def groupmembership_add_edit(request, group_slug, user_id=None, form_class=GroupMembershipForm, template_name="user_groups/member_add_edit.html"): add, edit = None, None group = get_object_or_404(Group, slug=group_slug) if user_id: user = get_object_or_404(User, pk=user_id) group_membership = get_object_or_404(GroupMembership, member=user, group=group) if not has_perm(request.user,'user_groups.change_groupmembership',group_membership): raise Http403 edit = True else: group_membership = None if not has_perm(request.user,'user_groups.add_groupmembership'): raise Http403 add = True if request.method == 'POST': form = form_class(None, user_id, request.POST, instance=group_membership) if form.is_valid(): group_membership = form.save(commit=False) group_membership.group = group if not group_membership.id: group_membership.creator_id = request.user.id group_membership.creator_username = request.user.username group_membership.owner_id = request.user.id group_membership.owner_username = request.user.username group_membership.save() if add: log_defaults = { 'event_id' : 221000, 'event_data': '%s (%d) added by %s' % (group_membership._meta.object_name, group_membership.pk, request.user), 'description': '%s added' % group_membership._meta.object_name, 'user': request.user, 'request': request, 'instance': group_membership, } EventLog.objects.log(**log_defaults) if edit: log_defaults = { 'event_id' : 222000, 'event_data': '%s (%d) edited by %s' % (group_membership._meta.object_name, group_membership.pk, request.user), 'description': '%s edited' % group_membership._meta.object_name, 'user': request.user, 'request': request, 'instance': group_membership, } EventLog.objects.log(**log_defaults) return HttpResponseRedirect(group.get_absolute_url()) else: form = form_class(group, user_id, instance=group_membership) return render_to_response(template_name, locals(), context_instance=RequestContext(request))
def group_add_edit(request, group_slug=None, form_class=GroupForm, template_name="user_groups/add_edit.html"): add, edit = False, False if group_slug: group = get_object_or_404(Group, slug=group_slug) if not has_perm(request.user,'user_groups.change_group',group): raise Http403 title = "Edit Group" edit = True else: group = None if not has_perm(request.user,'user_groups.add_group'):raise Http403 title = "Add Group" add = True if request.method == 'POST': if edit: form = form_class(request.POST, instance=group, user=request.user) else: form = form_class(request.POST, user=request.user) if form.is_valid(): group = form.save(commit=False) if not group.id: group.creator = request.user group.creator_username = request.user.username # set up user permission group.allow_user_view, group.allow_user_edit = form.cleaned_data['user_perms'] group.owner = request.user group.owner_username = request.user.username group = form.save() if add: # send notification to administrators recipients = get_notice_recipients('module', 'groups', 'grouprecipients') if recipients: if notification: extra_context = { 'object': group, 'request': request, } notification.send_emails(recipients,'group_added', extra_context) EventLog.objects.log(instance=group) return HttpResponseRedirect(group.get_absolute_url()) else: if edit: form = form_class(instance=group, user=request.user) else: form = form_class(user=request.user) return render_to_response(template_name, {'form':form, 'titie':title, 'group':group}, context_instance=RequestContext(request))
def pending(request, template_name="directories/pending.html"): can_view_directories = has_perm(request.user, "directories.view_directory") can_change_directories = has_perm(request.user, "directories.change_directory") if not all([can_view_directories, can_change_directories]): raise Http403 directories = Directory.objects.filter(status_detail__contains="pending") EventLog.objects.log() return render_to_response(template_name, {"directories": directories}, context_instance=RequestContext(request))
def pending(request, template_name="jobs/pending.html"): can_view_jobs = has_perm(request.user, 'jobs.view_job') can_change_jobs = has_perm(request.user, 'jobs.change_job') if not all([can_view_jobs, can_change_jobs]): raise Http403 EventLog.objects.log() jobs = Job.objects.filter(status_detail__contains='pending') return render_to_response(template_name, {'jobs': jobs}, context_instance=RequestContext(request))
def user_role_edit(request, username, membership_id, form_class=GroupMembershipEditForm, template_name="profiles/edit_role.html"): user = get_object_or_404(User, username=username) membership = get_object_or_404(GroupMembership, id=membership_id) try: profile = Profile.objects.get(user=user) except Profile.DoesNotExist: profile = Profile.objects.create_profile(user=user) if not profile.allow_edit_by(request.user): raise Http403 if not has_perm(request.user,'user_groups.view_group', membership.group): raise Http403 if request.method == 'POST': form = form_class(request.POST, instance=membership) if form.is_valid(): form.save() messages.add_message(request, messages.SUCCESS, 'Successfully edited membership for %s' % membership.group) return HttpResponseRedirect("%s%s" % (reverse('profile', args=[user.username]),'#userview-groups')) else: form = form_class(instance=membership) return render_to_response(template_name, { 'form': form, 'membership': membership, }, context_instance=RequestContext(request))
def add(request, form_class=FormForm, template_name="forms/add.html"): if not has_perm(request.user,'forms.add_form'): raise Http403 PricingFormSet = inlineformset_factory(Form, Pricing, form=PricingForm, extra=2, can_delete=False) formset = PricingFormSet() if request.method == "POST": form = form_class(request.POST, user=request.user) if form.is_valid(): form_instance = form.save(commit=False) # save form and associated pricings form_instance = update_perms_and_save(request, form, form_instance) formset = PricingFormSet(request.POST, instance=form_instance) if formset.is_valid(): # update_perms_and_save does not appear to consider ManyToManyFields for method in form.cleaned_data['payment_methods']: form_instance.payment_methods.add(method) formset.save() messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % form_instance) return HttpResponseRedirect(reverse('form_field_update', args=[form_instance.pk])) else: form = form_class(user=request.user) return render_to_response(template_name, { 'form':form, 'formset':formset, }, context_instance=RequestContext(request))
