def discussion(request, id): """view a discussion""" mm = MessageManager(request) try: d = Discussion.objects.select_related('user', 'group').get(pk=id) except Discussion.DoesNotExist: return Http404 if d.type == 0 or request.user.is_authenticated() and (request.user.is_group_member(d.group()) or request.user.is_group_manager(d.group())) or d.user.username == request.user.username: #update metrics try: dmet = Metric.objects.get_metric(d, key='views') if d.user.username != request.user.username: dmet.value = int(dmet.value) + 1 except Metric.DoesNotExist: dmet = Metric.objects.create(d, 'views', 1) dmet.save() # get user settings try: user = cUser.objects.all().get(username=d.user.username) u_settings = user.settings except cUser.DoesNotExist: u_settings = None return render(request, 'main/discussion/index.html', {'discussion':d, 'views':dmet.value, 'settings':u_settings}, mm.messages()) else: mm.set_notice("you are not allowed to view that lab journal") return redirect(request.META.get('HTTP_REFERER','/'))
def edit_task(request, id): """edit and existing task""" mm = MessageManager(request) t = get_object_or_404(Task, pk=id) if request.user.is_authenticated() and request.user.username == t.user.username: if request.POST: # receive sent form form = NewTaskForm(request.POST) if form.is_valid(): mm.set_success("task updated") t.due_date = form.cleaned_data['due_date'] t.description = form.cleaned_data['description'] notify = form.cleaned_data['notify'] if notify is False: t.notify = False else: t.notify = True t.save() return redirect(t.get_absolute_url()) else: mm.set_error("error") # error pass else: # setup new form form = NewTaskForm(initial={'due_date':t.due_date, 'description':t.description, 'notify':t.notify}) return render(request, 'tasks/edit.html', {'form':form, 'task':t}, mm.messages()) else: mm.set_notice("you are not authorized to edit that task.") return redirect(request.META.get('HTTP_REFERER','/'))
def admin_tools(request, tool): """automatically provides a list of tools to the administrator from the AdminTools class""" # # Do not add/register new tools in this def. it handles the AdminTools automatically # # debug is checked in AdminTools, so this is just extra protection. if DEBUG is False: return redirect('/') # prepare messages mm = MessageManager(request) # prepare tools at = AdminTools() if request.user.is_authenticated and request.user.is_superuser: # get the tools so we can compare them with the requested tool. tool_list = class_linker(AdminTools, '') # display tool index if tool == '': return render(request, 'main/admin/tools.html', mm.messages()) # Run the tools for t, d, u in tool_list: if tool == t: log_list = eval("at.%s(%s)" % (t, True)) log_message = "successfully performed \"%s\" on %s objects." % (t, len(log_list)) for log in log_list: log_message += "<Br />%s" % log mm.set_notice(log_message) break return redirect(request.META.get('HTTP_REFERER','/'))
def delete_curriculum(request, id): """delete an existing curriculum""" mm = MessageManager(request) c = get_object_or_404(Curriculum, pk=id) if request.user.is_authenticated() and request.user.username == c.user.username: c.delete() return redirect(request.user.get_absolute_url()) else: mm.set_notice('you are not authorized to delete this curriculum') return redirect(c.get_absolute_url())
def delete_task(request, id): """delete a task""" mm = MessageManager(request) t = get_object_or_404(Task, pk=id) if request.user.is_authenticated() and request.user.username == t.user.username: t.delete() mm.set_success("task removed") return redirect(request.user.get_absolute_url()) else: mm.set_notice("you are not authorized to delete that task.") return redirect(request.META.get('HTTP_REFERER','/'))
def delete_lesson(request, c_id, l_id): """delete an existing lesson""" mm = MessageManager(request) l = get_object_or_404(Lesson, pk=l_id) c = get_object_or_404(Curriculum, pk=c_id) if request.user.is_authenticated() and request.user.username == l.user.username: name = l.title l.delete() mm.set_success('"%s" has been deleted' % name) else: mm.set_notice('you are not authorized to delete this lesson') return redirect(c.get_absolute_url())
