def get_context_data(self, **kwargs):
context = super(PostDetail, self).get_context_data(**kwargs)
if not self.object.auto_gen:
raw_text = self.object.body
item_descs = re.findall(ur"(\[\[item[:]([^|\[\]]+)(?:\|([^\]\[]+))?\]\])", raw_text)
for item_desc in item_descs:
full_match, src_url, caption = item_desc
try:
item = Item.objects.get(source__startswith=src_url)
if not caption:
caption = item.name
new_item_desc = '<div class="thumbnail">' \
'<a href="%s"><span style="background-image:url(%s);"></span></a>' \
'<div class="caption"><p>%s</p></div>' \
'</div>' % (escape_uri_path(item.get_absolute_url()),
escape_uri_path(item.image_url),
caption.encode('utf-8'))
raw_text = raw_text.replace(full_match, new_item_desc)
except Item.DoesNotExist:
print src_url
continue
context['body'] = mark_safe(raw_text)
else:
t = loader.get_template('blog/auto_post.html')
c = Context({"post": self.object})
context['body'] = t.render(c)
return context
def test_escape_uri_path(self):
self.assertEqual(
escape_uri_path("/;some/=awful/?path/:with/@lots/&of/+awful/chars"),
"/%3Bsome/%3Dawful/%3Fpath/:with/@lots/&of/+awful/chars",
)
self.assertEqual(escape_uri_path("/foo#bar"), "/foo%23bar")
self.assertEqual(escape_uri_path("/foo?bar"), "/foo%3Fbar")
def get(self, request):
back_id = int(request.query_params.get("id"))
token = request.query_params.get("token")
try:
res = jwt.decode(token, JWT_TOKEN_KEY, algorithms='HS256')
username = res['username']
user = UserInfo.objects.filter(name=username).first()
user_id = user.id
except Exception as e:
print(e)
return Response(status=401)
back = BackupRecord.objects.filter(id=back_id).first()
if back:
file_name_path = back.backup_filepath
def file_iterator(file_name, chunk_size=512):
with open(file_name, 'rb') as f:
while True:
c = f.read(chunk_size)
if c:
yield c
else:
break
the_file_name = file_name_path
print(escape_uri_path(file_name_path.split("/")[-1]))
response = StreamingHttpResponse(file_iterator(the_file_name))
response['Content-Type'] = 'application/octet-stream'
response[
'Content-Disposition'] = 'attachment;filename="{0}"'.format(
escape_uri_path(file_name_path.split("/")[-1]))
return response
else:
return Response(status=401, data={'info': '无权限!'})
def download_image(self, request, queryset):
if len(queryset) >= 2:
z = zipstream.ZipFile(mode='w', compression=zipstream.ZIP_DEFLATED)
for data in queryset:
file_path = str(data.image.url).strip('/')
file_name = str(data.name) + '-' + file_path.split('/')[-1]
z.write(file_path, file_name)
export_name = escape_uri_path(str(len(queryset)) + 'images')
response = StreamingHttpResponse(z)
response['Content-Type'] = 'application/zip'
response[
'Content-Disposition'] = 'attachment; filename={}.zip'.format(
export_name)
return response
elif len(queryset) >= 1:
for data in queryset:
file_path = str(data.image.url).strip('/')
file_name = str(data.name) + '-' + file_path.split('/')[-1]
file = open(file_path, 'rb')
export_name = escape_uri_path(file_name)
response = FileResponse(file)
response['Content-Type'] = 'application/octet-stream'
response[
'Content-Disposition'] = 'attachment;filename={}'.format(
export_name)
return response
else:
return None
def test_escape_uri_path(self):
self.assertEqual(
escape_uri_path('/;some/=awful/?path/:with/@lots/&of/+awful/chars'),
'/%3Bsome/%3Dawful/%3Fpath/:with/@lots/&of/+awful/chars'
)
self.assertEqual(escape_uri_path('/foo#bar'), '/foo%23bar')
self.assertEqual(escape_uri_path('/foo?bar'), '/foo%3Fbar')
def test_escape_uri_path(self):
self.assertEqual(
escape_uri_path(
'/;some/=awful/?path/:with/@lots/&of/+awful/chars'),
'/%3Bsome/%3Dawful/%3Fpath/:with/@lots/&of/+awful/chars')
self.assertEqual(escape_uri_path('/foo#bar'), '/foo%23bar')
self.assertEqual(escape_uri_path('/foo?bar'), '/foo%3Fbar')
def do_redirect(self, request, response=None):
if getattr(settings, "DJANGOCMS_REDIRECT_404_ONLY",
True) and response and response.status_code != 404:
return response
req_path = request.path
# get the query string
querystring = request.META.get("QUERY_STRING", "")
if querystring:
querystring = "?%s" % iri_to_uri(querystring)
# start with the path as is
possible_paths = [req_path]
# add the unquoted path if it differs
req_path_quoted = escape_uri_path(req_path)
if req_path_quoted != req_path:
possible_paths.append(req_path_quoted)
# if a slash is missing, try to append it
if not req_path.endswith("/"):
req_path_slash = req_path + "/"
possible_paths.append(req_path_slash)
req_path_slash_quoted = escape_uri_path(req_path_slash)
if req_path_slash_quoted != req_path_slash:
possible_paths.append(req_path_slash_quoted)
current_site = get_current_site(request)
r = None
key = get_key_from_path_and_site(req_path, settings.SITE_ID)
cached_redirect = cache.get(key)
