def get(self, organization=None): if not self.user.is_admin: raise HttpErrorException.forbidden() temp_data = { 'user': { 'display_name': self.user.display_name, 'super_admin': self.user.is_super_admin, }, 'org': False, 'org_json': None, } if not self.user.is_org_admin or (self.user.is_super_admin and organization is not None): if not organization: raise HttpErrorException.forbidden() org = Organization.get_by_id(organization) if not org: raise HttpErrorException.bad_request('invalid organization id') if not self.user.is_super_admin and self.user.organization != org.key: raise HttpErrorException.forbidden() temp_data['org'] = True temp_data['org_id'] = org.key.id() temp_data['org_json'] = json.dumps(org.to_dict()) groups = org.get_all_groups() groups += org.get_all_hidden_groups() temp_data['groups'] = json.dumps(groups) template_index = JINJA_ENVIRONMENT.get_template( 'admin_panel/index.html') self.response.write(template_index.render(temp_data))
def get(self, organization=None): if not self.user.is_admin: raise HttpErrorException.forbidden() if self.user.is_super_admin and not organization: users = User.query(User.organization == None).fetch() users_dicts = [] for user in users: users_dicts.append(user.to_dict()) self.write_json_response(users_dicts) else: org = Organization.get_by_id(organization) if not org: raise HttpErrorException.bad_request('invalid org id') if not self.user.is_super_admin and self.user.organization != org.key: raise HttpErrorException.forbidden() if self.request.get('username', None): user = User.get_by_id(self.request.get('username')) if not user: raise HttpErrorException.bad_request('invalid username') self.write_json_response(user.to_dict()) else: users = User.query(User.organization == org.key).fetch() users_dicts = [] for user in users: users_dicts.append(user.to_dict()) self.write_json_response(users_dicts)
def get_publish(self, document, group): document = Document.get_by_id(document) if not document: raise HttpErrorException.bad_request('invalid document id') if not document.has_permission_read(self.user): raise HttpErrorException.forbidden() group = Group.get_by_id(group) if not group: raise HttpErrorException.bad_request('invalid group id') self.project = document.project.get() version = self.request.get('v', 'latest') pub = PublishDocument.get(document, group, version) if not pub: raise HttpErrorException.not_found() if pub.group not in self.user.groups and pub.group != Group.get_worldshare_key( ): raise HttpErrorException.forbidden() self._create_analytic_session() self.project.record_analytic('pro_opn', self.analytic_session) template_index = JINJA_ENVIRONMENT.get_template('document_public.html') return template_index.render({ 'title': self.project.title, 'version': pub.version, 'created_at': pub.created_ts, 'published_to': pub.group.get().name, 'an_token': self.analytic_session.key.id(), 'project_id': self.project.id, 'html': pub.html, })
def _up_vote(self): if not self.project.has_permission_write(self.user): raise HttpErrorException.forbidden() vote_changed = True pvote = self.project.get_user_vote(self.user) # If there is no previous vote, they can vote up or down if pvote is None: self.project.project_score += 1 uvote = ProjectUserVotes(project=self.project.key, user=self.user.key, direction='up') uvote.put() # If there was a previous vote and its down. We remove their vote, otherwise they are trying # to vote up again and we disallow that. elif pvote is not None and pvote.direction == 'down': self.project.project_score += 1 pvote.key.delete() else: vote_changed = False if vote_changed: cost = spectra.calculate_cost('pro_up_vote', user=self.user, artifact=self.project) if not spectra.has_sufficient_points(cost, self.user): raise HttpErrorException.forbidden() self.user.sub_spectra_cost(cost) action_data = {'project_score': self.project.project_score} trans = Transaction(action='pro_up_vote', user=self.user.key, artifact=self.project.key, project=self.project.key, action_data=action_data) trans.put() self.get_channel_token() channel_tokens = ChannelToken.get_by_project_key( self.project.key, self.user_channel_token) channel_tokens = ChannelToken.remove_unauthorized_users( channel_tokens, [self.project]) message = { 'user': self.get_user_channel_data(), 'transaction': trans.to_dict(self.user) } ChannelToken.broadcast_message(channel_tokens, message)
