def details(request, slug=None, cv=None):
"""Staff plugin details view"""
staff = get_object_or_404(Staff, slug=slug)
# non-admin can not view the non-active content
# status=0 has been taken care of in the has_perm function
if (staff.status_detail).lower() <> 'active' and (not is_admin(request.user)):
raise Http403
if cv:
template_name="staff/cv.html"
else:
template_name="staff/view.html"
if has_view_perm(request.user, 'staff.view_staff', staff):
log_defaults = {
'event_id' : 1080500,
'event_data': '%s (%d) viewed by %s' % (staff._meta.object_name, staff.pk, request.user),
'description': '%s viewed' % staff._meta.object_name,
'user': request.user,
'request': request,
'instance': staff,
}
EventLog.objects.log(**log_defaults)
return render_to_response(template_name, {'staff': staff},
context_instance=RequestContext(request))
else:
raise Http403
def group_membership_self_remove(request, slug, user_id):
group = get_object_or_404(Group, slug=slug)
if not has_view_perm(request.user,'user_groups.view_group', group) and not group.allow_self_remove:
raise Http403
user = get_object_or_404(User, pk=user_id)
group_membership = GroupMembership.objects.filter(member=user, group=group)
if group_membership:
group_membership = group_membership[0]
if group_membership.member == user:
log_defaults = {
'event_id' : 223000,
'event_data': '%s (%d) deleted by %s' % (group_membership._meta.object_name, group_membership.pk, request.user),
'description': '%s deleted' % group_membership._meta.object_name,
'user': request.user,
'request': request,
'instance': group_membership,
}
EventLog.objects.log(**log_defaults)
group_membership.delete()
messages.add_message(request, messages.SUCCESS, 'Successfully removed yourself from group %s' % group)
else:
messages.add_message(request, messages.INFO, 'You are not in the group %s' % group)
return HttpResponseRedirect(reverse('group.search'))
def index(request, slug=None, template_name="case_studies/view.html"):
if not slug: return HttpResponseRedirect(reverse('case_study'))
case_study = get_object_or_404(CaseStudy, slug=slug)
services = Service.objects.all()
technologies = Technology.objects.all()
# non-admin can not view the non-active content
# status=0 has been taken care of in the has_perm function
if (case_study.status_detail).lower() <> 'active' and (not is_admin(request.user)):
raise Http403
if has_view_perm(request.user, 'case_studies.view_casestudy', case_study):
log_defaults = {
'event_id' : 1000500,
'event_data': '%s (%d) viewed by %s' % (case_study._meta.object_name, case_study.pk, request.user),
'description': '%s viewed' % case_study._meta.object_name,
'user': request.user,
'request': request,
'instance': case_study,
}
EventLog.objects.log(**log_defaults)
return render_to_response(template_name, {'case_study': case_study, 'services': services, 'technologies': technologies},
context_instance=RequestContext(request))
else:
raise Http403
def photoset_details(request, id, template_name="photos/photo-set/details.html"):
""" View photos in photo set """
photo_set = get_object_or_404(PhotoSet, id=id)
if not has_view_perm(request.user, 'photos.view_photoset', photo_set):
raise Http403
order = get_setting('module', 'photos', 'photoordering')
if order == 'descending':
photos = photo_set.get_images(user=request.user).order_by('-pk')
else:
photos = photo_set.get_images(user=request.user).order_by('pk')
EventLog.objects.log(**{
'event_id' : 991500,
'event_data': '%s (%d) viewed by %s' % (photo_set._meta.object_name, photo_set.pk, request.user),
'description': '%s viewed' % photo_set._meta.object_name,
'user': request.user,
'request': request,
'instance': photo_set,
})
return render_to_response(template_name, {
"photos": photos,
"photo_set": photo_set,
}, context_instance=RequestContext(request))
def print_view(request, id, template_name="contacts/print-view.html"):
contact = get_object_or_404(Contact, pk=id)
if has_view_perm(request.user,'contacts.view_contact',contact):
