def embed(request,text_id,type): if user_has_perm_on_text(None, 'can_view_local_text', text_id): if type=="public_view" : return _viewandcommentversion(request,text_id,embed = True) else :#if type=="public_view_textonly" : text = get_object_or_404(Text,pk = text_id) version = text.get_latest_version() additional_commentsinfo_css = """ .acinfo { padding:5px 10px 5px 10px; color:#222; font:normal 11px tahoma, arial, helvetica, sans-serif; } """ nbcomments,nbreplies = version.get_visible_commentsandreplies_count(request.user) comment_count_msg = _(u'this text has %(nbcomments)d comment(s) and %(nbreplies)d reply(ies)') % {'nbcomments': nbcomments,'nbreplies': nbreplies,} if user_has_perm_on_text(None, 'can_add_comment_local_text', text_id) : click_here_msg = _(u"click here to view or add comments") else : click_here_msg = _(u"click here to view comments") viewandcomment_url = settings.SITE_URL + reverse('text-viewandcomment',args=[text_id]) additional_commentsinfo = u"""<div class="acinfo">co-ment®: %s, <a href="%s" target="blank" >%s</a> </div>""" % (comment_count_msg, viewandcomment_url, click_here_msg) body = "%s%s" % (version.content, additional_commentsinfo) css = "%s%s" % (additional_commentsinfo_css, version.css) content = combine_css_body(body,css) return HttpResponse(content) else: redirect_url = reverse('embeded_unauthorized') return HttpResponseRedirect(redirect_url)
def _check_local_perm(request, *args, **kwargs): if not settings.CHECK_PERMISSIONS: # permission check disabled return view_func(request, *args, **kwargs) if must_be_logged_in and not request.user.is_authenticated(): return HttpResponseRedirect('%s?%s=%s' % (login_url, redirect_field_name, urlquote(request.get_full_path()))) #text = Text.objects.get(pk=kwargs['text_id']) if 'text_id' in kwargs: text_id = kwargs['text_id'] elif 'version_id' in kwargs: version_id = kwargs['version_id'] version = get_object_or_404(TextVersion, pk = version_id) text_id = version.text.id elif 'image_id' in kwargs: image_id = kwargs['image_id'] image = get_object_or_404(Image, pk = image_id) text_id = image.text_version.text.id else: raise Exception('no security check possible') permission = get_perm_by_name_or_perm(perm) if user_has_perm_on_text(request.user,permission,text_id): return view_func(request, *args, **kwargs) else: # if some user have the perm and not logged-in : redirect to login # TODO : test that if not request.user.is_authenticated() and number_has_perm_on_text(permission, text_id) > 0: return HttpResponseRedirect('%s?%s=%s' % (login_url, redirect_field_name, urlquote(request.get_full_path()))) # else : unauthorized redirect_url = reverse('unauthorized') return HttpResponseRedirect(redirect_url)
def render(self, context): ctype = ContentType.objects.get_for_model(Text) permission = Permission.objects.filter(content_type=ctype,codename=self.perm_name)[0] context[self.var_name] = user_has_perm_on_text(self.user.resolve(context), permission, (self.text.resolve(context)).id) return ''
def textversion_created(sender, **kwargs): if kwargs["created"]: text_version = kwargs["instance"] text = text_version.text alerts = EmailAlert.objects.get_alerts(text) for alert in alerts: user = alert.user # permission check if user.is_active and user_has_perm_on_text(user, "can_view_local_text", text.id): if text_version.note: title = _( u"A new version of the text entitled '%(text_version_name)s' has been created (note : '%(version_note)s')" ) % {"version_note": text_version.note, "text_version_name": text_version.title} else: title = _(u"A new version of the text entitled '%(text_version_name)s' has been created") % { "text_version_name": text_version.title } content = _(u"Click here to access this version: %(version_url)s") % { "version_url": settings.SITE_URL + reverse("text-viewandcommentversion", args=[text.id, text_version.id]) } body = render_to_string( "notifications/alert_email_body.html", { "title": title, "text_url": reverse("text-viewandcomment", args=[alert.text.id]), "site_url": settings.SITE_URL, "site_name": settings.SITE_NAME, "content": content, "unsubscribe_url": alert.get_unsubscribe_url(), }, ) EmailMessage(EMAIL_SUBJECT_PREFIX + title, body, settings.DEFAULT_FROM_EMAIL, [user.email]).send()
def text_feed(request,text_id): if not user_has_perm_on_text(None, 'can_view_local_text', text_id): raise Http404 #HttpResponse(status=401) else: return _text_feed(request,text_id)