def render_to_response(self, context, **response_kwargs):
# Check for errors
if context['book'] is None:
return views.ErrorPage(self.request,
"errors/book_does_not_exist.html",
{'book_name': context['book_id']})
if context.get('has_permission', True) is False:
return views.ErrorPage(self.request,
"errors/editing_forbidden.html",
{'book': context['book']})
return super(TemplateView,
self).render_to_response(context, **response_kwargs)
def export(request, bookid):
"""
Django View. Returns BookiZip file.
@param request: Django Request
@param bookid: Book ID.
"""
try:
book = models.Book.objects.get(url_title__iexact=bookid)
except models.Book.DoesNotExist:
return views.ErrorPage(request, "errors/book_does_not_exist.html",
{"book_name": bookid})
book_version = book.getVersion(None)
response = HttpResponse(content_type='application/zip')
response[
'Content-Disposition'] = 'attachment; filename=%s.zip' % book.url_title
# this is not good
# should not do so much read/write in the memory
from booki.editor import common
fileName = common.exportBook(book_version)
response.write(open(fileName, 'rb').read())
import os
os.unlink(fileName)
return response
def upload_attachment(request, bookid, version=None):
try:
book = models.Book.objects.get(url_title__iexact=bookid)
except models.Book.DoesNotExist:
return views.ErrorPage(
request, "errors/book_does_not_exist.html", {"book_name": bookid})
user = request.user
book_security = security.get_security_for_book(user, book)
can_upload_attachment = book_security.has_perm('edit.upload_attachment')
if (not user.is_superuser and not can_upload_attachment and book.owner != user):
raise PermissionDenied
book_version = book.get_version(version)
stat = models.BookStatus.objects.filter(book=book)[0]
with transaction.atomic():
file_data = request.FILES['files[]']
att = models.Attachment(
version=book_version,
# must remove this reference
created=datetime.datetime.now(),
book=book,
status=stat
)
att.save()
attName, attExt = os.path.splitext(file_data.name)
att.attachment.save(
'{}{}'.format(booktype_slugify(attName), attExt),
file_data,
save=False
)
att.save()
response_data = {
"files": [{
"url": "http://127.0.0.1/",
"thumbnail_url": "http://127.0.0.1/",
"name": "boot.png",
"type": "image/png",
"size": 172728,
"delete_url": "",
"delete_type": "DELETE"
}]
}
# add cliendID and sputnikID to request object
# this will allow us to use sputnik and addMessageToChannel
request.clientID = request.POST['clientID']
request.sputnikID = "%s:%s" % (request.session.session_key, request.clientID)
send_notification(request, book.id, book_version.get_version(),
"notification_new_attachment_uploaded", att.get_name())
if "application/json" in request.META['HTTP_ACCEPT']:
return HttpResponse(json.dumps(response_data),
content_type="application/json")
else:
return HttpResponse(json.dumps(response_data), content_type="text/html")
def render_to_response(self, context, **response_kwargs):
if context['selected_group_error']:
return views.ErrorPage(self.request,
"portal/errors/group_does_not_exist.html",
{"group_name": context['groupid']})
return super(GroupPageView,
self).render_to_response(context, **response_kwargs)
def post(self, request, groupid):
group = BookiGroup.objects.get(url_name=groupid)
if request.user.is_authenticated():
if "task" not in request.POST:
return views.ErrorPage(request, "errors/500.html")
if request.POST["task"] == "join-group":
group.members.add(request.user)
if request.POST["task"] == "leave-group":
group.members.remove(request.user)
return HttpResponse()
def dispatch(self, request, *args, **kwargs):
