From 9f9525ecd1db02aac95e8a63be823c808d58787c Mon Sep 17 00:00:00 2001 From: Mattia Succurro Date: Fri, 17 Mar 2023 11:40:34 +0100 Subject: [PATCH 01/26] Improved calendar view --- CHANGELOG.md | 4 ++++ README.md | 1 + app.py | 8 +++++-- migrations/0_7to0_8.py | 0 templates/calendar.jinja2 | 47 +++++++++++++++++++-------------------- 5 files changed, 34 insertions(+), 26 deletions(-) create mode 100644 migrations/0_7to0_8.py diff --git a/CHANGELOG.md b/CHANGELOG.md index af38890..77ebe84 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # What’s New +## 0.7.1 + ++ Improved calendar view. Now `/calendar` shows a list of years and months. + ## 0.7 + Schema changes: diff --git a/README.md b/README.md index b8e5e23..a3173fa 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,7 @@ suitable as a community or team knowledge base. + Stored in SQLite/MySQL databases + Material Icons + Light/dark theme ++ Calendar + Works fine even with JavaScript disabled. ## Requirements diff --git a/app.py b/app.py index edc53fd..b3bdb4b 100644 --- a/app.py +++ b/app.py @@ -29,7 +29,7 @@ from configparser import ConfigParser import i18n import gzip -__version__ = '0.7.0' +__version__ = '0.7.1' #### CONSTANTS #### @@ -791,7 +791,11 @@ def contributions(username): @app.route('/calendar/') def calendar_view(): - return render_template('calendar.jinja2') + now = datetime.datetime.now() + return render_template('calendar.jinja2', now=now, + from_year=int(request.args.get('from_year', now.year - 12)), + till_year=int(request.args.get('till_year', now.year + 5)) + ) @app.route('/calendar//') def calendar_month(y, m): diff --git a/migrations/0_7to0_8.py b/migrations/0_7to0_8.py new file mode 100644 index 0000000..e69de29 diff --git a/templates/calendar.jinja2 b/templates/calendar.jinja2 index d4272f7..8edcc2a 100644 --- a/templates/calendar.jinja2 +++ b/templates/calendar.jinja2 @@ -5,29 +5,28 @@ {% block content %}

Calendar

-
-
- Calendar view +
    + {% for year in range(till_year, from_year-1, -1) %} +
  • + {{ year }} {% if year == now.year %}(current){% endif %}: + +
    • + {% endfor %} +
-
- -
    - {% set view_choices = ["month"] %} - {% for vch in view_choices %} -
  • - {% if vch == viewas %} - {{ T(vch) }} - {% else %} - {{ T(vch) }} - {% endif %} -
    • - {% endfor %} -
-
- -
- -
-
-
+

