def add_member_to_group_view(request, group_id):
if request.method != "POST":
return http.HttpResponseNotAllowed(["POST"], "HTTP 405: METHOD NOT ALLOWED")
try:
group = Group.objects.get(id=group_id)
except Group.DoesNotExist:
raise http.Http404
next_url = reverse("eighth_admin_edit_group", kwargs={"group_id": group_id})
if "user_id" in request.POST:
user_ids = request.POST.getlist("user_id")
user_objects = User.objects.filter(id__in=user_ids)
next_url += "?"
for user in user_objects:
user.groups.add(group)
user.save()
if len(user_objects) < 25:
next_url += "added={}&".format(user.id)
invalidate_obj(group)
messages.success(request, "Successfully added {} user{} to the group.".format(len(user_objects), "s" if len(user_objects) != 1 else ""))
return redirect(next_url)
if "query" not in request.POST:
return redirect(next_url + "?error=s")
query = request.POST["query"]
from_sid = User.objects.user_with_student_id(query)
if from_sid:
from_sid.groups.add(group)
from_sid.save()
messages.success(request, "Successfully added user \"{}\" to the group.".format(from_sid.full_name))
return redirect(next_url + "?added=" + str(from_sid.id))
errors, results = get_search_results(query)
logger.debug(results)
if len(results) == 1:
user_id = results[0].id
logger.debug("User id: {}".format(user_id))
user = User.objects.user_with_ion_id(user_id)
user.groups.add(group)
user.save()
messages.success(request, "Successfully added user \"{}\" to the group.".format(user.full_name))
return redirect(next_url + "?added=" + str(user_id))
elif len(results) == 0:
return redirect(next_url + "?error=n")
else:
users = results
results = sorted(results, key=lambda x: (x.last_name, x.first_name))
context = {"query": query, "users": users, "group": group, "admin_page_title": "Add Members to Group"}
return render(request, "eighth/admin/possible_students_add_group.html", context)
def post(self, request, *args, **kwargs):
if not request.user.is_authenticated:
return http.HttpResponseNotAllowed(['get'])
self.object = self.get_object()
form = self.get_form(entity=self.object, data=self.request.POST)
if form.is_valid():
form.save(self.request.user)
return http.HttpResponseRedirect(self.request.path)
context = self.get_context_data(form=form)
return self.render_to_response(context)
def url_reverse(request):
if request.method in ('GET', 'POST'):
data = getattr(request, request.method)
url_name = data.get('url_name')
try:
path = urlresolvers.reverse(url_name, args=data.getlist('args'))
(view_func, args, kwargs) = urlresolvers.resolve(path)
return http.HttpResponse(path, content_type="text/plain")
#return view_func(request, *args, **kwargs)
except urlresolvers.NoReverseMatch:
return http.HttpResponse("Greska", content_type="text/plain")
return http.HttpResponseNotAllowed(('GET', 'POST'))
def handle_request(self, request):
if request.method != 'GET':
self.info(u"Received request but wasn't GET. Doing nothing: %s" %
request.POST)
return http.HttpResponseNotAllowed(['GET'])
self.info(u"Received request: %s" % request.GET)
msg = self.message(request.GET)
if msg:
self.route(msg)
return http.HttpResponse("OK")
else:
return http.HttpResponseBadRequest("")
def json_file_validation(request, addon_id, addon, file_id):
file = get_object_or_404(File, id=file_id)
if not file.has_been_validated:
if request.method != 'POST':
return http.HttpResponseNotAllowed(['POST'])
try:
v_result = tasks.file_validator(file.id)
except Exception, exc:
log.error('file_validator(%s): %s' % (file.id, exc))
error = "\n".join(traceback.format_exception(*sys.exc_info()))
return make_validation_result({'validation': '', 'error': error})
def http_method_not_allowed(self, request, *args, **kwargs):
allowed_methods = [
m for m in self.http_method_names if hasattr(self, m)
]
logger.warning('Method Not Allowed (%s): %s',
request.method,
request.path,
extra={
'status_code': 405,
'request': self.request
})
return http.HttpResponseNotAllowed(allowed_methods)
def react_post_view(request, id=None):
"""
id: post id
"""
post = get_object_or_404(BoardPost, id=id)
board = post.board
if not board.has_member(request.user):
return http.HttpResponseNotAllowed(["POST"], "Invalid permissions.")
