Example #1
0
    def post(self, request, *args, **kwargs):
        try:
            category = shop_models.ProductCategories.objects.get(pk=kwargs.pop("category_id"))
        except shop_models.Product.DoesNotExist:
            raise http.Http404("No category matches the given query.")
        form = shop_forms.ProductCategoryForm(request.POST, instance=category)
        if form.is_valid():
            category_data = form.save(commit=False) #Modelform
            category_data.parent_slug =  category_data.parent.slug
            category_data.save()

            messages.success(request, 'Save successful..')
            return shortcuts.redirect("admin_shop_categories")
        else:
            messages.error(request, 'category not saved..')
        return  render(request, "admin/shop/categories_edit.html",{
            'formbundle':[
            ("Category details",form),]
        })
Example #2
0
    def get_object(self):
        # We allow superusers to force an order thank-you page for testing
        order = None
        if self.request.user.is_superuser:
            if 'order_number' in self.request.GET:
                order = Order._default_manager.get(
                    number=self.request.GET['order_number'])
            elif 'order_id' in self.request.GET:
                order = Order._default_manager.get(
                    id=self.request.GET['order_id'])

        if not order:
            if 'checkout_order_id' in self.request.session:
                order = Order._default_manager.get(
                    pk=self.request.session['checkout_order_id'])
            else:
                raise http.Http404(_("No order found"))

        return order
Example #3
0
    def root(self, request, url):
        """ 
        Handles main URL routing for the admin app.

        `url` is the remainder of the URL -- e.g. 'comments/comment/'.
        """
        if request.method == 'GET' and not request.path.endswith('/'):
            return http.HttpResponseRedirect(request.path + '/')

        # Figure out the admin base URL path and stash it for later use
        self.root_path = re.sub(re.escape(url) + '$', '', request.path)

        url = url.rstrip('/')  # Trim trailing slash, if it exists.

        # The 'logout' view doesn't require that the person is logged in.
        if url == 'logout':
            return self.logout(request)

        # Check permission to continue or display login form.
        if not self.has_permission(request):
            return self.login(request)

        if url == '':
            return self.index(request)
        elif url == 'password_change':
            return self.password_change(request)
        elif url == 'password_change/done':
            return self.password_change_done(request)
        elif url == 'jsi18n':
            return self.i18n_javascript(request)
        # urls starting with 'r/' are for the "show in web" links
        elif url.startswith('r/'):
            from django.views.defaults import shortcut
            return shortcut(request, *url.split('/')[1:])
        else:
            match = USER_CHANGE_PASSWORD_URL_RE.match(url)
            if match:
                return self.user_change_password(request, match.group(1))

            if '/' in url:
                return self.model_page(request, *url.split('/', 2))

        raise http.Http404('The requested admin page does not exist.')
Example #4
0
    def root(self, request, url):
        """
        Handles main URL routing for the databrowse app.

        `url` is the remainder of the URL -- e.g. 'objects/3'.
        """
        # Delegate to the appropriate method, based on the URL.
        if url is None:
            return self.main_view(request)
        try:
            plugin_name, rest_of_url = url.split('/', 1)
        except ValueError:  # need more than 1 value to unpack
            plugin_name, rest_of_url = url, None
        try:
            plugin = self.plugins[plugin_name]
        except KeyError:
            raise http.Http404(
                'A plugin with the requested name does not exist.')
        return plugin.model_view(request, self, rest_of_url)
Example #5
0
def version_detail(request, addon, version_num):
    # TODO: Does setting this in memcachd even make sense?
    # This is specific to an add-ons version so the chance of this hitting
    # the cache and not missing seems quite bad to me (cgrebs)
    def _fetch():
        qs = _version_list_qs(addon)
        return list(qs.values_list('version', flat=True))

    ids = cache_get_or_set(
        u'version-detail:{}:{}'.format(addon.id, version_num),
        _fetch)

    url = reverse('addons.versions', args=[addon.slug])
    if version_num in ids:
        page = 1 + ids.index(version_num) / PER_PAGE
        to = urlparams(url, 'version-%s' % version_num, page=page)
        return http.HttpResponseRedirect(to)
    else:
        raise http.Http404()
Example #6
0
def delete_invite(request, invite_pk):
    """Delete an invite to join a group."""

