def details(request, slug=None, cv=None): """Staff plugin details view""" staff = get_object_or_404(Staff, slug=slug) # non-admin can not view the non-active content # status=0 has been taken care of in the has_perm function if (staff.status_detail).lower() <> 'active' and (not is_admin(request.user)): raise Http403 if cv: template_name="staff/cv.html" else: template_name="staff/view.html" if has_view_perm(request.user, 'staff.view_staff', staff): log_defaults = { 'event_id' : 1080500, 'event_data': '%s (%d) viewed by %s' % (staff._meta.object_name, staff.pk, request.user), 'description': '%s viewed' % staff._meta.object_name, 'user': request.user, 'request': request, 'instance': staff, } EventLog.objects.log(**log_defaults) return render_to_response(template_name, {'staff': staff}, context_instance=RequestContext(request)) else: raise Http403
def group_membership_self_remove(request, slug, user_id): group = get_object_or_404(Group, slug=slug) if not has_view_perm(request.user,'user_groups.view_group', group) and not group.allow_self_remove: raise Http403 user = get_object_or_404(User, pk=user_id) group_membership = GroupMembership.objects.filter(member=user, group=group) if group_membership: group_membership = group_membership[0] if group_membership.member == user: log_defaults = { 'event_id' : 223000, 'event_data': '%s (%d) deleted by %s' % (group_membership._meta.object_name, group_membership.pk, request.user), 'description': '%s deleted' % group_membership._meta.object_name, 'user': request.user, 'request': request, 'instance': group_membership, } EventLog.objects.log(**log_defaults) group_membership.delete() messages.add_message(request, messages.SUCCESS, 'Successfully removed yourself from group %s' % group) else: messages.add_message(request, messages.INFO, 'You are not in the group %s' % group) return HttpResponseRedirect(reverse('group.search'))
def index(request, slug=None, template_name="case_studies/view.html"): if not slug: return HttpResponseRedirect(reverse('case_study')) case_study = get_object_or_404(CaseStudy, slug=slug) services = Service.objects.all() technologies = Technology.objects.all() # non-admin can not view the non-active content # status=0 has been taken care of in the has_perm function if (case_study.status_detail).lower() <> 'active' and (not is_admin(request.user)): raise Http403 if has_view_perm(request.user, 'case_studies.view_casestudy', case_study): log_defaults = { 'event_id' : 1000500, 'event_data': '%s (%d) viewed by %s' % (case_study._meta.object_name, case_study.pk, request.user), 'description': '%s viewed' % case_study._meta.object_name, 'user': request.user, 'request': request, 'instance': case_study, } EventLog.objects.log(**log_defaults) return render_to_response(template_name, {'case_study': case_study, 'services': services, 'technologies': technologies}, context_instance=RequestContext(request)) else: raise Http403
def photoset_details(request, id, template_name="photos/photo-set/details.html"): """ View photos in photo set """ photo_set = get_object_or_404(PhotoSet, id=id) if not has_view_perm(request.user, 'photos.view_photoset', photo_set): raise Http403 order = get_setting('module', 'photos', 'photoordering') if order == 'descending': photos = photo_set.get_images(user=request.user).order_by('-pk') else: photos = photo_set.get_images(user=request.user).order_by('pk') EventLog.objects.log(**{ 'event_id' : 991500, 'event_data': '%s (%d) viewed by %s' % (photo_set._meta.object_name, photo_set.pk, request.user), 'description': '%s viewed' % photo_set._meta.object_name, 'user': request.user, 'request': request, 'instance': photo_set, }) return render_to_response(template_name, { "photos": photos, "photo_set": photo_set, }, context_instance=RequestContext(request))
def print_view(request, id, template_name="contacts/print-view.html"): contact = get_object_or_404(Contact, pk=id) if has_view_perm(request.user,'contacts.view_contact',contact): return render_to_response(template_name, {'contact': contact}, context_instance=RequestContext(request)) else: raise Http403
def details(request, id=None, template_name="contacts/view.html"): if not id: return HttpResponseRedirect(reverse('contacts')) contact = get_object_or_404(Contact, pk=id) if has_view_perm(request.user,'contacts.view_contact',contact): return render_to_response(template_name, {'contact': contact}, context_instance=RequestContext(request)) else: raise Http403
def print_view(request, id, template_name="files/print-view.html"): file = get_object_or_404(File, pk=id) # check permission if not has_view_perm(request.user,'files.view_file',file): raise Http403 return render_to_response(template_name, {'file': file}, context_instance=RequestContext(request))
