def approve(request, id, template_name="jobs/approve.html"): can_view_jobs = has_perm(request.user, 'jobs.view_job') can_change_jobs = has_perm(request.user, 'jobs.change_job') if not all([can_view_jobs, can_change_jobs]): raise Http403 job = get_object_or_404(Job, pk=id) if request.method == "POST": job.activation_dt = now_localized() job.allow_anonymous_view = True job.status = True job.status_detail = 'active' if not job.creator: job.creator = request.user job.creator_username = request.user.username if not job.owner: job.owner = request.user job.owner_username = request.user.username job.save() messages.add_message(request, messages.SUCCESS, 'Successfully approved %s' % job) return HttpResponseRedirect(reverse('job', args=[job.slug])) return render_to_response(template_name, {'job': job}, context_instance=RequestContext(request))
def groupmembership_add_edit(request, group_slug, user_id=None, form_class=GroupMembershipForm, template_name="user_groups/member_add_edit.html"): add, edit = None, None group = get_object_or_404(Group, slug=group_slug) if user_id: user = get_object_or_404(User, pk=user_id) group_membership = get_object_or_404(GroupMembership, member=user, group=group) if not has_perm(request.user,'user_groups.change_groupmembership',group_membership): raise Http403 edit = True else: group_membership = None if not has_perm(request.user,'user_groups.add_groupmembership'): raise Http403 add = True if request.method == 'POST': form = form_class(None, user_id, request.POST, instance=group_membership) if form.is_valid(): group_membership = form.save(commit=False) group_membership.group = group if not group_membership.id: group_membership.creator_id = request.user.id group_membership.creator_username = request.user.username group_membership.owner_id = request.user.id group_membership.owner_username = request.user.username group_membership.save() if add: log_defaults = { 'event_id' : 221000, 'event_data': '%s (%d) added by %s' % (group_membership._meta.object_name, group_membership.pk, request.user), 'description': '%s added' % group_membership._meta.object_name, 'user': request.user, 'request': request, 'instance': group_membership, } EventLog.objects.log(**log_defaults) if edit: log_defaults = { 'event_id' : 222000, 'event_data': '%s (%d) edited by %s' % (group_membership._meta.object_name, group_membership.pk, request.user), 'description': '%s edited' % group_membership._meta.object_name, 'user': request.user, 'request': request, 'instance': group_membership, } EventLog.objects.log(**log_defaults) return HttpResponseRedirect(group.get_absolute_url()) else: form = form_class(group, user_id, instance=group_membership) return render_to_response(template_name, locals(), context_instance=RequestContext(request))
def pending(request, template_name="jobs/pending.html"): can_view_jobs = has_perm(request.user, 'jobs.view_job') can_change_jobs = has_perm(request.user, 'jobs.change_job') if not all([can_view_jobs, can_change_jobs]): raise Http403 jobs = Job.objects.filter(status_detail__contains='pending') return render_to_response(template_name, {'jobs': jobs}, context_instance=RequestContext(request))
def pricing_add(request, form_class=JobPricingForm, template_name="jobs/pricing-add.html"): if has_perm(request.user, 'jobs.add_jobpricing'): if request.method == "POST": form = form_class(request.POST) if form.is_valid(): job_pricing = form.save(commit=False) job_pricing.status = 1 job_pricing.save(request.user) log_defaults = { 'event_id': 265100, 'event_data': '%s (%d) added by %s' % ( job_pricing._meta.object_name, job_pricing.pk, request.user ), 'description': '%s added' % job_pricing._meta.object_name, 'user': request.user, 'request': request, 'instance': job_pricing, } EventLog.objects.log(**log_defaults) return HttpResponseRedirect(reverse('job_pricing.view', args=[job_pricing.id])) else: form = form_class() return render_to_response(template_name, {'form': form}, context_instance=RequestContext(request)) else: raise Http403
