def get(self,long_slug): # !!! filter available_until now = datetime.now() path = long_slug.split('/') mpath = ",".join(path) mpath = ",{0},".format(mpath) channel = Channel.objects.get_or_404(mpath=mpath,published=True) if now is_accessible(roles_accepted=channel.roles): raise abort(403,"User has no role to view this channel content")
def get_context(self, long_slug, render_content=False): now = datetime.now() homepage = Channel.objects.get(is_homepage=True) if long_slug.startswith(homepage.slug) and \ len(long_slug.split('/')) < 3 and \ not render_content: slug = long_slug.split('/')[-1] return redirect(url_for('detail', long_slug=slug)) filters = {'published': True, 'available_at__lte': now} try: content = Content.objects.get(long_slug=long_slug, **filters) except Content.DoesNotExist: content = Content.objects.get_or_404(channel=homepage, slug=long_slug, **filters) if not content.channel.published: return abort(404) if not is_accessible(roles_accepted=content.channel.roles): # TODO: access control only takes main channel roles # TODOC: deal with related channels raise abort(403, "User has no role to view this channel content") self.content = content context = {"content": content, "channel": content.channel} return context
def check_if_is_accessible(content): if not content.channel.published: return abort(404) if (get_current_user() not in content.get_authors()) or ( not is_accessible(roles_accepted=['admin','reviewer'])): raise abort(403,"User has no role to view this chanel content")
def check_if_is_accessible(content): if not content.channel.is_available: return abort(404) if not is_accessible(roles_accepted=content.channel.roles): # Access control only takes main channel roles # Need to deal with related channels raise abort(403, "User has no role to view this channel content")
def check_if_is_accessible(self, content): if not content.channel.published: return abort(404) if not is_accessible(roles_accepted=content.channel.roles): # Access control only takes main channel roles # Need to deal with related channels raise abort(403, "User has no role to view this channel content")
def check_if_is_accessible(content): if not content.channel.published: return abort(404) if (get_current_user() not in content.get_authors()) or ( not is_accessible(roles_accepted=['admin', 'reviewer'])): # access control only takes main channel roles # need to deal with related channels raise abort(403, "User has no role to view this channel content")
def check_if_is_accessible(self, content): if not content.channel.published: return abort(404) if (get_current_user() not in content.get_authors()) or ( not is_accessible(roles_accepted=['admin', 'reviewer'])): # access control only takes main channel roles # need to deal with related channels raise abort(403, "User has no role to view this channel content")
def get_context(self, long_slug, render_content=False): now = datetime.now() homepage = Channel.objects.get(is_homepage=True) if long_slug.startswith(homepage.slug) and \ len(long_slug.split('/')) < 3 and \ not render_content: slug = long_slug.split('/')[-1] return redirect(url_for('detail', long_slug=slug)) filters = { 'published': True, 'available_at__lte': now } try: content = Content.objects.get( long_slug=long_slug, **filters ) except Content.DoesNotExist: content = Content.objects.get_or_404( channel=homepage, slug=long_slug, **filters ) if not content.channel.published: return abort(404) if not is_accessible(roles_accepted=content.channel.roles): # TODO: access control only takes main channel roles # TODOC: deal with related channels raise abort(403, "User has no role to view this channel content") self.content = content context = { "content": content, "channel": content.channel } return context
def is_accessible(self): roles_accepted = getattr(self, 'roles_accepted', None) return is_accessible(roles_accepted=roles_accepted, user=current_user)