if not cached_redirect:
for path in possible_paths:
filters = dict(site=current_site, old_path=path)
try:
r = Redirect.objects.get(**filters)
break
except Redirect.DoesNotExist:
r = self._match_substring(path)
if r:
break
cached_redirect = {
"site": settings.SITE_ID,
"redirect": r.new_path if r else None,
"status_code": r.response_code if r else None,
}
cache.set(key,
cached_redirect,
timeout=getattr(settings,
"DJANGOCMS_REDIRECT_CACHE_TIMEOUT",
3600))
if cached_redirect["redirect"] == "":
return self.response_gone_class()
if cached_redirect["status_code"] == "302":
return self.response_redirect_class("{}{}".format(
cached_redirect["redirect"], querystring))
elif cached_redirect["status_code"] == "301":
return self.response_permanent_redirect_class("{}{}".format(
cached_redirect["redirect"], querystring))
elif cached_redirect["status_code"] == "410":
return self.response_gone_class()
def download_week_report(request, pk):
file = CityWeekRecord.get_report(pk)
file_path = os.path.join(settings.DEVICE_REPORT_DIR, file)
print(escape_uri_path(file_path))
response = FileResponse(open(file_path, 'rb'))
# response['Content-Type'] = 'application/octet-stream'
response[
'Content-Type'] = 'application/vnd.openxmlformats-officedocument.wordprocessingml.document'
response['Content-Disposition'] = "attachment; filename*=utf-8''{}".format(
escape_uri_path(file))
return response
def download(request):
schedule = request.GET.get('schedule')
filename = request.GET.get('filename')
username = request.user.username
schedule_obj = get_object_or_404(HostSnapshotShare, id=schedule)
if schedule_obj.login_user != username:
_logger.warning('download user Forbidden')
return HttpResponseForbidden()
root_dir = os.path.join('/home/', schedule_obj.samba_user,
schedule_obj.samba_user, schedule_obj.dirinfo)
if not filename.startswith(root_dir):
_logger.warning(
'download invalid Forbidden, root_dir:{}'.format(root_dir))
return HttpResponseForbidden()
if not os.path.exists(filename):
_logger.warning(
'download not exists Forbidden, filename:{}'.format(filename))
return HttpResponseForbidden()
if not os.path.isfile(filename):
_logger.warning(
'download not file Forbidden, filename:{}'.format(filename))
return HttpResponseForbidden()
response = HttpResponse()
response['Content-Type'] = 'application/octet-stream'
response['Content-Disposition'] = 'attachment;filename="{0}"'.format(
os.path.split(escape_uri_path(filename))[-1])
response['content-length'] = '{}'.format(os.stat(filename).st_size)
response['X-Accel-Redirect'] = '/file_download/' + '/'.join(
quote(filename, encoding='utf-8').split('/')[2:])
return response
def downware(request):
file = open("proxy/" + request.GET['username'], 'rb')
response = HttpResponse(file)
response['Content-Type'] = 'application/octet-stream'
response['Content-Disposition'] = "attachment;filename*=utf-8''{}".format(
escape_uri_path(request.GET['username']))
return response
def orgchart_get_by_username(request, path, username):
"""Internal routing to expose orgchart service by user_id."""
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
user = None
# if there is a user and the user is not a staff member
# then we don't need to search for a profile in orgchart
if user and not user.userprofile.is_staff and path == 'trace':
return JsonResponse(None, safe=False)
scope = UserAccessLevel.get_privacy(request, user)
if scope not in [UserAccessLevel.STAFF, UserAccessLevel.PRIVATE]:
return DinoErrorResponse.get_error(DinoErrorResponse.PERMISSION_ERROR)
url_parts = urlparse.ParseResult(
scheme='http',
netloc=settings.DINO_PARK_ORGCHART_SVC,
path='/orgchart/{0}/{1}'.format(path, escape_uri_path(username)),
params='',
query='',
fragment=''
)
url = urlparse.urlunparse(url_parts)
resp = requests.get(url)
return JsonResponse(resp.json(), safe=False)
def download_single_file(request, file_type, user_id, module_id, filename):
module = get_object_or_404(Module, pk=module_id)
student = get_object_or_404(Student, pk=user_id)
try:
project = module.project
teacher = project.teacher
filename = decrypt(filename)
if file_type == 'doc':
directory = generate_stu_doc_directory(student, teacher,
project.name, module.name)
elif file_type == 'extend':
directory = generate_stu_extend_directory(student, teacher,
project.name,
module.name)
else:
raise TypeError
file_path = os.path.join(directory, filename)
f = open(file_path, 'rb')
response = FileResponse(f)
response['Content-Type'] = 'application/octet-stream'
response['Content-Disposition'] = 'attachment;filename={}'.format(
escape_uri_path(filename))
return response
except:
return Http404
def active_link(context,
viewname,
css_class=None,
strict=None,
*args,
**kwargs):
"""
Renders the given CSS class if the request path matches the path of the view.
