def approve(request, id, template_name="jobs/approve.html"):
can_view_jobs = has_perm(request.user, 'jobs.view_job')
can_change_jobs = has_perm(request.user, 'jobs.change_job')
if not all([can_view_jobs, can_change_jobs]):
raise Http403
job = get_object_or_404(Job, pk=id)
if request.method == "POST":
job.activation_dt = now_localized()
job.allow_anonymous_view = True
job.status = True
job.status_detail = 'active'
if not job.creator:
job.creator = request.user
job.creator_username = request.user.username
if not job.owner:
job.owner = request.user
job.owner_username = request.user.username
job.save()
messages.add_message(request, messages.SUCCESS, 'Successfully approved %s' % job)
return HttpResponseRedirect(reverse('job', args=[job.slug]))
return render_to_response(template_name, {'job': job},
context_instance=RequestContext(request))
def groupmembership_add_edit(request, group_slug, user_id=None,
form_class=GroupMembershipForm,
template_name="user_groups/member_add_edit.html"):
add, edit = None, None
group = get_object_or_404(Group, slug=group_slug)
if user_id:
user = get_object_or_404(User, pk=user_id)
group_membership = get_object_or_404(GroupMembership, member=user, group=group)
if not has_perm(request.user,'user_groups.change_groupmembership',group_membership):
raise Http403
edit = True
else:
group_membership = None
if not has_perm(request.user,'user_groups.add_groupmembership'):
raise Http403
add = True
if request.method == 'POST':
form = form_class(None, user_id, request.POST, instance=group_membership)
if form.is_valid():
group_membership = form.save(commit=False)
group_membership.group = group
if not group_membership.id:
group_membership.creator_id = request.user.id
group_membership.creator_username = request.user.username
group_membership.owner_id = request.user.id
group_membership.owner_username = request.user.username
group_membership.save()
if add:
log_defaults = {
'event_id' : 221000,
'event_data': '%s (%d) added by %s' % (group_membership._meta.object_name, group_membership.pk, request.user),
'description': '%s added' % group_membership._meta.object_name,
'user': request.user,
'request': request,
'instance': group_membership,
}
EventLog.objects.log(**log_defaults)
if edit:
log_defaults = {
'event_id' : 222000,
'event_data': '%s (%d) edited by %s' % (group_membership._meta.object_name, group_membership.pk, request.user),
'description': '%s edited' % group_membership._meta.object_name,
'user': request.user,
'request': request,
'instance': group_membership,
}
EventLog.objects.log(**log_defaults)
return HttpResponseRedirect(group.get_absolute_url())
else:
form = form_class(group, user_id, instance=group_membership)
return render_to_response(template_name, locals(), context_instance=RequestContext(request))
def pending(request, template_name="jobs/pending.html"):
can_view_jobs = has_perm(request.user, 'jobs.view_job')
can_change_jobs = has_perm(request.user, 'jobs.change_job')
if not all([can_view_jobs, can_change_jobs]):
raise Http403
jobs = Job.objects.filter(status_detail__contains='pending')
return render_to_response(template_name, {'jobs': jobs},
context_instance=RequestContext(request))
def pricing_add(request, form_class=JobPricingForm, template_name="jobs/pricing-add.html"):
if has_perm(request.user, 'jobs.add_jobpricing'):
if request.method == "POST":
form = form_class(request.POST)
if form.is_valid():
job_pricing = form.save(commit=False)
job_pricing.status = 1
job_pricing.save(request.user)
log_defaults = {
'event_id': 265100,
'event_data': '%s (%d) added by %s' % (
job_pricing._meta.object_name,
job_pricing.pk,
request.user
),
'description': '%s added' % job_pricing._meta.object_name,
'user': request.user,
'request': request,
'instance': job_pricing,
}
EventLog.objects.log(**log_defaults)
return HttpResponseRedirect(reverse('job_pricing.view', args=[job_pricing.id]))
else:
form = form_class()
return render_to_response(template_name, {'form': form},
context_instance=RequestContext(request))
else:
raise Http403
def delete(request, id, template_name="files/delete.html"):
