def get_object(self, pk): try: return Project.objects.get(pk=pk) except Project.DoesNotExist: raise Http404("Object doesn't exist")
def detail(request, pet_id): try: pet = Pets.objects.get(pk=pet_id) except Pets.DoesNotExist: raise Http404("Question does not exist") return render(request, 'pets/detail.html', {'pet': pet})
def action_history(request, cid, oid): try: ct = ContentType.objects.get_for_id(cid) obj = ct.get_object_for_this_type(pk=oid) except KeyError: raise Http404() if not settings.FEATURE_AUTHORIZATION_V2 and not user_is_authorized(request.user, 'view', obj): raise PermissionDenied product_id = None active_tab = None finding = None test = False object_value = None if str(ct) == "product": if settings.FEATURE_AUTHORIZATION_V2: user_has_permission_or_403(request.user, obj, Permissions.Product_View) product_id = obj.id active_tab = "overview" object_value = Product.objects.get(id=obj.id) elif str(ct) == "engagement": if settings.FEATURE_AUTHORIZATION_V2: user_has_permission_or_403(request.user, obj, Permissions.Engagement_View) object_value = Engagement.objects.get(id=obj.id) product_id = object_value.product.id active_tab = "engagements" elif str(ct) == "test": if settings.FEATURE_AUTHORIZATION_V2: user_has_permission_or_403(request.user, obj, Permissions.Test_View) object_value = Test.objects.get(id=obj.id) product_id = object_value.engagement.product.id active_tab = "engagements" test = True elif str(ct) == "finding": if settings.FEATURE_AUTHORIZATION_V2: user_has_permission_or_403(request.user, obj, Permissions.Finding_View) object_value = Finding.objects.get(id=obj.id) product_id = object_value.test.engagement.product.id active_tab = "findings" finding = object_value elif str(ct) == "endpoint": if settings.FEATURE_AUTHORIZATION_V2: user_has_permission_or_403(request.user, obj, Permissions.Endpoint_View) object_value = Endpoint.objects.get(id=obj.id) product_id = object_value.product.id active_tab = "endpoints" product_tab = None if product_id: product_tab = Product_Tab(product_id, title="History", tab=active_tab) if active_tab == "engagements": if str(ct) == "engagement": product_tab.setEngagement(object_value) else: product_tab.setEngagement(object_value.engagement) history = LogEntry.objects.filter(content_type=ct, object_pk=obj.id).order_by('-timestamp') history = LogEntryFilter(request.GET, queryset=history) paged_history = get_page_items(request, history.qs, 25) if not get_system_setting('enable_auditlog'): messages.add_message( request, messages.WARNING, 'Audit logging is currently disabled in System Settings.', extra_tags='alert-danger') return render(request, 'dojo/action_history.html', {"history": paged_history, 'product_tab': product_tab, "filtered": history, "obj": obj, "test": test, "object_value": object_value, "finding": finding })
def article(request, article_id): try: article = Article.objects.get(id=article_id) except DoesNotExist: raise Http404() return render(request, "all-news/article.html", {"article": article})
def get_object(self, pk): try: return FieldOfStudy.nodes.get(Id=pk) except DoesNotExist: raise Http404()
def detail(request, question_id): question = get_object_or_404(Question, pk=question_id) if question.pub_date > timezone.now(): raise Http404("Question not found") return render(request, 'polls/detail.html', {'question': question})
def action(self): action = self.parameters.get('action') if action not in self.allowed_actions: raise Http404() return action
def get_object(self, queryset=None): place = get_object_or_404(Place, pk=self.kwargs['pk']) self.role = get_role(self.request, profile=place.owner) if self.role >= self.minimum_role: return place raise Http404("Not allowed to edit this place.")
def connect_json(request, site): creds = OAUTH_CREDENTIALS.get(site.upper()) if not creds: raise Http404('Site %s not found' % site) if not creds.get('FRIENDSHIPS', True): raise Http404('Friendships not implemented') if request.user.oauth_tokens.filter(site = site).count() == 0: raise Http404('User not connected to %s' % site) if request.method == 'GET': page = 1 if request.GET.get('page'): try: page = int(request.GET.get('page')) except: pass token = request.user.oauth_tokens.get(site = site) connections = core.OAuthToken.objects.filter( site = site ).values_list('username', flat = True).distinct() connections = [u.lower() for u in connections] friends = [] followers = core.OAuthToken.objects.filter( site = site, user__pk__in = request.user.following.values_list('followee__pk', flat = True) ).values_list('username', flat = True) if site == 'twitter': from twitter import Api api = Api( consumer_key = creds.get('CONSUMER_KEY'), consumer_secret = creds.get('CONSUMER_SECRET'), access_token_key = token.token, access_token_secret = token.secret ) for user in api.GetFriends(): if user.screen_name.lower() in connections: friends.append( { 'username': user.screen_name.lower(), 'full_name': user.name, 'image': user.profile_image_url, 'following': user.screen_name.lower() in followers, 'show_username': True } ) elif site == 'facebook': def add_friends(): for user in result['data']: username_or_id = user.get('username', user.get('id')) if username_or_id in connections: friends.append( { 'username': username_or_id, 'full_name': user.get('name'), 'following': user.get('id') in followers, 'image': 'https://graph.facebook.com/%s/picture' % username_or_id, 'show_username': False } ) result = simplejson.load( urlopen('https://graph.facebook.com/me/friends/?access_token=%s&fields=id,username,name' % token.token) ) if not 'data' in result: if 'error' in result and result['error'].get('type') == 'OAuthException': return HttpResponseRedirect( reverse('oauth_auth', args = [site]) ) raise Exception(result) add_friends() while result.get('paging', {}).get('next'): print 'Moving to next page' result = simplejson.load( urlopen(result['paging']['next']) ) add_friends() return HttpResponse( simplejson.dumps(friends), mimetype = 'application/json' ) elif request.method == 'POST': username_or_id = request.POST.get('id', request.POST.get('username')).lower() token = core.OAuthToken.objects.get(username = username_or_id, site = site) follow, created = request.user.following.get_or_create( followee = token.user ) if created: follow.notify(request.network) return HttpResponse('OK', mimetype = 'text/plain')
