Ejemplo n.º 1
0
def attachments(request, title):
    document = get_object_or_404(Document, url_title=title)
    check_permissions(document, request.user, [document.edit_permission_name])

    success, form, __ = handle_attachment(request, document)
    if success:
        messages.success(request, _("File has been uploaded successfully!"))
        return HttpResponseRedirect(
            reverse(document.get_attachments_url_name(),
                    args=[document.url_title]))
    else:
        return render(
            request, "documents_attachments.html", {
                'document':
                document,
                'edit_url':
                reverse(document.get_attachments_url_name(),
                        args=[document.url_title]),
                'form':
                form,
                'attachments':
                document.attachments.all().order_by('index'),
                'active_page':
                'attachments',
                'permission_overview':
                document_permission_overview(request.user, document),
            })
Ejemplo n.º 2
0
Archivo: views.py Proyecto: invliD/1327
def edit(request, title, new_autosaved_pages=None, initial=None):
	document = Document.objects.get(url_title=title)
	content_type = ContentType.objects.get_for_model(document)
	check_permissions(document, request.user, [document.edit_permission_name])

	# if the edit form has a formset we will initialize it here
	formset_factory = document.Form.get_formset_factory()
	formset = formset_factory(request.POST or None, instance=document) if formset_factory is not None else None

	if formset is not None:
		template_name = "{app}_edit.html".format(app=content_type.app_label)
	else:
		template_name = "documents_edit.html"

	success, form = handle_edit(request, document, formset, initial)
	__, attachment_form, __ = handle_attachment(request, document)

	if success:
		messages.success(request, _("Successfully saved changes"))
		return HttpResponseRedirect(reverse('documents:view', args=[document.url_title]))
	else:
		return render(request, template_name, {
			'document': document,
			'form': form,
			'attachment_form': attachment_form,
			'active_page': 'edit',
			'creation': (len(revisions.get_for_object(document)) == 0),
			'new_autosaved_pages': new_autosaved_pages,
			'permission_warning': permission_warning(request.user, content_type, document),
			'supported_image_types': settings.SUPPORTED_IMAGE_TYPES,
			'formset': formset,
		})
Ejemplo n.º 3
0
Archivo: views.py Proyecto: xasetl/1327
def delete_document(request, title):
	document = get_object_or_404(Document, url_title=title)
	check_permissions(document, request.user, [document.edit_permission_name])
	document.delete()

	messages.success(request, _("Successfully deleted document: {}".format(document.title)))
	return HttpResponse()
Ejemplo n.º 4
0
Archivo: views.py Proyecto: T4rikA/1327
def delete_document(request, title):
    document = get_object_or_404(Document, url_title=title)

    if document.is_in_creation:
        try:
            # check super user permissions
            check_permissions(document, request.user,
                              [document.edit_permission_name])
        except PermissionDenied:
            # check if an autosave has already been created
            autosaves_for_document = TemporaryDocumentText.objects.filter(
                document=document)
            if autosaves_for_document.exists():
                # with an unsaved document, only one user can have autosaves
                if autosaves_for_document.first().author != request.user:
                    raise PermissionDenied
            else:
                # no permission check possible if no autosave was saved (current behavior is not ideal)
                raise PermissionDenied
    else:
        check_permissions(document, request.user,
                          [document.edit_permission_name])

    document.delete()

    messages.success(
        request,
        _("Successfully deleted document: {}").format(document.title))
    return HttpResponse()
Ejemplo n.º 5
0
def view(request, title):
    document = get_object_or_404(Document, url_title=title)
    content_type = ContentType.objects.get_for_model(document)
    check_permissions(document, request.user, [document.view_permission_name])

    try:
        function = get_model_function(content_type, 'view')
        return function(request, title)
    except (ImportError, AttributeError):
        pass

    text, toc = convert_markdown(document.text)

    return render(
        request, 'documents_base.html', {
            'document':
            document,
            'text':
            text,
            'toc':
            toc,
            'attachments':
            document.attachments.filter(
                no_direct_download=False).order_by('index'),
            'active_page':
            'view',
            'view_page':
            True,
            'permission_overview':
            document_permission_overview(request.user, document),
        })
Ejemplo n.º 6
0
def delete_autosave(request, title):
    if request.method != 'POST':
        raise Http404

