def attachments(request, title):
document = get_object_or_404(Document, url_title=title)
check_permissions(document, request.user, [document.edit_permission_name])
success, form, __ = handle_attachment(request, document)
if success:
messages.success(request, _("File has been uploaded successfully!"))
return HttpResponseRedirect(
reverse(document.get_attachments_url_name(),
args=[document.url_title]))
else:
return render(
request, "documents_attachments.html", {
'document':
document,
'edit_url':
reverse(document.get_attachments_url_name(),
args=[document.url_title]),
'form':
form,
'attachments':
document.attachments.all().order_by('index'),
'active_page':
'attachments',
'permission_overview':
document_permission_overview(request.user, document),
})
def edit(request, title, new_autosaved_pages=None, initial=None):
document = Document.objects.get(url_title=title)
content_type = ContentType.objects.get_for_model(document)
check_permissions(document, request.user, [document.edit_permission_name])
# if the edit form has a formset we will initialize it here
formset_factory = document.Form.get_formset_factory()
formset = formset_factory(request.POST or None, instance=document) if formset_factory is not None else None
if formset is not None:
template_name = "{app}_edit.html".format(app=content_type.app_label)
else:
template_name = "documents_edit.html"
success, form = handle_edit(request, document, formset, initial)
__, attachment_form, __ = handle_attachment(request, document)
if success:
messages.success(request, _("Successfully saved changes"))
return HttpResponseRedirect(reverse('documents:view', args=[document.url_title]))
else:
return render(request, template_name, {
'document': document,
'form': form,
'attachment_form': attachment_form,
'active_page': 'edit',
'creation': (len(revisions.get_for_object(document)) == 0),
'new_autosaved_pages': new_autosaved_pages,
'permission_warning': permission_warning(request.user, content_type, document),
'supported_image_types': settings.SUPPORTED_IMAGE_TYPES,
'formset': formset,
})
def delete_document(request, title):
document = get_object_or_404(Document, url_title=title)
check_permissions(document, request.user, [document.edit_permission_name])
document.delete()
messages.success(request, _("Successfully deleted document: {}".format(document.title)))
return HttpResponse()
def delete_document(request, title):
document = get_object_or_404(Document, url_title=title)
if document.is_in_creation:
try:
# check super user permissions
check_permissions(document, request.user,
[document.edit_permission_name])
except PermissionDenied:
# check if an autosave has already been created
autosaves_for_document = TemporaryDocumentText.objects.filter(
document=document)
if autosaves_for_document.exists():
# with an unsaved document, only one user can have autosaves
if autosaves_for_document.first().author != request.user:
raise PermissionDenied
else:
# no permission check possible if no autosave was saved (current behavior is not ideal)
raise PermissionDenied
else:
check_permissions(document, request.user,
[document.edit_permission_name])
document.delete()
messages.success(
request,
_("Successfully deleted document: {}").format(document.title))
return HttpResponse()
def view(request, title):
document = get_object_or_404(Document, url_title=title)
content_type = ContentType.objects.get_for_model(document)
check_permissions(document, request.user, [document.view_permission_name])
try:
function = get_model_function(content_type, 'view')
return function(request, title)
except (ImportError, AttributeError):
pass
text, toc = convert_markdown(document.text)
return render(
request, 'documents_base.html', {
'document':
document,
'text':
text,
'toc':
toc,
'attachments':
document.attachments.filter(
no_direct_download=False).order_by('index'),
'active_page':
'view',
'view_page':
True,
'permission_overview':
document_permission_overview(request.user, document),
})
def delete_autosave(request, title):
if request.method != 'POST':
raise Http404
# first check that the user actually may change this document
document = get_object_or_404(Document, url_title=title)
check_permissions(document, request.user, [document.edit_permission_name])
# second check that the supplied autosave id matches to the document and has been created by the user
autosave_id = request.POST['autosave_id']
autosave = get_object_or_404(TemporaryDocumentText, id=autosave_id)
autosaves_for_object_and_user = TemporaryDocumentText.objects.filter(
document=document, author=request.user)
if autosave not in autosaves_for_object_and_user:
raise SuspiciousOperation
if document.is_in_creation:
# this is a new document that only has this autosave right now and nothing else, we can safely delete this document
document.delete()
messages.success(
request,
_("Successfully deleted document: {}").format(document.title))
response = HttpResponseRedirect(reverse("index"))
else:
# everything seems to be alright, we can delete the autosave and leave the document as such intact
autosave.delete()
messages.success(request, _("Successfully deleted autosave"))
response = HttpResponseRedirect(
reverse("edit", args=[document.url_title]))
return response
def permissions(request, title):
document = get_object_or_404(Document, url_title=title)
content_type = ContentType.objects.get_for_model(document)
check_permissions(document, request.user, [document.edit_permission_name])
if not document.show_permissions_editor():
raise PermissionDenied()
PermissionForm = get_permission_form(document)
PermissionFormset = formset_factory(get_permission_form(document), extra=0)
initial_data = PermissionForm.prepare_initial_data(Group.objects.all(), content_type, document)
formset = PermissionFormset(request.POST or None, initial=initial_data)
if request.POST and formset.is_valid():
for form in formset:
form.save(document)
messages.success(request, _("Permissions have been changed successfully."))