def instructor_dashboard_2(request, course_id): # lint-amnesty, pylint: disable=too-many-statements """ Display the instructor dashboard for a course. """ try: course_key = CourseKey.from_string(course_id) except InvalidKeyError: log.error("Unable to find course with course key %s while loading the Instructor Dashboard.", course_id) return HttpResponseServerError() course = get_course_by_id(course_key, depth=0) access = { 'admin': request.user.is_staff, 'instructor': bool(has_access(request.user, 'instructor', course)), 'finance_admin': CourseFinanceAdminRole(course_key).has_user(request.user), 'sales_admin': CourseSalesAdminRole(course_key).has_user(request.user), 'staff': bool(has_access(request.user, 'staff', course)), 'forum_admin': has_forum_access(request.user, course_key, FORUM_ROLE_ADMINISTRATOR), 'data_researcher': request.user.has_perm(permissions.CAN_RESEARCH, course_key), } if not request.user.has_perm(permissions.VIEW_DASHBOARD, course_key): raise Http404() is_white_label = CourseMode.is_white_label(course_key) # lint-amnesty, pylint: disable=unused-variable reports_enabled = configuration_helpers.get_value('SHOW_ECOMMERCE_REPORTS', False) # lint-amnesty, pylint: disable=unused-variable sections = [] if access['staff']: sections_content = [ _section_course_info(course, access), _section_membership(course, access), _section_cohort_management(course, access), _section_student_admin(course, access), ] if legacy_discussion_experience_enabled(course_key): sections_content.append(_section_discussions_management(course, access)) sections.extend(sections_content) if access['data_researcher']: sections.append(_section_data_download(course, access)) analytics_dashboard_message = None if show_analytics_dashboard_message(course_key) and (access['staff'] or access['instructor']): # Construct a URL to the external analytics dashboard analytics_dashboard_url = f'{settings.ANALYTICS_DASHBOARD_URL}/courses/{str(course_key)}' link_start = HTML("<a href=\"{}\" rel=\"noopener\" target=\"_blank\">").format(analytics_dashboard_url) analytics_dashboard_message = _( "To gain insights into student enrollment and participation {link_start}" "visit {analytics_dashboard_name}, our new course analytics product{link_end}." ) analytics_dashboard_message = Text(analytics_dashboard_message).format( link_start=link_start, link_end=HTML("</a>"), analytics_dashboard_name=settings.ANALYTICS_DASHBOARD_NAME) # Temporarily show the "Analytics" section until we have a better way of linking to Insights sections.append(_section_analytics(course, access)) # Check if there is corresponding entry in the CourseMode Table related to the Instructor Dashboard course course_mode_has_price = False # lint-amnesty, pylint: disable=unused-variable paid_modes = CourseMode.paid_modes_for_course(course_key) if len(paid_modes) == 1: course_mode_has_price = True elif len(paid_modes) > 1: log.error( "Course %s has %s course modes with payment options. Course must only have " "one paid course mode to enable eCommerce options.", str(course_key), len(paid_modes) ) if access['instructor'] and is_enabled_for_course(course_key): sections.insert(3, _section_extensions(course)) # Gate access to course email by feature flag & by course-specific authorization if is_bulk_email_feature_enabled(course_key) and (access['staff'] or access['instructor']): sections.append(_section_send_email(course, access)) # Gate access to Special Exam tab depending if either timed exams or proctored exams # are enabled in the course user_has_access = any([ request.user.is_staff, CourseStaffRole(course_key).has_user(request.user), CourseInstructorRole(course_key).has_user(request.user) ]) course_has_special_exams = course.enable_proctored_exams or course.enable_timed_exams can_see_special_exams = course_has_special_exams and user_has_access and settings.FEATURES.get( 'ENABLE_SPECIAL_EXAMS', False) if can_see_special_exams: sections.append(_section_special_exams(course, access)) # Certificates panel # This is used to generate example certificates # and enable self-generated certificates for a course. # Note: This is hidden for all CCXs certs_enabled = CertificateGenerationConfiguration.current().enabled and not hasattr(course_key, 'ccx') if certs_enabled and access['admin']: sections.append(_section_certificates(course)) openassessment_blocks = modulestore().get_items( course_key, qualifiers={'category': 'openassessment'} ) # filter out orphaned openassessment blocks openassessment_blocks = [ block for block in openassessment_blocks if block.parent is not None ] if len(openassessment_blocks) > 0 and access['staff']: sections.append(_section_open_response_assessment(request, course, openassessment_blocks, access)) disable_buttons = not CourseEnrollment.objects.is_small_course(course_key) certificate_allowlist = certs_api.get_allowlist(course_key) generate_certificate_exceptions_url = reverse( 'generate_certificate_exceptions', kwargs={'course_id': str(course_key), 'generate_for': ''} ) generate_bulk_certificate_exceptions_url = reverse( 'generate_bulk_certificate_exceptions', kwargs={'course_id': str(course_key)} ) certificate_exception_view_url = reverse( 