def publisher_admin_images(self): self.meta_tags(title="Images") if request.method == "POST": id = request.form.get("id", None) action = request.form.get("action") description = request.form.get("description") if id: image = PostModel.UploadObject.get(id) if image: if action == "delete": image.delete() obj = storage.get(image.name) if obj: obj.delete() flash("Image deleted successfully!", "success") else: image.update(description=description) flash("Image updated successfully!", "success") else: abort(404, "No image ID provided") return redirect(url_for("PublisherAdmin:images")) else: page = request.args.get("page", 1) per_page = self.get_config("PAGINATION_PER_PAGE", 25) images = PostModel.UploadObject.all()\ .filter(PostModel.UploadObject.type == "IMAGE")\ .order_by(PostModel.UploadObject.name.asc()) images = images.paginate(page=page, per_page=per_page) return dict(images=images)
def page_single(self, id=None, slug=None, month=None, date=None): """ Endpoints options single - post_show_byline """ post = None _q = {} if id: _q = {"id": id} elif slug: _q = {"slug": slug} post = Post.get_published(types=query.get("types"), **_q) if not post: abort("PublisherPageNotFound") self.meta_tags(title=post.title, image=post.top_image, description=post.excerpt) _kwargs = { #"post_show_byline": opt_endpoints.get("single.post_show_byline", True) } _kwargs = dict() return dict(post=self.prepare_post(post), **_kwargs)
def user_admin_get(self, id): self.meta_tags(title="User Info - Users Admin") user = User.get(id, include_deleted=True) if not user: abort(404, "User doesn't exist") if current_user.role.level < user.role.level: abort(403, "Not enough rights to access this user info") return dict(user=user, user_roles_options=self._user_roles_options())
def publisher_admin_preview(self, id): """ Read Post """ post = PostModel.Post.get(id) if not post: abort(404, "Post doesn't exist") self.meta_tags(title="Read: %s " % post.title) return dict(post=post)
def publisher_admin_edit(self, id): """ Create / Edit Post """ self.meta_tags(title="Edit Post") types = [(t.id, t.name) for t in PostModel.Type.all().order_by(PostModel.Type.name.asc())] categories = [(c.id, c.name) for c in PostModel.Category.all().order_by(PostModel.Category.name.asc())] checked_cats = [] type_id = request.args.get("type_id", None) # data to pass to view post = { "id": 0, "title": "", "content": "", "slug": "", "is_public": True, "is_sticky": False, "is_featured": False, "type_id": 0 if not type_id else int(type_id), "options": {} } # saved in session flashed_data = get_flashed_data() if request.args.get("error") and flashed_data: post = flashed_data checked_cats = post["post_categories"] elif id: post = PostModel.Post.get(id) if not post or post.is_revision: abort(404, "Post doesn't exist") checked_cats = [c.id for c in post.categories] images = PostModel.UploadObject.all()\ .filter(PostModel.UploadObject.type == "IMAGE")\ .order_by(PostModel.UploadObject.name.asc()) images_list = [{"id": img.id, "url": img.object_url} for img in images] return dict(post=post, types=types, categories=categories, checked_categories=checked_cats, images_list=images_list)
def reset_password(self, token): self._login_enabled() logout_user() self.meta_tags(title="Reset Password") user = User.get_by_temp_login(token) if user: if not user.has_temp_login: return redirect(url_for(on_signin_view)) if request.method == "POST": try: self.change_password_handler(user_context=user) user.clear_temp_login() flash("Password updated successfully!", "success") return redirect(url_for(on_signin_view)) except Exception as ex: flash("Error: %s" % ex.message, "error") return redirect(url_for(endpoint_namespace % "reset_password", token=token)) else: return dict(token=token) else: abort(404, "Invalid token")
def reset_password(self, token): self._login_enabled() logout_user() self.meta_tags(title="Reset Password") user = User.get_by_temp_login(token) if user: if not user.has_temp_login: return redirect(url_for(on_signin_view)) if request.method == "POST": try: self.change_password_handler(user_context=user) user.clear_temp_login() flash("Password updated successfully!", "success") return redirect(url_for(on_signin_view)) except Exception as ex: flash("Error: %s" % ex.message, "error") return redirect( url_for(endpoint_namespace % "reset_password", token=token)) else: return dict(token=token) else: abort(404, "Invalid token")
