diff options
Diffstat (limited to 'src/web/views')
-rw-r--r-- | src/web/views/__init__.py | 23 | ||||
-rw-r--r-- | src/web/views/admin.py | 114 | ||||
-rw-r--r-- | src/web/views/api/__init__.py | 28 | ||||
-rw-r--r-- | src/web/views/api/article.py | 63 | ||||
-rw-r--r-- | src/web/views/api/category.py | 20 | ||||
-rw-r--r-- | src/web/views/api/common.py | 212 | ||||
-rw-r--r-- | src/web/views/api/feed.py | 60 | ||||
-rw-r--r-- | src/web/views/article.py | 74 | ||||
-rw-r--r-- | src/web/views/category.py | 16 | ||||
-rw-r--r-- | src/web/views/common.py | 53 | ||||
-rw-r--r-- | src/web/views/feed.py | 40 | ||||
-rw-r--r-- | src/web/views/home.py | 156 | ||||
-rw-r--r-- | src/web/views/session_mgmt.py | 92 | ||||
-rw-r--r-- | src/web/views/user.py | 22 | ||||
-rw-r--r-- | src/web/views/views.py | 414 |
15 files changed, 617 insertions, 770 deletions
diff --git a/src/web/views/__init__.py b/src/web/views/__init__.py index 27370fc3..c5903d9b 100644 --- a/src/web/views/__init__.py +++ b/src/web/views/__init__.py @@ -1,13 +1,12 @@ -from .views import * -from .api import * +from web.views import views, home, session_mgmt, api +from web.views.article import article_bp, articles_bp +from web.views.feed import feed_bp, feeds_bp +from web.views.category import category_bp, categories_bp +from web.views.icon import icon_bp +from web.views.admin import admin_bp +from web.views.user import user_bp, users_bp -from .article import article_bp, articles_bp -from .feed import feed_bp, feeds_bp -from .category import category_bp, categories_bp -from .icon import icon_bp -from .admin import admin_bp -from .user import user_bp, users_bp - - -__all__ = ['article_bp', 'articles_bp', 'feed_bp', 'feeds_bp', 'category_bp', - 'categories_bp', 'icon_bp', 'admin_bp', 'user_bp', 'users_bp'] +__all__ = ['views', 'home', 'session_mgmt', 'api', + 'article_bp', 'articles_bp', 'feed_bp', 'feeds_bp', + 'category_bp', 'categories_bp', 'icon_bp', + 'admin_bp', 'user_bp', 'users_bp'] diff --git a/src/web/views/admin.py b/src/web/views/admin.py index b5b0fd54..1dc676de 100644 --- a/src/web/views/admin.py +++ b/src/web/views/admin.py @@ -1,43 +1,48 @@ -from flask import (Blueprint, g, render_template, redirect, - flash, url_for, request) -from flask.ext.babel import gettext -from flask.ext.login import login_required - -from flask.ext.principal import Permission, RoleNeed +from datetime import datetime +from flask import (Blueprint, render_template, redirect, flash, url_for) +from flask.ext.babel import gettext, format_timedelta +from flask.ext.login import login_required, current_user +from werkzeug import generate_password_hash +from web.views.common import admin_permission from web.lib.utils import redirect_url -from web.models import Role from web.controllers import UserController, ArticleController - from web.forms import InformationMessageForm, UserForm -from web import notifications admin_bp = Blueprint('admin', __name__, url_prefix='/admin') -admin_permission = Permission(RoleNeed('admin')) @admin_bp.route('/dashboard', methods=['GET', 'POST']) @login_required @admin_permission.require(http_exception=403) def dashboard(): - """ - Adminstrator's dashboard. - """ + last_cons, now = {}, datetime.utcnow() + users = list(UserController().read().order_by('id')) form = InformationMessageForm() + for user in users: + last_cons[user.id] = format_timedelta(now - user.last_seen) + return render_template('admin/dashboard.html', now=datetime.utcnow(), + last_cons=last_cons, users=users, current_user=current_user, + form=form) + - if request.method == 'POST': - if form.validate(): - try: - notifications.information_message(form.subject.data, - form.message.data) - except Exception as error: - flash(gettext( - 'Problem while sending email: %(error)s', error=error), - 'danger') +@admin_bp.route('/user/<int:user_id>', methods=['GET']) +@login_required +@admin_permission.require(http_exception=403) +def user(user_id=None): + """ + See information about a user (stations, etc.). + """ + user = UserController().get(id=user_id) + if user is not None: + article_contr = ArticleController(user_id) + return render_template('/admin/user.html', user=user, feeds=user.feeds, + article_count=article_contr.count_by_feed(), + unread_article_count=article_contr.count_by_feed(readed=False)) - users = UserController().read() - return render_template('admin/dashboard.html', - users=users, current_user=g.user, form=form) + else: + flash(gettext('This user does not exist.'), 'danger') + return redirect(redirect_url()) @admin_bp.route('/user/create', methods=['GET']) @@ -71,7 +76,6 @@ def process_user_form(user_id=None): return render_template('/admin/create_user.html', form=form, message=gettext('Some errors were found')) - role_user = Role.query.filter(Role.name == "user").first() if user_id is not None: # Edit a user user_contr.update({'id': user_id}, @@ -86,50 +90,14 @@ def process_user_form(user_id=None): # Create a new user (by the admin) user = user_contr.create(nickname=form.nickname.data, email=form.email.data, - password=form.password.data, - roles=[role_user], - refresh_rate=form.refresh_rate.data, - enabled=True) + pwdhash=generate_password_hash(form.password.data), + is_admin=False, + refresh_rate=form.refresh_rate.data) flash(gettext('User %(nick)s successfully created', nick=user.nickname), 'success') return redirect(url_for('admin.user_form', user_id=user.id)) -@admin_bp.route('/user/<int:user_id>', methods=['GET']) -@login_required -@admin_permission.require(http_exception=403) -def user(user_id=None): - """ - See information about a user (stations, etc.). - """ - user = UserController().get(id=user_id) - if user is not None: - article_contr = ArticleController(user_id) - return render_template('/admin/user.html', user=user, feeds=user.feeds, - article_count=article_contr.count_by_feed(), - unread_article_count=article_contr.count_by_feed(readed=False)) - - else: - flash(gettext('This user does not exist.'), 'danger') - return redirect(redirect_url()) - - -@admin_bp.route('/delete_user/<int:user_id>', methods=['GET']) -@login_required -@admin_permission.require(http_exception=403) -def delete_user(user_id=None): - """ - Delete a user (with all its data). - """ - try: - user = UserController().delete(user_id) - flash(gettext('User %(nick)s successfully deleted', - nick=user.nickname), 'success') - except Exception as error: - flash(gettext('An error occured while trying to delete a user: ' - '%(error)', error=error), 'danger') - return redirect(redirect_url()) - @admin_bp.route('/toggle_user/<int:user_id>', methods=['GET']) @login_required @admin_permission.require() @@ -137,14 +105,18 @@ def toggle_user(user_id=None): """ Enable or disable the account of a user. """ - user_contr = UserController() - user = user_contr.get(id=user_id) + ucontr = UserController() + user = ucontr.get(id=user_id) + user_changed = ucontr.update({'id': user_id}, + {'is_active': not user.is_active}) - if user is None: + if not user_changed: flash(gettext('This user does not exist.'), 'danger') return redirect(url_for('admin.dashboard')) - user_contr.update({'id': user.id}, {'enabled': not user.enabled}) - flash(gettext('Account of the user %(nick)s successfully ' - 'updated.', nick=user.nickname), 'success') + else: + act_txt = 'activated' if user.is_active else 'desactivated' + message = gettext('User %(login)s successfully %(is_active)s', + login=user.login, is_active=act_txt) + flash(message, 'success') return redirect(url_for('admin.dashboard')) diff --git a/src/web/views/api/__init__.py b/src/web/views/api/__init__.py index 90e1ab0f..458e031b 100644 --- a/src/web/views/api/__init__.py +++ b/src/web/views/api/__init__.py @@ -1,31 +1,3 @@ -#! /usr/bin/env python -# -*- coding: utf-8 -*- - -# jarr - A Web based news aggregator. -# Copyright (C) 2010-2016 Cédric Bonhomme - http://JARR-aggregator.org/ -# -# For more information : https://github.com/JARR-aggregator/JARR/ -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. - -__author__ = "Cedric Bonhomme" -__version__ = "$Revision: 0.2 $" -__date__ = "$Date: 