def get_object(self, pk):
try:
return Project.objects.get(pk=pk)
except Project.DoesNotExist:
raise Http404("Object doesn't exist")
def detail(request, pet_id):
try:
pet = Pets.objects.get(pk=pet_id)
except Pets.DoesNotExist:
raise Http404("Question does not exist")
return render(request, 'pets/detail.html', {'pet': pet})
def action_history(request, cid, oid):
try:
ct = ContentType.objects.get_for_id(cid)
obj = ct.get_object_for_this_type(pk=oid)
except KeyError:
raise Http404()
if not settings.FEATURE_AUTHORIZATION_V2 and not user_is_authorized(request.user, 'view', obj):
raise PermissionDenied
product_id = None
active_tab = None
finding = None
test = False
object_value = None
if str(ct) == "product":
if settings.FEATURE_AUTHORIZATION_V2:
user_has_permission_or_403(request.user, obj, Permissions.Product_View)
product_id = obj.id
active_tab = "overview"
object_value = Product.objects.get(id=obj.id)
elif str(ct) == "engagement":
if settings.FEATURE_AUTHORIZATION_V2:
user_has_permission_or_403(request.user, obj, Permissions.Engagement_View)
object_value = Engagement.objects.get(id=obj.id)
product_id = object_value.product.id
active_tab = "engagements"
elif str(ct) == "test":
if settings.FEATURE_AUTHORIZATION_V2:
user_has_permission_or_403(request.user, obj, Permissions.Test_View)
object_value = Test.objects.get(id=obj.id)
product_id = object_value.engagement.product.id
active_tab = "engagements"
test = True
elif str(ct) == "finding":
if settings.FEATURE_AUTHORIZATION_V2:
user_has_permission_or_403(request.user, obj, Permissions.Finding_View)
object_value = Finding.objects.get(id=obj.id)
product_id = object_value.test.engagement.product.id
active_tab = "findings"
finding = object_value
elif str(ct) == "endpoint":
if settings.FEATURE_AUTHORIZATION_V2:
user_has_permission_or_403(request.user, obj, Permissions.Endpoint_View)
object_value = Endpoint.objects.get(id=obj.id)
product_id = object_value.product.id
active_tab = "endpoints"
product_tab = None
if product_id:
product_tab = Product_Tab(product_id, title="History", tab=active_tab)
if active_tab == "engagements":
if str(ct) == "engagement":
product_tab.setEngagement(object_value)
else:
product_tab.setEngagement(object_value.engagement)
history = LogEntry.objects.filter(content_type=ct,
object_pk=obj.id).order_by('-timestamp')
history = LogEntryFilter(request.GET, queryset=history)
paged_history = get_page_items(request, history.qs, 25)
if not get_system_setting('enable_auditlog'):
messages.add_message(
request,
messages.WARNING,
'Audit logging is currently disabled in System Settings.',
extra_tags='alert-danger')
return render(request, 'dojo/action_history.html',
{"history": paged_history,
'product_tab': product_tab,
"filtered": history,
"obj": obj,
"test": test,
"object_value": object_value,
"finding": finding
})
def article(request, article_id):
try:
article = Article.objects.get(id=article_id)
except DoesNotExist:
raise Http404()
return render(request, "all-news/article.html", {"article": article})
def get_object(self, pk):
try:
return FieldOfStudy.nodes.get(Id=pk)
except DoesNotExist:
raise Http404()
def detail(request, question_id):
question = get_object_or_404(Question, pk=question_id)
if question.pub_date > timezone.now():
raise Http404("Question not found")
return render(request, 'polls/detail.html', {'question': question})
def action(self):
action = self.parameters.get('action')
if action not in self.allowed_actions:
raise Http404()
return action
def get_object(self, queryset=None):
place = get_object_or_404(Place, pk=self.kwargs['pk'])
self.role = get_role(self.request, profile=place.owner)
if self.role >= self.minimum_role:
return place
raise Http404("Not allowed to edit this place.")
def connect_json(request, site):
creds = OAUTH_CREDENTIALS.get(site.upper())
if not creds:
raise Http404('Site %s not found' % site)
if not creds.get('FRIENDSHIPS', True):
raise Http404('Friendships not implemented')
if request.user.oauth_tokens.filter(site = site).count() == 0:
raise Http404('User not connected to %s' % site)
if request.method == 'GET':
page = 1
if request.GET.get('page'):
try:
page = int(request.GET.get('page'))
except:
pass
token = request.user.oauth_tokens.get(site = site)
connections = core.OAuthToken.objects.filter(
site = site
).values_list('username', flat = True).distinct()
connections = [u.lower() for u in connections]
friends = []
followers = core.OAuthToken.objects.filter(
site = site,
user__pk__in = request.user.following.values_list('followee__pk', flat = True)
).values_list('username', flat = True)
if site == 'twitter':
from twitter import Api
api = Api(
consumer_key = creds.get('CONSUMER_KEY'),
consumer_secret = creds.get('CONSUMER_SECRET'),
access_token_key = token.token,
access_token_secret = token.secret
)
for user in api.GetFriends():
if user.screen_name.lower() in connections:
friends.append(
{
'username': user.screen_name.lower(),
'full_name': user.name,
'image': user.profile_image_url,
'following': user.screen_name.lower() in followers,
'show_username': True
}
)
elif site == 'facebook':
def add_friends():
for user in result['data']:
username_or_id = user.get('username', user.get('id'))
if username_or_id in connections:
friends.append(
{
'username': username_or_id,
'full_name': user.get('name'),
'following': user.get('id') in followers,
'image': 'https://graph.facebook.com/%s/picture' % username_or_id,
'show_username': False
}
)
result = simplejson.load(
urlopen('https://graph.facebook.com/me/friends/?access_token=%s&fields=id,username,name' % token.token)
)
if not 'data' in result:
if 'error' in result and result['error'].get('type') == 'OAuthException':
return HttpResponseRedirect(
reverse('oauth_auth', args = [site])
)
raise Exception(result)
add_friends()
while result.get('paging', {}).get('next'):
print 'Moving to next page'
result = simplejson.load(
urlopen(result['paging']['next'])
)
add_friends()
return HttpResponse(
simplejson.dumps(friends),
mimetype = 'application/json'
)
elif request.method == 'POST':
username_or_id = request.POST.get('id', request.POST.get('username')).lower()
token = core.OAuthToken.objects.get(username = username_or_id, site = site)
follow, created = request.user.following.get_or_create(
followee = token.user
)
if created:
follow.notify(request.network)
return HttpResponse('OK', mimetype = 'text/plain')
