def edit_colleague_profile(request, colleague_profile_id):
# Don't allow editing deleted profiles
colleague_profile = get_object_or_404(ColleagueProfile.objects.current_year(),
pk=colleague_profile_id,
is_published__in=[True, None])
# Only allow the user of the profile to edit it or those with the
# change_colleagueprofile permission.
if not request.user == colleague_profile.user and \
not request.user.has_perm('arshidni:change_colleagueprofile') and \
not is_arshindi_coordinator_or_deputy(request.user):
raise PermissionDenied
context = {'edit': True, 'colleague_profile': colleague_profile}
if request.method == 'POST':
form = ColleagueProfileForm(request.POST, instance=colleague_profile)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse('arshidni:show_colleague_profile',
args=(colleague_profile.pk,)))
else:
context['form'] = form
elif request.method == 'GET':
form = ColleagueProfileForm(instance=colleague_profile)
context['form'] = form
return render(request, 'arshidni/colleague_edit_profile.html', context)
def edit_colleague_profile(request, colleague_profile_id):
# Don't allow editing deleted profiles
colleague_profile = get_object_or_404(
ColleagueProfile.objects.current_year(),
pk=colleague_profile_id,
is_published__in=[True, None])
# Only allow the user of the profile to edit it or those with the
# change_colleagueprofile permission.
if not request.user == colleague_profile.user and \
not request.user.has_perm('arshidni:change_colleagueprofile') and \
not is_arshindi_coordinator_or_deputy(request.user):
raise PermissionDenied
context = {'edit': True, 'colleague_profile': colleague_profile}
if request.method == 'POST':
form = ColleagueProfileForm(request.POST, instance=colleague_profile)
if form.is_valid():
form.save()
return HttpResponseRedirect(
reverse('arshidni:show_colleague_profile',
args=(colleague_profile.pk, )))
else:
context['form'] = form
elif request.method == 'GET':
form = ColleagueProfileForm(instance=colleague_profile)
context['form'] = form
return render(request, 'arshidni/colleague_edit_profile.html', context)
def edit_answer(request, question_id, answer_id):
# Only make it possible to edit answers for published questions
question = get_object_or_404(Question, pk=question_id,
is_published=True)
# If the answer is deleted (i.e. is_published=False), don't allow
# editing it.
answer = get_object_or_404(Answer, pk=answer_id,
is_published__in=[True, None])
if not request.user == answer.submitter and \
not request.user.has_perm('arshidni:change_answer') and\
not is_arshindi_coordinator_or_deputy(request.user):
raise PermissionDenied
# FIXME: remove edit
context = {'answer': answwer, 'question': question}
if request.method == 'POST':
form = AnswerForm(request.POST, instance=answer)
if form.is_valid():
form.save()
after_url = reverse('arshidni:show_question',
args=(question_id,)) + '#answer-' + str(answer_id)
return HttpResponseRedirect(after_url)
else:
context['form'] = form
elif request.method == 'GET':
form = AnswerForm(instance=answer)
context['form'] = form
return render(request, 'arshidni/answer_edit.html', context)
def show_question(request, question_id):
# Only show the questions that are published or pending revision
# (i.e. don't show deleted questions.)
question = get_object_or_404(Question,
pk=question_id,
is_published__in=[True, None])
# Only show pending questions to the submitter and to those with
# view_question.
if not question.is_published and \
not request.user == question.submitter and \
not request.user.has_perm('arshidni:view_question') and \
not is_arshindi_coordinator_or_deputy(request.user):
raise PermissionDenied
published_answers = Answer.objects.filter(question=question,
is_published=True)
form = AnswerForm()
context = {
'question': question,
'published_answers': published_answers,
'form': form
}
return render(request, 'arshidni/question_show.html', context)
def edit_group(request, group_id):