2014/06/18 $" -__revision__ = "$Date: 2014/07/05 $" -__copyright__ = "Copyright (c) Cedric Bonhomme" -__license__ = "AGPLv3" - from web.views.api import article, feed, category __all__ = ['article', 'feed', 'category'] diff --git a/src/web/views/api/article.py b/src/web/views/api/article.py index 23c5c495..5971f47d 100644 --- a/src/web/views/api/article.py +++ b/src/web/views/api/article.py @@ -1,66 +1,53 @@ -#! /usr/bin/env python -# -*- coding: utf-8 - - -from flask import g +from conf import API_ROOT import dateutil.parser +from datetime import datetime +from flask import current_app +from flask.ext.restful import Api +from web.views.common import api_permission from web.controllers import ArticleController -from web.views.api.common import PyAggAbstractResource,\ - PyAggResourceNew, \ - PyAggResourceExisting, \ - PyAggResourceMulti - - -ARTICLE_ATTRS = {'user_id': {'type': int}, - 'feed_id': {'type': int}, - 'category_id': {'type': int}, - 'entry_id': {'type': str}, - 'link': {'type': str}, - 'title': {'type': str}, - 'readed': {'type': bool}, - 'like': {'type': bool}, - 'content': {'type': str}, - 'date': {'type': str}, - 'retrieved_date': {'type': str}} +from web.views.api.common import (PyAggAbstractResource, + PyAggResourceNew, PyAggResourceExisting, PyAggResourceMulti) class ArticleNewAPI(PyAggResourceNew): controller_cls = ArticleController - attrs = ARTICLE_ATTRS - to_date = ['date', 'retrieved_date'] class ArticleAPI(PyAggResourceExisting): controller_cls = ArticleController - attrs = ARTICLE_ATTRS - to_date = ['date', 'retrieved_date'] class ArticlesAPI(PyAggResourceMulti): controller_cls = ArticleController - attrs = ARTICLE_ATTRS - to_date = ['date', 'retrieved_date'] class ArticlesChallenge(PyAggAbstractResource): controller_cls = ArticleController attrs = {'ids': {'type': list, 'default': []}} - to_date = ['date', 'retrieved_date'] + @api_permission.require(http_exception=403) def get(self): - parsed_args = self.reqparse_args() + parsed_args = self.reqparse_args(right='read') + # collecting all attrs for casting purpose + attrs = self.controller_cls._get_attrs_desc('admin') for id_dict in parsed_args['ids']: - for key in self.to_date: - if key in id_dict: + keys_to_ignore = [] + for key in id_dict: + if key not in attrs: + keys_to_ignore.append(key) + if issubclass(attrs[key]['type'], datetime): id_dict[key] = dateutil.parser.parse(id_dict[key]) + for key in keys_to_ignore: + del id_dict[key] - result = list(self.wider_controller.challenge(parsed_args['ids'])) + result = list(self.controller.challenge(parsed_args['ids'])) return result or None, 200 if result else 204 +api = Api(current_app, prefix=API_ROOT) -g.api.add_resource(ArticleNewAPI, '/article', endpoint='article_new.json') -g.api.add_resource(ArticleAPI, '/article/<int:obj_id>', - endpoint='article.json') -g.api.add_resource(ArticlesAPI, '/articles', endpoint='articles.json') -g.api.add_resource(ArticlesChallenge, '/articles/challenge', - endpoint='articles_challenge.json') +api.add_resource(ArticleNewAPI, '/article', endpoint='article_new.json') +api.add_resource(ArticleAPI, '/article/<int:obj_id>', endpoint='article.json') +api.add_resource(ArticlesAPI, '/articles', endpoint='articles.json') +api.add_resource(ArticlesChallenge, '/articles/challenge', + endpoint='articles_challenge.json') diff --git a/src/web/views/api/category.py b/src/web/views/api/category.py index 7923279a..eecfa785 100644 --- a/src/web/views/api/category.py +++ b/src/web/views/api/category.py @@ -1,4 +1,6 @@ -from flask import g +from conf import API_ROOT +from flask import current_app +from flask.ext.restful import Api from web.controllers.category import CategoryController from web.views.api.common import (PyAggResourceNew, @@ -6,26 +8,20 @@ from web.views.api.common import (PyAggResourceNew, PyAggResourceMulti) -CAT_ATTRS = {'name': {'type': str}, - 'user_id': {'type': int}} - - class CategoryNewAPI(PyAggResourceNew): controller_cls = CategoryController - attrs = CAT_ATTRS class CategoryAPI(PyAggResourceExisting): controller_cls = CategoryController - attrs = CAT_ATTRS class CategoriesAPI(PyAggResourceMulti): controller_cls = CategoryController - attrs = CAT_ATTRS -g.api.add_resource(CategoryNewAPI, '/category', endpoint='category_new.json') -g.api.add_resource(CategoryAPI, '/category/<int:obj_id>', - endpoint='category.json') -g.api.add_resource(CategoriesAPI, '/categories', endpoint='categories.json') +api = Api(current_app, prefix=API_ROOT) +api.add_resource(CategoryNewAPI, '/category', endpoint='category_new.json') +api.add_resource(CategoryAPI, '/category/<int:obj_id>', + endpoint='category.json') +api.add_resource(CategoriesAPI, '/categories', endpoint='categories.json') diff --git a/src/web/views/api/common.py b/src/web/views/api/common.py index c155a254..ace6ba3a 100644 --- a/src/web/views/api/common.py +++ b/src/web/views/api/common.py @@ -1,6 +1,3 @@ -#! /usr/bin/env python -# -*- coding: utf-8 - - """For a given resources, classes in the module intend to create the following routes : GET resource/<id> @@ -21,82 +18,53 @@ routes : DELETE resources -> to delete several """ -import ast -import json import logging -import dateutil.parser from functools import wraps -from werkzeug.exceptions import Unauthorized, BadRequest -from flask import request, g, session, Response +from werkzeug.exceptions import Unauthorized, BadRequest, Forbidden, NotFound +from flask import request from flask.ext.restful import Resource, reqparse +from flask.ext.login import current_user -from web.lib.utils import default_handler -from web.models import User +from web.views.common import admin_permission, api_permission, \ + login_user_bundle, jsonify +from web.controllers import UserController logger = logging.getLogger(__name__) def authenticate(func): - """ - Decorator for the authentication to the web services. - """ @wraps(func) def wrapper(*args, **kwargs): - logged_in = False - if not getattr(func, 'authenticated', True): - logged_in = True - # authentication based on the session (already logged on the site) - elif 'email' in session or g.user.is_authenticated: - logged_in = True - else: - # authentication via HTTP only - auth = request.authorization - if auth is not None: - user = User.query.filter( - User.nickname == auth.username).first() - if user and user.check_password(auth.password) and user.enabled: - g.user = user - logged_in = True - if logged_in: + if request.authorization: + ucontr = UserController() + try: + user = ucontr.get(login=request.authorization.username) + except NotFound: + raise Forbidden("Couldn't authenticate your user") + if not ucontr.check_password(user, request.authorization.password): + raise Forbidden("Couldn't authenticate your user") + if not user.is_active: + raise Forbidden("User is desactivated") + login_user_bundle(user) + if current_user.is_authenticated: return func(*args, **kwargs) - raise Unauthorized({'WWWAuthenticate': 'Basic realm="Login Required"'}) - return wrapper - - -def to_response(func): - """Will cast results of func as a result, and try to extract - a status_code for the Response object""" - def wrapper(*args, **kwargs): - status_code = 200 - result = func(*args, **kwargs) - if isinstance(result, Response): - return result - elif isinstance(result, tuple): - result, status_code = result - return Response(json.dumps(result, default=default_handler), - status=status_code) + raise Unauthorized() return wrapper class PyAggAbstractResource(Resource): - method_decorators = [authenticate, to_response] - attrs = {} - to_date = [] # list of fields to cast to datetime - - def __init__(self, *args, **kwargs): - super(PyAggAbstractResource, self).