def post(self): if not self.user.is_super_admin: raise HttpErrorException.not_found() if self.json_request.get('clear_indexes'): orgs = Organization.query().fetch() for org in orgs: indexes = org.get_indexes() for index in indexes: ttindex.clear_index(index) users = User.query(User.organization == None).fetch() for user in users: indexes = user.get_indexes() for index in indexes: ttindex.clear_index(index) project_ids = self.json_request.get('project_ids') if project_ids: if project_ids == 'all': self.project_keys = Project.query().fetch(keys_only=True) else: if type(project_ids) is not list: raise HttpErrorException.bad_request( 'project ids must be list') for pro_id in project_ids: pro = Project.get_by_id(pro_id) if not pro: raise HttpErrorException.bad_request( 'invalid project id given: ' + str(pro_id)) self.project_keys.append(pro.key) t = background_thread.BackgroundThread(target=self.index_project) t.start()
def post(self, project_id=None): self.get_channel_token() if not project_id and not Project.valid_id(project_id): raise HttpErrorException.bad_request('no project id') self.project = Project.get_by_id(project_id) if not self.project: raise HttpErrorException.bad_request('invalid project id') self.get_analytic_session() if self.json_request.get('permission'): self._add_perm() if not self.json_request.get('permission') and self.json_request.get( 'group_id'): self._rm_perm() if self.json_request.get('remove_group'): self._remove_group() if self.json_request.get('add_attribute'): self._add_attribute() if self.json_request.get('title'): self._set_title() if self.json_request.get('up_vote'): self._up_vote() if self.json_request.get('down_vote'): self._down_vote() if self.json_request.get('shared'): self._shared() self.project.pw_modified_ts = datetime.datetime.now() self.project.put() self.user.put() self.write_json_response(self.project.to_dict(self.user))
def delete(self, project_id=None): if self.request.get('token_id') is None: raise HttpErrorException.bad_request('no token id') self.user.current_token_id = self.request.get('token_id') if not project_id and not Project.valid_id(project_id): raise HttpErrorException.bad_request('no project id') project = Project.get_by_id(project_id) if not project: raise HttpErrorException.bad_request('invaild project id') if not project.has_permission_delete(self.user): raise HttpErrorException.forbidden() trans = Transaction(action='pro_del', user=self.user.key, artifact=project.key, project=project.key) trans.put() self.get_channel_token() channel_tokens = ChannelToken.get_by_project_key( project.key, self.user_channel_token) channel_tokens = ChannelToken.remove_unauthorized_users( channel_tokens, [project]) message = { 'user': self.get_user_channel_data(), 'transaction': trans.to_dict(self.user) } ChannelToken.broadcast_message(channel_tokens, message) project.delete(self.user)
def get(self): if not self.request.get('project', None): raise HttpErrorException.bad_request('invalid project id') project = Project.get_by_id(self.request.get('project')) if not project: raise HttpErrorException.bad_request('invalid project id') channel_id = server.create_uuid() client_auth_token = auth.create_custom_token(self.user.key.id()) color = self.get_previous_color(project) if not color: color = ChannelToken.generate_color() channel_token = ChannelToken( key=ChannelToken.create_key(channel_id), project=project.key, user=self.user.key, color=color, ) channel_token.set_status(True) channel_token.send_message({'channel_op': 'ping'}) channel_token.put() self.write_json_response({ 'channel_id': channel_id, 'auth_token': client_auth_token, })
