def list_pages(self, request, template_name=None, extra_context=None):
"""List root pages"""
if not self.admin_site.has_permission(request):
return self.admin_site.login(request)
language = get_language_from_request(request)
query = request.POST.get('q', '').strip()
if query:
page_ids = list(set([c.page.pk for c in
Content.objects.filter(body__icontains=query)]))
pages = Page.objects.filter(pk__in=page_ids)
else:
pages = Page.objects.root()
if settings.PAGE_HIDE_SITES:
pages = pages.filter(sites=settings.SITE_ID)
perms = PagePermission(request.user)
context = {
'can_publish': perms.check('publish'),
'language': language,
'name': _("page"),
'pages': pages,
'opts': self.model._meta,
'q': query
}
context.update(extra_context or {})
change_list = self.changelist_view(request, context)
return change_list
def get_fieldsets(self, request, obj=None):
"""
Add fieldsets of placeholders to the list of already
existing fieldsets.
"""
perms = PagePermission(request.user)
# some ugly business to remove freeze_date
# from the field list
general_module = {
'fields': list(self.general_fields),
'classes': ('module-general',),
}
default_fieldsets = list(self.fieldsets)
if not perms.check('freeze'):
general_module['fields'].remove('freeze_date')
if not perms.check('publish'):
general_module['fields'].remove('status')
default_fieldsets[0][1] = general_module
placeholder_fieldsets = []
template = get_template_from_request(request, obj)
for placeholder in get_placeholders(template):
if placeholder.name not in self.mandatory_placeholders:
placeholder_fieldsets.append(placeholder.name)
additional_fieldsets = []
# meta fields
metadata_fieldsets = [f['name'] for f in self.metadata_fields]
additional_fieldsets.append((_('Metadata'), {
'fields': metadata_fieldsets,
'classes': ('module-content', 'grp-collapse grp-closed'),
}))
additional_fieldsets.append((_('Content'), {
'fields': placeholder_fieldsets,
'classes': ('module-content',),
}))
return default_fieldsets + additional_fieldsets
def change_status(request, page_id):
"""
Switch the status of a page.
"""
perm = PagePermission(request.user).check('change', method='POST')
if perm and request.method == 'POST':
page = Page.objects.get(pk=page_id)
page.status = int(request.POST['status'])
page.save()
return HttpResponse(str(page.status))
raise Http404
def delete_content(request, page_id, language_id):
page = get_object_or_404(Page, pk=page_id)
perm = PagePermission(request.user).check('delete',
page=page,
lang=language_id,
method='POST')
if not perm:
raise Http404
for c in Content.objects.filter(page=page, language=language_id):
c.delete()
destination = request.REQUEST.get(
'next',
request.META.get('HTTP_REFERER',
'/admin/basic_cms/page/%s/' % page_id))
return HttpResponseRedirect(destination)
def modify_content(request, page_id, content_type, language_id):
"""Modify the content of a page."""
page = get_object_or_404(Page, pk=page_id)
perm = PagePermission(request.user).check('change',
page=page,
lang=language_id,
method='POST')
if perm and request.method == 'POST':
content = request.POST.get('content', False)
if not content:
raise Http404
page = Page.objects.get(pk=page_id)
if settings.PAGE_CONTENT_REVISION:
Content.objects.create_content_if_changed(page, language_id,
content_type, content)
else:
Content.objects.set_or_create_content(page, language_id,
content_type, content)
page.invalidate()
# to update last modification date
page.save()
return HttpResponse('ok')
raise Http404
def has_delete_permission(self, request, obj=None):
"""Return ``True`` if the current user has permission on the page."""
lang = get_language_from_request(request)
return PagePermission(request.user).check('change', page=obj,
lang=lang)
def has_add_permission(self, request):
"""Return ``True`` if the current user has permission to add a new
page."""
lang = get_language_from_request(request)
return PagePermission(request.user).check('add', lang=lang)
def test_permissions(self):
"""Test the permissions lightly."""
from basic_cms.permissions import PagePermission
page = self.new_page()
pp = PagePermission(user=page.author)
self.assertTrue(pp.check('change', page=page, method='GET'))
self.assertTrue(pp.check('change', page=page, method='POST'))
staff = User.objects.get(username='******')
pp = PagePermission(user=staff)
# weird because nonstaff?
self.assertTrue(
pp.check('change', page=page, method='GET', lang='en-us'))
self.assertFalse(
pp.check('change', page=page, method='POST', lang='en-us'))
self.assertFalse(
pp.check('delete', page=page, method='POST', lang='en-us'))
self.assertFalse(
pp.check('add', page=page, method='POST', lang='en-us'))
self.assertFalse(
pp.check('freeze', page=page, method='POST', lang='en-us'))
self.assertFalse(
pp.check('doesnotexist', page=page, method='POST', lang='en-us'))
self.assertFalse(
pp.check('publish', page=page, method='POST', lang='en-us'))