def _wrapped_view(request, event_id, *args, **kwargs): event = get_object_or_404(Event, id=event_id) if not request.user.has_perm("events.view_any_event") and not event.is_guest(request) and event.is_private: # if the user does not have view_any privledges, is not already a guest or is # and the event is private, ensure they have a valid token token = kwargs.get("token", request.POST.get("token", None)) if not token: return forbidden(request, "You need an invitation for this event") if not event.is_token_valid(token): return forbidden(request, "Invitation code is not valid for this event") return view_func(request, event_id, *args, **kwargs)
def _wrapped_view(request, event_id, *args, **kwargs): event = get_object_or_404(Event, id=event_id) if not request.user.has_perm( "events.view_any_event") and not event.is_guest( request) and event.is_private: # if the user does not have view_any privledges, is not already a guest or is # and the event is private, ensure they have a valid token token = kwargs.get("token", request.POST.get("token", None)) if not token: return forbidden(request, "You need an invitation for this event") if not event.is_token_valid(token): return forbidden( request, "Invitation code is not valid for this event") return view_func(request, event_id, *args, **kwargs)
def lambda_handler(event, context): if 'httpMethod' not in event: return bad_request('Not an HTTP invokation') # if it is an HTTP invokation, validate the token email = get_cognito_email(event) print(email) user_id = get_user_id_by_email(email) print(user_id) if not user_id: return forbidden() # for get or patch method, queryString should be sent with the permission type query_string = event['queryStringParameters'] if event[ 'queryStringParameters'] else None if not query_string: return bad_request( {'message': 'The event does not contain queryStringParameters'}) if event['httpMethod'] == 'GET': return get_settings_from_event(query_string, user_id) elif event['httpMethod'] == 'PATCH': return patch_settings_from_event(event=event, query_string=query_string, user_id=user_id, email=email) return bad_request({'message': 'Bad request'})
def lambda_handler(event, context): body = event["body"] if event["body"] else None if not body: return bad_request( {'message': 'Event request does not contain body object'}) if 'action' not in body: return bad_request({'message': 'Body does not contain \'action\' key'}) if body["action"] not in ALLOWED_ACTIONS: return bad_request({ 'message': 'Body does not contain a valid action. Valid actions are: ' + ','.join(ALLOWED_ACTIONS) }) if body["action"] == 'check-user-permissions': if ACL_MANAGEMENT_VALIDATOR.validate(body): # get the permission of the user user_permission = get_permissions_by_user_id(body["user_id"]) if body["permission"] in user_permission: return ok({'authorized': 'True'}) else: # else, return bad request return forbidden() else: return bad_request(ACL_MANAGEMENT_VALIDATOR.errors)
def group_association_request(request, group_id, object_id, action, content_type): group = get_object_or_404(Group, id=group_id, is_geo_group=False) model_type = get_model(*content_type.split(".")) content_type = ContentType.objects.get_for_model(model_type) content_object = get_object_or_404(model_type, id=object_id) if not group.is_user_manager(request.user): return forbidden(request) try: association_request = GroupAssociationRequest.objects.get( content_type=content_type, object_id=object_id, group=group) except GroupAssociationRequest.DoesNotExist: association_request = None if association_request: if action == "approve": content_object.groups.add(group) association_request.approved = True association_request.save() messages.success(request, _("Your community has been linked with %(object)s") % { 'object': content_object}) elif action == "deny": association_request.delete() messages.success(request, _("Your community will not be linked with %(object)s") % { 'object': content_object}) elif content_object.groups.filter(id=group_id).exists(): print "Already" messages.info(request, _("%(object)s has already been linked with your community") % { 'object': content_object}) else: print "Never" messages.info(request, _("%(object)s has not been linked with your community") % { 'object': content_object}) return redirect("group_detail", group_slug=group.slug)