:param context: The context where the tag was called. Used to access the request object.
:param viewname: The name of the view (include namespaces if any).
:param css_class: The CSS class to render.
:param strict: If True, the tag will perform an exact match with the request path.
:return:
"""
if css_class is None:
css_class = getattr(settings, 'ACTIVE_LINK_CSS_CLASS', 'active')
if strict is None:
strict = getattr(settings, 'ACTIVE_LINK_STRICT', False)
request = context.get('request')
if request is None:
# Can't work without the request object.
return ''
path = reverse(viewname, args=args, kwargs=kwargs)
request_path = escape_uri_path(request.path)
if strict:
active = request_path == path
else:
active = request_path.find(path) == 0
if active:
return css_class
return ''
def get_success_url(self):
url = reverse_lazy('company_staff', kwargs={'idb64': self.staff.idb64})
if self.back_url:
url += '?back_url=' + escape_uri_path(self.back_url)
return url
def get_full_path(self):
# RFC 3986 requires query string arguments to be in the ASCII range.
# Rather than crash if this doesn't happen, we encode defensively.
return "%s%s" % (
escape_uri_path(self.path),
("?" + iri_to_uri(self.META.get("QUERY_STRING", ""))) if self.META.get("QUERY_STRING", "") else "",
)
def xls_to_response(xls, filename):
response = HttpResponse(content_type='application/ms-execl')
response[
'Content-Disposition'] = "attachment; filename*=utf-8''{}.xls".format(
escape_uri_path(filename))
xls.save(response)
return response
def notice_file_download(request):
if request.method == "GET":
file_id = request.GET.get("file_id")
# UPLOAD_NOTICE_FILE_DIR
fileName = None
if file_id == "1":
fileName = "代码抄袭检测系统-用户手册.docx"
elif file_id == "2":
fileName = "代码抄袭检测系统-权限控制说明.docx"
elif file_id == "3":
fileName = "代码抄袭检测系统-功能说明.docx"
elif file_id == "4":
fileName = "代码抄袭检测系统-通知公告.docx"
with open(os.path.join(settings.UPLOAD_NOTICE_FILE_DIR, fileName),
"rb") as notice_file:
sio = BytesIO()
while True:
strb = notice_file.read(1024)
if strb == b"":
break
sio.write(strb)
# notice_file.
sio.seek(0)
response = HttpResponse(
sio.getvalue(),
content_type=
'application/vnd.openxmlformats-officedocument.wordprocessingml.document'
)
response[
'Content-Disposition'] = "attachment; filename*=utf-8''{}".format(
escape_uri_path(fileName))
response.write(sio.getvalue())
return response
return JsonResponse(data={"status": 500, "msg": "非法请求~!"})
def get_success_url(self):
url = reverse_lazy('vacancy_item_vacancy_input_cancel_notice', kwargs={'idb64': self.item.idb64})
if self.back_url:
url += '?back_url=' + escape_uri_path(self.back_url)
return url
def get_full_path(self):
# RFC 3986 requires query string arguments to be in the ASCII range.
# Rather than crash if this doesn't happen, we encode defensively.
return '%s%s' % (
escape_uri_path(self.path),
('?' + iri_to_uri(self.META.get('QUERY_STRING', ''))) if self.META.get('QUERY_STRING', '') else ''
)
def export_employee_matrix(request, person_id):
employee = Person.objects.get(tab_number=person_id)
questionnaire = employee.questionnaires.prefetch_related(
'rows', 'rows__competence', 'rows__history').first()
competencies = questionnaire.competencies.all().values_list('name',
flat=True)
dates = set()
dates.update(questionnaire.rows.all().values_list('date',
flat=True).distinct())
for row in questionnaire.rows.all():
dates.update(row.history.all().values_list('date',
flat=True).distinct())
df = pd.DataFrame(columns=dates, index=competencies)
for row in questionnaire.rows.all():
# df.loc[row.competence.name, row.date] = getattr(row.competence, f'level_{row.competence_val}')
df.loc[row.competence.name,
row.date] = row.get_competence_level_value()
for row_history in row.history.all():
# df.loc[row.competence.name, row_history.date] = getattr(row.competence, f'level_{row_history.new_competence_val}')
df.loc[
row.competence.name,
row_history.date] = row_history.get_competence_level_value()
with BytesIO() as b:
writer = pd.ExcelWriter(b, engine='openpyxl')
df.to_excel(writer, sheet_name='Компетенции')
writer.save()
filename = f'{employee.fio}.xlsx'
content_type = 'application/vnd.ms-excel'
response = HttpResponse(b.getvalue(), content_type=content_type)
response[
'Content-Disposition'] = "attachment; filename=" + escape_uri_path(
filename)
return response
def output(request, pid):
adict = getSummaryFunction(pid)
wb = openpyxl.Workbook()
sheet = wb.active
for i in range(len(adict['answer'])):
sheet.cell(i + 1, 1).value = adict['answer'][i]['questionName']
if adict['answer'][i]['type'] != '自由':
for k in range(len(eval(adict['answer'][i]['option']))):
sheet.cell(i + 1, 2 * k + 2).value = '选项' + str(
eval(adict['answer'][i]['option'])[k])
sheet.cell(
i + 1, 2 * k +
3).value = str(eval(adict['answer'][i]['number'])[k]) + '人'
else:
count = 0
for k in eval(adict['answer'][i]['content']):
count += 1
sheet.cell(i + 1, count + 1).value = k
wb.save('temp/' + pid + '.xlsx')
file = open('temp/' + pid + '.xlsx', 'rb')
response = HttpResponse(file)
response['Content-Type'] = 'application/octet-stream'
response['Content-Disposition'] = "attachment;filename*=utf-8''{}".format(
escape_uri_path(pid + '.xlsx'))
return response
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
context['user'] = self.user
if self.back_url:
context['back_url'] = self.back_url
context['escaped_back_url'] = escape_uri_path(self.back_url)
return context
def orgchart_get_by_username(request, path, username):
"""Internal routing to expose orgchart service by user_id."""
