def edit_colleague_profile(request, colleague_profile_id): # Don't allow editing deleted profiles colleague_profile = get_object_or_404(ColleagueProfile.objects.current_year(), pk=colleague_profile_id, is_published__in=[True, None]) # Only allow the user of the profile to edit it or those with the # change_colleagueprofile permission. if not request.user == colleague_profile.user and \ not request.user.has_perm('arshidni:change_colleagueprofile') and \ not is_arshindi_coordinator_or_deputy(request.user): raise PermissionDenied context = {'edit': True, 'colleague_profile': colleague_profile} if request.method == 'POST': form = ColleagueProfileForm(request.POST, instance=colleague_profile) if form.is_valid(): form.save() return HttpResponseRedirect(reverse('arshidni:show_colleague_profile', args=(colleague_profile.pk,))) else: context['form'] = form elif request.method == 'GET': form = ColleagueProfileForm(instance=colleague_profile) context['form'] = form return render(request, 'arshidni/colleague_edit_profile.html', context)
def edit_colleague_profile(request, colleague_profile_id): # Don't allow editing deleted profiles colleague_profile = get_object_or_404( ColleagueProfile.objects.current_year(), pk=colleague_profile_id, is_published__in=[True, None]) # Only allow the user of the profile to edit it or those with the # change_colleagueprofile permission. if not request.user == colleague_profile.user and \ not request.user.has_perm('arshidni:change_colleagueprofile') and \ not is_arshindi_coordinator_or_deputy(request.user): raise PermissionDenied context = {'edit': True, 'colleague_profile': colleague_profile} if request.method == 'POST': form = ColleagueProfileForm(request.POST, instance=colleague_profile) if form.is_valid(): form.save() return HttpResponseRedirect( reverse('arshidni:show_colleague_profile', args=(colleague_profile.pk, ))) else: context['form'] = form elif request.method == 'GET': form = ColleagueProfileForm(instance=colleague_profile) context['form'] = form return render(request, 'arshidni/colleague_edit_profile.html', context)
def edit_answer(request, question_id, answer_id): # Only make it possible to edit answers for published questions question = get_object_or_404(Question, pk=question_id, is_published=True) # If the answer is deleted (i.e. is_published=False), don't allow # editing it. answer = get_object_or_404(Answer, pk=answer_id, is_published__in=[True, None]) if not request.user == answer.submitter and \ not request.user.has_perm('arshidni:change_answer') and\ not is_arshindi_coordinator_or_deputy(request.user): raise PermissionDenied # FIXME: remove edit context = {'answer': answwer, 'question': question} if request.method == 'POST': form = AnswerForm(request.POST, instance=answer) if form.is_valid(): form.save() after_url = reverse('arshidni:show_question', args=(question_id,)) + '#answer-' + str(answer_id) return HttpResponseRedirect(after_url) else: context['form'] = form elif request.method == 'GET': form = AnswerForm(instance=answer) context['form'] = form return render(request, 'arshidni/answer_edit.html', context)
def show_question(request, question_id): # Only show the questions that are published or pending revision # (i.e. don't show deleted questions.) question = get_object_or_404(Question, pk=question_id, is_published__in=[True, None]) # Only show pending questions to the submitter and to those with # view_question. if not question.is_published and \ not request.user == question.submitter and \ not request.user.has_perm('arshidni:view_question') and \ not is_arshindi_coordinator_or_deputy(request.user): raise PermissionDenied published_answers = Answer.objects.filter(question=question, is_published=True) form = AnswerForm() context = { 'question': question, 'published_answers': published_answers, 'form': form } return render(request, 'arshidni/question_show.html', context)
def edit_group(request, group_id): # TODO: If it has been approved, the dates cannot be edited. group = get_object_or_404(StudyGroup, pk=group_id, is_published__in=[True, None]) if not request.user == group.coordinator and \ not request.user.has_perm('arshidni:change_group') and \ not is_arshindi_coordinator_or_deputy(request.user): raise PermissionDenied context = {'edit': True, 'group': group} if request.method == 'POST': form = StudyGroupForm(request.POST, instance=group) if form.is_valid(): form.save() return HttpResponseRedirect( reverse('arshidni:show_group', args=(group.pk, ))) else: context['form'] = form elif request.method == 'GET': form = StudyGroupForm(instance=group) context['form'] = form return render(request, 'arshidni/group_edit.html', context)
