def test_invalid_user_gallery_form_noexist_user(self): data = { 'user': '******', 'mode': 'W' } form = UserGalleryForm(data=data) self.assertFalse(form.is_valid())
def test_valid_user_gallery_form(self): data = { 'user': self.profile, 'mode': 'R' } form = UserGalleryForm(data=data) self.assertTrue(form.is_valid())
def test_valid_user_gallery_form(self): gallery = GalleryFactory() data = { 'action': 'add', 'user': self.profile, 'mode': 'R' } form = UserGalleryForm(gallery=gallery, data=data) self.assertTrue(form.is_valid())
def test_invalid_user_gallery_form_noexist_user(self): gallery = GalleryFactory() data = { 'action': 'add', 'user': '******', 'mode': 'W' } form = UserGalleryForm(gallery=gallery, data=data) self.assertFalse(form.is_valid())
def modify_gallery(request): '''Modify gallery instance''' if request.method != 'POST': raise Http404 # Global actions if 'delete_multi' in request.POST: l = request.POST.getlist('items') perms = UserGallery.objects\ .filter(gallery__pk__in=l, user=request.user, mode='W')\ .count() # Check that the user has the RW right on each gallery if perms < len(l): raise Http404 # Delete all the permissions on all the selected galleries UserGallery.objects.filter(gallery__pk__in=l).delete() # Delete all the images of the gallery (autodelete of file) Image.objects.filter(gallery__pk__in=l).delete() # Finally delete the selected galleries Gallery.objects.filter(pk__in=l).delete() return redirect(reverse('zds.gallery.views.gallery_list')) # Gallery-specific actions try: gal_pk = request.POST['gallery'] except KeyError: raise Http404 gal = get_object_or_404(Gallery, pk=gal_pk) gal_mode = get_object_or_404(UserGallery, gallery=gal, user=request.user) # Disallow actions to read-only members if gal_mode.mode != 'W': raise Http404 if 'adduser' in request.POST: form = UserGalleryForm(request.POST) u = get_object_or_404(User, username=request.POST['user']) if form.is_valid(): ug = UserGallery() ug.user = u ug.gallery = gal ug.mode = 'W' ug.save() return redirect(gal.get_absolute_url())
def get_context_data(self, **kwargs): context = super(GalleryDetails, self).get_context_data(**kwargs) context['permissions'] = self.users_and_permissions[self.request.user.pk] context['form'] = UserGalleryForm(gallery=self.gallery) context['gallery'] = self.gallery context['content_linked'] = self.linked_content() context['current_user'] = self.request.user context['mode_choices'] = UserGallery.MODE_CHOICES return context
def get_context_data(self, **kwargs): context = super(GalleryDetails, self).get_context_data(**kwargs) context["permissions"] = self.users_and_permissions[self.request.user.pk] context["form"] = UserGalleryForm(gallery=self.gallery) context["gallery"] = self.gallery context["content_linked"] = self.linked_content() context["current_user"] = self.request.user context["mode_choices"] = UserGallery.MODE_CHOICES return context
def gallery_details(request, gal_pk, gal_slug): """Gallery details.""" gal = get_object_or_404(Gallery, pk=gal_pk) try: gal_mode = UserGallery.objects.get(gallery=gal, user=request.user) except: raise PermissionDenied images = gal.get_images() form = UserGalleryForm() return render_template("gallery/gallery/details.html", { "gallery": gal, "gallery_mode": gal_mode, "images": images, "form": form, })
def test_valid_user_gallery_form(self): gallery = GalleryFactory() data = {"action": "add", "user": self.profile, "mode": "R"} form = UserGalleryForm(gallery=gallery, data=data) self.assertTrue(form.is_valid())
def test_invalid_user_gallery_form_noexist_user(self): gallery = GalleryFactory() data = {"action": "add", "user": "******", "mode": "W"} form = UserGalleryForm(gallery=gallery, data=data) self.assertFalse(form.is_valid())
def modify_gallery(request): """Modify gallery instance: delete galleries or add user to them""" # Global actions if 'delete_multi' in request.POST: list_items = request.POST.getlist('items') # Don't delete gallery when it's link to tutorial free_galleries = [] for g_pk in list_items: # check if the gallery is not linked to a content v2_content = PublishableContent.objects.filter( gallery__pk=g_pk).first() has_v2_content = v2_content is not None if has_v2_content: gallery = Gallery.objects.get(pk=g_pk) _type = _(u'au tutoriel') if v2_content.type == 'ARTICLE': _type = _(u"à l'article") error_message = _(u'La galerie « {} » ne peut pas être supprimée car elle est liée {} « {} ».')\ .format(gallery.title, _type, v2_content.title) messages.error(request, error_message) else: free_galleries.append(g_pk) perms = UserGallery.objects.filter(gallery__pk__in=free_galleries, user=request.user, mode='W').count() # Check that the user has the RW right on each gallery if perms < len(free_galleries): raise PermissionDenied # Delete all the permissions on all the selected galleries UserGallery.objects.filter(gallery__pk__in=free_galleries).delete() # Delete all the images of the gallery (autodelete of file) Image.objects.filter(gallery__pk__in=free_galleries).delete() # Finally delete the selected galleries Gallery.objects.filter(pk__in=free_galleries).delete() return redirect(reverse('gallery-list')) elif 'adduser' in request.POST: # Gallery-specific actions try: gal_pk = request.POST['gallery'] except KeyError: raise Http404 gallery = get_object_or_404(Gallery, pk=gal_pk) # Disallow actions to read-only members try: gal_mode = UserGallery.objects.get(gallery=gallery, user=request.user) if gal_mode.mode != 'W': raise PermissionDenied except: raise PermissionDenied form = UserGalleryForm(request.POST) if form.is_valid(): user = get_object_or_404(User, username=request.POST['user']) # If a user is already in a user gallery, we don't add him. galleries = UserGallery.objects.filter(gallery=gallery, user=user).all() if galleries.count() > 0: return redirect(gallery.get_absolute_url()) if user.profile.is_private(): return redirect(gallery.get_absolute_url()) user_gal = UserGallery() user_gal.user = user user_gal.gallery = gallery user_gal.mode = request.POST['mode'] user_gal.save() else: return render( request, 'gallery/gallery/details.html', { 'gallery': gallery, 'gallery_mode': gal_mode, 'images': gallery.get_images(), 'form': form, }) return redirect(gallery.get_absolute_url())
def modify_gallery(request): """Modify gallery instance.""" # Global actions if "delete_multi" in request.POST: l = request.POST.getlist("items") # Don't delete gallery when it's link to tutorial free_galleries = [] for g_pk in l: if Tutorial.objects.filter(gallery__pk=g_pk).exists(): gallery = Gallery.objects.get(pk=g_pk) messages.error(request, "La galerie '{}' ne peut pas être supprimée car elle est liée à un tutoriel existant".format(gallery.title)) else: free_galleries.append(g_pk) perms = UserGallery.objects.filter(gallery__pk__in=free_galleries, user=request.user, mode="W").count() # Check that the user has the RW right on each gallery if perms < len(free_galleries): raise PermissionDenied # Delete all the permissions on all the selected galleries UserGallery.objects.filter(gallery__pk__in=free_galleries).delete() # Delete all the images of the gallery (autodelete of file) Image.objects.filter(gallery__pk__in=free_galleries).delete() # Finally delete the selected galleries Gallery.objects.filter(pk__in=free_galleries).delete() return redirect(reverse("zds.gallery.views.gallery_list")) elif "adduser" in request.POST: # Gallery-specific actions try: gal_pk = request.POST["gallery"] except KeyError: raise Http404 gallery = get_object_or_404(Gallery, pk=gal_pk) # Disallow actions to read-only members try: gal_mode = UserGallery.objects.get(gallery=gallery, user=request.user) if gal_mode.mode != "W": raise PermissionDenied except: raise PermissionDenied form = UserGalleryForm(request.POST) if form.is_valid(): user = get_object_or_404(User, username=request.POST["user"]) # If a user is already in a user gallery, we don't add him. galleries = UserGallery.objects.filter(gallery=gallery, user=user).all() if galleries.count() > 0: return redirect(gallery.get_absolute_url()) ug = UserGallery() ug.user = user ug.gallery = gallery ug.mode = request.POST["mode"] ug.save() else: return render_template("gallery/gallery/details.html", { "gallery": gallery, "gallery_mode": gal_mode, "images": gallery.get_images(), "form": form, }) return redirect(gallery.get_absolute_url())
def modify_gallery(request): """Modify gallery instance.""" # Global actions if "delete_multi" in request.POST: l = request.POST.getlist("items") # Don't delete gallery when it's link to tutorial free_galleries = [] for g_pk in l: if Tutorial.objects.filter(gallery__pk=g_pk).exists(): gallery = Gallery.objects.get(pk=g_pk) messages.error( request, "La galerie '{}' ne peut pas être supprimée car elle est liée à un tutoriel existant" .format(gallery.title)) else: free_galleries.append(g_pk) perms = UserGallery.objects.filter(gallery__pk__in=free_galleries, user=request.user, mode="W").count() # Check that the user has the RW right on each gallery if perms < len(free_galleries): raise PermissionDenied # Delete all the permissions on all the selected galleries UserGallery.objects.filter(gallery__pk__in=free_galleries).delete() # Delete all the images of the gallery (autodelete of file) Image.objects.filter(gallery__pk__in=free_galleries).delete() # Finally delete the selected galleries Gallery.objects.filter(pk__in=free_galleries).delete() return redirect(reverse("zds.gallery.views.gallery_list")) elif "adduser" in request.POST: # Gallery-specific actions try: gal_pk = request.POST["gallery"] except KeyError: raise Http404 gallery = get_object_or_404(Gallery, pk=gal_pk) # Disallow actions to read-only members try: gal_mode = UserGallery.objects.get(gallery=gallery, user=request.user) if gal_mode.mode != "W": raise PermissionDenied except: raise PermissionDenied form = UserGalleryForm(request.POST) if form.is_valid(): user = get_object_or_404(User, username=request.POST["user"]) # If a user is already in a user gallery, we don't add him. galleries = UserGallery.objects.filter(gallery=gallery, user=user).all() if galleries.count() > 0: return redirect(gallery.get_absolute_url()) ug = UserGallery() ug.user = user ug.gallery = gallery ug.mode = request.POST["mode"] ug.save() else: return render_template( "gallery/gallery/details.html", { "gallery": gallery, "gallery_mode": gal_mode, "images": gallery.get_images(), "form": form, }) return redirect(gallery.get_absolute_url())