def _wall_events_query(self):
"""WallMixin implementation."""
from ututi.lib.wall import generic_events_query
evts_generic = generic_events_query()
t_evt = meta.metadata.tables['events']
t_wall_posts = meta.metadata.tables['wall_posts']
locations = [loc.id for loc in c.location.flatten]
subjects = meta.Session.query(Subject)\
.filter(Subject.location_id.in_(locations))\
.all()
if self.feed_filter == 'sub_department':
subject_ids = [subject.id for subject in self.sub_department.subjects
if check_crowds(["subject_accessor"], c.user, subject)]
else:
subject_ids = [subject.id for subject in subjects
if check_crowds(["subject_accessor"], c.user, subject)]
public_groups = meta.Session.query(Group)\
.filter(Group.location_id.in_(locations))\
.filter(Group.forum_is_public == True)\
.all()
ids = [obj.id for obj in subjects + public_groups]
obj_id_in_list = t_evt.c.object_id.in_(ids) if ids else False
events_query = evts_generic
if self.feed_filter == 'subjects':
return events_query.where(or_(obj_id_in_list, t_wall_posts.c.subject_id.in_(subject_ids)))
elif self.feed_filter == 'sub_department':
return events_query.where(or_(t_evt.c.object_id.in_(subject_ids) if subject_ids else False, t_wall_posts.c.subject_id.in_(subject_ids)))
elif self.feed_filter == 'discussions':
return events_query.where(or_(t_wall_posts.c.target_location_id.in_(locations), t_wall_posts.c.subject_id.in_(subject_ids)))
else:
return events_query.where(or_(obj_id_in_list, t_wall_posts.c.target_location_id.in_(locations),
t_wall_posts.c.subject_id.in_(subject_ids)))
def remove_comment(self, id):
comment = EventComment.get(id)
if comment and (check_crowds(('owner',), c.user, comment) or check_crowds(('moderator',), c.user, comment.event.context)):
comment.deleted_by = c.user.id
meta.Session.add(comment)
meta.Session.commit()
self._redirect()
def edit(self, subject):
if subject.edit_settings_perm != 'everyone' and not check_crowds(['teacher', 'moderator'], c.user, subject):
abort(403)
defaults = {
'id': subject.subject_id,
'old_location': '/'.join(subject.location.path),
'title': subject.title,
'lecturer': subject.lecturer,
'tags': ', '.join([tag.title for tag in subject.tags]),
'description': subject.description,
'subject_visibility': subject.visibility,
'subject_edit': subject.edit_settings_perm,
'subject_post_discussions': subject.post_discussion_perm,
'sub_department_id': subject.sub_department_id
}
if subject.location is not None:
location = dict([('location-%d' % n, tag)
for n, tag in enumerate(subject.location.hierarchy())])
else:
location = []
defaults.update(location)
return htmlfill.render(self._edit_form(), defaults=defaults)
def create_subject_wall_post(self):
subject = Subject.get_by_id(self.form_result['subject_id'])
if subject.post_discussion_perm != 'everyone' and not check_crowds(['teacher', 'moderator'], c.user, subject):
abort(403)
self._create_wall_post(subject=subject,
content=self.form_result['post'])
self._redirect()
def create_subject_wall_post_js(self):
subject = Subject.get_by_id(self.form_result['subject_id'])
if subject.post_discussion_perm != 'everyone' and not check_crowds(['teacher', 'moderator'], c.user, subject):
abort(403)
post = self._create_wall_post(subject=subject,
content=self.form_result['post'])
evt = meta.Session.query(SubjectWallPostEvent).filter_by(object_id=post.id).one().wall_entry()
return {'success': True, 'evt': evt}
def members(self, group):
c.group_menu_current_item = 'members'
c.show_info = True
self._set_up_member_info(group)
if check_crowds(['admin', 'moderator'], context=group):
return render('group/members_admin.mako')
else:
return render('group/members.mako')
def _remove_wall_post(self, wall_post_id):
post = meta.Session.query(WallPost).filter_by(id=wall_post_id).one()
if post and check_crowds(('owner', 'moderator'), c.user, post):
post.deleted_by = c.user.id
meta.Session.add(post)
meta.Session.commit()
return True
else:
return False
def can_manage_post(self, post):
if c.user is None:
return False # Anonymous users can not change anything.
if (check_crowds(['admin', 'moderator']) if c.group is not None
else check_crowds(['root'])):
return True # Moderator can edit/delete anything.
if not post.created_by == c.user.id:
return False # Not the owner.
if not self._forum_posts: # Cache query result.
self._forum_posts = meta.Session.query(ForumPost)\
.filter_by(category_id=c.category.id,
thread_id=c.thread.thread_id,
deleted_by=None)\
.order_by(ForumPost.created_on).all()
if post.id != self._forum_posts[-1].id: # Not the last message in thread.
# TODO: Show a flash warning that the message could not be edited.
return False
return True
def _protected_action(self, *args, **kwargs):
if not check_crowds(['subject_accessor'], c.user, c.subject):
location_link = ((c.subject.location.url(), ' '.join(c.subject.location.full_title_path))
if c.subject.visibility == 'department_members'
else (c.subject.location.root.url(), c.subject.location.root.title))
deny(h.literal(_('Only %(location)s members can access see this subject.')