file = get_object_or_404(File, pk=id)
# check permission
if not has_perm(request.user,'files.delete_file'):
raise Http403
if request.method == "POST":
log_defaults = {
'event_id' : 183000,
'event_data': '%s (%d) deleted by %s' % (file._meta.object_name, file.pk, request.user),
'description': '%s deleted' % file._meta.object_name,
'user': request.user,
'request': request,
'instance': file,
}
EventLog.objects.log(**log_defaults)
file.delete()
if 'ajax' in request.POST:
return HttpResponse('Ok')
else:
return HttpResponseRedirect(reverse('file.search'))
return render_to_response(template_name, {'file': file},
context_instance=RequestContext(request))
def details(request, slug=None):
if not slug: return HttpResponseRedirect(reverse('speakers'))
speaker = get_object_or_404(Speaker, slug=slug)
# non-admin can not view the non-active content
# status=0 has been taken care of in the has_perm function
if (speaker.status_detail).lower() != 'active' and (not is_admin(request.user)):
raise Http403
template_name="speakers/view.html"
log_defaults = {
'event_id' : 1070500,
'event_data': '%s (%d) viewed by %s' % (speaker._meta.object_name, speaker.pk, request.user),
'description': '%s viewed' % speaker._meta.object_name,
'user': request.user,
'request': request,
'instance': speaker,
}
EventLog.objects.log(**log_defaults)
if has_perm(request.user, 'speaker.view_speaker', speaker):
return render_to_response(template_name, {'speaker': speaker},
context_instance=RequestContext(request))
else:
raise Http403
def group_delete(request, id, template_name="user_groups/delete.html"):
group = get_object_or_404(Group, pk=id)
if not has_perm(request.user,'user_groups.delete_group',group): raise Http403
if request.method == "POST":
# send notification to administrators
recipients = get_notice_recipients('module', 'groups', 'grouprecipients')
if recipients:
if notification:
extra_context = {
'object': group,
'request': request,
}
notification.send_emails(recipients,'group_deleted', extra_context)
log_defaults = {
'event_id' : 163000,
'event_data': '%s (%d) deleted by %s' % (group._meta.object_name, group.pk, request.user),
'description': '%s deleted' % group._meta.object_name,
'user': request.user,
'request': request,
'instance': group,
}
EventLog.objects.log(**log_defaults)
group.delete()
return HttpResponseRedirect(reverse('group.search'))
return render_to_response(template_name, {'group':group},
context_instance=RequestContext(request))
def edit_meta(request, id, form_class=MetaForm, template_name="resumes/edit-meta.html"):
# check permission
resume = get_object_or_404(Resume, pk=id)
if not has_perm(request.user,'resumes.change_resume',resume):
raise Http403
defaults = {
'title': resume.get_title(),
'description': resume.get_description(),
'keywords': resume.get_keywords(),
'canonical_url': resume.get_canonical_url(),
}
resume.meta = MetaTags(**defaults)
if request.method == "POST":
form = form_class(request.POST, instance=resume.meta)
if form.is_valid():
resume.meta = form.save() # save meta
resume.save() # save relationship
messages.add_message(request, messages.SUCCESS, 'Successfully updated meta for %s' % resume)
return HttpResponseRedirect(reverse('resume', args=[resume.slug]))
else:
form = form_class(instance=resume.meta)
return render_to_response(template_name, {'resume': resume, 'form':form},
context_instance=RequestContext(request))
def delete(request, id, template_name="news/delete.html"):
news = get_object_or_404(News, pk=id)
# check permission
if not has_perm(request.user, "news.delete_news"):
raise Http403
if request.method == "POST":
log_defaults = {
"event_id": 305300,
"event_data": "%s (%d) deleted by %s" % (news._meta.object_name, news.pk, request.user),
"description": "%s deleted" % news._meta.object_name,
"user": request.user,
"request": request,
"instance": news,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, "Successfully deleted %s" % news)
# send notification to administrators
recipients = get_notice_recipients("module", "news", "newsrecipients")
if recipients:
if notification:
extra_context = {"object": news, "request": request}