def get(self): if self.json_request.get('project') is None: raise HttpErrorException.bad_request('invalid project id') project = Project.get_by_id(self.json_request.get('project')) if not project: raise HttpErrorException.bad_request('invalid project id') if self.json_request.get('document') is None: raise HttpErrorException.bad_request('invalid document id') document = Document.get_by_id(self.json_request.get('document')) if not document: raise HttpErrorException.bad_request('invalid document id') if not document.has_permission_read(self.user): raise HttpErrorException.forbidden() try: limit = int(self.request.get('limit', 30)) except ValueError: raise HttpErrorException.bad_request('limit must be int') try: before_date = int(self.request.get('before_date', 0)) except ValueError: raise HttpErrorException.bad_request('before_date must be int') if limit > 100: limit = 100 if before_date and before_date > 0: before_date = datetime.fromtimestamp(before_date / 1000.0) chat_query = ChatMessage.query( ndb.AND(ChatMessage.project == project.key, ChatMessage.document == document.key, ChatMessage.created_ts < before_date)) else: chat_query = ChatMessage.query( ndb.AND(ChatMessage.project == project.key, ChatMessage.document == document.key)) chat_messages = chat_query.order( ChatMessage.created_ts).fetch(limit=limit) chat_messages_dict = [] for chat in chat_messages: chat_messages_dict.append(chat.to_dict()) self.write_json_response(chat_messages_dict)
def post(self, project, concept, action): project = Project.get_by_id(project) if not project: raise HttpErrorException.bad_request('invalid project id') concept = Concept.get_by_id(concept) if not concept: raise HttpErrorException.bad_request('invalid concept id') if action.rstrip() == '' or not Analytics.is_valid_action(action): raise HttpErrorException.bad_request('invalid action') self.get_analytic_session() concept.record_analytic(action, self.analytic_session, project=project.key)
def get(self, selected_phrasing_id=None): selected_phrasing_dict = {} q = SelectedPhrasing.query() if self.request.get('project_id').strip() != '': q = q.filter(SelectedPhrasing.project == Project.get_by_id( self.request.get('project_id').strip()).key) if self.request.get('document_id').strip() != '': q = q.filter(SelectedPhrasing.document == Document.get_by_id( self.request.get('document_id').strip()).key) if self.request.get('phrasing_id').strip() != '': q = q.filter(SelectedPhrasing.phrasing == Phrasing.get_by_id( self.request.get('phrasing_id').strip()).key) for phrase in q.iter(): phrase_dict = phrase.to_dict() selected_phrasing_dict[phrase.key.id()] = phrase_dict self.write_json_response(selected_phrasing_dict)
def post(self): if self.json_request.get('project') is None: raise HttpErrorException.bad_request('invalid project id') project = Project.get_by_id(self.json_request.get('project')) if not project: raise HttpErrorException.bad_request('invalid project id') if self.json_request.get('document') is None: raise HttpErrorException.bad_request('invalid document id') document = Document.get_by_id(self.json_request.get('document')) if not document: raise HttpErrorException.bad_request('invalid document id') if not document.has_permission_read(self.user): raise HttpErrorException.forbidden() msg = self.json_request.get('msg') if not msg or msg.strip() == '': raise HttpErrorException.bad_request('no message given') chat = ChatMessage(key=ChatMessage.create_key(), project=project.key, document=document.key, user=self.user.key, message=msg) chat.put() self.get_channel_token() channel_tokens = ChannelToken.get_by_project_key( project.key, self.user_channel_token) channel_tokens = ChannelToken.remove_unauthorized_users( channel_tokens, [project, document]) message = { 'user': self.get_user_channel_data(), 'chat': chat.to_dict() } ChannelToken.broadcast_message(channel_tokens, message)
def get(self, project_id=None): if project_id: if not Project.valid_id(project_id): raise HttpErrorException.bad_request('invalid project id') self.project = Project.get_by_id(project_id) if not self.project: raise HttpErrorException.bad_request('invalid project id') if not self.project.has_permission_read(self.user): lr = tt_logging.construct_log( msg_short= 'User does not have permission to access this project', log_type=tt_logging.SECURITY, request=self.request, artifact=self.project, request_user=self.user) log.info(lr['dict_msg']['msg'], extra=lr) self.redirect('/', abort=True) self._serve_page() elif self.request.get('type') == 'json': self._serve_json()
