def template_fileresource_list(request, object_id, template_name='ct_fileresource/list.html'): obj = get_object_or_404(ClinTemplate, pk=object_id) if not check_permission(request.user, obj.workgroup, 'resource', 'r'): raise PermissionDenied() objects = FileResource.template_resources.filter(object_id=obj.id) template_context = {'objects': objects} return render_to_response(template_name, RequestContext(request, template_context))
def blog_new_post(request, group_slug): group = get_object_or_404(CTGroup, slug=group_slug) if not check_permission(request.user, group, 'blog', 'w'): raise PermissionDenied() return _new_post(request, group)
def email_notify(groups, content, perm, managers=False): # leave here - recursive load problem from ct_groups.decorators import check_permission all_memberships = [] for group in groups: if group: if managers: # ignore settings and send to all managers at once all_memberships.extend(group.get_managers()) else: all_memberships.extend([member for member in group.groupmembership_set.all() if (member.notify_pref(perm) == 'single') and member.is_active and check_permission(member.user, group, perm, 'r')]) add_list = list(frozenset([member.user.email for member in all_memberships])) if len(add_list) == 0: return site = Site.objects.get_current().name body = render_to_string('ct_groups/email_post_comment_body.txt', { 'content': content, 'site': site, 'dummy': datetime.datetime.now().strftime("%H:%M"), 'settings_url': '%s%s' % ( settings.APP_BASE[:-1], reverse('group-edit', kwargs={'group_slug': group.slug}))}) # TODO: put this in utils # also used in ct_template.models email = EmailMessage( #subject, body, from_email, to, bcc, connection) '[%s] %s update' % (site, group.name), fix_email_body(body), 'do not reply <%s>' % settings.DEFAULT_FROM_EMAIL, [settings.DEFAULT_FROM_EMAIL], add_list ) email.send()
def moderate_refuse_confirm(request, group_slug, object_id): """docstring for moderate_refuse_confirm""" object = get_object_or_404(CTGroup, slug=group_slug) u = request.user if not check_permission(u, object, "group", "w"): raise PermissionDenied() if request.method == "POST": if request.POST["result"] == _("Cancel"): return HttpResponseRedirect("%s#membership" % reverse("group-edit", kwargs={"group_slug": group_slug})) # redirect to group form = ModerateRefuseForm(request.POST) if form.is_valid(): membership = get_object_or_404(GroupMembership, pk=object_id) membership.refuse(form.cleaned_data["reason_for_refusal"]) messages.success(request, _("Membership not approved.")) return HttpResponseRedirect("%s#membership" % reverse("group-edit", kwargs={"group_slug": group_slug})) # else, reshow form else: mod = None else: # a GET, so make form form = ModerateRefuseForm() return render_to_response( "ct_groups/ct_groups_moderate_refuse.html", RequestContext(request, {"group": object, "memb": None, "form": form}), )
def post_comment_delete(request, object_id, comment_id): obj = get_object_or_404(Post, pk=object_id) if not check_permission(request.user, obj.group, 'comment', 'd'): raise PermissionDenied() comment = get_object_or_404(Comment, pk=comment_id) comment.delete() return HttpResponseRedirect(obj.get_absolute_url())
def blog_edit_post(request, group_slug, object_id): obj = get_object_or_404(Post, pk=object_id) if not check_permission(request.user, obj.group, 'blog', 'w'): raise PermissionDenied() return _edit_post(request, obj)
def blog_delete_post(request, group_slug, object_id): obj = get_object_or_404(Post, pk=object_id) group = obj.group if not check_permission(request.user, group, 'blog', 'd'): raise PermissionDenied() ct = ContentType.objects.get_for_model(Post) Comment.objects.filter(content_type=ct, object_pk=obj.id).delete() obj.delete() return HttpResponseRedirect(group.get_absolute_url())
def invitation_remove(request, group_slug, key): object = get_object_or_404(CTGroup, slug=group_slug) u = request.user if not check_permission(u, object, "group", "w"): raise PermissionDenied() invitation = get_object_or_404(Invitation, accept_key=key) # if invitation.is_accepted: invitation.delete() messages.success(request, _("Invitation removed.")) return HttpResponseRedirect("%s#membership" % reverse("group-edit", kwargs={"group_slug": object.slug}))
def moderate_remove(request, group_slug, object_id): object = get_object_or_404(CTGroup, slug=group_slug) u = request.user if not check_permission(u, object, "group", "w"): raise PermissionDenied() if request.method == "POST": membership = get_object_or_404(GroupMembership, pk=object_id) membership.delete() messages.success(request, _("Membership removed.")) return HttpResponseRedirect("%s#membership" % reverse("group-edit", kwargs={"group_slug": group_slug}))
def change_editor(request, group_slug, object_id, change): """docstring for change_editor""" object = get_object_or_404(CTGroup, slug=group_slug) u = request.user if not check_permission(u, object, "group", "w"): raise PermissionDenied() if request.method == "POST": membership = get_object_or_404(GroupMembership, pk=object_id) membership.is_editor = change == "make" membership.save() return HttpResponseRedirect("%s#membership" % reverse("group-edit", kwargs={"group_slug": object.slug})) return render_to_response("ct_groups/ct_groups_edit.html", RequestContext(request, {"object": object}))