__init__(*args, **kwargs) + method_decorators = [authenticate, jsonify] + controller_cls = None + attrs = None @property def controller(self): - return self.controller_cls(getattr(g.user, 'id', None)) - - @property - def wider_controller(self): - if g.user.is_admin(): + if admin_permission.can(): return self.controller_cls() - return self.controller_cls(getattr(g.user, 'id', None)) + return self.controller_cls(current_user.id) - def reqparse_args(self, req=None, strict=False, default=True, args=None): + def reqparse_args(self, right, req=None, strict=False, default=True, + allow_empty=False): """ strict: bool if True will throw 400 error if args are defined and not in request @@ -105,31 +73,39 @@ class PyAggAbstractResource(Resource): args: dict the args to parse, if None, self.attrs will be used """ + try: + in_values = req.json if req else (request.json or {}) + if not in_values and allow_empty: + return {} + except BadRequest: + if allow_empty: + return {} + raise parser = reqparse.RequestParser() - for attr_name, attrs in (args or self.attrs).items(): - if attrs.pop('force_default', False): - parser.add_argument(attr_name, location='json', **attrs) - elif not default and (not request.json - or request.json and attr_name not in request.json): + if self.attrs is not None: + attrs = self.attrs + elif admin_permission.can(): + attrs = self.controller_cls._get_attrs_desc('admin') + elif api_permission.can(): + attrs = self.controller_cls._get_attrs_desc('api', right) + else: + attrs = self.controller_cls._get_attrs_desc('base', right) + assert attrs, "No defined attrs for %s" % self.__class__.__name__ + + for attr_name, attr in attrs.items(): + if not default and attr_name not in in_values: continue else: - parser.add_argument(attr_name, location='json', **attrs) - parsed = parser.parse_args(strict=strict) if req is None \ - else parser.parse_args(req, strict=strict) - for field in self.to_date: - if parsed.get(field): - try: - parsed[field] = dateutil.parser.parse(parsed[field]) - except Exception: - logger.exception('failed to parse %r', parsed[field]) - return parsed + parser.add_argument(attr_name, location='json', **attr) + return parser.parse_args(req=req, strict=strict) class PyAggResourceNew(PyAggAbstractResource): + @api_permission.require(http_exception=403) def post(self): """Create a single new object""" - return self.controller.create(**self.reqparse_args()), 201 + return self.controller.create(**self.reqparse_args(right='write')), 201 class PyAggResourceExisting(PyAggAbstractResource): @@ -140,14 +116,10 @@ class PyAggResourceExisting(PyAggAbstractResource): def put(self, obj_id=None): """update an object, new attrs should be passed in the payload""" - args = self.reqparse_args(default=False) - new_values = {key: args[key] for key in - set(args).intersection(self.attrs)} - if 'user_id' in new_values and g.user.is_admin(): - controller = self.wider_controller - else: - controller = self.controller - return controller.update({'id': obj_id}, new_values), 200 + args = self.reqparse_args(right='write', default=False) + if not args: + raise BadRequest() + return self.controller.update({'id': obj_id}, args), 200 def delete(self, obj_id=None): """delete a object""" @@ -164,73 +136,75 @@ class PyAggResourceMulti(PyAggAbstractResource): try: limit = request.json.pop('limit', 10) order_by = request.json.pop('order_by', None) - query = self.controller.read(**request.json) - except: - args = {} - for k, v in request.args.items(): - if k in self.attrs.keys(): - if self.attrs[k]['type'] in [bool, int]: - args[k] = ast.literal_eval(v) - else: - args[k] = v - limit = request.args.get('limit', 10) - order_by = request.args.get('order_by', None) - query = self.controller.read(**args) + args = self.reqparse_args(right='read', default=False) + except BadRequest: + limit, order_by, args = 10, None, {} + query = self.controller.read(**args) if order_by: query = query.order_by(order_by) if limit: query = query.limit(limit) return [res for res in query] + @api_permission.require(http_exception=403) def post(self): - """creating several objects. payload should be a list of dict. + """creating several objects. payload should be: + >>> payload + [{attr1: val1, attr2: val2}, {attr1: val1, attr2: val2}] """ - if 'application/json' not in request.headers.get('Content-Type'): - raise BadRequest("Content-Type must be application/json") - status = 201 - results = [] + assert 'application/json' in request.headers.get('Content-Type') + status, fail_count, results = 200, 0, [] + + class Proxy: + pass for attrs in request.json: try: - results.append(self.controller.create(**attrs).id) + Proxy.json = attrs + args = self.reqparse_args('write', req=Proxy, default=False) + obj = self.controller.create(**args) + results.append(obj) except Exception as error: - status = 206 + fail_count += 1 results.append(str(error)) - # if no operation succeded, it's not partial anymore, returning err 500 - if status == 206 and results.count('ok') == 0: + if fail_count == len(results): # all failed => 500 status = 500 + elif fail_count: # some failed => 206 + status = 206 return results, status def put(self): - """creating several objects. payload should be: + """updating several objects. payload should be: >>> payload [[obj_id1, {attr1: val1, attr2: val2}] [obj_id2, {attr1: val1, attr2: val2}]] """ - if 'application/json' not in request.headers.get('Content-Type'): - raise BadRequest("Content-Type must be application/json") - status = 200 - results = [] + assert 'application/json' in request.headers.get('Content-Type') + status, results = 200, [] + + class Proxy: + pass for obj_id, attrs in request.json: try: - new_values = {key: attrs[key] for key in - set(attrs).intersection(self.attrs)} - self.controller.update({'id': obj_id}, new_values) - results.append('ok') + Proxy.json = attrs + args = self.reqparse_args('write', req=Proxy, default=False) + result = self.controller.update({'id': obj_id}, args) + if result: + results.append('ok') + else: + results.append('nok') except Exception as error: - status = 206 results.append(str(error)) - # if no operation succeded, it's not partial anymore, returning err 500 - if status == 206 and results.count('ok') == 0: + if results.count('ok') == 0: # all failed => 500 status = 500 + elif results.count('ok') != len(results): # some failed => 206 + status = 206 return results, status def delete(self): """will delete several objects, a list of their ids should be in the payload""" - if 'application/json' not in request.headers.get('Content-Type'): - raise BadRequest("Content-Type must be application/json") - status = 204 - results = [] + assert 'application/json' in request.headers.get('Content-Type') + status, results = 204, [] for obj_id in request.json: try: self.controller.delete(obj_id) diff --git a/src/web/views/api/feed.py b/src/web/views/api/feed.py index 604620b4..774bff5f 100644 --- a/src/web/views/api/feed.py +++ b/src/web/views/api/feed.py @@ -1,8 +1,8 @@ -#! /usr/bin/env python -# -*- coding: utf-8 - - -from flask import g +from conf import API_ROOT +from flask import current_app +from flask.ext.restful import Api +from web.views.common import api_permission from web.controllers.feed import (FeedController, DEFAULT_MAX_ERROR, DEFAULT_LIMIT, @@ -13,59 +13,37 @@ from web.views.api.common import PyAggAbstractResource, \ PyAggResourceExisting, \ PyAggResourceMulti -FEED_ATTRS = {'title': {'type': str}, - 'description': {'type': str}, - 'link': {'type': str}, - 'user_id': {'type': int}, - 'category_id': {'type': int}, - 'site_link': {'type': str}, - 'enabled': {'type': bool, 'default': True}, - 'etag': {'type': str, 'default': ''}, - 'icon_url': {'type': str, 'default': ''}, - 'filters': {'type': list}, - 'last_modified': {'type': str}, - 'last_retrieved': {'type': str}, - 'last_error': {'type': str}, - 'error_count': {'type': int, 'default': 0}} class FeedNewAPI(PyAggResourceNew): controller_cls = FeedController - attrs = FEED_ATTRS - to_date = ['date', 'last_retrieved'] + class FeedAPI(PyAggResourceExisting): controller_cls = FeedController - attrs = FEED_ATTRS - to_date = ['date', 'last_retrieved'] + class FeedsAPI(PyAggResourceMulti): controller_cls = FeedController - attrs = FEED_ATTRS - to_date = ['date', 'last_retrieved'] + class FetchableFeedAPI(PyAggAbstractResource): controller_cls = FeedController - to_date = ['date', 'last_retrieved'] attrs = {'max_error': {'type': int, 'default': DEFAULT_MAX_ERROR}, 