Пример #1
0
 def GET(self):
     if auth.get_user():
         raise web.found('/?edit')
     if web.ctx.env.get('HTTP_X_REQUESTED_WITH') == 'XMLHttpRequest':
         return render_partial.auth.login(loginForm())
     else:
         return render.auth.login(loginForm())
Пример #2
0
    def GET(self, page_path):
        try:
            page = get_page_by_path(page_path)
            if not page.is_published and not auth.get_user():
                raise flash.redirect(_(page_access_forbidden_text), "/login")
            load_page_data(page)

            if auth.has_role("admin"):
                json_data = web.storage(
                    page=page_to_json(page),
                    pages=pages_to_json(get_pages_in_tree_order()),
                )
            else:
                json_data = web.storage()

            if "edit" in web.input() and auth.has_role("admin"):
                json_data.update(
                    page_block=block_to_json(
                        get_page_block_by_page_id(page.id)),
                    template_blocks=template_blocks_to_json()
                )
            else:
                load_page_blocks(page.id)

            return render.pages.page(json_data)
        except IndexError:
            raise web.notfound()
Пример #3
0
 def GET(self, user_id, method):
     user = auth.get_user(user_id=user_id, is_deleted=True)
     if user.id != auth.get_user().id:
         auth.update_user(user.id, is_deleted=method == "delete")
         if method == "delete":
             flash.set(_(undo_user_text) %
                       link_to("users", user, "undelete"))
             applog.info(_(deleted_user_text) %
                         user.title, "users", user.id, "warn")
         else:
             flash.set(_(undelete_user_text))
             applog.info(undeleted_user_text %
                         user.title, "users", user.id, "warn")
         auth.delete_session(user.id)
     else:
         flash.set(_(cannot_delete_self_text), "error")
     raise web.seeother("/a/users")
Пример #4
0
 def GET(self, page_id):
     try:
         page = get_page_by_id(page_id)
         if auth.get_user() or is_page_published(page):
             raise web.seeother(page.path)
         else:
             raise flash.redirect(_(page_access_forbidden_text), "/login")
     except IndexError:
         raise web.notfound()
Пример #5
0
 def GET(self, uid, token):
     # artificial delay (to slow down brute force attacks)
     sleep(0.5)
     try:
         user = auth.get_user(user_id=uid, with_password=True)
         if not user or not check_token(user, token,
                                        auth.config.reset_expire_after):
             raise AuthError
         return render.auth.reset_change(passwordChangeForm)
     except AuthError:
         flash.set(_(reset_text))
         raise web.seeother("/")
Пример #6
0
    def GET(self):
        web.header('Content-Type', 'text/javascript; charset=utf-8')
        conf = dict(
            (i, config[i]) for i in ('image', 'labels', 'css_classes')
        )
        conf['tinymce_valid_elements'] = (
            config.sanitizer['tinymce_valid_elements'])
        if auth.get_user():
            conf['role'] = auth.get_user().role
        else:
            conf['role'] = None
        try:
            i18n = load_translation(config.default_locale)._catalog
        except:
            i18n = {}

        return render_partial.site.config(
            json.dumps(
                {'config': conf, 'i18n': i18n},
                sort_keys=True,
                indent=2)
        )
Пример #7
0
def create_page(page):
    """Creates new page and pageblock"""

    page.update(unique_path(page))

    page.update(
        user_id=auth.get_user().id,
        created_at=web.SQLLiteral("CURRENT_TIMESTAMP"),
        description_cached=smarty(sanitize(page.description)),
    )

    # Set published_at to NOW
    if page.published_at is None:
        page.published_at = web.SQLLiteral("CURRENT_TIMESTAMP")

    if page.position:
        page.position = int(page.position)
        # Shift positions to free the space to insert page
        expand_tree_siblings("pages", page)
    else:
        page.position = get_last_position("pages", page.parent_id)

    page.id = db.insert("pages", **page)

