def past(request):
if not has_access(request):
raise PermissionDenied
allowed_events = get_objects_for_user(request.user,
'events.change_event',
accept_global_perms=False)
events = allowed_events.filter(
event_start__lt=timezone.now().date()).order_by('-event_start')
context = get_base_context(request)
context['events'] = events
return render(request, 'events/dashboard/index.html', context)
def index(request):
if not has_access(request):
raise PermissionDenied
allowed_events = get_objects_for_user(request.user,
"events.change_event",
accept_global_perms=False)
events = allowed_events.filter(
event_start__gte=timezone.now().date()).order_by("event_start")
context = get_base_context(request)
context["events"] = events
return render(request, "events/dashboard/index.html", context)
def groups_index(request):
"""
Group module in dashboard that lists groups.
"""
if not has_access(request):
raise PermissionDenied
context = get_base_context(request)
context['groups'] = list(Group.objects.all())
context['groups'].sort(key=lambda x: str(x).lower())
return render(request, 'auth/dashboard/groups_index.html', context)
def index(request):
if not has_access(request):
raise PermissionDenied
context = get_base_context(request)
# "cops" is short for "careeropportunities" which is a f*****g long word
# "cop" is short for "careeropportunity" which also is a f*****g long word
cops = CareerOpportunity.objects.all()
context['cops'] = cops.filter(end__gte=timezone.now()).order_by('end')
context['archive'] = cops.filter(end__lte=timezone.now()).order_by('-id')
return render(request, 'careeropportunity/dashboard/index.html', context)
def item_delete(request, item_pk):
if not has_access(request):
raise PermissionDenied
item = get_object_or_404(Item, pk=item_pk)
if request.method == 'POST':
item.delete()
messages.success(request, 'Varen %s ble slettet.' % item.name)
return redirect(index)
raise PermissionDenied
def index(request):
# Generic check to see if user has access to dashboard. (In Komiteer or superuser)
if not has_access(request):
raise PermissionDenied
# Create the base context needed for the sidebar
context = get_base_context(request)
context["membership_applications"] = MembershipApproval.objects.filter(
processed=False)
context["processed_applications"] = MembershipApproval.objects.filter(
processed=True).order_by("-processed_date")[:10]
return render(request, "approval/dashboard/index.html", context)
def category_delete(request, category_pk):
if not has_access(request):
raise PermissionDenied
category = get_object_or_404(ItemCategory, pk=category_pk)
items = Item.objects.filter(category=category)
# Removes the category binding to prevent cascading delete
for item in items:
item.category = None
item.save()
category.delete()
messages.success(request, 'Kategorien %s ble slettet.' % category.name)
return redirect(category_index)
raise PermissionDenied
def members_index(request):
"""
Index overview for allowedusernames in dashboard
"""
if not has_access(request):
raise PermissionDenied
def merge_names(members):
for i in members:
user = list(User.objects.filter(ntnu_username=i.username))
if user:
i.full_name = user[0].get_full_name()
return members
context = get_base_context(request)
members = AllowedUsername.objects.all()
context['members'] = merge_names(members)
return render(request, 'auth/dashboard/user_list.html', context)
def marks_delete(request, pk):
"""
Display details for a given Mark
"""
# Check permission
if not has_access(request):
raise PermissionDenied
# Get object
mark = get_object_or_404(Mark, pk=pk)
# Save message
messages.success(request, "%s er ble slettet." % mark.title)
# Delete the mark
mark.delete()
# Redirect user
return redirect(index)
def groups_detail(request, pk):
"""
Group module in dashboard that lists groups.
