fix #32

realms/__init__.py

@@ -96,16 +96,6 @@ class Application(Flask):
         return super(Application, self).make_response(tuple(rv))
 
 
-class MySQLAlchemy(SQLAlchemy):
-
-    def make_declarative_base(self):
-        """Creates the declarative base."""
-        base = declarative_base(cls=Model, name='Model',
-                                metaclass=HookModelMeta)
-        base.query = _QueryProperty(self)
-        return base
-
-
 class Assets(Environment):
     default_filters = {'js': 'rjsmin', 'css': 'cleancss'}
     default_output = {'js': 'assets/%(version)s.js', 'css': 'assets/%(version)s.css'}
@@ -203,9 +193,8 @@ def create_app(config=None):
 
 # Init plugins here if possible
 login_manager = LoginManager()
-login_manager.login_view = 'auth.login'
 
-db = MySQLAlchemy()
+db = SQLAlchemy()
 cache = Cache()
 assets = Assets()
 

realms/commands.py

@@ -338,7 +338,8 @@ def create_db():
     """ Creates DB tables
     """
     green("Creating all tables")
-    db.create_all()
+    with app.app_context():
+        db.create_all()
 
 
 @cli.command()
@@ -347,7 +348,8 @@ def drop_db():
     """ Drops DB tables
     """
     yellow("Dropping all tables")
-    db.drop_all()
+    with app.app_context():
+        db.create_all()
 
 
 @cli.command()

realms/config/__init__.py

@@ -114,9 +114,6 @@ WIKI_HOME = 'home'
 ALLOW_ANON = True
 REGISTRATION_ENABLED = True
 
-# Used by Flask-Login
-LOGIN_DISABLED = ALLOW_ANON
-
 # None, firepad, and/or togetherjs
 COLLABORATION = 'togetherjs'
 
@@ -130,6 +127,9 @@ ROOT_ENDPOINT = 'wiki.page'
 
 globals().update(read())
 
+# Used by Flask-Login
+LOGIN_DISABLED = ALLOW_ANON
+
 # Depreciated variable name
 LOCKED = WIKI_LOCKED_PAGES[:]
 

realms/lib/model.py

@@ -1,12 +1,14 @@
 import json
-from sqlalchemy import not_
+from sqlalchemy import not_, and_
+from sqlalchemy.ext.declarative import declarative_base
 from datetime import datetime
-from flask.ext.sqlalchemy import SQLAlchemy
+from realms import db
+from .hook import HookModelMeta, HookMixin
 
-db = SQLAlchemy()
+Base = declarative_base(metaclass=HookModelMeta, cls=HookMixin)
 
 
-class Model(db.Model):
+class Model(Base):
     """Base SQLAlchemy Model for automatic serialization and
     deserialization of columns and nested relationships.
 
@@ -54,6 +56,11 @@ class Model(db.Model):
         kwargs['_force'] = True
         self._set_columns(**kwargs)
 
+    def filter_by(self, **kwargs):
+        clauses = [key == value
+                   for key, value in kwargs.items()]
+        return self.filter(and_(*clauses))
+
     def _set_columns(self, **kwargs):
         force = kwargs.get('_force')
 
@@ -283,6 +290,10 @@ class Model(db.Model):
         db.session.delete(self)
         db.session.commit()
 
+    @classmethod
+    def query(cls):
+        return db.session.query(cls)
+
     @classmethod
     def get_by_id(cls, id_):
-        return cls.query.filter_by(id=id_).first()
+        return cls.query().filter_by(id=id_).first()

realms/modules/auth/__init__.py

@@ -0,0 +1,12 @@
+from realms import login_manager
+from flask import request, flash, redirect
+from flask.ext.login import login_url
+
+
+@login_manager.unauthorized_handler
+def unauthorized():
+    if request.method == 'GET':
+        flash('Please log in to access this page')
+        return redirect(login_url('auth.login', request.url))
+    else:
+        return dict(error=True, message="Please log in for access."), 403

realms/modules/auth/models.py

@@ -71,22 +71,19 @@ class User(Model, UserMixin):
 
     @staticmethod
     def get_by_username(username):
-        return User.query.filter_by(username=username).first()
+        return User.query().filter_by(username=username).first()
 
     @staticmethod
     def get_by_email(email):
-        return User.query.filter_by(email=email).first()
+        return User.query().filter_by(email=email).first()
 