'certificate_exception_view', kwargs={'course_id': str(course_key)} ) certificate_invalidation_view_url = reverse( 'certificate_invalidation_view', kwargs={'course_id': str(course_key)} ) certificate_invalidations = CertificateInvalidation.get_certificate_invalidations(course_key) context = { 'course': course, 'studio_url': get_studio_url(course, 'course'), 'sections': sections, 'disable_buttons': disable_buttons, 'analytics_dashboard_message': analytics_dashboard_message, 'certificate_allowlist': certificate_allowlist, 'certificate_invalidations': certificate_invalidations, 'generate_certificate_exceptions_url': generate_certificate_exceptions_url, 'generate_bulk_certificate_exceptions_url': generate_bulk_certificate_exceptions_url, 'certificate_exception_view_url': certificate_exception_view_url, 'certificate_invalidation_view_url': certificate_invalidation_view_url, 'xqa_server': settings.FEATURES.get('XQA_SERVER', "http://your_xqa_server.com"), } return render_to_response('instructor/instructor_dashboard_2/instructor_dashboard_2.html', context)
def get_object(self, queryset=None): profile = super().get_object(queryset) if profile.user: raise Http404("Only the user can modify their profile.") return profile
def check_access(self, project): """Raise an error if user is not allowed to access this project.""" if not self.can_access_project(project): raise Http404('Access denied')
def re_import_scan_results(request, tid): additional_message = "When re-uploading a scan, any findings not found in original scan will be updated as " \ "mitigated. The process attempts to identify the differences, however manual verification " \ "is highly recommended." t = get_object_or_404(Test, id=tid) scan_type = t.test_type.name engagement = t.engagement form = ReImportScanForm() form.initial['tags'] = [tag.name for tag in t.tags] if request.method == "POST": form = ReImportScanForm(request.POST, request.FILES) if form.is_valid(): scan_date = form.cleaned_data['scan_date'] min_sev = form.cleaned_data['minimum_severity'] file = request.FILES['file'] scan_type = t.test_type.name active = form.cleaned_data['active'] verified = form.cleaned_data['verified'] tags = request.POST.getlist('tags') ts = ", ".join(tags) t.tags = ts try: parser = import_parser_factory(file, t) except ValueError: raise Http404() try: items = parser.items original_items = t.finding_set.all().values_list("id", flat=True) new_items = [] mitigated_count = 0 finding_count = 0 finding_added_count = 0 reactivated_count = 0 for item in items: sev = item.severity if sev == 'Information' or sev == 'Informational': sev = 'Info' if Finding.SEVERITIES[sev] > Finding.SEVERITIES[min_sev]: continue if scan_type == 'Veracode Scan' or scan_type == 'Arachni Scan': find = Finding.objects.filter( title=item.title, test__id=t.id, severity=sev, numerical_severity=Finding.get_numerical_severity( sev), description=item.description) else: find = Finding.objects.filter( title=item.title, test__id=t.id, severity=sev, numerical_severity=Finding.get_numerical_severity( sev), ) if len(find) == 1: find = find[0] if find.mitigated: # it was once fixed, but now back find.mitigated = None find.mitigated_by = None find.active = True find.verified = verified find.save() note = Notes( entry="Re-activated by %s re-upload." % scan_type, author=request.user) note.save() find.notes.add(note) reactivated_count += 1 new_items.append(find.id) else: item.test = t item.date = t.target_start item.reporter = request.user item.last_reviewed = timezone.now() item.last_reviewed_by = request.user item.verified = verified item.active = active item.save() finding_added_count += 1 new_items.append(item.id) find = item if hasattr(item, 'unsaved_req_resp') and len( item.unsaved_req_resp) > 0: for req_resp in item.unsaved_req_resp: burp_rr = BurpRawRequestResponse( finding=find, burpRequestBase64=req_resp["req"], burpResponseBase64=req_resp["resp"], ) burp_rr.clean() burp_rr.save() if item.unsaved_request is not None and item.unsaved_response is not None: burp_rr = BurpRawRequestResponse( finding=find, burpRequestBase64=item.unsaved_request, burpResponseBase64=item.unsaved_response, ) burp_rr.clean() burp_rr.save() if find: finding_count += 1 for endpoint in item.unsaved_endpoints: ep, created = Endpoint.objects.get_or_create( protocol=endpoint.protocol, host=endpoint.host, path=endpoint.path, query=endpoint.query, fragment=endpoint.fragment, product=t.engagement.product) find.endpoints.add(ep) if item.unsaved_tags is not None: find.tags = item.unsaved_tags # calculate the difference to_mitigate = set(original_items) - set(new_items) for finding_id in to_mitigate: finding = Finding.objects.get(id=finding_id) finding.mitigated = datetime.combine( scan_date, timezone.now().time()) finding.mitigated_by = request.user finding.active = False finding.save() note = Notes(entry="Mitigated by %s re-upload." % scan_type, author=request.user) note.save() finding.notes.add(note) mitigated_count += 1 messages.add_message( request, messages.SUCCESS, '%s processed, a total of ' % scan_type + message(finding_count, 'finding', 'processed'), extra_tags='alert-success') if finding_added_count > 0: messages.add_message( request, messages.SUCCESS, 'A total of ' + message(finding_added_count, 'finding', 'added') + ', that are new to scan.', extra_tags='alert-success') if reactivated_count > 0: messages.add_message( request, messages.SUCCESS, 'A total of ' + message(reactivated_count, 'finding', 'reactivated') + ', that are back in scan results.', extra_tags='alert-success') if mitigated_count > 0: messages.add_message( request, messages.SUCCESS, 'A total of ' + message(mitigated_count, 'finding', 'mitigated') + '. Please manually verify each one.', extra_tags='alert-success') create_notification(event='results_added', title='Results added', finding_count=finding_count, test=t, engagement=engagement, url=request.build_absolute_uri( reverse('view_test', args=(t.id, )))) return HttpResponseRedirect(reverse('view_test', args=(t.id, ))) except SyntaxError: messages.add_message( request, messages.ERROR, 'There appears to be an error in the XML report, please check and try again.', extra_tags='alert-danger') add_breadcrumb(parent=t, title="Re-upload a %s" % scan_type, top_level=False, request=request) return render( request, 'dojo/import_scan_results.html', { 'form': form, 'eid': engagement.id, 'additional_message': additional_message, })
