def locations_import_preview(request, id, template_name='locations/import-map-fields.html'): """ This will generate a form based on the uploaded CSV for field mapping. A preview will be generated based on the mapping given. """ locport = get_object_or_404(LocationImport, pk=id) if request.method == 'POST': form = ImportMapForm(request.POST, locport=locport) if form.is_valid(): # Show the user a preview based on the mapping cleaned_data = form.cleaned_data #file_path = os.path.join(settings.MEDIA_ROOT, locport.get_file().file.name) file_path = locport.get_file().file.name locations, stats = parse_locs_from_csv(file_path, cleaned_data) # return the form to use it for the confirm view template_name = 'locations/import-preview.html' return render_to_resp(request=request, template_name=template_name, context={ 'locations': locations, 'stats': stats, 'locport': locport, 'form': form, 'now': datetime.now(), }) else: form = ImportMapForm(locport=locport) return render_to_resp(request=request, template_name=template_name, context={ 'form': form, 'locport': locport, 'now': datetime.now(), })
def view_ticket(request): ticket_req = request.GET.get('ticket', '') ticket = False email = request.GET.get('email', '') error_message = '' if ticket_req and email: parts = ticket_req.split('-') queue = '-'.join(parts[0:-1]) ticket_id = parts[-1] try: ticket = Ticket.objects.get(id=ticket_id, queue__slug__iexact=queue, submitter_email__iexact=email) except: ticket = False error_message = _('Invalid ticket ID or e-mail address. Please try again.') if ticket: if request.user.is_staff: redirect_url = reverse('helpdesk_view', args=[ticket_id]) if 'close' in request.GET: redirect_url += '?close' return HttpResponseRedirect(redirect_url) if 'close' in request.GET and ticket.status == Ticket.RESOLVED_STATUS: from tendenci.apps.helpdesk.views.staff import update_ticket # Trick the update_ticket() view into thinking it's being called with # a valid POST. request.POST = { 'new_status': Ticket.CLOSED_STATUS, 'public': 1, 'title': ticket.title, 'comment': _('Submitter accepted resolution and closed ticket'), } if ticket.assigned_to: request.POST['owner'] = ticket.assigned_to.id request.GET = {} return update_ticket(request, ticket_id, public=True) # redirect user back to this ticket if possible. redirect_url = '' if helpdesk_settings.HELPDESK_NAVIGATION_ENABLED: redirect_url = reverse('helpdesk_view', args=[ticket_id]) return render_to_resp(request=request, template_name='helpdesk/public_view_ticket.html', context={ 'ticket': ticket, 'helpdesk_settings': helpdesk_settings, 'next': redirect_url, }) return render_to_resp(request=request, template_name='helpdesk/public_view_form.html', context={ 'ticket': ticket, 'email': email, 'error_message': error_message, 'helpdesk_settings': helpdesk_settings, })
def homepage(request): if not request.user.is_authenticated and helpdesk_settings.HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT: return HttpResponseRedirect(reverse('auth_login') + "?next=" + request.path) if (request.user.is_staff or (request.user.is_authenticated and helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE)): try: if getattr(request.user.usersettings.settings, 'login_view_ticketlist', False): return HttpResponseRedirect(reverse('helpdesk_list')) else: if request.user.is_staff: return HttpResponseRedirect(reverse('helpdesk_dashboard')) else: return HttpResponseRedirect(reverse('helpdesk_submit')) except UserSettings.DoesNotExist: return HttpResponseRedirect(reverse('helpdesk_dashboard')) if request.method == 'POST': form = PublicTicketForm(request.POST, request.FILES) form.fields['queue'].choices = [('', '--------')] + [[q.id, q.title] for q in Queue.objects.filter(allow_public_submission=True)] if form.is_valid(): if text_is_spam(form.cleaned_data['body'], request): # This submission is spam. Let's not save it. return render_to_resp(request=request, template_name='helpdesk/public_spam.html') else: ticket = form.save() return HttpResponseRedirect('%s?ticket=%s&email=%s'% ( reverse('helpdesk_public_view'), ticket.ticket_for_url, requests.utils.quote(ticket.submitter_email)) ) else: try: queue = Queue.objects.get(slug=request.GET.get('queue', None)) except Queue.DoesNotExist: queue = None initial_data = {} if queue: initial_data['queue'] = queue.id if request.user.is_authenticated and request.user.email: initial_data['submitter_email'] = request.user.email form = PublicTicketForm(initial=initial_data) form.fields['queue'].choices = [('', '--------')] + [[q.id, q.title] for q in Queue.objects.filter(allow_public_submission=True)] knowledgebase_categories = KBCategory.objects.all() return render_to_resp(request=request, template_name='helpdesk/public_homepage.html', context={ 'form': form, 'helpdesk_settings': helpdesk_settings, 'kb_categories': knowledgebase_categories })
def item(request, item): item = get_object_or_404(KBItem, pk=item) return render_to_resp(request=request, template_name='helpdesk/kb_item.html', context={ 'item': item, 'helpdesk_settings': helpdesk_settings, })
def directory_export(request, template_name="directories/export.html"): """Export Directories""" if not request.user.profile.is_superuser: raise Http403 form = DirectoryExportForm(request.POST or None) if request.method == "POST" and form.is_valid(): export_fields = form.cleaned_data['export_fields'] export_status_detail = form.cleaned_data['export_status_detail'] identifier = int(time.time()) temp_file_path = 'export/directories/%s_temp.csv' % identifier default_storage.save(temp_file_path, ContentFile('')) # start the process subprocess.Popen([python_executable(), "manage.py", "directory_export_process", '--export_fields=%s' % export_fields, '--export_status_detail=%s' % export_status_detail, '--identifier=%s' % identifier, '--user=%s' % request.user.id]) # log an event EventLog.objects.log() return HttpResponseRedirect(reverse('directory.export_status', args=[identifier])) context = {'form': form} return render_to_resp(request=request, template_name=template_name, context=context)
def delete(request, id, template_name="files/delete.html"): file = get_object_or_404(File, pk=id) # check permission if not has_perm(request.user, 'files.delete_file'): raise Http403 if request.method in ["POST", 'DELETE']: # reassign owner to current user file.owner = request.user file.owner_username = request.user.username file.save() file.delete() if request.method == 'DELETE': # used by tinymce upload return HttpResponse('true') if 'ajax' in request.POST: return HttpResponse('Ok') else: return HttpResponseRedirect(reverse('file.search')) return render_to_resp( request=request, template_name=template_name, context={ 'file': file })