notification.send_emails(recipients, "news_deleted", extra_context)
news.delete()
return HttpResponseRedirect(reverse("news.search"))
return render_to_response(template_name, {"news": news}, context_instance=RequestContext(request))
def photoset_delete(request, id, template_name="photos/photo-set/delete.html"):
photo_set = get_object_or_404(PhotoSet, id=id)
# if no permission; permission exception
if not has_perm(request.user,'photos.delete_photoset',photo_set):
raise Http403
if request.method == "POST":
EventLog.objects.log(**{
'event_id' : 991300,
'event_data': '%s (%d) deleted by %s' % (photo_set._meta.object_name, photo_set.pk, request.user),
'description': '%s deleted' % photo_set._meta.object_name,
'user': request.user,
'request': request,
'instance': photo_set,
})
photo_set.delete()
# soft delete all images in photo set
Image.objects.filter(photoset=photo_set).delete()
messages.add_message(request, messages.INFO, 'Photo Set %s deleted' % photo_set)
if "delete" in request.META.get('HTTP_REFERER', None):
#if the referer is the get page redirect to the photo set search
return redirect('photoset_latest')
return HttpResponseRedirect(request.META.get('HTTP_REFERER', None))
return render_to_response(template_name, {
'photo_set': photo_set,
}, context_instance=RequestContext(request))
def edit(request, id, form_class=LocationForm, template_name="locations/edit.html"):
location = get_object_or_404(Location, pk=id)
if has_perm(request.user,'locations.change_location',location):
if request.method == "POST":
form = form_class(request.POST, instance=location, user=request.user)
if form.is_valid():
location = form.save(commit=False)
# update all permissions and save the model
location = update_perms_and_save(request, form, location)
log_defaults = {
'event_id' : 832000,
'event_data': '%s (%d) edited by %s' % (location._meta.object_name, location.pk, request.user),
'description': '%s edited' % location._meta.object_name,
'user': request.user,
'request': request,
'instance': location,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, 'Successfully updated %s' % location)
return HttpResponseRedirect(reverse('location', args=[location.pk]))
else:
form = form_class(instance=location, user=request.user)
return render_to_response(template_name, {'location': location, 'form':form},
context_instance=RequestContext(request))
else:
raise Http403
def photo_size(request, id, size, crop=False, quality=90, download=False):
"""
Renders image and returns response
Does not use template
Saves resized image within cache system
Returns 404 if if image rendering fails
"""
if isinstance(quality, unicode) and quality.isdigit():
quality = int(quality)
photo = get_object_or_404(Image, id=id)
size = [int(s) for s in size.split('x')]
# check permissions
if not has_perm(request.user,'photologue.view_photo',photo):
raise Http403
attachment = ''
if download:
attachment = 'attachment;'
# gets resized image from cache or rebuild
image = get_image(photo.image, size, PHOTO_PRE_KEY, crop=crop, quality=quality, unique_key=str(photo.pk))
# if image not rendered; quit
if not image:
raise Http404
response = HttpResponse(mimetype='image/jpeg')
response['Content-Disposition'] = '%s filename=%s'% (attachment, photo.image.file.name)
image.save(response, "JPEG", quality=quality)
return response
def delete(request, id, set_id=0):
""" delete photo """
photo = get_object_or_404(Image, id=id)
# permissions
if not has_perm(request.user,'photologue.delete_photo',photo):
raise Http403
if request.method == "POST":
request.user.message_set.create(message=_("Successfully deleted photo '%s'") % photo.title)
log_defaults = {
'event_id' : 990300,
'event_data': '%s (%d) deleted by %s' % (photo._meta.object_name, photo.pk, request.user),
'description': '%s deleted' % photo._meta.object_name,
'user': request.user,
'request': request,
'instance': photo,
}
EventLog.objects.log(**log_defaults)
photo.delete()
messages.add_message(request, messages.INFO, 'Photo %s deleted' % id)
try:
photo_set = PhotoSet.objects.get(id=set_id)