    # first check that the user actually may change this document
    document = get_object_or_404(Document, url_title=title)
    check_permissions(document, request.user, [document.edit_permission_name])

    # second check that the supplied autosave id matches to the document and has been created by the user
    autosave_id = request.POST['autosave_id']
    autosave = get_object_or_404(TemporaryDocumentText, id=autosave_id)
    autosaves_for_object_and_user = TemporaryDocumentText.objects.filter(
        document=document, author=request.user)
    if autosave not in autosaves_for_object_and_user:
        raise SuspiciousOperation

    if document.is_in_creation:
        # this is a new document that only has this autosave right now and nothing else, we can safely delete this document
        document.delete()
        messages.success(
            request,
            _("Successfully deleted document: {}").format(document.title))
        response = HttpResponseRedirect(reverse("index"))
    else:
        # everything seems to be alright, we can delete the autosave and leave the document as such intact
        autosave.delete()
        messages.success(request, _("Successfully deleted autosave"))
        response = HttpResponseRedirect(
            reverse("edit", args=[document.url_title]))

    return response
Ejemplo n.º 7
0
Archivo: views.py Proyecto: xasetl/1327
def permissions(request, title):
	document = get_object_or_404(Document, url_title=title)
	content_type = ContentType.objects.get_for_model(document)
	check_permissions(document, request.user, [document.edit_permission_name])
	if not document.show_permissions_editor():
		raise PermissionDenied()
	PermissionForm = get_permission_form(document)
	PermissionFormset = formset_factory(get_permission_form(document), extra=0)

	initial_data = PermissionForm.prepare_initial_data(Group.objects.all(), content_type, document)
	formset = PermissionFormset(request.POST or None, initial=initial_data)
	if request.POST and formset.is_valid():
		for form in formset:
			form.save(document)
		messages.success(request, _("Permissions have been changed successfully."))

		if request.user.has_perm(document.edit_permission_name, document):
			return HttpResponseRedirect(reverse(document.get_permissions_url_name(), args=[document.url_title]))
		if request.user.has_perm(document.view_permission_name, document):
			return HttpResponseRedirect(reverse(document.get_view_url_name(), args=[document.url_title]))
		return HttpResponseRedirect(reverse('index'))

	return render(request, 'documents_permissions.html', {
		'document': document,
		'formset_header': PermissionForm.header(content_type),
		'formset': formset,
		'active_page': 'permissions',
		'permission_overview': document_permission_overview(request.user, document),
	})
Ejemplo n.º 8
0
def delete_autosave(request, title):
	if request.method != 'POST':
		raise Http404

	# first check that the user actually may change this document
	document = get_object_or_404(Document, url_title=title)
	check_permissions(document, request.user, [document.edit_permission_name])

	# second check that the supplied autosave id matches to the document and has been created by the user
	autosave_id = request.POST['autosave_id']
	autosave = get_object_or_404(TemporaryDocumentText, id=autosave_id)
	autosaves_for_object_and_user = TemporaryDocumentText.objects.filter(document=document, author=request.user)
	if autosave not in autosaves_for_object_and_user:
		raise SuspiciousOperation

	if document.is_in_creation:
		# this is a new document that only has this autosave right now and nothing else, we can safely delete this document
		document.delete()
		messages.success(request, _("Successfully deleted document: {}").format(document.title))
		response = HttpResponseRedirect(reverse("index"))
	else:
		# everything seems to be alright, we can delete the autosave and leave the document as such intact
		autosave.delete()
		messages.success(request, _("Successfully deleted autosave"))
		response = HttpResponseRedirect(reverse("edit", args=[document.url_title]))

	return response
Ejemplo n.º 9
0
def delete_document(request, title):
    document = get_object_or_404(Document, url_title=title)
    check_permissions(document, request.user, [document.edit_permission_name])
    document.delete()

    messages.success(
        request,
        _("Successfully deleted document: {}").format(document.title))
    return HttpResponse()
Ejemplo n.º 10
0
Archivo: views.py Proyecto: invliD/1327
def publish(request, title):
	document = Document.objects.get(url_title=title)
	check_permissions(document, request.user, [document.edit_permission_name])
	if not document.show_publish_button():
		raise PermissionDenied()

	document.publish()
	messages.success(request, _("Minutes document has been published."))