def detail(request, slug, template_name="committees/detail.html"): committee = get_object_or_404(Committee, slug=slug) if has_perm(request.user, 'committees.view_committee', committee): EventLog.objects.log(instance=committee) officers = committee.officers() #has_group_view_permission is True if there is at least one #group where the user is a member that has a view_committee permission. has_group_view_permission = False #Check user for group view permissions if request.user.is_authenticated: groups = request.user.group_set.all() perms = has_groups_perms(committee).filter(group__in=groups) for perm in perms: #Check if permission has view committee permission has_group_view_permission |= perm.codename == 'view_committee' if has_group_view_permission: break filters = get_query_filters(request.user, 'files.view_file') files = File.objects.filter(filters).filter(group=committee.group).distinct() return render_to_resp(request=request, template_name=template_name, context={ 'committee': committee, 'officers': officers, 'files': files, 'has_group_view_permission': has_group_view_permission, }) else: raise Http403
def locations_import_upload(request, template_name='locations/import-upload-file.html'): """ This is the upload view for the location imports. This will upload the location import file and then redirect the user to the import mapping/preview page of the import file """ if request.method == 'POST': form = UploadForm(request.POST, request.FILES) if form.is_valid(): locport = LocationImport.objects.create(creator=request.user) csv = File.objects.save_files_for_instance(request, locport)[0] file_path = str(csv.file.name) import_valid, import_errs = is_import_valid(file_path) if not import_valid: for err in import_errs: messages.add_message(request, messages.ERROR, err) locport.delete() return redirect('locations_import_upload_file') EventLog.objects.log() # reset the password_promt session del request.session['password_promt'] return redirect('locations_import_preview', locport.id) else: form = UploadForm() return render_to_resp(request=request, template_name=template_name, context={ 'form': form, 'now': datetime.now(), })
def delete(request, id, template_name="committees/delete.html"): committee = get_object_or_404(Committee, pk=id) if not has_perm(request.user, 'committees.delete_committee'): raise Http403 if request.method == "POST": EventLog.objects.log(instance=committee) messages.add_message(request, messages.SUCCESS, 'Successfully deleted %s' % committee) # send notification to administrators recipients = get_notice_recipients('module', 'committees', 'committeerecipients') if recipients: if notification: extra_context = { 'object': committee, 'request': request, } notification.send_emails(recipients, 'committee_deleted', extra_context) committee.delete() return HttpResponseRedirect(reverse('committees.search')) return render_to_resp(request=request, template_name=template_name, context={'committee': committee})
def detail(request, id, template_name="discounts/view.html"): discount = get_object_or_404(Discount, id=id) if not has_perm(request.user, 'discounts.view_discount', discount): raise Http403 registrations = Registration.objects.filter(invoice__discount_code=discount.discount_code) registrant_list = [] for registration in registrations: registrant_list += registration.registrant_set.filter(discount_amount__gt=0) memberships = MembershipSet.objects.filter(invoice__discount_code=discount.discount_code) membership_list = [] for membership in memberships: count = DiscountUse.objects.filter(invoice=membership.invoice).count() membership_list += membership.membershipdefault_set.all()[:count] EventLog.objects.log(instance=discount) return render_to_resp( request=request, template_name=template_name, context={'discount':discount, 'registrant_list':registrant_list, 'membership_list':membership_list} )
def add(request, form_class=HelpFileForm, template_name="help_files/add.html"): if has_perm(request.user,'help_files.add_helpfile'): if request.method == "POST": form = form_class(request.POST, user=request.user) if form.is_valid(): help_file = form.save(commit=False) # add all permissions and save the model help_file = update_perms_and_save(request, form, help_file) form.save_m2m() msg_string = 'Successfully added %s' % help_file messages.add_message(request, messages.SUCCESS, _(msg_string)) # # send notification to administrator(s) and module recipient(s) # recipients = get_notice_recipients('module', 'help_files', 'helpfilerecipients') # # if recipients and notification: # notification.send_emails(recipients,'help_file_added', { # 'object': help_file, # 'request': request, # }) return HttpResponseRedirect(reverse('help_file.details', args=[help_file.slug])) else: form = form_class(user=request.user) return render_to_resp(request=request, template_name=template_name, context={'form':form}) else: raise Http403
def api(request, method): """ Regardless of any other paramaters, we provide a help screen to the user if they requested one. If the user isn't looking for help, then we enforce a few conditions: * The request must be sent via HTTP POST * The request must contain a 'user' and 'password' which must be valid users * The method must match one of the public methods of the API class. """ if method == 'help': return render_to_resp(request=request, template_name='helpdesk/help_api.html') if request.method != 'POST': return api_return(STATUS_ERROR_BADMETHOD) # TODO: Move away from having the username & password in every request. request.user = authenticate( request=request, username=request.POST.get('user', False), password=request.POST.get('password'), ) if request.user is None: return api_return(STATUS_ERROR_PERMISSIONS) api = API(request) if hasattr(api, 'api_public_%s' % method): return getattr(api, 'api_public_%s' % method)() return api_return(STATUS_ERROR)
def locations_import_confirm(request, id, template_name='locations/import-confirm.html'): """ Confirm the locations import and continue with the process. This can only be accessed via a hidden post form from the preview page. That will hold the original mappings selected by the user. """ locport = get_object_or_404(LocationImport, pk=id) if request.method == "POST": form = ImportMapForm(request.POST, locport=locport) if form.is_valid(): cleaned_data = form.cleaned_data file_path = str(locport.get_file().file.name) if not settings.CELERY_IS_ACTIVE: # if celery server is not present # evaluate the result and render the results page result = ImportLocationsTask() locations, stats = result.run(request.user, file_path, cleaned_data) return render_to_resp(request=request, template_name=template_name, context={ 'locations': locations, 'stats': stats, 'now': datetime.now(), }) else: result = ImportLocationsTask.delay(request.user, file_path, cleaned_data) return redirect('locations_import_status', result.task_id) else: return redirect('locations_import_preview', locport.id)
