def do_user_tags(name):
user = Account.get_user(name)
if not user:
error(code=404)
if 'username' not in request.params:
seterr('/station', 'noplayer')
redirect('/'.join(['/tag', name, request.params['username']]), 303)
def do_user_zero(name):
user = Account.get_user(name)
if not user:
error(code=404)
user.zero = True
user.state = 'zombie'
redirect(request.environ.get('HTTP_REFERER','/'), 303)
def do_user_edit(name):
if not request.admin and request.user.username != name:
error(code=401)
p = request.params
user = Account.get_user(name)
# whitelist the params a player may pass in
perm_user = [
'verify_password', 'password', 'confirm_password', 'language', 'cell',
'twitter', 'email'
]
if request.player:
# filter the params down to the permitted ones
p = dict([(x, p[x]) for x in perm_user if x in p])
if 'password' in p and p['password'] and not request.admin:
if p['password'] != p['confirm_password']:
seterr('/user/%s/edit' % name, 'vp')
if not user.verify_pass(p['verify_password']):
seterr('/user/%s/edit' % name, 'bp')
for prop in [
'language', 'cell', 'twitter', 'name', 'username', 'state',
'signedin', 'student_num', 'email'
]:
if prop in p:
if p[prop]:
try:
i = int(p[prop])
setattr(user, prop, int(p[prop]))
except:
setattr(user, prop, p[prop])
else:
setattr(user, prop, None)
if p['password']:
user.hashed_pass = p['password']
redirect('/user/' + name, 303)
def do_user_edit(name):
if not request.admin and request.user.username != name:
error(code=401)
p = request.params
user = Account.get_user(name)
# whitelist the params a player may pass in
perm_user = ['verify_password','password','confirm_password','language','cell','twitter','email']
if request.player:
# filter the params down to the permitted ones
p = dict([(x,p[x]) for x in perm_user if x in p])
if 'password' in p and p['password'] and not request.admin:
if p['password'] != p['confirm_password']:
seterr('/user/%s/edit' % name, 'vp')
if not user.verify_pass(p['verify_password']):
seterr('/user/%s/edit' % name, 'bp')
for prop in ['language','cell','twitter','name','username','state','signedin','student_num','email']:
if prop in p:
if p[prop]:
try:
i = int(p[prop])
setattr(user,prop,int(p[prop]))
except:
setattr(user,prop,p[prop])
else:
setattr(user,prop,None)
if p['password']:
user.hashed_pass = p['password']
redirect('/user/' + name, 303)
def do_user_zero(name):
user = Account.get_user(name)
if not user:
error(code=404)
user.zero = True
user.state = 'zombie'
redirect(request.environ.get('HTTP_REFERER', '/'), 303)
def do_user_tags(name):
user = Account.get_user(name)
if not user:
error(code=404)
if 'username' not in request.params:
seterr('/station', 'noplayer')
redirect('/'.join(['/tag',name,request.params['username']]), 303)
def view_edit_cure(cid): try: c = Cure.get_cure(int(cid)) except: c = Cure.get_cure(cid) if not c: error(code=404) return dict(cure=c)
def do_del_user_checkins(name):
user = Account.get_user(name)
if not user:
error(code=404)
# checkins are like checkin_[id]
ids = [int(x[x.find('_') + 1:]) for x in request.params if 'checkin_' in x]
_ = [Checkin.select(Checkin.q.id == x)[0].destroySelf() for x in ids]
redirect('/user/%s/checkins' % user.username, 303)
def do_del_user_checkins(name):
user = Account.get_user(name)
if not user:
error(code=404)
# checkins are like checkin_[id]
ids = [int(x[x.find('_')+1:]) for x in request.params if 'checkin_' in x]
_ = [Checkin.select(Checkin.q.id == x)[0].destroySelf() for x in ids]
redirect('/user/%s/checkins' % user.username, 303)
def view_user_edit(name):
if not request.admin and request.user.username != name:
error(code=401)
user = Account.get_user(name)
if not user:
error(code=404)
return dict(vuser=user,
i18n=i18n.override_title('user_edit',
i18n.i18n['e']['pages']['user_edit']['editing'] + ' ' + user.username,
i18n.i18n['f']['pages']['user_edit']['editing'] + ' ' + user.username))
def view_tags(tagger, taggee): tagger = Account.get_user(tagger) taggee = Account.get_user(taggee) if not tagger or not taggee: error(code=404) return dict(tagger=tagger, taggee=taggee, tags=Tag.select(OR( AND(Tag.q.tagger == tagger, Tag.q.taggee == taggee), AND(Tag.q.tagger == taggee, Tag.q.taggee == tagger) )))
def do_comment(pid):
p = request.params
try:
po = Post.from_pid(pid)
except:
error(code=404)
if not p["comment"]:
seterr("/post/view/%s" % str(pid), "nocontent")
if Comment.select(Comment.q.user == request.user and Comment.q.content == p["comment"]).count() > 0:
seterr("/post/view/%s" % str(pid), "exists")
c = Comment(user=request.user, content=p["comment"], post=po)
redirect("/post/view/" + str(pid) + "#comment-" + str(c.id), 303)
def do_comment(pid):