    # Generate pages initial blocks stucture
    page_block = config.page_types[page.type]["block"]
    create_tree_branch(
        "blocks",
        page_block,
        page_id=page.id,
        user_id=auth.get_user().id,
        is_published=True,
        created_at=web.SQLLiteral("CURRENT_TIMESTAMP"),
        published_at=web.SQLLiteral("CURRENT_TIMESTAMP"),
    )

    return page
Пример #8
0
def create_document(document):
    """Creates new document and saves upload"""

    parent = get_document_by_id(document.parent_id)

    document.update(
        ids=(parent.ids or "") + "," + str(parent.id),
        level=parent.level + 1,
        parent_id=int(document.parent_id),
        created_at=web.SQLLiteral("CURRENT_TIMESTAMP"),
        user_id=auth.get_user().id,
        is_published=True,  # True for the new documents
    )

    if document.type == "folder":
        del document["upload"]
        if not document.title:
            document.title = _("Untitled Folder")
    else:
        upload = document.pop("upload")
        try:
            mimetype, encoding = mimetypes.guess_type(upload.filename)
            filename, filesize = save_document(upload.file)
            title, extension = os.path.splitext(upload.filename)
            document.update(
                title=document.title or title,
                filename=filename,
                extension=extension.lower(),
                mimetype=mimetype,
                type="image" if "image" in mimetype else "document",
                filesize=filesize,
            )
        except:
            raise flash.error(_("File upload error."))

    if document.position:
        document.position = int(document.position)
        # Shift positions to free the space to insert document
        expand_tree_siblings("documents", document)
    else:
        document.position = get_last_position("documents", document.parent_id)

    document.id = db.insert("documents", **document)

    # TODO: fix created_at
    return document
Пример #9
0
 def POST(self):
     form = passwordResetForm()
     if form.validates():
         try:
             user = auth.get_user(email=form.d.email, with_password=True)
             token_url = "%s%s/%s$%s" % (web.ctx.home, "/password_reset",
                                         user.id, make_token(user))
             mailer.send(
                 user.email,
                 render_email.password_reset(user, token_url),
                 send_now=True,
                 is_secure=True,
             )
             flash.set(_(sent_text))
             raise web.seeother("/")
         except IndexError:
             form.note = _(email_doesnt_exist_text)
     return render.auth.reset_token(form)
Пример #10
0
 def POST(self, uid, token):
     # artificial delay (to slow down brute force attacks)
     sleep(0.5)
     form = passwordChangeForm(web.input())
     if form.valid:
         try:
             user = auth.get_user(user_id=uid, with_password=True)
             if not user or not check_token(user, token,
                                            auth.config.reset_expire_after):
                 raise AuthError
             auth.set_password(user.email, form.d.password)
             auth.login(user)
             flash.set(_(changed_text))
         except AuthError:
             flash.set(_(reset_text))
         raise web.seeother("/")
     else:
         return render.auth.reset_change(form)
Пример #11
0
def create_block(block):
    """Creates block from passed dict and returns it."""

    block.update(
        position=int(block.position),
        created_at=web.SQLLiteral("CURRENT_TIMESTAMP"),
        user_id=auth.get_user().id,
        is_published=True,
    )

    if block.type == "wysiwyg":
        block.content_cached = smarty(sanitize(block.content))
    else:
        block.content_cached = smarty(block.content)

    # TODO: wrap the code below in transaction
    if block.get("parent_id"):
        parent = get_block_by_id(block.parent_id)
        if parent.ids:
            parent_blocks = (parent.ids or "") + "," + str(parent.id)
        else:
            parent_blocks = str(parent.id)
        block.update(
            page_id=parent.page_id,
            ids=parent_blocks,
            level=parent.level + 1,
        )
        # Shift blocks positions to free the place for new block
        expand_tree_siblings("blocks", block)

    else:
        block.level = 0

    sizes = block.pop("sizes")
    block.id = db.insert("blocks", **block)

    # Create columns for row block
    if block.template == "row":
        create_columns(block, sizes)

    # TODO: fix created_at
    return block
Пример #12
0
def create_columns(block, sizes, start_index=0):

    # Basic column data
    column = web.storage(
        created_at=web.SQLLiteral("CURRENT_TIMESTAMP"),
        user_id=auth.get_user().id,
        is_published=True,
        is_system=True,
        page_id=block.page_id,
        parent_id=block.id,
        ids=block.ids + "," + str(block.id),
        level=block.level + 1,
        template="column",
        position=start_index + 1,
    )
    for size in sizes:
        db.insert("blocks",
                  size=size,
                  css_class=column_css_class(size),
                  **column)
        column.position += 1
Пример #13
0
def page_where(with_auth_check=True, with_published_check=True):
    published_where = " AND is_published AND published_at <= CURRENT_TIMESTAMP"
    if with_auth_check:
        return "" if auth.get_user() else published_where
    else:
        return published_where if with_published_check else ""