return HttpResponseRedirect(reverse("photoset_details", args=[set_id]))
except PhotoSet.DoesNotExist:
return HttpResponseRedirect(reverse("photos_search"))
return render_to_response("photos/delete.html", {
"photo": photo,
}, context_instance=RequestContext(request))
def photo(request, id, set_id=0, partial=False, template_name="photos/details.html"):
""" photo details """
photo = get_object_or_404(Image, id=id)
if not has_perm(request.user, 'photologue.view_photo', photo):
raise Http403
EventLog.objects.log(**{
'event_id' : 990500,
'event_data': '%s (%d) viewed by %s' % (photo._meta.object_name, photo.pk, request.user),
'description': '%s viewed' % photo._meta.object_name,
'user': request.user,
'request': request,
'instance': photo,
})
# default prev/next URL
photo_prev_url, photo_next_url = '', ''
if set_id:
photo_set = get_object_or_404(PhotoSet, id=set_id)
photo_prev = photo.get_prev(set=set_id)
photo_next = photo.get_next(set=set_id)
if photo_prev: photo_prev_url = reverse("photo", args= [photo_prev.id, set_id])
if photo_next: photo_next_url = reverse("photo", args= [photo_next.id, set_id])
photo_sets = list(photo.photoset.all())
if photo_set in photo_sets:
photo_sets.remove(photo_set)
photo_sets.insert(0, photo_set)
else:
set_id = 0
else:
photo_prev = photo.get_prev()
photo_next = photo.get_next()
if photo_prev: photo_prev_url = reverse("photo", args= [photo_prev.id])
if photo_next: photo_next_url = reverse("photo", args= [photo_next.id])
photo_sets = photo.photoset.all()
if photo_sets:
set_id = photo_sets[0].id
# "is me" variable
is_me = photo.member == request.user
if partial: # return partial html; for ajax end-user
template_name = "photos/partial-details.html"
return render_to_response(template_name, {
"photo_prev_url": photo_prev_url,
"photo_next_url": photo_next_url,
"photo": photo,
"photo_sets": photo_sets,
"photo_set_id": set_id,
"id": id,
"set_id": set_id,
"is_me": is_me,
}, context_instance=RequestContext(request))
def edit(request, id, form_class=NewsForm, template_name="news/edit.html"):
news = get_object_or_404(News, pk=id)
# check permission
if not has_perm(request.user, "news.change_news", news):
raise Http403
form = form_class(instance=news, user=request.user)
if request.method == "POST":
form = form_class(request.POST, instance=news, user=request.user)
if form.is_valid():
news = form.save(commit=False)
# update all permissions and save the model
news = update_perms_and_save(request, form, news)
log_defaults = {
"event_id": 305200,
"event_data": "%s (%d) edited by %s" % (news._meta.object_name, news.pk, request.user),
"description": "%s edited" % news._meta.object_name,
"user": request.user,
"request": request,
"instance": news,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, "Successfully updated %s" % news)
return HttpResponseRedirect(reverse("news.view", args=[news.slug]))
return render_to_response(template_name, {"news": news, "form": form}, context_instance=RequestContext(request))
def index(request, slug=None, template_name="news/view.html"):
if not slug:
return HttpResponseRedirect(reverse("news.search"))
news = get_object_or_404(News, slug=slug)
# non-admin can not view the non-active content
# status=0 has been taken care of in the has_perm function
if (news.status_detail).lower() <> "active" and (not is_admin(request.user)):
raise Http403
# check permission
if not has_perm(request.user, "news.view_news", news):
raise Http403
log_defaults = {
"event_id": 305500,
"event_data": "%s (%d) viewed by %s" % (news._meta.object_name, news.pk, request.user),
"description": "%s viewed" % news._meta.object_name,
"user": request.user,
"request": request,
"instance": news,
}
EventLog.objects.log(**log_defaults)
return render_to_response(template_name, {"news": news}, context_instance=RequestContext(request))
def pricing_edit(request, id, form_class=JobPricingForm, template_name="jobs/pricing-edit.html"):
job_pricing = get_object_or_404(JobPricing, pk=id)
if not has_perm(request.user, 'jobs.change_jobpricing', job_pricing):
Http403
if request.method == "POST":
form = form_class(request.POST, instance=job_pricing)