def group_edit(request, group_slug): nav_selected = "communities" group = get_object_or_404(Group, slug=group_slug, is_geo_group=False) if not group.is_user_manager(request.user): return forbidden(request) if group.is_external_link_only: return _group_external_link_only_edit(request, group) external_group = False if request.method == "POST": if "change_group" in request.POST: group_form = GroupForm(request.POST, request.FILES, instance=group) if group_form.is_valid(): group = group_form.save() messages.success(request, _("%(group)s has been updated.") % {'group': group}) return redirect("group_edit", group_slug=group.slug) else: membership_form = MembershipForm(group=group) discussions_form = DiscussionSettingsForm(instance=group) if "discussion_settings" in request.POST: discussions_form = DiscussionSettingsForm(request.POST, instance=group) if discussions_form.is_valid(): group = discussions_form.save() messages.success(request, _("%(group)s has been updated.") % {'group': group}) return redirect("group_edit", group_slug=group.slug) else: membership_form = MembershipForm(group=group) group_form = GroupForm(instance=group) elif "delete_group" in request.POST: group.delete() messages.success(request, _("%(group)s has been deleted.") % {'group': group}) return redirect("group_list") elif "change_membership" in request.POST: membership_form = MembershipForm(group=group, data=request.POST) if membership_form.is_valid(): membership_form.save() if group.is_user_manager(request.user): messages.success(request, _("%(group)s's memberships have been updated.") % { 'group': group}) return render_to_response("groups/group_edit.html", locals(), context_instance=RequestContext(request)) else: messages.success(request, _("You no longer have permissions to edit %(group)s") % { 'group': group}) return redirect("group_detail", group_slug=group.slug) else: group_form = GroupForm(instance=group) discussions_form = DiscussionSettingsForm(instance=group) else: messages.error(request, _("No action specified.")) else: group_form = GroupForm(instance=group) membership_form = MembershipForm(group=group) discussions_form = DiscussionSettingsForm(instance=group) site = Site.objects.get_current() requesters = group.requesters_to_grant_or_deny(request.user) return render_to_response("groups/group_edit.html", locals(), context_instance=RequestContext(request))
def group_membership_request(request, group_id, user_id, action): group = get_object_or_404(Group, id=group_id, is_geo_group=False) user = get_object_or_404(User, id=user_id) if not group.is_user_manager(request.user): return forbidden(request) try: membership_request = MembershipRequests.objects.get(group=group, user=user) except MembershipRequests.DoesNotExist: membership_request = None if membership_request: if action == "approve": GroupUsers.objects.create(group=group, user=user, is_manager=False) Stream.objects.get(slug="community-membership-approved").enqueue( content_object=membership_request, start=datetime.now()) membership_request.delete() messages.success( request, "%s has been added to the community" % user.get_full_name()) elif action == "deny": Stream.objects.get(slug="community-membership-denied").enqueue( content_object=membership_request, start=datetime.now()) membership_request.delete() messages.success( request, "%s has been denied access to the community" % user.get_full_name()) elif GroupUsers.objects.filter(group=group, user=user).exists(): messages.info( request, "%s has already been added to this community" % user.get_full_name()) else: messages.info( request, "%s has already been denied access to this community" % user.get_full_name()) return redirect("group_detail", group_slug=group.slug)
def group_disc_create(request, group_slug): group = Group.objects.get(slug=group_slug) if not group.is_poster(request.user): return forbidden(request) if request.method == "POST": disc_form = DiscussionCreateForm(request.POST) if disc_form.is_valid(): group = Group.objects.get(slug=group_slug) disc = Discussion.objects.create( subject=disc_form.cleaned_data['subject'], body=disc_form.cleaned_data['body'], parent_id=disc_form.cleaned_data['parent_id'], user=request.user, group=group, is_public=not group.moderate_disc(request.user), reply_count=None if disc_form.cleaned_data['parent_id'] else 0) messages.success(request, "Discussion posted") return_to = disc_form.cleaned_data[ 'parent_id'] if disc_form.cleaned_data['parent_id'] else disc.id return redirect("group_disc_detail", group_slug=group.slug, disc_id=return_to) else: disc_form = DiscussionCreateForm() return render_to_response("groups/group_disc_create.html", locals(), context_instance=RequestContext(request))