def print_details(request, id, template_name="stories/print_details.html"): story = get_object_or_404(Story, pk=id) if not has_view_perm(request.user,'stories.view_story', story): raise Http403 log_defaults = { 'event_id' : 1060501, 'event_data': '%s (%d) print viewed by %s' % (story._meta.object_name, story.pk, request.user), 'description': '%s print viewed' % story._meta.object_name, 'user': request.user, 'request': request, 'instance': story, } EventLog.objects.log(**log_defaults) return render_to_response(template_name, {'story': story}, context_instance=RequestContext(request))
def print_view(request, slug, template_name="services/print-view.html"): service = get_object_or_404(Service, slug=slug) if has_view_perm(request.user,'services.view_service', service): log_defaults = { 'event_id' : 355001, 'event_data': '%s (%d) viewed by %s' % (service._meta.object_name, service.pk, request.user), 'description': '%s viewed - print view' % service._meta.object_name, 'user': request.user, 'request': request, 'instance': service, } EventLog.objects.log(**log_defaults) return render_to_response(template_name, {'service': service}, context_instance=RequestContext(request)) else: raise Http403
def index(request, id=None, template_name="locations/view.html"): if not id: return HttpResponseRedirect(reverse('locations')) location = get_object_or_404(Location, pk=id) if has_view_perm(request.user,'locations.view_location',location): log_defaults = { 'event_id' : 835000, 'event_data': '%s (%d) viewed by %s' % (location._meta.object_name, location.pk, request.user), 'description': '%s viewed' % location._meta.object_name, 'user': request.user, 'request': request, 'instance': location, } EventLog.objects.log(**log_defaults) return render_to_response(template_name, {'location': location}, context_instance=RequestContext(request)) else: raise Http403
def index(request, slug=None, template_name="resumes/view.html"): if not slug: return HttpResponseRedirect(reverse('resume.search')) resume = get_object_or_404(Resume, slug=slug) if has_view_perm(request.user,'resumes.view_resume',resume): log_defaults = { 'event_id' : 355000, 'event_data': '%s (%d) viewed by %s' % (resume._meta.object_name, resume.pk, request.user), 'description': '%s viewed' % resume._meta.object_name, 'user': request.user, 'request': request, 'instance': resume, } EventLog.objects.log(**log_defaults) return render_to_response(template_name, {'resume': resume}, context_instance=RequestContext(request)) else: raise Http403
def details(request, slug, template_name="help_files/details.html"): """Help file details""" help_file = get_object_or_404(HelpFile, slug=slug) if has_view_perm(request.user, "help_files.view_helpfile", help_file): HelpFile.objects.filter(pk=help_file.pk).update(view_totals=help_file.view_totals + 1) log_defaults = { "event_id": 1000500, "event_data": "%s (%d) viewed by %s" % (help_file._meta.object_name, help_file.pk, request.user), "description": "%s viewed" % help_file._meta.object_name, "user": request.user, "request": request, "instance": help_file, } EventLog.objects.log(**log_defaults) return render_to_response(template_name, {"help_file": help_file}, context_instance=RequestContext(request)) else: raise Http403
def print_view(request, slug, template_name="jobs/print-view.html"): job = get_object_or_404(Job, slug=slug) can_view = has_view_perm(request.user, 'jobs.view_job', job) if can_view: log_defaults = { 'event_id': 255001, 'event_data': '%s (%d) viewed by %s' % (job._meta.object_name, job.pk, request.user), 'description': '%s viewed - print view' % job._meta.object_name, 'user': request.user, 'request': request, 'instance': job, } EventLog.objects.log(**log_defaults) return render_to_response(template_name, {'job': job}, context_instance=RequestContext(request)) else: raise Http403
def group_detail(request, group_slug, template_name="user_groups/detail.html"): group = get_object_or_404(Group, slug=group_slug) if not has_view_perm(request.user,'user_groups.view_group',group): raise Http403 log_defaults = { 'event_id' : 165000, 'event_data': '%s (%d) viewed by %s' % (group._meta.object_name, group.pk, request.user), 'description': '%s viewed' % group._meta.object_name, 'user': request.user, 'request': request, 'instance': group, } EventLog.objects.log(**log_defaults) groupmemberships = GroupMembership.objects.filter(group=group).order_by('member__last_name') #members = group.members.all() count_members = len(groupmemberships) return render_to_response(template_name, locals(), context_instance=RequestContext(request))