def template_index(request, template_name="campaign_monitor/templates/index.html"): if not has_perm(request.user, "campaign_monitor.view_template"): raise Http403 templates = Template.objects.all().order_by("name") return render_to_response(template_name, {"templates": templates}, context_instance=RequestContext(request))
def edit_meta(request, id, form_class=MetaForm, template_name="articles/edit-meta.html"): # check permission article = get_object_or_404(Article, pk=id) if not has_perm(request.user, 'articles.change_article', article): raise Http403 defaults = { 'title': article.get_title(), 'description': article.get_description(), 'keywords': article.get_keywords(), 'canonical_url': article.get_canonical_url(), } article.meta = MetaTags(**defaults) if request.method == "POST": form = form_class(request.POST, instance=article.meta) if form.is_valid(): article.meta = form.save() # save meta article.save() # save relationship messages.add_message(request, messages.SUCCESS, 'Successfully updated meta for %s' % article) return HttpResponseRedirect(reverse('article', args=[article.slug])) else: form = form_class(instance=article.meta) return render_to_response(template_name, {'article': article, 'form': form}, context_instance=RequestContext(request))
def pricing_add(request, form_class=JobPricingForm, template_name="jobs/pricing-add.html"): if has_perm(request.user, 'jobs.add_jobpricing'): if request.method == "POST": form = form_class(request.POST) if form.is_valid(): job_pricing = form.save(commit=False) job_pricing.status = 1 job_pricing.save(request.user) EventLog.objects.log(instance=job_pricing) if "_popup" in request.REQUEST: return HttpResponse('<script type="text/javascript">opener.dismissAddAnotherPopup(window, "%s", "%s");</script>' % (escape(job_pricing.pk), escape(job_pricing))) return HttpResponseRedirect( reverse('job_pricing.view', args=[job_pricing.id])) else: form = form_class() if "_popup" in request.REQUEST: template_name="jobs/pricing-add-popup.html" return render_to_response(template_name, {'form': form}, context_instance=RequestContext(request)) else: raise Http403
def add(request, form_class=ArticleForm, template_name="articles/add.html"): if has_perm(request.user, 'articles.add_article'): if request.method == "POST": form = form_class(request.POST, user=request.user) if form.is_valid(): article = form.save(commit=False) # add all permissions and save the model update_perms_and_save(request, form, article) messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % article) # send notification to administrator(s) and module recipient(s) recipients = get_notice_recipients('module', 'articles', 'articlerecipients') if recipients and notification: notification.send_emails(recipients, 'article_added', { 'object': article, 'request': request, }) return HttpResponseRedirect(reverse('article', args=[article.slug])) else: form = form_class(user=request.user) return render_to_response(template_name, {'form': form}, context_instance=RequestContext(request)) else: raise Http403
def delete(request, id, template_name="articles/delete.html"): article = get_object_or_404(Article, pk=id) if has_perm(request.user, 'articles.delete_article'): if request.method == "POST": messages.add_message(request, messages.SUCCESS, 'Successfully deleted %s' % article) # send notification to administrators recipients = get_notice_recipients('module', 'articles', 'articlerecipients') if recipients: if notification: extra_context = { 'object': article, 'request': request, } notification.send_emails(recipients, 'article_deleted', extra_context) article.delete() return HttpResponseRedirect(reverse('article.search')) return render_to_response(template_name, {'article': article}, context_instance=RequestContext(request)) else: raise Http403
def search(request, template_name="articles/search.html"): get = dict(request.GET) query = get.pop('q', []) get.pop('page', None) # pop page query string out; page ruins pagination query_extra = ['%s:%s' % (k, v[0]) for k, v in get.items() if v[0].strip()] query = ' '.join(query) if query_extra: query = '%s %s' % (query, ' '.join(query_extra)) if get_setting('site', 'global', 'searchindex') and query: articles = Article.objects.search(query, user=request.user) else: filters = get_query_filters(request.user, 'articles.view_article') articles = Article.objects.filter(filters).distinct() if not request.user.is_anonymous(): articles = articles.select_related() if not has_perm(request.user, 'articles.view_article'): articles = articles.filter(release_dt__lte=datetime.now()) articles = articles.order_by('-release_dt') EventLog.objects.log() # Query list of category and subcategory for dropdown filters category = request.GET.get('category') try: category = int(category) except: category = 0 categories, sub_categories = Article.objects.get_categories(category=category) return render_to_response(template_name, {'articles': articles, 'categories': categories, 'sub_categories': sub_categories}, context_instance=RequestContext(request))
def add(request, form_class=LocationForm, template_name="locations/add.html"): if has_perm(request.user,'locations.add_location'): if request.method == "POST": form = form_class(request.POST, request.FILES, user=request.user) if form.is_valid(): location = form.save(commit=False) # update all permissions and save the model location = update_perms_and_save(request, form, location) if 'photo_upload' in form.cleaned_data: photo = form.cleaned_data['photo_upload'] if photo: location.save(photo=photo) messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % location) return HttpResponseRedirect(reverse('location', args=[location.pk])) else: form = form_class(user=request.user) return render_to_response(template_name, {'form':form}, context_instance=RequestContext(request)) else: raise Http403
def single_setting(request, scope, scope_category, name, template_name="site_settings/list.html"): if not has_perm(request.user, "site_settings.change_setting"): raise Http403 settings = Setting.objects.filter(scope=scope, scope_category=scope_category, name=name).order_by("label") if not settings: raise Http404 if request.method == "POST": form = build_settings_form(request.user, settings)(request.POST, request.FILES) if form.is_valid(): # this save method is overriden in the forms.py form.save() try: if form.cleaned_data["theme"]: from django.core.management import call_command call_command("hide_settings", "theme") call_command("update_settings", "themes.%s" % form.cleaned_data["theme"].lstrip()) except: pass EventLog.objects.log() messages.add_message( request, messages.SUCCESS, "Successfully saved %s settings" % name.replace("_", " ").title() ) redirect_to = request.REQUEST.get("next", "") if redirect_to: return HttpResponseRedirect(redirect_to) else: form = build_settings_form(request.user, settings)() return render_to_response(template_name, {"form": form}, context_instance=RequestContext(request))
