissions:
permissions.append(P_READ_PUBLIC_CIF)
permissions = list(set(permissions))
random_seed = request.GET.get('seed', None)
# TODO: Rewrite that crap so randomness is internal,
# give a pair of tokens.
if random_seed:
# We need some determinism
random.seed(random_seed)
random_str = ''.join([chr(random.randint(0, 256)) for i in range(8)])
# Restore normal randomness
random.seed(urandom(8))
else:
random_str = urandom(8)
data = permission_token(user_id, discussion_id, permissions, random_str)
return Response(body=data, content_type="text/text")
def configure_twofactor_view(context, request):
page_title = "Profile: %s" % context.title
api = TemplateAPI(context, request, page_title)
tf = TwoFactor(context, request)
if (not tf.enabled or not tf.phone_factor_enabled
or not authenticated_userid(request) == context.__name__):
return HTTPFound(request.resource_url(context))
form = 'number'
number = ''
if request.method == 'POST':
number = request.POST.get('phonenumber', '')
if 'form.verifyemail.submitted' in request.POST:
number = ''.join(n for n in number if n in string.digits)
if len(number) == 10:
context.two_factor_phone = number
code = context._two_factor_verify_code = make_random_code(6)
msg = "%s phone verification code: %s" % (get_setting(
context, 'title'), code)
tf.send_text_to_number(number, msg)
api.set_status_message(
'Verification code sent to phone number: %s' % number)
form = 'verify'
else:
api.set_status_message('Invalid phone number')
elif 'form.verifycode.submitted' in request.POST:
form = 'verify'
code = request.POST['code']
if code == context._two_factor_verify_code:
context._two_factor_verify_code = ''
context.two_factor_verified = True
form = 'success'
else:
api.set_status_message('Invalid verification code')
return dict(api=api, form=form, number=number, context=context)
