def groupmembership_add_edit(request, group_slug, user_id=None,
form_class=GroupMembershipForm,
template_name="user_groups/member_add_edit.html"):
add, edit = None, None
group = get_object_or_404(Group, slug=group_slug)
if user_id:
user = get_object_or_404(User, pk=user_id)
group_membership = get_object_or_404(GroupMembership, member=user, group=group)
if not has_perm(request.user,'user_groups.change_groupmembership',group_membership):
raise Http403
edit = True
else:
group_membership = None
if not has_perm(request.user,'user_groups.add_groupmembership'):
raise Http403
add = True
if request.method == 'POST':
form = form_class(None, user_id, request.POST, instance=group_membership)
if form.is_valid():
group_membership = form.save(commit=False)
group_membership.group = group
if not group_membership.id:
group_membership.creator_id = request.user.id
group_membership.creator_username = request.user.username
group_membership.owner_id = request.user.id
group_membership.owner_username = request.user.username
group_membership.save()
if add:
log_defaults = {
'event_id' : 221000,
'event_data': '%s (%d) added by %s' % (group_membership._meta.object_name, group_membership.pk, request.user),
'description': '%s added' % group_membership._meta.object_name,
'user': request.user,
'request': request,
'instance': group_membership,
}
EventLog.objects.log(**log_defaults)
if edit:
log_defaults = {
'event_id' : 222000,
'event_data': '%s (%d) edited by %s' % (group_membership._meta.object_name, group_membership.pk, request.user),
'description': '%s edited' % group_membership._meta.object_name,
'user': request.user,
'request': request,
'instance': group_membership,
}
EventLog.objects.log(**log_defaults)
return HttpResponseRedirect(group.get_absolute_url())
else:
form = form_class(group, user_id, instance=group_membership)
return render_to_response(template_name, locals(), context_instance=RequestContext(request))
def group_add_edit(request, group_slug=None,
form_class=GroupForm,
template_name="user_groups/add_edit.html"):
add, edit = False, False
if group_slug:
group = get_object_or_404(Group, slug=group_slug)
if not has_perm(request.user,'user_groups.change_group',group):
raise Http403
title = "Edit Group"
edit = True
else:
group = None
if not has_perm(request.user,'user_groups.add_group'):raise Http403
title = "Add Group"
add = True
if request.method == 'POST':
if edit:
form = form_class(request.POST, instance=group, user=request.user)
else:
form = form_class(request.POST, user=request.user)
if form.is_valid():
group = form.save(commit=False)
if not group.id:
group.creator = request.user
group.creator_username = request.user.username
# set up user permission
group.allow_user_view, group.allow_user_edit = form.cleaned_data['user_perms']
group.owner = request.user
group.owner_username = request.user.username
group = form.save()
if add:
# send notification to administrators
recipients = get_notice_recipients('module', 'groups', 'grouprecipients')
if recipients:
if notification:
extra_context = {
'object': group,
'request': request,
}
notification.send_emails(recipients,'group_added', extra_context)
EventLog.objects.log(instance=group)
return HttpResponseRedirect(group.get_absolute_url())
else:
if edit:
form = form_class(instance=group, user=request.user)
else:
form = form_class(user=request.user)
return render_to_response(template_name, {'form':form, 'titie':title, 'group':group}, context_instance=RequestContext(request))
def pending(request, template_name="directories/pending.html"):
can_view_directories = has_perm(request.user, "directories.view_directory")
can_change_directories = has_perm(request.user, "directories.change_directory")
if not all([can_view_directories, can_change_directories]):
raise Http403
directories = Directory.objects.filter(status_detail__contains="pending")
EventLog.objects.log()
return render_to_response(template_name, {"directories": directories}, context_instance=RequestContext(request))
def pending(request, template_name="jobs/pending.html"):
can_view_jobs = has_perm(request.user, 'jobs.view_job')
can_change_jobs = has_perm(request.user, 'jobs.change_job')
if not all([can_view_jobs, can_change_jobs]):
raise Http403
EventLog.objects.log()
jobs = Job.objects.filter(status_detail__contains='pending')
return render_to_response(template_name, {'jobs': jobs},
context_instance=RequestContext(request))
def user_role_edit(request, username, membership_id, form_class=GroupMembershipEditForm, template_name="profiles/edit_role.html"):
user = get_object_or_404(User, username=username)
membership = get_object_or_404(GroupMembership, id=membership_id)
try:
profile = Profile.objects.get(user=user)
except Profile.DoesNotExist:
profile = Profile.objects.create_profile(user=user)
if not profile.allow_edit_by(request.user):
raise Http403
if not has_perm(request.user,'user_groups.view_group', membership.group):
raise Http403
if request.method == 'POST':
form = form_class(request.POST, instance=membership)
if form.is_valid():
form.save()
messages.add_message(request, messages.SUCCESS, 'Successfully edited membership for %s' % membership.group)
return HttpResponseRedirect("%s%s" % (reverse('profile', args=[user.username]),'#userview-groups'))
else:
form = form_class(instance=membership)
return render_to_response(template_name, {
'form': form,
'membership': membership,
}, context_instance=RequestContext(request))
def add(request, form_class=FormForm, template_name="forms/add.html"):
if not has_perm(request.user,'forms.add_form'):
raise Http403
PricingFormSet = inlineformset_factory(Form, Pricing, form=PricingForm, extra=2, can_delete=False)
formset = PricingFormSet()
if request.method == "POST":
form = form_class(request.POST, user=request.user)
if form.is_valid():
form_instance = form.save(commit=False)
# save form and associated pricings
form_instance = update_perms_and_save(request, form, form_instance)
formset = PricingFormSet(request.POST, instance=form_instance)
if formset.is_valid():
# update_perms_and_save does not appear to consider ManyToManyFields
for method in form.cleaned_data['payment_methods']:
form_instance.payment_methods.add(method)
formset.save()
messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % form_instance)
return HttpResponseRedirect(reverse('form_field_update', args=[form_instance.pk]))
else:
form = form_class(user=request.user)
return render_to_response(template_name, {
'form':form,
'formset':formset,
}, context_instance=RequestContext(request))
def template_index(request, template_name="campaign_monitor/templates/index.html"):
if not has_perm(request.user, "campaign_monitor.view_template"):
raise Http403