def get(self, long_slug): now = datetime.now() path = long_slug.split('/') mpath = ",".join(path) mpath = ",{0},".format(mpath) channel = Channel.objects.get_or_404(mpath=mpath, published=True) if not is_accessible(roles_accepted=channel.roles): raise abort(403, "User has no role to view this channel content") # if channel.is_homepage and request.path != "/": # return redirect("/") if channel.redirect_url: return redirect(channel.redirect_url) if channel.render_content: return ContentDetail().get( channel.render_content.content.long_slug, True) self.channel = channel base_filters = {} filters = { 'published': True, 'available_at__lte': now, 'show_on_channel': True } if not channel.is_homepage: base_filters['__raw__'] = { '$or': [{ 'mpath': { '$regex': "^{0}".format(mpath) } }, { 'related_mpath': { '$regex': "^{0}".format(mpath) } }] } else: # list only allowed items in homepage user_roles = [role.name for role in get_current_user().roles] if 'admin' not in user_roles: base_filters['__raw__'] = { "$or": [ { "channel_roles": { "$in": user_roles } }, { "channel_roles": { "$size": 0 } }, # the following filters are for backwards compatibility { "channel_roles": None }, { "channel_roles": { "$exists": False } } ] } filters.update(channel.get_content_filters()) contents = Content.objects(**base_filters).filter(**filters) sort = request.args.get('sort') if sort: contents = contents.order_by(sort) elif channel.sort_by: contents = contents.order_by(*channel.sort_by) if current_app.config.get("PAGINATION_ENABLED", True): pagination_arg = current_app.config.get("PAGINATION_ARG", "page") page = request.args.get(pagination_arg, 1) per_page = (request.args.get('per_page') or channel.per_page or current_app.config.get("PAGINATION_PER_PAGE", 10)) contents = contents.paginate(page=int(page), per_page=int(per_page)) # this can be overkill! try another solution # to filter out content in unpublished channels # when homepage and also in blocks # contents = [content for content in contents # if content.channel.published] themes = channel.get_themes() return render_template(self.get_template_names(), theme=themes, contents=contents, channel=channel)
def get(self, long_slug): # !!! filter available_until now = datetime.now() path = long_slug.split('/') mpath = ",".join(path) mpath = ",{0},".format(mpath) channel = Channel.objects.get_or_404(mpath=mpath, published=True) if not is_accessible(roles_accepted=channel.roles): raise abort(403, "User has no role to view this channel content") if channel.is_homepage and request.path != channel.get_absolute_url(): return redirect(channel.get_absolute_url()) published_channels = Channel.objects(published=True).values_list('id') if channel.redirect_url: url_protos = ('http://', 'mailto:', '/', 'ftp://') if channel.redirect_url.startswith(url_protos): return redirect(channel.redirect_url) else: return redirect(url_for(channel.redirect_url)) if channel.render_content: return ContentDetail().get( channel.render_content.content.long_slug, True) self.channel = channel base_filters = {} filters = { 'published': True, 'available_at__lte': now, 'show_on_channel': True, 'channel__in': published_channels } if not channel.is_homepage: base_filters['__raw__'] = { '$or': [ {'mpath': {'$regex': "^{0}".format(mpath)}}, {'related_mpath': {'$regex': "^{0}".format(mpath)}} ] } else: # list only allowed items in homepage user_roles = [role.name for role in get_current_user().roles] if 'admin' not in user_roles: base_filters['__raw__'] = { "$or": [ {"channel_roles": {"$in": user_roles}}, {"channel_roles": {"$size": 0}}, # the following filters are for backwards compatibility {"channel_roles": None}, {"channel_roles": {"$exists": False}} ] } filters.update(channel.get_content_filters()) contents = Content.objects(**base_filters).filter(**filters) sort = request.args.get('sort') if sort: contents = contents.order_by(sort) elif channel.sort_by: contents = contents.order_by(*channel.sort_by) disabled_pagination = False if not current_app.config.get("PAGINATION_ENABLED", True): disabled_pagination = contents.count() pagination_arg = current_app.config.get("PAGINATION_ARG", "page") page = request.args.get(pagination_arg, 1) per_page = ( disabled_pagination or request.args.get('per_page') or channel.per_page or current_app.config.get("PAGINATION_PER_PAGE", 10) ) contents = contents.paginate(page=int(page), per_page=int(per_page)) themes = channel.get_themes() return render_template(self.get_template_names(), theme=themes, contents=contents, channel=channel)
def check_if_is_accessible(content): if not content.channel.is_available: return abort(404) if not is_accessible(roles_accepted=content.channel.roles): raise abort(403,"User has no role to view this channel content")
