def login_mod(req): check_login(req) login = Login(req.login.id) token = do_create_token(req, "/login") state = None if req.method == "POST": check_token(req, req.form.get("token")) login.bind(req.form, req.cfg.login_rounds) email = login.email if login.email != req.login.email else None state = login.pref(req, email=email) if 0 < state < 64: return generate_page(req, "login/login_mod.html", token=token, item=login, error=state) state = 0 if state is None else state if email: host = "%s (%s)" % (req.remote_host, req.remote_addr) send_verify_email(req, login, req.login.email, host=host, browser=req.user_agent) state |= REQUEST_FOR_EMAIL else: email = None # endif login.get(req) req.login = login return generate_page(req, "login/login_mod.html", token=token, item=login, state=state, email=email)
def admin_orders_action(req, id): check_login(req) check_token(req, req.form.get('token')) check_right(req, module_right) if req.uri.endswith('/storno'): ostate = STATE_STORNED elif req.uri.endswith('/process'): ostate = STATE_PROCESS elif req.uri.endswith('/sent'): ostate = STATE_SENT elif req.uri.endswith('/close'): ostate = STATE_CLOSED elif req.uri.endswith('/wait_for_paid'): ostate = STATE_WAIT_FOR_PAID elif req.uri.endswith('/wait_for_pick_up'): ostate = STATE_WAIT_FOR_PICK_UP else: raise SERVER_RETURN(state.HTTP_BAD_REQUEST) note = req.form.getfirst('note', '', uni) order = Order(id) if order.set_state(req, ostate, note) is None: raise SERVER_RETURN(state.HTTP_NOT_FOUND) if ostate != STATE_CLOSED: send_order_status(req, order) redirect(req, '/admin/eshop/orders/%d' % id)
def admin_store(req): check_login(req) check_right(req, module_right) pager = Pager(sort='desc') pager.bind(req.args) show = req.args.getfirst('show', '', uni) if show == 'visible': kwargs = {'state': STATE_VISIBLE} pager.set_params(show=show) elif show == 'hidden': kwargs = {'state': STATE_HIDDEN} pager.set_params(show=show) elif show == 'disabled': kwargs = {'state': STATE_DISABLED} pager.set_params(show=show) else: kwargs = {} items = Item.list(req, pager, **kwargs) return generate_page(req, "admin/eshop/store.html", token=create_token(req), pager=pager, items=items, show=show)
def admin_news(req): check_login(req) match_right(req, module_rights) show = req.args.getfirst("show", "", uni) pager = Pager(sort="desc") pager.bind(req.args) kwargs = {} if show == "ready": pager.set_params(show=show) kwargs["state"] = 2 kwargs["public_date"] = 0 elif show == "drafts": pager.set_params(show=show) kwargs["state"] = 1 else: show = None if not do_check_right(req, "news_editor"): kwargs["author_id"] = req.login.id rows = New.list(req, pager, **kwargs) return generate_page(req, "admin/news.html", pager=pager, rows=rows, show=show)
def admin_logins_enable(req, id): check_login(req, "/log_in?referer=/admin/logins") check_right(req, R_ADMIN) check_token(req, req.form.get("token")) login = Login(id) if req.login.id == login.id: # not good idea to raise SERVER_RETURN(state.HTTP_FORBIDDEN) # disable himself login.enabled = int(req.uri.endswith("/enable")) login.enable(req) redirect(req, "/admin/logins")
def admin_logins(req): check_login(req) check_right(req, R_ADMIN) error = req.args.getfirst("error", 0, int) pager = Pager(sort="asc", order="email") pager.bind(req.args) rows = Login.list(req, pager) return generate_page( req, "admin/logins.html", token=do_create_token(req, "/admin/logins"), pager=pager, rows=rows, error=error )
def user_addresses(req): check_login(req) if req.method == 'GET': return generate_page(req, "user/addresses.html", cfg_region=req.cfg.addresses_region, cfg_country=req.cfg.addresses_country) # req.method == 'PUT' # ajax put addresses = Addresses.bind(req.json) addresses.mod(req, req.login.id) req.login.get(req) req.content_type = 'application/json' return json.dumps(req.login.data.get('addresses', {}))
def admin_menu_delete(req, codebook, id): check_login(req) check_right(req, module_right) check_token(req, req.args.get('token'), uri='/admin/codebooks/%s' % codebook) Codebook = build_class(codebook) item = Codebook(id) if item.delete(req): return json_response(req) req.status = state.HTTP_BAD_REQUEST req.content_type = 'application/json' return json_response(req, {'reason': 'integrity_error'})
def user_orders(req): if not req.login: return generate_page(req, "/eshop/orders_for_logined.html") check_login(req) state = req.args.getfirst('state', -1, int) kwargs = {'client_id': req.login.id} if state >= 0: kwargs['state'] = state pager = Pager(sort='desc') items = Order.list(req, pager, **kwargs) return generate_page(req, "/eshop/orders.html", pager=pager, items=items, state=state)
