def login_mod(req):
check_login(req)
login = Login(req.login.id)
token = do_create_token(req, "/login")
state = None
if req.method == "POST":
check_token(req, req.form.get("token"))
login.bind(req.form, req.cfg.login_rounds)
email = login.email if login.email != req.login.email else None
state = login.pref(req, email=email)
if 0 < state < 64:
return generate_page(req, "login/login_mod.html", token=token, item=login, error=state)
state = 0 if state is None else state
if email:
host = "%s (%s)" % (req.remote_host, req.remote_addr)
send_verify_email(req, login, req.login.email, host=host, browser=req.user_agent)
state |= REQUEST_FOR_EMAIL
else:
email = None
# endif
login.get(req)
req.login = login
return generate_page(req, "login/login_mod.html", token=token, item=login, state=state, email=email)
def verify(req, servis_hash):
login = Login()
status = login.verify(req, servis_hash)
if status is True:
do_login(req, login.simple())
redirect(req, "/")
elif status == OK:
return generate_page(req, "/login/email_verificated.html")
else:
return generate_page(req, "/login/email_verificated.html", error=status, item=login)
def news_locale_detail(req, locale, id):
new = New(id)
if not new.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
return generate_page(req, "news_detail.html", new=new, locale=locale)
def login(req):
referer = req.args.getfirst("referer", "", str)
data = Object(referer=referer, email="")
if req.method == "POST":
login = Login()
login.bind(req.form, req.cfg.login_rounds)
ip = "ip" in req.form
if login.find(req):
do_login(req, login.simple(), ip)
if referer:
redirect(req, referer)
if "admin" in login.rights or "super" in login.rights:
redirect(req, "/admin")
redirect(req, "/")
data.ip = ip
data.email = login.email
data.error = BAD_LOGIN
return generate_page(
req, "login.html", data=data, sign_up=req.cfg.login_sign_up, password_link=req.cfg.login_forget_password_link
)
def admin_news(req):
check_login(req)
match_right(req, module_rights)
show = req.args.getfirst("show", "", uni)
pager = Pager(sort="desc")
pager.bind(req.args)
kwargs = {}
if show == "ready":
pager.set_params(show=show)
kwargs["state"] = 2
kwargs["public_date"] = 0
elif show == "drafts":
pager.set_params(show=show)
kwargs["state"] = 1
else:
show = None
if not do_check_right(req, "news_editor"):
kwargs["author_id"] = req.login.id
rows = New.list(req, pager, **kwargs)
return generate_page(req, "admin/news.html", pager=pager, rows=rows, show=show)
def admin_store(req):
check_login(req)
check_right(req, module_right)
pager = Pager(sort='desc')
pager.bind(req.args)
show = req.args.getfirst('show', '', uni)
if show == 'visible':
kwargs = {'state': STATE_VISIBLE}
pager.set_params(show=show)
elif show == 'hidden':
kwargs = {'state': STATE_HIDDEN}
pager.set_params(show=show)
elif show == 'disabled':
kwargs = {'state': STATE_DISABLED}
pager.set_params(show=show)
else:
kwargs = {}
items = Item.list(req, pager, **kwargs)
return generate_page(req, "admin/eshop/store.html",
token=create_token(req),
pager=pager, items=items, show=show)
def user_orders(req):
if not req.login:
return generate_page(req, "/eshop/orders_for_logined.html")
check_login(req)
state = req.args.getfirst('state', -1, int)
kwargs = {'client_id': req.login.id}
if state >= 0:
kwargs['state'] = state
pager = Pager(sort='desc')
items = Order.list(req, pager, **kwargs)
return generate_page(req, "/eshop/orders.html", pager=pager, items=items,
state=state)
def sign_up(req):
if req.method == "POST":
robot = True if req.form.getfirst("robot", "", str) else False
qid = int(req.form.getfirst("qid", "0", str), 16)
question, answer = robot_questions[qid]
check = req.form.getfirst("answer", "", str) == answer
login = Login()
login.bind(req.form, req.cfg.login_rounds)
if robot or not check:
return generate_page(
req,
"/login/login_mod.html",
item=login,
question=question,
answer=answer,
check=check,
qid=hex(qid),
form=req.form,
)
error = login.add(req, True)
if error:
return generate_page(
req,
"/login/login_mod.html",
item=login,
error=error,
question=question,