def get(self): if not self.request.get('project', None): raise HttpErrorException.bad_request('invalid project id') project = Project.get_by_id(self.request.get('project')) if not project: raise HttpErrorException.bad_request('invalid project id') self.get_user_channel_data() channel_tokens = ChannelToken.get_by_project_key( project.key, self.user_channel_token) channel_tokens_list = [] for channel_token in channel_tokens: user = channel_token.user.get() if channel_token: channel_tokens_list.append({ 'username': user.username, 'display_name': user.display_name, 'channel_id': channel_token.id, 'link_id': channel_token.link_id, 'color': channel_token.color, 'concept': channel_token.concept.id() if channel_token.concept else '', 'document': channel_token.document.id() if channel_token.document else '', }) self.write_json_response(channel_tokens_list) self.ping_test(project)
def put(self): pro = Project.get_by_id(self.json_request.get('project', 'none')) if not pro: raise HttpErrorException.bad_request('invalid project id') doc = Document.get_by_id(self.json_request.get('document', 'none')) if not doc: raise HttpErrorException.bad_request('invalid document id') if not doc.has_permission_write(self.user): raise HttpErrorException.forbidden() if doc.key != pro.distilled_document and doc.key not in pro.documents: raise HttpErrorException.bad_request( 'document does not belong to project') pres_doc = PresentationDocument(key=PresentationDocument.create_key(), project=pro.key, document=doc.key) doc.presentation_document = pres_doc.key pro.pw_modified_ts = datetime.datetime.now() ndb.put_multi([pres_doc, doc, pro]) self.write_json_response(pres_doc.to_dict())
def put(self, document_id=None): if not self.json_request.get('project') and not Project.valid_id( self.json_request.get('project')): raise HttpErrorException.bad_request('invalid project id') pro = Project.get_by_id(self.json_request.get('project')) if not pro: raise HttpErrorException.bad_request('invalid project id') if not pro.has_permission_read(self.user): raise HttpErrorException.forbidden() if not self.json_request.get('title'): raise HttpErrorException.bad_request('invalid title') doc = Document(key=Document.create_key()) doc.project = pro.key doc.title = self.json_request.get('title') doc.subtitle = self.json_request.get('subtitle') doc.author = self.json_request.get('author') doc.version = self.json_request.get('version') doc.date = self.json_request.get('date') doc.copyright_text = self.json_request.get('copyright') doc.description = self.json_request.get('description') doc.owner.append(self.user.key) doc_perm = Permission(permissions=Permission.init_perm_struct( Document.operations_list), key=Permission.create_key(), project=pro.key) doc_perm.artifact = doc.key doc_perm.put() doc.permissions = doc_perm.key if self.user.in_org(): doc.organization = self.user.organization doc.parent_perms = [ pro.permissions, pro.distilled_document.get().permissions ] doc.put() pro.documents.append(doc.key) indexes = self.user.get_put_index() doc.index(indexes) pro.pw_modified_ts = datetime.datetime.now() pro.put() self.write_json_response(doc.to_dict(self.user)) action_data = {'document': doc.to_dict(self.user)} trans = Transaction(action='doc_new', user=self.user.key, artifact=doc.key, project=pro.key, action_data=action_data) trans.put() self.get_channel_token() channel_tokens = ChannelToken.get_by_project_key( pro.key, self.user_channel_token) channel_tokens = ChannelToken.remove_unauthorized_users( channel_tokens, [doc]) for channel_token in channel_tokens: trans.action_data['document'] = doc.to_dict( channel_token.user.get()) message = { 'user': self.get_user_channel_data(), 'transaction': trans.to_dict(self.user) } ChannelToken.broadcast_message([channel_token], message)
def get(self, project, document, group): if not project: raise HttpErrorException.bad_request('invalid project given') project = Project.get_by_id(project) if not project: raise HttpErrorException.bad_request('invalid project given') if not project.has_permission_read(self.user): raise HttpErrorException.forbidden() if not document: raise HttpErrorException.bad_request('invalid document given') document = Document.get_by_id(document) if not document: raise HttpErrorException.bad_request('invalid document given') if not document.has_permission_read(self.user): raise HttpErrorException.forbidden() if not group: raise HttpErrorException.bad_request('invalid group given') group = Group.get_by_id(group) if not group: raise