def get_user_access_to_path(user, path):
dirs = path.split('/')
if dirs[0][0] == "U":
if not user.is_anonymous() and int(dirs[0][1:]) == user.pk:
return True, True
else:
return False, False
elif dirs[0][0] == "C":
check = get_acl_for_model(Community)
try:
com = Community.objects.get(pk=int(dirs[0][1:]))
bmanager = check.manage_community(com, user)
buser = check.member_community(com, user)
return buser or bmanager, bmanager
except:
return False, False
elif dirs[0][0] == "F":
check = get_acl_for_model(ZornaFolder)
try:
folder = ZornaFolder.objects.get(pk=int(dirs[0][1:]))
if folder.inherit_permissions:
parents = folder.get_ancestors()
for f in parents:
if f.inherit_permissions is False:
folder = f
break
buser = check.reader_zornafolder(folder, user)
bmanager = check.manager_zornafolder(
folder, user) or check.writer_zornafolder(folder, user)
return buser or bmanager, bmanager
except:
return False, False
return False, False
def get_user_access_to_path(user, path):
dirs = path.split('/')
if dirs[0][0] == "U":
if not user.is_anonymous() and int(dirs[0][1:]) == user.pk:
return True, True
else:
return False, False
elif dirs[0][0] == "C":
check = get_acl_for_model(Community)
try:
com = Community.objects.get(pk=int(dirs[0][1:]))
bmanager = check.manage_community(com, user)
buser = check.member_community(com, user)
return buser or bmanager, bmanager
except:
return False, False
elif dirs[0][0] == "F":
check = get_acl_for_model(ZornaFolder)
try:
folder = ZornaFolder.objects.get(pk=int(dirs[0][1:]))
if folder.inherit_permissions:
parents = folder.get_ancestors()
for f in parents:
if f.inherit_permissions is False:
folder = f
break
buser = check.reader_zornafolder(folder, user)
bmanager = check.manager_zornafolder(
folder, user) or check.writer_zornafolder(folder, user)
return buser or bmanager, bmanager
except:
return False, False
return False, False
def manager_faq_add_category(request, faq):
try:
faq = Faq.objects.get(pk=faq)
except Faq.DoesNotExist:
raise Http404
check = get_acl_for_model(Faq)
if check.manager_faq(faq, request.user):
initial_data = {}
initial_data["faq"] = faq
if request.method == "POST":
form = FaqQuestionCategoryForm(request, request.POST, initial=initial_data)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse("manager_faq_list_categories", args=[faq.pk]))
else:
form = FaqQuestionCategoryForm(request, request.POST, initial=initial_data)
else:
form = FaqQuestionCategoryForm(request, initial=initial_data)
context = RequestContext(request)
extra_context = {"form": form, "curcategory": False}
extra_context["curfaq"] = Faq.objects.get(pk=faq.pk)
return render_to_response("faq/edit_category.html", extra_context, context_instance=context)
else:
return HttpResponseRedirect("/")
def render(self, context):
request = context['request']
try:
entry = FormsFormEntry.objects.select_related(depth=1).get(
pk=self.entry)
form = entry.form
check = get_acl_for_model(form)
if not check.viewer_formsform(form,
request.user) and not isUserManager(
request, form.workspace.slug):
return ''
except Exception as e:
print e
return ''
columns, row = forms_get_entry(entry)
panels = {'': {}}
for panel in form.formsformpanel_set.all():
panel.fields = []
panels[panel.label] = panel
for f in form.fields.visible():
if f.panel:
panels[f.panel.label].fields.append(row[f.slug])
else:
panels[''].setdefault('fields', []).append(row[f.slug])
context[self.var_name] = panels
return ''
def manager_faq_edit_question(request, question):
try:
question = FaqQuestion.objects.get(pk=question)
category = question.category
faq = category.faq
except FaqCategory.DoesNotExist:
raise Http404
check = get_acl_for_model(Faq)
if check.manager_faq(faq, request.user):
initial_data = {}
initial_data["category"] = category.pk
if request.method == "POST":
if request.POST.has_key("bdelete"):
question.delete()
return HttpResponseRedirect(reverse("manager_edit_faq", args=[faq.pk]))
form = FaqQuestionForm(request, faq, request.POST, initial=initial_data, instance=question)
