def process_user(self, user):
if "shoop.front.apps.auth" not in settings.INSTALLED_APPS:
raise Problem(_(u"The `shoop.front.apps.auth` app needs to be enabled for password reset."))
r = RecoverPasswordForm()
r.request = self.request
if r.process_user(user):
messages.success(self.request, _(u"Password recovery email sent to %(email)s") % {"email": user.email})
else:
raise Problem(_(u"Sending the password recovery email failed."))
def _get_unauth_response(self, request, reason):
"""
Get an error response (or raise a Problem) for a given request and reason message.
:type request: Request
:param request: HttpRequest
:type reason: Reason string
:param reason: str
"""
if request.is_ajax():
return HttpResponseForbidden(
json.dumps({"error": force_text(reason)}))
resp = redirect_to_login(
next=request.path,
login_url="%s?%s" %
(reverse("shoop_admin:login"), urlencode({"error": reason})))
if request.user.is_authenticated():
# Instead of redirecting to the login page, let the user know what's wrong with
# a helpful link.
raise (Problem(
_("Can't view this page. %(reason)s") % {
"reason": reason
}).with_link(url=resp.url,
title=_("Log in with different credentials…")))
return resp
def handle_post_delete_file(self, data):
file = File.objects.get(pk=data["id"])
try:
file.delete()
except IntegrityError as ie:
raise Problem(str(ie))
return JsonResponse({"success": True, "message": _("File deleted.")})
def check_and_raise_if_only_one_allowed(setting_name, obj):
if getattr(settings, setting_name, True):
return
if not obj.pk and obj.__class__.objects.count() >= 1:
raise Problem(
_("Only one %(model)s permitted.") %
{"model": obj._meta.verbose_name})
def post(self, request, *args, **kwargs):
order = self.object = self.get_object()
new_status = OrderStatus.objects.get(pk=int(request.POST["status"]))
old_status = order.status
if new_status.role == OrderStatusRole.COMPLETE and not order.can_set_complete():
raise Problem(_("Unable to set order as completed at this point"))
if new_status.role == OrderStatusRole.CANCELED and not order.can_set_canceled():
raise Problem(_("Paid, shipped, or canceled orders cannot be canceled"))
order.status = new_status
order.save(update_fields=("status",))
message = _("Order status changed: {old_status} to {new_status}").format(
old_status=old_status, new_status=new_status)
order.add_log_entry(message, user=request.user, identifier="status_change")
messages.success(self.request, message)
return HttpResponseRedirect(get_model_url(self.get_object()))
def process_payment_return_request(self, order, request):
checkout = self._get_checkout_object()
fields = {
"version": request.REQUEST.get("VERSION"),
"order_number": request.REQUEST.get("STAMP"),
"order_reference": request.REQUEST.get("REFERENCE"),
"payment": request.REQUEST.get("PAYMENT"),
"status": request.REQUEST.get("STATUS"),
"algorithm": request.REQUEST.get("ALGORITHM"),
"mac": request.REQUEST.get("MAC"),
}
if not all(fields.values()):
messages.warning(request, u"Arvoja puuttuu.")
return
status = int(fields["status"])
if status < 0:
messages.warning(request, u"Peruit maksamisen. Yritä uudestaan.")
return
if status in (2, 3, 5, 6, 8, 9, 10):
if checkout.validate_payment_return(**fields):
payment_id = fields["payment"]
order.create_payment(order.taxful_total_price,
payment_identifier="Checkout.fi %s" %
payment_id,
description="Checkout.fi %s (ref %s)" %
(payment_id, fields["order_reference"]))
else:
messages.warning(request, u"Maksun validointi epäonnistui.")
return
raise Problem("Unknown return code %s" % status)
def dispatch_command(self, request, command):
product = self.object
if command == "clear_package":
clear_existing_package(product)
messages.success(self.request, _("Package cleared."))
else:
raise Problem("Unknown command: %s" % command)
return HttpResponseRedirect(self.get_success_url())
def get_object(self, queryset=None):
obj = super(ShopEditView, self).get_object(queryset)
if not settings.SHOOP_ENABLE_MULTIPLE_SHOPS:
if not obj.pk and Shop.objects.count() >= 1:
# This seems like a new object, but there already is (at least) one shop...
raise Problem(_(u"Only one shop permitted."))
return obj
def _handle_set_is_active(self):
state = bool(int(self.request.POST["set_is_active"]))
if not state:
if (getattr(self.object, 'is_superuser', False)
and not getattr(self.request.user, 'is_superuser', False)):
raise Problem(_("You can not deactivate a superuser."))
if self.object == self.request.user:
raise Problem(_("You can not deactivate yourself."))