    invite = get_object_or_404(Invite, pk=invite_pk)
    group = invite.group

    if (group.curators.filter(id=request.user.userprofile.id).exists()
            or request.user.userprofile.is_manager):
        redeemer = invite.redeemer
        invite.delete()
        notify_redeemer_invitation_invalid.delay(redeemer.pk, group.pk)
        msg = _(u'The invitation to {0} has been successfully revoked.'
                ).format(redeemer)
        messages.success(request, msg)
        next_section = request.GET.get('next')
        next_url = urlparams(reverse('groups:group_edit', args=[group.url]),
                             next_section)
        return http.HttpResponseRedirect(next_url)
    raise http.Http404()
Example #7
0
def t_shirt(request):
    if not waffle.switch_is_active('t-shirt-orders'):
        raise http.Http404()

    user = request.user
    eligible = tshirt_eligible(user)

    if request.method == 'POST':
        if not eligible:
            messages.error(request,
                           _("We're sorry, but you are not eligible to "
                             "request a t-shirt at this time."))
            return redirect('users.t-shirt')

        if not user.t_shirt_requested:
            user.update(t_shirt_requested=datetime.now())

    return render(request, 'users/t-shirt.html',
                  {'eligible': eligible, 'user': user})
Example #8
0
def download_source(request, version_id):
    version = get_object_or_404(Version.objects, pk=version_id)

    # General case: version is listed.
    if version.channel == amo.RELEASE_CHANNEL_LISTED:
        if not (version.source and (acl.check_addon_ownership(
                request, version.addon, viewer=True, ignore_disabled=True))):
            raise http.Http404()
    else:
        if not owner_or_unlisted_reviewer(request, version.addon):
            raise http.Http404  # Not listed, not owner or unlisted reviewer.
    res = HttpResponseSendFile(request, version.source.path)
    path = version.source.path
    if not isinstance(path, unicode):
        path = path.decode('utf8')
    name = os.path.basename(path.replace(u'"', u''))
    disposition = u'attachment; filename="{0}"'.format(name).encode('utf8')
    res['Content-Disposition'] = disposition
    return res
Example #9
0
 def get_context_data(self, **kwargs):
     ctx = super().get_context_data(**kwargs)
     hashvalue = self.kwargs['hash']
     if not arm.Seat.exists(hashvalue):
         raise djh.Http404()
     seat = arm.Seat.by_hash(hashvalue)
     ctx['seat'] = seat
     ctx['room'] = seat.room
     ctx['settings'] = settings
     retention_3g = settings.DATA_RETENTION_DAYS_STATUS_3G
     if settings.USE_STATUS_3G_FIELD and \
        retention_3g <= settings.DATA_RETENTION_DAYS:
         ctx['status_3g_stmt_de'] = ("Der 3G-Status wird bereits nach %d Tagen gelöscht." %
                                    retention_3g)
         ctx['status_3g_stmt_en'] = ("The vaccination status will be deleted after %d days." %
                                    retention_3g)
     else:
         ctx['status_3g_stmt_de'] = ctx['status_3g_stmt_en'] = ""
     return ctx
Example #10
0
def review_list(request, addon, review_id=None, user_id=None, template=None):
    q = (Review.objects.valid().filter(addon=addon).order_by('-created'))

    ctx = {'addon': addon, 'grouped_ratings': GroupedRating.get(addon.id)}

    ctx['form'] = forms.ReviewForm(None)

    if review_id is not None:
        ctx['page'] = 'detail'
        # If this is a dev reply, find the first msg for context.
        review = get_object_or_404(Review.objects.all(), pk=review_id)
        if review.reply_to_id:
            review_id = review.reply_to_id
            ctx['reply'] = review
        q = q.filter(pk=review_id)
    elif user_id is not None:
        ctx['page'] = 'user'
        q = q.filter(user=user_id)
        if not q:
            raise http.Http404()
    else:
        ctx['page'] = 'list'
        q = q.filter(is_latest=True)