templates = Template.objects.all().order_by("name")
return render_to_response(template_name, {"templates": templates}, context_instance=RequestContext(request))
def edit_meta(request, id, form_class=MetaForm, template_name="articles/edit-meta.html"):
# check permission
article = get_object_or_404(Article, pk=id)
if not has_perm(request.user, 'articles.change_article', article):
raise Http403
defaults = {
'title': article.get_title(),
'description': article.get_description(),
'keywords': article.get_keywords(),
'canonical_url': article.get_canonical_url(),
}
article.meta = MetaTags(**defaults)
if request.method == "POST":
form = form_class(request.POST, instance=article.meta)
if form.is_valid():
article.meta = form.save() # save meta
article.save() # save relationship
messages.add_message(request, messages.SUCCESS, 'Successfully updated meta for %s' % article)
return HttpResponseRedirect(reverse('article', args=[article.slug]))
else:
form = form_class(instance=article.meta)
return render_to_response(template_name, {'article': article, 'form': form},
context_instance=RequestContext(request))
def pricing_add(request, form_class=JobPricingForm,
template_name="jobs/pricing-add.html"):
if has_perm(request.user, 'jobs.add_jobpricing'):
if request.method == "POST":
form = form_class(request.POST)
if form.is_valid():
job_pricing = form.save(commit=False)
job_pricing.status = 1
job_pricing.save(request.user)
EventLog.objects.log(instance=job_pricing)
if "_popup" in request.REQUEST:
return HttpResponse('<script type="text/javascript">opener.dismissAddAnotherPopup(window, "%s", "%s");</script>' % (escape(job_pricing.pk), escape(job_pricing)))
return HttpResponseRedirect(
reverse('job_pricing.view', args=[job_pricing.id]))
else:
form = form_class()
if "_popup" in request.REQUEST:
template_name="jobs/pricing-add-popup.html"
return render_to_response(template_name, {'form': form},
context_instance=RequestContext(request))
else:
raise Http403
def add(request, form_class=ArticleForm, template_name="articles/add.html"):
if has_perm(request.user, 'articles.add_article'):
if request.method == "POST":
form = form_class(request.POST, user=request.user)
if form.is_valid():
article = form.save(commit=False)
# add all permissions and save the model
update_perms_and_save(request, form, article)
messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % article)
# send notification to administrator(s) and module recipient(s)
recipients = get_notice_recipients('module', 'articles', 'articlerecipients')
if recipients and notification:
notification.send_emails(recipients, 'article_added', {
'object': article,
'request': request,
})
return HttpResponseRedirect(reverse('article', args=[article.slug]))
else:
form = form_class(user=request.user)
return render_to_response(template_name, {'form': form},
context_instance=RequestContext(request))
else:
raise Http403
def delete(request, id, template_name="articles/delete.html"):
article = get_object_or_404(Article, pk=id)
if has_perm(request.user, 'articles.delete_article'):
if request.method == "POST":
messages.add_message(request, messages.SUCCESS, 'Successfully deleted %s' % article)
# send notification to administrators
recipients = get_notice_recipients('module', 'articles', 'articlerecipients')
if recipients:
if notification:
extra_context = {
'object': article,
'request': request,
}
notification.send_emails(recipients, 'article_deleted', extra_context)
article.delete()
return HttpResponseRedirect(reverse('article.search'))
return render_to_response(template_name, {'article': article},
context_instance=RequestContext(request))
else:
raise Http403
def search(request, template_name="articles/search.html"):
get = dict(request.GET)
query = get.pop('q', [])
get.pop('page', None) # pop page query string out; page ruins pagination
query_extra = ['%s:%s' % (k, v[0]) for k, v in get.items() if v[0].strip()]
query = ' '.join(query)
if query_extra:
query = '%s %s' % (query, ' '.join(query_extra))
if get_setting('site', 'global', 'searchindex') and query:
articles = Article.objects.search(query, user=request.user)
else:
filters = get_query_filters(request.user, 'articles.view_article')
articles = Article.objects.filter(filters).distinct()
if not request.user.is_anonymous():
articles = articles.select_related()
if not has_perm(request.user, 'articles.view_article'):
articles = articles.filter(release_dt__lte=datetime.now())
articles = articles.order_by('-release_dt')
EventLog.objects.log()
# Query list of category and subcategory for dropdown filters
category = request.GET.get('category')
try:
category = int(category)
except:
category = 0
categories, sub_categories = Article.objects.get_categories(category=category)
return render_to_response(template_name, {'articles': articles, 'categories': categories,
'sub_categories': sub_categories},
context_instance=RequestContext(request))
def add(request, form_class=LocationForm, template_name="locations/add.html"):
if has_perm(request.user,'locations.add_location'):
if request.method == "POST":
form = form_class(request.POST, request.FILES, user=request.user)
if form.is_valid():
location = form.save(commit=False)
# update all permissions and save the model
location = update_perms_and_save(request, form, location)
if 'photo_upload' in form.cleaned_data:
photo = form.cleaned_data['photo_upload']
if photo:
location.save(photo=photo)
messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % location)
return HttpResponseRedirect(reverse('location', args=[location.pk]))
else:
form = form_class(user=request.user)
return render_to_response(template_name, {'form':form},
context_instance=RequestContext(request))
else:
raise Http403
def single_setting(request, scope, scope_category, name, template_name="site_settings/list.html"):
if not has_perm(request.user, "site_settings.change_setting"):
raise Http403
settings = Setting.objects.filter(scope=scope, scope_category=scope_category, name=name).order_by("label")
if not settings:
raise Http404
if request.method == "POST":
form = build_settings_form(request.user, settings)(request.POST, request.FILES)
if form.is_valid():
# this save method is overriden in the forms.py
form.save()
try:
if form.cleaned_data["theme"]:
from django.core.management import call_command
call_command("hide_settings", "theme")
call_command("update_settings", "themes.%s" % form.cleaned_data["theme"].lstrip())
except:
pass
EventLog.objects.log()
messages.add_message(
request, messages.SUCCESS, "Successfully saved %s settings" % name.replace("_", " ").title()
)
redirect_to = request.REQUEST.get("next", "")
if redirect_to:
return HttpResponseRedirect(redirect_to)
else:
form = build_settings_form(request.user, settings)()
return render_to_response(template_name, {"form": form}, context_instance=RequestContext(request))
def delete(request, id, template_name="news/delete.html"):
news = get_object_or_404(News, pk=id)
# check permission
if not has_perm(request.user, 'news.delete_news'):
raise Http403
if request.method == "POST":
messages.add_message(request, messages.SUCCESS, 'Successfully deleted %s' % news)
# send notification to administrators
recipients = get_notice_recipients('module', 'news', 'newsrecipients')
if recipients:
if notification:
extra_context = {
'object': news,
'request': request,
}
notification.send_emails(recipients, 'news_deleted', extra_context)
news.delete()
return HttpResponseRedirect(reverse('news.search'))
return render_to_response(template_name, {'news': news},
context_instance=RequestContext(request))
def entries_export(request, id, include_files=False):
form_instance = get_object_or_404(Form, pk=id)
# check permission
if not has_perm(request.user,'forms.change_form',form_instance):
raise Http403
EventLog.objects.log(instance=form_instance)
entries = form_instance.entries.all()
if entries:
if not settings.CELERY_IS_ACTIVE:
task = FormEntriesExportTask()
response = task.run(form_instance, entries, include_files)
return response
else:
task = FormEntriesExportTask.delay(form_instance, entries, include_files)
task_id = task.task_id
return redirect('form_entries_export_status', task_id)
else:
# blank csv document
response = HttpResponse(mimetype='text/csv')
response['Content-Disposition'] = 'attachment; filename=export_entries_%d.csv' % time()
writer = csv.writer(response, delimiter=',')
return response
def edit(request, id, form_class=NewsForm, template_name="news/edit.html"):
news = get_object_or_404(News, pk=id)
# check permission
if not has_perm(request.user, 'news.change_news', news):
raise Http403
form = form_class(instance=news, user=request.user)
if request.method == "POST":
form = form_class(request.POST, request.FILES, instance=news, user=request.user)
if form.is_valid():
news = form.save(commit=False)
# update all permissions and save the model
news = update_perms_and_save(request, form, news)
# save photo
photo = form.cleaned_data['photo_upload']
if photo:
news.save(photo=photo)
assign_files_perms(news, files=[news.thumbnail])
messages.add_message(request, messages.SUCCESS, 'Successfully updated %s' % news)
return HttpResponseRedirect(reverse('news.detail', args=[news.slug]))
return render_to_response(template_name, {'news': news, 'form': form},
context_instance=RequestContext(request))
def delete(request, id, template_name="profiles/delete.html"):
user = get_object_or_404(User, pk=id)
try:
profile = Profile.objects.get(user=user)
except:
profile = None
if not has_perm(request.user,'profiles.delete_profile',profile): raise Http403
if request.method == "POST":
recipients = get_notice_recipients('module', 'users', 'userrecipients')
if recipients:
if notification:
extra_context = {
'profile': profile,
'request': request,
}
notification.send_emails(recipients,'user_deleted', extra_context)
#soft delete
#profile.delete()
#user.delete()
if profile:
profile.status_detail = 'inactive'
profile.save()
user.is_active = False
user.save()
return HttpResponseRedirect(reverse('profile.search'))
return render_to_response(template_name, {'user_this':user, 'profile': profile},
context_instance=RequestContext(request))
def edit_meta(request, id, form_class=MetaForm,
template_name="jobs/edit-meta.html"):
# check permission
job = get_object_or_404(Job, pk=id)
if not has_perm(request.user, 'jobs.change_job', job):
raise Http403
defaults = {
'title': job.get_title(),
'description': job.get_description(),
'keywords': job.get_keywords(),
'canonical_url': job.get_canonical_url(),
}
job.meta = MetaTags(**defaults)
if request.method == "POST":
form = form_class(request.POST, instance=job.meta)
if form.is_valid():
job.meta = form.save() # save meta
job.save() # save relationship
msg_string = 'Successfully updated meta for %s' % job
messages.add_message(request, messages.SUCCESS, _(msg_string))
return HttpResponseRedirect(reverse('job', args=[job.slug]))
else:
form = form_class(instance=job.meta)
return render_to_response(template_name, {'job': job, 'form': form},
context_instance=RequestContext(request))
def delete(request, id, template_name="jobs/delete.html"):
job = get_object_or_404(Job, pk=id)
if has_perm(request.user, 'jobs.delete_job', job):
if request.method == "POST":
msg_string = 'Successfully deleted %s' % job
messages.add_message(request, messages.SUCCESS, _(msg_string))
# send notification to administrators
recipients = get_notice_recipients(
'module', 'jobs', 'jobrecipients')
if recipients:
if notification:
extra_context = {
'object': job,
'request': request,
}
notification.send_emails(recipients,
'job_deleted', extra_context)
job.delete()
return HttpResponseRedirect(reverse('job.search'))
return render_to_response(template_name, {'job': job},
context_instance=RequestContext(request))
else:
raise Http403
def photoset_add(request, form_class=PhotoSetAddForm, template_name="photos/photo-set/add.html"):
""" Add a photo set """
# if no permission; permission exception
if not has_perm(request.user,'photos.add_photoset'):
raise Http403
if request.method == "POST":
if request.POST["action"] == "add":
form = form_class(request.POST, user=request.user)
if form.is_valid():
photo_set = form.save(commit=False)
photo_set.author = request.user
# update all permissions and save the model
photo_set = update_perms_and_save(request, form, photo_set)
messages.add_message(request, messages.SUCCESS, 'Successfully added photo set!')
return HttpResponseRedirect(reverse('photos_batch_add', kwargs={'photoset_id':photo_set.id}))
else:
form = form_class(user=request.user)
return render_to_response(template_name, {
"photoset_form": form,
}, context_instance=RequestContext(request))
def template_view(request, template_id, template_name="campaign_monitor/templates/view.html"):
template = get_object_or_404(Template, template_id=template_id)
if not has_perm(request.user, "campaign_monitor.view_template", template):
raise Http403
return render_to_response(template_name, {"template": template}, context_instance=RequestContext(request))
def detail(request, slug, template_name="studygroups/detail.html"):
study_group = get_object_or_404(StudyGroup, slug=slug)
if has_perm(request.user, 'studygroup.view_studygroup', study_group):
EventLog.objects.log(instance=study_group)
officers = study_group.officers()
#has_group_view_permission is True if there is at least one
#group where the user is a member that has a view_studygroup permission.
