def delete_photo_view(request, photo): request.app_context.catalog.unindex(photo) trash = find_trash(photo) trash_id = trash.trash(photo) response = HTTPFound(location=model_url(request, photo.__parent__)) response.set_cookie('undo', 'trash:%s|Photo+deleted.' % trash_id) return response
def pastebin_view(context, request): params = request.params author_name = utils.preferred_author(context, request) language = u'' paste = u'' message = u'' pastebin_url = resource_url(context, request) can_manage = has_permission('manage', context, request) if params.has_key('form.submitted'): if params.get('text'): # trap spambots return HTTPFound(location=resource_url(context, request)) paste = params.get('paste_', '') author_name = params.get('author_name_', '') language = params.get('language_', '') schema = PasteAddSchema() message = None try: schema.to_python(request.params) except formencode.validators.Invalid, why: message = str(why) else: pobj = PasteEntry(author_name, paste, language) pasteid = context.add_item(pobj) url = '%s%s' % (pastebin_url, pasteid) response = HTTPFound(location=url) response.set_cookie(utils.COOKIE_AUTHOR, author_name, max_age=864000) response.set_cookie(utils.COOKIE_LANGUAGE, language) return response
def redirect(where): exc = HTTPFound(location=where) try: exc.identity = response.identity except: pass if response.flash_obj: decoded_flash = pickle.dumps(response.flash_obj) exc.set_cookie('flash_obj', base64.b64encode(decoded_flash)) raise exc
def undo_view(request, code): if not code.startswith('trash:'): return None # XXX Need security here. Probably need to add api to trash to be able # to retrieve context(s) involved for purposes of security checking, before # performing undo operation. trash_id = code[6:] trash = find_trash(request.context) restored = trash.restore(trash_id, request.app_context.catalog) response = HTTPFound(location=model_url(request, restored)) response.set_cookie('undo', '') return response
def tutorialbin_add_view(context, request): params = request.params title = u'' url = u'' language = u'' text = u'' code = u'' message = u'' attachment= '' tutorialbin_url = resource_url(context, request) user = authenticated_userid(request) can_manage = has_permission('manage', context, request) if params.has_key('form.submitted'): title = params.get('title', u'') text = params.get('text', u'') code = params.get('code', u'') url = params.get('url', u'') language = params.get('language', u'') schema = TutorialAddEditSchema() message = None attachment = params.get('attachment') try: schema.to_python(request.params) except formencode.validators.Invalid, why: message = str(why) else: file_name = None mime_type = None stream = None if hasattr(attachment, 'filename'): file_name = attachment.filename mime_type = attachment.type stream = attachment.file pobj = Tutorial(title, user, text, url, code, language, stream, file_name, mime_type) acl = context.__acl__[:] acl.extend([(Allow, user, 'edit'), (Allow, 'admin', 'edit')]) pobj.__acl__ = acl tutorialid = context.add_item(pobj) response = HTTPFound(location = '%s%s' % (tutorialbin_url, tutorialid)) response.set_cookie(COOKIE_LANGUAGE, language) return response
def cook(self, form, login, password, authenticated_for, back): privkey = tlib.read_key(form.context.pkey) val = base64.b64encode( tlib.bauth( form.context.cipher, '%s:%s' % (login, password)) ) #val = val.replace('\n', '', 1) validtime = datetime.datetime.now() + datetime.timedelta(hours=1) validuntil = int(time.mktime(validtime.timetuple())) ticket = tlib.create_ticket( privkey, login, validuntil, tokens=list(authenticated_for), extra_fields=(('bauth', val),)) back = form.back(login) res = HTTPFound(location=back) res.set_cookie('auth_pubtkt', quote(ticket), path='/', domain='novareto.de', secure=False) return res
def _login(self, request): login = request.params.get('login', '') password = request.params.get('password', None) status_msg = request.params.get('status_msg', '') redirect_to = request.params.get('redirect_to', None) if redirect_to is None: redirect_to = request.application_url if login and password: if self.password_broker(login, password): credential = self.credential_broker.login(login) response = HTTPFound(location=redirect_to) response.set_cookie(self.cookie_name, credential) return response status_msg = "Bad login" body = self.form_template( login=login, status_msg=status_msg, redirect_to=redirect_to, ) return webob.Response(body, content_type='text/html')
def delete_photos_view(request, album): if request.subpath: visibility = request.subpath.pop(0) else: visibility = None photos = [] for photo in album.photos(): if visibility is None or photo.visibility == visibility: photos.append(photo) assert photos, "Nothing to delete." catalog = request.app_context.catalog catalog.unindex_photos_in_album(album, photos) trash = find_trash(album) trash_id = trash.trash_photos_in_album(album, photos) response = HTTPFound(location=model_url(request, album)) response.set_cookie('undo', 'trash:%s|Deleted+photos' % trash_id) return response
def home(request): domain = email = password = message = '' if request.method == 'POST': domain = request.POST['domain'] email = request.POST['email'] password = request.POST['password'] # validate form if not (domain and email and password): message = 'You must fill in all the boxes' else: # auth and retrieve bank entries # pass bank info to expense rendering form (how? session?) response = HTTPFound(location="/expense") # XXX I should NOT be storing sensitive data in cookies # How to pass these to other pages? response.set_cookie('domain_', domain) response.set_cookie('email', email) response.set_cookie('password', password) return response return dict(domain=domain, email=email, password=password, message=message)