def discussion(request, id):
"""view a discussion"""
mm = MessageManager(request)
try:
d = Discussion.objects.select_related('user', 'group').get(pk=id)
except Discussion.DoesNotExist:
return Http404
if d.type == 0 or request.user.is_authenticated() and (request.user.is_group_member(d.group()) or request.user.is_group_manager(d.group())) or d.user.username == request.user.username:
#update metrics
try:
dmet = Metric.objects.get_metric(d, key='views')
if d.user.username != request.user.username:
dmet.value = int(dmet.value) + 1
except Metric.DoesNotExist:
dmet = Metric.objects.create(d, 'views', 1)
dmet.save()
# get user settings
try:
user = cUser.objects.all().get(username=d.user.username)
u_settings = user.settings
except cUser.DoesNotExist:
u_settings = None
return render(request, 'main/discussion/index.html', {'discussion':d, 'views':dmet.value, 'settings':u_settings}, mm.messages())
else:
mm.set_notice("you are not allowed to view that lab journal")
return redirect(request.META.get('HTTP_REFERER','/'))
def edit_task(request, id):
"""edit and existing task"""
mm = MessageManager(request)
t = get_object_or_404(Task, pk=id)
if request.user.is_authenticated() and request.user.username == t.user.username:
if request.POST:
# receive sent form
form = NewTaskForm(request.POST)
if form.is_valid():
mm.set_success("task updated")
t.due_date = form.cleaned_data['due_date']
t.description = form.cleaned_data['description']
notify = form.cleaned_data['notify']
if notify is False:
t.notify = False
else:
t.notify = True
t.save()
return redirect(t.get_absolute_url())
else:
mm.set_error("error")
# error
pass
else:
# setup new form
form = NewTaskForm(initial={'due_date':t.due_date, 'description':t.description, 'notify':t.notify})
return render(request, 'tasks/edit.html', {'form':form, 'task':t}, mm.messages())
else:
mm.set_notice("you are not authorized to edit that task.")
return redirect(request.META.get('HTTP_REFERER','/'))
def admin_tools(request, tool):
"""automatically provides a list of tools to the administrator from the AdminTools class"""
#
# Do not add/register new tools in this def. it handles the AdminTools automatically
#
# debug is checked in AdminTools, so this is just extra protection.
if DEBUG is False:
return redirect('/')
# prepare messages
mm = MessageManager(request)
# prepare tools
at = AdminTools()
if request.user.is_authenticated and request.user.is_superuser:
# get the tools so we can compare them with the requested tool.
tool_list = class_linker(AdminTools, '')
# display tool index
if tool == '':
return render(request, 'main/admin/tools.html', mm.messages())
# Run the tools
for t, d, u in tool_list:
if tool == t:
log_list = eval("at.%s(%s)" % (t, True))
log_message = "successfully performed \"%s\" on %s objects." % (t, len(log_list))
for log in log_list:
log_message += "<Br />%s" % log
mm.set_notice(log_message)
break
return redirect(request.META.get('HTTP_REFERER','/'))
def delete_curriculum(request, id):
"""delete an existing curriculum"""
mm = MessageManager(request)
c = get_object_or_404(Curriculum, pk=id)
if request.user.is_authenticated() and request.user.username == c.user.username:
c.delete()
return redirect(request.user.get_absolute_url())
else:
mm.set_notice('you are not authorized to delete this curriculum')
return redirect(c.get_absolute_url())
def delete_task(request, id):
"""delete a task"""
mm = MessageManager(request)
t = get_object_or_404(Task, pk=id)
if request.user.is_authenticated() and request.user.username == t.user.username:
t.delete()
mm.set_success("task removed")
return redirect(request.user.get_absolute_url())
else:
mm.set_notice("you are not authorized to delete that task.")
return redirect(request.META.get('HTTP_REFERER','/'))
def delete_lesson(request, c_id, l_id):
"""delete an existing lesson"""
mm = MessageManager(request)
l = get_object_or_404(Lesson, pk=l_id)
c = get_object_or_404(Curriculum, pk=c_id)
if request.user.is_authenticated() and request.user.username == l.user.username:
name = l.title
l.delete()
mm.set_success('"%s" has been deleted' % name)
else:
mm.set_notice('you are not authorized to delete this lesson')
return redirect(c.get_absolute_url())
def confirm_delete(request, removal_key):
"""confirm a account removal"""
# prepare messages
mm = MessageManager(request)
user = get_object_or_404(cUser, removal_key=removal_key)
if user.key_expires < datetime.datetime.today():
mm.set_notice("This removal code as expired.")