	return HttpResponseRedirect(reverse("documents:view", args=[document.url_title]))
Ejemplo n.º 11
0
Archivo: views.py Proyecto: xasetl/1327
def publish(request, title, state_id):
	document = get_object_or_404(Document, url_title=title)
	check_permissions(document, request.user, [document.edit_permission_name])
	if not document.show_publish_button():
		raise PermissionDenied()

	document.publish(state_id)
	messages.success(request, _("Minutes document has been published."))

	return HttpResponseRedirect(reverse(document.get_view_url_name(), args=[document.url_title]))
Ejemplo n.º 12
0
Archivo: views.py Proyecto: invliD/1327
def autosave(request, title):
	document = None
	try:
		document = Document.objects.get(url_title=title)
		check_permissions(document, request.user, [document.edit_permission_name])
	except Document.DoesNotExist:
		pass

	handle_autosave(request, document)
	return HttpResponse()
Ejemplo n.º 13
0
def revert(request):
	if not request.is_ajax() or not request.POST:
		raise Http404

	version_id = request.POST['id']
	document_url_title = request.POST['url_title']
	document = get_object_or_404(Document, url_title=document_url_title)
	check_permissions(document, request.user, [document.edit_permission_name])
	versions = revisions.get_for_object(document)

	if not document.can_be_reverted:
		raise SuspiciousOperation('This Document can not be reverted!')

	# find the we want to revert to
	revert_version = None
	for version in versions:
		if version.pk == int(version_id):
			revert_version = version
			break

	if revert_version is None:
		# user supplied version_id that does not exist
		raise SuspiciousOperation('Could not find document')

	revert_version.revision.revert(delete=False)
	fields = revert_version.field_dict
	document_class = ContentType.objects.get_for_id(fields.pop('polymorphic_ctype')).model_class()

	# Remove all references to parent objects, rename ForeignKeyFields, extract ManyToManyFields.
	new_fields = fields.copy()
	many_to_many_fields = {}
	for key in fields.keys():
		if "_ptr" in key:
			del new_fields[key]
			continue
		if hasattr(document_class, key):
			field = getattr(document_class, key).field
			if isinstance(field, models.ManyToManyField):
				many_to_many_fields[key] = fields[key]
			else:
				new_fields[field.attname] = fields[key]
			del new_fields[key]

	reverted_document = document_class(**new_fields)
	with transaction.atomic(), revisions.create_revision():
		reverted_document.save()
		# Restore ManyToManyFields
		for key in many_to_many_fields.keys():
			getattr(reverted_document, key).clear()
			getattr(reverted_document, key).add(*many_to_many_fields[key])
		revisions.set_user(request.user)
		revisions.set_comment(
			_('reverted to revision \"{revision_comment}\"'.format(revision_comment=revert_version.revision.comment)))

	return HttpResponse(reverse('versions', args=[reverted_document.url_title]))
Ejemplo n.º 14
0
Archivo: views.py Proyecto: invliD/1327
def render_text(request, title):
	if request.method != 'POST':
		raise SuspiciousOperation

	document = Document.objects.get(url_title=title)
	check_permissions(document, request.user, [document.view_permission_name, document.edit_permission_name])

	text = request.POST['text']
	md = markdown.Markdown(safe_mode='escape', extensions=[TocExtension(baselevel=2), InternalLinksMarkdownExtension()])
	text = md.convert(text)
	return HttpResponse(text, content_type='text/plain')
Ejemplo n.º 15
0
def autosave(request, title):
	document = None
	try:
		document = get_object_or_404(Document, url_title=title)
		if document.has_perms():
			check_permissions(document, request.user, [document.edit_permission_name])
	except Document.DoesNotExist:
		pass

	handle_autosave(request, document)
	return HttpResponse()
Ejemplo n.º 16
0
def versions(request, title):
	document = get_object_or_404(Document, url_title=title)
	check_permissions(document, request.user, [document.edit_permission_name])
	document_versions = prepare_versions(document)

	return render(request, 'documents_versions.html', {
		'active_page': 'versions',
		'versions': document_versions,
		'document': document,
		'permission_warning': permission_warning(request.user, document),
	})
Ejemplo n.º 17
0
def publish(request, title, next_state_id):
    document = get_object_or_404(Document, url_title=title)
    check_permissions(document, request.user, [document.edit_permission_name])
    if not document.show_publish_button():
        raise PermissionDenied()

    document.publish(next_state_id)
    messages.success(request, _("Minutes document has been published."))