def confirm_delete(request, removal_key): """confirm a account removal""" # prepare messages mm = MessageManager(request) user = get_object_or_404(cUser, removal_key=removal_key) if user.key_expires < datetime.datetime.today(): mm.set_notice("This removal code as expired.") return render(request, 'accounts/confirm_delete.html', mm.messages(), {'expired':True}) user.key_expires = datetime.datetime.today() - datetime.timedelta(days=1) user.is_active = False user.save() logout(request) mm.set_success("Your account has been successfully removed. Please visit us again!") return render(request, 'main/index.html', mm.messages())
def create_bug(request): """create a new bug report""" # prepare messages mm = MessageManager(request) if request.user.is_authenticated(): if request.POST: form = BugForm(request.POST) if form.is_valid(): form.save(request) mm.set_success("Thanks! We'll fix this bug as soon as possible.") return redirect('/') else: return render(request, 'bugs/create.html', mm.messages(), {'form':form}) else: form = BugForm() return render(request, 'bugs/create.html', mm.messages(), {'form':form}) mm.set_notice("You must log in before you can report a bug") return login_view(request)
def move_link(request, gid, id=None, remove=0): """edit a link""" # prepare messages mm = MessageManager(request) g = get_object_or_404(cGroup, pk=gid) if request.user.is_authenticated() and request.user.is_group_member(g) or request.user.is_group_manager(g): if id: l = get_object_or_404(Link, pk=id, user=request.user) if remove == '1': l.set_group(None) else: l.set_group(g) links = Link.objects.select_related('group').filter(user=request.user) return render(request, 'main/link/move.html', mm.messages(), {'group':g, 'links':links}) else: mm.set_notice("You can't do that!") return redirect(request.META.get('HTTP_REFERER','/'))
def move_code_package(request, gid, id=None, remove=0): """edit a code package""" # prepare messages mm = MessageManager(request) g = get_object_or_404(cGroup, pk=gid) if request.user.is_authenticated() and request.user.is_group_member(g) or request.user.is_group_manager(g): if id: cp = get_object_or_404(CodePackage, pk=id, user=request.user) if remove == '1': cp.set_group(None) else: cp.set_group(g) codepkgs = CodePackage.objects.select_related('group').filter(user=request.user) return render(request, 'main/code_package/move.html', mm.messages(), {'group':g, 'code_packages':codepkgs}) else: mm.set_notice("You can't do that!") return redirect(request.META.get('HTTP_REFERER','/'))
def move_discussion(request, gid, id=None, remove=0): """edit a discussion""" # prepare messages mm = MessageManager(request) g = get_object_or_404(cGroup, pk=gid) if request.user.is_authenticated() and request.user.is_group_member(g) or request.user.is_group_manager(g): if id: d = get_object_or_404(Discussion, pk=id, user=request.user) if remove == '1': d.set_group(None) else: d.set_group(g) discussions = Discussion.objects.select_related('group').filter(user=request.user) return render(request, 'main/discussion/move.html', mm.messages(), {'group':g, 'discussions':discussions}) else: mm.set_notice("You can't do that!") return redirect(request.META.get('HTTP_REFERER','/'))
def user_metrics(request, username): """display user metrics page""" # TODO: only group administrators can view user metrics mm = MessageManager(request) try: u = cUser.objects.get(username=username) except cUser.DoesNotExist: u = get_object_or_404(User, username=username) has_permission_to_see_metrics = False if request.user.is_authenticated() and request.user.username == username: has_permission_to_see_metrics = True elif is_manager(request.user, u): has_permission_to_see_metrics = True if has_permission_to_see_metrics: return render(request, 'accounts/user/metrics.html', {'profile_user':u}, mm.messages()) else: #raise Http404 mm.set_notice("you do not have permission to view that page") return redirect(request.META.get('HTTP_REFERER','/'))
