def dispatch(self, request, *args, **kwargs):
if not request.user.is_authenticated():
if not self.committee.is_public:
return redirect_to_login(request.build_absolute_uri())
if hasattr(self, 'get_required_permission'):
perm = self.get_required_permission()
else:
perm = self.required_permission or "access_committee"
if not has_committee_perm(request.user, self.committee, perm):
if settings.DEBUG:
return HttpResponseForbidden("403 %s" % perm)
return HttpResponseForbidden("403 Unauthorized") # TODO: raise PermissionDenied
if request.method == "POST":
if hasattr(self, 'get_required_permission_for_post'):
perm = self.get_required_permission_for_post()
else:
perm = self.required_permission_for_post or "access_committee"
if not has_committee_perm(request.user, self.committee, perm):
if settings.DEBUG:
return HttpResponseForbidden("403 POST %s" % perm)
return HttpResponseForbidden("403 Unauthorized")
resp = super(CommitteeProtectedMixin, self).dispatch(request, *args, **kwargs)
# Disable client side cache
resp['Expires'] = '0'
resp['Pragma'] = 'no-cache'
resp['Cache-Control'] = 'no-cache, no-store, must-revalidate'
return resp
def dispatch(self, request, *args, **kwargs):
if hasattr(self, 'get_required_permission'):
perm = self.get_required_permission()
else:
perm = self.required_permission or "access_committee"
if not has_committee_perm(request.user, self.committee, perm):
if settings.DEBUG:
return HttpResponseForbidden("403 %s" % perm)
return HttpResponseForbidden("403 Unauthorized") # TODO: raise PermissionDenied
if request.method == "POST":
if not has_committee_perm(request.user, self.committee, perm):
if settings.DEBUG:
return HttpResponseForbidden("403 POST %s" % perm)
return HttpResponseForbidden("403 Unauthorized")
resp = super(CommitteeMixin, self).dispatch(request, *args, **kwargs)
return resp
def get(self, request, *args, **kwargs):
if not has_committee_perm(request.user, self.committee,
'viewupcoming_draft') \
and not self.committee.upcoming_meeting_is_published:
try:
last_meeting = Meeting.objects.filter(committee=self.committee).latest('held_at')
return HttpResponseRedirect(reverse('meeting', kwargs={'community_slug': self.community.slug,
'committee_slug': self.committee.slug,
'pk': last_meeting.id}))
except Meeting.DoesNotExist:
pass
return super(UpcomingMeetingView, self).get(request, *args, **kwargs)
def object_access_control(self, user=None, committee=None, **kwargs):
if not user or not committee:
raise ValueError('The access validator requires both a user and '
'a committee object.')
qs = self._clone()
if user.is_superuser:
return qs
elif user.is_anonymous():
return qs.filter(is_confidential=False)
else:
if not has_committee_perm(user, committee, 'view_confidential'):
return qs.filter(is_confidential=False)
return qs
def get_context_data(self, **kwargs):
d = super(CommunityDetailView, self).get_context_data(**kwargs)
committees = self.object.committees.all()
l = []
for committee in committees:
meetings_count = 3
if has_committee_perm(self.request.user, committee, 'viewupcoming_community'):
meetings_count = 2
c = {
'committee': committee,
'issues': committee.upcoming_issues(user=self.request.user, committee=committee),
'meetings': committee.meetings.all()[:meetings_count]
}
l.append(c)
d['committees'] = l
return d
def none_board(self, perm):
return self.get_queryset().exclude(
id__in=[x.id for x in self.get_queryset() if has_committee_perm(x.user, x.committee, perm)])
def board(self, perm):
return self.get_queryset().filter(
id__in=[x.id for x in self.get_queryset() if has_committee_perm(x.user, x.committee, perm)])
def post(self, request, *args, **kwargs):
is_board = request.POST.get('board', False)
user_id = request.POST.get('user', request.user.id)
voter_id = request.user.id
voter_group = 'board' if has_committee_perm(request.user, self.committee, 'proposal_board_vote') else ''
# voter_group = request.user.get_default_group(self.committee.community) \
# if request.user.is_authenticated() \
# else ''
val = request.POST['val']
if is_board:
# vote for board member by chairman or board member
vote_class = ProposalVoteBoard
else:
# straw vote by member
vote_class = ProposalVote
proposal = self.get_object()
pid = proposal.id
vote_panel_tpl = 'issues/_vote_panel.html' if val == 'reset' \
else 'issues/_vote_reset_panel.html'
res_panel_tpl = 'issues/_board_vote_res.html' if is_board \
else 'issues/_vote_reset_panel.html'
vote_response = {
'result': 'ok',
'html': render_to_string(res_panel_tpl,
{
'proposal': proposal,
'committee': self.committee,
'vote_status': val,
}),
}
value = ''
if val == 'reset':
vote = get_object_or_404(vote_class,
proposal_id=pid, user_id=user_id)
vote.delete()
related_arguments = ProposalVoteArgumentRanking.objects.filter(user=request.user,
argument__proposal_vote__proposal=proposal)
if related_arguments.count():
related_arguments.delete()
vote_response['html'] = render_to_string(vote_panel_tpl,
