def render_to_response(self, context, **response_kwargs): # Check for errors if context['book'] is None: return views.ErrorPage(self.request, "errors/book_does_not_exist.html", {'book_name': context['book_id']}) if context.get('has_permission', True) is False: return views.ErrorPage(self.request, "errors/editing_forbidden.html", {'book': context['book']}) return super(TemplateView, self).render_to_response(context, **response_kwargs)
def export(request, bookid): """ Django View. Returns BookiZip file. @param request: Django Request @param bookid: Book ID. """ try: book = models.Book.objects.get(url_title__iexact=bookid) except models.Book.DoesNotExist: return views.ErrorPage(request, "errors/book_does_not_exist.html", {"book_name": bookid}) book_version = book.getVersion(None) response = HttpResponse(content_type='application/zip') response[ 'Content-Disposition'] = 'attachment; filename=%s.zip' % book.url_title # this is not good # should not do so much read/write in the memory from booki.editor import common fileName = common.exportBook(book_version) response.write(open(fileName, 'rb').read()) import os os.unlink(fileName) return response
def upload_attachment(request, bookid, version=None): try: book = models.Book.objects.get(url_title__iexact=bookid) except models.Book.DoesNotExist: return views.ErrorPage( request, "errors/book_does_not_exist.html", {"book_name": bookid}) user = request.user book_security = security.get_security_for_book(user, book) can_upload_attachment = book_security.has_perm('edit.upload_attachment') if (not user.is_superuser and not can_upload_attachment and book.owner != user): raise PermissionDenied book_version = book.get_version(version) stat = models.BookStatus.objects.filter(book=book)[0] with transaction.atomic(): file_data = request.FILES['files[]'] att = models.Attachment( version=book_version, # must remove this reference created=datetime.datetime.now(), book=book, status=stat ) att.save() attName, attExt = os.path.splitext(file_data.name) att.attachment.save( '{}{}'.format(booktype_slugify(attName), attExt), file_data, save=False ) att.save() response_data = { "files": [{ "url": "http://127.0.0.1/", "thumbnail_url": "http://127.0.0.1/", "name": "boot.png", "type": "image/png", "size": 172728, "delete_url": "", "delete_type": "DELETE" }] } # add cliendID and sputnikID to request object # this will allow us to use sputnik and addMessageToChannel request.clientID = request.POST['clientID'] request.sputnikID = "%s:%s" % (request.session.session_key, request.clientID) send_notification(request, book.id, book_version.get_version(), "notification_new_attachment_uploaded", att.get_name()) if "application/json" in request.META['HTTP_ACCEPT']: return HttpResponse(json.dumps(response_data), content_type="application/json") else: return HttpResponse(json.dumps(response_data), content_type="text/html")
def render_to_response(self, context, **response_kwargs): if context['selected_group_error']: return views.ErrorPage(self.request, "portal/errors/group_does_not_exist.html", {"group_name": context['groupid']}) return super(GroupPageView, self).render_to_response(context, **response_kwargs)
def post(self, request, groupid): group = BookiGroup.objects.get(url_name=groupid) if request.user.is_authenticated(): if "task" not in request.POST: return views.ErrorPage(request, "errors/500.html") if request.POST["task"] == "join-group": group.members.add(request.user) if request.POST["task"] == "leave-group": group.members.remove(request.user) return HttpResponse()
def dispatch(self, request, *args, **kwargs): """ Checks if user is a group admin. If not, return no permissions page """ self.object = self.get_object() group_security = security.get_security_for_group(request.user, self.object) if not group_security.is_admin(): return views.ErrorPage(request, "errors/nopermissions.html") return super(GroupUpdateView, self).dispatch(request, *args, **kwargs)
def post(self, request, groupid): if request.user.is_authenticated(): if "task" not in request.POST: return views.ErrorPage(request, "errors/500.html") if request.POST["task"] == "add-book": group = BookiGroup.objects.get(url_name=groupid) books_list = request.POST["books"].split(',') for i in books_list: book = Book.objects.get(url_title=i) book.group = group book.save() return HttpResponse()