    return HttpResponseRedirect(
        reverse(document.get_view_url_name(), args=[document.url_title]))
Ejemplo n.º 18
0
def view(request, title):
	poll = get_object_or_404(Document, url_title=title)
	check_permissions(poll, request.user, [Poll.get_view_permission()])
	if poll.end_date < datetime.date.today() or poll.participants.filter(id=request.user.pk).exists():
		return results(request, poll, title)
	elif poll.start_date > datetime.date.today():
		messages.warning(request, _("This poll has not yet started."))
		return index(request)
	else:
		if not request.user.has_perm('polls.vote_poll', poll):
			return results(request, poll, title)
		return vote(request, poll, title)
Ejemplo n.º 19
0
def render_text(request, title):
	if request.method != 'POST':
		raise SuspiciousOperation

	document = get_object_or_404(Document, url_title=title)
	if document.has_perms():
		check_permissions(document, request.user, [document.view_permission_name, document.edit_permission_name])

	text = request.POST['text']
	md = markdown.Markdown(safe_mode='escape', extensions=[TocExtension(baselevel=2), InternalLinksMarkdownExtension(), 'markdown.extensions.abbr'])
	text = md.convert(text + abbreviation_explanation_markdown())
	return HttpResponse(text, content_type='text/plain')
Ejemplo n.º 20
0
Archivo: views.py Proyecto: invliD/1327
def versions(request, title):
	document = Document.objects.get(url_title=title)
	content_type = ContentType.objects.get_for_model(document)
	check_permissions(document, request.user, [document.edit_permission_name])
	document_versions = prepare_versions(document)

	return render(request, 'documents_versions.html', {
		'active_page': 'versions',
		'versions': document_versions,
		'document': document,
		'permission_warning': permission_warning(request.user, content_type, document),
	})
Ejemplo n.º 21
0
def view(request, title):
    poll = get_object_or_404(Document, url_title=title)
    check_permissions(poll, request.user, [Poll.get_view_permission()])
    if poll.end_date < datetime.date.today() or poll.participants.filter(
            id=request.user.pk).exists():
        return results(request, poll, title)
    elif poll.start_date > datetime.date.today():
        messages.warning(request, _("This poll has not yet started."))
        return index(request)
    else:
        if not request.user.has_perm('polls.vote_poll', poll):
            return results(request, poll, title)
        return vote(request, poll, title)
Ejemplo n.º 22
0
def render_text(request, title):
    if request.method != 'POST':
        raise SuspiciousOperation

    document = get_object_or_404(Document, url_title=title)
    if document.has_perms():
        check_permissions(
            document, request.user,
            [document.view_permission_name, document.edit_permission_name])

    text, __ = convert_markdown(request.POST['text'])

    WebsocketGroup(get_group_name(document.hash_value)).send({'text': text})

    return HttpResponse(text, content_type='text/plain')
Ejemplo n.º 23
0
Archivo: views.py Proyecto: xasetl/1327
def render_text(request, title):
	if request.method != 'POST':
		raise SuspiciousOperation

	document = get_object_or_404(Document, url_title=title)
	if document.has_perms():
		check_permissions(document, request.user, [document.view_permission_name, document.edit_permission_name])

	text, __ = convert_markdown(request.POST['text'])

	WebsocketGroup(get_group_name(document.hash_value)).send({
		'text': text
	})

	return HttpResponse(text, content_type='text/plain')
Ejemplo n.º 24
0
Archivo: views.py Proyecto: xasetl/1327
def versions(request, title):
	document = get_object_or_404(Document, url_title=title)
	check_permissions(document, request.user, [document.edit_permission_name])
	document_versions = prepare_versions(document)

	if not document.can_be_reverted:
		messages.warning(request, _('This Document can not be reverted!'))

	return render(request, 'documents_versions.html', {
		'active_page': 'versions',
		'versions': document_versions,
		'document': document,
		'permission_overview': document_permission_overview(request.user, document),
		'can_be_reverted': document.can_be_reverted,
	})
Ejemplo n.º 25
0
Archivo: views.py Proyecto: xasetl/1327
def get_delete_cascade(request, title):
	document = get_object_or_404(Document, url_title=title)
	check_permissions(document, request.user, [document.edit_permission_name])

	collector = NestedObjects(using=DEFAULT_DB_ALIAS)
	collector.collect([document])
	delete_cascade = collector.nested()