if request.user.has_perm(document.edit_permission_name, document):
return HttpResponseRedirect(reverse(document.get_permissions_url_name(), args=[document.url_title]))
if request.user.has_perm(document.view_permission_name, document):
return HttpResponseRedirect(reverse(document.get_view_url_name(), args=[document.url_title]))
return HttpResponseRedirect(reverse('index'))
return render(request, 'documents_permissions.html', {
'document': document,
'formset_header': PermissionForm.header(content_type),
'formset': formset,
'active_page': 'permissions',
'permission_overview': document_permission_overview(request.user, document),
})
def delete_autosave(request, title):
if request.method != 'POST':
raise Http404
# first check that the user actually may change this document
document = get_object_or_404(Document, url_title=title)
check_permissions(document, request.user, [document.edit_permission_name])
# second check that the supplied autosave id matches to the document and has been created by the user
autosave_id = request.POST['autosave_id']
autosave = get_object_or_404(TemporaryDocumentText, id=autosave_id)
autosaves_for_object_and_user = TemporaryDocumentText.objects.filter(document=document, author=request.user)
if autosave not in autosaves_for_object_and_user:
raise SuspiciousOperation
if document.is_in_creation:
# this is a new document that only has this autosave right now and nothing else, we can safely delete this document
document.delete()
messages.success(request, _("Successfully deleted document: {}").format(document.title))
response = HttpResponseRedirect(reverse("index"))
else:
# everything seems to be alright, we can delete the autosave and leave the document as such intact
autosave.delete()
messages.success(request, _("Successfully deleted autosave"))
response = HttpResponseRedirect(reverse("edit", args=[document.url_title]))
return response
def delete_document(request, title):
document = get_object_or_404(Document, url_title=title)
check_permissions(document, request.user, [document.edit_permission_name])
document.delete()
messages.success(
request,
_("Successfully deleted document: {}").format(document.title))
return HttpResponse()
def publish(request, title):
document = Document.objects.get(url_title=title)
check_permissions(document, request.user, [document.edit_permission_name])
if not document.show_publish_button():
raise PermissionDenied()
document.publish()
messages.success(request, _("Minutes document has been published."))
return HttpResponseRedirect(reverse("documents:view", args=[document.url_title]))
def publish(request, title, state_id):
document = get_object_or_404(Document, url_title=title)
check_permissions(document, request.user, [document.edit_permission_name])
if not document.show_publish_button():
raise PermissionDenied()
document.publish(state_id)
messages.success(request, _("Minutes document has been published."))
return HttpResponseRedirect(reverse(document.get_view_url_name(), args=[document.url_title]))
def autosave(request, title): document = None try: document = Document.objects.get(url_title=title) check_permissions(document, request.user, [document.edit_permission_name]) except Document.DoesNotExist: pass handle_autosave(request, document) return HttpResponse()
def revert(request):
if not request.is_ajax() or not request.POST:
raise Http404
version_id = request.POST['id']
document_url_title = request.POST['url_title']
document = get_object_or_404(Document, url_title=document_url_title)
check_permissions(document, request.user, [document.edit_permission_name])
versions = revisions.get_for_object(document)
if not document.can_be_reverted:
raise SuspiciousOperation('This Document can not be reverted!')