reactions = post.comments.filter(user=request.user)
if reactions.count() > 0:
reactions.delete()
reaction = request.POST.get("reaction", None)
if request.method == "POST" and reaction:
allowed_reactions = [str(i) for i in range(1, 7)]
allowed_reactions += ["stallman"]
if reaction not in allowed_reactions:
reaction = "1"
content = '<div class="reaction-icon comment-reaction reaction-{}"></div>'.format(
reaction)
if reaction == "stallman":
content += "I'd just like to interject for moment. What you're refering to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux."
obj = BoardPostComment.objects.create(content=content,
safe_html=True,
user=request.user)
post.comments.add(obj)
post.save()
messages.success(request, "Reaction added")
return http.HttpResponse("Reaction added")
else:
return http.HttpResponseNotAllowed(["POST"],
"HTTP 405: METHOD NOT ALLOWED")
def new_feedback(request):
"""
Render form for adding feedback to consumer with type and id.
After adding feedback redirects to consumer absolute url
"""
FeedbackForm = load_module(defaults.CUSTOM_FEEDBACK_FORM)
if request.method == 'GET':
from django.shortcuts import render
return render(
request,
'spicy.core.simplepages/simplepages/feedback_create_lead.html')
if request.method == 'POST':
pattern = get_object_or_404(models.FeedbackPattern,
slug=request.POST.get('pattern'))
feedback = Feedback(pattern=pattern)
form = FeedbackForm(request.POST, instance=feedback)
if form.is_valid():
if 'import requests' in request.session:
del request.session['feedback_form']
feedback = form.save(commit=False)
feedback.ip_address = request.META['REMOTE_ADDR']
if not (feedback.name.strip() or feedback.email.strip()
or feedback.phone.strip() or feedback.var1.strip()
or feedback.var2.strip() or feedback.var3.strip()
or feedback.message.strip()
or feedback.company_name.strip() or feedback.url.strip()):
feedback.processing_status = defaults.SPAM
feedback.save()
signals.create_feedback.send(sender=feedback.__class__,
request=request,
feedback=feedback)
if feedback.processing_status != defaults.SPAM:
feedback.send_report()
try:
if defaults.SEND_AUTO_RESPONSE_WITHOUT_TIMEOUT:
feedback.send_to_customers(realhost=request.get_host())
except Exception as e:
return {'status': 'success', 'errors': e.message}
return {'status': 'success'}
else:
request.session['feedback_form'] = request.POST
return {'status': 'fail', 'errors': str(form.errors)}
else:
return http.HttpResponseNotAllowed(['POST'])
def janrain_token(request):
if request.method != 'POST':
return http.HttpResponseNotAllowed(('POST', ))
redirect_to = request.session.get('jr_next', reverse('assopy-profile'))
try:
token = request.POST['token']
except KeyError:
return http.HttpResponseBadRequest()
try:
profile = janrain.auth_info(settings.JANRAIN['secret'], token)
except Exception, e:
log.warn('exception during janrain auth info: "%s"', str(e))
return HttpResponseRedirectSeeOther(dsettings.LOGIN_URL)
def add_room_view(request):
if request.method == "POST":
form = RoomForm(request.POST)
if form.is_valid():
form.save()
messages.success(request, "Successfully added room.")
return redirect("eighth_admin_dashboard")
else:
messages.error(request, "Error adding room.")