def delete(self, project_id=None): if self.request.get('token_id') is None: raise HttpErrorException.bad_request('no token id') self.user.current_token_id = self.request.get('token_id') if not project_id and not Project.valid_id(project_id): raise HttpErrorException.bad_request('no project id') project = Project.get_by_id(project_id) if not project: raise HttpErrorException.bad_request('invaild project id') if not project.has_permission_delete(self.user): raise HttpErrorException.forbidden() trans = Transaction(action='pro_del', user=self.user.key, artifact=project.key, project=project.key) trans.put() self.get_channel_token() channel_tokens = ChannelToken.get_by_project_key( project.key, self.user_channel_token) channel_tokens = ChannelToken.remove_unauthorized_users( channel_tokens, [project]) message = { 'user': self.get_user_channel_data(), 'transaction': trans.to_dict(self.user) } ChannelToken.broadcast_message(channel_tokens, message) project.delete(self.user)
def get(self, organization=None): if not self.user.is_admin: raise HttpErrorException.forbidden() temp_data = {} template_index = JINJA_ENVIRONMENT.get_template( 'admin_panel/thinktank/logging/app_engine_logs.html') self.response.write(template_index.render(temp_data))
def _set_title(self): title = self.json_request.get('title') if title.rstrip() == '': raise HttpErrorException.bad_request('empty title given') if not self.project.has_permission_write(self.user): raise HttpErrorException.forbidden() self.project.title = title action_data = {'title': title} trans = Transaction(action='pro_title', user=self.user.key, artifact=self.project.key, project=self.project.key, action_data=action_data) trans.put() self.get_channel_token() channel_tokens = ChannelToken.get_by_project_key( self.project.key, self.user_channel_token) channel_tokens = ChannelToken.remove_unauthorized_users( channel_tokens, [self.project]) message = { 'user': self.get_user_channel_data(), 'transaction': trans.to_dict(self.user) } ChannelToken.broadcast_message(channel_tokens, message)
def post(self, phrasing_id=None): self.get_channel_token() if not Phrasing.valid_id(phrasing_id): raise HttpErrorException.bad_request('invalid phrasing id') self.phrasing = Phrasing.get_by_id(phrasing_id) if not self.phrasing: raise HttpErrorException.bad_request('invalid phrasing id') if not self.phrasing.has_permission_read(self.user): raise HttpErrorException.forbidden() if self.json_request.get('text'): self._set_text() if self.json_request.get('permission'): self._add_perm() if not self.json_request.get('permission') and self.json_request.get( 'group_id'): self._rm_perm() if self.json_request.get('remove_group'): self._remove_group() self.phrasing.modified_ts = datetime.datetime.now() project = self.phrasing.project.get() project.pw_modified_ts = datetime.datetime.now() ndb.put_multi([project, self.phrasing])
def post(self, user_id=None): if not user_id: raise HttpErrorException.bad_request('no user id given') user = User.get_by_id(user_id) if not user: raise HttpErrorException.bad_request('invalid user id given') if user != self.user and not self.user.is_super_admin: lr = tt_logging.construct_log( msg_short='Non-Admin User try to Alter Another User\'s Billing', msg='User (%s) attemped to change another user\'s (%s) ' 'billing information' % (self.user.key.id(), user.key.id()), log_type=tt_logging.SECURITY, request_user=self.user, affected_user=user, request=self.request ) log.warning(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.forbidden() if self.json_request.get('subscribe'): pay_plan = self.json_request.get('subscribe') if user.is_billable_account(): raise HttpErrorException.bad_request('user already has billable account') checkout_url = user.setup_billable_account(pay_plan) self.write_json_response({'checkout_url': checkout_url})
