def EditItem(request):
if request.is_ajax():
if request.method == "POST":
form = NewItemForm(request.POST)
if form.is_valid():
if str(request.POST['id']) == str(int(request.POST['id'])):
try:
item = Item.objects.get(id=request.POST['id'])
except Item.DoesNotExist:
raise Http404
try:
lock = Lock.objects.get(item=item)
if lock.user != request.user:
raise Http404
except Lock.DoesNotExist:
pass
if 'listsession' in request.POST.keys():
if request.POST['listsession']:
p = request.POST['listsession'].split('$')
if request.POST['listsession'] != passHash(request.user.username + listobj.password, p[1]):
raise Http404
else:
listsession = ''
else:
raise Http404
referer = request.META['HTTP_REFERER']
if referer[referer[:-1].rfind('/')+1:] != item.list.url:
raise Http404
if item.list.visibility == 0: #Public
if item.list.perm != 1 and request.user != item.list.user:
raise Http404
else: #Private
if request.user.is_authenticated():
if item.list.emails:
if request.user.email not in item.list.emails.split(',') and request.user != item.list.user:
raise Http404
elif request.user != item.list.user:
raise Http404
else:
raise Http404
item.name = form.cleaned_data['name']
item.count = form.cleaned_data['count']
item.priority = form.cleaned_data['priority']
print item.__dict__
item.save()
return HttpResponse(json.dumps({'errors':''}))
else:
raise Http404
else:
return HttpResponse(json.dumps({'errors':[form.non_field_errors(), ["%s: %s" % (field, error) for field, error in form.errors.items()]]}))
else:
raise Http404
else:
raise Http404
def EditList(request):
if request.is_ajax():
if request.method == "POST":
form = NewListForm(request.POST, error_class=TextErrorList)
if form.is_valid():
if str(request.POST['id']) == str(int(request.POST['id'])):
try:
listobj = List.objects.get(id=request.POST['id'])
except List.DoesNotExist:
raise Http404
if 'listsession' in request.POST.keys():
if request.POST['listsession']:
p = request.POST['listsession'].split('$')
if request.POST['listsession'] != passHash(request.user.username + listobj.password, p[1]):
raise Http404
else:
listsession = ''
else:
raise Http404
referer = request.META['HTTP_REFERER']
if referer[referer[:-1].rfind('/')+1:] != listobj.url:
raise Http404
if listobj.visibility == 0: #Public
if listobj.perm != 1 and request.user != listobj.user:
raise Http404
else: #Private
if request.user.is_authenticated():
if listobj.emails:
if request.user.email not in listobj.emails.split(',') and request.user != listobj.user:
raise Http404
elif request.user != listobj.user:
raise Http404
else:
raise Http404
listobj.name = form.cleaned_data['name']
listobj.description = form.cleaned_data['description']
listobj.url = form.cleaned_data['url']
listobj.visibility = form.cleaned_data['visibility']
listobj.perm = form.cleaned_data['perm']
listobj.emails = form.cleaned_data['emails']
try:
listobj.save()
except IntegrityError as error:
return HttpResponse(json.dumps({'errors':[error]}))
return HttpResponse(json.dumps({'errors':''}))
else:
raise Http404
else:
return HttpResponse(json.dumps({'errors':[form.non_field_errors(), ["%s: %s" % (field, error) for field, error in form.errors.items()]]}))
else:
raise Http404
else:
raise Http404
def ListItems(request):
if request.method == "POST":
if str(request.POST['id']) == str(int(request.POST['id'])):
try:
listobj = List.objects.get(id=int(request.POST['id']))
except List.DoesNotExist:
raise Http404
if 'listsession' in request.POST.keys():
if request.POST['listsession']:
p = request.POST['listsession'].split('$')
if request.POST['listsession'] != passHash(request.user.username + listobj.password, p[1]):
raise Http404
else:
listsession = ''
else:
raise Http404
referer = request.META['HTTP_REFERER']
if referer[referer[:-1].rfind('/')+1:] != listobj.url:
raise Http404
if listobj.visibility == 0: #Public
if listobj.perm != 1 and request.user != listobj.user:
raise Http404
else: #Private
if request.user.is_authenticated():
if listobj.emails:
if request.user.email not in listobj.emails.split(',') and request.user != listobj.user:
raise Http404
elif request.user != listobj.user:
raise Http404
else:
raise Http404
items = list(listobj.getItems())
temp = items[:]
for item in temp:
if str(item.id) in request.POST['rendered'].split(','):
items.remove(item)
return HttpResponse(json.dumps({'errors':'', 'items':[{'name':i.name, 'count':i.count, 'id':i.id, 'priority':i.priority} for i in items]}))
else:
raise Http404
else:
raise Http404
def Delete(request):
if request.is_ajax():