def admin_news_add(req): check_login(req) match_right(req, module_rights) new = New() if req.method == "POST": new.bind(req.form, req.login.id) error = new.add(req) if error: return generate_page(req, "admin/news_mod.html", new=new, error=error) redirect(req, "/admin/news/%d" % new.id) # end new.state = 2 if do_check_right(req, "news_editor") else 1 return generate_page(req, "admin/news_mod.html", new=new)
def admin_orders_mod(req, id): check_login(req) check_right(req, module_right) order = Order(id) if order.get(req) is None: raise SERVER_RETURN(state.HTTP_NOT_FOUND) cfg = Object() cfg.addresses_country = req.cfg.addresses_country cfg.addresses_region = req.cfg.addresses_region cfg.eshop_currency = req.cfg.eshop_currency order.calculate() return generate_page(req, "admin/eshop/orders_mod.html", token=create_token(req), order=order, cfg=cfg)
def admin_item_state(req, id): check_login(req, '/log_in?referer=/admin/eshop/store') check_right(req, module_right) check_token(req, req.form.get('token'), uri='/admin/eshop/store') item = Item(id) if not item.get(req): raise SERVER_RETURN(state.HTTP_NOT_FOUND) if req.uri.endswith('/visible'): item.set_state(req, STATE_VISIBLE) elif req.uri.endswith('/hidden'): item.set_state(req, STATE_HIDDEN) else: item.set_state(req, STATE_DISABLED) redirect(req, req.referer)
def root(req): check_login(req) check_right(req, 'admin') no_section = Menu('') no_section.items = list(item for item in admin_sections if isitem(item)) x_menu = Menu(admin_sections.label) x_menu.append(no_section) x_menu.items += [item for item in admin_sections if ismenu(item)] x_menu = correct_menu(req, x_menu) # if there is only one link, redirect to it if len(x_menu) == 1 and len(x_menu[0]) == 1: redirect(req, x_menu[0][0].uri) return generate_page(req, "admin/admin.html", admin_sections=x_menu)
def root(req): check_login(req) no_section = Menu("") no_section.items = list(item for item in user_sections if isitem(item)) x_menu = Menu(user_sections.label) x_menu.append(no_section) x_menu.items += [item for item in user_sections if ismenu(item)] x_menu = correct_menu(req, x_menu) # if there is only one link, redirect to it if len(x_menu) == 1 and len(x_menu[0]) == 1: redirect(req, x_menu[0][0].uri) return generate_page(req, "user/user.html", user_sections=x_menu)
def user_orders_storno(req, id): check_login(req) # TODO: check_token check_referer(req, '/eshop/orders/%d' % id) message = req.form.getfirst('message', '', uni) order = Order(id) if order.get(req) is None: raise SERVER_RETURN(state.HTTP_NOT_FOUND) if order.client_id != req.login.id: raise SERVER_RETURN(state.HTTP_FORBIDDEN) if order.set_state(req, STATE_STORNED, usernote=message) is None: raise SERVER_RETURN(state.HTTP_NOT_FOUND) send_order_status(req, order) redirect(req, '/eshop/orders/%d' % id)
def admin_codebook_view(req, codebook): check_login(req) check_right(req, module_right) Codebook = build_class(codebook) search = req.args.getfirst('search', fce=nuni) pager = Pager(order='value') pager.bind(req.args) if search: pager.set_params(search=search) items = Codebook.list(req, Codebook, pager, search=search) return generate_page(req, "admin/codebook.html", token=create_token(req), codebook=codebook, pager=pager, items=items, search=search)
def admin_item_mod(req, id): check_login(req) check_right(req, module_right) item = Item(id) if req.method == 'POST': check_token(req, req.form.get('token')) item.bind(req.form) error = item.mod(req) if error != item: return generate_page(req, "admin/eshop/item_mod.html", item=item, error=error) if not item.get(req): # still fresh data raise SERVER_RETURN(state.HTTP_NOT_FOUND) return generate_page(req, "admin/eshop/item_mod.html", token=create_token(req), item=item)
def admin_orders(req): check_login(req) check_right(req, module_right) state = req.args.getfirst('state', -1, int) client = req.args.getfirst('client', '', uni) kwargs = {} if state >= 0: kwargs['state'] = state if client: kwargs['client'] = client pager = Pager(sort='desc') items = Order.list(req, pager, **kwargs) return generate_page(req, "admin/eshop/orders.html", pager=pager, items=items, state=state, client=client)
def admin_item_add(req): check_login(req) check_right(req, module_right) item = Item() if req.method == 'POST': check_token(req, req.form.get('token'), uri='/admin/eshop/store/add') item.bind(req.form) error = item.add(req) if error != item: return generate_page(req, "admin/eshop/item_mod.html", item=item, error=error) redirect(req, '/admin/eshop/store/%d' % item.id) # endif return generate_page(req, "admin/eshop/item_mod.html", token=create_token(req), item=item)