def edit_answer(request, question_id, answer_id): # Only make it possible to edit answers for published questions question = get_object_or_404(Question, pk=question_id, is_published=True) # If the answer is deleted (i.e. is_published=False), don't allow # editing it. answer = get_object_or_404(Answer, pk=answer_id, is_published__in=[True, None]) if not request.user == answer.submitter and \ not request.user.has_perm('arshidni:change_answer') and\ not is_arshindi_coordinator_or_deputy(request.user): raise PermissionDenied # FIXME: remove edit context = {'answer': answwer, 'question': question} if request.method == 'POST': form = AnswerForm(request.POST, instance=answer) if form.is_valid(): form.save() after_url = reverse('arshidni:show_question', args=( question_id, )) + '#answer-' + str(answer_id) return HttpResponseRedirect(after_url) else: context['form'] = form elif request.method == 'GET': form = AnswerForm(instance=answer) context['form'] = form return render(request, 'arshidni/answer_edit.html', context)
def list_questions(request, college_name): # That's how they're stored in the database: upper-case. upper_college_name = college_name.upper() # Make sure that there are actually colleges with that name (this # query makes things as dynamic as possible.) college = get_list_or_404(College, name=upper_college_name)[0] college_full_name = college.get_name_display() form = QuestionForm() # If the user has the view_questions permission, show questions # that are pending-revision. if request.user.has_perm('arshidni.view_question') or \ is_arshindi_coordinator_or_deputy(request.user): questions = Question.objects.filter(college=upper_college_name, is_published__in=[True, None]) else: questions = Question.objects.filter(college=upper_college_name, is_published=True) question_filter = request.GET.get('filter') if question_filter == 'mine': filtered_questions = questions.filter(submitter=request.user) elif question_filter == 'day': one_day_ago = datetime.datetime.now() - datetime.timedelta(days=1) filtered_questions = questions.filter(submission_date__gte=one_day_ago) elif question_filter == 'week': one_week_ago = datetime.datetime.now() - datetime.timedelta(days=7) filtered_questions = questions.filter(submission_date__gte=one_week_ago) elif question_filter == 'motnh': one_month_ago = datetime.datetime.now() - datetime.timedelta(days=30) filtered_questions = questions.filter(submission_date__gte=one_month_ago) else: filtered_questions = questions question_order = request.GET.get('order') # TODO: order if True: ordered_questions = filtered_questions.order_by('-submission_date') # Each page of results should have a maximum of 25 activities. paginator = Paginator(ordered_questions, 25) page = request.GET.get('page') try: page_questions = paginator.page(page) except PageNotAnInteger: # If page is not an integer, deliver first page. page_questions = paginator.page(1) except EmptyPage: # If page is out of range (e.g. 9999), deliver last page of results. page_questions = paginator.page(paginator.num_pages) context = {'page_questions': page_questions, 'college_name': college_name, 'form': form, 'college_full_name': college_full_name} return render(request, 'arshidni/question_list.html', context)
def list_groups(request): # If the user has the view_groups permission, show groups # that are pending-revision. if request.user.has_perm('arshidni.view_group') or \ is_arshindi_coordinator_or_deputy(request.user): groups = StudyGroup.objects.filter(status__in=['A', 'P']) else: user_groups = StudyGroup.objects.filter(coordinator=request.user) approved_groups = StudyGroup.objects.filter(status='A') groups = user_groups | approved_groups context = {'page_groups': groups} return render(request, 'arshidni/group_list.html', context)
def list_groups(request): # If the user has the view_groups permission, show groups # that are pending-revision. if request.user.has_perm('arshidni.view_group') or \ is_arshindi_coordinator_or_deputy(request.user): groups = StudyGroup.objects.filter(status__in=['A', 'P']) else: user_groups = StudyGroup.objects.filter(coordinator=request.user) approved_groups = StudyGroup.objects.filter(status='A') groups = user_groups | approved_groups context = {'page_groups': groups} return render(request, 'arshidni/group_list.html', context)