def oneProduct(request, product_id): try: product = Product.objects.get(pk=product_id) except Product.DoesNotExist: raise Http404("Product does not exist") return render(request, 'product/detail.html', {'product': product})
def model_detail(request, app_label, model_name): if not utils.docutils_is_available: return missing_docutils_page(request) # Get the model class. try: app_mod = models.get_app(app_label) except ImproperlyConfigured: raise Http404(_("App %r not found") % app_label) model = None for m in models.get_models(app_mod): if m._meta.object_name.lower() == model_name: model = m break if model is None: raise Http404(_("Model %(model_name)r not found in app %(app_label)r") % {'model_name': model_name, 'app_label': app_label}) opts = model._meta # Gather fields/field descriptions. fields = [] for field in opts.fields: # ForeignKey is a special case since the field will actually be a # descriptor that returns the other object if isinstance(field, models.ForeignKey): data_type = field.rel.to.__name__ app_label = field.rel.to._meta.app_label verbose = utils.parse_rst((_("the related `%(app_label)s.%(data_type)s` object") % {'app_label': app_label, 'data_type': data_type}), 'model', _('model:') + data_type) else: data_type = get_readable_field_data_type(field) verbose = field.verbose_name fields.append({ 'name': field.name, 'data_type': data_type, 'verbose': verbose, 'help_text': field.help_text, }) # Gather many-to-many fields. for field in opts.many_to_many: data_type = field.rel.to.__name__ app_label = field.rel.to._meta.app_label verbose = _("related `%(app_label)s.%(object_name)s` objects") % {'app_label': app_label, 'object_name': data_type} fields.append({ 'name': "%s.all" % field.name, "data_type": 'List', 'verbose': utils.parse_rst(_("all %s") % verbose , 'model', _('model:') + opts.module_name), }) fields.append({ 'name' : "%s.count" % field.name, 'data_type' : 'Integer', 'verbose' : utils.parse_rst(_("number of %s") % verbose , 'model', _('model:') + opts.module_name), }) # Gather model methods. for func_name, func in model.__dict__.items(): if (inspect.isfunction(func) and len(inspect.getargspec(func)[0]) == 1): try: for exclude in MODEL_METHODS_EXCLUDE: if func_name.startswith(exclude): raise StopIteration except StopIteration: continue verbose = func.__doc__ if verbose: verbose = utils.parse_rst(utils.trim_docstring(verbose), 'model', _('model:') + opts.module_name) fields.append({ 'name': func_name, 'data_type': get_return_data_type(func_name), 'verbose': verbose, }) # Gather related objects for rel in opts.get_all_related_objects() + opts.get_all_related_many_to_many_objects(): verbose = _("related `%(app_label)s.%(object_name)s` objects") % {'app_label': rel.opts.app_label, 'object_name': rel.opts.object_name} accessor = rel.get_accessor_name() fields.append({ 'name' : "%s.all" % accessor, 'data_type' : 'List', 'verbose' : utils.parse_rst(_("all %s") % verbose , 'model', _('model:') + opts.module_name), }) fields.append({ 'name' : "%s.count" % accessor, 'data_type' : 'Integer', 'verbose' : utils.parse_rst(_("number of %s") % verbose , 'model', _('model:') + opts.module_name), }) return render_to_response('admin_doc/model_detail.html', { 'root_path': urlresolvers.reverse('admin:index'), 'name': '%s.%s' % (opts.app_label, opts.object_name), 'summary': _("Fields on %s objects") % opts.object_name, 'description': model.__doc__, 'fields': fields, }, context_instance=RequestContext(request))
def return_auth(request, site): creds = OAUTH_CREDENTIALS.get(site.upper()) if not creds: raise Http404('Site %s not found' % site) urls = creds.get('URLS', {}) ssl = creds.get('SSL', False) server = creds.get('SERVER', '%s.com' % site.lower()) if not 'DIALOG' in urls: token = request.session.get('unauth_token') if not token: return HttpResponse('No unauthorised token') if token.key != request.GET.get('oauth_token', None): if request.session.get('preauth_url'): return HttpResponseRedirect( request.session['preauth_url'] ) else: return HttpResponse('') verifier = request.GET.get('oauth_verifier') consumer = OAuthConsumer( str(creds.get('CONSUMER_KEY')), str(creds.get('CONSUMER_SECRET')) ) oauth_request = OAuthRequest.from_consumer_and_token( consumer, token = token, http_url = urls.get('ACCESS_TOKEN'), parameters = { 'oauth_verifier': verifier } ) oauth_request.sign_request(SIGNATURE_METHOD(), consumer, token) url = oauth_request.to_url() access_token = OAuthToken.from_string( urlopen(url).read() ) if request.user.is_authenticated(): try: token = request.user.oauth_tokens.get( site = site ) token.token = access_token.key token.secret = access_token.secret token.save() except core.OAuthToken.DoesNotExist: request.user.oauth_tokens.create( site = site, token = access_token.key, secret = access_token.secret ) else: return HttpResponse('') else: url = urls.get('ACCESS_TOKEN') % request.GET.get('code') resp = urlopen(url).read() d = {} for (key, value) in [i.split('=') for i in resp.split('&')]: if key: d[key] = value if request.user.is_authenticated(): try: token = request.user.oauth_tokens.get( site = site ) token.token = d['access_token'] token.save() except core.OAuthToken.DoesNotExist: request.user.oauth_tokens.create( site = site, token = d['access_token'] ) else: return HttpResponse('') if request.session.get('preauth_url'): messages.add_message( request, messages.SUCCESS, u'You have been successfully connected to %s.' % creds.get( 'VERBOSE_NAME', site.capitalize() ) ) return HttpResponseRedirect( request.session['preauth_url'] ) else: return HttpResponse('')
