def post(self, request, course_id):
"""Takes the form submission from the page and parses it.
Args:
request (`Request`): The Django Request object.
course_id (unicode): The slash-separated course key.
Returns:
Status code 400 when the requested mode is unsupported. When the honor mode
is selected, redirects to the dashboard. When the verified mode is selected,
returns error messages if the indicated contribution amount is invalid or
below the minimum, otherwise redirects to the verification flow.
"""
course_key = SlashSeparatedCourseKey.from_deprecated_string(course_id)
user = request.user
# This is a bit redundant with logic in student.views.change_enrollment,
# but I don't really have the time to refactor it more nicely and test.
course = modulestore().get_course(course_key)
if not has_access(user, 'enroll', course):
error_msg = _("Enrollment is closed")
return self.get(request, course_id, error=error_msg)
requested_mode = self._get_requested_mode(request.POST)
allowed_modes = CourseMode.modes_for_course_dict(course_key)
if requested_mode not in allowed_modes:
return HttpResponseBadRequest(_("Enrollment mode not supported"))
if requested_mode == 'honor':
# The user will have already been enrolled in the honor mode at this
# point, so we just redirect them to the dashboard, thereby avoiding
# hitting the database a second time attempting to enroll them.
return redirect(reverse('dashboard'))
mode_info = allowed_modes[requested_mode]
if requested_mode == 'verified':
amount = request.POST.get("contribution") or \
request.POST.get("contribution-other-amt") or 0
try:
# Validate the amount passed in and force it into two digits
amount_value = decimal.Decimal(amount).quantize(
decimal.Decimal('.01'), rounding=decimal.ROUND_DOWN)
except decimal.InvalidOperation:
error_msg = _("Invalid amount selected.")
return self.get(request, course_id, error=error_msg)
# Check for minimum pricing
if amount_value < mode_info.min_price:
error_msg = _(
"No selected price or selected price is too low.")
return self.get(request, course_id, error=error_msg)
donation_for_course = request.session.get("donation_for_course",
{})
donation_for_course[unicode(course_key)] = amount_value
request.session["donation_for_course"] = donation_for_course
return redirect(
reverse('verify_student_start_flow',
kwargs={'course_id': unicode(course_key)}))
def send_goods_branch(request):
if request.user.id is None:
return HttpResponseBadRequest()
return HttpResponse(get_branch_goods_json(request.user.id),
content_type="application/json")
def notify_callback(request):
payment_module = config_get_group('PAYMENT_DOTPAY')
if payment_module.LIVE.value:
log.debug("Live IPN on %s", payment_module.KEY.value)
signature_code = payment_module.MERCHANT_SIGNATURE_CODE.value
terminal = payment_module.MERCHANT_TERMINAL.value
else:
log.debug("Test IPN on %s", payment_module.KEY.value)
signature_code = payment_module.MERCHANT_TEST_SIGNATURE_CODE.value
terminal = payment_module.MERCHANT_TEST_TERMINAL.value
data = request.POST
log.debug("Transaction data: " + repr(data))
try:
# sig_data = "%s%s%s%s%s%s" % (
# data['Ds_Amount'],
# data['Ds_Order'],
# data['Ds_MerchantCode'],
# data['Ds_Currency'],
# data['Ds_Response'],
# signature_code
# )
# sig_calc = sha1(sig_data).hexdigest()
# if sig_calc != data['Ds_Signature'].lower():
# log.error("Invalid signature. Received '%s', calculated '%s'." % (data['Ds_Signature'], sig_calc))
# return HttpResponseBadRequest("Checksum error")
# if data['Ds_MerchantCode'] != payment_module.DOTPAY_DOTID.value:
# log.error("Invalid FUC code: %s" % data['Ds_MerchantCode'])
# return HttpResponseNotFound("Unknown FUC code")
if int(data['t_status']) != 2:
log.error("Payment not accepted number: %s" % data['t_status'])
return HttpResponseNotFound("Platnosc odrzucona")
# TODO: fields Ds_Currency, Ds_SecurePayment may be worth checking
#xchg_order_id = data['control']
try:
#order_id = xchg_order_id[:xchg_order_id.index('T')]
order_id = data['control']
except ValueError:
log.error("Incompatible order ID: '%s'" % order_id)
return HttpResponseNotFound("Order not found")
try:
order = Order.objects.get(id=order_id)
except Order.DoesNotExist:
log.error("Received data for nonexistent Order #%s" % order_id)
return HttpResponseNotFound("Order not found")
amount = Decimal(data['amount'])
# if int(data['Ds_Response']) > 100:
# log.info("Response code is %s. Payment not accepted." % data['Ds_Response'])
# return HttpResponse()
except KeyError:
log.error("Received incomplete DOTPAY transaction data")
return HttpResponseBadRequest("Incomplete data")
# success
order.add_status(status='New', notes=u"Paid through DOTPAY.")
processor = get_processor_by_key('PAYMENT_DOTPAY')
payment = processor.record_payment(order=order,
amount=amount,
transaction_id=data['t_id'])
# empty customer's carts
for cart in Cart.objects.filter(customer=order.contact):
cart.empty()
return HttpResponse()
def process_request(self, request):
"""Process the given request"""
asset_path = request.path
if self.is_asset_request(request):
# Make sure we can convert this request into a location.
if AssetLocator.CANONICAL_NAMESPACE in asset_path:
asset_path = asset_path.replace('block/', 'block@', 1)
# If this is a versioned request, pull out the digest and chop off the prefix.
requested_digest = None
if StaticContent.is_versioned_asset_path(asset_path):
requested_digest, asset_path = StaticContent.parse_versioned_asset_path(
asset_path)
# Make sure we have a valid location value for this asset.
try:
loc = StaticContent.get_location_from_path(asset_path)
except (InvalidLocationError, InvalidKeyError):
return HttpResponseBadRequest()
# Attempt to load the asset to make sure it exists, and grab the asset digest
# if we're able to load it.
actual_digest = None
try:
content = self.load_asset_from_location(loc)
actual_digest = getattr(content, "content_digest", None)
except (ItemNotFoundError, NotFoundError):
return HttpResponseNotFound()
# If this was a versioned asset, and the digest doesn't match, redirect
# them to the actual version.
if requested_digest is not None and actual_digest is not None and (
actual_digest != requested_digest):
actual_asset_path = StaticContent.add_version_to_asset_path(
asset_path, actual_digest)
return HttpResponsePermanentRedirect(actual_asset_path)
# Set the basics for this request. Make sure that the course key for this
# asset has a run, which old-style courses do not. Otherwise, this will
# explode when the key is serialized to be sent to NR.
safe_course_key = loc.course_key
if safe_course_key.run is None:
safe_course_key = safe_course_key.replace(run='only')
if newrelic:
newrelic.agent.add_custom_parameter('course_id',
safe_course_key)
newrelic.agent.add_custom_parameter('org', loc.org)
newrelic.agent.add_custom_parameter('contentserver.path',
loc.path)
# Figure out if this is a CDN using us as the origin.
is_from_cdn = StaticContentServer.is_cdn_request(request)
newrelic.agent.add_custom_parameter('contentserver.from_cdn',
is_from_cdn)
# Check if this content is locked or not.
locked = self.is_content_locked(content)
newrelic.agent.add_custom_parameter('contentserver.locked',
locked)
# Check that user has access to the content.
if not self.is_user_authorized(request, content, loc):
return HttpResponseForbidden('Unauthorized')
# Figure out if the client sent us a conditional request, and let them know
# if this asset has changed since then.
last_modified_at_str = content.last_modified_at.strftime(
HTTP_DATE_FORMAT)
if 'HTTP_IF_MODIFIED_SINCE' in request.META:
if_modified_since = request.META['HTTP_IF_MODIFIED_SINCE']
if if_modified_since == last_modified_at_str:
return HttpResponseNotModified()
# *** File streaming within a byte range ***
# If a Range is provided, parse Range attribute of the request
# Add Content-Range in the response if Range is structurally correct
# Request -> Range attribute structure: "Range: bytes=first-[last]"
# Response -> Content-Range attribute structure: "Content-Range: bytes first-last/totalLength"
# http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35
response = None
if request.META.get('HTTP_RANGE'):
# If we have a StaticContent, get a StaticContentStream. Can't manipulate the bytes otherwise.
if isinstance(content, StaticContent):
content = AssetManager.find(loc, as_stream=True)
header_value = request.META['HTTP_RANGE']
try:
unit, ranges = parse_range_header(header_value,
content.length)
except ValueError as exception:
# If the header field is syntactically invalid it should be ignored.
log.exception(u"%s in Range header: %s for content: %s",
text_type(exception), header_value,
unicode(loc))
else:
if unit != 'bytes':
# Only accept ranges in bytes
log.warning(
u"Unknown unit in Range header: %s for content: %s",
header_value, text_type(loc))
elif len(ranges) > 1:
# According to Http/1.1 spec content for multiple ranges should be sent as a multipart message.
# http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.16
# But we send back the full content.
log.warning(
u"More than 1 ranges in Range header: %s for content: %s",
header_value, text_type(loc))
else:
first, last = ranges[0]
if 0 <= first <= last < content.length:
# If the byte range is satisfiable
response = HttpResponse(
content.stream_data_in_range(first, last))
response[
'Content-Range'] = b'bytes {first}-{last}/{length}'.format(
first=first,
last=last,
length=content.length)
response['Content-Length'] = str(last - first + 1)
response.status_code = 206 # Partial Content
if newrelic:
newrelic.agent.add_custom_parameter(
'contentserver.ranged', True)
else:
log.warning(
u"Cannot satisfy ranges in Range header: %s for content: %s",
header_value, text_type(loc))
return HttpResponse(
status=416) # Requested Range Not Satisfiable
# If Range header is absent or syntactically invalid return a full content response.
if response is None:
response = HttpResponse(content.stream_data())
response['Content-Length'] = content.length
if newrelic:
newrelic.agent.add_custom_parameter(
'contentserver.content_len', content.length)
newrelic.agent.add_custom_parameter(
'contentserver.content_type', content.content_type)
# "Accept-Ranges: bytes" tells the user that only "bytes" ranges are allowed
response['Accept-Ranges'] = 'bytes'
response['Content-Type'] = content.content_type
response['X-Frame-Options'] = 'ALLOW'
# Set any caching headers, and do any response cleanup needed. Based on how much
# middleware we have in place, there's no easy way to use the built-in Django
# utilities and properly sanitize and modify a response to ensure that it is as
# cacheable as possible, which is why we do it ourselves.
self.set_caching_headers(content, response)
return response
def batch_edit_translations(request):
try:
l = request.POST['locale']
action = request.POST['action']
entity_pks = utils.split_ints(request.POST.get('entities', ''))
except MultiValueDictKeyError as e:
return HttpResponseBadRequest('Bad Request: {error}'.format(error=e))
locale = get_object_or_404(Locale, code=l)
entities = (Entity.objects.filter(
pk__in=entity_pks).prefetch_resources_translations(locale))
if not entities.exists():
return JsonResponse({'count': 0})
# Batch editing is only available to translators.
# Check if user has translate permissions for all of the projects in passed entities.
projects = Project.objects.filter(pk__in=entities.values_list(
'resource__project__pk', flat=True).distinct())
for project in projects:
if not request.user.can_translate(project=project, locale=locale):
return HttpResponseForbidden(
"Forbidden: You don't have permission for batch editing")
translation_pks = set()
for entity in entities:
if entity.string_plural == "":
translation_pks.add(entity.get_translation()['pk'])
else:
for plural_form in range(0, locale.nplurals or 1):
translation_pks.add(entity.get_translation(plural_form)['pk'])
translation_pks.discard(None)
translations = Translation.objects.filter(pk__in=translation_pks)
latest_translation_pk = None
changed_translation_pks = []
# Must be executed before translations set changes, which is why
# we need to force evaluate QuerySets by wrapping them inside list()
def get_translations_info(translations, changed_entities=None):
count = translations.count()
translated_resources = list(translations.translated_resources(locale))
if changed_entities is None:
changed_entities = list(
Entity.objects.filter(translation__in=translations).distinct())
return count, translated_resources, changed_entities
if action == 'approve':
approved = translations.filter(approved=False)
changed_translation_pks = list(approved.values_list('pk', flat=True))
if changed_translation_pks:
latest_translation_pk = approved.last().pk
count, translated_resources, changed_entities = get_translations_info(
approved)
approved.update(
approved=True,
approved_user=request.user,
approved_date=timezone.now(),
rejected=False,
rejected_user=None,
rejected_date=None,
fuzzy=False,
)
# Reject all other non-rejected translations.
suggestions = Translation.objects.filter(
locale=locale,
entity__pk__in=entities,
approved=False,
rejected=False,
)
suggestions.update(
rejected=True,
rejected_user=request.user,
rejected_date=timezone.now(),
fuzzy=False,
)
elif action == 'reject':
suggestions = Translation.objects.filter(locale=locale,
entity__pk__in=entities,
approved=False,
rejected=False)
count, translated_resources, changed_entities = get_translations_info(
suggestions, [])
TranslationMemoryEntry.objects.filter(
translation__in=suggestions).delete()
suggestions.update(
rejected=True,
rejected_user=request.user,
rejected_date=timezone.now(),
fuzzy=False,
)
elif action == 'replace':
find = request.POST.get('find')
replace = request.POST.get('replace')
try:
translations, changed_translations = translations.find_and_replace(
find, replace, request.user)
changed_translation_pks = [c.pk for c in changed_translations]
if changed_translation_pks:
latest_translation_pk = max(changed_translation_pks)
except Translation.NotAllowed:
return JsonResponse({
'error': 'Empty translations not allowed',
})
count, translated_resources, changed_entities = get_translations_info(
translations)
if count == 0:
return JsonResponse({'count': 0})
# Update stats
for translated_resource in translated_resources:
translated_resource.calculate_stats(save=False)
bulk_update(translated_resources,
update_fields=[
'total_strings',
'approved_strings',
'fuzzy_strings',
'translated_strings',
])
project = entity.resource.project
project.aggregate_stats()
locale.aggregate_stats()
ProjectLocale.objects.get(locale=locale, project=project).aggregate_stats()
# Mark translations as changed
changed_entities_array = []
existing = ChangedEntityLocale.objects.values_list('entity',
'locale').distinct()
for changed_entity in changed_entities:
key = (changed_entity.pk, locale.pk)
# Remove duplicate changes to prevent unique constraint violation
if key not in existing:
changed_entities_array.append(
ChangedEntityLocale(entity=changed_entity, locale=locale))
ChangedEntityLocale.objects.bulk_create(changed_entities_array)
# Update latest translation
if latest_translation_pk:
Translation.objects.get(
pk=latest_translation_pk).update_latest_translation()
# Update translation memory
memory_entries = [
TranslationMemoryEntry(
source=t.entity.string,
target=t.string,
locale=locale,
entity=t.entity,
translation=t,
project=project,
) for t in (Translation.objects.filter(pk__in=changed_translation_pks).
prefetch_related('entity__resource'))
]
TranslationMemoryEntry.objects.bulk_create(memory_entries)
return JsonResponse({'count': count})
def get(self, request, *args, **kwargs):
self.parse_params()
if self.section and (self.section not in self.search_sections):
message = 'The section {0} was not known'
return HttpResponseBadRequest(message.format(self.section))
return super(SearchBaseView, self).get(request, *args, **kwargs)
def form_invalid(self, form):
return HttpResponseBadRequest(json.dumps(dict(errors=form.errors)),
content_type='application/json')
def admin_upload_view(self, request, id=None):
if id:
object = self.get_object(request, id)
else:
object = None
if request.method == 'POST': # POST data
if not ("f" in request.GET.keys()): # upload file
if not request.FILES:
return HttpResponseBadRequest('Must upload a file')
# get the uploaded file
files = request.FILES.getlist(u'files[]')
resp = []
for f in files:
error = False
# file size
if f.size > self.upload_options["maxfilesize"]:
error = "maxFileSize"
if f.size < self.upload_options["minfilesize"]:
error = "minFileSize"
# allowed file type
acceptedformats = self.upload_options["acceptedformats"]
# Allow any mimetype if we set the value to be ("*",)
if acceptedformats!=("*",):
if f.content_type not in acceptedformats:
error = "acceptFileTypes"
# the response data which will be returned to
# the uploader as json
response_data = {
"name": f.name,
"size": f.size,
"type": f.content_type,
"delete_type": "POST",
}
# if there was an error, add error message
# to response_data and return
if error:
# append error message
response_data["error"] = error
# generate json
else:
while 1:
chunk = f.file.read(10000)
if not chunk:
break
f.file.seek(0)
