def subscribe(self, req, form): """ Subscribe current user to receive email notification when new comments are added to current discussion. """ argd = wash_urlargd(form, {'referer': (str, None)}) uid = getUid(req) user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_comments(user_info, self.recid) if isGuestUser(uid): cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, { 'collection': guess_primary_collection_of_a_record( self.recid) }) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_SECURE_URL + user_info['uri']}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text = auth_msg) success = subscribe_user_to_discussion(self.recid, uid) display_url = "%s/%s/%s/comments/display?subscribed=%s&ln=%s" % \ (CFG_SITE_SECURE_URL, CFG_SITE_RECORD, self.recid, str(success), argd['ln']) redirect_to_url(req, display_url)
def check_authorization_moderatelinkbacks(self, req, argd): """ Check if user has authorization moderate linkbacks @return if yes: nothing, if guest: login redirect, otherwise page_not_authorized """ # Check authorization uid = getUid(req) user_info = collect_user_info(req) (auth_code, auth_msg) = acc_authorize_action( req, 'moderatelinkbacks', collection=guess_primary_collection_of_a_record(self.recid)) if auth_code and user_info['email'] == 'guest': # Ask to login target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'ln': argd['ln'], 'referer': CFG_SITE_URL + user_info['uri']}, {}) return redirect_to_url(req, target) elif auth_code: return page_not_authorized(req, referer="../", uid=uid, text=auth_msg, ln=argd['ln'])
def unsubscribe(self, req, form): """ Unsubscribe current user from current discussion. """ argd = wash_urlargd(form, {"referer": (str, None)}) user_info = collect_user_info(req) uid = getUid(req) if isGuestUser(uid): cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, {"collection": guess_primary_collection_of_a_record(self.recid)} ) target = ( CFG_SITE_SECURE_URL + "/youraccount/login" + make_canonical_urlargd( {"action": cookie, "ln": argd["ln"], "referer": CFG_SITE_SECURE_URL + user_info["uri"]}, {} ) ) return redirect_to_url(req, target, norobot=True) success = unsubscribe_user_from_discussion(self.recid, uid) display_url = "%s/%s/%s/comments/display?subscribed=%s&ln=%s" % ( CFG_SITE_SECURE_URL, CFG_SITE_RECORD, self.recid, str(-success), argd["ln"], ) redirect_to_url(req, display_url)
def subscribe(self, req, form): """ Subscribe current user to receive email notification when new comments are added to current discussion. """ argd = wash_urlargd(form, {"referer": (str, None)}) uid = getUid(req) user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_comments(user_info, self.recid) if isGuestUser(uid): cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, {"collection": guess_primary_collection_of_a_record(self.recid)} ) target = ( CFG_SITE_SECURE_URL + "/youraccount/login" + make_canonical_urlargd( {"action": cookie, "ln": argd["ln"], "referer": CFG_SITE_SECURE_URL + user_info["uri"]}, {} ) ) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", text=auth_msg) success = subscribe_user_to_discussion(self.recid, uid) display_url = "%s/%s/%s/comments/display?subscribed=%s&ln=%s" % ( CFG_SITE_SECURE_URL, CFG_SITE_RECORD, self.recid, str(success), argd["ln"], ) redirect_to_url(req, display_url)
def __call__(self, req, form): argd = wash_search_urlargd(form) argd['recid'] = self.recid if self.format is not None: argd['of'] = self.format req.argd = argd uid = getUid(req) user_info = collect_user_info(req) if uid == -1: return page_not_authorized(req, "../", text="You are not authorized to view this record.", navmenuid='search') elif uid > 0: pref = get_user_preferences(uid) try: if 'rg' not in form: # fetch user rg preference only if not overridden via URL argd['rg'] = int(pref['websearch_group_records']) except (KeyError, ValueError): pass if argd['rg'] > CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS and acc_authorize_action(req, 'runbibedit')[0] != 0: argd['rg'] = CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS #check if the user has rights to set a high wildcard limit #if not, reduce the limit set by user, with the default one if CFG_WEBSEARCH_WILDCARD_LIMIT > 0 and (argd['wl'] > CFG_WEBSEARCH_WILDCARD_LIMIT or argd['wl'] == 0): if acc_authorize_action(req, 'runbibedit')[0] != 0: argd['wl'] = CFG_WEBSEARCH_WILDCARD_LIMIT # only superadmins can use verbose parameter for obtaining debug information if not isUserSuperAdmin(user_info): argd['verbose'] = 0 record_primary_collection = guess_primary_collection_of_a_record(self.recid) if collection_restricted_p(record_primary_collection): (auth_code, dummy) = acc_authorize_action(user_info, VIEWRESTRCOLL, collection=record_primary_collection) if auth_code: return page_not_authorized(req, "../", text="You are not authorized to view this record.", navmenuid='search') # Keep all the arguments, they might be reused in the # record page itself to derivate other queries req.argd = argd # mod_python does not like to return [] in case when of=id: out = perform_request_search(req, **argd) if isinstance(out, intbitset): return out.fastdump() elif out == []: return str(out) else: return out
def can_record_have_physical_copies(recid): """Determine if the record can have physical copies (addable through the bibCirculation module). The information is derieved using the tabs displayed for a given record. Only records already saved within the collection may have the physical copies @return: True or False """ if get_record(recid) is None: return False col_id = Collection.query.filter_by(name=guess_primary_collection_of_a_record(recid)).value("id") return False
def can_record_have_physical_copies(recid): """Determine if the record can have physical copies (addable through the bibCirculation module). The information is derieved using the tabs displayed for a given record. Only records already saved within the collection may have the physical copies @return: True or False """ if get_record(recid) is None: return False col_id = Collection.query.filter_by( name=guess_primary_collection_of_a_record(recid)).value('id') return False
def check_user_can_view_linkbacks(user_info, recid): """ Check if the user is authorized to view linkbacks for a given recid. Returns the same type as acc_authorize_action """ # check user cannot view the record itself (auth_code, auth_msg) = check_user_can_view_record(user_info, recid) if auth_code: return (auth_code, auth_msg) # check if user can view the linkbacks record_primary_collection = guess_primary_collection_of_a_record(recid) return acc_authorize_action(user_info, 'viewlinkbacks', authorized_if_no_roles=True, collection=record_primary_collection)
def can_record_have_physical_copies(recid): """Determine if the record can have physical copies (addable through the bibCirculation module). The information is derieved using the tabs displayed for a given record. Only records already saved within the collection may have the physical copies @return: True or False """ if get_record(recid) is None: return False col_id = get_colID(guess_primary_collection_of_a_record(recid)) collections = get_detailed_page_tabs(col_id, recid) if ("holdings" not in collections or "visible" not in collections["holdings"]): return False return collections["holdings"]["visible"] is True
def unsubscribe(self, req, form): """ Unsubscribe current user from current discussion. """ argd = wash_urlargd(form, {'referer': (str, None)}) user_info = collect_user_info(req) uid = getUid(req) if isGuestUser(uid): cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, { 'collection': guess_primary_collection_of_a_record( self.recid) }) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_SECURE_URL + user_info['uri']}, {}) return redirect_to_url(req, target, norobot=True) success = unsubscribe_user_from_discussion(self.recid, uid) display_url = "%s/%s/%s/comments/display?subscribed=%s&ln=%s" % \ (CFG_SITE_SECURE_URL, CFG_SITE_RECORD, self.recid, str(-success), argd['ln']) redirect_to_url(req, display_url)
def check_authorization_moderatelinkbacks(self, req, argd): """ Check if user has authorization moderate linkbacks @return if yes: nothing, if guest: login redirect, otherwise page_not_authorized """ # Check authorization uid = getUid(req) user_info = collect_user_info(req) (auth_code, auth_msg) = acc_authorize_action(req, 'moderatelinkbacks', collection = guess_primary_collection_of_a_record(self.recid)) if auth_code and user_info['email'] == 'guest': # Ask to login target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'ln': argd['ln'], 'referer': CFG_SITE_URL + user_info['uri']}, {}) return redirect_to_url(req, target) elif auth_code: return page_not_authorized(req, referer="../", uid=uid, text=auth_msg, ln=argd['ln'])
def display(self, req, form): """ Display the linkbacks of a record and admin approve/reject features """ argd = wash_urlargd(form, {}) _ = gettext_set_language(argd['ln']) # Check authorization uid = getUid(req) user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_linkbacks(user_info, self.recid) if auth_code and user_info['email'] == 'guest': # Ask to login target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'ln': argd['ln'], 'referer': CFG_SITE_URL + user_info['uri']}, {}) return redirect_to_url(req, target) elif auth_code: return page_not_authorized(req, referer="../", uid=uid, text=auth_msg, ln=argd['ln']) show_admin = False (auth_code, auth_msg) = acc_authorize_action( req, 'moderatelinkbacks', collection=guess_primary_collection_of_a_record(self.recid)) if not auth_code: show_admin = True body = perform_request_display_record_linbacks( req, self.recid, show_admin, weblinkback_templates=weblinkback_templates, ln=argd['ln']) title = websearch_templates.tmpl_record_page_header_content( req, self.recid, argd['ln'])[0] # navigation, tabs, top and bottom part navtrail = create_navtrail_links( cc=guess_primary_collection_of_a_record(self.recid), ln=argd['ln']) if navtrail: navtrail += ' > ' navtrail += '<a class="navtrail" href="%s/%s/%s?ln=%s">' % ( CFG_SITE_URL, CFG_SITE_RECORD, self.recid, argd['ln']) navtrail += title navtrail += '</a>' navtrail += ' > <a class="navtrail">Linkbacks</a>' mathjaxheader, jqueryheader = weblinkback_templates.tmpl_get_mathjaxheader_jqueryheader( ) col_id = Collection.query.filter_by( name=guess_primary_collection_of_a_record(self.recid)).value('id') unordered_tabs = get_detailed_page_tabs(col_id, self.recid, ln=argd['ln']) ordered_tabs_id = [(tab_id, values['order']) for (tab_id, values) in iteritems(unordered_tabs)] ordered_tabs_id.sort(lambda x, y: cmp(x[1], y[1])) link_ln = '' if argd['ln'] != CFG_SITE_LANG: link_ln = '?ln=%s' % argd['ln'] tabs = [(unordered_tabs[tab_id]['label'], \ '%s/%s/%s/%s%s' % (CFG_SITE_URL, CFG_SITE_RECORD, self.recid, tab_id, link_ln), \ tab_id in ['linkbacks'], unordered_tabs[tab_id]['enabled']) \ for (tab_id, values) in ordered_tabs_id if unordered_tabs[tab_id]['visible'] == True] top = webstyle_templates.detailed_record_container_top( self.recid, tabs, argd['ln']) bottom = webstyle_templates.detailed_record_container_bottom( self.recid, tabs, argd['ln']) return pageheaderonly(title=title, navtrail=navtrail, uid=uid, verbose=1, metaheaderadd = mathjaxheader + jqueryheader, req=req, language=argd['ln'], navmenuid='search', navtrail_append_title_p=0) + \ websearch_templates.tmpl_search_pagestart(argd['ln']) + \ top + body + bottom + \ websearch_templates.tmpl_search_pageend(argd['ln']) + \ pagefooteronly(language=argd['ln'], req=req)
def report(self, req, form): """ Report a comment/review for inappropriate content @param comid: comment/review id @param recid: the id of the record the comment/review is associated with @param ln: language @param do: display order hh = highest helpful score, review only lh = lowest helpful score, review only hs = highest star score, review only ls = lowest star score, review only od = oldest date nd = newest date @param ds: display since all= no filtering by date nd = n days ago nw = n weeks ago nm = n months ago ny = n years ago where n is a single digit integer between 0 and 9 @param nb: number of results per page @param p: results page @param referer: http address of the calling function to redirect to (refresh) @param reviews: boolean, enabled for reviews, disabled for comments """ argd = wash_urlargd( form, { "comid": (int, -1), "recid": (int, -1), "do": (str, "od"), "ds": (str, "all"), "nb": (int, 100), "p": (int, 1), "referer": (str, None), }, ) _ = gettext_set_language(argd["ln"]) client_ip_address = req.remote_ip uid = getUid(req) user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_comments(user_info, self.recid) if isGuestUser(uid): cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, {"collection": guess_primary_collection_of_a_record(self.recid)} ) target = ( CFG_SITE_SECURE_URL + "/youraccount/login" + make_canonical_urlargd( {"action": cookie, "ln": argd["ln"], "referer": CFG_SITE_SECURE_URL + user_info["uri"]}, {} ) ) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", text=auth_msg) # Check that comment belongs to this recid if not check_comment_belongs_to_record(argd["comid"], self.recid): return page_not_authorized(req, "../", text=_("Specified comment does not belong to this record")) # Check that user can access the record (auth_code, auth_msg) = check_user_can_view_comment(user_info, argd["comid"]) if auth_code: return page_not_authorized(req, "../", text=_("You do not have access to the specified comment")) # Check that comment is not currently deleted if is_comment_deleted(argd["comid"]): return page_not_authorized(req, "../", text=_("You cannot report a deleted comment"), ln=argd["ln"]) success = perform_request_report(argd["comid"], client_ip_address, uid) if argd["referer"]: argd["referer"] += "?ln=%s&do=%s&ds=%s&nb=%s&p=%s&reported=%s&" % ( argd["ln"], argd["do"], argd["ds"], argd["nb"], argd["p"], str(success), ) redirect_to_url(req, argd["referer"]) else: # Note: sent to comments display referer = "%s/%s/%s/%s/display?ln=%s&voted=1" referer %= ( CFG_SITE_SECURE_URL, CFG_SITE_RECORD, self.recid, self.discussion == 1 and "reviews" or "comments", argd["ln"], ) redirect_to_url(req, referer)
