def single_entry(request, entry_id):
entry_dict = session.query(Entry).filter(Entry.id == entry_id).one().to_api_dict()
entry_dict["comments"] = [
comment.to_api_dict()
for comment in session.query(Comment).filter(Comment.entry == entry_id).order_by(Comment.created)
]
return render_json(entry_dict)
def password_salt():
try:
salt = session.query(ConfigOption.value).filter(ConfigOption.key=='password_salt').one().value
except NoResultFound:
salt = b64encode(os.urandom(16))
co = ConfigOption('password_salt', salt)
session.add(co)
return salt
def __call__(self, request, *args, **kwargs): try: user = session.query(User).filter(User.id==request.client_session['user_id']).one() if not user.editor: return InsufficientPermissions except (KeyError, NoResultFound): return InsufficientPermissions request.user = user return self.f(request, *args, **kwargs)
def create_user(request):
try:
u = session.query(User).filter(User.username == request.form["username"]).one()
logging.debug("Not creating user %s, username already in use." % request.form["username"])
return DuplicateError
except NoResultFound:
pass
u = User(
request.form["username"],
request.form["fullname"],
hash_password(request.form["password"]),
request.form["editor"] == "true",
request.form["superuser"] == "true",
)
# handle query errors and return a valid response
session.add(u)
session.commit()
u = session.query(User).filter(User.username == request.form["username"]).one()
return render_json(u.to_api_dict())
def user_login(request):
if request.form["username"] == "admin" and request.form["password"] == ADMIN_PASSWORD:
request.client_session["user_id"] = -1
return user_profile(request, -1)
user = (
session.query(User)
.filter(User.username == request.form["username"])
.filter(User.password == hash_password(request.form["password"]))
.one()
)
request.client_session["user_id"] = user.id
return render_json(user.to_api_dict())
def __call__(self, request, *args, **kwargs): is_admin = False try: is_admin = int(request.client_session['user_id']) == -1 except KeyError: pass if is_admin: return self.f(request, *args, **kwargs) try: user = session.query(User).filter(User.id==request.client_session['user_id']).one() except (KeyError, NoResultFound): return InsufficientPermissions request.user = user return self.f(request, *args, **kwargs)
def __call__(self, request, *args, **kwargs):
# handle admin
is_admin = False
try:
is_admin = int(request.client_session['user_id']) == -1
except KeyError:
pass
if is_admin:
return self.f(request, *args, **kwargs)
# check db
try:
user = session.query(User).filter(User.id==request.client_session['user_id']).one()
if not user.superuser:
return InsufficientPermissions
except KeyError:
return InsufficientPermissions
except NoResultFound:
logging.debug('Invalid user ID (%d) supplied in valid cookie' % request.client_session['user_id'])
return self.f(request, *args, **kwargs)
def user_profile(request, user_id):
if user_id == -1:
user = User("admin", "Administrator User", "", False, True, True)
user.id = -1
return render_json(user.to_api_dict())
return render_json(session.query(User).filter(User.id == user_id).one().to_api_dict())
def delete_entry(request, entry_id):
session.query(Entry).filter(Entry.id == entry_id).delete()
session.commit()
def latest_entries(request, count, offset):
return render_json(
[entry.to_api_dict() for entry in session.query(Entry).order_by(Entry.created).offset(offset).limit(count)]
)
def users_list(request, count, offset):
user_q = session.query(User).order_by(User.username).offset(offset).limit(count)
users_list = [u.to_api_dict() for u in user_q]
print users_list
return render_json(users_list)
def delete_user(request, user_id):
session.query(User).filter(User.id == user_id).delete()
session.commit()
return render_json({"id": user_id})