def instructor_dashboard_2(request, course_id): # lint-amnesty, pylint: disable=too-many-statements
""" Display the instructor dashboard for a course. """
try:
course_key = CourseKey.from_string(course_id)
except InvalidKeyError:
log.error("Unable to find course with course key %s while loading the Instructor Dashboard.", course_id)
return HttpResponseServerError()
course = get_course_by_id(course_key, depth=0)
access = {
'admin': request.user.is_staff,
'instructor': bool(has_access(request.user, 'instructor', course)),
'finance_admin': CourseFinanceAdminRole(course_key).has_user(request.user),
'sales_admin': CourseSalesAdminRole(course_key).has_user(request.user),
'staff': bool(has_access(request.user, 'staff', course)),
'forum_admin': has_forum_access(request.user, course_key, FORUM_ROLE_ADMINISTRATOR),
'data_researcher': request.user.has_perm(permissions.CAN_RESEARCH, course_key),
}
if not request.user.has_perm(permissions.VIEW_DASHBOARD, course_key):
raise Http404()
is_white_label = CourseMode.is_white_label(course_key) # lint-amnesty, pylint: disable=unused-variable
reports_enabled = configuration_helpers.get_value('SHOW_ECOMMERCE_REPORTS', False) # lint-amnesty, pylint: disable=unused-variable
sections = []
if access['staff']:
sections_content = [
_section_course_info(course, access),
_section_membership(course, access),
_section_cohort_management(course, access),
_section_student_admin(course, access),
]
if legacy_discussion_experience_enabled(course_key):
sections_content.append(_section_discussions_management(course, access))
sections.extend(sections_content)
if access['data_researcher']:
sections.append(_section_data_download(course, access))
analytics_dashboard_message = None
if show_analytics_dashboard_message(course_key) and (access['staff'] or access['instructor']):
# Construct a URL to the external analytics dashboard
analytics_dashboard_url = f'{settings.ANALYTICS_DASHBOARD_URL}/courses/{str(course_key)}'
link_start = HTML("<a href=\"{}\" rel=\"noopener\" target=\"_blank\">").format(analytics_dashboard_url)
analytics_dashboard_message = _(
"To gain insights into student enrollment and participation {link_start}"
"visit {analytics_dashboard_name}, our new course analytics product{link_end}."
)
analytics_dashboard_message = Text(analytics_dashboard_message).format(
link_start=link_start, link_end=HTML("</a>"), analytics_dashboard_name=settings.ANALYTICS_DASHBOARD_NAME)
# Temporarily show the "Analytics" section until we have a better way of linking to Insights
sections.append(_section_analytics(course, access))
# Check if there is corresponding entry in the CourseMode Table related to the Instructor Dashboard course
course_mode_has_price = False # lint-amnesty, pylint: disable=unused-variable
paid_modes = CourseMode.paid_modes_for_course(course_key)
if len(paid_modes) == 1:
course_mode_has_price = True
elif len(paid_modes) > 1:
log.error(
"Course %s has %s course modes with payment options. Course must only have "
"one paid course mode to enable eCommerce options.",
str(course_key), len(paid_modes)
)
if access['instructor'] and is_enabled_for_course(course_key):
sections.insert(3, _section_extensions(course))
# Gate access to course email by feature flag & by course-specific authorization
if is_bulk_email_feature_enabled(course_key) and (access['staff'] or access['instructor']):
sections.append(_section_send_email(course, access))
# Gate access to Special Exam tab depending if either timed exams or proctored exams
# are enabled in the course
user_has_access = any([
request.user.is_staff,
CourseStaffRole(course_key).has_user(request.user),
CourseInstructorRole(course_key).has_user(request.user)
])
course_has_special_exams = course.enable_proctored_exams or course.enable_timed_exams
can_see_special_exams = course_has_special_exams and user_has_access and settings.FEATURES.get(
'ENABLE_SPECIAL_EXAMS', False)
if can_see_special_exams:
sections.append(_section_special_exams(course, access))
# Certificates panel
# This is used to generate example certificates
# and enable self-generated certificates for a course.
# Note: This is hidden for all CCXs
certs_enabled = CertificateGenerationConfiguration.current().enabled and not hasattr(course_key, 'ccx')
if certs_enabled and access['admin']:
sections.append(_section_certificates(course))
openassessment_blocks = modulestore().get_items(
course_key, qualifiers={'category': 'openassessment'}
)
# filter out orphaned openassessment blocks
openassessment_blocks = [
block for block in openassessment_blocks if block.parent is not None
]
if len(openassessment_blocks) > 0 and access['staff']:
sections.append(_section_open_response_assessment(request, course, openassessment_blocks, access))
disable_buttons = not CourseEnrollment.objects.is_small_course(course_key)
certificate_allowlist = certs_api.get_allowlist(course_key)
generate_certificate_exceptions_url = reverse(
'generate_certificate_exceptions',
kwargs={'course_id': str(course_key), 'generate_for': ''}
)
generate_bulk_certificate_exceptions_url = reverse(
'generate_bulk_certificate_exceptions',
kwargs={'course_id': str(course_key)}
)
certificate_exception_view_url = reverse(
'certificate_exception_view',
kwargs={'course_id': str(course_key)}
)
certificate_invalidation_view_url = reverse(
'certificate_invalidation_view',
kwargs={'course_id': str(course_key)}
)
certificate_invalidations = CertificateInvalidation.get_certificate_invalidations(course_key)
context = {
'course': course,
'studio_url': get_studio_url(course, 'course'),
'sections': sections,
'disable_buttons': disable_buttons,
'analytics_dashboard_message': analytics_dashboard_message,
'certificate_allowlist': certificate_allowlist,
'certificate_invalidations': certificate_invalidations,
'generate_certificate_exceptions_url': generate_certificate_exceptions_url,
'generate_bulk_certificate_exceptions_url': generate_bulk_certificate_exceptions_url,
'certificate_exception_view_url': certificate_exception_view_url,
'certificate_invalidation_view_url': certificate_invalidation_view_url,
'xqa_server': settings.FEATURES.get('XQA_SERVER', "http://your_xqa_server.com"),
}
return render_to_response('instructor/instructor_dashboard_2/instructor_dashboard_2.html', context)
def get_object(self, queryset=None):
profile = super().get_object(queryset)
if profile.user:
raise Http404("Only the user can modify their profile.")