if form.is_valid():
question = form.save(commit=False)
question.owner = request.user
question.slug = slugify(question.question)
question.save()
return HttpResponseRedirect(reverse("manager_edit_faq", args=[faq.pk]))
else:
form = FaqQuestionForm(request, faq, request.POST, initial=initial_data, instance=question)
else:
form = FaqQuestionForm(request, faq, initial=initial_data, instance=question)
context = RequestContext(request)
extra_context = {"form": form, "curcategory": category}
extra_context["curfaq"] = faq
extra_context["curquestion"] = True
return render_to_response("faq/edit_question.html", extra_context, context_instance=context)
else:
return HttpResponseRedirect("/")
class check_form_permission_node(template.Node):
def __init__(self, form, permission, var_name):
self.form = template.Variable(form)
self.var_name = var_name
self.permission = permission
def render(self, context):
request = context['request']
try:
slug = self.form.resolve(context)
except template.VariableDoesNotExist:
if self.form[0] == self.form[-1] and self.form[0] in ('"', "'"):
slug = self.form[1:-1]
else:
slug = self.form
try:
if slug.isdigit():
form = FormsForm.objects.get(pk=slug)
else:
form = FormsForm.objects.get(slug=slug)
except Exception, e:
return ''
try:
check = get_acl_for_model(form)
func = getattr(check, '%s_formsform' % self.permission, None)
if func is None:
raise Exception("No handler for type %r" % self.permission)
else:
context[self.var_name] = func(form, request.user)
except Exception as e:
pass
return ''
def manager_faq_edit_category(request, category):
try:
category = FaqCategory.objects.get(pk=category)
except FaqCategory.DoesNotExist:
raise Http404
check = get_acl_for_model(Faq)
if check.manager_faq(category.faq, request.user):
if request.method == 'POST':
form = FaqQuestionCategoryForm(request,
request.POST,
instance=category)
if form.is_valid():
form.save()
return HttpResponseRedirect(
reverse('manager_faq_list_categories',
args=[category.faq_id]))
else:
form = FaqQuestionCategoryForm(request,
request.POST,
instance=category)
else:
form = FaqQuestionCategoryForm(request, instance=category)
context = RequestContext(request)
extra_context = {'form': form, 'curcategory': category}
extra_context['curfaq'] = category.faq
return render_to_response('faq/edit_category.html',
extra_context,
context_instance=context)
else:
return HttpResponseRedirect('/')
def get_tabs(self, request, community_id=0):
tabs = []
for form in self._forms.values():
check = get_acl_for_model(form)
if check.creator_formsform(form, request.user):
tabs.append(form.slug)
return tabs
def manager_faq_add_category(request, faq):
try:
faq = Faq.objects.get(pk=faq)
except Faq.DoesNotExist:
raise Http404
check = get_acl_for_model(Faq)
if check.manager_faq(faq, request.user):
initial_data = {}
initial_data['faq'] = faq
if request.method == 'POST':
form = FaqQuestionCategoryForm(request,
request.POST,
initial=initial_data)
if form.is_valid():
form.save()
return HttpResponseRedirect(
reverse('manager_faq_list_categories', args=[faq.pk]))
else:
form = FaqQuestionCategoryForm(request,
request.POST,
initial=initial_data)
else:
form = FaqQuestionCategoryForm(request, initial=initial_data)
context = RequestContext(request)
extra_context = {'form': form, 'curcategory': False}
extra_context['curfaq'] = Faq.objects.get(pk=faq.pk)
return render_to_response('faq/edit_category.html',
extra_context,
context_instance=context)
else:
return HttpResponseRedirect('/')
def get_tabs(self, request, community_id=0):
tabs = []
for form in self._forms.values():
check = get_acl_for_model(form)
if check.creator_formsform(form, request.user):
tabs.append(form.slug)
return tabs
def notes_share_category(request, category):
if request.user.is_authenticated():
category = ZornaNoteCategory.objects.get(pk=category,
owner=request.user)
check = get_acl_for_model(category)
return check.get_acl_users_forms(request, category.pk)
else:
return HttpResponseForbidden()
def notes_share_category(request, category):