"""
if not has_access(request):
raise PermissionDenied
context = get_base_context(request)
online_groups = get_objects_for_user(request.user,
"authentication.change_onlinegroup")
group = get_object_or_404(online_groups, pk=pk)
context["group"] = group
context["form"] = OnlineGroupForm(instance=group, user=request.user)
if request.method == "POST":
return groups_detail_post_handler(request, group)
if hasattr(settings, "GROUP_SYNCER") and settings.GROUP_SYNCER:
group_id = int(pk)
# Groups that list this one as their destination
context["sync_group_from"] = []
# Groups that list this one as one of their sources
context["sync_group_to"] = []
# Make a dict that simply maps {id: name} for all groups
groups = {g.id: g.name for g in Group.objects.all().order_by("id")}
for job in settings.GROUP_SYNCER:
if group_id in job["source"]:
context["sync_group_to"].extend(
[groups[g_id] for g_id in job["destination"]])
if group_id in job["destination"]:
context["sync_group_from"].extend(
[groups[g_id] for g_id in job["source"]])
context["group_permissions"] = list(group.group.permissions.all())
context["group_permissions"].sort(key=lambda x: str(x))
context["roles"] = GroupRole.objects.all()
return render(request, "auth/dashboard/groups_detail.html", context)
def marks_details(request, pk):
"""
Display details for a given Mark
"""
# Check permission
if not has_access(request):
raise PermissionDenied
# Get context
context = get_base_context(request)
# Get object
mark = get_object_or_404(Mark, pk=pk)
mark.category_clean = mark.get_category_display()
context["mark"] = mark
# Get users connected to the mark
context["mark_users"] = mark.given_to.all()
# AJAX
if request.method == "POST":
if request.is_ajax and "action" in request.POST:
resp = {"status": 200}
context, resp = _handle_mark_detail(request, context, resp)
# Set mark
resp["mark"] = {
"last_changed_date":
context["mark"].last_changed_date.strftime("%Y-%m-%d"),
"last_changed_by":
context["mark"].last_changed_by.get_full_name(),
}
# Return ajax
return HttpResponse(json.dumps(resp), status=resp["status"])
# Render view
return render(request, "marks/dashboard/marks_details.html", context)
def batch(request, item_pk, batch_pk):
if not has_access(request):
raise PermissionDenied
# Get base context
get_object_or_404(Item, pk=item_pk)
b = get_object_or_404(Batch, pk=batch_pk)
if request.method == 'POST':
batch_form = BatchForm(request.POST, instance=b)
if not batch_form.is_valid():
messages.error(request,
'Noen av de påkrevde feltene inneholder feil.')
else:
batch_form.save()
messages.success(request, 'Batchen ble oppdatert.')
return redirect(details, item_pk=item_pk)
raise PermissionDenied
def create_event(request):
if not has_access(request):
raise PermissionDenied
context = get_base_context(request)
if request.method == 'POST':
form = dashboard_forms.ChangeEventForm(request.POST)
if form.is_valid():
cleaned = form.cleaned_data
if cleaned['event_type'] not in get_types_allowed(request.user):
messages.error(
request,
_("Du har ikke tilgang til å lage arranngement av typen '%s'."
) % cleaned['event_type'])
context['change_event_form'] = form
else:
# Create object, but do not commit to db. We need to add stuff.
event = form.save(commit=False)
# Add author
event.author = request.user
event.save()
messages.success(request, _("Arrangementet ble opprettet."))
return redirect('dashboard_event_details', event_id=event.id)
else:
context['change_event_form'] = form
if 'change_event_form' not in context.keys():
context['change_event_form'] = dashboard_forms.ChangeEventForm()
context['event'] = _('Nytt arrangement')
context['active_tab'] = 'details'
return render(request, 'events/dashboard/details.html', context)
def category_new(request):
if not has_access(request):
raise PermissionDenied
# Get base context
context = get_base_context(request)
if request.method == 'POST':
form = CategoryForm(request.POST)
if not form.is_valid():
messages.error(request,
'Noen av de påkrevde feltene inneholder feil.')
else:
form.save()
messages.success(request, 'Kategorien ble opprettet')
return redirect(category_index)
context['form'] = form
else:
context['form'] = CategoryForm()
return render(request, 'inventory/dashboard/category_new.html', context)
def detail(request, pk):
"""
Detailed company view per PK
"""
if not has_access(request):
raise PermissionDenied
context = get_base_context(request)
context["company"] = get_object_or_404(Company, pk=pk)
if request.method == "POST":
company_form = CompanyForm(request.POST, instance=context["company"])
if not company_form.is_valid():
messages.error(request, "Noen av de påkrevde feltene inneholder feil.")
else:
company_form.save()
messages.success(request, "Bedriften ble oppdatert.")
context["form"] = company_form
else:
context["form"] = CompanyForm(instance=context["company"])
return render(request, "company/dashboard/detail.html", context)
def groups_detail(request, pk):
"""
Group module in dashboard that lists groups.
