def add_permission(self): if ISiteRoot.providedBy(self.context): self.response['title'] = _(u"Add permission") post = self.request.POST if 'cancel' in post: url = resource_url(self.context, self.request) return HTTPFound(location=url) schema = createSchema('SinglePermissionSchema') add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api=self.api) form = Form(schema, buttons=(button_add, button_cancel)) self.api.register_form_resources(form) if IMeeting.providedBy(self.context): self.response['tabs'] = self.api.render_single_view_component( self.context, self.request, 'tabs', 'manage_tickets') if 'add' in post: controls = post.items() try: appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response #Set permissions self.context.set_groups(appstruct['userid'], appstruct['groups'], event=True) msg = _(u"Added permssion for user ${userid}", mapping={'userid': appstruct['userid']}) self.api.flash_messages.add(msg) url = resource_url(self.context, self.request) return HTTPFound(location=url)
def group_form(self): if IMeeting.providedBy(self.context): self.response['title'] = _(u"Edit permissions") else: self.response['title'] = _(u"Root permissions") post = self.request.POST if 'cancel' in post: url = resource_url(self.context, self.request) return HTTPFound(location=url) schema = createSchema('PermissionsSchema') add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api=self.api) form = Form(schema, buttons=('save', 'cancel')) self.api.register_form_resources(form) if 'save' in post: controls = post.items() try: appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response #Set permissions self.context.set_security(appstruct['userids_and_groups']) url = resource_url(self.context, self.request) return HTTPFound(location=url)
def password_form(self): # if admin is changing password for another user no verification of current password is needed if self.context != self.api.user_profile and self.api.context_has_permission( MANAGE_SERVER, self.api.root): schema = createSchema('ChangePasswordAdminSchema') else: schema = createSchema('ChangePasswordSchema') add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api=self.api) form = Form(schema, buttons=(button_update, button_cancel)) self.api.register_form_resources(form) post = self.request.POST if 'update' in post: controls = post.items() try: #appstruct is deforms convention. It will be the submitted data in a dict. appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response self.context.set_password(appstruct['password']) msg = _(u"Password changed") self.api.flash_messages.add(msg) url = resource_url(self.context, self.request) return HTTPFound(location=url)
def add_form(self): post = self.request.POST if 'cancel' in post: self.api.flash_messages.add(_(u"Canceled")) url = resource_url(self.context, self.request) return HTTPFound(location=url) schema = createSchema('AddUserSchema') add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api = self.api) form = Form(schema, buttons=(button_add, button_cancel)) self.api.register_form_resources(form) if 'add' in post: controls = post.items() try: #appstruct is deforms convention. It will be the submitted data in a dict. appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response #Userid and name should be consistent name = appstruct['userid'] del appstruct['userid'] #creators takes care of setting the role owner as well as adding it to creators attr. obj = createContent('User', creators=[name], **appstruct) self.context[name] = obj self.api.flash_messages.add(_(u"Successfully added")) url = resource_url(self.context, self.request) return HTTPFound(location=url)
def edit_form(self): """ For configuring polls that haven't started yet. """ schema_name = self.api.get_schema_name(self.context.content_type, 'edit') schema = createSchema(schema_name, after_bind=poll_schema_after_bind) add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api = self.api) form = Form(schema, buttons=(button_update, button_cancel)) self.api.register_form_resources(form) post = self.request.POST if self.request.method == 'POST': if 'update' in post: controls = post.items() try: #appstruct is deforms convention. It will be the submitted data in a dict. appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response removed_uids = set(self.context.proposal_uids) - set(appstruct['proposals']) if removed_uids: #Adjust removed proposals back to published state, if they're locked for uid in removed_uids: prop = self.context.get_proposal_by_uid(uid) if prop.get_workflow_state() == 'voting': prop.set_workflow_state(self.request, u'published') updated = self.context.set_field_appstruct(appstruct) if updated: self.api.flash_messages.add(_(u"Successfully updated")) else: self.api.flash_messages.add(_(u"Nothing changed")) if 'cancel' in post: self.api.flash_messages.add(_(u"Canceled")) url = self.request.resource_url(self.context.__parent__, anchor = self.context.uid) return HTTPFound(location = url)
def password_form(self): # if admin is changing password for another user no verification of current password is needed if self.context != self.api.user_profile and self.api.context_has_permission(MANAGE_SERVER, self.api.root): schema = createSchema('ChangePasswordAdminSchema') else: schema = createSchema('ChangePasswordSchema') add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api = self.api) form = Form(schema, buttons=(button_update, button_cancel)) self.api.register_form_resources(form) post = self.request.POST if 'update' in post: controls = post.items() try: #appstruct is deforms convention. It will be the submitted data in a dict. appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response self.context.set_password(appstruct['password']) msg = _(u"Password changed") self.api.flash_messages.add(msg) url = resource_url(self.context, self.request) return HTTPFound(location=url)