    ctx['reviews'] = reviews = amo.utils.paginate(request, q)
    ctx['replies'] = Review.get_replies(reviews.object_list)
    if request.user.is_authenticated():
        ctx['review_perms'] = {
            'is_admin':
            acl.action_allowed(request, 'Addons', 'Edit'),
            'is_editor':
            acl.check_reviewer(request),
            'is_author':
            acl.check_addon_ownership(request,
                                      addon,
                                      viewer=True,
                                      dev=True,
                                      support=True),
        }
        ctx['flags'] = get_flags(request, reviews.object_list)
    else:
        ctx['review_perms'] = {}
    return render(request, template, ctx)
Example #11
0
def secure_media(request, path):
    if not (request.user.is_superuser or request.user.groups.filter(
            name__in=('sim_report', 'hotel_report')).exists()):
        fname = os.path.splitext(os.path.basename(path))[0]
        if fname.rsplit('-', 1)[0] != request.user.username:
            return http.HttpResponseForbidden()
    fpath = settings.SECURE_STORAGE.path(path)
    guessed = mimetypes.guess_type(fpath)
    try:
        r = http.HttpResponse(file(fpath), mimetype=guessed[0])
        r['Content-Length'] = os.path.getsize(fpath)
        if guessed[1]:
            r['Content-Encoding'] = guessed[1]
        return r
    except IOError, e:
        if e.errno == 2:
            raise http.Http404()
        else:
            raise
Example #12
0
def get_comments(request, model_slug, object_id):
    try:
        model = COMMENTABLE_MODELS[model_slug]
    except KeyError:
        raise http.Http404("no such registered model %s" % model_slug)

    obj = get_object_or_404(model, pk=object_id)

    comment_set = Comment.visible.get_comments(obj)

    comments_group = itertools.groupby(
        (c.get_dict() for c in comment_set.order_by('selector', 'created')),
        lambda c: c["selector"])

    comments_dict = dict((k, list(v)) for k, v in comments_group)

    return http.JsonResponse({
        "content": comments_dict,
    })
Example #13
0
def download_latest(request, addon, type='xpi', platform=None):
    """
    Download file from 'current' (latest public listed) version for an add-on.

    Requires same permissions as download_file() does for this file.
    """
    platforms = [amo.PLATFORM_ALL.id]
    if platform is not None and int(platform) in amo.PLATFORMS:
        platforms.append(int(platform))
    version = addon._current_version_id
    files = File.objects.filter(platform__in=platforms,
                                version=version)
    try:
        # If there's a file matching our platform, it'll float to the end.
        file_ = sorted(files, key=lambda f: f.platform == platforms[-1])[-1]
    except IndexError:
        raise http.Http404()
    return download_file(request, file_.id, type=type, file_=file_,
                         addon=addon)
Example #14
0
 def get_blob_digest(self, name, uuid, hash_method="sha256"):
     """
     计算 Blob 的 Digest值
     :param name:
     :param uuid:
     :param hash_method:
     :return:
     """
     hash_func = {
         "sha256": hashlib.sha256,
         "sha1": hashlib.sha1
     }[hash_method]()
     file_name = self.path_spec.get_upload_path(name, uuid)
     if not os.path.exists(file_name):
         raise http.Http404()
     with open(file_name, "rb") as f2:
         for chunk in iter(lambda: f2.read(4096), b''):
             hash_func.update(chunk)
     return hash_func.hexdigest()
Example #15
0
def download_source(request, version_id):
    """
    Download source code for a given version_id.

    Requires developer of the add-on or admin reviewer permission. If the
    version or add-on is deleted, developers can't access.

    If the version source code wasn't provided, but the user had the right
    permissions, a 404 is raised.
    """
    # Include deleted versions in the queryset, we'll check for that below.
    version = get_object_or_404(Version.unfiltered, pk=version_id)
    addon = version.addon

    # Channel doesn't matter, source code is only available to admin reviewers
    # or developers of the add-on. If the add-on, version or file is deleted or
    # disabled, then only admins can access.
    has_permission = acl.action_allowed(request, amo.permissions.REVIEWS_ADMIN)

    if (
        addon.status != amo.STATUS_DISABLED
        and not version.files.filter(status=amo.STATUS_DISABLED).exists()
        and not version.deleted
        and not addon.is_deleted
    ):
        # Don't rely on 'admin' parameter for check_addon_ownership(), it
        # doesn't check the permission we want to check.
        has_permission = has_permission or acl.check_addon_ownership(
            request, addon, admin=False, dev=True
        )
    if not has_permission:
        raise http.Http404()

    response = HttpResponseXSendFile(request, version.source.path)
    path = version.source.path
    if not isinstance(path, str):
        path = path.decode('utf8')
    name = os.path.basename(path.replace('"', ''))
    disposition = 'attachment; filename="{0}"'.format(name).encode('utf8')
    response['Content-Disposition'] = disposition
    response['Access-Control-Allow-Origin'] = '*'
    return response
Example #16
0
def query(request, *, model_name, fields="", media):
    if media.startswith("profile") or media.startswith("pstats"):
        if "_" in media:
            prof_media, media = media.split("_")
        else:
            prof_media = media
            media = "json"

