def dispatch(self, request, *args, **kwargs): if self.permission_policy is not None: if self.permission_required is not None: if not self.permission_policy.user_has_permission(request.user, self.permission_required): return permission_denied(request) if self.any_permission_required is not None: if not self.permission_policy.user_has_any_permission(request.user, self.any_permission_required): return permission_denied(request) return super(PermissionCheckedMixin, self).dispatch(request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs): if self.permission_policy is not None: if self.permission_required is not None: if not self.permission_policy.user_has_permission( request.user, self.permission_required): return permission_denied(request) if self.any_permission_required is not None: if not self.permission_policy.user_has_any_permission( request.user, self.any_permission_required): return permission_denied(request) return super(PermissionCheckedMixin, self).dispatch(request, *args, **kwargs)
def delete(request, image_id): image = get_object_or_404(get_image_model(), id=image_id) if not permission_policy.user_has_permission_for_instance( request.user, 'delete', image): return permission_denied(request) if image.folder: parent_folder = image.folder else: parent_folder = False if request.method == 'POST': image.delete() messages.success(request, _("Image '{0}' deleted.").format(image.title)) response = redirect('wagtailimages:index') if parent_folder: response['Location'] += '?folder={0}'.format(parent_folder.id) return response return render(request, "wagtailimages/images/confirm_delete.html", { 'image': image, })
def edit(request, redirect_id): theredirect = get_object_or_404(models.Redirect, id=redirect_id) if not permission_policy.user_has_permission_for_instance( request.user, 'change', theredirect ): return permission_denied(request) if request.method == 'POST': form = RedirectForm(request.POST, request.FILES, instance=theredirect) if form.is_valid(): form.save() messages.success(request, _("Redirect '{0}' updated.").format(theredirect.title), buttons=[ messages.button(reverse('wagtailredirects:edit', args=(theredirect.id,)), _('Edit')) ]) return redirect('wagtailredirects:index') else: messages.error(request, _("The redirect could not be saved due to errors.")) else: form = RedirectForm(instance=theredirect) return render(request, "wagtailredirects/edit.html", { 'redirect': theredirect, 'form': form, 'user_can_delete': permission_policy.user_has_permission(request.user, 'delete'), })
def edit(request, redirect_id): theredirect = get_object_or_404(models.Redirect, id=redirect_id) if not permission_policy.user_has_permission_for_instance(request.user, "change", theredirect): return permission_denied(request) if request.POST: form = RedirectForm(request.POST, request.FILES, instance=theredirect) if form.is_valid(): form.save() messages.success( request, _("Redirect '{0}' updated.").format(theredirect.title), buttons=[messages.button(reverse("wagtailredirects:edit", args=(theredirect.id,)), _("Edit"))], ) return redirect("wagtailredirects:index") else: messages.error(request, _("The redirect could not be saved due to errors.")) else: form = RedirectForm(instance=theredirect) return render( request, "wagtailredirects/edit.html", { "redirect": theredirect, "form": form, "user_can_delete": permission_policy.user_has_permission(request.user, "delete"), }, )
def delete(request, content_type_app_name, content_type_model_name, id): content_type = get_content_type_from_url_params(content_type_app_name, content_type_model_name) model = content_type.model_class() permission = get_permission_name('delete', model) if not request.user.has_perm(permission): return permission_denied(request) snippet_type_name = get_snippet_type_name(content_type)[0] instance = get_object_or_404(model, id=id) if request.POST: instance.delete() messages.success( request, _("{snippet_type} '{instance}' deleted.").format( snippet_type=capfirst(snippet_type_name), instance=instance)) return redirect('wagtailsnippets:list', content_type.app_label, content_type.model) return render( request, 'wagtailsnippets/snippets/confirm_delete.html', { 'content_type': content_type, 'snippet_type_name': snippet_type_name, 'instance': instance, })
def delete(request, content_type_app_name, content_type_model_name, id): content_type = get_content_type_from_url_params(content_type_app_name, content_type_model_name) model = content_type.model_class() permission = get_permission_name("delete", model) if not request.user.has_perm(permission): return permission_denied(request) snippet_type_name = get_snippet_type_name(content_type)[0] instance = get_object_or_404(model, id=id) if request.POST: instance.delete() messages.success( request, _("{snippet_type} '{instance}' deleted.").format( snippet_type=capfirst(snippet_type_name), instance=instance ), ) return redirect("wagtailsnippets:list", content_type.app_label, content_type.model) return render( request, "wagtailsnippets/snippets/confirm_delete.html", {"content_type": content_type, "snippet_type_name": snippet_type_name, "instance": instance}, )
def delete(request, document_id): Document = get_document_model() doc = get_object_or_404(Document, id=document_id) if not permission_policy.user_has_permission_for_instance( request.user, 'delete', doc): return permission_denied(request) if doc.folder: parent_folder = doc.folder else: parent_folder = False if request.method == 'POST': doc.delete() messages.success(request, _("Document '{0}' deleted.").format(doc.title)) response = redirect('wagtaildocs:index') if parent_folder: response['Location'] += '?folder={0}'.format(parent_folder.id) return response return render(request, "wagtaildocs/documents/confirm_delete.html", { 'document': doc, })
def edit(request, report_id): ReportPanel = get_report_panel_model() ReportPanelForm = get_report_panel_form(ReportPanel) report_panel = get_object_or_404(ReportPanel, id=report_id) if not permission_policy.user_has_permission_for_instance(request.user, 'change', report_panel): return permission_denied(request) if request.method == 'POST': form = ReportPanelForm(request.POST, request.FILES, instance=report_panel) # user=request.user if form.is_valid(): report = form.save() # Reindex the report to make sure all tags are indexed search_index.insert_or_update_object(report) messages.success(request, _("ReportPanel '{0}' updated").format(report.title), buttons=[ messages.button(reverse('wagtailreportpanels:edit', args=(report.id,)), _('Edit')) ]) return redirect('wagtailreportpanels:index') else: messages.error(request, _("The report panel could not be saved due to errors.")) else: form = ReportPanelForm(instance=report_panel) # TODO: user=request.user return render(request, "wagtailreports/report_panels/edit.html", { 'report_panel': report_panel, 'form': form, 'user_can_delete': permission_policy.user_has_permission_for_instance( request.user, 'delete', report_panel ), })