def get(self, long_slug): # !!! filter available_until now = datetime.now() path = long_slug.split('/') mpath = ",".join(path) mpath = ",{0},".format(mpath) channel = Channel.objects.get_or_404(mpath=mpath, published=True) if not is_accessible(roles_accepted=channel.roles): raise abort(403, "User has no role to view this channel content") if channel.is_homepage and request.path != channel.get_absolute_url(): return redirect(channel.get_absolute_url()) published_channels = Channel.objects(published=True).values_list('id') if channel.redirect_url: url_protos = ('http://', 'mailto:', '/', 'ftp://') if channel.redirect_url.startswith(url_protos): return redirect(channel.redirect_url) else: return redirect(url_for(channel.redirect_url)) if channel.render_content: return ContentDetail().get( channel.render_content.content.long_slug, True) self.channel = channel base_filters = {} filters = { 'published': True, 'available_at__lte': now, 'show_on_channel': True, 'channel__in': published_channels } if not channel.is_homepage: base_filters['__raw__'] = { '$or': [{ 'mpath': { '$regex': "^{0}".format(mpath) } }, { 'related_mpath': { '$regex': "^{0}".format(mpath) } }] } else: # list only allowed items in homepage user_roles = [role.name for role in get_current_user().roles] if 'admin' not in user_roles: base_filters['__raw__'] = { "$or": [ { "channel_roles": { "$in": user_roles } }, { "channel_roles": { "$size": 0 } }, # the following filters are for backwards compatibility { "channel_roles": None }, { "channel_roles": { "$exists": False } } ] } filters.update(channel.get_content_filters()) contents = Content.objects(**base_filters).filter(**filters) sort = request.args.get('sort') if sort: contents = contents.order_by(sort) elif channel.sort_by: contents = contents.order_by(*channel.sort_by) disabled_pagination = False if not current_app.config.get("PAGINATION_ENABLED", True): disabled_pagination = contents.count() pagination_arg = current_app.config.get("PAGINATION_ARG", "page") page = request.args.get(pagination_arg, 1) per_page = (disabled_pagination or request.args.get('per_page') or channel.per_page or current_app.config.get("PAGINATION_PER_PAGE", 10)) contents = contents.paginate(page=int(page), per_page=int(per_page)) themes = channel.get_themes() return render_template(self.get_template_names(), theme=themes, contents=contents, channel=channel)
def get(self, long_slug): now = datetime.now() path = long_slug.split('/') mpath = ",".join(path) mpath = ",{0},".format(mpath) channel = Channel.objects.get_or_404(mpath=mpath, published=True) if not is_accessible(roles_accepted=channel.roles): raise abort(403, "User has no role to view this channel content") # if channel.is_homepage and request.path != "/": # return redirect("/") if channel.redirect_url: return redirect(channel.redirect_url) if channel.render_content: return ContentDetail().get( channel.render_content.content.long_slug, True) self.channel = channel base_filters = {} filters = { 'published': True, 'available_at__lte': now, 'show_on_channel': True } if not channel.is_homepage: base_filters['__raw__'] = { '$or': [ {'mpath': {'$regex': "^{0}".format(mpath)}}, {'related_mpath': {'$regex': "^{0}".format(mpath)}} ] } else: # list only allowed items in homepage user_roles = [role.name for role in get_current_user().roles] if 'admin' not in user_roles: base_filters['__raw__'] = { "$or": [ {"channel_roles": {"$in": user_roles}}, {"channel_roles": {"$size": 0}}, # the following filters are for backwards compatibility {"channel_roles": None}, {"channel_roles": {"$exists": False}} ] } filters.update(channel.get_content_filters()) contents = Content.objects(**base_filters).filter(**filters) sort = request.args.get('sort') if sort: contents = contents.order_by(sort) elif channel.sort_by: contents = contents.order_by(*channel.sort_by) if current_app.config.get("PAGINATION_ENABLED", True): pagination_arg = current_app.config.get("PAGINATION_ARG", "page") page = request.args.get(pagination_arg, 1) per_page = ( request.args.get('per_page') or channel.per_page or current_app.config.get("PAGINATION_PER_PAGE", 10) ) contents = contents.paginate(page=int(page), per_page=int(per_page)) # this can be overkill! try another solution # to filter out content in unpublished channels # when homepage and also in blocks # contents = [content for content in contents # if content.channel.published] themes = channel.get_themes() return render_template(self.get_template_names(), theme=themes, contents=contents, channel=channel)