def post(self, request, *args, **kwargs): context = super(ForgotPasswordView, self).get_context_data(**kwargs) if "name" not in request.POST: return views.ErrorPage(request, "errors/500.html") name = request.POST["name"].strip() users_to_email = list(User.objects.filter(Q(username=name) | Q(email=name))) if len(name) == 0: context['error'] = _('Missing username') return render(request, self.template_name, context) if len(users_to_email) == 0: context['error'] = _('No such user') return render(request, self.template_name, context) THIS_BOOKTYPE_SERVER = config.get_configuration('THIS_BOOKTYPE_SERVER') # noqa for usr in users_to_email: secretcode = self.generate_secret_code() usr_obj = UserPassword() usr_obj.user = usr usr_obj.remote_useragent = request.META.get('HTTP_USER_AGENT', '') usr_obj.remote_addr = request.META.get('REMOTE_ADDR', '') usr_obj.remote_host = request.META.get('REMOTE_HOST', '') usr_obj.secretcode = secretcode body = render_to_string( 'account/password_reset_email.html', dict(secretcode=secretcode, hostname=THIS_BOOKTYPE_SERVER) ) msg = EmailMessage( _('Reset password'), body, settings.DEFAULT_FROM_EMAIL, [usr.email] ) msg.content_subtype = 'html' # In case of an error we really should not send email # to user and do rest of the procedure try: usr_obj.save() msg.send() context['mail_sent'] = True except: context['error'] = _('Unknown error') return render(request, self.template_name, context)
def thumbnail_attachment(request, bookid, attachment, version=None): """ Returns image thumbnail for book attachment. @param request: Django Request @param bookid: Book ID @param attachment: Attachment name """ from django.views import static try: book = models.Book.objects.get(url_title__iexact=bookid) except models.Book.DoesNotExist: return views.ErrorPage(request, "errors/book_does_not_exist.html", {"book_name": bookid}) book_version = book.getVersion(version) path = '%s/%s' % (book_version.getVersion(), attachment) document_root = '%s/books/%s/%s' % (settings.DATA_ROOT, bookid, path) # document_root = '%s/static/%s/%s' % (settings.STATIC_DOC_ROOT, bookid, path) # should have one "broken image" in case of error try: from PIL import Image except ImportError: import Image try: im = Image.open(document_root) im.thumbnail((150, 150), Image.ANTIALIAS) except IOError: im = Image.new('RGB', (150, 150), "white") response = HttpResponse(content_type='image/jpeg') if im.mode != 'RGB': im = im.convert('RGB') im.save(response, "jpeg") return response
def profilethumbnail(request, profileid): """ Django View. Shows user profile image. One of the problems with this view is that it does not handle gravatar images. @type request: C{django.http.HttpRequest} @param request: Django Request @type profileid: C{string} @param profileid: Username. @todo: Check if user exists. """ try: user = User.objects.get(username=profileid) except User.DoesNotExist: return views.ErrorPage(request, 'errors/user_does_not_exist.html', {'username': profileid}) profile_image = utils.get_profile_image(user, int(request.GET.get('width', 24))) return redirect(profile_image)
def post(self, request, *args, **kwargs): context = super(ForgotPasswordEnterView, self).get_context_data(**kwargs) if "secretcode" and "password1" and "password2" not in request.POST: return views.ErrorPage(request, "errors/500.html") secretcode = request.POST["secretcode"].strip() password1 = request.POST["password1"].strip() password2 = request.POST["password2"].strip() if len(password1) == 0 or len(password2) == 0: context['password2_error'] = _('Password can\'t be empty') context['secretcode'] = secretcode return render(request, self.template_name, context) if password1 != password2: context['password2_error'] = _('Passwords don\'t match') context['secretcode'] = secretcode return render(request, self.template_name, context) all_ok = True try: pswd = UserPassword.objects.get(secretcode=secretcode) except UserPassword.DoesNotExist: all_ok = False if all_ok: pswd.user.set_password(password1) pswd.user.save() return redirect(reverse('accounts:signin')) else: context['code_error'] = _('Wrong secret code') context['secretcode'] = secretcode return render(request, self.template_name, context)
def upload_attachment(request, bookid, version=None): """ Uploades attachments. Used from Upload dialog. @param request: Django Request @param bookid: Book ID @param version: Book version or None """ import datetime try: book = models.Book.objects.get(url_title__iexact=bookid) except models.Book.DoesNotExist: return views.ErrorPage(request, "errors/book_does_not_exist.html", {"book_name": bookid}) book_version = book.getVersion(version) stat = models.BookStatus.objects.filter(book=book)[0] operationResult = True # check this for transactions try: for name, fileData in request.FILES.items(): from booki.utils import log log.logBookHistory(book=book, version=book_version, args={'filename': request.FILES[name].name}, user=request.user, kind='attachment_upload') att = models.Attachment( version=book_version, # must remove this reference