def join_group_requests(request, group_id): group = get_object_or_404(StudyGroup, pk=group_id, status__in=['A', 'P'], is_published=True) # Only the coordinator and people with the change_group permission # can handle join group requests. if not request.user == group.coordinator and \ not request.user.has_perm('arshidni.change_group') and \ not is_arshindi_coordinator_or_deputy(request.user): raise PermissionDenied context = {'group': group} return render(request, 'arshidni/group_requests.html', context)
def show_colleague_profile(request, colleague_profile_id): colleague_profile = get_object_or_404( ColleagueProfile.objects.current_year(), pk=colleague_profile_id, is_published__in=[True, None]) # If the profile is not published, only show to its user or to # those with change_colleagueprofile. if not colleague_profile.is_published and \ not request.user == colleague_profile.user and \ not request.user.has_perm('arshidni:view_colleagueprofile') and \ not is_arshindi_coordinator_or_deputy(request.user): raise PermissionDenied context = {'colleague_profile': colleague_profile} return render(request, 'arshidni/colleague_show_profile.html', context)
def show_colleague_profile(request, colleague_profile_id): colleague_profile = get_object_or_404(ColleagueProfile.objects.current_year(), pk=colleague_profile_id, is_published__in=[True, None]) # If the profile is not published, only show to its user or to # those with change_colleagueprofile. if not colleague_profile.is_published and \ not request.user == colleague_profile.user and \ not request.user.has_perm('arshidni:view_colleagueprofile') and \ not is_arshindi_coordinator_or_deputy(request.user): raise PermissionDenied context = {'colleague_profile': colleague_profile} return render(request, 'arshidni/colleague_show_profile.html', context)
def join_group_requests(request, group_id): group = get_object_or_404(StudyGroup, pk=group_id, status__in=['A', 'P'], is_published=True) # Only the coordinator and people with the change_group permission # can handle join group requests. if not request.user == group.coordinator and \ not request.user.has_perm('arshidni.change_group') and \ not is_arshindi_coordinator_or_deputy(request.user): raise PermissionDenied context = {'group': group} return render(request, 'arshidni/group_requests.html', context)
def mark_answered(request): #answer_id = request.POST.get('answer_id') #answer = get_object_or_404(Answer, pk=answer_id) question_id = request.POST.get('question_id') question = get_object_or_404(Question, pk=question_id) if not question.submitter == request.user and \ not request.user.has_perm('arshidni.change_question') and \ not is_arshindi_coordinator_or_deputy(request.user): raise PermissionDenied if question.is_answered: raise Exception(u'سبق اعتبار هذا السؤال مجابا عليه') question.is_answered = True question.save()
def mark_answered(request): #answer_id = request.POST.get('answer_id') #answer = get_object_or_404(Answer, pk=answer_id) question_id = request.POST.get('question_id') question = get_object_or_404(Question, pk=question_id) if not question.submitter == request.user and \ not request.user.has_perm('arshidni.change_question') and \ not is_arshindi_coordinator_or_deputy(request.user): raise PermissionDenied if question.is_answered: raise Exception(u'سبق اعتبار هذا السؤال مجابا عليه') question.is_answered = True question.save()
def clean(self): username = self.cleaned_data.get('username') password = self.cleaned_data.get('password') message = admin.forms.AdminAuthenticationForm.error_messages['invalid_login'] params = {'username': self.username_field.verbose_name} if username and password: self.user_cache = authenticate(username=username, password=password) if self.user_cache is None: raise forms.ValidationError(message, code='invalid', params=params) # If the user isn't in the arshidni group and isn't a # system administrator, they must not be able to use the # arshidni admin interface. elif not is_arshindi_coordinator_or_deputy(self.user_cache) and\ not self.user_cache.is_superuser: raise forms.ValidationError(message, code='invalid', params=params) return self.cleaned_data