def display(self, req, form): """ Display comments (reviews if enabled) associated with record having id recid where recid>0. This function can also be used to display remarks associated with basket having id recid where recid<-99. @param ln: language @param recid: record id, integer @param do: display order hh = highest helpful score, review only lh = lowest helpful score, review only hs = highest star score, review only ls = lowest star score, review only od = oldest date nd = newest date @param ds: display since all= no filtering by date nd = n days ago nw = n weeks ago nm = n months ago ny = n years ago where n is a single digit integer between 0 and 9 @param nb: number of results per page @param p: results page @param voted: boolean, active if user voted for a review, see vote function @param reported: int, active if user reported a certain comment/review, see report function @param reviews: boolean, enabled for reviews, disabled for comments @param subscribed: int, 1 if user just subscribed to discussion, -1 if unsubscribed @return the full html page. """ argd = wash_urlargd( form, { "do": (str, "od"), "ds": (str, "all"), "nb": (int, 100), "p": (int, 1), "voted": (int, -1), "reported": (int, -1), "subscribed": (int, 0), "cmtgrp": (list, ["latest"]), # 'latest' is now a reserved group/round name }, ) _ = gettext_set_language(argd["ln"]) uid = getUid(req) user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_comments(user_info, self.recid) if auth_code and user_info["email"] == "guest": cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, {"collection": guess_primary_collection_of_a_record(self.recid)} ) target = ( CFG_SITE_SECURE_URL + "/youraccount/login" + make_canonical_urlargd( {"action": cookie, "ln": argd["ln"], "referer": CFG_SITE_SECURE_URL + user_info["uri"]}, {} ) ) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", text=auth_msg) can_send_comments = False (auth_code, auth_msg) = check_user_can_send_comments(user_info, self.recid) if not auth_code: can_send_comments = True can_attach_files = False (auth_code, auth_msg) = check_user_can_attach_file_to_comments(user_info, self.recid) if not auth_code and (user_info["email"] != "guest"): can_attach_files = True subscription = get_user_subscription_to_discussion(self.recid, uid) if subscription == 1: user_is_subscribed_to_discussion = True user_can_unsubscribe_from_discussion = True elif subscription == 2: user_is_subscribed_to_discussion = True user_can_unsubscribe_from_discussion = False else: user_is_subscribed_to_discussion = False user_can_unsubscribe_from_discussion = False col_id = Collection.query.filter_by(name=guess_primary_collection_of_a_record(self.recid)).value("id") unordered_tabs = get_detailed_page_tabs(col_id, self.recid, ln=argd["ln"]) ordered_tabs_id = [(tab_id, values["order"]) for (tab_id, values) in iteritems(unordered_tabs)] ordered_tabs_id.sort(lambda x, y: cmp(x[1], y[1])) link_ln = "" if argd["ln"] != CFG_SITE_LANG: link_ln = "?ln=%s" % argd["ln"] tabs = [ ( unordered_tabs[tab_id]["label"], "%s/record/%s/%s%s" % (CFG_SITE_URL, self.recid, tab_id, link_ln), tab_id in ["comments", "reviews"], unordered_tabs[tab_id]["enabled"], ) for (tab_id, order) in ordered_tabs_id if unordered_tabs[tab_id]["visible"] == True ] tabs_counts = get_detailed_page_tabs_counts(self.recid) citedbynum = tabs_counts["Citations"] references = tabs_counts["References"] discussions = tabs_counts["Discussions"] top = webstyle_templates.detailed_record_container_top( self.recid, tabs, argd["ln"], citationnum=citedbynum, referencenum=references, discussionnum=discussions ) bottom = webstyle_templates.detailed_record_container_bottom(self.recid, tabs, argd["ln"]) # display_comment_rounds = [cmtgrp for cmtgrp in argd['cmtgrp'] if cmtgrp.isdigit() or cmtgrp == "all" or cmtgrp == "-1"] display_comment_rounds = argd["cmtgrp"] check_warnings = [] (ok, problem) = check_recID_is_in_range(self.recid, check_warnings, argd["ln"]) if ok: body = perform_request_display_comments_or_remarks( req=req, recID=self.recid, display_order=argd["do"], display_since=argd["ds"], nb_per_page=argd["nb"], page=argd["p"], ln=argd["ln"], voted=argd["voted"], reported=argd["reported"], subscribed=argd["subscribed"], reviews=self.discussion, uid=uid, can_send_comments=can_send_comments, can_attach_files=can_attach_files, user_is_subscribed_to_discussion=user_is_subscribed_to_discussion, user_can_unsubscribe_from_discussion=user_can_unsubscribe_from_discussion, display_comment_rounds=display_comment_rounds, ) title, description, keywords = websearch_templates.tmpl_record_page_header_content( req, self.recid, argd["ln"] ) navtrail = create_navtrail_links(cc=guess_primary_collection_of_a_record(self.recid), ln=argd["ln"]) if navtrail: navtrail += " > " navtrail += '<a class="navtrail" href="%s/%s/%s?ln=%s">' % ( CFG_SITE_URL, CFG_SITE_RECORD, self.recid, argd["ln"], ) navtrail += cgi.escape(title) navtrail += "</a>" navtrail += ' > <a class="navtrail">%s</a>' % (self.discussion == 1 and _("Reviews") or _("Comments")) mathjaxheader = "" if CFG_WEBCOMMENT_USE_MATHJAX_IN_COMMENTS: mathjaxheader = get_mathjax_header(req.is_https()) jqueryheader = """ <script src="%(CFG_SITE_URL)s/vendors/jquery-multifile/jquery.MultiFile.pack.js" type="text/javascript"></script> """ % { "CFG_SITE_URL": CFG_SITE_URL } return ( pageheaderonly( title=title, navtrail=navtrail, uid=uid, verbose=1, metaheaderadd=mathjaxheader + jqueryheader, req=req, language=argd["ln"], navmenuid="search", navtrail_append_title_p=0, ) + websearch_templates.tmpl_search_pagestart(argd["ln"]) + top + body + bottom + websearch_templates.tmpl_search_pageend(argd["ln"]) + pagefooteronly(lastupdated=__lastupdated__, language=argd["ln"], req=req) ) else: return page( title=_("Record Not Found"), body=problem, uid=uid, verbose=1, req=req, language=argd["ln"], navmenuid="search", )
def report(self, req, form): """ Report a comment/review for inappropriate content @param comid: comment/review id @param recid: the id of the record the comment/review is associated with @param ln: language @param do: display order hh = highest helpful score, review only lh = lowest helpful score, review only hs = highest star score, review only ls = lowest star score, review only od = oldest date nd = newest date @param ds: display since all= no filtering by date nd = n days ago nw = n weeks ago nm = n months ago ny = n years ago where n is a single digit integer between 0 and 9 @param nb: number of results per page @param p: results page @param referer: http address of the calling function to redirect to (refresh) @param reviews: boolean, enabled for reviews, disabled for comments """ argd = wash_urlargd( form, { 'comid': (int, -1), 'recid': (int, -1), 'do': (str, "od"), 'ds': (str, "all"), 'nb': (int, 100), 'p': (int, 1), 'referer': (str, None) }) _ = gettext_set_language(argd['ln']) client_ip_address = req.remote_ip uid = getUid(req) user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_comments(user_info, self.recid) if isGuestUser(uid): cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, { 'collection': guess_primary_collection_of_a_record( self.recid) }) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_SECURE_URL + user_info['uri']}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text = auth_msg) # Check that comment belongs to this recid if not check_comment_belongs_to_record(argd['comid'], self.recid): return page_not_authorized(req, "../", \ text = _("Specified comment does not belong to this record")) # Check that user can access the record (auth_code, auth_msg) = check_user_can_view_comment(user_info, argd['comid']) if auth_code: return page_not_authorized(req, "../", \ text = _("You do not have access to the specified comment")) # Check that comment is not currently deleted if is_comment_deleted(argd['comid']): return page_not_authorized(req, "../", \ text = _("You cannot report a deleted comment"), ln=argd['ln']) success = perform_request_report(argd['comid'], client_ip_address, uid) if argd['referer']: argd['referer'] += "?ln=%s&do=%s&ds=%s&nb=%s&p=%s&reported=%s&" % ( argd['ln'], argd['do'], argd['ds'], argd['nb'], argd['p'], str(success)) redirect_to_url(req, argd['referer']) else: #Note: sent to comments display referer = "%s/%s/%s/%s/display?ln=%s&voted=1" referer %= (CFG_SITE_SECURE_URL, CFG_SITE_RECORD, self.recid, self.discussion == 1 and 'reviews' or 'comments', argd['ln']) redirect_to_url(req, referer)
def display(self, req, form): """ Display comments (reviews if enabled) associated with record having id recid where recid>0. This function can also be used to display remarks associated with basket having id recid where recid<-99. @param ln: language @param recid: record id, integer @param do: display order hh = highest helpful score, review only lh = lowest helpful score, review only hs = highest star score, review only ls = lowest star score, review only od = oldest date nd = newest date @param ds: display since all= no filtering by date nd = n days ago nw = n weeks ago nm = n months ago ny = n years ago where n is a single digit integer between 0 and 9 @param nb: number of results per page @param p: results page @param voted: boolean, active if user voted for a review, see vote function @param reported: int, active if user reported a certain comment/review, see report function @param reviews: boolean, enabled for reviews, disabled for comments @param subscribed: int, 1 if user just subscribed to discussion, -1 if unsubscribed @return the full html page. """ argd = wash_urlargd( form, { 'do': (str, "od"), 'ds': (str, "all"), 'nb': (int, 100), 'p': (int, 1), 'voted': (int, -1), 'reported': (int, -1), 'subscribed': (int, 0), 'cmtgrp': (list, ["latest"] ) # 'latest' is now a reserved group/round name }) _ = gettext_set_language(argd['ln']) uid = getUid(req) user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_comments(user_info, self.recid) if auth_code and user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, { 'collection': guess_primary_collection_of_a_record( self.recid) }) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_SECURE_URL + user_info['uri']}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text = auth_msg) can_send_comments = False (auth_code, auth_msg) = check_user_can_send_comments(user_info, self.recid) if not auth_code: can_send_comments = True can_attach_files = False (auth_code, auth_msg) = check_user_can_attach_file_to_comments( user_info, self.recid) if not auth_code and (user_info['email'] != 'guest'): can_attach_files = True subscription = get_user_subscription_to_discussion(self.recid, uid) if subscription == 1: user_is_subscribed_to_discussion = True user_can_unsubscribe_from_discussion = True elif subscription == 2: user_is_subscribed_to_discussion = True user_can_unsubscribe_from_discussion = False else: user_is_subscribed_to_discussion = False user_can_unsubscribe_from_discussion = False unordered_tabs = get_detailed_page_tabs(get_colID( guess_primary_collection_of_a_record(self.recid)), self.recid, ln=argd['ln']) ordered_tabs_id = [(tab_id, values['order']) for (tab_id, values) in iteritems(unordered_tabs)] ordered_tabs_id.sort(lambda x, y: cmp(x[1], y[1])) link_ln = '' if argd['ln'] != CFG_SITE_LANG: link_ln = '?ln=%s' % argd['ln'] tabs = [(unordered_tabs[tab_id]['label'], \ '%s/record/%s/%s%s' % (CFG_SITE_URL, self.recid, tab_id, link_ln), \ tab_id in ['comments', 'reviews'], unordered_tabs[tab_id]['enabled']) \ for (tab_id, order) in ordered_tabs_id if unordered_tabs[tab_id]['visible'] == True] tabs_counts = get_detailed_page_tabs_counts(self.recid) citedbynum = tabs_counts['Citations'] references = tabs_counts['References'] discussions = tabs_counts['Discussions'] top = webstyle_templates.detailed_record_container_top( self.recid, tabs, argd['ln'], citationnum=citedbynum, referencenum=references, discussionnum=discussions) bottom = webstyle_templates.detailed_record_container_bottom( self.recid, tabs, argd['ln']) #display_comment_rounds = [cmtgrp for cmtgrp in argd['cmtgrp'] if cmtgrp.isdigit() or cmtgrp == "all" or cmtgrp == "-1"] display_comment_rounds = argd['cmtgrp'] check_warnings = [] (ok, problem) = check_recID_is_in_range(self.recid, check_warnings, argd['ln']) if ok: body = perform_request_display_comments_or_remarks( req=req, recID=self.recid, display_order=argd['do'], display_since=argd['ds'], nb_per_page=argd['nb'], page=argd['p'], ln=argd['ln'], voted=argd['voted'], reported=argd['reported'], subscribed=argd['subscribed'], reviews=self.discussion, uid=uid, can_send_comments=can_send_comments, can_attach_files=can_attach_files, user_is_subscribed_to_discussion= user_is_subscribed_to_discussion, user_can_unsubscribe_from_discussion= user_can_unsubscribe_from_discussion, display_comment_rounds=display_comment_rounds) title, description, keywords = websearch_templates.tmpl_record_page_header_content( req, self.recid, argd['ln']) navtrail = create_navtrail_links( cc=guess_primary_collection_of_a_record(self.recid), ln=argd['ln']) if navtrail: navtrail += ' > ' navtrail += '<a class="navtrail" href="%s/%s/%s?ln=%s">' % ( CFG_SITE_URL, CFG_SITE_RECORD, self.recid, argd['ln']) navtrail += cgi.escape(title) navtrail += '</a>' navtrail += ' > <a class="navtrail">%s</a>' % ( self.discussion == 1 and _("Reviews") or _("Comments")) mathjaxheader = '' if CFG_WEBCOMMENT_USE_MATHJAX_IN_COMMENTS: mathjaxheader = get_mathjax_header(req.is_https()) jqueryheader = ''' <script src="%(CFG_SITE_URL)s/vendors/jquery-multifile/jquery.MultiFile.pack.js" type="text/javascript"></script> ''' % { 'CFG_SITE_URL': CFG_SITE_URL } return pageheaderonly(title=title, navtrail=navtrail, uid=uid, verbose=1, metaheaderadd = mathjaxheader + jqueryheader, req=req, language=argd['ln'], navmenuid='search', navtrail_append_title_p=0) + \ websearch_templates.tmpl_search_pagestart(argd['ln']) + \ top + body + bottom + \ websearch_templates.tmpl_search_pageend(argd['ln']) + \ pagefooteronly(lastupdated=__lastupdated__, language=argd['ln'], req=req) else: return page(title=_("Record Not Found"), body=problem, uid=uid, verbose=1, req=req, language=argd['ln'], navmenuid='search')