def poll_form(self): """ Return rendered poll form or process a vote. """ poll_plugin = self.query_poll_plugin(self.context) if not poll_plugin: return HTTPForbidden() schema = poll_plugin.get_vote_schema(self.request, self.api) add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api=self.api) form = Form(schema, action=self.request.resource_url(self.context, '_poll_form'), buttons=(button_vote, ), formid="vote_form") can_vote = has_permission(security.ADD_VOTE, self.context, self.request) userid = self.api.userid post = self.request.POST if 'vote' in post: if not can_vote: raise HTTPForbidden(u"You're not allowed to vote") controls = post.items() try: appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response Vote = poll_plugin.get_vote_class() if not IVote.implementedBy(Vote): raise TypeError( "Poll plugins method get_vote_class returned something that didn't implement IVote." ) #Remove crsf_token from appstruct after validation appstruct.pop('csrf_token', None) if userid in self.context: vote = self.context[userid] assert IVote.providedBy(vote) vote.set_vote_data(appstruct) else: vote = Vote(creators=[userid]) #We don't need to send events here, since object added will take care of that vote.set_vote_data(appstruct, notify=False) #To fire events after set_vote_data is done self.context[userid] = vote success_msg = _(u"Your vote has been registered!") if self.request.is_xhr: self.response['success_msg'] = success_msg return Response( render("templates/snippets/vote_success.pt", self.response, request=self.request)) self.api.flash_messages.add(success_msg) url = self.request.resource_url(self.context.__parent__, anchor=self.context.uid) return HTTPFound(location=url)
def ajax_set_groups(self): schema = createSchema('PermissionsSchema') add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api = self.api) form = Form(schema, buttons=('save', 'cancel')) controls = self.request.POST.items() appstruct = form.validate(controls) #FIXME: Handle error some way, and return a proper response self.context.set_security(appstruct['userids_and_groups']) return Response() # i.e. 200 ok
def ajax_set_groups(self): schema = createSchema('PermissionsSchema') add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api=self.api) form = Form(schema, buttons=('save', 'cancel')) controls = self.request.POST.items() appstruct = form.validate(controls) #FIXME: Handle error some way, and return a proper response self.context.set_security(appstruct['userids_and_groups']) return Response() # i.e. 200 ok
def access_policy(self): schema = createSchema("AccessPolicyMeetingSchema") add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api = self.api) result = self.form(schema) if 'save' in self.request.POST and isinstance(result, HTTPFound): ap = self.request.registry.queryAdapter(self.context, IAccessPolicy, name = self.context.get_field_value('access_policy', '')) if ap and ap.configurable: self.api.flash_messages.add(_(u"Review access policy configuration")) url = self.request.resource_url(self.context, 'configure_access_policy') return HTTPFound(location = url) return result
def add_tickets(self): """ Add ticket invites to this meeting. Renders a form where you can paste email addresses and select which roles they should have once they register. When the form is submitted, it will also email users. """ post = self.request.POST if 'cancel' in post: self.api.flash_messages.add(_(u"Canceled")) url = self.request.resource_url(self.context) return HTTPFound(location=url) schema = createSchema('AddTicketsSchema') add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api = self.api) form = deform.Form(schema, buttons=(button_add, button_cancel)) self.api.register_form_resources(form) self.response['tabs'] = self.api.render_single_view_component(self.context, self.request, 'tabs', 'manage_tickets') if 'add' in post: controls = post.items() try: appstruct = form.validate(controls) except deform.ValidationFailure, e: self.response['form'] = e.render() return self.response emails = appstruct['emails'].splitlines() roles = appstruct['roles'] added = 0 rejected = 0 for email in emails: result = self.context.add_invite_ticket(email, roles, sent_by = self.api.userid) if result: added += 1 else: rejected += 1 if not rejected: msg = _('added_tickets_text', default=u"Successfully added ${added} invites", mapping={'added': added}) elif not added: msg = _('no_tickets_added', default = u"No tickets added - all you specified probably exist already. (Proccessed ${rejected})", mapping = {'rejected': rejected}) self.api.flash_messages.add(msg) url = self.request.resource_url(self.context, 'add_tickets') return HTTPFound(location = url) else: msg = _('added_tickets_text_some_rejected', default=u"Successfully added ${added} invites but discarded ${rejected} since they already existed or were already used.", mapping={'added': added, 'rejected': rejected}) self.api.flash_messages.add(msg) self.request.session['send_tickets.emails'] = emails self.request.session['send_tickets.message'] = appstruct['message'] url = self.request.resource_url(self.context, 'send_tickets') return HTTPFound(location = url)
def delete_form(self): """ Remove content """ schema = colander.Schema() add_csrf_token(self.context, self.request, schema) add_came_from(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api=self.api) form = Form(schema, buttons=(button_delete, button_cancel)) self.api.register_form_resources(form) post = self.request.POST if 'delete' in post: if self.context.content_type in ('SiteRoot', 'Users', 'User'): raise HTTPForbidden("Can't delete this content type") parent = self.context.__parent__ del parent[self.context.__name__] self.api.flash_messages.add(_(u"Deleted")) url = self.request.resource_url(parent) came_from = self.request.POST.get('came_from', None) if came_from: url = urllib.unquote(came_from) return HTTPFound(location=url) if 'cancel' in post: self.api.flash_messages.add(_(u"Canceled")) url = self.request.resource_url(self.context) return HTTPFound(location=url) #No action - Render edit form if self.context.content_type == 'Proposal': used_in_polls = [] ai = self.context.