def user_upload_process(request, sid, template_name="imports/users_process.html"): if not request.user.profile.is_superuser: raise Http403 # admin only page sid = str(sid) import_dict = get_user_import_settings(request, sid) if not import_dict: return HttpResponseRedirect(reverse('import.user_upload_add')) import_dict['folder_name'] = IMPORT_FOLDER_NAME import_dict['id'] = sid if not default_storage.exists(os.path.join(import_dict['folder_name'], import_dict['file_name'])): return HttpResponseRedirect(reverse('import.user_upload_add')) #reset group - delete all members in the group if import_dict['clear_group_membership'] and import_dict['group']: GroupMembership.objects.filter(group=import_dict['group']).delete() d = request.session[sid] d.update({ 'is_completed': False, 'count_insert': 0, 'count_update': 0, 'total_done': 0 }) request.session[sid] = d d = None return render_to_resp(request=request, template_name=template_name, context=import_dict)
def edit_meta(request, id, form_class=MetaForm, template_name="committees/edit-meta.html"): """ Return committee that allows you to edit meta-html information. """ # check permission committee = get_object_or_404(Committee, pk=id) if not has_perm(request.user, 'committees.change_committee', committee): raise Http403 EventLog.objects.log(instance=committee) defaults = { 'title': committee.get_title(), 'description': committee.get_description(), 'keywords': committee.get_keywords(), 'canonical_url': committee.get_canonical_url(), } committee.meta = MetaTags(**defaults) if request.method == "POST": form = form_class(request.POST, instance=committee.meta) if form.is_valid(): committee.meta = form.save() # save meta committee.save() # save relationship messages.add_message(request, messages.SUCCESS, 'Successfully updated meta for %s' % committee) return HttpResponseRedirect(reverse('committees.detail', args=[committee.slug])) else: form = form_class(instance=committee.meta) return render_to_resp(request=request, template_name=template_name, context={'committee': committee, 'form': form})
def add(request, form_class=LocationForm, template_name="locations/add.html"): if has_perm(request.user,'locations.add_location'): if request.method == "POST": form = form_class(request.POST, request.FILES, user=request.user) if form.is_valid(): location = form.save(commit=False) # update all permissions and save the model location = update_perms_and_save(request, form, location) if 'photo_upload' in form.cleaned_data: photo = form.cleaned_data['photo_upload'] if photo: location.save(photo=photo) msg_string = 'Successfully added %s' % location messages.add_message(request, messages.SUCCESS, _(msg_string)) return HttpResponseRedirect(reverse('location', args=[location.slug])) else: form = form_class(user=request.user) return render_to_resp(request=request, template_name=template_name, context={'form':form}) else: raise Http403
def campaign_delete(request, campaign_id, template_name="campaign_monitor/campaigns/delete.html"): campaign = get_object_or_404(Campaign, campaign_id=campaign_id) if not has_perm(request.user,'campaign_monitor.delete_campaign'): raise Http403 if request.method == "POST": try: CSC(auth=auth, campaign_id=campaign.campaign_id).delete() except BadRequest as e: msg_string = 'Bad Request %s: %s' % (e.data.Code, e.data.Message) messages.add_message(request, messages.ERROR, _(msg_string)) return redirect(campaign) except Exception as e: msg_string = 'Error: %s' % e messages.add_message(request, messages.ERROR, _(msg_string)) return redirect(campaign) campaign.delete() messages.add_message(request, messages.SUCCESS, _('Successfully deleted campaign.')) return redirect("campaign_monitor.campaign_index") return render_to_resp(request=request, template_name=template_name, context={'campaign': campaign})
def view(request, id, template_name="emails/view.html"): email = get_object_or_404(Email, pk=id) if not email.allow_view_by(request.user): raise Http403 return render_to_resp(request=request, template_name=template_name, context={'email':email})
def _export_page(request): ctx = {} ctx.update(get_app_permissions(request)) form = None if request.method == 'POST': form = DatabaseDumpForm(request.POST) if form.is_valid(): print("Form submitted is valid!") if can_create_dump(): new_obj = DatabaseDumpFile() new_obj.author = request.user new_obj.export_format = form.cleaned_data['format'] new_obj.save() subprocess.Popen([python_executable(), "manage.py", "create_database_dump", str(request.user.pk), form.cleaned_data['format'], str(new_obj.pk) ]) messages.add_message(request, messages.INFO, "Success! The system is now generating your export file. Please reload in a few seconds to update the list.") else: messages.add_message(request, messages.ERROR, "Cannot create file. You have already reached the limit of existing dump files. Please delete old unused exports and try again.") else: form = DatabaseDumpForm() # get all active DB Dump Files # if current existing DB Dump Files are less than the limit, enable form submission db_objs = DatabaseDumpFile.objects.filter(~Q(status='expired')) ctx['objects'] = db_objs if can_create_dump(): ctx['enable_form'] = True ctx['form'] = form return render_to_resp(request=request, template_name="explorer/export_page.html", context=ctx)
def detail(request, slug=None, hash=None, template_name="articles/view.html"): if not slug and not hash: return HttpResponseRedirect(reverse('articles')) if hash: version = get_object_or_404(Version, hash=hash) current_article = get_object_or_404(Article, pk=version.object_id) article = version.get_version_object() msg_string = 'You are viewing a previous version of this article. View the <a href="%s%s">Current Version</a>.' % (get_setting('site', 'global', 'siteurl'), current_article.get_absolute_url()) messages.add_message(request, messages.WARNING, _(msg_string)) else: article = get_object_or_404(Article, slug=slug) # non-admin can not view the non-active content # status=0 has been taken care of in the has_perm function if (article.status_detail).lower() != 'active' and (not request.user.profile.is_superuser): raise Http403 if not article.release_dt_local and article.release_dt: article.assign_release_dt_local() if not article.release_dt_local or article.release_dt_local >= datetime.now(): if not any([ has_perm(request.user, 'articles.view_article'), request.user == article.owner, request.user == article.creator ]): raise Http403 if has_view_perm(request.user, 'articles.view_article', article): EventLog.objects.log(instance=article) return render_to_resp(request=request, template_name=template_name, context={'article': article}) else: raise Http403
