def put(request, node): PUT = parse_json(request) if not PUT: return bad_request(request, {'error': 'invalid_json'}) f = node.model if 'star' in PUT: if not node.can_view(): raise PermissionDenied if not request.user.is_authenticated(): return bad_request(request, {'error': 'login_required'}) f.starring.add(request.user) elif 'unstar' in PUT: if not node.can_view(): raise PermissionDenied if not request.user.is_authenticated(): return bad_request(request, {'error': 'login_required'}) f.starring.remove(request.user) elif 'rename' in PUT: if not node.can_edit(): raise PermissionDenied name = PUT.get('name') if not name: return bad_request(request, {'error': 'invalid_name'}) f.name = name f.save() elif 'move' in PUT: if not node.can_edit(): raise PermissionDenied try: parent = Node(PUT.get('at')) except ObjectDoesNotExist: return bad_request(request, {'error': 'invalid_node'}) if not parent.is_folder(): return bad_request(request, {'error': 'node_is_not_a_folder'}) elif not parent.can_edit(): raise PermissionDenied elif parent.is_archived(): return bad_request(request, {'error': 'node_archived'}) f.parent = parent f.save() elif 'archive' in PUT: if not request.user.has_perm('docs.archive'): raise PermissionDenied f.is_archived = True f.save() elif 'unarchive' in PUT: if not request.user.has_perm('docs.archive'): raise PermissionDenied f.is_archived = False f.save() elif 'permissions' in PUT: if node.can_edit(): raise PermissionDenied if not request.user.is_authenticated(): return bad_request(request, {'error': 'login_required'}) try: effects = dict((y, x) for x, y in Permission.EFFECT_ENUMERATION) kinds = dict((y, x) for x, y in Permission.TYPE_ENUMERATION) scopes = dict((y, x) for x, y in Permission.SCOPE_ENUMERATION) perms = [] for obj in PUT.get('permissions'): p = Permission() p.effect = effects[obj['effect']] p.type = kinds[obj['type']] if 'group' in obj: p.scope = Permission.PER_GROUP p.target = obj['group'] elif 'user' in obj: p.scope = Permission.PER_USER p.target = obj['user'] else: p.scope = scopes[obj['scope']] perms.append(p) f.permissions.clear() f.permissions.bulk_create(perms) except TypeError: return bad_request(request, {'error': 'invalid_permissions'}) except (KeyError, ValueError): return bad_request(request, {'error': 'invalid_entry'}) return render_json(request, {'status': 'success'})
def put(request, node): PUT = parse_json(request) if not PUT: return bad_request(request, {'error': 'invalid_json'}) f = node.model if 'star' in PUT: if not node.can_view(): raise PermissionDenied if not request.user.is_authenticated(): return bad_request(request, {'error': 'login_required'}) f.starring.add(request.user) elif 'unstar' in PUT: if not node.can_view(): raise PermissionDenied if not request.user.is_authenticated(): return bad_request(request, {'error': 'login_required'}) f.starring.remove(request.user) elif 'rename' in PUT: if not node.can_edit(): raise PermissionDenied name = PUT.get('name') if not name: return bad_request(request, {'error': 'invalid_name'}) f.name = name f.save() elif 'move' in PUT: if not node.can_edit(): raise PermissionDenied try: parent = Node(PUT.get('at')) except ObjectDoesNotExist: return bad_request(request, {'error': 'invalid_node'}) if not parent.is_folder(): return bad_request(request, {'error': 'node_is_not_a_folder'}) elif not parent.can_edit(): raise PermissionDenied elif parent.is_archived(): return bad_request(request, {'error': 'node_archived'}) f.parent = parent f.save() elif 'archive' in PUT: if not request.user.has_perm('docs.archive'): raise PermissionDenied f.is_archived = True f.save() elif 'unarchive' in PUT: if not request.user.has_perm('docs.archive'): raise PermissionDenied f.is_archived = False f.save() elif 'permissions' in PUT: if node.can_edit(): raise PermissionDenied if not request.user.is_authenticated(): return bad_request(request, {'error': 'login_required'}) try: effects = dict((y, x) for x, y in Permission.EFFECT_ENUMERATION) kinds = dict((y, x) for x, y in Permission.TYPE_ENUMERATION) scopes = dict((y, x) for x, y in Permission.SCOPE_ENUMERATION) perms = [] for obj in PUT.get('permissions'): p = Permission() p.effect = effects[obj['effect']] p.type = kinds[obj['type']] if 'group' in obj: p.scope = Permission.PER_GROUP p.target = obj['group'] elif 'user' in obj: p.scope = Permission.PER_USER p.target = obj['user'] else: p.scope = scopes[obj['scope']] perms.append(p) f.permissions.clear() f.permissions.bulk_create(perms) except TypeError: return bad_request(request, {'error': 'invalid_permissions'}) except (KeyError, ValueError): return bad_request(request, {'error': 'invalid_entry'}) return render_json(request, {'status': 'success'})
