def get(self): if not access.can_see_most_pages(users.GetCurrentUser(), users.IsCurrentUserAdmin()): raise Forbidden img = images.Image.get_by_key(self.request.get("key")) data = { "meta": img.get_info(), "key": img.get_key(), "versions": [ ("thumbnail", img.get_url(75, True), img.get_code(75, True)), ("small", img.get_url(200, False), img.get_code(200, False)), ("medium", img.get_url(500, False), img.get_code(500, False)), ("original", img.get_url(), img.get_code()), ] } page_title = "Image:" + img.get_key() data["pages"] = model.WikiContent.find_backlinks_for(page_title) html = view.view_image(data, user=users.GetCurrentUser(), is_admin=users.IsCurrentUserAdmin()) self.reply(html, 'text/html')
def Respond(request, template_name, params=None): """Helper to render a response, passing standard stuff to the response. Args: request: The request object. template_name: The template name; '.html' is appended automatically. params: A dict giving the template parameters; modified in-place. Returns: Whatever render_to_response(template_name, params) returns. Raises: Whatever render_to_response(template_name, params) raises. """ user, _, _ = GetUser(request) if params is None: params = {} if user: params['user'] = user params['sign_out'] = users.CreateLogoutURL('/') params['show_admin_link'] = (users.IsCurrentUserAdmin() and 'Dev' in os.getenv('SERVER_SOFTWARE')) params['show_dashboard_link'] = (users.IsCurrentUserAdmin() and 'Dev' not in os.getenv('SERVER_SOFTWARE')) else: params['sign_in'] = users.CreateLoginURL(request.path) params['help_contact'] = HELP_CONTACT params['help_phone'] = HELP_PHONE params['help_person'] = HELP_PERSON if not template_name.endswith('.html'): template_name += '.html' return shortcuts.render_to_response(template_name, params)
def get(self): if not access.can_see_most_pages(users.GetCurrentUser(), users.IsCurrentUserAdmin()): raise Forbidden lst = images.Image.find_all() html = view.view_image_list(lst, users.GetCurrentUser(), users.IsCurrentUserAdmin()) self.reply(html, "text/html")
def testIsCurrentUserAdmin(self): self.assertFalse(users.is_current_user_admin()) self.assertFalse(users.IsCurrentUserAdmin()) os.environ['USER_IS_ADMIN'] = '0' self.assertFalse(users.is_current_user_admin()) self.assertFalse(users.IsCurrentUserAdmin()) os.environ['USER_IS_ADMIN'] = '1' self.assertTrue(users.is_current_user_admin()) self.assertTrue(users.IsCurrentUserAdmin())
def Respond(request, user, template_name, params=None): """Helper to render a response, passing standard stuff to the response. Args: request: The request object. user: The User object representing the current user; or None if nobody is logged in. template_name: The template name; '.html' is appended automatically. params: A dict giving the template parameters; modified in-place. Returns: Whatever render_to_response(template_name, params) returns. Raises: Whatever render_to_response(template_name, params) raises. """ if user is None: user = users.GetCurrentUser() if params is None: params = {} if user: params['user'] = user params['sign_out'] = users.CreateLogoutURL('/') params['is_admin'] = (users.IsCurrentUserAdmin() and 'Dev' in os.getenv('SERVER_SOFTWARE')) else: params['sign_in'] = users.CreateLoginURL(request.path) params['help_contact'] = HELP_CONTACT if not template_name.endswith('.html'): template_name += '.html' return shortcuts.render_to_response(template_name, params)
def show_home_page(self): self.response.headers = { 'Content-Type': 'text/html; charset=utf-8', 'Strict-Transport-Security': 'max-age=31536000; preload' } if ADMINS_ONLY and not users.IsCurrentUserAdmin(): if users.get_current_user(): self.response.status_int = 403 self.response.write('<h1>Forbidden</h1>') else: self.redirect(str(users.create_login_url( self.request.path_qs))) return url = self.request.path_qs[1:] token = self.get_token_from_cookie() if not token: token = self.get_new_token() else: if len(url) > 11 and re.search(r'^https?:\/\/', url.lower()): self.redirect(str(self.encode_url(url, token)), code=307) return if len(url) < 5: url = random.choice(SAMPLE_HOSTS or ['']) content = home_page.replace('%%host%%', self.root_host) content = content.replace('%%url%%', url) content = content.replace('%%token%%', token) content = content.replace('%%year%%', str(datetime.datetime.now().year)) self.response.write(content)
