def post(self, topic_id): logged_user = users.get_current_user() if not logged_user: return self.write("Please, login first") csrf_token = self.request.get('csrf-token') mem_token = memcache.get(key=csrf_token) if not mem_token or mem_token != logged_user.email(): return self.write("This website is protected against CSRF") comment = self.request.get('comment') topic = Topic.get_by_id(int(topic_id)) if not comment: return self.write("Text field is requiered") Comment.create(content=comment, user=logged_user, topic=topic) # new_comment = Comment( # content = comment, # author_email = logged_user.email(), # topic_id = int(topic_id), # topic_title = Topic.get_by_id(int(topic_id)).title, # ) #new_comment.put() return self.redirect_to("topic-details", topic_id=topic_id)
def post(self, topic_id): current_user = self.request.cookies.get("current-user") user_email = self.request.cookies.get("user-email") if not current_user: return self.write( "Please login before you're allowed to post a topic.") # CSRF protection csrf_token = self.request.get("csrf_token") csrf_value = memcache.get(csrf_token) if str(csrf_value) != user_email: return self.write("You are hecker!") current_topic = Topic.get_by_id(int(topic_id)) content = self.request.get("get_comment") new_comment = Comment(content=content, author_username=current_user, topic_id=int(topic_id), topic_title=current_topic.title) new_comment.put() if is_local(): time.sleep(0.1) return self.redirect_to("topic-details", topic_id=int(topic_id))
def post(self, topic_id): topic = Topic.get_by_id(int(topic_id)) jwt_token = self.get_jwt_token() payload = self.decode_jwt_token(jwt_token) user_id = payload.get('user_id') user = self.user_model.get_by_id(user_id) json_data = self.request.body form_values = json.loads(json_data) comment_key = Comment( body=cgi.escape(form_values.get('comment')), author_key=user.key, topic_key=topic.key, ).put() # topicのupdatedを更新するためにtopicもput()しておく topic.put() json_response = { 'alert': 'コメントを投稿しました。', 'id': comment_key.id(), } json_response = json.dumps(json_response) self.response_json(json_response)
def topic_details(topic_id): topic = Topic.get_by_id(topic_id=topic_id) # get current user session_token = request.cookies.get("session_token") user = User.get_by_session_token(session_token=session_token) # START test background tasks TODO: delete this code if os.getenv('REDIS_URL'): from tasks import get_random_num get_random_num() # END test background tasks csrf_token = None if user: csrf_token = set_csrf_token(username=user.username) # get comments comments = Comment.get_comments(topic_id=topic_id) return render_template("topic/topic_details.html", topic=topic, user=user, csrf_token=csrf_token, comments=comments)
def post(self, topic_id): topic = Topic.get_by_id(int(topic_id)) user = users.get_current_user() if topic.author_email == user.email() or users.is_current_user_admin(): topic.deleted = True topic.put() return self.redirect("/")
def get(self, topic_id): topic = Topic.get_by_id(int(topic_id)) comments = Comment.filter_by_topic(int(topic_id)).order( Comment.created).fetch() logged_user = users.get_current_user() is_subscribed = logged_user and topic.author_email == logged_user.email( ) if logged_user and not is_subscribed: # check if user asked to be subscribed is_subscribed = TopicSubscription.is_user_subscribed( logged_user, topic) context = { "topic": topic, "comments": comments, "can_delete": users.is_current_user_admin() or (logged_user and topic.author_email == logged_user.email()), "is_subscribed": is_subscribed, "user": logged_user, } return self.render_template("topic_details.html", params=context, generate_csrf_token=True)
def get(self, topic_id): topic = Topic.get_by_id(int(topic_id)) return self.write( json.dumps({ "title": topic.title, "content": topic.content, }))
def post(self, topicid): user = users.get_current_user() if not user: return self.write("Please, login before") csrf_token = self.request.get("paco") mem_token = memcache.get(key=csrf_token) if not mem_token: return self.write("This website es protected") comment_value = self.request.get("comment") if "<script>" in comment_value: return self.write("No Hack script") if not comment_value: return self.write("Required") topic = Topic.get_by_id(int(topicid)) #new_comment = Comment( # content=comment_value, # author_email=user.email(), # topicid=topic.key.id(), #topic_title=topic.title #) #new_comment.put() Comment.create(content=comment_value, user=user, topic=topic) return self.redirect_to("topic-detail", topicid=topic.key.id())
def get(self, topic_id): topic = Topic.get_by_id(int(topic_id)) user = users.get_current_user() comments = Comment.query(Comment.topic_id == topic.key.id(), Comment.deleted == False).order( Comment.created).fetch() comments_sum = len(comments) if user: subscriber = Subscription.query( Subscription.topic_id == topic.key.id(), Subscription.deleted == False, Subscription.subscriber_email == user.email()).get() else: subscriber = "" params = { "topic": topic, "comments": comments, "comments_sum": comments_sum, "user": user, "subscriber": subscriber } return self.render_template("topic.html", params=params)
