def CrowdReportFormPost(author, request): """Handles a form submission of a crowd report from the browser UI.""" # The form parameter names all start with "cm-" because our form protection # mechanism uses the DOM element IDs as parameter names, and we prefix our # element IDs with "cm-" to avoid collision. See protect.py and xhr.js. if not protect.Verify( request, ['cm-topic-ids', 'cm-answers-json', 'cm-ll', 'cm-text']): raise base_handler.ApiError(403, 'Unauthorized crowd report.') topic_ids = request.get('cm-topic-ids', '').replace(',', ' ').split() try: answers = dict(json.loads(request.get('cm-answers-json') or '{}')) except (TypeError, ValueError): raise base_handler.ApiError(400, 'Invalid answers JSON.') ll = ParseGeoPt(request.get('cm-ll')) text = request.get('cm-text', '') now = datetime.datetime.utcnow() if ContainsSpam(text): # TODO(kpy): Consider applying a big downvote here instead of a 403. raise base_handler.ApiError(403, 'Crowd report text rejected as spam.') model.CrowdReport.Create(source=request.root_url, author=author, effective=now, text=text, topic_ids=topic_ids, answers=answers, location=ll) card.InvalidateReportCache(topic_ids, ll)
def Post(self, map_id): new_json = self.request.get('new_json') try: new_map_root = json.loads(new_json) except ValueError: raise base_handler.ApiError(400, 'Invalid or missing JSON data.') map_object = model.Map.Get(map_id) if not map_object: raise base_handler.ApiError(404, 'Map %s not found.' % map_id) from_maproot = ToNormalizedJson(map_object.map_root) to_maproot = ToNormalizedJson(new_map_root) html_diff = difflib.HtmlDiff(wrapcolumn=60) saved_diff = html_diff.make_file(from_maproot.splitlines(), to_maproot.splitlines(), context=True, fromdesc='Saved', todesc='Current') catalog_diffs = [] for entry in model.CatalogEntry.GetByMapId(map_id): from_maproot = ToNormalizedJson(entry.map_root) catalog_diffs.append({ 'name': entry.domain + '/' + entry.label, 'diff': html_diff.make_file(from_maproot.splitlines(), to_maproot.splitlines(), fromdesc=entry.domain + '/' + entry.label, todesc='Current', context=True) }) self.WriteJson({ 'saved_diff': saved_diff, 'catalog_diffs': catalog_diffs })
def Post(self, map_id, domain=''): # pylint: disable=unused-argument """Stores a new version of the MapRoot JSON for the specified map.""" map_object = model.Map.Get(map_id) if not map_object: raise base_handler.ApiError(404, 'Map %s not found.' % map_id) map_object.PutNewVersion(self.GetRequestJson()) self.response.set_status(201)
def CrowdReportJsonPost(auth, report_dicts): """Handles a POST submission of crowd report JSON.""" if not (auth and auth.crowd_report_write_permission): raise base_handler.ApiError(403, 'Not authorized to submit crowd reports.') now = utils.UtcToTimestamp(datetime.datetime.utcnow()) return [DictToReport(report, auth, now, auth.crowd_report_spam_check) for report in report_dicts]
def Get(self, map_id, domain=''): # pylint: disable=unused-argument """Returns the MapRoot JSON for the specified map.""" if (self.auth and self.auth.map_read_permission and map_id in self.auth.map_ids): map_object = model.Map.Get(map_id, user=perms.ROOT) else: map_object = model.Map.Get(map_id) if not map_object: raise base_handler.ApiError(404, 'Map %s not found.' % map_id) self.WriteJson(map_object.map_root)
def Post(self): """Stores a vote on a report, replacing any existing vote by this user. The query parameters are cm-report-id, which identifies the report, and cm-vote-code, which is a vote code: 'u' or 'd' or '', where '' causes any previously cast vote by this user on this report to be removed. """ if not protect.Verify(self.request, ['cm-report-id', 'cm-vote-code']): raise base_handler.ApiError(403, 'Unauthorized crowd vote.') voter = self.GetCurrentUserUrl() report_id = self.request.get('cm-report-id', '') vote_type = VOTE_TYPES_BY_CODE.get(self.request.get('cm-vote-code')) model.CrowdVote.Put(report_id, voter, vote_type)