# Manipulate file.
data = self.process_uploaded_file(f, object,
request)
assert 'id' in data, 'Must return id in data'
response_data.update(data)
response_data['delete_url'] = request.path + "?"\
+ urllib.urlencode({'f': data['id']})
resp.append(response_data)
# generate the json data
response_data = json.dumps(resp)
# response type
response_type = "application/json"
# QUIRK HERE
# in jQuey uploader, when it falls back to uploading
# using iFrames
# the response content type has to be text/html
# if json will be send, error will occur
# if iframe is sending the request, it's headers are
# a little different compared
# to the jQuery ajax request
# they have different set of HTTP_ACCEPT values
# so if the text/html is present, file was uploaded
# using jFrame because
# that value is not in the set when uploaded by XHR
if "text/html" in request.META["HTTP_ACCEPT"]:
response_type = "text/html"
response_type = "text/html"
# return the data to the uploading plugin
return HttpResponse(response_data, content_type=response_type)
else:
# file has to be deleted
# get the file path by getting it from the query
# (e.g. '?f=filename.here')
self.delete_file(request.GET["f"], request)
# generate true json result
# in this case is it a json True value
# if true is not returned, the file will not be
# removed from the upload queue
response_data = json.dumps(True)
# return the result data
# here it always has to be json
return HttpResponse(response_data, content_type="application/json")
else:
#GET
context = {
# these two are necessary to generate the jQuery templates
# they have to be included here since they conflict
# with django template system
"open_tv": u'{{',
"close_tv": u'}}',
# some of the parameters to be checked by javascript
"maxfilesize": self.upload_options["maxfilesize"],
"minfilesize": self.upload_options["minfilesize"],
# django admin parameters
"object": object,
'media': self.media,
'opts': self.model._meta,
'change': False,
'is_popup': 'pop' in request.GET,
'add': True,
'app_label': self.model._meta.app_label,
'save_as': 'teste',
'has_delete_permission': False,
'has_add_permission': False,
'has_change_permission': False,
}
return render(request,
self.multiupload_template,
context,
)
def create_transaction(request, event_id):
data = json.loads(request.body)
try:
buy = (data['buy'] == 'True') # kupno, sprzedaz
outcome = data['outcome'] # tak nie
for_price = data['for_price'] # cena
except:
return HttpResponseBadRequest(
_("Something went wrong, try again in a \
few seconds."))
try:
if buy:
user, event, bet = Bet.objects.buy_a_bet(request.user, event_id,
outcome, for_price)
else:
user, event, bet = Bet.objects.sell_a_bet(request.user, event_id,
outcome, for_price)
except NonexistantEvent:
raise Http404
except PriceMismatch as e:
result = {
'error': unicode(e.message.decode('utf-8')),
'updates': {
'events': [e.updated_event.event_dict]
}
}
return JSONResponseBadRequest(json.dumps(result))
except InsufficientCash as e:
result = {
'error': unicode(e.message.decode('utf-8')),
'updates': {
'user': [e.updated_user.statistics_dict]
}
}
return JSONResponseBadRequest(json.dumps(result))
except InsufficientBets as e:
result = {
'error': unicode(e.message.decode('utf-8')),
'updates': {
'bets': [e.updated_bet.bet_dict]
}
}
return JSONResponseBadRequest(json.dumps(result))
except EventNotInProgress as e:
result = {
'error': unicode(e.message.decode('utf-8')),
}
return JSONResponseBadRequest(json.dumps(result))
except UnknownOutcome as e:
result = {
'error': unicode(e.message.decode('utf-8')),
}
return JSONResponseBadRequest(json.dumps(result))
result = {
'updates': {
'bets': [bet.bet_dict],
'events': [event.event_dict],
'user': user.statistics_dict
}
}
return JSONResponse(json.dumps(result))
def bad_request(self, data=''):
return HttpResponseBadRequest(data)
def edit_app_attr(request, domain, app_id, attr):
"""
Called to edit any (supported) app attribute, given by attr
"""
app = get_app(domain, app_id)
try:
hq_settings = json.loads(request.body)['hq']
except ValueError:
hq_settings = request.POST
attributes = [
'all',
'recipients',
'name',
'text_input',
'platform',
'build_spec',
'use_custom_suite',
'custom_suite',
'admin_password',
'comment',
'use_j2me_endpoint',
# Application only
'cloudcare_enabled',
'case_sharing',
'translation_strategy',
'auto_gps_capture',
# RemoteApp only
'profile_url',
'manage_urls',
'mobile_ucr_restore_version',
]
if attr not in attributes:
return HttpResponseBadRequest()
def should_edit(attribute):
return attribute == attr or ('all' == attr
and attribute in hq_settings)
def parse_sync_interval(interval):
try:
return int(interval)
except ValueError:
pass
resp = {"update": {}}
# For either type of app
easy_attrs = (
('build_spec', BuildSpec.from_string),
('practice_mobile_worker_id', None),
('case_sharing', None),
('cloudcare_enabled', None),
('manage_urls', None),
('name', None),
('platform', None),
('recipients', None),
('text_input', None),
('use_custom_suite', None),
('secure_submissions', None),
('translation_strategy', None),
('auto_gps_capture', None),
('use_grid_menus', None),
('grid_form_menus', None),
('target_commcare_flavor', None),
('comment', None),
('custom_base_url', None),
('use_j2me_endpoint', None),
('mobile_ucr_restore_version', None),
('location_fixture_restore', None),
)
linked_app_attrs = [
'target_commcare_flavor',
]
for attribute, transformation in easy_attrs:
if should_edit(attribute):
value = hq_settings[attribute]
if transformation:
value = transformation(value)
setattr(app, attribute, value)
if hasattr(app,
'linked_app_attrs') and attribute in linked_app_attrs:
app.linked_app_attrs.update({
attribute: value,
})
if should_edit("name"):
clear_app_cache(request, domain)
name = hq_settings['name']
resp['update'].update({
'.variable-app_name':
name,
'[data-id="{id}"]'.format(id=app_id):
ApplicationsTab.make_app_title(name, app.doc_type),
})
if should_edit("build_spec"):
resp['update']['commcare-version'] = app.commcare_minor_release
if should_edit("practice_mobile_worker_id"):
user_id = hq_settings['practice_mobile_worker_id']
if not app.enable_practice_users:
app.practice_mobile_worker_id = None
elif user_id:
get_and_assert_practice_user_in_domain(user_id, request.domain)
if should_edit("admin_password"):
admin_password = hq_settings.get('admin_password')
if admin_password:
app.set_admin_password(admin_password)
# For Normal Apps
if should_edit("cloudcare_enabled"):
if app.get_doc_type() not in ("Application", ):
raise Exception("App type %s does not support cloudcare" %
app.get_doc_type())
if not has_privilege(request, privileges.CLOUDCARE):
app.cloudcare_enabled = False
def require_remote_app():
if app.get_doc_type() not in ("RemoteApp", ):
raise Exception("App type %s does not support profile url" %
app.get_doc_type())
# For RemoteApps
if should_edit("profile_url"):
require_remote_app()
app['profile_url'] = hq_settings['profile_url']
if should_edit("manage_urls"):
require_remote_app()
app.save(resp)
# this is a put_attachment, so it has to go after everything is saved
if should_edit("custom_suite"):
app.set_custom_suite(hq_settings['custom_suite'])
return HttpResponse(json.dumps(resp))
def post_comment_ajax(request, using=None):
"""
Post a comment, via an Ajax call.
