def add_member_to_group_view(request, group_id): if request.method != "POST": return http.HttpResponseNotAllowed(["POST"], "HTTP 405: METHOD NOT ALLOWED") try: group = Group.objects.get(id=group_id) except Group.DoesNotExist: raise http.Http404 next_url = reverse("eighth_admin_edit_group", kwargs={"group_id": group_id}) if "user_id" in request.POST: user_ids = request.POST.getlist("user_id") user_objects = User.objects.filter(id__in=user_ids) next_url += "?" for user in user_objects: user.groups.add(group) user.save() if len(user_objects) < 25: next_url += "added={}&".format(user.id) invalidate_obj(group) messages.success(request, "Successfully added {} user{} to the group.".format(len(user_objects), "s" if len(user_objects) != 1 else "")) return redirect(next_url) if "query" not in request.POST: return redirect(next_url + "?error=s") query = request.POST["query"] from_sid = User.objects.user_with_student_id(query) if from_sid: from_sid.groups.add(group) from_sid.save() messages.success(request, "Successfully added user \"{}\" to the group.".format(from_sid.full_name)) return redirect(next_url + "?added=" + str(from_sid.id)) errors, results = get_search_results(query) logger.debug(results) if len(results) == 1: user_id = results[0].id logger.debug("User id: {}".format(user_id)) user = User.objects.user_with_ion_id(user_id) user.groups.add(group) user.save() messages.success(request, "Successfully added user \"{}\" to the group.".format(user.full_name)) return redirect(next_url + "?added=" + str(user_id)) elif len(results) == 0: return redirect(next_url + "?error=n") else: users = results results = sorted(results, key=lambda x: (x.last_name, x.first_name)) context = {"query": query, "users": users, "group": group, "admin_page_title": "Add Members to Group"} return render(request, "eighth/admin/possible_students_add_group.html", context)
def post(self, request, *args, **kwargs): if not request.user.is_authenticated: return http.HttpResponseNotAllowed(['get']) self.object = self.get_object() form = self.get_form(entity=self.object, data=self.request.POST) if form.is_valid(): form.save(self.request.user) return http.HttpResponseRedirect(self.request.path) context = self.get_context_data(form=form) return self.render_to_response(context)
def url_reverse(request): if request.method in ('GET', 'POST'): data = getattr(request, request.method) url_name = data.get('url_name') try: path = urlresolvers.reverse(url_name, args=data.getlist('args')) (view_func, args, kwargs) = urlresolvers.resolve(path) return http.HttpResponse(path, content_type="text/plain") #return view_func(request, *args, **kwargs) except urlresolvers.NoReverseMatch: return http.HttpResponse("Greska", content_type="text/plain") return http.HttpResponseNotAllowed(('GET', 'POST'))
def handle_request(self, request): if request.method != 'GET': self.info(u"Received request but wasn't GET. Doing nothing: %s" % request.POST) return http.HttpResponseNotAllowed(['GET']) self.info(u"Received request: %s" % request.GET) msg = self.message(request.GET) if msg: self.route(msg) return http.HttpResponse("OK") else: return http.HttpResponseBadRequest("")
def json_file_validation(request, addon_id, addon, file_id): file = get_object_or_404(File, id=file_id) if not file.has_been_validated: if request.method != 'POST': return http.HttpResponseNotAllowed(['POST']) try: v_result = tasks.file_validator(file.id) except Exception, exc: log.error('file_validator(%s): %s' % (file.id, exc)) error = "\n".join(traceback.format_exception(*sys.exc_info())) return make_validation_result({'validation': '', 'error': error})
def http_method_not_allowed(self, request, *args, **kwargs): allowed_methods = [ m for m in self.http_method_names if hasattr(self, m) ] logger.warning('Method Not Allowed (%s): %s', request.method, request.path, extra={ 'status_code': 405, 'request': self.request }) return http.HttpResponseNotAllowed(allowed_methods)
