Merge branch 'finish_move' into 'master'

[motion.git] / motion.py

diff --git a/motion.py b/motion.py
index a5ceb72e3501a4a02bf6a12d281d8964d1aab451..0156ba3aa6a4b85498ac87e63ba6b4d552b7b1b0 100644 (file)
--- a/motion.py
+++ b/motion.py
@@ -12,6 +12,7 @@ from datetime import date, time, datetime
 from flask_language import Language, current_language
 import gettext
 import click
+import re
 
 def get_db():
     db = getattr(g, '_database', None)
@@ -29,6 +30,7 @@ gettext.install('motion')
 class EscapeHtml(Extension):
     def extendMarkdown(self, md, md_globals):
         del md.preprocessors['html_block']
+        del md.postprocessors['raw_html']
         del md.inlinePatterns['html']
 
 md = Markdown(app, extensions=[EscapeHtml()])
@@ -60,6 +62,7 @@ class ConfigProxy:
 prefix = ConfigProxy("GROUP_PREFIX")
 times = ConfigProxy("DURATION")
 debuguser = ConfigProxy("DEBUGUSER")
+motion_wait_minutes = ConfigProxy("MOTION_WAIT_MINUTES")
 
 max_proxy=app.config.get("MAX_PROXY")
 
@@ -155,7 +158,7 @@ def init_footer_variables():
         footer = dict( version_year=version_year, 
             copyright_link=app.config.get("COPYRIGHTLINK"),
             copyright_name=app.config.get("COPYRIGHTNAME"),
-            imprint_link=app.config.get("DATAPROTECTIONLINK"),
+            imprint_link=app.config.get("IMPRINTLINK"),
             dataprotection_link=app.config.get("DATAPROTECTIONLINK")
         )
     )
@@ -259,8 +262,24 @@ def init_db():
                 db.prepare("ALTER TABLE \"voter\" ALTER COLUMN \"host\" SET NOT NULL")()
                 db.prepare("UPDATE \"schema_version\" SET \"version\"=6")()
 
+        if ver < 7:
+            with app.open_resource('sql/from_6.sql', mode='r') as f:
+                db.execute(f.read())
+                db.prepare("UPDATE \"schema_version\" SET \"version\"=7")()
+
 init_db()
 
+def is_in_ratelimit(group):
+    rv = get_db().prepare("SELECT EXTRACT(EPOCH FROM (CURRENT_TIMESTAMP - posed)) AS timedifference FROM motion WHERE type=$1 AND host=$2 ORDER BY posed DESC LIMIT 1")(group, request.host)
+    if len(rv) == 0:
+        return True
+    rate_limit = motion_wait_minutes.per_host
+    if rate_limit is None:
+        rate_limit = 0
+    if rv[0]['timedifference'] > rate_limit*60:
+        return True
+    else:
+        return _('Error, time between last motion to short. The current setting is %s minute(s).') % (str(rate_limit))
 
 @app.route("/")
 def main():
@@ -292,6 +311,12 @@ def rel_redirect(loc):
     r.autocorrect_location_header = False
     return r
 
+def write_proxy_log(userid, action, comment):
+    get_db().prepare("INSERT INTO adminlog(user_id, action, comment, action_user_id) VALUES($1, $2, $3, $4)")(userid, action, comment, g.voter)
+
+def write_masking_log(comment):
+    get_db().prepare("INSERT INTO adminlog(user_id, action, comment, action_user_id) VALUES($1, 'motionmasking', $2, $1)")(0, comment)
+
 @app.route("/motion", methods=['POST'])
 def put_motion():
     cat=request.form.get("category", "")
@@ -308,6 +333,9 @@ def put_motion():
     content=content.strip()
     if content =='':
         return _('Error, missing content'), 400
+    ratelimit = is_in_ratelimit(cat)
+    if ratelimit is not True:
+        return ratelimit, 400
 