answer=answer,
check=check,
qid=hex(qid),
form=req.form,
password_link=req.cfg.login_forget_password_link,
)
send_login_created(req, login)
return generate_page(req, "/login/waiting_for_verification.html", item=login)
# endif
qid = randint(0, len(robot_questions) - 1)
question, answer = robot_questions[qid]
return generate_page(
req, "/login/login_mod.html", item=Object(), question=question, answer=answer, qid=hex(qid), form=Object()
)
def news_list(req, locale=None):
locale = locale if locale else get_lang(req)
pager = Pager(limit=5, sort="desc", order="create_date")
pager.bind(req.args)
rows = New.list(req, pager, body=True, public=1, locale=(locale, ""))
return generate_page(req, "news_list.html", pager=pager, rows=rows, lang=locale)
def admin_news_add(req):
check_login(req)
match_right(req, module_rights)
new = New()
if req.method == "POST":
new.bind(req.form, req.login.id)
error = new.add(req)
if error:
return generate_page(req, "admin/news_mod.html", new=new, error=error)
redirect(req, "/admin/news/%d" % new.id)
# end
new.state = 2 if do_check_right(req, "news_editor") else 1
return generate_page(req, "admin/news_mod.html", new=new)
def admin_item_mod(req, id):
check_login(req)
check_right(req, module_right)
item = Item(id)
if req.method == 'POST':
check_token(req, req.form.get('token'))
item.bind(req.form)
error = item.mod(req)
if error != item:
return generate_page(req, "admin/eshop/item_mod.html",
item=item, error=error)
if not item.get(req): # still fresh data
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
return generate_page(req, "admin/eshop/item_mod.html",
token=create_token(req), item=item)
def eshop_orders_eshop(req):
do_check_mgc(req)
pager = Pager()
pager.bind(req.args)
items = Item.list(req, pager, state=STATE_VISIBLE)
return generate_page(req, "eshop/eshop.html",
token=create_token(req),
cfg_currency=req.cfg.eshop_currency,
pager=pager, items=items)
def eshop_orders_detail(req, id):
do_check_mgc(req)
item = Item(id)
if not item.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
item.attachments = Attachment.list(req, Pager(),
object_type='eshop_item', object_id=id)
return generate_page(req, "eshop/item_detail.html",
token=create_token(req),
item=item, cfg_currency=req.cfg.eshop_currency)
def admin_item_add(req):
check_login(req)
check_right(req, module_right)
item = Item()
if req.method == 'POST':
check_token(req, req.form.get('token'), uri='/admin/eshop/store/add')
item.bind(req.form)
error = item.add(req)
if error != item:
return generate_page(req, "admin/eshop/item_mod.html",
item=item, error=error)
redirect(req, '/admin/eshop/store/%d' % item.id)
# endif
return generate_page(req, "admin/eshop/item_mod.html",
token=create_token(req), item=item)
def admin_news_mod(req, id):
check_login(req)
match_right(req, module_rights)
new = New(id)
if not new.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
if not do_check_right(req, "news_editor") and new.author_id != req.login.id:
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
if req.method == "POST":
new.bind(req.form)
error = new.mod(req)
if error != new:
return generate_page(req, "admin/news_mod.html", new=new, error=error)
if not new.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
return generate_page(req, "admin/news_mod.html", new=new)
def admin_logins(req):
check_login(req)
check_right(req, R_ADMIN)
error = req.args.getfirst("error", 0, int)
pager = Pager(sort="asc", order="email")
pager.bind(req.args)
rows = Login.list(req, pager)
return generate_page(
req, "admin/logins.html", token=do_create_token(req, "/admin/logins"), pager=pager, rows=rows, error=error
)
def forgotten_password(req):
if req.method == "POST":
robot = True if req.form.getfirst("robot", "", str) else False
qid = int(req.form.getfirst("qid", "0", str), 16)
question, answer = robot_questions[qid]
check = req.form.getfirst("answer", "", str) == answer
login = Login()
login.email = req.form.getfirst("email", "", str).strip()
if robot or not check or not login.check_email():
return generate_page(
req,
