def suspend(request, id):
user = get_object_or_404(User, id=id)
if not request.user.is_superuser:
raise decorators.CommandException(_("Only superusers can suspend other users"))
if not request.POST.get('bantype', None):
if user.is_suspended():
suspension = user.suspension
suspension.cancel(user=request.user, ip=request.META['REMOTE_ADDR'])
return decorators.RefreshPageCommand()
else:
return render_response('users/suspend_user.html', {}, request)
data = {
'bantype': request.POST.get('bantype', 'Indefinitely').strip(),
'publicmsg': request.POST.get('publicmsg', _('Bad behaviour')),
'privatemsg': request.POST.get('privatemsg', None) or request.POST.get('publicmsg', ''),
'suspended': user
}
if data['bantype'] == 'forxdays':
try:
data['forxdays'] = int(request.POST['forxdays'])
except:
raise decorators.CommandException(_('Invalid numeric argument for the number of days.'))
SuspendAction(user=request.user, ip=request.META['REMOTE_ADDR']).save(data=data)
return decorators.RefreshPageCommand()
def revisions(request, id):
post = get_object_or_404(Node, id=id).leaf
revisions = list(post.revisions.order_by('revised_at'))
rev_ctx = []
for i, revision in enumerate(revisions):
rev_ctx.append(dict(inst=revision, html=template.loader.get_template('node/revision.html').render(template.Context({
'title': revision.title,
'html': revision.html,
'tags': revision.tagname_list(),
}))))
if i > 0:
rev_ctx[i]['diff'] = mark_safe(htmldiff(rev_ctx[i-1]['html'], rev_ctx[i]['html']))
else:
rev_ctx[i]['diff'] = mark_safe(rev_ctx[i]['html'])
if not (revision.summary):
rev_ctx[i]['summary'] = _('Revision n. %(rev_number)d') % {'rev_number': revision.revision}
else:
rev_ctx[i]['summary'] = revision.summary
rev_ctx.reverse()
return render_response('revisions.html', {
'post': post,
'revisions': rev_ctx,
}, request)
def request_temp_login(request):
if request.method == "POST":
form = TemporaryLoginRequestForm(request.POST)
if form.is_valid():
users = form.user_cache
for u in users:
if u.is_suspended():
return forward_suspended_user(request, u, False)
for u in users:
try:
hash = get_object_or_404(ValidationHash, user=u, type="templogin")
if hash.expiration < datetime.datetime.now():
hash.delete()
return request_temp_login(request)
except:
hash = ValidationHash.objects.create_new(u, "templogin", [u.id])
send_template_email([u], "auth/temp_login_email.html", {"temp_login_code": hash})
request.user.message_set.create(message=_("An email has been sent with your temporary login key"))
return HttpResponseRedirect(reverse("index"))
else:
form = TemporaryLoginRequestForm()
return render_response("auth/temp_login_request.html", {"form": form}, request)
def register(request):
if request.method == 'POST':
form = ClassicRegisterForm(request.POST)
if form.is_valid():
username = form.cleaned_data['username']
password = form.cleaned_data['password1']
email = form.cleaned_data['email']
user_ = User(username=username, email=email)
user_.set_password(password)
if User.objects.all().count() == 0:
user_.is_superuser = True
user_.is_staff = True
user_.save()
UserJoinsAction(user=user_, ip=request.META['REMOTE_ADDR']).save()
return login_and_forward(request, user_, None, _("A welcome email has been sent to your email address. "))
else:
form = ClassicRegisterForm(initial={'next':'/'})
return render_response('auth/complete.html', {
'form1': form
}, request)
def online_users(request):
suser = request.REQUEST.get('q', "")
sort = ""
if request.GET.get("sort", None):
try:
sort = int(request.GET["sort"])
except ValueError:
logging.error('Found invalid sort "%s", loading %s, refered by %s' % (