self.object.is_active = state
self.object.save(update_fields=("is_active", ))
messages.success(
self.request,
_("%(user)s is now %(state)s.") % {
"user": self.object,
"state": _("active") if state else _("inactive")
})
return HttpResponseRedirect(self.request.path)
def dispatch(self, request, *args, **kwargs):
user = self.get_target_user()
token = self.kwargs["token"]
valid = (user is not None and self.token_generator.check_token(user, token))
if not valid:
raise Problem(_(u"This recovery link is invalid."))
return super(RecoverPasswordConfirmView, self).dispatch(request, *args, **kwargs)
def __init__(self, changing_user, target_user, *args, **kwargs):
super(PasswordChangeForm, self).__init__(*args, **kwargs)
self.changing_user = changing_user
self.target_user = target_user
if self.target_user.is_superuser and not self.changing_user.is_superuser:
raise Problem(_("You can not change the password of a superuser."))
if not (self.changing_user == self.target_user
or self.target_user.is_superuser):
# Only require old password when changing your own or a superuser's password.
self.fields.pop("old_password")
def dispatch_command(self, request, command):
product = self.object
if command == "unvariate":
product.clear_variation()
messages.success(self.request, _("Variation cleared."))
elif command == "simplify":
product.simplify_variation()
messages.success(self.request, _("Variation simplified."))
else:
raise Problem("Unknown command: %s" % command)
return HttpResponseRedirect(self.get_success_url())
def get(self, request, *args, **kwargs):
product = self.object = self.get_object()
if product.mode == ProductMode.VARIATION_CHILD:
return redirect("shoop:product",
pk=product.variation_parent.pk,
slug=product.variation_parent.slug)
shop_product = self.shop_product = product.get_shop_instance(
request.shop)
if not shop_product:
raise Problem(_(u"This product is not available in this shop."))
errors = list(
shop_product.get_visibility_errors(customer=request.customer))
if errors:
raise Problem("\n".join(extract_messages(errors)))
return super(ProductDetailView, self).get(request, *args, **kwargs)
def process_payment_return_request(self, order, request):
mac = self.compute_pseudo_mac(order)
if request.REQUEST.get("mac") != mac:
raise Problem(u"Invalid MAC.")
if not order.is_paid():
order.create_payment(
order.taxful_total_price,
payment_identifier="Pseudo-%s" % now().isoformat(),
description="Shoop Pseudo Payment Service Payment")
messages.success(
request, u"Pseudo Payment successfully processed the request.")
def dispatch(self, request, *args, **kwargs):
# This view only dispatches further to the method module's own detail view class
object = self.get_object()
module = object.module
if not module.admin_detail_view_class:
raise Problem("Module %s has no admin detail view" % module.name)
if isinstance(module.admin_detail_view_class, six.text_type):
view_class = load(module.admin_detail_view_class)
else:
view_class = module.admin_detail_view_class
kwargs["object"] = object
return view_class(model=self.model).dispatch(request, *args, **kwargs)
def form_valid(self, form):
file = form.cleaned_data["file"]
if not file.name.endswith(".zip"):
raise Problem("Only ZIP files are supported")
# TODO: Maybe verify the file before saving?
filename = "shoop-addon-%s-%s" % (uuid.uuid4(),
os.path.basename(file.name))
with open(os.path.join(tempfile.gettempdir(), filename), "wb") as outf:
shutil.copyfileobj(file, outf)
return HttpResponseRedirect(
manipulate_query_string(
reverse("shoop_admin:addon.upload_confirm"), file=filename))
def dispatch(self, request, *args, **kwargs): # doccov: ignore
if not could_edit(request):
raise Problem(_("No access to editing"))
self._populate_vars()
if self.default_layout:
self.view_config.save_default_placeholder_layout(
self.placeholder_name, self.default_layout)
# We saved the default layout, so get rid of the humongous GET arg and try again
get_args = dict(self.request.GET.items())
get_args.pop("default_config", None)
return HttpResponseRedirect(
"%s?%s" % (self.request.path, urlencode(get_args)))
return super(EditorView, self).dispatch(request, *args, **kwargs)
def render_html_to_pdf(html, stylesheet_paths=[]):
if not weasyprint:
raise Problem(
_("Could not create PDF since Weasyprint is not available. Please contact support."
))
stylesheets = []
for stylesheet_path in stylesheet_paths:
stylesheets.append(
weasyprint.CSS(string=_fetch_static_resource_str(stylesheet_path)))
pdf = weasyprint.HTML(
string=html,
url_fetcher=_custom_url_fetcher).write_pdf(stylesheets=stylesheets)
return wrap_pdf_in_response(pdf)
def __init__(self, **kwargs):
super(ReloadMethodForm, self).__init__(**kwargs)
self.reload_methods = list(self.get_viable_reload_methods())
if not self.reload_methods:
raise Problem(
"There are no viable reload methods available. Please contact your system administrator."
