1 from pyramid.httpexceptions import HTTPFound
2 from pyramid.security import remember
3 from pyramid.session import check_csrf_token
4 from xonstat.models import DBSession, Player
7 def forbidden(request):
8 '''A simple forbidden view. Does nothing more than set the status and then
9 gets the heck out of dodge. The forbidden.mako template does the work.'''
10 request.response.status = 403
14 # Verify the assertion and get the email of the user
15 # Short-circuit this to prevent anyone from logging in right now.
18 # Check that the email exists in the players table
19 player_email = DBSession.query(Player).\
20 filter(Player.email_addr == persona_email).one()
22 #log.debug("Verified email address: %s" % persona_email)
23 #log.debug("Corresponding player is %s" % player_email)
25 if player_email is not None:
26 # Add the headers required to remember the user to the response
27 request.response.headers.extend(remember(request, persona_email))
29 url = request.route_url("forbidden")
30 return HTTPFound(location=url)
32 # Return a json message containing the address or path to redirect to.
33 return {'redirect': request.POST['came_from'], 'success': True}
37 '''A simple merge view. The merge.mako template does the work.'''
40 # only do a merge if we have all of the required data
41 if request.params.has_key("csrf_token"):
42 # check the token to prevent request forgery
43 st = request.session.get_csrf_token()
44 check_csrf_token(request)
46 if request.params.has_key("w_pid") and request.params.has_key("l_pid"):
47 w_pid = request.params.get("w_pid")
48 l_pid = request.params.get("l_pid")
50 # do the merge, hope for the best!
52 s.execute("select merge_players(:w_pid, :l_pid)",
53 {"w_pid": w_pid, "l_pid": l_pid})
57 request.session.flash(
58 "Successfully merged player %s into %s!" % (l_pid, w_pid),
64 request.session.flash(
65 "Could not merge player %s into %s." % (l_pid, w_pid),