__parent__ for poll in ai.get_content(content_type = 'Poll'): if self.context.uid in poll.proposal_uids: used_in_polls.append("'%s'" % poll.title) if used_in_polls: msg = _(u"deleting_proposals_used_in_polls_not_allowed_error", default = u"You can't remove this proposal - it's used within the following polls: ${poll_titles}", mapping = {'poll_titles': u", ".join(used_in_polls)}) self.api.flash_messages.add(msg, type = 'error', close_button = False) raise HTTPFound(location = self.request.resource_url(ai)) msg = _(u"delete_form_notice", default = u"Are you sure you want to delete '${display_name}' with title: ${title}?", mapping = {'display_name': self.api.translate(self.context.display_name), 'title': self.context.title}) self.api.flash_messages.add(msg, close_button = False) appstruct = {} came_from = self.request.GET.get('came_from', None) if came_from: appstruct['came_from'] = came_from self.response['form'] = form.render(appstruct) return self.response
def rec_to_discussions_form(self): """ Note: This is far from finished, don't use this unless you really know what you're doing! """ schema = createSchema('PopulateFromRecommendationsSchema') add_csrf_token(self.context, self.request, schema) schema = schema.bind(context = self.context, request = self.request, api = self.api) form = deform.Form(schema, buttons=(button_save,)) self.api.register_form_resources(form) post = self.request.POST if 'save' in post: controls = post.items() try: appstruct = form.validate(controls) except deform.ValidationFailure, e: self.response['form'] = e.render() return self.response adjust_wf = appstruct['adjust_wf'] group = appstruct['group'] userid = appstruct['userid'] dry_run = appstruct['dry_run'] created_discussion_posts = 0 wf_adjusted_proposals = 0 proposals_and_rec = self.get_proposals_and_rec(group) handled_props = len(proposals_and_rec) for (prop, rec) in proposals_and_rec: if rec['text']: created_discussion_posts += 1 text = "%s\n%s" % (rec['text'], u" ".join([u'#%s' % x for x in prop.get_tags()])) post = createContent('DiscussionPost', creators = [userid], text = text) name = post.suggest_name(prop.__parent__) prop.__parent__[name] = post if rec['state'] and adjust_wf: wf_adjusted_proposals += 1 prop.workflow.initialize(prop) prop.set_workflow_state(self.request, rec['state']) self.api.flash_messages.add(_(u"Done - handled ${count} proposals", mapping = {'count': handled_props})) self.api.flash_messages.add(_(u"${count} new discussion posts added", mapping = {'count': created_discussion_posts})) if wf_adjusted_proposals: self.api.flash_messages.add(_(u"${count} proposals workflow adjusted", mapping = {'count': wf_adjusted_proposals})) if dry_run: from transaction import abort abort() self.api.flash_messages.add(_(u"DRY RUN - transaction aborted and nothing saved!")) return HTTPFound(location = self.request.resource_url(self.context))
def add_meeting(self): """ Custom view used when adding meetings. FIXME: We may want to use custom callbacks on add instead, rather than lots of hacks in views. """ content_type = self.request.params.get('content_type') #Permission check add_permission = self.api.content_types_add_perm(content_type) if not has_permission(add_permission, self.context, self.request): raise HTTPForbidden( "You're not allowed to add '%s' in this context." % content_type) factory = self.api.get_content_factory(content_type) schema_name = self.api.get_schema_name(content_type, 'add') schema = createSchema(schema_name) add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api=self.api) form = Form(schema, buttons=(button_add, button_cancel)) self.api.register_form_resources(form) post = self.request.POST if 'add' in post: controls = post.items() try: #appstruct is deforms convention. It will be the submitted data in a dict. appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response copy_users_and_perms = appstruct['copy_users_and_perms'] del appstruct['copy_users_and_perms'] kwargs = {} kwargs.update(appstruct) if self.api.userid: kwargs['creators'] = [self.api.userid] obj = createContent(content_type, **kwargs) name = self.generate_slug(obj.title) self.context[name] = obj if copy_users_and_perms: obj.copy_users_and_perms(copy_users_and_perms) self.api.flash_messages.add( _(u"Users and their permissions successfully copied")) else: self.api.flash_messages.add(_(u"Successfully added")) #Success, redirect url = self.request.resource_url(obj) return HTTPFound(location=url)
def poll_form(self): """ Return rendered poll form or process a vote. """ poll_plugin = self.query_poll_plugin(self.context) if not poll_plugin: return HTTPForbidden() schema = poll_plugin.get_vote_schema(self.request, self.api) add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api = self.api) form = Form(schema, action = self.request.resource_url(self.context, '_poll_form'), buttons = (button_vote,), formid = "vote_form") can_vote = has_permission(security.ADD_VOTE, self.context, self.request) userid = self.api.userid post = self.request.POST if 'vote' in post: if not can_vote: raise HTTPForbidden(u"You're not allowed to vote") controls = post.items() try: appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response Vote = poll_plugin.get_vote_class() if not IVote.implementedBy(Vote): raise TypeError("Poll plugins method get_vote_class returned something that didn't implement IVote.") #Remove crsf_token from appstruct after validation appstruct.pop('csrf_token', None) if userid in self.context: vote = self.context[userid] assert IVote.providedBy(vote) vote.set_vote_data(appstruct) else: vote = Vote(creators = [userid]) #We don't need to send events here, since object added will take care of that vote.set_vote_data(appstruct, notify = False) #To fire events after set_vote_data is done self.context[userid] = vote success_msg = _(u"Your vote has been registered!") if self.request.is_xhr: self.response['success_msg'] = success_msg return Response(render("templates/snippets/vote_success.pt", self.response, request = self.request)) self.api.flash_messages.add(success_msg) url = self.request.resource_url(self.context.__parent__, anchor = self.context.uid) return HTTPFound(location = url)
