def dispatch(self, request, *args, **kwargs): if not request.user.is_authenticated(): if not self.committee.is_public: return redirect_to_login(request.build_absolute_uri()) if hasattr(self, 'get_required_permission'): perm = self.get_required_permission() else: perm = self.required_permission or "access_committee" if not has_committee_perm(request.user, self.committee, perm): if settings.DEBUG: return HttpResponseForbidden("403 %s" % perm) return HttpResponseForbidden("403 Unauthorized") # TODO: raise PermissionDenied if request.method == "POST": if hasattr(self, 'get_required_permission_for_post'): perm = self.get_required_permission_for_post() else: perm = self.required_permission_for_post or "access_committee" if not has_committee_perm(request.user, self.committee, perm): if settings.DEBUG: return HttpResponseForbidden("403 POST %s" % perm) return HttpResponseForbidden("403 Unauthorized") resp = super(CommitteeProtectedMixin, self).dispatch(request, *args, **kwargs) # Disable client side cache resp['Expires'] = '0' resp['Pragma'] = 'no-cache' resp['Cache-Control'] = 'no-cache, no-store, must-revalidate' return resp
def dispatch(self, request, *args, **kwargs): if hasattr(self, 'get_required_permission'): perm = self.get_required_permission() else: perm = self.required_permission or "access_committee" if not has_committee_perm(request.user, self.committee, perm): if settings.DEBUG: return HttpResponseForbidden("403 %s" % perm) return HttpResponseForbidden("403 Unauthorized") # TODO: raise PermissionDenied if request.method == "POST": if not has_committee_perm(request.user, self.committee, perm): if settings.DEBUG: return HttpResponseForbidden("403 POST %s" % perm) return HttpResponseForbidden("403 Unauthorized") resp = super(CommitteeMixin, self).dispatch(request, *args, **kwargs) return resp
def get(self, request, *args, **kwargs): if not has_committee_perm(request.user, self.committee, 'viewupcoming_draft') \ and not self.committee.upcoming_meeting_is_published: try: last_meeting = Meeting.objects.filter(committee=self.committee).latest('held_at') return HttpResponseRedirect(reverse('meeting', kwargs={'community_slug': self.community.slug, 'committee_slug': self.committee.slug, 'pk': last_meeting.id})) except Meeting.DoesNotExist: pass return super(UpcomingMeetingView, self).get(request, *args, **kwargs)
def object_access_control(self, user=None, committee=None, **kwargs): if not user or not committee: raise ValueError('The access validator requires both a user and ' 'a committee object.') qs = self._clone() if user.is_superuser: return qs elif user.is_anonymous(): return qs.filter(is_confidential=False) else: if not has_committee_perm(user, committee, 'view_confidential'): return qs.filter(is_confidential=False) return qs
def get_context_data(self, **kwargs): d = super(CommunityDetailView, self).get_context_data(**kwargs) committees = self.object.committees.all() l = [] for committee in committees: meetings_count = 3 if has_committee_perm(self.request.user, committee, 'viewupcoming_community'): meetings_count = 2 c = { 'committee': committee, 'issues': committee.upcoming_issues(user=self.request.user, committee=committee), 'meetings': committee.meetings.all()[:meetings_count] } l.append(c) d['committees'] = l return d
def none_board(self, perm): return self.get_queryset().exclude( id__in=[x.id for x in self.get_queryset() if has_committee_perm(x.user, x.committee, perm)])
def board(self, perm): return self.get_queryset().filter( id__in=[x.id for x in self.get_queryset() if has_committee_perm(x.user, x.committee, perm)])
def post(self, request, *args, **kwargs): is_board = request.POST.get('board', False) user_id = request.POST.get('user', request.user.id) voter_id = request.user.id voter_group = 'board' if has_committee_perm(request.user, self.committee, 'proposal_board_vote') else '' # voter_group = request.user.get_default_group(self.committee.community) \ # if request.user.is_authenticated() \ # else '' val = request.POST['val'] if is_board: # vote for board member by chairman or board member vote_class = ProposalVoteBoard else: # straw vote by member vote_class = ProposalVote proposal = self.get_object() pid = proposal.id vote_panel_tpl = 'issues/_vote_panel.html' if val == 'reset' \ else 'issues/_vote_reset_panel.html' res_panel_tpl = 'issues/_board_vote_res.html' if is_board \ else 'issues/_vote_reset_panel.html' vote_response = { 'result': 'ok', 'html': render_to_string(res_panel_tpl, { 'proposal': proposal, 'committee': self.committee, 'vote_status': val, }), } value = '' if val == 'reset': vote = get_object_or_404(vote_class, proposal_id=pid, user_id=user_id) vote.delete() related_arguments = ProposalVoteArgumentRanking.objects.filter(user=request.user, argument__proposal_vote__proposal=proposal) if related_arguments.count(): related_arguments.delete() vote_response['html'] = render_to_string(vote_panel_tpl, { 