def get(self): cat = catalog() for method_key, method_details in cat.copy().items(): for function_key, function_details in method_details.copy().items(): if permissions.can(method_key+'.'+function_key)['status'] == 'error': cat[method_key].pop(function_key) if len(method_details) == 0: cat.pop(method_key) return jsonify(cat)
def set_content_visibility(request, pk, level):
content = get_object_or_404(models.Content.objects, pk=pk)
if not can(request.user, VISIBILITY_ACTIONS[level], content):
raise PermissionDenied
content.visibility = level
content.save()
return HttpResponse(status=200)
def view_content(request, pk, slug=None):
"""Render specific content in the newspaper."""
content = get_object_or_404(models.Content, pk=pk)
# Redirect to the correct URL for the content
# We allow accessing with any slug, but redirect to the correct slug
if content.slug != slug:
return redirect("home:view_content", content.slug, content.pk)
if content.embed_only and not can(request.user, "content.edit", content):
# This content shouldn't have it's own page!
return HttpResponseForbidden("This content is for embedding only.")
# Mark another view for the content
content.views += 1
content.save()
linked_content = content.linked.annotate(qs_order=Value(0, IntegerField()))
tags = content.tags.all()
if len(tags) > 0:
tag_content = (
models.Content.objects.filter(tags__name=tags[0].name)
.exclude(pk=content.pk)
.order_by("-modified")[:8]
.annotate(qs_order=Value(1, IntegerField()))
)
for each_tag in tags[1:]:
if len(tag_content) < 9:
new_tag_content = (
models.Content.objects.filter(
tags__name=each_tag.name, visibility=models.Content.PUBLISHED
)
.exclude(pk=content.pk)
.order_by("-modified")[: 9 - len(tag_content)]
.annotate(qs_order=Value(1, IntegerField()))
)
tag_content = tag_content.union(new_tag_content)
related_content = linked_content.union(tag_content).order_by(
"qs_order", "-modified"
)
else:
related_content = linked_content
return render(
request,
"home/content.html",
{
"content": content,
"form": forms.CommentForm(),
"related_content": related_content,
},
)
def set_content_visibility(request, pk, level):
"""View to change the visibility of certain content."""
content = get_object_or_404(models.Content.objects, pk=pk)
# Check whether the requesting user has permission to change the content's visibility to the given level
if not can(request.user, VISIBILITY_ACTIONS[level], content):
raise PermissionDenied
content.visibility = level
content.save()
return HttpResponse(status=200)
def render_content(user, content):
"""A template tag that renders the template of some Content, for example, story text or an image with a caption.
Only works when user has read permissions on the content object.
"""
return template.loader.get_template("home/content/embed.html").render({
"content":
content if content and permissions.can(user, 'content.read', content)
else None,
"user":
user
})
def set_comment_approval(request, pk, level):
"""View to change the approval of a comment."""
comment = get_object_or_404(models.Comment, pk=pk)
# Check whether the requesting user has permission to change the comment's visibility to the given level
if not can(request.user, "content.comment", comment):
raise PermissionDenied
if level == 2:
comment.approved = True
if level == 3:
comment.approved = False
comment.save()
return HttpResponse(status=200)
def render_content(context, user, content, embedding=True):
"""A template tag that renders the template of some Content, for example, story text or an image with a caption.
Only works when user has read permissions on the content object.
"""
computed_content = (
content if content and permissions.can(user, "content.read", content) else None
)
return template.loader.get_template("home/content/display.html").render(
{
"content": computed_content,
"user": user,
"embedding": embedding,
},
context.request,
)
def view_content(request, pk, slug=None):
"""Render specific content in the newspaper."""
content = get_object_or_404(models.Content, pk=pk)
# Redirect to the correct URL for the content
# We allow accessing with any slug, but redirect to the correct slug
if content.slug != slug:
return redirect("home:view_content", content.slug, content.pk)
if content.embed_only and not can(request.user, 'content.edit', content):
# This content shouldn't have it's own page!
return HttpResponseForbidden("This content is for embedding only.")
# Mark another view for the content
content.views += 1
content.save()
return render(request, "home/content.html", {
"content": content
})
def can(user, content, action=action):
"""A filter that checks whether a user can {} a particular Content.""".format(
action
)
return permissions.can(user, "content.{}".format(action), content)
def evaluate(action):
results = {}
list = catalog()
# Validate module
if 'module' in action.keys():
results['module'] = action['module']
if action['module'] in list.keys():
# Load module
try:
module = importlib.import_module(action['module']+'.api')
except ImportError as e:
results['status'] = 'error'
results['message'] = str(e)
return results
else:
results['status'] = 'error'
results['message'] = 'Specified module is not supported by this API.'
return results
else:
return {'status':'error', 'message':'No module specified.'}
# Validate function
if 'function' in action.keys():
results['function'] = action['function']
if action['function'] in list[action['module']].keys():
# Get function
try:
function = getattr(module, action['function'])
except KeyError:
results['status'] = 'error'
results['message'] = 'No function specified.'
return results
except AttributeError:
results['status'] = 'error'
results['message'] = 'That function is not defined in the \''+action['module']+'\' module.'
return results
else:
results['status'] = 'error'
results['message'] = 'Specified function is not supported by this API.'
return results
else:
results['status'] = 'error'
results['message'] = 'No function specified.'
return results
# Validate permission
permission = action['module']+'.'+action['function']
validation = permissions.can(permission)
if validation['status'] == 'error':
#results.update(validation)
return results
# Set Arguments
try:
arguments = action['arguments']
except KeyError:
arguments = {}
# Evaluate
try:
if len(arguments) > 0:
results.update(function(**arguments))
else:
results.update(function())
return results
except Exception as ex:
results['status'] = 'error'
results['error'] = str(type(ex).__name__)
results['message'] = str(ex)
results['traceback'] = traceback.format_exc()
return results
def get_object(self, **kwargs):
obj = super(ContentEditView, self).get_object(**kwargs)
if not can(self.request.user, 'content.edit', obj):
raise PermissionDenied
return obj