has_group_view_permission = False
#Check user for group view permissions
if request.user.is_authenticated():
groups = request.user.group_set.all()
perms = has_groups_perms(study_group).filter(group__in=groups)
for perm in perms:
#Check if permission has view studygroup permission
has_group_view_permission |= perm.codename == 'view_studygroup'
if has_group_view_permission:
break
filters = get_query_filters(request.user, 'files.view_file')
files = File.objects.filter(filters).filter(group=study_group.group).distinct()
return render_to_response(template_name,
{
'study_group': study_group,
'officers': officers,
'files': files,
'has_group_view_permission': has_group_view_permission,
},
context_instance=RequestContext(request))
else:
raise Http403
def group_members_export(request, group_slug, export_target='all'):
"""
Export members for a specific group
"""
group = get_object_or_404(Group, slug=group_slug)
# if they can edit it, they can export it
if not has_perm(request.user,'user_groups.change_group', group):
raise Http403
identifier = '%s_%s' % (int(ttime.time()), request.user.id)
file_dir = 'export/groups/'
temp_export_path = '%sgroup_%d_%s_%s_temp.csv' % (file_dir,
group.id,
export_target,
identifier)
default_storage.save(temp_export_path, ContentFile(''))
# start the process
subprocess.Popen(["python", "manage.py",
"group_members_export",
'--group_id=%d' % group.id,
'--export_target=%s' % export_target,
'--identifier=%s' % identifier,
'--user_id=%s' % request.user.id])
# log an event
EventLog.objects.log()
return redirect(reverse('group.members_export_status',
args=[group.slug, export_target, identifier]))
def delete(request, id, template_name="studygroups/delete.html"):
study_group = get_object_or_404(StudyGroup, pk=id)
if not has_perm(request.user, 'studygroup.delete_studygroup'):
raise Http403
if request.method == "POST":
EventLog.objects.log(instance=study_group)
messages.add_message(request, messages.SUCCESS, 'Successfully deleted %s' % study_group)
# send notification to administrators
recipients = get_notice_recipients('module', 'studygroups', 'studygrouprecipients')
if recipients:
if notification:
extra_context = {
'object': study_group,
'request': request,
}
notification.send_emails(recipients, 'studygroup_deleted', extra_context)
study_group.delete()
return HttpResponseRedirect(reverse('studygroups.search'))
return render_to_response(template_name, {'study_group': study_group},
context_instance=RequestContext(request))
def delete(request, id, template_name="pages/delete.html"):
page = get_object_or_404(Page, pk=id)
if not has_perm(request.user, 'pages.delete_page'):
raise Http403
if request.method == "POST":
EventLog.objects.log(instance=page)
messages.add_message(request, messages.SUCCESS,
_('Successfully deleted %(p)s' % { 'p': unicode(page)}))
# send notification to administrators
recipients = get_notice_recipients('module', 'pages', 'pagerecipients')
if recipients:
if notification:
extra_context = {
'object': page,
'request': request,
}
notification.send_emails(recipients, 'page_deleted', extra_context)
# Soft delete
page.status = False
page.status_detail = 'inactive'
page.save()
return HttpResponseRedirect(reverse('page.search'))
return render_to_response(template_name, {'page': page},
context_instance=RequestContext(request))
def campaign_index(request, template_name="campaign_monitor/campaigns/index.html"):
if not has_perm(request.user, "campaign_monitor.view_campaign"):
raise Http403
campaigns = Campaign.objects.all().order_by("name")
return render_to_response(template_name, {"campaigns": campaigns}, context_instance=RequestContext(request))
def edit_meta(request, id, form_class=MetaForm, template_name="pages/edit-meta.html"):
"""
Return page that allows you to edit meta-html information.
"""
# check permission
page = get_object_or_404(Page, pk=id)
if not has_perm(request.user, 'pages.change_page', page):
raise Http403
defaults = {
'title': page.get_title(),
'description': page.get_description(),
'keywords': page.get_keywords(),
'canonical_url': page.get_canonical_url(),
}
page.meta = MetaTags(**defaults)
if request.method == "POST":
form = form_class(request.POST, instance=page.meta)
if form.is_valid():
page.meta = form.save() # save meta
page.save() # save relationship
messages.add_message(request, messages.SUCCESS,
_('Successfully updated meta for %(p)s' % {'p': unicode(page)}))
return HttpResponseRedirect(reverse('page', args=[page.slug]))
else:
form = form_class(instance=page.meta)
return render_to_response(template_name, {'page': page, 'form': form},
context_instance=RequestContext(request))
def campaign_view(request, campaign_id, template_name="campaign_monitor/campaigns/view.html"):
campaign = get_object_or_404(Campaign, campaign_id=campaign_id)
if not has_perm(request.user, "campaign_monitor.view_campaign", campaign):
raise Http403
return render_to_response(template_name, {"campaign": campaign}, context_instance=RequestContext(request))
def edit_meta(request, id, form_class=MetaForm, template_name="studygroups/edit-meta.html"):
"""
Return study group that allows you to edit meta-html information.