if form.is_valid():
job_pricing = form.save(commit=False)
job_pricing.save(request.user)
log_defaults = {
'event_id': 265110,
'event_data': '%s (%d) edited by %s' % (
job_pricing._meta.object_name,
job_pricing.pk,
request.user
),
'description': '%s edited' % job_pricing._meta.object_name,
'user': request.user,
'request': request,
'instance': job_pricing,
}
EventLog.objects.log(**log_defaults)
return HttpResponseRedirect(reverse(
'job_pricing.view',
args=[job_pricing.id])
)
else:
form = form_class(instance=job_pricing)
return render_to_response(template_name, {'form': form},
context_instance=RequestContext(request))
def add(request, form_class=ContactForm, template_name="contacts/add.html"):
if has_perm(request.user,'contacts.add_contact'):
if request.method == "POST":
form = form_class(request.POST)
if form.is_valid():
contact = form.save(commit=False)
# set up the user information
contact.creator = request.user
contact.creator_username = request.user.username
contact.owner = request.user
contact.owner_username = request.user.username
contact.save()
ObjectPermission.objects.assign(contact.creator, contact)
return HttpResponseRedirect(reverse('contact', args=[contact.pk]))
else:
form = form_class()
print form_class()
return render_to_response(template_name, {'form':form},
context_instance=RequestContext(request))
else:
raise Http403
def pricing_delete(request, id, template_name="jobs/pricing-delete.html"):
job_pricing = get_object_or_404(JobPricing, pk=id)
if not has_perm(request.user, 'jobs.delete_jobpricing'):
raise Http403
if request.method == "POST":
log_defaults = {
'event_id': 265120,
'event_data': '%s (%d) deleted by %s' % (
job_pricing._meta.object_name,
job_pricing.pk,
request.user
),
'description': '%s deleted' % job_pricing._meta.object_name,
'user': request.user,
'request': request,
'instance': job_pricing,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, 'Successfully deleted %s' % job_pricing)
job_pricing.delete()
return HttpResponseRedirect(reverse('job_pricing.search'))
return render_to_response(template_name, {'job_pricing': job_pricing},
context_instance=RequestContext(request))
def upload_file(request, template_name="theme_editor/upload.html"):
# if no permission; raise 403 exception
if not has_perm(request.user,'theme_editor.add_themefileversion'):
raise Http403
if request.method == 'POST':
form = UploadForm(request.POST, request.FILES)
if form.is_valid():
upload = request.FILES['upload']
file_dir = form.cleaned_data['file_dir']
overwrite = form.cleaned_data['overwrite']
full_filename = os.path.join(settings.PROJECT_ROOT, "themes",
get_theme(), file_dir, upload.name)
if os.path.isfile(full_filename) and not overwrite:
response = {
"error":"file already exists",
"file_name": os.path.join(file_dir, upload.name),
}
return HttpResponse(json.dumps(response), mimetype='application/json')
else:
handle_uploaded_file(upload)
response = {
"success":True
}
messages.add_message(request, messages.INFO, ('Successfully uploaded %s.' % (upload.name)))
return HttpResponse(json.dumps(response), mimetype='application/json')
else:
form = UploadForm()
return render_to_response(template_name, {'form':form},
context_instance=RequestContext(request))
def edit(request, id, form_class=EntityForm, template_name="entities/edit.html"):
entity = get_object_or_404(Entity, pk=id)
if has_perm(request.user,'entities.change_entity',entity):
if request.method == "POST":
form = form_class(request.POST, instance=entity, user=request.user)
if form.is_valid():
entity = form.save(commit=False)
# update all permissions and save the model
entity = update_perms_and_save(request, form, entity)
log_defaults = {
'event_id' : 292000,
'event_data': '%s (%d) edited by %s' % (entity._meta.object_name, entity.pk, request.user),
'description': '%s edited' % entity._meta.object_name,
'user': request.user,
'request': request,
'instance': entity,
}
EventLog.objects.log(**log_defaults)
return HttpResponseRedirect(reverse('entity', args=[entity.pk]))
else:
form = form_class(instance=entity, user=request.user)
