def template_fileresource_list(request, object_id, template_name='ct_fileresource/list.html'):
obj = get_object_or_404(ClinTemplate, pk=object_id)
if not check_permission(request.user, obj.workgroup, 'resource', 'r'):
raise PermissionDenied()
objects = FileResource.template_resources.filter(object_id=obj.id)
template_context = {'objects': objects}
return render_to_response(template_name, RequestContext(request, template_context))
def blog_new_post(request, group_slug):
group = get_object_or_404(CTGroup, slug=group_slug)
if not check_permission(request.user, group, 'blog', 'w'):
raise PermissionDenied()
return _new_post(request, group)
def email_notify(groups, content, perm, managers=False):
# leave here - recursive load problem
from ct_groups.decorators import check_permission
all_memberships = []
for group in groups:
if group:
if managers:
# ignore settings and send to all managers at once
all_memberships.extend(group.get_managers())
else:
all_memberships.extend([member for member in group.groupmembership_set.all()
if (member.notify_pref(perm) == 'single') and
member.is_active and
check_permission(member.user, group, perm, 'r')])
add_list = list(frozenset([member.user.email for member in all_memberships]))
if len(add_list) == 0:
return
site = Site.objects.get_current().name
body = render_to_string('ct_groups/email_post_comment_body.txt',
{ 'content': content, 'site': site, 'dummy': datetime.datetime.now().strftime("%H:%M"),
'settings_url': '%s%s' % ( settings.APP_BASE[:-1], reverse('group-edit', kwargs={'group_slug': group.slug}))})
# TODO: put this in utils
# also used in ct_template.models
email = EmailMessage(
#subject, body, from_email, to, bcc, connection)
'[%s] %s update' % (site, group.name),
fix_email_body(body),
'do not reply <%s>' % settings.DEFAULT_FROM_EMAIL,
[settings.DEFAULT_FROM_EMAIL],
add_list )
email.send()
def blog_new_post(request, group_slug):
group = get_object_or_404(CTGroup, slug=group_slug)
if not check_permission(request.user, group, 'blog', 'w'):
raise PermissionDenied()
return _new_post(request, group)
def moderate_refuse_confirm(request, group_slug, object_id):
"""docstring for moderate_refuse_confirm"""
object = get_object_or_404(CTGroup, slug=group_slug)
u = request.user
if not check_permission(u, object, "group", "w"):
raise PermissionDenied()
if request.method == "POST":
if request.POST["result"] == _("Cancel"):
return HttpResponseRedirect("%s#membership" % reverse("group-edit", kwargs={"group_slug": group_slug}))
# redirect to group
form = ModerateRefuseForm(request.POST)
if form.is_valid():
membership = get_object_or_404(GroupMembership, pk=object_id)
membership.refuse(form.cleaned_data["reason_for_refusal"])
messages.success(request, _("Membership not approved."))
return HttpResponseRedirect("%s#membership" % reverse("group-edit", kwargs={"group_slug": group_slug}))
# else, reshow form
else:
mod = None
else:
# a GET, so make form
form = ModerateRefuseForm()
return render_to_response(
"ct_groups/ct_groups_moderate_refuse.html",
RequestContext(request, {"group": object, "memb": None, "form": form}),
)
def post_comment_delete(request, object_id, comment_id):
obj = get_object_or_404(Post, pk=object_id)
if not check_permission(request.user, obj.group, 'comment', 'd'):
raise PermissionDenied()
comment = get_object_or_404(Comment, pk=comment_id)
comment.delete()
return HttpResponseRedirect(obj.get_absolute_url())
def blog_edit_post(request, group_slug, object_id):
obj = get_object_or_404(Post, pk=object_id)
if not check_permission(request.user, obj.group, 'blog', 'w'):
raise PermissionDenied()
return _edit_post(request, obj)
def post_comment_delete(request, object_id, comment_id):
obj = get_object_or_404(Post, pk=object_id)
if not check_permission(request.user, obj.group, 'comment', 'd'):
raise PermissionDenied()
comment = get_object_or_404(Comment, pk=comment_id)
comment.delete()
return HttpResponseRedirect(obj.get_absolute_url())
def blog_edit_post(request, group_slug, object_id):
obj = get_object_or_404(Post, pk=object_id)
if not check_permission(request.user, obj.group, 'blog', 'w'):
raise PermissionDenied()
return _edit_post(request, obj)
def blog_delete_post(request, group_slug, object_id):
obj = get_object_or_404(Post, pk=object_id)
group = obj.group
if not check_permission(request.user, group, 'blog', 'd'):
raise PermissionDenied()