        profiler = cProfile.Profile()
        try:
            profiler.enable()

            query = Query.from_request(model_name, fields, request.GET)
            for x in _data_response(request, query, media, privileged=True):
                pass

            profiler.disable()

            if prof_media == "profile":
                buffer = io.StringIO()
                stats = pstats.Stats(profiler, stream=buffer)
                stats.sort_stats("cumulative").print_stats(50)
                stats.sort_stats("time").print_stats(50)
                buffer.seek(0)
                return HttpResponse(buffer, content_type="text/plain")
            elif prof_media == "pstats":
                buffer = io.BytesIO()
                marshal.dump(pstats.Stats(profiler).stats, buffer)
                buffer.seek(0)
                response = HttpResponse(buffer, content_type="application/octet-stream")
                response[
                    "Content-Disposition"
                ] = f"attachment; filename={query.model_name}-{timezone.now().isoformat()}.pstats"
                return response
            else:
                raise http.Http404(f"Bad file format {prof_media} requested")
        finally:
            if profiler:  # pragma: no branch
                profiler.disable()
    else:
        query = Query.from_request(model_name, fields, request.GET)
        return _data_response(request, query, media, privileged=True)
Example #17
0
 def get(self, request, *args, **kwargs):
     session_cart_to_database(request)
     accessibles = Organization.objects.accessible_by(request.user)
     count = accessibles.count()
     next_url = self.get_redirect_url(*args, **kwargs)
     if next_url:
         create_url = '%s?next=%s' % (reverse('saas_organization_create'),
                                      next_url)
     else:
         create_url = reverse('saas_organization_create')
     if count == 0:
         if self.explicit_create_on_none:
             return http.HttpResponseRedirect(create_url)
         if self.get_implicit_create_on_none():
             try:
                 kwargs.update({
                     self.slug_url_kwarg:
                     str(self.create_organization_from_user(request.user))
                 })
                 return super(OrganizationRedirectView,
                              self).get(request, *args, **kwargs)
             except IntegrityError:
                 LOGGER.warning("tried to implicitely create"\
                     " an organization that already exists.",
                     extra={'request': request})
         raise http.Http404("No organizations are accessible by user.")
     if count == 1 and not self.create_more:
         organization = accessibles.get()
         kwargs.update({self.slug_url_kwarg: accessibles.get()})
         return super(OrganizationRedirectView,
                      self).get(request, *args, **kwargs)
     redirects = []
     for organization in accessibles:
         kwargs.update({self.slug_url_kwarg: organization})
         url = super(OrganizationRedirectView,
                     self).get_redirect_url(*args, **kwargs)
         redirects += [(url, organization.printable_name, organization.slug)
                       ]
     context = self.get_context_data(**kwargs)
     context.update({'redirects': redirects})
     self.update_context_urls(context, {'organization_create': create_url})
     return self.render_to_response(context)
Example #18
0
    def _get_record(self, uuid, is_public):
        # if a public view, the uuid is that of a ProgramCertRecord,
        # if private, the uuid is that of a Program
        if is_public:
            program_cert_record = get_object_or_404(ProgramCertRecord, uuid=uuid)
            user = program_cert_record.user
            program_uuid = program_cert_record.program.uuid
        else:
            user = self.request.user
            program_uuid = uuid

        data = get_record_data(
            user, program_uuid, self.request.site, platform_name=self.request.site.siteconfiguration.platform_name
        )

        # Only allow superusers to view a record with no data in it (i.e. don't allow learners to guess URLs and view)
        if not self.request.user.is_superuser and data["program"]["empty"]:
            raise http.Http404()

        return data
Example #19
0
File: api.py Project: Flimon1317/dg 
    def delete_detail(self, request, **kwargs):
        bundle = Bundle(request=request)

        try:
            # call our obj_delete, storing the deleted_obj we returned
            # del_obj = CombinedTransaction.objects.get(id=kwargs['pk'])
            deleted_obj = self.obj_delete(
                bundle=bundle, **self.remove_api_resource_names(kwargs))
            # build a new bundle with the deleted obj and return it in a response

            deleted_bundle = self.build_bundle(obj=deleted_obj,
                                               request=request)