def list_colleagues(request): # If the user has the view_colleague_profiles permission, show # colleague_profiles that are pending-revision. if is_arshindi_coordinator_or_deputy(request.user) or \ request.user.has_perm('arshidni.view_colleagueprofile'): user_colleagues = ColleagueProfile.objects.current_year().for_user_city(request.user) city = get_user_city(request.user) # For cities other than Riyadh, we have gender-unspecific # Arshidni (yay). if city == 'R': user_colleagues = user_colleagues.for_user_gender(request.user) available = user_colleagues.available().published() unavailable = user_colleagues.filter(Q(is_available=False) | Q(is_published__isnull=True)) else: user_colleagues = ColleagueProfile.objects.current_year().for_user_gender(request.user).for_user_city(request.user).published() available = user_colleagues.available() unavailable = user_colleagues.unavailable() context = {'available': available, 'unavailable': unavailable} return render(request, 'arshidni/colleague_list.html', context)
def show_group(request, group_id): # If the group is deleted, it can only be seen in the admin # interface. group = get_object_or_404(StudyGroup, pk=group_id, status__in=['A', 'P'], is_published__in=[True, None]) # If the group is not approved, only show it to the coordinator # and to those with view_group permission. if not group.status == 'A' and \ not request.user == group.coordinator and \ not request.user.has_perm('arshidni.view_group') and \ not is_arshindi_coordinator_or_deputy(request.user): raise PermissionDenied previous_request = JoinStudyGroupRequest.objects.filter(submitter=request.user, group=group) context = {'group': group, 'previous_request': previous_request} return render(request, 'arshidni/group_show.html', context)
def show_question(request, question_id): # Only show the questions that are published or pending revision # (i.e. don't show deleted questions.) question = get_object_or_404(Question, pk=question_id, is_published__in=[True, None]) # Only show pending questions to the submitter and to those with # view_question. if not question.is_published and \ not request.user == question.submitter and \ not request.user.has_perm('arshidni:view_question') and \ not is_arshindi_coordinator_or_deputy(request.user): raise PermissionDenied published_answers = Answer.objects.filter(question=question, is_published=True) form = AnswerForm() context = {'question': question, 'published_answers': published_answers, 'form': form} return render(request, 'arshidni/question_show.html', context)
def show_group(request, group_id): # If the group is deleted, it can only be seen in the admin # interface. group = get_object_or_404(StudyGroup, pk=group_id, status__in=['A', 'P'], is_published__in=[True, None]) # If the group is not approved, only show it to the coordinator # and to those with view_group permission. if not group.status == 'A' and \ not request.user == group.coordinator and \ not request.user.has_perm('arshidni.view_group') and \ not is_arshindi_coordinator_or_deputy(request.user): raise PermissionDenied previous_request = JoinStudyGroupRequest.objects.filter( submitter=request.user, group=group) context = {'group': group, 'previous_request': previous_request} return render(request, 'arshidni/group_show.html', context)
def edit_question(request, question_id): question = get_object_or_404(Question, pk=question_id, is_published__in=[True, None]) if not request.user == question.submitter and \ not request.user.has_perm('arshidni:change_question') and \ not is_arshindi_coordinator_or_deputy(request.user): raise PermissionDenied context = {'edit': True, 'question': question} if request.method == 'POST': form = QuestionForm(request.POST, instance=question) if form.is_valid(): form.save() return HttpResponseRedirect(reverse('arshidni:show_question', args=(question.pk,))) else: context['form'] = form elif request.method == 'GET': form = QuestionForm(instance=question) context['form'] = form return render(request, 'arshidni/question_edit.html', context)
def list_colleagues(request): # If the user has the view_colleague_profiles permission, show # colleague_profiles that are pending-revision. if is_arshindi_coordinator_or_deputy(request.user) or \ request.user.has_perm('arshidni.view_colleagueprofile'): user_colleagues = ColleagueProfile.objects.current_year( ).for_user_city(request.user) city = get_user_city(request.user) # For cities other than Riyadh, we have gender-unspecific # Arshidni (yay). if city == 'R': user_colleagues = user_colleagues.for_user_gender(request.user) available = user_colleagues.available().published() unavailable = user_colleagues.filter( Q(is_available=False) | Q(is_published__isnull=True)) else: user_colleagues = ColleagueProfile.objects.current_year( ).for_user_gender(request.user).for_user_city( request.user).published() available = user_colleagues.available() unavailable = user_colleagues.unavailable() context = {'available': available, 'unavailable': unavailable} return render(request, 'arshidni/colleague_list.html', context)