def post(self, topic_id): topic = Topic.get_by_id(int(topic_id)) user = users.get_current_user() Subscription.delete_sub(topic=topic, subscriber_email=user.email()) return self.redirect_to("topic", topic_id=topic.key.id())
def post(self, topic_id): if not topic_id: return self.write( 'Error trying to write a comment into undefined topic!') topic = Topic.get_by_id(int(topic_id)) logged_user = users.get_current_user() if not logged_user: return self.write( 'Please login to be allowed to post a new comment.') content = self.request.get('comment') if (not content) or (not content.strip()): return self.write('Empty comments are not allowed!') new_comment = Comment.create( content=content, user=logged_user, topic=topic, ) flash = { 'flash_message': 'Comment added successfully', 'flash_class': 'alert-success', } return self.redirect_to('topic-details', topic_id=topic_id, **flash)
def get(self, topic_id): topic = Topic.get_by_id(int(topic_id)) comments = Comment.query(Comment.topic_id == topic.key.id(), Comment.deleted == False).count() return self.write(comments)
def get(self, topic_id): topic = Topic.get_by_id(int(topic_id)) comments = Comment.query(Comment.topic_id == topic.key.id(), Comment.deleted == False).order(Comment.created).fetch() params = {"topic": topic, "comments": comments} return self.render_template_with_csrf("topic_details.html", params=params)
def topic_edit(topic_id): topic = Topic.get_by_id(topic_id=topic_id) if request.method == "GET": return render_template("topic/topic_edit.html", topic=topic) elif request.method == "POST": title = request.form.get("title") text = request.form.get("text") # get current user (author) session_token = request.cookies.get("session_token") user = User.get_by_session_token(session_token=session_token) # check if user is logged in and user is author if not user: return redirect(url_for('auth.login')) elif topic.author_id != user._id: return "You are not the author!" else: # if user IS logged in and current user IS author Topic.edit_topic(topic_id=topic_id, updates_dict={ "title": title, "text": text }) return redirect(url_for('topic.topic_details', topic_id=topic_id))
def post(self, topic_id): # Check if there is an user and if it's either an admin or the topic author user = CustomUser.get_current_user(self) if not user: return self.redirect("/") if not user.is_current_user_admin() and not user.is_author(topic_id): return self.redirect("/") if not CSRF.validate_token(self.request.get('csrf_token')): return self.write("CSRF fail") # Delete the topic topic = Topic.get_by_id(int(topic_id)) topic.deleted = True topic.put() # Also delete all comments belonging to the topic comments = Comment.query(Comment.topic_id == int(topic_id)).fetch() for comment in comments: comment.deleted = True comment.put() return self.redirect("/")
def get(self, topic_id): user = users.get_current_user() if user.nickname() in ADMINS or user.nickname() == Topic.get_by_id( int(topic_id)).author: args = {} self.base_args(user, args) self.render_template("open-topic.html", args)
def is_author(self, topic_id): current_topic = Topic.get_by_id(int(topic_id)) if (current_topic.user_email == self.str_email): return True else: return False
def post(self, topic_id): content = cgi.escape(self.request.get("content")) topic = Topic.get_by_id(int(topic_id)) Comment.create_comment(topic_id, content) return self.redirect_to("topic-details", topic_id=topic.key.id())
def topic_details(topic_id): topic = Topic.get_by_id(topic_id=topic_id) # get current user session_token = request.cookies.get("session_token") user = User.get_by_session_token(session_token=session_token) return render_template("topic_details.html", topic=topic, user=user)
def post(self, topic_id): user = users.get_current_user() if not user: return self.write("You're not logged in.") text = cgi.escape(self.request.get("comment")) topic = Topic.get_by_id(int(topic_id)) new_comment = Comment.create(text, user, topic) return self.redirect_to("topic-details", topic_id=topic.key.id())
def get(self, topic_id): user=users.get_current_user() topic = Topic.get_by_id(int(topic_id)) comment=Comment.query(Comment.topic_id==topic.key.id(), Comment.deleted==False).order(Comment.created).fetch() csrf_token=str(uuid.uuid4()) memcache.add(key=user.email(), value=csrf_token, time=600) params={"topic": topic, "comments": comment, "csrf_token": csrf_token} return self.render_template("topic_details.html", params=params)
def post(self, topic_id): user = users.get_current_user() topic = Topic.get_by_id(int(topic_id)) if topic.author_email == user.email() or users.is_current_user_admin(): Topic.delete(topic=topic) return self.redirect_to("main-page")
def post(self, topic_id): current_topic = Topic.get_by_id(int(topic_id)) current_topic.deleted = True current_topic.put() if is_local(): time.sleep(0.1) return self.redirect_to("main-page")