def delete(request, id, template_name="news/delete.html"): news = get_object_or_404(News, pk=id) # check permission if not has_perm(request.user, 'news.delete_news'): raise Http403 if request.method == "POST": messages.add_message(request, messages.SUCCESS, 'Successfully deleted %s' % news) # send notification to administrators recipients = get_notice_recipients('module', 'news', 'newsrecipients') if recipients: if notification: extra_context = { 'object': news, 'request': request, } notification.send_emails(recipients, 'news_deleted', extra_context) news.delete() return HttpResponseRedirect(reverse('news.search')) return render_to_response(template_name, {'news': news}, context_instance=RequestContext(request))
def entries_export(request, id, include_files=False): form_instance = get_object_or_404(Form, pk=id) # check permission if not has_perm(request.user,'forms.change_form',form_instance): raise Http403 EventLog.objects.log(instance=form_instance) entries = form_instance.entries.all() if entries: if not settings.CELERY_IS_ACTIVE: task = FormEntriesExportTask() response = task.run(form_instance, entries, include_files) return response else: task = FormEntriesExportTask.delay(form_instance, entries, include_files) task_id = task.task_id return redirect('form_entries_export_status', task_id) else: # blank csv document response = HttpResponse(mimetype='text/csv') response['Content-Disposition'] = 'attachment; filename=export_entries_%d.csv' % time() writer = csv.writer(response, delimiter=',') return response
def edit(request, id, form_class=NewsForm, template_name="news/edit.html"): news = get_object_or_404(News, pk=id) # check permission if not has_perm(request.user, 'news.change_news', news): raise Http403 form = form_class(instance=news, user=request.user) if request.method == "POST": form = form_class(request.POST, request.FILES, instance=news, user=request.user) if form.is_valid(): news = form.save(commit=False) # update all permissions and save the model news = update_perms_and_save(request, form, news) # save photo photo = form.cleaned_data['photo_upload'] if photo: news.save(photo=photo) assign_files_perms(news, files=[news.thumbnail]) messages.add_message(request, messages.SUCCESS, 'Successfully updated %s' % news) return HttpResponseRedirect(reverse('news.detail', args=[news.slug])) return render_to_response(template_name, {'news': news, 'form': form}, context_instance=RequestContext(request))
def delete(request, id, template_name="profiles/delete.html"): user = get_object_or_404(User, pk=id) try: profile = Profile.objects.get(user=user) except: profile = None if not has_perm(request.user,'profiles.delete_profile',profile): raise Http403 if request.method == "POST": recipients = get_notice_recipients('module', 'users', 'userrecipients') if recipients: if notification: extra_context = { 'profile': profile, 'request': request, } notification.send_emails(recipients,'user_deleted', extra_context) #soft delete #profile.delete() #user.delete() if profile: profile.status_detail = 'inactive' profile.save() user.is_active = False user.save() return HttpResponseRedirect(reverse('profile.search')) return render_to_response(template_name, {'user_this':user, 'profile': profile}, context_instance=RequestContext(request))
def edit_meta(request, id, form_class=MetaForm, template_name="jobs/edit-meta.html"): # check permission job = get_object_or_404(Job, pk=id) if not has_perm(request.user, 'jobs.change_job', job): raise Http403 defaults = { 'title': job.get_title(), 'description': job.get_description(), 'keywords': job.get_keywords(), 'canonical_url': job.get_canonical_url(), } job.meta = MetaTags(**defaults) if request.method == "POST": form = form_class(request.POST, instance=job.meta) if form.is_valid(): job.meta = form.save() # save meta job.save() # save relationship msg_string = 'Successfully updated meta for %s' % job messages.add_message(request, messages.SUCCESS, _(msg_string)) return HttpResponseRedirect(reverse('job', args=[job.slug])) else: form = form_class(instance=job.meta) return render_to_response(template_name, {'job': job, 'form': form}, context_instance=RequestContext(request))
def delete(request, id, template_name="jobs/delete.html"): job = get_object_or_404(Job, pk=id) if has_perm(request.user, 'jobs.delete_job', job): if request.method == "POST": msg_string = 'Successfully deleted %s' % job messages.add_message(request, messages.SUCCESS, _(msg_string)) # send notification to administrators recipients = get_notice_recipients( 'module', 'jobs', 'jobrecipients') if recipients: if notification: extra_context = { 'object': job, 'request': request, } notification.send_emails(recipients, 'job_deleted', extra_context) job.delete() return HttpResponseRedirect(reverse('job.search')) return render_to_response(template_name, {'job': job}, context_instance=RequestContext(request)) else: raise Http403
def photoset_add(request, form_class=PhotoSetAddForm, template_name="photos/photo-set/add.html"): """ Add a photo set """ # if no permission; permission exception if not has_perm(request.user,'photos.add_photoset'): raise Http403 if request.method == "POST": if request.POST["action"] == "add": form = form_class(request.POST, user=request.user) if form.is_valid(): photo_set = form.save(commit=False) photo_set.author = request.user # update all permissions and save the model photo_set = update_perms_and_save(request, form, photo_set) messages.add_message(request, messages.SUCCESS, 'Successfully added photo set!') return HttpResponseRedirect(reverse('photos_batch_add', kwargs={'photoset_id':photo_set.id})) else: form = form_class(user=request.user) return render_to_response(template_name, { "photoset_form": form, }, context_instance=RequestContext(request))
def template_view(request, template_id, template_name="campaign_monitor/templates/view.html"): template = get_object_or_404(Template, template_id=template_id) if not has_perm(request.user, "campaign_monitor.view_template", template): raise Http403 return render_to_response(template_name, {"template": template}, context_instance=RequestContext(request))