return render_to_response(template_name, {'entity': entity, 'form':form},
context_instance=RequestContext(request))
else:
raise Http403
def edit_meta(request, id, form_class=MetaForm, template_name="news/edit-meta.html"):
# check permission
news = get_object_or_404(News, pk=id)
if not has_perm(request.user, "news.change_news", news):
raise Http403
defaults = {
"title": news.get_title(),
"description": news.get_description(),
"keywords": news.get_keywords(),
"canonical_url": news.get_canonical_url(),
}
news.meta = MetaTags(**defaults)
if request.method == "POST":
form = form_class(request.POST, instance=news.meta)
if form.is_valid():
news.meta = form.save() # save meta
news.save() # save relationship
messages.add_message(request, messages.SUCCESS, "Successfully updated meta for %s" % news)
return HttpResponseRedirect(reverse("news.view", args=[news.slug]))
else:
form = form_class(instance=news.meta)
return render_to_response(template_name, {"news": news, "form": form}, context_instance=RequestContext(request))
def user_role_edit(request, username, membership_id, form_class=GroupMembershipEditForm, template_name="profiles/edit_role.html"):
user = get_object_or_404(User, username=username)
membership = get_object_or_404(GroupMembership, id=membership_id)
try:
profile = Profile.objects.get(user=user)
except Profile.DoesNotExist:
profile = Profile.objects.create_profile(user=user)
if not profile.allow_edit_by(request.user):
raise Http403
if not has_perm(request.user,'user_groups.view_group', membership.group):
raise Http403
if request.method == 'POST':
form = form_class(request.POST, instance=membership)
if form.is_valid():
form.save()
messages.add_message(request, messages.SUCCESS, 'Successfully edited membership for %s' % membership.group)
return HttpResponseRedirect("%s%s" % (reverse('profile', args=[user.username]),'#userview-groups'))
else:
form = form_class(instance=membership)
return render_to_response(template_name, {
'form': form,
'membership': membership,
}, context_instance=RequestContext(request))
def add(request, form_class=EntityForm, template_name="entities/add.html"):
if has_perm(request.user,'entities.add_entity'):
if request.method == "POST":
form = form_class(request.POST, user=request.user)
if form.is_valid():
entity = form.save(commit=False)
# update all permissions and save the model
entity = update_perms_and_save(request, form, entity)
log_defaults = {
'event_id' : 291000,
'event_data': '%s (%d) added by %s' % (entity._meta.object_name, entity.pk, request.user),
'description': '%s added' % entity._meta.object_name,
'user': request.user,
'request': request,
'instance': entity,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % entity)
return HttpResponseRedirect(reverse('entity', args=[entity.pk]))
else:
form = form_class(user=request.user)
return render_to_response(template_name, {'form':form},
context_instance=RequestContext(request))
else:
raise Http403
def edit(request, id, form_class=ResumeForm, template_name="resumes/edit.html"):
resume = get_object_or_404(Resume, pk=id)
if has_perm(request.user,'resumes.change_resume',resume):
if request.method == "POST":
form = form_class(request.POST, instance=resume, user=request.user)
if form.is_valid():
resume = form.save(commit=False)
resume = update_perms_and_save(request, form, resume)
log_defaults = {
'event_id' : 352000,
'event_data': '%s (%d) edited by %s' % (resume._meta.object_name, resume.pk, request.user),
'description': '%s edited' % resume._meta.object_name,
'user': request.user,
'request': request,
'instance': resume,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, 'Successfully updated %s' % resume)
return HttpResponseRedirect(reverse('resume', args=[resume.slug]))
else:
form = form_class(instance=resume, user=request.user)
return render_to_response(template_name, {'resume': resume, 'form':form},
context_instance=RequestContext(request))
else:
raise Http403
def template_update(request, template_id):
"""
This method makes use of the same files to update the CM Template.
Useful for updating data/content only and retaining design.