def react_post_view(request, id=None): """ id: post id """ post = get_object_or_404(BoardPost, id=id) board = post.board if not board.has_member(request.user): return http.HttpResponseNotAllowed(["POST"], "Invalid permissions.") reactions = post.comments.filter(user=request.user) if reactions.count() > 0: reactions.delete() reaction = request.POST.get("reaction", None) if request.method == "POST" and reaction: allowed_reactions = [str(i) for i in range(1, 7)] allowed_reactions += ["stallman"] if reaction not in allowed_reactions: reaction = "1" content = '<div class="reaction-icon comment-reaction reaction-{}"></div>'.format( reaction) if reaction == "stallman": content += "I'd just like to interject for moment. What you're refering to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux." obj = BoardPostComment.objects.create(content=content, safe_html=True, user=request.user) post.comments.add(obj) post.save() messages.success(request, "Reaction added") return http.HttpResponse("Reaction added") else: return http.HttpResponseNotAllowed(["POST"], "HTTP 405: METHOD NOT ALLOWED")
def new_feedback(request): """ Render form for adding feedback to consumer with type and id. After adding feedback redirects to consumer absolute url """ FeedbackForm = load_module(defaults.CUSTOM_FEEDBACK_FORM) if request.method == 'GET': from django.shortcuts import render return render( request, 'spicy.core.simplepages/simplepages/feedback_create_lead.html') if request.method == 'POST': pattern = get_object_or_404(models.FeedbackPattern, slug=request.POST.get('pattern')) feedback = Feedback(pattern=pattern) form = FeedbackForm(request.POST, instance=feedback) if form.is_valid(): if 'import requests' in request.session: del request.session['feedback_form'] feedback = form.save(commit=False) feedback.ip_address = request.META['REMOTE_ADDR'] if not (feedback.name.strip() or feedback.email.strip() or feedback.phone.strip() or feedback.var1.strip() or feedback.var2.strip() or feedback.var3.strip() or feedback.message.strip() or feedback.company_name.strip() or feedback.url.strip()): feedback.processing_status = defaults.SPAM feedback.save() signals.create_feedback.send(sender=feedback.__class__, request=request, feedback=feedback) if feedback.processing_status != defaults.SPAM: feedback.send_report() try: if defaults.SEND_AUTO_RESPONSE_WITHOUT_TIMEOUT: feedback.send_to_customers(realhost=request.get_host()) except Exception as e: return {'status': 'success', 'errors': e.message} return {'status': 'success'} else: request.session['feedback_form'] = request.POST return {'status': 'fail', 'errors': str(form.errors)} else: return http.HttpResponseNotAllowed(['POST'])
def janrain_token(request): if request.method != 'POST': return http.HttpResponseNotAllowed(('POST', )) redirect_to = request.session.get('jr_next', reverse('assopy-profile')) try: token = request.POST['token'] except KeyError: return http.HttpResponseBadRequest() try: profile = janrain.auth_info(settings.JANRAIN['secret'], token) except Exception, e: log.warn('exception during janrain auth info: "%s"', str(e)) return HttpResponseRedirectSeeOther(dsettings.LOGIN_URL)
def add_room_view(request): if request.method == "POST": form = RoomForm(request.POST) if form.is_valid(): form.save() messages.success(request, "Successfully added room.") return redirect("eighth_admin_dashboard") else: messages.error(request, "Error adding room.") request.session["add_room_form"] = pickle.dumps(form) return redirect("eighth_admin_dashboard") else: return http.HttpResponseNotAllowed(["POST"], "HTTP 405: METHOD NOT ALLOWED")
def clear_absence_view(request, signup_id): if request.method == "POST": try: signup = EighthSignup.objects.get(id=signup_id) except (EighthSignup.DoesNotExist, ValueError) as e: raise http.Http404 from e signup.was_absent = False signup.save() invalidate_obj(signup) if "next" in request.GET: return redirect(request.GET["next"]) return redirect("eighth_admin_dashboard") else: return http.HttpResponseNotAllowed(["POST"], "HTTP 405: METHOD NOT ALLOWED")