     @staticmethod
     def signer(salt):
-        """
-        Signed with app secret salted with sha256 of password hash of user (client secret)
-        """
         return URLSafeSerializer(current_app.config['SECRET_KEY'] + salt)
 
     @staticmethod
     def auth(email, password):
-        user = User.query.filter_by(email=email).first()
+        user = User.get_by_email(email)
 
         if not user:
             # User doesn't exist

realms/modules/wiki/tests.py

@@ -6,7 +6,11 @@ from realms.lib.test import BaseTest
 
 
 class WikiBaseTest(BaseTest):
-    def write_page(self, name, message=None, content=None):
+    def update_page(self, name, message=None, content=None):
+        return self.client.post(url_for('wiki.page_write', name=name),
+                                data=dict(message=message, content=content))
+
+    def create_page(self, name, message=None, content=None):
         return self.client.post(url_for('wiki.page_write', name=name),
                                 data=dict(message=message, content=content))
 
@@ -22,7 +26,7 @@ class UtilTest(WikiBaseTest):
 class WikiTest(WikiBaseTest):
     def test_routes(self):
         self.assert_200(self.client.get(url_for("wiki.create")))
-        self.write_page('test', message='test message', content='testing')
+        self.create_page('test', message='test message', content='testing')
 
         for route in ['page', 'edit', 'history']:
             rv = self.client.get(url_for("wiki.%s" % route, name='test'))
@@ -31,7 +35,7 @@ class WikiTest(WikiBaseTest):
         self.assert_200(self.client.get(url_for('wiki.index')))
 
     def test_write_page(self):
-        self.assert_200(self.write_page('test', message='test message', content='testing'))
+        self.assert_200(self.create_page('test', message='test message', content='testing'))
 
         rv = self.client.get(url_for('wiki.page', name='test'))
         self.assert_200(rv)
@@ -54,8 +58,8 @@ class WikiTest(WikiBaseTest):
         self.assert_status(rv, 302)
 
     def test_revert(self):
-        rv1 = self.write_page('test', message='test message', content='testing_old')
-        self.write_page('test', message='test message', content='testing_new')
+        rv1 = self.create_page('test', message='test message', content='testing_old')
+        self.update_page('test', message='test message', content='testing_new')
         data = json.loads(rv1.data)
         self.client.post(url_for('wiki.revert'), data=dict(name='test', commit=data['sha']))
         self.client.get(url_for('wiki.page', name='test'))
@@ -66,6 +70,14 @@ class WikiTest(WikiBaseTest):
         self.assert_403(self.client.post(url_for('wiki.revert'), data=dict(name='test', commit=data['sha'])))
         self.app.config['WIKI_LOCKED_PAGES'] = []
 
+    def test_anon(self):
+        rv1 = self.create_page('test', message='test message', content='testing_old')
+        self.update_page('test', message='test message', content='testing_new')
+        data = json.loads(rv1.data)
+        self.app.config['ALLOW_ANON'] = False
+        self.assert_403(self.update_page('test', message='test message', content='testing_again'))
+        self.assert_403(self.client.post(url_for('wiki.revert'), data=dict(name='test', commit=data['sha'])))
+
 
 class RelativePathTest(WikiTest):
     def configure(self):

realms/modules/wiki/views.py

@@ -32,6 +32,9 @@ def revert():
     commit = request.form.get('commit')
     message = request.form.get('message', "Reverting %s" % cname)
 
+    if not current_app.config.get('ALLOW_ANON') and current_user.is_anonymous:
+        return dict(error=True, message="Anonymous posting not allowed"), 403
+
     if cname in current_app.config.get('WIKI_LOCKED_PAGES'):
         return dict(error=True, message="Page is locked"), 403
 
@@ -104,6 +107,9 @@ def page_write(name):
     if not cname:
         return dict(error=True, message="Invalid name")
 
+    if not current_app.config.get('ALLOW_ANON') and current_user.is_anonymous:
+        return dict(error=True, message="Anonymous posting not allowed"), 403
+
     if request.method == 'POST':
         # Create
         if cname in current_app.config.get('WIKI_LOCKED_PAGES'):

realms/version.py

@@ -1 +1 @@
-__version__ = '0.4.4'
+__version__ = '0.4.5'