def _extract_article_sub(request, article): """ Extract placeholders substitution strings from the article object """ article_url = h.article_url(request, article) res = { 'article_title': article.title, 'article_url': article_url } return res
def latest_rss(request): """ Create rss feed with the latest published articles and return them as the atom feed """ _ = request.translate dbsession = DBSession() q = dbsession.query(Article).options(joinedload('tags'))\ .options(joinedload('user'))\ .filter(Article.is_draft==False).order_by(Article.updated.desc()) articles = q[0:10] rss_title = get_config('site_title') + ' - ' + _('Latest articles feed') site_base_url = get_config('site_base_url') items = [] ''' feed = Rss201rev2Feed( title=rss_title, link=site_base_url, description='', language='en') ''' for a in articles: link = h.article_url(request, a) tags_list = [] for t in a.tags: tags_list.append(t.tag) items.append(RSSItem(title=a.title, link=link, description=a.rendered_preview, pubDate=h.timestamp_to_dt(a.published), guid=str(a.id))) feed = RSS2( title=rss_title, link=site_base_url, description='', items=items ) response = Response(body=feed.to_xml(encoding='utf-8'), content_type='application/rss+xml') return response
def view_article(request): shortcut_date = request.matchdict['shortcut_date'] shortcut = request.matchdict['shortcut'] dbsession = DBSession() q = dbsession.query(Article).filter(Article.shortcut_date == shortcut_date)\ .filter(Article.shortcut == shortcut) user = request.user if not user.has_role('editor'): q = q.filter(Article.is_draft==False) article = q.first() if article is None: return HTTPNotFound() if 'commentid' in request.GET: # redirect to comment URL, this trick is required because some # browsers don't reload page after changing page anchor (e.g. http://example.com/index#abc) comment_url = h.article_url(request, article) + '#comment-' + request.GET['commentid'] return HTTPFound(location=comment_url) return _view_article(request, article=article)
def _extract_comment_sub(request, comment): """ Extract placeholders substitution strings from the comment object """ author_name = comment.display_name author_email = comment.email if comment.user is not None: author_name = comment.user.display_name author_email = comment.user.email # construct comment link article = comment.article comment_url = h.article_url(request, article) + '#comment-' + str(comment.id) comment_date = h.timestamp_to_str(comment.published) res = { 'comment_author_email': author_email, 'comment_author_name': author_name, 'comment_text': comment.body, 'comment_date': comment_date, 'comment_url': comment_url } return res
def add_article_comment_ajax(request): _ = request.translate article_id = int(request.matchdict['article_id']) dbsession = DBSession() q = dbsession.query(Article).filter(Article.id == article_id) user = request.user if not user.has_role('editor') or not user.has_role('admin'): q = q.filter(Article.is_draft==False) article = q.first() if article is None or not article.is_commentable: return HTTPNotFound() if 's' not in request.POST: return HTTPBadRequest() json = {} key = request.POST['s'] # all data elements are constructed from the string "key" as substrings body_ind = key[3:14] parent_ind = key[4:12] display_name_ind = key[0:5] email_ind = key[13:25] website_ind = key[15:21] is_subscribed_ind = key[19:27] for ind in (body_ind, parent_ind, display_name_ind, email_ind, website_ind): if ind not in request.POST: return HTTPBadRequest() body = request.POST[body_ind] if len(body) == 0: return {'error': _('Empty comment body is not allowed.')} comment = Comment() comment.set_body(body) user = request.user if user.kind != 'anonymous': comment.user_id = user.id else: # get "email", "display_name" and "website" arguments comment.display_name = request.POST[display_name_ind] comment.email = request.POST[email_ind] comment.website = request.POST[website_ind] # remember email, display_name and website in browser cookies request.response.set_cookie('comment_display_name', comment.display_name, max_age=31536000) request.response.set_cookie('comment_email', comment.email, max_age=31536000) request.response.set_cookie('comment_website', comment.website, max_age=31536000) # set parent comment parent_id = request.POST[parent_ind] try: parent_id = int(parent_id) except ValueError: parent_id = None if parent_id: parent = dbsession.query(Comment).filter(Comment.id == parent_id)\ .filter(Comment.article_id == article_id).first() if parent is not None: if not parent.is_approved: # data = { 'error': _('Answering to not approved comment')} return json.dumps(data) comment.parent_id = parent_id comment.article_id = article_id if is_subscribed_ind in request.POST: comment.is_subscribed = True # this list contains notifications ns = [] # if user has subscribed to answer then check is his/her email verified # if doesn't send verification message to the email if is_subscribed_ind in request.POST: vrf_email = '' if user.kind != 'anonymous': vrf_email = user.email elif request.POST[email_ind]: vrf_email = request.POST[email_ind] vrf_email = normalize_email(vrf_email) if vrf_email: # email looks ok so proceed send_evn = False vf = dbsession.query(VerifiedEmail).filter(VerifiedEmail.email == vrf_email).first() vf_token = '' if vf is not None: if not vf.is_verified: diff = time() - vf.last_verify_date #if diff > 86400: if diff > 1: # delay between verifications requests must be more than 24 hours send_evn = True vf.last_verify_date = time() vf_token = vf.verification_code else: send_evn = True vf = VerifiedEmail(vrf_email) vf_token = vf.verification_code dbsession.add(vf) if send_evn: ns.append(notifications.gen_email_verification_notification(request, vrf_email, vf_token)) request.response.set_cookie('is_subscribed', 'true' if comment.is_subscribed else 'false', max_age=31536000) # automatically approve comment if user has role "admin", "writer" or "editor" if user.has_role('admin') or user.has_role('writer') \ or user.has_role('editor'): comment.is_approved = True # TODO: also automatically approve comment if it's considered as safe: # i.e. without hyperlinks, spam etc # check how much hyperlinks in the body string if len(re.findall('https?://', body, flags=re.IGNORECASE)) <= 1: comment.is_approved = True # record commenter ip address comment.ip_address = request.environ.get('REMOTE_ADDR', 'unknown') comment.xff_ip_address = request.environ.get('X_FORWARDED_FOR', None) dbsession.add(comment) _update_comments_counters(dbsession, article) dbsession.flush() dbsession.expunge(comment) # remove object from the session, object state is preserved dbsession.expunge(article) transaction.commit() # to delete, probably # comment added, now send notifications loop_limit = 100 comment = dbsession.query(Comment).get(comment.id) parent = comment.parent admin_email = get_config('admin_notifications_email') vf_q = dbsession.query(VerifiedEmail) notifications_emails = [] while parent is not None and loop_limit > 0: loop_limit -= 1 c = parent parent = c.parent # walk up the tree if not c.is_subscribed: continue # find email email = None if c.user is None: email = c.email else: email = c.user.email if email is None or email == admin_email: continue email = normalize_email(email) if email in notifications_emails: continue vf = vf_q.filter(VerifiedEmail.email == email).first() if vf is not None and vf.is_verified: # send notification to "email" ns.append(notifications.gen_comment_response_notification(request, article, comment, c, email)) admin_notifications_email = normalize_email(get_config('admin_notifications_email')) for nfn in ns: if nfn is None: continue if nfn.to == admin_notifications_email: continue nfn.send() # create special notification for the administrator nfn = notifications.gen_new_comment_admin_notification(request, article, comment) if nfn is not None: nfn.send() # cosntruct comment_id # we're not using route_url() for the article because stupid Pyramid urlencodes fragments comment_url = h.article_url(request, article) + '?commentid=' + str(comment.id) # return rendered comment data = { 'body': comment.rendered_body, 'approved': comment.is_approved, 'id': comment.id, 'url': comment_url } return data