"/login/forgotten_password.html",
ttl=req.cfg.login_ttl_of_password_link,
form=req.form,
question=question,
answer=answer,
check=check,
qid=hex(qid),
)
login.log_in_link(req)
host = "%s (%s)" % (req.remote_host, req.remote_addr)
send_log_in_link(req, login, host=host, browser=req.user_agent)
return generate_page(req, "/login/verify_link_send.html", item=login)
qid = randint(0, len(robot_questions) - 1)
question, answer = robot_questions[qid]
return generate_page(
req,
"/login/forgotten_password.html",
ttl=req.cfg.login_ttl_of_password_link,
form=Object(),
question=question,
answer=answer,
qid=hex(qid),
)
def admin_logins_add(req):
check_login(req)
check_right(req, R_ADMIN)
token = do_create_token(req, "/admin/logins/add")
if req.method == "POST":
check_token(req, req.form.get("token"))
login = Login()
login.bind(req.form, req.cfg.login_rounds)
if not req.cfg.login_created_verify_link:
login.enabled = 1
login.rights = ["user"]
error = login.add(req)
if error:
return generate_page(req, "admin/logins_mod.html", token=token, rights=rights, item=login, error=error)
if req.cfg.login_created_verify_link:
send_login_created(req, login)
redirect(req, "/admin/logins/%d" % login.id)
# endif
return generate_page(req, "admin/logins_mod.html", token=token, rights=rights)
def admin_logins_mod(req, id):
check_login(req)
check_right(req, R_ADMIN)
token = do_create_token(req, "/admin/logins/%d" % id)
login = Login(id)
if req.login.id == login.id: # not good idea to remove
raise SERVER_RETURN(state.HTTP_FORBIDDEN) # rights himself
done = None
if req.method == "POST":
check_token(req, req.form.get("token"))
login.bind(req.form, req.cfg.login_rounds)
done = login.mod(req)
if 0 < done < 64:
return generate_page(req, "admin/logins_mod.html", token=token, rights=rights, item=login, error=done)
# endif
# endif
if not login.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
return generate_page(req, "admin/logins_mod.html", token=token, rights=rights, item=login, state=done)
def user_addresses(req):
check_login(req)
if req.method == 'GET':
return generate_page(req, "user/addresses.html",
cfg_region=req.cfg.addresses_region,
cfg_country=req.cfg.addresses_country)
# req.method == 'PUT' # ajax put
addresses = Addresses.bind(req.json)
addresses.mod(req, req.login.id)
req.login.get(req)
req.content_type = 'application/json'
return json.dumps(req.login.data.get('addresses', {}))
def root(req):
check_login(req)
no_section = Menu("")
no_section.items = list(item for item in user_sections if isitem(item))
x_menu = Menu(user_sections.label)
x_menu.append(no_section)
x_menu.items += [item for item in user_sections if ismenu(item)]
x_menu = correct_menu(req, x_menu)
# if there is only one link, redirect to it
if len(x_menu) == 1 and len(x_menu[0]) == 1:
redirect(req, x_menu[0][0].uri)
return generate_page(req, "user/user.html", user_sections=x_menu)
def root(req):
check_login(req)
check_right(req, 'admin')
no_section = Menu('')
no_section.items = list(item for item in admin_sections if isitem(item))
x_menu = Menu(admin_sections.label)
x_menu.append(no_section)
x_menu.items += [item for item in admin_sections if ismenu(item)]
x_menu = correct_menu(req, x_menu)
# if there is only one link, redirect to it
if len(x_menu) == 1 and len(x_menu[0]) == 1:
redirect(req, x_menu[0][0].uri)
return generate_page(req, "admin/admin.html", admin_sections=x_menu)
def admin_orders_mod(req, id):
check_login(req)
check_right(req, module_right)
order = Order(id)
if order.get(req) is None:
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
cfg = Object()
cfg.addresses_country = req.cfg.addresses_country
cfg.addresses_region = req.cfg.addresses_region
cfg.eshop_currency = req.cfg.eshop_currency
order.calculate()
return generate_page(req, "admin/eshop/orders_mod.html",
token=create_token(req),
order=order, cfg=cfg)
def admin_codebook_view(req, codebook):
check_login(req)
check_right(req, module_right)
Codebook = build_class(codebook)
search = req.args.getfirst('search', fce=nuni)
pager = Pager(order='value')
pager.bind(req.args)
if search:
pager.set_params(search=search)
items = Codebook.list(req, Codebook, pager, search=search)
return generate_page(req, "admin/codebook.html",
token=create_token(req), codebook=codebook,
pager=pager, items=items, search=search)
def admin_orders(req):
check_login(req)
check_right(req, module_right)
state = req.args.getfirst('state', -1, int)
client = req.args.getfirst('client', '', uni)
kwargs = {}
if state >= 0:
kwargs['state'] = state
if client:
kwargs['client'] = client
pager = Pager(sort='desc')
items = Order.list(req, pager, **kwargs)
return generate_page(req, "admin/eshop/orders.html", pager=pager,
items=items, state=state, client=client)
def eshop_cart_address(req, cart=None, error=None):
do_check_mgc(req)
cart = cart or ShoppingCart(req)
# get method returns HTML Form
cfg = Object()
cfg.addresses_country = req.cfg.addresses_country
cfg.addresses_region = req.cfg.addresses_region
cfg.eshop_currency = req.cfg.eshop_currency
# all defined transportation (for universal use):
for key, val in req.cfg.__dict__.items():
if key.startswith('eshop_transportation_'):
cfg.__dict__[key[6:]] = val
elif key.startswith('eshop_payment_'):
cfg.__dict__[key[6:]] = val
# GET method only view shopping cart - no store was needed
return generate_page(req, "eshop/shopping_address.html",
token=create_token(req),
cfg=cfg, cart=cart, error=error)
def eshop_cart_pay_and_order(req):
do_check_mgc(req)
check_token(req, req.form.get('token'), uri='/eshop/cart/recapitulation')
cart = ShoppingCart(req)
# TODO: payment page if could be (paypal, card, transfer)
order = Order.from_cart(cart)
if not order:
redirect(req, '/eshop')
order.client_id = req.login.id if req.login else None
retval = order.add(req)
if retval == order:
cart.clean(req)
send_order_status(req, order)
return generate_page(req, "eshop/shopping_accept.html",
order=order)
if retval[0] == EMPTY_ITEMS:
redirect(req, '/eshop')
if retval[0] == NOT_ENOUGH_ITEMS:
cart.set_not_enought(retval[1])
cart.store(req)
redirect(req, '/eshop/cart')
def eshop_cart(req):
do_check_mgc(req)
cart = ShoppingCart(req)
if req.method == 'PATCH':
check_token(req, req.json.get('token'), uri='/eshop/cart')
cart.merge_items(req.json.get('items', []))
req.content_type = 'application/json'
cart.store(req) # store shopping cart
cart.calculate()
return json.dumps({'cart': cart.dict()})
cart.calculate()
if req.is_xhr:
check_origin(req)
req.content_type = 'application/json'
return json.dumps({'cart': cart.dict()})
# GET method only view shopping cart - no store was needed
return generate_page(req, "eshop/shopping_cart.html",
token=create_token(req),
cfg_currency=req.cfg.eshop_currency, cart=cart)
def admin_login_addresses(req, id):
check_login(req)
check_right(req, module_right)
login = Login(id)
if req.method == 'GET':
if not login.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
return generate_page(req, "admin/logins_addresses.html",
item=login,
cfg_region=req.cfg.addresses_region,
cfg_country=req.cfg.addresses_country)
# req.method == 'PUT' # ajax put
addresses = Addresses.bind(req.json)
if not addresses.mod(req, id) is None:
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
login.get(req)
req.content_type = 'application/json'
return json.dumps(login.data.get('addresses', {}))
def user_orders_detail(req, id):
sha = req.args.getfirst('sha', '', str)
if not sha and not req.login:
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
order = Order(id)
if order.get(req) is None:
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
order.sha = sha1(str(order.create_date)).hexdigest()
if (sha and sha != order.sha):
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
# if sha is set, you can see to order
if (not sha and req.login and order.client_id != req.login.id):
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
cfg = Object()
cfg.addresses_country = req.cfg.addresses_country
cfg.addresses_region = req.cfg.addresses_region
cfg.eshop_currency = req.cfg.eshop_currency
order.calculate()
return generate_page(req, "eshop/orders_detail.html",
order=order, sha=sha, cfg=cfg)