def shareadd(request): is_god = check_god(request) breadcrums = get_breadcrums(request) if request.method == 'POST': if not is_god: raise PermissionDenied form = ShareAddForm(request.POST) if not form.is_valid(): return render_to_response('shareaddform.html', locals(), context_instance=RequestContext(request), ) new_share = form.save() request_apache_reload() return HttpResponseRedirect(reverse('sharemod', args=[str(new_share.id)])) form = ShareAddForm() return render_to_response('shareaddform.html', locals(), context_instance=RequestContext(request), )
def delete(request, what, which): user_is_sure = False is_god = check_god(request) breadcrums = get_breadcrums(request) if request.method == 'POST': if is_god: user_is_sure = True else: raise PermissionDenied if what == 'project': instance = get_object_or_404(Project, pk=which) overview_what = "projects" elif what == "user": # will delete user and member object automatically together instance = get_object_or_404(User, pk=which) overview_what = "members" elif what == "share": overview_what = "shares" instance = get_object_or_404(Share, pk=which) if user_is_sure: instance.delete() return HttpResponseRedirect(reverse('overview', args=[overview_what])) else: return render_to_response('delete.html', locals(), context_instance=RequestContext(request), )
def del_list(request,list_id,list_slug): """ Delete an entire list. Danger Will Robinson! Only staff members should be allowed to access this view. """ #if request.user.is_staff: # can_del = 1 can_del = 1 # Get this list's object (to derive list.name, list.id, etc.) list = get_object_or_404(List, slug=list_slug) # If delete confirmation is in the POST, delete all items in the list, then kill the list itself if request.method == 'POST': # Can the items del_items = Item.objects.filter(list=list.id) for del_item in del_items: del_item.delete() # Kill the list del_list = List.objects.get(id=list.id) del_list.delete() # A var to send to the template so we can show the right thing list_killed = 1 else: item_count_done = Item.objects.filter(list=list.id,completed=1).count() item_count_undone = Item.objects.filter(list=list.id,completed=0).count() item_count_total = Item.objects.filter(list=list.id).count() breadcrums = get_breadcrums(request) return render_to_response('todo/del_list.html', locals(), context_instance=RequestContext(request))
def info(request): is_god = check_god(request) breadcrums = get_breadcrums(request) return render_to_response('info.html', locals(), context_instance=RequestContext(request), )
def search(request): """ Search for tasks """ breadcrums = get_breadcrums(request) if request.GET: query_string = '' found_items = None if ('q' in request.GET) and request.GET['q'].strip(): query_string = request.GET['q'] found_items = Item.objects.filter( Q(title__icontains=query_string) | Q(note__icontains=query_string) ) else: # What if they selected the "completed" toggle but didn't type in a query string? # In that case we still need found_items in a queryset so it can be "excluded" below. found_items = Item.objects.all() if request.GET['inc_complete'] == "0" : found_items = found_items.exclude(completed=True) else : query_string = None found_items = None return render_to_response('todo/search_results.html', { 'query_string': query_string, 'found_items': found_items }, context_instance=RequestContext(request))
def add_list(request): """ Allow users to add a new todo list to the group they're in. """ #user = user_from_remote(request) breadcrums = get_breadcrums(request) if request.POST: form = AddListForm(request.user,request.POST) #form = AddListForm(user,request.POST) if form.is_valid(): try: form.save() messages.success(request, "A new list has been added." ) return HttpResponseRedirect(request.path) except IntegrityError: messages.error(request, "There was a problem saving the new list. Most likely a list with the same name in the same group already exists." ) else: form = AddListForm(request.user) #form = AddListForm(user) return render_to_response('todo/add_list.html', locals(), context_instance=RequestContext(request))