def delete(request, id, template_name="files/delete.html"): file = get_object_or_404(File, pk=id) # check permission if not has_perm(request.user,'files.delete_file'): raise Http403 if request.method == "POST": log_defaults = { 'event_id' : 183000, 'event_data': '%s (%d) deleted by %s' % (file._meta.object_name, file.pk, request.user), 'description': '%s deleted' % file._meta.object_name, 'user': request.user, 'request': request, 'instance': file, } EventLog.objects.log(**log_defaults) file.delete() if 'ajax' in request.POST: return HttpResponse('Ok') else: return HttpResponseRedirect(reverse('file.search')) return render_to_response(template_name, {'file': file}, context_instance=RequestContext(request))
def details(request, slug=None): if not slug: return HttpResponseRedirect(reverse('speakers')) speaker = get_object_or_404(Speaker, slug=slug) # non-admin can not view the non-active content # status=0 has been taken care of in the has_perm function if (speaker.status_detail).lower() != 'active' and (not is_admin(request.user)): raise Http403 template_name="speakers/view.html" log_defaults = { 'event_id' : 1070500, 'event_data': '%s (%d) viewed by %s' % (speaker._meta.object_name, speaker.pk, request.user), 'description': '%s viewed' % speaker._meta.object_name, 'user': request.user, 'request': request, 'instance': speaker, } EventLog.objects.log(**log_defaults) if has_perm(request.user, 'speaker.view_speaker', speaker): return render_to_response(template_name, {'speaker': speaker}, context_instance=RequestContext(request)) else: raise Http403
def group_delete(request, id, template_name="user_groups/delete.html"): group = get_object_or_404(Group, pk=id) if not has_perm(request.user,'user_groups.delete_group',group): raise Http403 if request.method == "POST": # send notification to administrators recipients = get_notice_recipients('module', 'groups', 'grouprecipients') if recipients: if notification: extra_context = { 'object': group, 'request': request, } notification.send_emails(recipients,'group_deleted', extra_context) log_defaults = { 'event_id' : 163000, 'event_data': '%s (%d) deleted by %s' % (group._meta.object_name, group.pk, request.user), 'description': '%s deleted' % group._meta.object_name, 'user': request.user, 'request': request, 'instance': group, } EventLog.objects.log(**log_defaults) group.delete() return HttpResponseRedirect(reverse('group.search')) return render_to_response(template_name, {'group':group}, context_instance=RequestContext(request))
def edit_meta(request, id, form_class=MetaForm, template_name="resumes/edit-meta.html"): # check permission resume = get_object_or_404(Resume, pk=id) if not has_perm(request.user,'resumes.change_resume',resume): raise Http403 defaults = { 'title': resume.get_title(), 'description': resume.get_description(), 'keywords': resume.get_keywords(), 'canonical_url': resume.get_canonical_url(), } resume.meta = MetaTags(**defaults) if request.method == "POST": form = form_class(request.POST, instance=resume.meta) if form.is_valid(): resume.meta = form.save() # save meta resume.save() # save relationship messages.add_message(request, messages.SUCCESS, 'Successfully updated meta for %s' % resume) return HttpResponseRedirect(reverse('resume', args=[resume.slug])) else: form = form_class(instance=resume.meta) return render_to_response(template_name, {'resume': resume, 'form':form}, context_instance=RequestContext(request))
def delete(request, id, template_name="news/delete.html"): news = get_object_or_404(News, pk=id) # check permission if not has_perm(request.user, "news.delete_news"): raise Http403 if request.method == "POST": log_defaults = { "event_id": 305300, "event_data": "%s (%d) deleted by %s" % (news._meta.object_name, news.pk, request.user), "description": "%s deleted" % news._meta.object_name, "user": request.user, "request": request, "instance": news, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, "Successfully deleted %s" % news) # send notification to administrators recipients = get_notice_recipients("module", "news", "newsrecipients") if recipients: if notification: extra_context = {"object": news, "request": request} notification.send_emails(recipients, "news_deleted", extra_context) news.delete() return HttpResponseRedirect(reverse("news.search")) return render_to_response(template_name, {"news": news}, context_instance=RequestContext(request))