def tmpl_alert_email_body(self, name, description, url, records, pattern, collection_list, frequency, add_to_basket_p): recids_by_collection = {} for recid in records[0]: primary_collection = guess_primary_collection_of_a_record(recid) if primary_collection in collection_list or \ primary_collection == CFG_SITE_NAME: # common case, when the primary coll can not be guessed if primary_collection not in recids_by_collection: recids_by_collection[primary_collection] = [] recids_by_collection[primary_collection].append(recid) else: ancestors = get_coll_ancestors(primary_collection) ancestors.reverse() nancestors = 0 for ancestor in ancestors: nancestors += 1 if ancestor in collection_list: if ancestor not in recids_by_collection: recids_by_collection[ancestor] = [] recids_by_collection[ancestor].append(recid) break elif len(ancestors) == nancestors: if 'None of the above' not in recids_by_collection: recids_by_collection['None of the above'] = [] recids_by_collection['None of the above'].append(recid) collection_list = [ coll for coll in recids_by_collection.keys() if coll != 'None of the above' ] for external_collection_results in records[1][0]: if external_collection_results[1][0]: collection_list.append(external_collection_results[0]) l = len(collection_list) if l == 0: collections = '' elif l == 1: collections = "collection: %s\n" % collection_list[0] else: collections = "collections: %s\n" % wrap( ', '.join(collection_list)) l = len(records[0]) for external_collection_results in records[1][0]: l += len(external_collection_results[1][0]) if l == 1: total = '1 record' else: total = '%d records' % l if pattern: pattern = 'pattern: %s\n' % pattern frequency = { 'day': 'daily', 'week': 'weekly', 'month': 'monthly' }[frequency] body = """\ Hello: Below are the results of the email notification alert that was set up with the %(sitename)s. %(description)s This is an automatic message, please don't reply to it. For any question, please use <%(sitesupportemail)s> instead. alert name: %(name)s %(pattern)s%(collections)sfrequency: %(frequency)s run time: %(runtime)s found: %(total)s url: <%(url)s> """ % { 'sitesupportemail': CFG_SITE_SUPPORT_EMAIL, 'name': name, 'sitename': CFG_SITE_NAME, 'description': description and '\n' + description + '\n' or '', 'pattern': pattern, 'collections': collections, 'frequency': frequency, 'runtime': time.strftime("%a %Y-%m-%d %H:%M:%S"), 'total': total, 'url': url } index = 0 for collection_recids in recids_by_collection.items(): if collection_recids[0] != 'None of the above': body += "\nCollection: %s\n" % collection_recids[0] for recid in collection_recids[1]: index += 1 body += "\n%i) " % (index) body += self.tmpl_alert_email_record(recid=recid) body += "\n" if index == CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL: break if index == CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL: break if index < CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL: if 'None of the above' in recids_by_collection: if len(recids_by_collection.keys()) > 1: body += "\nNone of the above collections:\n" else: # if the uncategorized collection is the only collection then present # all the records as belonging to CFG_SITE_NAME body += "\nCollection: %s\n" % CFG_SITE_NAME for recid in recids_by_collection['None of the above']: index += 1 body += "\n%i) " % (index) body += self.tmpl_alert_email_record(recid=recid) body += "\n" if index == CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL: break if index < CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL: for external_collection_results in records[1][0]: body += "\nCollection: %s\n" % external_collection_results[0] for recid in external_collection_results[1][0]: index += 1 body += "\n%i) " % (index) # TODO: extend function to accept xml_record! body += self.tmpl_alert_email_record( xml_record=external_collection_results[1][1][recid]) body += "\n" if index == CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL: break if index == CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL: break if l > CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL: body += ''' Only the first %s records were displayed. Please consult the search URL given at the top of this email to see all the results. ''' % (CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL, ) if add_to_basket_p: body += ''' Only the first %s records were added to your basket. To manually add more records please consult the search URL as described before. ''' % (CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL, ) body += ''' -- %s Alert Service <%s> Unsubscribe? See <%s> Need human intervention? Contact <%s> ''' % (CFG_SITE_NAME, CFG_SITE_URL, CFG_SITE_URL + '/youralerts/list', CFG_SITE_SUPPORT_EMAIL) return body
def getfile(req, form): args = wash_urlargd(form, bibdocfile_templates.files_default_urlargd) ln = args['ln'] _ = gettext_set_language(ln) uid = getUid(req) user_info = collect_user_info(req) verbose = args['verbose'] if verbose >= 1 and not isUserSuperAdmin(user_info): # Only SuperUser can see all the details! verbose = 0 if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE > 1: return page_not_authorized(req, "/%s/%s" % (CFG_SITE_RECORD, self.recid), navmenuid='submit') if record_exists(self.recid) < 1: msg = "<p>%s</p>" % _("Requested record does not seem to exist.") return warning_page(msg, req, ln) if record_empty(get_record(self.recid).legacy_create_recstruct()): msg = "<p>%s</p>" % _("Requested record does not seem to have been integrated.") return warning_page(msg, req, ln) (auth_code, auth_message) = check_user_can_view_record(user_info, self.recid) if auth_code and user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : guess_primary_collection_of_a_record(self.recid)}) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : ln, 'referer' : \ CFG_SITE_SECURE_URL + user_info['uri']}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text = auth_message) readonly = CFG_ACCESS_CONTROL_LEVEL_SITE == 1 # From now on: either the user provided a specific file # name (and a possible version), or we return a list of # all the available files. In no case are the docids # visible. try: bibarchive = BibRecDocs(self.recid) except InvenioBibDocFileError: register_exception(req=req, alert_admin=True) msg = "<p>%s</p><p>%s</p>" % ( _("The system has encountered an error in retrieving the list of files for this document."), _("The error has been logged and will be taken in consideration as soon as possible.")) return warning_page(msg, req, ln) if bibarchive.deleted_p(): req.status = apache.HTTP_GONE return warning_page(_("Requested record does not seem to exist."), req, ln) docname = '' docformat = '' version = '' warn = '' if filename: # We know the complete file name, guess which docid it # refers to ## TODO: Change the extension system according to ext.py from setlink ## and have a uniform extension mechanism... docname = file_strip_ext(filename) docformat = filename[len(docname):] if docformat and docformat[0] != '.': docformat = '.' + docformat if args['subformat']: docformat += ';%s' % args['subformat'] else: docname = args['docname'] if not docformat: docformat = args['format'] if args['subformat']: docformat += ';%s' % args['subformat'] if not version: version = args['version'] ## Download as attachment is_download = False if args['download']: is_download = True # version could be either empty, or all or an integer try: int(version) except ValueError: if version != 'all': version = '' display_hidden = isUserSuperAdmin(user_info) if version != 'all': # search this filename in the complete list of files for doc in bibarchive.list_bibdocs(): if docname == bibarchive.get_docname(doc.id): try: try: docfile = doc.get_file(docformat, version) except InvenioBibDocFileError as msg: req.status = apache.HTTP_NOT_FOUND if not CFG_INSPIRE_SITE and req.headers_in.get('referer'): ## There must be a broken link somewhere. ## Maybe it's good to alert the admin register_exception(req=req, alert_admin=True) warn += write_warning(_("The format %(x_form)s does not exist for the given version: %(x_vers)s", x_form=cgi.escape(docformat), x_vers=cgi.escape(str(msg)))) break (auth_code, auth_message) = docfile.is_restricted(user_info) if auth_code != 0 and not is_user_owner_of_record(user_info, self.recid): if CFG_BIBDOCFILE_ICON_SUBFORMAT_RE.match(get_subformat_from_format(docformat)): return stream_restricted_icon(req) if user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action('viewrestrdoc', {'status' : docfile.get_status()}) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : ln, 'referer' : \ CFG_SITE_SECURE_URL + user_info['uri']}, {}) redirect_to_url(req, target) else: req.status = apache.HTTP_UNAUTHORIZED warn += write_warning(_("This file is restricted: ") + str(auth_message)) break if not docfile.hidden_p(): if not readonly: ip = str(req.remote_ip) doc.register_download(ip, docfile.get_version(), docformat, uid, self.recid) try: return docfile.stream(req, download=is_download) except InvenioBibDocFileError as msg: register_exception(req=req, alert_admin=True) req.status = apache.HTTP_INTERNAL_SERVER_ERROR warn += write_warning(_("An error has happened in trying to stream the request file.")) else: req.status = apache.HTTP_UNAUTHORIZED warn += write_warning(_("The requested file is hidden and can not be accessed.")) except InvenioBibDocFileError as msg: register_exception(req=req, alert_admin=True) if docname and docformat and not warn: req.status = apache.HTTP_NOT_FOUND warn += write_warning(_("Requested file does not seem to exist.")) # filelist = bibarchive.display("", version, ln=ln, verbose=verbose, display_hidden=display_hidden) filelist = bibdocfile_templates.tmpl_display_bibrecdocs(bibarchive, "", version, ln=ln, verbose=verbose, display_hidden=display_hidden) t = warn + bibdocfile_templates.tmpl_filelist( ln=ln, filelist=filelist) cc = guess_primary_collection_of_a_record(self.recid) cc_id = Collection.query.filter_by(name=cc).value('id') unordered_tabs = None # get_detailed_page_tabs(cc_id, self.recid, ln) ordered_tabs_id = [(tab_id, values['order']) for (tab_id, values) in iteritems(unordered_tabs)] ordered_tabs_id.sort(lambda x, y: cmp(x[1], y[1])) link_ln = '' if ln != CFG_SITE_LANG: link_ln = '?ln=%s' % ln tabs = [(unordered_tabs[tab_id]['label'], '%s/%s/%s/%s%s' % (CFG_SITE_URL, CFG_SITE_RECORD, self.recid, tab_id, link_ln), tab_id == 'files', unordered_tabs[tab_id]['enabled']) for (tab_id, dummy_order) in ordered_tabs_id if unordered_tabs[tab_id]['visible'] is True] tabs_counts = {} # get_detailed_page_tabs_counts(self.recid) top = webstyle_templates.detailed_record_container_top(self.recid, tabs, args['ln'], citationnum=tabs_counts['Citations'], referencenum=tabs_counts['References'], discussionnum=tabs_counts['Discussions']) bottom = webstyle_templates.detailed_record_container_bottom(self.recid, tabs, args['ln']) title, description, keywords = websearch_templates.tmpl_record_page_header_content(req, self.recid, args['ln']) return pageheaderonly(title=title, navtrail=create_navtrail_links(cc=cc, aas=0, ln=ln) + \ ''' > <a class="navtrail" href="%s/%s/%s">%s</a> > %s''' % \ (CFG_SITE_URL, CFG_SITE_RECORD, self.recid, title, _("Access to Fulltext")), description=description, keywords=keywords, uid=uid, language=ln, req=req, navmenuid='search', navtrail_append_title_p=0) + \ websearch_templates.tmpl_search_pagestart(ln) + \ top + t + bottom + \ websearch_templates.tmpl_search_pageend(ln) + \ pagefooteronly(language=ln, req=req)