"""
Checks if user is a group admin. If not, return no permissions page
"""
self.object = self.get_object()
group_security = security.get_security_for_group(request.user, self.object)
if not group_security.is_admin():
return views.ErrorPage(request, "errors/nopermissions.html")
return super(GroupUpdateView, self).dispatch(request, *args, **kwargs)
def post(self, request, groupid):
if request.user.is_authenticated():
if "task" not in request.POST:
return views.ErrorPage(request, "errors/500.html")
if request.POST["task"] == "add-book":
group = BookiGroup.objects.get(url_name=groupid)
books_list = request.POST["books"].split(',')
for i in books_list:
book = Book.objects.get(url_title=i)
book.group = group
book.save()
return HttpResponse()
def post(self, request, *args, **kwargs):
context = super(ForgotPasswordView, self).get_context_data(**kwargs)
if "name" not in request.POST:
return views.ErrorPage(request, "errors/500.html")
name = request.POST["name"].strip()
users_to_email = list(User.objects.filter(Q(username=name) | Q(email=name)))
if len(name) == 0:
context['error'] = _('Missing username')
return render(request, self.template_name, context)
if len(users_to_email) == 0:
context['error'] = _('No such user')
return render(request, self.template_name, context)
THIS_BOOKTYPE_SERVER = config.get_configuration('THIS_BOOKTYPE_SERVER') # noqa
for usr in users_to_email:
secretcode = self.generate_secret_code()
usr_obj = UserPassword()
usr_obj.user = usr
usr_obj.remote_useragent = request.META.get('HTTP_USER_AGENT', '')
usr_obj.remote_addr = request.META.get('REMOTE_ADDR', '')
usr_obj.remote_host = request.META.get('REMOTE_HOST', '')
usr_obj.secretcode = secretcode
body = render_to_string(
'account/password_reset_email.html',
dict(secretcode=secretcode, hostname=THIS_BOOKTYPE_SERVER)
)
msg = EmailMessage(
_('Reset password'), body,
settings.DEFAULT_FROM_EMAIL, [usr.email]
)
msg.content_subtype = 'html'
# In case of an error we really should not send email
# to user and do rest of the procedure
try:
usr_obj.save()
msg.send()
context['mail_sent'] = True
except:
context['error'] = _('Unknown error')
return render(request, self.template_name, context)
def thumbnail_attachment(request, bookid, attachment, version=None):
"""
Returns image thumbnail for book attachment.
@param request: Django Request
@param bookid: Book ID
@param attachment: Attachment name
"""
from django.views import static
try:
book = models.Book.objects.get(url_title__iexact=bookid)
except models.Book.DoesNotExist:
return views.ErrorPage(request, "errors/book_does_not_exist.html",
{"book_name": bookid})
book_version = book.getVersion(version)
path = '%s/%s' % (book_version.getVersion(), attachment)
document_root = '%s/books/%s/%s' % (settings.DATA_ROOT, bookid, path)
# document_root = '%s/static/%s/%s' % (settings.STATIC_DOC_ROOT, bookid, path)
# should have one "broken image" in case of error
try:
from PIL import Image
except ImportError:
import Image
try:
im = Image.open(document_root)
im.thumbnail((150, 150), Image.ANTIALIAS)
except IOError:
im = Image.new('RGB', (150, 150), "white")
response = HttpResponse(content_type='image/jpeg')
if im.mode != 'RGB':
im = im.convert('RGB')
im.save(response, "jpeg")
return response
def profilethumbnail(request, profileid):
"""
Django View. Shows user profile image.
One of the problems with this view is that it does not handle gravatar images.
@type request: C{django.http.HttpRequest}
@param request: Django Request
@type profileid: C{string}
@param profileid: Username.
@todo: Check if user exists.
