Exemplo n.º 1
0
        def publisher_admin_images(self):
            self.meta_tags(title="Images")
            if request.method == "POST":
                id = request.form.get("id", None)
                action = request.form.get("action")
                description = request.form.get("description")
                if id:
                    image = PostModel.UploadObject.get(id)
                    if image:
                        if action == "delete":
                            image.delete()
                            obj = storage.get(image.name)
                            if obj:
                                obj.delete()
                            flash("Image deleted successfully!", "success")
                        else:
                            image.update(description=description)
                            flash("Image updated successfully!", "success")
                else:
                    abort(404, "No image ID provided")
                return redirect(url_for("PublisherAdmin:images"))

            else:
                page = request.args.get("page", 1)
                per_page = self.get_config("PAGINATION_PER_PAGE", 25)
                images = PostModel.UploadObject.all()\
                    .filter(PostModel.UploadObject.type == "IMAGE")\
                    .order_by(PostModel.UploadObject.name.asc())
                images = images.paginate(page=page, per_page=per_page)
                return dict(images=images)
Exemplo n.º 2
0
        def page_single(self, id=None, slug=None, month=None, date=None):
            """
            Endpoints options
                single
                    - post_show_byline
            """
            post = None
            _q = {}
            if id:
                _q = {"id": id}
            elif slug:
                _q = {"slug": slug}

            post = Post.get_published(types=query.get("types"), **_q)
            if not post:
                abort("PublisherPageNotFound")

            self.meta_tags(title=post.title,
                           image=post.top_image,
                           description=post.excerpt)

            _kwargs = {
                #"post_show_byline": opt_endpoints.get("single.post_show_byline", True)
            }
            _kwargs = dict()
            return dict(post=self.prepare_post(post), **_kwargs)
Exemplo n.º 3
0
        def user_admin_get(self, id):
            self.meta_tags(title="User Info - Users Admin")
            user = User.get(id, include_deleted=True)
            if not user:
                abort(404, "User doesn't exist")

            if current_user.role.level < user.role.level:
                abort(403, "Not enough rights to access this user info")

            return dict(user=user, 
                        user_roles_options=self._user_roles_options())
Exemplo n.º 4
0
        def publisher_admin_preview(self, id):
            """
            Read Post
            """
            post = PostModel.Post.get(id)
            if not post:
                abort(404, "Post doesn't exist")

            self.meta_tags(title="Read: %s " % post.title)

            return dict(post=post)
Exemplo n.º 5
0
        def user_admin_get(self, id):
            self.meta_tags(title="User Info - Users Admin")
            user = User.get(id, include_deleted=True)
            if not user:
                abort(404, "User doesn't exist")

            if current_user.role.level < user.role.level:
                abort(403, "Not enough rights to access this user info")

            return dict(user=user,
                        user_roles_options=self._user_roles_options())
Exemplo n.º 6
0
        def publisher_admin_edit(self, id):
            """
            Create / Edit Post
            """
            self.meta_tags(title="Edit Post")

            types = [(t.id, t.name) for t in PostModel.Type.all().order_by(PostModel.Type.name.asc())]
            categories = [(c.id, c.name) for c in PostModel.Category.all().order_by(PostModel.Category.name.asc())]
            checked_cats = []

            type_id = request.args.get("type_id", None)

            # data to pass to view
            post = {
                "id": 0,
                "title": "",
                "content": "",
                "slug": "",
                "is_public": True,
                "is_sticky": False,
                "is_featured": False,
                "type_id": 0 if not type_id else int(type_id),
                "options": {}
            }

            # saved in session
            flashed_data = get_flashed_data()
            if request.args.get("error") and flashed_data:
                post = flashed_data
                checked_cats = post["post_categories"]

            elif id:
                post = PostModel.Post.get(id)
                if not post or post.is_revision:
                    abort(404, "Post doesn't exist")
                checked_cats = [c.id for c in post.categories]

            images = PostModel.UploadObject.all()\
                .filter(PostModel.UploadObject.type == "IMAGE")\
                .order_by(PostModel.UploadObject.name.asc())

            images_list = [{"id": img.id, "url": img.object_url} for img in images]
            return dict(post=post,
                        types=types,
                        categories=categories,
                        checked_categories=checked_cats,
                        images_list=images_list)
Exemplo n.º 7
0
        def reset_password(self, token):
            self._login_enabled()
            logout_user()