def photoset_delete(request, id, template_name="photos/photo-set/delete.html"): photo_set = get_object_or_404(PhotoSet, id=id) # if no permission; permission exception if not has_perm(request.user,'photos.delete_photoset',photo_set): raise Http403 if request.method == "POST": EventLog.objects.log(**{ 'event_id' : 991300, 'event_data': '%s (%d) deleted by %s' % (photo_set._meta.object_name, photo_set.pk, request.user), 'description': '%s deleted' % photo_set._meta.object_name, 'user': request.user, 'request': request, 'instance': photo_set, }) photo_set.delete() # soft delete all images in photo set Image.objects.filter(photoset=photo_set).delete() messages.add_message(request, messages.INFO, 'Photo Set %s deleted' % photo_set) if "delete" in request.META.get('HTTP_REFERER', None): #if the referer is the get page redirect to the photo set search return redirect('photoset_latest') return HttpResponseRedirect(request.META.get('HTTP_REFERER', None)) return render_to_response(template_name, { 'photo_set': photo_set, }, context_instance=RequestContext(request))
def edit(request, id, form_class=LocationForm, template_name="locations/edit.html"): location = get_object_or_404(Location, pk=id) if has_perm(request.user,'locations.change_location',location): if request.method == "POST": form = form_class(request.POST, instance=location, user=request.user) if form.is_valid(): location = form.save(commit=False) # update all permissions and save the model location = update_perms_and_save(request, form, location) log_defaults = { 'event_id' : 832000, 'event_data': '%s (%d) edited by %s' % (location._meta.object_name, location.pk, request.user), 'description': '%s edited' % location._meta.object_name, 'user': request.user, 'request': request, 'instance': location, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, 'Successfully updated %s' % location) return HttpResponseRedirect(reverse('location', args=[location.pk])) else: form = form_class(instance=location, user=request.user) return render_to_response(template_name, {'location': location, 'form':form}, context_instance=RequestContext(request)) else: raise Http403
def photo_size(request, id, size, crop=False, quality=90, download=False): """ Renders image and returns response Does not use template Saves resized image within cache system Returns 404 if if image rendering fails """ if isinstance(quality, unicode) and quality.isdigit(): quality = int(quality) photo = get_object_or_404(Image, id=id) size = [int(s) for s in size.split('x')] # check permissions if not has_perm(request.user,'photologue.view_photo',photo): raise Http403 attachment = '' if download: attachment = 'attachment;' # gets resized image from cache or rebuild image = get_image(photo.image, size, PHOTO_PRE_KEY, crop=crop, quality=quality, unique_key=str(photo.pk)) # if image not rendered; quit if not image: raise Http404 response = HttpResponse(mimetype='image/jpeg') response['Content-Disposition'] = '%s filename=%s'% (attachment, photo.image.file.name) image.save(response, "JPEG", quality=quality) return response
def delete(request, id, set_id=0): """ delete photo """ photo = get_object_or_404(Image, id=id) # permissions if not has_perm(request.user,'photologue.delete_photo',photo): raise Http403 if request.method == "POST": request.user.message_set.create(message=_("Successfully deleted photo '%s'") % photo.title) log_defaults = { 'event_id' : 990300, 'event_data': '%s (%d) deleted by %s' % (photo._meta.object_name, photo.pk, request.user), 'description': '%s deleted' % photo._meta.object_name, 'user': request.user, 'request': request, 'instance': photo, } EventLog.objects.log(**log_defaults) photo.delete() messages.add_message(request, messages.INFO, 'Photo %s deleted' % id) try: photo_set = PhotoSet.objects.get(id=set_id) return HttpResponseRedirect(reverse("photoset_details", args=[set_id])) except PhotoSet.DoesNotExist: return HttpResponseRedirect(reverse("photos_search")) return render_to_response("photos/delete.html", { "photo": photo, }, context_instance=RequestContext(request))