"""
if not request.is_ajax():
return HttpResponseBadRequest("Expecting Ajax call")
# This is copied from django_comments.
# Basically that view does too much, and doesn't offer a hook to change the rendering.
# The request object is not passed to next_redirect for example.
#
# This is a separate view to integrate both features. Previously this used django-ajaxcomments
# which is unfortunately not thread-safe (it it changes the comment view per request).
# Fill out some initial data fields from an authenticated user, if present
data = request.POST.copy()
if request.user.is_authenticated():
if not data.get('name', ''):
data["name"] = request.user.get_full_name(
) or request.user.username
if not data.get('email', ''):
data["email"] = request.user.email
# Look up the object we're trying to comment about
ctype = data.get("content_type")
object_pk = data.get("object_pk")
if ctype is None or object_pk is None:
return CommentPostBadRequest(
"Missing content_type or object_pk field.")
try:
model = get_django_model(*ctype.split(".", 1))
target = model._default_manager.using(using).get(pk=object_pk)
except ValueError:
return CommentPostBadRequest("Invalid object_pk value: {0}".format(
escape(object_pk)))
except TypeError:
return CommentPostBadRequest("Invalid content_type value: {0}".format(
escape(ctype)))
except AttributeError:
return CommentPostBadRequest(
"The given content-type {0} does not resolve to a valid model.".
format(escape(ctype)))
except ObjectDoesNotExist:
return CommentPostBadRequest(
"No object matching content-type {0} and object PK {1} exists.".
format(escape(ctype), escape(object_pk)))
except (ValueError, ValidationError) as e:
return CommentPostBadRequest(
"Attempting go get content-type {0!r} and object PK {1!r} exists raised {2}"
.format(escape(ctype), escape(object_pk), e.__class__.__name__))
# Do we want to preview the comment?
preview = "preview" in data
# Construct the comment form
form = get_comments_form()(target, data=data)
# Check security information
if form.security_errors():
return CommentPostBadRequest(
"The comment form failed security verification: {0}".format(
form.security_errors()))
# If there are errors or if we requested a preview show the comment
if preview:
comment = form.get_comment_object() if not form.errors else None
return _ajax_result(request,
form,
"preview",
comment,
object_id=object_pk)
if form.errors:
return _ajax_result(request, form, "post", object_id=object_pk)
# Otherwise create the comment
comment = form.get_comment_object()
comment.ip_address = request.META.get("REMOTE_ADDR", None)
if request.user.is_authenticated():
comment.user = request.user
# Signal that the comment is about to be saved
responses = signals.comment_will_be_posted.send(sender=comment.__class__,
comment=comment,
request=request)
for (receiver, response) in responses:
if response is False:
return CommentPostBadRequest(
"comment_will_be_posted receiver {0} killed the comment".
format(receiver.__name__))
# Save the comment and signal that it was saved
comment.save()
signals.comment_was_posted.send(sender=comment.__class__,
comment=comment,
request=request)
return _ajax_result(request, form, "post", comment, object_id=object_pk)
def wrap(request, *args, **kwargs):
if not request.is_ajax():
return HttpResponseBadRequest("Bad Request: Request must be AJAX")
return f(request, *args, **kwargs)
def post(self, request, *args, **kwargs):
if not self.profile.totp_key:
return HttpResponseBadRequest(
'No TOTP key generated on server side?')
return super(TOTPEnableView, self).post(request, *args, **kwargs)
def put(self, request, file_mgr_name, system_id, file_path):
fm_cls = FileLookupManager(file_mgr_name)
fm = fm_cls(None)
if fm.requires_auth and not request.user.is_authenticated:
return HttpResponseForbidden('Login Required.')
post_body = json.loads(request.body)
metadata = post_body.get('metadata', {})
if file_mgr_name == 'agave' or not metadata:
fmgr = AgaveFileManager(
agave_client=request.user.agave_oauth.client)
try:
file_obj = fmgr.listing(system_id, file_path)
file_obj.metadata.update(metadata)
file_dict = file_obj.to_dict()
file_dict['keyword'] = file_obj.metadata.value['keywords']
metrics.info('Data Depot',
extra={
'user':
request.user.username,
'sessionId':
getattr(request.session, 'session_key', ''),
'operation':
'data_depot_metadata_update',
'info': {
'systemId': system_id,
'filePath': file_path,
'metadata': metadata
}
})
event_data = {
Notification.EVENT_TYPE: 'data_depot',
Notification.OPERATION: 'data_depot_metadata_update',
Notification.STATUS: Notification.SUCCESS,
Notification.USER: request.user.username,
Notification.MESSAGE: 'Metadata was updated successfully.',
Notification.EXTRA: {
'systemId': system_id,
'filePath': file_path,
'metadata': metadata
}
}
Notification.objects.create(**event_data)
except HTTPError as err:
logger.debug(err.response.text)
event_data = {
Notification.EVENT_TYPE: 'data_depot',
Notification.STATUS: Notification.ERROR,
Notification.OPERATION: 'data_depot_metadata_update',
Notification.USER: request.user.username,
Notification.MESSAGE: 'Metadata was updated successfully.',
Notification.EXTRA: {
'systemId': system_id,
'filePath': file_path,
'metadata': metadata
}
}
Notification.objects.create(**event_data)
return JsonResponse(file_dict)
return HttpResponseBadRequest('Unsupported file manager.')
def handle_leave_request(self):
if self.is_user_in_trip(self.request.user):
user_id = self.request.POST['user_id']
self.handle_member_leaving_trip(user_id)
return HttpResponse(str(reverse('root:home')))
return HttpResponseBadRequest('User is not in trip')
def get(self, request, file_mgr_name, system_id, file_path):
if file_mgr_name == AgaveFileManager.NAME \
or file_mgr_name == 'public' \
or file_mgr_name == 'community' \
or file_mgr_name == 'published':
if not request.user.is_authenticated:
if file_mgr_name in ['public', 'community', 'published']:
ag = get_user_model().objects.get(
username='******').agave_oauth.client
else:
return HttpResponseForbidden('Login required')
else:
ag = request.user.agave_oauth.client
fm = AgaveFileManager(agave_client=ag)
f = fm.listing(system_id, file_path)
if request.GET.get('preview', False):
metrics.info('Data Depot',
extra={
'user':
request.user.username,
'sessionId':
getattr(request.session, 'session_key', ''),
'operation':
'agave_file_preview',
'info': {
'systemId': system_id,
'filePath': file_path
}
})
context = {'file': f}
if f.ext in BaseFileResource.SUPPORTED_IMAGE_PREVIEW_EXTS:
context['image_preview'] = f.download_postit(force=False,
lifetime=360)
elif f.ext in BaseFileResource.SUPPORTED_TEXT_PREVIEW_EXTS:
content = f.download()
try:
encoded = content
except UnicodeError:
try:
encoding = chardet.detect(content)['encoding']
encoded = content.decode(encoding).encode('utf-8')
except UnicodeError:
logger.exception('Failed to preview file',
extra={
'file_mgr_name':
file_mgr_name,
'system_id': system_id,
'file_path': file_path
})
encoded = 'Sorry! We were unable to preview this file due ' \
'to an unrecognized content encoding. Please ' \
'download the file to view its contents.'
context['text_preview'] = encoded
elif f.ext in BaseFileResource.SUPPORTED_OBJECT_PREVIEW_EXTS:
context['object_preview'] = f.download_postit(force=False,
lifetime=360)
elif f.ext in BaseFileResource.SUPPORTED_MS_OFFICE:
context['iframe_preview'] = 'https://view.officeapps.live.com/op/view.aspx?src={}'\
.format(f.download_postit(force=False, lifetime=360))
elif f.ext in BaseFileResource.SUPPORTED_VIDEO_EXTS:
context['video_preview'] = f.download_postit(force=False,
lifetime=360)
context[
'mimetype'] = BaseFileResource.SUPPORTED_VIDEO_MIMETYPES[
f.ext]
return render(request,
'designsafe/apps/api/agave/preview.html',
context)
else:
url = 'https://agave.designsafe-ci.org/files/v2/media/{system}/{path}'.format(
system=system_id, path=file_path)
# return HttpResponseRedirect(fm.download(system_id, file_path))
resp = HttpResponseRedirect(url)
resp['X-Authorization'] = 'Bearer {token}'.format(
token=request.user.agave_oauth.access_token)
logger.info(resp)
return resp
return HttpResponseBadRequest("Unsupported operation")
def task_status_ajax(request):
if 'id' not in request.GET:
return HttpResponseBadRequest('Need to pass GET parameter "id"', content_type='text/plain')
return JsonResponse(get_task_status(request.GET['id']))
def update_translation(request):
"""Update entity translation for the specified locale and user."""