# find the we want to revert to
revert_version = None
for version in versions:
if version.pk == int(version_id):
revert_version = version
break
if revert_version is None:
# user supplied version_id that does not exist
raise SuspiciousOperation('Could not find document')
revert_version.revision.revert(delete=False)
fields = revert_version.field_dict
document_class = ContentType.objects.get_for_id(fields.pop('polymorphic_ctype')).model_class()
# Remove all references to parent objects, rename ForeignKeyFields, extract ManyToManyFields.
new_fields = fields.copy()
many_to_many_fields = {}
for key in fields.keys():
if "_ptr" in key:
del new_fields[key]
continue
if hasattr(document_class, key):
field = getattr(document_class, key).field
if isinstance(field, models.ManyToManyField):
many_to_many_fields[key] = fields[key]
else:
new_fields[field.attname] = fields[key]
del new_fields[key]
reverted_document = document_class(**new_fields)
with transaction.atomic(), revisions.create_revision():
reverted_document.save()
# Restore ManyToManyFields
for key in many_to_many_fields.keys():
getattr(reverted_document, key).clear()
getattr(reverted_document, key).add(*many_to_many_fields[key])
revisions.set_user(request.user)
revisions.set_comment(
_('reverted to revision \"{revision_comment}\"'.format(revision_comment=revert_version.revision.comment)))
return HttpResponse(reverse('versions', args=[reverted_document.url_title]))
def render_text(request, title): if request.method != 'POST': raise SuspiciousOperation document = Document.objects.get(url_title=title) check_permissions(document, request.user, [document.view_permission_name, document.edit_permission_name]) text = request.POST['text'] md = markdown.Markdown(safe_mode='escape', extensions=[TocExtension(baselevel=2), InternalLinksMarkdownExtension()]) text = md.convert(text) return HttpResponse(text, content_type='text/plain')
def autosave(request, title): document = None try: document = get_object_or_404(Document, url_title=title) if document.has_perms(): check_permissions(document, request.user, [document.edit_permission_name]) except Document.DoesNotExist: pass handle_autosave(request, document) return HttpResponse()
def versions(request, title):
document = get_object_or_404(Document, url_title=title)
check_permissions(document, request.user, [document.edit_permission_name])
document_versions = prepare_versions(document)
return render(request, 'documents_versions.html', {
'active_page': 'versions',
'versions': document_versions,
'document': document,
'permission_warning': permission_warning(request.user, document),
})
def publish(request, title, next_state_id):
document = get_object_or_404(Document, url_title=title)
check_permissions(document, request.user, [document.edit_permission_name])
if not document.show_publish_button():
raise PermissionDenied()
document.publish(next_state_id)
messages.success(request, _("Minutes document has been published."))
return HttpResponseRedirect(
reverse(document.get_view_url_name(), args=[document.url_title]))
def view(request, title):
poll = get_object_or_404(Document, url_title=title)
check_permissions(poll, request.user, [Poll.get_view_permission()])
if poll.end_date < datetime.date.today() or poll.participants.filter(id=request.user.pk).exists():
return results(request, poll, title)
elif poll.start_date > datetime.date.today():
messages.warning(request, _("This poll has not yet started."))
return index(request)
else:
if not request.user.has_perm('polls.vote_poll', poll):
return results(request, poll, title)
return vote(request, poll, title)
def render_text(request, title): if request.method != 'POST': raise SuspiciousOperation document = get_object_or_404(Document, url_title=title) if document.has_perms(): check_permissions(document, request.user, [document.view_permission_name, document.edit_permission_name]) text = request.POST['text'] md = markdown.Markdown(safe_mode='escape', extensions=[TocExtension(baselevel=2), InternalLinksMarkdownExtension(), 'markdown.extensions.abbr']) text = md.convert(text + abbreviation_explanation_markdown()) return HttpResponse(text, content_type='text/plain')
def versions(request, title):
document = Document.objects.get(url_title=title)
content_type = ContentType.objects.get_for_model(document)
check_permissions(document, request.user, [document.edit_permission_name])
document_versions = prepare_versions(document)
return render(request, 'documents_versions.html', {
'active_page': 'versions',
'versions': document_versions,
'document': document,
'permission_warning': permission_warning(request.user, content_type, document),
})
def view(request, title):
poll = get_object_or_404(Document, url_title=title)
check_permissions(poll, request.user, [Poll.get_view_permission()])
if poll.end_date < datetime.date.today() or poll.participants.filter(
id=request.user.pk).exists():
return results(request, poll, title)
elif poll.start_date > datetime.date.today():
messages.warning(request, _("This poll has not yet started."))