"""
try:
user = User.objects.get(username=profileid)
except User.DoesNotExist:
return views.ErrorPage(request, 'errors/user_does_not_exist.html', {'username': profileid})
profile_image = utils.get_profile_image(user, int(request.GET.get('width', 24)))
return redirect(profile_image)
def post(self, request, *args, **kwargs):
context = super(ForgotPasswordEnterView,
self).get_context_data(**kwargs)
if "secretcode" and "password1" and "password2" not in request.POST:
return views.ErrorPage(request, "errors/500.html")
secretcode = request.POST["secretcode"].strip()
password1 = request.POST["password1"].strip()
password2 = request.POST["password2"].strip()
if len(password1) == 0 or len(password2) == 0:
context['password2_error'] = _('Password can\'t be empty')
context['secretcode'] = secretcode
return render(request, self.template_name, context)
if password1 != password2:
context['password2_error'] = _('Passwords don\'t match')
context['secretcode'] = secretcode
return render(request, self.template_name, context)
all_ok = True
try:
pswd = UserPassword.objects.get(secretcode=secretcode)
except UserPassword.DoesNotExist:
all_ok = False
if all_ok:
pswd.user.set_password(password1)
pswd.user.save()
return redirect(reverse('accounts:signin'))
else:
context['code_error'] = _('Wrong secret code')
context['secretcode'] = secretcode
return render(request, self.template_name, context)
def upload_attachment(request, bookid, version=None):
"""
Uploades attachments. Used from Upload dialog.
@param request: Django Request
@param bookid: Book ID
@param version: Book version or None
"""
import datetime
try:
book = models.Book.objects.get(url_title__iexact=bookid)
except models.Book.DoesNotExist:
return views.ErrorPage(request, "errors/book_does_not_exist.html",
{"book_name": bookid})
book_version = book.getVersion(version)
stat = models.BookStatus.objects.filter(book=book)[0]
operationResult = True
# check this for transactions
try:
for name, fileData in request.FILES.items():
from booki.utils import log
log.logBookHistory(book=book,
version=book_version,
args={'filename': request.FILES[name].name},
user=request.user,
kind='attachment_upload')
att = models.Attachment(
version=book_version,
# must remove this reference
created=datetime.datetime.now(),
book=book,
status=stat)
att.save()
att.attachment.save(request.FILES[name].name, fileData, save=False)
att.save()
# TODO:
# must write info about this to log!
except IOError:
operationResult = False
except:
oprerationResult = False
if request.POST.get("attachmenttab", "") == "":
return HttpResponse(
'<html><body><script> parent.closeAttachmentUpload(); </script></body></html>'
)
if request.POST.get("attachmenttab", "") == "2":
return HttpResponse(
'<html><body><script> parent.FileBrowserDialogue.loadAttachments(); parent.FileBrowserDialogue.displayBrowseTab(); parent.FileBrowserDialogue.showUpload(); </script></body></html>'
)
# should not call showAttachmentsTab, but it works for now
if operationResult:
return HttpResponse(
'<html><body><script> parent.jQuery.booki.editor.showAttachmentsTab(); parent.jQuery("#tabattachments FORM")[0].reset(); </script></body></html>'
)
else:
return HttpResponse(
'<html><body><script> parent.jQuery.booki.editor.showAttachmentsTab(); parent.jQuery("#tabattachments FORM")[0].reset(); alert(parent.jQuery.booki._("errorupload", "Error while uploading file!"));</script></body></html>'
)
def upload_cover(request, bookid, version=None):
"""
Uploades attachments. Used from Upload dialog.