def edit(request, redirect_id): theredirect = get_object_or_404(models.Redirect, id=redirect_id) if not permission_policy.user_has_permission_for_instance( request.user, 'change', theredirect): return permission_denied(request) if request.method == 'POST': form = RedirectForm(request.POST, request.FILES, instance=theredirect) if form.is_valid(): form.save() messages.success( request, _("Redirect '{0}' updated.").format(theredirect.title), buttons=[ messages.button( reverse('wagtailredirects:edit', args=(theredirect.id, )), _('Edit')) ]) return redirect('wagtailredirects:index') else: messages.error(request, _("The redirect could not be saved due to errors.")) else: form = RedirectForm(instance=theredirect) return render( request, "wagtailredirects/edit.html", { 'redirect': theredirect, 'form': form, 'user_can_delete': permission_policy.user_has_permission(request.user, 'delete'), })
def list(request, content_type_app_name, content_type_model_name): content_type = get_content_type_from_url_params(content_type_app_name, content_type_model_name) model = content_type.model_class() permissions = [ get_permission_name(action, model) for action in ['add', 'change', 'delete'] ] if not any([request.user.has_perm(perm) for perm in permissions]): return permission_denied(request) snippet_type_name, snippet_type_name_plural = get_snippet_type_name(content_type) items = model.objects.all() # Pagination p = request.GET.get('p', 1) paginator = Paginator(items, 20) try: paginated_items = paginator.page(p) except PageNotAnInteger: paginated_items = paginator.page(1) except EmptyPage: paginated_items = paginator.page(paginator.num_pages) return render(request, 'wagtailsnippets/snippets/type_index.html', { 'content_type': content_type, 'snippet_type_name': snippet_type_name, 'snippet_type_name_plural': snippet_type_name_plural, 'items': paginated_items, 'can_add_snippet': request.user.has_perm(get_permission_name('add', model)), })
def list(request, app_label, model_name): model = get_snippet_model_from_url_params(app_label, model_name) permissions = [ get_permission_name(action, model) for action in ['add', 'change', 'delete'] ] if not any([request.user.has_perm(perm) for perm in permissions]): return permission_denied(request) items = model.objects.all() # Search is_searchable = class_is_indexed(model) is_searching = False search_query = None if is_searchable and 'q' in request.GET: search_form = SearchForm( request.GET, placeholder=_("Search %(snippet_type_name)s") % {'snippet_type_name': model._meta.verbose_name_plural}) if search_form.is_valid(): search_query = search_form.cleaned_data['q'] search_backend = get_search_backend() items = search_backend.search(search_query, items) is_searching = True else: search_form = SearchForm( placeholder=_("Search %(snippet_type_name)s") % {'snippet_type_name': model._meta.verbose_name_plural}) paginator, paginated_items = paginate(request, items) # Template if request.is_ajax(): template = 'wagtailsnippets/snippets/results.html' else: template = 'wagtailsnippets/snippets/type_index.html' return render( request, template, { 'model_opts': model._meta, 'items': paginated_items, 'can_add_snippet': request.user.has_perm(get_permission_name('add', model)), 'is_searchable': is_searchable, 'search_form': search_form, 'is_searching': is_searching, 'query_string': search_query, })
def dispatch(self, request, *args, **kwargs): if self.permission_required is not None: if not request.user.has_perm(self.permission_required): return permission_denied(request) if self.any_permission_required is not None: has_permission = False for perm in self.any_permission_required: if request.user.has_perm(perm): has_permission = True break if not has_permission: return permission_denied(request) return super(PermissionCheckedMixin, self).dispatch(request, *args, **kwargs)
def edit(request, document_id): Document = get_document_model() DocumentForm = get_document_form(Document) doc = get_object_or_404(Document, id=document_id) if not permission_policy.user_has_permission_for_instance(request.user, 'change', doc): return permission_denied(request) if request.method == 'POST': original_file = doc.file form = DocumentForm(request.POST, request.FILES, instance=doc, user=request.user) if form.is_valid(): if 'file' in form.changed_data: # if providing a new document file, delete the old one. # NB Doing this via original_file.delete() clears the file field, # which definitely isn't what we want... original_file.storage.delete(original_file.name) doc = form.save() # Reindex the document to make sure all tags are indexed for backend in get_search_backends(): backend.add(doc) messages.success(request, _("Document '{0}' updated").format(doc.title), buttons=[ messages.button(reverse('wagtaildocs:edit', args=(doc.id,)), _('Edit')) ]) return redirect('wagtaildocs:index') else: messages.error(request, _("The document could not be saved due to errors.")) else: form = DocumentForm(instance=doc, user=request.user) filesize = None # Get file size when there is a file associated with the Document object if doc.file: try: filesize = doc.file.size except OSError: # File doesn't exist pass if not filesize: messages.error( request, _("The file could not be found. Please change the source or delete the document"), buttons=[messages.button(reverse('wagtaildocs:delete', args=(doc.id,)), _('Delete'))] ) return render(request, "wagtaildocs/documents/edit.html", { 'document': doc, 'filesize': filesize, 'form': form, 'user_can_delete': permission_policy.user_has_permission_for_instance( request.user, 'delete', doc ), })