return render_to_response(template_name, {'contact': contact},
context_instance=RequestContext(request))
else:
raise Http403
def details(request, id=None, template_name="contacts/view.html"):
if not id: return HttpResponseRedirect(reverse('contacts'))
contact = get_object_or_404(Contact, pk=id)
if has_view_perm(request.user,'contacts.view_contact',contact):
return render_to_response(template_name, {'contact': contact},
context_instance=RequestContext(request))
else:
raise Http403
def print_view(request, id, template_name="files/print-view.html"):
file = get_object_or_404(File, pk=id)
# check permission
if not has_view_perm(request.user,'files.view_file',file):
raise Http403
return render_to_response(template_name, {'file': file},
context_instance=RequestContext(request))
def print_details(request, id, template_name="stories/print_details.html"):
story = get_object_or_404(Story, pk=id)
if not has_view_perm(request.user,'stories.view_story', story):
raise Http403
log_defaults = {
'event_id' : 1060501,
'event_data': '%s (%d) print viewed by %s' % (story._meta.object_name, story.pk, request.user),
'description': '%s print viewed' % story._meta.object_name,
'user': request.user,
'request': request,
'instance': story,
}
EventLog.objects.log(**log_defaults)
return render_to_response(template_name, {'story': story},
context_instance=RequestContext(request))
def print_view(request, slug, template_name="services/print-view.html"):
service = get_object_or_404(Service, slug=slug)
if has_view_perm(request.user,'services.view_service', service):
log_defaults = {
'event_id' : 355001,
'event_data': '%s (%d) viewed by %s' % (service._meta.object_name, service.pk, request.user),
'description': '%s viewed - print view' % service._meta.object_name,
'user': request.user,
'request': request,
'instance': service,
}
EventLog.objects.log(**log_defaults)
return render_to_response(template_name, {'service': service},
context_instance=RequestContext(request))
else:
raise Http403
def index(request, id=None, template_name="locations/view.html"):
if not id: return HttpResponseRedirect(reverse('locations'))
location = get_object_or_404(Location, pk=id)
if has_view_perm(request.user,'locations.view_location',location):
log_defaults = {
'event_id' : 835000,
'event_data': '%s (%d) viewed by %s' % (location._meta.object_name, location.pk, request.user),
'description': '%s viewed' % location._meta.object_name,
'user': request.user,
'request': request,
'instance': location,
}
EventLog.objects.log(**log_defaults)
return render_to_response(template_name, {'location': location},
context_instance=RequestContext(request))
else:
raise Http403
def index(request, slug=None, template_name="resumes/view.html"):
if not slug: return HttpResponseRedirect(reverse('resume.search'))
resume = get_object_or_404(Resume, slug=slug)
if has_view_perm(request.user,'resumes.view_resume',resume):
log_defaults = {
'event_id' : 355000,
'event_data': '%s (%d) viewed by %s' % (resume._meta.object_name, resume.pk, request.user),
'description': '%s viewed' % resume._meta.object_name,
'user': request.user,
'request': request,
'instance': resume,
}
EventLog.objects.log(**log_defaults)
return render_to_response(template_name, {'resume': resume},
context_instance=RequestContext(request))
else:
raise Http403
def details(request, slug, template_name="help_files/details.html"):
"""Help file details"""
help_file = get_object_or_404(HelpFile, slug=slug)
if has_view_perm(request.user, "help_files.view_helpfile", help_file):
HelpFile.objects.filter(pk=help_file.pk).update(view_totals=help_file.view_totals + 1)
log_defaults = {
"event_id": 1000500,
"event_data": "%s (%d) viewed by %s" % (help_file._meta.object_name, help_file.pk, request.user),
"description": "%s viewed" % help_file._meta.object_name,
"user": request.user,
"request": request,
"instance": help_file,
}
EventLog.objects.log(**log_defaults)
return render_to_response(template_name, {"help_file": help_file}, context_instance=RequestContext(request))