created=datetime.datetime.now(), book=book, status=stat) att.save() att.attachment.save(request.FILES[name].name, fileData, save=False) att.save() # TODO: # must write info about this to log! except IOError: operationResult = False except: oprerationResult = False if request.POST.get("attachmenttab", "") == "": return HttpResponse( '<html><body><script> parent.closeAttachmentUpload(); </script></body></html>' ) if request.POST.get("attachmenttab", "") == "2": return HttpResponse( '<html><body><script> parent.FileBrowserDialogue.loadAttachments(); parent.FileBrowserDialogue.displayBrowseTab(); parent.FileBrowserDialogue.showUpload(); </script></body></html>' ) # should not call showAttachmentsTab, but it works for now if operationResult: return HttpResponse( '<html><body><script> parent.jQuery.booki.editor.showAttachmentsTab(); parent.jQuery("#tabattachments FORM")[0].reset(); </script></body></html>' ) else: return HttpResponse( '<html><body><script> parent.jQuery.booki.editor.showAttachmentsTab(); parent.jQuery("#tabattachments FORM")[0].reset(); alert(parent.jQuery.booki._("errorupload", "Error while uploading file!"));</script></body></html>' )
def upload_cover(request, bookid, version=None): """ Uploades attachments. Used from Upload dialog. @param request: Django Request @param bookid: Book ID @param version: Book version or None """ import datetime try: book = models.Book.objects.get(url_title__iexact=bookid) except models.Book.DoesNotExist: return views.ErrorPage(request, "errors/book_does_not_exist.html", {"book_name": bookid}) book_version = book.getVersion(version) stat = models.BookStatus.objects.filter(book=book)[0] operationResult = True # check this for transactions try: for name, fileData in request.FILES.items(): if True: import hashlib h = hashlib.sha1() h.update(name) h.update(request.POST.get('format', '')) h.update(request.POST.get('license', '')) h.update(str(datetime.datetime.now())) license = models.License.objects.get( abbrevation=request.POST.get('license', '')) frm = request.POST.get('format', '').split(',') try: width = int(request.POST.get('width', '0')) except ValueError: width = 0 try: height = int(request.POST.get('height', '0')) except ValueError: height = 0 import unidecode try: filename = unidecode.unidecode(request.FILES[name].name) except: filename = '' title = request.POST.get('title', '').strip()[:250] cov = models.BookCover( book=book, user=request.user, cid=h.hexdigest(), title=title, filename=filename[:250], width=width, height=height, unit=request.POST.get('unit', 'mm'), booksize=request.POST.get('booksize', ''), cover_type=request.POST.get('type', ''), creator=request.POST.get('creator', '')[:40], license=license, notes=request.POST.get('notes', '')[:500], approved=False, is_book='book' in frm, is_ebook='ebook' in frm, is_pdf='pdf' in frm, created=datetime.datetime.now()) cov.save() cov.attachment.save(request.FILES[name].name, fileData, save=False) cov.save() from booki.utils import log log.logBookHistory(book=book, version=book_version, args={ 'filename': filename[:250], 'title': title, 'cid': cov.pk }, user=request.user, kind='cover_upload') # TODO: # must write info about this to log! except IOError: operationResult = False transaction.rollback() except: from booki.utils import log log.printStack() oprerationResult = False transaction.rollback() else: # maybe check file name now and save with new name transaction.commit() return HttpResponse( '<html><body><script> parent.jQuery.booki.editor.showCovers(); </script></body></html>' )
def cover(request, bookid, cid, fname=None, version=None): try: models.Book.objects.get(url_title__iexact=bookid) except models.Book.DoesNotExist: return views.ErrorPage( request, "errors/book_does_not_exist.html", {"book_name": bookid}) try: cover = models.BookCover.objects.get(cid=cid) except models.BookCover.DoesNotExist: return HttpResponse(status=500) document_path = cover.attachment.path # extenstion mimetypes.init() extension = cover.attachment.name.split('.')[-1].lower() if extension == 'tif': extension = 'tiff' if extension == 'jpg': extension = 'jpeg' content_type = mimetypes.types_map.get( '.' + extension, 'binary/octet-stream') if request.GET.get('preview', '') == '1': try: from PIL import Image except ImportError: import Image try: if extension.lower() in ['pdf', 'psd', 'svg']: raise Exception im = Image.open(cover.attachment.name) im.thumbnail((300, 200), Image.ANTIALIAS) except: try: im = Image.open('%s/edit/img/booktype-cover-%s.png' % (settings.STATIC_ROOT, extension.lower())) extension = 'png' content_type = 'image/png' except: # Not just IOError but anything else im = Image.open('%s/edit/img/booktype-cover-error.png' % settings.STATIC_ROOT) extension = 'png' content_type = 'image/png' response = HttpResponse(content_type=content_type) extension_list = ['jpg', 'jpeg', 'png', 'gif', 'tiff', 'bmp', 'tif'] if extension.lower() in extension_list: if extension.upper() == 'JPG': extension = 'JPEG' else: extension = 'jpeg' im.save(response, extension.upper()) return response try: data = open(document_path, 'rb').read() except IOError: return HttpResponse(status=500) return HttpResponse(data, content_type=content_type)
