def edit_discussion(request, id):
"""edit a discussion"""
# prepare messages
mm = MessageManager(request)
d = get_object_or_404(Discussion, pk=id)
if request.user.is_authenticated() and request.user.username == d.user.username:
if request.POST:
form = CreateDiscussionForm(request.POST, request.FILES, user=request.user)
if form.is_valid():
form.update(request, d)
mm.set_success("Your discussion has been updated")
return redirect(d.get_absolute_url())
else:
# form had errors
return render(request, 'main/discussion/edit.html', mm.messages(), {'form':form, 'discussion':d})
else:
# prepare new form for user
dpk = None
if d.group():
dpk = d.group().pk
term_str = delim_list(object_taxon(d), ',')
form = CreateDiscussionForm(user=request.user, initial={'group': dpk, 'title':d.title, 'body':d.body, 'type':d.type, 'terms':term_str})
return render(request, 'main/discussion/edit.html', mm.messages(), {'form':form, 'discussion':d})
else:
return redirect(request.META.get('HTTP_REFERER','/'))
def edit_code_package(request, id):
"""edit a code package"""
# prepare messages
mm = MessageManager(request)
cp = get_object_or_404(CodePackage, pk=id)
if request.user.is_authenticated() and request.user.username == cp.user.username:
if request.POST:
form = EditCodePackageForm(request.POST, user=request.user)
if form.is_valid():
form.save(request, cp)
mm.set_success("Your code package has been updated")
return redirect(cp.get_absolute_url())
else:
# form had errors
return render(request, 'main/code_package/edit.html', mm.messages(), {'form':form, 'code_package':cp})
else:
# prepare new form for user
cpk = None
if cp.group():
cpk = cp.group().pk
term_str = delim_list(object_taxon(cp), ',')
form = EditCodePackageForm(user=request.user, initial={'group': cpk, 'title':cp.title, 'description':cp.description, 'terms':term_str})
return render(request, 'main/code_package/edit.html', mm.messages(), {'form':form, 'code_package':cp})
else:
return redirect(request.META.get('HTTP_REFERER','/'))
def edit_link(request, id):
"""edit a link"""
# prepare messages
mm = MessageManager(request)
link = get_object_or_404(Link, pk=id)
if request.user.is_authenticated() and request.user.username == link.user.username:
if request.POST:
form = CreateLinkForm(request.POST, request.FILES, user=request.user)
if form.is_valid():
form.update(request, link)
mm.set_success("Your link has been updated")
return redirect(link.get_absolute_url())
else:
# form had errors
return render(request, 'main/link/edit.html', mm.messages(), {'form':form, 'link':link})
else:
# prepare new form for user
lpk = None
if link.group():
lpk = link.group().pk
term_str = delim_list(object_taxon(link), ',')
form = CreateLinkForm(user=request.user, initial={'group': lpk, 'title':link.title, 'url':link.url, 'terms':term_str})
return render(request, 'main/link/edit.html', mm.messages(), {'form':form, 'link':link})
else:
return redirect(request.META.get('HTTP_REFERER','/'))
def discussion(request, id):
"""view a discussion"""
mm = MessageManager(request)
try:
d = Discussion.objects.select_related('user', 'group').get(pk=id)
except Discussion.DoesNotExist:
return Http404
if d.type == 0 or request.user.is_authenticated() and (request.user.is_group_member(d.group()) or request.user.is_group_manager(d.group())) or d.user.username == request.user.username:
#update metrics
try:
dmet = Metric.objects.get_metric(d, key='views')
if d.user.username != request.user.username:
dmet.value = int(dmet.value) + 1
except Metric.DoesNotExist:
dmet = Metric.objects.create(d, 'views', 1)
dmet.save()
# get user settings
try:
user = cUser.objects.all().get(username=d.user.username)
u_settings = user.settings
except cUser.DoesNotExist:
u_settings = None
return render(request, 'main/discussion/index.html', {'discussion':d, 'views':dmet.value, 'settings':u_settings}, mm.messages())
else:
mm.set_notice("you are not allowed to view that lab journal")
return redirect(request.META.get('HTTP_REFERER','/'))
def edit_account(request, username):
"""edit a user's account details"""
# prepare messages
mm = MessageManager(request)
try:
u = cUser.objects.get(username=username)
except cUser.DoesNotExist:
u = get_object_or_404(User, username=username)
