def post(self):
user = users.get_current_user()
if not user:
return self.write("Please login before you're allowed to post a topic.")
title = self.request.get("title")
text = self.request.get("text")
new_topic = Topic(title=title, content=text, author_email=user.email())
new_topic.put() # put() saves the object in Datastore
return self.write("Topic successfully created!")
def post(self):
email = users.get_current_user().email()
# cgi disables option to post html or javascript in form fields
title = cgi.escape(self.request.get("title"))
content = cgi.escape(self.request.get("content"))
# user_id can't be retrived from google.appengine.api
new_topic = Topic(user_id=email, title=title, content=content)
# save topic to database
new_topic.put()
new_topic_id = new_topic.key.id()
return self.redirect_to("topic-details", topic_id=new_topic.key.id())
def post(self):
user = users.get_current_user()
if not user:
return self.write(
"Please login before you're allowed to post a topic.")
title = self.request.get("title")
text = self.request.get("text")
new_topic = Topic(title=title, content=text, author_email=user.email())
new_topic.put() # put() saves the object in Datastore
return self.redirect_to("topic-details", topic_id=new_topic.key.id())
def post(self):
user = users.get_current_user()
csrf_token = self.request.get("csrf_token")
mem_token = memcache.get(key=csrf_token)
if not mem_token:
return self.write("Hacker at the doors")
title = self.request.get("title")
text = self.request.get("text")
new_topic = Topic(title=title, content=text, author_email=user.email())
new_topic.put()
return self.redirect_to("topic-details", topic_id=new_topic.key.id())
def test_topic_details_handler(self):
# Create test topic
title = "Some new topic"
content = "This is a new topic. Just for testing purposes."
topic = Topic(user_id=os.environ['USER_EMAIL'],
title=title,
content=content)
topic.put()
# GET
topic = Topic.query().get()
get = self.testapp.get('/topic/details/' + str(topic.key.id()))
self.assertEqual(get.status_int, 200)
self.assertEqual(topic.title, title)
# POST
# 1. POST test comment via '/topic/details/<topic_id>'
csrf_token = str(uuid.uuid4())
memcache.add(key=csrf_token, value=True, time=600)
content = "This is a new comment. Just for testing purposes."
params = {"content": content, "csrf_token": csrf_token}
# topic_id is extracted from request when creating comment via TopicDetails handler
# Comment.save_comment(topic_id, content)
post = self.testapp.post('/topic/details/' + str(topic.key.id()),
params)
self.assertEqual(post.status_int, 302)
comment = Comment.query().get()
self.assertEqual(comment.content, content)
# 2. POST test subscription via '/topic/details/<topic_id>'
params = {"csrf_token": csrf_token}
# topic_id is extracted from request when creating comment via TopicDetails handler
# Subscription.save_comment(topic_id, user_id)
post = self.testapp.post('/topic/details/' + str(topic.key.id()),
params)
self.assertEqual(post.status_int, 302)
subscription = Subscription.query().get()
self.assertEqual(subscription.user_id, os.environ['USER_EMAIL'])
def post(self):
user = users.get_current_user()
if not user:
return self.write(
"Please login before you're allowed to post a topic.")
csrf_token = self.request.get("csrf_token")
mem_token = memchace.get(key=csrf_token)
if not mem_token:
return self.write("You are evil attacker...")
title = self.request.get("title")
text = self.request.get("text")
new_topic = Topic(title=title, content=text, author_email=user.email())
new_topic.put() # put() saves the object in Datastore
return self.redirect_to("topic_details", topic_id=new_topic.key.id())
def test_topic_delete_handler(self):
# Create test topic
title = "Some new topic"
content = "This is a new topic. Just for testing purposes."
topic = Topic(user_id=os.environ['USER_EMAIL'],
title=title,
content=content)
topic.put()
# Delete test topic via '/topic/delete/<topic_id>'
csrf_token = str(uuid.uuid4())
memcache.add(key=csrf_token, value=True, time=600)
topic = Topic.query().get()
params = {"csrf_token": csrf_token}
post = self.testapp.post('/topic/delete/' + str(topic.key.id()),
params)
self.assertEqual(post.status_int, 302)
# check if topic.deleted field was set to True
self.assertEqual(topic.deleted, True)