def detail(request, slug, template_name="studygroups/detail.html"): study_group = get_object_or_404(StudyGroup, slug=slug) if has_perm(request.user, 'studygroup.view_studygroup', study_group): EventLog.objects.log(instance=study_group) officers = study_group.officers() #has_group_view_permission is True if there is at least one #group where the user is a member that has a view_studygroup permission. has_group_view_permission = False #Check user for group view permissions if request.user.is_authenticated(): groups = request.user.group_set.all() perms = has_groups_perms(study_group).filter(group__in=groups) for perm in perms: #Check if permission has view studygroup permission has_group_view_permission |= perm.codename == 'view_studygroup' if has_group_view_permission: break filters = get_query_filters(request.user, 'files.view_file') files = File.objects.filter(filters).filter(group=study_group.group).distinct() return render_to_response(template_name, { 'study_group': study_group, 'officers': officers, 'files': files, 'has_group_view_permission': has_group_view_permission, }, context_instance=RequestContext(request)) else: raise Http403
def group_members_export(request, group_slug, export_target='all'): """ Export members for a specific group """ group = get_object_or_404(Group, slug=group_slug) # if they can edit it, they can export it if not has_perm(request.user,'user_groups.change_group', group): raise Http403 identifier = '%s_%s' % (int(ttime.time()), request.user.id) file_dir = 'export/groups/' temp_export_path = '%sgroup_%d_%s_%s_temp.csv' % (file_dir, group.id, export_target, identifier) default_storage.save(temp_export_path, ContentFile('')) # start the process subprocess.Popen(["python", "manage.py", "group_members_export", '--group_id=%d' % group.id, '--export_target=%s' % export_target, '--identifier=%s' % identifier, '--user_id=%s' % request.user.id]) # log an event EventLog.objects.log() return redirect(reverse('group.members_export_status', args=[group.slug, export_target, identifier]))
def delete(request, id, template_name="studygroups/delete.html"): study_group = get_object_or_404(StudyGroup, pk=id) if not has_perm(request.user, 'studygroup.delete_studygroup'): raise Http403 if request.method == "POST": EventLog.objects.log(instance=study_group) messages.add_message(request, messages.SUCCESS, 'Successfully deleted %s' % study_group) # send notification to administrators recipients = get_notice_recipients('module', 'studygroups', 'studygrouprecipients') if recipients: if notification: extra_context = { 'object': study_group, 'request': request, } notification.send_emails(recipients, 'studygroup_deleted', extra_context) study_group.delete() return HttpResponseRedirect(reverse('studygroups.search')) return render_to_response(template_name, {'study_group': study_group}, context_instance=RequestContext(request))
def delete(request, id, template_name="pages/delete.html"): page = get_object_or_404(Page, pk=id) if not has_perm(request.user, 'pages.delete_page'): raise Http403 if request.method == "POST": EventLog.objects.log(instance=page) messages.add_message(request, messages.SUCCESS, _('Successfully deleted %(p)s' % { 'p': unicode(page)})) # send notification to administrators recipients = get_notice_recipients('module', 'pages', 'pagerecipients') if recipients: if notification: extra_context = { 'object': page, 'request': request, } notification.send_emails(recipients, 'page_deleted', extra_context) # Soft delete page.status = False page.status_detail = 'inactive' page.save() return HttpResponseRedirect(reverse('page.search')) return render_to_response(template_name, {'page': page}, context_instance=RequestContext(request))
def campaign_index(request, template_name="campaign_monitor/campaigns/index.html"): if not has_perm(request.user, "campaign_monitor.view_campaign"): raise Http403 campaigns = Campaign.objects.all().order_by("name") return render_to_response(template_name, {"campaigns": campaigns}, context_instance=RequestContext(request))
def edit_meta(request, id, form_class=MetaForm, template_name="pages/edit-meta.html"): """ Return page that allows you to edit meta-html information. """ # check permission page = get_object_or_404(Page, pk=id) if not has_perm(request.user, 'pages.change_page', page): raise Http403 defaults = { 'title': page.get_title(), 'description': page.get_description(), 'keywords': page.get_keywords(), 'canonical_url': page.get_canonical_url(), } page.meta = MetaTags(**defaults) if request.method == "POST": form = form_class(request.POST, instance=page.meta) if form.is_valid(): page.meta = form.save() # save meta page.save() # save relationship messages.add_message(request, messages.SUCCESS, _('Successfully updated meta for %(p)s' % {'p': unicode(page)})) return HttpResponseRedirect(reverse('page', args=[page.slug])) else: form = form_class(instance=page.meta) return render_to_response(template_name, {'page': page, 'form': form}, context_instance=RequestContext(request))
def campaign_view(request, campaign_id, template_name="campaign_monitor/campaigns/view.html"): campaign = get_object_or_404(Campaign, campaign_id=campaign_id) if not has_perm(request.user, "campaign_monitor.view_campaign", campaign): raise Http403 return render_to_response(template_name, {"campaign": campaign}, context_instance=RequestContext(request))
def edit_meta(request, id, form_class=MetaForm, template_name="studygroups/edit-meta.html"): """ Return study group that allows you to edit meta-html information. """ # check permission study_group = get_object_or_404(StudyGroup, pk=id) if not has_perm(request.user, 'studygroup.change_studygroup', study_group): raise Http403 EventLog.objects.log(instance=study_group) defaults = { 'title': study_group.get_title(), 'description': study_group.get_description(), 'keywords': study_group.get_keywords(), 'canonical_url': study_group.get_canonical_url(), } study_group.meta = MetaTags(**defaults) if request.method == "POST": form = form_class(request.POST, instance=study_group.meta) if form.is_valid(): study_group.meta = form.save() # save meta study_group.save() # save relationship messages.add_message(request, messages.SUCCESS, 'Successfully updated meta for %s' % study_group) return HttpResponseRedirect(reverse('studygroups.detail', args=[study_group.slug])) else: form = form_class(instance=study_group.meta) return render_to_response(template_name, {'study_group': study_group, 'form': form}, context_instance=RequestContext(request))
def print_view(request, slug, template_name="pages/print-view.html"): try: page = get_object_or_404(Page, slug=slug) except Page.MultipleObjectsReturned: pages = Page.objects.filter( slug=slug, status_detail='active' ).order_by('-pk') if not pages: pages = Page.objects.filter(slug=slug).order_by('-pk') if not pages: raise Http404 page = pages[0] if not has_perm(request.user, 'pages.view_page', page): raise Http403 EventLog.objects.log(instance=page) return render_to_response(template_name, {'page': page}, context_instance=RequestContext(request))