request.GET.get("sort", ''), request.path, request.META.get('HTTP_REFERER', 'UNKNOWN')
))
raise Http404()
page = 0
if request.GET.get("page", None):
try:
page = int(request.GET["page"])
except ValueError:
logging.error('Found invalid page "%s", loading %s, refered by %s' % (
request.GET.get("page", ''), request.path, request.META.get('HTTP_REFERER', 'UNKNOWN')
))
raise Http404()
pagesize = 10
if request.GET.get("pagesize", None):
try:
pagesize = int(request.GET["pagesize"])
except ValueError:
logging.error('Found invalid pagesize "%s", loading %s, refered by %s' % (
request.GET.get("pagesize", ''), request.path, request.META.get('HTTP_REFERER', 'UNKNOWN')
))
raise Http404()
users = None
if sort == "reputation":
users = sorted(ONLINE_USERS.sets.keys(), key=lambda user: user.reputation)
elif sort == "newest" :
users = sorted(ONLINE_USERS.sets.keys(), key=lambda user: user.newest)
elif sort == "last":
users = sorted(ONLINE_USERS.sets.keys(), key=lambda user: user.last)
elif sort == "name":
users = sorted(ONLINE_USERS.sets.keys(), key=lambda user: user.name)
elif sort == "oldest":
users = sorted(ONLINE_USERS.sets.keys(), key=lambda user: user.oldest)
elif sort == "newest":
users = sorted(ONLINE_USERS.sets.keys(), key=lambda user: user.newest)
elif sort == "votes":
users = sorted(ONLINE_USERS.sets.keys(), key=lambda user: user.votes)
else:
users = sorted(ONLINE_USERS.iteritems(), key=lambda x: x[1])
return render_response('users/online_users.html', {
"users" : users,
"suser" : suser,
"sort" : sort,
"page" : page,
"pageSize" : pagesize,
}, request)
def auth_settings(request, id):
user_ = get_object_or_404(User, id=id)
if not (request.user.is_superuser or request.user == user_):
return HttpResponseUnauthorized(request)
if not settings.USERS_CAN_CHANGE_AUTH_SETTINGS:
return HttpResponseUnauthorized(request)
auth_keys = user_.auth_keys.all()
if request.user.is_superuser or (not user_.has_usable_password()):
FormClass = SetPasswordForm
else:
FormClass = ChangePasswordForm
if request.POST:
form = FormClass(request.POST, user=user_)
if form.is_valid():
is_new_pass = not user_.has_usable_password()
user_.set_password(form.cleaned_data["password1"])
user_.save()
if is_new_pass:
request.user.message_set.create(message=_("New password set"))
if not request.user.is_superuser:
form = ChangePasswordForm(user=user_)
else:
request.user.message_set.create(message=_("Your password was changed"))
return HttpResponseRedirect(reverse("user_authsettings", kwargs={"id": user_.id}))
else:
form = FormClass(user=user_)
auth_keys_list = []
for k in auth_keys:
provider = AUTH_PROVIDERS.get(k.provider, None)
if provider is not None:
name = "%s: %s" % (provider.context.human_name, provider.context.readable_key(k))
else:
from forum.authentication.base import ConsumerTemplateContext
"unknown: %s" % ConsumerTemplateContext.readable_key(k)
auth_keys_list.append({"name": name, "id": k.id})
return render_response(
"auth/auth_settings.html",
{
"view_user": user_,
"can_view_private": (user_ == request.user) or request.user.is_superuser,
"form": form,
"has_password": user_.has_usable_password(),
"auth_keys": auth_keys_list,
"allow_local_auth": AUTH_PROVIDERS.get("local", None),
},
request,
)
def validate_email(request, user, code):
user = get_object_or_404(User, id=user)
if ValidationHash.objects.validate(code, user, "email", [user.email]):
EmailValidationAction(user=user, ip=request.META["REMOTE_ADDR"]).save()
return login_and_forward(request, user, reverse("index"), _("Thank you, your email is now validated."))
