def notes_(request): if not define.is_vouched_for(request.userid): raise WeasylError("vouchRequired") form = request.web_input(folder="inbox", filter="", backid="", nextid="") backid = int(form.backid) if form.backid else None nextid = int(form.nextid) if form.nextid else None filter_ = define.get_userid_list(form.filter) if form.folder == "inbox": return Response( define.webpage( request.userid, "note/message_list.html", [ # Folder "inbox", # Private messages note.select_inbox(request.userid, 50, backid=backid, nextid=nextid, filter=filter_), ])) if form.folder == "outbox": return Response( define.webpage( request.userid, "note/message_list.html", [ # Folder "outbox", # Private messages note.select_outbox(request.userid, 50, backid=backid, nextid=nextid, filter=filter_), ])) raise WeasylError("unknownMessageFolder")
def GET(self): form = web.input(folder="inbox", filter="", backid="", nextid="") backid = int(form.backid) if form.backid else None nextid = int(form.nextid) if form.nextid else None filter_ = define.get_userid_list(form.filter) if form.folder == "inbox": return define.webpage(self.user_id, "note/message_list.html", [ # Folder "inbox", # Private messages note.select_inbox(self.user_id, 50, backid=backid, nextid=nextid, filter=filter_), ]) if form.folder == "outbox": return define.webpage(self.user_id, "note/message_list.html", [ # Folder "outbox", # Private messages note.select_outbox(self.user_id, 50, backid=backid, nextid=nextid, filter=filter_), ]) raise WeasylError("unknownMessageFolder")
def notes_(request): form = request.web_input(folder="inbox", filter="", backid="", nextid="") backid = int(form.backid) if form.backid else None nextid = int(form.nextid) if form.nextid else None filter_ = define.get_userid_list(form.filter) if form.folder == "inbox": return Response(define.webpage(request.userid, "note/message_list.html", [ # Folder "inbox", # Private messages note.select_inbox(request.userid, 50, backid=backid, nextid=nextid, filter=filter_), ])) if form.folder == "outbox": return Response(define.webpage(request.userid, "note/message_list.html", [ # Folder "outbox", # Private messages note.select_outbox(request.userid, 50, backid=backid, nextid=nextid, filter=filter_), ])) raise WeasylError("unknownMessageFolder")
def send(userid, form): form.title = form.title.strip() form.content = form.content.strip() if not form.content: raise WeasylError("contentInvalid") elif not form.title: raise WeasylError("titleInvalid") elif len(form.title) > 100: raise WeasylError("titleTooLong") users = set(i for i in d.get_userid_list(form.recipient) if i != userid) users.difference_update( d.execute("SELECT userid FROM ignoreuser WHERE otherid = %i", [userid], options="within")) users.difference_update( d.execute("SELECT otherid FROM ignoreuser WHERE userid = %i", [userid], options="within")) if not users: raise WeasylError("recipientInvalid") configs = d.execute( "SELECT userid, config FROM profile WHERE userid IN %s", [d.sql_number_list(list(users))]) if userid not in staff.MODS: ignore_global_restrictions = { i for (i, ) in d.engine.execute( "SELECT userid FROM permitted_senders WHERE sender = %(user)s", user=userid) } remove = ( # Staff notes only {j[0] for j in configs if "y" in j[1]} | # Friend notes only { j[0] for j in configs if "z" in j[1] and not frienduser.check(userid, j[0]) }) users.difference_update(remove - ignore_global_restrictions) if not users: raise WeasylError("recipientInvalid") elif len(users) > 10: raise WeasylError("recipientExcessive") argv = [] unixtime = d.get_time() statement = [ "INSERT INTO message (userid, otherid, title, content, unixtime) VALUES" ] for i in users: argv.extend([form.title if form.title else "None", form.content]) statement.append(" (%i, %i, '%%s', '%%s', %i)," % (userid, i, unixtime)) d._page_header_info.invalidate(i) statement[-1] = statement[-1][:-1] d.execute("".join(statement), argv) d.engine.execute( """ INSERT INTO permitted_senders (userid, sender) SELECT %(user)s, sender FROM UNNEST (%(recipients)s) AS sender ON CONFLICT (userid, sender) DO NOTHING """, user=userid, recipients=list(users), ) if form.mod_copy and userid in staff.MODS: mod_content = ( '## The following message was sent as a note to the user.\n\n### %s\n\n%s' % (form.title, form.content)) if form.staff_note: mod_content = '%s\n\n%s' % (form.staff_note, mod_content) now = arrow.utcnow() mod_copies = [] for target in users: mod_copies.append({ 'userid': userid, 'target_user': target, 'unixtime': now, 'settings': 's', 'content': mod_content, }) d.engine.execute(d.meta.tables['comments'].insert().values(mod_copies))
def control_unignoreuser_(request): form = request.web_input(username="") ignoreuser.remove(request.userid, define.get_userid_list(form.username)) raise HTTPSeeOther(location="/manage/ignore")