return render(request, 'accounts/confirm_delete.html', mm.messages(), {'expired':True})
user.key_expires = datetime.datetime.today() - datetime.timedelta(days=1)
user.is_active = False
user.save()
logout(request)
mm.set_success("Your account has been successfully removed. Please visit us again!")
return render(request, 'main/index.html', mm.messages())
def create_bug(request):
"""create a new bug report"""
# prepare messages
mm = MessageManager(request)
if request.user.is_authenticated():
if request.POST:
form = BugForm(request.POST)
if form.is_valid():
form.save(request)
mm.set_success("Thanks! We'll fix this bug as soon as possible.")
return redirect('/')
else:
return render(request, 'bugs/create.html', mm.messages(), {'form':form})
else:
form = BugForm()
return render(request, 'bugs/create.html', mm.messages(), {'form':form})
mm.set_notice("You must log in before you can report a bug")
return login_view(request)
def move_link(request, gid, id=None, remove=0):
"""edit a link"""
# prepare messages
mm = MessageManager(request)
g = get_object_or_404(cGroup, pk=gid)
if request.user.is_authenticated() and request.user.is_group_member(g) or request.user.is_group_manager(g):
if id:
l = get_object_or_404(Link, pk=id, user=request.user)
if remove == '1':
l.set_group(None)
else:
l.set_group(g)
links = Link.objects.select_related('group').filter(user=request.user)
return render(request, 'main/link/move.html', mm.messages(), {'group':g, 'links':links})
else:
mm.set_notice("You can't do that!")
return redirect(request.META.get('HTTP_REFERER','/'))
def move_code_package(request, gid, id=None, remove=0):
"""edit a code package"""
# prepare messages
mm = MessageManager(request)
g = get_object_or_404(cGroup, pk=gid)
if request.user.is_authenticated() and request.user.is_group_member(g) or request.user.is_group_manager(g):
if id:
cp = get_object_or_404(CodePackage, pk=id, user=request.user)
if remove == '1':
cp.set_group(None)
else:
cp.set_group(g)
codepkgs = CodePackage.objects.select_related('group').filter(user=request.user)
return render(request, 'main/code_package/move.html', mm.messages(), {'group':g, 'code_packages':codepkgs})
else:
mm.set_notice("You can't do that!")
return redirect(request.META.get('HTTP_REFERER','/'))
def move_discussion(request, gid, id=None, remove=0):
"""edit a discussion"""
# prepare messages
mm = MessageManager(request)
g = get_object_or_404(cGroup, pk=gid)
if request.user.is_authenticated() and request.user.is_group_member(g) or request.user.is_group_manager(g):
if id:
d = get_object_or_404(Discussion, pk=id, user=request.user)
if remove == '1':
d.set_group(None)
else:
d.set_group(g)
discussions = Discussion.objects.select_related('group').filter(user=request.user)
return render(request, 'main/discussion/move.html', mm.messages(), {'group':g, 'discussions':discussions})
else:
mm.set_notice("You can't do that!")