else:
return render_response("auth/mail_already_validated.html", {"user": user}, request)
def test_email_settings(request):
user = request.user
send_template_email([user,], 'osqaadmin/mail_test.html', { 'user' : user })
return render_response(
'osqaadmin/test_email_settings.html',
{ 'user': user, },
request, parent_template="base.html")
def badge(request, id, slug):
badge = Badge.objects.get(id=id)
awards = list(Award.objects.filter(badge=badge).order_by('user', 'awarded_at'))
award_count = len(awards)
awards = sorted([dict(count=len(list(g)), user=k) for k, g in groupby(awards, lambda a: a.user)],
lambda c1, c2: c2['count'] - c1['count'])
return render_response('badge.html', {
'award_count': award_count,
'awards' : awards,
'badge' : badge,
}, request)
def decorated(context, request, *args, **kwargs):
if request.user.is_authenticated():
ONLINE_USERS[request.user] = datetime.now()
if isinstance(context, HttpResponse):
return context
if tab is not None:
context["tab"] = tab
return render_response(
context.pop("template", template), context, request, parent_template, pjax_parent, page_template
)
def search(request):
if request.method == "GET" and "q" in request.GET:
keywords = request.GET.get("q")
search_type = request.GET.get("t")
if not keywords:
return HttpResponseRedirect(reverse(index))
if search_type == 'tag':
return HttpResponseRedirect(reverse('tags') + '?q=%s' % urlquote(keywords.strip()))
elif search_type == "user":
return HttpResponseRedirect(reverse('users') + '?q=%s' % urlquote(keywords.strip()))
else:
return question_search(request, keywords)
else:
return render_response("search.html", {}, request)
def _retag_question(request, question):
if request.method == 'POST':
form = RetagQuestionForm(question, request.POST)
if form.is_valid():
if form.has_changed():
RetagAction(user=request.user, node=question, ip=request.META['REMOTE_ADDR']).save(data=dict(tagnames=form.cleaned_data['tags']))
return HttpResponseRedirect(question.get_absolute_url())
else:
form = RetagQuestionForm(question)
return render_response('question_retag.html', {
'question': question,
'form' : form,
#'tags' : _get_tags_cache_json(),
}, request, parent_template="base.html")
def signin_page(request):
referer = request.META.get("HTTP_REFERER", "/")
# If the referer is equal to the sign up page, e. g. if the previous login attempt was not successful we do not
# change the sign in URL. The user should go to the same page.
if not referer.replace(settings.APP_URL, "") == reverse("auth_signin"):
request.session[ON_SIGNIN_SESSION_ATTR] = referer
all_providers = [provider.context for provider in AUTH_PROVIDERS.values() if provider.context]
sort = lambda c1, c2: c1.weight - c2.weight
can_show = lambda c: not request.user.is_authenticated() or c.show_to_logged_in_user
bigicon_providers = sorted(
[context for context in all_providers if context.mode == "BIGICON" and can_show(context)], sort
)
smallicon_providers = sorted(
[context for context in all_providers if context.mode == "SMALLICON" and can_show(context)], sort
)
top_stackitem_providers = sorted(
[context for context in all_providers if context.mode == "TOP_STACK_ITEM" and can_show(context)], sort
)
stackitem_providers = sorted(
[context for context in all_providers if context.mode == "STACK_ITEM" and can_show(context)], sort
)
try:
msg = request.session["auth_error"]
del request.session["auth_error"]
except:
msg = None
return render_response(
"auth/signin.html",
{
"msg": msg,
"all_providers": all_providers,
"bigicon_providers": bigicon_providers,
"top_stackitem_providers": top_stackitem_providers,
"stackitem_providers": stackitem_providers,
"smallicon_providers": smallicon_providers,
},
request,
)
def page(request):
path = request.path[1:]
if path in settings.STATIC_PAGE_REGISTRY:
try:
page = Page.objects.get(id=settings.STATIC_PAGE_REGISTRY[path])
if (not page.published) and (not request.user.is_superuser):
return HttpResponseNotFound(request)
except:
return HttpResponseNotFound(request)
else:
return HttpResponseNotFound(request)
template = page.extra.get('template', 'default')
sidebar = page.extra.get('sidebar', '')
if template == 'default':
base = 'base_content.html'
elif template == 'sidebar':
base = 'base.html'
sidebar_render = page.extra.get('render', 'markdown')
if sidebar_render == 'markdown':
sidebar = page._as_markdown(sidebar)
elif sidebar_render == 'html':
sidebar = mark_safe(sidebar)
else:
return HttpResponse(page.body, mimetype=page.extra.get('mimetype', 'text/html'))
render = page.extra.get('render', 'markdown')
if render == 'markdown':
body = page.as_markdown()
elif render == 'html':
body = mark_safe(page.body)
else:
body = page.body
return render_response('page.html', {
'page' : page,
'body' : body,
'sidebar': sidebar,
'base': base,
}, request)
def ask(request):
form = None
if request.POST:
if request.session.pop('reviewing_pending_data', False):
form = AskForm(initial=request.POST, user=request.user)
elif "text" in request.POST:
form = AskForm(request.POST, user=request.user)
if form.is_valid():
if request.user.is_authenticated() and request.user.email_valid_and_can_ask():
ask_action = AskAction(user=request.user, ip=request.META['REMOTE_ADDR']).save(data=form.cleaned_data)
question = ask_action.node
if settings.WIKI_ON and request.POST.get('wiki', False):
question.nstate.wiki = ask_action
return HttpResponseRedirect(question.get_absolute_url())
else:
request.session[PENDING_SUBMISSION_SESSION_ATTR] = {
'POST': request.POST,
'data_name': _("question"),
'type': 'ask',
'submission_url': reverse('ask'),
'time': datetime.datetime.now()
}
if request.user.is_authenticated():
request.user.message_set.create(message=_("Your question is pending until you %s.") % html.hyperlink(
django_settings.APP_URL + reverse('send_validation_email', prefix='/'), _("validate your email")
))
return HttpResponseRedirect(reverse('index'))
else:
return HttpResponseRedirect(reverse('auth_signin'))
elif "go" in request.POST:
form = AskForm({'title': request.POST['q']}, user=request.user)
default_tag = ''
if settings.AUTO_SET_TAG_ON_QUESTION and 'tag' in request.GET:
default_tag = request.GET['tag']
if not form:
form = AskForm(user=request.user, default_tag=default_tag)
return render_response('ask.html', {
'form' : form,
'tab' : 'ask'
}, request, parent_template="base.html")
def edit_user(request, id, slug):
user = get_object_or_404(User, id=id)
if not (request.user.is_superuser or request.user == user):
return HttpResponseUnauthorized(request)
if request.method == "POST":
form = EditUserForm(user, request.POST)
if form.is_valid():
new_email = sanitize_html(form.cleaned_data['email'])
if new_email != user.email:
user.email = new_email
user.email_isvalid = False
try:
hash = ValidationHash.objects.get(user=request.user, type='email')
hash.delete()
except:
pass
if settings.EDITABLE_SCREEN_NAME:
user.username = sanitize_html(form.cleaned_data['username'])
user.real_name = sanitize_html(form.cleaned_data['realname'])
user.website = sanitize_html(form.cleaned_data['website'])
user.location = sanitize_html(form.cleaned_data['city'])
user.date_of_birth = form.cleaned_data['birthday']
if user.date_of_birth == "None":
user.date_of_birth = datetime(1900, 1, 1, 0, 0)
user.about = sanitize_html(form.cleaned_data['about'])
user.save()
EditProfileAction(user=user, ip=request.META['REMOTE_ADDR']).save()
request.user.message_set.create(message=_("Profile updated."))
return HttpResponseRedirect(user.get_profile_url())
else:
form = EditUserForm(user)
return render_response('users/edit.html', {
'user': user,
'form' : form,
'gravatar_faq_url' : reverse('faq') + '#gravatar',
}, request)
def award_points(request, id):
if not request.POST:
return render_response('users/karma_bonus.html', {}, request)
if not request.user.is_superuser:
raise decorators.CommandException(_("Only superusers are allowed to award reputation points"))
try:
points = int(request.POST['points'])
except:
raise decorators.CommandException(_("Invalid number of points to award."))
