def resource_page(self, context):
self.load_visit(context)
page_context = self.new_page_context(context)
if context.group is None:
# we require a group
data = self.render_template(context, 'notices/no_context.html',
page_context)
context.set_status(200)
return self.html_response(context, data)
notices = []
with context.group['Notices'].open() \
as collection:
collection.set_orderby(
odata.Parser('Updated desc').parse_orderby_option())
collection.set_expand({'User': None})
for entity in collection.itervalues():
notice = {}
user = entity['User'].get_entity()
can_edit = False
can_delete = False
logging.debug("OwnerID: %s", user['UserID'].value)
logging.debug("UserID: %s", context.user['UserID'].value
if context.user else "None")
logging.debug("Permissions: %i", context.permissions)
if (context.user and context.user == user):
can_edit = True
can_delete = True
elif (context.permissions & self.WRITE_PERMISSION):
can_delete = True
notice['title'] = entity['Title'].value
notice['description'] = entity['Description'].value
notice['owner'] = self.get_user_display_name(context, user)
notice['updated'] = int(
entity['Updated'].value.with_zone(0).get_unixtime() *
1000) - self.js_origin
notice['can_edit'] = can_edit
logging.debug('ID = %s', odata.FormatURILiteral(entity['ID']))
notice['edit_link_attr'] = (
'edit?id=%s' % odata.FormatURILiteral(entity['ID']))
notice['can_delete'] = can_delete
notice['delete_link_attr'] = (
'delete?id=%s' % odata.FormatURILiteral(entity['ID']))
notices.append(notice)
page_context['notices'] = notices
title = "this page"
if context.group is not None:
title = context.group['Title'].value
page_context['course_name'] = title
data = self.render_template(context, 'notices/index.html',
page_context)
context.set_status(200)
return self.html_response(context, data)
def delete_page(self, context):
self.load_visit(context)
page_context = self.new_page_context(context)
if context.group is None:
raise wsgi.PageNotAuthorized
try:
query = context.get_query()
key = odata.uri_literal_from_str(query.get('id', '')).value
with context.group['Notices'].open() \
as collection:
collection.set_expand({'User': None})
entity = collection[key]
user = entity['User'].get_entity()
if (not (context.user and context.user == user) and
not (context.permissions & self.WRITE_PERMISSION)):
# only the owner or user with write permissions can delete
raise wsgi.PageNotAuthorized
page_context['id_attr'] = xml.escape_char_data7(
odata.FormatURILiteral(entity['ID']), True)
page_context['title'] = entity['Title'].value
page_context['description'] = entity['Description'].value
page_context[self.csrf_token] = context.session.sid()
except ValueError:
raise wsgi.BadRequest
except KeyError:
raise wsgi.PageNotFound
data = self.render_template(context, 'notices/del_form.html',
page_context)
context.set_status(200)
return self.html_response(context, data)
def edit_page(self, context):
self.load_visit(context)
context_dict = self.new_context_dictionary(context)
if context.group is None:
raise wsgi.PageNotAuthorized
try:
query = context.get_query()
logging.debug("edit key=%s", query['id'])
key = odata.uri_literal_from_str(query.get('id', '')).value
with context.group['Notices'].open() \
as collection:
collection.set_expand({'User': None})
entity = collection[key]
user = entity['User'].get_entity()
if not (context.user and context.user == user):
# only the owner can edit their post
raise wsgi.PageNotAuthorized
context_dict['id_attr'] = xml.escape_char_data7(
odata.FormatURILiteral(entity['ID']), True)
context_dict['title_attr'] = xml.escape_char_data7(
entity['Title'].value, True)
context_dict['description'] = entity['Description'].value
context_dict[self.csrf_token] = context.session.sid
except ValueError:
raise wsgi.BadRequest
except KeyError:
raise wsgi.PageNotFound
data = self.render_template(context, 'notices/edit_form.html',
context_dict)
context.set_status(200)
return self.html_response(context, data)