def edit_curriculum(request, id): """edit a curriculum""" mm = MessageManager(request) c = get_object_or_404(Curriculum, pk=id) if request.user.is_authenticated() and request.user.username == c.user.username: if request.POST: form = CreateCurriculumForm(request.POST) if form.is_valid(): # update it c = form.update(request, c) mm.set_success('"%s" has been updated' % c.title) return redirect(c.get_absolute_url()) else: mm.set_error("the form has errors") pass else: form = CreateCurriculumForm(initial={'title':c.title, 'description':c.description}) return render(request, 'curricula/edit_curriculum.html', {'form':form, 'curriculum':c}, mm.messages()) else: mm.set_notice('You are not authorized to edit that curriculum') return redirect(request.META.get('HTTP_REFERER','/'))
def confirm(request, activation_key): """confirm a user registration""" # prepare messages mm = MessageManager(request) if request.user.is_active and request.user.activation_key == activation_key: raise Http404() user = get_object_or_404(cUser, activation_key=activation_key) if user.key_expires < datetime.datetime.today(): mm.set_notice("This activation code as expired. Try creating a new account") # TODO: completely remove accounts that have expired return render(request, 'accounts/confirm.html', mm.messages(), {'expired':True}) user.key_expires = datetime.datetime.today() - datetime.timedelta(days=1) mm.set_success("Congratulations! You just activated your account!") request.session.set_test_cookie() if request.session.test_cookie_worked(): request.session.delete_test_cookie() # cookies are enabled # we need to call authenticate to set some varibles before calling login() auth_user = None try: auth_user = authenticate(username=user.username, password=user.activation_key) # activate the user after authentication so we can't # login with the activation key anymore #auth_user.is_active = True #auth_user.save() except NameError: pass if auth_user is not None: if auth_user.is_active: login(request, auth_user) # TODO: we don't cover all our bases here. we need to be more thorough with error checking if auth_user: return redirect(auth_user.get_absolute_url()) else: return redirect('/')
def delete_code_package(request): """delete a code package from a user account""" mm = MessageManager(request) if request.POST: form = DeleteCodePackageForm(request.POST, request.FILES) if form.is_valid(): e = form.cleaned_data['username'] p = form.cleaned_data['password'] try: user = authenticate(username=e, password=p) except NameError: user = None if user is not None: if user.is_active: p = form.cleaned_data['packageName'] try: # TODO: can we match the package field instead? # TODO: catch multiple items returned p = CodePackage.objects.get(user=user, title=p) p.delete() mm.set_success("package deleted") form = DeleteCodePackageForm() except CodePackage.DoesNotExist: mm.set_notice('package could not be found') else: # account is disabled mm.set_error('This account has been disabled, or has not been activated.') else: # invalid login mm.set_error('Invalid credentials.') return render(request, 'api/delete_code_package.html', {'form':form}, mm.messages()) else: # return form errors to user return render(request, 'api/delete_code_package.html', {'form':form}, mm.messages()) else: form = DeleteCodePackageForm() return render(request, 'api/delete_code_package.html', {'form':form}, mm.messages())
def edit_lesson(request, c_id, l_id): """edit a lesson""" mm = MessageManager(request) c = get_object_or_404(Curriculum, pk=c_id) # we don't need both curriculum and lesson id because we are moving towards just using the custom lesson model l = get_object_or_404(Lesson, pk=l_id) if request.user.is_authenticated() and request.user.username == l.user.username: if request.POST: form = CreateLessonForm(request.POST) if form.is_valid(): # update it l = form.update(request, l) mm.set_success('"%s" has been updated' % l.title) return redirect(l.get_absolute_url()) else: mm.set_error("the form has errors") pass else: form = CreateLessonForm(initial={'title':l.title, 'description':l.description, 'body':l.body}) return render(request, 'curricula/edit_lesson.html', {'form':form, 'lesson':l, 'curriculum':c}, mm.messages()) else: mm.set_notice('You are not authorized to edit that curriculum') return redirect(request.META.get('HTTP_REFERER','/'))