# TODO: If it has been approved, the dates cannot be edited.
group = get_object_or_404(StudyGroup,
pk=group_id,
is_published__in=[True, None])
if not request.user == group.coordinator and \
not request.user.has_perm('arshidni:change_group') and \
not is_arshindi_coordinator_or_deputy(request.user):
raise PermissionDenied
context = {'edit': True, 'group': group}
if request.method == 'POST':
form = StudyGroupForm(request.POST, instance=group)
if form.is_valid():
form.save()
return HttpResponseRedirect(
reverse('arshidni:show_group', args=(group.pk, )))
else:
context['form'] = form
elif request.method == 'GET':
form = StudyGroupForm(instance=group)
context['form'] = form
return render(request, 'arshidni/group_edit.html', context)
def edit_answer(request, question_id, answer_id):
# Only make it possible to edit answers for published questions
question = get_object_or_404(Question, pk=question_id, is_published=True)
# If the answer is deleted (i.e. is_published=False), don't allow
# editing it.
answer = get_object_or_404(Answer,
pk=answer_id,
is_published__in=[True, None])
if not request.user == answer.submitter and \
not request.user.has_perm('arshidni:change_answer') and\
not is_arshindi_coordinator_or_deputy(request.user):
raise PermissionDenied
# FIXME: remove edit
context = {'answer': answwer, 'question': question}
if request.method == 'POST':
form = AnswerForm(request.POST, instance=answer)
if form.is_valid():
form.save()
after_url = reverse('arshidni:show_question', args=(
question_id, )) + '#answer-' + str(answer_id)
return HttpResponseRedirect(after_url)
else:
context['form'] = form
elif request.method == 'GET':
form = AnswerForm(instance=answer)
context['form'] = form
return render(request, 'arshidni/answer_edit.html', context)
def list_questions(request, college_name):
# That's how they're stored in the database: upper-case.
upper_college_name = college_name.upper()
# Make sure that there are actually colleges with that name (this
# query makes things as dynamic as possible.)
college = get_list_or_404(College, name=upper_college_name)[0]
college_full_name = college.get_name_display()
form = QuestionForm()
# If the user has the view_questions permission, show questions
# that are pending-revision.
if request.user.has_perm('arshidni.view_question') or \
is_arshindi_coordinator_or_deputy(request.user):
questions = Question.objects.filter(college=upper_college_name,
is_published__in=[True, None])
else:
questions = Question.objects.filter(college=upper_college_name,
is_published=True)
question_filter = request.GET.get('filter')
if question_filter == 'mine':
filtered_questions = questions.filter(submitter=request.user)
elif question_filter == 'day':
one_day_ago = datetime.datetime.now() - datetime.timedelta(days=1)
filtered_questions = questions.filter(submission_date__gte=one_day_ago)
elif question_filter == 'week':
one_week_ago = datetime.datetime.now() - datetime.timedelta(days=7)
filtered_questions = questions.filter(submission_date__gte=one_week_ago)
elif question_filter == 'motnh':
one_month_ago = datetime.datetime.now() - datetime.timedelta(days=30)
filtered_questions = questions.filter(submission_date__gte=one_month_ago)
else:
filtered_questions = questions
question_order = request.GET.get('order')
# TODO: order
if True:
ordered_questions = filtered_questions.order_by('-submission_date')
# Each page of results should have a maximum of 25 activities.
paginator = Paginator(ordered_questions, 25)
page = request.GET.get('page')
try:
page_questions = paginator.page(page)
except PageNotAnInteger:
# If page is not an integer, deliver first page.
page_questions = paginator.page(1)
except EmptyPage:
# If page is out of range (e.g. 9999), deliver last page of results.
page_questions = paginator.page(paginator.num_pages)
context = {'page_questions': page_questions, 'college_name':
college_name, 'form': form, 'college_full_name':
college_full_name}
return render(request, 'arshidni/question_list.html', context)
def list_groups(request):
# If the user has the view_groups permission, show groups
# that are pending-revision.
if request.user.has_perm('arshidni.view_group') or \
is_arshindi_coordinator_or_deputy(request.user):
groups = StudyGroup.objects.filter(status__in=['A', 'P'])
else:
user_groups = StudyGroup.objects.filter(coordinator=request.user)
approved_groups = StudyGroup.objects.filter(status='A')
groups = user_groups | approved_groups
context = {'page_groups': groups}
return render(request, 'arshidni/group_list.html', context)
def list_groups(request):