else:
raise Http403
def print_view(request, slug, template_name="jobs/print-view.html"):
job = get_object_or_404(Job, slug=slug)
can_view = has_view_perm(request.user, 'jobs.view_job', job)
if can_view:
log_defaults = {
'event_id': 255001,
'event_data': '%s (%d) viewed by %s' % (job._meta.object_name, job.pk, request.user),
'description': '%s viewed - print view' % job._meta.object_name,
'user': request.user,
'request': request,
'instance': job,
}
EventLog.objects.log(**log_defaults)
return render_to_response(template_name, {'job': job},
context_instance=RequestContext(request))
else:
raise Http403
def group_detail(request, group_slug, template_name="user_groups/detail.html"):
group = get_object_or_404(Group, slug=group_slug)
if not has_view_perm(request.user,'user_groups.view_group',group): raise Http403
log_defaults = {
'event_id' : 165000,
'event_data': '%s (%d) viewed by %s' % (group._meta.object_name, group.pk, request.user),
'description': '%s viewed' % group._meta.object_name,
'user': request.user,
'request': request,
'instance': group,
}
EventLog.objects.log(**log_defaults)
groupmemberships = GroupMembership.objects.filter(group=group).order_by('member__last_name')
#members = group.members.all()
count_members = len(groupmemberships)
return render_to_response(template_name, locals(), context_instance=RequestContext(request))
def sizes(request, id, size_name='', template_name="photos/sizes.html"):
""" Show all photo sizes """
photo = get_object_or_404(Image, id=id)
if not has_view_perm(request.user, 'photologue.view_photo', photo):
raise Http403
# security-check on size name
if not size_name: return redirect('photo_square', id=id)
# get sizes
if size_name == 'original':
sizes = (photo.image.width, photo.image.height)
else: # use photologue size table
if not photo.file_exists(): raise Http404
sizes = getattr(photo, 'get_%s_size' % size_name)()
# get download url
if size_name == 'square':
source_url = reverse('photo.size', kwargs={'id':id, 'crop':'crop', 'size':"%sx%s" % sizes})
download_url = reverse('photo_crop_download', kwargs={'id':id, 'size':"%sx%s" % sizes})
else:
source_url = reverse('photo.size', kwargs={'id':id, 'size':"%sx%s" % sizes})
download_url = reverse('photo_download', kwargs={'id':id, 'size':"%sx%s" % sizes})
original_source_url = reverse('photo.size', kwargs={'id':id, 'size':"%sx%s" % (photo.image.width, photo.image.height)})
view_original_requirments = [
is_admin(request.user),
request.user == photo.creator,
request.user == photo.owner,
photo.get_license().name != 'All Rights Reserved',
]
return render_to_response(template_name, {
"photo": photo,
"size_name": size_name.replace("_"," "),
"download_url": download_url,
"source_url": source_url,
"original_source_url": original_source_url,
"can_view_original": any(view_original_requirments),
}, context_instance=RequestContext(request))
def index(request, slug=None, template_name="articles/view.html"):
if not slug: return HttpResponseRedirect(reverse('articles'))
article = get_object_or_404(Article, slug=slug)
# non-admin can not view the non-active content
# status=0 has been taken care of in the has_perm function
if (article.status_detail).lower() != 'active' and (not is_admin(request.user)):
raise Http403
if has_view_perm(request.user, 'articles.view_article', article):
log_defaults = {
'event_id' : 435000,
'event_data': '%s (%d) viewed by %s' % (article._meta.object_name, article.pk, request.user),
'description': '%s viewed' % article._meta.object_name,
'user': request.user,
'request': request,
'instance': article,
}
EventLog.objects.log(**log_defaults)
return render_to_response(template_name, {'article': article},
context_instance=RequestContext(request))
else:
raise Http403
def details(request, pk=None, template_name="quotes/view.html"):
if not pk: return HttpResponseRedirect(reverse('quotes'))
quote = get_object_or_404(Quote, pk=pk)