ct = ContentType.objects.get_for_model(Post)
Comment.objects.filter(content_type=ct, object_pk=obj.id).delete()
obj.delete()
return HttpResponseRedirect(group.get_absolute_url())
def blog_delete_post(request, group_slug, object_id):
obj = get_object_or_404(Post, pk=object_id)
group = obj.group
if not check_permission(request.user, group, 'blog', 'd'):
raise PermissionDenied()
ct = ContentType.objects.get_for_model(Post)
Comment.objects.filter(content_type=ct, object_pk=obj.id).delete()
obj.delete()
return HttpResponseRedirect(group.get_absolute_url())
def invitation_remove(request, group_slug, key):
object = get_object_or_404(CTGroup, slug=group_slug)
u = request.user
if not check_permission(u, object, "group", "w"):
raise PermissionDenied()
invitation = get_object_or_404(Invitation, accept_key=key)
# if invitation.is_accepted:
invitation.delete()
messages.success(request, _("Invitation removed."))
return HttpResponseRedirect("%s#membership" % reverse("group-edit", kwargs={"group_slug": object.slug}))
def moderate_remove(request, group_slug, object_id):
object = get_object_or_404(CTGroup, slug=group_slug)
u = request.user
if not check_permission(u, object, "group", "w"):
raise PermissionDenied()
if request.method == "POST":
membership = get_object_or_404(GroupMembership, pk=object_id)
membership.delete()
messages.success(request, _("Membership removed."))
return HttpResponseRedirect("%s#membership" % reverse("group-edit", kwargs={"group_slug": group_slug}))
def change_editor(request, group_slug, object_id, change):
"""docstring for change_editor"""
object = get_object_or_404(CTGroup, slug=group_slug)
u = request.user
if not check_permission(u, object, "group", "w"):
raise PermissionDenied()
if request.method == "POST":
membership = get_object_or_404(GroupMembership, pk=object_id)
membership.is_editor = change == "make"
membership.save()
return HttpResponseRedirect("%s#membership" % reverse("group-edit", kwargs={"group_slug": object.slug}))
return render_to_response("ct_groups/ct_groups_edit.html", RequestContext(request, {"object": object}))
def moderate_accept(request, group_slug, object_id):
"""docstring for moderate_accept"""
object = get_object_or_404(CTGroup, slug=group_slug)
u = request.user
if not check_permission(u, object, "group", "w"):
raise PermissionDenied()
if request.method == "POST":
membership = get_object_or_404(GroupMembership, pk=object_id)
membership.approve()
messages.success(request, _("Group membership approved."))
return HttpResponseRedirect("%s#membership" % reverse("group-edit", kwargs={"group_slug": group_slug}))
return render_to_response("ct_groups/ct_groups_edit.html", RequestContext(request, {"object": object}))
def test_permissions(self): """test_permissions""" from ct_groups.decorators import check_permission group1 = CTGroup.objects.get(name='Test group one') user = User.objects.get(pk=1) # member = self._make_membership(user, group1) # check_permission(user=None, group=None, perm_type=None, access=None ) self.failUnlessEqual(check_permission(user, group1, 'blog', 'r'), True) # passing in a 'group' which isn't CTGroup should return None self.failUnlessEqual(check_permission(user, user, 'blog', 'r'), False) self.failUnless(check_permission(user, None, 'blog', 'r')) self.failUnlessEqual(check_permission(user, None, 'wiki', 'r'), False) self.failUnlessEqual(check_permission(user, None, None, None), False) self.failUnlessEqual(check_permission(None, None, None, None), False) self.failUnlessEqual(check_permission(None, None, 'blog', 'r'), True) self.failUnlessEqual(check_permission(None, group1, 'blog', 'r'), False)
def template_fileresource_edit(request, object_id, next=None, template_name='ct_fileresource/add.html'):
# next = request.REQUEST.get('next', reverse('fileresource_list'))
obj = get_object_or_404(FileResource, pk=object_id)
if not check_permission(request.user, obj.attached_to.workgroup, 'resource', 'w'):
raise PermissionDenied()
next = next or '%s?tView=files' % reverse('template-detail',kwargs={'object_id':obj.attached_to.id})
if request.method == 'POST':
result = request.POST.get('result')
if result == _('Cancel'):
return HttpResponseRedirect(next)
form = FileResourceForm(request.POST, request.FILES, instance=obj)
if form.is_valid():
fr = form.save()
messages.success(request, _('Your changes were saved.'))