def technology(request, id, template_name="case_studies/search.html"): "List of case studies by technology" technology = get_object_or_404(Technology, pk=id) query = '"technology:%s"' % technology case_studies = CaseStudy.objects.search(query, user=request.user) EventLog.objects.log() return render_to_resp(request=request, template_name=template_name, context={'technology':technology, 'case_studies': case_studies}) EventLog.objects.log() return render_to_resp(request=request, template_name=template_name, context={'technology':technology, 'case_studies': case_studies})
def add(request, form_class=ContactForm, template_name="contacts/add.html"): if has_perm(request.user,'contacts.add_contact'): if request.method == "POST": form = form_class(request.POST) if form.is_valid(): contact = form.save(commit=False) # set up the user information contact.creator = request.user contact.creator_username = request.user.username contact.owner = request.user contact.owner_username = request.user.username contact.allow_anonymous_view = False contact.save() ObjectPermission.objects.assign(contact.creator, contact) return HttpResponseRedirect(reverse('contact', args=[contact.pk])) else: form = form_class() print(form_class()) return render_to_resp(request=request, template_name=template_name, context={'form':form}) else: raise Http403
def export(request, template_name="help_files/export.html"): """Export Help Files""" if not request.user.is_superuser: raise Http403 if request.method == 'POST': # initilize initial values fields = [ 'slug', 'topics', 'question', 'answer', 'level', 'is_faq', 'is_featured', 'is_video', 'syndicate', 'view_totals', ] export_id = run_export_task('help_files', 'helpfile', fields) EventLog.objects.log() return redirect('export.status', export_id) return render_to_resp(request=request, template_name=template_name, context={ })
def add(request, form_class=FormForm, template_name="forms/add.html"): if not has_perm(request.user,'forms.add_form'): raise Http403 PricingFormSet = inlineformset_factory(Form, Pricing, form=PricingForm, extra=2, can_delete=False) formset = PricingFormSet() if request.method == "POST": form = form_class(request.POST, user=request.user) if form.is_valid(): form_instance = form.save(commit=False) # save form and associated pricings form_instance = update_perms_and_save(request, form, form_instance) formset = PricingFormSet(request.POST, instance=form_instance) if formset.is_valid(): # update_perms_and_save does not appear to consider ManyToManyFields for method in form.cleaned_data['payment_methods']: form_instance.payment_methods.add(method) formset.save() messages.add_message(request, messages.SUCCESS, _('Successfully added %(f)s' % {'f':form_instance})) return HttpResponseRedirect(reverse('form_field_update', args=[form_instance.pk])) else: form = form_class(user=request.user) return render_to_resp(request=request, template_name=template_name, context={ 'form':form, 'formset': formset, })
def change_language(request): return_to = '' if 'return_to' in request.GET: return_to = request.GET['return_to'] return render_to_resp(request=request, template_name='helpdesk/public_change_language.html', context={'next': return_to})
def export(request, template_name="locations/export.html"): """Export Locations""" if not request.user.is_superuser: raise Http403 if request.method == 'POST': # initilize initial values fields = [ 'guid', 'location_name', 'description', 'contact', 'address', 'address2', 'city', 'state', 'zipcode', 'country', 'phone', 'fax', 'email', 'website', 'latitude', 'longitude', 'hq', 'entity', ] export_id = run_export_task('locations', 'location', fields) EventLog.objects.log() return redirect('export.status', export_id) return render_to_resp(request=request, template_name=template_name, context={ })
def delete(request, id, template_name="directories/delete.html"): directory = get_object_or_404(Directory, pk=id) if has_perm(request.user,'directories.delete_directory'): if request.method == "POST": msg_string = 'Successfully deleted %s' % directory messages.add_message(request, messages.SUCCESS, _(msg_string)) # send notification to administrators recipients = get_notice_recipients('module', 'directories', 'directoryrecipients') if recipients: if notification: extra_context = { 'object': directory, 'request': request, } notification.send_emails(recipients,'directory_deleted', extra_context) directory.delete() return HttpResponseRedirect(reverse('directory.search')) return render_to_resp(request=request, template_name=template_name, context={'directory': directory}) else: raise Http403
def nearest(request, template_name="locations/nearest.html"): locations = [] lat, lng = None, None query = request.GET.get('q') filters = get_query_filters(request.user, 'locations.view_location') if query: lat, lng = get_coordinates(address=query) all_locations = Location.objects.filter(filters).distinct() if not request.user.is_anonymous: all_locations = all_locations.select_related() if all((lat,lng)): for location in all_locations: location.distance = location.get_distance2(lat, lng) if location.distance is not None: locations.append(location) locations.sort(key=lambda x: x.distance) EventLog.objects.log() return render_to_resp(request=request, template_name=template_name, context={ 'locations':locations, 'origin': {'lat':lat,'lng':lng}, })
def edit_meta(request, id, form_class=MetaForm, template_name="directories/edit-meta.html"): directory = get_object_or_404(Directory, pk=id) if not has_perm(request.user, 'directories.change_directory', directory): raise Http403 defaults = { 'title': directory.get_title(), 'description': directory.get_description(), 'keywords': directory.get_keywords(), 'canonical_url': directory.get_canonical_url(), } directory.meta = MetaTags(**defaults) if request.method == "POST": form = form_class(request.POST, instance=directory.meta) if form.is_valid(): directory.meta = form.save() # save meta directory.save() # save relationship msg_string = 'Successfully updated meta for %s' % directory messages.add_message(request, messages.SUCCESS, _(msg_string)) return HttpResponseRedirect(reverse('directory', args=[directory.slug])) else: form = form_class(instance=directory.meta) return render_to_resp(request=request, template_name=template_name, context={'directory': directory, 'form':form})