def list_lists(request): """ Homepage view - list of lists a user can view, and ability to add a list. """ # Make sure user belongs to at least one group. group_count = request.user.groups.all().count() #user = user_from_remote(request) #group_count = user.groups.all().count() if group_count == 0: messages.error(request, "You do not yet belong to any groups. Ask your administrator to add you to one.") # Only show lists to the user that belong to groups they are members of. # Superusers see all lists if request.user.is_superuser: list_list = List.objects.all().order_by('group','name') else: #list_list = List.objects.filter(group__in=user.groups.all).order_by('group', 'name') list_list = List.objects.filter(group__in=request.user.groups.all).order_by('group', 'name') # Count everything list_count = list_list.count() # Note admin users see all lists, so count shouldn't filter by just lists the admin belongs to if request.user.is_superuser : item_count = Item.objects.filter(completed=0).count() else: #item_count = Item.objects.filter(completed=0).filter(list__group__in=user.groups.all()).count() item_count = Item.objects.filter(completed=0).filter(list__group__in=request.user.groups.all()).count() breadcrums = get_breadcrums(request) return render_to_response('todo/list_lists.html', locals(), context_instance=RequestContext(request))
def projectadd(request): """ Only Gods can add projects """ is_god = check_god(request) breadcrums = get_breadcrums(request) if request.method == 'POST': if not is_god: raise PermissionDenied form = ProjectAddForm(request.POST) if not form.is_valid(): return render_to_response('projectaddform.html', locals(), context_instance=RequestContext(request), ) new_project = form.save() request_apache_reload() return HttpResponseRedirect(reverse('projectmod', args=[str(new_project.id)])) # Handle GET requests form = ProjectAddForm() return render_to_response('projectaddform.html', locals(), context_instance=RequestContext(request), )
def home(request): global SHARE_TYPE_CHOICES global MEMBER_TYPE_CHOICES member_types = MEMBER_TYPE_CHOICES share_types = SHARE_TYPE_CHOICES member_status = [ {'name': 'active', 'display': _('Aktive')}, {'name': 'inactive', 'display': _('Inaktive')}, {'name': 'all', 'display': _('Beides')}, ] try: member = Member.objects.get(user=request.user) except Member.DoesNotExist: error_admin_logged_in = True return render_to_response('home.html', locals(), context_instance=RequestContext(request), ) projects = Project.objects.filter(member=member) is_god = check_god(request) breadcrums = get_breadcrums(request) return render_to_response('home.html', locals(), context_instance=RequestContext(request), )
def usermod(request, user_id): """ Only the member himself or Gods can modify members """ # determine user to view resp. change # the user who is editing is available with request.user user = get_object_or_404(User, id=user_id) member = get_object_or_404(Member, user=user) form = MemberModForm(instance=user) breadcrums = get_breadcrums(request) groups = Group.objects.all() is_god = check_god(request) def input_error(form, error): is_god = check_god(request) breadcrums = get_breadcrums(request) return render_to_response('usermodform.html', locals(), context_instance=RequestContext(request), ) if request.method == "POST": if is_god: pass else: if not user == request.user: error = _("You are not allowed to change profiles others than yours.") return input_error(form, error) # Set user data user.first_name = request.POST.get('first_name') user.last_name = request.POST.get('last_name') user.email = request.POST.get('email') new_password = request.POST.get('password') new_username = request.POST.get('username') if not new_username == user.username: if not is_god: error = _("Changing the username is not allowed for you.") return input_error(form, error) # Don't check uniquenes of username if it did not change if new_username == user.username: try: user.full_clean(exclude=["username",]) except ValidationError, e: return input_error(form, e) else: user.username = new_username try: user.full_clean() except ValidationError, e: return input_error(form, e)
def input_error(form, error): is_god = check_god(request) breadcrums = get_breadcrums(request) return render_to_response('usermodform.html', locals(), context_instance=RequestContext(request), )
def projectmod(request, project_id): """ Only project members can view and Gods may modify projects """ project = get_object_or_404(Project,pk = project_id) is_god = check_god(request) member = Member.objects.get(user=request.user) breadcrums = get_breadcrums(request) if not (member in project.member_set.all() or is_god): raise PermissionDenied if request.method == "POST": if not is_god: raise PermissionDenied form = ProjectModForm(request.POST, instance=project, member=member) # remember database instance and inputs if not form.is_valid(): return render_to_response("projectmodform.html", locals(), context_instance=RequestContext(request), ) new_members = [ int(m) for m in request.POST.getlist('members') ] members_project = Member.objects.in_bulk(new_members) for m in Member.objects.all(): if m.pk in members_project.keys(): m.projects.add(project) else: m.projects.remove(project) form.save() # Will also take care about m2m-relations # Renew form to ensure the new data can evaluated during ProjectModForm constructor # especially the 'allow_alumni' flag form = ProjectModForm(instance=project, member=member) request_apache_reload() success = True return render_to_response('projectmodform.html', locals(), context_instance=RequestContext(request), ) # Handle GET requeset here form = ProjectModForm(instance=project, member=member) return render_to_response('projectmodform.html', locals(), context_instance=RequestContext(request), )
def projects(request): """ Current projects of the logged in user. Available for every user. """ member = Member.objects.get(user=request.user) is_god = check_god(request) projects = member.projects.all() breadcrums = get_breadcrums(request) return render_to_response('member_projects.html', locals(), context_instance=RequestContext(request), )
def sharemod(request, share_id): share = Share.objects.get(pk = share_id) is_god = check_god(request) member = Member.objects.get(user=request.user) breadcrums = get_breadcrums(request) # determine if current user may view this share. # get all projects from member, after that all the related shares, after that the share's pks, afterthat set the query for these pks on Share shares = [] for p in member.projects.all(): for s in p.shares.all(): shares.append(s.pk) if not (int(share_id) in shares or is_god): raise PermissionDenied if request.method == "POST": if not is_god: raise PermissionDenied form = ShareModForm(request.POST, instance=share) # remember database instance and inputs if not form.is_valid(): return render_to_response('sharemodform.html', locals(), context_instance=RequestContext(request), ) form.save() request_apache_reload() success = True return render_to_response('sharemodform.html', locals(), context_instance=RequestContext(request), ) # Handle GET request form = ShareModForm(instance=share) return render_to_response('sharemodform.html', locals(), context_instance=RequestContext(request), )
def overview(request, what): """ This is for members of group Gods. refer to 'views.projects' for project listing of currently logged in member """ is_god = check_god(request) if not is_god: raise PermissionDenied breadcrums = get_breadcrums(request) if what == "projects": projects = Project.objects.all() return render_to_response('overview_projects.html', locals(), context_instance=RequestContext(request), ) elif what == "shares": shares = Share.objects.all() return render_to_response('overview_shares.html', locals(), context_instance=RequestContext(request), ) elif what == "members": members = Member.objects.all() return render_to_response('overview_members.html', locals(), context_instance=RequestContext(request), ) elif what == "groups": groups = Group.objects.all() return render_to_response('overview_groups.html', locals(), context_instance=RequestContext(request), ) else: return HttpResponse("The requested overview " + what + " is not available / implemented")
def emails(request, what, param, which): # param what can be: project, a member_type_*, share_*, all # param which is the pk of what or 0 # param param can be: active, expired, all if not param in ["active", "inactive", "all"]: return HttpResponse("The parameter '" + param + "' is not valid. Valid parameters are: 'all', 'expired', 'active'. E.g: \nemails/project/expired/1", mimetype = "text/plain") members = Member.objects.all() member = Member.objects.get(user=request.user) is_god = check_god(request) breadcrums = get_breadcrums(request) if what == "project": try: project = Project.objects.get(pk = which) except Project.DoesNotExist: return HttpResponse("Id " + which + " is not a valid project ID", "text/plain") if not (project in member.projects.all() or is_god): return HttpResponse(_("Your are neither in groups Gods nor member in this project"), "text/plain") if not (project.pub_mem or is_god): return HttpResponse(_("Project does not allow to see each other and your not in group Gods"), "text/plain") if param == "active": users = [m.user for m in members.filter(projects = project, user__is_active = True)] elif param == "inactive" and is_god: users = [m.user for m in members.filter(projects = project, user__is_active = False)] elif param == "all" and is_god: users = [m.user for m in members.filter(projects = project)] else: return HttpResponse(_("The parameter " + param + " is either invalid or you are not