def group_event_request(request, group_id, event_id, action): group = get_object_or_404(Group, id=group_id, is_geo_group=False) event = get_object_or_404(Event, id=event_id) if not group.is_user_manager(request.user): return forbidden(request) try: event_request = GroupAssociationRequest.objects.get(event=event, group=group) except GroupAssociationRequest.DoesNotExist: event_request = None if event_request: if action == "approve": event.groups.add(group) event_request.approved = True event_request.save() messages.success(request, "Your community has been linked with %s" % event) elif action == "deny": event_request.delete() messages.success( request, "Your community will not be linked with %s" % event) elif group.event_set.filter(event=event).exists(): messages.info(request, "%s has already been linked with your community" % event) else: messages.info(request, "%s has not been linked with your community" % event) return redirect("group_detail", group_slug=group.slug)
def group_disc_create(request, group_slug): group = Group.objects.get(slug=group_slug) if not group.is_poster(request.user): return forbidden(request) if request.method == "POST": disc_form = DiscussionCreateForm(request.POST) if disc_form.is_valid(): group = Group.objects.get(slug=group_slug) disc = Discussion.objects.create( subject=disc_form.cleaned_data['subject'], body=disc_form.cleaned_data['body'], parent_id=disc_form.cleaned_data['parent_id'], user=request.user, group=group, is_public=not group.moderate_disc(request.user), reply_count=None if disc_form.cleaned_data['parent_id'] else 0 ) messages.success(request, _("Discussion posted")) return_to = (disc_form.cleaned_data['parent_id'] if disc_form.cleaned_data['parent_id'] else disc.id) return redirect("group_disc_detail", group_slug=group.slug, disc_id=return_to) else: disc_form = DiscussionCreateForm() return render_to_response("groups/group_disc_create.html", locals(), context_instance=RequestContext(request))
def challenges_disc_create(request, challenge_id): nav_selected = "challenges" challenge = get_object_or_404(Challenge, id=challenge_id) if not challenge.has_manager_privileges(request.user): return forbidden(request, _('You do not have permissions')) from groups.forms import DiscussionCreateForm from discussions.models import Discussion if request.method == "POST": disc_form = DiscussionCreateForm(request.POST) if disc_form.is_valid(): disc = Discussion.objects.create( subject=disc_form.cleaned_data['subject'], body=disc_form.cleaned_data['body'], parent_id=None, user=request.user, content_object=challenge, reply_count=0, is_public=False, disallow_replies=True) messages.success(request, "Your message has been sent to the campaign's supporters.") return redirect(challenge) else: disc_form = DiscussionCreateForm() return render_to_response("challenges/challenge_disc_create.html", locals(), context_instance=RequestContext(request))
def group_membership_request(request, group_id, user_id, action): group = get_object_or_404(Group, id=group_id, is_geo_group=False) user = get_object_or_404(User, id=user_id) if not group.is_user_manager(request.user): return forbidden(request) try: membership_request = MembershipRequests.objects.get(group=group, user=user) except MembershipRequests.DoesNotExist: membership_request = None if membership_request: if action == "approve": GroupUsers.objects.create(group=group, user=user, is_manager=False) Stream.objects.get(slug="community-membership-approved").enqueue( content_object=membership_request, start=datetime.now()) membership_request.delete() messages.success(request, _("%(user)s has been added to the community") % { 'user': user.get_full_name()}) elif action == "deny": Stream.objects.get(slug="community-membership-denied").enqueue( content_object=membership_request, start=datetime.now()) membership_request.delete() messages.success(request, _("%(user)s has been denied access to the community") % { 'user': user.get_full_name()}) elif GroupUsers.objects.filter(group=group, user=user).exists(): messages.info(request, _("%(user)s has already been added to this community") % { 'user': user.get_full_name()}) else: messages.info(request, _("%(user)s has already been denied access to this community") % { 'user': user.get_full_name()}) return redirect("group_detail", group_slug=group.slug)