def admin_codebook_add_update(req, codebook, id=None): check_login(req) check_right(req, module_right) check_token(req, req.form.get('token'), uri='/admin/codebooks/%s' % codebook) Codebook = build_class(codebook) item = Codebook(id) item.bind(req.form) if not item.value: req.status = state.HTTP_BAD_REQUEST return json_response(req, {'reason': 'empty_value'}) if (item.mod(req) if id else item.add(req)): return json_response(req) req.status = state.HTTP_BAD_REQUEST return json_response(req, {'reason': 'value_exist'})
def admin_news_enable(req, id): check_login(req, "/log_in?referer=/admin/news") match_right(req, module_rights) check_referer(req, "/admin/news") new = New(id) if not new.get(req): raise SERVER_RETURN(state.HTTP_NOT_FOUND) if (not do_check_right(req, "news_editor")) and ( not (new.author_id == req.login.id and new.public_date.year == 1970) ): raise SERVER_RETURN(state.HTTP_FORBIDDEN) n_state = int(req.uri.endswith("/enable")) n_state = (n_state * 2) if new.public_date.year > 1970 else n_state new.set_state(req, n_state) redirect(req, "/admin/news")
def admin_news_mod(req, id): check_login(req) match_right(req, module_rights) new = New(id) if not new.get(req): raise SERVER_RETURN(state.HTTP_NOT_FOUND) if not do_check_right(req, "news_editor") and new.author_id != req.login.id: raise SERVER_RETURN(state.HTTP_FORBIDDEN) if req.method == "POST": new.bind(req.form) error = new.mod(req) if error != new: return generate_page(req, "admin/news_mod.html", new=new, error=error) if not new.get(req): raise SERVER_RETURN(state.HTTP_NOT_FOUND) return generate_page(req, "admin/news_mod.html", new=new)
def admin_logins_mod(req, id): check_login(req) check_right(req, R_ADMIN) token = do_create_token(req, "/admin/logins/%d" % id) login = Login(id) if req.login.id == login.id: # not good idea to remove raise SERVER_RETURN(state.HTTP_FORBIDDEN) # rights himself done = None if req.method == "POST": check_token(req, req.form.get("token")) login.bind(req.form, req.cfg.login_rounds) done = login.mod(req) if 0 < done < 64: return generate_page(req, "admin/logins_mod.html", token=token, rights=rights, item=login, error=done) # endif # endif if not login.get(req): raise SERVER_RETURN(state.HTTP_NOT_FOUND) return generate_page(req, "admin/logins_mod.html", token=token, rights=rights, item=login, state=done)
def admin_item_actions(req, item_id): check_login(req) check_right(req, module_right) check_token(req, req.args.get('token'), uri='/admin/eshop/store/%s' % item_id) action_type = req.args.getfirst('type', '', uni) if action_type == 'inc': kwargs = {'action_type': ACTION_INC} elif action_type == 'dec': kwargs = {'action_type': ACTION_DEC} elif action_type == 'pri': kwargs = {'action_type': ACTION_PRI} else: kwargs = {} kwargs['item_id'] = item_id pager = Pager(sort='desc') pager.bind(req.args) actions = list(a.__dict__ for a in Action.list(req, pager, **kwargs)) req.content_type = 'application/json' return json.dumps({'actions': actions, 'pager': pager.__dict__})
def admin_logins_add(req): check_login(req) check_right(req, R_ADMIN) token = do_create_token(req, "/admin/logins/add") if req.method == "POST": check_token(req, req.form.get("token")) login = Login() login.bind(req.form, req.cfg.login_rounds) if not req.cfg.login_created_verify_link: login.enabled = 1 login.rights = ["user"] error = login.add(req) if error: return generate_page(req, "admin/logins_mod.html", token=token, rights=rights, item=login, error=error) if req.cfg.login_created_verify_link: send_login_created(req, login) redirect(req, "/admin/logins/%d" % login.id) # endif return generate_page(req, "admin/logins_mod.html", token=token, rights=rights)
def admin_login_addresses(req, id): check_login(req) check_right(req, module_right) login = Login(id) if req.method == 'GET': if not login.get(req): raise SERVER_RETURN(state.HTTP_NOT_FOUND) return generate_page(req, "admin/logins_addresses.html", item=login, cfg_region=req.cfg.addresses_region, cfg_country=req.cfg.addresses_country) # req.method == 'PUT' # ajax put addresses = Addresses.bind(req.json) if not addresses.mod(req, id) is None: raise SERVER_RETURN(state.HTTP_NOT_FOUND) login.get(req) req.content_type = 'application/json' return json.dumps(login.data.get('addresses', {}))
def admin_item_incdec(req, id): check_login(req, '/log_in?referer=/admin/eshop/store/%s' % id) check_right(req, module_right) check_token(req, req.form.get('token'), uri='/admin/eshop/store/%s' % id) if req.uri.endswith('/inc'): action_type = ACTION_INC elif req.uri.endswith('/dec'): action_type = ACTION_DEC elif req.uri.endswith('/pri'): action_type = ACTION_PRI else: raise RuntimeError('Unknow action') action = Action.bind(req.form, action_type) item = Item(id) if not item.action(req, action) or not item.get(req): req.status = state.HTTP_NOT_FOUND req.content_type = 'application/json' return json.dumps({'reason': 'item not found'}) req.content_type = 'application/json' return json.dumps({'item': item.__dict__})