def Login(request):
""" To login user and check if he is admin """
## first check if he already logined and he try to XSS
if is_logined(request):
return redirect(profile)
if request.method == 'POST':
username = request.POST['username']
password = request.POST['password']
## if there is match for username and password
user = authenticate(request, username=username, password=password)
if user:
login(request, user)
## if admin who logined redirect him to adminstration page
if this_is_admin(request):
return redirect(adminstration)
return redirect(profile)
else:
err_msg(request, 'username or password is incorrect')
return redirect(log_in)
else:
return render(request, 'login.html')
def SubmitComment(request, change_type, change_id):
if is_logined(request):
if request.method == 'POST':
content = request.POST['content']
## add the comment to the table
comment = Comment(content=content)
comment.save()
## add the comment to the change
Type = change_types[change_type]
change = get_object(Type, id=change_id)
change.user_notes.add(comment)
return redirect_prev_page(request)
else:
return HttpResponse('this is not a post')
else:
return redirect(log_in)
def SubmitCommentReplay(request, comment_id):
if is_logined(request):
if request.method == 'POST':
content = request.POST['content']
## add the comment to the table
comment = get_object(Comment, id=comment_id)
if comment and not comment.replay:
clone_comment = comment
clone_comment.replay = content
comment = clone_comment
comment.save()
return redirect_prev_page(request)
else:
return HttpResponse('this is not a post')
else:
return redirect(log_in)
def OpenProject(request, slug):
## check he is_logined(request)
if is_logined(request):
## be sure that user ask for his project or admin who ask
project, context = has_access_to_project(request, slug)
if project:
versions = project.project_versions.all()
comment_form = CommentForm()
context.update({
'project': project,
'versions': versions,
'comment_field': comment_form,
})
return render(request, 'project2.html', context)
else:
err_msg(request, 'You Dont Have Access For This Project')
return redirect(profile)
else:
return redirect(log_in)
def OpenProfile(request, slug):
""" user can only open his profile """
## first check he is logined
if is_logined(request):
## check if he ask for his profile
# else see if he admin else redirect to his profile
user = request.user.username
if slug == slugify(user):
## load his profile
return load_profile(request, slug)
else:
if this_is_admin(request):
## load profile as admin give u access to create projects
context = {'admin': True}
return load_profile(request, slug, context)
else:
## someone try to access other redirect him to his profile
return redirect(profile)
else:
## not logined has no access to any profile
return redirect(log_in)
def Logout(request):
""" logout if logined else redirect to login page """
if is_logined(request):
logout(request)
return redirect(log_in)