            # deleted_bundle = self.full_dehydrate()
            # deleted_bundle = self.alter_detail_data_to_serialize(request, deleted_bundle)
            return self.create_response(request,
                                        deleted_bundle,
                                        response_class=http.HttpResponse)
        except NotFound:
            return http.Http404()
Example #20
0
 def post(self, request, *args, **kwargs):
     try:
         vendor = shop_models.Vendors.objects.get(pk=kwargs.pop("vendor_id"))
         vendor_address = shop_models.VendorAddress.objects.filter(vendor=vendor).first()
     except shop_models.Vendors.DoesNotExist:
         raise http.Http404("No 'vendor' matches the given query.")
     form = shop_forms.VendorForm(request.POST, instance = vendor)
     address_form = shop_forms.AddressForm(request.POST, instance = vendor_address.addr)
     if form.is_valid() and address_form.is_valid():
         vendor = form.save()
         addr = address_form.save()
         messages.success(request, 'Save successful..')
         return shortcuts.redirect("admin_shop_vendors")
     else:
         messages.error(request, 'Vendor not saved..')
     return  render(request, "admin/shop/vendors_edit.html",{
         'formbundle':[
         ("Vendor details",form),
         ("Vendor address",vendor_address_form),]
     })
Example #21
0
def download_file(request, file_id, type=None):
    file = get_object_or_404(File.objects, pk=file_id)
    addon = get_object_or_404(Addon.objects, pk=file.version.addon_id)

    if addon.is_disabled or file.status == amo.STATUS_DISABLED:
        if (acl.check_addon_ownership(
                request, addon, viewer=True, ignore_disabled=True)
                or acl.check_addons_reviewer(request)):
            return HttpResponseSendFile(request,
                                        file.guarded_file_path,
                                        content_type='application/xp-install')
        else:
            raise http.Http404()

    attachment = (type == 'attachment' or not request.APP.browser)

    loc = file.get_mirror(addon, attachment=attachment)
    response = http.HttpResponseRedirect(loc)
    response['X-Target-Digest'] = file.hash
    return response
Example #22
0
def developers(request, addon, page):
    if addon.is_persona():
        raise http.Http404()
    if 'src' in request.GET:
        contribution_src = src = request.GET['src']
    else:
        page_srcs = {
            'developers': ('developers', 'meet-developers'),
            'installed': ('meet-the-developer-post-install', 'post-download'),
            'roadblock': ('meetthedeveloper_roadblock', 'roadblock'),
        }
        # Download src and contribution_src are different.
        src, contribution_src = page_srcs.get(page)
    return render(
        request, 'addons/impala/developers.html', {
            'addon': addon,
            'page': page,
            'src': src,
            'contribution_src': contribution_src
        })
Example #23
0
    def __init__(self, repo, course, flow_id, participation=None):
        # type: (Repo_ish, Course, Text, Optional[Participation]) -> None
        """*participation* and *flow_session* are not stored and only used
        to figure out versioning of the flow content.
        """

        self.repo = repo
        self.course = course
        self.flow_id = flow_id

        from django.core.exceptions import ObjectDoesNotExist

        self.course_commit_sha = get_course_commit_sha(self.course,
                                                       participation)

        try:
            self.flow_desc = get_flow_desc(self.repo, self.course, flow_id,
                                           self.course_commit_sha)
        except ObjectDoesNotExist:
            raise http.Http404()
Example #24
0
    def post(self, request, *args, **kwargs):
        if request.user.is_superuser:
            qs = models.Shipment.objects.filter()
        else:
            qs = models.Shipment.objects.filter(project=self.request.user)
        try:
            shipment = qs.get(pk=self.kwargs['pk'])
            samples = json.loads(request.POST.get('samples', '[]'))
            grouped_samples = defaultdict(list)
            loc_info = {
                container.pk:
                dict(container.kind.locations.values_list('name', 'pk'))
                for container in shipment.containers.all()
            }
            for sample in sorted(samples,
                                 key=itemgetter('container', 'location')):
                grouped_samples[sample['group']].append({
                    'project':
                    shipment.project,
                    'container_id':
                    sample['container'],
                    'location_id':
                    sample.get('location')
                    and loc_info[sample['container']][str(sample['location'])]
                    or None
                })

            to_create = []
            models.Sample.objects.filter(container__shipment=shipment).delete()
            for group in shipment.groups.all():
                # remove existing samples
                for i, details in enumerate(grouped_samples.get(group.pk, [])):
                    to_create.append(
                        models.Sample(name='{}_{}'.format(group.name, i + 1),
                                      group=group,
                                      **details))
            shipment.project.samples.bulk_create(to_create)
            return JsonResponse({'url': shipment.get_absolute_url()},
                                safe=False)
        except models.Shipment.DoesNotExist:
            raise http.Http404('Shipment Not Found!')
Example #25
0
    def process_exception(self, request, exception):
        """Catches internal Horizon exception classes.