	# remove all subclasses of current document from the list because that does not add much helpful information
	simplified_delete_cascade = []
	for cascade_item in delete_cascade:
		if issubclass(type(document), type(cascade_item)) and not type(document) == type(cascade_item):
			continue
		simplified_delete_cascade.append(cascade_item)

	return HttpResponse(json.dumps(delete_cascade_to_json(simplified_delete_cascade)))
Ejemplo n.º 26
0
def edit(request, title, new_autosaved_pages=None, initial=None):
	document = get_object_or_404(Document, url_title=title)
	content_type = ContentType.objects.get_for_model(document)
	if document.has_perms():
		check_permissions(document, request.user, [document.edit_permission_name])
	elif new_autosaved_pages is None and initial is None:
		# page is not new and has no permissions set, it is likely that somebody tries to view an autosaved page
		# users are only allowed to view autosaved pages if they have the "add" permission for documents
		check_permissions(document, request.user, [document.add_permission_name])

		try:
			autosave = TemporaryDocumentText.objects.get(document=document)
			if autosave.author != request.user:
				raise PermissionDenied
		except ObjectDoesNotExist:
			# There is no autosave linked to this document, this means that the document can be treated as a new
			# document, hence everyone with add permissions may work with this document
			pass

	# if the edit form has a formset we will initialize it here
	formset_factory = document.Form.get_formset_factory()
	formset = formset_factory(request.POST or None, instance=document) if formset_factory is not None else None

	if formset is not None:
		template_name = "{app}_edit.html".format(app=content_type.app_label)
	else:
		template_name = "documents_edit.html"

	success, form = handle_edit(request, document, formset, initial)
	__, attachment_form, __ = handle_attachment(request, document)

	if success:
		messages.success(request, _("Successfully saved changes"))
		return HttpResponseRedirect(reverse(document.get_view_url_name(), args=[document.url_title]))
	else:
		return render(request, template_name, {
			'document': document,
			'form': form,
			'attachment_form': attachment_form,
			'active_page': 'edit',
			'creation': document.is_in_creation,
			'new_autosaved_pages': new_autosaved_pages,
			'permission_warning': permission_warning(request.user, document),
			'supported_image_types': settings.SUPPORTED_IMAGE_TYPES,
			'formset': formset,
		})
Ejemplo n.º 27
0
Archivo: views.py Proyecto: xasetl/1327
def attachments(request, title):
	document = get_object_or_404(Document, url_title=title)
	check_permissions(document, request.user, [document.edit_permission_name])

	success, form, __ = handle_attachment(request, document)
	if success:
		messages.success(request, _("File has been uploaded successfully!"))
		return HttpResponseRedirect(reverse(document.get_attachments_url_name(), args=[document.url_title]))
	else:
		return render(request, "documents_attachments.html", {
			'document': document,
			'edit_url': reverse(document.get_attachments_url_name(), args=[document.url_title]),
			'form': form,
			'attachments': document.attachments.all().order_by('index'),
			'active_page': 'attachments',
			'permission_overview': document_permission_overview(request.user, document),
		})
Ejemplo n.º 28
0
def get_delete_cascade(request, title):
    document = get_object_or_404(Document, url_title=title)
    check_permissions(document, request.user, [document.edit_permission_name])

    collector = NestedObjects(using=DEFAULT_DB_ALIAS)
    collector.collect([document])
    delete_cascade = collector.nested()