return profile
def check_access(self, project):
"""Raise an error if user is not allowed to access this project."""
if not self.can_access_project(project):
raise Http404('Access denied')
def re_import_scan_results(request, tid):
additional_message = "When re-uploading a scan, any findings not found in original scan will be updated as " \
"mitigated. The process attempts to identify the differences, however manual verification " \
"is highly recommended."
t = get_object_or_404(Test, id=tid)
scan_type = t.test_type.name
engagement = t.engagement
form = ReImportScanForm()
form.initial['tags'] = [tag.name for tag in t.tags]
if request.method == "POST":
form = ReImportScanForm(request.POST, request.FILES)
if form.is_valid():
scan_date = form.cleaned_data['scan_date']
min_sev = form.cleaned_data['minimum_severity']
file = request.FILES['file']
scan_type = t.test_type.name
active = form.cleaned_data['active']
verified = form.cleaned_data['verified']
tags = request.POST.getlist('tags')
ts = ", ".join(tags)
t.tags = ts
try:
parser = import_parser_factory(file, t)
except ValueError:
raise Http404()
try:
items = parser.items
original_items = t.finding_set.all().values_list("id",
flat=True)
new_items = []
mitigated_count = 0
finding_count = 0
finding_added_count = 0
reactivated_count = 0
for item in items:
sev = item.severity
if sev == 'Information' or sev == 'Informational':
sev = 'Info'
if Finding.SEVERITIES[sev] > Finding.SEVERITIES[min_sev]:
continue
if scan_type == 'Veracode Scan' or scan_type == 'Arachni Scan':
find = Finding.objects.filter(
title=item.title,
test__id=t.id,
severity=sev,
numerical_severity=Finding.get_numerical_severity(
sev),
description=item.description)
else:
find = Finding.objects.filter(
title=item.title,
test__id=t.id,
severity=sev,
numerical_severity=Finding.get_numerical_severity(
sev),
)
if len(find) == 1:
find = find[0]
if find.mitigated:
# it was once fixed, but now back
find.mitigated = None
find.mitigated_by = None
find.active = True
find.verified = verified
find.save()
note = Notes(
entry="Re-activated by %s re-upload." %
scan_type,
author=request.user)
note.save()
find.notes.add(note)
reactivated_count += 1
new_items.append(find.id)
else:
item.test = t
item.date = t.target_start
item.reporter = request.user
item.last_reviewed = timezone.now()
item.last_reviewed_by = request.user
item.verified = verified
item.active = active
item.save()
finding_added_count += 1
new_items.append(item.id)
find = item
if hasattr(item, 'unsaved_req_resp') and len(
item.unsaved_req_resp) > 0:
for req_resp in item.unsaved_req_resp:
burp_rr = BurpRawRequestResponse(
finding=find,
burpRequestBase64=req_resp["req"],
burpResponseBase64=req_resp["resp"],
)
burp_rr.clean()
burp_rr.save()
if item.unsaved_request is not None and item.unsaved_response is not None:
burp_rr = BurpRawRequestResponse(
finding=find,
burpRequestBase64=item.unsaved_request,
burpResponseBase64=item.unsaved_response,
)
burp_rr.clean()
burp_rr.save()
if find:
finding_count += 1
for endpoint in item.unsaved_endpoints:
ep, created = Endpoint.objects.get_or_create(
protocol=endpoint.protocol,
host=endpoint.host,
path=endpoint.path,
query=endpoint.query,
fragment=endpoint.fragment,
product=t.engagement.product)
find.endpoints.add(ep)
if item.unsaved_tags is not None:
find.tags = item.unsaved_tags
# calculate the difference
to_mitigate = set(original_items) - set(new_items)
for finding_id in to_mitigate:
finding = Finding.objects.get(id=finding_id)
finding.mitigated = datetime.combine(
scan_date,
timezone.now().time())
finding.mitigated_by = request.user
finding.active = False
finding.save()
note = Notes(entry="Mitigated by %s re-upload." %
scan_type,
author=request.user)
note.save()
finding.notes.add(note)
mitigated_count += 1
messages.add_message(
request,
messages.SUCCESS,
'%s processed, a total of ' % scan_type +
message(finding_count, 'finding', 'processed'),
extra_tags='alert-success')
if finding_added_count > 0:
messages.add_message(
request,
messages.SUCCESS,
'A total of ' +
message(finding_added_count, 'finding', 'added') +
', that are new to scan.',
extra_tags='alert-success')
if reactivated_count > 0:
messages.add_message(
request,
messages.SUCCESS,
'A total of ' +
message(reactivated_count, 'finding', 'reactivated') +
', that are back in scan results.',
extra_tags='alert-success')
if mitigated_count > 0:
messages.add_message(
request,
messages.SUCCESS,
'A total of ' +
message(mitigated_count, 'finding', 'mitigated') +
'. Please manually verify each one.',
extra_tags='alert-success')
create_notification(event='results_added',
title='Results added',
finding_count=finding_count,
test=t,
engagement=engagement,
url=request.build_absolute_uri(
reverse('view_test', args=(t.id, ))))
return HttpResponseRedirect(reverse('view_test',
args=(t.id, )))
except SyntaxError:
messages.add_message(
request,
messages.ERROR,
'There appears to be an error in the XML report, please check and try again.',
extra_tags='alert-danger')
add_breadcrumb(parent=t,
title="Re-upload a %s" % scan_type,
top_level=False,
request=request)
return render(
request, 'dojo/import_scan_results.html', {
'form': form,
'eid': engagement.id,
'additional_message': additional_message,
})
def oneProduct(request, product_id):
try:
product = Product.objects.get(pk=product_id)
except Product.DoesNotExist:
raise Http404("Product does not exist")
return render(request, 'product/detail.html', {'product': product})
def model_detail(request, app_label, model_name):
if not utils.docutils_is_available:
return missing_docutils_page(request)