            self.meta_tags(title="Reset Password")
            user = User.get_by_temp_login(token)
            if user:
                if not user.has_temp_login:
                    return redirect(url_for(on_signin_view))
                if request.method == "POST":
                    try:
                        self.change_password_handler(user_context=user)
                        user.clear_temp_login()
                        flash("Password updated successfully!", "success")
                        return redirect(url_for(on_signin_view))
                    except Exception as ex:
                        flash("Error: %s" % ex.message, "error")
                        return redirect(url_for(endpoint_namespace % "reset_password",
                                                token=token))
                else:
                    return dict(token=token)
            else:
                abort(404, "Invalid token")
Exemplo n.º 8
0
        def reset_password(self, token):
            self._login_enabled()
            logout_user()

            self.meta_tags(title="Reset Password")
            user = User.get_by_temp_login(token)
            if user:
                if not user.has_temp_login:
                    return redirect(url_for(on_signin_view))
                if request.method == "POST":
                    try:
                        self.change_password_handler(user_context=user)
                        user.clear_temp_login()
                        flash("Password updated successfully!", "success")
                        return redirect(url_for(on_signin_view))
                    except Exception as ex:
                        flash("Error: %s" % ex.message, "error")
                        return redirect(
                            url_for(endpoint_namespace % "reset_password",
                                    token=token))
                else:
                    return dict(token=token)
            else:
                abort(404, "Invalid token")
Exemplo n.º 9
0
        def contact_page(self):

            # Email to
            email_to = kwargs.pop(
                "email_to", self.get_config("APPLICATION_CONTACT_EMAIL", None))

            if not mail.validated:

                abort("MailmanConfigurationError")
            elif not email_to:
                abort("ContactPageMissingEmailToError")

            if request.method == "POST":
                email = request.form.get("email")
                subject = request.form.get("subject")
                message = request.form.get("message")
                name = request.form.get("name")

                flash_message = "Message sent. Thank you!"
                flash_type = "success"

                if recaptcha.verify():

                    if not email or not subject or not message:
                        flash_message = "All fields are required"
                        flash_type = "error"
                    elif not utils.is_valid_email(email):
                        flash_message = "Invalid email address"
                        flash_type = "error"
                    else:
                        try:
                            mail.send(to=email_to,
                                      reply_to=email,
                                      mail_from=email,
                                      mail_subject=subject,
                                      mail_message=message,
                                      mail_name=name,
                                      template="contact-us.txt")
                        except Exception as ex:
                            logging.exception(ex)
                            abort("MailmanConfigurationError")
                else:
                    flash_message = "Security code is invalid"
                    flash_type = "error"

                flash(flash_message, flash_type)

                return redirect(url_for(return_to))

            self.meta_tags(title="Contact Us")

            return None
Exemplo n.º 10
0
        def contact_page(self):

            # Email to
            email_to = kwargs.pop("email_to", self.get_config("APPLICATION_CONTACT_EMAIL", None))

            if not mail.validated:

                abort("MailmanConfigurationError")
            elif not email_to:
                abort("ContactPageMissingEmailToError")

            if request.method == "POST":
                email = request.form.get("email")
                subject = request.form.get("subject")
                message = request.form.get("message")
                name = request.form.get("name")

                flash_message = "Message sent. Thank you!"
                flash_type = "success"

                if recaptcha.verify():

                    if not email or not subject or not message:
                        flash_message = "All fields are required"
                        flash_type = "error"
                    elif not utils.is_valid_email(email):
                        flash_message = "Invalid email address"
                        flash_type = "error"
                    else:
                        try:
                            mail.send(to=email_to,
                                         reply_to=email,
                                         mail_from=email,
                                         mail_subject=subject,
                                         mail_message=message,
                                         mail_name=name,
                                         template="contact-us.txt")
                        except Exception as ex:
                            logging.exception(ex)
                            abort("MailmanConfigurationError")
                else:
                    flash_message = "Security code is invalid"
                    flash_type = "error"

                flash(flash_message, flash_type)

                return redirect(url_for(return_to))

            self.meta_tags(title="Contact Us")

            return None
Exemplo n.º 11
0
        def user_admin_post(self):
            try:
                id = request.form.get("id")
                user = User.get(id, include_deleted=True)
                if not user:
                    flash("Can't change user info. Invalid user", "error")
                    return redirect(url_for("UserAdmin:index"))

                if current_user.role.level < user.role.level:
                    abort(403, "Not enough rights to update this user info")

                email = request.form.get("email", "").strip()
                first_name = request.form.get("first_name")
                last_name = request.form.get("last_name")
                user_role = request.form.get("user_role")
                action = request.form.get("action")

                if user.id != current_user.id:
                    _role = Role.get(user_role)
                    if not _role:
                        raise UserError("Invalid role")