if request.method == "POST":
form = DeleteForm(request.POST, error_class=TextErrorList)
if form.is_valid():
valid_paths = []
object = None
password = None
reg_edit = None
anon_edit = None
if form.cleaned_data['type'] == "listobj":
try:
object = List.objects.get(id=form.cleaned_data['id'])
password = object.password
visibility = object.visibility
perm = object.perm
user = object.user
emails = object.emails
valid_paths = ["dashboard", object.url]
except List.DoesNotExist:
raise Http404
else:
try:
object = Item.objects.get(id=form.cleaned_data['id'])
password = object.list.password
visibility = object.list.visibility
perm = object.list.perm
user = object.list.user
emails = object.list.emails
valid_paths = [object.listobj.url]
except Item.DoesNotExist:
raise Http404
if 'listsession' in request.POST.keys():
if request.POST['listsession']:
p = request.POST['listsession'].split('$')
if request.POST['listsession'] != passHash(request.user.username + listobj.password, p[1]):
raise Http404
else:
listsession = ''
else:
raise Http404
if visibility == 0: #Public
if perm != 1 and request.user != user:
raise Http404
else: #Private
if request.user.is_authenticated():
if emails:
if request.user.email not in emails.split(',') and request.user != user:
raise Http404
elif request.user != user:
raise Http404
else:
raise Http404
referer = request.META['HTTP_REFERER']
if referer[referer[:-1].rfind('/')+1:] in valid_paths:
object.delete()
return json.dumps({'errors':''})
else:
raise Http404
else:
return HttpResponse(json.dumps({'errors':[form.non_field_errors(), ["%s: %s" % (field, error) for field, error in form.errors.items()]]}))
else:
raise Http404
else:
raise Http404
def ListPage(request, url):
try:
list = List.objects.get(url=url)
except List.DoesNotExist:
raise Http404
edit = 'false'
view = False
if list.visibility == 0: #Public
view = True
if list.perm == 1 or request.user == list.user:
edit = 'true'
else: #Private
if request.user.is_authenticated():
if list.emails:
if request.user.email in list.emails.split(','):
view = True
if list.perm == 1:
edit = 'true'
if request.user == list.user:
view = True
edit = 'true'
else:
raise Http404
if not view:
raise Http404
if request.method == "POST":
listsession = ''
if 'listsession' in request.POST.keys():
listsession = request.POST['listsession']
if listsession != passHash(request.user.username + list.password):
listsession = ''
if 'password' in request.POST.keys():
p = list.password.split('$')
password = request.POST['password']
if passHash(password, p[1]) == list.password:
form = NewItemForm()
wholine = ""
if list.visibility == 0:
wholine = "a public list"
else:
wholine = "a private list"
if list.emails and len(list.emails.split(',')) > 2:
wholine += " by you, %s" % ', '.join(get_usernames(list.emails.split(',').remove(request.user.email)))
elif list.emails and len(list.emails.split(',')) == 2:
wholine += " by you and %s" % get_usernames(list.emails.split(',').remove(request.user.email))[0]
return render_to_response('list.html', {'form':form, 'password':bool(list.password), 'wholine':wholine, 'list':list, 'edit': edit, 'listsession':passHash(request.user.username + list.password, p[1])}, RequestContext(request))
else:
message = "Password was invalid."
form = ListPasswordForm()
return render_to_response('list.html', {'form':form, 'password':bool(list.password), 'message':message, 'list':list, 'edit': edit, 'listsession':''}, RequestContext(request))
else:
message = "Please enter a password."
form = ListPasswordForm()
return render_to_response('list.html', {'form':form, 'password':bool(list.password), 'message':message, 'list':list, 'edit': edit, 'listsession':''}, RequestContext(request))
else:
if list.password:
form = ListPasswordForm()
return render_to_response('list.html', {'form':form, 'password':bool(list.password), 'list':list, 'edit': edit, 'listsession':''}, RequestContext(request))
else:
form = NewItemForm()
wholine = ""
if list.visibility == 0:
wholine = "a public list"
else:
wholine = "a private list"
if list.emails and len(list.emails.split(',')) > 2:
wholine += " by you, %s" % ', '.join(get_usernames(list.emails.split(',').remove(request.user.email)))
elif list.emails and len(list.emails.split(',')) == 2:
wholine += " by you and %s" % get_usernames(list.emails.split(',').remove(request.user.email))[0]
return render_to_response('list.html', {'form':form, 'password':bool(list.password), 'wholine':wholine, 'list':list, 'edit': edit, 'listsession':''}, RequestContext(request))