return HttpResponseRedirect(next)
else:
form = FileResourceForm(instance=obj)
template_context = {'form': form}
return render_to_response(template_name, RequestContext(request, template_context))
def delete_page(request, title, *args, **kw):
"""docstring for delete_page"""
page = get_object_or_404(Article, title=title)
if not check_permission(request.user, page.group, "wiki", "d"):
raise PermissionDenied()
if request.POST:
if request.POST["result"] == _("Cancel"):
return HttpResponseRedirect(page.get_absolute_url())
else:
form = ConfirmForm(request.POST)
if form.is_valid():
page.delete()
return HttpResponseRedirect(reverse("group", kwargs={"group_slug": page.group.slug}))
else:
form = ConfirmForm(initial={"resource_name": page.title})
return render_to_response(
"ct_framework/confirm.html", RequestContext(request, {"form": form, "title": _("Delete this page?")})
)
def template_fileresource_delete(request, object_id, next=None):
obj = get_object_or_404(FileResource, pk=object_id)
next = next or '%s?tView=files' % reverse('template-detail',kwargs={'object_id':obj.attached_to.id})
if not check_permission(request.user, obj.attached_to.workgroup, 'resource', 'd'):
raise PermissionDenied()
if request.POST:
if request.POST['result'] == _('Cancel'):
return HttpResponseRedirect(next)
else:
form = ConfirmForm(request.POST)
if form.is_valid():
obj.delete()
return HttpResponseRedirect(next)
else:
form = ConfirmForm(initial={ 'resource_name': obj.name })
return render_to_response('ct_framework/confirm.html',
RequestContext( request,
{ 'form': form,
'title': _('Delete this file?')
})
)
def group_settings(request, group_slug):
"""docstring for group_note"""
object = get_object_or_404(CTGroup, slug=group_slug)
u = request.user
if not check_permission(u, object, "group", "w"):
raise PermissionDenied()
if request.method == "POST":
result = request.POST.get("result")
if result == "cancel":
return HttpResponseRedirect(reverse("group", kwargs={"group_slug": object.slug}))
groupsettingsform = GroupSettingsForm(request.POST, request.FILES, instance=object)
if groupsettingsform.is_valid():
groupsettingsform.save()
messages.success(request, _("Your changes were saved."))
return HttpResponseRedirect("%s#group" % reverse("group-edit", kwargs={"group_slug": object.slug}))
return render_to_response(
"ct_groups/ct_groups_edit.html",
RequestContext(request, {"object": object, "groupsettingsform": groupsettingsform}),
)
def invite_member(request, group_slug):
object = get_object_or_404(CTGroup, slug=group_slug)
u = request.user
if not check_permission(u, object, "group", "w"):
raise PermissionDenied()
if request.method == "POST":
if request.POST["result"] == _("Cancel"):
return HttpResponseRedirect("%s#membership" % reverse("group-edit", kwargs={"group_slug": object.slug}))
form = InviteMemberForm(request.POST)
if form.is_valid():
email = form.cleaned_data["email"]
invitation = Invitation(group=object, inviter=u, email=email)
invitation.save() # this will generate the accept_key
invitation.send()
messages.success(request, _("Invitation sent."))