if request.user.is_authenticated():
category = ZornaNoteCategory.objects.get(
pk=category, owner=request.user)
check = get_acl_for_model(category)
return check.get_acl_users_forms(request, category.pk)
else:
return HttpResponseForbidden()
def acl_users_object(request, ct, object):
if request.user.is_superuser:
ct = ContentType.objects.get(pk=ct)
object = ct.get_object_for_this_type(pk=object)
check = get_acl_for_model(object)
return check.get_acl_users_forms(request, object.pk, template='acl/admin_acl_users.html')
else:
return HttpResponseRedirect('/')
def get_community_managers(user, community):
if not isinstance(community, Community):
community = Community.objects.get(pk=community)
check = get_acl_for_model(community)
if check.manage_community(community, user):
return get_acl_by_object(community, 'manage')
else:
return Community.objects.none()
def get_menus(self, request, community_id=0):
menus = []
for form in self._forms.values():
check = get_acl_for_model(form)
if check.viewer_formsform(form, request.user):
id = 'comforms_%s_menu' % form.slug
menus.append({'title': form.name, 'url': reverse(
'communities_home_plugin', args=(id,)), 'id': id})
return menus
def is_access_valid(self, user, key_option):
try:
so = self.get(key=key_option)
if so:
check = get_acl_for_model(SiteOptions)
return check.access_siteoptions(so, user)
else:
return False
except Exception as e:
return False
def is_access_valid(self, user, key_option):
try:
so = self.get(key=key_option)
if so:
check = get_acl_for_model(SiteOptions)
return check.access_siteoptions(so, user)
else:
return False
except Exception as e:
return False
def calendar_share(request):
if request.user.is_authenticated():
cal = get_personal_calendar(request.user)
check = get_acl_for_model(cal)
extra_context = check.get_acl_users_forms(
request, cal.pk, template=None)
context = RequestContext(request)
return render_to_response('calendars/calendar_share.html', extra_context, context_instance=context)
else:
return HttpResponseForbidden()
def notes_get_content(request, extra={}, category=None):
if request.user.is_authenticated():
extra_context = dict(**extra)
extra_context['category'] = category
extra_context['search_text'] = request.GET.get('search_text', '')
extra_context['search_tag'] = request.GET.get('search_tag', '')
if category:
try:
category = ZornaNoteCategory.objects.get(pk=category)
check = get_acl_for_model(ZornaNoteCategory)
extra_context['owner'] = category.owner == request.user
if extra_context['owner'] or check.viewer_zornanotecategory(category, request.user):
extra_context['category'] = category
extra_context[
'category_ancestors'] = category.get_ancestors()
notes = category.zornanote_set.all()
if extra_context['search_text']:
notes = notes.filter(Q(title__icontains=extra_context[
'search_text']) | Q(content__icontains=extra_context['search_text']))
if extra_context['search_tag']:
notes = notes.filter(Q(
tags__icontains=extra_context['search_tag']))
for n in notes:
n.attachments = []
for f in n.zornanotefile_set.all():
n.attachments.append({'file_name': os.path.basename(
f.file.name), 'pk': f.pk})
extra_context['notes'] = notes
except Exception as e:
return '%s' % e
else:
ob = get_allowed_objects(request.user, ZornaNoteCategory, 'viewer')
extra_context['owner'] = False
extra_context['category'] = None
extra_context['category_ancestors'] = []
notes = ZornaNote.objects.filter(Q(
owner=request.user) | Q(category__in=ob))
if extra_context['search_text']:
notes = notes.filter(Q(title__icontains=extra_context[
'search_text']) | Q(content__icontains=extra_context['search_text']))
if extra_context['search_tag']:
notes = notes.filter(Q(
tags__icontains=extra_context['search_tag']))
for n in notes:
n.attachments = []
for f in n.zornanotefile_set.all():
n.attachments.append({'file_name': os.path.basename(
f.file.name), 'pk': f.pk})
extra_context['notes'] = notes
t = loader.get_template('notes/notes_view_notes.html')
c = RequestContext(request, extra_context)
return t.render(c)
