def delete_photo_view(request, photo):
request.app_context.catalog.unindex(photo)
trash = find_trash(photo)
trash_id = trash.trash(photo)
response = HTTPFound(location=model_url(request, photo.__parent__))
response.set_cookie('undo', 'trash:%s|Photo+deleted.' % trash_id)
return response
def pastebin_view(context, request):
params = request.params
author_name = utils.preferred_author(context, request)
language = u''
paste = u''
message = u''
pastebin_url = resource_url(context, request)
can_manage = has_permission('manage', context, request)
if params.has_key('form.submitted'):
if params.get('text'): # trap spambots
return HTTPFound(location=resource_url(context, request))
paste = params.get('paste_', '')
author_name = params.get('author_name_', '')
language = params.get('language_', '')
schema = PasteAddSchema()
message = None
try:
schema.to_python(request.params)
except formencode.validators.Invalid, why:
message = str(why)
else:
pobj = PasteEntry(author_name, paste, language)
pasteid = context.add_item(pobj)
url = '%s%s' % (pastebin_url, pasteid)
response = HTTPFound(location=url)
response.set_cookie(utils.COOKIE_AUTHOR, author_name,
max_age=864000)
response.set_cookie(utils.COOKIE_LANGUAGE, language)
return response
def redirect(where):
exc = HTTPFound(location=where)
try:
exc.identity = response.identity
except:
pass
if response.flash_obj:
decoded_flash = pickle.dumps(response.flash_obj)
exc.set_cookie('flash_obj', base64.b64encode(decoded_flash))
raise exc
def undo_view(request, code):
if not code.startswith('trash:'):
return None
# XXX Need security here. Probably need to add api to trash to be able
# to retrieve context(s) involved for purposes of security checking, before
# performing undo operation.
trash_id = code[6:]
trash = find_trash(request.context)
restored = trash.restore(trash_id, request.app_context.catalog)
response = HTTPFound(location=model_url(request, restored))
response.set_cookie('undo', '')
return response
def tutorialbin_add_view(context, request):
params = request.params
title = u''
url = u''
language = u''
text = u''
code = u''
message = u''
attachment= ''
tutorialbin_url = resource_url(context, request)
user = authenticated_userid(request)
can_manage = has_permission('manage', context, request)
if params.has_key('form.submitted'):
title = params.get('title', u'')
text = params.get('text', u'')
code = params.get('code', u'')
url = params.get('url', u'')
language = params.get('language', u'')
schema = TutorialAddEditSchema()
message = None
attachment = params.get('attachment')
try:
schema.to_python(request.params)
except formencode.validators.Invalid, why:
message = str(why)
else:
file_name = None
mime_type = None
stream = None
if hasattr(attachment, 'filename'):
file_name = attachment.filename
mime_type = attachment.type
stream = attachment.file
pobj = Tutorial(title, user, text, url, code, language,
stream, file_name, mime_type)
acl = context.__acl__[:]
acl.extend([(Allow, user, 'edit'), (Allow, 'admin', 'edit')])
pobj.__acl__ = acl
tutorialid = context.add_item(pobj)
response = HTTPFound(location = '%s%s' % (tutorialbin_url,
tutorialid))
response.set_cookie(COOKIE_LANGUAGE, language)
return response
def cook(self, form, login, password, authenticated_for, back):
privkey = tlib.read_key(form.context.pkey)
val = base64.b64encode(
tlib.bauth(
form.context.cipher,
'%s:%s' % (login, password))
)
#val = val.replace('\n', '', 1)
validtime = datetime.datetime.now() + datetime.timedelta(hours=1)
validuntil = int(time.mktime(validtime.timetuple()))
ticket = tlib.create_ticket(
privkey, login, validuntil, tokens=list(authenticated_for),
extra_fields=(('bauth', val),))
back = form.back(login)
res = HTTPFound(location=back)
res.set_cookie('auth_pubtkt', quote(ticket), path='/',
domain='novareto.de', secure=False)
return res
def _login(self, request):
login = request.params.get('login', '')
password = request.params.get('password', None)
status_msg = request.params.get('status_msg', '')
redirect_to = request.params.get('redirect_to', None)
if redirect_to is None:
redirect_to = request.application_url
if login and password:
if self.password_broker(login, password):
credential = self.credential_broker.login(login)
response = HTTPFound(location=redirect_to)
response.set_cookie(self.cookie_name, credential)
return response
status_msg = "Bad login"
body = self.form_template(
login=login,
status_msg=status_msg,
redirect_to=redirect_to,
)
return webob.Response(body, content_type='text/html')
def delete_photos_view(request, album):
if request.subpath:
visibility = request.subpath.pop(0)
else:
visibility = None
photos = []
for photo in album.photos():
if visibility is None or photo.visibility == visibility:
photos.append(photo)
assert photos, "Nothing to delete."
catalog = request.app_context.catalog
catalog.unindex_photos_in_album(album, photos)
trash = find_trash(album)
trash_id = trash.trash_photos_in_album(album, photos)
response = HTTPFound(location=model_url(request, album))
response.set_cookie('undo', 'trash:%s|Deleted+photos' % trash_id)
return response
def home(request):
domain = email = password = message = ''
if request.method == 'POST':
domain = request.POST['domain']
email = request.POST['email']
password = request.POST['password']
# validate form
if not (domain and email and password):
message = 'You must fill in all the boxes'
else:
# auth and retrieve bank entries
# pass bank info to expense rendering form (how? session?)
response = HTTPFound(location="/expense")
# XXX I should NOT be storing sensitive data in cookies
# How to pass these to other pages?
response.set_cookie('domain_', domain)
response.set_cookie('email', email)
response.set_cookie('password', password)
return response
return dict(domain=domain, email=email, password=password, message=message)