"""
# check permission
study_group = get_object_or_404(StudyGroup, pk=id)
if not has_perm(request.user, 'studygroup.change_studygroup', study_group):
raise Http403
EventLog.objects.log(instance=study_group)
defaults = {
'title': study_group.get_title(),
'description': study_group.get_description(),
'keywords': study_group.get_keywords(),
'canonical_url': study_group.get_canonical_url(),
}
study_group.meta = MetaTags(**defaults)
if request.method == "POST":
form = form_class(request.POST, instance=study_group.meta)
if form.is_valid():
study_group.meta = form.save() # save meta
study_group.save() # save relationship
messages.add_message(request, messages.SUCCESS, 'Successfully updated meta for %s' % study_group)
return HttpResponseRedirect(reverse('studygroups.detail', args=[study_group.slug]))
else:
form = form_class(instance=study_group.meta)
return render_to_response(template_name, {'study_group': study_group, 'form': form},
context_instance=RequestContext(request))
def print_view(request, slug, template_name="pages/print-view.html"):
try:
page = get_object_or_404(Page, slug=slug)
except Page.MultipleObjectsReturned:
pages = Page.objects.filter(
slug=slug, status_detail='active'
).order_by('-pk')
if not pages:
pages = Page.objects.filter(slug=slug).order_by('-pk')
if not pages:
raise Http404
page = pages[0]
if not has_perm(request.user, 'pages.view_page', page):
raise Http403
EventLog.objects.log(instance=page)
return render_to_response(template_name, {'page': page},
context_instance=RequestContext(request))
def pricing_add(request, form_class=JobPricingForm,
template_name="jobs/pricing-add.html"):
if has_perm(request.user, 'jobs.add_jobpricing'):
if request.method == "POST":
form = form_class(request.POST)
if form.is_valid():
job_pricing = form.save(commit=False)
job_pricing.status = 1
job_pricing.save(request.user)
EventLog.objects.log(instance=job_pricing)
return HttpResponseRedirect(
reverse('job_pricing.view', args=[job_pricing.id]))
else:
form = form_class()
return render_to_response(template_name, {'form': form},
context_instance=RequestContext(request))
else:
raise Http403
def delete(request, id, template_name="files/delete.html"):
file = get_object_or_404(File, pk=id)
# check permission
if not has_perm(request.user, 'files.delete_file'):
raise Http403
if request.method == "POST":
# reassign owner to current user
file.owner = request.user
file.owner_username = request.user.username
file.save()
file.delete()
if 'ajax' in request.POST:
return HttpResponse('Ok')
else:
return HttpResponseRedirect(reverse('file.search'))
return render_to_response(template_name, {'file': file},
context_instance=RequestContext(request))
def add(request, form_class=NavForm, template_name="navs/add.html"):
if not has_perm(request.user, 'navs.add_nav'):
raise Http403
if request.method == "POST":
form = form_class(request.POST, user=request.user)
if form.is_valid():
nav = form.save(commit=False)
nav = update_perms_and_save(request, form, nav)
messages.add_message(request, messages.SUCCESS,
'Successfully added %s' % nav)
return redirect('navs.edit_items', id=nav.id)
else:
form = form_class(user=request.user)
return render_to_response(
template_name,
{'form': form},
context_instance=RequestContext(request),
)
def add(request, form_class=DiscountForm, template_name="discounts/add.html"):
if not has_perm(request.user, 'discounts.add_discount'):
raise Http403
if request.method == "POST":
form = form_class(request.POST, user=request.user)
if form.is_valid():
discount = form.save(commit=False)
discount = update_perms_and_save(request, form, discount)
form.save_m2m()
messages.add_message(request, messages.SUCCESS,
'Successfully added %s' % discount)
return redirect('discount.detail', id=discount.id)
else:
form = form_class(user=request.user)
return render_to_response(
template_name,
{'form': form},
context_instance=RequestContext(request),
)
def pricing_add(request,
form_class=DirectoryPricingForm,
template_name="directories/pricing-add.html"):
if has_perm(request.user, 'directories.add_directorypricing'):
if request.method == "POST":
form = form_class(request.POST, user=request.user)
if form.is_valid():
directory_pricing = form.save(commit=False)
directory_pricing.status = 1
directory_pricing.save(request.user)
return HttpResponseRedirect(
reverse('directory_pricing.view',
args=[directory_pricing.id]))
else:
form = form_class(user=request.user)
return render_to_response(template_name, {'form': form},
context_instance=RequestContext(request))
else:
raise Http403
def groupmembership_delete(request, group_slug, user_id, template_name="user_groups/member_delete.html"):
group = get_object_or_404(Group, slug=group_slug)
user = get_object_or_404(User, pk=user_id)
group_membership = get_object_or_404(GroupMembership, group=group, member=user)
if not has_perm(request.user,'user_groups.delete_groupmembership',group_membership):
raise Http403
if request.method == 'POST':
EventLog.objects.log(instance=group_membership)
group_membership.delete()
messages.add_message(
request,
messages.SUCCESS,
_('Successfully removed %(name)s from group %(grp)s' % {
'name':user.get_full_name(),
'grp': group})
)
return HttpResponseRedirect(group.get_absolute_url())
return render_to_response(template_name, locals(), context_instance=RequestContext(request))
def edit(request, id, form_class=StoryForm, template_name="stories/edit.html"):
story = get_object_or_404(Story, pk=id)
if has_perm(request.user, 'stories.change_story', story):
if request.method == "POST":
form = form_class(request.POST,
request.FILES,
instance=story,
user=request.user)
if form.is_valid():
story = form.save(commit=False)
# save photo
photo = form.cleaned_data['photo_upload']
if photo:
story.save(photo=photo)
story = update_perms_and_save(request, form, story)
messages.add_message(
request, messages.SUCCESS,
_('Successfully updated %(str)s' %
{'str': unicode(story)}))
redirect_to = request.REQUEST.get('next', '')
if redirect_to:
return HttpResponseRedirect(redirect_to)
else:
return redirect('story', id=story.pk)
else:
form = form_class(instance=story, user=request.user)
else:
raise Http403
return render_to_response(template_name, {
'story': story,
'form': form
},
context_instance=RequestContext(request))
def groupmembership_delete(request,
group_slug,
user_id,
template_name="user_groups/member_delete.html"):
group = get_object_or_404(Group, slug=group_slug)
user = get_object_or_404(User, pk=user_id)
group_membership = get_object_or_404(GroupMembership,
group=group,
member=user)
if not has_perm(request.user, 'user_groups.delete_groupmembership',
group_membership):
raise Http403
if request.method == 'POST':
log_defaults = {
'event_id':
223000,
'event_data':
'%s (%d) deleted by %s' % (group_membership._meta.object_name,
group_membership.pk, request.user),
'description':
'%s deleted' % group_membership._meta.object_name,
'user':
request.user,
'request':
request,
'instance':
group_membership,
}
EventLog.objects.log(**log_defaults)
group_membership.delete()
messages.add_message(
request, messages.SUCCESS,
'Successfully removed %s from group %s' %
(user.get_full_name(), group))
return HttpResponseRedirect(group.get_absolute_url())
return render_to_response(template_name,
locals(),
context_instance=RequestContext(request))
def edit(request,
id=None,
form_class=HelpFileForm,
template_name="help_files/edit.html"):
help_file = get_object_or_404(HelpFile, pk=id)
if has_perm(request.user, 'help_files.change_helpfile', help_file):
if request.method == "POST":
form = form_class(request.POST,
instance=help_file,
user=request.user)
if form.is_valid():
help_file = form.save(commit=False)
# add all permissions and save the model
help_file = update_perms_and_save(request, form, help_file)
form.save_m2m()
msg_string = 'Successfully edited %s' % help_file
messages.add_message(request, messages.SUCCESS, _(msg_string))
# send notification to administrator(s) and module recipient(s)
recipients = get_notice_recipients('module', 'help_files',
'helpfilerecipients')
# if recipients and notification:
# notification.send_emails(recipients,'help_file_added', {
# 'object': help_file,
# 'request': request,
# })
return HttpResponseRedirect(
reverse('help_file.details', args=[help_file.slug]))
else:
form = form_class(instance=help_file, user=request.user)
return render_to_response(template_name, {
'help_file': help_file,
'form': form
},
context_instance=RequestContext(request))
else:
raise Http403
def photo_size(request, id, size, crop=False, quality=90, download=False):
"""
Renders image and returns response
Does not use template
Saves resized image within cache system
Returns 404 if if image rendering fails
"""
if isinstance(quality, unicode) and quality.isdigit():
quality = int(quality)
photo = get_object_or_404(Image, id=id)
size = [int(s) for s in size.split('x')]
# check permissions
if not has_perm(request.user, 'photos.view_image', photo):
raise Http403
attachment = ''
if download:
attachment = 'attachment;'
# gets resized image from cache or rebuild
image = get_image(photo.image,
size,
PHOTO_PRE_KEY,
crop=crop,
quality=quality,
unique_key=str(photo.pk))
# if image not rendered; quit
if not image:
raise Http404
response = HttpResponse(mimetype='image/jpeg')
response['Content-Disposition'] = '%s filename=%s' % (
attachment, photo.image.file.name)
image.save(response, "JPEG", quality=quality)
return response
def group_delete(request, id, template_name="user_groups/delete.html"):
group = get_object_or_404(Group, pk=id)
if not has_perm(request.user,'user_groups.delete_group',group): raise Http403
if request.method == "POST":
# send notification to administrators
recipients = get_notice_recipients('module', 'groups', 'grouprecipients')
if recipients:
if notification:
extra_context = {
'object': group,
'request': request,
}
notification.send_emails(recipients,'group_deleted', extra_context)
EventLog.objects.log(instance=group)
group.delete()
return HttpResponseRedirect(reverse('group.search'))
(deleted_objects, perms_needed, protected) = get_deleted_objects(
group, request.user)
object_name = group.label or group.name
if perms_needed or protected:
title = _("Cannot delete %(name)s") % {"name": object_name}
else:
title = _("Are you sure?")