allowed to see the result"), "text/plain") elif what == "share": try: share = Share.objects.get(pk = which) except Share.DoesNotExist: return HttpResponse("Id " + which + " is not a valid project ID", "text/plain") # get all projects from user, after that # all shares of the project. but only if # pub_mem is true. then check if this share # is in the list of the users shares. member_pub_projects = [ p.pk for p in member.projects.all().filter(pub_mem=True) ] shares = Share.objects.in_bulk(member_pub_projects) if not (share in shares or is_god): return HttpResponse(_("Your are neither in groups Gods nor affiliated via a project with pub_mem = True with this share"), "text/plain") # get all related projects to share, after that # all related members to project. For Gods the option # pub_mem is ignored if is_god: project_ids = [ p.pk for p in share.project_set.all() ] queries = [ Q(projects__pk=p) for p in project_ids ] query = queries.pop() for i in queries: query |= i if param == "active": users = [m.user for m in Member.objects.filter(query).filter(user__is_active=True)] elif param == "inactive": users = [m.user for m in Member.objects.filter(query).filter(user__is_active=False)] elif param == "all": users = [m.user for m in Member.objects.filter(query)] else: return HttpResponse(_("The parameter " + param + " is invalid"), "text/plain") else: project_ids = [ p.pk for p in share.project_set.filter(pub_member=True) ] queries = [ Q(projects__pk=p) for p in project_ids ] query = queries.pop() for i in queries: query |= i if param == "active": users = [m.user for m in Member.objects.filter(query).filter(user__is_active=True)] else: return HttpResponse(_("You are not allowed to see the result"), "text/plain") elif what == "all": if not is_god: return HttpResponse(_("You are not allowed to see the result"), "text/plain") if param == "active": users = [m.user for m in members.filter( user__is_active = True)] elif param == "inactive": users = [m.user for m in members.filter( user__is_active = False)] elif param == "all": users = [m.user for m in members] elif "member_type_" in what: if not is_god: return HttpResponse(_("You are not allowed to see the result"), "text/plain") member_type = what[12:] global MEMBER_TYPE_CHOICES member_types = [ m[0] for m in MEMBER_TYPE_CHOICES ] if not member_type in member_types: return HttpResponse("Member type " + what + " is not a valid member type", "text/plain") if param == "active": users = [m.user for m in members.filter(member_type = member_type, user__is_active = True)] elif param == "inactive": users = [m.user for m in members.filter(member_type = member_type, user__is_active = False)] elif param == "all": users = [m.user for m in members.filter(member_type = member_type)] elif "share_type_" in what: if not is_god: return HttpResponse(_("You are not allowed to see the result"), "text/plain") share_type = what[11:] if not share_type in share_types: return HttpResponse("I don't know share type " + share_type) if param == "active": ms = members.filter(user__is_active = True) elif param == "inactive": ms = members.filter(user__is_active = False) elif param == "all": ms = members unique_users = {} for m in ms: for project in m.projects.all(): for s in project.shares.filter(share_type = share_type): unique_users[m.user.username] = m.user users = [ unique_users[key] for key in unique_users.keys() ] else: return HttpResponse("Retrieving emails from '" + what + "' not yet implemented/not supported." , mimetype="text/plain") email_list = [ u.email for u in users ] emails = ", \n".join(email_list) return HttpResponse("Emails for members of '" + what + "' with parameter '" + param + "':\n" + emails, mimetype = "text/plain")
def view_task(request,task_id): """ View task details. Allow task details to be edited. """ #user = user_from_remote(request) breadcrums = get_breadcrums(request) task = get_object_or_404(Item, pk=task_id) comment_list = Comment.objects.filter(task=task_id) # Before doing anything, make sure the accessing user has permission to view this item. # Determine the group this task belongs to, and check whether current user is a member of that group. # Admins can edit all tasks. if task.list.group in request.user.groups.all() or request.user.is_staff: #if task.list.group in user.groups.all() or request.user.is_staff: auth_ok = 1 if request.POST: form = EditItemForm(request.POST,instance=task) if form.is_valid(): form.save() # Also save submitted comment, if non-empty if request.POST['comment-body']: c = Comment( author=request.user, #author=user, task=task, body=request.POST['comment-body'], ) c.save() # And