HttpErrorException.bad_request('invalid group given') if document.key not in project.documents and document.key != project.distilled_document: raise HttpErrorException.bad_request( 'document does not belong to project') temp_user = User() temp_user.groups = [group.key, Group.get_worldshare().key] org = self.user.organization if self.user.organization else None if org: temp_user.organization = org if not document.has_permission_read(temp_user): raise HttpErrorException.bad_request( 'Group does not have permission to read the document') pubs = document.get_presentation_published(group=group) version_int = PublishDocument.get_largest_version(pubs) if version_int is None: version_int = 1 else: version_int += 1 version = self.request.get('version', str(version_int)) if version == 'latest': raise HttpErrorException.bad_request('invalid version given') for pub in pubs: if pub.version == version: raise HttpErrorException.bad_request( 'version name already taken') try: slide_count = int(self.request.get('slide_count', 15)) except ValueError: raise HttpErrorException.bad_request( 'invalid slide count, must be integer') if slide_count < 1: raise HttpErrorException.bad_request( 'invalid slide_count given min 1') if slide_count > 100: raise HttpErrorException.bad_request( 'invalid slide_count given max 100') try: min_bullet = int(self.request.get('min_bullet', 4)) except ValueError: raise HttpErrorException.bad_request( 'invalid min bullet, must be integer') if min_bullet < 1: raise HttpErrorException.bad_request( 'invalid min_bullet given min 1') if min_bullet > 15: raise HttpErrorException.bad_request( 'invalid min_bullet given max 15') try: max_bullet = int(self.request.get('max_bullet', 6)) except ValueError: raise HttpErrorException.bad_request( 'invalid max bullet, must be integer') if max_bullet < 1: raise HttpErrorException.bad_request( 'invalid max_bullet given min 1') if max_bullet > 15: raise HttpErrorException.bad_request( 'invalid max_bullet given max 15') if min_bullet > max_bullet: raise HttpErrorException.bad_request( 'min_bullet can not be greater than max_bullet') publisher = PresentationPublisherThread() publisher.id = server.create_uuid() publisher.request = self publisher.project = project publisher.document = document publisher.slide_count = slide_count publisher.min_bullet = min_bullet publisher.max_bullet = max_bullet publisher.group = group publisher.user = self.user publisher.version = version if publisher.is_lock(): raise HttpErrorException.bad_request('publisher already running') publisher.start() self.write_json_response({'id': publisher.id}) self.get_analytic_session() document.record_analytic('pres_publish', self.analytic_session, project=project.key)
def get(self, project, document, group): if not project: raise HttpErrorException.bad_request('invalid project given') project = Project.get_by_id(project) if not project: raise HttpErrorException.bad_request('invalid project given') if not project.has_permission_read(self.user): raise HttpErrorException.forbidden() if not document: raise HttpErrorException.bad_request('invalid document given') document = Document.get_by_id(document) if not document: raise HttpErrorException.bad_request('invalid document given') if not document.has_permission_read(self.user): raise HttpErrorException.forbidden() if not group: raise HttpErrorException.bad_request('invalid group given') group = Group.get_by_id(group) if not group: raise HttpErrorException.bad_request('invalid group given') temp_user = User() temp_user.groups = [group.key, Group.get_worldshare().key] org = self.user.organization if self.user.organization else None if org: temp_user.organization = org if not document.has_permission_read(temp_user): raise HttpErrorException.bad_request( 'Group does not have permission to read the document') if document.key not in project.documents and document.key != project.distilled_document: raise HttpErrorException.bad_request( 'document does not belong to project') pubs = document.get_published(group=group) version_int = PublishDocument.get_largest_version(pubs) if version_int is None: version_int = 1 else: version_int += 1 version = self.request.get('version', str(version_int)) if version == 'latest': raise