def post(self): img = images.Image.get_by_key(self.request.get("key")) is_admin = users.IsCurrentUserAdmin() if not is_admin: raise Forbidden img.delete() self.redirect('/w/image/list') taskqueue.add(url="/w/cache/purge", params={})
def get(self): user = users.GetCurrentUser() is_admin = users.IsCurrentUserAdmin() if not access.can_upload_image(user, is_admin): raise Forbidden submit_url = blobstore.create_upload_url(self.request.path) html = view.view_image_upload_page(user, is_admin, submit_url) self.reply(html, "text/html")
def post(self): title = urllib.unquote(str(self.request.get('name'))).decode('utf-8') is_admin = users.IsCurrentUserAdmin() if not is_admin: raise Forbidden page = model.WikiContent.get_by_title(title) page.update(body=None, author=None, delete=self.request.get('delete')) self.redirect( '/' + urllib.quote(page.title.encode('utf-8').replace(' ', '_'))) taskqueue.add(url="/w/cache/purge", params={})
def get(self): img = images.Image.get_by_key(self.request.get("key")) data = { "meta": img.get_info(), "key": img.get_key(), } is_admin = users.IsCurrentUserAdmin() if not is_admin: raise Forbidden self.reply(view.delete_image(data), 'text/html')
def get(self): if not access.can_see_most_pages(users.GetCurrentUser(), users.IsCurrentUserAdmin()): raise Forbidden data = { "pagecount": len(model.WikiContent.get_all()), "imagecount": len(images.Image.find_all()), "usercount": len(model.WikiUser.get_all()), } self.reply(view.show_statistics_page(data), "text/html")
def get(self): if not users.IsCurrentUserAdmin(): self.redirect("/admin/notadmin") template_values = {'templatepath': templatepath, 'dash_active': True} path = os.path.join(os.path.dirname(__file__), '../templates/admin/AdminDashboard.html') self.response.write(template.render(path, template_values))
def get(self): if not users.IsCurrentUserAdmin(): raise Forbidden pages = dict([(p.title, { 'author': p.author and p.author.wiki_user.email(), 'updated': p.updated.strftime('%Y-%m-%d %H:%M:%S'), 'body': p.body, }) for p in model.WikiContent.get_all()]) self.reply(simplejson.dumps(pages), 'application/json', save_as='gae-wiki.json')
def edit_page(self, title, body=None): page = model.WikiContent.get_by_title(title) if body: page.body = body user = users.GetCurrentUser() is_admin = users.IsCurrentUserAdmin() if not access.can_edit_page(title, user, is_admin): raise Forbidden if not body and not page.is_saved(): page.load_template(user, is_admin) self.reply(view.edit_page(page), 'text/html')
def post(self): if not access.can_upload_image(users.GetCurrentUser(), users.IsCurrentUserAdmin()): raise Forbidden # After the file is uploaded, grab the blob key and return the image URL. upload_files = self.get_uploads( 'file') # 'file' is file upload field in the form blob_info = upload_files[0] image_page_url = "/w/image/view?key=" + str(blob_info.key()) return self.redirect(image_page_url)
def get(self): """Ensure that the user is an admin.""" if not users.GetCurrentUser(): loginUrl = users.CreateLoginURL(self.request.uri) self.response.out.write('<a href="%s">Login</a>' % loginUrl) return if not users.IsCurrentUserAdmin(): self.response.out.write('You must be an admin to view this page.') return self._handleRequest()
def post(self): if not users.IsCurrentUserAdmin(): raise Forbidden merge = self.request.get('merge') != '' loaded = simplejson.loads(self.request.get('file')) for title, content in loaded.items(): page = model.WikiContent.get_by_title(title) author = content['author'] and users.User(content['author']) page.update(content['body'], author, False) self.reply("Done.")