def moderate_accept(request, group_slug, object_id): """docstring for moderate_accept""" object = get_object_or_404(CTGroup, slug=group_slug) u = request.user if not check_permission(u, object, "group", "w"): raise PermissionDenied() if request.method == "POST": membership = get_object_or_404(GroupMembership, pk=object_id) membership.approve() messages.success(request, _("Group membership approved.")) return HttpResponseRedirect("%s#membership" % reverse("group-edit", kwargs={"group_slug": group_slug})) return render_to_response("ct_groups/ct_groups_edit.html", RequestContext(request, {"object": object}))
def test_permissions(self): """test_permissions""" from ct_groups.decorators import check_permission group1 = CTGroup.objects.get(name='Test group one') user = User.objects.get(pk=1) # member = self._make_membership(user, group1) # check_permission(user=None, group=None, perm_type=None, access=None ) self.failUnlessEqual(check_permission(user, group1, 'blog', 'r'), True) # passing in a 'group' which isn't CTGroup should return None self.failUnlessEqual(check_permission(user, user, 'blog', 'r'), False) self.failUnless(check_permission(user, None, 'blog', 'r')) self.failUnlessEqual(check_permission(user, None, 'wiki', 'r'), False) self.failUnlessEqual(check_permission(user, None, None, None), False) self.failUnlessEqual(check_permission(None, None, None, None), False) self.failUnlessEqual(check_permission(None, None, 'blog', 'r'), True) self.failUnlessEqual(check_permission(None, group1, 'blog', 'r'), False)
def template_fileresource_edit(request, object_id, next=None, template_name='ct_fileresource/add.html'): # next = request.REQUEST.get('next', reverse('fileresource_list')) obj = get_object_or_404(FileResource, pk=object_id) if not check_permission(request.user, obj.attached_to.workgroup, 'resource', 'w'): raise PermissionDenied() next = next or '%s?tView=files' % reverse('template-detail',kwargs={'object_id':obj.attached_to.id}) if request.method == 'POST': result = request.POST.get('result') if result == _('Cancel'): return HttpResponseRedirect(next) form = FileResourceForm(request.POST, request.FILES, instance=obj) if form.is_valid(): fr = form.save() messages.success(request, _('Your changes were saved.')) return HttpResponseRedirect(next) else: form = FileResourceForm(instance=obj) template_context = {'form': form} return render_to_response(template_name, RequestContext(request, template_context))
def delete_page(request, title, *args, **kw): """docstring for delete_page""" page = get_object_or_404(Article, title=title) if not check_permission(request.user, page.group, "wiki", "d"): raise PermissionDenied() if request.POST: if request.POST["result"] == _("Cancel"): return HttpResponseRedirect(page.get_absolute_url()) else: form = ConfirmForm(request.POST) if form.is_valid(): page.delete() return HttpResponseRedirect(reverse("group", kwargs={"group_slug": page.group.slug})) else: form = ConfirmForm(initial={"resource_name": page.title}) return render_to_response( "ct_framework/confirm.html", RequestContext(request, {"form": form, "title": _("Delete this page?")}) )
def template_fileresource_delete(request, object_id, next=None): obj = get_object_or_404(FileResource, pk=object_id) next = next or '%s?tView=files' % reverse('template-detail',kwargs={'object_id':obj.attached_to.id}) if not check_permission(request.user, obj.attached_to.workgroup, 'resource', 'd'): raise PermissionDenied() if request.POST: if request.POST['result'] == _('Cancel'): return HttpResponseRedirect(next) else: form = ConfirmForm(request.POST) if form.is_valid(): obj.delete() return HttpResponseRedirect(next) else: form = ConfirmForm(initial={ 'resource_name': obj.name }) return render_to_response('ct_framework/confirm.html', RequestContext( request, { 'form': form, 'title': _('Delete this file?') }) )
def group_settings(request, group_slug): """docstring for group_note""" object = get_object_or_404(CTGroup, slug=group_slug) u = request.user if not check_permission(u, object, "group", "w"): raise PermissionDenied() if request.method == "POST": result = request.POST.get("result") if result == "cancel": return HttpResponseRedirect(reverse("group", kwargs={"group_slug": object.slug})) groupsettingsform = GroupSettingsForm(request.POST, request.FILES, instance=object) if groupsettingsform.is_valid(): groupsettingsform.save() messages.success(request, _("Your changes were saved.")) return HttpResponseRedirect("%s#group" % reverse("group-edit", kwargs={"group_slug": object.slug})) return render_to_response( "ct_groups/ct_groups_edit.html", RequestContext(request, {"object": object, "groupsettingsform": groupsettingsform}), )