+ Show more years: +

+

{% endblock %} \ No newline at end of file From c46b07a3b293c49e1bf3bfff930299f687723562 Mon Sep 17 00:00:00 2001 From: Mattia Succurro Date: Fri, 17 Mar 2023 23:26:05 +0100 Subject: [PATCH 02/26] version advance, schema changes, style changes, terms and privacy policy, added installer script --- CHANGELOG.md | 13 +++ README.md | 5 ++ app.py | 163 +++++++++++++++++++++++++++++++----- app_init.py | 5 ++ migrations/0_7to0_8.py | 23 +++++ static/style.css | 11 ++- templates/base.jinja2 | 32 ++++--- templates/edit.jinja2 | 4 + templates/history.jinja2 | 4 + templates/home.jinja2 | 8 +- templates/listrecent.jinja2 | 8 +- templates/listtag.jinja2 | 20 +++-- templates/privacy.jinja2 | 46 ++++++++++ templates/register.jinja2 | 2 +- templates/terms.jinja2 | 145 ++++++++++++++++++++++++++++++++ templates/view.jinja2 | 8 ++ 16 files changed, 446 insertions(+), 51 deletions(-) create mode 100644 app_init.py create mode 100644 templates/privacy.jinja2 create mode 100644 templates/terms.jinja2 diff --git a/CHANGELOG.md b/CHANGELOG.md index 77ebe84..63b5360 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,18 @@ # What’s New +## 0.8 + ++ Schema changes: + + New tables `UserGroup`, `UserGroupMembership` and `PagePermission`. + + Added flag `is_cw` to `Page`. + + Added `restrictions` field to `User`. ++ Pages now can have a Content Warning. It prevents them to show up in previews, and adds a + caution message when viewing them. ++ Added Terms and Privacy Policy. ++ Changed user page URLs (contributions page) from `/u/user` to `/@user`. ++ Style changes: added a top bar with the site title. It replaces the floating menu on the top right. ++ Added a built-in installer (`app_init.py`). You still need to manually create `site.conf`. + ## 0.7.1 + Improved calendar view. Now `/calendar` shows a list of years and months. diff --git a/README.md b/README.md index a3173fa..80617eb 100644 --- a/README.md +++ b/README.md @@ -43,9 +43,14 @@ name = Salvi directory = /path/to/database/ ``` ++ Run `python3 -m app_init` to initialize the database and create the administrator user. + Run `flask run`. + You can now access Salvi in your browser at port 5000. +## Caveats + ++ The whole application is untested. ++ If you forget the password, there is currently no way to reset it. ## License diff --git a/app.py b/app.py index b3bdb4b..94ee51f 100644 --- a/app.py +++ b/app.py @@ -28,8 +28,9 @@ from urllib.parse import quote from configparser import ConfigParser import i18n import gzip +from getpass import getpass -__version__ = '0.7.1' +__version__ = '0.8-dev' #### CONSTANTS #### @@ -65,10 +66,8 @@ if _cfp.read([CONFIG_FILE]): v = fallback return v else: - def _getconf(k1, k2, fallback=None, cast=None): - if fallback is None: - fallback = DEFAULT_CONF.get((k1, k2)) - return fallback + print('Uh oh, site.conf not found.') + exit(-1) #### OPTIONAL IMPORTS #### @@ -148,6 +147,8 @@ class User(BaseModel): karma = IntegerField(default=1) privileges = BitField() is_admin = privileges.flag(1) + restrictions = BitField() + is_disabled = restrictions.flag(1) # helpers for flask_login @property @@ -155,11 +156,42 @@ class User(BaseModel): return False @property def is_active(self): - return True + return not self.is_disabled @property def is_authenticated(self): return True +class UserGroup(BaseModel): + name = CharField(32, unique=True) + permissions = BitField() + # Can read pages. + can_read = permissions.flag(1) + # Can edit all non-locked pages. + can_edit = permissions.flag(2) + # Can create and edit their own pages. + can_create = permissions.flag(4) + # Can set page URL. + can_set_url = permissions.flag(8) + # Can change page tags. + can_set_tags = permissions.flag(16) + + @classmethod + def get_default_group(cls): + try: + return cls[1] + except cls.DoesNotExist: + return cls.get(cls.name == 'default') + +class UserGroupMembership(BaseModel): + user = ForeignKeyField(User, backref='group_memberships') + group = ForeignKeyField(UserGroup, backref='user_memberships') + since = DateTimeField(default=datetime.datetime.now) + + class Meta: + indexes = ( + (('user', 'group'), True), + ) + class Page(BaseModel): url = CharField(64, unique=True, null=True) @@ -172,6 +204,7 @@ class Page(BaseModel): is_sync = flags.flag(2) is_math_enabled = flags.flag(4) is_locked = flags.flag(8) + is_cw = flags.flag(16) @property def latest(self): if self.revisions: @@ -179,6 +212,8 @@ class Page(BaseModel): def get_url(self): return '/' + self.url + '/' if self.url else '/p/{}/'.format(self.id) def short_desc(self): + if self.is_cw: + return '(Content Warning)' full_text = self.latest.text text = remove_tags(full_text, convert = not self.is_math_enabled and not _getconf('appearance', 'simple_remove_tags', False)) return text[:200] + ('\u2026' if len(text) > 200 else '') @@ -377,13 +412,76 @@ class PageLink(BaseModel): def refresh_all_links(cls): for p in Page.select(): cls.parse_links(p, p.latest.text) - + +class PagePermission(BaseModel): + page = ForeignKeyField(Page, backref='permission_overrides') + group = ForeignKeyField(UserGroup, backref='page_permissions') + permissions = BitField() + # Can read pages. + can_read = permissions.flag(1) + # Can edit all non-locked pages. + can_edit = permissions.flag(2) + # Can create and edit their own pages. + can_create = permissions.flag(4) + # Can set page URL. + can_set_url = permissions.flag(8) + # Can change page tags. + can_set_tags = permissions.flag(16) + + class Meta: + indexes = ( + (('page', 'group'), True), + ) def init_db(): database.create_tables([ - User, Page, PageText, PageRevision, PageTag, PageProperty, PageLink + User, UserGroup, UserGroupMembership, + Page, PageText, PageRevision, PageTag, PageProperty, PageLink, + PagePermission ]) +def init_db_and_create_first_user(): + try: + User[1] + UserGroup[1] + except Exception: + pass + else: + print('Looks like this site is already set up!') + return + username = input('Username: ') + password = getpass('Password: ') + confirm_password = getpass('Confirm password: ') + email = input('Email: (optional)') or None + if not is_username(username): + print('Invalid username: usernames can contain only letters, numbers, underscores and hyphens.') + return + if password != confirm_password: + print('Passwords do not match.') + return + default_permissions = 31 # all permissions + if not input('Agree to the Terms of Use?')[0].lower() == 'y': + print('You must accept Terms in order to register.') + return + with database.atomic(): + init_db() + ua = User.create( + username = username, + email = email, + password = generate_password_hash(password), + join_date = datetime.datetime.now(), + is_admin = True + ) + ug = UserGroup.create( + name = 'default', + permissions = int(default_permissions) + ) + UserGroupMembership.create( + user = ua, + group = ug + ) + print('Installed successfully!') + #### WIKI SYNTAX #### def md(text, expand_magic=False, toc=True, math=True): @@ -456,8 +554,7 @@ login_manager.login_view = 'accounts_login' #### ROUTES #### -@app.before_request -def _before_request(): +def _get_lang(): if request.args.get('uselang') is not None: lang = request.args['uselang'] else: @@ -468,12 +565,17 @@ def _before_request(): break else: lang = 'en' - g.lang = lang + return lang + +@app.before_request +def _before_request(): + g.lang = _get_lang() @app.context_processor def _inject_variables(): + return { - 'T': partial(get_string, g.lang), + 'T': partial(get_string, _get_lang()), 'app_name': _getconf('site', 'title'), 'strong': lambda x:Markup('{0}').format(x), 'app_version': __version__, @@ -492,6 +594,7 @@ def linebreaks(text): text = text.replace("\n\n", '