                    if current_user.role.name.lower() not in PRIVILEDGED_ROLES:
                        raise UserError(
                            "Not Enough right to change user's info")

                    if action == "activate":
                        user.update(active=True)
                        flash("User has been ACTIVATED", "success")
                    elif action == "deactivate":
                        user.update(active=False)
                        flash("User is now DEACTIVATED", "success")
                    elif action == "delete":
                        user.delete()
                        flash("User has been deleted", "success")
                    elif action == "undelete":
                        user.delete(False)
                        flash("User is now active", "success")
                    else:
                        if email and email != user.email:
                            if not utils.is_valid_email(email):
                                raise UserError("Invalid email address '%s'" %
                                                email)
                            else:
                                if User.get_by_email(email):
                                    raise UserError(
                                        "Email exists already '%s'" % email)
                                user.update(email=email)

                        user.update(first_name=first_name,
                                    last_name=last_name,
                                    role_id=_role.id)

                else:
                    if email and email != user.email:
                        if not utils.is_valid_email(email):
                            raise UserError("Invalid email address '%s'" %
                                            email)
                        else:
                            if User.get_by_email(email):
                                raise UserError("Email exists already '%s'" %
                                                email)
                            user.update(email=email)
                    user.update(first_name=first_name, last_name=last_name)

                    flash("User's Info updated successfully!", "success")
            except ApplicationError as ex:
                flash("Error: %s " % ex.message, "error")
            return redirect(url_for("UserAdmin:get", id=id))
Exemplo n.º 12
0
 def _login_enabled(self):
     if self.get_config("USER_AUTH_ALLOW_LOGIN") is not True:
         abort("UserLoginDisabledError")
Exemplo n.º 13
0
 def _signup_enabled(self):
     if self.get_config("USER_AUTH_ALLOW_SIGNUP") is not True:
         abort("UserSignupDisabledError")
Exemplo n.º 14
0
 def _login_enabled(self):
     if self.get_config("USER_AUTH_ALLOW_LOGIN") is not True:
         abort("UserLoginDisabledError")
Exemplo n.º 15
0
        def user_admin_post(self):
            try:
                id = request.form.get("id")
                user = User.get(id, include_deleted=True)
                if not user:
                    flash("Can't change user info. Invalid user", "error")
                    return redirect(url_for("UserAdmin:index"))

                if current_user.role.level < user.role.level:
                    abort(403, "Not enough rights to update this user info")

                email = request.form.get("email", "").strip()
                first_name = request.form.get("first_name")
                last_name = request.form.get("last_name")
                user_role = request.form.get("user_role")
                action = request.form.get("action")

                if user.id != current_user.id:
                    _role = Role.get(user_role)
                    if not _role:
                        raise UserError("Invalid role")

                    if current_user.role.name.lower() not in PRIVILEDGED_ROLES:
                        raise UserError("Not Enough right to change user's info")

                    if action == "activate":
                        user.update(active=True)
                        flash("User has been ACTIVATED", "success")
                    elif action == "deactivate":
                        user.update(active=False)
                        flash("User is now DEACTIVATED", "success")
                    elif action == "delete":
                        user.delete()
                        flash("User has been deleted", "success")
                    elif action == "undelete":
                        user.delete(False)
                        flash("User is now active", "success")
                    else:
                        if email and email != user.email:
                            if not utils.is_valid_email(email):
                                raise UserError("Invalid email address '%s'" % email)
                            else:
                                if User.get_by_email(email):
                                    raise UserError("Email exists already '%s'" % email)
                                user.update(email=email)

                        user.update(first_name=first_name,
                                    last_name=last_name,
                                    role_id=_role.id)

                else:
                    if email and email != user.email:
                        if not utils.is_valid_email(email):
                            raise UserError("Invalid email address '%s'" % email)
                        else:
                            if User.get_by_email(email):
                                raise UserError("Email exists already '%s'" % email)
                            user.update(email=email)
                    user.update(first_name=first_name,
                                last_name=last_name)

