def approve(request, comment_id, next=None): """ Approve a comment (that is, mark it as public and non-removed). Confirmation on GET, action on POST. Requires the "can moderate comments" permission. Templates: `comments/approve.html`, Context: comment the `comments.comment` object for approval """ comment = get_object_or_404(comments.get_model(), pk=comment_id, site__pk=settings.SITE_ID) # Delete on POST if request.method == 'POST': # Flag the comment as approved. perform_approve(request, comment) return next_redirect(request, next, approve_done, c=comment.pk) # Render a form on GET else: return render_to_response('comments/approve.html', { 'comment': comment, "next": next }, template.RequestContext(request))
def delete(request, comment_id, next=None): """ Deletes a comment. Confirmation on GET, action on POST. Requires the "can moderate comments" permission. Templates: :template:`comments/delete.html`, Context: comment the flagged `comments.comment` object """ comment = get_object_or_404(comments.get_model(), pk=comment_id, site__pk=settings.SITE_ID) # Delete on POST if request.method == 'POST': # Flag the comment as deleted instead of actually deleting it. perform_delete(request, comment) return next_redirect(request, fallback=next or 'comments-delete-done', c=comment.pk) # Render a form on GET else: return render_to_response('comments/delete.html', {'comment': comment, "next": next}, template.RequestContext(request) )
def delete(request, comment_id, next=None): """ Deletes a comment. Confirmation on GET, action on POST. Requires the "can moderate comments" permission. Templates: `comments/delete.html`, Context: comment the flagged `comments.comment` object """ comment = get_object_or_404(comments.get_model(), pk=comment_id, site__pk=settings.SITE_ID) # Delete on POST if request.method == 'POST': # Flag the comment as deleted instead of actually deleting it. perform_delete(request, comment) return next_redirect(request, next, delete_done, c=comment.pk) # Render a form on GET else: return render_to_response('comments/delete.html', { 'comment': comment, "next": next }, template.RequestContext(request))
def approve(request, comment_id, next=None): """ Approve a comment (that is, mark it as public and non-removed). Confirmation on GET, action on POST. Requires the "can moderate comments" permission. Templates: :template:`comments/approve.html`, Context: comment the `comments.comment` object for approval """ comment = get_object_or_404(comments.get_model(), pk=comment_id, site__pk=settings.SITE_ID) # Delete on POST if request.method == 'POST': # Flag the comment as approved. perform_approve(request, comment) return next_redirect(request, fallback=next or 'comments-approve-done', c=comment.pk) # Render a form on GET else: return render_to_response('comments/approve.html', {'comment': comment, "next": next}, template.RequestContext(request) )
def flag(request, comment_id, next=None): """ Flags a comment. Confirmation on GET, action on POST. Templates: :template:`comments/flag.html`, Context: comment the flagged `comments.comment` object """ comment = get_object_or_404(comments.get_model(), pk=comment_id, site__pk=settings.SITE_ID) # Flag on POST if request.method == 'POST': perform_flag(request, comment) return next_redirect(request, fallback=next or 'comments-flag-done', c=comment.pk) # Render a form on GET else: return render_to_response('comments/flag.html', { 'comment': comment, "next": next }, template.RequestContext(request))
def mod_delete(request, comment, next=None, template='comments/delete.html'): """ Moderator cannot delete a comment, A comment is the propriety of the poster But moderator can hide a comment by moderating it... "can_moderate comments" permission required. Templates: :template:`comments/delete.html`, Context: comment the flagged `comments.comment` object """ # Delete on POST if request.method == 'POST': # Flag the comment as deleted instead of actually deleting it. perform_moderation(request, comment) return next_redirect(request, fallback=next or 'comments-delete-done', c=comment.pk) # Render a confirmation form on GET else: print RequestContext(request) return render_to_response(template, {'comment': comment, 'post': comment.content_object, "next": next, "moderate":True}, RequestContext(request) )
def delete_comment(request, comment_id=None, next=None, moderate=False, template='comments/delete.html'): """ Deletes a comment. Confirmation on GET, action on POST. User should have the "can_moderate comments" permission or own the comment """ comment = get_object_or_404(django_comment.get_model(), pk=comment_id, site__pk=settings.SITE_ID) if request.user.has_perm("django.contrib.comments.can_moderate") and moderate: return mod_delete(request, comment, next, template) elif comment.user == request.user: # Delete on POST if request.method == 'POST': # Flag the comment as deleted instead of actually deleting it. perform_delete(request, comment) return next_redirect(request, fallback=next or 'comments-delete-done', c=comment.pk) # Render a confirmation form on GET else: return render_to_response(template, {'comment': comment, 'post': comment.content_object, "next": next}, RequestContext(request) ) else: raise Http404