email comment to all people who have participated in this thread. email_subject = render_to_string("todo/email/assigned_subject.txt", { 'task': task }).strip() email_body = render_to_string("todo/email/newcomment_body.txt", { 'task': task, 'body':request.POST['comment-body'], 'site': current_site, 'user':request.user }) #email_body = render_to_string("todo/email/newcomment_body.txt", { 'task': task, 'body':request.POST['comment-body'], 'site': current_site, 'user':user }) # Get list of all thread participants - task creator plus everyone who has commented on it. recip_list = [] recip_list.append(task.created_by.email) commenters = Comment.objects.filter(task=task) for c in commenters: if "regensburg.de" in c.author.email: recip_list.append(c.author.email) else: print "Task commenter has not a valid email address:", c.author.email # Eliminate duplicate emails with the Python set() function recip_list = set(recip_list) # Send message try: if "regensburg.de" in task.created_by.email and len(recip_list)>0: send_mail(email_subject, email_body, task.created_by.email, recip_list, fail_silently=False) else: print "Task assigner or recipients have not a valid email address" messages.success(request, "Comment sent to thread participants.") except: messages.error(request, "Comment saved but mail not sent. Contact your administrator.") messages.success(request, "The task has been edited.") return HttpResponseRedirect(reverse('todo-incomplete_tasks', args=[task.list.id, task.list.slug])) else: form = EditItemForm(instance=task) if task.due_date: thedate = task.due_date else: thedate = datetime.datetime.now() #print "def view_task: thedate", thedate else: messages.info(request, "You do not have permission to view/edit this task.") return render_to_response('todo/view_task.html', locals(), context_instance=RequestContext(request))
def useradd(request): """ Only Gods may add users """ breadcrums = get_breadcrums(request) groups = Group.objects.all() is_god = check_god(request) form = UserAddForm() if request.method == 'POST': form = UserAddForm(request.POST) if not form.is_valid(): return render_to_response('useraddform.html', locals(), context_instance=RequestContext(request), ) new_user = form.save(commit=False) # a new password will be genereated and emailed to the members email address import string from random import sample, choice chars = string.letters + string.digits length = 8 password = ''.join(choice(chars) for _ in range(length)) ## We have a cleartext password. generate the correct one ## password = request.POST.get('password') new_user.set_password(password) new_user.save() # Also create a apache htdigest compatible password username = request.POST.get('username') try: apache_htdigest = create_apache_htdigest(username, password) except Exception, e: if not new_user.id == None: new_user.delete() error = e return render_to_response('useraddform.html', locals(), context_instance=RequestContext(request), ) new_member = Member( htdigest = apache_htdigest, expires = request.POST.get('expires'), begins = request.POST.get('begins'), member_type = request.POST.get('member_type'), user = new_user, ) try: new_member.clean_fields() except ValidationError, e: if not new_user.id == None: new_user.delete() error = e return render_to_response('useraddform.html', locals(), context_instance=RequestContext(request), )
def view_list(request,list_id=0,list_slug=None,view_completed=0,wiki=False): """ Display and manage items in a task list """ #user = user_from_remote(request) breadcrums = get_breadcrums(request) # Make sure the accessing user has permission to view this list. # Always authorize the "mine" view. Admins can view/edit all lists. if list_slug == "mine" or list_slug == "recent-add" or list_slug == "recent-complete" : auth_ok =1 else: list = get_object_or_404(List, slug=list_slug) listid = list.id # Check whether current user is a member of the group this list belongs to. if list.group in request.user.groups.all() or request.user.is_staff or list_slug == "mine" : #if list.group in user.groups.all() or list_slug == "mine": auth_ok = 1 # User is authorized for this view else: # User does not belong to the group this list is attached to messages.error(request, "You do not have permission to view/edit this list.") # First check for items in the mark_done POST array. If present, change # their status to complete. if request.POST.getlist('mark_done'): done_items = request.POST.getlist('mark_done') # Iterate through array of done items and update its representation in the model for thisitem in