def post(self, request): if not request.user.is_anonymous: if request.user.has_perm('uchileedxlogin.uchile_instructor_staff') or request.user.is_staff: lista_data = request.POST.get("datos", "").split('\n') # limpieza de los datos ingresados lista_data = [run.strip() for run in lista_data] lista_data = [run for run in lista_data if run] lista_data = [d.split(",") for d in lista_data] # verifica si el checkbox de auto enroll fue seleccionado enroll = False if request.POST.getlist("enroll"): enroll = True # verifica si el checkbox de send_email fue seleccionado send_email = False if request.POST.getlist("send_email"): send_email = True context = { 'datos': request.POST.get('datos'), 'curso': request.POST.get("course", ""), 'auto_enroll': enroll, 'send_email': send_email, 'modo': request.POST.get("modes", None)} # validacion de datos context = self.validate_data_external(request.user, lista_data, context) # retorna si hubo al menos un error if len(context) > 5: return render(request, 'edxlogin/external.html', context) list_course = context['curso'].split('\n') list_course = [course_id.strip() for course_id in list_course] list_course = [course_id for course_id in list_course if course_id] lista_saved, lista_not_saved = self.enroll_create_user( list_course, context['modo'], lista_data, enroll) login_url = request.build_absolute_uri('/login') helpdesk_url = request.build_absolute_uri('/contact_form') email_saved = [] courses = [get_course_by_id(CourseKey.from_string(course_id)) for course_id in list_course] courses_name = '' for course in courses: courses_name = courses_name + course.display_name_with_default + ', ' courses_name = courses_name[:-2] for email in lista_saved: if send_email: if email['email_d'] != email['email_o']: enroll_email.delay(email['password'], email['email_d'], courses_name, email['sso'], email['exists'], login_url, email['nombreCompleto'], helpdesk_url, email['email_o']) else: enroll_email.delay(email['password'], email['email_d'], courses_name, email['sso'], email['exists'], login_url, email['nombreCompleto'], helpdesk_url, '') aux = email aux.pop('password', None) email_saved.append(aux) context = { 'datos': '', 'auto_enroll': True, 'send_email': True, 'curso': '', 'modo': 'honor', 'action_send': send_email } if len(email_saved) > 0: context['lista_saved'] = email_saved if len(lista_not_saved) > 0: context['lista_not_saved'] = lista_not_saved return render(request, 'edxlogin/external.html', context) else: logger.error("EdxLoginExternal - User dont have permission or is not staff, user: {}".format(request.user)) raise Http404() else: logger.error("EdxLoginExternal - User is Anonymous") raise Http404()
def get_object(self, username): try: return User.objects.get(username=username) except User.DoesNotExist: raise Http404("Error")
def user_change_password(self, request, id, form_url=''): if not self.has_change_permission(request): raise PermissionDenied user = self.get_object(request, unquote(id)) if user is None: raise Http404( _('%(name)s object with primary key %(key)r does not exist.') % { 'name': self.model._meta.verbose_name, 'key': escape(id), }) if request.method == 'POST': form = self.change_password_form(user, request.POST) if form.is_valid(): form.save() change_message = self.construct_change_message( request, form, None) self.log_change(request, user, change_message) msg = gettext('Password changed successfully.') messages.success(request, msg) update_session_auth_hash(request, form.user) return HttpResponseRedirect( reverse( '%s:%s_%s_change' % ( self.admin_site.name, user._meta.app_label, user._meta.model_name, ), args=(user.pk, ), )) else: form = self.change_password_form(user) fieldsets = [(None, {'fields': list(form.base_fields)})] adminForm = admin.helpers.AdminForm(form, fieldsets, {}) context = { 'title': _('Change password: %s') % escape(user.email), 'adminForm': adminForm, 'form_url': form_url, 'form': form, 'is_popup': (IS_POPUP_VAR in request.POST or IS_POPUP_VAR in request.GET), 'add': True, 'change': False, 'has_delete_permission': False, 'has_change_permission': True, 'has_absolute_url': False, 'opts': self.model._meta, 'original': user, 'save_as': False, 'show_save': True, } context.update(self.admin_site.each_context(request)) request.current_app = self.admin_site.name return TemplateResponse( request, self.change_user_password_template or 'admin/auth/user/change_password.html', context, )
def get_object(self, queryset=None): try: return Order.objects.get(event=self.request.event, code=self.kwargs['code'].upper()) except Order.DoesNotExist: raise Http404()
def detail(request, question_id): try: question = Question.objects.get(pk=question_id) except Question.DoesNotExist: raise Http404("Question does not exist") return render(request, 'blog/detail.html', { 'question': question })
def logo(request, domain): logo = Domain.get_by_name(domain).get_custom_logo() if logo is None: raise Http404() return HttpResponse(logo[0], content_type=logo[1])
def pet_detail(request, id): try: pet = Pet.objects.get(id=id) except Pet.DoesNotExist: raise Http404('Pet not found') return render(request, 'pet_detail.html', {'pet': pet})
def adminView(request): if request.user.portal.is_member == True: all_team = Team.objects.all() return render(request,'adminView.html',{'all_team':all_team}) else: raise Http404("You are not authorized as you are not robotix club member")
