def EditItem(request): if request.is_ajax(): if request.method == "POST": form = NewItemForm(request.POST) if form.is_valid(): if str(request.POST['id']) == str(int(request.POST['id'])): try: item = Item.objects.get(id=request.POST['id']) except Item.DoesNotExist: raise Http404 try: lock = Lock.objects.get(item=item) if lock.user != request.user: raise Http404 except Lock.DoesNotExist: pass if 'listsession' in request.POST.keys(): if request.POST['listsession']: p = request.POST['listsession'].split('$') if request.POST['listsession'] != passHash(request.user.username + listobj.password, p[1]): raise Http404 else: listsession = '' else: raise Http404 referer = request.META['HTTP_REFERER'] if referer[referer[:-1].rfind('/')+1:] != item.list.url: raise Http404 if item.list.visibility == 0: #Public if item.list.perm != 1 and request.user != item.list.user: raise Http404 else: #Private if request.user.is_authenticated(): if item.list.emails: if request.user.email not in item.list.emails.split(',') and request.user != item.list.user: raise Http404 elif request.user != item.list.user: raise Http404 else: raise Http404 item.name = form.cleaned_data['name'] item.count = form.cleaned_data['count'] item.priority = form.cleaned_data['priority'] print item.__dict__ item.save() return HttpResponse(json.dumps({'errors':''})) else: raise Http404 else: return HttpResponse(json.dumps({'errors':[form.non_field_errors(), ["%s: %s" % (field, error) for field, error in form.errors.items()]]})) else: raise Http404 else: raise Http404
def EditList(request): if request.is_ajax(): if request.method == "POST": form = NewListForm(request.POST, error_class=TextErrorList) if form.is_valid(): if str(request.POST['id']) == str(int(request.POST['id'])): try: listobj = List.objects.get(id=request.POST['id']) except List.DoesNotExist: raise Http404 if 'listsession' in request.POST.keys(): if request.POST['listsession']: p = request.POST['listsession'].split('$') if request.POST['listsession'] != passHash(request.user.username + listobj.password, p[1]): raise Http404 else: listsession = '' else: raise Http404 referer = request.META['HTTP_REFERER'] if referer[referer[:-1].rfind('/')+1:] != listobj.url: raise Http404 if listobj.visibility == 0: #Public if listobj.perm != 1 and request.user != listobj.user: raise Http404 else: #Private if request.user.is_authenticated(): if listobj.emails: if request.user.email not in listobj.emails.split(',') and request.user != listobj.user: raise Http404 elif request.user != listobj.user: raise Http404 else: raise Http404 listobj.name = form.cleaned_data['name'] listobj.description = form.cleaned_data['description'] listobj.url = form.cleaned_data['url'] listobj.visibility = form.cleaned_data['visibility'] listobj.perm = form.cleaned_data['perm'] listobj.emails = form.cleaned_data['emails'] try: listobj.save() except IntegrityError as error: return HttpResponse(json.dumps({'errors':[error]})) return HttpResponse(json.dumps({'errors':''})) else: raise Http404 else: return HttpResponse(json.dumps({'errors':[form.non_field_errors(), ["%s: %s" % (field, error) for field, error in form.errors.items()]]})) else: raise Http404 else: raise Http404
def ListItems(request): if request.method == "POST": if str(request.POST['id']) == str(int(request.POST['id'])): try: listobj = List.objects.get(id=int(request.POST['id'])) except List.DoesNotExist: raise Http404 if 'listsession' in request.POST.keys(): if request.POST['listsession']: p = request.POST['listsession'].split('$') if request.POST['listsession'] != passHash(request.user.username + listobj.password, p[1]): raise Http404 else: listsession = '' else: raise Http404 referer = request.META['HTTP_REFERER'] if referer[referer[:-1].rfind('/')+1:] != listobj.url: raise Http404 if listobj.visibility == 0: #Public if listobj.perm != 1 and request.user != listobj.user: raise Http404 else: #Private if request.user.is_authenticated(): if listobj.emails: if request.user.email not in listobj.emails.split(',') and request.user != listobj.user: raise Http404 elif request.user != listobj.user: raise Http404 else: raise Http404 items = list(listobj.getItems()) temp = items[:] for item in temp: if str(item.id) in request.POST['rendered'].split(','): items.remove(item) return HttpResponse(json.dumps({'errors':'', 'items':[{'name':i.name, 'count':i.count, 'id':i.id, 'priority':i.priority} for i in items]})) else: raise Http404 else: raise Http404