return index(request)
else:
if not request.user.has_perm('polls.vote_poll', poll):
return results(request, poll, title)
return vote(request, poll, title)
def render_text(request, title):
if request.method != 'POST':
raise SuspiciousOperation
document = get_object_or_404(Document, url_title=title)
if document.has_perms():
check_permissions(
document, request.user,
[document.view_permission_name, document.edit_permission_name])
text, __ = convert_markdown(request.POST['text'])
WebsocketGroup(get_group_name(document.hash_value)).send({'text': text})
return HttpResponse(text, content_type='text/plain')
def render_text(request, title):
if request.method != 'POST':
raise SuspiciousOperation
document = get_object_or_404(Document, url_title=title)
if document.has_perms():
check_permissions(document, request.user, [document.view_permission_name, document.edit_permission_name])
text, __ = convert_markdown(request.POST['text'])
WebsocketGroup(get_group_name(document.hash_value)).send({
'text': text
})
return HttpResponse(text, content_type='text/plain')
def versions(request, title):
document = get_object_or_404(Document, url_title=title)
check_permissions(document, request.user, [document.edit_permission_name])
document_versions = prepare_versions(document)
if not document.can_be_reverted:
messages.warning(request, _('This Document can not be reverted!'))
return render(request, 'documents_versions.html', {
'active_page': 'versions',
'versions': document_versions,
'document': document,
'permission_overview': document_permission_overview(request.user, document),
'can_be_reverted': document.can_be_reverted,
})
def get_delete_cascade(request, title): document = get_object_or_404(Document, url_title=title) check_permissions(document, request.user, [document.edit_permission_name]) collector = NestedObjects(using=DEFAULT_DB_ALIAS) collector.collect([document]) delete_cascade = collector.nested() # remove all subclasses of current document from the list because that does not add much helpful information simplified_delete_cascade = [] for cascade_item in delete_cascade: if issubclass(type(document), type(cascade_item)) and not type(document) == type(cascade_item): continue simplified_delete_cascade.append(cascade_item) return HttpResponse(json.dumps(delete_cascade_to_json(simplified_delete_cascade)))
def edit(request, title, new_autosaved_pages=None, initial=None):
document = get_object_or_404(Document, url_title=title)
content_type = ContentType.objects.get_for_model(document)
if document.has_perms():
check_permissions(document, request.user, [document.edit_permission_name])
elif new_autosaved_pages is None and initial is None:
# page is not new and has no permissions set, it is likely that somebody tries to view an autosaved page
# users are only allowed to view autosaved pages if they have the "add" permission for documents
check_permissions(document, request.user, [document.add_permission_name])
try:
autosave = TemporaryDocumentText.objects.get(document=document)
if autosave.author != request.user:
raise PermissionDenied
except ObjectDoesNotExist:
# There is no autosave linked to this document, this means that the document can be treated as a new
# document, hence everyone with add permissions may work with this document
pass
# if the edit form has a formset we will initialize it here
formset_factory = document.Form.get_formset_factory()
formset = formset_factory(request.POST or None, instance=document) if formset_factory is not None else None
if formset is not None:
template_name = "{app}_edit.html".format(app=content_type.app_label)
else:
template_name = "documents_edit.html"
success, form = handle_edit(request, document, formset, initial)
__, attachment_form, __ = handle_attachment(request, document)
if success:
messages.success(request, _("Successfully saved changes"))
return HttpResponseRedirect(reverse(document.get_view_url_name(), args=[document.url_title]))
else:
return render(request, template_name, {
'document': document,
'form': form,
'attachment_form': attachment_form,
'active_page': 'edit',
'creation': document.is_in_creation,
'new_autosaved_pages': new_autosaved_pages,
'permission_warning': permission_warning(request.user, document),
'supported_image_types': settings.SUPPORTED_IMAGE_TYPES,
'formset': formset,
})
def attachments(request, title):
document = get_object_or_404(Document, url_title=title)
check_permissions(document, request.user, [document.edit_permission_name])
success, form, __ = handle_attachment(request, document)
if success:
messages.success(request, _("File has been uploaded successfully!"))