# non-admin can not view the non-active content
# status=0 has been taken care of in the has_perm function
if (quote.status_detail).lower() != 'active' and (not is_admin(request.user)):
raise Http403
if has_view_perm(request.user, 'quotes.view_quote', quote):
log_defaults = {
'event_id' : 155000,
'event_data': '%s (%d) viewed by %s' % (quote._meta.object_name, quote.pk, request.user),
'description': '%s viewed' % quote._meta.object_name,
'user': request.user,
'request': request,
'instance': quote,
}
EventLog.objects.log(**log_defaults)
return render_to_response(template_name, {'quote': quote},
context_instance=RequestContext(request))
else:
raise Http403
def group_membership_self_add(request, slug, user_id):
group = get_object_or_404(Group, slug=slug)
user = get_object_or_404(User, pk=user_id)
if not has_view_perm(request.user,'user_groups.view_group', group) and not group.allow_self_add:
raise Http403
group_membership = GroupMembership.objects.filter(member=user, group=group)
if not group_membership:
group_membership = GroupMembership()
group_membership.group = group
group_membership.member = user
group_membership.creator_id = user.id
group_membership.creator_username = user.username
group_membership.owner_id = user.id
group_membership.owner_username = user.username
group_membership.save()
log_defaults = {
'event_id' : 221000,
'event_data': '%s (%d) added by %s' % (group_membership._meta.object_name, group_membership.pk, request.user),
'description': '%s added' % group_membership._meta.object_name,
'user': request.user,
'request': request,
'instance': group_membership,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, 'Successfully added yourself to group %s' % group)
else:
messages.add_message(request, messages.INFO, 'You are already in the group %s' % group)
return HttpResponseRedirect(reverse('group.search'))
def detail(request, id, template_name="navs/detail.html"):
nav = get_object_or_404(Nav, id=id)
if not has_view_perm(request.user, 'navs.view_nav', nav):
raise Http403
log_defaults = {
'event_id': 195500,
'event_data': '%s (%d) viewed by %s' % (
nav._meta.object_name,
nav.pk, request.user
),
'description': '%s viewed' % nav._meta.object_name,
'user': request.user,
'request': request,
'instance': nav,
}
EventLog.objects.log(**log_defaults)
return render_to_response(
template_name,
{'current_nav':nav},
context_instance=RequestContext(request),
)
def details(request, slug=None, template_name="jobs/view.html"):
if not slug:
return HttpResponseRedirect(reverse('jobs'))
job = get_object_or_404(Job.objects.select_related(), slug=slug)
can_view = has_view_perm(request.user, 'jobs.view_job', job)
if can_view:
log_defaults = {
'event_id': 255000,
'event_data': '%s (%d) viewed by %s' % (
job._meta.object_name,
job.pk, request.user
),
'description': '%s viewed' % job._meta.object_name,
'user': request.user,
'request': request,
'instance': job,
}
EventLog.objects.log(**log_defaults)
return render_to_response(template_name, {'job': job},
context_instance=RequestContext(request))
else:
raise Http403
def details(request, id=None, size=None, crop=False, quality=90, download=False, template_name="files/details.html"):
from files.search_indexes import FileIndex
if not id: return HttpResponseRedirect(reverse('file.search'))
# if string and digit convert to integer
if isinstance(quality, unicode) and quality.isdigit():
quality = int(quality)
file = get_object_or_404(File, pk=id)
if not has_view_perm(request.user, 'files.view_file', file):
raise Http403
# check 'if public'
if not file.is_public:
if not request.user.is_authenticated():
raise Http403
# get image binary
try:
data = file.file.read()
file.file.close()
except IOError: # no such file or directory
raise Http404
# log downloads and views
if download:
# if filew download
attachment = 'attachment;'
log_defaults = {
'event_id' : 185000,
'event_data': '%s %s (%d) dowloaded by %s' % (file.type(), file._meta.object_name, file.pk, request.user),
'description': '%s downloaded' % file._meta.object_name,
'user': request.user,