return render_to_response(template_name,
{'group':group,
"title": title,
"object_name": object_name,
"deleted_objects": deleted_objects,
"perms_lacking": perms_needed,
"protected": protected,
"opts": group._meta,
},
context_instance=RequestContext(request))
def add(request, form_class=LocationForm, template_name="locations/add.html"):
if has_perm(request.user, 'locations.add_location'):
if request.method == "POST":
form = form_class(request.POST, user=request.user)
if form.is_valid():
location = form.save(commit=False)
# update all permissions and save the model
location = update_perms_and_save(request, form, location)
messages.add_message(request, messages.SUCCESS,
'Successfully added %s' % location)
return HttpResponseRedirect(
reverse('location', args=[location.pk]))
else:
form = form_class(user=request.user)
return render_to_response(template_name, {'form': form},
context_instance=RequestContext(request))
else:
raise Http403
def edit_meta(request,
id,
form_class=MetaForm,
template_name="pages/edit-meta.html"):
"""
Return page that allows you to edit meta-html information.
"""
# check permission
page = get_object_or_404(Page, pk=id)
if not has_perm(request.user, 'pages.change_page', page):
raise Http403
defaults = {
'title': page.get_title(),
'description': page.get_description(),
'keywords': page.get_keywords(),
'canonical_url': page.get_canonical_url(),
}
page.meta = MetaTags(**defaults)
if request.method == "POST":
form = form_class(request.POST, instance=page.meta)
if form.is_valid():
page.meta = form.save() # save meta
page.save() # save relationship
messages.add_message(
request, messages.SUCCESS,
_('Successfully updated meta for %(p)s' % {'p': page}))
return HttpResponseRedirect(reverse('page', args=[page.slug]))
else:
form = form_class(instance=page.meta)
return render_to_response(template_name, {
'page': page,
'form': form
},
context_instance=RequestContext(request))
def edit(request, id, form_class=NavForm, template_name="navs/edit.html"):
nav = get_object_or_404(Nav, id=id)
if not has_perm(request.user, 'navs.change_nav', nav):
raise Http403
if request.method == "POST":
form = form_class(request.POST, instance=nav, user=request.user)
if form.is_valid():
nav = form.save(commit=False)
nav = update_perms_and_save(request, form, nav)
cache_nav(nav)
messages.add_message(request, messages.SUCCESS, 'Successfully updated %s' % nav)
return redirect('navs.edit_items', id=nav.id)
else:
form = form_class(user=request.user, instance=nav)
return render_to_response(
template_name,
{'form':form, 'current_nav':nav},
context_instance=RequestContext(request),
)
def pricing_delete(request,
id,
template_name="directories/pricing-delete.html"):
directory_pricing = get_object_or_404(DirectoryPricing, pk=id)
if not has_perm(request.user, 'directories.delete_directorypricing'):
raise Http403
if request.method == "POST":
messages.add_message(request, messages.SUCCESS,
'Successfully deleted %s' % directory_pricing)
#directory_pricing.delete()
# soft delete
directory_pricing.status = False
directory_pricing.save()
return HttpResponseRedirect(reverse('directory_pricing.search'))
return render_to_response(template_name,
{'directory_pricing': directory_pricing},
context_instance=RequestContext(request))
def photoset_edit(request, id, form_class=PhotoSetEditForm, template_name="photos/photo-set/edit.html"):
from tendenci.core.perms.object_perms import ObjectPermission
photo_set = get_object_or_404(PhotoSet, id=id)
# if no permission; permission exception
if not has_perm(request.user,'photos.change_photoset',photo_set):
raise Http403
if request.method == "POST":
if request.POST["action"] == "edit":
form = form_class(request.POST, instance=photo_set, user=request.user)
if form.is_valid():
photo_set = form.save(commit=False)
# update all permissions and save the model
photo_set = update_perms_and_save(request, form, photo_set)
# copy all privacy settings from photo set to photos
Image.objects.filter(photoset=photo_set).update(**get_privacy_settings(photo_set))
# photo set group permissions
group_perms = photo_set.perms.filter(group__isnull=False).values_list('group','codename')
group_perms = tuple([(unicode(g), c.split('_')[0]) for g, c in group_perms ])
photos = Image.objects.filter(photoset=photo_set)
for photo in photos:
ObjectPermission.objects.remove_all(photo)
ObjectPermission.objects.assign_group(group_perms, photo)
messages.add_message(request, messages.SUCCESS, _("Successfully updated photo set! "))
return HttpResponseRedirect(reverse('photoset_details', args=[photo_set.id]))
else:
form = form_class(instance=photo_set, user=request.user)
return render_to_response(template_name, {
'photo_set': photo_set,
"photoset_form": form,
}, context_instance=RequestContext(request))
def search(request, template_name="articles/search.html"):
get = dict(request.GET)
query = get.pop('q', [])
get.pop('page', None) # pop page query string out; page ruins pagination
query_extra = ['%s:%s' % (k, v[0]) for k, v in get.items() if v[0].strip()]
query = ' '.join(query)
if query_extra:
query = '%s %s' % (query, ' '.join(query_extra))
if get_setting('site', 'global', 'searchindex') and query:
articles = Article.objects.search(query, user=request.user)
else:
filters = get_query_filters(request.user, 'articles.view_article')
articles = Article.objects.filter(filters).distinct()
if not request.user.is_anonymous():
articles = articles.select_related()
if not has_perm(request.user, 'articles.view_article'):
articles = articles.filter(release_dt__lte=datetime.now())
articles = articles.order_by('-release_dt')
EventLog.objects.log()
# Query list of category and subcategory for dropdown filters
category = request.GET.get('category')
try:
category = int(category)
except:
category = 0
categories, sub_categories = Article.objects.get_categories(
category=category)
return render_to_response(template_name, {