try:
entity = request.POST['entity']
string = request.POST['translation']
locale = request.POST['locale']
plural_form = request.POST['plural_form']
original = request.POST['original']
ignore_warnings = request.POST.get('ignore_warnings',
'false') == 'true'
approve = request.POST.get('approve', 'false') == 'true'
force_suggestions = request.POST.get('force_suggestions',
'false') == 'true'
paths = request.POST.getlist('paths[]')
except MultiValueDictKeyError as e:
return HttpResponseBadRequest('Bad Request: {error}'.format(error=e))
try:
e = Entity.objects.get(pk=entity)
except Entity.DoesNotExist as error:
log.error(str(error))
return HttpResponse("error")
try:
locale = Locale.objects.get(code=locale)
except Locale.DoesNotExist as error:
log.error(str(error))
return HttpResponse("error")
if plural_form == "-1":
plural_form = None
user = request.user
project = e.resource.project
# Read-only translations cannot saved
if utils.readonly_exists(project, locale):
return HttpResponseForbidden(
"Forbidden: This string is in read-only mode")
try:
use_ttk_checks = UserProfile.objects.get(user=user).quality_checks
except UserProfile.DoesNotExist as error:
use_ttk_checks = True
# Disable checks for tutorial project.
if project.slug == 'tutorial':
use_ttk_checks = False
now = timezone.now()
can_translate = (request.user.can_translate(project=project, locale=locale)
and (not force_suggestions or approve))
translations = Translation.objects.filter(entity=e,
locale=locale,
plural_form=plural_form)
same_translations = translations.filter(string=string).order_by(
'-active', 'rejected', '-date')
# If same translation exists in the DB, don't save it again.
if utils.is_same(same_translations, can_translate):
return JsonResponse({
'same': True,
})
failed_checks = run_checks(
e,
locale.code,
original,
string,
use_ttk_checks,
)
if are_blocking_checks(failed_checks, ignore_warnings):
return JsonResponse({
'failedChecks': failed_checks,
})
# Translations exist
if len(translations) > 0:
# Same translation exists
if len(same_translations) > 0:
t = same_translations[0]
# If added by privileged user, approve and unfuzzy it
if can_translate and (t.fuzzy or not t.approved):
if not t.active:
translations.filter(active=True).update(active=False)
t.active = True
t.approved = True
t.fuzzy = False
t.rejected = False
t.rejected_user = None
t.rejected_date = None
if t.approved_user is None:
t.approved_user = user
t.approved_date = now
t.save()
t.warnings.all().delete()
t.errors.all().delete()
save_failed_checks(t, failed_checks)
return JsonResponse({
'type':
'updated',
'translation':
t.serialize(),
'stats':
TranslatedResource.objects.stats(project, paths, locale),
})
# Different translation added
else:
t = Translation(
entity=e,
locale=locale,
plural_form=plural_form,
string=string,
user=user,
date=now,
approved=can_translate,
)
if can_translate:
t.approved_user = user
t.approved_date = now
t.save()
save_failed_checks(t, failed_checks)
active_translation = e.reset_active_translation(
locale=locale,
plural_form=plural_form,
)
return JsonResponse({
'type':
'added',
'translation':
active_translation.serialize(),
'stats':
TranslatedResource.objects.stats(project, paths, locale),
})
# No translations saved yet
else:
t = Translation(
entity=e,
locale=locale,
plural_form=plural_form,
string=string,
user=user,
date=now,
active=True,
approved=can_translate,
)
if can_translate:
t.approved_user = user
t.approved_date = now
t.save()
save_failed_checks(t, failed_checks)
return JsonResponse({
'type':
'saved',
'translation':
t.serialize(),
'stats':
TranslatedResource.objects.stats(project, paths, locale),
})
def add_pushover(request):
if settings.PUSHOVER_API_TOKEN is None or settings.PUSHOVER_SUBSCRIPTION_URL is None:
raise Http404("pushover integration is not available")
if request.method == "POST":
# Initiate the subscription
nonce = get_random_string()
request.session["po_nonce"] = nonce
failure_url = settings.SITE_ROOT + reverse("hc-channels")
success_url = settings.SITE_ROOT + reverse(
"hc-add-pushover") + "?" + urlencode(
{
"nonce": nonce,
"prio": request.POST.get("po_priority", "0"),
})
subscription_url = settings.PUSHOVER_SUBSCRIPTION_URL + "?" + urlencode(
{
"success": success_url,
"failure": failure_url,
})
return redirect(subscription_url)
# Handle successful subscriptions
if "pushover_user_key" in request.GET:
if "nonce" not in request.GET or "prio" not in request.GET:
return HttpResponseBadRequest()
# Validate nonce
if request.GET["nonce"] != request.session.get("po_nonce"):
return HttpResponseForbidden()
# Validate priority
if request.GET["prio"] not in ("-2", "-1", "0", "1", "2"):
return HttpResponseBadRequest()
# All looks well--
del request.session["po_nonce"]
if request.GET.get("pushover_unsubscribed") == "1":
# Unsubscription: delete all Pushover channels for this user
Channel.objects.filter(user=request.user, kind="po").delete()
return redirect("hc-channels")
else:
# Subscription
user_key = request.GET["pushover_user_key"]
priority = int(request.GET["prio"])
channel = Channel(user=request.team.user, kind="po")
channel.value = "%s|%d" % (user_key, priority)
channel.save()
channel.assign_all_checks()
return redirect("hc-channels")
# Show Integration Settings form
ctx = {
"page": "channels",
"po_retry_delay": td(seconds=settings.PUSHOVER_EMERGENCY_RETRY_DELAY),
"po_expiration": td(seconds=settings.PUSHOVER_EMERGENCY_EXPIRATION),
}
return render(request, "integrations/add_pushover.html", ctx)
def upload(request, album_id=0):
id = int(album_id)
upload_sessionid = request.COOKIES['sessionid']
gallerys = Gallery.objects.filter(user_id=request.user.id)
has_gallery = gallerys.count() > 0
if not has_gallery:
return HttpResponseRedirect(reverse('7create_album'))
if request.method != 'POST':
response = render_to_response('albums/upload.html',
RequestContext(request, locals()))
response.set_cookie('upload_sessionid',
upload_sessionid,
httponly=False)
return response
if request.FILES == None:
return HttpResponseBadRequest('Must have files attached!')
if 'selected_album' not in request.POST:
return HttpResponseBadRequest('Must select a album')
ufile = request.FILES[u'Filedata']
id = int(request.POST['selected_album'])
parent = str(id / 10000)
child = str(id % 10000)
print 'in upload :' + ufile.name
path = parent + '/' + child + '/'
fold = os.path.join(MEDIA_ROOT, path)
filename = str(random.randint(1, 1000)) + '_' + ufile.name
filepath = path + filename
thumbpath = filepath + '.thumbnail'
thumbpath2 = thumbpath + '2'
squarepath = filepath + '.square'
if not os.path.exists(fold):
os.makedirs(fold)
print 'in uplaod :' + path
image = Image.open(ufile)
print image.info, filepath
image.save(os.path.join(MEDIA_ROOT, filepath))
print 'first save'
image_square = image.resize((100, 100), Image.ANTIALIAS)
image_square.save(os.path.join(MEDIA_ROOT, squarepath), 'JPEG')
image.thumbnail((128, 128), Image.ANTIALIAS)
image.save(os.path.join(MEDIA_ROOT, thumbpath), 'JPEG')
image.thumbnail((64, 64), Image.ANTIALIAS)
image.save(os.path.join(MEDIA_ROOT, thumbpath2), 'JPEG')
gallery = Gallery.objects.select_for_update().get(id=id)
gallery.photo_num = F('photo_num') + 1
gallery.save()
gallery = Gallery.objects.get(pk=gallery.pk)
index = gallery.photo_num
print 'index:', gallery.photo_num
photo = Photo.objects.create(gallery_id=id,
index=index,
uname=ufile.name,
name=filename,
path=filepath,
thumb128=thumbpath,
thumb64=thumbpath2,
square=squarepath)
print 'after:', gallery.photo_num
user_modify_gallery.send(sender=Photo, gallery=gallery)
if not gallery.cover:
gallery.cover = squarepath
gallery.save()
# update photo broadcast
b_photos = B_Photo.objects.filter(gallery_id=id).order_by('-pub_date')
if b_photos.count() != 0 and b_photos[0].pub_date.strftime(
"%Y%m%d") == timezone.now().strftime("%Y%m%d"):
b_photo = b_photos[0]
else:
b_photo = B_Photo.objects.create(user_id=request.user.id,
gallery_id=id)
b_photo.num = F('num') + 1
b_photo.pub_date = timezone.now()
b_photo.save()
from django.utils import simplejson
data = {'thumb64': photo.thumb64, 'index': photo.index}
return HttpResponse(simplejson.dumps(data))
def _upload_file(self, request):
"""
Upload file to the server.