def mark_as_spam(request, comment_id, next=None): comment = get_object_or_404(comments.get_model(), pk=comment_id, site__pk=settings.SITE_ID) if request.method == 'POST': perform_mark_as_spam(request, comment) return next_redirect(request, next, mark_as_spam_done, c=comment.pk) else: return render_to_response('comments/mark_spam.html', {'comment': comment, "next": next}, template.RequestContext(request) )
def delete_comment(request, comment_id, next=None): """ Deletes a comment. Confirmation on GET, action on POST. Templates: `comments/delete_by_user.html`, `comments/delete_by_user_forbidden.html` Context: comment the deleted `comments.comment` object """ comment = get_object_or_404(comment_app.get_model(), pk=comment_id, site__pk=settings.SITE_ID) # Ensure requesting user is same user who posted comment if request.user != comment.user: t = loader.get_template('comments/delete_by_user_forbidden.html') c = RequestContext(request) return HttpResponseForbidden(t.render(c)) # Check that user is not banned from commenting user_ip_address = request.META['REMOTE_ADDR'] user_is_banned = \ CommentsBannedFromIpAddress.objects.is_banned(user_ip_address) if user_is_banned: return HttpResponseForbidden() # Delete on POST if request.method == 'POST': comment.is_deleted_by_user = True comment.save() signals.comment_was_deleted_by_user.send( sender = comment.__class__, comment = comment, request = request ) if request.is_ajax(): return redirect('osl_comments.views.get_comment', comment_id=comment_id) else: return next_redirect(request.POST.copy(), next, delete_by_user_done, c=comment.pk) # Render a form on GET else: return render_to_response('comments/delete_by_user.html', {'comment': comment, "next": next}, RequestContext(request) )
def post_comment(request, next=None, using=None): form = RecaptchaForm(request.POST) data = request.session['data'] model = request.session['model'] target = request.session['target'] next = data.get("next", next) if form.is_valid(): form = comments.get_form()(target, data=data) comment = form.get_comment_object() comment.ip_address = request.META.get("REMOTE_ADDR", None) if request.user.is_authenticated(): comment.user = request.user # Signal that the comment is about to be saved responses = signals.comment_will_be_posted.send( sender=comment.__class__, comment=comment, request=request) for (receiver, response) in responses: if response == False: return CommentPostBadRequest( "comment_will_be_posted receiver %r killed the comment" % receiver.__name__) # Save the comment and signal that it was saved comment.save() signals.comment_was_posted.send(sender=comment.__class__, comment=comment, request=request) return next_redirect(data, next, comment_done, c=comment._get_pk_val()) else: template_list = [ "comments/%s_%s_verify.html" % (model._meta.app_label, model._meta.module_name), "comments/%s_verify.html" % model._meta.app_label, "comments/%s/%s/verify.html" % (model._meta.app_label, model._meta.module_name), "comments/%s/verify.html" % model._meta.app_label, "comments/verify.html", ] return render_to_response( template_list, { "comment": request.session['data'].get("comment", ""), "form": form, "next": next, }, RequestContext(request, {}))
def comment_delete(request, comment_id, next=None): """ Override the django.contrib.comments.views.moderation.delete() No need to have the comments.can_moderate permission """ comment = get_object_or_404(comments.get_model(), pk=comment_id, site__pk=settings.SITE_ID) # Delete on POST if request.method == 'POST': # Flag the comment as deleted instead of actually deleting it. perform_delete(request, comment) return next_redirect(request, next) # Render a form on GET else: return render_to_response( 'comments/delete.html', {'comment': comment, "next": next}, template.RequestContext(request) )
def flag(request, comment_id, next=None): """ Flags a comment. Confirmation on GET, action on POST. Templates: :template:`comments/flag.html`, Context: comment the flagged `comments.comment` object """ comment = get_object_or_404(comments.get_model(), pk=comment_id, site__pk=settings.SITE_ID) # Flag on POST if request.method == 'POST': perform_flag(request, comment) return next_redirect(request.POST.copy(), next, flag_done, c=comment.pk) # Render a form on GET else: return render_to_response('comments/flag.html', {'comment': comment, "next": next}, template.RequestContext(request) )
def comments_spam(request, comment_id, next=None): """ Mark a comment as spam. Confirmation on GET, action on POST. Templates: `comments/spam.html`, Context: comment the spammed `comments.comment` object """ comment = get_object_or_404(comments.get_model(), pk=comment_id, site__pk=settings.SITE_ID) # Flag on POST if request.method == 'POST': flag, created = comments.models.CommentFlag.objects.get_or_create( comment=comment, user=request.user, flag='spam') comment.is_removed = True comment.save() signals.comment_was_flagged.send( sender=comment.__class__, comment=comment, flag=flag, created=created, request=request, ) return utils.next_redirect(request.POST.copy(), next, spam_done, c=comment.pk) # Render a form on GET else: return render_to_response('comments/spam.html', { 'comment': comment, "next": next }, template.RequestContext(request))