def add_member_to_group_view(request, group_id): if request.method != "POST": return http.HttpResponseNotAllowed(["POST"], "HTTP 405: METHOD NOT ALLOWED") try: group = Group.objects.get(id=group_id) except Group.DoesNotExist as e: raise http.Http404 from e if not request.user.can_manage_group(group): messages.error(request, "You must be a superuser on Ion to manage administrative groups") return redirect("eighth_admin_dashboard") next_url = reverse("eighth_admin_edit_group", kwargs={"group_id": group_id}) if "user_id" in request.POST: user_ids = request.POST.getlist("user_id") user_objects = get_user_model().objects.filter(id__in=user_ids).exclude(groups=group) next_url += "?" for user in user_objects: user.groups.add(group) user.save() if len(user_objects) < 25: next_url += "added={}&".format(user.id) invalidate_obj(group) messages.success(request, "Successfully added {} user{} to the group.".format(len(user_objects), "s" if len(user_objects) != 1 else "")) return redirect(next_url) if "query" not in request.POST: return redirect(next_url + "?error=s") query = request.POST["query"] from_sid = get_user_model().objects.user_with_student_id(query) if from_sid: if not from_sid.groups.filter(id=group.id).exists(): from_sid.groups.add(group) from_sid.save() messages.success(request, 'Successfully added user "{}" to the group.'.format(from_sid.full_name)) return redirect(next_url + "?added=" + str(from_sid.id)) errors, results = get_search_results(query) if errors: messages.error(request, "Could not process search query.") return redirect(next_url + "?error=n") if not results: return redirect(next_url + "?error=n") else: users = sorted(results, key=lambda x: (x.last_name, x.first_name)) context = {"query": query, "users": users, "group": group, "admin_page_title": "Add Members to Group"} return render(request, "eighth/admin/possible_students_add_group.html", context)
def post_entry(request, next=None): """ Post a entry. HTTP POST is required. If ``POST['submit'] == "preview"`` or if there are errors a preview template, ``guestbook/preview.html``, will be rendered. """ # Require POST if request.method != 'POST': return http.HttpResponseNotAllowed(["POST"]) # Fill out some initial data fields from an authenticated user, if present data = request.POST.copy() if request.user.is_authenticated(): if not data.get('user', ''): data["user"] = request.user.get_full_name() if not data.get('email', ''): data["email"] = request.user.email # Do we want to preview the entry? preview = data.get("submit", "").lower() == "preview" or \ data.get("preview", None) is not None # Construct the entry form form = guestbook.get_form()(data=data) # Check security information if form.security_errors(): return EntryPostBadRequest( "The entry form failed security verification: %s" % \ escape(str(form.security_errors()))) # If there are errors or if we requested a preview show the entry if form.errors or preview: return render_to_response("guestbook/preview.html", { "entry": form.data.get("entry", ""), "form": form, }, RequestContext(request, {})) # Otherwise create the entry entry = form.get_entry_object() entry.ip = request.META.get("REMOTE_ADDR", None) if request.user.is_authenticated(): entry.user = request.user.username # Save the entry and signal that it was saved entry.save() return http.HttpResponseRedirect(reverse('guestbook-page-last'))