# must be an authenticated user and own the profile in order to get the form.
if request.user.is_authenticated() and request.user == u:
if request.POST:
# collect form
form = EditAccountForm(request.POST)
if form.is_valid():
form.update(request, u)
mm.set_success("Your account has been updated")
return redirect(request.user.get_absolute_url())
else:
return render(request, 'accounts/user/edit.html', {'form':form}, mm.messages())
else:
# prepare form
form = EditAccountForm(initial={'username':u.username, 'email':u.email})
return render(request, 'accounts/user/edit.html', {'form':form}, mm.messages())
else:
return redirect(u.get_absolute_url())
def delete(request, username):
"""delete a user account"""
# prepare messages
mm = MessageManager(request)
if request.user.is_active and request.user.username == username:
if request.user.is_superuser:
mm.set_error("um... you can't delete a super user silly.")
return redirect(request.META.get('HTTP_REFERER','/'))
# Build the removal key for account
salt = sha.new(str(random.random())).hexdigest()[:5]
removal_key = sha.new(salt+username).hexdigest()
key_expires = datetime.datetime.today() + datetime.timedelta(2)
request.user.removal_key = removal_key
request.user.key_expires = key_expires
request.user.save()
# prepare email
email_subject = 'Confirm account deletion'
email_body =\
"We just received a request to delete your Comperio account.\
\n\nTo delete your account, click this link within 48 hours:\
\n%s/users/delete/confirm/%s" % (
SITE_URL,
request.user.removal_key)
send_mail(email_subject,
email_body,
'*****@*****.**',
[request.user.email])
mm.set_success("We just sent you an email to verify your account removal.")
return redirect(request.META.get('HTTP_REFERER','/'))
def admin_tools(request, tool):
"""automatically provides a list of tools to the administrator from the AdminTools class"""
#
# Do not add/register new tools in this def. it handles the AdminTools automatically
#
# debug is checked in AdminTools, so this is just extra protection.
if DEBUG is False:
return redirect('/')
# prepare messages
mm = MessageManager(request)
# prepare tools
at = AdminTools()
if request.user.is_authenticated and request.user.is_superuser:
# get the tools so we can compare them with the requested tool.
tool_list = class_linker(AdminTools, '')
# display tool index
if tool == '':
return render(request, 'main/admin/tools.html', mm.messages())
# Run the tools
for t, d, u in tool_list:
if tool == t:
log_list = eval("at.%s(%s)" % (t, True))
log_message = "successfully performed \"%s\" on %s objects." % (t, len(log_list))
for log in log_list:
log_message += "<Br />%s" % log
mm.set_notice(log_message)
break
return redirect(request.META.get('HTTP_REFERER','/'))
def manage_group(request, gid):
"""manage a group"""
mm = MessageManager(request)
g = get_object_or_404(cGroup, pk=gid)
if request.user.is_authenticated() and request.user.is_group_manager(g):
return render(request, 'accounts/groups/manage.html', mm.messages(), {'group':g})
else:
mm.set_error("you are not allowed to manage this group")
return redirect(g.get_absolute_url())
def tags_page(request):
"""display a page of all the tags (tag cloud)"""
# TODO: make a tag cloud. may be able to use the api from our analytics framework
mm = MessageManager(request)
return render(request, 'main/tags.html', mm.messages())
#
#def image_uploader(request):
# """uploads an image to the server"""
# return None
def delete_curriculum(request, id):
"""delete an existing curriculum"""
mm = MessageManager(request)
c = get_object_or_404(Curriculum, pk=id)
if request.user.is_authenticated() and request.user.username == c.user.username:
c.delete()
return redirect(request.user.get_absolute_url())
else:
mm.set_notice('you are not authorized to delete this curriculum')
return redirect(c.get_absolute_url())
def _survey_redirect(
request,
survey,
group_slug=None,
group_slug_field=None,
group_qs=None,
template_name="survey/thankyou.html",
extra_context=None,
*args,
**kw
):
"""
Conditionally redirect to the appropriate page;
if there is a "next" value in the GET URL parameter,
go to the URL specified under Next.
