File submission and user management works. Holy cow\!

pflarr · Sep 2, 2011 · f0133dc · f0133dc
1 parent e6cc7ea
commit f0133dc
Show file tree

Hide file tree

Showing 9 changed files with 267 additions and 113 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,3 @@
 *.pyc
 *.swp
+basic_site.db
diff --git a/basic_site/__init__.py b/basic_site/__init__.py
@@ -31,5 +31,15 @@ def main(global_config, **settings):
     config.add_view('basic_site.views.home',
                     route_name='home',
                     renderer='basic_site:templates/main.mako')
+    config.add_route('users', '/users')
+    config.add_view('basic_site.views.users', route_name='users',
+                    renderer='basic_site:templates/users.mako')
+    config.add_route('file', '/file/{name}*rev')
+    config.add_view('basic_site.views.file', route_name='file')
+    config.add_route('files', '/files/')
+    config.add_view('basic_site.views.files', route_name='files',
+                    renderer='basic_site:templates/files.mako')
+    config.add_route('logout', '/logout/')
+    config.add_view('basic_site.views.logout', route_name='logout')
     return config.make_wsgi_app()
 
diff --git a/basic_site/models.py b/basic_site/models.py
@@ -1,25 +1,36 @@
+import datetime
+
 from sqlalchemy import create_engine, Column, ForeignKey
-from sqlalchemy.orm import sessionmaker, scoped_session
 from sqlalchemy.ext.declarative import declarative_base
+import sqlalchemy.orm
+from sqlalchemy.orm import sessionmaker, scoped_session
 from sqlalchemy.types import String, DateTime, Integer, Boolean
 
+from pyramid.security import Allow, Everyone
+import transaction
+
 from zope.sqlalchemy import ZopeTransactionExtension
 
 from z3c.bcrypt import BcryptPasswordManager
 manager = BcryptPasswordManager()
 
-from pyramid.security import Allow, Everyone
-
-import sqlalchemy.orm
-
 DBSession = scoped_session(sessionmaker(extension=ZopeTransactionExtension()))
 Base = declarative_base()
 
+DEFAULT_ADMIN_PW = 'change_this!'
 def initialize_sql(engine):
     DBSession.configure(bind=engine)
     Base.metadata.bind = engine
     Base.metadata.create_all(engine)
 
+    session = DBSession()
+    admin = session.query(User).get('admin')
+    if not admin:
+        admin = User('admin', DEFAULT_ADMIN_PW, True, 'Admin')
+        session.add(admin)
+        session.flush()
+        transaction.commit()
+
 class RootFactory(object):
     __acl__ = [ (Allow, Everyone, 'view'),
                 (Allow, 'group:editors', 'edit'),
@@ -28,7 +39,7 @@ def __init__(self, request):
         pass
 
 class User(Base):
-    __tablename__ = 'Users'
+    __tablename__ = 'users'
     uid = Column(String(10), primary_key=True)
     pw_hash = Column(String(), nullable=False)
     admin = Column(Boolean(), nullable=False)
@@ -49,12 +60,10 @@ def check_pw(self, passwd):
         return manager.checkPassword(self.pw_hash, passwd)
 
     def change_pw(self, new):
-        """Verifies the old pw before changing it to new. Returns True if
-    successful."""
-        self.pw_hash = manager.encodePassword(pw)
+        self.pw_hash = manager.encodePassword(new)
 
 class Post(Base):
-    __tablename__ = 'Post'
+    __tablename__ = 'posts'
     id = Column(Integer(), primary_key=True)
     created = Column(DateTime(), nullable=False)
     creator = Column(String(10), nullable=False)
@@ -113,7 +122,7 @@ def restore(self, user):
         session.flush()
 
 class Page(Base):
-    __tablename__ = 'Page'
+    __tablename__ = 'pages'
     id = Column(Integer(), primary_key=True)
     name = Column(String(15), unique=True)
     created = Column(DateTime(), nullable=False)
@@ -170,3 +179,16 @@ def restore(self, user):
             page = Page(user, self.name, self.contents, self.created)
             session.add(page)
         session.flush() 
+
+class File(Base):
+    __tablename__ = 'files';
+    id = Column(Integer, primary_key=True)
+    name = Column(String, nullable=False)
+    submitter = Column(String, nullable=False)
+    changed = Column(DateTime, nullable=False)
+    size = Column(Integer)
+
+    def __init__(self, name, submitter):
+        self.name = name
+        self.submitter = submitter
+        self.changed = datetime.datetime.now()
diff --git a/basic_site/templates/files.mako b/basic_site/templates/files.mako
@@ -0,0 +1,12 @@
+<%include file="head.mako" />
+
+<DIV id="main">
+  <FORM method="POST" action="${request.route_url('files')}"
+        enctype="multipart/form-data">
+    <INPUT type="file" name="data">
+    <BUTTON type="submit">Submit File</BUTTON>
+  <FORM>
+
+</DIV>
+
+<%include file="foot.mako" />
diff --git a/basic_site/templates/head.mako b/basic_site/templates/head.mako
@@ -1,23 +1,23 @@
 <HTML>
 <HEAD>
-    <TITLE>${request.registry.settings['site_name'] + page.subtitle|h}</TITLE>
+    <TITLE>${request.registry.settings['site_name'] + page_subtitle|h}</TITLE>
     <LINK type="text/css" rel="stylesheet"
           href="${request.static_url('basic_site:static/base.css')}">
 </HEAD>
 <DIV id="head">
-    <IMG src="files/logo.png">
+    <IMG src="${request.route_url('file',name='logo.png',rev='')}">
     <DIV id="login">
-  % if uid == None:
+  % if user == None:
       <FORM action='' method="POST">
-        Login:
         <LABEL target="user">User</LABEL>
         <INPUT type="text" name="user"> 
         <LABEL target="passwd">Password</LABEL>
         <INPUT type="password" name="passwd">
+        <BUTTON type="submit">Login</BUTTON>
       </FORM>
   % else:
-      Logged in as <STRONG>${uid}</STRONG> 
-      (<A href="${request.application_url}/logout">logout</A>)
+      Logged in as <STRONG>${user.uid}</STRONG> 
+      (<A href="${request.route_url('logout')}">logout</A>)
   % endif
     </DIV>
 </DIV>
@@ -30,15 +30,20 @@
             return ''
 %>
 <DIV id=pages>
-    <ul>
-    <LI><A href="news.cgi" ${cur_class('*Main')}>Main</A>
+  <UL>
+    <LI><A href="${request.route_url('home')}" ${cur_class('*Main')}>Main</A>
+  % if user:
+    <LI><A href="${request.route_url('users')}" 
+           ${cur_class('*Users')}>Users</A>
+    <LI><A href="${request.route_url('files')}"
+           ${cur_class('*Files')}>Files</A>
+  % endif
   % for page in menu_pages:
-    <LI><A href="${request.route_url('page', id=page.id)}"
+    <LI><A href="${request.route_url('page', id=page.id)}">grarg</A>
   % endfor
+  </UL>
 </DIV>
 