# If the user has the view_groups permission, show groups
# that are pending-revision.
if request.user.has_perm('arshidni.view_group') or \
is_arshindi_coordinator_or_deputy(request.user):
groups = StudyGroup.objects.filter(status__in=['A', 'P'])
else:
user_groups = StudyGroup.objects.filter(coordinator=request.user)
approved_groups = StudyGroup.objects.filter(status='A')
groups = user_groups | approved_groups
context = {'page_groups': groups}
return render(request, 'arshidni/group_list.html', context)
def join_group_requests(request, group_id):
group = get_object_or_404(StudyGroup, pk=group_id,
status__in=['A', 'P'],
is_published=True)
# Only the coordinator and people with the change_group permission
# can handle join group requests.
if not request.user == group.coordinator and \
not request.user.has_perm('arshidni.change_group') and \
not is_arshindi_coordinator_or_deputy(request.user):
raise PermissionDenied
context = {'group': group}
return render(request, 'arshidni/group_requests.html', context)
def show_colleague_profile(request, colleague_profile_id):
colleague_profile = get_object_or_404(
ColleagueProfile.objects.current_year(),
pk=colleague_profile_id,
is_published__in=[True, None])
# If the profile is not published, only show to its user or to
# those with change_colleagueprofile.
if not colleague_profile.is_published and \
not request.user == colleague_profile.user and \
not request.user.has_perm('arshidni:view_colleagueprofile') and \
not is_arshindi_coordinator_or_deputy(request.user):
raise PermissionDenied
context = {'colleague_profile': colleague_profile}
return render(request, 'arshidni/colleague_show_profile.html', context)
def show_colleague_profile(request, colleague_profile_id):
colleague_profile = get_object_or_404(ColleagueProfile.objects.current_year(),
pk=colleague_profile_id,
is_published__in=[True,
None])
# If the profile is not published, only show to its user or to
# those with change_colleagueprofile.
if not colleague_profile.is_published and \
not request.user == colleague_profile.user and \
not request.user.has_perm('arshidni:view_colleagueprofile') and \
not is_arshindi_coordinator_or_deputy(request.user):
raise PermissionDenied
context = {'colleague_profile': colleague_profile}
return render(request, 'arshidni/colleague_show_profile.html', context)
def join_group_requests(request, group_id):
group = get_object_or_404(StudyGroup,
pk=group_id,
status__in=['A', 'P'],
is_published=True)
# Only the coordinator and people with the change_group permission
# can handle join group requests.
if not request.user == group.coordinator and \
not request.user.has_perm('arshidni.change_group') and \
not is_arshindi_coordinator_or_deputy(request.user):
raise PermissionDenied
context = {'group': group}
return render(request, 'arshidni/group_requests.html', context)
def mark_answered(request):
#answer_id = request.POST.get('answer_id')
#answer = get_object_or_404(Answer, pk=answer_id)
question_id = request.POST.get('question_id')
question = get_object_or_404(Question, pk=question_id)
if not question.submitter == request.user and \
not request.user.has_perm('arshidni.change_question') and \
not is_arshindi_coordinator_or_deputy(request.user):
raise PermissionDenied
if question.is_answered:
raise Exception(u'سبق اعتبار هذا السؤال مجابا عليه')
question.is_answered = True
question.save()
def mark_answered(request):
#answer_id = request.POST.get('answer_id')
#answer = get_object_or_404(Answer, pk=answer_id)
question_id = request.POST.get('question_id')
question = get_object_or_404(Question, pk=question_id)
if not question.submitter == request.user and \
not request.user.has_perm('arshidni.change_question') and \
not is_arshindi_coordinator_or_deputy(request.user):
raise PermissionDenied
if question.is_answered:
raise Exception(u'سبق اعتبار هذا السؤال مجابا عليه')
question.is_answered = True
question.save()
def clean(self):
username = self.cleaned_data.get('username')
password = self.cleaned_data.get('password')
message = admin.forms.AdminAuthenticationForm.error_messages['invalid_login']
params = {'username': self.username_field.verbose_name}
if username and password:
self.user_cache = authenticate(username=username, password=password)
if self.user_cache is None:
raise forms.ValidationError(message, code='invalid', params=params)
# If the user isn't in the arshidni group and isn't a
# system administrator, they must not be able to use the
# arshidni admin interface.
elif not is_arshindi_coordinator_or_deputy(self.user_cache) and\
not self.user_cache.is_superuser:
raise forms.ValidationError(message, code='invalid', params=params)
return self.cleaned_data
def list_colleagues(request):