def contact_page(self): # Email to email_to = kwargs.pop( "email_to", self.get_config("APPLICATION_CONTACT_EMAIL", None)) if not mail.validated: abort("MailmanConfigurationError") elif not email_to: abort("ContactPageMissingEmailToError") if request.method == "POST": email = request.form.get("email") subject = request.form.get("subject") message = request.form.get("message") name = request.form.get("name") flash_message = "Message sent. Thank you!" flash_type = "success" if recaptcha.verify(): if not email or not subject or not message: flash_message = "All fields are required" flash_type = "error" elif not utils.is_valid_email(email): flash_message = "Invalid email address" flash_type = "error" else: try: mail.send(to=email_to, reply_to=email, mail_from=email, mail_subject=subject, mail_message=message, mail_name=name, template="contact-us.txt") except Exception as ex: logging.exception(ex) abort("MailmanConfigurationError") else: flash_message = "Security code is invalid" flash_type = "error" flash(flash_message, flash_type) return redirect(url_for(return_to)) self.meta_tags(title="Contact Us") return None
def contact_page(self): # Email to email_to = kwargs.pop("email_to", self.get_config("APPLICATION_CONTACT_EMAIL", None)) if not mail.validated: abort("MailmanConfigurationError") elif not email_to: abort("ContactPageMissingEmailToError") if request.method == "POST": email = request.form.get("email") subject = request.form.get("subject") message = request.form.get("message") name = request.form.get("name") flash_message = "Message sent. Thank you!" flash_type = "success" if recaptcha.verify(): if not email or not subject or not message: flash_message = "All fields are required" flash_type = "error" elif not utils.is_valid_email(email): flash_message = "Invalid email address" flash_type = "error" else: try: mail.send(to=email_to, reply_to=email, mail_from=email, mail_subject=subject, mail_message=message, mail_name=name, template="contact-us.txt") except Exception as ex: logging.exception(ex) abort("MailmanConfigurationError") else: flash_message = "Security code is invalid" flash_type = "error" flash(flash_message, flash_type) return redirect(url_for(return_to)) self.meta_tags(title="Contact Us") return None
def user_admin_post(self): try: id = request.form.get("id") user = User.get(id, include_deleted=True) if not user: flash("Can't change user info. Invalid user", "error") return redirect(url_for("UserAdmin:index")) if current_user.role.level < user.role.level: abort(403, "Not enough rights to update this user info") email = request.form.get("email", "").strip() first_name = request.form.get("first_name") last_name = request.form.get("last_name") user_role = request.form.get("user_role") action = request.form.get("action") if user.id != current_user.id: _role = Role.get(user_role) if not _role: raise UserError("Invalid role") if current_user.role.name.lower() not in PRIVILEDGED_ROLES: raise UserError( "Not Enough right to change user's info") if action == "activate": user.update(active=True) flash("User has been ACTIVATED", "success") elif action == "deactivate": user.update(active=False) flash("User is now DEACTIVATED", "success") elif action == "delete": user.delete() flash("User has been deleted", "success") elif action == "undelete": user.delete(False) flash("User is now active", "success") else: if email and email != user.email: if not utils.is_valid_email(email): raise UserError("Invalid email address '%s'" % email) else: if User.get_by_email(email): raise UserError( "Email exists already '%s'" % email) user.update(email=email) user.update(first_name=first_name, last_name=last_name, role_id=_role.id) else: if email and email != user.email: if not utils.is_valid_email(email): raise UserError("Invalid email address '%s'" % email) else: if User.get_by_email(email): raise UserError("Email exists already '%s'" % email) user.update(email=email) user.update(first_name=first_name, last_name=last_name) flash("User's Info updated successfully!", "success") except ApplicationError as ex: flash("Error: %s " % ex.message, "error") return redirect(url_for("UserAdmin:get", id=id))
def _login_enabled(self): if self.get_config("USER_AUTH_ALLOW_LOGIN") is not True: abort("UserLoginDisabledError")
def _signup_enabled(self): if self.get_config("USER_AUTH_ALLOW_SIGNUP") is not True: abort("UserSignupDisabledError")
def user_admin_post(self): try: id = request.form.get("id") user = User.get(id, include_deleted=True) if not user: flash("Can't change user info. Invalid user", "error") return redirect(url_for("UserAdmin:index")) if current_user.role.level < user.role.level: abort(403, "Not enough rights to update this user info") email = request.form.get("email", "").strip() first_name = request.form.get("first_name") last_name = request.form.get("last_name") user_role = request.form.get("user_role") action = request.form.get("action") if user.id != current_user.id: _role = Role.get(user_role) if not _role: raise UserError("Invalid role") if current_user.role.name.lower() not in PRIVILEDGED_ROLES: raise UserError("Not Enough right to change user's info") if action == "activate": user.update(active=True) flash("User has been ACTIVATED", "success") elif action == "deactivate": user.update(active=False) flash("User is now DEACTIVATED", "success") elif action == "delete": user.delete() flash("User has been deleted", "success") elif action == "undelete": user.delete(False) flash("User is now active", "success") else: if email and email != user.email: if not utils.is_valid_email(email): raise UserError("Invalid email address '%s'" % email) else: if User.get_by_email(email): raise UserError("Email exists already '%s'" % email) user.update(email=email) user.update(first_name=first_name, last_name=last_name, role_id=_role.id) else: if email and email != user.email: if not utils.is_valid_email(email): raise UserError("Invalid email address '%s'" % email) else: if User.get_by_email(email): raise UserError("Email exists already '%s'" % email) user.update(email=email) user.update(first_name=first_name, last_name=last_name) flash("User's Info updated successfully!", "success") except ApplicationError as ex: flash("Error: %s " % ex.message, "error") return redirect(url_for("UserAdmin:get", id=id))
def _oauth_enabled(self): if self.get_config("USER_AUTH_ALLOW_OAUTH") is not True: abort("UserOAuthDisabledError")
def error(self): abort(400, "Custom Message")
def publisher_admin_post(self): id = request.form.get("id") title = request.form.get("title") slug = request.form.get("slug") content = request.form.get("content") description = request.form.get("description") type_id = request.form.get("type_id") post_categories = request.form.getlist("post_categories") published_date = request.form.get("published_date") status = request.form.get("status", "draft") is_published = True if status == "publish" else False is_draft = True if status == "draft" else False is_public = True if request.form.get("is_public") == "y" else False is_sticky = True if request.form.get("is_sticky") == "y" else False is_featured = True if request.form.get("is_featured") == "y" else False featured_image = request.form.get("featured_image") featured_embed = request.form.get("featured_embed") featured_media_top = request.form.get("featured_media_top", "") social_options = request.form.getlist("social_options") tags = list(set(request.form.get("tags", "").split(","))) now_dt = datetime.datetime.now() data = { "title": title, "content": content, "description": description, "featured_image": featured_image, "featured_embed": featured_embed, "featured_media_top": featured_media_top, "type_id": type_id, "is_sticky": is_sticky, "is_featured": is_featured, "is_public": is_public } if status in ["draft", "publish"] and (not title or not type_id): if not title: flash("Post Title is missing ", "error") if not type_id: flash("Post type is missing", "error") data.update({ "published_date": published_date, "post_categories": post_categories, "options": {"social_options": social_options}, }) flash_data(data) if id: url = url_for("PublisherAdmin:edit", id=id, error=1) else: url = url_for("PublisherAdmin:new", error=1) return redirect(url) published_date = datetime.datetime.strptime(published_date, "%Y-%m-%d %H:%M:%S") \ if published_date else now_dt if id and status in ["delete", "revision"]: post = PostModel.Post.get(id) if not post: abort(404, "Post '%s' doesn't exist" % id) if status == "delete": post.delete() flash("Post deleted successfully!", "success") return redirect(url_for("PublisherAdmin:index")) elif status == "revision": data.update({ "user_id": current_user.id, "parent_id": id, "is_revision": True, "is_draft": False, "is_published": False, "is_public": False }) post = PostModel.Post.create(**data) return jsonify({"revision_id": post.id}) elif status in ["draft", "publish"]: data.update({ "is_published": is_published, "is_draft": is_draft, "is_revision": False, "is_public": is_public }) if id: post = PostModel.Post.get(id) if not post: abort(404, "Post '%s' doesn't exist" % id) elif post.is_revision: abort(403, "Can't access this post") else: if is_sticky and not post.is_sticky: data["sticky_at"] = now_dt if is_featured and not post.is_featured: data["featured_at"] = now_dt post.update(**data) else: data["user_id"] = current_user.id if is_published: data["published_at"] = published_date if is_sticky: data["sticky_at"] = now_dt if is_featured: data["featured_at"] = now_dt post = PostModel.Post.create(**data) # prepare tags _tags = [] for tag in tags: tag = tag.strip().lower() _tag = PostModel.Tag.get_by_slug(name=tag) if tag and not _tag: _tag = PostModel.Tag.new(name=tag) if _tag: _tags.append(_tag.id) post.update_tags(_tags) post.set_slug(slug or title) post.update_categories(map(int, post_categories)) post.set_options("social", social_options) if post.is_published and not post.published_at: post.update(published_at=published_date) flash("Post saved successfully!", "success") return redirect(url_for("PublisherAdmin:edit", id=post.id)) else: abort(400, "Invalid post status")