-% if 'message' in request.params:
-  <DIV class="message">${request.params['message']|h}</DIV>
-% elif message:
-  <DIV class="message">${message|h}</DIV>
+% if message:
+    <DIV class="message">${message|h}</DIV>
 % endif
diff --git a/basic_site/templates/main.mako b/basic_site/templates/main.mako
@@ -1,12 +1,12 @@
 <%include file="head.mako" />
 
 <DIV id="main">
-% for item in news:
+% for post in posts:
   <DIV class="news">
-    ${item.content}
+    ${post.content}
     <DIV class="news_footer">
-      <SPAN class="creator">${item.creator|h}</SPAN>
-      <SPAN class="created">${item.created|h}</SPAN>
+      <SPAN class="creator">${post.creator|h}</SPAN>
+      <SPAN class="created">${post.created|h}</SPAN>
     </DIV>
   </DIV>
 % endfor

diff --git a/basic_site/templates/users.mako b/basic_site/templates/users.mako
@@ -2,11 +2,10 @@
 
 <DIV id="main">
 
-% if current_user.admin:
+% if user.admin:
   <DIV id="add_user">
     <H3>Add User:</H3>
-    <FORM method="POST" 
-          action="${request.route_url('mod_users', action='add')}">
+    <FORM method="POST" action="${request.route_url('users')}">
       <LABEL for="uid">User Name:</LABEL>
       <INPUT type="text" maxlength="10" size="10" name="uid">
       <LABEL for="fullname">Full Name:</LABEL>
@@ -17,46 +16,49 @@
       <INPUT type="password" size="20" name="repeat">
       <LABEL for="admin">Admin:</LABEL>
       <INPUT type="checkbox" name="admin"> 
-      <BUTTON type="submit">Add User</BUTTON>
+      <BUTTON type="submit" name="action" value="add">Add User</BUTTON>
     </FORM>
   </DIV>
 %endif
 
 <DIV id="change_pw">
   <H3>Change your password:</H3>
-  <FORM method="POST" 
-        action="${request.route_url('change_pw', c_uid=uid)}">
+  <FORM method="POST" action="${request.route_url('users')}">
     <LABEL for="old">Current Password:</LABEL>
     <INPUT type="password" size="20" name="old">
     <LABEL for="passwd">New Password:</LABEL>
     <INPUT type="password" size="20" name="new">
     <LABEL for="repeat">New Password (again):</LABEL>
     <INPUT type="password" size="20" name="repeat">
-    <BUTTON type="submit">Change Password</BUTTON>
+    <BUTTON type="submit" name="action" 
+            value="change_pw">Change Password</BUTTON>
   </FORM>
 </DIV>
 
 <DIV id="users">
-  <TABLE>
-    <TR><TH>User<TH>Full Name<TH>Admin
-  % for user in users:
-    <TR><TD>${user.uid}<TD>${user.fullname}
-    % if current_user.admin:
-      <%
-        toggle_href = request.route_url('mod_user', action='toggle_admin',
-                                                    uid=user.uid)
-        delete_href = request.route_url('mod_user', action='delete',
-                                                    uid=user.uid)
-        is_admin = 'Yes' if user.admin else 'No'
-      %>
-        <TD><A href="${toggle_href}" 
-               title="Toggle admin rights for this user.">${is_admin}</A>
-        <TD><A href="${delete_href}" title="Delete this user">delete</A>
-    % else:
-        <TD>${'Yes' if user.admin else 'No'}
-    % endif
-  % endfor
-  </TABLE>
+% if user.admin:
+  <FORM method="POST" action="${request.route_url('users')}">
+% endif
+    <TABLE>
+      <TR>${'<TH>' if user.admin else ''|n}<TH>User<TH>Full Name<TH>Admin
+    % for e_user in users:
+      <TR>
+      % if user.admin:
+        <TD><INPUT type="radio" name="e_uid" value="${e_user.uid}">
+      % endif
+        <TD>${e_user.uid}<TD>${e_user.fullname}
+        <TD>${'yes' if e_user.admin else 'no'}
+    % endfor
+    % if user.admin:
+      <TR><TD colspan=4>For selected user:
+      <BUTTON type="submit" name="action" 
+              value="toggle_admin">Toggle Admin</BUTTON>
+      <BUTTON type="submit" name="action" value="delete">Delete</BUTTON>
+    % endif 
+    </TABLE>
+% if user.admin:
+  </FORM>
+% endif
 </DIV>
 
 </DIV>