def post(self, concept_id=None): if not concept_id and not Concept.valid_id(concept_id): raise HttpErrorException.bad_request('invalid concept id') concept = Concept.get_by_id(concept_id) if not concept: raise HttpErrorException.bad_request('invalid concept id') if not self.json_request.get('document_id') and not Document.valid_id( self.json_request.get('document_id')): raise HttpErrorException.bad_request('invalid document id') document = Document.get_by_id(self.json_request.get('document_id')) if not document: raise HttpErrorException.bad_request('invalid document id') if not document.has_permission_set_crawlcontext(self.user): raise HttpErrorException.forbidden() if document.presentation_document is None: raise HttpErrorException.bad_request('document has not summary') presentation_document = document.presentation_document.get() if document.presentation_document is None: raise HttpErrorException.bad_request('document has not summary') project = document.project.get() if not isinstance(self.json_request.get('crawl'), bool): raise HttpErrorException.bad_request('invalid crawl') temp = self.json_request.get('temp', None) if temp is None: raise HttpErrorException.bad_request('no temp giving') crawlcontexts = ndb.get_multi(concept.presentation_crawlcontext) if temp: for crawl in crawlcontexts: if crawl.document == presentation_document.key: concept.presentation_crawlcontext.remove(crawl.key) concept.put() crawl.key.delete() break else: for crawl in crawlcontexts: if crawl.document == presentation_document.key: crawl.crawl = self.json_request.get('crawl') crawl.put() break else: crawl = PresentationCrawlContext( key=PresentationCrawlContext.create_key(), project=project.key, document=presentation_document.key, crawl=self.json_request.get('crawl')) crawl.put() concept.presentation_crawlcontext.append(crawl.key) concept.put() project.pw_modified_ts = datetime.datetime.now() project.put()
def post(self): doc = Document.get_by_id(self.json_request.get('document', 'none')) if not doc: raise HttpErrorException.bad_request('invalid document id') if not doc.has_permission_write(self.user): raise HttpErrorException.forbidden() if not doc.summary_document: raise HttpErrorException.bad_request('no summary document') sum_doc = doc.summary_document.get() if not sum_doc: raise HttpErrorException.bad_request('no summary document') word_count = self.json_request.get('word_count') try: word_count = int(word_count) except (ValueError, TypeError): raise HttpErrorException.bad_request('word_count must be int') if word_count < 100 or word_count > 2500 or word_count % 50 != 0: raise HttpErrorException.bad_request( 'word_count must be 100 to 2500 in 50 inc') sum_doc.word_count = word_count sum_doc.put()
def get(self, organization=None): if not self.user.is_admin: raise HttpErrorException.forbidden() temp_data = {} template_index = JINJA_ENVIRONMENT.get_template( 'admin_panel/dashboard.html') self.response.write(template_index.render(temp_data))
def get(self, document='none'): document = Document.get_by_id(document) if not document: raise HttpErrorException.bad_request('invalid document id') if not document.has_permission_read(self.user): raise HttpErrorException.forbidden() self.write_json_response(document.to_dict(self.user))
def _set_title(self): if not self.document.has_permission_write(self.user): raise HttpErrorException.forbidden() title = self.json_request.get('title', '').rstrip() if title == '': raise HttpErrorException.bad_request('title can not be empty') self.document.title = title
def _add_perm(self): if not self.document.has_permission_write(self.user): raise HttpErrorException.forbidden() group, required = self.document.validate_add_perm_request( self.json_request, self.user) self.document.add_group_perm(group, self.json_request.get('operation'), self.json_request.get('permission'), required) action_data = { 'group': group.key.id(), 'operation': self.json_request.get('operation'), 'permission': self.json_request.get('permission'), 'type': 'required' if required else 'shared', 'hidden': False, } trans = Transaction(action='doc_perm_add', user=self.user.key, artifact=self.document.key, project=self.project.key, action_data=action_data) trans.put() org = self.document.organization.get() # Get project channel tokens channel_tokens = ChannelToken.get_by_project_key( self.project.key, self.user_channel_token) # Loop through each channel token to test permissions on next sibling for channel_token in channel_tokens: ach_user = channel_token.user.get() if (not self.document.has_permission_read(channel_token.user.get()) and not self.document.had_permission_read( channel_token.user.get())): continue if not ach_user.is_super_admin and not \ (ach_user.is_org_admin and org.key == ach_user.organization) and \ org.is_hidden_group(group): fake_id = memcache.get(group.key.id() + '_fake_id') if fake_id is None: fake_id = server.create_uuid() memcache.add(key=group.key.id() + '_fake_id', value=fake_id) trans.action_data['group'] = fake_id trans.action_data['hidden'] = True message = { 'user': self.get_user_channel_data(), 'transaction': trans.to_dict(self.user) } ChannelToken.broadcast_message([channel_token], message)