def sizes(request, id, size_name='', template_name="photos/sizes.html"): """ Show all photo sizes """ photo = get_object_or_404(Image, id=id) if not has_view_perm(request.user, 'photologue.view_photo', photo): raise Http403 # security-check on size name if not size_name: return redirect('photo_square', id=id) # get sizes if size_name == 'original': sizes = (photo.image.width, photo.image.height) else: # use photologue size table if not photo.file_exists(): raise Http404 sizes = getattr(photo, 'get_%s_size' % size_name)() # get download url if size_name == 'square': source_url = reverse('photo.size', kwargs={'id':id, 'crop':'crop', 'size':"%sx%s" % sizes}) download_url = reverse('photo_crop_download', kwargs={'id':id, 'size':"%sx%s" % sizes}) else: source_url = reverse('photo.size', kwargs={'id':id, 'size':"%sx%s" % sizes}) download_url = reverse('photo_download', kwargs={'id':id, 'size':"%sx%s" % sizes}) original_source_url = reverse('photo.size', kwargs={'id':id, 'size':"%sx%s" % (photo.image.width, photo.image.height)}) view_original_requirments = [ is_admin(request.user), request.user == photo.creator, request.user == photo.owner, photo.get_license().name != 'All Rights Reserved', ] return render_to_response(template_name, { "photo": photo, "size_name": size_name.replace("_"," "), "download_url": download_url, "source_url": source_url, "original_source_url": original_source_url, "can_view_original": any(view_original_requirments), }, context_instance=RequestContext(request))
def index(request, slug=None, template_name="articles/view.html"): if not slug: return HttpResponseRedirect(reverse('articles')) article = get_object_or_404(Article, slug=slug) # non-admin can not view the non-active content # status=0 has been taken care of in the has_perm function if (article.status_detail).lower() != 'active' and (not is_admin(request.user)): raise Http403 if has_view_perm(request.user, 'articles.view_article', article): log_defaults = { 'event_id' : 435000, 'event_data': '%s (%d) viewed by %s' % (article._meta.object_name, article.pk, request.user), 'description': '%s viewed' % article._meta.object_name, 'user': request.user, 'request': request, 'instance': article, } EventLog.objects.log(**log_defaults) return render_to_response(template_name, {'article': article}, context_instance=RequestContext(request)) else: raise Http403
def details(request, pk=None, template_name="quotes/view.html"): if not pk: return HttpResponseRedirect(reverse('quotes')) quote = get_object_or_404(Quote, pk=pk) # non-admin can not view the non-active content # status=0 has been taken care of in the has_perm function if (quote.status_detail).lower() != 'active' and (not is_admin(request.user)): raise Http403 if has_view_perm(request.user, 'quotes.view_quote', quote): log_defaults = { 'event_id' : 155000, 'event_data': '%s (%d) viewed by %s' % (quote._meta.object_name, quote.pk, request.user), 'description': '%s viewed' % quote._meta.object_name, 'user': request.user, 'request': request, 'instance': quote, } EventLog.objects.log(**log_defaults) return render_to_response(template_name, {'quote': quote}, context_instance=RequestContext(request)) else: raise Http403
def group_membership_self_add(request, slug, user_id): group = get_object_or_404(Group, slug=slug) user = get_object_or_404(User, pk=user_id) if not has_view_perm(request.user,'user_groups.view_group', group) and not group.allow_self_add: raise Http403 group_membership = GroupMembership.objects.filter(member=user, group=group) if not group_membership: group_membership = GroupMembership() group_membership.group = group group_membership.member = user group_membership.creator_id = user.id group_membership.creator_username = user.username group_membership.owner_id = user.id group_membership.owner_username = user.username group_membership.save() log_defaults = { 'event_id' : 221000, 'event_data': '%s (%d) added by %s' % (group_membership._meta.object_name, group_membership.pk, request.user), 'description': '%s added' % group_membership._meta.object_name, 'user': request.user, 'request': request, 'instance': group_membership, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, 'Successfully added yourself to group %s' % group) else: messages.add_message(request, messages.INFO, 'You are already in the group %s' % group) return HttpResponseRedirect(reverse('group.search'))
def detail(request, id, template_name="navs/detail.html"): nav = get_object_or_404(Nav, id=id) if not has_view_perm(request.user, 'navs.view_nav', nav): raise Http403 log_defaults = { 'event_id': 195500, 'event_data': '%s (%d) viewed by %s' % ( nav._meta.object_name, nav.pk, request.user ), 'description': '%s viewed' % nav._meta.object_name, 'user': request.user, 'request': request, 'instance': nav, } EventLog.objects.log(**log_defaults) return render_to_response( template_name, {'current_nav':nav}, context_instance=RequestContext(request), )
def details(request, slug=None, template_name="jobs/view.html"): if not slug: return HttpResponseRedirect(reverse('jobs')) job = get_object_or_404(Job.objects.select_related(), slug=slug) can_view = has_view_perm(request.user, 'jobs.view_job', job) if can_view: log_defaults = { 'event_id': 255000, 'event_data': '%s (%d) viewed by %s' % ( job._meta.object_name, job.pk, request.user ), 'description': '%s viewed' % job._meta.object_name, 'user': request.user, 'request': request, 'instance': job, } EventLog.objects.log(**log_defaults) return render_to_response(template_name, {'job': job}, context_instance=RequestContext(request)) else: raise Http403