If there is no "next" URL specified, then go to
the survey results page...but only if it is viewable
by the user.
Otherwise, only direct the user to a page showing
their own survey answers...assuming they have answered
any questions.
If all else fails, go to the Thank You page.
"""
if (
"next" in request.REQUEST
and request.REQUEST["next"].startswith("http:")
and request.REQUEST["next"] != request.path
):
return HttpResponseRedirect(request.REQUEST["next"])
if survey.answers_viewable_by(request.user):
return HttpResponseRedirect(reverse("survey-results", None, (), {"survey_slug": survey.__dict__["slug"]}))
# For this survey, have they answered any questions?
# if (hasattr(request, 'session') and Answer.objects.filter(
# session_key=request.session.session_key.lower(),
# question__survey__visible=True,
# question__survey__slug=survey.__dict__['slug']).count()):
# print "ytest4"
# return HttpResponseRedirect(
# reverse('answers-detail', None, (),
# {'survey_slug': survey.__dict__['slug'],
# 'key': request.session.session_key.lower()}))
# go to thank you page
# return render()
mm = MessageManager(request)
mm.set_success("Thank You For Participating In The Survey!")
return HttpResponseRedirect(request.user.get_absolute_url())
# return render_to_response(template_name,
# {'survey': survey, 'title': 'Thank You'},
# context_instance=RequestContext(request))
return render(request, template_name, {"survey": survey, "title": "Thank You"})
def delete_group(request, gid):
"""delete a group"""
mm = MessageManager(request)
g = get_object_or_404(cGroup, pk=gid)
if request.user.is_authenticated() and request.user.is_group_manager(g):
# TODO: do we need to remove group reference from users?
g.delete()
return redirect(request.user.get_absolute_url() + "#groups")
else:
mm.set_error("you are not allowed to delete this group")
return redirect(request.META.get('HTTP_REFERER','/'))
def group_page(request, gid):
"""display the group page"""
mm = MessageManager(request)
group = get_object_or_404(cGroup, pk=gid)
manager = False
member = False
if request.user.is_authenticated() and request.user.__class__ == cUser:
manager = request.user.is_group_manager(group)
member = request.user.is_group_member(group)
pending = request.user in group.pending_users.all()
return render(request, 'accounts/groups/group_page.html', mm.messages(), {'group':group,'is_group_manager':manager, 'is_group_member':member, 'is_pending_member':pending})
def delete_task(request, id):
"""delete a task"""
mm = MessageManager(request)
t = get_object_or_404(Task, pk=id)
if request.user.is_authenticated() and request.user.username == t.user.username:
t.delete()
mm.set_success("task removed")
return redirect(request.user.get_absolute_url())
else:
mm.set_notice("you are not authorized to delete that task.")
return redirect(request.META.get('HTTP_REFERER','/'))
def delete_lesson(request, c_id, l_id):
"""delete an existing lesson"""
mm = MessageManager(request)
l = get_object_or_404(Lesson, pk=l_id)
c = get_object_or_404(Curriculum, pk=c_id)
if request.user.is_authenticated() and request.user.username == l.user.username:
name = l.title
l.delete()
mm.set_success('"%s" has been deleted' % name)
else:
mm.set_notice('you are not authorized to delete this lesson')
return redirect(c.get_absolute_url())
def delete_group_invitation(request, gid):
"""delete the current group invitation key so that it cannot be used"""
mm = MessageManager(request)
g = get_object_or_404(cGroup, pk=gid)
if request.user.is_authenticated() and request.user.is_group_manager(g):
g.invitation_key = None
g.key_expires = None
g.save()
return redirect(g.get_absolute_url() + "/manage")
else:
mm.set_error("you are not authorized to perform this action")
return redirect(g.get_absolute_url())
def list_user_code(request):
"""return a list of code packages uploaded by a user"""
mm = MessageManager(request)
if request.GET:
form = LoginForm(request.GET)
if form.is_valid():
e = form.cleaned_data['username']
p = form.cleaned_data['password']
try:
user = authenticate(username=e, password=p)
except NameError:
user = None
if user is not None:
if user.is_active:
packages = CodePackage.objects.filter(user=user)
results = ''
for p in packages:
results += p.title + "\n"
return render_to_response('api/serve.html', {'result':results.rstrip('\n')})
else:
# account is disabled
mm.set_error('This account has been disabled, or has not been activated.')