def vote(self, req, form): """Vote positively or negatively for a comment/review. @param comid: comment/review id @param com_value: +1 to vote positively -1 to vote negatively @param recid: the id of the record the comment/review is associated with @param ln: language @param do: display order hh = highest helpful score, review only lh = lowest helpful score, review only hs = highest star score, review only ls = lowest star score, review only od = oldest date nd = newest date @param ds: display since all= no filtering by date nd = n days ago nw = n weeks ago nm = n months ago ny = n years ago where n is a single digit integer between 0 and 9 @param nb: number of results per page @param p: results page @param referer: http address of the calling function to redirect to (refresh) @param reviews: boolean, enabled for reviews, disabled for comments """ argd = wash_urlargd(form, {'comid': (int, -1), 'com_value': (int, 0), 'recid': (int, -1), 'do': (str, "od"), 'ds': (str, "all"), 'nb': (int, 100), 'p': (int, 1), 'referer': (str, None) }) _ = gettext_set_language(argd['ln']) client_ip_address = req.remote_ip uid = getUid(req) user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_comments(user_info, self.recid) if auth_code and user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : guess_primary_collection_of_a_record(self.recid)}) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_SECURE_URL + user_info['uri']}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text = auth_msg) # Check that comment belongs to this recid if not check_comment_belongs_to_record(argd['comid'], self.recid): return page_not_authorized(req, "../", \ text = _("Specified comment does not belong to this record")) # Check that user can access the record (auth_code, auth_msg) = check_user_can_view_comment(user_info, argd['comid']) if auth_code: return page_not_authorized(req, "../", \ text = _("You do not have access to the specified comment")) # Check that comment is not currently deleted if is_comment_deleted(argd['comid']): return page_not_authorized(req, "../", \ text = _("You cannot vote for a deleted comment"), ln=argd['ln']) success = perform_request_vote(argd['comid'], client_ip_address, argd['com_value'], uid) if argd['referer']: argd['referer'] += "?ln=%s&do=%s&ds=%s&nb=%s&p=%s&voted=%s&" % ( argd['ln'], argd['do'], argd['ds'], argd['nb'], argd['p'], success) redirect_to_url(req, argd['referer']) else: #Note: sent to comments display referer = "%s/%s/%s/%s?&ln=%s&voted=1" referer %= (CFG_SITE_SECURE_URL, CFG_SITE_RECORD, self.recid, self.discussion == 1 and 'reviews' or 'comments', argd['ln']) redirect_to_url(req, referer)
def index(self, req, form): """Handle all BibMerge requests. The responsibilities of this functions are: * JSON decoding and encoding. * Redirection, if necessary. * Authorization. * Calling the appropriate function from the engine. """ # If it is an Ajax request, extract any JSON data. ajax_request, recid1, recid2 = False, None, None argd = wash_urlargd(form, {'ln': (str, CFG_SITE_LANG)}) if 'jsondata' in form: json_data = json.loads(str(form['jsondata'])) # Deunicode all strings (Invenio doesn't have unicode # support). json_data = json_unicode_to_utf8(json_data) ajax_request = True json_response = {} try: if json_data.has_key('recID1'): recid1 = int(json_data['recID1']) json_data['recID1'] = recid1 if json_data.has_key('recID2'): if json_data.get('record2Mode') == "recid": recid2 = int(json_data['recID2']) json_data['recID2'] = recid2 except ValueError: json_response.update({ 'resultCode': 1, 'resultText': 'Invalid record ID!' }) return json.dumps(json_response) if json_data.has_key("duplicate"): if json_data.get('record2Mode') == "recid": json_data["duplicate"] = int(json_data["duplicate"]) # Authorization. user_info = collect_user_info(req) if user_info['email'] == 'guest': # User is not logged in. if not ajax_request: # Do not display the introductory recID selection box to guest # users (as it used to be with v0.99.0): auth_code, auth_message = acc_authorize_action( req, 'runbibmerge') referer = '/merge/' return page_not_authorized(req=req, referer=referer, text=auth_message, navtrail=navtrail) else: # Session has most likely timed out. json_response.update({ 'resultCode': 1, 'resultText': 'Error: Not logged in' }) return json.dumps(json_response) elif self.recid: # Handle RESTful call by storing recid and redirecting to # generic URL. redirect_to_url( req, '%s/%s/merge/' % (CFG_SITE_SECURE_URL, CFG_SITE_RECORD)) if recid1 is not None: # Authorize access to record 1. auth_code, auth_message = acc_authorize_action( req, 'runbibmerge', collection=guess_primary_collection_of_a_record(recid1)) if auth_code != 0: json_response.update({ 'resultCode': 1, 'resultText': 'No access to record %s' % recid1 }) return json.dumps(json_response) if recid2 is not None: # Authorize access to record 2. auth_code, auth_message = acc_authorize_action( req, 'runbibmerge', collection=guess_primary_collection_of_a_record(recid2)) if auth_code != 0: json_response.update({ 'resultCode': 1, 'resultText': 'No access to record %s' % recid2 }) return json.dumps(json_response) # Handle request. uid = getUid(req) if not ajax_request: # Show BibEdit start page. body, errors, warnings = perform_request_init() scripts = ["vendors/json2/json2.js", "js/merger/engine.js"] metaheaderadd = "" for script in scripts: metaheaderadd += '<script type="text/javascript" src="%s/%s"></script>' % ( CFG_SITE_URL, auto_version_url(script)) return page(title='Record Merger', metaheaderadd=metaheaderadd, body=body, errors=errors, warnings=warnings, uid=uid, language=argd['ln'], navtrail=navtrail, lastupdated=__lastupdated__, req=req) else: # Handle AJAX request. json_response = perform_request_ajax(req, uid, json_data) return json.dumps(json_response)
def getfile(req, form): args = wash_urlargd(form, bibdocfile_templates.files_default_urlargd) ln = args['ln'] _ = gettext_set_language(ln) uid = getUid(req) user_info = collect_user_info(req) verbose = args['verbose'] if verbose >= 1 and not isUserSuperAdmin(user_info): # Only SuperUser can see all the details! verbose = 0 if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE > 1: return page_not_authorized(req, "/%s/%s" % (CFG_SITE_RECORD, self.recid), navmenuid='submit') if record_exists(self.recid) < 1: msg = "<p>%s</p>" % _( "Requested record does not seem to exist.") return warning_page(msg, req, ln) if record_empty(self.recid): msg = "<p>%s</p>" % _( "Requested record does not seem to have been integrated.") return warning_page(msg, req, ln) (auth_code, auth_message) = check_user_can_view_record(user_info, self.recid) if auth_code and user_info['email'] == 'guest': if webjournal_utils.is_recid_in_released_issue(self.recid): # We can serve the file pass else: cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, { 'collection': guess_primary_collection_of_a_record(self.recid) }) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : ln, 'referer' : \ CFG_SITE_SECURE_URL + user_info['uri']}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: if webjournal_utils.is_recid_in_released_issue(self.recid): # We can serve the file pass else: return page_not_authorized(req, "../", \ text = auth_message) readonly = CFG_ACCESS_CONTROL_LEVEL_SITE == 1 # From now on: either the user provided a specific file # name (and a possible version), or we return a list of # all the available files. In no case are the docids # visible. try: bibarchive = BibRecDocs(self.recid) except InvenioBibDocFileError: register_exception(req=req, alert_admin=True) msg = "<p>%s</p><p>%s</p>" % ( _("The system has encountered an error in retrieving the list of files for this document." ), _("The error has been logged and will be taken in consideration as soon as possible." )) return warning_page(msg, req, ln) if bibarchive.deleted_p(): req.status = apache.HTTP_GONE return warning_page( _("Requested record does not seem to exist."), req, ln) docname = '' docformat = '' version = '' warn = '' if filename: # We know the complete file name, guess which docid it # refers to ## TODO: Change the extension system according to ext.py from setlink ## and have a uniform extension mechanism... docname = file_strip_ext(filename) docformat = filename[len(docname):] if docformat and docformat[0] != '.': docformat = '.' + docformat if args['subformat']: docformat += ';%s' % args['subformat'] else: docname = args['docname'] if not docformat: docformat = args['format'] if args['subformat']: docformat += ';%s' % args['subformat'] if not version: version = args['version'] ## Download as attachment is_download = False if args['download']: is_download = True # version could be either empty, or all or an integer try: int(version) except ValueError: if version != 'all': version = '' display_hidden = isUserSuperAdmin(user_info) if version != 'all': # search this filename in the complete list of files for doc in bibarchive.list_bibdocs(): if docname == bibarchive.get_docname(doc.id): try: try: docfile = doc.get_file(docformat, version) except InvenioBibDocFileError as msg: req.status = apache.HTTP_NOT_FOUND if not CFG_INSPIRE_SITE and req.headers_in.get( 'referer'): ## There must be a broken link somewhere. ## Maybe it's good to alert the admin register_exception(req=req, alert_admin=True) warn += write_warning( _("The format %(x_form)s does not exist for the given version: %(x_vers)s", x_form=cgi.escape(docformat), x_vers=cgi.escape(str(msg)))) break (auth_code, auth_message) = docfile.is_restricted(user_info) if auth_code != 0 and not is_user_owner_of_record( user_info, self.recid): if CFG_BIBDOCFILE_ICON_SUBFORMAT_RE.match( get_subformat_from_format(docformat)): return stream_restricted_icon(req) if user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action( 'viewrestrdoc', {'status': docfile.get_status()}) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : ln, 'referer' : \ CFG_SITE_SECURE_URL + user_info['uri']}, {}) redirect_to_url(req, target) else: req.status = apache.HTTP_UNAUTHORIZED warn += write_warning( _("This file is restricted: ") + str(auth_message)) break if not docfile.hidden_p(): if not readonly: ip = str(req.remote_ip) doc.register_download( ip, docfile.get_version(), docformat, uid, self.recid) try: return docfile.stream(req, download=is_download) except InvenioBibDocFileError as msg: register_exception(req=req, alert_admin=True) req.status = apache.HTTP_INTERNAL_SERVER_ERROR warn += write_warning( _("An error has happened in trying to stream the request file." )) else: req.status = apache.HTTP_UNAUTHORIZED warn += write_warning( _("The requested file is hidden and can not be accessed." )) except InvenioBibDocFileError as msg: register_exception(req=req, alert_admin=True) # Prevent leaking of restricted file names req.status = apache.HTTP_NOT_FOUND return if docname and docformat and not warn: req.status = apache.HTTP_NOT_FOUND warn += write_warning( _("Requested file does not seem to exist.")) # filelist = bibarchive.display("", version, ln=ln, verbose=verbose, display_hidden=display_hidden) filelist = bibdocfile_templates.tmpl_display_bibrecdocs( bibarchive, "", version, ln=ln, verbose=verbose, display_hidden=display_hidden) t = warn + bibdocfile_templates.tmpl_filelist(ln=ln, filelist=filelist) cc = guess_primary_collection_of_a_record(self.recid) unordered_tabs = get_detailed_page_tabs(get_colID(cc), self.recid, ln) ordered_tabs_id = [(tab_id, values['order']) for (tab_id, values) in iteritems(unordered_tabs)] ordered_tabs_id.sort(lambda x, y: cmp(x[1], y[1])) link_ln = '' if ln != CFG_SITE_LANG: link_ln = '?ln=%s' % ln tabs = [ (unordered_tabs[tab_id]['label'], '%s/%s/%s/%s%s' % (CFG_SITE_URL, CFG_SITE_RECORD, self.recid, tab_id, link_ln), tab_id == 'files', unordered_tabs[tab_id]['enabled']) for (tab_id, dummy_order) in ordered_tabs_id if unordered_tabs[tab_id]['visible'] is True ] tabs_counts = get_detailed_page_tabs_counts(self.recid) top = webstyle_templates.detailed_record_container_top( self.recid, tabs, args['ln'], citationnum=tabs_counts['Citations'], referencenum=tabs_counts['References'], discussionnum=tabs_counts['Discussions']) bottom = webstyle_templates.detailed_record_container_bottom( self.recid, tabs, args['ln']) title, description, keywords = websearch_templates.tmpl_record_page_header_content( req, self.recid, args['ln']) return pageheaderonly(title=title, navtrail=create_navtrail_links(cc=cc, aas=0, ln=ln) + \ ''' > <a class="navtrail" href="%s/%s/%s">%s</a> > %s''' % \ (CFG_SITE_URL, CFG_SITE_RECORD, self.recid, title, _("Access to Fulltext")), description=description, keywords=keywords, uid=uid, language=ln, req=req, navmenuid='search', navtrail_append_title_p=0) + \ websearch_templates.tmpl_search_pagestart(ln) + \ top + t + bottom + \ websearch_templates.tmpl_search_pageend(ln) + \ pagefooteronly(language=ln, req=req)
def __call__(self, req, form): """ Perform a search. """ argd = wash_search_urlargd(form) _ = gettext_set_language(argd['ln']) if req.method == 'POST': raise apache.SERVER_RETURN, apache.HTTP_METHOD_NOT_ALLOWED uid = getUid(req) user_info = collect_user_info(req) if uid == -1: return page_not_authorized(req, "../", text=_("You are not authorized to view this area."), navmenuid='search') elif uid > 0: pref = get_user_preferences(uid) try: if 'rg' not in form: # fetch user rg preference only if not overridden via URL argd['rg'] = int(pref['websearch_group_records']) except (KeyError, ValueError): pass if argd['rg'] > CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS and acc_authorize_action(req, 'runbibedit')[0] != 0: argd['rg'] = CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS involved_collections = set() involved_collections.update(argd['c']) involved_collections.add(argd['cc']) if argd['id'] > 0: argd['recid'] = argd['id'] if argd['idb'] > 0: argd['recidb'] = argd['idb'] if argd['sysno']: tmp_recid = find_record_from_sysno(argd['sysno']) if tmp_recid: argd['recid'] = tmp_recid if argd['sysnb']: tmp_recid = find_record_from_sysno(argd['sysnb']) if tmp_recid: argd['recidb'] = tmp_recid if argd['recid'] > 0: if argd['recidb'] > argd['recid']: # Hack to check if among the restricted collections # at least a record of the range is there and # then if the user is not authorized for that # collection. recids = intbitset(xrange(argd['recid'], argd['recidb'])) restricted_collection_cache.recreate_cache_if_needed() for collname in restricted_collection_cache.cache: (auth_code, auth_msg) = acc_authorize_action(user_info, VIEWRESTRCOLL, collection=collname) if auth_code and user_info['email'] == 'guest': coll_recids = get_collection_reclist(collname) if coll_recids & recids: cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : collname}) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : CFG_SITE_SECURE_URL + req.unparsed_uri}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text=auth_msg, \ navmenuid='search') else: involved_collections.add(guess_primary_collection_of_a_record(argd['recid'])) # If any of the collection requires authentication, redirect # to the authentication form. for coll in involved_collections: if collection_restricted_p(coll): (auth_code, auth_msg) = acc_authorize_action(user_info, VIEWRESTRCOLL, collection=coll) if auth_code and user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : coll}) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : CFG_SITE_SECURE_URL + req.unparsed_uri}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text=auth_msg, \ navmenuid='search') #check if the user has rights to set a high wildcard limit #if not, reduce the limit set by user, with the default one if CFG_WEBSEARCH_WILDCARD_LIMIT > 0 and (argd['wl'] > CFG_WEBSEARCH_WILDCARD_LIMIT or argd['wl'] == 0): auth_code, auth_message = acc_authorize_action(req, 'runbibedit') if auth_code != 0: argd['wl'] = CFG_WEBSEARCH_WILDCARD_LIMIT # only superadmins can use verbose parameter for obtaining debug information if not isUserSuperAdmin(user_info): argd['verbose'] = 0 # Keep all the arguments, they might be reused in the # search_engine itself to derivate other queries req.argd = argd # mod_python does not like to return [] in case when of=id: out = perform_request_search(req, **argd) if isinstance(out, intbitset): return out.fastdump() elif out == []: return str(out) else: return out