def post(self): """Processes requests to move the pointer. Expects arguments 'page_name' and 'll'.""" page = model.WikiContent.get_by_title(self.request.get('page_name')) if page is None: raise NotFound('Page not found.') if access.can_edit_page(page.title, users.GetCurrentUser(), users.IsCurrentUserAdmin()): geo = self.request.get('lat') + ',' + self.request.get('lng') page.set_property('geo', geo) page.put() response = [l.strip() for l in page.get_property('geo').split(',')] self.reply(simplejson.dumps(response), 'application/json')
def show_error_page(self, status_code): defaults = { 400: '<p class="alert alert-info">Bad request.</p>', 403: '<p class="alert alert-warning">Access denied, try logging in.</p>', 500: '<p class="alert alert-danger">Something bad happened.</p>', } page = model.WikiContent.get_error_page(status_code, defaults.get(status_code)) self.reply( view.view_page(page, user=users.GetCurrentUser(), is_admin=users.IsCurrentUserAdmin()), 'text/html')
def HandlePost(self): data = self.request.params.get('data') new_config_dict = json.loads(data) if not _ConfigurationDictIsValid(new_config_dict): return self.CreateError( 'New configuration settings are not properly formatted.', 400) # Sort config dict in place. _SortConfig(new_config_dict) crash_config = CrashConfigModel.Get() crash_config.Update(users.get_current_user(), users.IsCurrentUserAdmin(), **new_config_dict) return self.HandleGet()
def post(self): title = urllib.unquote(str(self.request.get('name'))).decode('utf-8') if self.request.get('Preview'): self.edit_page(title, self.request.get('body')) return user = users.GetCurrentUser() if not access.can_edit_page(title, user, users.IsCurrentUserAdmin()): raise Forbidden page = model.WikiContent.get_by_title(title) page.update(body=self.request.get('body'), author=user, delete=False) self.redirect( '/' + urllib.quote(page.title.encode('utf-8').replace(' ', '_'))) taskqueue.add(url="/w/cache/purge", params={})
def HandlePost(self): new_config_dict = {} for name in self.request.params.keys(): if name != 'format': new_config_dict[name] = json.loads(self.request.params[name]) if not _ConfigurationDictIsValid(new_config_dict): # pragma: no cover return self.CreateError( 'New configuration settings is not properly formatted.', 400) wf_config.FinditConfig.Get().Update(users.get_current_user(), users.IsCurrentUserAdmin(), **new_config_dict) return self.HandleGet()
def get_content(self): page = model.WikiContent.get_by_title(self.title) if self.raw: return model.WikiContent.parse_body(page.body or '') else: if self.revision: revision = model.WikiRevision.get_by_key(self.request.get("r")) if revision is None: raise NotFound("No such revision.") page.body = revision.revision_body page.author = revision.author page.updated = revision.created return view.view_page(page, user=users.GetCurrentUser(), is_admin=users.IsCurrentUserAdmin(), revision=self.revision)
def show_page(self, title): if title.startswith('w/'): raise Exception('No such page.') if not access.can_read_page(title, users.GetCurrentUser(), users.IsCurrentUserAdmin()): raise Forbidden self.title = title.replace('_', ' ') self.raw = self.request.get("format") == "raw" self.revision = self.request.get("r") if self.raw: body = self.get_memcache() content_type = str(body.get("content-type", "text/plain")) self.reply(body["text"], content_type=content_type) else: self.reply(self.get_memcache(), 'text/html')
def _get_path_list(self, user): # Parse the path into distinct entities path_list = self.request.path.strip('/').split('/') if len(path_list) < 2: # Invalid query self.error(http.HTTP_ERROR) self.response.out.write('Invalid request') else: # user email passed - make sure this is that user email = urllib.unquote(path_list[1]) if (users.IsCurrentUserAdmin() or user.email() == email): return path_list else: self.error(http.HTTP_UNAUTHORIZED) self.response.out.write('Permissions error for ' + email) return None
def get(self): if not users.IsCurrentUserAdmin(): self.redirect("/admin/notadmin") # get all users all_streams = Stream.query().fetch() template_values = { 'streams': all_streams, 'templatepath': templatepath, 'liststreams_active': True } path = os.path.join(os.path.dirname(__file__), '../templates/admin/AdminListStreams.html') self.response.write(template.render(path, template_values))