return redirect(request.META.get('HTTP_REFERER','/'))
def user_metrics(request, username):
"""display user metrics page"""
# TODO: only group administrators can view user metrics
mm = MessageManager(request)
try:
u = cUser.objects.get(username=username)
except cUser.DoesNotExist:
u = get_object_or_404(User, username=username)
has_permission_to_see_metrics = False
if request.user.is_authenticated() and request.user.username == username:
has_permission_to_see_metrics = True
elif is_manager(request.user, u):
has_permission_to_see_metrics = True
if has_permission_to_see_metrics:
return render(request, 'accounts/user/metrics.html', {'profile_user':u}, mm.messages())
else:
#raise Http404
mm.set_notice("you do not have permission to view that page")
return redirect(request.META.get('HTTP_REFERER','/'))
def edit_curriculum(request, id):
"""edit a curriculum"""
mm = MessageManager(request)
c = get_object_or_404(Curriculum, pk=id)
if request.user.is_authenticated() and request.user.username == c.user.username:
if request.POST:
form = CreateCurriculumForm(request.POST)
if form.is_valid():
# update it
c = form.update(request, c)
mm.set_success('"%s" has been updated' % c.title)
return redirect(c.get_absolute_url())
else:
mm.set_error("the form has errors")
pass
else:
form = CreateCurriculumForm(initial={'title':c.title, 'description':c.description})
return render(request, 'curricula/edit_curriculum.html', {'form':form, 'curriculum':c}, mm.messages())
else:
mm.set_notice('You are not authorized to edit that curriculum')
return redirect(request.META.get('HTTP_REFERER','/'))
def confirm(request, activation_key):
"""confirm a user registration"""
# prepare messages
mm = MessageManager(request)
if request.user.is_active and request.user.activation_key == activation_key:
raise Http404()
user = get_object_or_404(cUser, activation_key=activation_key)
if user.key_expires < datetime.datetime.today():
mm.set_notice("This activation code as expired. Try creating a new account")
# TODO: completely remove accounts that have expired
return render(request, 'accounts/confirm.html', mm.messages(), {'expired':True})
user.key_expires = datetime.datetime.today() - datetime.timedelta(days=1)
mm.set_success("Congratulations! You just activated your account!")
request.session.set_test_cookie()
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
# cookies are enabled
# we need to call authenticate to set some varibles before calling login()
auth_user = None
try:
auth_user = authenticate(username=user.username, password=user.activation_key)
# activate the user after authentication so we can't
# login with the activation key anymore
#auth_user.is_active = True
#auth_user.save()
except NameError:
pass
if auth_user is not None:
if auth_user.is_active:
login(request, auth_user)
# TODO: we don't cover all our bases here. we need to be more thorough with error checking
if auth_user:
return redirect(auth_user.get_absolute_url())
else:
return redirect('/')
def delete_code_package(request):
"""delete a code package from a user account"""
mm = MessageManager(request)
if request.POST:
form = DeleteCodePackageForm(request.POST, request.FILES)
if form.is_valid():
e = form.cleaned_data['username']
p = form.cleaned_data['password']
try:
user = authenticate(username=e, password=p)
except NameError:
user = None
if user is not None:
if user.is_active:
p = form.cleaned_data['packageName']
try:
# TODO: can we match the package field instead?
# TODO: catch multiple items returned
p = CodePackage.objects.get(user=user, title=p)
p.delete()
mm.set_success("package deleted")
form = DeleteCodePackageForm()
except CodePackage.DoesNotExist:
mm.set_notice('package could not be found')
else:
# account is disabled
mm.set_error('This account has been disabled, or has not been activated.')
else:
# invalid login
mm.set_error('Invalid credentials.')
return render(request, 'api/delete_code_package.html', {'form':form}, mm.messages())
else:
# return form errors to user
return render(request, 'api/delete_code_package.html', {'form':form}, mm.messages())
else:
form = DeleteCodePackageForm()
return render(request, 'api/delete_code_package.html', {'form':form}, mm.messages())
def edit_lesson(request, c_id, l_id):
"""edit a lesson"""
mm = MessageManager(request)
c = get_object_or_404(Curriculum, pk=c_id) # we don't need both curriculum and lesson id because we are moving towards just using the custom lesson model
l = get_object_or_404(Lesson, pk=l_id)
if request.user.is_authenticated() and request.user.username == l.user.username:
if request.POST:
form = CreateLessonForm(request.POST)
if form.is_valid():
# update it
l = form.update(request, l)
mm.set_success('"%s" has been updated' % l.title)
return redirect(l.get_absolute_url())
else:
mm.set_error("the form has errors")
pass
else:
form = CreateLessonForm(initial={'title':l.title, 'description':l.description, 'body':l.body})
return render(request, 'curricula/edit_lesson.html', {'form':form, 'lesson':l, 'curriculum':c}, mm.messages())
else:
mm.set_notice('You are not authorized to edit that curriculum')
return redirect(request.META.get('HTTP_REFERER','/'))
def join_group(request, gid, invitation_key = None):
"""request to join a group"""
mm = MessageManager(request)
g = get_object_or_404(cGroup, pk=gid)
if not g.open_registration and invitation_key is None:
return redirect(g.get_absolute_url())
if request.user.is_authenticated() and request.user.__class__ == cUser:
if request.user.is_group_member(g):
mm.set_notice("you are already a member of this group.")