# Get the model class.
try:
app_mod = models.get_app(app_label)
except ImproperlyConfigured:
raise Http404(_("App %r not found") % app_label)
model = None
for m in models.get_models(app_mod):
if m._meta.object_name.lower() == model_name:
model = m
break
if model is None:
raise Http404(_("Model %(model_name)r not found in app %(app_label)r") % {'model_name': model_name, 'app_label': app_label})
opts = model._meta
# Gather fields/field descriptions.
fields = []
for field in opts.fields:
# ForeignKey is a special case since the field will actually be a
# descriptor that returns the other object
if isinstance(field, models.ForeignKey):
data_type = field.rel.to.__name__
app_label = field.rel.to._meta.app_label
verbose = utils.parse_rst((_("the related `%(app_label)s.%(data_type)s` object") % {'app_label': app_label, 'data_type': data_type}), 'model', _('model:') + data_type)
else:
data_type = get_readable_field_data_type(field)
verbose = field.verbose_name
fields.append({
'name': field.name,
'data_type': data_type,
'verbose': verbose,
'help_text': field.help_text,
})
# Gather many-to-many fields.
for field in opts.many_to_many:
data_type = field.rel.to.__name__
app_label = field.rel.to._meta.app_label
verbose = _("related `%(app_label)s.%(object_name)s` objects") % {'app_label': app_label, 'object_name': data_type}
fields.append({
'name': "%s.all" % field.name,
"data_type": 'List',
'verbose': utils.parse_rst(_("all %s") % verbose , 'model', _('model:') + opts.module_name),
})
fields.append({
'name' : "%s.count" % field.name,
'data_type' : 'Integer',
'verbose' : utils.parse_rst(_("number of %s") % verbose , 'model', _('model:') + opts.module_name),
})
# Gather model methods.
for func_name, func in model.__dict__.items():
if (inspect.isfunction(func) and len(inspect.getargspec(func)[0]) == 1):
try:
for exclude in MODEL_METHODS_EXCLUDE:
if func_name.startswith(exclude):
raise StopIteration
except StopIteration:
continue
verbose = func.__doc__
if verbose:
verbose = utils.parse_rst(utils.trim_docstring(verbose), 'model', _('model:') + opts.module_name)
fields.append({
'name': func_name,
'data_type': get_return_data_type(func_name),
'verbose': verbose,
})
# Gather related objects
for rel in opts.get_all_related_objects() + opts.get_all_related_many_to_many_objects():
verbose = _("related `%(app_label)s.%(object_name)s` objects") % {'app_label': rel.opts.app_label, 'object_name': rel.opts.object_name}
accessor = rel.get_accessor_name()
fields.append({
'name' : "%s.all" % accessor,
'data_type' : 'List',
'verbose' : utils.parse_rst(_("all %s") % verbose , 'model', _('model:') + opts.module_name),
})
fields.append({
'name' : "%s.count" % accessor,
'data_type' : 'Integer',
'verbose' : utils.parse_rst(_("number of %s") % verbose , 'model', _('model:') + opts.module_name),
})
return render_to_response('admin_doc/model_detail.html', {
'root_path': urlresolvers.reverse('admin:index'),
'name': '%s.%s' % (opts.app_label, opts.object_name),
'summary': _("Fields on %s objects") % opts.object_name,
'description': model.__doc__,
'fields': fields,
}, context_instance=RequestContext(request))
def return_auth(request, site):
creds = OAUTH_CREDENTIALS.get(site.upper())
if not creds:
raise Http404('Site %s not found' % site)
urls = creds.get('URLS', {})
ssl = creds.get('SSL', False)
server = creds.get('SERVER', '%s.com' % site.lower())
if not 'DIALOG' in urls:
token = request.session.get('unauth_token')
if not token:
return HttpResponse('No unauthorised token')
if token.key != request.GET.get('oauth_token', None):
if request.session.get('preauth_url'):
return HttpResponseRedirect(
request.session['preauth_url']
)
else:
return HttpResponse('')
verifier = request.GET.get('oauth_verifier')
consumer = OAuthConsumer(
str(creds.get('CONSUMER_KEY')),
str(creds.get('CONSUMER_SECRET'))
)
oauth_request = OAuthRequest.from_consumer_and_token(
consumer, token = token,
http_url = urls.get('ACCESS_TOKEN'),
parameters = {
'oauth_verifier': verifier
}
)
oauth_request.sign_request(SIGNATURE_METHOD(), consumer, token)
url = oauth_request.to_url()
access_token = OAuthToken.from_string(
urlopen(url).read()
)
if request.user.is_authenticated():
try:
token = request.user.oauth_tokens.get(
site = site
)
token.token = access_token.key
token.secret = access_token.secret
token.save()