else:
return 'Access denied'
def render(self, context):
request = context['request']
check = get_acl_for_model(Community)
allowed_objects = get_allowed_objects(
request.user, Community, 'member')
communities = Community.objects.filter(
id__in=allowed_objects).order_by('name')
for com in communities:
com.manager = check.manage_community(com, request.user)
com.member = True
context[self.var_name] = communities
return ''
def render(self, context):
request = context['request']
check = get_acl_for_model(Community)
allowed_objects = get_allowed_objects(request.user, Community,
'member')
communities = Community.objects.filter(
id__in=allowed_objects).order_by('name')
for com in communities:
com.manager = check.manage_community(com, request.user)
com.member = True
context[self.var_name] = communities
return ''
def calendar_share(request):
if request.user.is_authenticated():
cal = get_personal_calendar(request.user)
check = get_acl_for_model(cal)
extra_context = check.get_acl_users_forms(request,
cal.pk,
template=None)
context = RequestContext(request)
return render_to_response('calendars/calendar_share.html',
extra_context,
context_instance=context)
else:
return HttpResponseForbidden()
def manager_faq_edit_question(request, question):
try:
question = FaqQuestion.objects.get(pk=question)
category = question.category
faq = category.faq
except FaqCategory.DoesNotExist:
raise Http404
check = get_acl_for_model(Faq)
if check.manager_faq(faq, request.user):
initial_data = {}
initial_data['category'] = category.pk
if request.method == 'POST':
if request.POST.has_key('bdelete'):
question.delete()
return HttpResponseRedirect(
reverse('manager_edit_faq', args=[faq.pk]))
form = FaqQuestionForm(request,
faq,
request.POST,
initial=initial_data,
instance=question)
if form.is_valid():
question = form.save(commit=False)
question.owner = request.user
question.slug = slugify(question.question)
question.save()
return HttpResponseRedirect(
reverse('manager_edit_faq', args=[faq.pk]))
else:
form = FaqQuestionForm(request,
faq,
request.POST,
initial=initial_data,
instance=question)
else:
form = FaqQuestionForm(request,
faq,
initial=initial_data,
instance=question)
context = RequestContext(request)
extra_context = {'form': form, 'curcategory': category}
extra_context['curfaq'] = faq
extra_context['curquestion'] = True
return render_to_response('faq/edit_question.html',
extra_context,
context_instance=context)
else:
return HttpResponseRedirect('/')
def get_menus(self, request, community_id=0):
menus = []
for form in self._forms.values():
check = get_acl_for_model(form)
if check.viewer_formsform(form, request.user):
id = 'comforms_%s_menu' % form.slug
menus.append({
'title':
form.name,
'url':
reverse('communities_home_plugin', args=(id, )),
'id':
id
})
return menus
def manager_edit_faq(request, faq):
try:
faq = Faq.objects.get(pk=faq)
except Faq.DoesNotExist:
raise Http404
check = get_acl_for_model(Faq)
if check.manager_faq(faq, request.user):
ob_list = FaqCategory.objects.filter(faq=faq)
extra_context = {}
extra_context["categories"] = ob_list
extra_context["curfaq"] = faq
context = RequestContext(request)
return render_to_response("faq/manager_edit_faq.html", extra_context, context_instance=context)
else:
return HttpResponseRedirect("/")
def manager_faq_list_questions(request, category):
try:
category = FaqCategory.objects.get(pk=category)
except Faq.DoesNotExist:
raise Http404
check = get_acl_for_model(Faq)
if check.manager_faq(category.faq, request.user):
ob_list = FaqQuestion.objects.filter(category=category)
extra_context = {}
extra_context["questions"] = ob_list
extra_context["curfaq"] = category.faq
extra_context["curcategory"] = category
context = RequestContext(request)
return render_to_response("faq/list_questions.html", extra_context, context_instance=context)
else:
return HttpResponseRedirect("/")
def manager_edit_faq(request, faq):
try:
faq = Faq.objects.get(pk=faq)
except Faq.DoesNotExist:
raise Http404
check = get_acl_for_model(Faq)