'articles': articles,
'categories': categories,
'sub_categories': sub_categories
},
context_instance=RequestContext(request))
def edit(request, id, form_class=DirectoryForm, template_name="directories/edit.html"):
directory = get_object_or_404(Directory, pk=id)
if not has_perm(request.user,'directories.change_directory', directory):
raise Http403
form = form_class(request.POST or None, request.FILES or None,
instance=directory,
user=request.user)
del form.fields['payment_method']
if not request.user.profile.is_superuser:
del form.fields['pricing']
del form.fields['list_type']
if request.method == "POST":
if form.is_valid():
directory = form.save(commit=False)
if directory.logo:
try:
directory.logo.file.seek(0)
except IOError:
directory.logo = None
# update all permissions and save the model
directory = update_perms_and_save(request, form, directory)
messages.add_message(request, messages.SUCCESS, 'Successfully updated %s' % directory)
return HttpResponseRedirect(reverse('directory', args=[directory.slug]))
else:
form = form_class(instance=directory, user=request.user)
return render_to_response(template_name, {'directory': directory, 'form':form},
context_instance=RequestContext(request))
return render_to_response(template_name, {'directory': directory, 'form':form},
context_instance=RequestContext(request))
def edit(request,
id,
form_class=LocationForm,
template_name="locations/edit.html"):
location = get_object_or_404(Location, pk=id)
if has_perm(request.user, 'locations.change_location', location):
if request.method == "POST":
form = form_class(request.POST,
request.FILES,
instance=location,
user=request.user)
if form.is_valid():
location = form.save(commit=False)
# update all permissions and save the model
location = update_perms_and_save(request, form, location)
if 'photo_upload' in form.cleaned_data:
photo = form.cleaned_data['photo_upload']
if photo:
location.save(photo=photo)
messages.add_message(request, messages.SUCCESS,
'Successfully updated %s' % location)
return HttpResponseRedirect(
reverse('location', args=[location.pk]))
else:
form = form_class(instance=location, user=request.user)
return render_to_response(template_name, {
'location': location,
'form': form
},
context_instance=RequestContext(request))
else:
raise Http403
def add(request, form_class=NewsForm, template_name="news/add.html"):
# check permission
if not has_perm(request.user, 'news.add_news'):
raise Http403
if request.method == "POST":
form = form_class(request.POST, request.FILES, user=request.user)
if form.is_valid():
news = form.save(commit=False)
# update all permissions and save the model
news = update_perms_and_save(request, form, news)
# save photo
photo = form.cleaned_data['photo_upload']
if photo:
news.save(photo=photo)
assign_files_perms(news, files=[news.thumbnail])
msg_string = 'Successfully added %s' % news
messages.add_message(request, messages.SUCCESS, _(msg_string))
# send notification to administrators
recipients = get_notice_recipients('module', 'news', 'newsrecipients')
if recipients:
if notification:
extra_context = {
'object': news,
'request': request,
}
notification.send_emails(recipients, 'news_added', extra_context)
return HttpResponseRedirect(reverse('news.detail', args=[news.slug]))
else:
form = form_class(user=request.user)
return render_to_response(template_name, {'form': form},
context_instance=RequestContext(request))
def add(request, form_class=StoryForm, template_name="stories/add.html"):
if has_perm(request.user, 'stories.add_story'):
if request.method == "POST":
form = form_class(request.POST, request.FILES, user=request.user)
if form.is_valid():
story = form.save(commit=False)
story = update_perms_and_save(request, form, story)
# save photo
photo = form.cleaned_data['photo_upload']
if photo:
story.save(photo=photo)
assign_files_perms(story, files=[story.image])
if 'rotator' in story.tags:
checklist_update('add-story')
messages.add_message(
request, messages.SUCCESS,
_('Successfully added %(str)s' % {'str': unicode(story)}))
return HttpResponseRedirect(reverse('story', args=[story.pk]))
else:
from pprint import pprint
pprint(form.errors.items())
else:
form = form_class(user=request.user)
tags = request.GET.get('tags', '')
if tags:
form.fields['tags'].initial = tags
else:
raise Http403
return render_to_response(template_name, {'form': form},
context_instance=RequestContext(request))
def edit(request, id, form_class=FormForm, template_name="forms/edit.html"):
form_instance = get_object_or_404(Form, pk=id)
if not has_perm(request.user,'forms.change_form',form_instance):
raise Http403
PricingFormSet = inlineformset_factory(Form, Pricing, form=PricingForm, extra=2)
if request.method == "POST":
form = form_class(request.POST, instance=form_instance, user=request.user)
if form_instance.recurring_payment:
formset = RecurringPaymentFormSet(request.POST, instance=form_instance)
else:
formset = PricingFormSet(request.POST, instance=form_instance)
if form.is_valid() and formset.is_valid():
form_instance = form.save(commit=False)
form_instance = update_perms_and_save(request, form, form_instance)
form.save_m2m() # save payment methods
formset.save() # save price options
# remove all pricings if no custom_payment form
if not form.cleaned_data['custom_payment']:
form_instance.pricing_set.all().delete()
messages.add_message(request, messages.SUCCESS, 'Successfully edited %s' % form_instance)
return HttpResponseRedirect(reverse('form_field_update', args=[form_instance.pk]))
else:
form = form_class(instance=form_instance, user=request.user)
if form_instance.recurring_payment:
formset = RecurringPaymentFormSet(instance=form_instance)
else:
formset = PricingFormSet(instance=form_instance)
return render_to_response(template_name, {
'form':form,
'formset':formset,
'form_instance':form_instance,
},context_instance=RequestContext(request))