"""
if request.method == "POST":
folder = request.GET.get('folder', '')
if len(request.FILES) == 0:
return HttpResponseBadRequest(
'Invalid request! No files included.')
if len(request.FILES) > 1:
return HttpResponseBadRequest(
'Invalid request! Multiple files included.')
filedata = list(request.FILES.values())[0]
fb_uploadurl_re = re.compile(
r'^.*(%s)' %
reverse("filebrowser:fb_upload", current_app=self.name))
folder = fb_uploadurl_re.sub('', folder)
path = os.path.join(self.directory, folder)
# we convert the filename before uploading in order
# to check for existing files/folders
file_name = convert_filename(filedata.name)
filedata.name = file_name
file_path = os.path.join(path, file_name)
file_already_exists = self.storage.exists(file_path)
# Check for name collision with a directory
if file_already_exists and self.storage.isdir(file_path):
ret_json = {'success': False, 'filename': file_name}
return HttpResponse(json.dumps(ret_json))
signals.filebrowser_pre_upload.send(sender=request,
path=folder,
file=filedata,
site=self)
uploadedfile = handle_file_upload(path, filedata, site=self)
if file_already_exists and OVERWRITE_EXISTING:
old_file = smart_text(file_path)
new_file = smart_text(uploadedfile)
self.storage.move(new_file, old_file, allow_overwrite=True)
full_path = FileObject(smart_text(old_file),
site=self).path_full
else:
file_name = smart_text(uploadedfile)
filedata.name = os.path.relpath(file_name, path)
full_path = FileObject(smart_text(file_name),
site=self).path_full
# set permissions
if DEFAULT_PERMISSIONS is not None:
os.chmod(full_path, DEFAULT_PERMISSIONS)
f = FileObject(smart_text(file_name), site=self)
signals.filebrowser_post_upload.send(sender=request,
path=folder,
file=f,
site=self)
# let Ajax Upload know whether we saved it or not
ret_json = {'success': True, 'filename': f.filename}
return HttpResponse(json.dumps(ret_json))
def aggiungiRisposta(request, pk):
sezione = get_object_or_404(Sezione, pk=pk)
listUsrDR = UserDataReccomandation.objects.filter(user=request.user)
if not (listUsrDR.count() > 0):
usrDR = UserDataReccomandation.objects.create(hotel=0,
ristorante=0,
fastFood=0,
casaVacanza=0,
agriturismo=0,
user=request.user)
else:
usrDR = get_object_or_404(UserDataReccomandation, user=request.user)
if (request.method == "POST"):
form = PostModelForm(request.POST)
if (form.is_valid()):
form.save(commit=False)
form.instance.sezione = sezione
form.instance.autore_post = request.user
form.save()
url_discussione = reverse("sezione_view", kwargs={"pk": pk})
user = get_object_or_404(User, pk=sezione.user.pk)
if (user.first_name == ""):
numero = 0
else:
numero = int(user.first_name)
numero += 1
user.first_name = str(numero)
if (user.last_name == ""):
notifiche = [{
"user_post": request.user.username,
"sezione_commentata": sezione.nome_sezione,
"sezione_url": url_discussione
}]
user.last_name = json.dumps(notifiche)
else:
temp = json.loads(user.last_name)
temp.append({
"user_post": request.user.username,
"sezione_commentata": sezione.nome_sezione,
"sezione_url": url_discussione
})
user.last_name = json.dumps(temp)
if (sezione.hotelB):
usrDR.hotel += form.instance.rating
if (sezione.ristoranteB):
usrDR.ristorante += form.instance.rating
if (sezione.fastFoodB):
usrDR.fastFood += form.instance.rating
if (sezione.casaVacanzaB):
usrDR.casaVacanza += form.instance.rating
if (sezione.agriturismoB):
usrDR.agriturismo += form.instance.rating
usrDR.save()
user.save()
print("numero di notifiche tot: " + user.first_name)
print("lista urls: " + user.last_name)
return HttpResponseRedirect(url_discussione)
else:
return HttpResponseBadRequest()
def post(self, request, file_mgr_name, system_id, file_path):
if file_mgr_name == AgaveFileManager.NAME \
or file_mgr_name == 'public':
if not request.user.is_authenticated:
return HttpResponseForbidden('Login required')
agave_client = request.user.agave_oauth.client
fm = AgaveFileManager(agave_client=agave_client)
if request.FILES:
upload_file = request.FILES['file']
upload_dir = file_path
relative_path = request.POST.get('relative_path', None)
if relative_path:
# user uploaded a folder structure; ensure path exists
upload_dir = os.path.join(file_path,
os.path.dirname(relative_path))
BaseFileResource.ensure_path(agave_client, system_id,
upload_dir)
metrics.info('Data Depot',
extra={
'user':
request.user.username,
'sessionId':
getattr(request.session, 'session_key',
''),
'operation':
'data_depot_folder_upload',
'info': {
'filePath':
file_path,
'relativePath':
os.path.dirname(relative_path),
'systemId':
system_id,
'uploadDir':
upload_dir
}
})
try:
result = fm.upload(system_id, upload_dir, upload_file)
metrics.info('Data Depot',
extra={
'user':
request.user.username,
'sessionId':
getattr(request.session, 'session_key',
''),
'operation':
'data_depot_file_upload',
'info': {
'systemId': system_id,
'uploadDir': upload_dir,
'uploadFile': upload_file
}
})
result['system'] = result['systemId']
result_file = BaseFileResource(agave_client, **result)
event_data = {
Notification.EVENT_TYPE: 'data_depot',
Notification.OPERATION: 'data_depot_file_upload',
Notification.STATUS: Notification.SUCCESS,
Notification.USER: request.user.username,
Notification.MESSAGE: 'File Upload was successful.',
Notification.EXTRA: result_file.to_dict()
}
Notification.objects.create(**event_data)
except HTTPError as e:
logger.error(e.response.text)
event_data = {
Notification.EVENT_TYPE: 'data_depot',
Notification.OPERATION: 'data_depot_file_upload',
Notification.STATUS: Notification.ERROR,
Notification.USER: request.user.username,
Notification.MESSAGE:
'There was an error uploading one or more file(s).',
Notification.EXTRA: {
'system': system_id,
'file_path': file_path
}
}
Notification.objects.create(**event_data)
return HttpResponseBadRequest(e.response.text)
return JsonResponse({'status': 'ok'})
return HttpResponseBadRequest("Unsupported operation")
def update_translation(request):
"""Update entity translation for the specified locale and user."""
try:
entity = request.POST['entity']
string = request.POST['translation']
locale = request.POST['locale']
plural_form = request.POST['plural_form']
original = request.POST['original']
ignore_check = request.POST['ignore_check']
approve = request.POST.get('approve', 'false') == 'true'
force_suggestions = request.POST.get('force_suggestions',
'false') == 'true'
paths = request.POST.getlist('paths[]')
except MultiValueDictKeyError as e:
return HttpResponseBadRequest('Bad Request: {error}'.format(error=e))
try:
e = Entity.objects.get(pk=entity)
except Entity.DoesNotExist as error:
log.error(str(error))
return HttpResponse("error")
try:
l = Locale.objects.get(code=locale)
except Locale.DoesNotExist as error:
log.error(str(error))
return HttpResponse("error")
if plural_form == "-1":
plural_form = None
user = request.user
project = e.resource.project
try:
quality_checks = UserProfile.objects.get(user=user).quality_checks
except UserProfile.DoesNotExist as error:
quality_checks = True
ignore = False
if ignore_check == 'true' or not quality_checks:
ignore = True
now = timezone.now()
can_translate = (request.user.can_translate(project=project, locale=l)
and (not force_suggestions or approve))
translations = Translation.objects.filter(entity=e,
locale=l,
plural_form=plural_form)
# Newlines are not allowed in .lang files (bug 1190754)
if e.resource.format == 'lang' and '\n' in string:
return HttpResponse('Newline characters are not allowed.')