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
user = None
# if there is a user and the user is not a staff member
# then we don't need to search for a profile in orgchart
if user and not user.userprofile.is_staff and path == 'trace':
return JsonResponse(None, safe=False)
scope = UserAccessLevel.get_privacy(request, user)
if scope not in [UserAccessLevel.STAFF, UserAccessLevel.PRIVATE]:
return DinoErrorResponse.get_error(DinoErrorResponse.PERMISSION_ERROR)
url_parts = urlparse.ParseResult(scheme='http',
netloc=settings.DINO_PARK_ORGCHART_SVC,
path='/orgchart/{0}/{1}'.format(
path, escape_uri_path(username)),
params='',
query='',
fragment='')
url = urlparse.urlunparse(url_parts)
resp = requests.get(url)
return JsonResponse(resp.json(), safe=False)
def downloadysbmodel():
file = open('static/downloads/演算表模板.xlsx', 'rb')
response = FileResponse(file)
response['Content-Type'] = 'application/octet-stream'
response['Content-Disposition'] = "attachment; filename*=utf-8''{}".format(
escape_uri_path('演算表模板.xlsx'))
return response
def get(self, request):
try:
file_id = request.GET.get('file')
courseware_obj = Courseware.objects.get(id=file_id)
courseware_dir = os.path.join(settings.BASE_DIR, 'media/')
# 拼接路径
file_path = os.path.join(courseware_dir, str(courseware_obj.file))
# 拼接下载文件名和格式
download_path = os.path.join(
courseware_obj.name,
os.path.splitext(courseware_obj.file.name)[-1])
# 使用生成器读取文件,可用于读取大文件
def file_iterator(file_name, chunk_size=512):
with open(file_name, 'rb') as f:
while True:
c = f.read(chunk_size)
if c:
yield c
else:
break
response = StreamingHttpResponse(file_iterator(file_path))
response['Content-Type'] = 'application/octet-stream'
response[
'Content-Disposition'] = 'attachment;filename="{0}"'.format(
escape_uri_path(download_path))
return response
except Exception as e:
print('DownloadFile出错', e)
return render(request, 'courseware.html')
def get_response(self, response, context, *args, **kwargs):
has_view_perm = self.has_model_perm(self.model, 'view')
if not has_view_perm:
raise PermissionDenied
export_format = self.request.GET.get('file_format')
if not export_format:
messages.warning(self.request,
_('You must select an export format.'))
else:
formats = self.get_export_formats()
file_format = formats[int(export_format)]()
queryset = self.get_export_queryset(self.request, context)
export_data = self.get_export_data(file_format,
queryset,
request=self.request)
content_type = file_format.get_content_type()
# Django 1.7 uses the content_type kwarg instead of mimetype
try:
response = HttpResponse(export_data, content_type=content_type)
except TypeError:
response = HttpResponse(export_data, mimetype=content_type)
filename = self.get_export_filename(file_format)
response['Content-Disposition'] = "attachment; filename={}".format(
escape_uri_path(filename).encode().decode('ISO-8859-1'))
post_export.send(sender=None, model=self.model)
return response
def _get_full_path(self, path, force_append_slash):