').replace('\n', '
') return Markup(text) +app.template_filter(name='markdown')(md) @app.route('/') def homepage(): @@ -523,6 +626,10 @@ def error_400(body): @app.errorhandler(500) def error_500(body): + try: + User[1] + except OperationalError: + g.need_install = True return render_template('internalservererror.jinja2'), 500 # Middle point during page editing. @@ -550,7 +657,8 @@ def savepoint(form, is_preview=False, pageobj=None): preview=preview, pl_js_info=pl_js_info, pl_calendar=('usecalendar' in form) and form['calendar'], - pl_readonly=not pageobj.can_edit(current_user) if pageobj else False + pl_readonly=not pageobj.can_edit(current_user) if pageobj else False, + pl_cw=('cw' in form) and form['cw'] ) @app.route('/create/', methods=['GET', 'POST']) @@ -581,7 +689,8 @@ def create(): owner_id=current_user.id, calendar=datetime.date.fromisoformat(request.form["calendar"]) if 'usecalendar' in request.form else None, is_math_enabled='enablemath' in request.form, - is_locked = 'lockpage' in request.form + is_locked = 'lockpage' in request.form, + is_cw = 'cw' in request.form ) p.change_tags(p_tags) except IntegrityError as e: @@ -636,6 +745,7 @@ def edit(id): p.touched = datetime.datetime.now() p.is_math_enabled = 'enablemath' in request.form p.is_locked = 'lockpage' in request.form + p.is_cw = 'cw' in request.form p.calendar = datetime.date.fromisoformat(request.form["calendar"]) if 'usecalendar' in request.form else None p.save() p.change_tags(p_tags) @@ -767,12 +877,6 @@ def view_named(name): abort(404) return render_template('view.jinja2', p=p, rev=p.latest) -@app.route('/init-config/tables/') -def init_config_tables(): - init_db() - flash('Tables successfully created.') - return redirect('/') - @app.route('/history//') def history(id): try: @@ -782,6 +886,10 @@ def history(id): return render_template('history.jinja2', p=p, history=p.revisions.order_by(PageRevision.pub_date.desc())) @app.route('/u//') +def contributions_legacy_url(username): + return redirect(f'/@{username}/') + +@app.route('/@/') def contributions(username): try: user = User.get(User.username == username) @@ -913,6 +1021,10 @@ def accounts_register(): password = generate_password_hash(password), join_date = datetime.datetime.now() ) + UserGroupMembership.create( + user = u, + group = UserGroup.get_default_group() + ) login_user(u) return redirect(request.args.get('next', '/')) @@ -1058,7 +1170,6 @@ class Importer(object): continue return no_pages, no_revs - @app.route('/manage/export/', methods=['GET', 'POST']) def exportpages(): if request.method == 'POST': @@ -1103,6 +1214,16 @@ def importpages(): flash('Pages can be imported by Administrators only!') return render_template('importpages.jinja2') +## terms / privacy ## + +@app.route('/terms/') +def terms(): + return render_template('terms.jinja2') + +@app.route('/privacy/') +def privacy(): + return render_template('privacy.jinja2') + #### EXTENSIONS #### active_extensions = [] diff --git a/app_init.py b/app_init.py new file mode 100644 index 0000000..e872b6c --- /dev/null +++ b/app_init.py @@ -0,0 +1,5 @@ +from app import init_db_and_create_first_user + + +if __name__ == '__main__': + init_db_and_create_first_user() \ No newline at end of file diff --git a/migrations/0_7to0_8.py b/migrations/0_7to0_8.py index e69de29..92a56cb 100644 --- a/migrations/0_7to0_8.py +++ b/migrations/0_7to0_8.py @@ -0,0 +1,23 @@ +from playhouse.migrate import migrate, SqliteMigrator, MySQLMigrator +from peewee import MySQLDatabase, SqliteDatabase, \ + IntegerField, DateTimeField, ForeignKeyField, DeferredForeignKey, BitField +from app import database, UserGroup, UserGroupMembership, PagePermission + + +if type(database) == MySQLDatabase: + migrator = MySQLMigrator(database) +elif type(database) == SqliteDatabase: + migrator = SqliteMigrator(database) +else: + print("Unsupported database") + exit() + +with database.atomic(): + database.create_tables([UserGroup, UserGroupMembership, PagePermission]) + migrate( + migrator.add_column('user', 'restrictions', BitField()) + ) + UserGroup.create( + name='default', + permissions=31 + ) \ No newline at end of file diff --git a/static/style.css b/static/style.css index 49e1a57..ee5b0d7 100644 --- a/static/style.css +++ b/static/style.css @@ -22,8 +22,15 @@ /* basic styles */ * {box-sizing: border-box;} -body{font-family:sans-serif;background-color:var(--bg-main); color: var(--fg-main)} +body{font-family:sans-serif;background-color:var(--bg-main); color: var(--fg-main);margin:0;position:relative} .content{margin: 3em 1.3em} +.footer{text-align:center;} + +/* header styles */ +.header{padding:1em;display:flex;flex-direction:row;justify-content:space-between;position:sticky;top:0;background-color:var(--bg-alt); z-index: 99} +.header .header-blank {flex: 1; margin: 0 .5em} +.header ul{list-style:none;padding:0;margin:0;font-size:0.9em;border-left:var(--border) 1px solid} +.header ul > li{display:inline-block;padding-right:1em} /* content styles */ #firstHeading {font-family:sans-serif; text-align: center;font-size:3em; font-weight: normal} @@ -105,8 +112,6 @@ ul.inline > li:last-child::after {content: ""} /* floating elements */ -.top-menu{list-style:none;padding:0;margin:0;font-size:0.9em;position:absolute;right:0;top:.5em;text-transform:lowercase} -.top-menu li{display:inline-block;padding-right:1em} .toc{float:right} @media (max-width:639px){ .toc{display:none} diff --git a/templates/base.jinja2 b/templates/base.jinja2 index 6192923..d66af71 100644 --- a/templates/base.jinja2 +++ b/templates/base.jinja2 @@ -27,23 +27,33 @@ {% endif %} {% block json_info %}{% endblock %} - +