def edit(request, document_id): Document = get_document_model() DocumentForm = get_document_form(Document) doc = get_object_or_404(Document, id=document_id) if not permission_policy.user_has_permission_for_instance(request.user, 'change', doc): return permission_denied(request) if request.POST: original_file = doc.file form = DocumentForm(request.POST, request.FILES, instance=doc, user=request.user) if form.is_valid(): if 'file' in form.changed_data: # if providing a new document file, delete the old one. # NB Doing this via original_file.delete() clears the file field, # which definitely isn't what we want... original_file.storage.delete(original_file.name) doc = form.save() # Reindex the document to make sure all tags are indexed for backend in get_search_backends(): backend.add(doc) messages.success(request, _("Document '{0}' updated").format(doc.title), buttons=[ messages.button(reverse('wagtaildocs:edit', args=(doc.id,)), _('Edit')) ]) return redirect('wagtaildocs:index') else: messages.error(request, _("The document could not be saved due to errors.")) else: form = DocumentForm(instance=doc, user=request.user) filesize = None # Get file size when there is a file associated with the Document object if doc.file: try: filesize = doc.file.size except OSError: # File doesn't exist pass if not filesize: messages.error( request, _("The file could not be found. Please change the source or delete the document"), buttons=[messages.button(reverse('wagtaildocs:delete', args=(doc.id,)), _('Delete'))] ) return render(request, "wagtaildocs/documents/edit.html", { 'document': doc, 'filesize': filesize, 'form': form, 'user_can_delete': permission_policy.user_has_permission_for_instance( request.user, 'delete', doc ), })
def edit(request, media_id): Media = get_media_model() MediaForm = get_media_form(Media) media = get_object_or_404(Media, id=media_id) if not permission_policy.user_has_permission_for_instance(request.user, 'change', media): return permission_denied(request) if request.POST: original_file = media.file form = MediaForm(request.POST, request.FILES, instance=media, user=request.user) if form.is_valid(): if 'file' in form.changed_data: # if providing a new media file, delete the old one. # NB Doing this via original_file.delete() clears the file field, # which definitely isn't what we want... original_file.storage.delete(original_file.name) media = form.save() # Reindex the media entry to make sure all tags are indexed for backend in get_search_backends(): backend.add(media) messages.success(request, _("Media file '{0}' updated").format(media.title), buttons=[ messages.button(reverse('wagtailmedia:edit', args=(media.id,)), _('Edit')) ]) return redirect('wagtailmedia:index') else: messages.error(request, _("The media could not be saved due to errors.")) else: form = MediaForm(instance=media, user=request.user) filesize = None # Get file size when there is a file associated with the Media object if media.file: try: filesize = media.file.size except OSError: # File doesn't exist pass if not filesize: messages.error( request, _("The file could not be found. Please change the source or delete the media file"), buttons=[messages.button(reverse('wagtailmedia:delete', args=(media.id,)), _('Delete'))] ) return render(request, "wagtailmedia/media/edit.html", { 'media': media, 'filesize': filesize, 'form': form, 'user_can_delete': permission_policy.user_has_permission_for_instance( request.user, 'delete', media ), })
def url_generator(request, image_id): image = get_object_or_404(get_image_model(), id=image_id) if not permission_policy.user_has_permission_for_instance(request.user, "change", image): return permission_denied(request) form = URLGeneratorForm(initial={"filter_method": "original", "width": image.width, "height": image.height}) return render(request, "wagtailimages/images/url_generator.html", {"image": image, "form": form})
def list(request, content_type_app_name, content_type_model_name): content_type = get_content_type_from_url_params(content_type_app_name, content_type_model_name) model = content_type.model_class() permissions = [ get_permission_name(action, model) for action in ['add', 'change', 'delete'] ] if not any([request.user.has_perm(perm) for perm in permissions]): return permission_denied(request) snippet_type_name, snippet_type_name_plural = get_snippet_type_name(content_type) items = model.objects.all() # Search is_searchable = class_is_indexed(model) is_searching = False search_query = None if is_searchable and 'q' in request.GET: search_form = SearchForm(request.GET, placeholder=_("Search %(snippet_type_name)s") % { 'snippet_type_name': snippet_type_name_plural }) if search_form.is_valid(): search_query = search_form.cleaned_data['q'] search_backend = get_search_backend() items = search_backend.search(search_query, items) is_searching = True else: search_form = SearchForm(placeholder=_("Search %(snippet_type_name)s") % { 'snippet_type_name': snippet_type_name_plural }) paginator, paginated_items = paginate(request, items) # Template if request.is_ajax(): template = 'wagtailsnippets/snippets/results.html' else: template = 'wagtailsnippets/snippets/type_index.html' return render(request, template, { 'content_type': content_type, 'snippet_type_name': snippet_type_name, 'snippet_type_name_plural': snippet_type_name_plural, 'items': paginated_items, 'can_add_snippet': request.user.has_perm(get_permission_name('add', model)), 'is_searchable': is_searchable, 'search_form': search_form, 'is_searching': is_searching, 'query_string': search_query, })
def list(request, app_label, model_name): model = get_snippet_model_from_url_params(app_label, model_name) permissions = [ get_permission_name(action, model) for action in ['add', 'change', 'delete'] ] if not any([request.user.has_perm(perm) for perm in permissions]): return permission_denied(request) items = model.objects.all() # Preserve the snippet's model-level ordering if specified, but fall back on PK if not # (to ensure pagination is consistent) if not items.ordered: items = items.order_by('pk') # Search is_searchable = class_is_indexed(model) is_searching = False search_query = None if is_searchable and 'q' in request.GET: search_form = SearchForm(request.GET, placeholder=_("Search %(snippet_type_name)s") % { 'snippet_type_name': model._meta.verbose_name_plural }) if search_form.is_valid(): search_query = search_form.cleaned_data['q'] search_backend = get_search_backend() items = search_backend.search(search_query, items) is_searching = True else: search_form = SearchForm(placeholder=_("Search %(snippet_type_name)s") % { 'snippet_type_name': model._meta.verbose_name_plural }) paginator, paginated_items = paginate(request, items) # Template if request.is_ajax(): template = 'wagtailsnippets/snippets/results.html' else: template = 'wagtailsnippets/snippets/type_index.html' return render(request, template, { 'model_opts': model._meta, 'items': paginated_items, 'can_add_snippet': request.user.has_perm(get_permission_name('add', model)), 'is_searchable': is_searchable, 'search_form': search_form, 'is_searching': is_searching, 'query_string': search_query, })
