def view(request, nidb64):
try:
node = Node(nidb64, user=request.user)
except ObjectDoesNotExist:
from django.http import Http404
raise Http404
if request.method == 'POST':
return post(request, node)
elif request.method == 'PUT':
return put(request, node)
elif request.method == 'DELETE':
return delete(request, node)
elif request.method != 'GET':
return not_allowed(request, ['GET', 'POST', 'PUT', 'DELETE'])
if not node.can_view():
if not request.user.is_authenticated():
from django.contrib.auth.views import redirect_to_login
return redirect_to_login(request.path)
else:
raise PermissionDenied
if request.is_ajax():
return get(request, node)
else:
params = { 'node': node }
if node.is_folder():
return render(request, 'docs/folder.html', params)
else:
return render(request, 'docs/file.html', params)
def render(request, identifier):
try:
node = Node(identifier, user=request.user)
except ObjectDoesNotExist:
node = None
if not node or not node.is_file():
try:
permalink = Permalink.objects.get(name=identifier)
except Permalink.DoesNotExist:
permalink = None
if not permalink or (permalink.valid_since
and permalink.valid_since > now()):
from django.http import Http404
raise Http404
node = Node(nodeobj=permalink.file, user=request.user)
rev = permalink.revision if permalink.revision else permalink.file.current_revision
else:
rev = node.model.current_revision
if not node.can_view():
if request.user.is_authenticated():
from django.core.exceptions import PermissionDenied
raise PermissionDenied
else:
from django.contrib.auth.views import redirect_to_login
return redirect_to_login(request.path)
text = rev.text
if text.format == BlobText.MARKDOWN:
from core.formatting import render_document
rendered_text = render_document(text.text)
elif text.format == BlobText.HTML:
rendered_text = text
else: # text.format == BlobText.TEXT:
rendered_text = r'<blockquote>%s</blockquote>' % text.text
return render_request(request, 'docs/render.html', {
'node': node,
'text': rendered_text,
})
def create(request):
if request.method == 'POST':
kind = request.POST.get('type')
name = request.POST.get('name')
at = request.POST.get('at')
if not (kind and name and at):
return bad_request(request, {'error': 'invalid_args'})
try:
parent = Node(at, user=request.user)
except ObjectDoesNotExist:
return bad_request(request, {'error': 'invalid_node'})
if not parent.is_folder():
return bad_request(request, {'error': 'node_is_not_a_folder'})
if not parent.can_edit():
from django.core.exceptions import PermissionDenied
raise PermissionDenied
# Warning: removed creation restrictions on <ALLOW * EDIT> folder. Careful.
if parent.is_archived():
return bad_request(request, {'error': 'node_archived'})
if kind == 'file':
r = create_revision(request)
if not r:
return bad_request(request, {'error': 'content_required'})
f = File()
f.current_revision = r
elif kind == 'folder':
f = Folder()
else:
return bad_request(request, {'error': 'invalid_type'})
f.parent = parent.model
f.name = name
f.save()
node = Node(nodeobj=f, user=request.user)
if request.is_ajax():
result = {
'status': 'success',
'nid': node.nid(),
'timestamp': f.last_modified,
}
if node.is_file():
result['revision'] = r.id
return render(request, result)
else:
return redirect('docs:view', node.nid())
elif request.is_ajax():
return not_allowed(request, ['POST'])
else:
try:
parent = Node(request.GET.get('at'), user=request.user)
except (TypeError, ObjectDoesNotExist):
parent = None
if not parent or not parent.is_folder():
return redirect('docs:main')
if not parent.can_edit():
if not request.user.is_authenticated():
from django.contrib.auth.views import redirect_to_login
return redirect_to_login(request.path)
else:
from django.core.exceptions import PermissionDenied
raise PermissionDenied
return render(request, 'docs/create.html', {'parent': parent})
def main(request):
from docs.models import Folder
node = Node(nodeobj=Folder.objects.get(id=1))
return redirect('docs:view', node.nid())
def put(request, node):
PUT = parse_json(request)
if not PUT:
return bad_request(request, {'error': 'invalid_json'})
f = node.model
if 'star' in PUT:
if not node.can_view(): raise PermissionDenied
if not request.user.is_authenticated():
return bad_request(request, {'error': 'login_required'})
f.starring.add(request.user)
elif 'unstar' in PUT:
if not node.can_view(): raise PermissionDenied
if not request.user.is_authenticated():
return bad_request(request, {'error': 'login_required'})
f.starring.remove(request.user)
elif 'rename' in PUT:
if not node.can_edit(): raise PermissionDenied
name = PUT.get('name')
if not name:
return bad_request(request, {'error': 'invalid_name'})
f.name = name
f.save()
elif 'move' in PUT:
if not node.can_edit(): raise PermissionDenied
try:
parent = Node(PUT.get('at'))
except ObjectDoesNotExist:
return bad_request(request, {'error': 'invalid_node'})
if not parent.is_folder():
return bad_request(request, {'error': 'node_is_not_a_folder'})
elif not parent.can_edit():
raise PermissionDenied
elif parent.is_archived():
return bad_request(request, {'error': 'node_archived'})
f.parent = parent
f.save()
elif 'archive' in PUT:
if not request.user.has_perm('docs.archive'): raise PermissionDenied
f.is_archived = True
f.save()
elif 'unarchive' in PUT:
if not request.user.has_perm('docs.archive'): raise PermissionDenied
f.is_archived = False
f.save()
elif 'permissions' in PUT:
if node.can_edit(): raise PermissionDenied
if not request.user.is_authenticated():
return bad_request(request, {'error': 'login_required'})
try:
effects = dict((y, x) for x, y in Permission.EFFECT_ENUMERATION)
kinds = dict((y, x) for x, y in Permission.TYPE_ENUMERATION)
scopes = dict((y, x) for x, y in Permission.SCOPE_ENUMERATION)
perms = []
for obj in PUT.get('permissions'):
p = Permission()
p.effect = effects[obj['effect']]
p.type = kinds[obj['type']]
if 'group' in obj:
p.scope = Permission.PER_GROUP
p.target = obj['group']
elif 'user' in obj:
p.scope = Permission.PER_USER
p.target = obj['user']
else:
p.scope = scopes[obj['scope']]
perms.append(p)
f.permissions.clear()
f.permissions.bulk_create(perms)
except TypeError:
return bad_request(request, {'error': 'invalid_permissions'})
except (KeyError, ValueError):
return bad_request(request, {'error': 'invalid_entry'})
return render_json(request, {'status': 'success'})