def poll_config(self): """ Configure poll settings. Only for moderators. The settings themselves come from the poll plugin. Note that the Edit permission should only be granted to moderators before the actual poll has been set in the ongoing state. After that, no settings may be changed. """ self.response['title'] = _(u"Poll config") poll_plugin = self.query_poll_plugin(self.context) if not poll_plugin: return HTTPForbidden() schema = poll_plugin.get_settings_schema() if schema is None: raise HTTPForbidden("No settings for this poll") add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api=self.api) form = Form(schema, buttons=(button_save, button_cancel)) self.api.register_form_resources(form) #FIXME: Better default text config_back_msg = _( u"review_poll_settings_info_getback", default= u"To get back to the poll settings you click the cogwheel menu and select configure poll." ) post = self.request.POST if self.request.method == 'POST': if 'save' in post: controls = post.items() try: appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response appstruct.pop('csrf_token', None) #Otherwise it will be stored too self.context.poll_settings = appstruct self.api.flash_messages.add(config_back_msg) if 'cancel' in post: self.api.flash_messages.add(config_back_msg) url = self.request.resource_url(self.context.__parent__, anchor=self.context.uid) return HTTPFound(location=url)
def transfer_permissions_form(self): schema = createSchema('TransferPermissionsSchema').bind(context = self.context, request = self.request) add_csrf_token(self.context, self.request, schema) form = deform.Form(schema, buttons=(button_save, button_cancel,)) self.api.register_form_resources(form) post = self.request.POST if 'save' in post: controls = post.items() try: appstruct = form.validate(controls) except deform.ValidationFailure, e: #pragma : no cover self.response['form'] = e.render() return self.response from_meeting = self.api.root[appstruct['from_meeting']] value = from_meeting.get_security() self.api.meeting.set_security(value) self.api.flash_messages.add(_(u"Permissions transfered")) return HTTPFound(location = self.request.resource_url(self.api.meeting))
def add_meeting(self): """ Custom view used when adding meetings. FIXME: We may want to use custom callbacks on add instead, rather than lots of hacks in views. """ content_type = self.request.params.get('content_type') #Permission check add_permission = self.api.content_types_add_perm(content_type) if not has_permission(add_permission, self.context, self.request): raise HTTPForbidden("You're not allowed to add '%s' in this context." % content_type) factory = self.api.get_content_factory(content_type) schema_name = self.api.get_schema_name(content_type, 'add') schema = createSchema(schema_name) add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api=self.api) form = Form(schema, buttons=(button_add, button_cancel)) self.api.register_form_resources(form) post = self.request.POST if 'add' in post: controls = post.items() try: #appstruct is deforms convention. It will be the submitted data in a dict. appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response copy_users_and_perms = appstruct['copy_users_and_perms'] del appstruct['copy_users_and_perms'] kwargs = {} kwargs.update(appstruct) if self.api.userid: kwargs['creators'] = [self.api.userid] obj = createContent(content_type, **kwargs) name = self.generate_slug(obj.title) self.context[name] = obj if copy_users_and_perms: obj.copy_users_and_perms(copy_users_and_perms) self.api.flash_messages.add(_(u"Users and their permissions successfully copied")) else: self.api.flash_messages.add(_(u"Successfully added")) #Success, redirect url = self.request.resource_url(obj) return HTTPFound(location=url)
def edit_form(self): self.response['title'] = _( u"Edit %s" % self.api.translate(self.context.display_name)) content_type = self.context.content_type schema_name = self.api.get_schema_name(content_type, 'edit') schema = createSchema(schema_name) add_csrf_token(self.context, self.request, schema) add_came_from(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api=self.api) form = Form(schema, buttons=(button_update, button_cancel)) self.api.register_form_resources(form) post = self.request.POST if self.request.method == 'POST': came_from = None if 'update' in post: controls = post.items() try: appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response #Came from should not be stored either came_from = appstruct.pop('came_from', '') updated = self.context.set_field_appstruct(appstruct) if updated: self.api.flash_messages.add(_(u"Successfully updated")) else: self.api.flash_messages.add(_(u"Nothing updated")) if 'cancel' in post: self.api.flash_messages.add(_(u"Canceled")) if came_from: url = urllib.unquote(came_from) elif self.context.content_type == 'Poll': url = self.request.resource_url(self.context.__parent__, anchor=self.context.uid) else: url = self.request.resource_url(self.context) return HTTPFound(location=url)
def move_object(self): """ Move object to a new parent. """ schema = createSchema('MoveObjectSchema') add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api=self.api) form = Form(schema, buttons=(button_update, button_cancel)) post = self.request.POST if 'update' in post: controls = post.items() try: appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response new_parent_path = urllib.unquote(appstruct['new_parent_path']) new_parent = find_resource(self.api.root, new_parent_path) context = move_object(self.context, new_parent) self.api.flash_messages.add(_(u"Moved")) url = self.request.resource_url(context) return HTTPFound(location=url)