+
+ {{ app_name }} +   + + +
{% for msg in get_flashed_messages() %}
{{ msg }}
{% endfor %} {% block content %}{% endblock %}
- -
+
© 2020–2023 Sakuragasaki46.
{% if current_user.is_authenticated %} @@ -54,7 +64,7 @@
{% block actions %}{% endblock %}
{{app_name}} version {{app_version}}
-
+
arrow_upward
{% block scripts %}{% endblock %} diff --git a/templates/edit.jinja2 b/templates/edit.jinja2 index 45374c9..b574022 100644 --- a/templates/edit.jinja2 +++ b/templates/edit.jinja2 @@ -82,6 +82,10 @@ +
+ + +
{% endif %} diff --git a/templates/history.jinja2 b/templates/history.jinja2 index 3f38d0c..ac47106 100644 --- a/templates/history.jinja2 +++ b/templates/history.jinja2 @@ -22,9 +22,13 @@ {% endif %} by + {% if rev.user_id %} {{ rev.user.username }} + {% else %} + <Unknown User> + {% endif %} {% endfor %} diff --git a/templates/home.jinja2 b/templates/home.jinja2 index 2c02af0..fd0f3ad 100644 --- a/templates/home.jinja2 +++ b/templates/home.jinja2 @@ -18,11 +18,13 @@ {{ n.title }}

{{ n.short_desc() }}

{% if n.tags %} -

{{ T('tags') }}: - {% for tag in n.tags %} +

+ tag + {{ T('tags') }}: + {% for tag in n.tags %} {% set tn = tag.name %} #{{ tn }} - {% endfor %} + {% endfor %}