def get(self, organization=None): if not self.user.is_admin: raise HttpErrorException.forbidden() if self.user.is_super_admin and organization is None: orgs = Organization.query().fetch() orgs_dict = [] for org in orgs: orgs_dict.append(org.to_dict()) self.write_json_response(orgs_dict) else: if not organization: raise HttpErrorException.bad_request('invalid org id') org = Organization.get_by_id(organization) if not org: raise HttpErrorException.bad_request('invalid org id') if not self.user.is_super_admin and self.user.organization != org.key: raise HttpErrorException.forbidden() self.write_json_response(org.to_dict())
def validate_rm_group_request(self, request, user): if not self.has_permission_admin(user): raise HttpErrorException.forbidden() if not Artifact.valid_id(request.get('remove_group')) and not request.get('remove_group') == 'world': raise HttpErrorException.bad_request('invalid group id') group = Group.get_by_id(request.get('remove_group')) if not group: raise HttpErrorException.bad_request('invalid group id') return group
def post(self, phrasing_id=None): if not phrasing_id: raise HttpErrorException.bad_request('no phrasing_id given') phrasing = Phrasing.get_by_id(phrasing_id) if not phrasing: raise HttpErrorException.bad_request('invalid phrasing_id given') if not self.json_request.get('document'): raise HttpErrorException.bad_request('no document given') document = Document.get_by_id(self.json_request.get('document')) if not document: raise HttpErrorException.bad_request('invalid document given') if not document.has_permission(self.user, 'manage_phrasings'): raise HttpErrorException.forbidden() if not document.presentation_document: raise HttpErrorException.bad_request( 'document does not have a presentation') sum_doc = document.presentation_document.get() if not sum_doc: raise HttpErrorException.bad_request( 'document does not have a presentation') concept = phrasing.concept.get() if concept.has_presentation_selected_phrasing(document=sum_doc): selected_phrasing = concept.get_presentation_selected_phrasing( sum_doc) selected_phrasing.phrasing = phrasing.key selected_phrasing.put() else: selected_phrasing = PresentationSelectedPhrasing( id=PresentationSelectedPhrasing.create_uuid(), project=concept.project, document=sum_doc.key, phrasing=phrasing.key) selected_phrasing.put() concept.presentation_selected_phrasings.append( selected_phrasing.key) concept.put() project = document.project.get( ) # Don't want concept's project, this could be a linked concept project.pw_modified_ts = datetime.datetime.now() project.put() self.get_analytic_session() concept.record_analytic('con_phr_cha', self.analytic_session) if selected_phrasing: self.write_json_response(selected_phrasing.to_dict())
def delete(self, publish): publish = PublishPresentation.get_by_id(publish) if not publish: raise HttpErrorException.bad_request('invalid publish id') document = publish.document.get() if not document: raise HttpErrorException.bad_request('document does not exists') if not document.has_permission_write(self.user): raise HttpErrorException.forbidden() publish.key.delete()
def new(request, request_data, request_user): if not request_user.is_super_admin: lr = tt_logging.construct_log( msg_short='Non-Admin User Tried Creating New Organization', log_type=tt_logging.SECURITY, request_user=request_user, request=request) log.warning(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.forbidden() if request_data.get('name') is None: raise HttpErrorException.bad_request('no name given') if request_data.get('id') is None: raise HttpErrorException.bad_request('no organization id given') org = Organization( key=Organization.create_key(request_data.get('id').strip())) org.name = request_data.get('name').strip() org.groups.append(Group.get_worldshare_key()) if request_data.get('description') is not None: org.description = request_data.get('description') if