# If the user has the view_colleague_profiles permission, show
# colleague_profiles that are pending-revision.
if is_arshindi_coordinator_or_deputy(request.user) or \
request.user.has_perm('arshidni.view_colleagueprofile'):
user_colleagues = ColleagueProfile.objects.current_year().for_user_city(request.user)
city = get_user_city(request.user)
# For cities other than Riyadh, we have gender-unspecific
# Arshidni (yay).
if city == 'R':
user_colleagues = user_colleagues.for_user_gender(request.user)
available = user_colleagues.available().published()
unavailable = user_colleagues.filter(Q(is_available=False) | Q(is_published__isnull=True))
else:
user_colleagues = ColleagueProfile.objects.current_year().for_user_gender(request.user).for_user_city(request.user).published()
available = user_colleagues.available()
unavailable = user_colleagues.unavailable()
context = {'available': available, 'unavailable': unavailable}
return render(request, 'arshidni/colleague_list.html', context)
def show_group(request, group_id):
# If the group is deleted, it can only be seen in the admin
# interface.
group = get_object_or_404(StudyGroup, pk=group_id,
status__in=['A', 'P'],
is_published__in=[True, None])
# If the group is not approved, only show it to the coordinator
# and to those with view_group permission.
if not group.status == 'A' and \
not request.user == group.coordinator and \
not request.user.has_perm('arshidni.view_group') and \
not is_arshindi_coordinator_or_deputy(request.user):
raise PermissionDenied
previous_request = JoinStudyGroupRequest.objects.filter(submitter=request.user, group=group)
context = {'group': group, 'previous_request': previous_request}
return render(request, 'arshidni/group_show.html', context)
def show_question(request, question_id):
# Only show the questions that are published or pending revision
# (i.e. don't show deleted questions.)
question = get_object_or_404(Question, pk=question_id,
is_published__in=[True, None])
# Only show pending questions to the submitter and to those with
# view_question.
if not question.is_published and \
not request.user == question.submitter and \
not request.user.has_perm('arshidni:view_question') and \
not is_arshindi_coordinator_or_deputy(request.user):
raise PermissionDenied
published_answers = Answer.objects.filter(question=question,
is_published=True)
form = AnswerForm()
context = {'question': question, 'published_answers': published_answers, 'form': form}
return render(request, 'arshidni/question_show.html', context)
def show_group(request, group_id):
# If the group is deleted, it can only be seen in the admin
# interface.
group = get_object_or_404(StudyGroup,
pk=group_id,
status__in=['A', 'P'],
is_published__in=[True, None])
# If the group is not approved, only show it to the coordinator
# and to those with view_group permission.
if not group.status == 'A' and \
not request.user == group.coordinator and \
not request.user.has_perm('arshidni.view_group') and \
not is_arshindi_coordinator_or_deputy(request.user):
raise PermissionDenied
previous_request = JoinStudyGroupRequest.objects.filter(
submitter=request.user, group=group)
context = {'group': group, 'previous_request': previous_request}
return render(request, 'arshidni/group_show.html', context)
def edit_question(request, question_id):
question = get_object_or_404(Question, pk=question_id,
is_published__in=[True, None])
if not request.user == question.submitter and \
not request.user.has_perm('arshidni:change_question') and \
not is_arshindi_coordinator_or_deputy(request.user):
raise PermissionDenied
context = {'edit': True, 'question': question}
if request.method == 'POST':
form = QuestionForm(request.POST, instance=question)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse('arshidni:show_question',
args=(question.pk,)))
else:
context['form'] = form
elif request.method == 'GET':
form = QuestionForm(instance=question)
context['form'] = form
return render(request, 'arshidni/question_edit.html', context)
def list_colleagues(request):
# If the user has the view_colleague_profiles permission, show
# colleague_profiles that are pending-revision.
if is_arshindi_coordinator_or_deputy(request.user) or \
request.user.has_perm('arshidni.view_colleagueprofile'):
user_colleagues = ColleagueProfile.objects.current_year(
).for_user_city(request.user)
city = get_user_city(request.user)