if check.manager_faq(faq, request.user):
ob_list = FaqCategory.objects.filter(faq=faq)
extra_context = {}
extra_context['categories'] = ob_list
extra_context['curfaq'] = faq
context = RequestContext(request)
return render_to_response('faq/manager_edit_faq.html',
extra_context,
context_instance=context)
else:
return HttpResponseRedirect('/')
def render(self, context):
request = context['request']
try:
slug = self.form.resolve(context)
except:
slug = self.form
try:
form = FormsForm.objects.get(slug=slug)
check = get_acl_for_model(form)
func = getattr(check, '%s_formsform' % self.permission, None)
if func is None:
raise Exception("No handler for type %r" % self.permission)
else:
context[self.var_name] = func(form, request.user)
except Exception as e:
pass
return ''
def manager_faq_list_questions(request, category):
try:
category = FaqCategory.objects.get(pk=category)
except Faq.DoesNotExist:
raise Http404
check = get_acl_for_model(Faq)
if check.manager_faq(category.faq, request.user):
ob_list = FaqQuestion.objects.filter(category=category)
extra_context = {}
extra_context['questions'] = ob_list
extra_context['curfaq'] = category.faq
extra_context['curcategory'] = category
context = RequestContext(request)
return render_to_response('faq/list_questions.html',
extra_context,
context_instance=context)
else:
return HttpResponseRedirect('/')
def browse_faq(request, faqslug):
slugs = faqslug.split("/")
try:
faq = Faq.objects.get(slug=slugs[0])
if len(slugs) > 1:
category = FaqCategory.objects.get(slug=slugs[1], faq=faq)
else:
category = None
except Faq.DoesNotExist or FaqCategory.DoesNotExist:
raise Http404
check = get_acl_for_model(Faq)
if check.reader_faq(faq, request.user):
ob_list = FaqCategory.objects.filter(faq=faq)
extra_context = {}
extra_context["categories"] = ob_list
extra_context["curfaq"] = faq
extra_context["curcategory"] = category
context = RequestContext(request)
return render_to_response("faq/browse_faq.html", extra_context, context_instance=context)
else:
return HttpResponseRedirect("/")
def get_note_attachment(request, file_id):
if request.user.is_authenticated():
try:
note_file = ZornaNoteFile.objects.get(pk=file_id)
note = note_file.note
if note.owner != request.user:
check = get_acl_for_model(ZornaNoteCategory)
if not check.viewer_zornanotecategory(note.category, request.user):
return HttpResponseForbidden()
except:
return HttpResponseForbidden()
path = "%s/%s" % (get_upload_notes_attachments(), note_file.file.name)
fp = open(path, 'rb')
content_type = note_file.mimetype
response = HttpResponse(fp.read(), content_type=content_type)
response['Content-Length'] = os.path.getsize(path)
response['Content-Disposition'] = "attachment; filename=%s" % os.path.basename(
note_file.file.name)
return response
else:
return HttpResponseForbidden()
def render(self, context):
request = context['request']
try:
entry = FormsFormEntry.objects.select_related(depth=1).get(pk=self.entry)
form = entry.form
check = get_acl_for_model(form)
if not check.viewer_formsform(form, request.user) and not isUserManager(request, form.workspace.slug):
return ''
except Exception as e:
print e
return ''
columns, row = forms_get_entry(entry)
panels = {'':{}}
for panel in form.formsformpanel_set.all():
panel.fields = []
panels[panel.label] = panel
for f in form.fields.visible():
if f.panel:
panels[f.panel.label].fields.append(row[f.slug])
else:
panels[''].setdefault('fields', []).append(row[f.slug])
context[self.var_name] = panels
return ''
def manager_faq_edit_category(request, category):
try:
category = FaqCategory.objects.get(pk=category)
except FaqCategory.DoesNotExist:
raise Http404
check = get_acl_for_model(Faq)
if check.manager_faq(category.faq, request.user):
if request.method == "POST":
form = FaqQuestionCategoryForm(request, request.POST, instance=category)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse("manager_faq_list_categories", args=[category.faq_id]))
else:
form = FaqQuestionCategoryForm(request, request.POST, instance=category)