        Exception classes such as NotAuthorized, NotFound and Http302
        are caught and handles them gracefully.
        """
        if isinstance(exception,
                      (exceptions.NotAuthorized, exceptions.NotAuthenticated)):
            auth_url = settings.LOGIN_URL
            next_url = iri_to_uri(request.get_full_path())
            if next_url != auth_url:
                field_name = REDIRECT_FIELD_NAME
            else:
                field_name = None
            login_url = request.build_absolute_uri(auth_url)
            response = redirect_to_login(next_url,
                                         login_url=login_url,
                                         redirect_field_name=field_name)
            if isinstance(exception, exceptions.NotAuthorized):
                logout_reason = _("Unauthorized. Please try logging in again.")
                utils.add_logout_reason(request, response, logout_reason,
                                        'error')
                # delete messages, created in get_data() method
                # since we are going to redirect user to the login page
                response.delete_cookie('messages')

            if request.is_ajax():
                response_401 = http.HttpResponse(status=401)
                response_401['X-Horizon-Location'] = response['location']
                return response_401

            return response

        # If an internal "NotFound" error gets this far, return a real 404.
        if isinstance(exception, exceptions.NotFound):
            raise http.Http404(exception)

        if isinstance(exception, exceptions.Http302):
            # TODO(gabriel): Find a way to display an appropriate message to
            # the user *on* the login form...
            return shortcuts.redirect(exception.location)
Example #26
0
def serve_action(
    request: http.HttpRequest,
    action_id: int,
) -> http.HttpResponse:
    """Serve the rendering of an action in a workflow for a given user.

    - uatn: User attribute name. The attribute to check for authentication.
      By default this will be "email".

    - uatv: User attribute value. The value to check with respect to the
      previous attribute. The default is the user attached to the request.

    If the two last parameters are given, the authentication is done as:

    user_record[user_attribute_name] == user_attribute_value

    :param request: Http Request
    :param action_id: Action ID to use
    :return: Http response
    """
    # Get the action object
    action = models.Action.objects.filter(pk=int(action_id)).prefetch_related(
        'conditions', ).first()
    if not action or (not action.serve_enabled) or (not action.is_active):
        raise http.Http404

    # Get the parameters
    user_attribute_name = request.GET.get('uatn', 'email')
    if user_attribute_name not in action.workflow.get_column_names():
        raise http.Http404

    if action.is_out:
        try:
            response = services.serve_action_out(request.user, action,
                                                 user_attribute_name)
        except Exception:
            raise http.Http404()

        return response

    return _common_run_survey_row(request, action, user_attribute_name)
Example #27
0
def confirm_member(request, url, user_pk):
    """
    Add a member to a group who has requested membership.
    """
    group = get_object_or_404(Group, url=url)
    profile = get_object_or_404(UserProfile, pk=user_pk)
    is_curator = (request.user.userprofile in group.curators.all())
    is_manager = request.user.userprofile.is_manager
    group_url = reverse('groups:show_group', args=[group.url])

    # Workaround for using both request.GET and request.POST data
    next_url = getattr(request, request.method).get('next_url', group_url)

    if not (is_curator or is_manager):
        raise http.Http404()
    try:
        membership = GroupMembership.objects.get(group=group,
                                                 userprofile=profile)
    except GroupMembership.DoesNotExist:
        messages.error(
            request,
            _('This user has not requested membership in this group.'))
    else:
        if membership.status == GroupMembership.MEMBER and not membership.needs_renewal:
            messages.error(request,
                           _('This user is already a member of this group.'))
        else:
            status = GroupMembership.MEMBER
            if group.terms:
                status = GroupMembership.PENDING_TERMS
            group.add_member(profile,
                             status=status,
                             inviter=request.user.userprofile)
            if membership.needs_renewal:
                messages.info(
                    request, _('The membership of the user has been renewed.'))
            else:
                messages.info(
                    request,
                    _('This user has been added as a member of this group.'))
    return redirect(next_url)
Example #28
0
def review_list(request, addon, review_id=None, user_id=None, rating=None):
    qs = Review.objects.valid().filter(addon=addon).order_by('-created')

