def post(self):
if self.user:
if not self.check_state():
logging.warning("Possible CSRF attack detected!")
self.redirect("/")
return
input_delete_article = self.request.get('delete_article')
if input_delete_article:
Article.remove(input_delete_article)
# Show message: Confirm deletion of article.
self.render('message.html', message_delete_article = True)
else:
input_edit_article = self.request.get('edit_article')
input_title = self.request.get('title')
input_body = self.request.get('body')
article = Article.by_id(input_edit_article)
error_title=""
error_body=""
have_error = False
if not valid_title(input_title):
# Show the error-message: not a valid title.
error_title = True
have_error = True
if not valid_body(input_body):
# Show the error-message: not a valid body.
error_body = True
have_error = True
if have_error:
state = self.make_state()
# Render page with error-messages.
self.render('edit_article.html',
user = self.user,
article = article,
error_title = error_title,
error_body = error_body,
title_form = input_title,
body_form = input_body,
state = state)
else:
# Edit article-entity and commit to Article-DB.
article.title = input_title
article.body = input_body
article.put()
# Update memcache
Article.update_article_cache(article)
# Redirect to homepage
self.redirect("/")
else:
# Prompt user to login.
self.render('message.html', message_new_article_1 = True)
def post(self):
if self.user:
if not self.check_state():
self.redirect("/")
return
input_title = self.request.get('title')
input_body = self.request.get('body')
error_title=""
error_body=""
have_error = False
if not valid_title(input_title):
# Show the error-message: not a valid title.
error_title = True
have_error = True
if not valid_body(input_body):
# Show the error-message: not a valid body.
error_body = True
have_error = True
if have_error:
state = self.make_state()
# Render page with error-messages.
self.render('new_article.html',
user = self.user,
error_title = error_title,
error_body = error_body,
title_form = input_title,
body_form = input_body,
state = state)
else:
# Create new entry in the Article-DB.
article = Article.create(input_title,
input_body,
self.user.key().id())
article.put()
# Update memcache
Article.update_article_cache(article)
# Redirect to homepage
self.redirect("/")
else:
# Prompt user to login.
self.session.add_flash('message_new_article_1',
key='homepage_flashes')
self.redirect("/")
def post(self):
if self.user:
if not self.check_state():
self.redirect("/")
return
# Deactivate account by deleting from User database and
# adding to the DeactAccounts database.
d = DeactAccounts.create(self.user.key().id(),
self.user.name,
self.user.email)
# Delete user
User.remove(self.user.key().id())
# Genrate list of article-keys for the deleted user.
article_key_list = Article.keys_by_author(self.user.key().id())
for key in article_key_list:
# Store article in DeletdArticle DB
article = Article.by_id(key.id())
del_art = DeletdArticle.create(article.title,
article.body,
article.author)
del_art.put()
# Delete article from Article DB
Article.remove(key.id())
# Logout (delete coockie)
self.logout()
# Send email notification
self.send_email(d.email,
'email_subject.html',
'email_account_deleted.html',
subject_type = 'account_deleted')
# Render page with message that account was deleted
self.session.add_flash('message_delete_account_1',
key='homepage_flashes')
self.session.add_flash(d.email, key='deleted_email')
self.redirect("/")
else:
# Prompt user to login.
self.session.add_flash('message_user_settings_1',
key='homepage_flashes')
self.redirect("/")
def get(self):
article_list = Article.recent(100)
for article in article_list:
t = article.created.isoformat()
article.time = t
author = User.by_id(article.author)
if author:
article.author_name = author.name
else:
article.author_name = 'Unknown'
flashes = self.session.get_flashes('homepage_flashes')
input_email = self.session.get_flashes('input_email')
if input_email:
input_email = input_email.pop()[0]
deleted_email = self.session.get_flashes('deleted_email')
if deleted_email:
deleted_email = deleted_email.pop()[0]
if self.user:
self.render('homepage.html',
user = self.user,
article_list = article_list,
flashes = flashes,
input_email = input_email,
deleted_email = deleted_email)
else:
self.render('homepage.html',
article_list = article_list,
flashes = flashes,
input_email = input_email,
deleted_email = deleted_email)
def get(self):
article_list = Article.recent(100)
for article in article_list:
t = article.created.isoformat()
article.time = t
author = User.by_id(article.author)
if author:
article.author_name = author.name
else:
article.author_name = 'Unknown'
if self.user:
self.render('homepage.html',
user = self.user,
article_list = article_list)
else:
self.render('homepage.html', article_list = article_list)
def get(self):
if self.user:
input_article_id = self.request.get("article")
article = Article.get_by_id(int(input_article_id))
if self.user.key().id() == article.author:
state = self.make_state()
self.render('edit_article.html',
user = self.user,
article = article,
title_form = article.title,
body_form = article.body,
state = state)
else:
# Show message that user is not authorized to edit.
self.render('message.html', message_edit_article_2 = True)
else:
# Prompt user to login.
self.render('message.html', message_edit_article_1 = True)
def post(self):
if self.user:
if not self.check_state():
logging.warning("Possible CSRF attack detected!")
self.redirect("/")
return
# Get user input
input_password = self.request.get('password')
# Check input and set error messages.
error_password=""
have_error = False
if not valid_pw(self.user.email, input_password, self.user.pw_hash):
# Set the error-message: incorrect password.
error_password = True
have_error = True
if have_error:
state = self.make_state()
# Render page with error-messages.
self.render('delete_account.html',
user = self.user,
error_password = error_password,
state = state)
else:
# Deactivate account by deleting from User database and
# adding to the DeactAccounts database.
d = DeactAccounts.create(self.user.key().id(),
self.user.name,
self.user.email)
d.put()
# Delete user
User.remove(self.user.key().id())
# Genrate list of article-keys for the deleted user.
article_key_list = Article.keys_by_author(self.user.key().id())
for key in article_key_list:
# Store article in DeletdArticle DB
article = Article.by_id(key.id())
del_art = DeletdArticle.create(article.title,
article.body,
article.author)
del_art.put()
# Delete article from Article DB
Article.remove(key.id())
# Logout (delete coockie)
self.logout()
# Send email notification
self.send_email(d.email,
'email_subject.html',
'email_account_deleted.html',
subject_type = 'account_deleted')
# Render page with message that account was deleted
self.render('message.html',
message_delete_account_1 = True,
deleted_email = d.email)
else:
# Prompt user to login.
self.render('message.html', message_user_settings_1 = True)