'limit': {'type': int, 'default': DEFAULT_LIMIT}, - 'refresh_rate': {'type': int, 'default': DEFAULT_REFRESH_RATE}, - 'retreive_all': {'type': bool, 'default': False}} + 'refresh_rate': {'type': int, 'default': DEFAULT_REFRESH_RATE}} + @api_permission.require(http_exception=403) def get(self): - args = self.reqparse_args() - if g.user.refresh_rate: - args['refresh_rate'] = g.user.refresh_rate - - if args.pop('retreive_all', False): - contr = self.wider_controller - else: - contr = self.controller - result = [feed for feed in contr.list_fetchable(**args)] + args = self.reqparse_args(right='read', allow_empty=True) + result = [feed for feed + in self.controller.list_fetchable(**args)] return result or None, 200 if result else 204 -g.api.add_resource(FeedNewAPI, '/feed', endpoint='feed_new.json') -g.api.add_resource(FeedAPI, '/feed/<int:obj_id>', endpoint='feed.json') -g.api.add_resource(FeedsAPI, '/feeds', endpoint='feeds.json') -g.api.add_resource(FetchableFeedAPI, '/feeds/fetchable', - endpoint='fetchable_feed.json') +api = Api(current_app, prefix=API_ROOT) + +api.add_resource(FeedNewAPI, '/feed', endpoint='feed_new.json') +api.add_resource(FeedAPI, '/feed/<int:obj_id>', endpoint='feed.json') +api.add_resource(FeedsAPI, '/feeds', endpoint='feeds.json') +api.add_resource(FetchableFeedAPI, '/feeds/fetchable', + endpoint='fetchable_feed.json') diff --git a/src/web/views/article.py b/src/web/views/article.py index 7996e894..407345c3 100644 --- a/src/web/views/article.py +++ b/src/web/views/article.py @@ -1,14 +1,16 @@ -#! /usr/bin/env python -# -*- coding: utf-8 - from datetime import datetime, timedelta from flask import (Blueprint, g, render_template, redirect, - flash, url_for, request) + flash, url_for, make_response, request) + from flask.ext.babel import gettext -from flask.ext.login import login_required +from flask.ext.login import login_required, current_user + from bootstrap import db +from web.export import export_json, export_html from web.lib.utils import clear_string, redirect_url -from web.controllers import ArticleController +from web.controllers import (ArticleController, UserController, + CategoryController) from web.lib.view_utils import etag_match articles_bp = Blueprint('articles', __name__, url_prefix='/articles') @@ -18,7 +20,7 @@ article_bp = Blueprint('article', __name__, url_prefix='/article') @article_bp.route('/redirect/<int:article_id>', methods=['GET']) @login_required def redirect_to_article(article_id): - contr = ArticleController(g.user.id) + contr = ArticleController(current_user.id) article = contr.get(id=article_id) if not article.readed: contr.update({'id': article.id}, {'readed': True}) @@ -32,7 +34,7 @@ def article(article_id=None): """ Presents the content of an article. """ - article = ArticleController(g.user.id).get(id=article_id) + article = ArticleController(current_user.id).get(id=article_id) previous_article = article.previous_article() if previous_article is None: previous_article = article.source.articles[0] @@ -53,7 +55,7 @@ def like(article_id=None): """ Mark or unmark an article as favorites. """ - art_contr = ArticleController(g.user.id) + art_contr = ArticleController(current_user.id) article = art_contr.get(id=article_id) art_contr = art_contr.update({'id': article_id}, {'like': not article.like}) @@ -66,7 +68,7 @@ def delete(article_id=None): """ Delete an article from the database. """ - article = ArticleController(g.user.id).delete(article_id) + article = ArticleController(current_user.id).delete(article_id) flash(gettext('Article %(article_title)s deleted', article_title=article.title), 'success') return redirect(url_for('home')) @@ -77,9 +79,9 @@ def delete(article_id=None): @articles_bp.route('/history/<int:year>/<int:month>', methods=['GET']) @login_required def history(year=None, month=None): - counter, articles = ArticleController(g.user.id).get_history(year, month) - return render_template('history.html', articles_counter=counter, - articles=articles, year=year, month=month) + cntr, artcles = ArticleController(current_user.id).get_history(year, month) + return render_template('history.html', articles_counter=cntr, + articles=artcles, year=year, month=month) @article_bp.route('/mark_as/<string:new_value>', methods=['GET']) @@ -91,7 +93,7 @@ def mark_as(new_value='read', feed_id=None, article_id=None): Mark all unreaded articles as read. """ readed = new_value == 'read' - art_contr = ArticleController(g.user.id) + art_contr = ArticleController(current_user.id) filters = {'readed': not readed} if feed_id is not None: filters['feed_id'] = feed_id @@ -117,7 +119,7 @@ def expire(): """ current_time = datetime.utcnow() weeks_ago = current_time - timedelta(int(request.args.get('weeks', 10))) - art_contr = ArticleController(g.user.id) + art_contr = ArticleController(current_user.id) query = art_contr.read(__or__={'date__lt': weeks_ago, 'retrieved_date__lt': weeks_ago}) @@ -126,3 +128,47 @@ def expire(): db.session.commit() flash(gettext('%(count)d articles deleted', count=count), 'info') return redirect(redirect_url()) + + +@articles_bp.route('/export', methods=['GET']) +@login_required +def export(): + """ + Export all articles to HTML or JSON. + """ + user = UserController(current_user.id).get(id=current_user.id) + if request.args.get('format') == "HTML": + # Export to HTML + try: + archive_file, archive_file_name = export_html(user) + except Exception as e: + print(e) + flash(gettext("Error when exporting articles."), 'danger') + return redirect(redirect_url()) + response = make_response(archive_file) + response.headers['Content-Type'] = 'application/x-compressed' + response.headers['Content-Disposition'] = 'attachment; filename=%s' \ + % archive_file_name + elif request.args.get('format') == "JSON": + # Export to JSON + try: + json_result = export_json(user) + except Exception as e: + flash(gettext("Error when exporting articles."), 'danger') + return redirect(redirect_url()) + response = make_response(json_result) + response.mimetype = 'application/json' + response.headers["Content-Disposition"] \ + = 'attachment; filename=account.json' + elif request.args.get('format') == "OPML": + categories = {cat.id: cat.dump() + for cat in CategoryController(user.id).read()} + response = make_response(render_template('opml.xml', user=user, + categories=categories, + now=datetime.now())) + response.headers['Content-Type'] = 'application/xml' + response.headers['Content-Disposition'] = 'attachment; filename=feeds.opml' + else: + flash(gettext('Export format not supported.'), 'warning') + return redirect(redirect_url()) + return response diff --git a/src/web/views/category.py b/src/web/views/category.py index 20b90caa..a7447775 100644 --- a/src/web/views/category.py +++ b/src/web/views/category.py @@ -1,6 +1,6 @@ -from flask import g, Blueprint, render_template, flash, redirect, url_for +from flask import Blueprint, render_template, flash, redirect, url_for from flask.ext.babel import gettext -from flask.ext.login import login_required +from flask.ext.login import login_required, current_user from web.forms import CategoryForm from web.lib.utils import redirect_url @@ -17,10 +17,10 @@ category_bp = Blueprint('category', __name__, url_prefix='/category') @etag_match def list_(): "Lists the subscribed feeds in a table." - art_contr = ArticleController(g.user.id) + art_contr = ArticleController(current_user.id) return render_template('categories.html', - categories=list(CategoryController(g.user.id).read()), - feeds_count=FeedController(g.user.id).count_by_category(), + categories=list(CategoryController(current_user.id).read()), + feeds_count=FeedController(current_user.id).count_by_category(), unread_article_count=art_contr.count_by_category(readed=False), article_count=art_contr.count_by_category()) @@ -35,7 +35,7 @@ def form(category_id=None): if category_id is None: return render_template('edit_category.html', action=action, head_titles=head_titles, form=CategoryForm()) - category = CategoryController(g.user.id).get(id=category_id) + category = CategoryController(current_user.id).get(id=category_id) action = gettext('Edit category') head_titles = [action] if category.name: @@ -48,7 +48,7 @@ def form(category_id=None): @category_bp.route('/delete/<int:category_id>', methods=['GET']) @login_required def delete(category_id=None): - category = CategoryController(g.user.id).delete(category_id) + category = CategoryController(current_user.id).delete(category_id) flash(gettext("Category %(category_name)s successfully deleted.", category_name=category.name), 'success') return redirect(redirect_url()) @@ -59,7 +59,7 @@ def delete(category_id=None): @login_required def process_form(category_id=None): form = CategoryForm() - cat_contr = CategoryController(g.user.id) + cat_contr = CategoryController(current_user.id) if not form.validate(): return render_template('edit_category.html', form=form) diff --git a/src/web/views/common.py b/src/web/views/common.py new file mode 100644 index 00000000..690c4d1c --- /dev/null +++ b/src/web/views/common.py @@ -0,0 +1,53 @@ +import json +from functools import wraps +from datetime import datetime +from flask import current_app, Response +from flask.ext.login import login_user +from flask.ext.principal import (Identity, Permission, RoleNeed, + session_identity_loader, identity_changed) +from web.controllers import UserController +from web.lib.utils import default_handler + +admin_role = RoleNeed('admin') +api_role = RoleNeed('api') + +admin_permission = Permission(admin_role) +api_permission = Permission(api_role) + + +def scoped_default_handler(): + if admin_permission.can(): + role = 'admin' + elif api_permission.can(): + role = 'api' + else: + role = 'user' + + @wraps(default_handler) + def wrapper(obj): + return default_handler(obj, role=role) + return wrapper + + +def jsonify(func): + """Will cast results of func as a result, and try to extract + a status_code for the Response object""" + @wraps(func) + def wrapper(*args, **kwargs): + status_code = 200 + result = func(*args, **kwargs) + if isinstance(result, Response): + return result + elif isinstance(result, tuple): + result, status_code = result + return Response(json.dumps(result, default=scoped_default_handler()), + mimetype='application/json', status=status_code) + return wrapper + + +def login_user_bundle(user): + login_user(user) + identity_changed.send(current_app, identity=Identity(user.id)) + session_identity_loader() + UserController(user.id).update( + {'id': user.id}, {'last_seen': datetime.utcnow()}) diff --git a/src/web/views/feed.py b/src/web/views/feed.py index 4a07ac52..69e093b2 100644 --- a/src/web/views/feed.py +++ b/src/web/views/feed.py @@ -1,15 +1,13 @@ -#! /usr/bin/env python -# -*- coding: utf-8 - import logging import requests.exceptions from datetime import datetime, timedelta from sqlalchemy import desc from werkzeug.exceptions import BadRequest -from flask import Blueprint, g, render_template, flash, \ +from flask import Blueprint, render_template, flash, \ redirect, request, url_for from flask.ext.babel import gettext -from flask.ext.login import login_required +from flask.ext.login import login_required, current_user import conf from web import utils @@ -29,9 +27,9 @@ feed_bp = Blueprint('feed', __name__, url_prefix='/feed') @etag_match def feeds(): "Lists the subscribed feeds in a table." - art_contr = ArticleController(g.user.id) + art_contr = ArticleController(current_user.id) return render_template('feeds.html', - feeds=FeedController(g.user.id).read(), + feeds=FeedController(current_user.id).read(), unread_article_count=art_contr.count_by_feed(readed=False), article_count=art_contr.count_by_feed()) @@ -41,12 +39,12 @@ def feeds(): @etag_match def feed(feed_id=None): "Presents detailed information about a feed." - feed = FeedController(g.user.id).get(id=feed_id) + feed = FeedController(current_user.id).get(id=feed_id) word_size = 6 category = None if feed.category_id: - category = CategoryController(g.user.id).get(id=feed.category_id) - articles = ArticleController(g.user.id) \ + category = CategoryController(current_user.id).get(id=feed.category_id) + articles = ArticleController(current_user.id) \ .read(feed_id=feed_id) \ .order_by(desc("date")).all() top_words = utils.top_words(articles, n=50, size=int(word_size)) @@ -76,7 +74,7 @@ def feed(feed_id=None): @feed_bp.route('/delete/<feed_id>', methods=['GET']) @login_required def delete(feed_id=None): - feed_contr = FeedController(g.user.id) + feed_contr = FeedController(current_user.id) feed = feed_contr.get(id=feed_id) feed_contr.delete(feed_id) flash(gettext("Feed %(feed_title)s successfully deleted.", @@ -87,7 +85,7 @@ def delete(feed_id=None): @feed_bp.route('/reset_errors/<int:feed_id>', methods=['GET', 'POST']) @login_required def reset_errors(feed_id): - feed_contr = FeedController(g.user.id) + feed_contr = FeedController(current_user.id) feed = feed_contr.get(id=feed_id) feed_contr.update({'id': feed_id}, {'error_count': 0, 'last_error': ''}) flash(gettext('Feed %(feed_title)r successfully updated.', @@ -98,7 +96,7 @@ def reset_errors(feed_id): @feed_bp.route('/bookmarklet', methods=['GET', 'POST']) @login_required def bookmarklet(): - feed_contr = FeedController(g.user.id) + feed_contr = FeedController(current_user.id) url = (request.args if request.method == 'GET' else request.form)\ .get('url', None) if not url: @@ -128,7 +126,7 @@ def bookmarklet(): feed = feed_contr.create(**feed) flash(gettext('Feed was successfully created.'), 'success') if feed.enabled and conf.CRAWLING_METHOD == "classic": - utils.fetch(g.user.id, feed.id) + utils.fetch(current_user.id, feed.id) flash(gettext("Downloading articles for the new feed..."), 'info') return redirect(url_for('feed.form', feed_id=feed.id)) @@ -146,7 +144,7 @@ def update(action, feed_id=None): if feed_id: filters['feed_id'] = feed_id - ArticleController(g.user.id).update(filters, {'readed': readed}) + ArticleController(current_user.id).update(filters, {'readed': readed}) flash(gettext('Feed successfully updated.'), 'success') return redirect(request.referrer or url_for('home')) @@ -157,14 +155,14 @@ def update(action, feed_id=None): @etag_match def form(feed_id=None): action = gettext("Add a feed") - categories = CategoryController(g.user.id).read() + categories = CategoryController(current_user.id).read() head_titles = [action] if feed_id is None: form = AddFeedForm() form.set_category_choices(categories) return render_template('edit_feed.html', action=action, head_titles=head_titles, form=form) - feed = FeedController(g.user.id).get(id=feed_id) + feed = FeedController(current_user.id).get(id=feed_id) form = AddFeedForm(obj=feed) form.set_category_choices(categories) action = gettext('Edit feed') @@ -181,8 +179,8 @@ def form(feed_id=None): @login_required def process_form(feed_id=None): form = AddFeedForm() - feed_contr = FeedController(g.user.id) - form.set_category_choices(CategoryController(g.user.id).read()) + feed_contr = FeedController(current_user.id) + form.set_category_choices(CategoryController(current_user.id).read()) if not form.validate(): return render_template('edit_feed.html', form=form) @@ -217,7 +215,7 @@ def process_form(feed_id=None): feed_title=new_feed.title), 'success') if conf.CRAWLING_METHOD == "classic": - utils.fetch(g.user.id, new_feed.id) + utils.fetch(current_user.id, new_feed.id) flash(gettext("Downloading articles for the new feed..."), 'info') return redirect(url_for('feed.form', feed_id=new_feed.id)) @@ -230,7 +228,7 @@ def inactives(): List of inactive feeds. """ nb_days = int(request.args.get('nb_days', 365)) - inactives = FeedController(g.user.id).get_inactives(nb_days) + inactives = FeedController(current_user.id).get_inactives(nb_days) return render_template('inactives.html', inactives=inactives, nb_days=nb_days) @@ -241,7 +239,7 @@ def duplicates(feed_id): """ Return duplicates article for a feed. """ - feed, duplicates = FeedController(g.user.id).get_duplicates(feed_id) + feed, duplicates = FeedController(current_user.id).get_duplicates(feed_id) if len(duplicates) == 0: flash(gettext('No duplicates in the feed "{}".').format(feed.title), 'info') diff --git a/src/web/views/home.py b/src/web/views/home.py new file mode 100644 index 00000000..12a06024 --- /dev/null +++ b/src/web/views/home.py @@ -0,0 +1,156 @@ +import logging +from calendar import timegm + +from flask import current_app, render_template, \ + request, flash, url_for, redirect +from flask.ext.login import login_required, current_user +from flask.ext.babel import gettext + +import conf +from web.lib.utils import redirect_url +from web import utils +from web.lib.view_utils import etag_match +from web.models import Article +from web.views.common import jsonify + +from web.controllers import FeedController, \ + ArticleController, CategoryController + +logger = logging.getLogger(__name__) + + +@current_app.route('/') +@login_required +@etag_match +def home(): + return render_template('home.html', cdn=conf.CDN_ADDRESS) + + +@current_app.route('/menu') +@login_required +@etag_match +@jsonify +def get_menu(): + categories_order = [0] + categories = {0: {'name': 'No category', 'id': 0}} + for cat in CategoryController(current_user.id).read().order_by('name'): + categories_order.append(cat.id) + categories[cat.id] = cat + unread = ArticleController(current_user.id).count_by_feed(readed=False) + for cat_id in categories: + categories[cat_id]['unread'] = 0 + categories[cat_id]['feeds'] = [] + feeds = {feed.id: feed for feed in FeedController(current_user.id).read()} + for feed_id, feed in feeds.items(): + feed['created_stamp'] = timegm(feed.created_date.timetuple()) * 1000 + feed['last_stamp'] = timegm(feed.last_retrieved.timetuple()) * 1000 + feed['category_id'] = feed.category_id or 0 + feed['unread'] = unread.get(feed.id, 0) + if not feed.filters: + feed['filters'] = [] + if feed.icon_url: + feed['icon_url'] = url_for('icon.icon', url=feed.icon_url) + categories[feed['category_id']]['unread'] += feed['unread'] + categories[feed['category_id']]['feeds'].append(feed_id) + return {'feeds': feeds, 'categories': categories, + 'categories_order': categories_order, + 'crawling_method': conf.CRAWLING_METHOD, + 'max_error': conf.DEFAULT_MAX_ERROR, + 'error_threshold': conf.ERROR_THRESHOLD, + 'is_admin': current_user.is_admin, + 'all_unread_count': sum(unread.values())} + + +def _get_filters(in_dict): + filters = {} + query = in_dict.get('query') + if query: + search_title = in_dict.get('search_title') == 'true' + search_content = in_dict.get('search_content') == 'true' + if search_title: + filters['title__ilike'] = "%%%s%%" % query + if search_content: + filters['content__ilike'] = "%%%s%%" % query + if len(filters) == 0: + filters['title__ilike'] = "%%%s%%" % query + if len(filters) > 1: + filters = {"__or__": filters} + if in_dict.get('filter') == 'unread': + filters['readed'] = False + elif in_dict.get('filter') == 'liked': + filters['like'] = True + filter_type = in_dict.get('filter_type') + if filter_type in {'feed_id', 'category_id'} and in_dict.get('filter_id'): + filters[filter_type] = int(in_dict['filter_id']) or None + return filters + + +@jsonify +def _articles_to_json(articles, fd_hash=None): + return {'articles': [{'title': art.title, 'liked': art.like, + 'read': art.readed, 'article_id': art.id, 'selected': False, + 'feed_id': art.feed_id, 'category_id': art.category_id or 0, + 'feed_title': fd_hash[art.feed_id]['title'] if fd_hash else None, + 'icon_url': fd_hash[art.feed_id]['icon_url'] if fd_hash else None, + 'date': art.date, 'timestamp': timegm(art.date.timetuple()) * 1000} + for art in articles.limit(1000)]} + + +@current_app.route('/middle_panel') +@login_required +@etag_match +def get_middle_panel(): + filters = _get_filters(request.args) + art_contr = ArticleController(current_user.id) + fd_hash = {feed.id: {'title': feed.title, + 'icon_url': url_for('icon.icon', url=feed.icon_url) + if feed.icon_url else None} + for feed in FeedController(current_user.id).read()} + articles = art_contr.read(**filters).order_by(Article.date.desc()) + return _articles_to_json(articles, fd_hash) + + +@current_app.route('/getart/<int:article_id>') +@current_app.route('/getart/<int:article_id>/<parse>') +@login_required +@etag_match +@jsonify +def get_article(article_id, parse=False): + contr = ArticleController(current_user.id) + article = contr.get(id=article_id) + if not article.readed: + article['readed'] = True + contr.update({'id': article_id}, {'readed': True}) + article['category_id'] = article.category_id or 0 + feed = FeedController(current_user.id).get(id=article.feed_id) + article['icon_url'] = url_for('icon.icon', url=feed.icon_url) \ + if feed.icon_url else None + return article + + +@current_app.route('/mark_all_as_read', methods=['PUT']) +@login_required +def mark_all_as_read(): + filters = _get_filters(request.json) + acontr = ArticleController(current_user.id) + processed_articles = _articles_to_json(acontr.read_light(**filters)) + acontr.update(filters, {'readed': True}) + return processed_articles + + +@current_app.route('/fetch', methods=['GET']) +@current_app.route('/fetch/<int:feed_id>', methods=['GET']) +@login_required +def fetch(feed_id=None): + """ + Triggers the download of news. + News are downloaded in a separated process, mandatory for Heroku. + """ + if conf.CRAWLING_METHOD == "classic" \ + and (not conf.ON_HEROKU or current_user.is_admin): + utils.fetch(current_user.id, feed_id) + flash(gettext("Downloading articles..."), "info") + else: + flash(gettext("The manual retrieving of news is only available " + + "for administrator, on the Heroku platform."), "info") + return redirect(redirect_url()) diff --git a/src/web/views/session_mgmt.py b/src/web/views/session_mgmt.py new file mode 100644 index 00000000..65be856c --- /dev/null +++ b/src/web/views/session_mgmt.py @@ -0,0 +1,92 @@ +import json +import logging + +from werkzeug.exceptions import NotFound +from flask import (render_template, flash, session, request, + url_for, redirect, current_app) +from flask.ext.babel import gettext +from flask.ext.login import LoginManager, logout_user, \ + login_required, current_user +from flask.ext.principal import (Principal, AnonymousIdentity, UserNeed, + identity_changed, identity_loaded, + session_identity_loader) + +import conf +from web.views.common import admin_role, api_role, login_user_bundle +from web.controllers import UserController +from web.forms import SignupForm, SigninForm + +Principal(current_app) +# Create a permission with a single Need, in this case a RoleNeed. + +login_manager = LoginManager() +login_manager.init_app(current_app) +login_manager.login_view = 'login' + +logger = logging.getLogger(__name__) + + +@identity_loaded.connect_via(current_app._get_current_object()) +def on_identity_loaded(sender, identity): + # Set the identity user object + identity.user = current_user + + # Add the UserNeed to the identity + if current_user.is_authenticated: + identity.provides.add(UserNeed(current_user.id)) + if current_user.is_admin: + identity.provides.add(admin_role) + if current_user.is_api: + identity.provides.add(api_role) + + +@login_manager.user_loader +def load_user(user_id): + return UserController(user_id, ignore_context=True).get( + id=user_id, is_active=True) + + +@current_app.route('/login', methods=['GET', 'POST']) +def login(): + if current_user.is_authenticated: + return redirect(url_for('home')) + form = SigninForm() + if form.validate_on_submit(): + login_user_bundle(form.user) + return form.redirect('home') + return render_template('login.html', form=form) + + +@current_app.route('/logout') +@login_required +def logout(): + # Remove the user information from the session + logout_user() + + # Remove session keys set by Flask-Principal + for key in ('identity.name', 'identity.auth_type'): + session.pop(key, None) + + # Tell Flask-Principal the user is anonymous + identity_changed.send(current_app, identity=AnonymousIdentity()) + session_identity_loader() + + return redirect(url_for('login')) + + +@current_app.route('/signup', methods=['GET', 'POST']) +def signup(): + if not conf.SELF_REGISTRATION: + flash(gettext("Self-registration is disabled."), 'warning') + return