def search(request, template_name="entities/search.html"): filters = get_query_filters(request.user, 'entities.view_entity') entities = Entity.objects.filter(filters).distinct() EventLog.objects.log() return render_to_resp(request=request, template_name=template_name, context={'entities':entities})
def addon_upload(request, template_name="base/addon_upload.html"): from tendenci.apps.event_logs.models import EventLog form = AddonUploadForm(request.POST or None, request.FILES or None) if request.method == 'POST': if form.is_valid(): identifier = str(int(time.time())) temp_file_path = 'uploads/addons/%s_%s' % ( identifier, form.cleaned_data['addon']) default_storage.save(temp_file_path, form.cleaned_data['addon']) request.session[identifier] = temp_file_path EventLog.objects.log(event_data='%s uploaded by %s' % (form.cleaned_data['addon'], request.user), description='%s' % form.cleaned_data['addon']) return redirect('addon.upload.preview', identifier) return render_to_resp(request=request, template_name=template_name, context={'form': form})
def index(request, cat_slug=None, template_name="videos/list.html"): """ This page lists out all videos. The order can be customized. Filtering by category only works if a search index is available. """ category = get_object_or_404(Category, slug=cat_slug) filters = get_query_filters(request.user, 'videos.view_video') videos = Video.objects.filter(filters).distinct() if request.user.is_authenticated: videos = videos.select_related() if cat_slug: videos = videos.filter(category__slug=cat_slug) videos = videos.order_by('-position', '-create_dt') categories = Category.objects.all() video_types = VideoType.objects.all() EventLog.objects.log() return render_to_resp(request=request, template_name=template_name, context=locals())
def photoset_view_latest(request, template_name="photos/photo-set/latest.html"): """ View latest photo set """ query = request.GET.get('q', None) filters = get_query_filters(request.user, 'photos.view_photoset') photo_sets = PhotoSet.objects.filter(filters).distinct() if not request.user.is_anonymous: photo_sets = photo_sets.select_related() if query: photo_sets = photo_sets.filter( Q(name__icontains=query) | Q(description__icontains=query) | Q(tags__icontains=query)) photo_sets = photo_sets.order_by('position', '-create_dt') EventLog.objects.log() return render_to_resp(request=request, template_name=template_name, context={"photo_sets": photo_sets})
def directory_export_status(request, identifier, template_name="directories/export_status.html"): """Display export status""" if not request.user.profile.is_superuser: raise Http403 export_path = 'export/directories/%s.csv' % identifier download_ready = False if default_storage.exists(export_path): download_ready = True else: temp_export_path = 'export/directories/%s_temp.csv' % identifier if not default_storage.exists(temp_export_path) and \ not default_storage.exists(export_path): raise Http404 context = {'identifier': identifier, 'download_ready': download_ready} return render_to_resp(request=request, template_name=template_name, context=context)
def photoset_delete(request, id, template_name="photos/photo-set/delete.html"): photo_set = get_object_or_404(PhotoSet, id=id) # if no permission; permission exception if not has_perm(request.user, 'photos.delete_photoset', photo_set): raise Http403 if request.method == "POST": photo_set.delete() # soft delete all images in photo set Image.objects.filter(photoset=photo_set).delete() messages.add_message(request, messages.SUCCESS, _('Photo Set %(set)s deleted' % {'set':photo_set})) # redirect to the photo set search return redirect('photoset_latest') return render_to_resp(request=request, template_name=template_name, context={ 'photo_set': photo_set, })
def print_view(request, id, template_name="case_studies/print-view.html"): case_study = get_object_or_404(CaseStudy, id=id) services = Service.objects.all() technologies = Technology.objects.all() if (case_study.status_detail).lower() != 'active' and ( not request.user.profile.is_superuser): raise Http403 if not has_perm(request.user, 'case_studies.view_casestudy', case_study): raise Http403 EventLog.objects.log(instance=case_study) return render_to_resp(request=request, template_name=template_name, context={ 'case_study': case_study, 'services': services, 'technologies': technologies })
def print_view(request, slug, template_name="pages/print-view.html"): try: page = get_object_or_404(Page, slug=slug) except Page.MultipleObjectsReturned: pages = Page.objects.filter( slug=slug, status_detail='active' ).order_by('-pk') if not pages: pages = Page.objects.filter(slug=slug).order_by('-pk') if not pages: raise Http404 page = pages[0] if not has_perm(request.user, 'pages.view_page', page): raise Http403 EventLog.objects.log(instance=page) return render_to_resp(request=request, template_name=template_name, context={'page': page})
def update_fields(request, id, template_name="forms/update_fields.html"): form_instance = get_object_or_404(Form, id=id) if not has_perm(request.user,'forms.add_form',form_instance): raise Http403 form_class=inlineformset_factory(Form, Field, form=FormForField, formset=BaseFieldFormSet, extra=3) form_class._orderings = 'position' if request.method == "POST": form = form_class(request.POST, instance=form_instance, queryset=form_instance.fields.all().order_by('position')) if form.is_valid(): form.save() EventLog.objects.log() messages.add_message(request, messages.SUCCESS, _('Successfully updated %(f)s' % {'f':form_instance})) return redirect('form_detail', form_instance.slug) else: form = form_class(instance=form_instance, queryset=form_instance.fields.all().order_by('position')) return render_to_resp(request=request, template_name=template_name, context={'form':form, 'form_instance':form_instance})
def groupmembership_delete(request, group_slug, user_id, template_name="user_groups/member_delete.html"): group = get_object_or_404(Group, slug=group_slug) user = get_object_or_404(User, pk=user_id) group_membership = get_object_or_404(GroupMembership, group=group, member=user) if not has_perm(request.user,'user_groups.delete_groupmembership',group_membership): raise Http403 if request.method == 'POST': EventLog.objects.log(instance=group_membership) group_membership.delete() messages.add_message( request, messages.SUCCESS, _('Successfully removed %(name)s from group %(grp)s' % { 'name':user.get_full_name(), 'grp': group}) ) return HttpResponseRedirect(group.get_absolute_url()) return render_to_resp(request=request, template_name=template_name, context=locals())