def group_edit(request, group_slug): nav_selected = "communities" group = get_object_or_404(Group, slug=group_slug, is_geo_group=False) if not group.is_user_manager(request.user): return forbidden(request) if request.method == "POST": if "change_group" in request.POST: group_form = GroupForm(request.POST, request.FILES, instance=group) if group_form.is_valid(): group = group_form.save() messages.success(request, "%s has been updated." % group) return redirect("group_edit", group_slug=group.slug) else: membership_form = MembershipForm(group=group) discussions_form = DiscussionSettingsForm(instance=group) if "discussion_settings" in request.POST: discussions_form = DiscussionSettingsForm(request.POST, instance=group) if discussions_form.is_valid(): group = discussions_form.save() messages.success(request, "%s has been updated." % group) return redirect("group_edit", group_slug=group.slug) else: membership_form = MembershipForm(group=group) group_form = GroupForm(instance=group) elif "delete_group" in request.POST: group.delete() messages.success(request, "%s has been deleted." % group) return redirect("group_list") elif "change_membership" in request.POST: membership_form = MembershipForm(group=group, data=request.POST) if membership_form.is_valid(): membership_form.save() if group.is_user_manager(request.user): messages.success( request, "%s's memberships have been updated." % group) return render_to_response( "groups/group_edit.html", locals(), context_instance=RequestContext(request)) else: messages.success( request, "You no longer have permissions to edit %s" % group) return redirect("group_detail", group_slug=group.slug) else: group_form = GroupForm(instance=group) discussions_form = DiscussionSettingsForm(instance=group) else: messages.error(request, "No action specified.") else: group_form = GroupForm(instance=group) membership_form = MembershipForm(group=group) discussions_form = DiscussionSettingsForm(instance=group) site = Site.objects.get_current() requesters = group.requesters_to_grant_or_deny(request.user) return render_to_response("groups/group_edit.html", locals(), context_instance=RequestContext(request))
def card(request, contrib_id=None, form_name=None): # Get the contributor object if specified if not contrib_id: contributor = Contributor() else: contributor = get_object_or_404(Contributor, pk=contrib_id) # Make sure the logged in user has access to view the card. User must have entered a survey for this # contributor, or else have the edit_any_contributor permission if ContributorSurvey.objects.filter(entered_by=request.user, contributor=contributor).exists() == False \ and request.user.has_perm("contributor.edit_any_contributor") == False: return forbidden(request, "You don't have permission to edit this contributor.") contrib_form = ContributorForm((request.POST or None), instance=contributor) # If a survey_form was specified, use that, otherwise use a default form_name = request.GET.get("form_name", str(form_name)) try: survey_form = getattr(survey_forms, form_name)(contributor, request.user, (request.POST or None)) except AttributeError: survey_form = survey_forms.PledgeCard(contributor, request.user, (request.POST or None)) if request.method == 'POST' and contrib_form.is_valid() and survey_form.is_valid(): # If the contrib form finds that the email already exists, it'll return the matched contributor contributor = contrib_form.save() # Make sure the survey form has the right contributor in case one was matched on email survey_form.contributor = contributor survey_form.save() messages.success(request, "Commitment card for %s saved" % contributor.name) if request.is_ajax(): if request.method == 'POST': message_html = loader.render_to_string('_messages.html', {}, RequestContext(request)) return HttpResponse(message_html) template = 'commitments/_card.html' else: if request.method == 'POST': if request.POST.get("submit") == "save_and_add_another": return redirect("commitments_card_create") else: return redirect("commitments_show") template = 'commitments/card.html' # Get the Surveys for the survey select widget survey_types = Survey.objects.filter(is_active=True) return render_to_response(template, { "survey_form": survey_form, "contrib_form": contrib_form, "survey_types": survey_types, "current_form_name": survey_form.__class__.__name__ }, context_instance=RequestContext(request))