request.session["add_room_form"] = pickle.dumps(form)
return redirect("eighth_admin_dashboard")
else:
return http.HttpResponseNotAllowed(["POST"], "HTTP 405: METHOD NOT ALLOWED")
def clear_absence_view(request, signup_id):
if request.method == "POST":
try:
signup = EighthSignup.objects.get(id=signup_id)
except (EighthSignup.DoesNotExist, ValueError) as e:
raise http.Http404 from e
signup.was_absent = False
signup.save()
invalidate_obj(signup)
if "next" in request.GET:
return redirect(request.GET["next"])
return redirect("eighth_admin_dashboard")
else:
return http.HttpResponseNotAllowed(["POST"], "HTTP 405: METHOD NOT ALLOWED")
def add_member_to_group_view(request, group_id):
if request.method != "POST":
return http.HttpResponseNotAllowed(["POST"], "HTTP 405: METHOD NOT ALLOWED")
try:
group = Group.objects.get(id=group_id)
except Group.DoesNotExist as e:
raise http.Http404 from e
if not request.user.can_manage_group(group):
messages.error(request, "You must be a superuser on Ion to manage administrative groups")
return redirect("eighth_admin_dashboard")
next_url = reverse("eighth_admin_edit_group", kwargs={"group_id": group_id})
if "user_id" in request.POST:
user_ids = request.POST.getlist("user_id")
user_objects = get_user_model().objects.filter(id__in=user_ids).exclude(groups=group)
next_url += "?"
for user in user_objects:
user.groups.add(group)
user.save()
if len(user_objects) < 25:
next_url += "added={}&".format(user.id)
invalidate_obj(group)
messages.success(request, "Successfully added {} user{} to the group.".format(len(user_objects), "s" if len(user_objects) != 1 else ""))
return redirect(next_url)
if "query" not in request.POST:
return redirect(next_url + "?error=s")
query = request.POST["query"]
from_sid = get_user_model().objects.user_with_student_id(query)
if from_sid:
if not from_sid.groups.filter(id=group.id).exists():
from_sid.groups.add(group)
from_sid.save()
messages.success(request, 'Successfully added user "{}" to the group.'.format(from_sid.full_name))
return redirect(next_url + "?added=" + str(from_sid.id))
errors, results = get_search_results(query)
if errors:
messages.error(request, "Could not process search query.")
return redirect(next_url + "?error=n")
if not results:
return redirect(next_url + "?error=n")
else:
users = sorted(results, key=lambda x: (x.last_name, x.first_name))
context = {"query": query, "users": users, "group": group, "admin_page_title": "Add Members to Group"}
return render(request, "eighth/admin/possible_students_add_group.html", context)
def post_entry(request, next=None):
"""
Post a entry.
HTTP POST is required. If ``POST['submit'] == "preview"`` or if there are
errors a preview template, ``guestbook/preview.html``, will be rendered.
"""
# Require POST
if request.method != 'POST':
return http.HttpResponseNotAllowed(["POST"])
# Fill out some initial data fields from an authenticated user, if present
data = request.POST.copy()
if request.user.is_authenticated():
if not data.get('user', ''):
data["user"] = request.user.get_full_name()
if not data.get('email', ''):
data["email"] = request.user.email
# Do we want to preview the entry?
preview = data.get("submit", "").lower() == "preview" or \
data.get("preview", None) is not None
# Construct the entry form
form = guestbook.get_form()(data=data)
# Check security information
if form.security_errors():
return EntryPostBadRequest(
"The entry form failed security verification: %s" % \
escape(str(form.security_errors())))
# If there are errors or if we requested a preview show the entry
if form.errors or preview:
return render_to_response("guestbook/preview.html", {
"entry": form.data.get("entry", ""),
"form": form,
}, RequestContext(request, {}))
# Otherwise create the entry
entry = form.get_entry_object()
entry.ip = request.META.get("REMOTE_ADDR", None)
if request.user.is_authenticated():
entry.user = request.user.username
# Save the entry and signal that it was saved
entry.save()
return http.HttpResponseRedirect(reverse('guestbook-page-last'))
def deploy_data(request):
response = http.HttpResponse()
response['Access-Control-Allow-Origin'] = '*'
response['Access-Control-Allow-Methods'] = 'PUT, POST, GET, OPTIONS'
response['Access-Control-Max-Age'] = 1000
response['Access-Control-Allow-Headers'] = 'Authorization, X-CSRFToken'
if request.method == 'OPTIONS':
return response
if request.method != 'PUT':
return http.HttpResponseNotAllowed()
if not request.META.get('HTTP_AUTHORIZATION'):
return http.HttpResponseForbidden()