    # remove all subclasses of current document from the list because that does not add much helpful information
    simplified_delete_cascade = []
    for cascade_item in delete_cascade:
        if issubclass(type(document), type(
                cascade_item)) and not type(document) == type(cascade_item):
            continue
        simplified_delete_cascade.append(cascade_item)

    return HttpResponse(
        json.dumps(delete_cascade_to_json(simplified_delete_cascade)))
Ejemplo n.º 29
0
Archivo: views.py Proyecto: invliD/1327
def attachments(request, title):
	document = Document.objects.get(url_title=title)
	content_type = ContentType.objects.get_for_model(document)
	check_permissions(document, request.user, [document.edit_permission_name])

	success, form, __ = handle_attachment(request, document)
	if success:
		messages.success(request, _("File has been uploaded successfully!"))
		return HttpResponseRedirect(reverse("documents:attachments", args=[document.url_title]))
	else:
		return render(request, "documents_attachments.html", {
			'document': document,
			'edit_url': reverse('documents:attachments', args=[document.url_title]),
			'form': form,
			'attachments': document.attachments.all().order_by('index'),
			'active_page': 'attachments',
			'permission_warning': permission_warning(request.user, content_type, document),
		})
Ejemplo n.º 30
0
def render_text(request, title):
    if request.method != 'POST':
        raise SuspiciousOperation

    document = get_object_or_404(Document, url_title=title)
    if document.has_perms():
        check_permissions(
            document, request.user,
            [document.view_permission_name, document.edit_permission_name])

    text, __ = convert_markdown(request.POST['text'])

    channel_layer = channels.layers.get_channel_layer()
    async_to_sync(channel_layer.group_send)(document.hash_value, {
        'type': 'update_preview',
        'message': text,
    })

    return HttpResponse(text, content_type='text/plain')
Ejemplo n.º 31
0
Archivo: views.py Proyecto: xasetl/1327
def edit(request, title, new_autosaved_pages=None, initial=None):
	document = get_object_or_404(Document, url_title=title)
	content_type = ContentType.objects.get_for_model(document)
	if document.has_perms():
		check_permissions(document, request.user, [document.edit_permission_name])
	elif new_autosaved_pages is None and initial is None:
		# page is not new and has no permissions set, it is likely that somebody tries to view an autosaved page
		# users are only allowed to view autosaved pages if they have the "add" permission for documents
		check_permissions(document, request.user, [document.add_permission_name])

	# if the edit form has a formset we will initialize it here
	formset_factory = document.Form.get_formset_factory()
	formset = formset_factory(request.POST or None, instance=document) if formset_factory is not None else None

	if formset is not None:
		template_name = "{app}_edit.html".format(app=content_type.app_label)
	else:
		template_name = "documents_edit.html"

	try:
		creation_group = request.user.groups.get(id=request.GET.get('group', False))
	except Group.DoesNotExist:
		creation_group = None

	success, form = handle_edit(request, document, formset, initial, creation_group=creation_group)
	__, attachment_form, __ = handle_attachment(request, document)

	if success:
		messages.success(request, _("Successfully saved changes"))
		return HttpResponseRedirect(reverse(document.get_view_url_name(), args=[document.url_title]))
	else:
		return render(request, template_name, {
			'document': document,
			'form': form,
			'attachment_form': attachment_form,
			'active_page': 'edit',
			'creation': document.is_in_creation,
			'new_autosaved_pages': new_autosaved_pages,
			'permission_overview': document_permission_overview(request.user, document),
			'supported_image_types': settings.SUPPORTED_IMAGE_TYPES,
			'formset': formset,
		})
Ejemplo n.º 32
0
def view(request, title):
    document = get_object_or_404(Document, url_title=title)
    content_type = ContentType.objects.get_for_model(document)
    check_permissions(document, request.user, [document.view_permission_name])

    try:
        function = get_model_function(content_type, 'view')
        return function(request, title)
    except (ImportError, AttributeError):
        pass

    if document.text == "" and (document.text_en != ""
                                or document.text_de != ""):
        messages.warning(
            request,
            _('The requested document is not available in the selected language. It will be shown in the available language instead.'
              ))
        text, toc = convert_markdown(
            next((text for text in (document.text_de, document.text_en)
                  if text != ""), ""))
    else:
        text, toc = convert_markdown(document.text)

    return render(
        request, 'documents_base.html', {
            'document':
            document,
            'text':
            text,
            'toc':
            toc,
            'attachments':
            document.attachments.filter(
                no_direct_download=False).order_by('index'),
            'active_page':
            'view',
            'view_page':
            True,
            'permission_overview':
            document_permission_overview(request.user, document),
        })
Ejemplo n.º 33
0
def permissions(request, title):
    document = get_object_or_404(Document, url_title=title)
    content_type = ContentType.objects.get_for_model(document)
    check_permissions(document, request.user, [document.edit_permission_name])
    if not document.show_permissions_editor():
        raise PermissionDenied()
    PermissionForm = get_permission_form(document)
    PermissionFormset = formset_factory(get_permission_form(document), extra=0)

    initial_data = PermissionForm.prepare_initial_data(Group.objects.all(),
                                                       content_type, document)
    formset = PermissionFormset(request.POST or None, initial=initial_data)
    if request.POST and formset.is_valid():
        for form in formset:
            form.save(document)
        messages.success(request,
                         _("Permissions have been changed successfully."))