request_data.get('domain') is not None: org.domain = request_data.get('domain') if request_data.get('owner') is not None: org.owner = request_data.get('owner') if request_data.get('webpage') is not None: org.webpage = request_data.get('webpage') if request_data.get('point_of_contact') is not None: org.point_of_contact = request_data.get('point_of_contact') if request_data.get('email') is not None: org.email = request_data.get('email') if request_data.get('phone') is not None: org.phone = request_data.get('phone') if request_data.get('fax') is not None: org.fax = request_data.get('fax') if request_data.get('account_type') is not None: org.account_type = request_data.get('account_type') group = Group(key=Group.create_key(), name=org.name, description=str(org.name) + '\'s organization group', organization=org.key, active=True) group.put() org.groups.append(group.key) org.org_group = group.key org.put() lr = tt_logging.construct_log(msg_short='New Organization Was Created', log_type=tt_logging.DEFAULT, request_user=request_user, request=request, artifact=org) log.info(lr['dict_msg']['msg'], extra=lr) return org.to_dict()
def put(self, coupon_code=None): if not self.user.is_super_admin: raise HttpErrorException.forbidden() if not coupon_code: raise HttpErrorException.bad_request('no coupon code given') try: coupon.Coupon.new(coupon_code.lower(), self.json_request) except coupon.InvalidCouponCodeException as e: raise HttpErrorException.bad_request(e.message) except coupon.InvalidPropertyException as e: raise HttpErrorException.bad_request(e.message) except coupon.InvalidCouponEngineException as e: raise HttpErrorException.bad_request(e.message)
def get(self, pay_plan=None): if not self.user.is_super_admin: lr = tt_logging.construct_log( msg_short='Non-Admin User Attemped to Access Payment Plans', log_type=tt_logging.SECURITY, request=self.request, request_user=self.user) log.warning(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.forbidden() if not pay_plan: self.write_json_response(payment_plan.get_payment_plan_list()) else: raise NotImplementedError()
def get(self, organization=None): if organization: self.organization = Organization.get_by_id(organization) if not self.organization: raise HttpErrorException.bad_request('invalid organization id') if (not self.user.is_super_admin or (self.organization and not self.user.is_org_admin and self.organization.key != self.user.organization)): raise HttpErrorException.forbidden() temp_data = {} template_index = JINJA_ENVIRONMENT.get_template( 'admin_panel/thinktank/analytics.html') self.response.write(template_index.render(temp_data))
def get(self, organization=None): if not self.user.is_admin: raise HttpErrorException.forbidden() if organization: organization = Organization.get_by_id(organization) if not organization: raise HttpErrorException.bad_request('invalid org id') temp_data = {} if organization: temp_data['org'] = organization template_index = JINJA_ENVIRONMENT.get_template( 'admin_panel/organization.html') self.response.write(template_index.render(temp_data))
def delete(self, phrasing_id=None): if not phrasing_id: raise HttpErrorException.bad_request('no phrasing_id given') phrasing = Phrasing.get_by_id(phrasing_id) if not phrasing: raise HttpErrorException.bad_request('invalid phrasing_id given') if not phrasing.has_permission_write(self.user): raise HttpErrorException.forbidden() concept = phrasing.concept.get() if phrasing.key == concept.distilled_phrasing: raise HttpErrorException.forbidden() project = phrasing.project.get() project.pw_modified_ts = datetime.datetime.now() project.put() trans = Transaction(action='phr_del', user=self.user.key, artifact=phrasing.key, project=project.key) trans.put() self.get_channel_token() channel_tokens = ChannelToken.get_by_project_key( project.key, self.user_channel_token) channel_tokens = ChannelToken.remove_unauthorized_users( channel_tokens, [concept, phrasing]) message = { 'user': self.get_user_channel_data(), 'transaction': trans.to_dict(self.user) } ChannelToken.broadcast_message(channel_tokens, message) phrasing.delete(concept, self.user) self.get_analytic_session() concept.record_analytic('con_phr_del', self.analytic_session)