def edit_meta(request, id, form_class=MetaForm, template_name="pages/edit-meta.html"): """ Return page that allows you to edit meta-html information. """ # check permission page = get_object_or_404(Page, pk=id) if not has_perm(request.user, 'pages.change_page', page): raise Http403 defaults = { 'title': page.get_title(), 'description': page.get_description(), 'keywords': page.get_keywords(), 'canonical_url': page.get_canonical_url(), } page.meta = MetaTags(**defaults) if request.method == "POST": form = form_class(request.POST, instance=page.meta) if form.is_valid(): page.meta = form.save() # save meta page.save() # save relationship messages.add_message( request, messages.SUCCESS, _('Successfully updated meta for %(p)s' % {'p': str(page)})) return HttpResponseRedirect(reverse('page', args=[page.slug])) else: form = form_class(instance=page.meta) return render_to_resp(request=request, template_name=template_name, context={ 'page': page, 'form': form })
def edit(request, id, form_class=JobForm, template_name="jobs/edit.html", object_type=Job, success_redirect='job', job_change_perm='jobs.change_job'): job = get_object_or_404(object_type, pk=id) if not has_perm(request.user, job_change_perm, job): raise Http403 form = form_class(request.POST or None, instance=job, user=request.user) # delete admin only fields for non-admin on edit - GJQ 8/25/2010 if not request.user.profile.is_superuser: del form.fields['pricing'] del form.fields['list_type'] if 'activation_dt' in form.fields: del form.fields['activation_dt'] if 'post_dt' in form.fields: del form.fields['post_dt'] if 'expiration_dt' in form.fields: del form.fields['expiration_dt'] if 'entity' in form.fields: del form.fields['entity'] del form.fields['payment_method'] if request.method == "POST": if form.is_valid(): job = form.save(commit=False) job = update_perms_and_save(request, form, job) msg_string = u'Successfully updated {}'.format(str(job)) messages.add_message(request, messages.SUCCESS, _(msg_string)) return HttpResponseRedirect( reverse(success_redirect, args=[job.slug])) return render_to_resp(request=request, template_name=template_name, context={ 'job': job, 'form': form, })
def update_payment_info( request, recurring_payment_id, template_name="recurring_payments/authnet/cim_update_payment_info2.html" ): """ Add or edit payment info. """ rp = get_object_or_404(RecurringPayment, pk=recurring_payment_id) # only admin or user self can access this page if not request.user.profile.is_superuser and request.user.id != rp.user.id: raise Http403 rp.populate_payment_profile() payment_profiles = PaymentProfile.objects.filter( customer_profile_id=rp.customer_profile_id, status=True, status_detail='active') if payment_profiles: payment_profile = payment_profiles[0] else: payment_profile = None token, gateway_error = get_token(rp, CIMCustomerProfile, CIMHostedProfilePage, is_secure=request.is_secure()) test_mode = get_test_mode() return render_to_resp(request=request, template_name=template_name, context={ 'rp': rp, 'payment_profile': payment_profile, 'token': token, 'test_mode': test_mode, 'gateway_error': gateway_error })
def edit(request, id, form_class=StoryForm, template_name="stories/edit.html"): story = get_object_or_404(Story, pk=id) if has_perm(request.user, 'stories.change_story', story): if request.method == "POST": form = form_class(request.POST, request.FILES, instance=story, user=request.user) if form.is_valid(): story = form.save(commit=False) # save photo photo = form.cleaned_data['photo_upload'] if photo: story.save(photo=photo) story = update_perms_and_save(request, form, story) messages.add_message( request, messages.SUCCESS, _('Successfully updated %(str)s' % {'str': str(story)})) redirect_to = request.POST.get('next', '') if redirect_to: return HttpResponseRedirect(redirect_to) else: return redirect('story', id=story.pk) else: form = form_class(instance=story, user=request.user) else: raise Http403 return render_to_resp(request=request, template_name=template_name, context={ 'story': story, 'form': form })
def edit(request, id, set_id=0, form_class=PhotoEditForm, template_name="photos/edit.html"): """ edit photo view """ # get photo photo = get_object_or_404(Image, id=id) set_id = int(set_id) # permissions if not has_perm(request.user,'photos.change_image',photo): raise Http403 # get available photo sets photo_sets = PhotoSet.objects.all() if request.method == "POST": if request.POST["action"] == "update": form = form_class(request.POST, instance=photo, user=request.user) if form.is_valid(): photo = form.save(commit=False) # update all permissions and save the model photo = update_perms_and_save(request, form, photo) messages.add_message(request, messages.SUCCESS, _("Successfully updated photo '%(title)s'" % {'title': str(photo)}) ) if set_id: return HttpResponseRedirect(reverse("photo", kwargs={"id": photo.id, "set_id": set_id})) else: return HttpResponseRedirect(reverse("photo", kwargs={"id": photo.id})) else: form = form_class(instance=photo, user=request.user) else: form = form_class(instance=photo, user=request.user) return render_to_resp(request=request, template_name=template_name, context={ "photo_form": form, "photo": photo, "photo_sets": photo_sets, "id": photo.id, "set_id": set_id, })
def generate(request): """ Newsletter generator form """ if not has_perm(request.user, 'newsletters.add_newsletter'): raise Http403 if request.method == 'POST': form = GenerateForm(request.POST) if form.is_valid(): template = form.cleaned_data['template'] html_url = [ reverse('newsletter.template_render', args=[template.template_id]), u'?jump_links=%s' % form.cleaned_data.get('jump_links'), '&events=%s' % form.cleaned_data.get('events'), '&events_type=%s' % form.cleaned_data.get('events_type'), '&event_start_dt=%s' % form.cleaned_data.get('event_start_dt', u''), '&event_end_dt=%s' % form.cleaned_data.get('event_end_dt', u''), '&articles=%s' % form.cleaned_data.get('articles', u''), '&articles_days=%s' % form.cleaned_data.get('articles_days', u''), '&news=%s' % form.cleaned_data.get('news', u''), '&news_days=%s' % form.cleaned_data.get('news_days', u''), '&jobs=%s' % form.cleaned_data.get('jobs', u''), '&jobs_days=%s' % form.cleaned_data.get('jobs_days', u''), '&pages=%s' % form.cleaned_data.get('pages', u''), '&pages_days=%s' % form.cleaned_data.get('pages_days', u''), ] return redirect(''.join(html_url)) form = GenerateForm() return render_to_resp(request=request, template_name='newsletters/generate.html', context={'form': form})