return HttpResponseRedirect(reverse(document.get_attachments_url_name(), args=[document.url_title]))
else:
return render(request, "documents_attachments.html", {
'document': document,
'edit_url': reverse(document.get_attachments_url_name(), args=[document.url_title]),
'form': form,
'attachments': document.attachments.all().order_by('index'),
'active_page': 'attachments',
'permission_overview': document_permission_overview(request.user, document),
})
def get_delete_cascade(request, title):
document = get_object_or_404(Document, url_title=title)
check_permissions(document, request.user, [document.edit_permission_name])
collector = NestedObjects(using=DEFAULT_DB_ALIAS)
collector.collect([document])
delete_cascade = collector.nested()
# remove all subclasses of current document from the list because that does not add much helpful information
simplified_delete_cascade = []
for cascade_item in delete_cascade:
if issubclass(type(document), type(
cascade_item)) and not type(document) == type(cascade_item):
continue
simplified_delete_cascade.append(cascade_item)
return HttpResponse(
json.dumps(delete_cascade_to_json(simplified_delete_cascade)))
def attachments(request, title):
document = Document.objects.get(url_title=title)
content_type = ContentType.objects.get_for_model(document)
check_permissions(document, request.user, [document.edit_permission_name])
success, form, __ = handle_attachment(request, document)
if success:
messages.success(request, _("File has been uploaded successfully!"))
return HttpResponseRedirect(reverse("documents:attachments", args=[document.url_title]))
else:
return render(request, "documents_attachments.html", {
'document': document,
'edit_url': reverse('documents:attachments', args=[document.url_title]),
'form': form,
'attachments': document.attachments.all().order_by('index'),
'active_page': 'attachments',
'permission_warning': permission_warning(request.user, content_type, document),
})
def render_text(request, title):
if request.method != 'POST':
raise SuspiciousOperation
document = get_object_or_404(Document, url_title=title)
if document.has_perms():
check_permissions(
document, request.user,
[document.view_permission_name, document.edit_permission_name])
text, __ = convert_markdown(request.POST['text'])
channel_layer = channels.layers.get_channel_layer()
async_to_sync(channel_layer.group_send)(document.hash_value, {
'type': 'update_preview',
'message': text,
})
return HttpResponse(text, content_type='text/plain')
def edit(request, title, new_autosaved_pages=None, initial=None):
document = get_object_or_404(Document, url_title=title)
content_type = ContentType.objects.get_for_model(document)
if document.has_perms():
check_permissions(document, request.user, [document.edit_permission_name])
elif new_autosaved_pages is None and initial is None:
# page is not new and has no permissions set, it is likely that somebody tries to view an autosaved page
# users are only allowed to view autosaved pages if they have the "add" permission for documents
check_permissions(document, request.user, [document.add_permission_name])
# if the edit form has a formset we will initialize it here
formset_factory = document.Form.get_formset_factory()
formset = formset_factory(request.POST or None, instance=document) if formset_factory is not None else None
if formset is not None:
template_name = "{app}_edit.html".format(app=content_type.app_label)
else:
template_name = "documents_edit.html"
try:
creation_group = request.user.groups.get(id=request.GET.get('group', False))
except Group.DoesNotExist:
creation_group = None
success, form = handle_edit(request, document, formset, initial, creation_group=creation_group)
__, attachment_form, __ = handle_attachment(request, document)
if success:
messages.success(request, _("Successfully saved changes"))
return HttpResponseRedirect(reverse(document.get_view_url_name(), args=[document.url_title]))
else:
return render(request, template_name, {
'document': document,
'form': form,
'attachment_form': attachment_form,
'active_page': 'edit',
'creation': document.is_in_creation,
'new_autosaved_pages': new_autosaved_pages,
'permission_overview': document_permission_overview(request.user, document),
'supported_image_types': settings.SUPPORTED_IMAGE_TYPES,
'formset': formset,
})
def view(request, title):
document = get_object_or_404(Document, url_title=title)
content_type = ContentType.objects.get_for_model(document)
check_permissions(document, request.user, [document.view_permission_name])
try:
function = get_model_function(content_type, 'view')
return function(request, title)
except (ImportError, AttributeError):
pass
if document.text == "" and (document.text_en != ""
or document.text_de != ""):
messages.warning(
request,
_('The requested document is not available in the selected language. It will be shown in the available language instead.'