        if request.user.has_perm(document.edit_permission_name, document):
            return HttpResponseRedirect(
                reverse(document.get_permissions_url_name(),
                        args=[document.url_title]))
        if request.user.has_perm(document.view_permission_name, document):
            return HttpResponseRedirect(
                reverse(document.get_view_url_name(),
                        args=[document.url_title]))
        return HttpResponseRedirect(reverse('index'))

    return render(
        request, 'documents_permissions.html', {
            'document':
            document,
            'formset_header':
            PermissionForm.header(content_type),
            'formset':
            formset,
            'active_page':
            'permissions',
            'permission_overview':
            document_permission_overview(request.user, document),
        })
Ejemplo n.º 34
0
def versions(request, title):
    document = get_object_or_404(Document, url_title=title)
    check_permissions(document, request.user, [document.edit_permission_name])
    document_versions = prepare_versions(document)

    if not document.can_be_reverted:
        messages.warning(request, _('This Document can not be reverted!'))

    return render(
        request, 'documents_versions.html', {
            'active_page':
            'versions',
            'versions':
            document_versions,
            'document':
            document,
            'permission_overview':
            document_permission_overview(request.user, document),
            'can_be_reverted':
            document.can_be_reverted,
        })
Ejemplo n.º 35
0
Archivo: views.py Proyecto: xasetl/1327
def autosave(request, title):
	if request.user.is_anonymous or request.user == get_anonymous_user():
		raise PermissionDenied()

	document = None
	try:
		document = get_object_or_404(Document, url_title=title)
		if document.has_perms():
			check_permissions(document, request.user, [document.edit_permission_name])
	except Document.DoesNotExist:
		pass

	handle_autosave(request, document)

	data = {
		'preview_url': request.build_absolute_uri(
			reverse('documents:preview') + '?hash_value=' + document.hash_value
		)
	}

	return HttpResponse(json.dumps(data))
Ejemplo n.º 36
0
Archivo: views.py Proyecto: invliD/1327
def view(request, title):
	document = Document.objects.get(url_title=title)
	content_type = ContentType.objects.get_for_model(document)
	check_permissions(document, request.user, [document.view_permission_name])

	try:
		function = get_model_function(content_type, 'view')
		return function(request, title)
	except (ImportError, AttributeError):
		pass

	md = markdown.Markdown(safe_mode='escape', extensions=[TocExtension(baselevel=2), InternalLinksMarkdownExtension()])
	text = md.convert(document.text)

	return render(request, 'documents_base.html', {
		'document': document,
		'text': text,
		'toc': md.toc,
		'attachments': document.attachments.filter(no_direct_download=False).order_by('index'),
		'active_page': 'view',
		'permission_warning': permission_warning(request.user, content_type, document),
	})
Ejemplo n.º 37
0
Archivo: views.py Proyecto: xasetl/1327
def view(request, title):
	document = get_object_or_404(Document, url_title=title)
	content_type = ContentType.objects.get_for_model(document)
	check_permissions(document, request.user, [document.view_permission_name])

	try:
		function = get_model_function(content_type, 'view')
		return function(request, title)
	except (ImportError, AttributeError):
		pass

	text, toc = convert_markdown(document.text)

	return render(request, 'documents_base.html', {
		'document': document,
		'text': text,
		'toc': toc,
		'attachments': document.attachments.filter(no_direct_download=False).order_by('index'),
		'active_page': 'view',
		'view_page': True,
		'permission_overview': document_permission_overview(request.user, document),
	})
Ejemplo n.º 38
0
def autosave(request, title):
    if request.user.is_anonymous or request.user == get_anonymous_user():
        raise PermissionDenied()

    document = None
    try:
        document = get_object_or_404(Document, url_title=title)
        if document.has_perms():
            check_permissions(document, request.user,
                              [document.edit_permission_name])
    except Document.DoesNotExist:
        pass