else:
form = FaqQuestionCategoryForm(request, instance=category)
context = RequestContext(request)
extra_context = {"form": form, "curcategory": category}
extra_context["curfaq"] = category.faq
return render_to_response("faq/edit_category.html", extra_context, context_instance=context)
else:
return HttpResponseRedirect("/")
def browse_faq(request, faqslug):
slugs = faqslug.split('/')
try:
faq = Faq.objects.get(slug=slugs[0])
if len(slugs) > 1:
category = FaqCategory.objects.get(slug=slugs[1], faq=faq)
else:
category = None
except Faq.DoesNotExist or FaqCategory.DoesNotExist:
raise Http404
check = get_acl_for_model(Faq)
if check.reader_faq(faq, request.user):
ob_list = FaqCategory.objects.filter(faq=faq)
extra_context = {}
extra_context['categories'] = ob_list
extra_context['curfaq'] = faq
extra_context['curcategory'] = category
context = RequestContext(request)
return render_to_response('faq/browse_faq.html',
extra_context,
context_instance=context)
else:
return HttpResponseRedirect('/')
def get_note_attachment(request, file_id):
if request.user.is_authenticated():
try:
note_file = ZornaNoteFile.objects.get(pk=file_id)
note = note_file.note
if note.owner != request.user:
check = get_acl_for_model(ZornaNoteCategory)
if not check.viewer_zornanotecategory(note.category,
request.user):
return HttpResponseForbidden()
except:
return HttpResponseForbidden()
path = "%s/%s" % (get_upload_notes_attachments(), note_file.file.name)
fp = open(path, 'rb')
content_type = note_file.mimetype
response = HttpResponse(fp.read(), content_type=content_type)
response['Content-Length'] = os.path.getsize(path)
response[
'Content-Disposition'] = "attachment; filename=%s" % os.path.basename(
note_file.file.name)
return response
else:
return HttpResponseForbidden()
def get_acl_forms(request, object, **kwargs):
if request.user.is_superuser:
check = get_acl_for_model(object)
return check.get_acl_groups_forms(request, object.pk, **kwargs)
else:
return HttpResponseRedirect('/')
def notes_get_content(request, extra={}, category=None):
if request.user.is_authenticated():
extra_context = dict(**extra)
extra_context['category'] = category
extra_context['search_text'] = request.GET.get('search_text', '')
extra_context['search_tag'] = request.GET.get('search_tag', '')
if category:
try:
category = ZornaNoteCategory.objects.get(pk=category)
check = get_acl_for_model(ZornaNoteCategory)
extra_context['owner'] = category.owner == request.user
if extra_context['owner'] or check.viewer_zornanotecategory(
category, request.user):
extra_context['category'] = category
extra_context[
'category_ancestors'] = category.get_ancestors()
notes = category.zornanote_set.all()
if extra_context['search_text']:
notes = notes.filter(
Q(title__icontains=extra_context['search_text']) |
Q(content__icontains=extra_context['search_text']))
if extra_context['search_tag']:
notes = notes.filter(
Q(tags__icontains=extra_context['search_tag']))
for n in notes:
n.attachments = []
for f in n.zornanotefile_set.all():
n.attachments.append({
'file_name':
os.path.basename(f.file.name),
'pk':
f.pk
})
extra_context['notes'] = notes
except Exception as e:
return '%s' % e
else:
ob = get_allowed_objects(request.user, ZornaNoteCategory, 'viewer')
extra_context['owner'] = False
extra_context['category'] = None
extra_context['category_ancestors'] = []
notes = ZornaNote.objects.filter(
Q(owner=request.user) | Q(category__in=ob))
if extra_context['search_text']:
notes = notes.filter(
Q(title__icontains=extra_context['search_text'])
| Q(content__icontains=extra_context['search_text']))
if extra_context['search_tag']:
notes = notes.filter(
Q(tags__icontains=extra_context['search_tag']))
for n in notes:
n.attachments = []
for f in n.zornanotefile_set.all():
n.attachments.append({
'file_name':
os.path.basename(f.file.name),
'pk':
f.pk
})
extra_context['notes'] = notes
t = loader.get_template('notes/notes_view_notes.html')
c = RequestContext(request, extra_context)
return t.render(c)
else:
return 'Access denied'