# RFC 3986 requires query string arguments to be in the ASCII range.
# Rather than crash if this doesn't happen, we encode defensively.
return '%s%s%s' % (escape_uri_path(path), '/' if force_append_slash
and not path.endswith('/') else '',
('?' + iri_to_uri(self.META.get('QUERY_STRING', ''))
) if self.META.get('QUERY_STRING', '') else '')
def save(self, *args, **kwargs):
if self.publish_path:
self.publish_path = escape_uri_path(self.publish_path)
else:
self.publish_path = "/{}/{}/".format(
datetime.today().strftime("%Y-%m-%d"), self.id.hex[:8])
super().save(*args, **kwargs)
def _join_group_settings_link(self, layers, *args):
return ','.join(set([
a if 'link' not in a else
'<a href="{0}"/>{1}</a>'.format(escape_uri_path(a['link']), escape(a['name']))
for a in [layer.layer_settings_with_default(*args) for layer in self.layers]
if a
])) or None
def download(self, *args, **kwargs):
# 1. 手动创建报告
instance = self.get_object()
html = instance.html
report_path = settings.REPORTS_DIR
report_full_path = os.path.join(report_path, instance.name) + '.html'
with open(report_full_path, 'w', encoding='utf-8') as file:
file.write(html)
# 2. 读取创建的报告并返回给前端
# 如果要提供前端用户能够下载文件, 那么需要在响应头中添加如下字段:
# Content-Type = application/octet-stream
# Content-Disposition = attachment; filename*=UTF-8'' 文件名
response = StreamingHttpResponse(get_file_content(report_full_path))
# 对文件名进行转义
report_path_final = escape_uri_path(instance.name + '.html')
# StreamingHttpResponse对象类似于dict字典
# 如果以字典的形式添加key-value, 那么添加的是响应头信息
response['Content-Type'] = 'application/octet-stream'
response[
"Content-Disposition"] = "attachment; filename*=UTF-8''{}".format(
report_path_final)
return response
def settings_link(layer, *args):
layer_settings = layer.layer_settings_with_default(*args)
if 'link' in layer_settings:
return '<a href="{0}"/>{1}</a>'.format(
escape_uri_path(layer_settings['link']),
escape(layer_settings['name']))
return layer_settings
def get_video_file_path(instance, filename, version=0):
"""
Return the full path for storing an uploaded video
:param instance: A GlossVideo instance
:param filename: the original file name
:param version: the version to determine the number of .bak extensions
:return:
"""
idgloss = instance.gloss.idgloss
video_dir = settings.GLOSS_VIDEO_DIRECTORY
try:
dataset_dir = instance.gloss.lemma.dataset.acronym
except:
dataset_dir = ""
two_letter_dir = signbank.tools.get_two_letter_dir(idgloss)
filename = idgloss + '-' + str(
instance.gloss.id) + '.mp4' + (version * ".bak")
path = os.path.join(video_dir, dataset_dir, two_letter_dir, filename)
if hasattr(settings, 'ESCAPE_UPLOADED_VIDEO_FILE_PATH'
) and settings.ESCAPE_UPLOADED_VIDEO_FILE_PATH:
from django.utils.encoding import escape_uri_path
path = escape_uri_path(path)
return path
def downloadsoft(request):
'''下载文件到本地'''
def file_iterator(file_name, chunk_size=1024):
with open(file_name, 'rb') as f:
while True:
c = f.read(chunk_size)
if c:
yield c
else:
break
onefile = SoftFiles.objects.get(id=request.GET.get('fileid'))
onefile.accessnums += 1
onefile.save()
softobj = onefile.soft_list
softobj.accessnums += 1
softobj.save() #更新访问列表
the_file_name = onefile.uploadfile.path
file_name = onefile.name
response = StreamingHttpResponse(file_iterator(the_file_name))
response['Content-Type'] = 'application/octet-stream'
response['Content-Disposition'] = "attachment;filename*=''utf-8{0}".format(
escape_uri_path(file_name))
#下载中文路径文件不会乱码
return response
def downloadfile(request):
'''下载文件到本地'''
def file_iterator(file_name, chunk_size=1024):
with open(file_name, 'rb') as f:
while True:
c = f.read(chunk_size)
if c:
yield c
else:
break
onefile = BookFiles.objects.get(id=request.GET.get('fileid'))
onefile.accessnums += 1
onefile.save()
bookobj = onefile.book_list
bookobj.accessnums += 1
bookobj.save()
the_file_name = onefile.uploadfile.path
file_name = onefile.name
response = StreamingHttpResponse(file_iterator(the_file_name))
response['Content-Type'] = 'application/octet-stream'
#response['Content-Disposition'] = 'attachment;filename="{0}"'.format(urlquote(file_name))
response['Content-Disposition'] = "attachment;filename*=''utf-8{0}".format(
escape_uri_path(file_name)) #解决下载中文文件路径问题
return response
def download_template(request):
resultFile = open(BASE_DIR + "/APITest/模板.xlsx", 'rb')
response = FileResponse(resultFile)
response['Content-Type'] = 'application/octet-stream'
response['Content-Disposition'] = "attachment;filename*=utf-8''{}".format(escape_uri_path("demo.xlsx"))
return response
def _get_full_path(self, path, force_append_slash):
# RFC 3986 requires query string arguments to be in the ASCII range.
# Rather than crash if this doesn't happen, we encode defensively.
return '%s%s%s' % (
escape_uri_path(path),
'/' if force_append_slash and not path.endswith('/') else '',
('?' + iri_to_uri(self.META.get('QUERY_STRING', ''))) if self.META.get('QUERY_STRING', '') else ''
)
def get_full_path(request, force_append_slash=False):
"""
Copied from django.http.request.get_full_path (django 1.9) to support
older versions of django.
