def Login(request): """ To login user and check if he is admin """ ## first check if he already logined and he try to XSS if is_logined(request): return redirect(profile) if request.method == 'POST': username = request.POST['username'] password = request.POST['password'] ## if there is match for username and password user = authenticate(request, username=username, password=password) if user: login(request, user) ## if admin who logined redirect him to adminstration page if this_is_admin(request): return redirect(adminstration) return redirect(profile) else: err_msg(request, 'username or password is incorrect') return redirect(log_in) else: return render(request, 'login.html')
def SubmitComment(request, change_type, change_id): if is_logined(request): if request.method == 'POST': content = request.POST['content'] ## add the comment to the table comment = Comment(content=content) comment.save() ## add the comment to the change Type = change_types[change_type] change = get_object(Type, id=change_id) change.user_notes.add(comment) return redirect_prev_page(request) else: return HttpResponse('this is not a post') else: return redirect(log_in)
def SubmitCommentReplay(request, comment_id): if is_logined(request): if request.method == 'POST': content = request.POST['content'] ## add the comment to the table comment = get_object(Comment, id=comment_id) if comment and not comment.replay: clone_comment = comment clone_comment.replay = content comment = clone_comment comment.save() return redirect_prev_page(request) else: return HttpResponse('this is not a post') else: return redirect(log_in)
def OpenProject(request, slug): ## check he is_logined(request) if is_logined(request): ## be sure that user ask for his project or admin who ask project, context = has_access_to_project(request, slug) if project: versions = project.project_versions.all() comment_form = CommentForm() context.update({ 'project': project, 'versions': versions, 'comment_field': comment_form, }) return render(request, 'project2.html', context) else: err_msg(request, 'You Dont Have Access For This Project') return redirect(profile) else: return redirect(log_in)
def OpenProfile(request, slug): """ user can only open his profile """ ## first check he is logined if is_logined(request): ## check if he ask for his profile # else see if he admin else redirect to his profile user = request.user.username if slug == slugify(user): ## load his profile return load_profile(request, slug) else: if this_is_admin(request): ## load profile as admin give u access to create projects context = {'admin': True} return load_profile(request, slug, context) else: ## someone try to access other redirect him to his profile return redirect(profile) else: ## not logined has no access to any profile return redirect(log_in)
def Logout(request): """ logout if logined else redirect to login page """ if is_logined(request): logout(request) return redirect(log_in)