{
'proposal': proposal,
'committee': self.committee
})
return json_response(vote_response)
else:
value = self._vote_values_map(val)
if value == None:
return HttpResponseBadRequest('vote value not valid')
vote, valid = self._do_vote(vote_class, proposal, user_id, value,
is_board, voter_group)
if valid == ProposalVoteMixin.VOTE_OK:
vote_response['html'] = render_to_string(res_panel_tpl,
{
'proposal': proposal,
'committee': self.committee,
'vote_status': val,
'user': self.request.user
})
if is_board and voter_group == DefaultGroups.CHAIRMAN:
vote_response['sum'] = render_to_string('issues/_member_vote_sum.html',
{
'proposal': proposal,
'committee': self.committee,
'board_attending': board_voters_on_proposal(proposal),
})
else:
vote_response['result'] = 'err'
if valid == ProposalVoteMixin.VOTE_OVERRIDE_ERR:
vote_response['override_fail'] = [{'uid': user_id,
'val': self._vote_values_map(vote.value),
}]
return json_response(vote_response)
def get_context_data(self, **kwargs):
"""add meeting for the latest straw voting result
add 'previous_res' var if found previous registered results for this meeting
"""
context = super(ProposalDetailView, self).get_context_data(**kwargs)
m_id = self.request.GET.get('m_id', None)
o = self.get_object()
if m_id:
context['meeting_context'] = get_object_or_404(Meeting, id=m_id,
committee=self.committee)
participants = context['meeting_context'].participants.all()
else:
context['meeting_context'] = None
participants = o.issue.committee.upcoming_meeting_participants.all()
try:
group = self.request.user.memberships.get(committee=self.issue.committee).default_group_name
except:
group = ""
board_votes = ProposalVoteBoard.objects.filter(proposal=o)
board_attending = board_voters_on_proposal(o)
is_current = o.issue.is_current
context['res'] = o.get_straw_results()
results = VoteResult.objects.filter(proposal=o) \
.order_by('-meeting__held_at')
if o.issue.is_upcoming and \
self.committee.upcoming_meeting_is_published and \
self.committee.straw_vote_ended:
context['meeting'] = self.committee.draft_meeting()
else:
if results.count():
context['meeting'] = results[0].meeting
else:
context['meeting'] = None
if not board_votes.exists():
self._init_board_votes(board_attending)
show_to_member = group == DefaultGroups.MEMBER and o.decided_at_meeting
show_to_board = (group == DefaultGroups.BOARD or \
group == DefaultGroups.SECRETARY) and \
(is_current or o.decided_at_meeting)
show_to_chairman = group == DefaultGroups.CHAIRMAN and o.decided
show_board_vote_result = o.register_board_votes and \
board_votes.exclude(
value=ProposalVoteValue.NEUTRAL).count() and \
(show_to_member or show_to_board or show_to_chairman)
context['issue_frame'] = self.request.GET.get('s', None)
context['board_attending'] = board_attending
context['user_vote'] = o.board_vote_by_member(self.request.user.id)
context['show_board_vote_result'] = show_board_vote_result
context['chairman_can_vote'] = is_current and not o.decided
context['board_votes'] = self.board_votes_dict()
context['can_board_vote_self'] = is_current and not o.decided and has_committee_perm(self.request.user,
self.committee,
'proposal_board_vote_self')\
and self.request.user in board_attending
rel_proposals = self.object.issue.proposals
context['proposals'] = rel_proposals.object_access_control(
user=self.request.user, committee=self.committee)
return context
def get_context_data(self, **kwargs):
d = super(IssueDetailView, self).get_context_data(**kwargs)
m_id = self.request.GET.get('m_id', None)
d['form'] = forms.CreateIssueCommentForm()
d['proposal_form'] = forms.CreateProposalForm(committee=self.committee)
if m_id:
d['meeting'] = get_object_or_404(Meeting, id=m_id,
committee=self.committee)
a = d['meeting'].agenda.object_access_control(
user=self.request.user, committee=self.committee).all()
d['meeting_active_issues'] = [ai.issue for ai in a if
ai.issue.active]
else:
d['meeting'] = None
if self.request.GET.get('s', None) == '1':
d['all_issues'] = self.get_queryset().exclude(
status=IssueStatus.ARCHIVED).order_by('-created_at')
o = self.get_object()
if o.is_current and self.request.user in o.committee.upcoming_meeting_participants.all() and has_committee_perm(
self.request.user, self.committee, 'proposal_board_vote_self'):
d['can_board_vote_self'] = True
d['proposals'] = self.object.proposals.object_access_control(
user=self.request.user, committee=self.committee).open()
d['upcoming_issues'] = self.object.committee.upcoming_issues(
user=self.request.user, committee=self.committee)
d['agenda_items'] = self.object.agenda_items.all()
for ai in d['agenda_items']:
ai.accepted_proposals = ai.accepted_proposals(
user=self.request.user, committee=self.committee)
ai.rejected_proposals = ai.rejected_proposals(
user=self.request.user, committee=self.committee)
ai.proposals = ai.proposals(
user=self.request.user, committee=self.committee)
return d
