def GET(self): if auth.get_user(): raise web.found('/?edit') if web.ctx.env.get('HTTP_X_REQUESTED_WITH') == 'XMLHttpRequest': return render_partial.auth.login(loginForm()) else: return render.auth.login(loginForm())
def GET(self, page_path): try: page = get_page_by_path(page_path) if not page.is_published and not auth.get_user(): raise flash.redirect(_(page_access_forbidden_text), "/login") load_page_data(page) if auth.has_role("admin"): json_data = web.storage( page=page_to_json(page), pages=pages_to_json(get_pages_in_tree_order()), ) else: json_data = web.storage() if "edit" in web.input() and auth.has_role("admin"): json_data.update( page_block=block_to_json( get_page_block_by_page_id(page.id)), template_blocks=template_blocks_to_json() ) else: load_page_blocks(page.id) return render.pages.page(json_data) except IndexError: raise web.notfound()
def GET(self, user_id, method): user = auth.get_user(user_id=user_id, is_deleted=True) if user.id != auth.get_user().id: auth.update_user(user.id, is_deleted=method == "delete") if method == "delete": flash.set(_(undo_user_text) % link_to("users", user, "undelete")) applog.info(_(deleted_user_text) % user.title, "users", user.id, "warn") else: flash.set(_(undelete_user_text)) applog.info(undeleted_user_text % user.title, "users", user.id, "warn") auth.delete_session(user.id) else: flash.set(_(cannot_delete_self_text), "error") raise web.seeother("/a/users")
def GET(self, page_id): try: page = get_page_by_id(page_id) if auth.get_user() or is_page_published(page): raise web.seeother(page.path) else: raise flash.redirect(_(page_access_forbidden_text), "/login") except IndexError: raise web.notfound()
def GET(self, uid, token): # artificial delay (to slow down brute force attacks) sleep(0.5) try: user = auth.get_user(user_id=uid, with_password=True) if not user or not check_token(user, token, auth.config.reset_expire_after): raise AuthError return render.auth.reset_change(passwordChangeForm) except AuthError: flash.set(_(reset_text)) raise web.seeother("/")
def GET(self): web.header('Content-Type', 'text/javascript; charset=utf-8') conf = dict( (i, config[i]) for i in ('image', 'labels', 'css_classes') ) conf['tinymce_valid_elements'] = ( config.sanitizer['tinymce_valid_elements']) if auth.get_user(): conf['role'] = auth.get_user().role else: conf['role'] = None try: i18n = load_translation(config.default_locale)._catalog except: i18n = {} return render_partial.site.config( json.dumps( {'config': conf, 'i18n': i18n}, sort_keys=True, indent=2) )
def create_page(page): """Creates new page and pageblock""" page.update(unique_path(page)) page.update( user_id=auth.get_user().id, created_at=web.SQLLiteral("CURRENT_TIMESTAMP"), description_cached=smarty(sanitize(page.description)), ) # Set published_at to NOW if page.published_at is None: page.published_at = web.SQLLiteral("CURRENT_TIMESTAMP") if page.position: page.position = int(page.position) # Shift positions to free the space to insert page expand_tree_siblings("pages", page) else: page.position = get_last_position("pages", page.parent_id) page.id = db.insert("pages", **page) # Generate pages initial blocks stucture page_block = config.page_types[page.type]["block"] create_tree_branch( "blocks", page_block, page_id=page.id, user_id=auth.get_user().id, is_published=True, created_at=web.SQLLiteral("CURRENT_TIMESTAMP"), published_at=web.SQLLiteral("CURRENT_TIMESTAMP"), ) return page
def create_document(document): """Creates new document and saves upload""" parent = get_document_by_id(document.parent_id) document.update( ids=(parent.ids or "") + "," + str(parent.id), level=parent.level + 1, parent_id=int(document.parent_id), created_at=web.SQLLiteral("CURRENT_TIMESTAMP"), user_id=auth.get_user().id, is_published=True, # True for the new documents ) if document.type == "folder": del document["upload"] if not document.title: document.title = _("Untitled Folder") else: upload = document.pop("upload") try: mimetype, encoding = mimetypes.guess_type(upload.filename) filename, filesize = save_document(upload.file) title, extension = os.path.splitext(upload.filename) document.update( title=document.title or title, filename=filename, extension=extension.lower(), mimetype=mimetype, type="image" if "image" in mimetype else "document", filesize=filesize, ) except: raise flash.error(_("File upload error.")) if document.position: document.position = int(document.position) # Shift positions to free the space to insert document expand_tree_siblings("documents", document) else: document.position = get_last_position("documents", document.parent_id) document.id = db.insert("documents", **document) # TODO: fix created_at return document
def POST(self): form = passwordResetForm() if form.validates(): try: user = auth.get_user(email=form.d.email, with_password=True) token_url = "%s%s/%s$%s" % (web.ctx.home, "/password_reset", user.id, make_token(user)) mailer.send( user.email, render_email.password_reset(user, token_url), send_now=True, is_secure=True, ) flash.set(_(sent_text)) raise web.seeother("/") except IndexError: form.note = _(email_doesnt_exist_text) return render.auth.reset_token(form)
def POST(self, uid, token): # artificial delay (to slow down brute force attacks) sleep(0.5) form = passwordChangeForm(web.input()) if form.valid: try: user = auth.get_user(user_id=uid, with_password=True) if not user or not check_token(user, token, auth.config.reset_expire_after): raise AuthError auth.set_password(user.email, form.d.password) auth.login(user) flash.set(_(changed_text)) except AuthError: flash.set(_(reset_text)) raise web.seeother("/") else: return render.auth.reset_change(form)
def create_block(block): """Creates block from passed dict and returns it.""" block.update( position=int(block.position), created_at=web.SQLLiteral("CURRENT_TIMESTAMP"), user_id=auth.get_user().id, is_published=True, ) if block.type == "wysiwyg": block.content_cached = smarty(sanitize(block.content)) else: block.content_cached = smarty(block.content) # TODO: wrap the code below in transaction if block.get("parent_id"): parent = get_block_by_id(block.parent_id) if parent.ids: parent_blocks = (parent.ids or "") + "," + str(parent.id) else: parent_blocks = str(parent.id) block.update( page_id=parent.page_id, ids=parent_blocks, level=parent.level + 1, ) # Shift blocks positions to free the place for new block expand_tree_siblings("blocks", block) else: block.level = 0 sizes = block.pop("sizes") block.id = db.insert("blocks", **block) # Create columns for row block if block.template == "row": create_columns(block, sizes) # TODO: fix created_at return block
def create_columns(block, sizes, start_index=0): # Basic column data column = web.storage( created_at=web.SQLLiteral("CURRENT_TIMESTAMP"), user_id=auth.get_user().id, is_published=True, is_system=True, page_id=block.page_id, parent_id=block.id, ids=block.ids + "," + str(block.id), level=block.level + 1, template="column", position=start_index + 1, ) for size in sizes: db.insert("blocks", size=size, css_class=column_css_class(size), **column) column.position += 1
def page_where(with_auth_check=True, with_published_check=True): published_where = " AND is_published AND published_at <= CURRENT_TIMESTAMP" if with_auth_check: return "" if auth.get_user() else published_where else: return published_where if with_published_check else ""