def pusher_auth(request): from common.views import response_403, json_response from main import permissions from main import pusher_helpers channel_name = request.POST['channel_name'] tokens = pusher_helpers.parse_channel_name(channel_name) if len(tokens) < 3: return response_403() channel_type, channel_model, model_id = tokens socket_id = request.POST['socket_id'] args = None if channel_model == 'page': page = get_object_or_404(Page, id=model_id) if not permissions.request_can_view(request, page): return response_403() if channel_type == 'presence': user_id = get_user_presence_id(request, page) args = dict(user_id=user_id) elif channel_model == 'user': user_id = int(model_id) user = request.user if not (user.is_authenticated() and user.id == user_id): return response_403() token = pusher_helpers.make_permission(channel_name, socket_id, args) return json_response(token)
def xhr_get_page(request): # NB for now we are tracking the PageView here, but when the client starts # using cached Page objects, we need to find another way to make sure # they get created. if request.method != 'POST': return _new_api_403() from main import permissions, pageviews from main.api2 import APIEncoder from main.helpers import simple_read if 'page_id' in request.POST: page_id = request.POST['page_id'] try: page = Page.objects.get(id=page_id) except Page.DoesNotExist: return _new_api_404() else: username = request.POST['username'] page_identifier = request.POST['page_identifier'] try: page = _get_page_by_identifier(username, page_identifier) except Http404: return _new_api_404() if not permissions.request_can_view(request, page): return _new_api_403() PageView.objects.create( user = request.user if request.user.is_authenticated() else None, page = page, ip_address = request.META['REMOTE_ADDR'], sessionid = request.session.session_key, ) pageviews.increment_count(page) response = { 'page': simple_read(page), 'textitems': permissions.get_textitems(page), 'imageitems': permissions.get_imageitems(page), 'embeditems': permissions.get_embeditems(page), 'memberships': permissions.get_memberships(page), 'owner': permissions.get_owner(page), } # fixme: response = json.loads(json.dumps(response, cls=APIEncoder)) return _new_api_success(response)