def deploy_data(request): response = http.HttpResponse() response['Access-Control-Allow-Origin'] = '*' response['Access-Control-Allow-Methods'] = 'PUT, POST, GET, OPTIONS' response['Access-Control-Max-Age'] = 1000 response['Access-Control-Allow-Headers'] = 'Authorization, X-CSRFToken' if request.method == 'OPTIONS': return response if request.method != 'PUT': return http.HttpResponseNotAllowed() if not request.META.get('HTTP_AUTHORIZATION'): return http.HttpResponseForbidden() try: (auth_type, data) = request.META['HTTP_AUTHORIZATION'].split() if auth_type.lower() != 'basic': return http.HttpResponseForbidden() user_pass = base64.b64decode(data) except: return http.HttpResponseForbidden() bits = user_pass.split(':', 1) if len(bits) != 2: return http.HttpResponseBadRequest() user = authenticate(username=bits[0], password=bits[1]) if not user or not user.is_active: return http.HttpResponseForbidden() try: for obj in Deserializer(request.raw_post_data, using=DEFAULT_DB_ALIAS): if isinstance(obj.object, DeleteObject): ct = ContentType.objects.get_by_natural_key( obj.object.app_label, obj.object.model) ct.model_class().objects.get(pk=obj.object.pk).delete() else: obj.save() transaction.commit() response = {'message': 'OK', 'error': 0, 'object': None} except Exception, e: transaction.rollback() response = { 'message': unicode(e), 'error': 1, 'object': unicode(obj.object) }
def toggle_favorite_view(request): if request.method != "POST": return http.HttpResponseNotAllowed(["POST"], "HTTP 405: METHOD NOT ALLOWED") if not ("aid" in request.POST and request.POST["aid"].isdigit()): http.HttpResponseBadRequest("Must specify an integer aid") aid = request.POST["aid"] activity = get_object_or_404(EighthActivity, id=aid) if activity.favorites.filter(id=request.user.id).nocache().exists(): activity.favorites.remove(request.user) return http.HttpResponse("Unfavorited activity.") else: activity.favorites.add(request.user) return http.HttpResponse("Favorited activity.")
def hide_event_view(request): """Hide an event for the logged-in user. events_hidden in the user model is the related_name for "users_hidden" in the EventUserMap model. """ if request.method == "POST": event_id = get_id(request.POST.get("event_id", None)) if event_id: event = get_object_or_404(Event, id=event_id) event.user_map.users_hidden.add(request.user) event.user_map.save() return http.HttpResponse("Hidden") raise http.Http404 else: return http.HttpResponseNotAllowed(["POST"], "HTTP 405: METHOD NOT ALLOWED")
def add_group_view(request): if request.method == "POST": form = QuickGroupForm(request.POST) if form.is_valid(): if not request.user.can_manage_group(form.cleaned_data["name"]): messages.error(request, "You must be a superuser on Ion to manage administrative groups") return redirect("eighth_admin_dashboard") group = form.save() messages.success(request, "Successfully added group.") return redirect("eighth_admin_edit_group", group_id=group.id) else: messages.error(request, "Error adding group.") return redirect("eighth_admin_dashboard") else: return http.HttpResponseNotAllowed(["POST"], "405: METHOD NOT ALLOWED")
def activate_subscription(request): if request.method == 'POST': subject = "Testing order" support_email = '*****@*****.**' recipients = ('*****@*****.**',) data = str(request.POST) msg = EmailMessage(subject, data, support_email, recipients) msg.send() ctx = dict() ctx['title'] = 'Thank you' ctx['title_icon'] = 'check' ctx['order_number'] = request.POST['order_number'] # from 2CO return render(request, 'accounts/thankyou.html', ctx) return http.HttpResponseNotAllowed(['GET'])
def dispatch(self, request, *args, **kwargs): # Try to dispatch to the right method for that; if it doesn't exist, # raise a big error. if hasattr(self, request.method.upper()): self.request = request self.args = args self.kwargs = kwargs if request.method == "PUT": coerce_put_post(request) return getattr(self, request.method.upper())(request, *args, **kwargs) else: allowed_methods = [ m for m in self.method_names if hasattr(self, m) ] return http.HttpResponseNotAllowed(allowed_methods)