def get(self): user = users.get_current_user() if user: nickname = user.nickname() login_url = users.create_logout_url('/') login_text = 'Sign out' # Check to see if user is present in StreamUser table, if not add them. stream_user = ndb.Key('StreamUser', user.user_id()).get() email_dup_check = len(StreamUser.query(StreamUser.email == user.email()).fetch()) != 0 if not stream_user: if email_dup_check: self.response.write("Uh oh! Duplicate email!!!") return stream_user = StreamUser(email=user.email(), nickName=nickname, id=str(user.user_id())) stream_user.put() else: self.redirect("/") return template_values = { 'html_template': 'MasterTemplate.html', 'user': user, 'user_id': user.user_id(), 'isAdmin': users.IsCurrentUserAdmin(), 'login_url': login_url, 'login_text': login_text, 'app': app_identity.get_application_id() } # look for any message msg = self.get_request_param(fh.message_parm) if msg not in [None, '']: template_values['msg'] = msg self.response.content_type = 'text/html' path = os.path.join(os.path.dirname(__file__), '../templates/Manage.html') self.response.write(template.render(path, template_values))
def post(self): # root_host should be target_host, the host to be proxied self.root_host = str(self.request.path.strip('/').split('-dot-', 1)[0]) self.target_path = str(self.request.path.split('-dot-', 1)[-1]) if self.root_host: # target host is not empty self.any() return if not ADMINS_ONLY and \ detect_spam(self.request.remote_addr, SPAM_DETECTOR_INTERVAL, SPAM_DETECTOR_COUNT): logging.warning('Spam') return if ADMINS_ONLY and not users.IsCurrentUserAdmin(): return # if user typed invalid address if not 'url' in self.request.POST or \ len(self.request.POST['url']) < 4 or \ not 'token' in self.request.POST or \ not self.is_valid_token(self.request.POST['token']): logging.error('Broken init post:\r\n' + self.request.body[:999]) logging.error('\r\n'.join([ '%s: %s' % (k, v) for (k, v) in self.request.headers.items() ])) self.redirect('https://' + self.request.host) return token = self.request.POST['token'] url = self.request.POST['url'] if not re.search(r'^(http:\/\/|https:\/\/)', url, flags=re.IGNORECASE): url = 'http://' + url # Fix non-latin url: https://ru.wikipedia.org/wiki/Левковские percent_encoded_url = '' for c in url: if ord(c) < 127: percent_encoded_url += c else: percent_encoded_url += urllib.quote(c.encode('utf-8')) self.redirect(str(self.encode_url(percent_encoded_url, token)))
def Get(self, user): """Our handler for HTTP GET requests - the options are: 1) game_ajax/list/<useremail> - fetches a list of games for the passed user in least-recently-modified order (permissions check is done) 2) game_ajax//move/<id>/<index> - fetches a list of entries for the game matching the passed ID. Also takes an optional index URL parameter, in which case we send only entries with an index > t (useful for checking for updates) 3) game_ajax/chat/<id>/<index> - fetches a list of chat entries associated with this game. Takes an optional index param """ # make sure the user is logged in self.response.headers['Content-Type'] = 'text/javascript' # Parse the path into distinct entities path_list = self.request.path.strip('/').split('/') if len(path_list) < 2 or len(path_list) > 4: # Invalid query self.error(http.HTTP_ERROR) self.response.out.write('Invalid request') elif len(path_list) == 2: # user email passed - make sure they have permission to view the list email = urllib.unquote(path_list[1]) if (users.IsCurrentUserAdmin() or user.email() == email): game_list = self._get_game_list(user.email()) # Emit list as array of json entities self.response.out.write('[') for game in game_list: self.emit_game_as_json(game) self.response.out.write(']') else: self.error(http.HTTP_UNAUTHORIZED) self.response.out.write('Permissions error for ' + email) else: # ID passed, look it up game = gamemodel.Game.get(path_list[2]) if game is None: self.error(http.HTTP_GONE) elif not game.user_can_view(user): self.error(http.HTTP_UNAUTHORIZED) else: if (path_list[1] == "chat"): # Get the last 200 chats on this channel chatObj = chat.get_chat(str(game.key()), GAME_CHAT_LIMIT) # Get the chat data - either starting at the start index, or # using what the user passed in index = 0 if len(path_list) > 3: index = int(path_list[3]) if index == 0: index = chatObj.index self.response.out.write( simplejson.dumps(chatObj.to_dict(index))) else: # Get the game data index = 0 if len(path_list) > 3: index = int(path_list[3]) result = game.to_dict(user) result["num_moves"] = len(game.game_data) result["game_data"] = game.game_data[index:] self.response.out.write(simplejson.dumps(result))
def get(self, mod_id): iden = int(mod_id) mod = db.get(db.Key.from_path('Modulo', iden)) listaCampanyas = mod.listaCampanyas admin = users.IsCurrentUserAdmin() self.render_template('campanyasModulo.html', {'listaCampanyas': listaCampanyas,'admin':admin})