return HttpResponseRedirect("%s#membership" % reverse("group-edit", kwargs={"group_slug": object.slug}))
else:
form = InviteMemberForm(initial={"group": object.id})
return render_to_response("ct_groups/invite_member.html", RequestContext(request, {"object": object, "form": form}))
def group_edit(request, group_slug):
"""docstring for groups_edit"""
object = get_object_or_404(CTGroup, slug=group_slug)
u = request.user
if not check_permission(u, object, "group", "r"):
raise PermissionDenied()
membership = object.get_member(u)
if request.method == "POST":
result = request.POST.get("result")
if result == "cancel":
return HttpResponseRedirect(reverse("group", kwargs={"group_slug": object.slug}))
membershipform = GroupMembershipForm(request.POST, instance=membership)
if membershipform.is_valid():
membershipform.save()
messages.success(request, _("Your changes were saved."))
return HttpResponseRedirect(reverse("group", kwargs={"group_slug": object.slug}))
else:
membershipform = GroupMembershipForm(instance=membership)
# group settings are not saved via this method- uses group settings
groupsettingsform = GroupSettingsForm(instance=object)
return render_to_response(
"ct_groups/ct_groups_edit.html",
RequestContext(
request,
{
"object": object,
"groupsettingsform": groupsettingsform,
"membershipform": membershipform,
"membership": membership,
},
),
)
def remove_member(request, group_slug, object_id):
"""docstring for remove_member"""
memb = get_object_or_404(GroupMembership, pk=object_id, group__slug=group_slug)
if not check_permission(request.user, memb.group, "group", "w"):
raise PermissionDenied()
if request.POST:
if request.POST["result"] == _("Cancel"):
pass
# messages.warning(request, _('Cancelled'))
else:
form = ConfirmForm(request.POST)
if form.is_valid():
memb.remove()
messages.success(request, _("Group member removed."))
return HttpResponseRedirect("%s#membership" % reverse("group-edit", kwargs={"group_slug": memb.group.slug}))
else:
form = ConfirmForm(initial={"resource_name": "%s (%s)" % (memb.user.get_full_name(), memb.user.username)})
return render_to_response(
"ct_framework/confirm.html",
RequestContext(request, {"form": form, "title": _("Remove member from this group?")}),
)
def process_digests():
"""docstring for email_digests"""
# leave here - recursive load problem
from ct_groups.decorators import check_permission
events = CTEvent.objects.filter(status='todo').order_by('last_updated', 'content_type', 'object_id')
event_dict = { }
for event in events:
group = event_dict.setdefault(event.group, {})
perm = group.setdefault(event.perm, {})
# perm['notify_setting'] = event.notify_setting
obj_type = perm.setdefault(event.content_type, {})
obj_data = obj_type.setdefault(event.content_object, {})
if event.event_type == 'notify':
obj_data['obj'] = True
elif event.event_type == 'notify_comment':
comments = obj_data.setdefault('comments', [])
comments.append(event.data)
else:
raise Exception('unrecognised event_type')
event.done()
site = Site.objects.get_current().name
for group, digest in event_dict.iteritems():
# print '*** group', group
# print digest
for perm, items in digest.iteritems():
# print perm
members = group.groupmembership_set.all()
add_list = list(member.user.email for member in members if (member.notify_pref(perm) == 'digest') and
member.is_active and
check_permission(member.user, group, perm, 'r'))
# print add_list
if len(add_list):
content = ''
for content_type in items.itervalues():
for obj, data in content_type.iteritems():
# print data
if data.get('obj', False):
dummy, txt = obj.get_notify_content()
content += txt
comment_ids = data.get('comments', False)
if comment_ids:
# TODO just pass comment id, not comment, so template can use
# for comment in [Comment.objects.get(pk=c) for c in comment_ids]:
for c_id in comment_ids:
dummy, txt = obj.get_notify_content(comment=c_id)
content += txt
body = render_to_string('ct_groups/email_digest_body.txt',
{ 'group': group.name, 'content': content, 'site': site, 'dummy': datetime.datetime.now().strftime("%H:%M"),
'settings_url': '%s%s' % ( settings.APP_BASE[:-1], reverse('group-edit', kwargs={'group_slug': group.slug}))})
email = EmailMessage(
#subject, body, from_email, to, bcc, connection)
'[%s] %s update' % (site, group.name),
fix_email_body(body),
'do not reply <%s>' % settings.DEFAULT_FROM_EMAIL,
[settings.DEFAULT_FROM_EMAIL],
add_list )
email.send()
CTEvent.objects.filter(status='done').delete()