def update_ip_address_ban(request, comment_id, next=None): comment = get_object_or_404(OslComment, pk=comment_id) if request.method == 'GET': banned = \ CommentsBannedFromIpAddress.objects.is_banned(comment.ip_address) return render_to_response('comments/update_ip_address_ban.html', {'banned': banned}, RequestContext(request) ) if request.method == 'POST': data = request.POST banned_str = data.get('ban', None) if banned_str == 'True': banned = True elif banned_str == 'False': banned = False else: return HttpResponseBadRequest() try: ban = CommentsBannedFromIpAddress.objects.get( ip_address=comment.ip_address) except CommentsBannedFromIpAddress.DoesNotExist: ban = CommentsBannedFromIpAddress(ip_address=comment.ip_address) ban.comments_banned = banned ban.save() signals.ip_address_ban_was_updated.send( sender = comment.__class__, banned = banned, request = request ) return next_redirect(request.POST.copy(), next, update_ip_address_ban_done)
def comments_spam(request, comment_id, next=None): """ Mark a comment as spam. Confirmation on GET, action on POST. Templates: `comments/spam.html`, Context: comment the spammed `comments.comment` object """ comment = get_object_or_404(comments.get_model(), pk=comment_id, site__pk=settings.SITE_ID) # Flag on POST if request.method == 'POST': flag, created = comments.models.CommentFlag.objects.get_or_create( comment = comment, user = request.user, flag = 'spam' ) comment.is_removed = True comment.save() signals.comment_was_flagged.send( sender = comment.__class__, comment = comment, flag = flag, created = created, request = request, ) return utils.next_redirect(request.POST.copy(), next, spam_done, c=comment.pk) # Render a form on GET else: return render_to_response('comments/spam.html', {'comment': comment, "next": next}, template.RequestContext(request) )
def edit_comment(request, next=None): # get data data = request.POST.copy() next = data.get('next', next) # see if user wants to cancel cancel = 'cancel' in data if cancel: return redirect(data['cancel_url']) # get comment and raise error if id is wrong comment_id = data.get('comment_id') if comment_id is None: return CommentPostBadRequest("Missing comment id field.") try: comment = OslComment.objects.get(pk=comment_id) except ObjectDoesNotExist: return HttpResponseNotFound( "No comment matching with PK %r exists." % comment_id ) except (ValueError, ValidationError) as e: return CommentPostBadRequest( "Attempting to get comment PK %r raised %s" % (escape(comment_id), e.__class__.__name__) ) # ensure user editing is same user who posted comment if comment.user != request.user: return HttpResponseForbidden("Cannot edit another user's comment.") # does the user want to preview the comment? preview = 'preview' in data # get a special comment form for editing form = OslEditCommentForm(data=data) # If there are errors or if we requested a preview show the comment if form.errors or preview: template_list = [ # These first two exist for purely historical reasons. # Django v1.0 and v1.1 allowed the underscore format for # preview templates, so we have to preserve that format. "comments/%s_%s_preview.html" % (comment.content_type.app_label, comment.content_type.model), "comments/%s_preview.html" % comment.content_type.app_label, # Now the usual directory based template heirarchy. "comments/%s/%s/preview.html" % (comment.content_type.app_label, comment.content_type.model), "comments/%s/preview.html" % comment.content_type.app_label, "comments/preview.html", ] return render_to_response( template_list, { "comment" : form.data.get("comment", ""), "form" : form, "next": next, }, RequestContext(request, {}) ) responses = signals.comment_will_be_edited.send( sender = comment.__class__, comment = comment, request = request ) for (receiver, response) in responses: if response == False: return CommentPostBadRequest( "comment_will_be_edited receiver %r killed the comment" % receiver.__name__) # update comment content comment.comment = data.get('comment') comment.edit_timestamp = datetime.now() comment.save() signals.comment_was_edited.send( sender = comment.__class__, comment = comment, request = request ) if request.is_ajax(): return redirect('osl_comments.views.get_comment', comment_id=comment.pk) else: return next_redirect(data, next, comment_edited)
def confirmed(request, next, comment, **msg_kwargs): message_func(request, message % msg_kwargs, fail_silently=True) if comment.get_absolute_url(): return HttpResponseRedirect(comment.get_absolute_url(anchor_pattern="#comment-%(id)s")) return next_redirect(request.POST.copy(), next, None, comment=comment.pk)