def pricing_add(request, form_class=JobPricingForm, template_name="jobs/pricing-add.html"): if has_perm(request.user, 'jobs.add_jobpricing'): if request.method == "POST": form = form_class(request.POST) if form.is_valid(): job_pricing = form.save(commit=False) job_pricing.status = 1 job_pricing.save(request.user) EventLog.objects.log(instance=job_pricing) return HttpResponseRedirect( reverse('job_pricing.view', args=[job_pricing.id])) else: form = form_class() return render_to_response(template_name, {'form': form}, context_instance=RequestContext(request)) else: raise Http403
def delete(request, id, template_name="files/delete.html"): file = get_object_or_404(File, pk=id) # check permission if not has_perm(request.user, 'files.delete_file'): raise Http403 if request.method == "POST": # reassign owner to current user file.owner = request.user file.owner_username = request.user.username file.save() file.delete() if 'ajax' in request.POST: return HttpResponse('Ok') else: return HttpResponseRedirect(reverse('file.search')) return render_to_response(template_name, {'file': file}, context_instance=RequestContext(request))
def add(request, form_class=NavForm, template_name="navs/add.html"): if not has_perm(request.user, 'navs.add_nav'): raise Http403 if request.method == "POST": form = form_class(request.POST, user=request.user) if form.is_valid(): nav = form.save(commit=False) nav = update_perms_and_save(request, form, nav) messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % nav) return redirect('navs.edit_items', id=nav.id) else: form = form_class(user=request.user) return render_to_response( template_name, {'form': form}, context_instance=RequestContext(request), )
def add(request, form_class=DiscountForm, template_name="discounts/add.html"): if not has_perm(request.user, 'discounts.add_discount'): raise Http403 if request.method == "POST": form = form_class(request.POST, user=request.user) if form.is_valid(): discount = form.save(commit=False) discount = update_perms_and_save(request, form, discount) form.save_m2m() messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % discount) return redirect('discount.detail', id=discount.id) else: form = form_class(user=request.user) return render_to_response( template_name, {'form': form}, context_instance=RequestContext(request), )
def pricing_add(request, form_class=DirectoryPricingForm, template_name="directories/pricing-add.html"): if has_perm(request.user, 'directories.add_directorypricing'): if request.method == "POST": form = form_class(request.POST, user=request.user) if form.is_valid(): directory_pricing = form.save(commit=False) directory_pricing.status = 1 directory_pricing.save(request.user) return HttpResponseRedirect( reverse('directory_pricing.view', args=[directory_pricing.id])) else: form = form_class(user=request.user) return render_to_response(template_name, {'form': form}, context_instance=RequestContext(request)) else: raise Http403
def groupmembership_delete(request, group_slug, user_id, template_name="user_groups/member_delete.html"): group = get_object_or_404(Group, slug=group_slug) user = get_object_or_404(User, pk=user_id) group_membership = get_object_or_404(GroupMembership, group=group, member=user) if not has_perm(request.user,'user_groups.delete_groupmembership',group_membership): raise Http403 if request.method == 'POST': EventLog.objects.log(instance=group_membership) group_membership.delete() messages.add_message( request, messages.SUCCESS, _('Successfully removed %(name)s from group %(grp)s' % { 'name':user.get_full_name(), 'grp': group}) ) return HttpResponseRedirect(group.get_absolute_url()) return render_to_response(template_name, locals(), context_instance=RequestContext(request))
def edit(request, id, form_class=StoryForm, template_name="stories/edit.html"): story = get_object_or_404(Story, pk=id) if has_perm(request.user, 'stories.change_story', story): if request.method == "POST": form = form_class(request.POST, request.FILES, instance=story, user=request.user) if form.is_valid(): story = form.save(commit=False) # save photo photo = form.cleaned_data['photo_upload'] if photo: story.save(photo=photo) story = update_perms_and_save(request, form, story) messages.add_message( request, messages.SUCCESS, _('Successfully updated %(str)s' % {'str': unicode(story)})) redirect_to = request.REQUEST.get('next', '') if redirect_to: return HttpResponseRedirect(redirect_to) else: return redirect('story', id=story.pk) else: form = form_class(instance=story, user=request.user) else: raise Http403 return render_to_response(template_name, { 'story': story, 'form': form }, context_instance=RequestContext(request))
def groupmembership_delete(request, group_slug, user_id, template_name="user_groups/member_delete.html"): group = get_object_or_404(Group, slug=group_slug) user = get_object_or_404(User, pk=user_id) group_membership = get_object_or_404(GroupMembership, group=group, member=user) if not has_perm(request.user, 'user_groups.delete_groupmembership', group_membership): raise Http403 if request.method == 'POST': log_defaults = { 'event_id': 223000, 'event_data': '%s (%d) deleted by %s' % (group_membership._meta.object_name, group_membership.pk, request.user), 'description': '%s deleted' % group_membership._meta.object_name, 'user': request.user, 'request': request, 'instance': group_membership, } EventLog.objects.log(**log_defaults) group_membership.delete() messages.add_message( request, messages.SUCCESS, 'Successfully removed %s from group %s' % (user.get_full_name(), group)) return HttpResponseRedirect(group.get_absolute_url()) return render_to_response(template_name, locals(), context_instance=RequestContext(request))
def edit(request, id=None, form_class=HelpFileForm, template_name="help_files/edit.html"): help_file = get_object_or_404(HelpFile, pk=id) if has_perm(request.user, 'help_files.change_helpfile', help_file): if request.method == "POST": form = form_class(request.POST, instance=help_file, user=request.user) if form.is_valid(): help_file = form.save(commit=False) # add all permissions and save the model help_file = update_perms_and_save(request, form, help_file) form.save_m2m() msg_string = 'Successfully edited %s' % help_file messages.add_message(request, messages.SUCCESS, _(msg_string)) # send notification to administrator(s) and module recipient(s) recipients = get_notice_recipients('module', 'help_files', 'helpfilerecipients') # if recipients and notification: # notification.send_emails(recipients,'help_file_added', { # 'object': help_file, # 'request': request, # }) return HttpResponseRedirect( reverse('help_file.details', args=[help_file.slug])) else: form = form_class(instance=help_file, user=request.user) return render_to_response(template_name, { 'help_file': help_file, 'form': form }, context_instance=RequestContext(request)) else: raise Http403