def decorated(recid, *args, **kwargs): from invenio.modules.access.mailcookie import \ mail_cookie_create_authorize_action from invenio.modules.access.local_config import VIEWRESTRCOLL from invenio.legacy.search_engine import \ guess_primary_collection_of_a_record, \ check_user_can_view_record from invenio.b2share.modules.main.utils import check_fresh_record # ensure recid to be integer recid = int(recid) from invenio.legacy.search_engine import record_exists, get_merged_recid if record_exists(recid) == 0: # record doesn't exist, abort so it doesn't get incorrectly cached abort(apache.HTTP_NOT_FOUND) # The record is gone! if check_fresh_record(current_user, recid): return render_template('record_waitforit.html', recid=recid) g.collection = collection = Collection.query.filter( Collection.name == guess_primary_collection_of_a_record(recid)).\ one() (auth_code, auth_msg) = check_user_can_view_record(current_user, recid) # only superadmins can use verbose parameter for obtaining debug # information if not current_user.is_super_admin and 'verbose' in kwargs: kwargs['verbose'] = 0 if auth_code and current_user.is_guest: cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, {'collection': g.collection.name}) url_args = {'action': cookie, 'ln': g.ln, 'referer': request.url} flash(_("Authorization failure"), 'error') return redirect(url_for('webaccount.login', **url_args)) elif auth_code: flash(auth_msg, 'error') abort(apache.HTTP_UNAUTHORIZED) from invenio.legacy.search_engine import record_exists, \ get_merged_recid # check if the current record has been deleted # and has been merged, case in which the deleted record # will be redirect to the new one record_status = record_exists(recid) merged_recid = get_merged_recid(recid) if record_status == -1 and merged_recid: return redirect(url_for('record.metadata', recid=merged_recid)) elif record_status == -1: abort(apache.HTTP_GONE) # The record is gone! g.bibrec = Bibrec.query.get(recid) record = get_record(recid) if record is None: return render_template('404.html') title = record.get(cfg.get('RECORDS_BREADCRUMB_TITLE_KEY'), '') tabs = [] if cfg.get('CFG_WEBLINKBACK_TRACKBACK_ENABLED'): @register_template_context_processor def trackback_context(): from invenio.legacy.weblinkback.templates import \ get_trackback_auto_discovery_tag return { 'headerLinkbackTrackbackLink': get_trackback_auto_discovery_tag(recid) } def _format_record(recid, of='hd', user_info=current_user, *args, **kwargs): from invenio.modules.formatter import format_record return format_record(recid, of, user_info=user_info, *args, **kwargs) @register_template_context_processor def record_context(): from invenio.modules.comments.api import get_mini_reviews from invenio.legacy.bibdocfile.api import BibRecDocs all_files = [f for f in BibRecDocs(recid, human_readable=True).list_latest_files(list_hidden=False) \ if not f.is_icon()] files = [ f for f in all_files if f.is_restricted(current_user)[0] == 0 ] has_private_files = len(files) < len(all_files) return dict(recid=recid, record=record, tabs=tabs, title=title, get_mini_reviews=get_mini_reviews, collection=collection, format_record=_format_record, has_private_files=has_private_files, files=files) pre_template_render.send( "%s.%s" % (blueprint.name, f.__name__), recid=recid, ) return f(recid, *args, **kwargs)
def __call__(self, req, form): argd = wash_search_urlargd(form) argd['recid'] = self.recid if self.format is not None: argd['of'] = self.format req.argd = argd uid = getUid(req) if uid == -1: return page_not_authorized(req, "../", text="You are not authorized to view this record.", navmenuid='search') elif uid > 0: pref = get_user_preferences(uid) try: if 'rg' not in form: # fetch user rg preference only if not overridden via URL argd['rg'] = int(pref['websearch_group_records']) except (KeyError, ValueError): pass # Check if the record belongs to a restricted primary # collection. If yes, redirect to the authenticated URL. user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_record(user_info, self.recid) if argd['rg'] > CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS and acc_authorize_action(req, 'runbibedit')[0] != 0: argd['rg'] = CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS #check if the user has rights to set a high wildcard limit #if not, reduce the limit set by user, with the default one if CFG_WEBSEARCH_WILDCARD_LIMIT > 0 and (argd['wl'] > CFG_WEBSEARCH_WILDCARD_LIMIT or argd['wl'] == 0): if acc_authorize_action(req, 'runbibedit')[0] != 0: argd['wl'] = CFG_WEBSEARCH_WILDCARD_LIMIT # only superadmins can use verbose parameter for obtaining debug information if not isUserSuperAdmin(user_info): argd['verbose'] = 0 if auth_code and user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : guess_primary_collection_of_a_record(self.recid)}) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : CFG_SITE_SECURE_URL + req.unparsed_uri}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text=auth_msg, \ navmenuid='search') # mod_python does not like to return [] in case when of=id: out = perform_request_search(req, **argd) if isinstance(out, intbitset): return out.fastdump() elif out == []: return str(out) else: return out
def decorated(recid, *args, **kwargs): from invenio.modules.collections.models import Collection from invenio.legacy.search_engine import \ guess_primary_collection_of_a_record from .api import get_record from .access import check_user_can_view_record from .models import Record as Bibrec # ensure recid to be integer recid = int(recid) g.bibrec = Bibrec.query.get(recid) g.record = record = get_record(recid) if record is None: abort(404) g.collection = collection = Collection.query.filter( Collection.name == guess_primary_collection_of_a_record(recid)).\ one() (auth_code, auth_msg) = check_user_can_view_record(current_user, recid) # only superadmins can use verbose parameter for obtaining debug # information if not current_user.is_super_admin and 'verbose' in kwargs: kwargs['verbose'] = 0 if auth_code: flash(auth_msg, 'error') abort(apache.HTTP_UNAUTHORIZED) # from invenio.legacy.search_engine import record_exists, \ # get_merged_recid # check if the current record has been deleted # and has been merged, case in which the deleted record # will be redirect to the new one # record_status = record_exists(recid) # merged_recid = get_merged_recid(recid) # if record_status == -1 and merged_recid: # return redirect(url_for('record.metadata', recid=merged_recid)) # elif record_status == -1: # abort(apache.HTTP_GONE) # The record is gone! title = record.get(cfg.get('RECORDS_BREADCRUMB_TITLE_KEY'), '') tabs = [] def _format_record(record, of='hd', user_info=current_user, *args, **kwargs): from invenio.modules.formatter import format_record return format_record(record, of, user_info=user_info, *args, **kwargs) @register_template_context_processor def record_context(): # from invenio.modules.comments.api import get_mini_reviews return dict( recid=recid, record=record, tabs=tabs, title=title, get_mini_reviews=lambda *args, **kwargs: '', # FIXME get_mini_reviews, collection=collection, format_record=_format_record) pre_template_render.send( "%s.%s" % (blueprint.name, f.__name__), recid=recid, ) return f(recid, *args, **kwargs)
def add(self, req, form): """ Add a comment (review) to record with id recid where recid>0 Also works for adding a remark to basket with id recid where recid<-99 @param ln: languange @param recid: record id @param action: 'DISPLAY' to display add form 'SUBMIT' to submit comment once form is filled 'REPLY' to reply to an already existing comment @param msg: the body of the comment/review or remark @param score: star score of the review @param note: title of the review @param comid: comment id, needed for replying @param editor_type: the type of editor used for submitting the comment: 'textarea', 'ckeditor'. @param subscribe: if set, subscribe user to receive email notifications when new comment are added to this discussion @return the full html page. """ argd = wash_urlargd( form, { 'action': (str, "DISPLAY"), 'msg': (str, ""), 'note': (str, ''), 'score': (int, 0), 'comid': (int, 0), 'editor_type': (str, ""), 'subscribe': (str, ""), 'cookie': (str, "") }) _ = gettext_set_language(argd['ln']) actions = ['DISPLAY', 'REPLY', 'SUBMIT'] uid = getUid(req) # Is site ready to accept comments? if uid == -1 or (not CFG_WEBCOMMENT_ALLOW_COMMENTS and not CFG_WEBCOMMENT_ALLOW_REVIEWS): return page_not_authorized(req, "../comments/add", navmenuid='search') # Is user allowed to post comment? user_info = collect_user_info(req) (auth_code_1, auth_msg_1) = check_user_can_view_comments(user_info, self.recid) (auth_code_2, auth_msg_2) = check_user_can_send_comments(user_info, self.recid) if isGuestUser(uid): cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, { 'collection': guess_primary_collection_of_a_record( self.recid) }) # Save user's value in cookie, so that these "POST" # parameters are not lost during login process msg_cookie = mail_cookie_create_common( 'comment_msg', { 'msg': argd['msg'], 'note': argd['note'], 'score': argd['score'], 'editor_type': argd['editor_type'], 'subscribe': argd['subscribe'] }, onetime=True) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_SECURE_URL + user_info['uri'] + '&cookie=' + msg_cookie}, {}) return redirect_to_url(req, target, norobot=True) elif (auth_code_1 or auth_code_2): return page_not_authorized(req, "../", \ text = auth_msg_1 + auth_msg_2) if argd['comid']: # If replying to a comment, are we on a record that # matches the original comment user is replying to? if not check_comment_belongs_to_record(argd['comid'], self.recid): return page_not_authorized(req, "../", \ text = _("Specified comment does not belong to this record")) # Is user trying to reply to a restricted comment? Make # sure user has access to it. We will then inherit its # restriction for the new comment (auth_code, auth_msg) = check_user_can_view_comment(user_info, argd['comid']) if auth_code: return page_not_authorized(req, "../", \ text = _("You do not have access to the specified comment")) # Is user trying to reply to a deleted comment? If so, we # let submitted comment go (to not lose possibly submitted # content, if comment is submitted while original is # deleted), but we "reset" comid to make sure that for # action 'REPLY' the original comment is not included in # the reply if is_comment_deleted(argd['comid']): argd['comid'] = 0 user_info = collect_user_info(req) can_attach_files = False (auth_code, auth_msg) = check_user_can_attach_file_to_comments( user_info, self.recid) if not auth_code and (user_info['email'] != 'guest'): can_attach_files = True warning_msgs = [ ] # list of warning tuples (warning_text, warning_color) added_files = {} if can_attach_files: # User is allowed to attach files. Process the files file_too_big = False formfields = form.get('commentattachment[]', []) if not hasattr(formfields, "__getitem__"): # A single file was uploaded formfields = [formfields] for formfield in formfields[:CFG_WEBCOMMENT_MAX_ATTACHED_FILES]: if hasattr(formfield, "filename") and formfield.filename: filename = formfield.filename dir_to_open = os.path.join(CFG_TMPSHAREDDIR, 'webcomment', str(uid)) try: assert (dir_to_open.startswith(CFG_TMPSHAREDDIR)) except AssertionError: register_exception(req=req, prefix='User #%s tried to upload file to forbidden location: %s' \ % (uid, dir_to_open)) if not os.path.exists(dir_to_open): try: os.makedirs(dir_to_open) except: register_exception(req=req, alert_admin=True) ## Before saving the file to disc, wash the filename ## (in particular washing away UNIX and Windows ## (e.g. DFS) paths): filename = os.path.basename(filename.split('\\')[-1]) filename = filename.strip() if filename != "": # Check that file does not already exist while os.path.exists( os.path.join(dir_to_open, filename)): basedir, name, extension = decompose_file(filename) new_name = propose_next_docname(name) filename = new_name + extension fp = open(os.path.join(dir_to_open, filename), "w") # FIXME: temporary, waiting for wsgi handler to be # fixed. Once done, read chunk by chunk # while formfield.file: # fp.write(formfield.file.read(10240)) fp.write(formfield.file.read()) fp.close() # Isn't this file too big? file_size = os.path.getsize( os.path.join(dir_to_open, filename)) if CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE > 0 and \ file_size > CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE: os.remove(os.path.join(dir_to_open, filename)) # One file is too big: record that, # dismiss all uploaded files and re-ask to # upload again file_too_big = True try: raise InvenioWebCommentWarning( _('The size of file \\"%(x_file)s\\" (%(x_size)s) is larger than maximum allowed file size (%(x_max)s). Select files again.', x_file=cgi.escape(filename), x_size=str(file_size / 1024) + 'KB', x_max=str( CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE / 1024) + 'KB')) except InvenioWebCommentWarning as exc: register_exception(stream='warning') warning_msgs.append((exc.message, '')) #warning_msgs.append(('WRN_WEBCOMMENT_MAX_FILE_SIZE_REACHED', cgi.escape(filename), str(file_size/1024) + 'KB', str(CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE/1024) + 'KB')) else: added_files[filename] = os.path.join( dir_to_open, filename) if file_too_big: # One file was too big. Removed all uploaded filed for filepath in added_files.items(): try: os.remove(filepath) except: # File was already removed or does not exist? pass client_ip_address = req.remote_ip check_warnings = [] (ok, problem) = check_recID_is_in_range(self.recid, check_warnings, argd['ln']) if ok: title, description, keywords = websearch_templates.tmpl_record_page_header_content( req, self.recid, argd['ln']) navtrail = create_navtrail_links( cc=guess_primary_collection_of_a_record(self.recid)) if navtrail: navtrail += ' > ' navtrail += '<a class="navtrail" href="%s/%s/%s?ln=%s">' % ( CFG_SITE_URL, CFG_SITE_RECORD, self.recid, argd['ln']) navtrail += cgi.escape(title) navtrail += '</a>' navtrail += '> <a class="navtrail" href="%s/%s/%s/%s/?ln=%s">%s</a>' % ( CFG_SITE_URL, CFG_SITE_RECORD, self.recid, self.discussion == 1 and 'reviews' or 'comments', argd['ln'], self.discussion == 1 and _('Reviews') or _('Comments')) if argd['action'] not in actions: argd['action'] = 'DISPLAY' if not argd['msg']: # User had to login in-between, so retrieve msg # from cookie try: (kind, cookie_argd) = mail_cookie_check_common(argd['cookie'], delete=True) argd.update(cookie_argd) except InvenioWebAccessMailCookieDeletedError: return redirect_to_url(req, CFG_SITE_SECURE_URL + '/'+ CFG_SITE_RECORD +'/' + \ str(self.recid) + (self.discussion==1 and \ '/reviews' or '/comments')) except InvenioWebAccessMailCookieError: # Invalid or empty cookie: continue pass subscribe = False if argd['subscribe'] and \ get_user_subscription_to_discussion(self.recid, uid) == 0: # User is not already subscribed, and asked to subscribe subscribe = True body = perform_request_add_comment_or_remark( recID=self.recid, ln=argd['ln'], uid=uid, action=argd['action'], msg=argd['msg'], note=argd['note'], score=argd['score'], reviews=self.discussion, comID=argd['comid'], client_ip_address=client_ip_address, editor_type=argd['editor_type'], can_attach_files=can_attach_files, subscribe=subscribe, req=req, attached_files=added_files, warnings=warning_msgs) if self.discussion: title = _("Add Review") else: title = _("Add Comment") jqueryheader = ''' <script src="%(CFG_SITE_URL)s/vendors/jquery-multifile/jquery.MultiFile.pack.js" type="text/javascript"></script> ''' % { 'CFG_SITE_URL': CFG_SITE_URL } return page(title=title, body=body, navtrail=navtrail, uid=uid, language=CFG_SITE_LANG, verbose=1, req=req, navmenuid='search', metaheaderadd=jqueryheader) # id not in range else: return page(title=_("Record Not Found"), body=problem, uid=uid, verbose=1, req=req, navmenuid='search')
def decorated(recid, *args, **kwargs): from invenio.legacy.search_engine import \ guess_primary_collection_of_a_record, \ check_user_can_view_record # ensure recid to be integer recid = int(recid) g.bibrec = Bibrec.query.get(recid) record = get_record(recid) if record is None: return render_template('404.html') g.collection = collection = Collection.query.filter( Collection.name == guess_primary_collection_of_a_record(recid)).\ one() (auth_code, auth_msg) = check_user_can_view_record(current_user, recid) # only superadmins can use verbose parameter for obtaining debug # information if not current_user.is_super_admin and 'verbose' in kwargs: kwargs['verbose'] = 0 if auth_code: flash(auth_msg, 'error') abort(apache.HTTP_UNAUTHORIZED) from invenio.legacy.search_engine import record_exists, \ get_merged_recid # check if the current record has been deleted # and has been merged, case in which the deleted record # will be redirect to the new one record_status = record_exists(recid) merged_recid = get_merged_recid(recid) if record_status == -1 and merged_recid: return redirect(url_for('record.metadata', recid=merged_recid)) elif record_status == -1: abort(apache.HTTP_GONE) # The record is gone! title = record.get(cfg.get('RECORDS_BREADCRUMB_TITLE_KEY'), '') tabs = [] def _format_record(recid, of='hd', user_info=current_user, *args, **kwargs): from invenio.modules.formatter import format_record return format_record(recid, of, user_info=user_info, *args, **kwargs) @register_template_context_processor def record_context(): from invenio.modules.comments.api import get_mini_reviews return dict(recid=recid, record=record, tabs=tabs, title=title, get_mini_reviews=get_mini_reviews, collection=collection, format_record=_format_record ) pre_template_render.send( "%s.%s" % (blueprint.name, f.__name__), recid=recid, ) return f(recid, *args, **kwargs)
def index(self, req, form): """Handle all BibMerge requests. The responsibilities of this functions are: * JSON decoding and encoding. * Redirection, if necessary. * Authorization. * Calling the appropriate function from the engine. """ # If it is an Ajax request, extract any JSON data. ajax_request, recid1, recid2 = False, None, None argd = wash_urlargd(form, {'ln': (str, CFG_SITE_LANG)}) if 'jsondata' in form: json_data = json.loads(str(form['jsondata'])) # Deunicode all strings (Invenio doesn't have unicode # support). json_data = json_unicode_to_utf8(json_data) ajax_request = True json_response = {} if 'recID1' in json_data: recid1 = json_data['recID1'] if 'recID2' in json_data: recid2 = json_data['recID2'] # Authorization. user_info = collect_user_info(req) if user_info['email'] == 'guest': # User is not logged in. if not ajax_request: # Do not display the introductory recID selection box to guest # users (as it used to be with v0.99.0): auth_code, auth_message = acc_authorize_action(req, 'runbibmerge') referer = '/merge/' return page_not_authorized(req=req, referer=referer, text=auth_message, navtrail=navtrail) else: # Session has most likely timed out. json_response.update({'resultCode': 1, 'resultText': 'Error: Not logged in'}) return json.dumps(json_response) elif self.recid: # Handle RESTful call by storing recid and redirecting to # generic URL. redirect_to_url(req, '%s/%s/merge/' % (CFG_SITE_SECURE_URL, CFG_SITE_RECORD) ) if recid1 is not None: # Authorize access to record 1. auth_code, auth_message = acc_authorize_action(req, 'runbibmerge', collection=guess_primary_collection_of_a_record(recid1)) if auth_code != 0: json_response.update({'resultCode': 1, 'resultText': 'No access to record %s' % recid1}) return json.dumps(json_response) if recid2 is not None: # Authorize access to record 2. auth_code, auth_message = acc_authorize_action(req, 'runbibmerge', collection=guess_primary_collection_of_a_record(recid2)) if auth_code != 0: json_response.update({'resultCode': 1, 'resultText': 'No access to record %s' % recid2}) return json.dumps(json_response) # Handle request. uid = getUid(req) if not ajax_request: # Show BibEdit start page. body, errors, warnings = perform_request_init() metaheaderadd = """<script type="text/javascript" src="%(site)s/js/json2.js"></script> <script type="text/javascript" src="%(url)s"></script>""" % {'site': url_for('merger.static', filename='js/merger/engine.js')} title = 'Record Merger' return page(title = title, metaheaderadd = metaheaderadd, body = body, errors = errors, warnings = warnings, uid = uid, language = argd['ln'], navtrail = navtrail, lastupdated = __lastupdated__, req = req) else: # Handle AJAX request. json_response = perform_request_ajax(req, uid, json_data) return json.dumps(json_response)
def display(self, req, form): """ Display the linkbacks of a record and admin approve/reject features """ argd = wash_urlargd(form, {}) _ = gettext_set_language(argd['ln']) # Check authorization uid = getUid(req) user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_linkbacks(user_info, self.recid) if auth_code and user_info['email'] == 'guest': # Ask to login target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'ln': argd['ln'], 'referer': CFG_SITE_URL + user_info['uri']}, {}) return redirect_to_url(req, target) elif auth_code: return page_not_authorized(req, referer="../", uid=uid, text=auth_msg, ln=argd['ln']) show_admin = False (auth_code, auth_msg) = acc_authorize_action(req, 'moderatelinkbacks', collection = guess_primary_collection_of_a_record(self.recid)) if not auth_code: show_admin = True body = perform_request_display_record_linbacks(req, self.recid, show_admin, weblinkback_templates=weblinkback_templates, ln=argd['ln']) title = websearch_templates.tmpl_record_page_header_content(req, self.recid, argd['ln'])[0] # navigation, tabs, top and bottom part navtrail = create_navtrail_links(cc=guess_primary_collection_of_a_record(self.recid), ln=argd['ln']) if navtrail: navtrail += ' > ' navtrail += '<a class="navtrail" href="%s/%s/%s?ln=%s">'% (CFG_SITE_URL, CFG_SITE_RECORD, self.recid, argd['ln']) navtrail += title navtrail += '</a>' navtrail += ' > <a class="navtrail">Linkbacks</a>' mathjaxheader, jqueryheader = weblinkback_templates.tmpl_get_mathjaxheader_jqueryheader() unordered_tabs = get_detailed_page_tabs(get_colID(guess_primary_collection_of_a_record(self.recid)), self.recid, ln=argd['ln']) ordered_tabs_id = [(tab_id, values['order']) for (tab_id, values) in iteritems(unordered_tabs)] ordered_tabs_id.sort(lambda x, y: cmp(x[1], y[1])) link_ln = '' if argd['ln'] != CFG_SITE_LANG: link_ln = '?ln=%s' % argd['ln'] tabs = [(unordered_tabs[tab_id]['label'], \ '%s/%s/%s/%s%s' % (CFG_SITE_URL, CFG_SITE_RECORD, self.recid, tab_id, link_ln), \ tab_id in ['linkbacks'], unordered_tabs[tab_id]['enabled']) \ for (tab_id, values) in ordered_tabs_id if unordered_tabs[tab_id]['visible'] == True] top = webstyle_templates.detailed_record_container_top(self.recid, tabs, argd['ln']) bottom = webstyle_templates.detailed_record_container_bottom(self.recid, tabs, argd['ln']) return pageheaderonly(title=title, navtrail=navtrail, uid=uid, verbose=1, metaheaderadd = mathjaxheader + jqueryheader, req=req, language=argd['ln'], navmenuid='search', navtrail_append_title_p=0) + \ websearch_templates.tmpl_search_pagestart(argd['ln']) + \ top + body + bottom + \ websearch_templates.tmpl_search_pageend(argd['ln']) + \ pagefooteronly(language=argd['ln'], req=req)
def _get(self, req, form): """ Returns a file attached to a comment. Example: CFG_SITE_URL/CFG_SITE_RECORD/5953/comments/attachments/get/652/myfile.pdf where 652 is the comment ID """ argd = wash_urlargd(form, {'file': (str, None), 'comid': (int, 0)}) _ = gettext_set_language(argd['ln']) # Can user view this record, i.e. can user access its # attachments? uid = getUid(req) user_info = collect_user_info(req) # Check that user can view record, and its comments (protected # with action "viewcomment") (auth_code, auth_msg) = check_user_can_view_comments(user_info, self.recid) if auth_code and user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, { 'collection': guess_primary_collection_of_a_record( self.recid) }) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_SECURE_URL + user_info['uri']}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text = auth_msg) # Does comment exist? if not query_get_comment(argd['comid']): req.status = apache.HTTP_NOT_FOUND return page(title=_("Page Not Found"), body=_('The requested comment could not be found'), req=req) # Check that user can view this particular comment, protected # using its own restriction (auth_code, auth_msg) = check_user_can_view_comment(user_info, argd['comid']) if auth_code and user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, { 'collection': guess_primary_collection_of_a_record( self.recid) }) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_SECURE_URL + user_info['uri']}, {}) return redirect_to_url(req, target) elif auth_code: return page_not_authorized(req, "../", \ text = auth_msg, ln=argd['ln']) # Check that comment is not currently deleted if is_comment_deleted(argd['comid']): return page_not_authorized(req, "../", \ text = _("You cannot access files of a deleted comment"), ln=argd['ln']) if not argd['file'] is None: # Prepare path to file on disk. Normalize the path so that # ../ and other dangerous components are removed. path = os.path.abspath(CFG_PREFIX + '/var/data/comments/' + \ str(self.recid) + '/' + str(argd['comid']) + \ '/' + argd['file']) # Check that we are really accessing attachements # directory, for the declared record. if path.startswith(CFG_PREFIX + '/var/data/comments/' + \ str(self.recid)) and \ os.path.exists(path): return stream_file(req, path) # Send error 404 in all other cases req.status = apache.HTTP_NOT_FOUND return page(title=_("Page Not Found"), body=_('The requested file could not be found'), req=req, language=argd['ln'])