{% endif %} {% if n.calendar %} diff --git a/templates/listrecent.jinja2 b/templates/listrecent.jinja2 index deebe66..fa6ae03 100644 --- a/templates/listrecent.jinja2 +++ b/templates/listrecent.jinja2 @@ -14,11 +14,13 @@ {{ n.title }}

{{ n.short_desc() }}

{% if n.tags %} -

{{ T('tags') }}: - {% for tag in n.tags %} +

+ tag + {{ T('tags') }}: + {% for tag in n.tags %} {% set tn = tag.name %} #{{ tn }} - {% endfor %} + {% endfor %}

{% endif %} {% if n.calendar %} diff --git a/templates/listtag.jinja2 b/templates/listtag.jinja2 index 4249bfe..c7c07aa 100644 --- a/templates/listtag.jinja2 +++ b/templates/listtag.jinja2 @@ -16,21 +16,23 @@
  • {{ n.title }}

    {{ n.short_desc() }}

    -

    Tags: - {% for tag in n.tags %} +

    + tag + {{ T('tags') }}: + {% for tag in n.tags %} {% set tn = tag.name %} {% if tn == tagname %} #{{ tn }} {% else %} #{{ tn }} {% endif %} - {% endfor %} - {% if n.calendar %} -

    - calendar_today - -

    - {% endif %} + {% endfor %} + {% if n.calendar %} +

    + calendar_today + +

    + {% endif %}

    • {% endfor %} diff --git a/templates/privacy.jinja2 b/templates/privacy.jinja2 new file mode 100644 index 0000000..a631f98 --- /dev/null +++ b/templates/privacy.jinja2 @@ -0,0 +1,46 @@ +{% extends "base.jinja2" %} + +{% block title %}Privacy Policy — {{ app_name }}{% endblock %} + + +{% block content %} + +

    Privacy Policy

    + +
    +{% filter markdown %} +# Privacy + +## Cookies + +{{ app_name }} uses one cryptographically signed cookie to maintain secure authenticated sessions. This cookie is randomized with each new session. + +This cookie is used for the following purposes: + +* Authentication +* Abuse mitigation +* Per-device settings like light/dark theme selection. + +This cookie is mandatory and cannot be opted out. Manual alteration or removal of this cookie will result in deauthentication and reversion to default per-device settings. + +## Your information + +We collect basic information in order to operate the platform, and to mitigate abuse. This includes: + +* Your email address, if you choose to provide it. +* The IP address from which content is submitted. +* Whether or not you have indicated that you are 18 years of age. +* Other saved personal preferances, which you can edit from your account settings. + +We use - and then promptly forget - the following information about you from third parties: + +* Verification from our captcha provider that you aren't a bot, during account registration + +{{ app_name }} will not release your information to third parties, except: + +* As required by Italian law +* At our discretion, {{ app_name }} may share your information with Italian law enforcement in the event of an emergency, if we have good cause to believe that doing so would avert or mitigate the emergency. +{% endfilter %} + +
    +{% endblock %} diff --git a/templates/register.jinja2 b/templates/register.jinja2 index f255136..5b2f9d2 100644 --- a/templates/register.jinja2 +++ b/templates/register.jinja2 @@ -25,7 +25,7 @@
    - +
    diff --git a/templates/terms.jinja2 b/templates/terms.jinja2 new file mode 100644 index 0000000..e02b8a6 --- /dev/null +++ b/templates/terms.jinja2 @@ -0,0 +1,145 @@ +{% extends "base.jinja2" %} + +{% block title %}Terms of Service — {{ app_name }}{% endblock %} + +{% block content %} +