def photo_size(request, id, size, crop=False, quality=90, download=False): """ Renders image and returns response Does not use template Saves resized image within cache system Returns 404 if if image rendering fails """ if isinstance(quality, unicode) and quality.isdigit(): quality = int(quality) photo = get_object_or_404(Image, id=id) size = [int(s) for s in size.split('x')] # check permissions if not has_perm(request.user, 'photos.view_image', photo): raise Http403 attachment = '' if download: attachment = 'attachment;' # gets resized image from cache or rebuild image = get_image(photo.image, size, PHOTO_PRE_KEY, crop=crop, quality=quality, unique_key=str(photo.pk)) # if image not rendered; quit if not image: raise Http404 response = HttpResponse(mimetype='image/jpeg') response['Content-Disposition'] = '%s filename=%s' % ( attachment, photo.image.file.name) image.save(response, "JPEG", quality=quality) return response
def group_delete(request, id, template_name="user_groups/delete.html"): group = get_object_or_404(Group, pk=id) if not has_perm(request.user,'user_groups.delete_group',group): raise Http403 if request.method == "POST": # send notification to administrators recipients = get_notice_recipients('module', 'groups', 'grouprecipients') if recipients: if notification: extra_context = { 'object': group, 'request': request, } notification.send_emails(recipients,'group_deleted', extra_context) EventLog.objects.log(instance=group) group.delete() return HttpResponseRedirect(reverse('group.search')) (deleted_objects, perms_needed, protected) = get_deleted_objects( group, request.user) object_name = group.label or group.name if perms_needed or protected: title = _("Cannot delete %(name)s") % {"name": object_name} else: title = _("Are you sure?") return render_to_response(template_name, {'group':group, "title": title, "object_name": object_name, "deleted_objects": deleted_objects, "perms_lacking": perms_needed, "protected": protected, "opts": group._meta, }, context_instance=RequestContext(request))
def add(request, form_class=LocationForm, template_name="locations/add.html"): if has_perm(request.user, 'locations.add_location'): if request.method == "POST": form = form_class(request.POST, user=request.user) if form.is_valid(): location = form.save(commit=False) # update all permissions and save the model location = update_perms_and_save(request, form, location) messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % location) return HttpResponseRedirect( reverse('location', args=[location.pk])) else: form = form_class(user=request.user) return render_to_response(template_name, {'form': form}, context_instance=RequestContext(request)) else: raise Http403
def edit_meta(request, id, form_class=MetaForm, template_name="pages/edit-meta.html"): """ Return page that allows you to edit meta-html information. """ # check permission page = get_object_or_404(Page, pk=id) if not has_perm(request.user, 'pages.change_page', page): raise Http403 defaults = { 'title': page.get_title(), 'description': page.get_description(), 'keywords': page.get_keywords(), 'canonical_url': page.get_canonical_url(), } page.meta = MetaTags(**defaults) if request.method == "POST": form = form_class(request.POST, instance=page.meta) if form.is_valid(): page.meta = form.save() # save meta page.save() # save relationship messages.add_message( request, messages.SUCCESS, _('Successfully updated meta for %(p)s' % {'p': page})) return HttpResponseRedirect(reverse('page', args=[page.slug])) else: form = form_class(instance=page.meta) return render_to_response(template_name, { 'page': page, 'form': form }, context_instance=RequestContext(request))
def edit(request, id, form_class=NavForm, template_name="navs/edit.html"): nav = get_object_or_404(Nav, id=id) if not has_perm(request.user, 'navs.change_nav', nav): raise Http403 if request.method == "POST": form = form_class(request.POST, instance=nav, user=request.user) if form.is_valid(): nav = form.save(commit=False) nav = update_perms_and_save(request, form, nav) cache_nav(nav) messages.add_message(request, messages.SUCCESS, 'Successfully updated %s' % nav) return redirect('navs.edit_items', id=nav.id) else: form = form_class(user=request.user, instance=nav) return render_to_response( template_name, {'form':form, 'current_nav':nav}, context_instance=RequestContext(request), )
def pricing_delete(request, id, template_name="directories/pricing-delete.html"): directory_pricing = get_object_or_404(DirectoryPricing, pk=id) if not has_perm(request.user, 'directories.delete_directorypricing'): raise Http403 if request.method == "POST": messages.add_message(request, messages.SUCCESS, 'Successfully deleted %s' % directory_pricing) #directory_pricing.delete() # soft delete directory_pricing.status = False directory_pricing.save() return HttpResponseRedirect(reverse('directory_pricing.search')) return render_to_response(template_name, {'directory_pricing': directory_pricing}, context_instance=RequestContext(request))
def photoset_edit(request, id, form_class=PhotoSetEditForm, template_name="photos/photo-set/edit.html"): from tendenci.core.perms.object_perms import ObjectPermission photo_set = get_object_or_404(PhotoSet, id=id) # if no permission; permission exception if not has_perm(request.user,'photos.change_photoset',photo_set): raise Http403 if request.method == "POST": if request.POST["action"] == "edit": form = form_class(request.POST, instance=photo_set, user=request.user) if form.is_valid(): photo_set = form.save(commit=False) # update all permissions and save the model photo_set = update_perms_and_save(request, form, photo_set) # copy all privacy settings from photo set to photos Image.objects.filter(photoset=photo_set).update(**get_privacy_settings(photo_set)) # photo set group permissions group_perms = photo_set.perms.filter(group__isnull=False).values_list('group','codename') group_perms = tuple([(unicode(g), c.split('_')[0]) for g, c in group_perms ]) photos = Image.objects.filter(photoset=photo_set) for photo in photos: ObjectPermission.objects.remove_all(photo) ObjectPermission.objects.assign_group(group_perms, photo) messages.add_message(request, messages.SUCCESS, _("Successfully updated photo set! ")) return HttpResponseRedirect(reverse('photoset_details', args=[photo_set.id])) else: form = form_class(instance=photo_set, user=request.user) return render_to_response(template_name, { 'photo_set': photo_set, "photoset_form": form, }, context_instance=RequestContext(request))