def POST(self): form = web.input(username="") ignoreuser.remove(self.user_id, define.get_userid_list(form.username)) raise web.seeother("/manage/ignore")
def send(userid, form): form.title = form.title.strip() form.content = form.content.strip() if not form.content: raise WeasylError("contentInvalid") elif not form.title: raise WeasylError("titleInvalid") elif len(form.title) > 100: raise WeasylError("titleTooLong") users = set(d.get_userid_list(form.recipient)) # can't send a note to yourself users.discard(userid) # can't send a note to a user who ignores you users.difference_update( d.column( d.engine.execute( "SELECT userid FROM ignoreuser WHERE otherid = %(user)s", user=userid))) # can't send a note to an unverified user users.difference_update( d.column( d.engine.execute( "SELECT userid FROM login WHERE userid = ANY (%(users)s) AND voucher IS NULL", users=list(users)))) # can't send a note to a user you're ignoring users.difference_update(ignoreuser.cached_list_ignoring(userid)) if not users: raise WeasylError("recipientInvalid") configs = d.engine.execute( "SELECT userid, config FROM profile WHERE userid = ANY (%(recipients)s)", recipients=list(users)).fetchall() if userid not in staff.MODS: ignore_global_restrictions = { i for (i, ) in d.engine.execute( "SELECT userid FROM permitted_senders WHERE sender = %(user)s", user=userid) } remove = ( # Staff notes only {j[0] for j in configs if "y" in j[1]} | # Friend notes only { j[0] for j in configs if "z" in j[1] and not frienduser.check(userid, j[0]) }) users.difference_update(remove - ignore_global_restrictions) if not users: raise WeasylError("recipientInvalid") elif len(users) > 10: raise WeasylError("recipientExcessive") d.engine.execute( "INSERT INTO message (userid, otherid, title, content, unixtime)" " SELECT %(sender)s, recipient, %(title)s, %(content)s, %(now)s" " FROM UNNEST (%(recipients)s) AS recipient", sender=userid, title=form.title, content=form.content, now=d.get_time(), recipients=list(users), ) for u in users: d._page_header_info.invalidate(u) d.engine.execute( """ INSERT INTO permitted_senders (userid, sender) SELECT %(user)s, sender FROM UNNEST (%(recipients)s) AS sender ON CONFLICT (userid, sender) DO NOTHING """, user=userid, recipients=list(users), ) if form.mod_copy and userid in staff.MODS: mod_content = ( '## The following message was sent as a note to the user.\n\n### %s\n\n%s' % (form.title, form.content)) if form.staff_note: mod_content = '%s\n\n%s' % (form.staff_note, mod_content) now = arrow.utcnow() mod_copies = [] for target in users: mod_copies.append({ 'userid': userid, 'target_user': target, 'unixtime': now, 'settings': 's', 'content': mod_content, }) d.engine.execute(d.meta.tables['comments'].insert().values(mod_copies))
def send(userid, form): form.title = form.title.strip() form.content = form.content.strip() if not form.content: raise WeasylError("contentInvalid") elif not form.title: raise WeasylError("titleInvalid") elif len(form.title) > 100: raise WeasylError("titleTooLong") users = set(i for i in d.get_userid_list(form.recipient) if i != userid) users.difference_update( d.execute("SELECT userid FROM ignoreuser WHERE otherid = %i", [userid], options="within")) users.difference_update( d.execute("SELECT otherid FROM ignoreuser WHERE userid = %i", [userid], options="within")) if not users: raise WeasylError("recipientInvalid") configs = d.execute( "SELECT userid, config FROM profile WHERE userid IN %s", [d.sql_number_list(list(users))]) if userid not in staff.MODS: # Staff notes only users.difference_update(j[0] for j in configs if "y" in j[1]) # Friend notes only users.difference_update(j[0] for j in configs if "z" in j[1] and not frienduser.check(userid, j[0])) if not users: raise WeasylError("recipientInvalid") elif len(users) > 10: raise WeasylError("recipientExcessive") argv = [] unixtime = d.get_time() statement = ["INSERT INTO message (userid, otherid, title, content, unixtime) VALUES"] for i in users: argv.extend([form.title if form.title else "None", form.content]) statement.append(" (%i, %i, '%%s', '%%s', %i)," % (userid, i, unixtime)) d._page_header_info.invalidate(i) statement[-1] = statement[-1][:-1] d.execute("".join(statement), argv) if form.mod_copy and userid in staff.MODS: mod_content = ( '## The following message was sent as a note to the user.\n\n### %s\n\n%s' % ( form.title, form.content)) if form.staff_note: mod_content = '%s\n\n%s' % (form.staff_note, mod_content) now = arrow.utcnow() mod_copies = [] for target in users: mod_copies.append({ 'userid': userid, 'target_user': target, 'unixtime': now, 'settings': 's', 'content': mod_content, }) d.engine.execute( d.meta.tables['comments'].insert() .values(mod_copies))