"""
# RFC 3986 requires query string arguments to be in the ASCII range.
# Rather than crash if this doesn't happen, we encode defensively.
return "%s%s%s" % (
escape_uri_path(request.path),
"/" if force_append_slash and not request.path.endswith("/") else "",
("?" + iri_to_uri(request.META.get("QUERY_STRING", ""))) if request.META.get("QUERY_STRING", "") else "",
)
def url_with_query_string(self, url=None, query_string=None):
"""
Returns the current URL with its query string.
Both the URL and the query string can be overriden.
"""
url = url or escape_uri_path(self.request.path)
if query_string is None:
query_string = self.request.META.get('QUERY_STRING', '')
if query_string:
url += '?' + query_string
return url
def _convert_file_to_url(filename, remote_storage=False):
url = [settings.SENDFILE_URL]
if remote_storage:
url.insert(1, filename)
return escape_uri_path(u'/'.join(url))
else:
relpath = os.path.relpath(filename, settings.SENDFILE_ROOT)
while relpath:
relpath, head = os.path.split(relpath)
url.insert(1, head)
return u'/'.join(url)
def move_view(self, request, object_id, direction):
qs = self._get_changelist(request).get_queryset(request)
obj = get_object_or_404(self.model, pk=unquote(object_id))
obj.move(direction, qs)
# guts from request.get_full_path(), calculating ../../ and restoring GET arguments
mangled = '/'.join(escape_uri_path(request.path).split('/')[0:-3])
redir_path = '%s%s%s' % (mangled, '/' if not mangled.endswith('/') else '',
('?' + iri_to_uri(request.META.get('QUERY_STRING', ''))) if request.META.get('QUERY_STRING', '') else '')
return HttpResponseRedirect(redir_path)
def wikidata_entry_dict(self, wikidata_entry):
result = {
'wikidata_id': wikidata_entry.wikidata_id,
}
if 'Q5' in wikidata_entry.instance_of.split(';'):
result.update({
'date_of_birth': wikidata_entry.date_of_birth,
'date_of_birth_accuracy': wikidata_entry.date_of_birth_accuracy,
'date_of_death': wikidata_entry.date_of_death,
'date_of_death_accuracy': wikidata_entry.date_of_death_accuracy,
})
if not self.restrict_fields:
result.update({
'url': u'https://www.wikidata.org/wiki/{name}'.format(name=encoding.escape_uri_path(wikidata_entry.wikidata_id)),
'instance_of': wikidata_entry.instance_of.split(';'),
'burial_plot_reference': wikidata_entry.burial_plot_reference,
'wikimedia_commons_category': wikidata_entry.wikimedia_commons_category,
})
if 'Q5' in wikidata_entry.instance_of.split(';'):
result.update({
'sex_or_gender': wikidata_entry.sex_or_gender,
'occupations': wikidata_entry.occupations.split(';'),
'wikimedia_commons_grave_category': wikidata_entry.wikimedia_commons_grave_category,
})
else:
result.update({
'grave_of': wikidata_entry.grave_of_wikidata.split(';'),
})
localizations = []
if self.languages:
for language in self.languages:
wikidata_localized_entry = wikidata_entry.localizations.filter(language=language).first()
if wikidata_localized_entry:
localization = {
'id': wikidata_localized_entry.pk,
'language_code': language.code,
'name': wikidata_localized_entry.name,
'sorting_name': wikidata_localized_entry.sorting_name(),
'description': wikidata_localized_entry.description,
'wikipedia': self.wikipedia_page_dict(wikidata_localized_entry),
}
localizations.append(localization)
result['localizations'] = localizations
return result
def move_view(self, request, object_id, direction):
obj = get_object_or_404(self.model, pk=unquote(object_id))
if direction not in ('up', 'down', 'top', 'bottom'):
raise Http404
getattr(obj, direction)()
# guts from request.get_full_path(), calculating ../../ and restoring GET arguments
mangled = '/'.join(escape_uri_path(request.path).split('/')[0:-3])
redir_path = '%s%s%s' % (mangled, '/' if not mangled.endswith('/') else '',
('?' + iri_to_uri(request.META.get('QUERY_STRING', ''))) if request.META.get('QUERY_STRING', '') else '')
return HttpResponseRedirect(redir_path)
def search_get_profile(request, username, scope=None):
"""Internal routing to expose search by user ID."""