def encounter(request, url_id=None, json=None): try: encounter = Encounter.objects.select_related('area', 'uploaded_by').get(url_id=url_id) except Encounter.DoesNotExist: if json: return _error("Encounter does not exist") else: raise Http404("Encounter does not exist") own_account_names = [account.name for account in Account.objects.filter( participations__encounter_id=encounter.id, user=request.user)] if request.user.is_authenticated else [] dump = encounter.val members = [{ "name": name, **value } for name, value in dump['Category']['status']['Player'].items() if 'account' in value] try: area_stats = EraAreaStore.objects.get(era=encounter.era, area=encounter.area).val except EraAreaStore.DoesNotExist: area_stats = None phases = _safe_get(lambda: dump['Category']['encounter']['phase_order'] + ['All'], list(dump['Category']['combat']['Phase'].keys())) partyfunc = lambda member: member['party'] namefunc = lambda member: member['name'] parties = { party: { "members": sorted(members, key=namefunc), "phases": { phase: { "actual": _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup'][str(party)]['Metrics']['damage']['To']['*All']), "actual_boss": _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup'][str(party)]['Metrics']['damage']['To']['*Boss']), "received": _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup'][str(party)]['Metrics']['damage']['From']['*All']), "shielded": _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup'][str(party)]['Metrics']['shielded']['From']['*All']), "buffs": _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup'][str(party)]['Metrics']['buffs']['From']['*All']), "buffs_out": _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup'][str(party)]['Metrics']['buffs']['To']['*All']), "events": _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup'][str(party)]['Metrics']['events']), "mechanics": _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup'][str(party)]['Metrics']['mechanics']), } for phase in phases } } for party, members in groupby(sorted(members, key=partyfunc), partyfunc) } private = False encounter_showable = True for party_no, party in parties.items(): for member in party['members']: if member['account'] in own_account_names: member['self'] = True member['phases'] = { phase: { 'actual': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Player'][member['name']]['Metrics']['damage']['To']['*All']), 'actual_boss': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Player'][member['name']]['Metrics']['damage']['To']['*Boss']), 'received': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Player'][member['name']]['Metrics']['damage']['From']['*All']), 'shielded': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Player'][member['name']]['Metrics']['shielded']['From']['*All']), 'buffs': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Player'][member['name']]['Metrics']['buffs']['From']['*All']), 'buffs_out': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Player'][member['name']]['Metrics']['buffs']['To']['*All']), 'events': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Player'][member['name']]['Metrics']['events']), 'mechanics': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Player'][member['name']]['Metrics']['mechanics']), 'archetype': _safe_get(lambda: area_stats[phase]['build'][str(member['profession'])][str(member['elite'])][str(member['archetype'])]), } for phase in phases } user_profile = UserProfile.objects.filter(user__accounts__name=member['account']) if user_profile: privacy = user_profile[0].privacy else: privacy = UserProfile.SQUAD if 'self' not in member and (privacy == UserProfile.PRIVATE or (privacy == UserProfile.SQUAD and not own_account_names)): member['name'] = '' member['account'] = '' private = True encounter_showable = False max_player_dps = max(_safe_get(lambda: data['Metrics']['damage']['To']['*All']['dps']) for phasename, phase in dump['Category']['combat']['Phase'].items() for player, data in phase['Player'].items()) max_player_recv = max(_safe_get(lambda: data['Metrics']['damage']['From']['*All']['total']) for phasename, phase in dump['Category']['combat']['Phase'].items() for player, data in phase['Player'].items()) data = { "encounter": { "evtc_version": _safe_get(lambda: dump['Category']['encounter']['evtc_version']), "id": encounter.id, "url_id": encounter.url_id, "name": encounter.area.name, "filename": encounter.filename, "uploaded_at": encounter.uploaded_at, "uploaded_by": encounter.uploaded_by.username, "started_at": encounter.started_at, "duration": encounter.duration, "success": encounter.success, "tags": encounter.tagstring, "category": encounter.category_id, "phase_order": phases, "participated": own_account_names != [], "boss_metrics": [metric.__dict__ for metric in BOSSES[encounter.area_id].metrics], "max_player_dps": max_player_dps, "max_player_recv": max_player_recv, "phases": { phase: { 'duration': encounter.duration if phase == "All" else _safe_get(lambda: dump['Category']['encounter']['Phase'][phase]['duration']), 'group': _safe_get(lambda: area_stats[phase]['group']), 'individual': _safe_get(lambda: area_stats[phase]['individual']), 'actual': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup']['*All']['Metrics']['damage']['To']['*All']), 'actual_boss': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup']['*All']['Metrics']['damage']['To']['*Boss']), 'received': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup']['*All']['Metrics']['damage']['From']['*All']), 'shielded': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup']['*All']['Metrics']['shielded']['From']['*All']), 'buffs': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup']['*All']['Metrics']['buffs']['From']['*All']), 'buffs_out': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup']['*All']['Metrics']['buffs']['To']['*All']), 'events': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup']['*All']['Metrics']['events']), 'mechanics': _safe_get(lambda: dump['Category']['combat']['Phase'][phase]['Subgroup']['*All']['Metrics']['mechanics']), } for phase in phases }, "parties": parties, } } if encounter_showable or request.user.is_staff: if encounter.gdrive_url: data['encounter']['evtc_url'] = encounter.gdrive_url; # XXX relic TODO remove once we fully cross to GDrive? if hasattr(settings, 'UPLOAD_DIR'): path = encounter.diskname() if isfile(path): data['encounter']['downloadable'] = True if json: return JsonResponse(data) else: return _html_response(request, { "name": "encounter", "no": encounter.url_id }, data)