    handle_autosave(request, document)

    data = {
        'preview_url':
        request.build_absolute_uri(
            reverse('documents:preview') + '?hash_value=' +
            document.hash_value)
    }

    return HttpResponse(json.dumps(data))
Ejemplo n.º 39
0
def revert(request):
    if not request.is_ajax() or not request.POST:
        raise Http404

    version_id = request.POST['id']
    document_url_title = request.POST['url_title']
    document = get_object_or_404(Document, url_title=document_url_title)
    check_permissions(document, request.user, [document.edit_permission_name])
    versions = Version.objects.get_for_object(document)

    if not document.can_be_reverted:
        raise SuspiciousOperation('This Document can not be reverted!')

    # find the we want to revert to
    revert_version = None
    for version in versions:
        if version.pk == int(version_id):
            revert_version = version
            break

    if revert_version is None:
        # user supplied version_id that does not exist
        raise SuspiciousOperation('Could not find document')

    revert_version.revision.revert(delete=False)
    fields = revert_version.field_dict
    document_class = ContentType.objects.get_for_id(
        fields.pop('polymorphic_ctype_id')).model_class()

    # Remove all references to parent objects, rename ForeignKeyFields, extract ManyToManyFields.
    new_fields = fields.copy()
    many_to_many_fields = {}
    for key in fields.keys():
        if "_ptr" in key:
            del new_fields[key]
            continue

        try:
            field = getattr(document_class, key).field
        except AttributeError:
            continue

        if isinstance(field, models.ManyToManyField):
            many_to_many_fields[key] = fields[key]
            del new_fields[key]
        else:
            new_fields[field.attname] = fields[key]

    reverted_document = document_class(**new_fields)
    with transaction.atomic(), revisions.create_revision():
        reverted_document.save()
        # Restore ManyToManyFields
        for key in many_to_many_fields.keys():
            getattr(reverted_document, key).clear()
            getattr(reverted_document, key).add(*many_to_many_fields[key])
        revisions.set_user(request.user)
        revisions.set_comment(
            _('reverted to revision \"{revision_comment}\" (at {date})'.format(
                revision_comment=revert_version.revision.get_comment(),
                date=datetime.utcnow().strftime("%Y-%m-%d %H:%M"),
            )))
    return HttpResponse(reverse('versions',
                                args=[reverted_document.url_title]))
Ejemplo n.º 40
0
def edit(request, title, new_autosaved_pages=None, initial=None):
    document = get_object_or_404(Document, url_title=title)
    content_type = ContentType.objects.get_for_model(document)
    if document.has_perms():
        check_permissions(document, request.user,
                          [document.edit_permission_name])
    elif new_autosaved_pages is None and initial is None:
        # page is not new and has no permissions set, it is likely that somebody tries to view an autosaved page
        # users are only allowed to view autosaved pages if they have the "add" permission for documents
        check_permissions(document, request.user,
                          [document.add_permission_name])

    # if the edit form has a formset we will initialize it here
    formset_factory = document.Form.get_formset_factory()
    formset = formset_factory(
        request.POST or None,
        instance=document) if formset_factory is not None else None

    if formset is not None:
        template_name = "{app}_edit.html".format(app=content_type.app_label)
    else:
        template_name = "documents_edit.html"

    try:
        creation_group = request.user.groups.get(
            id=request.GET.get('group', False))
    except Group.DoesNotExist:
        creation_group = None

    success, form = handle_edit(request,
                                document,
                                formset,
                                initial,
                                creation_group=creation_group)
    __, attachment_form, __ = handle_attachment(request, document)

    if success:
        messages.success(request, _("Successfully saved changes"))
        return HttpResponseRedirect(
            reverse(document.get_view_url_name(), args=[document.url_title]))
    else:
        return render(
            request, template_name, {
                'document':
                document,
                'form':
                form,
                'attachment_form':
                attachment_form,
                'active_page':
                'edit',
                'creation':
                document.is_in_creation,
                'new_autosaved_pages':
                new_autosaved_pages,
                'permission_overview':
                document_permission_overview(request.user, document),
                'supported_image_types':
                settings.SUPPORTED_IMAGE_TYPES,
                'formset':
                formset,
            })