def edit_group(request, group_id): # TODO: If it has been approved, the dates cannot be edited. group = get_object_or_404(StudyGroup, pk=group_id, is_published__in=[True, None]) if not request.user == group.coordinator and \ not request.user.has_perm('arshidni:change_group') and \ not is_arshindi_coordinator_or_deputy(request.user): raise PermissionDenied context = {'edit': True, 'group': group} if request.method == 'POST': form = StudyGroupForm(request.POST, instance=group) if form.is_valid(): form.save() return HttpResponseRedirect(reverse('arshidni:show_group', args=(group.pk,))) else: context['form'] = form elif request.method == 'GET': form = StudyGroupForm(instance=group) context['form'] = form return render(request, 'arshidni/group_edit.html', context)
def edit_question(request, question_id): question = get_object_or_404(Question, pk=question_id, is_published__in=[True, None]) if not request.user == question.submitter and \ not request.user.has_perm('arshidni:change_question') and \ not is_arshindi_coordinator_or_deputy(request.user): raise PermissionDenied context = {'edit': True, 'question': question} if request.method == 'POST': form = QuestionForm(request.POST, instance=question) if form.is_valid(): form.save() return HttpResponseRedirect( reverse('arshidni:show_question', args=(question.pk, ))) else: context['form'] = form elif request.method == 'GET': form = QuestionForm(instance=question) context['form'] = form return render(request, 'arshidni/question_edit.html', context)
def has_change_permission(self, request, obj=None): return is_arshindi_coordinator_or_deputy(request.user) or request.user.is_superuser
def list_questions(request, college_name): # That's how they're stored in the database: upper-case. upper_college_name = college_name.upper() # Make sure that there are actually colleges with that name (this # query makes things as dynamic as possible.) college = get_list_or_404(College, name=upper_college_name)[0] college_full_name = college.get_name_display() form = QuestionForm() # If the user has the view_questions permission, show questions # that are pending-revision. if request.user.has_perm('arshidni.view_question') or \ is_arshindi_coordinator_or_deputy(request.user): questions = Question.objects.filter(college=upper_college_name, is_published__in=[True, None]) else: questions = Question.objects.filter(college=upper_college_name, is_published=True) question_filter = request.GET.get('filter') if question_filter == 'mine': filtered_questions = questions.filter(submitter=request.user) elif question_filter == 'day': one_day_ago = datetime.datetime.now() - datetime.timedelta(days=1) filtered_questions = questions.filter(submission_date__gte=one_day_ago) elif question_filter == 'week': one_week_ago = datetime.datetime.now() - datetime.timedelta(days=7) filtered_questions = questions.filter( submission_date__gte=one_week_ago) elif question_filter == 'motnh': one_month_ago = datetime.datetime.now() - datetime.timedelta(days=30) filtered_questions = questions.filter( submission_date__gte=one_month_ago) else: filtered_questions = questions question_order = request.GET.get('order') # TODO: order if True: ordered_questions = filtered_questions.order_by('-submission_date') # Each page of results should have a maximum of 25 activities. paginator = Paginator(ordered_questions, 25) page = request.GET.get('page') try: page_questions = paginator.page(page) except PageNotAnInteger: # If page is not an integer, deliver first page. page_questions = paginator.page(1) except EmptyPage: # If page is out of range (e.g. 9999), deliver last page of results. page_questions = paginator.page(paginator.num_pages) context = { 'page_questions': page_questions, 'college_name': college_name, 'form': form, 'college_full_name': college_full_name } return render(request, 'arshidni/question_list.html', context)
def is_arshindi_coordinator_or_deputy(user): return utilities.is_arshindi_coordinator_or_deputy(user)
def has_permission(self, request): return is_arshindi_coordinator_or_deputy(request.user) or request.user.is_superuser