def post(self, topic_id): """ save new comment to database """ user = User.logged_in_user() topic = Topic.get_by_id(int(topic_id)) content = self.request.get('content') Comment.create(content, user, topic) return self.redirect_to('topic-details', topic_id=int(topic_id))
def post(self, topic_id): topic = Topic.get_by_id(int(topic_id)) user = users.get_current_user() #check if the user is admin or author otherwise can't delete if topic.user_email == user.email() or users.is_current_user_admin(): topic.deleted = True topic.put() return self.redirect('/')
def get(self, topicid): topic_value = Topic.get_by_id(int(topicid)) comment = Comment.query(Comment.topicid == topic_value.key.id(), Comment.deleted == False).order(Comment.created).fetch() csrf_token = str(uuid.uuid4()) memcache.add(key=csrf_token, value=True, time=600) context = {"topic": topic_value, "comment": comment, "csrf_token": csrf_token} return self.render_template("detail.html", params=context)
def get(self, details_id): comments = Comment.query().fetch() topic = Topic.get_by_id(int(details_id)) output = { "topic": topic, "comments": comments } return self.render_template("topic_details.html", output)
def get(self, topic_id): topic = Topic.get_by_id(int(topic_id)) context = { "topic": topic, } return self.render_template_with_csrf("topic_subscribe.html", params=context)
def post(self, comment_id): comment = Comment.get_by_id(int(comment_id)) comment.deleted = True comment.put() topic = Topic.get_by_id(comment.the_topic_id) topic.num_comments -= 1 topic.put() self.redirect("/topic/" + str(comment.the_topic_id))
def post(self, topic_id): user = users.get_current_user() text = self.request.get('comment-text') topic = Topic.get_by_id(int(topic_id)) Comment.create(content=text, user=user, topic=topic) return self.redirect_to("topic-details", topic_id=topic.key.id())
def post(self, topic_id): user = users.get_current_user() topic = Topic.get_by_id(int(topic_id)) new_subscription = Subscription(email=user.email(), topic_id=topic.key.id()) # subscriptions = Subscription.query().fetch() new_subscription.put() return self.redirect_to("topic-details", topic_id=topic.key.id())
def post(self, topic_id): topic = Topic.get_by_id(int(topic_id)) topic.title = self.request.get("title") topic.content = self.request.get("content") topic.tags = self.request.get("all-tags").split(",") topic.updated = datetime.datetime.now() topic.updated_by = users.get_current_user().nickname() topic.put() self.redirect("/topic/" + str(topic_id))
def post(self, topic_id): user = users.get_current_user() author = user.nickname() content = self.request.get("content") post_comment = self.request.get("post-comment") subscribe_button = self.request.get("subscribe-button") if post_comment: if content: comment = Comment.create(author, content, int(topic_id)) Topic.add_comment(int(topic_id), comment.created, comment.author) the_user = "" for usr in User.query(User.email == user.email()).fetch(): the_user = usr topic = Topic.get_by_id(int(topic_id)) subscriber_query = topic.subscribers for email in subscriber_query: if email != user.email(): # don't send email update to the author of the comment email_new_comment(the_user.first_name, Topic.get_by_id(int(topic_id)).title, str(topic_id), email) self.redirect('/topic/' + str(topic_id)) else: self.redirect('/topic/' + str(topic_id)) elif subscribe_button: topic = Topic.get_by_id(int(topic_id)) user = users.get_current_user() user_email = user.email() if user_email in topic.subscribers: topic.subscribers.remove(user_email) else: topic.subscribers.append(user_email) topic.put() self.redirect("/topic/" + str(topic_id))
def get(self, topic_id): user = users.get_current_user() topic = Topic.get_by_id(int(topic_id)) if user.nickname() in ADMINS or user.nickname() == topic.author: args = {} args["topic_title"] = topic.title args["topic_content"] = topic.content args["tags"] = topic.tags self.base_args(user, args) self.render_template("edit-topic.html", args) else: self.redirect('/topic/' + topic_id)
def get(self, topic_id): user = users.get_current_user() args = {} topic = Topic.get_by_id(int(topic_id)) args["topic"] = topic if user: if user.nickname() in ADMINS: args["admin"]=True if user.email() in topic.subscribers: args["subscribed"] = True self.base_args(user, args) args["comments"] = Comment.query(Comment.deleted==False, Comment.the_topic_id==int(topic_id)).order(Comment.created).fetch() self.render_template("topic.html", args)
def post(self, topic_id): topic = Topic.get_by_id(int(topic_id)) topic.closed=False topic.put() self.redirect("/topic/" + topic_id)
def post(self, topic_id): topic = Topic.get_by_id(int(topic_id)) topic.deleted = True topic.put() self.redirect("/")
def get(self, topic_id): user = users.get_current_user() if user.nickname() in ADMINS or user.nickname() == Topic.get_by_id(int(topic_id)).author: args = {} self.base_args(user, args) self.render_template("open-topic.html", args)