try:
(auth_type, data) = request.META['HTTP_AUTHORIZATION'].split()
if auth_type.lower() != 'basic':
return http.HttpResponseForbidden()
user_pass = base64.b64decode(data)
except:
return http.HttpResponseForbidden()
bits = user_pass.split(':', 1)
if len(bits) != 2:
return http.HttpResponseBadRequest()
user = authenticate(username=bits[0], password=bits[1])
if not user or not user.is_active:
return http.HttpResponseForbidden()
try:
for obj in Deserializer(request.raw_post_data, using=DEFAULT_DB_ALIAS):
if isinstance(obj.object, DeleteObject):
ct = ContentType.objects.get_by_natural_key(
obj.object.app_label, obj.object.model)
ct.model_class().objects.get(pk=obj.object.pk).delete()
else:
obj.save()
transaction.commit()
response = {'message': 'OK', 'error': 0, 'object': None}
except Exception, e:
transaction.rollback()
response = {
'message': unicode(e),
'error': 1,
'object': unicode(obj.object)
}
def toggle_favorite_view(request):
if request.method != "POST":
return http.HttpResponseNotAllowed(["POST"],
"HTTP 405: METHOD NOT ALLOWED")
if not ("aid" in request.POST and request.POST["aid"].isdigit()):
http.HttpResponseBadRequest("Must specify an integer aid")
aid = request.POST["aid"]
activity = get_object_or_404(EighthActivity, id=aid)
if activity.favorites.filter(id=request.user.id).nocache().exists():
activity.favorites.remove(request.user)
return http.HttpResponse("Unfavorited activity.")
else:
activity.favorites.add(request.user)
return http.HttpResponse("Favorited activity.")
def hide_event_view(request):
"""Hide an event for the logged-in user.
events_hidden in the user model is the related_name for
"users_hidden" in the EventUserMap model.
"""
if request.method == "POST":
event_id = get_id(request.POST.get("event_id", None))
if event_id:
event = get_object_or_404(Event, id=event_id)
event.user_map.users_hidden.add(request.user)
event.user_map.save()
return http.HttpResponse("Hidden")
raise http.Http404
else:
return http.HttpResponseNotAllowed(["POST"], "HTTP 405: METHOD NOT ALLOWED")
def add_group_view(request):
if request.method == "POST":
form = QuickGroupForm(request.POST)
if form.is_valid():
if not request.user.can_manage_group(form.cleaned_data["name"]):
messages.error(request, "You must be a superuser on Ion to manage administrative groups")
return redirect("eighth_admin_dashboard")
group = form.save()
messages.success(request, "Successfully added group.")
return redirect("eighth_admin_edit_group", group_id=group.id)
else:
messages.error(request, "Error adding group.")
return redirect("eighth_admin_dashboard")
else:
return http.HttpResponseNotAllowed(["POST"], "405: METHOD NOT ALLOWED")
def activate_subscription(request):
if request.method == 'POST':
subject = "Testing order"
support_email = '*****@*****.**'
recipients = ('*****@*****.**',)
data = str(request.POST)
msg = EmailMessage(subject, data, support_email, recipients)
msg.send()
ctx = dict()
ctx['title'] = 'Thank you'
ctx['title_icon'] = 'check'
ctx['order_number'] = request.POST['order_number'] # from 2CO
return render(request, 'accounts/thankyou.html', ctx)
return http.HttpResponseNotAllowed(['GET'])
def dispatch(self, request, *args, **kwargs):
# Try to dispatch to the right method for that; if it doesn't exist,
# raise a big error.
if hasattr(self, request.method.upper()):
self.request = request
self.args = args
self.kwargs = kwargs
if request.method == "PUT":
coerce_put_post(request)
return getattr(self, request.method.upper())(request, *args,
**kwargs)
else:
allowed_methods = [
m for m in self.method_names if hasattr(self, m)
]
return http.HttpResponseNotAllowed(allowed_methods)
def url_reverse(request):
if (settings.DEBUG == False) and (request.is_ajax() == False):
# If not DEBUG, we don't enable the non ajax request.
raise http.Http404('Non ajax query')
if request.method in ('GET', 'POST'):
url_name = request.GET.get('url_name', None)
if not url_name:
raise http.Http404('Please specify the reverse url name!')
try:
path = urlresolvers.reverse(url_name,
args=request.GET.getlist('url_args[]'))
(view_func, args, kwargs) = urlresolvers.resolve(path)
return view_func(request, *args, **kwargs)
except urlresolvers.NoReverseMatch:
raise http.Http404('URL not found')
return http.HttpResponseNotAllowed(('GET', 'POST'))
def show_announcement_view(request):
"""Unhide an announcement that was hidden by the logged-in user.
announcements_hidden in the user model is the related_name for
"users_hidden" in the announcement model.