def post_comment(request, next=None, using=None, object_pk=None, ctype=None, curcomment=None, templates=None): """Post a comment. """ # Fill out some initial data fields from an authenticated user, if present data = request.POST.copy() # Look up the object we're trying to comment about ctype = data.get("content_type") object_pk = data.get("object_pk") # if user is not already authenticated, redirect to login if not request.user.is_authenticated(): # and after login, redirect here again return redirect('/login/?next=%s' % data.get("next")) if not data.get('name', ''): data["name"] = request.user.get_full_name() or request.user.get_username() if (ctype is None or object_pk is None) and curcomment is None: return CommentPostBadRequest("Missing content_type, object_pk or comment_id field.") # we got the ctype and object_pk but not comment_id if curcomment is None: try: model = models.get_model(*ctype.split(".", 1)) target = model._default_manager.using(using).get(pk=object_pk) except TypeError: return CommentPostBadRequest( "Invalid content_type value: %r" % escape(ctype)) except AttributeError: return CommentPostBadRequest( "The given content-type %r does not resolve to a valid model." % \ escape(ctype)) except ObjectDoesNotExist: return CommentPostBadRequest( "No object matching content-type %r and object PK %r exists." % \ (escape(ctype), escape(object_pk))) except (ValueError, ValidationError) as e: return CommentPostBadRequest( "Attempting go get content-type %r and object PK %r exists raised %s" % \ (escape(ctype), escape(object_pk), e.__class__.__name__)) else : target = curcomment.content_object # Construct the comment form form = django_comment.get_form()(target, data=data) # Check security information if form.security_errors(): return CommentPostBadRequest( "The comment form failed security verification: %s" % \ escape(str(form.security_errors()))) # If the form is valide, create the comment if form.is_valid(): comment = form.get_comment_object() comment.ip_address = request.META.get("REMOTE_ADDR", None) comment.user = request.user # Signal that the comment is about to be saved responses = signals.comment_will_be_posted.send( sender=comment.__class__, comment=comment, request=request ) for (receiver, response) in responses: if response == False: return CommentPostBadRequest( "comment_will_be_posted receiver %r killed the comment" % receiver.__name__) # Save the comment and signal that it was saved comment.save() signals.comment_was_posted.send( sender=comment.__class__, comment=comment, request=request ) return next_redirect(request, fallback=next or 'comments-comment-done', c=comment._get_pk_val()) else : ctx = { "comment": curcomment, "form": form, "post": target, "object_pk": object_pk, "ctype": ctype, "next": data.get("next", next), } return render_to_response( templates, ctx, RequestContext(request, {}) )
comment = form.get_comment_object() comment.ip_address = request.META.get("REMOTE_ADDR", None) if request.user.is_authenticated(): comment.user = request.user # Signal that the comment is about to be saved responses = signals.comment_will_be_posted.send( sender = comment.__class__, comment = comment, request = request ) for (receiver, response) in responses: if response == False: return CommentPostBadRequest( "comment_will_be_posted receiver %r killed the comment" % receiver.__name__) # Save the comment and signal that it was saved comment.save() signals.comment_was_posted.send( sender = comment.__class__, comment = comment, request = request ) return next_redirect(data, next, comment_done, c=comment._get_pk_val()) comment_done = confirmation_view( template = "comments/posted.html", doc = """Display a "comment was posted" success page.""" )
responses = signals.review_will_be_posted.send( sender = review.__class__, review = review, segments = segments, request = request ) for (receiver, response) in responses: if response == False: return ReviewPostBadRequest( "review_will_be_posted receiver %r killed the review" % receiver.__name__) # Save the review and signal that it was saved review.save() for segment in segments: segment.review = review segment.save() signals.review_was_posted.send( sender = review.__class__, review = review, request = request ) return next_redirect(data, next, 'reviews-review-done', c=review._get_pk_val()) review_done = confirmation_view( template = "reviews/posted.html", doc = """Display a "review was posted" success page.""" )
def post_comment(request, next=None, using=None): """ Post a comment. HTTP POST is required. If ``POST['submit'] == "preview"`` or if there are errors a preview template, ``comments/preview.html``, will be rendered. """ # Fill out some initial data fields from an authenticated user, if present data = request.POST.copy() if request.user.is_authenticated(): if not data.get('name', ''): data["name"] = request.user.get_full_name() or request.user.get_username() if not data.get('email', ''): data["email"] = request.user.email # Check to see if the POST data overrides the view's next argument. next = data.get("next", next) # Look up the object we're trying to comment about ctype = data.get("content_type") object_pk = data.get("object_pk") if ctype is None or object_pk is None: return CommentPostBadRequest("Missing content_type or object_pk field.") try: model = models.get_model(*ctype.split(".", 1)) target = model._default_manager.using(using).get(pk=object_pk) except TypeError: return CommentPostBadRequest( "Invalid content_type value: %r" % escape(ctype)) except AttributeError: return CommentPostBadRequest( "The given content-type %r does not resolve to a valid model." % \ escape(ctype)) except ObjectDoesNotExist: return CommentPostBadRequest( "No object matching content-type %r and object PK %r exists." % \ (escape(ctype), escape(object_pk))) except (ValueError, ValidationError) as e: return CommentPostBadRequest( "Attempting go get content-type %r and object PK %r exists raised %s" % \ (escape(ctype), escape(object_pk), e.