))
text, toc = convert_markdown(
next((text for text in (document.text_de, document.text_en)
if text != ""), ""))
else:
text, toc = convert_markdown(document.text)
return render(
request, 'documents_base.html', {
'document':
document,
'text':
text,
'toc':
toc,
'attachments':
document.attachments.filter(
no_direct_download=False).order_by('index'),
'active_page':
'view',
'view_page':
True,
'permission_overview':
document_permission_overview(request.user, document),
})
def permissions(request, title):
document = get_object_or_404(Document, url_title=title)
content_type = ContentType.objects.get_for_model(document)
check_permissions(document, request.user, [document.edit_permission_name])
if not document.show_permissions_editor():
raise PermissionDenied()
PermissionForm = get_permission_form(document)
PermissionFormset = formset_factory(get_permission_form(document), extra=0)
initial_data = PermissionForm.prepare_initial_data(Group.objects.all(),
content_type, document)
formset = PermissionFormset(request.POST or None, initial=initial_data)
if request.POST and formset.is_valid():
for form in formset:
form.save(document)
messages.success(request,
_("Permissions have been changed successfully."))
if request.user.has_perm(document.edit_permission_name, document):
return HttpResponseRedirect(
reverse(document.get_permissions_url_name(),
args=[document.url_title]))
if request.user.has_perm(document.view_permission_name, document):
return HttpResponseRedirect(
reverse(document.get_view_url_name(),
args=[document.url_title]))
return HttpResponseRedirect(reverse('index'))
return render(
request, 'documents_permissions.html', {
'document':
document,
'formset_header':
PermissionForm.header(content_type),
'formset':
formset,
'active_page':
'permissions',
'permission_overview':
document_permission_overview(request.user, document),
})
def versions(request, title):
document = get_object_or_404(Document, url_title=title)
check_permissions(document, request.user, [document.edit_permission_name])
document_versions = prepare_versions(document)
if not document.can_be_reverted:
messages.warning(request, _('This Document can not be reverted!'))
return render(
request, 'documents_versions.html', {
'active_page':
'versions',
'versions':
document_versions,
'document':
document,
'permission_overview':
document_permission_overview(request.user, document),
'can_be_reverted':
document.can_be_reverted,
})
def autosave(request, title):
if request.user.is_anonymous or request.user == get_anonymous_user():
raise PermissionDenied()
document = None
try:
document = get_object_or_404(Document, url_title=title)
if document.has_perms():
check_permissions(document, request.user, [document.edit_permission_name])
except Document.DoesNotExist:
pass
handle_autosave(request, document)
data = {
'preview_url': request.build_absolute_uri(
reverse('documents:preview') + '?hash_value=' + document.hash_value
)
}
return HttpResponse(json.dumps(data))
def view(request, title):
document = Document.objects.get(url_title=title)
content_type = ContentType.objects.get_for_model(document)
check_permissions(document, request.user, [document.view_permission_name])
try:
function = get_model_function(content_type, 'view')
return function(request, title)
except (ImportError, AttributeError):
pass
md = markdown.Markdown(safe_mode='escape', extensions=[TocExtension(baselevel=2), InternalLinksMarkdownExtension()])
text = md.convert(document.text)
return render(request, 'documents_base.html', {
'document': document,
'text': text,
'toc': md.toc,
'attachments': document.attachments.filter(no_direct_download=False).order_by('index'),
'active_page': 'view',
'permission_warning': permission_warning(request.user, content_type, document),
})
def view(request, title):
document = get_object_or_404(Document, url_title=title)
content_type = ContentType.objects.get_for_model(document)
check_permissions(document, request.user, [document.view_permission_name])
try:
function = get_model_function(content_type, 'view')
return function(request, title)
except (ImportError, AttributeError):
pass
text, toc = convert_markdown(document.text)
return render(request, 'documents_base.html', {
'document': document,
'text': text,
'toc': toc,
'attachments': document.attachments.filter(no_direct_download=False).order_by('index'),
'active_page': 'view',
'view_page': True,
'permission_overview': document_permission_overview(request.user, document),
})
def autosave(request, title):
if request.user.is_anonymous or request.user == get_anonymous_user():
raise PermissionDenied()
document = None
try:
document = get_object_or_404(Document, url_title=title)
if document.has_perms():
check_permissions(document, request.user,
[document.edit_permission_name])
except Document.DoesNotExist:
pass
handle_autosave(request, document)
data = {
'preview_url':
request.build_absolute_uri(
reverse('documents:preview') + '?hash_value=' +
document.hash_value)
}
return HttpResponse(json.dumps(data))
def revert(request):
if not request.is_ajax() or not request.POST:
raise Http404
version_id = request.POST['id']
document_url_title = request.POST['url_title']
document = get_object_or_404(Document, url_title=document_url_title)
check_permissions(document, request.user, [document.edit_permission_name])
versions = Version.objects.get_for_object(document)
if not document.can_be_reverted:
raise SuspiciousOperation('This Document can not be reverted!')