def edit(request, id, form_class=DirectoryForm, template_name="directories/edit.html"): directory = get_object_or_404(Directory, pk=id) if not (has_perm(request.user,'directories.change_directory', directory) \ or directory.has_membership_with(request.user)): raise Http403 if request.user.is_superuser: if not directory.activation_dt: # auto-populate activation_dt directory.activation_dt = datetime.now() form = form_class(request.POST or None, request.FILES or None, instance=directory, user=request.user) del form.fields['payment_method'] if not request.user.profile.is_superuser: del form.fields['pricing'] del form.fields['list_type'] if request.method == "POST": if form.is_valid(): directory = form.save(commit=False) if directory.logo: try: directory.logo.file.seek(0) except IOError: directory.logo = None # update all permissions and save the model directory = update_perms_and_save(request, form, directory) form.save_m2m() msg_string = 'Successfully updated %s' % directory messages.add_message(request, messages.SUCCESS, _(msg_string)) return HttpResponseRedirect(reverse('directory', args=[directory.slug])) return render_to_resp(request=request, template_name=template_name, context={'directory': directory, 'form':form})
def edit(request, id=None, form_class=HelpFileForm, template_name="help_files/edit.html"): help_file = get_object_or_404(HelpFile, pk=id) if has_perm(request.user, 'help_files.change_helpfile', help_file): if request.method == "POST": form = form_class(request.POST, instance=help_file, user=request.user) if form.is_valid(): help_file = form.save(commit=False) # add all permissions and save the model help_file = update_perms_and_save(request, form, help_file) form.save_m2m() msg_string = 'Successfully edited %s' % help_file messages.add_message(request, messages.SUCCESS, _(msg_string)) # # send notification to administrator(s) and module recipient(s) # recipients = get_notice_recipients('module', 'help_files', 'helpfilerecipients') # # if recipients and notification: # notification.send_emails(recipients,'help_file_added', { # 'object': help_file, # 'request': request, # }) return HttpResponseRedirect( reverse('help_file.details', args=[help_file.slug])) else: form = form_class(instance=help_file, user=request.user) return render_to_resp(request=request, template_name=template_name, context={ 'help_file': help_file, 'form': form }) else: raise Http403
def export(request, template_name="articles/export.html"): """Export Profiles""" if not request.user.profile.is_staff: raise Http403 if request.method == "POST" and "download" in request.POST: identifier = int(time.time()) temp_file_path = 'export/articles/%s_temp.csv' % identifier default_storage.save(temp_file_path, ContentFile('')) # start the process subprocess.Popen([ python_executable(), "manage.py", "articles_export_process", '--identifier=%s' % identifier, '--user=%s' % request.user.id ]) # log an event EventLog.objects.log() return HttpResponseRedirect( reverse('article.export_status', args=[identifier])) return render_to_resp(request=request, template_name=template_name)
def articles_report(request, template_name='reports/articles.html'): article_type = ContentType.objects.get(app_label="articles", model="article") stats = EventLog.objects.filter(content_type=article_type, action='detail') \ .values('content_type', 'object_id', 'headline')\ .annotate(count=Count('pk'))\ .order_by('-count') # get sort order sort = request.GET.get('sort', 'viewed') if sort == 'viewed': stats = stats.order_by('-count') elif sort == 'name': stats = stats.order_by('headline') elif sort == 'created': stats = stats.order_by('create_dt') for item in stats: try: article = Article.objects.get(pk=item['object_id']) item['article'] = article if article.age().days > 0: item['per_day'] = item['count'] * 1.0 / article.age().days else: item['per_day'] = item['count'] * 1.0 except Article.DoesNotExist: pass EventLog.objects.log() # special sort option if sort == 'day': stats = sorted(stats, key=lambda item: item['per_day'], reverse=True) return render_to_resp(request=request, template_name=template_name, context={'stats': stats})
def detail(request, slug=None, hash=None, template_name="articles/view.html"): if not slug and not hash: return HttpResponseRedirect(reverse('articles')) if hash: version = get_object_or_404(Version, hash=hash) current_article = get_object_or_404(Article, pk=version.object_id) article = version.get_version_object() msg_string = 'You are viewing a previous version of this article. View the <a href="%s%s">Current Version</a>.' % ( get_setting('site', 'global', 'siteurl'), current_article.get_absolute_url()) messages.add_message(request, messages.WARNING, _(msg_string)) else: article = get_object_or_404(Article, slug=slug) # non-admin can not view the non-active content # status=0 has been taken care of in the has_perm function if (article.status_detail).lower() != 'active' and ( not request.user.profile.is_superuser): raise Http403 if not article.release_dt_local and article.release_dt: article.assign_release_dt_local() if not article.release_dt_local or article.release_dt_local >= datetime.now( ): if not any([ has_perm(request.user, 'articles.view_article'), request.user == article.owner, request.user == article.creator ]): raise Http403 if has_view_perm(request.user, 'articles.view_article', article): EventLog.objects.log(instance=article) return render_to_resp(request=request, template_name=template_name, context={'article': article}) else: raise Http403
def relief_map(request, template_name="social_services/map.html"): responders = SkillSet.objects.filter(loc__isnull=False) center = 0 if request.user.is_authenticated: try: skillset = request.user.skillset if skillset.is_first_responder: center = [skillset.loc.x, skillset.loc.y] responders = responders.exclude(user=request.user) except: pass b_points = [[r.loc.x, r.loc.y] for r in responders if r.is_first_responder] disaster_areas = ReliefAssessment.objects.filter(loc__isnull=False) r_points = [[r.loc.x, r.loc.y] for r in disaster_areas] context = {'b_points': b_points, 'r_points': r_points, 'center': center} return render_to_resp(request=request, template_name=template_name, context=context)