def generate(request):
"""
Newsletter generator form
"""
if not has_perm(request.user, 'newsletters.add_newsletter'):
raise Http403
if request.method == 'POST':
form = GenerateForm(request.POST)
if form.is_valid():
template = form.cleaned_data['template']
html_url = [
reverse('newsletter.template_render',
args=[template.template_id]),
u'?jump_links=%s' % form.cleaned_data.get('jump_links'),
'&events=%s' % form.cleaned_data.get('events'),
'&events_type=%s' % form.cleaned_data.get('events_type'),
'&event_start_dt=%s' %
form.cleaned_data.get('event_start_dt', u''),
'&event_end_dt=%s' %
form.cleaned_data.get('event_end_dt', u''),
'&articles=%s' % form.cleaned_data.get('articles', u''),
'&articles_days=%s' %
form.cleaned_data.get('articles_days', u''),
'&news=%s' % form.cleaned_data.get('news', u''),
'&news_days=%s' % form.cleaned_data.get('news_days', u''),
'&jobs=%s' % form.cleaned_data.get('jobs', u''),
'&jobs_days=%s' % form.cleaned_data.get('jobs_days', u''),
'&pages=%s' % form.cleaned_data.get('pages', u''),
'&pages_days=%s' % form.cleaned_data.get('pages_days', u''),
]
return redirect(''.join(html_url))
form = GenerateForm()
return render(request, 'newsletters/generate.html', {'form': form})
def add(request, form_class=FormForm, template_name="forms/add.html"):
if not has_perm(request.user, 'forms.add_form'):
raise Http403
PricingFormSet = inlineformset_factory(Form,
Pricing,
form=PricingForm,
extra=2,
can_delete=False)
formset = PricingFormSet()
if request.method == "POST":
form = form_class(request.POST, user=request.user)
if form.is_valid():
form_instance = form.save(commit=False)
# save form and associated pricings
form_instance = update_perms_and_save(request, form, form_instance)
formset = PricingFormSet(request.POST, instance=form_instance)
if formset.is_valid():
# update_perms_and_save does not appear to consider ManyToManyFields
for method in form.cleaned_data['payment_methods']:
form_instance.payment_methods.add(method)
formset.save()
messages.add_message(
request, messages.SUCCESS,
_('Successfully added %(f)s' % {'f': form_instance}))
return HttpResponseRedirect(
reverse('form_field_update', args=[form_instance.pk]))
else:
form = form_class(user=request.user)
return render_to_response(template_name, {
'form': form,
'formset': formset,
},
context_instance=RequestContext(request))
def approve(self, request, pk):
"""
Approve membership and redirect to
membershipdefault change page.
"""
if not has_perm(request.user, 'memberships.approve_membershipdefault'):
raise Http403
m = get_object_or_404(MembershipDefault, pk=pk)
m.approve(request_user=request.user)
m.send_email(request, 'approve')
if m.corporate_membership_id:
# notify corp reps
m.email_corp_reps(request)
messages.add_message(request, messages.SUCCESS,
_('Successfully Approved'))
return redirect(
reverse(
'admin:memberships_membershipdefault_change',
args=[pk],
))
def pricing_add(request, form_class=DirectoryPricingForm, template_name="directories/pricing-add.html"):
if has_perm(request.user,'directories.add_directorypricing'):
if request.method == "POST":
form = form_class(request.POST, user=request.user)
if form.is_valid():
directory_pricing = form.save(commit=False)
directory_pricing.status = 1
directory_pricing.save(request.user)
if "_popup" in request.REQUEST:
return HttpResponse('<script type="text/javascript">opener.dismissAddAnotherPopup(window, "%s", "%s");</script>' % (escape(directory_pricing.pk), escape(directory_pricing)))
return HttpResponseRedirect(reverse('directory_pricing.view', args=[directory_pricing.id]))
else:
form = form_class(user=request.user)
if "_popup" in request.REQUEST:
template_name="directories/pricing-add-popup.html"
return render_to_response(template_name, {'form':form},
context_instance=RequestContext(request))
else:
raise Http403
def group_delete(request, id, template_name="user_groups/delete.html"):
group = get_object_or_404(Group, pk=id)
if not has_perm(request.user,'user_groups.delete_group',group): raise Http403
if request.method == "POST":
# send notification to administrators
recipients = get_notice_recipients('module', 'groups', 'grouprecipients')
if recipients:
if notification:
extra_context = {
'object': group,
'request': request,
}
notification.send_emails(recipients,'group_deleted', extra_context)
EventLog.objects.log(instance=group)
group.delete()
return HttpResponseRedirect(reverse('group.search'))
return render_to_response(template_name, {'group':group},
context_instance=RequestContext(request))
def pricing_edit(request, id, form_class=JobPricingForm,
template_name="jobs/pricing-edit.html"):
job_pricing = get_object_or_404(JobPricing, pk=id)
if not has_perm(request.user, 'jobs.change_jobpricing', job_pricing):
Http403
if request.method == "POST":
form = form_class(request.POST, instance=job_pricing)
if form.is_valid():
job_pricing = form.save(commit=False)
job_pricing.save(request.user)
EventLog.objects.log(instance=job_pricing)
return HttpResponseRedirect(reverse(
'job_pricing.view',
args=[job_pricing.id])
)
else:
form = form_class(instance=job_pricing)
return render_to_response(template_name, {'form': form},
context_instance=RequestContext(request))
def add(request, form_class=EntityForm, template_name="entities/add.html"):
if has_perm(request.user, 'entities.add_entity'):
if request.method == "POST":
form = form_class(request.POST, user=request.user)
if form.is_valid():
entity = form.save(commit=False)
# update all permissions and save the model
entity = update_perms_and_save(request, form, entity)
messages.add_message(
request, messages.SUCCESS,
_('Successfully added %(e)s' % {'e': entity}))
return HttpResponseRedirect(reverse('entity',
args=[entity.pk]))
else:
form = form_class(user=request.user)
return render_to_response(template_name, {'form': form},
context_instance=RequestContext(request))
else:
raise Http403