    Terms of Service

    + +
    +{% filter markdown %} +## Scope and Definitions + +These terms of service ("Terms") are between {{ app_name }} +("{{ request.headers['Host'] }}") and You, regarding Your use of the social platform +{{ app_name }}, and any other services or test servers which may exist +now or in the future (collectively "{{ app_name }}"). + +Content on this page displayed in blockquotes is provided for convenience +and readability only. Blockquote text is not part of the terms of service. + +## Conduct and content + +You agree to follow the Content Policy [here](/rules/). +The Content Policy is incorporated into these Terms by this reference. + +## Age + +You warrant that You are at least 13 years old. +You warrant that You are at least 18 years old, +if You indicate as such in Your user settings. + + +## Account Access + +Your {{ app_name }} account is nontransferable. You will not buy, sell, gift, loan, or otherwise grant a third party access to Your {{ app_name }} account. You will not provide a third party with Your {{ app_name }} password or two-factor authentication codes. + +In the event that Your {{ app_name }} account is accessed by a third party anyways, You remain accountable for all actions taken by Your account. + +## Liability + +{{ app_name }} shall not be liable for Your damages arising from any of the following: + +* Use of the {{ app_name }} platform +* Technical failure of {{ app_name }} +* Administrative actions performed by {{ app_name }}, including both automatic and manual actions +* Unauthorized access of a third party to Your {{ app_name }} account +* Loss or breach of {{ app_name }} data +* Force majeur + +You accept full liability for all content You upload to, or embed within, {{ app_name }}, and indemnify {{ app_name }} from all such liability. + +> You are responsible for everything You do, and everything that happens with, with Your {{ app_name }} account. Don't use {{ app_name }} to store important data or sensitive data. + +## Intellectual Property + +You grant {{ app_name }} a permanent, worldwide, and irrevocable license to store, modify, copy, and distribute all content that You submit to or upload to {{ app_name }}, including any creative works. Additionally, You grant {{ app_name }} a permanent, worldwide, and irrevocable license to sublicense these same rights to {{ app_name }}'s service providers. Additionally, You warrant that You are authorized to grant {{ app_name }} these rights. + +You retain all other intellectual property rights, including ownership. + +> We need to be able to store, copy, and distribute Your content, because that's just how websites like {{ app_name }} work. We also need to be able to modify it for security and formatting purposes. + +## Acceptable Use + +You will not use {{ app_name }} as a means to support any other website or service without written permission by {{ app_name }}. + +You will not attempt to gain access to a {{ app_name }} account that does not belong to You. + +You will not use {{ app_name }} to engage in child sexual abuse activities, as defined in the [CSAM Policy](/help/csam). The CSAM Policy is incorporated into these terms by this reference. + +## Multiple Accounts + +You are permitted to create and use multiple {{ app_name }} accounts. + +You will not use multiple accounts to circumvent per-user limits. + +Additionally, these terms apply to all of Your accounts, which may exist now or in the future. {{ app_name }} reserves the right to take administrative action against all of Your accounts in the event of a terms of service violation on any of Your accounts. + +## Your Privacy + +{{ app_name }} will never intentionally share Your personal information with third parties, except: + +* As required by United States law. +* We will share Your data with our own service providers that are necessary for {{ app_name }} operations. +* At our discretion, {{ app_name }} may share Your information with United States law enforcement in the event of an emergency, if we have good cause to believe that doing so would avert or mitigate the emergency. + +{{ app_name }} will make all reasonable efforts to ensure that user information is kept confidential. + +## Legal Forms + +{{ app_name }} grants You the ability to use Your {{ app_name }} account to send us certain types of legal forms through our help portal. These include, but are not limited to: + +* DMCA takedown request +* DMCA takedown counter-request +* Subpoenas and court orders + +You acknowledge that these forms are provided for the sake of convenience and speed, and that {{ app_name }} does not waive any of its rights regarding legal process, including the right to object for lack of proper service. + +You agree to refrain from making abusive, frivolous, or otherwise improper submissions to these forms. This includes, but is not limited to: + +* Nonsensical or incomplete requests +* Duplicate submissions +* DMCA takedown requests not made in good faith +* DMCA takedown requests for content protected by Fair Use +* DMCA takedown requests for content that you are not authorized to claim. +* Legal demands not based in fact and/or not backed by appropriate law. +* Legal documents from courts or law enforcement that lack jurisdiction inside the United States +* Legal documents that are not in English and are not accompanied by an official English translation. + +## Enforcement + +{{ app_name }} retains sole discretion in all determinations regarding content policy and terms of service violations. + +{{ app_name }} reserves the right to remove content that we deem to violate content policy or the terms of service, and to deactivate accounts responsible for such violations. + +## Severability + +If