def meeting_access_view_and_discuss(context, request, va, **kw): if context.get_field_value('access_policy') != 'view_and_discuss_permissions': raise Exception("ViewAction for request meeting access view_and_discuss_permissions was called, but that access policy wasn't set for this meeting.") api = kw['api'] if not api.userid: raise Exception("Can't find userid") schema = colander.Schema() add_csrf_token(context, request, schema) form = Form(schema, buttons=(button_request, button_cancel,)) response = {'api': api} post = request.POST if 'request' in post: controls = post.items() try: appstruct = form.validate(controls) except ValidationFailure, e: response['form'] = e.render() return response context.add_groups(api.userid, [ROLE_DISCUSS, ], event = True) api.flash_messages.add(_(u"Access granted!")) url = resource_url(context, request) return HTTPFound(location=url)
def form(self, schema_name): """ Generic settings for for site root. """ schema = createSchema(schema_name) add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api = self.api) form = deform.Form(schema, buttons=(button_save, button_cancel)) self.api.register_form_resources(form) post = self.request.POST if 'save' in post: controls = post.items() try: appstruct = form.validate(controls) except deform.ValidationFailure, e: self.response['form'] = e.render() return self.response updated = self.context.set_field_appstruct(appstruct) if updated: self.api.flash_messages.add(_(u"Successfully updated")) else: self.api.flash_messages.add(_(u"Nothing updated")) url = self.request.resource_url(self.context) return HTTPFound(location=url)
def edit_form(self): """ For configuring polls that haven't started yet. """ schema_name = self.api.get_schema_name(self.context.content_type, 'edit') schema = createSchema(schema_name, after_bind=poll_schema_after_bind) add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api=self.api) form = Form(schema, buttons=(button_update, button_cancel)) self.api.register_form_resources(form) post = self.request.POST if self.request.method == 'POST': if 'update' in post: controls = post.items() try: #appstruct is deforms convention. It will be the submitted data in a dict. appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response removed_uids = set(self.context.proposal_uids) - set( appstruct['proposals']) if removed_uids: #Adjust removed proposals back to published state, if they're locked for uid in removed_uids: prop = self.context.get_proposal_by_uid(uid) if prop.get_workflow_state() == 'voting': prop.set_workflow_state(self.request, u'published') updated = self.context.set_field_appstruct(appstruct) if updated: self.api.flash_messages.add(_(u"Successfully updated")) else: self.api.flash_messages.add(_(u"Nothing changed")) if 'cancel' in post: self.api.flash_messages.add(_(u"Canceled")) url = self.request.resource_url(self.context.__parent__, anchor=self.context.uid) return HTTPFound(location=url)
def add_participants(self): """ Add participants to this meeting. Renders a form where you can paste a csv with the users and select which roles they should have once they register. When the form is submitted, a list of userids and passwords is displayed """ self.response['title'] = _(u"Add meeting participants") post = self.request.POST if 'cancel' in post: self.api.flash_messages.add(_(u"Canceled")) url = resource_url(self.context, self.request) return HTTPFound(location=url) schema = createSchema('AddParticipantsSchema').bind(context=self.context, request=self.request, api=self.api) add_csrf_token(self.context, self.request, schema) form = Form(schema, buttons=(button_add, button_cancel)) self.api.register_form_resources(form) if 'add' in post: controls = post.items() try: appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response roles = appstruct['roles'] output = self._import_participants(appstruct['csv'], roles) msg = _('added_participants_text', default=u"Successfully added ${participant_count} participants", mapping={'participant_count':len(output)} ) self.api.flash_messages.add(msg) self.response['heading'] = "%s %s" % (len(output), self.api.pluralize(self.api.translate(_("participant added")), self.api.translate(_("participants added")), len(output))) self.response['participants'] = output return Response(render("add_participants.pt", self.response, request = self.request))
def edit_form(self): self.response['title'] = _(u"Edit %s" % self.api.translate(self.context.display_name)) content_type = self.context.content_type schema_name = self.api.get_schema_name(content_type, 'edit') schema = createSchema(schema_name) add_csrf_token(self.context, self.request, schema) add_came_from(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api=self.api) form = Form(schema, buttons=(button_update, button_cancel)) self.api.register_form_resources(form) post = self.request.POST if self.request.method == 'POST': came_from = None if 'update' in post: controls = post.items() try: appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response #Came from should not be stored either came_from = appstruct.pop('came_from', '') updated = self.context.set_field_appstruct(appstruct) if updated: self.api.flash_messages.add(_(u"Successfully updated")) else: self.api.flash_messages.add(_(u"Nothing updated")) if 'cancel' in post: self.api.flash_messages.add(_(u"Canceled")) if came_from: url = urllib.unquote(came_from) elif self.context.content_type == 'Poll': url = self.request.resource_url(self.context.__parent__, anchor = self.context.uid) else: url = self.request.resource_url(self.context) return HTTPFound(location = url)