def delete(request, redirect_id): theredirect = get_object_or_404(models.Redirect, id=redirect_id) if not permission_policy.user_has_permission_for_instance(request.user, "delete", theredirect): return permission_denied(request) if request.POST: theredirect.delete() messages.success(request, _("Redirect '{0}' deleted.").format(theredirect.title)) return redirect("wagtailredirects:index") return render(request, "wagtailredirects/confirm_delete.html", {"redirect": theredirect})
def delete(request, image_id): image = get_object_or_404(get_image_model(), id=image_id) if not permission_policy.user_has_permission_for_instance(request.user, "delete", image): return permission_denied(request) if request.POST: image.delete() messages.success(request, _("Image '{0}' deleted.").format(image.title)) return redirect("wagtailimages:index") return render(request, "wagtailimages/images/confirm_delete.html", {"image": image})
def list(request, app_label, model_name): model = get_snippet_model_from_url_params(app_label, model_name) permissions = [get_permission_name(action, model) for action in ["add", "change", "delete"]] if not any([request.user.has_perm(perm) for perm in permissions]): return permission_denied(request) items = model.objects.all() # Search is_searchable = class_is_indexed(model) is_searching = False search_query = None if is_searchable and "q" in request.GET: search_form = SearchForm( request.GET, placeholder=_("Search %(snippet_type_name)s") % {"snippet_type_name": model._meta.verbose_name_plural}, ) if search_form.is_valid(): search_query = search_form.cleaned_data["q"] search_backend = get_search_backend() items = search_backend.search(search_query, items) is_searching = True else: search_form = SearchForm( placeholder=_("Search %(snippet_type_name)s") % {"snippet_type_name": model._meta.verbose_name_plural} ) paginator, paginated_items = paginate(request, items) # Template if request.is_ajax(): template = "wagtailsnippets/snippets/results.html" else: template = "wagtailsnippets/snippets/type_index.html" return render( request, template, { "model_opts": model._meta, "items": paginated_items, "can_add_snippet": request.user.has_perm(get_permission_name("add", model)), "is_searchable": is_searchable, "search_form": search_form, "is_searching": is_searching, "query_string": search_query, }, )
def edit(request, content_type_app_name, content_type_model_name, id): content_type = get_content_type_from_url_params(content_type_app_name, content_type_model_name) model = content_type.model_class() permission = get_permission_name("change", model) if not request.user.has_perm(permission): return permission_denied(request) snippet_type_name = get_snippet_type_name(content_type)[0] instance = get_object_or_404(model, id=id) edit_handler_class = get_snippet_edit_handler(model) form_class = edit_handler_class.get_form_class(model) if request.POST: form = form_class(request.POST, request.FILES, instance=instance) if form.is_valid(): form.save() messages.success( request, _("{snippet_type} '{instance}' updated.").format( snippet_type=capfirst(snippet_type_name), instance=instance ), buttons=[ messages.button( reverse( "wagtailsnippets:edit", args=(content_type_app_name, content_type_model_name, instance.id) ), _("Edit"), ) ], ) return redirect("wagtailsnippets:list", content_type.app_label, content_type.model) else: messages.error(request, _("The snippet could not be saved due to errors.")) edit_handler = edit_handler_class(instance=instance, form=form) else: form = form_class(instance=instance) edit_handler = edit_handler_class(instance=instance, form=form) return render( request, "wagtailsnippets/snippets/edit.html", { "content_type": content_type, "snippet_type_name": snippet_type_name, "instance": instance, "edit_handler": edit_handler, }, )
def delete(request, document_id): Document = get_document_model() doc = get_object_or_404(Document, id=document_id) if not permission_policy.user_has_permission_for_instance(request.user, "delete", doc): return permission_denied(request) if request.method == "POST": doc.delete() messages.success(request, _("Document '{0}' deleted.").format(doc.title)) return redirect("wagtaildocs:index") return render(request, "wagtaildocs/documents/confirm_delete.html", {"document": doc})
def delete(request, embed_video_id): embed_video = get_object_or_404(get_embed_video_model(), id=embed_video_id) if not permission_policy.user_has_permission_for_instance(request.user, 'delete', embed_video): return permission_denied(request) if request.method == 'POST': embed_video.delete() messages.success(request, _("Video '{0}' deleted.").format(embed_video.title)) return redirect('wagtail_embed_videos:index') return render(request, "wagtail_embed_videos/embed_videos/confirm_delete.html", { 'embed_video': embed_video, })
def delete(request, user_id): user = get_object_or_404(User, pk=user_id) if not user_can_delete_user(request.user, user): return permission_denied(request) if request.method == 'POST': user.delete() messages.success(request, _("User '{0}' deleted.").format(user)) return redirect('wagtailusers_users:index') return render(request, "wagtailusers/users/confirm_delete.html", { 'user': user, })
def delete(request, user_id): user = get_object_or_404(User, pk=user_id) if not permission_policy.user_has_permission_for_instance(request.user, 'delete', user): return permission_denied(request) if request.method == 'POST': user.delete() messages.success(request, _("User '{0}' deleted.").format(user.username)) return redirect('wagtailusers_users:index') return render(request, 'wagtailusers/users/confirm_delete.html', { 'user': user })