except core.OAuthToken.DoesNotExist:
request.user.oauth_tokens.create(
site = site,
token = access_token.key,
secret = access_token.secret
)
else:
return HttpResponse('')
else:
url = urls.get('ACCESS_TOKEN') % request.GET.get('code')
resp = urlopen(url).read()
d = {}
for (key, value) in [i.split('=') for i in resp.split('&')]:
if key:
d[key] = value
if request.user.is_authenticated():
try:
token = request.user.oauth_tokens.get(
site = site
)
token.token = d['access_token']
token.save()
except core.OAuthToken.DoesNotExist:
request.user.oauth_tokens.create(
site = site,
token = d['access_token']
)
else:
return HttpResponse('')
if request.session.get('preauth_url'):
messages.add_message(
request,
messages.SUCCESS,
u'You have been successfully connected to %s.' % creds.get(
'VERBOSE_NAME', site.capitalize()
)
)
return HttpResponseRedirect(
request.session['preauth_url']
)
else:
return HttpResponse('')
def post(self, request):
if not request.user.is_anonymous:
if request.user.has_perm('uchileedxlogin.uchile_instructor_staff') or request.user.is_staff:
lista_data = request.POST.get("datos", "").split('\n')
# limpieza de los datos ingresados
lista_data = [run.strip() for run in lista_data]
lista_data = [run for run in lista_data if run]
lista_data = [d.split(",") for d in lista_data]
# verifica si el checkbox de auto enroll fue seleccionado
enroll = False
if request.POST.getlist("enroll"):
enroll = True
# verifica si el checkbox de send_email fue seleccionado
send_email = False
if request.POST.getlist("send_email"):
send_email = True
context = {
'datos': request.POST.get('datos'),
'curso': request.POST.get("course", ""),
'auto_enroll': enroll,
'send_email': send_email,
'modo': request.POST.get("modes", None)}
# validacion de datos
context = self.validate_data_external(request.user, lista_data, context)
# retorna si hubo al menos un error
if len(context) > 5:
return render(request, 'edxlogin/external.html', context)
list_course = context['curso'].split('\n')
list_course = [course_id.strip() for course_id in list_course]
list_course = [course_id for course_id in list_course if course_id]
lista_saved, lista_not_saved = self.enroll_create_user(
list_course, context['modo'], lista_data, enroll)
login_url = request.build_absolute_uri('/login')
helpdesk_url = request.build_absolute_uri('/contact_form')
email_saved = []
courses = [get_course_by_id(CourseKey.from_string(course_id)) for course_id in list_course]
courses_name = ''
for course in courses:
courses_name = courses_name + course.display_name_with_default + ', '
courses_name = courses_name[:-2]
for email in lista_saved:
if send_email:
if email['email_d'] != email['email_o']:
enroll_email.delay(email['password'], email['email_d'], courses_name, email['sso'], email['exists'], login_url, email['nombreCompleto'], helpdesk_url, email['email_o'])
else:
enroll_email.delay(email['password'], email['email_d'], courses_name, email['sso'], email['exists'], login_url, email['nombreCompleto'], helpdesk_url, '')
aux = email
aux.pop('password', None)
email_saved.append(aux)
context = {
'datos': '',
'auto_enroll': True,
'send_email': True,
'curso': '',
'modo': 'honor',
'action_send': send_email
}
if len(email_saved) > 0:
context['lista_saved'] = email_saved
if len(lista_not_saved) > 0:
context['lista_not_saved'] = lista_not_saved
return render(request, 'edxlogin/external.html', context)
else:
logger.error("EdxLoginExternal - User dont have permission or is not staff, user: {}".format(request.user))
raise Http404()
else:
logger.error("EdxLoginExternal - User is Anonymous")
raise Http404()
def get_object(self, username):
try:
return User.objects.get(username=username)
except User.DoesNotExist:
raise Http404("Error")
def user_change_password(self, request, id, form_url=''):
if not self.has_change_permission(request):
raise PermissionDenied
user = self.get_object(request, unquote(id))
if user is None:
raise Http404(
_('%(name)s object with primary key %(key)r does not exist.') %
{
'name': self.model._meta.verbose_name,
'key': escape(id),
})
if request.method == 'POST':
form = self.change_password_form(user, request.POST)
if form.is_valid():
form.save()
change_message = self.construct_change_message(
request, form, None)
self.log_change(request, user, change_message)
msg = gettext('Password changed successfully.')