redirect(url_for('home')) + if current_user.is_authenticated: + return redirect(url_for('home')) + + form = SignupForm() + if form.validate_on_submit(): + user = UserController().create(login=form.login.data, + email=form.email.data, password=form.password.data) + login_user_bundle(user) + return redirect(url_for('home')) + + return render_template('signup.html', form=form) diff --git a/src/web/views/user.py b/src/web/views/user.py index 06dc2089..24f9bedb 100644 --- a/src/web/views/user.py +++ b/src/web/views/user.py @@ -3,7 +3,7 @@ import random from flask import (Blueprint, g, render_template, redirect, flash, url_for, request) from flask.ext.babel import gettext -from flask.ext.login import login_required +from flask.ext.login import login_required, current_user import conf from web import utils, notifications @@ -30,9 +30,9 @@ def management(): flash(gettext('File not allowed.'), 'danger') else: try: - nb = utils.import_opml(g.user.email, data.read()) + nb = utils.import_opml(current_user.email, data.read()) if conf.CRAWLING_METHOD == "classic": - utils.fetch(g.user.email, None) + utils.fetch(current_user.email, None) flash(str(nb) + ' ' + gettext('feeds imported.'), "success") flash(gettext("Downloading articles..."), 'info') @@ -46,7 +46,7 @@ def management(): flash(gettext('File not allowed.'), 'danger') else: try: - nb = utils.import_json(g.user.email, data.read()) + nb = utils.import_json(current_user.email, data.read()) flash(gettext('Account imported.'), "success") except: flash(gettext("Impossible to import the account."), @@ -54,11 +54,11 @@ def management(): else: flash(gettext('File not allowed.'), 'danger') - nb_feeds = FeedController(g.user.id).read().count() - art_contr = ArticleController(g.user.id) + nb_feeds = FeedController(current_user.id).read().count() + art_contr = ArticleController(current_user.id) nb_articles = art_contr.read().count() nb_unread_articles = art_contr.read(readed=False).count() - return render_template('management.html', user=g.user, + return render_template('management.html', user=current_user, nb_feeds=nb_feeds, nb_articles=nb_articles, nb_unread_articles=nb_unread_articles) @@ -69,13 +69,13 @@ def profile(): """ Edit the profile of the currently logged user. """ - user_contr = UserController(g.user.id) - user = user_contr.get(id=g.user.id) + user_contr = UserController(current_user.id) + user = user_contr.get(id=current_user.id) form = ProfileForm() if request.method == 'POST': if form.validate(): - user_contr.update({'id': g.user.id}, + user_contr.update({'id': current_user.id}, {'nickname': form.nickname.data, 'email': form.email.data, 'password': form.password.data, @@ -98,7 +98,7 @@ def delete_account(): """ Delete the account of the user (with all its data). """ - UserController(g.user.id).delete(g.user.id) + UserController(current_user.id).delete(current_user.id) flash(gettext('Your account has been deleted.'), 'success') return redirect(url_for('login')) diff --git a/src/web/views/views.py b/src/web/views/views.py index b31322eb..b23a41a1 100644 --- a/src/web/views/views.py +++ b/src/web/views/views.py @@ -1,422 +1,46 @@ -#! /usr/bin/env python -# -*- coding: utf-8 -*- - -# jarr - A Web based news aggregator. -# Copyright (C) 2010-2016 Cédric Bonhomme - https://www.cedricbonhomme.org -# -# For more information : https://github.com/JARR-aggregator/JARR -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. - -__author__ = "Cedric Bonhomme" -__version__ = "$Revision: 5.3 $" -__date__ = "$Date: 2010/01/29 $" -__revision__ = "$Date: 2014/08/27 $" -__copyright__ = "Copyright (c) Cedric Bonhomme" -__license__ = "AGPLv3" - -import os import logging -import datetime - -from bootstrap import application as app, db -from flask import render_template, request, flash, session, \ - url_for, redirect, g, current_app, make_response -from flask.ext.login import LoginManager, login_user, logout_user, \ - login_required, current_user, AnonymousUserMixin -from flask.ext.principal import Principal, Identity, AnonymousIdentity, \ - identity_changed, identity_loaded, Permission,\ - RoleNeed, UserNeed +from flask import (request, render_template, flash, + url_for, redirect, current_app) from flask.ext.babel import gettext -from sqlalchemy.exc import IntegrityError -from werkzeug import generate_password_hash -import conf -from web.lib.utils import redirect_url -from web import utils, notifications, export +from conf import API_ROOT from web.lib.view_utils import etag_match -from web.models import User, Article, Role -from web.forms import SignupForm, SigninForm - -from web.controllers import UserController, FeedController, \ - ArticleController, CategoryController - - -Principal(app) -# Create a permission with a single Need, in this case a RoleNeed. -admin_permission = Permission(RoleNeed('admin')) - -login_manager = LoginManager() -login_manager.init_app(app) -login_manager.login_message = gettext('Authentication required.') -login_manager.login_message_category = "info" -login_manager.login_view = 'login' logger = logging.getLogger(__name__) -# -# Management of the user's session. -# -@identity_loaded.connect_via(app) -def on_identity_loaded(sender, identity): - # Set the identity user object - identity.user = current_user - - # Add the UserNeed to the identity - if hasattr(current_user, 'id'): - identity.provides.add(UserNeed(current_user.id)) - - # Assuming the User model has a list of roles, update the - # identity with the roles that the user provides - if hasattr(current_user, 'roles'): - for role in current_user.roles: - identity.provides.add(RoleNeed(role.name)) - - -@app.before_request -def before_request(): - g.user = current_user - if g.user.is_authenticated: - g.user.last_seen = datetime.datetime.utcnow() - db.session.add(g.user) - db.session.commit() - - -@login_manager.user_loader -def load_user(id): - # Return an instance of the User model - return UserController().get(id=id) - - -# -# Custom error pages. -# -@app.errorhandler(401) -def authentication_required(e): +@current_app.errorhandler(401) +def authentication_required(error): + if API_ROOT in request.url: + return error flash(gettext('Authentication required.'), 'info') return redirect(url_for('login')) -@app.errorhandler(403) -def authentication_failed(e): +@current_app.errorhandler(403) +def authentication_failed(error): + if API_ROOT in request.url: + return error flash(gettext('Forbidden.'), 'danger') return redirect(url_for('login')) -@app.errorhandler(404) -def page_not_found(e): +@current_app.errorhandler(404) +def page_not_found(error): return render_template('errors/404.html'), 404 -@app.errorhandler(500) -def internal_server_error(e): +@current_app.errorhandler(500) +def internal_server_error(error): return render_template('errors/500.html'), 500 -@g.babel.localeselector -def get_locale(): - """ - Called before each request to give us a chance to choose - the language to use when producing its response. - """ - return request.accept_languages.best_match(conf.LANGUAGES.keys()) - - -@g.babel.timezoneselector -def get_timezone(): - try: - return conf.TIME_ZONE[get_locale()] - except: - return conf.TIME_ZONE["en"] - - -# -# Views. -# -@app.route('/login', methods=['GET', 'POST']) -def login(): - """ - Log in view. - """ - if g.user is not None and g.user.is_authenticated: - return redirect(url_for('home')) - g.user = AnonymousUserMixin() - form = SigninForm() - if form.validate_on_submit(): - user = UserController().get(email=form.email.data) - login_user(user) - g.user = user - session['email'] = form.email.data - identity_changed.send(current_app._get_current_object(), - identity=Identity(user.id)) - return form.redirect('home') - return render_template('login.html', form=form) - - -@app.route('/logout') -@login_required -def logout(): - """ - Log out view. Removes the user information from the session. - """ - session.pop('email', None) - - # Remove the user information from the session - logout_user() - - # Remove session keys set by Flask-Principal - for key in ('identity.name', 'identity.auth_type'): - session.pop(key, None) - - # Tell