def edit(request, content_type_app_name, content_type_model_name, id): content_type = get_content_type_from_url_params(content_type_app_name, content_type_model_name) model = content_type.model_class() permission = get_permission_name('change', model) if not request.user.has_perm(permission): return permission_denied(request) snippet_type_name = get_snippet_type_name(content_type)[0] instance = get_object_or_404(model, id=id) edit_handler_class = get_snippet_edit_handler(model) form_class = edit_handler_class.get_form_class(model) if request.POST: form = form_class(request.POST, request.FILES, instance=instance) if form.is_valid(): form.save() messages.success(request, _("{snippet_type} '{instance}' updated.").format( snippet_type=capfirst(snippet_type_name), instance=instance), buttons=[ messages.button( reverse('wagtailsnippets:edit', args=(content_type_app_name, content_type_model_name, instance.id)), _('Edit')) ]) return redirect('wagtailsnippets:list', content_type.app_label, content_type.model) else: messages.error(request, _("The snippet could not be saved due to errors.")) edit_handler = edit_handler_class(instance=instance, form=form) else: form = form_class(instance=instance) edit_handler = edit_handler_class(instance=instance, form=form) return render( request, 'wagtailsnippets/snippets/edit.html', { 'content_type': content_type, 'snippet_type_name': snippet_type_name, 'instance': instance, 'edit_handler': edit_handler })
def delete(request, media_id): Media = get_media_model() media = get_object_or_404(Media, id=media_id) if not permission_policy.user_has_permission_for_instance(request.user, 'delete', media): return permission_denied(request) if request.POST: media.delete() messages.success(request, _("Media file '{0}' deleted.").format(media.title)) return redirect('wagtailmedia:index') return render(request, "wagtailmedia/media/confirm_delete.html", { 'media': media, })
def delete(request, user_id): user = get_object_or_404(User, pk=user_id) if not permission_policy.user_has_permission_for_instance( request.user, 'delete', user): return permission_denied(request) if request.method == 'POST': user.delete() messages.success(request, _("User '{0}' deleted.").format(user.username)) return redirect('wagtailusers_users:index') return render(request, 'wagtailusers/users/confirm_delete.html', {'user': user})
def delete(request, report_panel_id): ReportPanel = get_report_panel_model() report_panel = get_object_or_404(ReportPanel, id=report_panel_id) if not permission_policy.user_has_permission_for_instance(request.user, 'delete', report_panel): return permission_denied(request) if request.method == 'POST': report_panel.delete() messages.success(request, _("ReportPanel '{0}' deleted.").format(report_panel.title)) return redirect('wagtailreportpanels:index') return render(request, "wagtailreports/report_panels/confirm_delete.html", { 'report_panel': report_panel, })
def url_generator(request, image_id): image = get_object_or_404(get_image_model(), id=image_id) if not permission_policy.user_has_permission_for_instance(request.user, 'change', image): return permission_denied(request) form = URLGeneratorForm(initial={ 'filter_method': 'original', 'width': image.width, 'height': image.height, }) return render(request, "wagtailimages/images/url_generator.html", { 'image': image, 'form': form, })
def delete(request, redirect_id): theredirect = get_object_or_404(models.Redirect, id=redirect_id) if not permission_policy.user_has_permission_for_instance( request.user, 'delete', theredirect ): return permission_denied(request) if request.method == 'POST': theredirect.delete() messages.success(request, _("Redirect '{0}' deleted.").format(theredirect.title)) return redirect('wagtailredirects:index') return render(request, "wagtailredirects/confirm_delete.html", { 'redirect': theredirect, })
def delete(request, image_id): image = get_object_or_404(get_image_model(), id=image_id) if not permission_policy.user_has_permission_for_instance( request.user, 'delete', image): return permission_denied(request) if request.method == 'POST': image.delete() messages.success(request, _("Image '{0}' deleted.").format(image.title)) return redirect('wagtailimages:index') return render(request, "wagtailimages/images/confirm_delete.html", { 'image': image, })
def edit(request, embed_video_id): EmbedVideo = get_embed_video_model() EmbedVideoForm = get_embed_video_form(EmbedVideo) embed_video = get_object_or_404(EmbedVideo, id=embed_video_id) if not permission_policy.user_has_permission_for_instance( request.user, 'change', embed_video): return permission_denied(request) if request.method == 'POST': form = EmbedVideoForm(request.POST, request.FILES, instance=embed_video, user=request.user) if form.is_valid(): form.save() # Reindex the embed video to make sure all tags are indexed search_index.insert_or_update_object(embed_video) messages.success(request, _("Video '{0}' updated.").format( embed_video.title), buttons=[ messages.button( reverse('wagtail_embed_videos:edit', args=(embed_video.id, )), _('Edit again')) ]) return redirect('wagtail_embed_videos:index') else: messages.error(request, _("The video could not be saved due to errors.")) else: form = EmbedVideoForm(instance=embed_video, user=request.user) return render( request, "wagtail_embed_videos/embed_videos/edit.html", { 'embed_video': embed_video, 'form': form, 'user_can_delete': permission_policy.user_has_permission_for_instance( request.user, 'delete', embed_video), })
def delete(request, group_id): group = get_object_or_404(Group, id=group_id) if not request.user.is_superuser: # Non-superusers cannot delete Groups that don't belong to the current Site. if not group.name.startswith(request.site.hostname): return permission_denied(request) if request.method == 'POST': group.delete() messages.success(request, "Group '{0}' deleted.".format(group.name)) return redirect('wagtailusers_groups:index') return TemplateResponse(request, "wagtailusers/groups/confirm_delete.html", { 'group': group, })
def delete(request, document_id): Document = get_document_model() doc = get_object_or_404(Document, id=document_id) if not permission_policy.user_has_permission_for_instance( request.user, 'delete', doc): return permission_denied(request) if request.POST: doc.delete() messages.success(request, _("Document '{0}' deleted.").format(doc.title)) return redirect('wagtaildocs:index') return render(request, "wagtaildocs/documents/confirm_delete.html", { 'document': doc, })