     db = get_db()
     with db.xact():
@@ -318,7 +346,10 @@ def put_motion():
         if len(sr) == 0 or sr[0][0] is None:
             ident=prefix.per_host[cat]+"."+t.strftime("%Y%m%d")+".001"
         else:
-            ident=prefix.per_host[cat]+"."+t.strftime("%Y%m%d")+"."+("%03d" % (int(sr[0][0].split(".")[2])+1))
+            nextId = int(sr[0][0].split(".")[2])+1
+            if nextId >= 1000:
+                return _('Too many motions for this day'), 500
+            ident=prefix.per_host[cat]+"."+t.strftime("%Y%m%d")+"."+("%03d" % nextId)
         p = db.prepare("INSERT INTO motion(\"name\", \"content\", \"deadline\", \"posed_by\", \"type\", \"identifier\", \"host\") VALUES($1, $2, CURRENT_TIMESTAMP + $3 * interval '1 days', $4, $5, $6, $7)")
         p(title, content, time, g.voter, cat, ident, request.host)
     return rel_redirect("/")
@@ -447,6 +478,7 @@ def add_proxy():
         if rv[0].get("c") is None or rv[0].get("c") >= max_proxy:
             return _("Error, Max proxy for '%s' reached.") % (proxy), 400
     rv = get_db().prepare("INSERT INTO proxy(voter_id, proxy_id, granted_by) VALUES ($1,$2,$3)")(voterid, proxyid, g.voter)
+    write_proxy_log(voterid, 'proxygranted', 'proxy: '+str(proxyid))
     return rel_redirect("/proxy")
 
 @app.route("/proxy/revoke", methods=['POST'])
@@ -455,6 +487,7 @@ def revoke_proxy():
         return _('Forbidden'), 403
     id=request.form.get("id", "")
     rv = get_db().prepare("UPDATE proxy SET revoked=CURRENT_TIMESTAMP, revoked_by=$1 WHERE id=$2")(g.voter, int(id))
+    write_proxy_log(int(id), 'proxyrevoked', '')
     return rel_redirect("/proxy")
 
 @app.route("/proxy/revokeall", methods=['POST'])
@@ -462,6 +495,7 @@ def revoke_proxy_all():
     if not may_admin("proxyadmin"):
         return _('Forbidden'), 403
     rv = get_db().prepare("UPDATE proxy SET revoked=CURRENT_TIMESTAMP, revoked_by=$1 WHERE revoked IS NULL")(g.voter)
+    write_proxy_log(g.voter, 'proxyrevokedall', '')
     return rel_redirect("/proxy")
 
 @app.route("/language/<string:language>")
@@ -481,3 +515,25 @@ def create_user(email, host):
             db.prepare("INSERT INTO voter(\"email\", \"host\") VALUES($1, $2)")(email, host)
             messagetext=_("User '%s' inserted to %s.") % (email, host)
     click.echo(messagetext)
+
+@app.cli.command("motion-masking")
+@click.argument("motion")
+@click.argument("motionreason")
+@click.argument("host")
+def motion_masking(motion, motionreason, host):
+    if re.search(r"[%_\\]", motion):
+        messagetext = _("No wildcards allowed for motion entry '%s'.") % (motion)
+        click.echo(messagetext)
+    else:
+        db = get_db()
+        with db.xact():
+            rv = db.prepare("SELECT id FROM motion WHERE identifier LIKE $1 AND host = $2")(motion+"%", host)
+            count = len(rv)
+            messagetext = _("%s record(s) affected by masking of '%s'.") % (count, motion)
+            click.echo(messagetext)
+            if len(rv) != 0:
+                rv = db.prepare("SELECT id FROM motion WHERE content LIKE $1 AND host = $2")('%'+motionreason+"%", host)
+                rv = db.prepare("UPDATE motion SET name=$3, content=$4 WHERE identifier LIKE $1 AND host = $2 RETURNING id ")(motion+"%", host, _("Motion masked"), _("Motion masked on base of motion [%s](%s) on %s") % (motionreason, motionreason, datetime.now().strftime("%Y-%m-%d")))
+                messagetext = _("%s record(s) updated by masking of '%s'.") % (len(rv), motion)
+                write_masking_log(_("%s motion(s) masked on base of motion %s with motion identifier '%s' on host %s") %(len(rv), motionreason, motion, host))
+                click.echo(messagetext)