def url_reverse(request): if (settings.DEBUG == False) and (request.is_ajax() == False): # If not DEBUG, we don't enable the non ajax request. raise http.Http404('Non ajax query') if request.method in ('GET', 'POST'): url_name = request.GET.get('url_name', None) if not url_name: raise http.Http404('Please specify the reverse url name!') try: path = urlresolvers.reverse(url_name, args=request.GET.getlist('url_args[]')) (view_func, args, kwargs) = urlresolvers.resolve(path) return view_func(request, *args, **kwargs) except urlresolvers.NoReverseMatch: raise http.Http404('URL not found') return http.HttpResponseNotAllowed(('GET', 'POST'))
def show_announcement_view(request): """Unhide an announcement that was hidden by the logged-in user. announcements_hidden in the user model is the related_name for "users_hidden" in the announcement model. """ if request.method == "POST": announcement_id = request.POST.get("announcement_id") if announcement_id: announcement = Announcement.objects.get(id=announcement_id) announcement.user_map.users_hidden.remove(request.user) announcement.user_map.save() return http.HttpResponse("Unhidden") raise http.Http404 else: return http.HttpResponseNotAllowed(["POST"], "HTTP 405: METHOD NOT ALLOWED")
def subscribe(request): if request.method != 'POST': return http.HttpResponseNotAllowed(('POST',)) if not request.user.is_authenticated(): return http.HttpResponseBadRequest() content_type = request.POST['content_type'] object_pk = request.POST['object_pk'] app_label, model = content_type.split('.', 1) ct = ContentType.objects.get(app_label=app_label, model=model) object = ct.get_object_for_this_type(pk=object_pk) if 'subscribe' in request.POST: models.ThreadSubscription.objects.subscribe(object, request.user) elif 'unsubscribe' in request.POST: models.ThreadSubscription.objects.unsubscribe(object, request.user) return redirect(request.META.get('HTTP_REFERER', '/'))
def add_group_view(request): if request.method == "POST": form = QuickGroupForm(request.POST) if form.is_valid(): group = form.save() messages.success(request, "Successfully added group.") return redirect("eighth_admin_edit_group", group_id=group.id) else: messages.error(request, "Error adding group.") try: request.session["add_group_form"] = pickle.dumps(form) except (pickle.PicklingError, TypeError): """Prevent pickle errors.""" pass return redirect("eighth_admin_dashboard") else: return http.HttpResponseNotAllowed(["POST"], "405: METHOD NOT ALLOWED")
def url_reverse(request): """ Reverse the requested URL (passed via GET / POST as `url_name` parameter) :param request: Request object :return: The reversed path """ if request.method in ('GET', 'POST'): data = getattr(request, request.method) url_name = data.get('url_name') try: path = urlresolvers.reverse(url_name, args=data.getlist('args')) (view_func, args, kwargs) = urlresolvers.resolve(path) return http.HttpResponse(path, content_type="text/plain") except urlresolvers.NoReverseMatch: return http.HttpResponse("Error", content_type="text/plain") return http.HttpResponseNotAllowed(('GET', 'POST'))
def exportinventories(request): """ Export to Excel Workbook API Endpoint Method: Post Requires Authentication Payload: "end": DATEFORMAT string from year 1900 to 2100; Required <Requires One of the Following> "ytd": [Any Value] "start": DATEFORMAT string from year 1900 to 2100 end indicates the final Month to include ytd is shorthand for January of the same year as end start otherwise indicates the first month to include and will return all intermediary months """ ## Requires Post if request.method != "POST": return dhttp.HttpResponseNotAllowed(["POST",]) ## Requires Authentication if not request.user.is_authenticated: return dhttp.HttpResponse("Unauthorized",status=401) ## Get payload data = request.POST ## All data requires end; one of (start,ytd) must be used if 'end' not in data or all(key not in data for key in ['start','ytd']): return dhttp.HttpResponseBadRequest('missing key') ## Convert datestrings to datetimes and handle ytd try: if 'ytd' in data: end = datetime.datetime.strptime(data['end'],DATEFORMAT) start = methods.getlastdecember(end) else: start = datetime.datetime.strptime(data['start'],DATEFORMAT) end = datetime.datetime.strptime(data['end'],DATEFORMAT) ## If Datetimes cannot be converted, Bad Request except: return dhttp.HttpResponseBadRequest('bad dates') ## Makes sure dates are within range if not methods.validatedatetime(start): return dhttp.HttpResponseBadRequest('bad start') if not methods.validatedatetime(end): return dhttp.HttpResponseBadRequest('bad end') ## Create and serve download file = excelmethods.createexceldownload(start,end) response = dhttp.HttpResponse(file, content_type='application/vnd.ms-excel') response['Content-Disposition'] = f'attachment; filename="Inventory {start.strftime("%m-%Y")} to {end.strftime("%m-%Y")}.xlsx"' return response
def events(self, request, sid): sch = get_object_or_404(models.Schedule, id=sid) if request.method != 'POST': return http.HttpResponseNotAllowed(('POST', )) from conference.forms import EventForm form = EventForm(data=request.POST) output = {} if form.is_valid(): event = form.save(commit=False) event.schedule = sch event.save() for t in form.cleaned_data['event_tracks']: models.EventTrack(event=event, track=t).save() output = { 'event': event.id, } return output
def p3_profile_message(request, slug): if request.method != 'POST': return http.HttpResponseNotAllowed(('POST', )) class MessageForm(forms.Form): subject = forms.CharField() message = forms.CharField() f = MessageForm(data=request.POST) if f.is_valid(): data = f.cleaned_data profile = get_object_or_404(cmodels.AttendeeProfile, slug=slug) try: profile.p3_profile.send_user_message(request.user, data['subject'], data['message']) except ValueError, e: return http.HttpResponseBadRequest(str(e)) return "OK"
def create_new_keypair(request): """ Response to generate private/public RSA key pair """ get_user(request, settings.ASTAKOS_AUTH_URL) if request.method != "POST": return http.HttpResponseNotAllowed(["POST"]) if not SUPPORT_GENERATE_KEYS: raise Exception("Application does not support ssh keys generation") if PublicKeyPair.user_limit_exceeded(request.user_uniq): return http.HttpResponseServerError("SSH keys limit exceeded") data = generate_keypair() return http.HttpResponse(json.dumps(data), content_type="application/json")
def toggle_favorite_view(request): if request.method != "POST": return http.HttpResponseNotAllowed(["POST"], "HTTP 405: METHOD NOT ALLOWED") if not ("aid" in request.POST and is_entirely_digit(request.POST["aid"])): http.HttpResponseBadRequest("Must specify an integer aid") aid = request.POST["aid"] with transaction.atomic(): activity = get_object_or_404(EighthActivity, id=aid) # Lock on the User to prevent duplicates. lock_on([request.user]) if activity.favorites.filter(id=request.user.id).nocache().exists(): activity.favorites.remove(request.user) return http.HttpResponse("Unfavorited activity.") else: activity.favorites.add(request.user) return http.HttpResponse("Favorited activity.")
def section_feed_post_meme(request, section_id): """Post to class feed.""" try: LDAPCourse.objects.get(section_id=section_id) except LDAPCourse.DoesNotExist: return render(request, "board/error.html", {"reason": "This class doesn't exist."}, status=404) try: board = Board.objects.get(section_id=section_id) except Board.DoesNotExist: # Create a board for this class board = Board.objects.create(section_id=section_id) if not board.has_member(request.user): return render(request, "error/403.html", {"reason": "You are not a member of this class."}, status=403) if request.method == "POST": meme_id = request.POST.get("meme") meme = get_meme(meme_id) if not meme: meme = get_all_memes()[0] content = '<div class="meme-option" style="background-image: url({})"></div>'.format( meme["url"]) post = BoardPost.objects.create(title="", content=content, safe_html=True, user=request.user) board.posts.add(post) board.save() messages.success(request, "Successfully added post.") return redirect("board_section", section_id) else: return http.HttpResponseNotAllowed(["POST"], "HTTP 405: METHOD NOT ALLOWED")