__class__.__name__)) # Do we want to preview the comment? preview = "preview" in data # Construct the comment form form = comments.get_form()(target, data=data) # Check security information if form.security_errors(): return CommentPostBadRequest( "The comment form failed security verification: %s" % \ escape(str(form.security_errors()))) # If there are errors or if we requested a preview show the comment if form.errors or preview: template_list = [ # These first two exist for purely historical reasons. # Django v1.0 and v1.1 allowed the underscore format for # preview templates, so we have to preserve that format. "comments/%s_%s_preview.html" % (model._meta.app_label, model._meta.module_name), "comments/%s_preview.html" % model._meta.app_label, # Now the usual directory based template hierarchy. "comments/%s/%s/preview.html" % (model._meta.app_label, model._meta.module_name), "comments/%s/preview.html" % model._meta.app_label, "comments/preview.html", ] return render_to_response( template_list, { "comment": form.data.get("comment", ""), "form": form, "next": next, }, RequestContext(request, {}) ) # Otherwise create the comment comment = form.get_comment_object() comment.ip_address = request.META.get("REMOTE_ADDR", None) if request.user.is_authenticated(): comment.user = request.user # Signal that the comment is about to be saved responses = signals.comment_will_be_posted.send( sender=comment.__class__, comment=comment, request=request ) for (receiver, response) in responses: if response == False: return CommentPostBadRequest( "comment_will_be_posted receiver %r killed the comment" % receiver.__name__) # Save the comment and signal that it was saved comment.save() signals.comment_was_posted.send( sender=comment.__class__, comment=comment, request=request ) return next_redirect(data, next, comment_done, c=comment._get_pk_val())
def edit(request, comment_id, next=None): """ Edit a comment. Requires HTTP POST and "can change comments" or "can moderate comments", permission. Users can also only edit comments they own, unless they are granted "comments.can_moderate" permissions. If ``POST['submit'] == "preview"`` or there are errors, a preview template ``comments/preview.html`` will be rendered. Templates: `comments/edit.html`, Context: comment the `comments.comment` object to be edited. """ comment = get_object_or_404(comments.get_model(), pk=comment_id, site__pk=settings.SITE_ID) # Make sure user has correct permissions to change the comment, # or return a 401 Unauthorized error. if not (request.user == comment.user and request.user.has_perm("comments.change_comment") or request.user.has_perm("comments.can_moderate")): return HttpResponse("Unauthorized", status=401) # Populate POST data with all required initial data # unless they are already in POST data = request.POST.copy() if not data.get("user_name", ""): data["user_name"] = request.user.get_full_name() or request.user.username if not data.get("user_email"): data["user_email"] = request.user.email next = data.get("next", next) CommentEditForm = comments_extension.get_edit_form() form = CommentEditForm(data, instance=comment) if form.security_errors(): # NOTE: security hash fails! return CommentEditBadRequest( "The comment form failed security verification: %s" % \ escape(str(form.security_errors()))) # If there are errors, or if a preview is requested if form.errors or "preview" in data: app_label, model = (form.instance.content_type.app_label, form.instance.content_type.model) template_search_list = [ "comments/%s/%s/edit-preview.html" % (app_label, model), "comments/%s/edit-preview.html" % model, "comments/edit-preview.html" ] return render_to_response( template_search_list, { "comment_obj": comment, "comment": form.data.get("comment", ""), "form": form, "next": next, }, RequestContext(request, {}) ) # Otherwise, try to save the comment and emit signals if form.is_valid(): MODERATOR_EDITED = "moderator edited" flag, created = comments.models.CommentFlag.objects.get_or_create( comment = form.instance, user = request.user, flag = MODERATOR_EDITED ) form.instance.is_removed = False form.save() signals.comment_was_flagged.send( sender = comment.__class__, comment = comment, flag = flag, created = created, request = request ) return next_redirect(request, next, edit_done, c=comment.pk) else: # If we got here, raise Bad Request error. return CommentEditBadRequest("Could not complete request!")