"""
if request.method == "POST":
announcement_id = request.POST.get("announcement_id")
if announcement_id:
announcement = Announcement.objects.get(id=announcement_id)
announcement.user_map.users_hidden.remove(request.user)
announcement.user_map.save()
return http.HttpResponse("Unhidden")
raise http.Http404
else:
return http.HttpResponseNotAllowed(["POST"], "HTTP 405: METHOD NOT ALLOWED")
def subscribe(request):
if request.method != 'POST':
return http.HttpResponseNotAllowed(('POST',))
if not request.user.is_authenticated():
return http.HttpResponseBadRequest()
content_type = request.POST['content_type']
object_pk = request.POST['object_pk']
app_label, model = content_type.split('.', 1)
ct = ContentType.objects.get(app_label=app_label, model=model)
object = ct.get_object_for_this_type(pk=object_pk)
if 'subscribe' in request.POST:
models.ThreadSubscription.objects.subscribe(object, request.user)
elif 'unsubscribe' in request.POST:
models.ThreadSubscription.objects.unsubscribe(object, request.user)
return redirect(request.META.get('HTTP_REFERER', '/'))
def add_group_view(request):
if request.method == "POST":
form = QuickGroupForm(request.POST)
if form.is_valid():
group = form.save()
messages.success(request, "Successfully added group.")
return redirect("eighth_admin_edit_group", group_id=group.id)
else:
messages.error(request, "Error adding group.")
try:
request.session["add_group_form"] = pickle.dumps(form)
except (pickle.PicklingError, TypeError):
"""Prevent pickle errors."""
pass
return redirect("eighth_admin_dashboard")
else:
return http.HttpResponseNotAllowed(["POST"], "405: METHOD NOT ALLOWED")
def url_reverse(request):
"""
Reverse the requested URL (passed via GET / POST as `url_name` parameter)
:param request: Request object
:return: The reversed path
"""
if request.method in ('GET', 'POST'):
data = getattr(request, request.method)
url_name = data.get('url_name')
try:
path = urlresolvers.reverse(url_name, args=data.getlist('args'))
(view_func, args, kwargs) = urlresolvers.resolve(path)
return http.HttpResponse(path, content_type="text/plain")
except urlresolvers.NoReverseMatch:
return http.HttpResponse("Error", content_type="text/plain")
return http.HttpResponseNotAllowed(('GET', 'POST'))
def exportinventories(request):
""" Export to Excel Workbook API Endpoint
Method: Post
Requires Authentication
Payload:
"end": DATEFORMAT string from year 1900 to 2100; Required
<Requires One of the Following>
"ytd": [Any Value]
"start": DATEFORMAT string from year 1900 to 2100
end indicates the final Month to include
ytd is shorthand for January of the same year as end
start otherwise indicates the first month to include and will return all intermediary months
"""
## Requires Post
if request.method != "POST": return dhttp.HttpResponseNotAllowed(["POST",])
## Requires Authentication
if not request.user.is_authenticated: return dhttp.HttpResponse("Unauthorized",status=401)
## Get payload
data = request.POST
## All data requires end; one of (start,ytd) must be used
if 'end' not in data or all(key not in data for key in ['start','ytd']):
return dhttp.HttpResponseBadRequest('missing key')
## Convert datestrings to datetimes and handle ytd
try:
if 'ytd' in data:
end = datetime.datetime.strptime(data['end'],DATEFORMAT)
start = methods.getlastdecember(end)
else:
start = datetime.datetime.strptime(data['start'],DATEFORMAT)
end = datetime.datetime.strptime(data['end'],DATEFORMAT)
## If Datetimes cannot be converted, Bad Request
except: return dhttp.HttpResponseBadRequest('bad dates')
## Makes sure dates are within range
if not methods.validatedatetime(start): return dhttp.HttpResponseBadRequest('bad start')