def poll_config(self): """ Configure poll settings. Only for moderators. The settings themselves come from the poll plugin. Note that the Edit permission should only be granted to moderators before the actual poll has been set in the ongoing state. After that, no settings may be changed. """ self.response['title'] = _(u"Poll config") poll_plugin = self.query_poll_plugin(self.context) if not poll_plugin: return HTTPForbidden() schema = poll_plugin.get_settings_schema() if schema is None: raise HTTPForbidden("No settings for this poll") add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api = self.api) form = Form(schema, buttons=(button_save, button_cancel)) self.api.register_form_resources(form) #FIXME: Better default text config_back_msg = _(u"review_poll_settings_info_getback", default = u"To get back to the poll settings you click the cogwheel menu and select configure poll.") post = self.request.POST if self.request.method == 'POST': if 'save' in post: controls = post.items() try: appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response appstruct.pop('csrf_token', None) #Otherwise it will be stored too self.context.poll_settings = appstruct self.api.flash_messages.add(config_back_msg) if 'cancel' in post: self.api.flash_messages.add(config_back_msg) url = self.request.resource_url(self.context.__parent__, anchor = self.context.uid) return HTTPFound(location = url)
def clone_form(self): """ Note: This is far from finished, don't use this unless you really know what you're doing! """ schema = createSchema('CloneMeetingSchema') add_csrf_token(self.context, self.request, schema) schema = schema.bind(context = self.context, request = self.request, api = self.api) form = deform.Form(schema, buttons=(button_save, button_cancel,)) self.api.register_form_resources(form) post = self.request.POST if 'save' in post: controls = post.items() try: appstruct = form.validate(controls) except deform.ValidationFailure, e: #pragma : no cover self.response['form'] = e.render() return self.response new_name = appstruct['new_name'] new_meeting = createContent('Meeting', title = "Clone of %s" % self.context.title) self.api.root[new_name] = new_meeting if hasattr(self.context, '__proposal_ids__'): new_meeting.__proposal_ids__ = deepcopy(self.context.__proposal_ids__) ignore_attributes = appstruct['ignore_attributes'].splitlines() self.process_meeting_structure(new_meeting, ignore_attributes) self.api.flash_messages.add(_(u"Cloned meeting")) return HTTPFound(location = self.request.resource_url(new_meeting))
def add_form(self): post = self.request.POST if 'cancel' in post: self.api.flash_messages.add(_(u"Canceled")) url = resource_url(self.context, self.request) return HTTPFound(location=url) schema = createSchema('AddUserSchema') add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api=self.api) form = Form(schema, buttons=(button_add, button_cancel)) self.api.register_form_resources(form) if 'add' in post: controls = post.items() try: #appstruct is deforms convention. It will be the submitted data in a dict. appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response #Userid and name should be consistent name = appstruct['userid'] del appstruct['userid'] #creators takes care of setting the role owner as well as adding it to creators attr. obj = createContent('User', creators=[name], **appstruct) self.context[name] = obj self.api.flash_messages.add(_(u"Successfully added")) url = resource_url(self.context, self.request) return HTTPFound(location=url)
def form(self, schema_name): """ Generic settings for for site root. """ schema = createSchema(schema_name) add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api=self.api) form = deform.Form(schema, buttons=(button_save, button_cancel)) self.api.register_form_resources(form) post = self.request.POST if 'save' in post: controls = post.items() try: appstruct = form.validate(controls) except deform.ValidationFailure, e: self.response['form'] = e.render() return self.response updated = self.context.set_field_appstruct(appstruct) if updated: self.api.flash_messages.add(_(u"Successfully updated")) else: self.api.flash_messages.add(_(u"Nothing updated")) url = self.request.resource_url(self.context) return HTTPFound(location=url)
def manage_layout(self): """ Manage layout """ self.response['title'] = _(u"Layout") schema = createSchema('LayoutSchema') add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api=self.api) form = Form(schema, buttons=(button_save, button_cancel,)) self.api.register_form_resources(form) post = self.request.POST if 'save' in post: controls = post.items() try: appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response self.context.set_field_appstruct(appstruct) url = self.request.resource_url(self.context) return HTTPFound(location=url)
def presentation(self): schema = createSchema("PresentationMeetingSchema") add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api = self.api) return self.form(schema)
def openid_register(self): schema = createSchema('CSORegisterUserOpenIDSchema') add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api=self.api) form = Form(schema, buttons=( button_register, button_cancel, )) self.api.register_form_resources(form) if 'cancel' in self.request.POST: self.api.flash_messages.add(_(u"Canceled")) url = self.request.resource_url(self.api.root) return HTTPFound(location=url) if self.request.POST: post = dict(self.request.POST) openid_identifier = post['openid_identifier'] domain = post['domain'] userid = post['userid'] came_from = post['came_from'] # Logged in user, connect openid_identifier if self.api.userid: user = self.api.user_profile #check that no other user has this token already other_user = self.api.root.users.get_auth_domain_user( 'openid', 'openid_identifier', openid_identifier) if other_user and user != other_user: raise Forbidden( _("Another user has already registered with this identifier." )) #setting domain stuff user.auth_domains['openid'] = { 'openid_identifier': openid_identifier, 'domain': domain } url = self.request.resource_url(user) return HTTPFound(location=url) else: # Find user with auth token and log it in user = self.api.root.users.get_auth_domain_user( 'openid', 'openid_identifier', openid_identifier) if IUser.providedBy(user): headers = remember(self.request, user.__name__) url = self.request.resource_url(self.context) if came_from: url = urllib.unquote(came_from) return HTTPFound(location=url, headers=headers) if 'register' in self.request.POST: controls = self.request.POST.items() try: appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response userid = appstruct['userid'] email = appstruct['email'] first_name = appstruct['first_name'] last_name = appstruct['last_name'] obj = createContent('User', creators=[userid], email=email, first_name=first_name, last_name=last_name) self.context.users[userid] = obj #setting domain stuff obj.auth_domains['openid'] = { 'openid_identifier': openid_identifier, 'domain': domain } headers = remember(self.request, userid) # login user url = self.request.resource_url(self.api.root) if came_from: url = urllib.unquote(came_from) return HTTPFound(location=url, headers=headers) else: self.response['form'] = form.render(self.request.POST) return self.response