def edit(request, app_label, model_name, id): model = get_snippet_model_from_url_params(app_label, model_name) permission = get_permission_name('change', model) if not request.user.has_perm(permission): return permission_denied(request) instance = get_object_or_404(model, id=id) edit_handler_class = get_snippet_edit_handler(model) form_class = edit_handler_class.get_form_class(model) if request.method == 'POST': form = form_class(request.POST, request.FILES, instance=instance) if form.is_valid(): form.save() messages.success( request, _("{snippet_type} '{instance}' updated.").format( snippet_type=capfirst(model._meta.verbose_name_plural), instance=instance), buttons=[ messages.button( reverse('wagtailsnippets:edit', args=(app_label, model_name, instance.id)), _('Edit')) ]) return redirect('wagtailsnippets:list', app_label, model_name) else: messages.error(request, _("The snippet could not be saved due to errors.")) edit_handler = edit_handler_class(instance=instance, form=form) else: form = form_class(instance=instance) edit_handler = edit_handler_class(instance=instance, form=form) return render( request, 'wagtailsnippets/snippets/edit.html', { 'model_opts': model._meta, 'instance': instance, 'edit_handler': edit_handler, 'form': form, })
def edit(request, app_label, model_name, id): model = get_snippet_model_from_url_params(app_label, model_name) permission = get_permission_name('change', model) if not request.user.has_perm(permission): return permission_denied(request) instance = get_object_or_404(model, id=id) edit_handler_class = get_snippet_edit_handler(model) form_class = edit_handler_class.get_form_class(model) if request.method == 'POST': form = form_class(request.POST, request.FILES, instance=instance) if form.is_valid(): form.save() messages.success( request, _("{snippet_type} '{instance}' updated.").format( snippet_type=capfirst(model._meta.verbose_name_plural), instance=instance ), buttons=[ messages.button(reverse( 'wagtailsnippets:edit', args=(app_label, model_name, instance.id) ), _('Edit')) ] ) return redirect('wagtailsnippets:list', app_label, model_name) else: messages.error(request, _("The snippet could not be saved due to errors.")) edit_handler = edit_handler_class(instance=instance, form=form) else: form = form_class(instance=instance) edit_handler = edit_handler_class(instance=instance, form=form) return render(request, 'wagtailsnippets/snippets/edit.html', { 'model_opts': model._meta, 'instance': instance, 'edit_handler': edit_handler, 'form': form, })
def create(request, content_type_app_name, content_type_model_name): content_type = get_content_type_from_url_params(content_type_app_name, content_type_model_name) model = content_type.model_class() permission = get_permission_name('add', model) if not request.user.has_perm(permission): return permission_denied(request) snippet_type_name = get_snippet_type_name(content_type)[0] instance = model() edit_handler_class = get_snippet_edit_handler(model) form_class = edit_handler_class.get_form_class(model) if request.POST: form = form_class(request.POST, request.FILES, instance=instance) if form.is_valid(): form.save() messages.success( request, _("{snippet_type} '{instance}' created.").format( snippet_type=capfirst(get_snippet_type_name(content_type)[0]), instance=instance ), buttons=[ messages.button(reverse('wagtailsnippets:edit', args=(content_type_app_name, content_type_model_name, instance.id)), _('Edit')) ] ) return redirect('wagtailsnippets:list', content_type.app_label, content_type.model) else: messages.error(request, _("The snippet could not be created due to errors.")) edit_handler = edit_handler_class(instance=instance, form=form) else: form = form_class(instance=instance) edit_handler = edit_handler_class(instance=instance, form=form) return render(request, 'wagtailsnippets/snippets/create.html', { 'content_type': content_type, 'snippet_type_name': snippet_type_name, 'edit_handler': edit_handler, })
def edit(request, embed_video_id): EmbedVideo = get_embed_video_model() EmbedVideoForm = get_embed_video_form(EmbedVideo) embed_video = get_object_or_404(EmbedVideo, id=embed_video_id) if not permission_policy.user_has_permission_for_instance(request.user, 'change', embed_video): return permission_denied(request) if request.method == 'POST': form = EmbedVideoForm(request.POST, request.FILES, instance=embed_video, user=request.user) if form.is_valid(): form.save() # Reindex the embed video to make sure all tags are indexed search_index.insert_or_update_object(embed_video) messages.success( request, _("Video '{0}' updated.").format(embed_video.title), buttons=[ messages.button( reverse( 'wagtail_embed_videos:edit', args=(embed_video.id,) ), _('Edit again') ) ] ) return redirect('wagtail_embed_videos:index') else: messages.error(request, _("The video could not be saved due to errors.")) else: form = EmbedVideoForm(instance=embed_video, user=request.user) return render(request, "wagtail_embed_videos/embed_videos/edit.html", { 'embed_video': embed_video, 'form': form, 'user_can_delete': permission_policy.user_has_permission_for_instance( request.user, 'delete', embed_video ), })
def create(request, app_label, model_name): model = get_snippet_model_from_url_params(app_label, model_name) permission = get_permission_name("add", model) if not request.user.has_perm(permission): return permission_denied(request) instance = model() edit_handler_class = get_snippet_edit_handler(model) form_class = edit_handler_class.get_form_class(model) if request.method == "POST": form = form_class(request.POST, request.FILES, instance=instance) if form.is_valid(): form.save() messages.success( request, _("{snippet_type} '{instance}' created.").format( snippet_type=capfirst(model._meta.verbose_name), instance=instance ), buttons=[ messages.button( reverse("wagtailsnippets:edit", args=(app_label, model_name, instance.id)), _("Edit") ) ], ) return redirect("wagtailsnippets:list", app_label, model_name) else: messages.error(request, _("The snippet could not be created due to errors.")) edit_handler = edit_handler_class(instance=instance, form=form) else: form = form_class(instance=instance) edit_handler = edit_handler_class(instance=instance, form=form) return render( request, "wagtailsnippets/snippets/create.html", {"model_opts": model._meta, "edit_handler": edit_handler, "form": form}, )