"""
if not has_access(request):
raise PermissionDenied
context = get_base_context(request)
context["group"] = get_object_or_404(Group, pk=pk)
# AJAX
if request.method == "POST":
if request.is_ajax and "action" in request.POST:
resp = {"status": 200}
if request.POST["action"] == "remove_user":
user = get_object_or_404(User, pk=int(request.POST["user_id"]))
context["group"].user_set.remove(user)
resp["message"] = "%s ble fjernet fra %s" % (
user.get_full_name(),
context["group"].name,
)
resp["users"] = [{
"user": u.get_full_name(),
"id": u.id
} for u in context["group"].user_set.all()]
resp["users"].sort(key=lambda x: x["user"])
return HttpResponse(json.dumps(resp), status=200)
elif request.POST["action"] == "add_user":
user = get_object_or_404(User, pk=int(request.POST["user_id"]))
context["group"].user_set.add(user)
resp["full_name"] = user.get_full_name()
resp["users"] = [{
"user": u.get_full_name(),
"id": u.id
} for u in context["group"].user_set.all()]
resp["users"].sort(key=lambda x: x["user"])
resp["message"] = "%s ble lagt til i %s" % (
resp["full_name"],
context["group"].name,
)
return HttpResponse(json.dumps(resp), status=200)
return HttpResponse("Ugyldig handling.", status=400)
if hasattr(settings, "GROUP_SYNCER") and settings.GROUP_SYNCER:
group_id = int(pk)
# Groups that list this one as their destination
context["sync_group_from"] = []
# Groups that list this one as one of their sources
context["sync_group_to"] = []
# Make a dict that simply maps {id: name} for all groups
groups = {g.id: g.name for g in Group.objects.all().order_by("id")}
for job in settings.GROUP_SYNCER:
if group_id in job["source"]:
context["sync_group_to"].extend(
[groups[g_id] for g_id in job["destination"]])
if group_id in job["destination"]:
context["sync_group_from"].extend(
[groups[g_id] for g_id in job["source"]])
context["group_users"] = list(context["group"].user_set.all())
context["group_permissions"] = list(context["group"].permissions.all())
context["group_users"].sort(key=lambda x: str(x).lower())
context["group_permissions"].sort(key=lambda x: str(x))
return render(request, "auth/dashboard/groups_detail.html", context)
def groups_detail(request, pk):
"""
Group module in dashboard that lists groups.
"""
if not has_access(request):
raise PermissionDenied
context = get_base_context(request)
context['group'] = get_object_or_404(Group, pk=pk)
# AJAX
if request.method == 'POST':
if request.is_ajax and 'action' in request.POST:
resp = {'status': 200}
if request.POST['action'] == 'remove_user':
user = get_object_or_404(User, pk=int(request.POST['user_id']))
context['group'].user_set.remove(user)
resp['message'] = '%s ble fjernet fra %s' % (
user.get_full_name(), context['group'].name)
resp['users'] = [{
'user': u.get_full_name(),
'id': u.id
} for u in context['group'].user_set.all()]
resp['users'].sort(key=lambda x: x['user'])
return HttpResponse(json.dumps(resp), status=200)
elif request.POST['action'] == 'add_user':
user = get_object_or_404(User, pk=int(request.POST['user_id']))
context['group'].user_set.add(user)
resp['full_name'] = user.get_full_name()
resp['users'] = [{
'user': u.get_full_name(),
'id': u.id
} for u in context['group'].user_set.all()]
resp['users'].sort(key=lambda x: x['user'])
resp['message'] = '%s ble lagt til i %s' % (
resp['full_name'], context['group'].name)
return HttpResponse(json.dumps(resp), status=200)
return HttpResponse('Ugyldig handling.', status=400)
if hasattr(settings, 'GROUP_SYNCER') and settings.GROUP_SYNCER:
group_id = int(pk)
# Groups that list this one as their destination
context['sync_group_from'] = []
# Groups that list this one as one of their sources
context['sync_group_to'] = []
# Make a dict that simply maps {id: name} for all groups
groups = {g.id: g.name for g in Group.objects.all().order_by('id')}
for job in settings.GROUP_SYNCER:
if group_id in job['source']:
context['sync_group_to'].extend(
[groups[g_id] for g_id in job['destination']])
if group_id in job['destination']:
context['sync_group_from'].extend(
[groups[g_id] for g_id in job['source']])
context['group_users'] = list(context['group'].user_set.all())
context['group_permissions'] = list(context['group'].permissions.all())
context['group_users'].sort(key=lambda x: str(x).lower())
context['group_permissions'].sort(key=lambda x: str(x))
return render(request, 'auth/dashboard/groups_detail.html', context)
def _create_profile_context(request):
groups = Group.objects.all()
Privacy.objects.get_or_create(user=request.user) # This is a hack
"""
To make sure a privacy exists when visiting /profiles/privacy/.
Until now, it has been generated upon loading models.py, which is a bit hacky.
The code is refactored to use Django signals, so whenever a user is created, a privacy-property is set up.