Flask-Principal the user is anonymous - identity_changed.send(current_app._get_current_object(), - identity=AnonymousIdentity()) - - flash(gettext("Logged out successfully."), 'success') - return redirect(url_for('login')) - - -@app.route('/signup', methods=['GET', 'POST']) -def signup(): - """ - Signup page. - """ - if int(os.environ.get("SELF_REGISTRATION", 0)) != 1: - flash(gettext("Self-registration is disabled."), 'warning') - return redirect(url_for('home')) - if g.user is not None and g.user.is_authenticated: - return redirect(url_for('home')) +@current_app.errorhandler(AssertionError) +def handle_sqlalchemy_assertion_error(error): + return error.args[0], 400 - form = SignupForm() - if form.validate_on_submit(): - role_user = Role.query.filter(Role.name == "user").first() - user = User(nickname=form.nickname.data, - email=form.email.data, - pwdhash=generate_password_hash(form.password.data)) - user.roles = [role_user] - db.session.add(user) - try: - db.session.commit() - except IntegrityError: - flash(gettext('Email already used.'), 'warning') - return render_template('signup.html', form=form) - - # Send the confirmation email - try: - notifications.new_account_notification(user) - except Exception as error: - flash(gettext('Problem while sending activation email: %(error)s', - error=error), 'danger') - return redirect(url_for('home')) - - flash(gettext('Your account has been created. ' - 'Check your mail to confirm it.'), 'success') - return redirect(url_for('home')) - - return render_template('signup.html', form=form) - - -from calendar import timegm -from flask import jsonify - - -@app.route('/') -@login_required -@etag_match -def home(): - return render_template('home.html', cdn=conf.CDN_ADDRESS) - - -@app.route('/menu') -@login_required -def get_menu(): - categories_order = [0] - categories = {0: {'name': 'No category', 'id': 0}} - for cat in CategoryController(g.user.id).read().order_by('name'): - categories_order.append(cat.id) - categories[cat.id] = cat.dump() - unread = ArticleController(g.user.id).count_by_feed(readed=False) - for cat_id in categories: - categories[cat_id]['unread'] = 0 - categories[cat_id]['feeds'] = [] - feeds = {feed.id: feed.dump() for feed in FeedController(g.user.id).read()} - for feed_id, feed in feeds.items(): - feed['created_stamp'] = timegm(feed['created_date'].timetuple()) * 1000 - feed['last_stamp'] = timegm(feed['last_retrieved'].timetuple()) * 1000 - feed['category_id'] = feed['category_id'] or 0 - feed['unread'] = unread.get(feed['id'], 0) - if not feed['filters']: - feed['filters'] = [] - if feed.get('icon_url'): - feed['icon_url'] = url_for('icon.icon', url=feed['icon_url']) - categories[feed['category_id']]['unread'] += feed['unread'] - categories[feed['category_id']]['feeds'].append(feed_id) - return jsonify(**{'feeds': feeds, 'categories': categories, - 'categories_order': categories_order, - 'crawling_method': conf.CRAWLING_METHOD, - 'max_error': conf.DEFAULT_MAX_ERROR, - 'error_threshold': conf.ERROR_THRESHOLD, - 'is_admin': g.user.is_admin(), - 'all_unread_count': sum(unread.values())}) - - -def _get_filters(in_dict): - filters = {} - query = in_dict.get('query') - if query: - search_title = in_dict.get('search_title') == 'true' - search_content = in_dict.get('search_content') == 'true' - if search_title: - filters['title__ilike'] = "%%%s%%" % query - if search_content: - filters['content__ilike'] = "%%%s%%" % query - if len(filters) == 0: - filters['title__ilike'] = "%%%s%%" % query - if len(filters) > 1: - filters = {"__or__": filters} - if in_dict.get('filter') == 'unread': - filters['readed'] = False - elif in_dict.get('filter') == 'liked': - filters['like'] = True - filter_type = in_dict.get('filter_type') - if filter_type in {'feed_id', 'category_id'} and in_dict.get('filter_id'): - filters[filter_type] = int(in_dict['filter_id']) or None - return filters - - -def _articles_to_json(articles, fd_hash=None): - return jsonify(**{'articles': [{'title': art.title, 'liked': art.like, - 'read': art.readed, 'article_id': art.id, 'selected': False, - 'feed_id': art.feed_id, 'category_id': art.category_id or 0, - 'feed_title': fd_hash[art.feed_id]['title'] if fd_hash else None, - 'icon_url': fd_hash[art.feed_id]['icon_url'] if fd_hash else None, - 'date': art.date, 'timestamp': timegm(art.date.timetuple()) * 1000} - for art in articles.limit(1000)]}) - - -@app.route('/middle_panel') -@login_required -def get_middle_panel(): - filters = _get_filters(request.args) - art_contr = ArticleController(g.user.id) - fd_hash = {feed.id: {'title': feed.title, - 'icon_url': url_for('icon.icon', url=feed.icon_url) - if feed.icon_url else None} - for feed in FeedController(g.user.id).read()} - articles = art_contr.read(**filters).order_by(Article.date.desc()) - return _articles_to_json(articles, fd_hash) - - -@app.route('/getart/<int:article_id>') -@login_required -def get_article(article_id): - contr = ArticleController(g.user.id) - article = contr.get(id=article_id).dump() - if not article['readed']: - contr.update({'id': article_id}, {'readed': True}) - article['category_id'] = article['category_id'] or 0 - feed = FeedController(g.user.id).get(id=article['feed_id']) - article['icon_url'] = url_for('icon.icon', url=feed.icon_url) \ - if feed.icon_url else None - return jsonify(**article) - - -@app.route('/mark_all_as_read', methods=['PUT']) -@login_required -def mark_all_as_read(): - filters, acontr = _get_filters(request.json), ArticleController(g.user.id) - articles = _articles_to_json(acontr.read(**filters)) - acontr.update(filters, {'readed': True}) - return articles - - -@app.route('/fetch', methods=['GET']) -@app.route('/fetch/<int:feed_id>', methods=['GET']) -@login_required -def fetch(feed_id=None): - """ - Triggers the download of news. - News are downloaded in a separated process, mandatory for Heroku. - """ - if conf.CRAWLING_METHOD == "classic" \ - and (not conf.ON_HEROKU or g.user.is_admin()): - utils.fetch(g.user.id, feed_id) - flash(gettext("Downloading articles..."), "info") - else: - flash(gettext("The manual retrieving of news is only available " + - "for administrator, on the Heroku platform."), "info") - return redirect(redirect_url()) - - -@app.route('/about', methods=['GET']) +@current_app.route('/about', methods=['GET']) @etag_match def about(): - """ - 'About' page. - """ return render_template('about.html') - - -@app.route('/export', methods=['GET']) -@login_required -def export_articles(): - """ - Export all articles to HTML or JSON. - """ - user = UserController(g.user.id).get(id=g.user.id) - if request.args.get('format') == "HTML": - # Export to HTML - try: - archive_file, archive_file_name = export.export_html(user) - except: - flash(gettext("Error when exporting articles."), 'danger') - return redirect(redirect_url()) - response = make_response(archive_file) - response.headers['Content-Type'] = 'application/x-compressed' - response.headers['Content-Disposition'] = 'attachment; filename=%s' \ - % archive_file_name - elif request.args.get('format') == "JSON": - # Export to JSON - try: - json_result = export.export_json(user) - except: - flash(gettext("Error when exporting articles."), 'danger') - return redirect(redirect_url()) - response = make_response(json_result) - response.mimetype = 'application/json' - response.headers["Content-Disposition"] \ - = 'attachment; filename=account.json' - else: - flash(gettext('Export format not supported.'), 'warning') - return redirect(redirect_url()) - return response - - -@app.route('/export_opml', methods=['GET']) -@login_required -def export_opml(): - """ - Export all feeds to OPML. - """ - user = UserController(g.user.id).get(id=g.user.id) - categories = {cat.id: cat.dump() - for cat in CategoryController(g.user.id).read()} - response = make_response(render_template('opml.xml', user=user, - categories=categories, - now=datetime.datetime.now())) - response.headers['Content-Type'] = 'application/xml' - response.headers['Content-Disposition'] = 'attachment; filename=feeds.opml' - return response |