messages.success(request, msg)
update_session_auth_hash(request, form.user)
return HttpResponseRedirect(
reverse(
'%s:%s_%s_change' % (
self.admin_site.name,
user._meta.app_label,
user._meta.model_name,
),
args=(user.pk, ),
))
else:
form = self.change_password_form(user)
fieldsets = [(None, {'fields': list(form.base_fields)})]
adminForm = admin.helpers.AdminForm(form, fieldsets, {})
context = {
'title':
_('Change password: %s') % escape(user.email),
'adminForm':
adminForm,
'form_url':
form_url,
'form':
form,
'is_popup': (IS_POPUP_VAR in request.POST
or IS_POPUP_VAR in request.GET),
'add':
True,
'change':
False,
'has_delete_permission':
False,
'has_change_permission':
True,
'has_absolute_url':
False,
'opts':
self.model._meta,
'original':
user,
'save_as':
False,
'show_save':
True,
}
context.update(self.admin_site.each_context(request))
request.current_app = self.admin_site.name
return TemplateResponse(
request,
self.change_user_password_template
or 'admin/auth/user/change_password.html',
context,
)
def get_object(self, queryset=None):
try:
return Order.objects.get(event=self.request.event,
code=self.kwargs['code'].upper())
except Order.DoesNotExist:
raise Http404()
def detail(request, question_id):
try:
question = Question.objects.get(pk=question_id)
except Question.DoesNotExist:
raise Http404("Question does not exist")
return render(request, 'blog/detail.html', { 'question': question })
def logo(request, domain):
logo = Domain.get_by_name(domain).get_custom_logo()
if logo is None:
raise Http404()
return HttpResponse(logo[0], content_type=logo[1])
def pet_detail(request, id):
try:
pet = Pet.objects.get(id=id)
except Pet.DoesNotExist:
raise Http404('Pet not found')
return render(request, 'pet_detail.html', {'pet': pet})
def adminView(request):
if request.user.portal.is_member == True:
all_team = Team.objects.all()
return render(request,'adminView.html',{'all_team':all_team})
else:
raise Http404("You are not authorized as you are not robotix club member")
def encounter(request, url_id=None, json=None):
try:
encounter = Encounter.objects.select_related('area', 'uploaded_by').get(url_id=url_id)
except Encounter.DoesNotExist:
if json:
return _error("Encounter does not exist")
else:
raise Http404("Encounter does not exist")
own_account_names = [account.name for account in Account.objects.filter(
participations__encounter_id=encounter.id,
user=request.user)] if request.user.is_authenticated else []
dump = encounter.val
members = [{ "name": name, **value } for name, value in dump['Category']['status']['Player'].items() if 'account' in value]
try:
area_stats = EraAreaStore.objects.get(era=encounter.era, area=encounter.area).val
except EraAreaStore.DoesNotExist:
area_stats = None
phases = _safe_get(lambda: dump['Category']['encounter']['phase_order'] + ['All'], list(dump['Category']['combat']['Phase'].keys()))
partyfunc = lambda member: member['party']
namefunc = lambda member: member['name']
parties = { party: {
"members": sorted(members, key=namefunc),
"phases": {
phase: {
"actual": _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup'][str(party)]['Metrics']['damage']['To']['*All']),
"actual_boss": _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup'][str(party)]['Metrics']['damage']['To']['*Boss']),
"received": _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup'][str(party)]['Metrics']['damage']['From']['*All']),
"shielded": _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup'][str(party)]['Metrics']['shielded']['From']['*All']),
"buffs": _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup'][str(party)]['Metrics']['buffs']['From']['*All']),
"buffs_out": _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup'][str(party)]['Metrics']['buffs']['To']['*All']),
"events": _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup'][str(party)]['Metrics']['events']),
"mechanics": _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup'][str(party)]['Metrics']['mechanics']),
} for phase in phases
}
} for party, members in groupby(sorted(members, key=partyfunc), partyfunc) }
private = False
encounter_showable = True
for party_no, party in parties.items():
for member in party['members']:
if member['account'] in own_account_names:
member['self'] = True
member['phases'] = {
phase: {
'actual': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Player'][member['name']]['Metrics']['damage']['To']['*All']),
'actual_boss': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Player'][member['name']]['Metrics']['damage']['To']['*Boss']),
'received': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Player'][member['name']]['Metrics']['damage']['From']['*All']),
'shielded': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Player'][member['name']]['Metrics']['shielded']['From']['*All']),
'buffs': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Player'][member['name']]['Metrics']['buffs']['From']['*All']),
'buffs_out': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Player'][member['name']]['Metrics']['buffs']['To']['*All']),
'events': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Player'][member['name']]['Metrics']['events']),
'mechanics': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Player'][member['name']]['Metrics']['mechanics']),
'archetype': _safe_get(lambda: area_stats[phase]['build'][str(member['profession'])][str(member['elite'])][str(member['archetype'])]),
} for phase in phases
}
user_profile = UserProfile.objects.filter(user__accounts__name=member['account'])
if user_profile:
privacy = user_profile[0].privacy
else:
privacy = UserProfile.SQUAD
if 'self' not in member and (privacy == UserProfile.PRIVATE or (privacy == UserProfile.SQUAD and not own_account_names)):
member['name'] = ''
member['account'] = ''
private = True
encounter_showable = False
max_player_dps = max(_safe_get(lambda: data['Metrics']['damage']['To']['*All']['dps']) for phasename, phase in dump['Category']['combat']['Phase'].items() for player, data in phase['Player'].items())
max_player_recv = max(_safe_get(lambda: data['Metrics']['damage']['From']['*All']['total']) for phasename, phase in dump['Category']['combat']['Phase'].items() for player, data in phase['Player'].items())
data = {
"encounter": {
"evtc_version": _safe_get(lambda: dump['Category']['encounter']['evtc_version']),
"id": encounter.id,
"url_id": encounter.url_id,
"name": encounter.area.name,
"filename": encounter.filename,
"uploaded_at": encounter.uploaded_at,
"uploaded_by": encounter.uploaded_by.username,
"started_at": encounter.started_at,
"duration": encounter.duration,
"success": encounter.success,
"tags": encounter.tagstring,
"category": encounter.category_id,
"phase_order": phases,
"participated": own_account_names != [],
"boss_metrics": [metric.__dict__ for metric in BOSSES[encounter.area_id].metrics],
"max_player_dps": max_player_dps,
"max_player_recv": max_player_recv,
"phases": {
phase: {
'duration': encounter.duration if phase == "All" else _safe_get(lambda: dump['Category']['encounter']['Phase'][phase]['duration']),
'group': _safe_get(lambda: area_stats[phase]['group']),
'individual': _safe_get(lambda: area_stats[phase]['individual']),
'actual': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup']['*All']['Metrics']['damage']['To']['*All']),
'actual_boss': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup']['*All']['Metrics']['damage']['To']['*Boss']),
'received': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup']['*All']['Metrics']['damage']['From']['*All']),
'shielded': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup']['*All']['Metrics']['shielded']['From']['*All']),
'buffs': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup']['*All']['Metrics']['buffs']['From']['*All']),
'buffs_out': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup']['*All']['Metrics']['buffs']['To']['*All']),
'events': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup']['*All']['Metrics']['events']),
'mechanics': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup']['*All']['Metrics']['mechanics']),
} for phase in phases
},
"parties": parties,
}
}
if encounter_showable or request.user.is_staff:
if encounter.gdrive_url:
data['encounter']['evtc_url'] = encounter.gdrive_url;
# XXX relic TODO remove once we fully cross to GDrive?
if hasattr(settings, 'UPLOAD_DIR'):
path = encounter.diskname()
if isfile(path):
data['encounter']['downloadable'] = True
if json:
return JsonResponse(data)
else:
return _html_response(request, { "name": "encounter", "no": encounter.url_id }, data)
def view_generic(request,
domain,
app_id=None,
module_id=None,
form_id=None,
copy_app_form=None,
release_manager=False,
module_unique_id=None,
form_unique_id=None):
"""
This is the main view for the app. All other views redirect to here.