else:
# invalid login
mm.set_error('Invalid credentials.')
return render(request, 'api/list_user_code.html', {'form':form}, mm.messages())
else:
# return form errors to user
return render(request, 'api/list_user_code.html', {'form':form}, mm.messages())
else:
form = DeleteCodePackageForm()
return render(request, 'api/list_user_code.html', {'form':form}, mm.messages())
def contact(request):
"""contact page"""
# prepare messages
mm = MessageManager(request)
if request.POST:
form = ContactForm(request.POST)
if form.is_valid():
data = request.POST.copy()
# make sure we have a human
if not form.isValidHuman(data):
mm.set_error('Sorry only humans can contact us. Try reloading the page.')
return render(request, 'main/contact.html', mm.messages(), {'form':form})
# prepare email
email_subject = 'Comperio Form Submission'
email_body =\
"Form submission from %s\n\nName: %s\nEmail: %s\n\n%s" % (
SITE_URL,
data['name'],
data['email'],
data['message'])
emails = [x[1] for x in ADMINS]
send_mail(email_subject,
email_body,
'*****@*****.**',
emails)
mm.set_success("Thank you! We received your message.")
return redirect('/')
else:
return render(request, 'main/contact.html', {'form':form}, mm.messages())
else:
form = ContactForm()
return render(request, 'main/contact.html', {'form':form}, mm.messages())
def reject_from_group(request, gid, uid):
"""reject a pending membership request"""
mm = MessageManager(request)
g = get_object_or_404(cGroup, pk=gid)
u = get_object_or_404(cUser, pk=uid)
if request.user.is_authenticated() and request.user.is_group_manager(g):
if u in g.pending_users.all():
mm.set_success("membership refused for %s" % u.username)
g.pending_users.remove(u)
g.save()
else:
mm.set_error("you can't just reject whomever you want!")
return redirect(reverse('manage-group', None, (), {'gid':g.pk}))
return redirect(g.get_absolute_url())
def group_invitation(request, gid):
"""generate an invitation url for a group"""
mm = MessageManager(request)
g = get_object_or_404(cGroup, pk=gid)
if request.user.is_authenticated() and request.user.is_group_manager(g):
# Build the invitation key
salt = sha.new(str(random.random())).hexdigest()[:5]
g.invitation_key = sha.new(salt+g.name).hexdigest()[:13]
g.key_expires = datetime.datetime.today() + datetime.timedelta(2)
g.save()
return redirect(g.get_absolute_url() + "/manage")
else:
mm.set_error("you are not authorized to perform this action")
return redirect(g.get_absolute_url())
def edit_task(request, id):
"""edit and existing task"""
mm = MessageManager(request)
t = get_object_or_404(Task, pk=id)
if request.user.is_authenticated() and request.user.username == t.user.username:
if request.POST:
# receive sent form
form = NewTaskForm(request.POST)
if form.is_valid():
mm.set_success("task updated")
t.due_date = form.cleaned_data['due_date']
t.description = form.cleaned_data['description']
notify = form.cleaned_data['notify']
if notify is False:
t.notify = False
else:
t.notify = True
t.save()
return redirect(t.get_absolute_url())
else:
mm.set_error("error")
# error
pass
else:
# setup new form
form = NewTaskForm(initial={'due_date':t.due_date, 'description':t.description, 'notify':t.notify})
return render(request, 'tasks/edit.html', {'form':form, 'task':t}, mm.messages())
else:
mm.set_notice("you are not authorized to edit that task.")