def photo(request, id, set_id=0, partial=False, template_name="photos/details.html"): """ photo details """ photo = get_object_or_404(Image, id=id) if not has_perm(request.user, 'photologue.view_photo', photo): raise Http403 EventLog.objects.log(**{ 'event_id' : 990500, 'event_data': '%s (%d) viewed by %s' % (photo._meta.object_name, photo.pk, request.user), 'description': '%s viewed' % photo._meta.object_name, 'user': request.user, 'request': request, 'instance': photo, }) # default prev/next URL photo_prev_url, photo_next_url = '', '' if set_id: photo_set = get_object_or_404(PhotoSet, id=set_id) photo_prev = photo.get_prev(set=set_id) photo_next = photo.get_next(set=set_id) if photo_prev: photo_prev_url = reverse("photo", args= [photo_prev.id, set_id]) if photo_next: photo_next_url = reverse("photo", args= [photo_next.id, set_id]) photo_sets = list(photo.photoset.all()) if photo_set in photo_sets: photo_sets.remove(photo_set) photo_sets.insert(0, photo_set) else: set_id = 0 else: photo_prev = photo.get_prev() photo_next = photo.get_next() if photo_prev: photo_prev_url = reverse("photo", args= [photo_prev.id]) if photo_next: photo_next_url = reverse("photo", args= [photo_next.id]) photo_sets = photo.photoset.all() if photo_sets: set_id = photo_sets[0].id # "is me" variable is_me = photo.member == request.user if partial: # return partial html; for ajax end-user template_name = "photos/partial-details.html" return render_to_response(template_name, { "photo_prev_url": photo_prev_url, "photo_next_url": photo_next_url, "photo": photo, "photo_sets": photo_sets, "photo_set_id": set_id, "id": id, "set_id": set_id, "is_me": is_me, }, context_instance=RequestContext(request))
def edit(request, id, form_class=NewsForm, template_name="news/edit.html"): news = get_object_or_404(News, pk=id) # check permission if not has_perm(request.user, "news.change_news", news): raise Http403 form = form_class(instance=news, user=request.user) if request.method == "POST": form = form_class(request.POST, instance=news, user=request.user) if form.is_valid(): news = form.save(commit=False) # update all permissions and save the model news = update_perms_and_save(request, form, news) log_defaults = { "event_id": 305200, "event_data": "%s (%d) edited by %s" % (news._meta.object_name, news.pk, request.user), "description": "%s edited" % news._meta.object_name, "user": request.user, "request": request, "instance": news, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, "Successfully updated %s" % news) return HttpResponseRedirect(reverse("news.view", args=[news.slug])) return render_to_response(template_name, {"news": news, "form": form}, context_instance=RequestContext(request))
def index(request, slug=None, template_name="news/view.html"): if not slug: return HttpResponseRedirect(reverse("news.search")) news = get_object_or_404(News, slug=slug) # non-admin can not view the non-active content # status=0 has been taken care of in the has_perm function if (news.status_detail).lower() <> "active" and (not is_admin(request.user)): raise Http403 # check permission if not has_perm(request.user, "news.view_news", news): raise Http403 log_defaults = { "event_id": 305500, "event_data": "%s (%d) viewed by %s" % (news._meta.object_name, news.pk, request.user), "description": "%s viewed" % news._meta.object_name, "user": request.user, "request": request, "instance": news, } EventLog.objects.log(**log_defaults) return render_to_response(template_name, {"news": news}, context_instance=RequestContext(request))
def pricing_edit(request, id, form_class=JobPricingForm, template_name="jobs/pricing-edit.html"): job_pricing = get_object_or_404(JobPricing, pk=id) if not has_perm(request.user, 'jobs.change_jobpricing', job_pricing): Http403 if request.method == "POST": form = form_class(request.POST, instance=job_pricing) if form.is_valid(): job_pricing = form.save(commit=False) job_pricing.save(request.user) log_defaults = { 'event_id': 265110, 'event_data': '%s (%d) edited by %s' % ( job_pricing._meta.object_name, job_pricing.pk, request.user ), 'description': '%s edited' % job_pricing._meta.object_name, 'user': request.user, 'request': request, 'instance': job_pricing, } EventLog.objects.log(**log_defaults) return HttpResponseRedirect(reverse( 'job_pricing.view', args=[job_pricing.id]) ) else: form = form_class(instance=job_pricing) return render_to_response(template_name, {'form': form}, context_instance=RequestContext(request))