def edit(request, group_id): group = get_object_or_404(Group, pk=group_id) if not request.user.is_superuser: # Non-superusers cannot edit Groups that don't belong to the current Site. if not group.name.startswith(request.site.hostname): return permission_denied(request) if request.method == 'POST': form = MultitenantGroupForm(request.POST, instance=group, request=request) permission_panels = get_permission_panel_instances(request, group) if form.is_valid() and all(panel.is_valid() for panel in permission_panels): form.save() for panel in permission_panels: panel.save() messages.success(request, "Group '{0}' updated.".format(group), buttons=[ messages.button( reverse('wagtailusers_groups:edit', args=[group.id]), 'Edit') ]) return redirect('wagtailusers_groups:index') else: messages.error(request, 'The group could not be saved due to errors.') else: form = MultitenantGroupForm(instance=group, request=request) permission_panels = get_permission_panel_instances(request, group) return TemplateResponse(request, 'wagtailusers/groups/edit.html', { 'group': group, 'form': form, 'permission_panels': permission_panels, })
def delete(request, app_label, model_name, id): model = get_snippet_model_from_url_params(app_label, model_name) permission = get_permission_name('delete', model) if not request.user.has_perm(permission): return permission_denied(request) instance = get_object_or_404(model, id=id) if request.POST: instance.delete() messages.success( request, _("{snippet_type} '{instance}' deleted.").format( snippet_type=capfirst(model._meta.verbose_name_plural), instance=instance)) return redirect('wagtailsnippets:list', app_label, model_name) return render(request, 'wagtailsnippets/snippets/confirm_delete.html', { 'model_opts': model._meta, 'instance': instance, })
def delete(request, app_label, model_name, id): model = get_snippet_model_from_url_params(app_label, model_name) permission = get_permission_name("delete", model) if not request.user.has_perm(permission): return permission_denied(request) instance = get_object_or_404(model, id=id) if request.POST: instance.delete() messages.success( request, _("{snippet_type} '{instance}' deleted.").format( snippet_type=capfirst(model._meta.verbose_name_plural), instance=instance ), ) return redirect("wagtailsnippets:list", app_label, model_name) return render( request, "wagtailsnippets/snippets/confirm_delete.html", {"model_opts": model._meta, "instance": instance} )
def edit(request, user_id): user = get_object_or_404(get_user_model(), pk=user_id) if not request.user.is_superuser: # Non-supusers cannot edit superusers, and cannot edit Users who don't belong to the current site. if user.is_superuser or not user_is_member_of_site(user, request.site): return permission_denied(request) # We differentiate local Users from LDAP Users by checking if they have a usable password (LDAP Users don't). if user.has_usable_password(): form_class = LocalUserEditForm else: form_class = LDAPUserEditForm if request.method == 'POST': form = form_class(request, user, request.POST) if form.is_valid(): user = form.save() messages.success(request, "User '{0}' updated.".format(user), buttons=[ messages.button( reverse('wagtailusers_users:edit', args=[user.pk]), 'Edit') ]) return redirect('wagtailusers_users:index') else: messages.error(request, 'The user could not be saved due to errors.') else: form = form_class(request, user) return TemplateResponse( request, 'wagtail_patches/users/edit.html', { 'user': user, 'form': form, 'requestor_is_superuser': request.user.is_superuser })
def delete(request, image_id): image = get_object_or_404(get_image_model(), id=image_id) if not permission_policy.user_has_permission_for_instance(request.user, 'delete', image): return permission_denied(request) if image.folder: parent_folder = image.folder else: parent_folder = False if request.method == 'POST': image.delete() messages.success(request, _("Image '{0}' deleted.").format(image.title)) response = redirect('wagtailimages:index') if parent_folder: response['Location'] += '?folder={0}'.format(parent_folder.id) return response return render(request, "wagtailimages/images/confirm_delete.html", { 'image': image, })
def delete(request, document_id): Document = get_document_model() doc = get_object_or_404(Document, id=document_id) if not permission_policy.user_has_permission_for_instance(request.user, 'delete', doc): return permission_denied(request) if doc.folder: parent_folder = doc.folder else: parent_folder = False if request.method == 'POST': doc.delete() messages.success(request, _("Document '{0}' deleted.").format(doc.title)) response = redirect('wagtaildocs:index') if parent_folder: response['Location'] += '?folder={0}'.format(parent_folder.id) return response return render(request, "wagtaildocs/documents/confirm_delete.html", { 'document': doc, })
def delete(request, app_label, model_name, id): model = get_snippet_model_from_url_params(app_label, model_name) permission = get_permission_name('delete', model) if not request.user.has_perm(permission): return permission_denied(request) instance = get_object_or_404(model, id=id) if request.method == 'POST': instance.delete() messages.success( request, _("{snippet_type} '{instance}' deleted.").format( snippet_type=capfirst(model._meta.verbose_name_plural), instance=instance ) ) return redirect('wagtailsnippets:list', app_label, model_name) return render(request, 'wagtailsnippets/snippets/confirm_delete.html', { 'model_opts': model._meta, 'instance': instance, })
def edit(request, image_id): Image = get_image_model() ImageForm = get_image_form(Image) image = get_object_or_404(Image, id=image_id) if not permission_policy.user_has_permission_for_instance( request.user, 'change', image): return permission_denied(request) if request.method == 'POST': original_file = image.file form = ImageForm(request.POST, request.FILES, instance=image, user=request.user) if form.is_valid(): if 'file' in form.changed_data: # if providing a new image file, delete the old one and all renditions. # NB Doing this via original_file.delete() clears the file field, # which definitely isn't what we want... original_file.storage.delete(original_file.name) image.renditions.all().delete() # Set new image file size image.file_size = image.file.size form.save() # Reindex the image to make sure all tags are indexed search_index.insert_or_update_object(image) messages.success(request, _("Image '{0}' updated.").format(image.title), buttons=[ messages.button( reverse('wagtailimages:edit', args=(image.id, )), _('Edit again')) ]) return redirect('wagtailimages:index') else: messages.error(request, _("The image could not be saved due to errors.")) else: form = ImageForm(instance=image, user=request.user) # Check if we should enable the frontend url generator try: reverse('wagtailimages_serve', args=('foo', '1', 'bar')) url_generator_enabled = True except NoReverseMatch: url_generator_enabled = False if image.is_stored_locally(): # Give error if image file doesn't exist if not os.path.isfile(image.file.path): messages.error( request, _("The source image file could not be found. Please change the source or delete the image." ).format(image.title), buttons=[ messages.button( reverse('wagtailimages:delete', args=(image.id, )), _('Delete')) ]) return render( request, "wagtailimages/images/edit.html", { 'image': image, 'form': form, 'url_generator_enabled': url_generator_enabled, 'filesize': image.get_file_size(), 'user_can_delete': permission_policy.user_has_permission_for_instance( request.user, 'delete', image), })