user = get_object_or_404(User, id=id)
extra = dict(message=request.POST.get('message', ''), awarding_user=request.user.id, value=points)
BonusRepAction(user=request.user, extra=extra).save(data=dict(value=points, affected=user))
return {'commands': {
'update_profile_karma': [user.reputation]
}}
def result(context_or_response, request, user, **kwargs):
rev_page_title = smart_unicode(user.username) + " - " + tab_description
# Check whether the return type of the decorated function is a context or Http Response
if isinstance(context_or_response, HttpResponse):
response = context_or_response
# If it is a response -- show it
return response
else:
# ...if it is a context move forward, update it and render it to response
context = context_or_response
context.update({
"tab": "users",
"active_tab" : tab_name,
"tab_description" : tab_description,
"page_title" : rev_page_title,
"can_view_private": (user == request.user) or request.user.is_superuser
})
return render_response(template, context, request)
def edit_answer(request, id):
answer = get_object_or_404(Answer, id=id)
if answer.deleted and not request.user.can_view_deleted_post(answer):
raise Http404
elif not request.user.can_edit_post(answer):
raise Http404
if request.method == "POST":
revision_form = RevisionForm(answer, data=request.POST)
revision_form.is_valid()
revision = answer.revisions.get(revision=revision_form.cleaned_data['revision'])
if 'select_revision' in request.POST:
form = EditAnswerForm(answer, request.user, revision)
else:
form = EditAnswerForm(answer, request.user, revision, data=request.POST)
if not 'select_revision' in request.POST and form.is_valid():
if form.has_changed():
action = ReviseAction(user=request.user, node=answer, ip=request.META['REMOTE_ADDR']).save(data=form.cleaned_data)
if settings.WIKI_ON:
if request.POST.get('wiki', False) and not answer.nis.wiki:
answer.nstate.wiki = action
elif answer.nis.wiki and (not request.POST.get('wiki', False)) and request.user.can_cancel_wiki(answer):
answer.nstate.wiki = None
else:
if not revision == answer.active_revision:
RollbackAction(user=request.user, node=answer, ip=request.META['REMOTE_ADDR']).save(data=dict(activate=revision))
return HttpResponseRedirect(answer.get_absolute_url())
else:
revision_form = RevisionForm(answer)
form = EditAnswerForm(answer, request.user)
return render_response('answer_edit.html', {
'answer': answer,
'revision_form': revision_form,
'form': form,
}, request)
def feedback(request):
if request.method == "POST":
form = FeedbackForm(request.user, data=request.POST)
if form.is_valid():
context = {
'user': request.user,
'email': request.user.is_authenticated() and request.user.email or form.cleaned_data.get('email', None),
'message': form.cleaned_data['message'],
'name': request.user.is_authenticated() and request.user.username or form.cleaned_data.get('name', None),
'ip': request.META['REMOTE_ADDR'],
}
recipients = User.objects.filter(is_superuser=True)
send_template_email(recipients, "notifications/feedback.html", context)
msg = _('Thanks for the feedback!')
request.user.message_set.create(message=msg)
return HttpResponseRedirect(get_next_url(request))
else:
form = FeedbackForm(request.user, initial={'next':get_next_url(request)})
return render_response('feedback.html', {'form': form}, request)
def _edit_question(request, question, template='question_edit.html', summary='', action_class=ReviseAction, allow_rollback=True, url_getter=lambda q: q.get_absolute_url()):
if request.method == 'POST':
revision_form = RevisionForm(question, data=request.POST)
revision_form.is_valid()
revision = question.revisions.get(revision=revision_form.cleaned_data['revision'])
if 'select_revision' in request.POST:
form = EditQuestionForm(question, request.user, revision)
else:
form = EditQuestionForm(question, request.user, revision, data=request.POST)
if not 'select_revision' in request.POST and form.is_valid():
if form.has_changed():
action = action_class(user=request.user, node=question, ip=request.META['REMOTE_ADDR']).save(data=form.cleaned_data)
if settings.WIKI_ON:
if request.POST.get('wiki', False) and not question.nis.wiki:
question.nstate.wiki = action
elif question.nis.wiki and (not request.POST.get('wiki', False)) and request.user.can_cancel_wiki(question):
question.nstate.wiki = None
else:
if not revision == question.active_revision:
if allow_rollback:
RollbackAction(user=request.user, node=question).save(data=dict(activate=revision))
else:
pass
return HttpResponseRedirect(url_getter(question))
else:
revision_form = RevisionForm(question)