"""
if form_id and not module_id and module_unique_id is None:
return bail(request, domain, app_id)
app = module = form = None
try:
if app_id:
app = get_app(domain, app_id)
if module_id:
try:
module = app.get_module(module_id)
except ModuleNotFoundException:
raise Http404()
if not module.unique_id:
module.get_or_create_unique_id()
app.save()
elif module_unique_id:
try:
module = app.get_module_by_unique_id(module_unique_id)
except ModuleNotFoundException:
raise Http404()
module_id = module.id
if form_id and module is not None:
try:
form = module.get_form(form_id)
except IndexError:
raise Http404()
elif form_unique_id:
try:
form = app.get_form(form_unique_id)
except FormNotFoundException:
raise Http404()
form_id = form.id
if form is not None and module is None:
# this is the case where only the form_unique_id is given
module = form.get_module()
module_id = module.id
except (ModuleNotFoundException, FormNotFoundException):
return bail(request, domain, app_id)
# Application states that should no longer exist
if app:
if app.application_version == APP_V1:
_assert = soft_assert()
_assert(False, 'App version 1.0', {
'domain': domain,
'app_id': app_id
})
return render(request, "app_manager/no_longer_supported.html", {
'domain': domain,
'app': app,
})
if not app.vellum_case_management and not app.is_remote_app():
# Soft assert but then continue rendering; template will contain a user-facing warning
_assert = soft_assert(['jschweers' + '@' + 'dimagi.com'])
_assert(False, 'vellum_case_management=False', {
'domain': domain,
'app_id': app_id
})
if (form is not None
and "usercase_preload" in getattr(form, "actions", {})
and form.actions.usercase_preload.preload):
_assert = soft_assert(['dmiller' + '@' + 'dimagi.com'])
_assert(
False, 'User property easy refs + old-style config = bad', {
'domain': domain,
'app_id': app_id,
'module_id': module_id,
'module_unique_id': module_unique_id,
'form_id': form_id,
'form_unique_id': form_unique_id,
})
context = get_apps_base_context(request, domain, app)
if app and app.copy_of:
# redirect to "main" app rather than specific build
return HttpResponseRedirect(
reverse("view_app", args=[domain, app.copy_of]))
context.update({
'module': module,
'form': form,
})
lang = context['lang']
if app and not module and hasattr(app, 'translations'):
context.update({"translations": app.translations.get(lang, {})})
if app and not app.is_remote_app():
context.update({
'add_ons': add_ons.get_dict(request, app, module, form),
'add_ons_layout': add_ons.get_layout(request),
})
if form:
template, form_context = get_form_view_context_and_template(
request, domain, form, context['langs'], current_lang=lang)
context.update(form_context)
elif module:
template = get_module_template(request.user, module)
# make sure all modules have unique ids
app.ensure_module_unique_ids(should_save=True)
module_context = get_module_view_context(app, module, lang)
context.update(module_context)
elif app:
context.update(get_app_view_context(request, app))
template = 'app_manager/app_view_settings.html'
if release_manager:
template = 'app_manager/app_view_release_manager.html'
if release_manager:
context.update(get_releases_context(request, domain, app_id))
context.update({
'is_app_settings_page': not release_manager,
})
else:
from corehq.apps.dashboard.views import DomainDashboardView
return HttpResponseRedirect(
reverse(DomainDashboardView.urlname, args=[domain]))
# update multimedia context for forms and modules.
menu_host = form or module
if menu_host:
default_file_name = 'module%s' % module_id
if form:
default_file_name = '%s_form%s' % (default_file_name, form_id)
specific_media = [{
'menu_refs':
app.get_menu_media(module,
module_id,
form=form,
form_index=form_id,
to_language=lang),
'default_file_name':
'{name}_{lang}'.format(name=default_file_name, lang=lang),
}]
if not form and module and not isinstance(
module, ReportModule) and module.uses_media():
def _make_name(suffix):
return "{default_name}_{suffix}_{lang}".format(
default_name=default_file_name,
suffix=suffix,
lang=lang,
)
specific_media.append({
'menu_refs':
app.get_case_list_form_media(module,
module_id,
to_language=lang),
'default_file_name':
_make_name('case_list_form'),
'qualifier':
'case_list_form_',
})
specific_media.append({
'menu_refs':
app.get_case_list_menu_item_media(module,
module_id,
to_language=lang),
'default_file_name':
_make_name('case_list_menu_item'),
'qualifier':
'case_list-menu_item_',
})
if (toggles.CASE_LIST_LOOKUP.enabled(request.user.username)
or toggles.CASE_LIST_LOOKUP.enabled(app.domain)
or toggles.BIOMETRIC_INTEGRATION.enabled(app.domain)):
specific_media.append({
'menu_refs':
app.get_case_list_lookup_image(module, module_id),
'default_file_name':
'{}_case_list_lookup'.format(default_file_name),
'qualifier':
'case-list-lookupcase',
})
if hasattr(module, 'product_details'):
specific_media.append({
'menu_refs':
app.get_case_list_lookup_image(module,
module_id,
type='product'),
'default_file_name':
'{}_product_list_lookup'.format(default_file_name),
'qualifier':
'case-list-lookupproduct',
})
uploaders = {
'icon':
MultimediaImageUploadController(
"hqimage",
reverse(ProcessImageFileUploadView.urlname,
args=[app.domain, app.get_id])),
'audio':
MultimediaAudioUploadController(
"hqaudio",