def post_comment(request, next=None, using=None): """ Post a comment. HTTP POST is required. If ``POST['submit'] == "preview"`` or if there are errors a preview template, ``comments/preview.html``, will be rendered. """ # Fill out some initial data fields from an authenticated user, if present data = request.POST.copy() if request.user.is_authenticated(): if not data.get('name', ''): data["name"] = request.user.get_full_name( ) or request.user.get_username() if not data.get('email', ''): data["email"] = request.user.email # Look up the object we're trying to comment about ctype = data.get("content_type") object_pk = data.get("object_pk") if ctype is None or object_pk is None: return CommentPostBadRequest( "Missing content_type or object_pk field.") try: model = apps.get_model(ctype) target = model._default_manager.using(using).get(pk=object_pk) except TypeError: return CommentPostBadRequest("Invalid content_type value: %r" % escape(ctype)) except LookupError: return CommentPostBadRequest( "The given content-type %r does not resolve to a valid model." % \ escape(ctype)) except ObjectDoesNotExist: return CommentPostBadRequest( "No object matching content-type %r and object PK %r exists." % \ (escape(ctype), escape(object_pk))) except (ValueError, ValidationError) as e: return CommentPostBadRequest( "Attempting go get content-type %r and object PK %r exists raised %s" % \ (escape(ctype), escape(object_pk), e.__class__.__name__)) # Do we want to preview the comment? preview = "preview" in data # Construct the comment form form = comments.get_form()(target, data=data) # Check security information if form.security_errors(): return CommentPostBadRequest( "The comment form failed security verification: %s" % \ escape(str(form.security_errors()))) # If there are errors or if we requested a preview show the comment if form.errors or preview: template_list = [ # These first two exist for purely historical reasons. # Django v1.0 and v1.1 allowed the underscore format for # preview templates, so we have to preserve that format. "comments/%s_%s_preview.html" % (model._meta.app_label, model._meta.model_name), "comments/%s_preview.html" % model._meta.app_label, # Now the usual directory based template hierarchy. "comments/%s/%s/preview.html" % (model._meta.app_label, model._meta.model_name), "comments/%s/preview.html" % model._meta.app_label, "comments/preview.html", ] return render_to_response( template_list, { "comment": form.data.get("comment", ""), "form": form, "next": data.get("next", next), }, RequestContext(request, {})) # Otherwise create the comment comment = form.get_comment_object() comment.ip_address = request.META.get("REMOTE_ADDR", None) if request.user.is_authenticated(): comment.user = request.user # Signal that the comment is about to be saved responses = signals.comment_will_be_posted.send(sender=comment.__class__, comment=comment, request=request) for (receiver, response) in responses: if response == False: return CommentPostBadRequest( "comment_will_be_posted receiver %r killed the comment" % receiver.__name__) # Save the comment and signal that it was saved comment.save() signals.comment_was_posted.send(sender=comment.__class__, comment=comment, request=request) return next_redirect(request, fallback=next or 'comments-comment-done', c=comment._get_pk_val())
def post_comment(request, next=None): """ Post a comment. HTTP POST is required unless a initial form is requested. If ``POST['submit'] == "preview"`` or if there are errors a preview template, ``comments/preview.html``, will be rendered. """ # Require POST if request.method != 'POST': return http.HttpResponseNotAllowed(["POST"]) is_ajax = request.POST.get('is_ajax') and '_ajax' or '' # Fill out some initial data fields from an authenticated user, if present data = request.POST.copy() if request.user.is_authenticated(): if not data.get('name', ''): data["name"] = request.user.get_full_name() if not data.get('email', ''): data["email"] = request.user.email # Look up the object we're trying to comment about ctype = data.get("content_type") object_pk = data.get("object_pk") parent_pk = data.get("parent_pk") parent_comment = None if ctype is None or object_pk is None: return CommentPostBadRequest("Missing content_type or object_pk field.") try: model = models.get_model(*ctype.split(".", 1)) target = model._default_manager.get(pk=object_pk) if parent_pk: parent_comment = MpttComment.objects.get(pk=parent_pk) except TypeError: return CommentPostBadRequest( "Invalid content_type value: %r" % escape(ctype)) except AttributeError: return CommentPostBadRequest( "The given content-type %r does not resolve to a valid model." % \ escape(ctype)) except MpttComment.DoesNotExist: return CommentPostBadRequest( "Parent comment with PK %r does not exist." % \ escape(parent_pk)) except ObjectDoesNotExist: return CommentPostBadRequest( "No object matching content-type %r and object PK %r exists." % \ (escape(ctype), escape(object_pk))) # Do we want to preview the comment? preview = data.get("submit", "").lower() == "preview" or \ data.get("preview", None) is not None # Construct the comment form form = MpttCommentForm(target, parent_comment=parent_comment, data=data) # Check security information if form.security_errors(): return CommentPostBadRequest( "The comment form failed security verification: %s" % \ escape(str(form.security_errors()))) # If there are errors or if we requested a preview show the comment if form.errors or preview: template_list = [ "comments/%s_%s_preview%s.html" % tuple(str(model._meta).split(".") + [is_ajax]), "comments/%s_preview%s.html" % (model._meta.app_label, is_ajax), "comments/preview%s.html" % is_ajax ] return render_to_response( template_list, { "comment" : form.data.get("comment", ""), "form" : form, "allow_post": not form.errors }, RequestContext(request, {}) ) # Otherwise create the comment comment = form.get_comment_object() comment.ip_address = request.META.get("REMOTE_ADDR", None) if request.user.is_authenticated(): comment.user = request.user # Signal that the comment is about to be saved responses = signals.comment_will_be_posted.send( sender = comment.