HttpErrorException.bad_request('invalid version given') pubs = document.get_published(group=group) for pub in pubs: if pub.version == version: raise HttpErrorException.bad_request( 'version name already taken') publisher = DocumentPublisherThread() publisher.id = server.create_uuid() publisher.request = self publisher.project = project publisher.document = document publisher.group = group publisher.user = self.user publisher.version = version if publisher.is_lock(): raise HttpErrorException.bad_request('publisher already running') publisher.start() self.write_json_response({'id': publisher.id}) self.get_analytic_session() document.record_analytic('doc_publish', self.analytic_session, project=project.key)
def _serve_project_json(self): depth = 0 if self.request.get('depth').strip() != '': depth = self._to_int(self.request.get('depth')) if self.request.get('project_id').strip() != '': project = Project.get_by_id(self.request.get('project_id').strip()) if not project.has_permission_read(self.user): lr = tt_logging.construct_log( msg_short= 'User does not have permission to access this project', log_type=tt_logging.SECURITY, request=self.request, artifact=project, request_user=self.user) log.info(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.forbidden() project_dict = project.to_dict( depth, self.user, get_treeview=self.request.get('get_treeview')) else: q = Project.query(Project.owner == self.user.key) projects = [] for results in q.iter(): if results.has_permission_read(self.user): projects.append(results) groups = ndb.get_multi(self.user.groups) for group in groups: pros = ndb.get_multi(group.artifacts) index = 0 for pro in pros: if pro is None: group.artifacts.remove(group.artifacts[index]) lr = tt_logging.construct_log( msg_short='Found Broken Project Key', msg= 'Found broken project key (%s) in group artifact list' '\n Key has been removed' % group.artifacts[index], log_type=tt_logging.SECURITY, request=self.request, request_user=self.user) log.info(lr['dict_msg']['msg'], extra=lr) if pro.has_permission_read(self.user): if pro not in projects: projects.append(pro) index += 1 project_dict = [] for project in projects: project_dict.append(project.to_dict(self.user)) self.write_json_response(project_dict)
def post(self): query_dict = self.json_request.get('query') if not query_dict: raise HttpErrorException.bad_request('no query given') if not query_dict['pro']: raise HttpErrorException.bad_request('no project id given') project = Project.get_by_id(query_dict['pro']) if not project: raise HttpErrorException.bad_request('invalid project id given') if not project.has_permission(self.user, 'read'): raise HttpErrorException.forbidden() index = project.get_indexes(create_new=False) self.get_analytic_session() query_string = 'pro=%s typ=(phr OR anno_reply) (reply=(%s) OR phr=(%s))' % ( project.key.id(), query_dict.get('string', ''), query_dict.get('string', '')) if index is not None and len(index) > 0: search_results = ttindex.ttsearch(index, query_string, limit=1000, use_cursor=False, user=self.user) concepts = [] concept_ids = [] while len(concepts) < 20 and search_results is not None: for sr in search_results: if sr['fields']['con'] not in concept_ids: concept_ids.append(sr['fields']['con']) if sr['fields']['typ'] == 'phr': concept = Concept.get_by_id(sr['fields']['con']) phrasing = Phrasing.get_by_id(sr['id']) if concept.has_permission_read( self.user ) and phrasing.has_permission_read(self.user): concepts.append({ 'con_id': sr['fields']['con'], 'phr_text': sr['fields']['phr'] }) elif sr['fields']['typ'] == 'anno_reply': concept = Concept.get_by_id(sr['fields']['con']) document = Document.get_by_id(sr['fields']['doc']) if concept.has_permission_read(self.user) and \ document.has_permission_read(self.user) and \ document.has_permission_annotation_read(self.user): concepts.append({ 'con_id': sr['fields']['con'], 'phr_text': sr['fields']['reply'] }) if len(concepts) >= 20: break else: search_results = ttindex.ttsearch(index, query_dict, limit=1000, user=self.user) self.write_json_response({'concepts': concepts}) else: self.write_json_response({'concepts': ''}) project.record_analytic('pro_search', self.analytic_session, meta_data={'sch_query': str(query_dict)})