return redirect(request.META.get('HTTP_REFERER','/'))
def login_view(request):
"""Login to a user account and redirect to profile"""
# TODO: put link on profile page to return to original page
# prepare messages
mm = MessageManager(request)
if request.user.is_authenticated():
return redirect(request.user.get_absolute_url())
if request.POST:
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
# cookies are enabled
form = LoginForm(request.POST)
if not form == None and form.is_valid():
# log the user in. we extended to backend to allow using email
# instead of just username
e = form.cleaned_data['username']
p = form.cleaned_data['password']
try:
user = authenticate(username=e, password=p)
except NameError:
user = None
if user is not None:
if user.is_active:
#request.user = user
login(request, user)
mm.set_success('you are logged in!')
return redirect(request.user.get_absolute_url())
else:
# account is disabled
mm.set_error('This account has been disabled, or has not been activated.')
else:
# invalid login
mm.set_error('Invalid credentials.')
else:
#mm.set_error('The form is invalid')
pass
else:
# cookies are not enabled
mm.set_error('Please enable cookies and try again.')
else:
form = LoginForm()
request.session.set_test_cookie()
return render(request, 'accounts/login.html', {'form':form}, mm.messages())
def index(request):
"""this is the site entrance"""
# prepare messages
mm = MessageManager(request)
results = list()
if request.POST:
# collect form
form = SearchForm(request.POST)
if form.is_valid():
query = form.cleaned_data['metrics']
# try to use the search API
sMeta = SearchAPI(request)
# otherwise throw it into the url
if not sMeta:
return redirect('/?q=%s' % string.replace(query, " ", "+"))
# generate the html nodes
results = list()
for obj in sMeta.results:
results.append(HTMLWrapper(obj))
# build pager
p = Pager(node_count=sMeta.node_count, page_len=sMeta.page_len, start=sMeta.start, prev=sMeta.previous, next=sMeta.next, data=sMeta.query)
# return search form
return render(request, 'main/index.html', {'search_form':form, 'search_results':results, 'pager': p, 'search':sMeta != None}, mm.messages())
else:
results = list()
# return invalid form
#mm.set_error('Invalid search!')
pass
else:
# try to use the search API
sMeta = SearchAPI(request)
# otherwise do it manually
if not sMeta:
sMeta = SearchCore()
form = SearchForm()
p = Pager()
# normal page loads should not return sMeta
if sMeta:
# generate the html nodes
results = list()
for obj in sMeta.results:
results.append(HTMLWrapper(obj))
# prepare new form
form = SearchForm(initial={'metrics': sMeta.query})
# build pager
p = Pager(node_count=sMeta.node_count, page_len=sMeta.page_len, start=sMeta.start, prev=sMeta.previous, next=sMeta.next, data=sMeta.query)
return render(request, 'main/index.html', {'search_form':form, 'search_results':results, 'pager': p, 'search':sMeta != None}, mm.messages())
def create_lesson(request, c_id):
"""create a new lesson"""
c = get_object_or_404(Curriculum, pk=c_id)
mm = MessageManager(request)
if request.POST:
form = CreateLessonForm(request.POST)
if form.is_valid():
# save it
l = form.save(request, c)
mm.set_success("the lesson was saved")
return redirect(c.get_absolute_url())
else:
mm.set_error("the form has errors")
pass
else:
form = CreateLessonForm()
return render(request, 'curricula/create_lesson.html', {'form':form, 'curriculum':c}, mm.messages())
def delete_link(request, id):
"""delete a link"""
mm = MessageManager(request)
try:
l = Link.objects.get(pk=id)
except Link.DoesNotExist:
raise Http404
if request.user.is_authenticated() and request.user.username == l.user.username:
l.delete()
mm.set_success("Link %s has been deleted" % l.title )
if l.group():
return redirect(l.group().get_absolute_url() + "#links")
else:
return redirect(request.user.get_absolute_url() + "#links")
else:
raise Http404
def link(request, id):
"""display a link"""