# Translations exist
if len(translations) > 0:
# Same translation exists
same_translations = translations.filter(string=string).order_by(
'-approved', 'rejected', '-date')
if len(same_translations) > 0:
t = same_translations[0]
# If added by privileged user, approve and unfuzzy it
if can_translate:
# Unless there's nothing to be changed
if t.user is not None and t.approved and t.approved_user \
and t.approved_date and not t.fuzzy:
return JsonResponse({
'same':
True,
'message':
'Same translation already exists.',
})
warnings = utils.quality_check(original, string, l, ignore)
if warnings:
return warnings
translations.update(
approved=False,
approved_user=None,
approved_date=None,
rejected=True,
rejected_user=request.user,
rejected_date=timezone.now(),
fuzzy=False,
)
if t.user is None:
t.user = user
t.approved = True
t.approved_date = timezone.now()
t.fuzzy = False
t.rejected = False
t.rejected_user = None
t.rejected_date = None
if t.approved_user is None:
t.approved_user = user
t.approved_date = now
t.save()
return JsonResponse({
'type':
'updated',
'translation':
t.serialize(),
'stats':
TranslatedResource.objects.stats(project, paths, l),
})
# If added by non-privileged user, unfuzzy it
else:
if t.fuzzy:
warnings = utils.quality_check(original, string, l, ignore)
if warnings:
return warnings
if t.user is None:
t.user = user
t.approved = False
t.approved_user = None
t.approved_date = None
t.fuzzy = False
t.save()
return JsonResponse({
'type':
'updated',
'translation':
t.serialize(),
'stats':
TranslatedResource.objects.stats(project, paths, l),
})
return JsonResponse({
'same':
True,
'message':
'Same translation already exists.',
})
# Different translation added
else:
warnings = utils.quality_check(original, string, l, ignore)
if warnings:
return warnings
if can_translate:
translations.update(approved=False,
approved_user=None,
approved_date=None)
translations.update(fuzzy=False)
t = Translation(entity=e,
locale=l,
user=user,
string=string,
plural_form=plural_form,
date=now,
approved=can_translate)
if can_translate:
t.approved_user = user
t.approved_date = now
t.save()
# Return active (approved or latest) translation
try:
active = translations.filter(approved=True).latest("date")
except Translation.DoesNotExist:
active = translations.latest("date")
return JsonResponse({
'type':
'added',
'translation':
active.serialize(),
'stats':
TranslatedResource.objects.stats(project, paths, l),
})
# No translations saved yet
else:
warnings = utils.quality_check(original, string, l, ignore)
if warnings:
return warnings
t = Translation(entity=e,
locale=l,
user=user,
string=string,
plural_form=plural_form,
date=now,
approved=can_translate)
if can_translate:
t.approved_user = user
t.approved_date = now
t.save()
return JsonResponse({
'type':
'saved',
'translation':
t.serialize(),
'stats':
TranslatedResource.objects.stats(project, paths, l),
})
def put(self, request, file_mgr_name, system_id, file_path):
if request.is_ajax():
body = json.loads(request.body)
else:
body = request.POST.copy()
action = body.get('action', '')
if file_mgr_name == AgaveFileManager.NAME \
or file_mgr_name == 'public' \
or file_mgr_name == 'community' \
or file_mgr_name == 'published':
if not request.user.is_authenticated:
if file_mgr_name in ['public', 'community', 'published']:
if action in ['mkdir', 'move', 'rename', 'trash']:
return HttpResponseBadRequest('Invalid Action')
ag = get_user_model().objects.get(
username='******').agave_oauth.client
else:
return HttpResponseForbidden('Login required')
else:
ag = request.user.agave_oauth.client
fm = AgaveFileManager(agave_client=ag)
if action == 'copy':
try:
event_data = {
Notification.EVENT_TYPE: 'data_depot',
Notification.OPERATION: 'data_depot_copy',
Notification.STATUS: Notification.SUCCESS,
Notification.USER: request.user.username,
Notification.MESSAGE: 'Data was copied.',
}
if body.get('system') is None:
external = body.get('resource')
if external not in ['box', 'dropbox', 'googledrive']:
return HttpResponseBadRequest(
"External resource not available.")
if external == 'googledrive':
dest_file_id = body.get('id')
else:
dest_file_id = body.get('path')
external_resource_upload.apply_async(kwargs={
'username':
request.user.username,
'dest_resource':
external,
'src_file_id':
os.path.join(system_id, file_path.strip('/')),
'dest_file_id':
dest_file_id
},
queue='files')
event_data[
Notification.
MESSAGE] = 'Data copy was scheduled. This may take a few minutes.'
event_data[Notification.EXTRA] = {
'resource':
external,
'dest_file_id':
body.get('path'),
'src_file_id':
os.path.join(system_id, file_path.strip('/'))
}
elif body.get('system') != system_id:
if body.get('ipynb'):
path = '/{}'.format(request.user.username)
else:
path = body.get('path')
copied = fm.import_data(body.get('system'), path,
system_id, file_path)
metrics.info('Data Depot',
extra={
'user':
request.user.username,
'sessionId':
getattr(request.session,
'session_key', ''),
'operation':
'data_depot_copy',
'info': {
'destSystemId':
body.get('system'),
'destFilePath': path,
'fromSystemId': system_id,
'fromFilePath': file_path
}
})
event_data[Notification.EXTRA] = copied.to_dict()
else:
copied = fm.copy(system_id, file_path,
body.get('path'), body.get('name'))
metrics.info('Data Depot',
extra={
'user':
request.user.username,
'sessionId':
getattr(request.session,
'session_key', ''),
'operation':
'data_depot_copy',
'info': {
'destSystemId': system_id,
'destFilePath': file_path,
'fromSystemId':
body.get('system'),
'fromFilePath': body.get('path')
}
})
event_data[Notification.EXTRA] = copied.to_dict()
notification = Notification.objects.create(**event_data)
notification.save()
return JsonResponse(copied,
encoder=AgaveJSONEncoder,
safe=False)
except HTTPError as e:
logger.exception(e.response.text)
event_data = {
Notification.EVENT_TYPE: 'data_depot',
Notification.OPERATION: 'data_depot_copy',
Notification.STATUS: Notification.ERROR,
Notification.USER: request.user.username,
Notification.MESSAGE:
'There was an error copying data.',
Notification.EXTRA: {
'message': e.response.text
}
}
Notification.objects.create(**event_data)
return HttpResponseBadRequest(e.response.text)
elif action == 'download':
metrics.info('Data Depot',
extra={
'user':
request.user.username,
'sessionId':
getattr(request.session, 'session_key', ''),
'operation':
'agave_file_download',
'info': {
'systemId': system_id,
'filePath': file_path
}
})
return JsonResponse(
{'href': fm.download(system_id, file_path)})
elif action == 'mkdir':
try:
dir_name = body.get('name')
new_dir = fm.mkdir(system_id, file_path, dir_name)
metrics.info('Data Depot',
extra={
'user':
request.user.username,
'sessionId':
getattr(request.session, 'session_key',
''),
'operation':
'agave_file_mkdir',
'info': {
'systemId': system_id,
'filePath': file_path,
'dirName': dir_name
}
})
event_data = {
Notification.EVENT_TYPE: 'data_depot',
Notification.OPERATION: 'data_depot_mkdir',
Notification.STATUS: Notification.SUCCESS,
Notification.USER: request.user.username,
Notification.MESSAGE: 'Directory created.',
Notification.EXTRA: new_dir.to_dict()
}
Notification.objects.create(**event_data)
return JsonResponse(new_dir,
encoder=AgaveJSONEncoder,
safe=False)
except HTTPError as e:
logger.exception(e.response.text)
event_data = {
Notification.EVENT_TYPE: 'data_depot',
Notification.OPERATION: 'data_depot_mkdir',
Notification.STATUS: Notification.ERROR,
Notification.USER: request.user.username,
Notification.MESSAGE: 'Error creating directory.',
Notification.EXTRA: {
'message': e.response.text
}
}
Notification.objects.create(**event_data)
return HttpResponseBadRequest(e.response.text)
elif action == 'move':
try:
if body.get('system') != system_id:
moved = fm.import_data(body.get('system'),
body.get('path'), system_id,
file_path)
fm.delete(system_id, file_path)
metrics.info('Data Depot',
extra={
'user':
request.user.username,
'sessionId':
getattr(request.session,
'session_key', ''),
'operation':
'agave_file_copy_move',
'info': {
'destSystemId':
body.get('system'),
'destFilePath': body.get('path'),
'fromSystemId': system_id,
'fromFilePath': file_path
}
})
else:
moved = fm.move(system_id, file_path, body.get('path'),
body.get('name'))
metrics.info('Data Depot',
extra={
'user':
request.user.username,
'sessionId':
getattr(request.session,
'session_key', ''),
'operation':
'agave_file_copy',
'info': {
'destSystemId': system_id,
'destFilePath': file_path,
'fromSystemId':
body.get('system'),
'fromFilePath': body.get('path')
}
})
event_data = {
Notification.EVENT_TYPE: 'data_depot',
Notification.STATUS: Notification.SUCCESS,
Notification.OPERATION: 'data_depot_move',
Notification.USER: request.user.username,
Notification.MESSAGE: 'Data has been moved.',
Notification.EXTRA: moved.to_dict()
}
Notification.objects.create(**event_data)
return JsonResponse(moved,
encoder=AgaveJSONEncoder,
safe=False)
except HTTPError as e:
logger.exception(e.response.text)
event_data = {
Notification.EVENT_TYPE: 'data_depot_move',
Notification.STATUS: Notification.ERROR,
Notification.OPERATION: 'data_depot_move',
Notification.USER: request.user.username,
Notification.MESSAGE:
'There was an error moving your data.',
Notification.EXTRA: {
'message': e.response.text
}
}
Notification.objects.create(**event_data)
return HttpResponseBadRequest(e.response.text)
elif action == 'preview':
try:
file_listing = fm.listing(system_id, file_path)
if file_listing.previewable:
preview_url = reverse(
'designsafe_api:files_media',
args=[file_mgr_name, system_id, file_path])
return JsonResponse({
'href':
'{}?preview=true'.format(preview_url),
'postit':
file_listing.download_postit(force=False,
lifetime=360)
})
else:
return HttpResponseBadRequest(
'Preview not available for this item.')