def add(request, form_class=ContactForm, template_name="contacts/add.html"): if has_perm(request.user,'contacts.add_contact'): if request.method == "POST": form = form_class(request.POST) if form.is_valid(): contact = form.save(commit=False) # set up the user information contact.creator = request.user contact.creator_username = request.user.username contact.owner = request.user contact.owner_username = request.user.username contact.save() ObjectPermission.objects.assign(contact.creator, contact) return HttpResponseRedirect(reverse('contact', args=[contact.pk])) else: form = form_class() print form_class() return render_to_response(template_name, {'form':form}, context_instance=RequestContext(request)) else: raise Http403
def pricing_delete(request, id, template_name="jobs/pricing-delete.html"): job_pricing = get_object_or_404(JobPricing, pk=id) if not has_perm(request.user, 'jobs.delete_jobpricing'): raise Http403 if request.method == "POST": log_defaults = { 'event_id': 265120, 'event_data': '%s (%d) deleted by %s' % ( job_pricing._meta.object_name, job_pricing.pk, request.user ), 'description': '%s deleted' % job_pricing._meta.object_name, 'user': request.user, 'request': request, 'instance': job_pricing, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, 'Successfully deleted %s' % job_pricing) job_pricing.delete() return HttpResponseRedirect(reverse('job_pricing.search')) return render_to_response(template_name, {'job_pricing': job_pricing}, context_instance=RequestContext(request))
def upload_file(request, template_name="theme_editor/upload.html"): # if no permission; raise 403 exception if not has_perm(request.user,'theme_editor.add_themefileversion'): raise Http403 if request.method == 'POST': form = UploadForm(request.POST, request.FILES) if form.is_valid(): upload = request.FILES['upload'] file_dir = form.cleaned_data['file_dir'] overwrite = form.cleaned_data['overwrite'] full_filename = os.path.join(settings.PROJECT_ROOT, "themes", get_theme(), file_dir, upload.name) if os.path.isfile(full_filename) and not overwrite: response = { "error":"file already exists", "file_name": os.path.join(file_dir, upload.name), } return HttpResponse(json.dumps(response), mimetype='application/json') else: handle_uploaded_file(upload) response = { "success":True } messages.add_message(request, messages.INFO, ('Successfully uploaded %s.' % (upload.name))) return HttpResponse(json.dumps(response), mimetype='application/json') else: form = UploadForm() return render_to_response(template_name, {'form':form}, context_instance=RequestContext(request))
def edit(request, id, form_class=EntityForm, template_name="entities/edit.html"): entity = get_object_or_404(Entity, pk=id) if has_perm(request.user,'entities.change_entity',entity): if request.method == "POST": form = form_class(request.POST, instance=entity, user=request.user) if form.is_valid(): entity = form.save(commit=False) # update all permissions and save the model entity = update_perms_and_save(request, form, entity) log_defaults = { 'event_id' : 292000, 'event_data': '%s (%d) edited by %s' % (entity._meta.object_name, entity.pk, request.user), 'description': '%s edited' % entity._meta.object_name, 'user': request.user, 'request': request, 'instance': entity, } EventLog.objects.log(**log_defaults) return HttpResponseRedirect(reverse('entity', args=[entity.pk])) else: form = form_class(instance=entity, user=request.user) return render_to_response(template_name, {'entity': entity, 'form':form}, context_instance=RequestContext(request)) else: raise Http403
