def get(self): cat = catalog() for method_key, method_details in cat.copy().items(): for function_key, function_details in method_details.copy().items(): if permissions.can(method_key+'.'+function_key)['status'] == 'error': cat[method_key].pop(function_key) if len(method_details) == 0: cat.pop(method_key) return jsonify(cat)
def set_content_visibility(request, pk, level): content = get_object_or_404(models.Content.objects, pk=pk) if not can(request.user, VISIBILITY_ACTIONS[level], content): raise PermissionDenied content.visibility = level content.save() return HttpResponse(status=200)
def view_content(request, pk, slug=None): """Render specific content in the newspaper.""" content = get_object_or_404(models.Content, pk=pk) # Redirect to the correct URL for the content # We allow accessing with any slug, but redirect to the correct slug if content.slug != slug: return redirect("home:view_content", content.slug, content.pk) if content.embed_only and not can(request.user, "content.edit", content): # This content shouldn't have it's own page! return HttpResponseForbidden("This content is for embedding only.") # Mark another view for the content content.views += 1 content.save() linked_content = content.linked.annotate(qs_order=Value(0, IntegerField())) tags = content.tags.all() if len(tags) > 0: tag_content = ( models.Content.objects.filter(tags__name=tags[0].name) .exclude(pk=content.pk) .order_by("-modified")[:8] .annotate(qs_order=Value(1, IntegerField())) ) for each_tag in tags[1:]: if len(tag_content) < 9: new_tag_content = ( models.Content.objects.filter( tags__name=each_tag.name, visibility=models.Content.PUBLISHED ) .exclude(pk=content.pk) .order_by("-modified")[: 9 - len(tag_content)] .annotate(qs_order=Value(1, IntegerField())) ) tag_content = tag_content.union(new_tag_content) related_content = linked_content.union(tag_content).order_by( "qs_order", "-modified" ) else: related_content = linked_content return render( request, "home/content.html", { "content": content, "form": forms.CommentForm(), "related_content": related_content, }, )
def set_content_visibility(request, pk, level): """View to change the visibility of certain content.""" content = get_object_or_404(models.Content.objects, pk=pk) # Check whether the requesting user has permission to change the content's visibility to the given level if not can(request.user, VISIBILITY_ACTIONS[level], content): raise PermissionDenied content.visibility = level content.save() return HttpResponse(status=200)
def render_content(user, content): """A template tag that renders the template of some Content, for example, story text or an image with a caption. Only works when user has read permissions on the content object. """ return template.loader.get_template("home/content/embed.html").render({ "content": content if content and permissions.can(user, 'content.read', content) else None, "user": user })
def set_comment_approval(request, pk, level): """View to change the approval of a comment.""" comment = get_object_or_404(models.Comment, pk=pk) # Check whether the requesting user has permission to change the comment's visibility to the given level if not can(request.user, "content.comment", comment): raise PermissionDenied if level == 2: comment.approved = True if level == 3: comment.approved = False comment.save() return HttpResponse(status=200)
def render_content(context, user, content, embedding=True): """A template tag that renders the template of some Content, for example, story text or an image with a caption. Only works when user has read permissions on the content object. """ computed_content = ( content if content and permissions.can(user, "content.read", content) else None ) return template.loader.get_template("home/content/display.html").render( { "content": computed_content, "user": user, "embedding": embedding, }, context.request, )
def view_content(request, pk, slug=None): """Render specific content in the newspaper.""" content = get_object_or_404(models.Content, pk=pk) # Redirect to the correct URL for the content # We allow accessing with any slug, but redirect to the correct slug if content.slug != slug: return redirect("home:view_content", content.slug, content.pk) if content.embed_only and not can(request.user, 'content.edit', content): # This content shouldn't have it's own page! return HttpResponseForbidden("This content is for embedding only.") # Mark another view for the content content.views += 1 content.save() return render(request, "home/content.html", { "content": content })
def can(user, content, action=action): """A filter that checks whether a user can {} a particular Content.""".format( action ) return permissions.can(user, "content.{}".format(action), content)
def evaluate(action): results = {} list = catalog() # Validate module if 'module' in action.keys(): results['module'] = action['module'] if action['module'] in list.keys(): # Load module try: module = importlib.import_module(action['module']+'.api') except ImportError as e: results['status'] = 'error' results['message'] = str(e) return results else: results['status'] = 'error' results['message'] = 'Specified module is not supported by this API.' return results else: return {'status':'error', 'message':'No module specified.'} # Validate function if 'function' in action.keys(): results['function'] = action['function'] if action['function'] in list[action['module']].keys(): # Get function try: function = getattr(module, action['function']) except KeyError: results['status'] = 'error' results['message'] = 'No function specified.' return results except AttributeError: results['status'] = 'error' results['message'] = 'That function is not defined in the \''+action['module']+'\' module.' return results else: results['status'] = 'error' results['message'] = 'Specified function is not supported by this API.' return results else: results['status'] = 'error' results['message'] = 'No function specified.' return results # Validate permission permission = action['module']+'.'+action['function'] validation = permissions.can(permission) if validation['status'] == 'error': #results.update(validation) return results # Set Arguments try: arguments = action['arguments'] except KeyError: arguments = {} # Evaluate try: if len(arguments) > 0: results.update(function(**arguments)) else: results.update(function()) return results except Exception as ex: results['status'] = 'error' results['error'] = str(type(ex).__name__) results['message'] = str(ex) results['traceback'] = traceback.format_exc() return results
def get_object(self, **kwargs): obj = super(ContentEditView, self).get_object(**kwargs) if not can(self.request.user, 'content.edit', obj): raise PermissionDenied return obj