reverse(ProcessAudioFileUploadView.urlname,
args=[app.domain, app.get_id])),
}
context.update({
'multimedia': {
"object_map": app.get_object_map(),
'upload_managers': uploaders,
'upload_managers_js':
{type: u.js_options
for type, u in six.iteritems(uploaders)},
}
})
context['module_icon'] = None
if toggles.CUSTOM_ICON_BADGES.enabled(domain):
context[
'module_icon'] = module.custom_icon if module.custom_icon else CustomIcon(
)
try:
context['multimedia']['references'] = app.get_references()
except ReportConfigurationNotFoundError:
pass
context['nav_menu_media_specifics'] = specific_media
error = request.GET.get('error', '')
context.update({
'error': error,
'app': app,
})
# Pass form for Copy Application to template
domain_names = [
d.name for d in Domain.active_for_user(request.couch_user)
if not (is_linked_domain(request.domain) and get_domain_master_link(
request.domain).master_domain == d.name)
]
domain_names.sort()
if app and copy_app_form is None:
toggle_enabled = toggles.EXPORT_ZIPPED_APPS.enabled(
request.user.username)
copy_app_form = CopyApplicationForm(
domain, app, export_zipped_apps_enabled=toggle_enabled)
context.update({
'domain_names': domain_names,
})
linked_domains_enabled = toggles.LINKED_DOMAINS.enabled(domain)
context.update({
'copy_app_form': copy_app_form,
'linked_domains_enabled': linked_domains_enabled,
})
context['latest_commcare_version'] = get_commcare_versions(
request.user)[-1]
if (app and app.doc_type in ('Application', 'LinkedApplication')
and has_privilege(request, privileges.COMMCARE_LOGO_UPLOADER)):
uploader_slugs = list(ANDROID_LOGO_PROPERTY_MAPPING.keys())
from corehq.apps.hqmedia.controller import MultimediaLogoUploadController
from corehq.apps.hqmedia.views import ProcessLogoFileUploadView
uploaders = [
MultimediaLogoUploadController(
slug,
reverse(
ProcessLogoFileUploadView.urlname,
args=[domain, app_id, slug],
)) for slug in uploader_slugs
]
context.update({
"sessionid": request.COOKIES.get('sessionid'),
"uploaders": uploaders,
"uploaders_js": [u.js_options for u in uploaders],
"refs": {
slug: ApplicationMediaReference(
app.logo_refs.get(slug, {}).get("path", slug),
media_class=CommCareImage,
module_id=app.logo_refs.get(slug, {}).get("m_id"),
).as_dict()
for slug in uploader_slugs
},
"media_info": {
slug: app.logo_refs.get(slug)
for slug in uploader_slugs if app.logo_refs.get(slug)
},
})
context.update({
'show_live_preview':
app
and should_show_preview_app(request, app, request.couch_user.username),
'can_preview_form':
request.couch_user.has_permission(domain, 'edit_data')
})
confirm = request.session.pop('CONFIRM', False)
context.update({'confirm': confirm})
response = render(request, template, context)
response.set_cookie('lang', encode_if_unicode(lang))
return response
def manage_files(request, oid, obj_type):
if not settings.FEATURE_AUTHORIZATION_V2 and not request.user.is_staff:
raise PermissionDenied
if obj_type == 'Engagement':
obj = get_object_or_404(Engagement, pk=oid)
if settings.FEATURE_AUTHORIZATION_V2:
user_has_permission_or_403(request.user, obj, Permissions.Engagement_Edit)
obj_vars = ('view_engagement', 'engagement_set')
elif obj_type == 'Test':
obj = get_object_or_404(Test, pk=oid)
if settings.FEATURE_AUTHORIZATION_V2:
user_has_permission_or_403(request.user, obj, Permissions.Test_Edit)
obj_vars = ('view_test', 'test_set')
elif obj_type == 'Finding':
obj = get_object_or_404(Finding, pk=oid)
if settings.FEATURE_AUTHORIZATION_V2:
user_has_permission_or_403(request.user, obj, Permissions.Finding_Edit)
obj_vars = ('view_finding', 'finding_set')
else:
raise Http404()
files_formset = ManageFileFormSet(queryset=obj.files.all())
error = False
if request.method == 'POST':
files_formset = ManageFileFormSet(
request.POST, request.FILES, queryset=obj.files.all())
if files_formset.is_valid():
# remove all from database and disk
files_formset.save()
for o in files_formset.deleted_objects:
logger.debug("removing file: %s", o.file.name)
os.remove(os.path.join(settings.MEDIA_ROOT, o.file.name))
for o in files_formset.new_objects:
logger.debug("adding file: %s", o.file.name)
obj.files.add(o)
orphan_files = FileUpload.objects.filter(engagement__isnull=True,
test__isnull=True,
finding__isnull=True)
for o in orphan_files:
logger.debug("purging orphan file: %s", o.file.name)
os.remove(os.path.join(settings.MEDIA_ROOT, o.file.name))
o.delete()
messages.add_message(
request,
messages.SUCCESS,
'Files updated successfully.',
extra_tags='alert-success')
else:
error = True
messages.add_message(
request,
messages.ERROR,
'Please check form data and try again.',
extra_tags='alert-danger')
if not error:
return HttpResponseRedirect(reverse(obj_vars[0], args=(oid, )))
return render(
request, 'dojo/manage_files.html', {
'files_formset': files_formset,
'obj': obj,
'obj_type': obj_type,
})
def owner_info(request, carowner_id):
try:
owner = CarOwner.objects.get(pk=carowner_id)
except CarOwner.DoesNotExist:
raise Http404("car owner does not exist")
return render(request, 'owner.html', {'owner': owner})
def post(self, request):
raise Http404("GET of this page does not exist, you need get")
def dispatch(self, request, *args, **kwargs):
if not services.is_valid_link(self.get_object().created_at):
raise Http404()
return super().dispatch(request, *args, **kwargs)