# find the we want to revert to
revert_version = None
for version in versions:
if version.pk == int(version_id):
revert_version = version
break
if revert_version is None:
# user supplied version_id that does not exist
raise SuspiciousOperation('Could not find document')
revert_version.revision.revert(delete=False)
fields = revert_version.field_dict
document_class = ContentType.objects.get_for_id(
fields.pop('polymorphic_ctype_id')).model_class()
# Remove all references to parent objects, rename ForeignKeyFields, extract ManyToManyFields.
new_fields = fields.copy()
many_to_many_fields = {}
for key in fields.keys():
if "_ptr" in key:
del new_fields[key]
continue
try:
field = getattr(document_class, key).field
except AttributeError:
continue
if isinstance(field, models.ManyToManyField):
many_to_many_fields[key] = fields[key]
del new_fields[key]
else:
new_fields[field.attname] = fields[key]
reverted_document = document_class(**new_fields)
with transaction.atomic(), revisions.create_revision():
reverted_document.save()
# Restore ManyToManyFields
for key in many_to_many_fields.keys():
getattr(reverted_document, key).clear()
getattr(reverted_document, key).add(*many_to_many_fields[key])
revisions.set_user(request.user)
revisions.set_comment(
_('reverted to revision \"{revision_comment}\" (at {date})'.format(
revision_comment=revert_version.revision.get_comment(),
date=datetime.utcnow().strftime("%Y-%m-%d %H:%M"),
)))
return HttpResponse(reverse('versions',
args=[reverted_document.url_title]))
def edit(request, title, new_autosaved_pages=None, initial=None):
document = get_object_or_404(Document, url_title=title)
content_type = ContentType.objects.get_for_model(document)
if document.has_perms():
check_permissions(document, request.user,
[document.edit_permission_name])
elif new_autosaved_pages is None and initial is None:
# page is not new and has no permissions set, it is likely that somebody tries to view an autosaved page
# users are only allowed to view autosaved pages if they have the "add" permission for documents
check_permissions(document, request.user,
[document.add_permission_name])
# if the edit form has a formset we will initialize it here
formset_factory = document.Form.get_formset_factory()
formset = formset_factory(
request.POST or None,
instance=document) if formset_factory is not None else None
if formset is not None:
template_name = "{app}_edit.html".format(app=content_type.app_label)
else:
template_name = "documents_edit.html"
try:
creation_group = request.user.groups.get(
id=request.GET.get('group', False))
except Group.DoesNotExist:
creation_group = None
success, form = handle_edit(request,
document,
formset,
initial,
creation_group=creation_group)
__, attachment_form, __ = handle_attachment(request, document)
if success:
messages.success(request, _("Successfully saved changes"))
return HttpResponseRedirect(
reverse(document.get_view_url_name(), args=[document.url_title]))
else:
return render(
request, template_name, {
'document':
document,
'form':
form,
'attachment_form':
attachment_form,
'active_page':
'edit',
'creation':
document.is_in_creation,
'new_autosaved_pages':
new_autosaved_pages,
'permission_overview':
document_permission_overview(request.user, document),
'supported_image_types':
settings.SUPPORTED_IMAGE_TYPES,
'formset':
formset,
})