@param request: Django Request
@param bookid: Book ID
@param version: Book version or None
"""
import datetime
try:
book = models.Book.objects.get(url_title__iexact=bookid)
except models.Book.DoesNotExist:
return views.ErrorPage(request, "errors/book_does_not_exist.html",
{"book_name": bookid})
book_version = book.getVersion(version)
stat = models.BookStatus.objects.filter(book=book)[0]
operationResult = True
# check this for transactions
try:
for name, fileData in request.FILES.items():
if True:
import hashlib
h = hashlib.sha1()
h.update(name)
h.update(request.POST.get('format', ''))
h.update(request.POST.get('license', ''))
h.update(str(datetime.datetime.now()))
license = models.License.objects.get(
abbrevation=request.POST.get('license', ''))
frm = request.POST.get('format', '').split(',')
try:
width = int(request.POST.get('width', '0'))
except ValueError:
width = 0
try:
height = int(request.POST.get('height', '0'))
except ValueError:
height = 0
import unidecode
try:
filename = unidecode.unidecode(request.FILES[name].name)
except:
filename = ''
title = request.POST.get('title', '').strip()[:250]
cov = models.BookCover(
book=book,
user=request.user,
cid=h.hexdigest(),
title=title,
filename=filename[:250],
width=width,
height=height,
unit=request.POST.get('unit', 'mm'),
booksize=request.POST.get('booksize', ''),
cover_type=request.POST.get('type', ''),
creator=request.POST.get('creator', '')[:40],
license=license,
notes=request.POST.get('notes', '')[:500],
approved=False,
is_book='book' in frm,
is_ebook='ebook' in frm,
is_pdf='pdf' in frm,
created=datetime.datetime.now())
cov.save()
cov.attachment.save(request.FILES[name].name,
fileData,
save=False)
cov.save()
from booki.utils import log
log.logBookHistory(book=book,
version=book_version,
args={
'filename': filename[:250],
'title': title,
'cid': cov.pk
},
user=request.user,
kind='cover_upload')
# TODO:
# must write info about this to log!
except IOError:
operationResult = False
transaction.rollback()
except:
from booki.utils import log
log.printStack()
oprerationResult = False
transaction.rollback()
else:
# maybe check file name now and save with new name
transaction.commit()
return HttpResponse(
'<html><body><script> parent.jQuery.booki.editor.showCovers(); </script></body></html>'
)
def cover(request, bookid, cid, fname=None, version=None):
try:
models.Book.objects.get(url_title__iexact=bookid)
except models.Book.DoesNotExist:
return views.ErrorPage(
request, "errors/book_does_not_exist.html", {"book_name": bookid})
try:
cover = models.BookCover.objects.get(cid=cid)
except models.BookCover.DoesNotExist:
return HttpResponse(status=500)
document_path = cover.attachment.path
# extenstion
mimetypes.init()
extension = cover.attachment.name.split('.')[-1].lower()
if extension == 'tif':
extension = 'tiff'
if extension == 'jpg':
extension = 'jpeg'
content_type = mimetypes.types_map.get(
'.' + extension, 'binary/octet-stream')
if request.GET.get('preview', '') == '1':
try:
from PIL import Image
except ImportError:
import Image
try:
if extension.lower() in ['pdf', 'psd', 'svg']:
raise Exception
im = Image.open(cover.attachment.name)
im.thumbnail((300, 200), Image.ANTIALIAS)
except:
try:
im = Image.open('%s/edit/img/booktype-cover-%s.png' %
(settings.STATIC_ROOT, extension.lower()))
extension = 'png'
content_type = 'image/png'
except:
# Not just IOError but anything else
im = Image.open('%s/edit/img/booktype-cover-error.png' %
settings.STATIC_ROOT)
extension = 'png'
content_type = 'image/png'
response = HttpResponse(content_type=content_type)
extension_list = ['jpg', 'jpeg', 'png', 'gif', 'tiff', 'bmp', 'tif']
if extension.lower() in extension_list:
if extension.upper() == 'JPG':
extension = 'JPEG'
else:
extension = 'jpeg'
im.save(response, extension.upper())
return response
try:
data = open(document_path, 'rb').read()
except IOError:
return HttpResponse(status=500)
return HttpResponse(data, content_type=content_type)
def upload_cover(request, bookid, version=None):
try:
book = models.Book.objects.get(url_title__iexact=bookid)