def pdf_download(request, challenge_id=None): challenge = get_object_or_404(Challenge, id=challenge_id) if request.user != challenge.creator: return forbidden(request, _('You do not have permissions to download %(challenge)s' ) % {'challenge': challenge}) supporters = Support.objects.filter(challenge=challenge).order_by("-pledged_at") if not len(supporters): messages.error(request, _("No one has signed this petition yet.")) return redirect("challenges_detail", challenge_id=challenge_id) from challenges.pdf import _download return _download(request, challenge, supporters)
def receive_mail(request): try: msg = base64.b64decode(request.raw_post_data) except TypeError: return forbidden(request) msg = email.message_from_string(msg) addr = msg.get("To") if not addr: return forbidden(request) try: values, tamper_check = base64.b64decode(addr).split("\0") except TypeError: return forbidden(request) if hash_val(values) != tamper_check: return forbidden(request) try: values = json.loads(values) except ValueError: return forbidden(request) # The Discussion Form wants this hashed value as a tamper-proof check values['parent_id_sig'] = hash_val(values['parent_id']) try: user = User.objects.get(email=values.pop("user")) group = Group.objects.get(slug=values.pop("group")) parent_disc = Discussion.objects.get(group=group, id=values['parent_id']) except (User.DoesNotExist, Group.DoesNotExist, Discussion.DoesNotExist), e: return forbidden(request)
def guests_edit(request, event_id, guest_id, type): event = get_object_or_404(Event, id=event_id) guest = get_object_or_404(Guest, id=guest_id) if guest.event != event: return forbidden(request, "Guest is not a member of this event") if not hasattr(guest, type) and not hasattr(guest.contributor, type): return forbidden(request, "Guest has no attribute %s" % type) data = request.POST.copy() for field in guest._meta.fields: data[field.name] = field.value_from_object(guest) data[type] = data.get("value") form = GuestEditForm(instance=guest, data=data) if form.is_valid(): form.save() messages.success(request, "%s has been updated" % guest) else: for field,errors in form.errors.items(): for error in errors: messages.error(request, error) guest = Guest.objects.get(id=guest_id) message_html = render_to_string("_messages.html", {}, context_instance=RequestContext(request)) guest_status = render_to_string("events/_guest_status.html", {"event": event, "guest": guest}, context_instance=RequestContext(request)) return HttpResponse(json.dumps({"message_html": message_html, "guest_status": guest_status}), mimetype="text/json")
def get_settings_from_event(query_string, user_id): if ADMIN_SETTINGS_URL_VALIDATOR.validate(query_string): # get the permission of the user user_permission = get_current_user_permission( user_id, query_string['permission']) print(user_permission) if user_permission['authorized'] == 'True': # if yes, then get data return get_site_settings_values() else: # else, return bad request return forbidden() else: return bad_request(ADMIN_SETTINGS_URL_VALIDATOR.errors)
def group_event_request(request, group_id, event_id, action): group = get_object_or_404(Group, id=group_id, is_geo_group=False) event = get_object_or_404(Event, id=event_id) if not group.is_user_manager(request.user): return forbidden(request) try: event_request = GroupAssociationRequest.objects.get(event=event, group=group) except GroupAssociationRequest.DoesNotExist: event_request = None if event_request: if action == "approve": event.groups.add(group) event_request.approved = True event_request.save() messages.success(request, "Your community has been linked with %s" % event) elif action == "deny": event_request.delete() messages.success(request, "Your community will not be linked with %s" % event) elif group.event_set.filter(event=event).exists(): messages.info(request, "%s has already been linked with your community" % event) else: messages.info(request, "%s has not been linked with your community" % event) return redirect("group_detail", group_slug=group.slug)