def search(request, template_name="articles/search.html"): get = dict(request.GET) query = get.pop('q', []) get.pop('page', None) # pop page query string out; page ruins pagination query_extra = ['%s:%s' % (k, v[0]) for k, v in get.items() if v[0].strip()] query = ' '.join(query) if query_extra: query = '%s %s' % (query, ' '.join(query_extra)) if get_setting('site', 'global', 'searchindex') and query: articles = Article.objects.search(query, user=request.user) else: filters = get_query_filters(request.user, 'articles.view_article') articles = Article.objects.filter(filters).distinct() if not request.user.is_anonymous(): articles = articles.select_related() if not has_perm(request.user, 'articles.view_article'): articles = articles.filter(release_dt__lte=datetime.now()) articles = articles.order_by('-release_dt') EventLog.objects.log() # Query list of category and subcategory for dropdown filters category = request.GET.get('category') try: category = int(category) except: category = 0 categories, sub_categories = Article.objects.get_categories( category=category) return render_to_response(template_name, { 'articles': articles, 'categories': categories, 'sub_categories': sub_categories }, context_instance=RequestContext(request))
def edit(request, id, form_class=DirectoryForm, template_name="directories/edit.html"): directory = get_object_or_404(Directory, pk=id) if not has_perm(request.user,'directories.change_directory', directory): raise Http403 form = form_class(request.POST or None, request.FILES or None, instance=directory, user=request.user) del form.fields['payment_method'] if not request.user.profile.is_superuser: del form.fields['pricing'] del form.fields['list_type'] if request.method == "POST": if form.is_valid(): directory = form.save(commit=False) if directory.logo: try: directory.logo.file.seek(0) except IOError: directory.logo = None # update all permissions and save the model directory = update_perms_and_save(request, form, directory) messages.add_message(request, messages.SUCCESS, 'Successfully updated %s' % directory) return HttpResponseRedirect(reverse('directory', args=[directory.slug])) else: form = form_class(instance=directory, user=request.user) return render_to_response(template_name, {'directory': directory, 'form':form}, context_instance=RequestContext(request)) return render_to_response(template_name, {'directory': directory, 'form':form}, context_instance=RequestContext(request))
def edit(request, id, form_class=LocationForm, template_name="locations/edit.html"): location = get_object_or_404(Location, pk=id) if has_perm(request.user, 'locations.change_location', location): if request.method == "POST": form = form_class(request.POST, request.FILES, instance=location, user=request.user) if form.is_valid(): location = form.save(commit=False) # update all permissions and save the model location = update_perms_and_save(request, form, location) if 'photo_upload' in form.cleaned_data: photo = form.cleaned_data['photo_upload'] if photo: location.save(photo=photo) messages.add_message(request, messages.SUCCESS, 'Successfully updated %s' % location) return HttpResponseRedirect( reverse('location', args=[location.pk])) else: form = form_class(instance=location, user=request.user) return render_to_response(template_name, { 'location': location, 'form': form }, context_instance=RequestContext(request)) else: raise Http403
def add(request, form_class=NewsForm, template_name="news/add.html"): # check permission if not has_perm(request.user, 'news.add_news'): raise Http403 if request.method == "POST": form = form_class(request.POST, request.FILES, user=request.user) if form.is_valid(): news = form.save(commit=False) # update all permissions and save the model news = update_perms_and_save(request, form, news) # save photo photo = form.cleaned_data['photo_upload'] if photo: news.save(photo=photo) assign_files_perms(news, files=[news.thumbnail]) msg_string = 'Successfully added %s' % news messages.add_message(request, messages.SUCCESS, _(msg_string)) # send notification to administrators recipients = get_notice_recipients('module', 'news', 'newsrecipients') if recipients: if notification: extra_context = { 'object': news, 'request': request, } notification.send_emails(recipients, 'news_added', extra_context) return HttpResponseRedirect(reverse('news.detail', args=[news.slug])) else: form = form_class(user=request.user) return render_to_response(template_name, {'form': form}, context_instance=RequestContext(request))
def add(request, form_class=StoryForm, template_name="stories/add.html"): if has_perm(request.user, 'stories.add_story'): if request.method == "POST": form = form_class(request.POST, request.FILES, user=request.user) if form.is_valid(): story = form.save(commit=False) story = update_perms_and_save(request, form, story) # save photo photo = form.cleaned_data['photo_upload'] if photo: story.save(photo=photo) assign_files_perms(story, files=[story.image]) if 'rotator' in story.tags: checklist_update('add-story') messages.add_message( request, messages.SUCCESS, _('Successfully added %(str)s' % {'str': unicode(story)})) return HttpResponseRedirect(reverse('story', args=[story.pk])) else: from pprint import pprint pprint(form.errors.items()) else: form = form_class(user=request.user) tags = request.GET.get('tags', '') if tags: form.fields['tags'].initial = tags else: raise Http403 return render_to_response(template_name, {'form': form}, context_instance=RequestContext(request))