form = EditQuestionForm(question, request.user, initial={'summary': summary})
return render_response(template, {
'question': question,
'revision_form': revision_form,
'form' : form,
}, request, parent_template="base.html")
def admin_page_wrapper(fn, request, *args, **kwargs):
res = fn(request, *args, **kwargs)
if isinstance(res, HttpResponse):
return res
template, context = res
context['basetemplate'] = settings.DJSTYLE_ADMIN_INTERFACE and "osqaadmin/djstyle_base.html" or "osqaadmin/base.html"
context['allsets'] = Setting.sets
context['othersets'] = sorted(
[s for s in Setting.sets.values() if not s.name in
('basic', 'users', 'email', 'paths', 'extkeys', 'web', 'repgain', 'minrep', 'voting', 'accept', 'badges', 'about', 'faq', 'sidebar',
'form', 'moderation', 'css', 'headandfoot', 'head', 'view', 'urls')]
, lambda s1, s2: s1.weight - s2.weight)
context['tools'] = [(name, fn.label) for name, fn in TOOLS.items()]
# Show the navigation only to moderators and super users
if not context.has_key("hide_navigation"):
context['hide_navigation'] = not request.user.is_superuser
unsaved = request.session.get('previewing_settings', {})
context['unsaved'] = set([getattr(settings, s).set.name for s in unsaved.keys() if hasattr(settings, s)])
return render_response(template, context, request, parent_template="base.html")
def static(request, title, content):
return render_response('static.html', {'content' : content, 'title': title},
request)
def markdown_help(request):
return render_response('markdown_help.html', {}, request)
def opensearch(request):
return render_response('opensearch.html', {'settings' : settings}, request)
def logout(request):
return render_response('logout.html', {
'next' : get_next_url(request),
}, request)
def privacy(request):
return render_response('privacy.html', {}, request)
def external_register(request):
if request.method == "POST" and "bnewaccount" in request.POST:
form1 = SimpleRegistrationForm(request.POST)
if form1.is_valid():
user_ = User(
username=form1.cleaned_data["username"],
email=form1.cleaned_data["email"],
real_name=form1.cleaned_data["real_name"],
)
user_.email_isvalid = request.session.get("auth_validated_email", "") == form1.cleaned_data["email"]
user_.set_unusable_password()
if User.objects.all().count() == 0:
user_.is_superuser = True
user_.is_staff = True
user_.save()
UserJoinsAction(user=user_, ip=request.META["REMOTE_ADDR"]).save()
try:
assoc_key = request.session["assoc_key"]
auth_provider = request.session["auth_provider"]
except:
request.session["auth_error"] = _(
"Oops, something went wrong in the middle of this process. Please try again. Note that you need to have cookies enabled for the authentication to work."
)
logging.error(
"Missing session data when trying to complete user registration: %s"
% ", ".join(["%s: %s" % (k, v) for k, v in request.META.items()])
)
return HttpResponseRedirect(reverse("auth_signin"))
uassoc = AuthKeyUserAssociation(user=user_, key=assoc_key, provider=auth_provider)
uassoc.save()
del request.session["assoc_key"]
del request.session["auth_provider"]
return login_and_forward(request, user_, message=_("A welcome email has been sent to your email address. "))
else:
auth_provider = request.session.get("auth_provider", None)
if not auth_provider:
request.session["auth_error"] = _(
"Oops, something went wrong in the middle of this process. Please try again."
)
logging.error(
"Missing session data when trying to complete user registration: %s"
% ", ".join(["%s: %s" % (k, v) for k, v in request.META.items()])
)
return HttpResponseRedirect(reverse("auth_signin"))
provider_class = AUTH_PROVIDERS[auth_provider].consumer
if provider_class.__class__.__name__ == "FacebookAuthConsumer":
user_data = provider_class.get_user_data(request.session["access_token"])
else:
user_data = provider_class.get_user_data(request.session["assoc_key"])
if not user_data:
user_data = request.session.get("auth_consumer_data", {})
username = user_data.get("username", "")
email = user_data.get("email", "")
real_name = user_data.get("real_name", "")
if email:
request.session["auth_validated_email"] = email
form1 = SimpleRegistrationForm(
initial={"next": "/", "username": username, "email": email, "real_name": real_name}
)
provider_context = AUTH_PROVIDERS[request.session["auth_provider"]].context
return render_response(
"auth/complete.html",
{
"form1": form1,
"provider": provider_context and mark_safe(provider_context.human_name) or _("unknown"),
"login_type": provider_context.id,
"gravatar_faq_url": reverse("faq") + "#gravatar",
},
request,
)