'proposal': proposal, 'committee': self.committee }) return json_response(vote_response) else: value = self._vote_values_map(val) if value == None: return HttpResponseBadRequest('vote value not valid') vote, valid = self._do_vote(vote_class, proposal, user_id, value, is_board, voter_group) if valid == ProposalVoteMixin.VOTE_OK: vote_response['html'] = render_to_string(res_panel_tpl, { 'proposal': proposal, 'committee': self.committee, 'vote_status': val, 'user': self.request.user }) if is_board and voter_group == DefaultGroups.CHAIRMAN: vote_response['sum'] = render_to_string('issues/_member_vote_sum.html', { 'proposal': proposal, 'committee': self.committee, 'board_attending': board_voters_on_proposal(proposal), }) else: vote_response['result'] = 'err' if valid == ProposalVoteMixin.VOTE_OVERRIDE_ERR: vote_response['override_fail'] = [{'uid': user_id, 'val': self._vote_values_map(vote.value), }] return json_response(vote_response)
def get_context_data(self, **kwargs): """add meeting for the latest straw voting result add 'previous_res' var if found previous registered results for this meeting """ context = super(ProposalDetailView, self).get_context_data(**kwargs) m_id = self.request.GET.get('m_id', None) o = self.get_object() if m_id: context['meeting_context'] = get_object_or_404(Meeting, id=m_id, committee=self.committee) participants = context['meeting_context'].participants.all() else: context['meeting_context'] = None participants = o.issue.committee.upcoming_meeting_participants.all() try: group = self.request.user.memberships.get(committee=self.issue.committee).default_group_name except: group = "" board_votes = ProposalVoteBoard.objects.filter(proposal=o) board_attending = board_voters_on_proposal(o) is_current = o.issue.is_current context['res'] = o.get_straw_results() results = VoteResult.objects.filter(proposal=o) \ .order_by('-meeting__held_at') if o.issue.is_upcoming and \ self.committee.upcoming_meeting_is_published and \ self.committee.straw_vote_ended: context['meeting'] = self.committee.draft_meeting() else: if results.count(): context['meeting'] = results[0].meeting else: context['meeting'] = None if not board_votes.exists(): self._init_board_votes(board_attending) show_to_member = group == DefaultGroups.MEMBER and o.decided_at_meeting show_to_board = (group == DefaultGroups.BOARD or \ group == DefaultGroups.SECRETARY) and \ (is_current or o.decided_at_meeting) show_to_chairman = group == DefaultGroups.CHAIRMAN and o.decided show_board_vote_result = o.register_board_votes and \ board_votes.exclude( value=ProposalVoteValue.NEUTRAL).count() and \ (show_to_member or show_to_board or show_to_chairman) context['issue_frame'] = self.request.GET.get('s', None) context['board_attending'] = board_attending context['user_vote'] = o.board_vote_by_member(self.request.user.id) context['show_board_vote_result'] = show_board_vote_result context['chairman_can_vote'] = is_current and not o.decided context['board_votes'] = self.board_votes_dict() context['can_board_vote_self'] = is_current and not o.decided and has_committee_perm(self.request.user, self.committee, 'proposal_board_vote_self')\ and self.request.user in board_attending rel_proposals = self.object.issue.proposals context['proposals'] = rel_proposals.object_access_control( user=self.request.user, committee=self.committee) return context
def get_context_data(self, **kwargs): d = super(IssueDetailView, self).get_context_data(**kwargs) m_id = self.request.GET.get('m_id', None) d['form'] = forms.CreateIssueCommentForm() d['proposal_form'] = forms.CreateProposalForm(committee=self.committee) if m_id: d['meeting'] = get_object_or_404(Meeting, id=m_id, committee=self.committee) a = d['meeting'].agenda.object_access_control( user=self.request.user, committee=self.committee).all() d['meeting_active_issues'] = [ai.issue for ai in a if ai.issue.active] else: d['meeting'] = None if self.request.GET.get('s', None) == '1': d['all_issues'] = self.get_queryset().exclude( status=IssueStatus.ARCHIVED).order_by('-created_at') o = self.get_object() if o.is_current and self.request.user in o.committee.upcoming_meeting_participants.all() and has_committee_perm( self.request.user, self.committee, 'proposal_board_vote_self'): d['can_board_vote_self'] = True d['proposals'] = self.object.proposals.object_access_control( user=self.request.user, committee=self.committee).open() d['upcoming_issues'] = self.object.committee.upcoming_issues( user=self.request.user, committee=self.committee) d['agenda_items'] = self.object.agenda_items.all() for ai in d['agenda_items']: ai.accepted_proposals = ai.accepted_proposals( user=self.request.user, committee=self.committee) ai.rejected_proposals = ai.rejected_proposals( user=self.request.user, committee=self.committee) ai.proposals = ai.proposals( user=self.request.user, committee=self.committee) return d