def edit(request, id, form_class=FormForm, template_name="forms/edit.html"): form_instance = get_object_or_404(Form, pk=id) if not has_perm(request.user,'forms.change_form',form_instance): raise Http403 PricingFormSet = inlineformset_factory(Form, Pricing, form=PricingForm, extra=2) if request.method == "POST": form = form_class(request.POST, instance=form_instance, user=request.user) if form_instance.recurring_payment: formset = RecurringPaymentFormSet(request.POST, instance=form_instance) else: formset = PricingFormSet(request.POST, instance=form_instance) if form.is_valid() and formset.is_valid(): form_instance = form.save(commit=False) form_instance = update_perms_and_save(request, form, form_instance) form.save_m2m() # save payment methods formset.save() # save price options # remove all pricings if no custom_payment form if not form.cleaned_data['custom_payment']: form_instance.pricing_set.all().delete() messages.add_message(request, messages.SUCCESS, 'Successfully edited %s' % form_instance) return HttpResponseRedirect(reverse('form_field_update', args=[form_instance.pk])) else: form = form_class(instance=form_instance, user=request.user) if form_instance.recurring_payment: formset = RecurringPaymentFormSet(instance=form_instance) else: formset = PricingFormSet(instance=form_instance) return render_to_response(template_name, { 'form':form, 'formset':formset, 'form_instance':form_instance, },context_instance=RequestContext(request))
def generate(request): """ Newsletter generator form """ if not has_perm(request.user, 'newsletters.add_newsletter'): raise Http403 if request.method == 'POST': form = GenerateForm(request.POST) if form.is_valid(): template = form.cleaned_data['template'] html_url = [ reverse('newsletter.template_render', args=[template.template_id]), u'?jump_links=%s' % form.cleaned_data.get('jump_links'), '&events=%s' % form.cleaned_data.get('events'), '&events_type=%s' % form.cleaned_data.get('events_type'), '&event_start_dt=%s' % form.cleaned_data.get('event_start_dt', u''), '&event_end_dt=%s' % form.cleaned_data.get('event_end_dt', u''), '&articles=%s' % form.cleaned_data.get('articles', u''), '&articles_days=%s' % form.cleaned_data.get('articles_days', u''), '&news=%s' % form.cleaned_data.get('news', u''), '&news_days=%s' % form.cleaned_data.get('news_days', u''), '&jobs=%s' % form.cleaned_data.get('jobs', u''), '&jobs_days=%s' % form.cleaned_data.get('jobs_days', u''), '&pages=%s' % form.cleaned_data.get('pages', u''), '&pages_days=%s' % form.cleaned_data.get('pages_days', u''), ] return redirect(''.join(html_url)) form = GenerateForm() return render(request, 'newsletters/generate.html', {'form': form})
def add(request, form_class=FormForm, template_name="forms/add.html"): if not has_perm(request.user, 'forms.add_form'): raise Http403 PricingFormSet = inlineformset_factory(Form, Pricing, form=PricingForm, extra=2, can_delete=False) formset = PricingFormSet() if request.method == "POST": form = form_class(request.POST, user=request.user) if form.is_valid(): form_instance = form.save(commit=False) # save form and associated pricings form_instance = update_perms_and_save(request, form, form_instance) formset = PricingFormSet(request.POST, instance=form_instance) if formset.is_valid(): # update_perms_and_save does not appear to consider ManyToManyFields for method in form.cleaned_data['payment_methods']: form_instance.payment_methods.add(method) formset.save() messages.add_message( request, messages.SUCCESS, _('Successfully added %(f)s' % {'f': form_instance})) return HttpResponseRedirect( reverse('form_field_update', args=[form_instance.pk])) else: form = form_class(user=request.user) return render_to_response(template_name, { 'form': form, 'formset': formset, }, context_instance=RequestContext(request))
def approve(self, request, pk): """ Approve membership and redirect to membershipdefault change page. """ if not has_perm(request.user, 'memberships.approve_membershipdefault'): raise Http403 m = get_object_or_404(MembershipDefault, pk=pk) m.approve(request_user=request.user) m.send_email(request, 'approve') if m.corporate_membership_id: # notify corp reps m.email_corp_reps(request) messages.add_message(request, messages.SUCCESS, _('Successfully Approved')) return redirect( reverse( 'admin:memberships_membershipdefault_change', args=[pk], ))
def pricing_add(request, form_class=DirectoryPricingForm, template_name="directories/pricing-add.html"): if has_perm(request.user,'directories.add_directorypricing'): if request.method == "POST": form = form_class(request.POST, user=request.user) if form.is_valid(): directory_pricing = form.save(commit=False) directory_pricing.status = 1 directory_pricing.save(request.user) if "_popup" in request.REQUEST: return HttpResponse('<script type="text/javascript">opener.dismissAddAnotherPopup(window, "%s", "%s");</script>' % (escape(directory_pricing.pk), escape(directory_pricing))) return HttpResponseRedirect(reverse('directory_pricing.view', args=[directory_pricing.id])) else: form = form_class(user=request.user) if "_popup" in request.REQUEST: template_name="directories/pricing-add-popup.html" return render_to_response(template_name, {'form':form}, context_instance=RequestContext(request)) else: raise Http403
def group_delete(request, id, template_name="user_groups/delete.html"): group = get_object_or_404(Group, pk=id) if not has_perm(request.user,'user_groups.delete_group',group): raise Http403 if request.method == "POST": # send notification to administrators recipients = get_notice_recipients('module', 'groups', 'grouprecipients') if recipients: if notification: extra_context = { 'object': group, 'request': request, } notification.send_emails(recipients,'group_deleted', extra_context) EventLog.objects.log(instance=group) group.delete() return HttpResponseRedirect(reverse('group.search')) return render_to_response(template_name, {'group':group}, context_instance=RequestContext(request))
def pricing_edit(request, id, form_class=JobPricingForm, template_name="jobs/pricing-edit.html"): job_pricing = get_object_or_404(JobPricing, pk=id) if not has_perm(request.user, 'jobs.change_jobpricing', job_pricing): Http403 if request.method == "POST": form = form_class(request.POST, instance=job_pricing) if form.is_valid(): job_pricing = form.save(commit=False) job_pricing.save(request.user) EventLog.objects.log(instance=job_pricing) return HttpResponseRedirect(reverse( 'job_pricing.view', args=[job_pricing.id]) ) else: form = form_class(instance=job_pricing) return render_to_response(template_name, {'form': form}, context_instance=RequestContext(request))
def add(request, form_class=EntityForm, template_name="entities/add.html"): if has_perm(request.user, 'entities.add_entity'): if request.method == "POST": form = form_class(request.POST, user=request.user) if form.is_valid(): entity = form.save(commit=False) # update all permissions and save the model entity = update_perms_and_save(request, form, entity) messages.add_message( request, messages.SUCCESS, _('Successfully added %(e)s' % {'e': entity})) return HttpResponseRedirect(reverse('entity', args=[entity.pk])) else: form = form_class(user=request.user) return render_to_response(template_name, {'form': form}, context_instance=RequestContext(request)) else: raise Http403