def join_group(request, gid, invitation_key = None): """request to join a group""" mm = MessageManager(request) g = get_object_or_404(cGroup, pk=gid) if not g.open_registration and invitation_key is None: return redirect(g.get_absolute_url()) if request.user.is_authenticated() and request.user.__class__ == cUser: if request.user.is_group_member(g): mm.set_notice("you are already a member of this group.") return redirect(g.get_absolute_url()) if request.user.is_group_manager(g): mm.set_notice("you are a manager of this group and cannot become a member.") return redirect(g.get_absolute_url()) if invitation_key != None: if invitation_key == g.invitation_key: if g.key_expires < datetime.datetime.today(): mm.set_notice("This invitation code as expired.") else: mm.set_success("you are now a member of this group!") request.user.groups.add(g) request.user.save() if request.user in g.pending_users.all(): g.pending_users.remove(request.user) g.members.add(request.user) g.save() else: mm.set_notice("that invitation key is invalid or has expired") else: g.pending_users.add(request.user) g.save() mm.set_success("your membership request has been sent to the group administrators") else: mm.set_notice("you must login or create an acount before you can join a group.") return HttpResponseRedirect(reverse('login-page')) return redirect(g.get_absolute_url())
def leave_group(request, gid): """leave a group""" mm = MessageManager(request) group = get_object_or_404(cGroup, pk=gid) if request.user in group.managers.all(): if group.managers.count() > 1: group.managers.remove(request.user) group.save() else: mm.set_notice("you cannot leave this group because you are the only manager") return redirect(group.get_absolute_url()) elif request.user in group.members.all(): group.members.remove(request.user) group.save() else: mm.set_notice("you cannot leave a group unless you are a member") return redirect(group.get_absolute_url()) request.user.groups.remove(group) request.user.save() mm.set_success("you are no longer a member of this group.") return redirect(group.get_absolute_url())
def register(request): """register a new user""" # prepare messages mm = MessageManager(request) if request.user.is_authenticated(): mm.set_notice('You already have an account') return render(request, 'accounts/register.html', mm.messages()) if request.POST: form = RegistrationForm(request.POST) new_data = request.POST.copy() # Validate passwords # TODO: put validation in form. if not form.isValidHuman(new_data): mm.set_error('Sorry only humans can register. Try reloading the page') return render(request, 'accounts/register.html', mm.messages(), {'form':form}) if not form.isValidUsername(new_data): mm.set_error('That username is already taken') return render(request, 'accounts/register.html', mm.messages(), {'form':form}) if not form.isValidEmail(new_data): mm.set_error('That email is already in use') return render(request, 'accounts/register.html', mm.messages(), {'form':form}) if not form.PasswordsMatch(new_data): mm.set_error('Passwords do not match') return render(request, 'accounts/register.html', mm.messages(), {'form':form}) if not form.isValidPassword(new_data): mm.set_error('Passwords must be at least 6 characters long') return render(request, 'accounts/register.html', mm.messages(), {'form':form}) # validate form data if form.is_valid(): # Save the user new_user = form.save(new_data) if not new_user is None: # TODO: email is not sent for certain emails ([email protected] fails) email_subject = 'Your new Comperio account confirmation' email_body =\ "You recently signed up for a new Comperio account.\ \n\nTo activate your account, click this link within 48 hours:\ \n%s/users/confirm/%s\ \n\n After your account is activated you can go to your account by clicking the link below\ \n%s/users/%s\ \n\nAccount Details\ \nusername: %s\ \nemail: %s\ \npassword: %s" % ( SITE_URL, new_user.activation_key, SITE_URL, new_user.username, new_user.username, form.cleaned_data['email'], form.cleaned_data['password1']) send_mail(email_subject, email_body, '*****@*****.**', [new_user.email]) mm.set_success("You're in! We just emailed you instructions to activate your account") return redirect('/') else: mm.set_error("Could not create user") else: mm.set_error("Please fill all required fields.") return render(request, 'accounts/register.html', mm.messages(), {'form':form}) form = RegistrationForm() return render(request, 'accounts/register.html', mm.messages(), {'form':form})