def view_generic(request, domain, app_id=None, module_id=None, form_id=None, copy_app_form=None, release_manager=False, module_unique_id=None, form_unique_id=None): """ This is the main view for the app. All other views redirect to here. """ if form_id and not module_id and module_unique_id is None: return bail(request, domain, app_id) app = module = form = None try: if app_id: app = get_app(domain, app_id) if module_id: try: module = app.get_module(module_id) except ModuleNotFoundException: raise Http404() if not module.unique_id: module.get_or_create_unique_id() app.save() elif module_unique_id: try: module = app.get_module_by_unique_id(module_unique_id) except ModuleNotFoundException: raise Http404() module_id = module.id if form_id and module is not None: try: form = module.get_form(form_id) except IndexError: raise Http404() elif form_unique_id: try: form = app.get_form(form_unique_id) except FormNotFoundException: raise Http404() form_id = form.id if form is not None and module is None: # this is the case where only the form_unique_id is given module = form.get_module() module_id = module.id except (ModuleNotFoundException, FormNotFoundException): return bail(request, domain, app_id) # Application states that should no longer exist if app: if app.application_version == APP_V1: _assert = soft_assert() _assert(False, 'App version 1.0', { 'domain': domain, 'app_id': app_id }) return render(request, "app_manager/no_longer_supported.html", { 'domain': domain, 'app': app, }) if not app.vellum_case_management and not app.is_remote_app(): # Soft assert but then continue rendering; template will contain a user-facing warning _assert = soft_assert(['jschweers' + '@' + 'dimagi.com']) _assert(False, 'vellum_case_management=False', { 'domain': domain, 'app_id': app_id }) if (form is not None and "usercase_preload" in getattr(form, "actions", {}) and form.actions.usercase_preload.preload): _assert = soft_assert(['dmiller' + '@' + 'dimagi.com']) _assert( False, 'User property easy refs + old-style config = bad', { 'domain': domain, 'app_id': app_id, 'module_id': module_id, 'module_unique_id': module_unique_id, 'form_id': form_id, 'form_unique_id': form_unique_id, }) context = get_apps_base_context(request, domain, app) if app and app.copy_of: # redirect to "main" app rather than specific build return HttpResponseRedirect( reverse("view_app", args=[domain, app.copy_of])) context.update({ 'module': module, 'form': form, }) lang = context['lang'] if app and not module and hasattr(app, 'translations'): context.update({"translations": app.translations.get(lang, {})}) if app and not app.is_remote_app(): context.update({ 'add_ons': add_ons.get_dict(request, app, module, form), 'add_ons_layout': add_ons.get_layout(request), }) if form: template, form_context = get_form_view_context_and_template( request, domain, form, context['langs'], current_lang=lang) context.update(form_context) elif module: template = get_module_template(request.user, module) # make sure all modules have unique ids app.ensure_module_unique_ids(should_save=True) module_context = get_module_view_context(app, module, lang) context.update(module_context) elif app: context.update(get_app_view_context(request, app)) template = 'app_manager/app_view_settings.html' if release_manager: template = 'app_manager/app_view_release_manager.html' if release_manager: context.update(get_releases_context(request, domain, app_id)) context.update({ 'is_app_settings_page': not release_manager, }) else: from corehq.apps.dashboard.views import DomainDashboardView return HttpResponseRedirect( reverse(DomainDashboardView.urlname, args=[domain])) # update multimedia context for forms and modules. menu_host = form or module if menu_host: default_file_name = 'module%s' % module_id if form: default_file_name = '%s_form%s' % (default_file_name, form_id) specific_media = [{ 'menu_refs': app.get_menu_media(module, module_id, form=form, form_index=form_id, to_language=lang), 'default_file_name': '{name}_{lang}'.format(name=default_file_name, lang=lang), }] if not form and module and not isinstance( module, ReportModule) and module.uses_media(): def _make_name(suffix): return "{default_name}_{suffix}_{lang}".format( default_name=default_file_name, suffix=suffix, lang=lang, ) specific_media.append({ 'menu_refs': app.get_case_list_form_media(module, module_id, to_language=lang), 'default_file_name': _make_name('case_list_form'), 'qualifier': 'case_list_form_', }) specific_media.append({ 'menu_refs': app.get_case_list_menu_item_media(module, module_id, to_language=lang), 'default_file_name': _make_name('case_list_menu_item'), 'qualifier': 'case_list-menu_item_', }) if (toggles.CASE_LIST_LOOKUP.enabled(request.user.username) or toggles.CASE_LIST_LOOKUP.enabled(app.domain) or toggles.BIOMETRIC_INTEGRATION.enabled(app.domain)): specific_media.append({ 'menu_refs': app.get_case_list_lookup_image(module, module_id), 'default_file_name': '{}_case_list_lookup'.format(default_file_name), 