    ctx = {'product': addon, 'score': rating, 'review_perms': {}}

    if review_id is not None:
        qs = qs.filter(pk=review_id)
        ctx['page'] = 'detail'
        # If this is a dev reply, find the first msg for context.
        review = get_object_or_404(Review, pk=review_id)
        if review.reply_to_id:
            review_id = review.reply_to_id
            ctx['reply'] = review
    elif user_id is not None:
        qs = qs.filter(user=user_id)
        ctx['page'] = 'user'
        if not qs:
            raise http.Http404()
    else:
        ctx['page'] = 'list'
        qs = qs.filter(is_latest=True)

    ctx['ratings'] = ratings = amo.utils.paginate(request, qs, 20)
    if not ctx.get('reply'):
        ctx['replies'] = Review.get_replies(ratings.object_list)
    if request.user.is_authenticated():
        ctx['review_perms'] = {
            'is_admin':
            acl.action_allowed(request, 'Addons', 'Edit'),
            'is_editor':
            acl.check_reviewer(request),
            'is_author':
            acl.check_addon_ownership(request,
                                      addon,
                                      viewer=True,
                                      dev=True,
                                      support=True),
        }
        ctx['flags'] = get_flags(request, ratings.object_list)
        ctx['has_review'] = addon.reviews.filter(user=request.user.id).exists()
    return jingo.render(request, 'ratings/listing.html', ctx)
Example #29
0
def podcasts_data(request):
    context = {}
    search_term = request.GET.get("search", "").strip()

    search = PodcastDoc.search()
    if search_term:
        search = search.query("match_phrase", name=search_term)

    search = search.sort("-times_picked", "_score")
    page = request.GET.get("page", 1)
    page_index = int(page) - 1
    assert page_index >= 0, page_index
    batch_size = 15
    if page_index > 0:
        # need to check that it's not out of bounds
        response = PodcastDoc.search().execute()
        if batch_size * (1 + page_index) > response.hits.total:
            raise http.Http404("Page too big")
    search = search[page_index * batch_size : (page_index + 1) * batch_size]

    response = search.execute()
    context["count"] = response.hits.total

    items = []
    for hit in response.hits:
        items.append(hit.to_dict())

    context["items"] = items

    pagination = {
        "has_previous": page_index > 0,
        "has_next": (page_index + 1) * batch_size < context["count"],
        "number": page_index + 1,
        "num_pages": math.ceil(context["count"] / batch_size),
    }
    if pagination["has_previous"]:
        pagination["previous_page_number"] = page_index
    if pagination["has_next"]:
        pagination["next_page_number"] = page_index + 2
    context["pagination"] = pagination
    return http.JsonResponse(context)
Example #30
0
 def app_index(self, request, app_label, extra_context=None):
     user = request.user
     has_module_perms = user.has_module_perms(app_label)
     app_dict = {}
     for model, model_admin in self._registry.items():
         if app_label == model._meta.app_label:
             if has_module_perms:
                 perms = {
                     'add': user.has_perm("%s.%s" % (app_label, model._meta.get_add_permission())),
                     'change': user.has_perm("%s.%s" % (app_label, model._meta.get_change_permission())),
                     'delete': user.has_perm("%s.%s" % (app_label, model._meta.get_delete_permission())),
                 }
                 # Check whether user has any perm for this module.
                 # If so, add the module to the model_list.
                 if True in perms.values():
                     model_dict = {
                         'name': capfirst(model._meta.verbose_name_plural),
                         'admin_url': '%s/' % model.__name__.lower(),
                         'perms': perms,
                     }
                 if app_dict:
                     app_dict['models'].append(model_dict),
                 else:
                     app_dict = {
                         'name': app_label.title(),
                         'app_url': '',
                         'has_module_perms': has_module_perms,
                         'models': [model_dict],
                     }
                 if not app_dict:
                     raise http.Http404('The requested admin page does not exist.')
     # Sort the models alphabetically within each app.
     app_dict['models'].sort(lambda x, y: cmp(x['name'], y['name']))
     context = {
         'title': _('%s administration' % capfirst(app_label)),
         'app_list': [app_dict]
     }
     context.update(extra_context or {})
     return render_to_response(self.app_index_template or 'admin/app_index.html', context,
         context_instance=template.RequestContext(request)
     )