__class__, comment = comment, request = request ) for (receiver, response) in responses: if response == False: return CommentPostBadRequest( "comment_will_be_posted receiver %r killed the comment" % receiver.__name__) # Save the comment and signal that it was saved comment.save() signals.comment_was_posted.send( sender = comment.__class__, comment = comment, request = request ) if is_ajax: data['next'] = None return next_redirect(data, next, 'comments_comment_done%s' % (is_ajax and '_ajax' or ''), c=comment._get_pk_val())
def post_comment(request, next=None): """ Post a comment. HTTP POST is required. If ``POST['submit'] == "preview"`` or if there are errors a preview template, ``comments/preview.html``, will be rendered. """ # get a sensible value for next next = next or request.POST.get('next') or request.GET.get('next') # Fill out some initial data fields from an authenticated user, if present data = request.POST.copy() if request.user.is_authenticated(): if not data.get('name', ''): data["name"] = request.user.get_full_name() or request.user.username if not data.get('email', ''): data["email"] = request.user.email # Look up the object we're trying to comment about ctype = data.get("content_type") object_pk = data.get("object_pk") if ctype is None or object_pk is None: return CommentPostBadRequest("Missing content_type or object_pk field.") try: model = models.get_model(*ctype.split(".", 1)) target = model._default_manager.get(pk=object_pk) except TypeError: return CommentPostBadRequest( "Invalid content_type value: %r" % escape(ctype)) except AttributeError: return CommentPostBadRequest( "The given content-type %r does not resolve to a valid model." % \ escape(ctype)) except ObjectDoesNotExist: return CommentPostBadRequest( "No object matching content-type %r and object PK %r exists." % \ (escape(ctype), escape(object_pk))) # Do we want to preview the comment? preview = "preview" in data # Construct the comment form form = comments.get_form()(target, data=data) # Check security information if form.security_errors(): return CommentPostBadRequest( "The comment form failed security verification: %s" % \ escape(str(form.security_errors()))) # If there are errors or if we requested a preview show the comment if form.errors or preview: template_list = [ "comments/%s_%s_preview.html" % tuple(str(model._meta).split(".")), "comments/%s_preview.html" % model._meta.app_label, "comments/preview.html", ] return render_to_response( template_list, { "next": target.get_absolute_url(), # sent next to the template "comment" : form.data.get("comment", ""), "form" : form, }, RequestContext(request, {}) ) # Otherwise create the comment comment = form.get_comment_object() comment.ip_address = request.META.get("REMOTE_ADDR", None) if request.user.is_authenticated(): comment.user = request.user # Signal that the comment is about to be saved responses = signals.comment_will_be_posted.send( sender = comment.__class__, comment = comment, request = request ) for (receiver, response) in responses: if response == False: return CommentPostBadRequest( "comment_will_be_posted receiver %r killed the comment" % receiver.__name__) # Save the comment and signal that it was saved comment.save() signals.comment_was_posted.send( sender = comment.__class__, comment = comment, request = request ) return next_redirect(data, next, comment_done, c=comment._get_pk_val())
if request.user.is_authenticated(): comment.user = request.user # Signal that the comment is about to be saved responses = signals.comment_will_be_posted.send( sender = comment.__class__, comment = comment, request = request ) for (receiver, response) in responses: if response == False: return CommentPostBadRequest( "comment_will_be_posted receiver %r killed the comment" % receiver.__name__) # Save the comment and signal that it was saved comment.save() signals.comment_was_posted.send( sender = comment.__class__, comment = comment, request = request ) return next_redirect(request, next, comment_done, c=comment._get_pk_val()) comment_done = confirmation_view( template = "comments/posted.html", doc = """Display a "comment was posted" success page.""" )
if request.user.is_authenticated(): comment.user = request.user # Signal that the comment is about to be saved responses = signals.comment_will_be_posted.send( sender = comment.__class__, comment = comment, request = request ) for (receiver, response) in responses: if response == False: return CommentPostBadRequest( "comment_will_be_posted receiver %r killed the comment" % receiver.__name__) # Save the comment and signal that it was saved comment.save() signals.comment_was_posted.send( sender = comment.__class__, comment = comment, request = request ) return next_redirect(data, next, comment_done, c=comment._get_pk_val()) comment_done = confirmation_view( template = "comments/posted.html", doc = """Display a "comment was posted" success page.""" )