% dict(location=h.link_to(location_link[1], location_link[0]))), 401)
c.user_can_edit_settings = c.user and (c.subject.edit_settings_perm == 'everyone' or check_crowds(['teacher', 'moderator'], c.user))
c.user_can_post_discussions = c.user and (c.subject.post_discussion_perm == 'everyone' or check_crowds(['teacher', 'moderator'], c.user))
return method(self, *args, **kwargs)
def fn(*args, **kwargs):
if c.group is not None:
if not c.group.forum_is_public and not check_crowds(['member', 'moderator']):
deny("This forum is not public", 401)
if c.group.mailinglist_enabled:
flash(_('The web-based forum for this group has been disabled.'
' Please use the mailing list instead.'))
redirect(url(controller='mailinglist', action='index', id=c.group_id))
return m(*args, **kwargs)
def home(self, group):
if not c.user:
abort(404);
if check_crowds(["member", "admin"]):
if request.params.get('do_not_watch'):
group.wants_to_watch_subjects = False
meta.Session.commit()
self._set_home_variables(group)
return render('group/home.mako')
else:
c.breadcrumbs = [{'title': group.title,
'link': url(controller='group', action='home', id=c.group.group_id)}]
return render('group/home_public.mako')
def _move(self, source, file):
source_folder = file.folder
delete = asbool(request.POST.get('remove', False))
if delete:
if check_crowds(['owner', 'moderator', 'admin']):
file.deleted = c.user
else:
abort(501)
else:
file.folder = request.POST['target_folder']
file.deleted = None
if source_folder and source.getFolder(source_folder) is None:
source.files.append(File.makeNullFile(source_folder))
meta.Session.commit()
return render_mako_def('/sections/files.mako','file', file=file)
def subject_menu_items():
items = [
{'title': _("Info"),
'name': 'info',
'link': c.subject.url(action='info')},
{'title': _("News feed"),
'name': 'feed',
'link': c.subject.url(action='feed')},
{'title': _("Files"),
'name': 'files',
'link': c.subject.url(action='files')},
{'title': _("Notes"),
'name': 'pages',
'link': c.subject.url(action='pages')}]
if c.user and c.subject.post_discussion_perm == 'everyone' or check_crowds(['teacher', 'moderator'], c.user):
items.append({'title': _("Discussions"),
'name': 'discussions',
'link': c.subject.url(action='feed', filter='discussions')})
return items
def update(self, subject):
if not hasattr(self, 'form_result'):
redirect(url(controller='subject', action='add'))
#check if we need to regenerate the id
clash = Subject.get(self.form_result.get('location', None), subject.subject_id)
if clash is not None and clash is not subject:
subject.subject_id = subject.generate_new_id()
subject.title = self.form_result['title']
subject.lecturer = self.form_result['lecturer']
subject.location = self.form_result['location']
subject.description = self.form_result.get('description', None)
subject.sub_department_id = self.form_result.get('sub_department_id', None)
#check to see what kind of tags we have got
tags = [tag.strip().lower() for tag in self.form_result.get('tagsitem', []) if len(tag.strip().lower()) < 250 and tag.strip() != '']
if tags == []:
tags = [tag.strip().lower() for tag in self.form_result.get('tags', '').split(',') if len(tag.strip()) < 250 and tag.strip() != '']
subject.tags = []
for tag in tags:
subject.tags.append(SimpleTag.get(tag))
# update subject permissions
if check_crowds(["teacher", "moderator", "root"], c.user, subject) and 'subject_visibility' in self.form_result:
subject.visibility = self.form_result['subject_visibility']
subject.edit_settings_perm = self.form_result['subject_edit']
subject.post_discussion_perm = self.form_result['subject_post_discussions']
# remove subject from watched list for users who can't view subject anymore
if subject.visibility != 'everyone':
crowd_fn = is_university_member if subject.visibility == 'university_members' else is_department_member
for watcher in subject.watching_users:
if not crowd_fn(watcher.user, subject):
watcher.user.unwatchSubject(subject)
meta.Session.commit()
redirect(url(controller='subject',
action='home',
id=subject.subject_id,
tags=subject.location_path))
def fn(*args, **kwargs):
if not (c.group.forum_is_public or check_crowds(['member', 'admin'])):
deny("This mailing list is not public", 401)
return m(*args, **kwargs)
def _edit_form(self):
c.notabs = True
c.show_permission_settings = check_crowds(["teacher", "moderator", "root"], c.user, c.subject)
return render('subject/edit.mako')
def index(self, group):
if check_crowds(["member", "admin"]):
redirect(url(controller='group', action=c.group.default_tab, id=group.group_id))
else:
redirect(url(controller='group', action='home', id=group.group_id))
def can_post(self, user):
return user is not None and (not c.group_id or check_crowds(['member', 'admin', 'moderator']))
def fn(*args, **kwargs):
if c.group is not None:
if not check_crowds(['member', 'moderator']):
deny("Only members can post", 401)
return m(*args, **kwargs)