def add(request):
if request.method == 'POST':
#-- Handle new quotes --
# Save quote
request.POST[
'quote_posters'] = request.user.username # So altering this in the POST request does nothing
quote_form = QuoteForm(request.POST)
quote_form.save()
return redirect('/intranet/quote/')
else:
# -- Handle quote adding --
# Make new form and prepopulate it with poster name
quote_form = QuoteForm()
quote_form.fields["quote_posters"].widget = forms.HiddenInput()
# We aren't going to depend on a quote_posters variable that is set here (for security reasons)
return render_to_response('intranet/quote/add.html', {
"section": "intranet",
"page": 'quote',
"form": quote_form,
"members": Member.objects.all(),
"user": request.user
},
context_instance=RequestContext(request))
def edit(request, quoteId=1):
# Quote editing/modification logic
if (request.method == 'POST') and ('delete' in request.POST):
# --- Handle delete requests ---
quote_in_question = get_object_or_404(Quote, pk=quoteId)
quote_in_question.delete()
return redirect('/intranet/quote/')
elif (request.method == 'POST'):
# --- Handle save requests (from edit form to quote list) ---
quote_in_question = get_object_or_404(Quote, pk=quoteId)
# Add current user to _posters list, if necessary
if not ("," + request.user.username +
",") in quote_in_question.quote_posters:
# Strip is used to provide backwards compatibility with old quotes
quote_in_question.quote_posters = "," + quote_in_question.quote_posters.strip(
",") + "," + request.user.username + ","
quote_form = QuoteForm(request.POST, instance=quote_in_question)
quote_form.save()
return redirect('/intranet/quote/')
else:
# Make sure quote editor can actually edit the current quote (and reject their request if they can't)
user = request.user
quote_obj = get_object_or_404(Quote, pk=quoteId)
quote_usernames = quote_obj.quote_sources.strip(",").split(",")
poster_usernames = quote_obj.quote_posters.strip(",").split(",")
canEdit = (not user.is_anonymous() and
(user.username in quote_usernames) or
(user.username in poster_usernames)) or (user.is_top4())
if (not canEdit):
raise PermissionDenied # Current user cannot edit this quote
# --- Handle edit page requests (from quote list to edit form) ---
# Get authors' Member objects
quoteMembers = Member.objects.filter(username__in=quote_usernames)
# Unescape escaped quote text
quote_obj.quote_text = HTMLParser.HTMLParser().unescape(
quote_obj.quote_text)
# Remove hashtags/authortags in text
quote_obj.quote_text = string.replace(
re.sub("<a href='.+?'>", "", quote_obj.quote_text), "</a>", "")
# Convert <br />'s into newlines (\n - TODO?: this may cause issues for Windows users)
quote_obj.quote_text = string.replace(quote_obj.quote_text, "<br />",
"\n")
quote_form = QuoteForm(instance=quote_obj)
quote_form.fields["quote_posters"].widget = forms.HiddenInput()
# -- Handle quote editing --
return render_to_response('intranet/quote/edit.html', {
"section": "intranet",
"page": 'quote',
"form": quote_form,
"members": Member.objects.all(),
"quoteMembers": quoteMembers,
"quote_id": quoteId,
"user": request.user
},
context_instance=RequestContext(request))