'qualifier': 'case-list-lookupcase', }) if hasattr(module, 'product_details'): specific_media.append({ 'menu_refs': app.get_case_list_lookup_image(module, module_id, type='product'), 'default_file_name': '{}_product_list_lookup'.format(default_file_name), 'qualifier': 'case-list-lookupproduct', }) uploaders = { 'icon': MultimediaImageUploadController( "hqimage", reverse(ProcessImageFileUploadView.urlname, args=[app.domain, app.get_id])), 'audio': MultimediaAudioUploadController( "hqaudio", reverse(ProcessAudioFileUploadView.urlname, args=[app.domain, app.get_id])), } context.update({ 'multimedia': { "object_map": app.get_object_map(), 'upload_managers': uploaders, 'upload_managers_js': {type: u.js_options for type, u in six.iteritems(uploaders)}, } }) context['module_icon'] = None if toggles.CUSTOM_ICON_BADGES.enabled(domain): context[ 'module_icon'] = module.custom_icon if module.custom_icon else CustomIcon( ) try: context['multimedia']['references'] = app.get_references() except ReportConfigurationNotFoundError: pass context['nav_menu_media_specifics'] = specific_media error = request.GET.get('error', '') context.update({ 'error': error, 'app': app, }) # Pass form for Copy Application to template domain_names = [ d.name for d in Domain.active_for_user(request.couch_user) if not (is_linked_domain(request.domain) and get_domain_master_link( request.domain).master_domain == d.name) ] domain_names.sort() if app and copy_app_form is None: toggle_enabled = toggles.EXPORT_ZIPPED_APPS.enabled( request.user.username) copy_app_form = CopyApplicationForm( domain, app, export_zipped_apps_enabled=toggle_enabled) context.update({ 'domain_names': domain_names, }) linked_domains_enabled = toggles.LINKED_DOMAINS.enabled(domain) context.update({ 'copy_app_form': copy_app_form, 'linked_domains_enabled': linked_domains_enabled, }) context['latest_commcare_version'] = get_commcare_versions( request.user)[-1] if (app and app.doc_type in ('Application', 'LinkedApplication') and has_privilege(request, privileges.COMMCARE_LOGO_UPLOADER)): uploader_slugs = list(ANDROID_LOGO_PROPERTY_MAPPING.keys()) from corehq.apps.hqmedia.controller import MultimediaLogoUploadController from corehq.apps.hqmedia.views import ProcessLogoFileUploadView uploaders = [ MultimediaLogoUploadController( slug, reverse( ProcessLogoFileUploadView.urlname, args=[domain, app_id, slug], )) for slug in uploader_slugs ] context.update({ "sessionid": request.COOKIES.get('sessionid'), "uploaders": uploaders, "uploaders_js": [u.js_options for u in uploaders], "refs": { slug: ApplicationMediaReference( app.logo_refs.get(slug, {}).get("path", slug), media_class=CommCareImage, module_id=app.logo_refs.get(slug, {}).get("m_id"), ).as_dict() for slug in uploader_slugs }, "media_info": { slug: app.logo_refs.get(slug) for slug in uploader_slugs if app.logo_refs.get(slug) }, }) context.update({ 'show_live_preview': app and should_show_preview_app(request, app, request.couch_user.username), 'can_preview_form': request.couch_user.has_permission(domain, 'edit_data') }) confirm = request.session.pop('CONFIRM', False) context.update({'confirm': confirm}) response = render(request, template, context) response.set_cookie('lang', encode_if_unicode(lang)) return response
def manage_files(request, oid, obj_type): if not settings.FEATURE_AUTHORIZATION_V2 and not request.user.is_staff: raise PermissionDenied if obj_type == 'Engagement': obj = get_object_or_404(Engagement, pk=oid) if settings.FEATURE_AUTHORIZATION_V2: user_has_permission_or_403(request.user, obj, Permissions.Engagement_Edit) obj_vars = ('view_engagement', 'engagement_set') elif obj_type == 'Test': obj = get_object_or_404(Test, pk=oid) if settings.FEATURE_AUTHORIZATION_V2: user_has_permission_or_403(request.user, obj, Permissions.Test_Edit) obj_vars = ('view_test', 'test_set') elif obj_type == 'Finding': obj = get_object_or_404(Finding, pk=oid) if settings.FEATURE_AUTHORIZATION_V2: user_has_permission_or_403(request.user, obj, Permissions.Finding_Edit) obj_vars = ('view_finding', 'finding_set') else: raise Http404() files_formset = ManageFileFormSet(queryset=obj.files.all()) error = False if request.method == 'POST': files_formset = ManageFileFormSet( request.POST, request.FILES, queryset=obj.files.all()) if files_formset.is_valid(): # remove all from database and disk files_formset.save() for o in files_formset.deleted_objects: logger.debug("removing file: %s", o.file.name) os.remove(os.path.join(settings.MEDIA_ROOT, o.file.name)) for o in files_formset.new_objects: logger.debug("adding file: %s", o.file.name) obj.files.add(o) orphan_files = FileUpload.objects.filter(engagement__isnull=True, test__isnull=True, finding__isnull=True) for o in orphan_files: logger.debug("purging orphan file: %s", o.file.name) os.remove(os.path.join(settings.MEDIA_ROOT, o.file.name)) o.delete() messages.add_message( request, messages.SUCCESS, 'Files updated successfully.', extra_tags='alert-success') else: error = True messages.add_message( request, messages.ERROR, 'Please check form data and try again.', extra_tags='alert-danger') if not error: return HttpResponseRedirect(reverse(obj_vars[0], args=(oid, ))) return render( request, 'dojo/manage_files.html', { 'files_formset': files_formset, 'obj': obj, 'obj_type': obj_type, })
def owner_info(request, carowner_id): try: owner = CarOwner.objects.get(pk=carowner_id) except CarOwner.DoesNotExist: raise Http404("car owner does not exist") return render(request, 'owner.html', {'owner': owner})
def post(self, request): raise Http404("GET of this page does not exist, you need get")
def dispatch(self, request, *args, **kwargs): if not services.is_valid_link(self.get_object().created_at): raise Http404() return super().dispatch(request, *args, **kwargs)