def patch_settings_from_event(**kwargs): event = kwargs.get('event') user_id = kwargs.get('user_id') query_string = kwargs.get('query_string') email = kwargs.get('email') print(event) body_or_bad_request = get_body_or_bad_request(event) if body_or_bad_request['error']: return body_or_bad_request['response'] body = body_or_bad_request['response'] print(body) user_permission = get_current_user_permission( user_id, query_string['permission']) print(user_permission) if not user_permission['authorized']: return forbidden() return patch_site_settings_values(body=body, email=email)
def group_external_link_form(request, group_id, link_type=None): nav_selected = "communities" group = get_object_or_404(Group, id=group_id) if not group.is_user_manager(request.user): return forbidden(request) instance = None if link_type == "twitter": instance = group.twitter_link() elif link_type == "facebook": instance = group.facebook_link() if request.method == "POST": form = ExternalLinkForm(request.POST, instance=instance) if form.is_valid(): link = form.save(group=group) return redirect(group) else: form = ExternalLinkForm(instance=instance) template = "group_links/_form.html" if request.is_ajax() \ else "group_links/form.html" return render_to_response(template, locals(), context_instance=RequestContext(request))
def edit(request, challenge_id=None): challenge = get_object_or_404(Challenge, id=challenge_id) if request.user != challenge.creator: return forbidden(request, 'You do not have permissions to edit %s' % challenge) return _edit(request, challenge)
def _wrapped_view(request, event_id, *args, **kwargs): event = get_object_or_404(Event, id=event_id) if event.has_manager_privileges(request.user): return view_func(request, event_id, *args, **kwargs) return forbidden(request, "You must be an event manager")
def _wrapped_view(request, event_id, *args, **kwargs): event = get_object_or_404(Event, id=event_id) if request.user.has_perm("events.view_any_event") or event.is_guest(request): return view_func(request, event_id, *args, **kwargs) return forbidden(request, "You are not a registered guest")
def handle_login(request): logger.info("Starting handle_login") args = parse_qs(request["querystring"]) redirect_to = "/" # check if state is present if "state" in args: # need to decode state state = args["state"][0] logger.info("Got state of: {state}".format(state=state)) state = base64.b64decode(state).decode("utf-8") logger.info("Decoded state: {state}".format(state=state)) state = json.loads(state) if "source_url" in state: # check hash source_url_secret = CONFIG["STATE_SECRET"] + state["source_url"] source_url_secret_hash = sha256( source_url_secret.encode("utf-8")).hexdigest() if source_url_secret_hash != state["hash"]: return return_bad_request("Error validating state") redirect_to = state["source_url"] logger.info( "Got source url from state of {url}".format(url=redirect_to)) try: auth_code = args["code"] logger.info( "Got auth code from query string: {code}".format(code=auth_code)) # swap the authorisation code for tokens resp = post_to_url(url=wkc_data["token_endpoint"], grant_type="authorization_code", client_id=CONFIG["CLIENT_ID"], client_secret=CONFIG["CLIENT_SECRET"], code=auth_code, redirect_uri=CONFIG["REDIRECT_URI"]) resp = json.loads(resp) logger.info("Exchanged authorisation code for tokens") access_token = resp["access_token"] refresh_token = resp["refresh_token"] # if there is an allowed group set, we need to check the token has the claim for that group if "ALLOWED_GROUP" in CONFIG: allowed_group = CONFIG["ALLOWED_GROUP"] if allowed_group != "": logger.info("Need to check groups") decoded_token = validate_jwt(api=CONFIG["VAL_API_URL"], token=access_token, key_set=keys, aud=CONFIG["CLIENT_ID"]) decoded_token = json.loads(decoded_token.decode("utf-8")) if "groups" in decoded_token: if allowed_group in decoded_token["groups"]: logger.info( f"user has expected group of {allowed_group}") else: logger.info( f"user is missing expected group of {allowed_group}" ) return forbidden( message=CONFIG["ACCESS_DENIED_MESSAGE"]) else: logger.info("no groups claim in token") return forbidden(message=CONFIG["ACCESS_DENIED_MESSAGE"]) # prepare response r = redirect(redirect_to) cookies = {} cookies[CONFIG["AUTH_COOKIE"]] = access_token cookies[CONFIG["REFRESH_COOKIE"]] = refresh_token r = set_cookies(response=r, cookies=cookies, max_age=CONFIG.get("MAX_AGE", "10")) logger.info("Returning response to client") return r except KeyError: return return_bad_request("Bad request missing parameter")