def decorated(recid, *args, **kwargs): from invenio.modules.access.mailcookie import \ mail_cookie_create_authorize_action from invenio.modules.access.local_config import VIEWRESTRCOLL from invenio.legacy.search_engine import guess_primary_collection_of_a_record, \ check_user_can_view_record from invenio.legacy.websearch.adminlib import get_detailed_page_tabs,\ get_detailed_page_tabs_counts from invenio.b2share.modules.main.utils import check_fresh_record # ensure recid to be integer recid = int(recid) from invenio.legacy.search_engine import record_exists, get_merged_recid if record_exists(recid) == 0: # record doesn't exist, abort so it doesn't get incorrectly cached abort(apache.HTTP_NOT_FOUND) # The record is gone! if check_fresh_record(current_user, recid): return render_template('record_waitforit.html', recid=recid) g.collection = collection = Collection.query.filter( Collection.name == guess_primary_collection_of_a_record(recid)).\ one() (auth_code, auth_msg) = check_user_can_view_record(current_user, recid) # only superadmins can use verbose parameter for obtaining debug information if not current_user.is_super_admin and 'verbose' in kwargs: kwargs['verbose'] = 0 if auth_code and current_user.is_guest: cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, { 'collection': g.collection.name}) url_args = {'action': cookie, 'ln': g.ln, 'referer': request.url} flash(_("Authorization failure"), 'error') return redirect(url_for('webaccount.login', **url_args)) elif auth_code: flash(auth_msg, 'error') abort(apache.HTTP_UNAUTHORIZED) from invenio.modules.records.api import get_record from invenio.legacy.search_engine import record_exists, get_merged_recid # check if the current record has been deleted # and has been merged, case in which the deleted record # will be redirect to the new one record_status = record_exists(recid) merged_recid = get_merged_recid(recid) if record_status == -1 and merged_recid: return redirect(url_for('record.metadata', recid=merged_recid)) elif record_status == -1: abort(apache.HTTP_GONE) # The record is gone! g.bibrec = Bibrec.query.get(recid) record = get_record(recid) if record is None: return render_template('404.html') title = record.get(cfg.get('RECORDS_BREADCRUMB_TITLE_KEY'), '') # b = [(_('Home'), '')] + collection.breadcrumbs()[1:] # b += [(title, 'record.metadata', dict(recid=recid))] # current_app.config['breadcrumbs_map'][request.endpoint] = b g.record_tab_keys = [] tabs = [] counts = get_detailed_page_tabs_counts(recid) for k, v in iteritems(get_detailed_page_tabs(collection.id, recid, g.ln)): t = {} b = 'record' if k == '': k = 'metadata' if k == 'comments' or k == 'reviews': b = 'comments' if k == 'linkbacks': b = 'weblinkback' k = 'index' t['key'] = b + '.' + k t['count'] = counts.get(k.capitalize(), -1) t.update(v) tabs.append(t) if v['visible']: g.record_tab_keys.append(b+'.'+k) if cfg.get('CFG_WEBLINKBACK_TRACKBACK_ENABLED'): @register_template_context_processor def trackback_context(): from invenio.legacy.weblinkback.templates import get_trackback_auto_discovery_tag return dict(headerLinkbackTrackbackLink=get_trackback_auto_discovery_tag(recid)) def _format_record(recid, of='hd', user_info=current_user, *args, **kwargs): from invenio.modules.formatter import format_record return format_record(recid, of, user_info=user_info, *args, **kwargs) @register_template_context_processor def record_context(): from invenio.modules.comments.api import get_mini_reviews from invenio.legacy.bibdocfile.api import BibRecDocs all_files = [f for f in BibRecDocs(recid, human_readable=True).list_latest_files(list_hidden=False) \ if not f.is_icon()] files = [f for f in all_files if f.is_restricted(current_user)[0] == 0] has_private_files = len(files) < len(all_files) return dict(recid=recid, record=record, tabs=tabs, title=title, get_mini_reviews=get_mini_reviews, collection=collection, format_record=_format_record, has_private_files=has_private_files, files=files ) pre_template_render.send( "%s.%s" % (blueprint.name, f.__name__), recid=recid, ) return f(recid, *args, **kwargs)
def add(self, req, form): """ Add a comment (review) to record with id recid where recid>0 Also works for adding a remark to basket with id recid where recid<-99 @param ln: languange @param recid: record id @param action: 'DISPLAY' to display add form 'SUBMIT' to submit comment once form is filled 'REPLY' to reply to an already existing comment @param msg: the body of the comment/review or remark @param score: star score of the review @param note: title of the review @param comid: comment id, needed for replying @param editor_type: the type of editor used for submitting the comment: 'textarea', 'ckeditor'. @param subscribe: if set, subscribe user to receive email notifications when new comment are added to this discussion @return the full html page. """ argd = wash_urlargd( form, { "action": (str, "DISPLAY"), "msg": (str, ""), "note": (str, ""), "score": (int, 0), "comid": (int, 0), "editor_type": (str, ""), "subscribe": (str, ""), "cookie": (str, ""), }, ) _ = gettext_set_language(argd["ln"]) actions = ["DISPLAY", "REPLY", "SUBMIT"] uid = getUid(req) # Is site ready to accept comments? if uid == -1 or (not CFG_WEBCOMMENT_ALLOW_COMMENTS and not CFG_WEBCOMMENT_ALLOW_REVIEWS): return page_not_authorized(req, "../comments/add", navmenuid="search") # Is user allowed to post comment? user_info = collect_user_info(req) (auth_code_1, auth_msg_1) = check_user_can_view_comments(user_info, self.recid) (auth_code_2, auth_msg_2) = check_user_can_send_comments(user_info, self.recid) if isGuestUser(uid): cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, {"collection": guess_primary_collection_of_a_record(self.recid)} ) # Save user's value in cookie, so that these "POST" # parameters are not lost during login process msg_cookie = mail_cookie_create_common( "comment_msg", { "msg": argd["msg"], "note": argd["note"], "score": argd["score"], "editor_type": argd["editor_type"], "subscribe": argd["subscribe"], }, onetime=True, ) target = ( CFG_SITE_SECURE_URL + "/youraccount/login" + make_canonical_urlargd( { "action": cookie, "ln": argd["ln"], "referer": CFG_SITE_SECURE_URL + user_info["uri"] + "&cookie=" + msg_cookie, }, {}, ) ) return redirect_to_url(req, target, norobot=True) elif auth_code_1 or auth_code_2: return page_not_authorized(req, "../", text=auth_msg_1 + auth_msg_2) if argd["comid"]: # If replying to a comment, are we on a record that # matches the original comment user is replying to? if not check_comment_belongs_to_record(argd["comid"], self.recid): return page_not_authorized(req, "../", text=_("Specified comment does not belong to this record")) # Is user trying to reply to a restricted comment? Make # sure user has access to it. We will then inherit its # restriction for the new comment (auth_code, auth_msg) = check_user_can_view_comment(user_info, argd["comid"]) if auth_code: return page_not_authorized(req, "../", text=_("You do not have access to the specified comment")) # Is user trying to reply to a deleted comment? If so, we # let submitted comment go (to not lose possibly submitted # content, if comment is submitted while original is # deleted), but we "reset" comid to make sure that for # action 'REPLY' the original comment is not included in # the reply if is_comment_deleted(argd["comid"]): argd["comid"] = 0 user_info = collect_user_info(req) can_attach_files = False (auth_code, auth_msg) = check_user_can_attach_file_to_comments(user_info, self.recid) if not auth_code and (user_info["email"] != "guest"): can_attach_files = True warning_msgs = [] # list of warning tuples (warning_text, warning_color) added_files = {} if can_attach_files: # User is allowed to attach files. Process the files file_too_big = False formfields = form.get("commentattachment[]", []) if not hasattr(formfields, "__getitem__"): # A single file was uploaded formfields = [formfields] for formfield in formfields[:CFG_WEBCOMMENT_MAX_ATTACHED_FILES]: if hasattr(formfield, "filename") and formfield.filename: filename = formfield.filename dir_to_open = os.path.join(CFG_TMPSHAREDDIR, "webcomment", str(uid)) try: assert dir_to_open.startswith(CFG_TMPSHAREDDIR) except AssertionError: register_exception( req=req, prefix="User #%s tried to upload file to forbidden location: %s" % (uid, dir_to_open), ) if not os.path.exists(dir_to_open): try: os.makedirs(dir_to_open) except: register_exception(req=req, alert_admin=True) ## Before saving the file to disc, wash the filename ## (in particular washing away UNIX and Windows ## (e.g. DFS) paths): filename = os.path.basename(filename.split("\\")[-1]) filename = filename.strip() if filename != "": # Check that file does not already exist while os.path.exists(os.path.join(dir_to_open, filename)): basedir, name, extension = decompose_file(filename) new_name = propose_next_docname(name) filename = new_name + extension fp = open(os.path.join(dir_to_open, filename), "w") # FIXME: temporary, waiting for wsgi handler to be # fixed. Once done, read chunk by chunk # while formfield.file: # fp.write(formfield.file.read(10240)) fp.write(formfield.file.read()) fp.close() # Isn't this file too big? file_size = os.path.getsize(os.path.join(dir_to_open, filename)) if CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE > 0 and file_size > CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE: os.remove(os.path.join(dir_to_open, filename)) # One file is too big: record that, # dismiss all uploaded files and re-ask to # upload again file_too_big = True try: raise InvenioWebCommentWarning( _( 'The size of file \\"%(x_file)s\\" (%(x_size)s) is larger than maximum allowed file size (%(x_max)s). Select files again.', x_file=cgi.escape(filename), x_size=str(file_size / 1024) + "KB", x_max=str(CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE / 1024) + "KB", ) ) except InvenioWebCommentWarning as exc: register_exception(stream="warning") warning_msgs.append((exc.message, "")) # warning_msgs.append(('WRN_WEBCOMMENT_MAX_FILE_SIZE_REACHED', cgi.escape(filename), str(file_size/1024) + 'KB', str(CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE/1024) + 'KB')) else: added_files[filename] = os.path.join(dir_to_open, filename) if file_too_big: # One file was too big. Removed all uploaded filed for filepath in added_files.items(): try: os.remove(filepath) except: # File was already removed or does not exist? pass client_ip_address = req.remote_ip check_warnings = [] (ok, problem) = check_recID_is_in_range(self.recid, check_warnings, argd["ln"]) if ok: title, description, keywords = websearch_templates.tmpl_record_page_header_content( req, self.recid, argd["ln"] ) navtrail = create_navtrail_links(cc=guess_primary_collection_of_a_record(self.recid)) if navtrail: navtrail += " > " navtrail += '<a class="navtrail" href="%s/%s/%s?ln=%s">' % ( CFG_SITE_URL, CFG_SITE_RECORD, self.recid, argd["ln"], ) navtrail += cgi.escape(title) navtrail += "</a>" navtrail += '> <a class="navtrail" href="%s/%s/%s/%s/?ln=%s">%s</a>' % ( CFG_SITE_URL, CFG_SITE_RECORD, self.recid, self.discussion == 1 and "reviews" or "comments", argd["ln"], self.discussion == 1 and _("Reviews") or _("Comments"), ) if argd["action"] not in actions: argd["action"] = "DISPLAY" if not argd["msg"]: # User had to login in-between, so retrieve msg # from cookie try: (kind, cookie_argd) = mail_cookie_check_common(argd["cookie"], delete=True) argd.update(cookie_argd) except InvenioWebAccessMailCookieDeletedError: return redirect_to_url( req, CFG_SITE_SECURE_URL + "/" + CFG_SITE_RECORD + "/" + str(self.recid) + (self.discussion == 1 and "/reviews" or "/comments"), ) except InvenioWebAccessMailCookieError: # Invalid or empty cookie: continue pass subscribe = False if argd["subscribe"] and get_user_subscription_to_discussion(self.recid, uid) == 0: # User is not already subscribed, and asked to subscribe subscribe = True body = perform_request_add_comment_or_remark( recID=self.recid, ln=argd["ln"], uid=uid, action=argd["action"], msg=argd["msg"], note=argd["note"], score=argd["score"], reviews=self.discussion, comID=argd["comid"], client_ip_address=client_ip_address, editor_type=argd["editor_type"], can_attach_files=can_attach_files, subscribe=subscribe, req=req, attached_files=added_files, warnings=warning_msgs, ) if self.discussion: title = _("Add Review") else: title = _("Add Comment") jqueryheader = """ <script src="%(CFG_SITE_URL)s/vendors/jquery-multifile/jquery.MultiFile.pack.js" type="text/javascript"></script> """ % { "CFG_SITE_URL": CFG_SITE_URL } return page( title=title, body=body, navtrail=navtrail, uid=uid, language=CFG_SITE_LANG, verbose=1, req=req, navmenuid="search", metaheaderadd=jqueryheader, ) # id not in range else: return page(title=_("Record Not Found"), body=problem, uid=uid, verbose=1, req=req, navmenuid="search")