if not methods.validatedatetime(end): return dhttp.HttpResponseBadRequest('bad end')
## Create and serve download
file = excelmethods.createexceldownload(start,end)
response = dhttp.HttpResponse(file, content_type='application/vnd.ms-excel')
response['Content-Disposition'] = f'attachment; filename="Inventory {start.strftime("%m-%Y")} to {end.strftime("%m-%Y")}.xlsx"'
return response
def events(self, request, sid):
sch = get_object_or_404(models.Schedule, id=sid)
if request.method != 'POST':
return http.HttpResponseNotAllowed(('POST', ))
from conference.forms import EventForm
form = EventForm(data=request.POST)
output = {}
if form.is_valid():
event = form.save(commit=False)
event.schedule = sch
event.save()
for t in form.cleaned_data['event_tracks']:
models.EventTrack(event=event, track=t).save()
output = {
'event': event.id,
}
return output
def p3_profile_message(request, slug):
if request.method != 'POST':
return http.HttpResponseNotAllowed(('POST', ))
class MessageForm(forms.Form):
subject = forms.CharField()
message = forms.CharField()
f = MessageForm(data=request.POST)
if f.is_valid():
data = f.cleaned_data
profile = get_object_or_404(cmodels.AttendeeProfile, slug=slug)
try:
profile.p3_profile.send_user_message(request.user, data['subject'],
data['message'])
except ValueError, e:
return http.HttpResponseBadRequest(str(e))
return "OK"
def create_new_keypair(request):
"""
Response to generate private/public RSA key pair
"""
get_user(request, settings.ASTAKOS_AUTH_URL)
if request.method != "POST":
return http.HttpResponseNotAllowed(["POST"])
if not SUPPORT_GENERATE_KEYS:
raise Exception("Application does not support ssh keys generation")
if PublicKeyPair.user_limit_exceeded(request.user_uniq):
return http.HttpResponseServerError("SSH keys limit exceeded")
data = generate_keypair()
return http.HttpResponse(json.dumps(data), content_type="application/json")
def toggle_favorite_view(request):
if request.method != "POST":
return http.HttpResponseNotAllowed(["POST"],
"HTTP 405: METHOD NOT ALLOWED")
if not ("aid" in request.POST and is_entirely_digit(request.POST["aid"])):
http.HttpResponseBadRequest("Must specify an integer aid")
aid = request.POST["aid"]
with transaction.atomic():
activity = get_object_or_404(EighthActivity, id=aid)
# Lock on the User to prevent duplicates.
lock_on([request.user])
if activity.favorites.filter(id=request.user.id).nocache().exists():
activity.favorites.remove(request.user)
return http.HttpResponse("Unfavorited activity.")
else:
activity.favorites.add(request.user)
return http.HttpResponse("Favorited activity.")
def section_feed_post_meme(request, section_id):
"""Post to class feed."""
try:
LDAPCourse.objects.get(section_id=section_id)
except LDAPCourse.DoesNotExist:
return render(request,
"board/error.html",
{"reason": "This class doesn't exist."},
status=404)
try:
board = Board.objects.get(section_id=section_id)
except Board.DoesNotExist:
# Create a board for this class
board = Board.objects.create(section_id=section_id)
if not board.has_member(request.user):
return render(request,
"error/403.html",
{"reason": "You are not a member of this class."},
status=403)
if request.method == "POST":
meme_id = request.POST.get("meme")
meme = get_meme(meme_id)
if not meme:
meme = get_all_memes()[0]
content = '<div class="meme-option" style="background-image: url({})"></div>'.format(
meme["url"])
post = BoardPost.objects.create(title="",
content=content,
safe_html=True,
user=request.user)
board.posts.add(post)
board.save()
messages.success(request, "Successfully added post.")
return redirect("board_section", section_id)
else:
return http.HttpResponseNotAllowed(["POST"],
"HTTP 405: METHOD NOT ALLOWED")