def get(self, org_id=None): if self.user.is_super_admin: self._serve_site_organizations() elif self.user.is_org_admin: self._serve_user_organization() else: lr = tt_logging.construct_log( msg_short='Non-Admin User Tried Access Organizations', msg='A Non-Admin user tried accessing other organizations', log_type=tt_logging.SECURITY, request_user=self.user, request=self.request ) log.warning(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.forbidden()
def get(self, hours): if not self.user.is_super_admin: raise HttpErrorException.forbidden() if not hours: raise HttpErrorException.bad_request('no hours given') try: hours = int(hours) except ValueError: raise HttpErrorException.bad_request('hours must be int') start_time = datetime.now() - timedelta(hours=hours) healths = Health.query(Health.ts > start_time).order(Health.ts).fetch() healths_dict = [] for health in healths: healths_dict.append(health.to_dict()) self.response.write(json.dumps(healths_dict))
def get(self): if self.json_request.get('project') is None: raise HttpErrorException.bad_request('invalid project id') project = Project.get_by_id(self.json_request.get('project')) if not project: raise HttpErrorException.bad_request('invalid project id') if self.json_request.get('document') is None: raise HttpErrorException.bad_request('invalid document id') document = Document.get_by_id(self.json_request.get('document')) if not document: raise HttpErrorException.bad_request('invalid document id') if not document.has_permission_read(self.user): raise HttpErrorException.forbidden() try: limit = int(self.request.get('limit', 30)) except ValueError: raise HttpErrorException.bad_request('limit must be int') try: before_date = int(self.request.get('before_date', 0)) except ValueError: raise HttpErrorException.bad_request('before_date must be int') if limit > 100: limit = 100 if before_date and before_date > 0: before_date = datetime.fromtimestamp(before_date / 1000.0) chat_query = ChatMessage.query( ndb.AND(ChatMessage.project == project.key, ChatMessage.document == document.key, ChatMessage.created_ts < before_date)) else: chat_query = ChatMessage.query( ndb.AND(ChatMessage.project == project.key, ChatMessage.document == document.key)) chat_messages = chat_query.order( ChatMessage.created_ts).fetch(limit=limit) chat_messages_dict = [] for chat in chat_messages: chat_messages_dict.append(chat.to_dict()) self.write_json_response(chat_messages_dict)
def edit(request, request_data, request_user): org = None if not request_user.is_admin and org.organization == request_user.key: lr = tt_logging.construct_log( msg_short='Non-Admin User Tried Altering Organization', log_type=tt_logging.SECURITY, request_user=request_user, request=request, artifact=org) log.warning(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.forbidden() if request_data.get('add'): if request_data.get('admin'): if request_data.get('user_id') == '': raise HttpErrorException.bad_request('no user_id given') user = ndb.Key('User', request_data.get('user_id')) if not user: raise HttpErrorException.bad_request( 'invalid user_id given') if user.key not in org.admins: lr = tt_logging.construct_log( msg_short='User Was Added as Organization Admin', log_type=tt_logging.USER, request_user=request_user, request=request, artifact=org, affected_user=user) log.info(lr['dict_msg']['msg'], extra=lr) org.admins.append(user.key) if request_data.get('remove'): if request_data.get('remove') == 'admin': if request_data.get('user_id') == '': raise HttpErrorException.bad_request('no user_id given') user = ndb.Key('User', request_data.get('user_id')) if not user: raise HttpErrorException.bad_request( 'invalid user_id given') if user.key in org.admins: lr = tt_logging.construct_log( msg_short='User Was Removed as Organization Admin', log_type=tt_logging.USER, request_user=request_user, request=request, artifact=org, affected_user=user) log.info(lr['dict_msg']['msg'], extra=lr) org.admins.remove(user.key) org.put()
def get(self, publish): if not publish: raise HttpErrorException.bad_request('invalid publish id given') pub = memcache.get(publish, namespace='document_publish') if not pub: raise HttpErrorException.not_found() if pub == '500': self.write_json_response({'error': 500}) else: document = pub.document.get() if not document.has_permission_read(self.user): raise HttpErrorException.forbidden() self.write_json_response(pub.to_dict(html=False))