def post_comment(request, next=None, *args, **kwargs): """ Post a comment. HTTP POST is required unless a initial form is requested. If ``POST['submit'] == "preview"`` or if there are errors a preview template, ``comments/preview.html``, will be rendered. """ # Require POST if request.method != 'POST': return HttpResponseNotAllowed(["POST"]) is_ajax = request.POST.get('is_ajax') and '_ajax' or '' # Fill out some initial data fields from an authenticated user, if present data = request.POST.copy() if request.user.is_authenticated(): if not data.get('name', ''): data["name"] = request.user.get_full_name() if not data.get('email', ''): data["email"] = request.user.email response = _lookup_content_object(data) if isinstance(response, HttpResponse): return response else: target, parent_comment, model = response # Do we want to preview the comment? preview = data.get("submit", "").lower() == "preview" or \ data.get("preview", None) is not None # Construct the comment form form = get_form()(target, parent_comment=parent_comment, data=data) # Check security information if form.security_errors(): return CommentPostBadRequest( "The comment form failed security verification: %s" % \ escape(str(form.security_errors()))) # If there are errors or if we requested a preview show the comment if form.errors or preview: template_list = [ "comments/%s_%s_preview%s.html" % tuple(str(model._meta).split(".") + [is_ajax]), "comments/%s_preview%s.html" % (model._meta.app_label, is_ajax), "comments/preview%s.html" % is_ajax ] data = { 'comment': form.data.get("comment", ""), 'parent': parent_comment, 'level': parent_comment and parent_comment.level + 1 or 0, 'title': form.data.get("title", ""), 'submit_date': datetime.datetime.now(), 'rght': 0, 'lft': 0, 'user': request.user, 'user_name' : request.user.username, } comment = get_model()(**data) return TemplateResponse(request, template_list, { "comment" : comment, "preview" : True, "form" : form, "allow_post": not form.errors, "is_ajax" : is_ajax, }) # Otherwise create the comment comment = form.get_comment_object() comment.ip_address = request.META.get("REMOTE_ADDR", None) comment.user = request.user comment.user_name = request.user.username # Signal that the comment is about to be saved responses = signals.comment_will_be_posted.send( sender = comment.__class__, comment = comment, request = request ) for (receiver, response) in responses: if response == False: return CommentPostBadRequest( "comment_will_be_posted receiver %r killed the comment" % receiver.__name__) # Save the comment and signal that it was saved comment.save() signals.comment_was_posted.send( sender = comment.__class__, comment = comment, request = request ) return next_redirect(request, next, 'comments-comment-done%s' % (is_ajax and '-ajax' or ''), c=comment._get_pk_val())
def post_comment(request, next=None, using=None): """ Post a comment. HTTP POST is required. If ``POST['submit'] == "preview"`` or if there are errors a preview template, ``comments/preview.html``, will be rendered. """ # Fill out some initial data fields from an authenticated user, if present data = request.POST.copy() if request.user.is_authenticated(): if not data.get('name', ''): data["name"] = request.user.get_full_name() or request.user.get_username() if not data.get('email', ''): data["email"] = request.user.email # Look up the object we're trying to comment about ctype = data.get("content_type") object_pk = data.get("object_pk") if ctype is None or object_pk is None: return CommentPostBadRequest("Missing content_type or object_pk field.") try: model = models.get_model(*ctype.split(".", 1)) target = model._default_manager.using(using).get(pk=object_pk) except TypeError: return CommentPostBadRequest( "Invalid content_type value: %r" % escape(ctype)) except AttributeError: return CommentPostBadRequest( "The given content-type %r does not resolve to a valid model." % \ escape(ctype)) except ObjectDoesNotExist: return CommentPostBadRequest( "No object matching content-type %r and object PK %r exists." % \ (escape(ctype), escape(object_pk))) except (ValueError, ValidationError) as e: return CommentPostBadRequest( "Attempting go get content-type %r and object PK %r exists raised %s" % \ (escape(ctype), escape(object_pk), e.__class__.__name__)) # Construct the comment form form = comments.get_form()(target, data=data) # Check security information if form.security_errors(): return CommentPostBadRequest( "The comment form failed security verification: %s" % \ escape(str(form.security_errors()))) # If there are errors if form.errors: messages.error(request, "Error al enviar su comentario, por favor complete todos los campos " "del formulario.") return http.HttpResponseRedirect(request.POST.get('next')) # Otherwise create the comment comment = form.get_comment_object() comment.ip_address = request.META.get("REMOTE_ADDR", None) if request.user.is_authenticated(): comment.user = request.user # Signal that the comment is about to be saved responses = signals.comment_will_be_posted.send( sender=comment.__class__, comment=comment, request=request ) for (receiver, response) in responses: if response == False: return CommentPostBadRequest( "comment_will_be_posted receiver %r killed the comment" % receiver.__name__) # Save the comment and signal that it was saved comment.save() signals.comment_was_posted.send( sender=comment.__class__, comment=comment, request=request ) _send_email(request) messages.success(request, "Gracias por su comentario, pronto responderemos su consulta.") return next_redirect(request, fallback=next or 'comments-comment-done', c=comment._get_pk_val())