def list(request, content_type_app_name, content_type_model_name): content_type = get_content_type_from_url_params(content_type_app_name, content_type_model_name) model = content_type.model_class() permissions = [get_permission_name(action, model) for action in ["add", "change", "delete"]] if not any([request.user.has_perm(perm) for perm in permissions]): return permission_denied(request) snippet_type_name, snippet_type_name_plural = get_snippet_type_name(content_type) items = model.objects.all() # Search is_searchable = class_is_indexed(model) is_searching = False search_query = None if is_searchable and "q" in request.GET: search_form = SearchForm( request.GET, placeholder=_("Search %(snippet_type_name)s") % {"snippet_type_name": snippet_type_name_plural} ) if search_form.is_valid(): search_query = search_form.cleaned_data["q"] search_backend = get_search_backend() items = search_backend.search(search_query, items) is_searching = True else: search_form = SearchForm( placeholder=_("Search %(snippet_type_name)s") % {"snippet_type_name": snippet_type_name_plural} ) # Pagination p = request.GET.get("p", 1) paginator = Paginator(items, 20) try: paginated_items = paginator.page(p) except PageNotAnInteger: paginated_items = paginator.page(1) except EmptyPage: paginated_items = paginator.page(paginator.num_pages) # Template if request.is_ajax(): template = "wagtailsnippets/snippets/results.html" else: template = "wagtailsnippets/snippets/type_index.html" return render( request, template, { "content_type": content_type, "snippet_type_name": snippet_type_name, "snippet_type_name_plural": snippet_type_name_plural, "items": paginated_items, "can_add_snippet": request.user.has_perm(get_permission_name("add", model)), "is_searchable": is_searchable, "search_form": search_form, "is_searching": is_searching, "query_string": search_query, }, )
def list(request, content_type_app_name, content_type_model_name): content_type = get_content_type_from_url_params(content_type_app_name, content_type_model_name) model = content_type.model_class() permissions = [ get_permission_name(action, model) for action in ['add', 'change', 'delete'] ] if not any([request.user.has_perm(perm) for perm in permissions]): return permission_denied(request) snippet_type_name, snippet_type_name_plural = get_snippet_type_name( content_type) items = model.objects.all() # Search is_searchable = class_is_indexed(model) is_searching = False search_query = None if is_searchable and 'q' in request.GET: search_form = SearchForm( request.GET, placeholder=_("Search %(snippet_type_name)s") % {'snippet_type_name': snippet_type_name_plural}) if search_form.is_valid(): search_query = search_form.cleaned_data['q'] search_backend = get_search_backend() items = search_backend.search(search_query, items) is_searching = True else: search_form = SearchForm( placeholder=_("Search %(snippet_type_name)s") % {'snippet_type_name': snippet_type_name_plural}) # Pagination p = request.GET.get('p', 1) paginator = Paginator(items, 20) try: paginated_items = paginator.page(p) except PageNotAnInteger: paginated_items = paginator.page(1) except EmptyPage: paginated_items = paginator.page(paginator.num_pages) # Template if request.is_ajax(): template = 'wagtailsnippets/snippets/results.html' else: template = 'wagtailsnippets/snippets/type_index.html' return render( request, template, { 'content_type': content_type, 'snippet_type_name': snippet_type_name, 'snippet_type_name_plural': snippet_type_name_plural, 'items': paginated_items, 'can_add_snippet': request.user.has_perm(get_permission_name('add', model)), 'is_searchable': is_searchable, 'search_form': search_form, 'is_searching': is_searching, 'query_string': search_query, })
def edit(request, image_id): Image = get_image_model() ImageForm = get_image_form(Image) image = get_object_or_404(Image, id=image_id) if not permission_policy.user_has_permission_for_instance(request.user, 'change', image): return permission_denied(request) if request.method == 'POST': original_file = image.file form = ImageForm(request.POST, request.FILES, instance=image, user=request.user) if form.is_valid(): if 'file' in form.changed_data: # if providing a new image file, delete the old one and all renditions. # NB Doing this via original_file.delete() clears the file field, # which definitely isn't what we want... original_file.storage.delete(original_file.name) image.renditions.all().delete() # Set new image file size image.file_size = image.file.size form.save() # Reindex the image to make sure all tags are indexed for backend in get_search_backends(): backend.add(image) messages.success(request, _("Image '{0}' updated.").format(image.title), buttons=[ messages.button(reverse('wagtailimages:edit', args=(image.id,)), _('Edit again')) ]) return redirect('wagtailimages:index') else: messages.error(request, _("The image could not be saved due to errors.")) else: form = ImageForm(instance=image, user=request.user) # Check if we should enable the frontend url generator try: reverse('wagtailimages_serve', args=('foo', '1', 'bar')) url_generator_enabled = True except NoReverseMatch: url_generator_enabled = False if image.is_stored_locally(): # Give error if image file doesn't exist if not os.path.isfile(image.file.path): messages.error(request, _( "The source image file could not be found. Please change the source or delete the image." ).format(image.title), buttons=[ messages.button(reverse('wagtailimages:delete', args=(image.id,)), _('Delete')) ]) return render(request, "wagtailimages/images/edit.html", { 'image': image, 'form': form, 'url_generator_enabled': url_generator_enabled, 'filesize': image.get_file_size(), 'user_can_delete': permission_policy.user_has_permission_for_instance( request.user, 'delete', image ), })