# For cities other than Riyadh, we have gender-unspecific
# Arshidni (yay).
if city == 'R':
user_colleagues = user_colleagues.for_user_gender(request.user)
available = user_colleagues.available().published()
unavailable = user_colleagues.filter(
Q(is_available=False) | Q(is_published__isnull=True))
else:
user_colleagues = ColleagueProfile.objects.current_year(
).for_user_gender(request.user).for_user_city(
request.user).published()
available = user_colleagues.available()
unavailable = user_colleagues.unavailable()
context = {'available': available, 'unavailable': unavailable}
return render(request, 'arshidni/colleague_list.html', context)
def edit_group(request, group_id):
# TODO: If it has been approved, the dates cannot be edited.
group = get_object_or_404(StudyGroup, pk=group_id,
is_published__in=[True, None])
if not request.user == group.coordinator and \
not request.user.has_perm('arshidni:change_group') and \
not is_arshindi_coordinator_or_deputy(request.user):
raise PermissionDenied
context = {'edit': True, 'group': group}
if request.method == 'POST':
form = StudyGroupForm(request.POST, instance=group)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse('arshidni:show_group',
args=(group.pk,)))
else:
context['form'] = form
elif request.method == 'GET':
form = StudyGroupForm(instance=group)
context['form'] = form
return render(request, 'arshidni/group_edit.html', context)
def edit_question(request, question_id):
question = get_object_or_404(Question,
pk=question_id,
is_published__in=[True, None])
if not request.user == question.submitter and \
not request.user.has_perm('arshidni:change_question') and \
not is_arshindi_coordinator_or_deputy(request.user):
raise PermissionDenied
context = {'edit': True, 'question': question}
if request.method == 'POST':
form = QuestionForm(request.POST, instance=question)
if form.is_valid():
form.save()
return HttpResponseRedirect(
reverse('arshidni:show_question', args=(question.pk, )))
else:
context['form'] = form
elif request.method == 'GET':
form = QuestionForm(instance=question)
context['form'] = form
return render(request, 'arshidni/question_edit.html', context)
def has_change_permission(self, request, obj=None):
return is_arshindi_coordinator_or_deputy(request.user) or request.user.is_superuser
def list_questions(request, college_name):
# That's how they're stored in the database: upper-case.
upper_college_name = college_name.upper()
# Make sure that there are actually colleges with that name (this
# query makes things as dynamic as possible.)
college = get_list_or_404(College, name=upper_college_name)[0]
college_full_name = college.get_name_display()
form = QuestionForm()
# If the user has the view_questions permission, show questions
# that are pending-revision.
if request.user.has_perm('arshidni.view_question') or \
is_arshindi_coordinator_or_deputy(request.user):
questions = Question.objects.filter(college=upper_college_name,
is_published__in=[True, None])
else:
questions = Question.objects.filter(college=upper_college_name,
is_published=True)
question_filter = request.GET.get('filter')
if question_filter == 'mine':
filtered_questions = questions.filter(submitter=request.user)
elif question_filter == 'day':
one_day_ago = datetime.datetime.now() - datetime.timedelta(days=1)
filtered_questions = questions.filter(submission_date__gte=one_day_ago)
elif question_filter == 'week':
one_week_ago = datetime.datetime.now() - datetime.timedelta(days=7)
filtered_questions = questions.filter(
submission_date__gte=one_week_ago)
elif question_filter == 'motnh':
one_month_ago = datetime.datetime.now() - datetime.timedelta(days=30)
filtered_questions = questions.filter(
submission_date__gte=one_month_ago)
else:
filtered_questions = questions
question_order = request.GET.get('order')
# TODO: order
if True:
ordered_questions = filtered_questions.order_by('-submission_date')
# Each page of results should have a maximum of 25 activities.
paginator = Paginator(ordered_questions, 25)
page = request.GET.get('page')
try:
page_questions = paginator.page(page)
except PageNotAnInteger:
# If page is not an integer, deliver first page.
page_questions = paginator.page(1)
except EmptyPage:
# If page is out of range (e.g. 9999), deliver last page of results.
page_questions = paginator.page(paginator.num_pages)
context = {
'page_questions': page_questions,
'college_name': college_name,
'form': form,
'college_full_name': college_full_name
}
return render(request, 'arshidni/question_list.html', context)
def is_arshindi_coordinator_or_deputy(user):
return utilities.is_arshindi_coordinator_or_deputy(user)
def has_permission(self, request):
return is_arshindi_coordinator_or_deputy(request.user) or request.user.is_superuser
