Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
if "name" in request.params and request.params["name"]:
user_or_group = request.params["name"]
principal = principals.search(name=user_or_group).first()
if principal is None:
request.session.flash(_("User was not found."), "error")
else:
is_group = user_or_group.startswith("group:")
principal_type = _("Group") if is_group else _("User")
# We already coming from the confirmation page.
if "delete" in request.POST:
principals.__delitem__(principal.name)
notify(UserDeleted(principal, request))
request.session.flash(
_(
"${principal_type} ${title} was deleted.",
mapping=dict(
principal_type=principal_type, title=principal.title
),
),
"info",
)
location = "{0}/@@setup-users".format(request.application_url)
return HTTPFound(location=location)
api = template_api(
context,
request,
page_title=_(
"Delete ${principal_type} ${title}",
mapping=dict(principal_type=principal_type, title=principal.title),
login, password = "", ""
if "submit" in request.POST:
login = request.params["login"].lower()
password = request.params["password"]
user = _find_user(login)
if (
user is not None
and user.active
and principals.validate_password(password, user.password)
):
return get_settings()["kotti.login_success_callback"][0](
request, user, came_from
)
request.session.flash(_("Login failed."), "error")
if "reset-password" in request.POST:
login = request.params["login"]
user = _find_user(login)
if user is not None and user.active:
return get_settings()["kotti.reset_password_callback"][0](request, user)
else:
request.session.flash(
_("That username or email is not known by this system."), "error"
)
return {
"url": request.application_url + "/@@login",
"came_from": came_from,
"login": login,
"password": password,
def set_visibility(self, show):
"""
Do the real work to set the visibility of nodes in the menu. Called
by the show and the hide view.
:result: Redirect response to the referrer of the request.
:rtype: pyramid.httpexceptions.HTTPFound
"""
ids = self._selected_children()
for id in ids:
child = DBSession.query(Node).get(id)
if child.in_navigation != show:
child.in_navigation = show
mapping = dict(title=child.title)
if show:
msg = _(u'${title} is now visible in the navigation.',
mapping=mapping)
else:
msg = _(u'${title} is no longer visible in the navigation.',
mapping=mapping)
self.flash(msg, 'success')
if not self.request.is_xhr:
return self.back()
if "rename_nodes" in self.request.POST:
ids = self.request.POST.getall("children-to-rename")
for id in ids:
item = DBSession.query(Node).get(id)
name = self.request.POST[id + "-name"]
title = self.request.POST[id + "-title"]
if not name or not title:
self.flash(_("Name and title are required."), "error")
location = resource_url(
self.context, self.request, "@@rename_nodes"
)
return HTTPFound(location=location)
else:
item.name = title_to_name(name, blacklist=self.context.keys())
item.title = title
self.flash(_("Your changes have been saved."), "success")
return self.back("@@contents")
if "cancel" in self.request.POST:
self.flash(_("No changes were made."), "info")
return self.back("@@contents")
ids = self._selected_children(add_context=False)
items = []
if ids is not None:
items = DBSession.query(Node).filter(Node.id.in_(ids)).all()
return {"items": items}
:rtype: list
"""
buttons = []
if get_paste_items(context, request):
buttons.append(ActionButton("paste", title=_("Paste"), no_children=True))
if context.children:
buttons.append(ActionButton("copy", title=_("Copy")))
buttons.append(ActionButton("cut", title=_("Cut")))
buttons.append(
ActionButton("rename_nodes", title=_("Rename"), css_class="btn btn-warning")
)
buttons.append(
ActionButton("delete_nodes", title=_("Delete"), css_class="btn btn-danger")
)
if get_workflow(context) is not None:
buttons.append(ActionButton("change_state", title=_("Change State")))
buttons.append(ActionButton("up", title=_("Move up")))
buttons.append(ActionButton("down", title=_("Move down")))
buttons.append(ActionButton("show", title=_("Show")))
buttons.append(ActionButton("hide", title=_("Hide")))
return [button for button in buttons if button.permitted(context, request)]
)
root["about"] = Document(**localized_about_attrs)
wf = get_workflow(root)
if wf is not None:
DBSession.flush() # Initializes workflow
wf.transition_to_state(root, None, "public")
populate_users()
_ROOT_ATTRS = dict(
name="", # (at the time of writing) root must have empty name!
title=_("Welcome to Kotti"),
description=_("Congratulations! You have successfully installed Kotti."),
body=_(
"""
<h2>Log in</h2>
<p>
You can <a href="login" class="btn btn-success">log in</a> to your site
and start changing its contents. If you haven't chosen a password for
your admin account yet, it'll likely be <em>qwerty</em>.
</p>
<p>
Once you're logged in, you'll see the grey editor bar below the top
navigation bar. It will allow you to switch between editing and viewing the
current page as it will appear to your visitors.
</p>
<div class="row">
<div class="col-md-4">
<h2>Configure</h2>
<p></p></div></div>
ids = self.request.POST.getall("children-to-change-state")
to_state = self.request.POST.get("to-state", "no-change")
include_children = self.request.POST.get("include-children")
if to_state != "no-change":
items = DBSession.query(Node).filter(Node.id.in_(ids)).all()
for item in items:
wf = get_workflow(item)
if wf is not None:
wf.transition_to_state(item, self.request, to_state)
if include_children:
childs = self._all_children(item, permission="state_change")
for child in childs:
wf = get_workflow(child)
if wf is not None:
wf.transition_to_state(child, self.request, to_state)
self.flash(_("Your changes have been saved."), "success")
else:
self.flash(_("No changes were made."), "info")
return self.back("@@contents")
if "cancel" in self.request.POST:
self.flash(_("No changes were made."), "info")
return self.back("@@contents")
ids = self._selected_children(add_context=False)
items = transitions = []
if ids is not None:
wf = get_workflow(self.context)
if wf is not None:
items = DBSession.query(Node).filter(Node.id.in_(ids)).all()
for item in items:
trans_info = wf.get_transitions(item, self.request)
tag = DBSession.query(Tag).filter_by(title=title).first()
if tag is None:
tag = Tag(title=title)
return cls(tag=tag)
# noinspection PyUnusedLocal
def _not_root(context: Node, request: Request) -> bool:
return context is not get_root()
default_actions = [
Link("copy", title=_("Copy")),
Link("cut", title=_("Cut"), predicate=_not_root),
Link("paste", title=_("Paste"), predicate=get_paste_items),
Link("rename", title=_("Rename"), predicate=_not_root),
Link("delete", title=_("Delete"), predicate=_not_root),
LinkRenderer("default-view-selector"),
]
default_type_info = TypeInfo(
name="Content",
title="type_info title missing", # BBB
add_view=None,
addable_to=[],
edit_links=[
Link("contents", title=_("Contents")),
Link("edit", title=_("Edit")),
Link("share", title=_("Share")),
LinkParent(title=_("Actions"), children=default_actions),
],
def user_delete(context, request):
principals = get_principals()
if "name" in request.params and request.params["name"]:
user_or_group = request.params["name"]
principal = principals.search(name=user_or_group).first()
if principal is None:
request.session.flash(_("User was not found."), "error")
else:
is_group = user_or_group.startswith("group:")
principal_type = _("Group") if is_group else _("User")
# We already coming from the confirmation page.
if "delete" in request.POST:
principals.__delitem__(principal.name)
notify(UserDeleted(principal, request))
request.session.flash(
_(
"${principal_type} ${title} was deleted.",
mapping=dict(
principal_type=principal_type, title=principal.title
),
),
"info",
)
location = "{0}/@@setup-users".format(request.application_url)
return HTTPFound(location=location)