except models.Book.DoesNotExist:
return views.ErrorPage(request, "errors/book_does_not_exist.html",
{"book_name": bookid})
can_upload_cover = security.get_security_for_book(request.user, book).has_perm('edit.upload_cover')
if (not request.user.is_superuser and not can_upload_cover and book.owner != request.user):
raise PermissionDenied
with transaction.atomic():
file_data = request.FILES['files[]']
title = request.POST.get('title', '')
try:
filename = unidecode.unidecode(file_data.name)
except:
filename = uuid.uuid1().hex
h = hashlib.sha1()
h.update(filename)
h.update(title)
h.update(str(datetime.datetime.now()))
license = models.License.objects.get(
abbrevation=request.POST.get('license', ''))
cover = models.BookCover(
book=book,
user=request.user,
cid=h.hexdigest(),
title=title,
filename=filename[:250],
width=0,
height=0,
unit=request.POST.get('unit', 'mm'),
booksize=request.POST.get('booksize', ''),
cover_type=request.POST.get('type', ''),
creator=request.POST.get('creator', '')[:40],
license=license,
notes=request.POST.get('notes', '')[:500],
approved=False,
is_book=False,
is_ebook=True,
is_pdf=False,
created=datetime.datetime.now()
)
cover.save()
# now save the attachment
cover.attachment.save(filename, file_data, save=False)
cover.save()
response_data = {
"files": [{
"url": "http://127.0.0.1/",
"thumbnail_url": "http://127.0.0.1/",
"name": "boot.png",
"type": "image/png",
"size": 172728,
"delete_url": "",
"delete_type": "DELETE"
}]
}
# add cliendID and sputnikID to request object
# this will allow us to use sputnik and addMessageToChannel
request.clientID = request.POST['clientID']
request.sputnikID = "%s:%s" % (request.session.session_key, request.clientID)
send_notification(request, book.id, book.get_version(version).get_version(),
"notification_new_cover_uploaded", cover.title)
if "application/json" in request.META['HTTP_ACCEPT']:
return HttpResponse(json.dumps(response_data),
content_type="application/json")
else:
return HttpResponse(json.dumps(response_data), content_type="text/html")
def render_to_response(self, context, **response_kwargs):
if context.get('has_permission', True) is False:
return views.ErrorPage(self.request, "errors/nopermissions.html")
return super(FullView,
self).render_to_response(context, **response_kwargs)
def edit_book(request, bookid, version=None):
"""
Django View. Default page for Booki editor.
@param request: Django Request
@param bookid: Book ID
@param version: Book Version or None
"""
from booki.utils import security
try:
book = models.Book.objects.get(url_title__iexact=bookid)
except models.Book.DoesNotExist:
return views.ErrorPage(request, "errors/book_does_not_exist.html",
{"book_name": bookid})
book_version = book.getVersion(version)
bookSecurity = security.getUserSecurityForBook(request.user, book)
hasPermission = security.canEditBook(book, bookSecurity)
if not hasPermission:
return views.ErrorPage(request, "errors/editing_forbidden.html",
{"book": book})
chapters = models.Chapter.objects.filter(version=book_version)
tabs = ["chapters"]
tabs += ["attachments"]
tabs += ["covers"]
tabs += ["history", "versions", "notes"]
if bookSecurity.isAdmin():
tabs += ["settings"]
tabs += ["export"]
isBrowserSupported = True
browserMeta = request.META.get('HTTP_USER_AGENT', '')
if browserMeta.find('MSIE') != -1:
isBrowserSupported = False
try:
publish_options = settings.PUBLISH_OPTIONS
except AttributeError:
from booktype import constants
publish_options = constants.PUBLISH_OPTIONS
return render(
request,
'editor/edit_book.html',
{
"book":
book,
"book_version":
book_version.getVersion(),
"version":
book_version,
# this change will break older versions of template
"statuses": [(s.name.replace(' ', '_'), s.name)
for s in models.BookStatus.objects.filter(book=book)],
"chapters":
chapters,
"security":
bookSecurity,
"is_admin":
bookSecurity.isGroupAdmin() or bookSecurity.isBookAdmin()
or bookSecurity.isSuperuser(),
"is_owner":
book.owner == request.user,
"tabs":
tabs,
"is_browser_supported":
isBrowserSupported,
"publish_options":
publish_options,
"request":
request
})