def edit_meta(request, id, form_class=MetaForm, template_name="news/edit-meta.html"): # check permission news = get_object_or_404(News, pk=id) if not has_perm(request.user, "news.change_news", news): raise Http403 defaults = { "title": news.get_title(), "description": news.get_description(), "keywords": news.get_keywords(), "canonical_url": news.get_canonical_url(), } news.meta = MetaTags(**defaults) if request.method == "POST": form = form_class(request.POST, instance=news.meta) if form.is_valid(): news.meta = form.save() # save meta news.save() # save relationship messages.add_message(request, messages.SUCCESS, "Successfully updated meta for %s" % news) return HttpResponseRedirect(reverse("news.view", args=[news.slug])) else: form = form_class(instance=news.meta) return render_to_response(template_name, {"news": news, "form": form}, context_instance=RequestContext(request))
def user_role_edit(request, username, membership_id, form_class=GroupMembershipEditForm, template_name="profiles/edit_role.html"): user = get_object_or_404(User, username=username) membership = get_object_or_404(GroupMembership, id=membership_id) try: profile = Profile.objects.get(user=user) except Profile.DoesNotExist: profile = Profile.objects.create_profile(user=user) if not profile.allow_edit_by(request.user): raise Http403 if not has_perm(request.user,'user_groups.view_group', membership.group): raise Http403 if request.method == 'POST': form = form_class(request.POST, instance=membership) if form.is_valid(): form.save() messages.add_message(request, messages.SUCCESS, 'Successfully edited membership for %s' % membership.group) return HttpResponseRedirect("%s%s" % (reverse('profile', args=[user.username]),'#userview-groups')) else: form = form_class(instance=membership) return render_to_response(template_name, { 'form': form, 'membership': membership, }, context_instance=RequestContext(request))
def add(request, form_class=EntityForm, template_name="entities/add.html"): if has_perm(request.user,'entities.add_entity'): if request.method == "POST": form = form_class(request.POST, user=request.user) if form.is_valid(): entity = form.save(commit=False) # update all permissions and save the model entity = update_perms_and_save(request, form, entity) log_defaults = { 'event_id' : 291000, 'event_data': '%s (%d) added by %s' % (entity._meta.object_name, entity.pk, request.user), 'description': '%s added' % entity._meta.object_name, 'user': request.user, 'request': request, 'instance': entity, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % entity) return HttpResponseRedirect(reverse('entity', args=[entity.pk])) else: form = form_class(user=request.user) return render_to_response(template_name, {'form':form}, context_instance=RequestContext(request)) else: raise Http403
def edit(request, id, form_class=ResumeForm, template_name="resumes/edit.html"): resume = get_object_or_404(Resume, pk=id) if has_perm(request.user,'resumes.change_resume',resume): if request.method == "POST": form = form_class(request.POST, instance=resume, user=request.user) if form.is_valid(): resume = form.save(commit=False) resume = update_perms_and_save(request, form, resume) log_defaults = { 'event_id' : 352000, 'event_data': '%s (%d) edited by %s' % (resume._meta.object_name, resume.pk, request.user), 'description': '%s edited' % resume._meta.object_name, 'user': request.user, 'request': request, 'instance': resume, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, 'Successfully updated %s' % resume) return HttpResponseRedirect(reverse('resume', args=[resume.slug])) else: form = form_class(instance=resume, user=request.user) return render_to_response(template_name, {'resume': resume, 'form':form}, context_instance=RequestContext(request)) else: raise Http403
def template_update(request, template_id): """ This method makes use of the same files to update the CM Template. Useful for updating data/content only and retaining design. """ template = get_object_or_404(Template, template_id=template_id) if not has_perm(request.user, 'campaign_monitor.change_template', template): raise Http403 #set up urls site_url = get_setting('site', 'global', 'siteurl') html_url = str("%s%s" % (site_url, template.get_html_url())) if template.zip_file: zip_url = str("%s%s" % (site_url, template.get_zip_url())) else: zip_url = "" #sync with campaign monitor try: t = CST(template_id=template.template_id) t.update(str(template.name), html_url, zip_url) except BadRequest, e: messages.add_message( request, messages.ERROR, 'Bad Request %s: %s' % (e.data.Code, e.data.Message)) return redirect(template)