done_items: p = Item.objects.get(id=thisitem) p.completed = 1 p.completed_date = datetime.datetime.now() p.save() messages.success(request, "Item \"%s\" marked complete." % p.title) # Undo: Set completed items back to incomplete if request.POST.getlist('undo_completed_task'): undone_items = request.POST.getlist('undo_completed_task') for thisitem in undone_items: p = Item.objects.get(id=thisitem) p.completed = 0 p.save() messages.success(request, "Previously completed task \"%s\" marked incomplete." % p.title) # And delete any requested items if request.POST.getlist('del_task'): deleted_items = request.POST.getlist('del_task') for thisitem in deleted_items: p = Item.objects.get(id=thisitem) p.delete() messages.success(request, "Item \"%s\" deleted." % p.title) # And delete any *already completed* items if request.POST.getlist('del_completed_task'): deleted_items = request.POST.getlist('del_completed_task') for thisitem in deleted_items: p = Item.objects.get(id=thisitem) p.delete() messages.success(request, "Deleted previously completed item \"%s\"." % p.title) thedate = datetime.datetime.now() created_date = "%s-%s-%s" % (thedate.year, thedate.month, thedate.day) # Get list of items with this list ID, or filter on items assigned to me, or recently added/completed if list_slug == "mine": task_list = Item.objects.filter(assigned_to=request.user, completed=0) completed_list = Item.objects.filter(assigned_to=request.user, completed=1) #task_list = Item.objects.filter(assigned_to=user, completed=0) #completed_list = Item.objects.filter(assigned_to=user, completed=1) elif list_slug == "recent-add": # We'll assume this only includes uncompleted items to avoid confusion. # Only show items in lists that are in groups that the current user is also in. task_list = Item.objects.filter(list__group__in=(request.user.groups.all()),completed=0).order_by('-created_date')[:50] #task_list = Item.objects.filter(list__group__in=(user.groups.all()),completed=0).order_by('-created_date')[:50] completed_list = Item.objects.filter(assigned_to=request.user, completed=1) elif list_slug == "recent-complete": # Only show items in lists that are in groups that the current user is also in. task_list = Item.objects.filter(list__group__in=request.user.groups.all(),completed=1).order_by('-completed_date')[:50] #task_list = Item.objects.filter(list__group__in=user.groups.all(),completed=1).order_by('-completed_date')[:50] completed_list = Item.objects.filter(assigned_to=request.user, completed=1) else: task_list = Item.objects.filter(list=list.id, completed=0) completed_list = Item.objects.filter(list=list.id, completed=1) if request.POST.getlist('add_task') : #print "Adding a task" form = AddItemForm(list, request.POST,initial={ 'assigned_to':request.user.id, #'assigned_to':user.id, 'priority':999, }) print "Form:", form if form.is_valid(): # Save task first so we have a db object to play with new_task = form.save() # Send email alert only if the Notify checkbox is checked AND the assignee is not the same as the submittor # Email subect and body format are handled by templates if "notify" in request.POST : if new_task.assigned_to != request.user : #if new_task.assigned_to != user : # Send email email_subject = render_to_string("todo/email/assigned_subject.txt", { 'task': new_task }).strip() email_body = render_to_string("todo/email/assigned_body.txt", { 'task': new_task, 'site': current_site, }) try: if "regensburg.de" in new_task.created_by.email and "regensburg.de" in new_task.assigned_to.email: send_mail(email_subject, email_body, new_task.created_by.email, [new_task.assigned_to.email], fail_silently=False) else: print "Task assigner or creator has not a valid email address:", new_task.created_by.email, new_task.assigned_to.email except: messages.error(request, "Task saved but mail not sent. Contact your administrator.") messages.success(request, "New task \"%s\" has been added." % new_task.title) return HttpResponseRedirect(request.path) else: print "="*80 print form.errors print "="*80 print "Form invalid!" messages.error(request, form.errors) return render_to_response('todo/view_list.html', locals(), context_instance=RequestContext(request)) else: if list_slug != "mine" and list_slug != "recent-add" and list_slug != "recent-complete" : # We don't allow adding a task on the "mine" view form = AddItemForm(list, initial={ 'assigned_to':request.user.id, #'assigned_to':user.id, 'priority':999, } ) #if request.user.is_staff: # can_del = 1 can_del = 1 return render_to_response('todo/view_list.html', locals(), context_instance=RequestContext(request))