p = request.params
try:
po = Post.from_pid(pid)
except:
error(code=404)
if not p['comment']:
seterr('/post/view/%s' % str(pid), 'nocontent')
if Comment.select(Comment.q.user == request.user and Comment.q.content == p['comment']).count() > 0:
seterr('/post/view/%s' % str(pid), 'exists')
c = Comment(user=request.user, content=p['comment'], post=po)
redirect('/post/view/' + str(pid) + '#comment-' + str(c.id), 303)
def view_user_edit(name):
if not request.admin and request.user.username != name:
error(code=401)
user = Account.get_user(name)
if not user:
error(code=404)
return dict(vuser=user,
i18n=i18n.override_title(
'user_edit',
i18n.i18n['e']['pages']['user_edit']['editing'] + ' ' +
user.username,
i18n.i18n['f']['pages']['user_edit']['editing'] + ' ' +
user.username))
def do_add_user_checkin(name):
user = Account.get_user(name)
if not user:
error(code=404)
# no location or time
if not 'location' in request.params:
seterr('/user/%s/checkins' % user.username, 'noloc')
if not 'time' in request.params:
seterr('/user/%s/checkins' % user.username, 'notime')
# bad location
if not request.params['location'] in database.locations:
seterr('/user/%s/checkins' % user.username, 'badloc')
# bad time
time = None
try:
time = datetime.datetime.strptime(request.params['time'],'%Y-%m-%d %H:%M:%S')
except:
seterr('/user/%s/checkins' % user.username, 'badtime')
location = request.params['location']
Checkin(time=time,location=location,player=user)
redirect('/user/%s/checkins' % name, 303)
def do_add_user_checkin(name):
user = Account.get_user(name)
if not user:
error(code=404)
# no location or time
if not 'location' in request.params:
seterr('/user/%s/checkins' % user.username, 'noloc')
if not 'time' in request.params:
seterr('/user/%s/checkins' % user.username, 'notime')
# bad location
if not request.params['location'] in database.locations:
seterr('/user/%s/checkins' % user.username, 'badloc')
# bad time
time = None
try:
time = datetime.datetime.strptime(request.params['time'],
'%Y-%m-%d %H:%M:%S')
except:
seterr('/user/%s/checkins' % user.username, 'badtime')
location = request.params['location']
Checkin(time=time, location=location, player=user)
redirect('/user/%s/checkins' % name, 303)
def view_user(name):
if request.station and not ('HTTP_REFERER' in request.environ and '/station' in request.environ['HTTP_REFERER']):
error(code=401)
if (not request.admin) and (request.user.username != name) and not request.station:
error(code=401)
user = Account.get_user(name)
if not user:
error(code=404)
return dict(vuser=user,i18n=i18n.override_title('user',user.username,user.username))
def view_user(name):
if request.station and not ('HTTP_REFERER' in request.environ and
'/station' in request.environ['HTTP_REFERER']):
error(code=401)
if (not request.admin) and (request.user.username !=
name) and not request.station:
error(code=401)
user = Account.get_user(name)
if not user:
error(code=404)
return dict(vuser=user,
i18n=i18n.override_title('user', user.username, user.username))
def denied(*args, **kwargs): error(401)
def ent():
if request.method == 'GET':
return c.entreprise(request.args.get('id'))
else:
return c.error(404)
def view_user_checkins(name): user = Account.get_user(name) if not user: error(code=404) return dict(vuser=user,checkins=user.checkins.orderBy(Checkin.q.time))
def page_not_found(error):
return c.error(404)
def send():
if request.method == 'GET':
return c.send(request.args)
else:
return c.error(404)
def view_post(pid):
try:
p = Post.from_pid(pid)
return dict(post=p, i18n=i18n.override_title("index", p.title_e, p.title_f))
except:
error(code=404)
def do_edit_post(pid):
p = request.params
try:
post = Post.from_pid(pid)
except IndexError, e:
error(code=404)
def process_search():
if request.method == 'GET':
return c.process_search(request.args)
else:
return c.error(404)
def test_error():
assert isinstance(controller.error('oops'), dict)
assert controller.error('oops') == {'ok': False, 'message': 'oops'}
def view_tags(tagger): tagger = Account.get_user(tagger) if not tagger: error(code=404) return dict(tagger=tagger, tags=Tag.select(OR(Tag.q.tagger == tagger,Tag.q.taggee == tagger),orderBy=Tag.q.time))
def do_edit_post(pid): p = request.params try: post=Post.from_pid(pid) except IndexError, e: error(code=404)
def view_post(pid):
try:
p = Post.from_pid(pid)
return dict(post=p,i18n=i18n.override_title('index',p.title_e,p.title_f))
except:
error(code=404)
def denied(*args, **kwargs):
error(401)
def view_user_checkins(name):
user = Account.get_user(name)
if not user:
error(code=404)
return dict(vuser=user, checkins=user.checkins.orderBy(Checkin.q.time))