def __call__(self, req, form): argd = wash_search_urlargd(form) argd['recid'] = self.recid argd['tab'] = self.tab # do we really enter here ? if self.format is not None: argd['of'] = self.format req.argd = argd uid = getUid(req) if uid == -1: return page_not_authorized(req, "../", text="You are not authorized to view this record.", navmenuid='search') elif uid > 0: pref = get_user_preferences(uid) try: if 'rg' not in form: # fetch user rg preference only if not overridden via URL argd['rg'] = int(pref['websearch_group_records']) except (KeyError, ValueError): pass user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_record(user_info, self.recid) if argd['rg'] > CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS and acc_authorize_action(req, 'runbibedit')[0] != 0: argd['rg'] = CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS #check if the user has rights to set a high wildcard limit #if not, reduce the limit set by user, with the default one if CFG_WEBSEARCH_WILDCARD_LIMIT > 0 and (argd['wl'] > CFG_WEBSEARCH_WILDCARD_LIMIT or argd['wl'] == 0): if acc_authorize_action(req, 'runbibedit')[0] != 0: argd['wl'] = CFG_WEBSEARCH_WILDCARD_LIMIT # only superadmins can use verbose parameter for obtaining debug information if not isUserSuperAdmin(user_info): argd['verbose'] = 0 if auth_code and user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : guess_primary_collection_of_a_record(self.recid)}) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : CFG_SITE_SECURE_URL + req.unparsed_uri}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text=auth_msg, \ navmenuid='search') from invenio.legacy.search_engine import record_exists, get_merged_recid # check if the current record has been deleted # and has been merged, case in which the deleted record # will be redirect to the new one record_status = record_exists(argd['recid']) merged_recid = get_merged_recid(argd['recid']) if record_status == -1 and merged_recid: url = CFG_SITE_URL + '/' + CFG_SITE_RECORD + '/%s?ln=%s' url %= (str(merged_recid), argd['ln']) redirect_to_url(req, url) elif record_status == -1: req.status = apache.HTTP_GONE ## The record is gone! # mod_python does not like to return [] in case when of=id: out = perform_request_search(req, **argd) if isinstance(out, intbitset): return out.fastdump() elif out == []: return str(out) else: return out
def tmpl_alert_email_body(self, name, description, url, records, pattern, collection_list, frequency, add_to_basket_p): recids_by_collection = {} for recid in records[0]: primary_collection = guess_primary_collection_of_a_record(recid) if primary_collection in collection_list or \ primary_collection == CFG_SITE_NAME: # common case, when the primary coll can not be guessed if primary_collection not in recids_by_collection: recids_by_collection[primary_collection] = [] recids_by_collection[primary_collection].append(recid) else: ancestors = get_coll_ancestors(primary_collection) ancestors.reverse() nancestors = 0 for ancestor in ancestors: nancestors += 1 if ancestor in collection_list: if ancestor not in recids_by_collection: recids_by_collection[ancestor] = [] recids_by_collection[ancestor].append(recid) break elif len(ancestors) == nancestors: if 'None of the above' not in recids_by_collection: recids_by_collection['None of the above'] = [] recids_by_collection['None of the above'].append(recid) collection_list = [coll for coll in recids_by_collection.keys() if coll != 'None of the above'] for external_collection_results in records[1][0]: if external_collection_results[1][0]: collection_list.append(external_collection_results[0]) l = len(collection_list) if l == 0: collections = '' elif l == 1: collections = "collection: %s\n" % collection_list[0] else: collections = "collections: %s\n" % wrap(', '.join(collection_list)) l = len(records[0]) for external_collection_results in records[1][0]: l += len(external_collection_results[1][0]) if l == 1: total = '1 record' else: total = '%d records' % l if pattern: pattern = 'pattern: %s\n' % pattern frequency = {'day': 'daily', 'week': 'weekly', 'month': 'monthly'}[frequency] body = """\ Hello: Below are the results of the email notification alert that was set up with the %(sitename)s. %(description)s This is an automatic message, please don't reply to it. For any question, please use <%(sitesupportemail)s> instead. alert name: %(name)s %(pattern)s%(collections)sfrequency: %(frequency)s run time: %(runtime)s found: %(total)s url: <%(url)s> """ % {'sitesupportemail': CFG_SITE_SUPPORT_EMAIL, 'name': name, 'sitename': CFG_SITE_NAME, 'description': description and '\n' + description + '\n' or '', 'pattern': pattern, 'collections': collections, 'frequency': frequency, 'runtime': time.strftime("%a %Y-%m-%d %H:%M:%S"), 'total': total, 'url': url} index = 0 for collection_recids in recids_by_collection.items(): if collection_recids[0] != 'None of the above': body += "\nCollection: %s\n" % collection_recids[0] for recid in collection_recids[1]: index += 1 body += "\n%i) " % (index) body += self.tmpl_alert_email_record(recid=recid) body += "\n" if index == CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL: break if index == CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL: break if index < CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL: if 'None of the above' in recids_by_collection: if len(recids_by_collection.keys()) > 1: body += "\nNone of the above collections:\n" else: # if the uncategorized collection is the only collection then present # all the records as belonging to CFG_SITE_NAME body += "\nCollection: %s\n" % CFG_SITE_NAME for recid in recids_by_collection['None of the above']: index += 1 body += "\n%i) " % (index) body += self.tmpl_alert_email_record(recid=recid) body += "\n" if index == CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL: break if index < CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL: for external_collection_results in records[1][0]: body += "\nCollection: %s\n" % external_collection_results[0] for recid in external_collection_results[1][0]: index += 1 body += "\n%i) " % (index) # TODO: extend function to accept xml_record! body += self.tmpl_alert_email_record(xml_record=external_collection_results[1][1][recid]) body += "\n" if index == CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL: break if index == CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL: break if l > CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL: body += ''' Only the first %s records were displayed. Please consult the search URL given at the top of this email to see all the results. ''' % (CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL,) if add_to_basket_p: body += ''' Only the first %s records were added to your basket. To manually add more records please consult the search URL as described before. ''' % (CFG_WEBALERT_MAX_NUM_OF_RECORDS_IN_ALERT_EMAIL,) body += ''' -- %s Alert Service <%s> Unsubscribe? See <%s> Need human intervention? Contact <%s> ''' % (CFG_SITE_NAME, CFG_SITE_URL, CFG_SITE_URL + '/youralerts/list', CFG_SITE_SUPPORT_EMAIL) return body
def decorated(recid, *args, **kwargs): from invenio.modules.access.mailcookie import \ mail_cookie_create_authorize_action from invenio.modules.access.local_config import VIEWRESTRCOLL from invenio.legacy.search_engine import \ guess_primary_collection_of_a_record, \ check_user_can_view_record # ensure recid to be integer recid = int(recid) g.collection = collection = Collection.query.filter( Collection.name == guess_primary_collection_of_a_record(recid)).\ one() g.bibrec = Bibrec.query.get(recid) record = get_record(recid) if record is None: return render_template('404.html') (auth_code, auth_msg) = check_user_can_view_record(current_user, recid) # only superadmins can use verbose parameter for obtaining debug # information if not current_user.is_super_admin and 'verbose' in kwargs: kwargs['verbose'] = 0 if auth_code: flash(auth_msg, 'error') abort(apache.HTTP_UNAUTHORIZED) from invenio.legacy.search_engine import record_exists, \ get_merged_recid # check if the current record has been deleted # and has been merged, case in which the deleted record # will be redirect to the new one record_status = record_exists(recid) merged_recid = get_merged_recid(recid) if record_status == -1 and merged_recid: return redirect(url_for('record.metadata', recid=merged_recid)) elif record_status == -1: abort(apache.HTTP_GONE) # The record is gone! title = record.get(cfg.get('RECORDS_BREADCRUMB_TITLE_KEY'), '') tabs = [] if cfg.get('CFG_WEBLINKBACK_TRACKBACK_ENABLED'): @register_template_context_processor def trackback_context(): from invenio.legacy.weblinkback.templates import \ get_trackback_auto_discovery_tag return { 'headerLinkbackTrackbackLink': get_trackback_auto_discovery_tag(recid) } def _format_record(recid, of='hd', user_info=current_user, *args, **kwargs): from invenio.modules.formatter import format_record return format_record(recid, of, user_info=user_info, *args, **kwargs) @register_template_context_processor def record_context(): from invenio.modules.comments.api import get_mini_reviews return dict(recid=recid, record=record, tabs=tabs, title=title, get_mini_reviews=get_mini_reviews, collection=collection, format_record=_format_record) pre_template_render.send( "%s.%s" % (blueprint.name, f.__name__), recid=recid, ) return f(recid, *args, **kwargs)
def _get(self, req, form): """ Returns a file attached to a comment. Example: CFG_SITE_URL/CFG_SITE_RECORD/5953/comments/attachments/get/652/myfile.pdf where 652 is the comment ID """ argd = wash_urlargd(form, {"file": (str, None), "comid": (int, 0)}) _ = gettext_set_language(argd["ln"]) # Can user view this record, i.e. can user access its # attachments? uid = getUid(req) user_info = collect_user_info(req) # Check that user can view record, and its comments (protected # with action "viewcomment") (auth_code, auth_msg) = check_user_can_view_comments(user_info, self.recid) if auth_code and user_info["email"] == "guest": cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, {"collection": guess_primary_collection_of_a_record(self.recid)} ) target = ( CFG_SITE_SECURE_URL + "/youraccount/login" + make_canonical_urlargd( {"action": cookie, "ln": argd["ln"], "referer": CFG_SITE_SECURE_URL + user_info["uri"]}, {} ) ) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", text=auth_msg) # Does comment exist? if not query_get_comment(argd["comid"]): req.status = apache.HTTP_NOT_FOUND return page(title=_("Page Not Found"), body=_("The requested comment could not be found"), req=req) # Check that user can view this particular comment, protected # using its own restriction (auth_code, auth_msg) = check_user_can_view_comment(user_info, argd["comid"]) if auth_code and user_info["email"] == "guest": cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, {"collection": guess_primary_collection_of_a_record(self.recid)} ) target = ( CFG_SITE_SECURE_URL + "/youraccount/login" + make_canonical_urlargd( {"action": cookie, "ln": argd["ln"], "referer": CFG_SITE_SECURE_URL + user_info["uri"]}, {} ) ) return redirect_to_url(req, target) elif auth_code: return page_not_authorized(req, "../", text=auth_msg, ln=argd["ln"]) # Check that comment is not currently deleted if is_comment_deleted(argd["comid"]): return page_not_authorized( req, "../", text=_("You cannot access files of a deleted comment"), ln=argd["ln"] ) if not argd["file"] is None: # Prepare path to file on disk. Normalize the path so that # ../ and other dangerous components are removed. path = os.path.abspath( CFG_PREFIX + "/var/data/comments/" + str(self.recid) + "/" + str(argd["comid"]) + "/" + argd["file"] ) # Check that we are really accessing attachements # directory, for the declared record. if path.startswith(CFG_PREFIX + "/var/data/comments/" + str(self.recid)) and os.path.exists(path): return stream_file(req, path) # Send error 404 in all other cases req.status = apache.HTTP_NOT_FOUND return page( title=_("Page Not Found"), body=_("The requested file could not be found"), req=req, language=argd["ln"] )
def decorated(recid, *args, **kwargs): from invenio.modules.access.mailcookie import mail_cookie_create_authorize_action from invenio.modules.access.local_config import VIEWRESTRCOLL from invenio.legacy.search_engine import guess_primary_collection_of_a_record, check_user_can_view_record # ensure recid to be integer recid = int(recid) g.collection = collection = Collection.query.filter( Collection.name == guess_primary_collection_of_a_record(recid) ).one() (auth_code, auth_msg) = check_user_can_view_record(current_user, recid) # only superadmins can use verbose parameter for obtaining debug # information if not current_user.is_super_admin and "verbose" in kwargs: kwargs["verbose"] = 0 if auth_code and current_user.is_guest: cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {"collection": g.collection.name}) url_args = {"action": cookie, "ln": g.ln, "referer": request.url} flash(_("Authorization failure"), "error") return redirect(url_for("webaccount.login", **url_args)) elif auth_code: flash(auth_msg, "error") abort(apache.HTTP_UNAUTHORIZED) from invenio.legacy.search_engine import record_exists, get_merged_recid # check if the current record has been deleted # and has been merged, case in which the deleted record # will be redirect to the new one record_status = record_exists(recid) merged_recid = get_merged_recid(recid) if record_status == -1 and merged_recid: return redirect(url_for("record.metadata", recid=merged_recid)) elif record_status == -1: abort(apache.HTTP_GONE) # The record is gone! g.bibrec = Bibrec.query.get(recid) record = get_record(recid) if record is None: return render_template("404.html") title = record.get(cfg.get("RECORDS_BREADCRUMB_TITLE_KEY"), "") tabs = [] if cfg.get("CFG_WEBLINKBACK_TRACKBACK_ENABLED"): @register_template_context_processor def trackback_context(): from invenio.legacy.weblinkback.templates import get_trackback_auto_discovery_tag return {"headerLinkbackTrackbackLink": get_trackback_auto_discovery_tag(recid)} def _format_record(recid, of="hd", user_info=current_user, *args, **kwargs): from invenio.modules.formatter import format_record return format_record(recid, of, user_info=user_info, *args, **kwargs) @register_template_context_processor def record_context(): from invenio.modules.comments.api import get_mini_reviews return dict( recid=recid, record=record, tabs=tabs, title=title, get_mini_reviews=get_mini_reviews, collection=collection, format_record=_format_record, ) pre_template_render.send("%s.%s" % (blueprint.name, f.__name__), recid=recid) return f(recid, *args, **kwargs)