def prepare_vars(request, vars):
vars_with_user = vars.copy()
vars_with_user['user'] = get_user(request)
# csrf protection
if request.session.has_key('csrf_token'):
vars_with_user['csrf_token'] = request.session['csrf_token']
vars_with_user['utils'] = utils
vars_with_user['settings'] = settings
vars_with_user['HELIOS_STATIC'] = '/static/helios/helios'
vars_with_user['TEMPLATE_BASE'] = helios.TEMPLATE_BASE
vars_with_user['CURRENT_URL'] = request.path
vars_with_user['SECURE_URL_HOST'] = settings.SECURE_URL_HOST
vars_with_user['voter'] = request.session.get('CURRENT_VOTER')
trustee = None
if request.session.has_key('helios_trustee_uuid') and not 'trustee' in vars:
try:
from helios.models import Trustee
trustee = Trustee.objects.get(uuid=request.session.get('helios_trustee_uuid'))
election = trustee.election
except:
try:
del request.session['helios_trustee_uuid']
except:
pass
vars_with_user['trustee'] = vars.get('trustee', trustee)
return vars_with_user
def index(request):
"""
the page from which one chooses how to log in.
"""
user = get_user(request)
# single auth system?
if len(auth.ENABLED_AUTH_SYSTEMS) == 1 and not user:
return HttpResponseRedirect(
reverse(start, args=[auth.ENABLED_AUTH_SYSTEMS[0]]) +
'?return_url=' + request.GET.get('return_url', ''))
#if auth.DEFAULT_AUTH_SYSTEM and not user:
# return HttpResponseRedirect(reverse(start, args=[auth.DEFAULT_AUTH_SYSTEM])+ '?return_url=' + request.GET.get('return_url', ''))
default_auth_system_obj = None
if auth.DEFAULT_AUTH_SYSTEM:
default_auth_system_obj = AUTH_SYSTEMS[auth.DEFAULT_AUTH_SYSTEM]
#form = password.LoginForm()
return render_template(
request, 'index', {
'return_url': request.GET.get('return_url', reverse('home')),
'enabled_auth_systems': auth.ENABLED_AUTH_SYSTEMS,
'default_auth_system': auth.DEFAULT_AUTH_SYSTEM,
'default_auth_system_obj': default_auth_system_obj
})
def follow_view(request):
if request.method == "GET":
from heliosauth.view_utils import render_template
from heliosauth.views import after
return render_template(request, 'twitter/follow', {
'user_to_follow': USER_TO_FOLLOW,
'reason_to_follow': REASON_TO_FOLLOW
})
if request.method == "POST":
follow_p = bool(request.POST.get('follow_p', False))
if follow_p:
from heliosauth.security import get_user
user = get_user(request)
twitter_client = _get_client_by_token(user.token)
result = twitter_client.oauth_request(
'http://api.twitter.com/1/friendships/create.json',
args={'screen_name': USER_TO_FOLLOW},
method='POST')
from heliosauth.views import after_intervention
return HttpResponseRedirect(reverse(after_intervention))
def election_admin_wrapper(request, election_uuid=None, *args, **kw):
election = get_election_by_uuid(election_uuid)
if not election:
raise Http404
if election.canceled_at:
from helios.views import render_template
return render_template(request, 'election_canceled',
{'election': election})
user = get_user(request)
skip_admin_check = False
if user and user.superadmin_p and checks.get(
'allow_superadmin', False):
skip_admin_check = True
if not user_can_admin_election(user,
election) and not skip_admin_check:
raise PermissionDenied('5')
# do checks
do_election_checks(election, checks)
return func(request, election, *args, **kw)
def stats(request):
user = get_user(request)
uuid = request.GET.get('uuid', None)
election = None
if uuid:
election = Election.objects.filter(uuid=uuid)
if not (user and user.superadmin_p):
election = election.filter(is_completed=True)
election = election.defer('encrypted_tally', 'result')[0]
if user and user.superadmin_p:
elections = Election.objects.filter(is_completed=True)
else:
elections = Election.objects.filter(is_completed=True)
elections = elections.order_by('-created_at').defer('encrypted_tally',
'result')
return render_template(request, 'zeus/stats', {'menu_active': 'stats',
'election': election,
'uuid': uuid,
'user': user,
'elections': elections})
def resources(request):
user = get_user(request)
MANUALS_URL = '/static/documentation/manuals/'
return render_template(request, "zeus/resources", {
'MANUALS_URL': MANUALS_URL,
'menu_active': 'resources',
'user': user})
def can_create_election(request):
user = get_user(request)
if not user:
return False
if helios.ADMIN_ONLY:
return user.admin_p
else:
return user != None
def can_create_election(request):
user = get_user(request)
if not user:
return False
if helios.ADMIN_ONLY:
return user.admin_p
else:
return user != None
def render_template(request, template_name, vars = {}):
t = loader.get_template(template_name + '.html')
vars_with_user = vars.copy()
vars_with_user['user'] = get_user(request)
vars_with_user['settings'] = settings
vars_with_user['CURRENT_URL'] = request.path
# csrf protection
if request.session.has_key('csrf_token'):
vars_with_user['csrf_token'] = request.session['csrf_token']
return render_to_response('server_ui/templates/%s.html' % template_name, vars_with_user)
def render_template(request, template_name, vars={}):
t = loader.get_template(template_name + '.html')
vars_with_user = vars.copy()
vars_with_user['user'] = get_user(request)
vars_with_user['settings'] = settings
vars_with_user['CURRENT_URL'] = request.path
# csrf protection
if request.session.has_key('csrf_token'):
vars_with_user['csrf_token'] = request.session['csrf_token']
return render_to_response('server_ui/templates/%s.html' % template_name,
vars_with_user)
def prepare_vars(request, vars):
vars_with_user = vars.copy()
if request:
vars_with_user['user'] = get_user(request)
vars_with_user['csrf_token'] = request.session['csrf_token']
vars_with_user['SECURE_URL_HOST'] = settings.SECURE_URL_HOST
vars_with_user['STATIC'] = '/static/auth'
vars_with_user['MEDIA_URL'] = '/static/auth/'
vars_with_user['TEMPLATE_BASE'] = auth.TEMPLATE_BASE
vars_with_user['settings'] = settings
return vars_with_user
def prepare_vars(request, vars):
vars_with_user = vars.copy()
if request:
vars_with_user['user'] = get_user(request)
vars_with_user['csrf_token'] = request.session['csrf_token']
vars_with_user['SECURE_URL_HOST'] = settings.SECURE_URL_HOST
vars_with_user['STATIC'] = '/static/auth'
vars_with_user['MEDIA_URL'] = '/static/auth/'
vars_with_user['TEMPLATE_BASE'] = auth.TEMPLATE_BASE
vars_with_user['settings'] = settings
return vars_with_user
def user_can_see_election(request, election):
user = get_user(request)
if not election.private_p:
return True
# election is private
# but maybe this user is the administrator?
if user_can_admin_election(user, election):
return True
# or maybe this is a trustee of the election?
trustee = get_logged_in_trustee(request)
if trustee and trustee.election.uuid == election.uuid:
return True
# then this user has to be a voter
return (get_voter(request, user, election) != None)
def follow_view(request):
if request.method == "GET":
from heliosauth.view_utils import render_template
from heliosauth.views import after
return render_template(request, 'twitter/follow', {'user_to_follow': USER_TO_FOLLOW, 'reason_to_follow' : REASON_TO_FOLLOW})
if request.method == "POST":
follow_p = bool(request.POST.get('follow_p',False))
if follow_p:
from heliosauth.security import get_user
user = get_user(request)
twitter_client = _get_client_by_token(user.token)
result = twitter_client.oauth_request('http://api.twitter.com/1/friendships/create.json', args={'screen_name': USER_TO_FOLLOW}, method='POST')
from heliosauth.views import after_intervention
return HttpResponseRedirect(reverse(after_intervention))
def change_password(request):
user = get_user(request)
if not user or user.user_type != 'password':
return HttpResponseRedirect('/')
password_changed = request.GET.get('password_changed', None)
if not user.user_type == "password":
return HttpResponseForbidden()
form = ChangePasswordForm(user)
if request.method == "POST":
form = ChangePasswordForm(user, request.POST)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse('heliosauth.views.change_password') + \
'?password_changed=1')
return render_template(request, 'change_password', {'form': form,
'password_changed': password_changed})
def user_can_see_election(request, election):
user = get_user(request)
if not election.private_p:
return True
# election is private
# but maybe this user is the administrator?
if user_can_admin_election(user, election):
return True
# or maybe this is a trustee of the election?
trustee = get_logged_in_trustee(request)
if trustee and trustee.election.uuid == election.uuid:
return True
# then this user has to be a voter
return (get_voter(request, user, election) != None)
def election_admin_wrapper(request, election_uuid=None, *args, **kw):
election = get_election_by_uuid(election_uuid)
if not election:
raise Http404
if election.canceled_at:
from helios.views import render_template
return render_template(request, 'election_canceled',
{'election': election})
user = get_user(request)
skip_admin_check = False
if user and user.superadmin_p and checks.get('allow_superadmin', False):
skip_admin_check = True
if not user_can_admin_election(user, election) and not skip_admin_check:
raise PermissionDenied('5')
# do checks
do_election_checks(election, checks)
return func(request, election, *args, **kw)
def index(request):
"""
the page from which one chooses how to log in.
"""
user = get_user(request)
# single auth system?
if len(auth.ENABLED_AUTH_SYSTEMS) == 1 and not user:
return HttpResponseRedirect(reverse(start, args=[auth.ENABLED_AUTH_SYSTEMS[0]])+ '?return_url=' + request.GET.get('return_url', ''))
#if auth.DEFAULT_AUTH_SYSTEM and not user:
# return HttpResponseRedirect(reverse(start, args=[auth.DEFAULT_AUTH_SYSTEM])+ '?return_url=' + request.GET.get('return_url', ''))
default_auth_system_obj = None
if auth.DEFAULT_AUTH_SYSTEM:
default_auth_system_obj = AUTH_SYSTEMS[auth.DEFAULT_AUTH_SYSTEM]
#form = password.LoginForm()
return render_template(request,'index', {'return_url' : request.GET.get('return_url', reverse('home')),
'enabled_auth_systems' : auth.ENABLED_AUTH_SYSTEMS,
'default_auth_system': auth.DEFAULT_AUTH_SYSTEM,
'default_auth_system_obj': default_auth_system_obj})
def faqs_trustee(request):
user = get_user(request)
return render_template(request, "zeus/faqs_admin", {'menu_active': 'faqs',
'submenu': 'admin', 'user': user})
def home(request):
user = get_user(request)
return render_template(request, "zeus/home", {'menu_active': 'home',
'user': user,
'bad_login': request.GET.get('bad_login')})
def faqs_voter(request):
user = get_user(request)
return render_template(request, "zeus/faqs_voter", {'menu_active': 'faqs',
'submenu': 'voter',
'user': user})
def require_admin(request):
user = get_user(request)
if not user or not user.admin_p:
raise PermissionDenied()
return user