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
user = None
if not scope:
scope = UserAccessLevel.get_privacy(request, user)
url_parts = urlparse.ParseResult(
scheme='http',
netloc=settings.DINO_PARK_SEARCH_SVC,
path='/search/get/{}/{}'.format(scope, escape_uri_path(username)),
params='',
query='',
fragment=''
)
url = urlparse.urlunparse(url_parts)
resp = requests.get(url)
return JsonResponse(resp.json(), safe=False)
def wikimedia_commons_file_dict(self, wikimedia_commons_file):
if wikimedia_commons_file:
result = {
'wikimedia_commons_id': wikimedia_commons_file.wikimedia_commons_id,
'author': wikimedia_commons_file.author,
'license': wikimedia_commons_file.license,
'url_512px': wikimedia_commons_file.url_512px,
'url_1024px': wikimedia_commons_file.url_1024px,
'url_2048px': wikimedia_commons_file.url_2048px,
}
if not self.restrict_fields:
result.update({
'url': u'https://commons.wikimedia.org/wiki/{name}'.format(name=encoding.escape_uri_path(wikimedia_commons_file.wikimedia_commons_id)),
})
else:
result = None
return result
def wikimedia_commons_category_dict(self, wikimedia_commons_category):
if wikimedia_commons_category:
result = {
'wikimedia_commons_id': wikimedia_commons_category.wikimedia_commons_id,
'category_members': [{'wikimedia_commons_id': member} for member in wikimedia_commons_category.category_members_list()],
}
if wikimedia_commons_category.main_image:
result['main_image'] = {
'wikimedia_commons_id': wikimedia_commons_category.main_image,
}
else:
result['main_image'] = None
if not self.restrict_fields:
result.update({
'url': u'https://commons.wikimedia.org/wiki/{name}'.format(name=encoding.escape_uri_path(wikimedia_commons_category.wikimedia_commons_id)),
})
else:
result = None
return result
def get_full_path_without_slash(self, request):
"""
Return the full path of the request with a trailing slash removed.
Raise a RuntimeError if settings.DEBUG is True and request.method is
POST, PUT, or PATCH.
"""
new_path = '%s%s' % (
escape_uri_path(request.path[:-1]),
('?' + iri_to_uri(request.META.get('QUERY_STRING', ''))) if request.META.get('QUERY_STRING', '') else ''
)
if settings.DEBUG and request.method in ('POST', 'PUT', 'PATCH'):
raise RuntimeError((""
"You called this URL via %(method)s, but the URL ends "
"in a slash and you don't have APPEND_SLASH set. Django can't "
"redirect to the non-slash URL while maintaining %(method)s data. "
"Change your form to point to %(url)s (note no trailing "
"slash), or set APPEND_SLASH=True in your Django settings." % {
'method': request.method,
'url': request.get_host() + new_path,
}
))
return new_path
def dispatch(self, request, *args, **kwargs):
if not request.user.is_authenticated():
url = reverse("login") + "?from=" + escape_uri_path(request.path)
return redirect(url)
return super().dispatch(request, *args, **kwargs)
def post(self, request, *args, **kwargs):
try:
self.object = self.get_object()
except NotEnrolled:
return redirect('micourses:notenrolled',
course_code=self.course.code)
except NotInstructor:
return redirect('micourses:coursemain',
course_code=self.course.code)
# possible actions: update, add_excused, delete_excused
action = request.POST.get("action")
self.last_attendance_date = self.course.last_attendance_date
message = ""
if action=="add_excused":
date_form = DateForm({'date': request.POST['attendance_date']})
valid_day = False
if date_form.is_valid():
attendance_date = date_form.cleaned_data['date']
# check if date is a class day
for class_day in self.course.attendancedate_set.all():
if attendance_date == class_day.date:
valid_day = True
break
else:
attendance_date = None
if valid_day:
with transaction.atomic(), reversion.create_revision():
sa, created = self.student_enrollment.studentattendance_set\
.get_or_create(
date=attendance_date, defaults = {'present': EXCUSED})
if not created:
sa.present=EXCUSED
sa.save()
message = "Added excused absence for %s on %s." % \
(self.student, attendance_date.strftime("%B %d, %Y"))
from django.utils.encoding import escape_uri_path
url = reverse('micourses:update_individual_attendance',
kwargs={'course_code': self.course.code})
url += "?student=%s&message=%s" % \
(self.student.id, escape_uri_path(message))
return redirect(url)
else:
message = "Excused absence not added. " \
+ "%s is not a valid course day" % \
(request.POST['attendance_date'])
# get attendance forms with data from database
self.get_forms()
elif action=="delete_excused":
excused_to_delete = request.POST.getlist("excused_date")
n_deleted=0
deleted_date=None
for excused_id in excused_to_delete:
try:
excused=self.student_enrollment.studentattendance_set.get(
id=excused_id, present=EXCUSED)
except ObjectDoesNotExist:
pass
else:
deleted_date = excused.date
with transaction.atomic(), reversion.create_revision():
excused.delete()
n_deleted +=1
if n_deleted == 1:
message = "Deleted 1 excused absence for %s: %s." % \
(self.student, deleted_date.strftime("%B %d, %Y"))
else:
message = "Deleted %s excused absences for %s." % \
(n_deleted, self.student)
from django.utils.encoding import escape_uri_path
url = reverse('micourses:update_individual_attendance',
kwargs={'course_code': self.course.code})
url += "?student=%s&message=%s" % \
(self.student.id, escape_uri_path(message))
return redirect(url)
elif action=="update":
# get attendance forms populated with POST data
self.get_forms(request.POST)
if not self.last_attendance_date:
message = "Last attendance date for course not set. Cannot update attendance."