)
self.fields["reload_method"] = forms.ChoiceField(
choices=[(rm.identifier, rm.title) for rm in self.reload_methods],
label=_("Reload Method"),
initial=self.reload_methods[0].identifier,
widget=forms.RadioSelect)
def dispatch(self, request, *args, **kwargs): # doccov: ignore
if not could_edit(request):
raise Problem(_("No access to editing"))
self._populate_vars()
if self.default_layout:
self.view_config.save_default_placeholder_layout(self.placeholder_name, self.default_layout)
# We saved the default layout, so get rid of the humongous GET arg and try again
get_args = dict(self.request.GET.items())
get_args.pop("default_config", None)
global_type = get_args.pop("global_type", None)
if global_type:
get_args["view"] = XTHEME_GLOBAL_VIEW_NAME
# We are overriding the view with XTHEME_GLOBAL_VIEW_NAME if this is a global placeholder
return HttpResponseRedirect("%s?%s" % (self.request.path, urlencode(get_args)))
return super(EditorView, self).dispatch(request, *args, **kwargs)
def command_dispatch(request):
"""
Xtheme command dispatch view.
:param request: A request
:type request: django.http.HttpRequest
:return: A response
:rtype: django.http.HttpResponse
"""
command = request.POST.get("command")
if command:
response = handle_command(request, command)
if response:
return response
raise Problem("Unknown command: %r" % command)
def get_form_defs(self):
bind_user_id = self.request.REQUEST.get("user_id")
if bind_user_id:
bind_user = get_user_model().objects.get(pk=bind_user_id)
if PersonContact.objects.filter(user=bind_user).exists():
raise Problem(_("User %(bind_user)s already has a contact", bind_user=bind_user))
else:
bind_user = None
yield TemplatedFormDef(
"base",
ContactBaseForm,
template_name="shoop/admin/contacts/_edit_base_form.jinja",
required=True,
kwargs={"instance": self.object, "bind_user": bind_user}
)
def _populate_vars(self):
theme = get_theme_by_identifier(self.request.GET["theme"])
if not theme:
raise Problem(_("Unable to determine current theme."))
self.view_config = ViewConfig(theme=theme,
view_name=self.request.GET["view"],
draft=True)
self.placeholder_name = self.request.GET["ph"]
self.default_layout = self._get_default_layout()
self.layout = self.view_config.get_placeholder_layout(
placeholder_name=self.placeholder_name,
default_layout=self.default_layout)
(x, y) = self.current_cell_coords = (
int(self.request.GET.get("x", -1)),
int(self.request.GET.get("y", -1)),
)
self.current_cell = self.layout.get_cell(x=x, y=y)
self.build_form()
def post(self, request, *args, **kwargs): # doccov: ignore
command = request.POST.get("command")
if command:
dispatcher = getattr(self, "dispatch_%s" % command, None)
if not callable(dispatcher):
raise Problem(_("Unknown command %s") % command)
dispatch_kwargs = dict(request.POST.items())
rv = dispatcher(**dispatch_kwargs)
if rv:
return rv
self.request.method = "GET" # At this point, we won't want to cause form validation
self.build_form() # and it's not a bad idea to rebuild the form
return super(EditorView, self).get(request, *args, **kwargs)
if request.POST.get("save") and self.form and self.form.is_valid():
self.form.save()
self.save_layout()
return super(EditorView, self).get(request, *args, **kwargs)
def handle(self, command, kwargs=None):
"""
Dispatch and handle processing of the given command.
:param command: Name of command to run
:type command: unicode
:param kwargs: Arguments to pass to the command handler. If empty, `request.POST` is used.
:type kwargs: dict
:return: response
:rtype: HttpResponse
"""
kwargs = kwargs or dict(six.iteritems(self.request.POST))
try:
handler = self.get_command_handler(command)
if not handler or not callable(handler):
raise Problem(_(u"Invalid command %s") % command)
kwargs.pop(
"csrfmiddlewaretoken",
None) # The CSRF token should never be passed as a kwarg
kwargs.pop("command", None) # Nor the command
kwargs.update(request=self.request, basket=self.basket)
kwargs = self.preprocess_kwargs(command, kwargs)
response = handler(**kwargs) or {}
except (Problem, ValidationError) as exc:
if not self.ajax:
raise
response = {
"error":
force_text(exc, errors="ignore"),
"code":
force_text(getattr(exc, "code", None) or "", errors="ignore")
}
response = self.postprocess_response(command, kwargs, response)
if self.ajax:
return JsonResponse(response)
return_url = (response.get("return") or kwargs.get("return"))
if return_url and return_url.startswith("/"):
return HttpResponseRedirect(return_url)
return redirect("shoop:basket")
def get_object(self, queryset=None):
contact = self.get_contact()
user = getattr(contact, "user", None)
if not user:
raise Problem(_(u"The contact does not have an associated user."))
return user