def Delete(request): if request.is_ajax(): if request.method == "POST": form = DeleteForm(request.POST, error_class=TextErrorList) if form.is_valid(): valid_paths = [] object = None password = None reg_edit = None anon_edit = None if form.cleaned_data['type'] == "listobj": try: object = List.objects.get(id=form.cleaned_data['id']) password = object.password visibility = object.visibility perm = object.perm user = object.user emails = object.emails valid_paths = ["dashboard", object.url] except List.DoesNotExist: raise Http404 else: try: object = Item.objects.get(id=form.cleaned_data['id']) password = object.list.password visibility = object.list.visibility perm = object.list.perm user = object.list.user emails = object.list.emails valid_paths = [object.listobj.url] except Item.DoesNotExist: raise Http404 if 'listsession' in request.POST.keys(): if request.POST['listsession']: p = request.POST['listsession'].split('$') if request.POST['listsession'] != passHash(request.user.username + listobj.password, p[1]): raise Http404 else: listsession = '' else: raise Http404 if visibility == 0: #Public if perm != 1 and request.user != user: raise Http404 else: #Private if request.user.is_authenticated(): if emails: if request.user.email not in emails.split(',') and request.user != user: raise Http404 elif request.user != user: raise Http404 else: raise Http404 referer = request.META['HTTP_REFERER'] if referer[referer[:-1].rfind('/')+1:] in valid_paths: object.delete() return json.dumps({'errors':''}) else: raise Http404 else: return HttpResponse(json.dumps({'errors':[form.non_field_errors(), ["%s: %s" % (field, error) for field, error in form.errors.items()]]})) else: raise Http404 else: raise Http404
def ListPage(request, url): try: list = List.objects.get(url=url) except List.DoesNotExist: raise Http404 edit = 'false' view = False if list.visibility == 0: #Public view = True if list.perm == 1 or request.user == list.user: edit = 'true' else: #Private if request.user.is_authenticated(): if list.emails: if request.user.email in list.emails.split(','): view = True if list.perm == 1: edit = 'true' if request.user == list.user: view = True edit = 'true' else: raise Http404 if not view: raise Http404 if request.method == "POST": listsession = '' if 'listsession' in request.POST.keys(): listsession = request.POST['listsession'] if listsession != passHash(request.user.username + list.password): listsession = '' if 'password' in request.POST.keys(): p = list.password.split('$') password = request.POST['password'] if passHash(password, p[1]) == list.password: form = NewItemForm() wholine = "" if list.visibility == 0: wholine = "a public list" else: wholine = "a private list" if list.emails and len(list.emails.split(',')) > 2: wholine += " by you, %s" % ', '.join(get_usernames(list.emails.split(',').remove(request.user.email))) elif list.emails and len(list.emails.split(',')) == 2: wholine += " by you and %s" % get_usernames(list.emails.split(',').remove(request.user.email))[0] return render_to_response('list.html', {'form':form, 'password':bool(list.password), 'wholine':wholine, 'list':list, 'edit': edit, 'listsession':passHash(request.user.username + list.password, p[1])}, RequestContext(request)) else: message = "Password was invalid." form = ListPasswordForm() return render_to_response('list.html', {'form':form, 'password':bool(list.password), 'message':message, 'list':list, 'edit': edit, 'listsession':''}, RequestContext(request)) else: message = "Please enter a password." form = ListPasswordForm() return render_to_response('list.html', {'form':form, 'password':bool(list.password), 'message':message, 'list':list, 'edit': edit, 'listsession':''}, RequestContext(request)) else: if list.password: form = ListPasswordForm() return render_to_response('list.html', {'form':form, 'password':bool(list.password), 'list':list, 'edit': edit, 'listsession':''}, RequestContext(request)) else: form = NewItemForm() wholine = "" if list.visibility == 0: wholine = "a public list" else: wholine = "a private list" if list.emails and len(list.emails.split(',')) > 2: wholine += " by you, %s" % ', '.join(get_usernames(list.emails.split(',').remove(request.user.email))) elif list.emails and len(list.emails.split(',')) == 2: wholine += " by you and %s" % get_usernames(list.emails.split(',').remove(request.user.email))[0] return render_to_response('list.html', {'form':form, 'password':bool(list.password), 'wholine':wholine, 'list':list, 'edit': edit, 'listsession':''}, RequestContext(request))