def create(request): if request.method == 'POST': kind = request.POST.get('type') name = request.POST.get('name') at = request.POST.get('at') if not (kind and name and at): return bad_request(request, {'error': 'invalid_args'}) try: parent = Node(at, user=request.user) except ObjectDoesNotExist: return bad_request(request, {'error': 'invalid_node'}) if not parent.is_folder(): return bad_request(request, {'error': 'node_is_not_a_folder'}) if not parent.can_edit(): from django.core.exceptions import PermissionDenied raise PermissionDenied # Warning: removed creation restrictions on <ALLOW * EDIT> folder. Careful. if parent.is_archived(): return bad_request(request, {'error': 'node_archived'}) if kind == 'file': r = create_revision(request) if not r: return bad_request(request, {'error': 'content_required'}) f = File() f.current_revision = r elif kind == 'folder': f = Folder() else: return bad_request(request, {'error': 'invalid_type'}) f.parent = parent.model f.name = name f.save() node = Node(nodeobj=f, user=request.user) if request.is_ajax(): result = { 'status': 'success', 'nid': node.nid(), 'timestamp': f.last_modified, } if node.is_file(): result['revision'] = r.id return render(request, result) else: return redirect('docs:view', node.nid()) elif request.is_ajax(): return not_allowed(request, ['POST']) else: try: parent = Node(request.GET.get('at'), user=request.user) except (TypeError, ObjectDoesNotExist): parent = None if not parent or not parent.is_folder(): return redirect('docs:main') if not parent.can_edit(): if not request.user.is_authenticated(): from django.contrib.auth.views import redirect_to_login return redirect_to_login(request.path) else: from django.core.exceptions import PermissionDenied raise PermissionDenied return render(request, 'docs/create.html', {'parent': parent})
def create(request): if request.method == 'POST': kind = request.POST.get('type') name = request.POST.get('name') at = request.POST.get('at') if not (kind and name and at): return bad_request(request, {'error': 'invalid_args'}) try: parent = Node(at, user=request.user) except ObjectDoesNotExist: return bad_request(request, {'error': 'invalid_node'}) if not parent.is_folder(): return bad_request(request, {'error': 'node_is_not_a_folder'}) if not parent.can_edit(): from django.core.exceptions import PermissionDenied raise PermissionDenied # Warning: removed creation restrictions on <ALLOW * EDIT> folder. Careful. if parent.is_archived(): return bad_request(request, {'error': 'node_archived'}) if kind == 'file': r = create_revision(request) if not r: return bad_request(request, {'error': 'content_required'}) f = File() f.current_revision = r elif kind == 'folder': f = Folder() else: return bad_request(request, {'error': 'invalid_type'}) f.parent = parent.model f.name = name f.save() node = Node(nodeobj=f, user=request.user) if request.is_ajax(): result = { 'status': 'success', 'nid': node.nid(), 'timestamp': f.last_modified, } if node.is_file(): result['revision'] = r.id return render(request, result) else: return redirect('docs:view', node.nid()) elif request.is_ajax(): return not_allowed(request, ['POST']) else: try: parent = Node(request.GET.get('at'), user=request.user) except (TypeError, ObjectDoesNotExist): parent = None if not parent or not parent.is_folder(): return redirect('docs:main') if not parent.can_edit(): if not request.user.is_authenticated(): from django.contrib.auth.views import redirect_to_login return redirect_to_login(request.path) else: from django.core.exceptions import PermissionDenied raise PermissionDenied return render(request, 'docs/create.html', {'parent': parent})