def facebook_register(self): schema = createSchema('CSORegisterUserSchema') add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api=self.api) form = Form(schema, buttons=( button_register, button_cancel, )) self.api.register_form_resources(form) if 'cancel' in self.request.POST: self.api.flash_messages.add(_(u"Canceled")) url = self.request.resource_url(self.api.root) return HTTPFound(location=url) if self.request.POST: post = dict(self.request.POST) oauth_userid = post['oauth_userid'] oauth_access_token = post['oauth_access_token'] came_from = post['came_from'] # Logged in user, connect auth token to user if self.api.userid: user = self.api.user_profile #check that no other user has this token already other_user = self.api.root.users.get_user_by_oauth_token( 'facebook', oauth_access_token) if other_user and user != other_user: raise Forbidden( _("Another user has already registered with this token." )) #setting domain stuff user.auth_domains['facebook'] = { 'oauth_userid': oauth_userid, 'oauth_access_token': oauth_access_token, } url = self.request.resource_url(user) return HTTPFound(location=url) else: # Find user with auth token and log it in user = self.api.root.users.get_user_by_oauth_token( 'facebook', oauth_access_token) if IUser.providedBy(user): headers = remember(self.request, user.__name__) url = self.request.resource_url(self.context) if came_from: url = urllib.unquote(came_from) return HTTPFound(location=url, headers=headers) if 'register' in self.request.POST: controls = self.request.POST.items() try: appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response name = appstruct['userid'] del appstruct['userid'] # removing domain data from appstruct del appstruct['oauth_userid'] del appstruct['oauth_access_token'] # add facebook as selected profile image appstruct['profile_image_plugin'] = 'facebook_profile_image' del appstruct['came_from'] obj = createContent('User', creators=[name], **appstruct) self.context.users[name] = obj #setting domain stuff obj.auth_domains['facebook'] = { 'oauth_userid': oauth_userid, 'oauth_access_token': oauth_access_token, } headers = remember(self.request, name) # login user url = self.request.resource_url(self.api.root) if came_from: url = urllib.unquote(came_from) return HTTPFound(location=url, headers=headers) else: self.response['form'] = form.render(self.request.POST) return self.response
def global_poll_settings(self): schema = createSchema("MeetingPollSettingsSchema") add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api = self.api) return self.form(schema)
def add_tickets(self): """ Add ticket invites to this meeting. Renders a form where you can paste email addresses and select which roles they should have once they register. When the form is submitted, it will also email users. """ post = self.request.POST if 'cancel' in post: self.api.flash_messages.add(_(u"Canceled")) url = self.request.resource_url(self.context) return HTTPFound(location=url) schema = createSchema('AddTicketsSchema') add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api=self.api) form = deform.Form(schema, buttons=(button_add, button_cancel)) self.api.register_form_resources(form) self.response['tabs'] = self.api.render_single_view_component( self.context, self.request, 'tabs', 'manage_tickets') if 'add' in post: controls = post.items() try: appstruct = form.validate(controls) except deform.ValidationFailure, e: self.response['form'] = e.render() return self.response emails = appstruct['emails'].splitlines() roles = appstruct['roles'] added = 0 rejected = 0 for email in emails: result = self.context.add_invite_ticket( email, roles, sent_by=self.api.userid) if result: added += 1 else: rejected += 1 if not rejected: msg = _('added_tickets_text', default=u"Successfully added ${added} invites", mapping={'added': added}) elif not added: msg = _( 'no_tickets_added', default= u"No tickets added - all you specified probably exist already. (Proccessed ${rejected})", mapping={'rejected': rejected}) self.api.flash_messages.add(msg) url = self.request.resource_url(self.context, 'add_tickets') return HTTPFound(location=url) else: msg = _( 'added_tickets_text_some_rejected', default= u"Successfully added ${added} invites but discarded ${rejected} since they already existed or were already used.", mapping={ 'added': added, 'rejected': rejected }) self.api.flash_messages.add(msg) self.request.session['send_tickets.emails'] = emails self.request.session['send_tickets.message'] = appstruct['message'] url = self.request.resource_url(self.context, 'send_tickets') return HTTPFound(location=url)
def mail_settings(self): schema = createSchema("MailSettingsMeetingSchema") add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api = self.api) return self.form(schema)