elif self.attendance_dates_form.is_valid():
with transaction.atomic(), reversion.create_revision():
self.student_enrollment.studentattendance_set\
.filter(date__lte = self.last_attendance_date).delete()
for (date, present) in \
self.attendance_dates_form.date_attendance():
if present:
self.student_enrollment.studentattendance_set\
.create(date=date, present=present)
message = "Updated attendance of %s." % self.student
from django.utils.encoding import escape_uri_path
url = reverse('micourses:update_individual_attendance',
kwargs={'course_code': self.course.code})
url += "?student=%s&message=%s" % \
(self.student.id, escape_uri_path(message))
return redirect(url)
context = self.get_context_data(object=self.object)
context['message'] = message
return self.render_to_response(context)
def post(self, request, *args, **kwargs):
try:
self.object = self.get_object()
except NotEnrolled:
return redirect('micourses:notenrolled',
course_code=self.course.code)
except NotInstructor:
return redirect('micourses:coursemain',
course_code=self.course.code)
# update attendance, assuming date is valid
date_form = DateForm({'date': request.POST['attendance_date']})
valid_day = False
if date_form.is_valid():
attendance_date = date_form.cleaned_data['date']
# check if date is a class day
for class_day in self.course.attendancedate_set.all():
if attendance_date == class_day.date:
valid_day = True
break
else:
attendance_date = None
if valid_day:
with transaction.atomic(), reversion.create_revision():
for ce in self.course.courseenrollment_set.filter(withdrew=False):
present=request.POST.get('student_%s' % ce.id, ABSENT)
try:
present = int(present)
except ValueError:
present = ABSENT
sa, created = ce.studentattendance_set.get_or_create(
date=attendance_date,
defaults = {'present': present})
# don't override an excused absence with an absence
if not created and \
not (sa.present == EXCUSED and present==ABSENT):
sa.present = present
sa.save()
if not self.course.last_attendance_date \
or attendance_date > self.course.last_attendance_date:
self.course.last_attendance_date = attendance_date
self.course.save()
message = "Attendance updated for %s" % \
attendance_date.strftime("%B %d, %Y")
from django.utils.encoding import escape_uri_path
url = reverse('micourses:update_attendance',
kwargs={'course_code': self.course.code})
url += "?message=%s" % escape_uri_path(message)
return redirect(url)
else:
context = self.get_context_data(object=self.object)
context['message'] = "Attendance not updated. " \
+ "%s is not a valid course day" % \
(request.POST['attendance_date'])
return self.render_to_response(context)
from __future__ import unicode_literals
def create_url(survey_inst):
id_str, c = encode_id(survey_inst.id)
return"{}?id={}&c={}".format(reverse('survey:survey_invitation'), escape_uri_path(id_str),
escape_uri_path(c))
def openstreetmap_element_dict(self, openstreetmap_element):
result = {
'openstreetmap_id': openstreetmap_element.openstreetmap_id,
'type': openstreetmap_element.type,
'latitude': openstreetmap_element.latitude,
'longitude': openstreetmap_element.longitude,
}
if not self.restrict_fields:
result.update({
'url': u'https://www.openstreetmap.org/{type}/{id}'.format(type=openstreetmap_element.type, id=encoding.escape_uri_path(openstreetmap_element.openstreetmap_id)),
'name': openstreetmap_element.name,
'sorting_name': openstreetmap_element.sorting_name,
'nature': openstreetmap_element.nature,
'wikidata': openstreetmap_element.wikidata.split(';'),
'wikimedia_commons': openstreetmap_element.wikimedia_commons,
})
return result
def check_login_redirect(self, attempted_url):
response = self.client.get(attempted_url)
redirect_url = '%(login_url)s?next=%(attempted_url)s' % \
{'login_url': reverse('login'),
'attempted_url': escape_uri_path(attempted_url)}
self.assertRedirects(response, redirect_url)
def wikipedia_page_dict(self, wikidata_localized_entry):
wikipedia_page = WikipediaPage.objects.filter(wikidata_localized_entry=wikidata_localized_entry).first()
if wikipedia_page:
result = {
'id': wikipedia_page.pk,
'title': wikipedia_page.title,
'intro': wikipedia_page.intro,
}
if not self.restrict_fields:
result.update({
'default_sort': wikipedia_page.default_sort,
'url': u'https://{language}.wikipedia.org/wiki/{name}'.format(language=wikidata_localized_entry.language.code, name=encoding.escape_uri_path(wikidata_localized_entry.wikipedia)),
})
else:
result = None
return result
def redirect_not_usr(request):
if not request.user.is_authenticated():
url = reverse("authentication:login") + "?from=" + escape_uri_path(request.path)
return redirect(url)
else:
return False