mm = MessageManager(request)
try:
l = Link.objects.select_related('user', 'group').get(pk=id)
except Discussion.DoesNotExist:
return Http404
#update metrics
try:
dmet = Metric.objects.get_metric(l, key='views')
dmet.value = int(dmet.value) + 1
except Metric.DoesNotExist:
dmet = Metric.objects.create(l, 'views', 1)
dmet.save()
return render(request, 'main/link/index.html', {'link':l, 'views':dmet.value}, mm.messages())
def create_group(request):
"""create a new user group"""
mm = MessageManager(request)
if request.user.is_authenticated() and request.user.__class__ is cUser:
if request.POST:
form = CreateGroupForm(request.POST)
if form.is_valid():
data = request.POST.copy()
# make sure the group name is unique
try:
cGroup.objects.get(name=data["title"])
mm.set_error("that group name is already taken")
return render(request,'accounts/groups/create.html', mm.messages(), {'form':form})
except cGroup.DoesNotExist:
# create group
g = cGroup()
g.name = data["title"]
g.description = data["description"]
g.type = data["type"]
g.visibility = data["visibility"]
g.open_registration = data.has_key("open_registration")
g.save()
# add user to group
request.user.groups.add(g)
g.managers.add(request.user)
# Build the invitation key
salt = sha.new(str(random.random())).hexdigest()[:5]
g.invitation_key = sha.new(salt+g.name).hexdigest()[:13]
g.key_expires = datetime.datetime.today() + datetime.timedelta(2)
g.save()
manage_url = reverse('manage-group', None, (), {'gid':g.pk})
invite_url = "%s%s/%s" % (SITE_URL, reverse('join-group', None, (), {'gid':g.pk}), g.invitation_key)
mm.set_success("Successfully Created Group \"%s\"!<p> We automatically generated an invitation url that you can share with your friends. For more information check out the <a href=\"%s\">Administration Page</a>.</p><p>Invitation Url: <a href=\"%s\">%s</a></p>" % (g.name, manage_url, invite_url, invite_url))
# TODO: take to new group page
return redirect(g.get_absolute_url())
else:
return render(request,'accounts/groups/create.html', mm.messages(), {'form':form})
else:
# prepare new form for user
form = CreateGroupForm(initial={'open_registration':True})
return render(request,'accounts/groups/create.html', mm.messages(), {'form':form})
else:
mm.set_error("you are not allowed to create a group")
return redirect(request.META.get('HTTP_REFERER','/'))
def delete_discussion(request, id):
"""delete a discussion"""
mm = MessageManager(request)
try:
d = Discussion.objects.get(pk=id)
except Discussion.DoesNotExist:
raise Http404
if request.user.is_authenticated() and request.user.username == d.user.username:
d.delete()
mm.set_success("Discussion %s has been deleted" % d.title )
if d.group():
return redirect(d.group().get_absolute_url() + "#discussions")
else:
return redirect(request.user.get_absolute_url() + "#discussions")
else:
raise Http404
def admit_to_group(request, gid, uid):
"""admit a user into a group"""
mm = MessageManager(request)
g = get_object_or_404(cGroup, pk=gid)
u = get_object_or_404(cUser, pk=uid)
if request.user.is_authenticated() and request.user.is_group_manager(g):
if u in g.pending_users.all():
mm.set_success("%s has been admitted" % u.username)
g.pending_users.remove(u)
u.groups.add(g)
g.members.add(u)
u.save()
g.save()
else:
mm.set_error("you can't just add whomever you want to your group!")
return redirect(reverse('manage-group', None, (), {'gid':g.pk}))
return redirect(g.get_absolute_url())
def delete_code_package(request, id):
"""delete a code package"""
mm = MessageManager(request)
try:
cp = CodePackage.objects.get(pk=id)
except CodePackage.DoesNotExist:
raise Http404
if request.user.is_authenticated() and request.user.username == cp.user.username:
cp.delete()
mm.set_success("Code package %s has been deleted" % cp.title )
if cp.group():
return redirect(cp.group().get_absolute_url() + "#code")
else:
return redirect(request.user.get_absolute_url() + "#code")
else:
raise Http404