one clause of these Terms or the Content Policy is determined by a court to be unenforceable, the remainder of the Terms and Content Policy shall remain in force. + +## No Implied Waiver + +A failure by {{ app_name }} in one or more instances to insist upon Your strict adherence to these terms or the Content Policy, shall not be construed as a waiver of any continuing or subsequent violations of these terms or the Content Policy. + +## Completeness + +These Terms, together with the other policies incorporated into them by reference, contain all the terms and conditions agreed upon by You and {{ app_name }} regarding Your use of the {{ app_name }} service. No other agreement, oral or otherwise, will be deemed to exist or to bind either of the parties to this Agreement. + +## Governing Law + +These terms of service are governed by, and shall be interpreted in accordance with, the laws of Italy. You consent to the sole jurisdiction of Italy for all disputes between You and {{ app_name }}, and You consent to the sole application of Italian and E.U. law for all such disputes. + +## Updates + +{{ app_name }} may periodically update these terms of service and/or the Content Policy. When this happens, {{ app_name }} will make reasonable efforts to notify You of such changes. + +Whenever {{ app_name }} updates these terms of service or the Content Policy, Your continued use of the {{ app_name }} platform constitutes Your agreement to the updated terms of service. + +## Translations + +If there is any inconsistency between these terms and any translation into other languages, the English language version takes precedence. + + + +{% endfilter %} + +
    +{% endblock %} \ No newline at end of file diff --git a/templates/view.jinja2 b/templates/view.jinja2 index 76fbb8e..14f3f81 100644 --- a/templates/view.jinja2 +++ b/templates/view.jinja2 @@ -19,6 +19,14 @@ {% block history_nav %}{% endblock %} + {% if p.is_cw %} +
    + Content Warning - + this page may contain shocking or unexpected content, spoilers, or similar. + Proceed with caution. +
    + {% endif %} +
    {{ rev.html(math = request.args.get('math') not in ['0', 'false', 'no', 'off'])|safe }}
    From 4536f7fbd96e46c04d6bfc52fd7200977de5fa95 Mon Sep 17 00:00:00 2001 From: Mattia Succurro Date: Mon, 20 Mar 2023 10:40:39 +0100 Subject: [PATCH 03/26] print style fixes --- static/style.css | 1 + 1 file changed, 1 insertion(+) diff --git a/static/style.css b/static/style.css index ee5b0d7..e139c73 100644 --- a/static/style.css +++ b/static/style.css @@ -119,6 +119,7 @@ ul.inline > li:last-child::after {content: ""} .backontop{position:fixed;bottom:0;right:0} @media print{ .backontop {display:none} + .header{position:static} } #__top{position:absolute;top:0;left:0} From 191e2351375596934810d403e9f6f3a282dd3323 Mon Sep 17 00:00:00 2001 From: Mattia Succurro Date: Wed, 22 Mar 2023 09:49:38 +0100 Subject: [PATCH 04/26] added /manage/ and /manage/accounts/ views, added TOC to template --- CHANGELOG.md | 3 ++ app.py | 62 +++++++++++++++++++++++++++------ static/style.css | 9 ++--- templates/administration.jinja2 | 23 ++++++++++++ templates/base.jinja2 | 1 + templates/contributions.jinja2 | 17 +++++++-- templates/manageaccounts.jinja2 | 52 +++++++++++++++++++++++++++ templates/notfound.jinja2 | 4 +-- templates/view.jinja2 | 12 +++++-- 9 files changed, 162 insertions(+), 21 deletions(-) create mode 100644 templates/administration.jinja2 create mode 100644 templates/manageaccounts.jinja2 diff --git a/CHANGELOG.md b/CHANGELOG.md index 63b5360..a030905 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,9 @@ caution message when viewing them. + Added Terms and Privacy Policy. + Changed user page URLs (contributions page) from `/u/user` to `/@user`. ++ `/manage/` is now a list of all managing options, including export/import and the brand new + `/manage/accounts`. ++ TOC is now shown in pages where screen width is greater than 960 pixels. + Style changes: added a top bar with the site title. It replaces the floating menu on the top right. + Added a built-in installer (`app_init.py`). You still need to manually create `site.conf`. diff --git a/app.py b/app.py index 94ee51f..95f0ad4 100644 --- a/app.py +++ b/app.py @@ -161,6 +161,12 @@ class User(BaseModel): def is_authenticated(self): return True + def groups(self): + return ( + UserGroup.select().join(UserGroupMembership, on=UserGroupMembership.group) + .where(UserGroupMembership.user == self) + ) + class UserGroup(BaseModel): name = CharField(32, unique=True) permissions = BitField() @@ -295,6 +301,8 @@ class PageRevision(BaseModel): return self.textref.get_content() def html(self, *, math=True): return md(self.text, math=self.page.is_math_enabled and math) + def html_and_toc(self, *, math=True): + return md_and_toc(self.text, math=self.page.is_math_enabled and math) def human_pub_date(self): delta = datetime.datetime.now() - self.pub_date T = partial(get_string, g.lang) @@ -484,7 +492,7 @@ def init_db_and_create_first_user(): #### WIKI SYNTAX #### -def md(text, expand_magic=False, toc=True, math=True): +def md_and_toc(text, expand_magic=False, toc=True, math=True): if expand_magic: # DEPRECATED seeking for a better solution. warnings.warn('Magic words are no more supported.', DeprecationWarning) @@ -502,9 +510,16 @@ def md(text, expand_magic=False, toc=True, math=True): 'insert_fonts_css': not _getconf('site', 'katex_url') } try: - return markdown.Markdown(extensions=extensions, extension_configs=extension_configs).convert(text) + converter = markdown.Markdown(extensions=extensions, extension_configs=extension_configs) + if toc: + return converter.convert(text), converter.toc + else: + return converter.convert(text), '' except Exception as e: - return '