def delete_form(self): """ Remove content """ schema = colander.Schema() add_csrf_token(self.context, self.request, schema) add_came_from(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api=self.api) form = Form(schema, buttons=(button_delete, button_cancel)) self.api.register_form_resources(form) post = self.request.POST if 'delete' in post: if self.context.content_type in ('SiteRoot', 'Users', 'User'): raise HTTPForbidden("Can't delete this content type") parent = self.context.__parent__ del parent[self.context.__name__] self.api.flash_messages.add(_(u"Deleted")) url = self.request.resource_url(parent) came_from = self.request.POST.get('came_from', None) if came_from: url = urllib.unquote(came_from) return HTTPFound(location=url) if 'cancel' in post: self.api.flash_messages.add(_(u"Canceled")) url = self.request.resource_url(self.context) return HTTPFound(location=url) #No action - Render edit form if self.context.content_type == 'Proposal': used_in_polls = [] ai = self.context.__parent__ for poll in ai.get_content(content_type='Poll'): if self.context.uid in poll.proposal_uids: used_in_polls.append("'%s'" % poll.title) if used_in_polls: msg = _( u"deleting_proposals_used_in_polls_not_allowed_error", default= u"You can't remove this proposal - it's used within the following polls: ${poll_titles}", mapping={'poll_titles': u", ".join(used_in_polls)}) self.api.flash_messages.add(msg, type='error', close_button=False) raise HTTPFound(location=self.request.resource_url(ai)) msg = _( u"delete_form_notice", default= u"Are you sure you want to delete '${display_name}' with title: ${title}?", mapping={ 'display_name': self.api.translate(self.context.display_name), 'title': self.context.title }) self.api.flash_messages.add(msg, close_button=False) appstruct = {} came_from = self.request.GET.get('came_from', None) if came_from: appstruct['came_from'] = came_from self.response['form'] = form.render(appstruct) return self.response
def openid_register(self): schema = createSchema('CSORegisterUserOpenIDSchema') add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api = self.api) form = Form(schema, buttons=(button_register, button_cancel,)) self.api.register_form_resources(form) if 'cancel' in self.request.POST: self.api.flash_messages.add(_(u"Canceled")) url = self.request.resource_url(self.api.root) return HTTPFound(location=url) if self.request.POST: post = dict(self.request.POST) openid_identifier = post['openid_identifier'] domain = post['domain'] userid = post['userid'] came_from = post['came_from'] # Logged in user, connect openid_identifier if self.api.userid: user = self.api.user_profile #check that no other user has this token already other_user = self.api.root.users.get_auth_domain_user('openid', 'openid_identifier', openid_identifier) if other_user and user != other_user: raise Forbidden(_("Another user has already registered with this identifier.")) #setting domain stuff user.auth_domains['openid'] = {'openid_identifier': openid_identifier, 'domain': domain} url = self.request.resource_url(user) return HTTPFound(location=url) else: # Find user with auth token and log it in user = self.api.root.users.get_auth_domain_user('openid', 'openid_identifier', openid_identifier) if IUser.providedBy(user): headers = remember(self.request, user.__name__) url = self.request.resource_url(self.context) if came_from: url = urllib.unquote(came_from) return HTTPFound(location = url, headers = headers) if 'register' in self.request.POST: controls = self.request.POST.items() try: appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response userid = appstruct['userid'] email = appstruct['email'] first_name = appstruct['first_name'] last_name = appstruct['last_name'] obj = createContent('User', creators=[userid], email = email, first_name = first_name, last_name = last_name) self.context.users[userid] = obj #setting domain stuff obj.auth_domains['openid'] = {'openid_identifier': openid_identifier, 'domain': domain} headers = remember(self.request, userid) # login user url = self.request.resource_url(self.api.root) if came_from: url = urllib.unquote(came_from) return HTTPFound(location=url, headers=headers) else: self.response['form'] = form.render(self.request.POST) return self.response
def facebook_register(self): schema = createSchema('CSORegisterUserSchema') add_csrf_token(self.context, self.request, schema) schema = schema.bind(context=self.context, request=self.request, api = self.api) form = Form(schema, buttons=(button_register, button_cancel,)) self.api.register_form_resources(form) if 'cancel' in self.request.POST: self.api.flash_messages.add(_(u"Canceled")) url = self.request.resource_url(self.api.root) return HTTPFound(location=url) if self.request.POST: post = dict(self.request.POST) oauth_userid = post['oauth_userid'] oauth_access_token = post['oauth_access_token'] came_from = post['came_from'] # Logged in user, connect auth token to user if self.api.userid: user = self.api.user_profile #check that no other user has this token already other_user = self.api.root.users.get_user_by_oauth_token('facebook', oauth_access_token) if other_user and user != other_user: raise Forbidden(_("Another user has already registered with this token.")) #setting domain stuff user.auth_domains['facebook'] = {'oauth_userid': oauth_userid, 'oauth_access_token': oauth_access_token,} url = self.request.resource_url(user) return HTTPFound(location=url) else: # Find user with auth token and log it in user = self.api.root.users.get_user_by_oauth_token('facebook', oauth_access_token) if IUser.providedBy(user): headers = remember(self.request, user.__name__) url = self.request.resource_url(self.context) if came_from: url = urllib.unquote(came_from) return HTTPFound(location = url, headers = headers) if 'register' in self.request.POST: controls = self.request.POST.items() try: appstruct = form.validate(controls) except ValidationFailure, e: self.response['form'] = e.render() return self.response name = appstruct['userid'] del appstruct['userid'] # removing domain data from appstruct del appstruct['oauth_userid'] del appstruct['oauth_access_token'] # add facebook as selected profile image appstruct['profile_image_plugin'] = 'facebook_profile_image' del appstruct['came_from'] obj = createContent('User', creators=[name], **appstruct) self.context.users[name] = obj #setting domain stuff obj.auth_domains['facebook'] = {'oauth_userid': oauth_userid, 'oauth_access_token': oauth_access_token,} headers = remember(self.request, name) # login user url = self.request.resource_url(self.api.root) if came_from: url = urllib.unquote(came_from) return HTTPFound(location=url, headers=headers) else: self.response['form'] = form.render(self.request.POST) return self.response