def invite_member(request, group_slug): object = get_object_or_404(CTGroup, slug=group_slug) u = request.user if not check_permission(u, object, "group", "w"): raise PermissionDenied() if request.method == "POST": if request.POST["result"] == _("Cancel"): return HttpResponseRedirect("%s#membership" % reverse("group-edit", kwargs={"group_slug": object.slug})) form = InviteMemberForm(request.POST) if form.is_valid(): email = form.cleaned_data["email"] invitation = Invitation(group=object, inviter=u, email=email) invitation.save() # this will generate the accept_key invitation.send() messages.success(request, _("Invitation sent.")) return HttpResponseRedirect("%s#membership" % reverse("group-edit", kwargs={"group_slug": object.slug})) else: form = InviteMemberForm(initial={"group": object.id}) return render_to_response("ct_groups/invite_member.html", RequestContext(request, {"object": object, "form": form}))
def group_edit(request, group_slug): """docstring for groups_edit""" object = get_object_or_404(CTGroup, slug=group_slug) u = request.user if not check_permission(u, object, "group", "r"): raise PermissionDenied() membership = object.get_member(u) if request.method == "POST": result = request.POST.get("result") if result == "cancel": return HttpResponseRedirect(reverse("group", kwargs={"group_slug": object.slug})) membershipform = GroupMembershipForm(request.POST, instance=membership) if membershipform.is_valid(): membershipform.save() messages.success(request, _("Your changes were saved.")) return HttpResponseRedirect(reverse("group", kwargs={"group_slug": object.slug})) else: membershipform = GroupMembershipForm(instance=membership) # group settings are not saved via this method- uses group settings groupsettingsform = GroupSettingsForm(instance=object) return render_to_response( "ct_groups/ct_groups_edit.html", RequestContext( request, { "object": object, "groupsettingsform": groupsettingsform, "membershipform": membershipform, "membership": membership, }, ), )
def remove_member(request, group_slug, object_id): """docstring for remove_member""" memb = get_object_or_404(GroupMembership, pk=object_id, group__slug=group_slug) if not check_permission(request.user, memb.group, "group", "w"): raise PermissionDenied() if request.POST: if request.POST["result"] == _("Cancel"): pass # messages.warning(request, _('Cancelled')) else: form = ConfirmForm(request.POST) if form.is_valid(): memb.remove() messages.success(request, _("Group member removed.")) return HttpResponseRedirect("%s#membership" % reverse("group-edit", kwargs={"group_slug": memb.group.slug})) else: form = ConfirmForm(initial={"resource_name": "%s (%s)" % (memb.user.get_full_name(), memb.user.username)}) return render_to_response( "ct_framework/confirm.html", RequestContext(request, {"form": form, "title": _("Remove member from this group?")}), )
def process_digests(): """docstring for email_digests""" # leave here - recursive load problem from ct_groups.decorators import check_permission events = CTEvent.objects.filter(status='todo').order_by('last_updated', 'content_type', 'object_id') event_dict = { } for event in events: group = event_dict.setdefault(event.group, {}) perm = group.setdefault(event.perm, {}) # perm['notify_setting'] = event.notify_setting obj_type = perm.setdefault(event.content_type, {}) obj_data = obj_type.setdefault(event.content_object, {}) if event.event_type == 'notify': obj_data['obj'] = True elif event.event_type == 'notify_comment': comments = obj_data.setdefault('comments', []) comments.append(event.data) else: raise Exception('unrecognised event_type') event.done() site = Site.objects.get_current().name for group, digest in event_dict.iteritems(): # print '*** group', group # print digest for perm, items in digest.iteritems(): # print perm members = group.groupmembership_set.all() add_list = list(member.user.email for member in members if (member.notify_pref(perm) == 'digest') and member.is_active and check_permission(member.user, group, perm, 'r')) # print add_list if len(add_list): content = '' for content_type in items.itervalues(): for obj, data in content_type.iteritems(): # print data if data.get('obj', False): dummy, txt = obj.get_notify_content() content += txt comment_ids = data.get('comments', False) if comment_ids: # TODO just pass comment id, not comment, so template can use # for comment in [Comment.objects.get(pk=c) for c in comment_ids]: for c_id in comment_ids: dummy, txt = obj.get_notify_content(comment=c_id) content += txt body = render_to_string('ct_groups/email_digest_body.txt', { 'group': group.name, 'content': content, 'site': site, 'dummy': datetime.datetime.now().strftime("%H:%M"), 'settings_url': '%s%s' % ( settings.APP_BASE[:-1], reverse('group-edit', kwargs={'group_slug': group.slug}))}) email = EmailMessage( #subject, body, from_email, to, bcc, connection) '[%s] %s update' % (site, group.name), fix_email_body(body), 'do not reply <%s>' % settings.DEFAULT_FROM_EMAIL, [settings.DEFAULT_FROM_EMAIL], add_list ) email.send() CTEvent.objects.filter(status='done').delete()