def add(request, form_class=FormForm, template_name="forms/add.html"): if not has_perm(request.user, 'forms.add_form'): raise Http403 PricingFormSet = inlineformset_factory(Form, Pricing, form=PricingForm, extra=2, can_delete=False) formset = PricingFormSet() if request.method == "POST": form = form_class(request.POST, user=request.user) if form.is_valid(): form_instance = form.save(commit=False) # save form and associated pricings form_instance = update_perms_and_save(request, form, form_instance) formset = PricingFormSet(request.POST, instance=form_instance) if formset.is_valid(): # update_perms_and_save does not appear to consider ManyToManyFields for method in form.cleaned_data['payment_methods']: form_instance.payment_methods.add(method) formset.save() messages.add_message( request, messages.SUCCESS, _('Successfully added %(f)s' % {'f': form_instance})) return HttpResponseRedirect( reverse('form_field_update', args=[form_instance.pk])) else: form = form_class(user=request.user) return render_to_resp(request=request, template_name=template_name, context={ 'form': form, 'formset': formset, })
def pricing_delete(request, id, template_name="directories/pricing-delete.html"): directory_pricing = get_object_or_404(DirectoryPricing, pk=id) if not has_perm(request.user, 'directories.delete_directorypricing'): raise Http403 if request.method == "POST": messages.add_message(request, messages.SUCCESS, 'Successfully deleted %s' % directory_pricing) #directory_pricing.delete() # soft delete directory_pricing.status = False directory_pricing.save() return HttpResponseRedirect(reverse('directory_pricing.search')) return render_to_resp(request=request, template_name=template_name, context={'directory_pricing': directory_pricing})
def users_added_report(request, kind): if kind == 'added': event_ids = (121000, 121100, 123001, 123103) title = _('Site Users Added Report') elif kind == 'referral': event_ids = (125114, 125115) title = _('Contacts Report - Referral Analysis Report (all contacts)') else: raise NotImplementedError('kind "%s" not supported' % kind) from_date, to_date = request_month_range(request) queryset = EventLog.objects.all() queryset = queryset.filter(create_dt__gte=from_date) queryset = queryset.filter(create_dt__lte=to_date) chart_data = _events_chart(from_date, to_date, event_ids) data = queryset.filter(event_id=221000)\ .filter()\ .values('headline')\ .annotate(count=Count('pk'))\ .order_by('-count') return render_to_resp(request=request, template_name='reports/users_added.html', context={ 'data': data, 'chart_data': chart_data, 'report_title': title, 'entities': Entity.objects.all().order_by('entity_name'), 'site': Site.objects.get_current(), 'date_range': (from_date, to_date) })
def edit(request, id, form_class=FormForm, template_name="forms/edit.html"): form_instance = get_object_or_404(Form, pk=id) if not has_perm(request.user,'forms.change_form',form_instance): raise Http403 PricingFormSet = inlineformset_factory(Form, Pricing, form=PricingForm, extra=2) RecurringPaymentFormSet = inlineformset_factory(Form, RecurringPayment, form=RecurringPaymentForm, extra=2) if request.method == "POST": form = form_class(request.POST, instance=form_instance, user=request.user) if form_instance.recurring_payment: formset = RecurringPaymentFormSet(request.POST, instance=form_instance) else: formset = PricingFormSet(request.POST, instance=form_instance) if form.is_valid() and formset.is_valid(): form_instance = form.save(commit=False) form_instance = update_perms_and_save(request, form, form_instance) form.save_m2m() # save payment methods formset.save() # save price options # remove all pricings if no custom_payment form if not form.cleaned_data['custom_payment']: form_instance.pricing_set.all().delete() messages.add_message(request, messages.SUCCESS, _('Successfully edited %(f)s' % {'f': form_instance})) return HttpResponseRedirect(reverse('form_field_update', args=[form_instance.pk])) else: form = form_class(instance=form_instance, user=request.user) if form_instance.recurring_payment: formset = RecurringPaymentFormSet(instance=form_instance) else: formset = PricingFormSet(instance=form_instance) return render_to_resp(request=request, template_name=template_name,context={ 'form':form, 'formset':formset, 'form_instance':form_instance, })
def group_edit_perms(request, id, form_class=GroupPermissionForm, template_name="user_groups/edit_perms.html"): group_edit = get_object_or_404(Group, pk=id) if request.method == "POST": form = form_class(request.POST, request.user, instance=group_edit) else: form = form_class(instance=group_edit) if form.is_valid(): group_edit.permissions = form.cleaned_data['permissions'] group_edit.save() return HttpResponseRedirect(group_edit.get_absolute_url()) return render_to_resp(request=request, template_name=template_name, context={ 'group': group_edit, 'form': form })
def import_process( request, import_id, template_name="user_groups/imports/user_groups_process.html"): """Import Step 3: Import into database""" if not request.user.profile.is_superuser: raise Http403 # admin only page import_i = get_object_or_404(Import, id=import_id) subprocess.Popen( [python_executable(), 'manage.py', 'import_groups', str(import_id)]) return render_to_resp(request=request, template_name=template_name, context={ 'total': import_i.total_created + import_i.total_invalid, "import_i": import_i, })
def export(request, template_name="redirects/export.html"): """Export redirects""" if not request.user.is_superuser: raise Http403 if request.method == 'POST': # initilize initial values fields = [ 'from_url', 'to_url', 'http_status', 'status', 'uses_regex', 'create_dt', 'update_dt', ] export_id = run_export_task('redirects', 'redirect', fields) return redirect('export.status', export_id) return render_to_resp(request=request, template_name=template_name, context={ })
def requests_list(request, directory_id, template_name="directories/affiliates/requests_list.html"): if not get_setting('module', 'directories', 'affiliates_enabled'): raise Http404 directory = get_object_or_404(Directory, pk=directory_id) # Check user permission if not any([request.user.is_superuser, directory.is_owner(request.user)]): raise Http403 affiliate_requests = AffiliateRequest.objects.filter( to_directory=directory) return render_to_resp(request=request, template_name=template_name, context={ 'directory': directory, 'affiliate_requests': affiliate_requests, 'count': affiliate_requests.count() })
def export(request, template_name="discounts/export.html"): """Export Discounts""" if not request.user.is_superuser: raise Http403 if request.method == 'POST': # initilize initial values fields = [ 'discount_code', 'start_dt', 'end_dt', 'never_expires', 'value', 'cap', ] export_id = run_export_task('discounts', 'discount', fields) EventLog.objects.log() return redirect('export.status', export_id) return render_to_resp(request=request, template_name=template_name, context={})