def delete(request, id, template_name="resumes/delete.html"): resume = get_object_or_404(Resume, pk=id) if has_perm(request.user,'resumes.delete_resume'): if request.method == "POST": log_defaults = { 'event_id' : 433000, 'event_data': '%s (%d) deleted by %s' % (resume._meta.object_name, resume.pk, request.user), 'description': '%s deleted' % resume._meta.object_name, 'user': request.user, 'request': request, 'instance': resume, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, 'Successfully deleted %s' % resume) # send notification to administrators recipients = get_notice_recipients('module', 'resumes', 'resumerecipients') if recipients: if notification: extra_context = { 'object': resume, 'request': request, } notification.send_emails(recipients,'resume_deleted', extra_context) resume.delete() return HttpResponseRedirect(reverse('resume.search')) return render_to_response(template_name, {'resume': resume}, context_instance=RequestContext(request)) else: raise Http403
def add(request, form_class=NavForm, template_name="navs/add.html"): if not has_perm(request.user, 'navs.add_nav'): raise Http403 if request.method == "POST": form = form_class(request.POST, user=request.user) if form.is_valid(): nav = form.save(commit=False) nav = update_perms_and_save(request, form, nav) log_defaults = { 'event_id' : 195100, 'event_data': '%s (%d) added by %s' % (nav._meta.object_name, nav.pk, request.user), 'description': '%s added' % nav._meta.object_name, 'user': request.user, 'request': request, 'instance': nav, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % nav) return redirect('navs.edit_items', id=nav.id) else: form = form_class(user=request.user) return render_to_response( template_name, {'form':form}, context_instance=RequestContext(request), )
def edit(request, id, form_class=FileForm, template_name="files/edit.html"): file = get_object_or_404(File, pk=id) # check permission if not has_perm(request.user,'files.change_file',file): raise Http403 if request.method == "POST": form = form_class(request.POST, request.FILES, instance=file, user=request.user) if form.is_valid(): file = form.save(commit=False) file.name = file.file.path.split('/')[-1] # update all permissions and save the model file = update_perms_and_save(request, form, file) log_defaults = { 'event_id' : 182000, 'event_data': '%s (%d) edited by %s' % (file._meta.object_name, file.pk, request.user), 'description': '%s edited' % file._meta.object_name, 'user': request.user, 'request': request, 'instance': file, } EventLog.objects.log(**log_defaults) return HttpResponseRedirect(reverse('file.search')) else: form = form_class(instance=file, user=request.user) return render_to_response(template_name, {'file': file, 'form':form}, context_instance=RequestContext(request))
def single_setting(request, scope, scope_category, name, template_name="site_settings/list.html"): if not has_perm(request.user,'site_settings.change_setting'): raise Http403 settings = Setting.objects.filter(scope=scope, scope_category=scope_category, name=name).order_by('label') if not settings: raise Http404 if request.method == 'POST': form = build_settings_form(request.user, settings)(request.POST, request.FILES) if form.is_valid(): # this save method is overriden in the forms.py form.save() try: if form.cleaned_data['theme']: from django.core.management import call_command call_command('hide_settings', 'theme') call_command('update_settings', 'themes.%s' % form.cleaned_data['theme'].lstrip()) except: pass messages.add_message(request, messages.SUCCESS, 'Successfully saved %s settings' % name.replace('_',' ').title()) redirect_to = request.REQUEST.get('next', '') if redirect_to: return HttpResponseRedirect(redirect_to) else: form = build_settings_form(request.user, settings)() return render_to_response(template_name, {'form': form }, context_instance=RequestContext(request))