    There was an error during rendering: {e.__class__.__name__}: {e}

    '.format(e=e) + return '

    There was an error during rendering: {e.__class__.__name__}: {e}

    '.format(e=e), '' + +def md(text, expand_magic=False, toc=True, math=True): + return md_and_toc(text, expand_magic=expand_magic, toc=toc, math=math)[0] def remove_tags(text, convert=True, headings=True): if headings: @@ -538,7 +553,7 @@ def is_url_available(url): forbidden_urls = [ 'about', 'accounts', 'ajax', 'backlinks', 'calendar', 'circles', 'create', - 'easter', 'edit', 'embed', 'help', 'history', 'init-config', 'kt', + 'easter', 'edit', 'embed', 'group', 'help', 'history', 'init-config', 'kt', 'manage', 'media', 'p', 'privacy', 'protect', 'search', 'static', 'stats', 'tags', 'terms', 'u', 'upload', 'upload-info' ] @@ -783,11 +798,7 @@ def edit(id): @app.route("/__sync_start") def __sync_start(): - if _getconf("sync", "master", "this") == "this": - abort(403) - from app_sync import main - main() - flash("Successfully synced messages.") + flash("Sync is unavailable. Please import and export pages manually.") return redirect("/") @app.route('/_jsoninfo/', methods=['GET', 'POST']) @@ -895,7 +906,15 @@ def contributions(username): user = User.get(User.username == username) except User.DoesNotExist: abort(404) - return render_template('contributions.jinja2', u=user, contributions=user.contributions.order_by(PageRevision.pub_date.desc())) + contributions = user.contributions.order_by(PageRevision.pub_date.desc()) + page = int(request.args.get('page', 1)) + return render_template('contributions.jinja2', + u=user, + contributions=contributions.paginate(page), + page_n=page, + total_count=contributions.count(), + min=min + ) @app.route('/calendar/') def calendar_view(): @@ -1083,6 +1102,12 @@ def easter_y(y=None): else: return render_template('easter.jinja2') +## administration ## + +@app.route('/manage/') +def manage_main(): + return render_template('administration.jinja2') + ## import / export ## class Exporter(object): @@ -1214,6 +1239,23 @@ def importpages(): flash('Pages can be imported by Administrators only!') return render_template('importpages.jinja2') +@app.route('/manage/accounts/', methods=['GET', 'POST']) +@login_required +def manage_accounts(): + users = User.select().order_by(User.join_date.desc()) + page = int(request.args.get('page', 1)) + if request.method == 'POST': + if current_user.is_admin: + pass + else: + flash('Operation not permitted!') + return render_template('manageaccounts.jinja2', + users=users.paginate(page), + page_n=page, + total_count=users.count(), + min=min + ) + ## terms / privacy ## @app.route('/terms/') diff --git a/static/style.css b/static/style.css index e139c73..e30a246 100644 --- a/static/style.css +++ b/static/style.css @@ -23,7 +23,7 @@ /* basic styles */ * {box-sizing: border-box;} body{font-family:sans-serif;background-color:var(--bg-main); color: var(--fg-main);margin:0;position:relative} -.content{margin: 3em 1.3em} +.content{margin: 3em 1.3em; position: relative} .footer{text-align:center;} /* header styles */ @@ -112,9 +112,10 @@ ul.inline > li:last-child::after {content: ""} /* floating elements */ -.toc{float:right} -@media (max-width:639px){ - .toc{display:none} +nav.toc{display:none} +@media only screen and (min-width:960px){ + nav.toc{display:block;position:absolute; top: 0; right: 0; width: 320px;} + .inner-content {margin-right: 320px} } .backontop{position:fixed;bottom:0;right:0} @media print{ diff --git a/templates/administration.jinja2 b/templates/administration.jinja2 new file mode 100644 index 0000000..39ce634 --- /dev/null +++ b/templates/administration.jinja2 @@ -0,0 +1,23 @@ +{% extends "base.jinja2" %} + +{% block title %}Administrative tools — {{ app_name }}{% endblock %} + +{% block content %} +

    Administrative tools

    + +{% if current_user and current_user.is_admin %} + +{% else %} +

    Administrative tools can be accessed by administrator users only.

    +{% endif %} +{% endblock %} \ No newline at end of file diff --git a/templates/base.jinja2 b/templates/base.jinja2 index d66af71..288bd0a 100644 --- a/templates/base.jinja2 +++ b/templates/base.jinja2 @@ -52,6 +52,7 @@
    {{ msg }}
    {% endfor %} {% block content %}{% endblock %} + {% block toc %}{% endblock %}