return redirect(g.get_absolute_url())
if request.user.is_group_manager(g):
mm.set_notice("you are a manager of this group and cannot become a member.")
return redirect(g.get_absolute_url())
if invitation_key != None:
if invitation_key == g.invitation_key:
if g.key_expires < datetime.datetime.today():
mm.set_notice("This invitation code as expired.")
else:
mm.set_success("you are now a member of this group!")
request.user.groups.add(g)
request.user.save()
if request.user in g.pending_users.all():
g.pending_users.remove(request.user)
g.members.add(request.user)
g.save()
else:
mm.set_notice("that invitation key is invalid or has expired")
else:
g.pending_users.add(request.user)
g.save()
mm.set_success("your membership request has been sent to the group administrators")
else:
mm.set_notice("you must login or create an acount before you can join a group.")
return HttpResponseRedirect(reverse('login-page'))
return redirect(g.get_absolute_url())
def leave_group(request, gid):
"""leave a group"""
mm = MessageManager(request)
group = get_object_or_404(cGroup, pk=gid)
if request.user in group.managers.all():
if group.managers.count() > 1:
group.managers.remove(request.user)
group.save()
else:
mm.set_notice("you cannot leave this group because you are the only manager")
return redirect(group.get_absolute_url())
elif request.user in group.members.all():
group.members.remove(request.user)
group.save()
else:
mm.set_notice("you cannot leave a group unless you are a member")
return redirect(group.get_absolute_url())
request.user.groups.remove(group)
request.user.save()
mm.set_success("you are no longer a member of this group.")
return redirect(group.get_absolute_url())
def register(request):
"""register a new user"""
# prepare messages
mm = MessageManager(request)
if request.user.is_authenticated():
mm.set_notice('You already have an account')
return render(request, 'accounts/register.html', mm.messages())
if request.POST:
form = RegistrationForm(request.POST)
new_data = request.POST.copy()
# Validate passwords
# TODO: put validation in form.
if not form.isValidHuman(new_data):
mm.set_error('Sorry only humans can register. Try reloading the page')
return render(request, 'accounts/register.html', mm.messages(), {'form':form})
if not form.isValidUsername(new_data):
mm.set_error('That username is already taken')
return render(request, 'accounts/register.html', mm.messages(), {'form':form})
if not form.isValidEmail(new_data):
mm.set_error('That email is already in use')
return render(request, 'accounts/register.html', mm.messages(), {'form':form})
if not form.PasswordsMatch(new_data):
mm.set_error('Passwords do not match')
return render(request, 'accounts/register.html', mm.messages(), {'form':form})
if not form.isValidPassword(new_data):
mm.set_error('Passwords must be at least 6 characters long')
return render(request, 'accounts/register.html', mm.messages(), {'form':form})
# validate form data
if form.is_valid():
# Save the user
new_user = form.save(new_data)
if not new_user is None:
# TODO: email is not sent for certain emails ([email protected] fails)
email_subject = 'Your new Comperio account confirmation'
email_body =\
"You recently signed up for a new Comperio account.\
\n\nTo activate your account, click this link within 48 hours:\
\n%s/users/confirm/%s\
\n\n After your account is activated you can go to your account by clicking the link below\
\n%s/users/%s\
\n\nAccount Details\
\nusername: %s\
\nemail: %s\
\npassword: %s" % (
SITE_URL,
new_user.activation_key,
SITE_URL,
new_user.username,
new_user.username,
form.cleaned_data['email'],
form.cleaned_data['password1'])
send_mail(email_subject,
email_body,
'*****@*****.**',
[new_user.email])
mm.set_success("You're in! We just emailed you instructions to activate your account")
return redirect('/')
else:
mm.set_error("Could not create user")
else:
mm.set_error("Please fill all required fields.")
return render(request, 'accounts/register.html', mm.messages(), {'form':form})
form = RegistrationForm()
return render(request, 'accounts/register.html', mm.messages(), {'form':form})