"""
template = get_object_or_404(Template, template_id=template_id)
if not has_perm(request.user, 'campaign_monitor.change_template',
template):
raise Http403
#set up urls
site_url = get_setting('site', 'global', 'siteurl')
html_url = str("%s%s" % (site_url, template.get_html_url()))
if template.zip_file:
zip_url = str("%s%s" % (site_url, template.get_zip_url()))
else:
zip_url = ""
#sync with campaign monitor
try:
t = CST(template_id=template.template_id)
t.update(str(template.name), html_url, zip_url)
except BadRequest, e:
messages.add_message(
request, messages.ERROR,
'Bad Request %s: %s' % (e.data.Code, e.data.Message))
return redirect(template)
def delete(request, id, template_name="resumes/delete.html"):
resume = get_object_or_404(Resume, pk=id)
if has_perm(request.user,'resumes.delete_resume'):
if request.method == "POST":
log_defaults = {
'event_id' : 433000,
'event_data': '%s (%d) deleted by %s' % (resume._meta.object_name, resume.pk, request.user),
'description': '%s deleted' % resume._meta.object_name,
'user': request.user,
'request': request,
'instance': resume,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, 'Successfully deleted %s' % resume)
# send notification to administrators
recipients = get_notice_recipients('module', 'resumes', 'resumerecipients')
if recipients:
if notification:
extra_context = {
'object': resume,
'request': request,
}
notification.send_emails(recipients,'resume_deleted', extra_context)
resume.delete()
return HttpResponseRedirect(reverse('resume.search'))
return render_to_response(template_name, {'resume': resume},
context_instance=RequestContext(request))
else:
raise Http403
def add(request, form_class=NavForm, template_name="navs/add.html"):
if not has_perm(request.user, 'navs.add_nav'):
raise Http403
if request.method == "POST":
form = form_class(request.POST, user=request.user)
if form.is_valid():
nav = form.save(commit=False)
nav = update_perms_and_save(request, form, nav)
log_defaults = {
'event_id' : 195100,
'event_data': '%s (%d) added by %s' % (nav._meta.object_name, nav.pk, request.user),
'description': '%s added' % nav._meta.object_name,
'user': request.user,
'request': request,
'instance': nav,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % nav)
return redirect('navs.edit_items', id=nav.id)
else:
form = form_class(user=request.user)
return render_to_response(
template_name,
{'form':form},
context_instance=RequestContext(request),
)
def edit(request, id, form_class=FileForm, template_name="files/edit.html"):
file = get_object_or_404(File, pk=id)
# check permission
if not has_perm(request.user,'files.change_file',file):
raise Http403
if request.method == "POST":
form = form_class(request.POST, request.FILES, instance=file, user=request.user)
if form.is_valid():
file = form.save(commit=False)
file.name = file.file.path.split('/')[-1]
# update all permissions and save the model
file = update_perms_and_save(request, form, file)
log_defaults = {
'event_id' : 182000,
'event_data': '%s (%d) edited by %s' % (file._meta.object_name, file.pk, request.user),
'description': '%s edited' % file._meta.object_name,
'user': request.user,
'request': request,
'instance': file,
}
EventLog.objects.log(**log_defaults)
return HttpResponseRedirect(reverse('file.search'))
else:
form = form_class(instance=file, user=request.user)
return render_to_response(template_name, {'file': file, 'form':form},
context_instance=RequestContext(request))
def single_setting(request, scope, scope_category, name, template_name="site_settings/list.html"):
if not has_perm(request.user,'site_settings.change_setting'):
raise Http403
settings = Setting.objects.filter(scope=scope, scope_category=scope_category, name=name).order_by('label')
if not settings:
raise Http404
if request.method == 'POST':
form = build_settings_form(request.user, settings)(request.POST, request.FILES)
if form.is_valid():
# this save method is overriden in the forms.py
form.save()
try:
if form.cleaned_data['theme']:
from django.core.management import call_command
call_command('hide_settings', 'theme')
call_command('update_settings', 'themes.%s' % form.cleaned_data['theme'].lstrip())
except:
pass
messages.add_message(request, messages.SUCCESS, 'Successfully saved %s settings' % name.replace('_',' ').title())
redirect_to = request.REQUEST.get('next', '')
if redirect_to:
return HttpResponseRedirect(redirect_to)
else:
form = build_settings_form(request.user, settings)()
return render_to_response(template_name, {'form': form }, context_instance=RequestContext(request))