"""
if request.user.is_staff and not request.user.online_mail:
create_online_mail_alias(request.user)
context = {
# edit
"position_form": PositionForm(),
"user_profile_form": ProfileForm(instance=request.user),
# positions
"groups": groups,
# privacy
"privacy_form": PrivacyForm(instance=request.user.privacy),
# nibble information
"transactions": PaymentTransaction.objects.filter(user=request.user),
"orders": Order.objects.filter(order_line__user=request.user).order_by(
"-order_line__datetime"
),
# SSO / OAuth2 approved apps
"connected_apps": AccessToken.objects.filter(
user=request.user, expires__gte=timezone.now()
).order_by("expires"),
# marks
"mark_rule_set": MarkRuleSet.get_current_rule_set(),
"mark_rules_accepted": request.user.mark_rules_accepted,
"marks": [
# Tuple syntax ('title', list_of_marks, is_collapsed)
(_("aktive prikker"), Mark.marks.active(request.user), False),
(_("inaktive prikker"), Mark.marks.inactive(request.user), True),
],
"suspensions": [
# Tuple syntax ('title', list_of_marks, is_collapsed)
(
_("aktive suspensjoner"),
Suspension.objects.filter(user=request.user, active=True),
False,
),
(
_("inaktive suspensjoner"),
Suspension.objects.filter(user=request.user, active=False),
True,
),
],
# password
"password_change_form": PasswordChangeForm(request.user),
# email
"new_email": NewEmailForm(),
# approvals
"field_of_study_application": FieldOfStudyApplicationForm(),
"has_active_approvals": MembershipApproval.objects.filter(
applicant=request.user, processed=False
).count()
> 0,
"approvals": [
# Tuple syntax ('title', list_of_approvals, is_collapsed)
(
_("aktive søknader"),
MembershipApproval.objects.filter(
applicant=request.user, processed=False
),
False,
),
(
_("avslåtte søknader"),
MembershipApproval.objects.filter(
applicant=request.user, processed=True, approved=False
),
True,
),
(
_("godkjente søknader"),
MembershipApproval.objects.filter(
applicant=request.user, processed=True
),
True,
),
],
"payments": [
(
_("ubetalt"),
PaymentDelay.objects.all().filter(user=request.user, active=True),
False,
),
(
_("betalt"),
PaymentRelation.objects.all().filter(user=request.user),
True,
),
],
"internal_services_form": InternalServicesForm(),
"in_comittee": has_access(request),
"enable_dataporten_application": settings.DATAPORTEN.get("STUDY").get("ENABLED")
or settings.DATAPORTEN.get("STUDY").get("TESTING"),
}
return context
def _create_profile_context(request):
groups = Group.objects.all()
Privacy.objects.get_or_create(user=request.user) # This is a hack
"""
To make sure a privacy exists when visiting /profiles/privacy/.
Until now, it has been generated upon loading models.py, which is a bit hacky.
The code is refactored to use Django signals, so whenever a user is created, a privacy-property is set up.
"""
if request.user.is_staff and not request.user.online_mail:
create_online_mail_alias(request.user)
context = {
# edit
'position_form':
PositionForm(),
'user_profile_form':
ProfileForm(instance=request.user),
# positions
'groups':
groups,
# privacy
'privacy_form':
PrivacyForm(instance=request.user.privacy),
# nibble information
'transactions':
PaymentTransaction.objects.filter(user=request.user),
'orders':
Order.objects.filter(
order_line__user=request.user).order_by('-order_line__datetime'),
# SSO / OAuth2 approved apps
'connected_apps':
AccessToken.objects.filter(
user=request.user,
expires__gte=timezone.now()).order_by('expires'),
# marks
'mark_rules_accepted':
request.user.mark_rules,
'marks': [
# Tuple syntax ('title', list_of_marks, is_collapsed)
(_('aktive prikker'), Mark.marks.active(request.user), False),
(_('inaktive prikker'), Mark.marks.inactive(request.user), True),
],
'suspensions': [
# Tuple syntax ('title', list_of_marks, is_collapsed)
(_('aktive suspensjoner'),
Suspension.objects.filter(user=request.user, active=True), False),
(_('inaktive suspensjoner'),
Suspension.objects.filter(user=request.user, active=False), True),
],
# password
'password_change_form':
PasswordChangeForm(request.user),
# email
'new_email':
NewEmailForm(),
# approvals
'field_of_study_application':
FieldOfStudyApplicationForm(),
'has_active_approvals':
MembershipApproval.objects.filter(applicant=request.user,
processed=False).count() > 0,
'approvals': [
# Tuple syntax ('title', list_of_approvals, is_collapsed)
(_("aktive søknader"),
MembershipApproval.objects.filter(applicant=request.user,
processed=False), False),
(_("avslåtte søknader"),
MembershipApproval.objects.filter(applicant=request.user,
processed=True,
approved=False), True),
(_("godkjente søknader"),
MembershipApproval.objects.filter(applicant=request.user,
processed=True), True),
],
'payments': [
(_('ubetalt'), PaymentDelay.objects.all().filter(user=request.user,
active=True),
False),
(_('betalt'),
PaymentRelation.objects.all().filter(user=request.user), True),
],
'internal_services_form':
InternalServicesForm(),
'in_comittee':
has_access(request)
}
return context