def card(request, contrib_id=None, form_name=None): # Get the contributor object if specified if not contrib_id: contributor = Contributor() else: contributor = get_object_or_404(Contributor, pk=contrib_id) # Make sure the logged in user has access to view the card. User must have entered a survey for this # contributor, or else have the edit_any_contributor permission if ContributorSurvey.objects.filter(entered_by=request.user, contributor=contributor).exists() == False \ and request.user.has_perm("contributor.edit_any_contributor") == False: return forbidden( request, "You don't have permission to edit this contributor.") # If the contributor has a location, get the zipcode # TODO: move this to the form's init contrib_loc = contributor.location.zipcode if contributor.location else "" # Setup a contrib form contrib_form = ContributorForm((request.POST or None), instance=contributor, initial={"zipcode": contrib_loc}) # If a survey_form was specified, use that, otherwise use a default form_name = request.GET.get("form_name", str(form_name)) try: survey_form = getattr(survey_forms, form_name)(contributor, request.user, (request.POST or None)) except AttributeError: survey_form = survey_forms.PledgeCard(contributor, request.user, (request.POST or None)) if request.method == 'POST' and contrib_form.is_valid( ) and survey_form.is_valid(): # If the contrib form finds that the email already exists, it'll return the matched contributor contributor = contrib_form.save() # Make sure the survey form has the right contributor in case one was matched on email survey_form.contributor = contributor survey_form.save() messages.success( request, "Commitment card for %s %s saved" % ( contributor.first_name, contributor.last_name, )) if request.is_ajax(): if request.method == 'POST': message_html = loader.render_to_string('_messages.html', {}, RequestContext(request)) return HttpResponse(message_html) template = 'commitments/_card.html' else: if request.method == 'POST': if request.POST.get("submit") == "save_and_add_another": return redirect("commitments_card_create") else: return redirect("commitments_show") template = 'commitments/card.html' # Get the Surveys for the survey select widget survey_types = Survey.objects.filter(is_active=True) return render_to_response( template, { "survey_form": survey_form, "contrib_form": contrib_form, "survey_types": survey_types, "current_form_name": survey_form.__class__.__name__ }, context_instance=RequestContext(request))
def _wrapped_view(request, event_id, *args, **kwargs): event = get_object_or_404(Event, id=event_id) if request.user.has_perm("events.view_any_event") or event.is_guest( request): return view_func(request, event_id, *args, **kwargs) return forbidden(request, "You are not a registered guest")
values['subject'] = "Re: %s" % parent_disc.subject best_choice = None for part in msg.walk(): if part.get_content_maintype() == 'multipart': continue if part.get_content_type() == 'text/plain': best_choice = part break if best_choice is None and part.get_content_type() == 'text/html': best_choice = part if best_choice is None: # No text/plain or text/html message was found in the email # so we'll just reject it for now. # TODO: figure out a sane approach to email content-type handling return forbidden(request) # TODO: process text/html message differently charset = (best_choice.get_content_charset() or best_choice.get_charset() or msg.get_content_charset() or msg.get_charset() or 'utf-8') values['body'] = best_choice.get_payload(decode=True).decode(charset) disc_form = DiscussionCreateForm(values) if not disc_form.is_valid(): return forbidden(request) values = dict( subject=disc_form.cleaned_data['subject'], body=disc_form.cleaned_data['body'], parent_id=disc_form.cleaned_data['parent_id'], user=user,