def upload_cover(request, bookid, version=None): try: book = models.Book.objects.get(url_title__iexact=bookid) except models.Book.DoesNotExist: return views.ErrorPage(request, "errors/book_does_not_exist.html", {"book_name": bookid}) can_upload_cover = security.get_security_for_book(request.user, book).has_perm('edit.upload_cover') if (not request.user.is_superuser and not can_upload_cover and book.owner != request.user): raise PermissionDenied with transaction.atomic(): file_data = request.FILES['files[]'] title = request.POST.get('title', '') try: filename = unidecode.unidecode(file_data.name) except: filename = uuid.uuid1().hex h = hashlib.sha1() h.update(filename) h.update(title) h.update(str(datetime.datetime.now())) license = models.License.objects.get( abbrevation=request.POST.get('license', '')) cover = models.BookCover( book=book, user=request.user, cid=h.hexdigest(), title=title, filename=filename[:250], width=0, height=0, unit=request.POST.get('unit', 'mm'), booksize=request.POST.get('booksize', ''), cover_type=request.POST.get('type', ''), creator=request.POST.get('creator', '')[:40], license=license, notes=request.POST.get('notes', '')[:500], approved=False, is_book=False, is_ebook=True, is_pdf=False, created=datetime.datetime.now() ) cover.save() # now save the attachment cover.attachment.save(filename, file_data, save=False) cover.save() response_data = { "files": [{ "url": "http://127.0.0.1/", "thumbnail_url": "http://127.0.0.1/", "name": "boot.png", "type": "image/png", "size": 172728, "delete_url": "", "delete_type": "DELETE" }] } # add cliendID and sputnikID to request object # this will allow us to use sputnik and addMessageToChannel request.clientID = request.POST['clientID'] request.sputnikID = "%s:%s" % (request.session.session_key, request.clientID) send_notification(request, book.id, book.get_version(version).get_version(), "notification_new_cover_uploaded", cover.title) if "application/json" in request.META['HTTP_ACCEPT']: return HttpResponse(json.dumps(response_data), content_type="application/json") else: return HttpResponse(json.dumps(response_data), content_type="text/html")
def render_to_response(self, context, **response_kwargs): if context.get('has_permission', True) is False: return views.ErrorPage(self.request, "errors/nopermissions.html") return super(FullView, self).render_to_response(context, **response_kwargs)
def edit_book(request, bookid, version=None): """ Django View. Default page for Booki editor. @param request: Django Request @param bookid: Book ID @param version: Book Version or None """ from booki.utils import security try: book = models.Book.objects.get(url_title__iexact=bookid) except models.Book.DoesNotExist: return views.ErrorPage(request, "errors/book_does_not_exist.html", {"book_name": bookid}) book_version = book.getVersion(version) bookSecurity = security.getUserSecurityForBook(request.user, book) hasPermission = security.canEditBook(book, bookSecurity) if not hasPermission: return views.ErrorPage(request, "errors/editing_forbidden.html", {"book": book}) chapters = models.Chapter.objects.filter(version=book_version) tabs = ["chapters"] tabs += ["attachments"] tabs += ["covers"] tabs += ["history", "versions", "notes"] if bookSecurity.isAdmin(): tabs += ["settings"] tabs += ["export"] isBrowserSupported = True browserMeta = request.META.get('HTTP_USER_AGENT', '') if browserMeta.find('MSIE') != -1: isBrowserSupported = False try: publish_options = settings.PUBLISH_OPTIONS except AttributeError: from booktype import constants publish_options = constants.PUBLISH_OPTIONS return render( request, 'editor/edit_book.html', { "book": book, "book_version": book_version.getVersion(), "version": book_version, # this change will break older versions of template "statuses": [(s.name.replace(' ', '_'), s.name) for s in models.BookStatus.objects.filter(book=book)], "chapters": chapters, "security": bookSecurity, "is_admin": bookSecurity.isGroupAdmin() or bookSecurity.isBookAdmin() or bookSecurity.isSuperuser(), "is_owner": book.owner == request.user, "tabs": tabs, "is_browser_supported": isBrowserSupported, "publish_options": publish_options, "request": request })