except HTTPError as e:
logger.exception(
'Unable to preview file: {file_path}'.format(
file_path=file))
return HttpResponseBadRequest(e.response.text)
elif action == 'rename':
try:
renamed = fm.rename(system_id, file_path, body.get('name'))
metrics.info('Data Depot',
extra={
'user':
request.user.username,
'sessionId':
getattr(request.session, 'session_key',
''),
'operation':
'agave_file_rename',
'info': {
'systemId': system_id,
'filePath': file_path,
'name': body.get('name')
}
})
event_data = {
Notification.EVENT_TYPE: 'data_depot_rename',
Notification.STATUS: Notification.SUCCESS,
Notification.USER: request.user.username,
Notification.MESSAGE: 'File/folder was renamed.',
Notification.EXTRA: renamed.to_dict()
}
Notification.objects.create(**event_data)
return JsonResponse(renamed,
encoder=AgaveJSONEncoder,
safe=False)
except HTTPError as e:
logger.exception(e.response.text)
event_data = {
Notification.EVENT_TYPE: 'data_depot_rename',
Notification.STATUS: Notification.ERROR,
Notification.USER: request.user.username,
Notification.MESSAGE:
'There was an error renaming a file/folder.',
Notification.EXTRA: {
'message': e.response.text
}
}
Notification.objects.create(**event_data)
return HttpResponseBadRequest(e.response.text)
elif action == 'trash':
trash_path = '/Trash'
if system_id == AgaveFileManager.DEFAULT_SYSTEM_ID:
trash_path = request.user.username + '/.Trash'
try:
trashed = fm.trash(system_id, file_path, trash_path)
metrics.info('Data Depot',
extra={
'user':
request.user.username,
'sessionId':
getattr(request.session, 'session_key',
''),
'operation':
'agave_file_trash',
'info': {
'systemId': system_id,
'filePath': file_path,
'trashPath': trash_path
}
})
event_data = {
Notification.EVENT_TYPE: 'data_depot',
Notification.STATUS: Notification.SUCCESS,
Notification.OPERATION: 'data_depot_trash',
Notification.USER: request.user.username,
Notification.MESSAGE:
'File/folder was moved to trash.',
Notification.EXTRA: trashed.to_dict()
}
Notification.objects.create(**event_data)
return JsonResponse(trashed,
encoder=AgaveJSONEncoder,
safe=False)
except HTTPError as e:
logger.error(e.response.text)
event_data = {
Notification.EVENT_TYPE: 'data_depot_trash',
Notification.STATUS: Notification.ERROR,
Notification.OPERATION: 'data_depot_trash',
Notification.USER: request.user.username,
Notification.MESSAGE:
'There was an error moving file/folder to trash.',
Notification.EXTRA: {
'message': e.response.text
}
}
Notification.objects.create(**event_data)
return HttpResponseBadRequest(e.response.text)
return HttpResponseBadRequest("Unsupported operation")
def vcs_service_hook(request, service):
"""Shared code between VCS service hooks.
Currently used for bitbucket_hook, github_hook and gitlab_hook, but should
be usable for other VCS services (Google Code, custom coded sites, etc.)
too.
"""
# We support only post methods
if not settings.ENABLE_HOOKS:
return HttpResponseNotAllowed(())
# Check if we got payload
try:
data = parse_hook_payload(request)
except (ValueError, KeyError, UnicodeError):
return HttpResponseBadRequest('Could not parse JSON payload!')
# Get service helper
hook_helper = HOOK_HANDLERS[service]
# Send the request data to the service handler.
try:
service_data = hook_helper(data)
except Exception as error:
LOGGER.error('failed to parse service %s data', service)
report_error(error, sys.exc_info())
return HttpResponseBadRequest('Invalid data in json payload!')
# Log data
service_long_name = service_data['service_long_name']
repos = service_data['repos']
repo_url = service_data['repo_url']
branch = service_data['branch']
# Generate filter
spfilter = Q(repo__in=repos)
# We need to match also URLs which include username and password
for repo in repos:
if not repo.startswith('https://'):
continue
spfilter = spfilter | (Q(repo__startswith='https://')
& Q(repo__endswith='@{0}'.format(repo[8:])))
all_components = Component.objects.filter(spfilter)
if branch is not None:
all_components = all_components.filter(branch=branch)
components = all_components.filter(project__enable_hooks=True)
LOGGER.info(
'received %s notification on repository %s, branch %s,'
'%d matching components, %d to process',
service_long_name,
repo_url,
branch,
all_components.count(),
components.count(),
)
# Trigger updates
updates = 0
for obj in components:
updates += 1
LOGGER.info('%s notification will update %s', service_long_name, obj)
perform_update(obj)
if updates == 0:
return hook_response('No matching repositories found!', 'failure')
return hook_response()
def post(self, request, file_mgr_name, system_id, file_path):
if request.is_ajax():
body = json.loads(request.body)
else:
body = request.POST.copy()
if file_mgr_name == AgaveFileManager.NAME \
or file_mgr_name == 'public':
if not request.user.is_authenticated:
return HttpResponseForbidden('Login required')
fm = AgaveFileManager(agave_client=request.user.agave_oauth.client)
username = body.get('username')
permission = body.get('permission')
try:
pem = fm.share(system_id, file_path, username, permission)
metrics.info('Data Depot',
extra={
'user':
request.user.username,
'sessionId':
getattr(request.session, 'session_key', ''),
'operation':
'data_depot_share',
'info': {
'systemId': system_id,
'filePath': file_path
}
})
event_data = {
Notification.EVENT_TYPE:
'data_depot',
Notification.OPERATION:
'data_depot_share',
Notification.STATUS:
Notification.SUCCESS,
Notification.USER:
request.user.username,
Notification.MESSAGE:
'{} permissions were granted to {}.'.format(
permission, username),
Notification.EXTRA: {
'system': system_id,
'file_path': file_path,
'username': username,
'permission': permission
}
}
Notification.objects.create(**event_data)
except HTTPError as err:
logger.debug(err.response.text)
event_data = {
Notification.EVENT_TYPE: 'data_depot_share',
Notification.STATUS: Notification.ERROR,
Notification.OPERATION: 'data_depot_share',
Notification.USER: request.user.username,
Notification.MESSAGE:
'There was an error updating permissions for a file/folder.',
Notification.EXTRA: {
'message': err.response.text
}
}
Notification.objects.create(**event_data)
return HttpResponseBadRequest(err.response.text)
return JsonResponse(pem, encoder=AgaveJSONEncoder, safe=False)
return HttpResponseBadRequest("Unsupported operation")
def _wrapped_view(request, *args, **kwargs):
if request.is_ajax():
return view_func(request, *args, **kwargs)
else:
return HttpResponseBadRequest()
def new_application(request, software_license):
return HttpResponseBadRequest("<h1>Restricted Software denied.</h1>")
