def admin_articles(req): check_login(req) match_right(req, module_rights) show = req.args.getfirst('show', '', uni) pager = Pager(sort='desc') pager.bind(req.args) kwargs = {} if show == 'ready': pager.set_params(show=show) kwargs['state'] = 2 kwargs['public_date'] = 0 elif show == 'drafts': pager.set_params(show=show) kwargs['state'] = 1 else: show = None if not do_check_right(req, right_editor): kwargs['author_id'] = req.login.id items = Article.list(req, pager, **kwargs) return generate_page(req, "admin/articles.html", pager=pager, items=items, show=show)
def admin_pages_mod(req, id): """Edit page could: * author of page, if still have pages_author right * admin with pages_modify right * admin with pages_listall right and right which must have page too """ check_login(req) match_right(req, module_rights) token = do_create_token(req, '/admin/pages/%d' % id) page = Page(id) if (not do_check_right(req, 'pages_modify')) \ and (not page.check_right(req)): raise SERVER_RETURN(state.HTTP_FORBIDDEN) if req.method == 'POST': check_token(req, req.form.get('token')) page.bind(req.form) error = page.mod(req) if error: return generate_page(req, "admin/pages_mod.html", token=token, page=page, rights=rights, error=error, extra_rights=req.cfg.pages_extra_rights) # endif if not page.get(req): raise SERVER_RETURN(state.HTTP_NOT_FOUND) return generate_page(req, "admin/pages_mod.html", token=token, page=page, rights=rights, extra_rights=req.cfg.pages_extra_rights)
def admin_articles_mod(req, id): check_login(req) match_right(req, module_rights) article = Article(id) if not article.get(req): raise SERVER_RETURN(state.HTTP_NOT_FOUND) if (not do_check_right(req, right_editor) and article.author_id != req.login.id): raise SERVER_RETURN(state.HTTP_FORBIDDEN) Codebook = build_class('tags') pager = Pager(order='value', limit=-1) tags = Codebook.list(req, Codebook, pager) if req.method == 'POST': article.bind(req.form) error = article.mod(req) if error != article: return generate_page(req, "admin/articles_mod.html", article=article, error=error) if not article.get(req): raise SERVER_RETURN(state.HTTP_NOT_FOUND) return generate_page(req, "admin/articles_mod.html", article=article, token=create_token(req), tags=tags)
def articles_remove_tag(req, id, tag_id): check_login(req) match_right(req, module_rights) check_token(req, req.form.get('token'), uri='/admin/articles/%d' % id) article = Article(id) article.remove_tag(req, tag_id) req.content_type = 'application/json' return '{}'
def attachments_detach(req, object_type, object_id, path, webid): check_login(req) match_right(req, [R_ADMIN, 'attachments_author']) check_origin(req) attachment = Attachment(Attachment.web_to_id(webid)) attachment.detach(req, object_type, object_id) if attachment.delete(req) is None: raise SERVER_RETURN(state.HTTP_NOT_FOUND) return js_items(req, object_type=object_type, object_id=object_id)
def admin_attachments_images_thumb_check(req): check_login(req) match_right(req, [R_ADMIN, 'attachments_modify']) check_referer(req, '/admin/attachments') job = Job(path=req.uri) req.content_type = 'application/json' if job.get(req): req.status = state.HTTP_CREATED return json.dumps(job.data) return '{}' # job not found, so it could be run again
def articles_append_tag(req, id, tag_id): check_login(req) match_right(req, module_rights) check_token(req, req.form.get('token'), uri='/admin/articles/%d' % id) article = Article(id) if not article.append_tag(req, tag_id): return send_json(req, {'reason': 'integrity_error'}) req.content_type = 'application/json' return '{}'
def admin_attachments_images_thumb(req): check_login(req) match_right(req, [R_ADMIN, 'attachments_modify']) check_origin(req) # job must be singleton pid, status = run_job(req, req.uri, thumb_images, True) req.content_type = 'application/json' if not status: req.status = state.HTTP_NOT_ACCEPTABLE return '{}' req.status = state.HTTP_CREATED return json.dumps({'pid': pid})
def admin_attachments_add_update(req, id=None): check_login(req) match_right(req, [R_ADMIN, 'attachments_author']) check_origin(req) attachment = Attachment() attachment.bind(req.form, req.login.id) status = attachment.add(req) if not status == attachment: req.status = state.HTTP_BAD_REQUEST req.content_type = 'application/json' return json.dumps({'reason': Attachment.error(status)}) req.content_type = 'application/json' return json.dumps({'attachment': attachment.dumps()})
def admin_pages(req): check_login(req) match_right(req, module_rights) error = req.args.getfirst('error', 0, int) pager = Pager() pager.bind(req.args) if not do_match_right(req, ('pages_modify', 'pages_listall')): rows = Page.list(req, pager, author_id=req.login.id) else: rows = Page.list(req, pager) return generate_page(req, "admin/pages.html", token=do_create_token(req, '/admin/pages'), pager=pager, rows=rows, error=error)
def admin_pages_del(req, id): """ Delete page, could: * author of page if have still pages_author right * admin with pages_modify """ check_login(req, '/log_in?referer=/admin/pages') match_right(req, ('pages_author', 'pages_modify')) check_token(req, req.form.get('token')) page = Page(id) if not page.check_right(req): raise SERVER_RETURN(state.HTTP_FORBIDDEN) page.delete(req) # TODO: redirect to same page redirect(req, '/admin/pages?error=%d' % SUCCESS)
def admin_articles_add(req): check_login(req) match_right(req, module_rights) article = Article() if req.method == 'POST': article.bind(req.form, req.login.id) error = article.add(req) if error: return generate_page(req, "admin/articles_mod.html", article=article, error=error) redirect(req, '/admin/articles/%d' % article.id) # end article.state = 2 if do_check_right(req, right_editor) else 1 return generate_page(req, "admin/articles_mod.html", article=article)
def admin_articles_enable(req, id): check_login(req, '/log_in?referer=/admin/articles') match_right(req, module_rights) check_referer(req, '/admin/articles') article = Article(id) if not article.get(req): raise SERVER_RETURN(state.HTTP_NOT_FOUND) if (not do_check_right(req, right_editor)) \ and (not (article.author_id == req.login.id and article.public_date.year == 1970)): raise SERVER_RETURN(state.HTTP_FORBIDDEN) n_state = int(req.uri.endswith('/enable')) n_state = (n_state * 2) if article.public_date.year > 1970 else n_state article.set_state(req, n_state) redirect(req, '/admin/articles')
def admin_pagse_add(req): check_login(req) match_right(req, ('pages_author', 'pages_modify')) token = do_create_token(req, '/admin/pages/add') if req.method == 'POST': check_token(req, req.form.get('token')) page = Page() page.bind(req.form, req.login.id) error = page.add(req) if error: return generate_page(req, "admin/pages_mod.html", token=token, rights=rights, page=page, error=error) redirect(req, '/admin/pages/%d' % page.id) # end return generate_page(req, "admin/pages_mod.html", token=token, rights=rights)
def admin_pages_rst(req): check_login(req) match_right(req, module_rights) return check_rst(req)
def articles_tags(req, id): check_login(req) match_right(req, module_rights) return send_json(req, {'tags': Article.tags(req, id)}, cls=ObjectEncoder)
def attachments_view_not(req, object_type, object_id): check_login(req) match_right(req, [R_ADMIN, 'attachments_author']) check_origin(req) return js_items(req, object_type=object_type, object_id=object_id, NOT=True)