def details(request, id=None, size=None, crop=False, quality=90, download=False, template_name="files/details.html"): from files.search_indexes import FileIndex if not id: return HttpResponseRedirect(reverse('file.search')) # if string and digit convert to integer if isinstance(quality, unicode) and quality.isdigit(): quality = int(quality) file = get_object_or_404(File, pk=id) if not has_view_perm(request.user, 'files.view_file', file): raise Http403 # check 'if public' if not file.is_public: if not request.user.is_authenticated(): raise Http403 # get image binary try: data = file.file.read() file.file.close() except IOError: # no such file or directory raise Http404 # log downloads and views if download: # if filew download attachment = 'attachment;' log_defaults = { 'event_id' : 185000, 'event_data': '%s %s (%d) dowloaded by %s' % (file.type(), file._meta.object_name, file.pk, request.user), 'description': '%s downloaded' % file._meta.object_name, 'user': request.user, 'request': request, 'instance': file, } EventLog.objects.log(**log_defaults) else: attachment = '' if file.type() != 'image': # log file view EventLog.objects.log(**{ 'event_id' : 186000, 'event_data': '%s %s (%d) viewed by %s' % (file.type(), file._meta.object_name, file.pk, request.user), 'description': '%s viewed' % file._meta.object_name, 'user': request.user, 'request': request, 'instance': file, }) # update index if file.type() != 'image': file_index = FileIndex(File) file_index.update_object(file) # if image size specified if file.type()=='image' and size: # if size specified size= [int(s) for s in size.split('x')] # convert to list # gets resized image from cache or rebuilds image = get_image(file.file, size, FILE_IMAGE_PRE_KEY, cache=True, unique_key=None) image = get_image(file.file, size, FILE_IMAGE_PRE_KEY, cache=True, crop=crop, quality=quality, unique_key=None) response = HttpResponse(mimetype='image/jpeg') response['Content-Disposition'] = '%s filename=%s'% (attachment, file.get_name()) image.save(response, "JPEG", quality=quality) return response # set mimetype if file.mime_type(): response = HttpResponse(data, mimetype=file.mime_type()) else: raise Http404 # return response response['Content-Disposition'] = '%s filename=%s'% (attachment, file.get_name()) return response
def form_detail(request, slug, template="forms/form_detail.html"): """ Display a built form and handle submission. """ published = Form.objects.published(for_user=request.user) form = get_object_or_404(published, slug=slug) if not has_view_perm(request.user,'forms.view_form',form): raise Http403 form_for_form = FormForForm(form, request.user, request.POST or None, request.FILES or None) for field in form_for_form.fields: form_for_form.fields[field].initial = request.GET.get(field, '') if request.method == "POST": if form_for_form.is_valid(): entry = form_for_form.save() entry.entry_path = request.POST.get("entry_path", "") entry.save() email_headers = {} # content type specified below if form.email_from: email_headers.update({'Reply-To':form.email_from}) subject = generate_email_subject(form, entry) # fields aren't included in submitter body to prevent spam admin_body = generate_admin_email_body(entry) submitter_body = generate_submitter_email_body(entry) email_from = form.email_from or settings.DEFAULT_FROM_EMAIL sender = get_setting('site', 'global', 'siteemailnoreplyaddress') email_to = form_for_form.email_to() if email_to and form.send_email and form.email_text: # Send message to the person who submitted the form. msg = EmailMessage(subject, submitter_body, sender, [email_to], headers=email_headers) msg.content_subtype = 'html' msg.send() email_from = email_to or email_from # Send from the email entered. email_headers.update({'Reply-To':email_from}) email_copies = [e.strip() for e in form.email_copies.split(",") if e.strip()] if email_copies: # Send message to the email addresses listed in the copies. msg = EmailMessage(subject, admin_body, sender, email_copies, headers=email_headers) msg.content_subtype = 'html' for f in form_for_form.files.values(): f.seek(0) msg.attach(f.name, f.read()) msg.send() # payment redirect if form.custom_payment: # create the invoice invoice = make_invoice_for_entry(entry, custom_price=form_for_form.cleaned_data.get('custom_price')) # log an event for invoice add log_defaults = { 'event_id' : 311000, 'event_data': '%s (%d) added by %s' % (invoice._meta.object_name, invoice.pk, request.user), 'description': '%s added' % invoice._meta.object_name, 'user': request.user, 'request': request, 'instance': invoice, } EventLog.objects.log(**log_defaults) # redirect to billing form return redirect('form_entry_payment', invoice.id, invoice.guid) # default redirect if form.completion_url: return redirect(form.completion_url) return redirect("form_sent", form.slug) context = {"form": form, "form_for_form": form_for_form} return render_to_response(template, context, RequestContext(request))