'request': request,
'instance': file,
}
EventLog.objects.log(**log_defaults)
else:
attachment = ''
if file.type() != 'image':
# log file view
EventLog.objects.log(**{
'event_id' : 186000,
'event_data': '%s %s (%d) viewed by %s' % (file.type(), file._meta.object_name, file.pk, request.user),
'description': '%s viewed' % file._meta.object_name,
'user': request.user,
'request': request,
'instance': file,
})
# update index
if file.type() != 'image':
file_index = FileIndex(File)
file_index.update_object(file)
# if image size specified
if file.type()=='image' and size: # if size specified
size= [int(s) for s in size.split('x')] # convert to list
# gets resized image from cache or rebuilds
image = get_image(file.file, size, FILE_IMAGE_PRE_KEY, cache=True, unique_key=None)
image = get_image(file.file, size, FILE_IMAGE_PRE_KEY, cache=True, crop=crop, quality=quality, unique_key=None)
response = HttpResponse(mimetype='image/jpeg')
response['Content-Disposition'] = '%s filename=%s'% (attachment, file.get_name())
image.save(response, "JPEG", quality=quality)
return response
# set mimetype
if file.mime_type():
response = HttpResponse(data, mimetype=file.mime_type())
else: raise Http404
# return response
response['Content-Disposition'] = '%s filename=%s'% (attachment, file.get_name())
return response
def form_detail(request, slug, template="forms/form_detail.html"):
"""
Display a built form and handle submission.
"""
published = Form.objects.published(for_user=request.user)
form = get_object_or_404(published, slug=slug)
if not has_view_perm(request.user,'forms.view_form',form):
raise Http403
form_for_form = FormForForm(form, request.user, request.POST or None, request.FILES or None)
for field in form_for_form.fields:
form_for_form.fields[field].initial = request.GET.get(field, '')
if request.method == "POST":
if form_for_form.is_valid():
entry = form_for_form.save()
entry.entry_path = request.POST.get("entry_path", "")
entry.save()
email_headers = {} # content type specified below
if form.email_from:
email_headers.update({'Reply-To':form.email_from})
subject = generate_email_subject(form, entry)
# fields aren't included in submitter body to prevent spam
admin_body = generate_admin_email_body(entry)
submitter_body = generate_submitter_email_body(entry)
email_from = form.email_from or settings.DEFAULT_FROM_EMAIL
sender = get_setting('site', 'global', 'siteemailnoreplyaddress')
email_to = form_for_form.email_to()
if email_to and form.send_email and form.email_text:
# Send message to the person who submitted the form.
msg = EmailMessage(subject, submitter_body, sender, [email_to], headers=email_headers)
msg.content_subtype = 'html'
msg.send()
email_from = email_to or email_from # Send from the email entered.
email_headers.update({'Reply-To':email_from})
email_copies = [e.strip() for e in form.email_copies.split(",")
if e.strip()]
if email_copies:
# Send message to the email addresses listed in the copies.
msg = EmailMessage(subject, admin_body, sender, email_copies, headers=email_headers)
msg.content_subtype = 'html'
for f in form_for_form.files.values():
f.seek(0)
msg.attach(f.name, f.read())
msg.send()
# payment redirect
if form.custom_payment:
# create the invoice
invoice = make_invoice_for_entry(entry, custom_price=form_for_form.cleaned_data.get('custom_price'))
# log an event for invoice add
log_defaults = {
'event_id' : 311000,
'event_data': '%s (%d) added by %s' % (invoice._meta.object_name, invoice.pk, request.user),
'description': '%s added' % invoice._meta.object_name,
'user': request.user,
'request': request,
'instance': invoice,
}
EventLog.objects.log(**log_defaults)
# redirect to billing form
return redirect('form_entry_payment', invoice.id, invoice.guid)
# default redirect
if form.completion_url:
return redirect(form.completion_url)
return redirect("form_sent", form.slug)
context = {"form": form, "form_for_form": form_for_form}
return render_to_response(template, context, RequestContext(request))