                    flash("User's Info updated successfully!", "success")
            except ApplicationError as ex:
                flash("Error: %s " % ex.message, "error")
            return redirect(url_for("UserAdmin:get", id=id))
Exemplo n.º 16
0
 def _oauth_enabled(self):
     if self.get_config("USER_AUTH_ALLOW_OAUTH") is not True:
         abort("UserOAuthDisabledError")
Exemplo n.º 17
0
 def error(self):
     abort(400, "Custom Message")
Exemplo n.º 18
0
 def _oauth_enabled(self):
     if self.get_config("USER_AUTH_ALLOW_OAUTH") is not True:
         abort("UserOAuthDisabledError")
Exemplo n.º 19
0
        def publisher_admin_post(self):
            id = request.form.get("id")
            title = request.form.get("title")
            slug = request.form.get("slug")
            content = request.form.get("content")
            description = request.form.get("description")
            type_id = request.form.get("type_id")
            post_categories = request.form.getlist("post_categories")
            published_date = request.form.get("published_date")
            status = request.form.get("status", "draft")
            is_published = True if status == "publish" else False
            is_draft = True if status == "draft" else False
            is_public = True if request.form.get("is_public") == "y" else False
            is_sticky = True if request.form.get("is_sticky") == "y" else False
            is_featured = True if request.form.get("is_featured") == "y" else False
            featured_image = request.form.get("featured_image")
            featured_embed = request.form.get("featured_embed")
            featured_media_top = request.form.get("featured_media_top", "")
            social_options = request.form.getlist("social_options")
            tags = list(set(request.form.get("tags", "").split(",")))

            now_dt = datetime.datetime.now()
            data = {
                "title": title,
                "content": content,
                "description": description,
                "featured_image": featured_image,
                "featured_embed": featured_embed,
                "featured_media_top": featured_media_top,
                "type_id": type_id,
                "is_sticky": is_sticky,
                "is_featured": is_featured,
                "is_public": is_public
            }

            if status in ["draft", "publish"] and (not title or not type_id):
                if not title:
                    flash("Post Title is missing ", "error")
                if not type_id:
                    flash("Post type is missing", "error")

                data.update({
                    "published_date": published_date,
                    "post_categories": post_categories,
                    "options": {"social_options": social_options},
                })
                flash_data(data)

                if id:
                    url = url_for("PublisherAdmin:edit", id=id, error=1)
                else:
                    url = url_for("PublisherAdmin:new", error=1)
                return redirect(url)

            published_date = datetime.datetime.strptime(published_date, "%Y-%m-%d %H:%M:%S") \
                if published_date else now_dt

            if id and status in ["delete", "revision"]:
                post = PostModel.Post.get(id)
                if not post:
                    abort(404, "Post '%s' doesn't exist" % id)

                if status == "delete":
                    post.delete()
                    flash("Post deleted successfully!", "success")
                    return redirect(url_for("PublisherAdmin:index"))

                elif status == "revision":
                    data.update({
                        "user_id": current_user.id,
                        "parent_id": id,
                        "is_revision": True,
                        "is_draft": False,
                        "is_published": False,
                        "is_public": False
                    })
                    post = PostModel.Post.create(**data)
                    return jsonify({"revision_id": post.id})

            elif status in ["draft", "publish"]:
                data.update({
                    "is_published": is_published,
                    "is_draft": is_draft,
                    "is_revision": False,
                    "is_public": is_public
                })

                if id:
                    post = PostModel.Post.get(id)
                    if not post:
                        abort(404, "Post '%s' doesn't exist" % id)
                    elif post.is_revision:
                        abort(403, "Can't access this post")
                    else:
                        if is_sticky and not post.is_sticky:
                            data["sticky_at"] = now_dt
                        if is_featured and not post.is_featured:
                            data["featured_at"] = now_dt
                        post.update(**data)
                else:
                    data["user_id"] = current_user.id
                    if is_published:
                        data["published_at"] = published_date
                    if is_sticky:
                        data["sticky_at"] = now_dt
                    if is_featured:
                        data["featured_at"] = now_dt
                    post = PostModel.Post.create(**data)

                # prepare tags
                _tags = []
                for tag in tags:
                    tag = tag.strip().lower()
                    _tag = PostModel.Tag.get_by_slug(name=tag)
                    if tag and not _tag:
                        _tag = PostModel.Tag.new(name=tag)
                    if _tag:
                        _tags.append(_tag.id)
                post.update_tags(_tags)

                post.set_slug(slug or title)
                post.update_categories(map(int, post_categories))
                post.set_options("social", social_options)

                if post.is_published and not post.published_at:
                        post.update(published_at=published_date)

                flash("Post saved successfully!", "success")

                return redirect(url_for("PublisherAdmin:edit", id=post.id))

            else:
                abort(400, "Invalid post status")
Exemplo n.º 20
0
 def error(self):
     abort(400, "Custom Message")
Exemplo n.º 21
0
 def _signup_enabled(self):
     if self.get_config("USER_AUTH_ALLOW_SIGNUP") is not True:
         abort("UserSignupDisabledError")