def view(request):
if not self.post.reported:
return error404(request)
reports = Forum.objects.special_model("reports")
self.request.acl.forums.allow_forum_view(reports)
report = self.post.live_report()
if not report:
return error404(request)
return redirect(reverse("report", kwargs={"thread": report.pk, "slug": report.slug}))
def __call__(self, request, **kwargs):
self.request = request
self.kwargs = kwargs
self.parents = []
self.ignored = False
self.watcher = False
self.message = request.messages.get_message("threads")
try:
self._type_available()
self.fetch_thread()
self.check_forum_type()
self._check_permissions()
response = self.fetch_posts()
if response:
return response
self.make_thread_form()
if self.thread_form:
response = self.handle_thread_form()
if response:
return response
self.make_posts_form()
if self.posts_form:
response = self.handle_posts_form()
if response:
return response
except (Forum.DoesNotExist, Thread.DoesNotExist):
return error404(request)
except ACLError403 as e:
return error403(request, unicode(e))
except ACLError404 as e:
return error404(request, unicode(e))
# Merge proxy into forum
self.forum.closed = self.proxy.closed
return render_to_response(
"%ss/thread.html" % self.type_prefix,
self._template_vars(
{
"message": self.message,
"forum": self.forum,
"parents": self.parents,
"thread": self.thread,
"is_read": self.tracker.is_read(self.thread),
"count": self.count,
"posts": self.posts,
"ignored_posts": self.ignored,
"watcher": self.watcher,
"pagination": self.pagination,
"emojis": emojis(),
"quick_reply": QuickReplyForm(request=request),
"thread_form": self.thread_form or None,
"posts_form": self.posts_form or None,
}
),
context_instance=RequestContext(request),
)
def view(request):
if not self.post.reported:
return error404(request)
reports = Forum.objects.special_model('reports')
self.request.acl.forums.allow_forum_view(reports)
report = self.post.live_report()
if not report:
return error404(request)
return redirect(reverse('report', kwargs={'thread': report.pk, 'slug': report.slug}))
def __call__(self, request, **kwargs):
self.request = request
self.kwargs = kwargs
self.parents = []
self.ignored = False
self.watcher = False
self.message = request.messages.get_message('threads')
try:
self._type_available()
self.fetch_thread()
self.check_forum_type()
self._check_permissions()
response = self.fetch_posts()
if response:
return response
self.make_thread_form()
if self.thread_form:
response = self.handle_thread_form()
if response:
return response
self.make_posts_form()
if self.posts_form:
response = self.handle_posts_form()
if response:
return response
except (Forum.DoesNotExist, Thread.DoesNotExist):
return error404(request)
except ACLError403 as e:
return error403(request, unicode(e))
except ACLError404 as e:
return error404(request, unicode(e))
# Merge proxy into forum
self.forum.closed = self.proxy.closed
return request.theme.render_to_response('%ss/thread.html' % self.type_prefix,
self.template_vars({
'type_prefix': self.type_prefix,
'message': self.message,
'forum': self.forum,
'parents': self.parents,
'thread': self.thread,
'is_read': self.tracker.is_read(self.thread),
'count': self.count,
'posts': self.posts,
'ignored_posts': self.ignored,
'watcher': self.watcher,
'pagination': self.pagination,
'emojis': emojis(),
'quick_reply': FormFields(QuickReplyForm(request=request)).fields,
'thread_form': FormFields(self.thread_form).fields if self.thread_form else None,
'posts_form': FormFields(self.posts_form).fields if self.posts_form else None,
}),
context_instance=RequestContext(request));
def __call__(self, request, **kwargs):
self.request = request
self.kwargs = kwargs
self.parents = []
self.ignored = False
self.watcher = False
self.message = request.messages.get_message('threads')
try:
self._type_available()
self.fetch_thread()
self.check_forum_type()
self._check_permissions()
response = self.fetch_posts()
if response:
return response
self.make_thread_form()
if self.thread_form:
response = self.handle_thread_form()
if response:
return response
self.make_posts_form()
if self.posts_form:
response = self.handle_posts_form()
if response:
return response
except (Forum.DoesNotExist, Thread.DoesNotExist):
return error404(request)
except ACLError403 as e:
return error403(request, unicode(e))
except ACLError404 as e:
return error404(request, unicode(e))
# Merge proxy into forum
self.forum.closed = self.proxy.closed
return render_to_response('%ss/thread.html' % self.type_prefix,
self._template_vars({
'message': self.message,
'forum': self.forum,
'parents': self.parents,
'thread': self.thread,
'is_read': self.tracker.is_read(self.thread),
'count': self.count,
'posts': self.posts,
'ignored_posts': self.ignored,
'watcher': self.watcher,
'pagination': self.pagination,
'emojis': emojis(),
'quick_reply': QuickReplyForm(request=request),
'thread_form': self.thread_form or None,
'posts_form': self.posts_form or None,
}),
context_instance=RequestContext(request));
def graph(request, model, date_start, date_end, precision):
"""
Generate fancy graph for model and stuff
"""
if date_start == date_end:
# Bad dates
raise error404(RequestContext)
# Turn stuff into datetime's
date_start = datetime.strptime(date_start, '%Y-%m-%d')
date_end = datetime.strptime(date_end, '%Y-%m-%d')
statistics_providers = []
models_map = {}
for model_obj in models.get_models():
try:
getattr(model_obj.objects, 'filter_stats')
statistics_providers.append(
(str(model_obj.__name__).lower(), model_obj.statistics_name))
models_map[str(model_obj.__name__).lower()] = model_obj
except AttributeError:
pass
if not statistics_providers:
# Like before, q.q on lack of models
return request.theme.render_to_response(
'stats/not_available.html',
context_instance=RequestContext(request))
if not model in models_map or check_dates(date_start, date_end, precision):
# Bad model name or graph data!
raise error404(request)
form = GenerateStatisticsForm(provider_choices=statistics_providers,
request=request,
initial={
'provider_model': model,
'date_start': date_start,
'date_end': date_end,
'stats_precision': precision
})
return request.theme.render_to_response(
'stats/graph.html', {
'title':
models_map[model].statistics_name,
'graph':
build_graph(models_map[model], date_start, date_end, precision),
'form':
FormLayout(form),
'message':
request.messages.get_message('admin_stats'),
},
context_instance=RequestContext(request))
def __call__(self, request, **kwargs):
self.request = request
self.kwargs = kwargs
self.pagination = {}
self.parents = []
self.threads = []
self.message = request.messages.get_message('threads')
try:
self._type_available()
self._fetch_forum()
self._check_permissions()
response = self.fetch_threads()
if response:
return response
self.form = None
self.make_form()
if self.form:
response = self.handle_form()
if response:
return response
except (Forum.DoesNotExist, Thread.DoesNotExist):
return error404(request)
except ACLError403 as e:
return error403(request, unicode(e))
except ACLError404 as e:
return error404(request, unicode(e))
# Merge proxy into forum
self.forum.closed = self.proxy.closed
return request.theme.render_to_response(
'%ss/%s.html' % (self.type_prefix, self.template),
self.template_vars({
'type_prefix':
self.type_prefix,
'message':
self.message,
'forum':
self.forum,
'parents':
self.parents,
'count':
self.count,
'list_form':
FormFields(self.form).fields if self.form else None,
'threads':
self.threads,
'pagination':
self.pagination,
}),
context_instance=RequestContext(request))
def view(request):
if not self.post.reported:
return error404(request)
reports = Forum.objects.special_model('reports')
self.request.acl.forums.allow_forum_view(reports)
report = self.post.live_report()
if not report:
return error404(request)
return redirect(
reverse('report',
kwargs={
'thread': report.pk,
'slug': report.slug
}))
def activate(request, username="", user="******", token=""):
user = int(user)
try:
user = User.objects.get(pk=user)
current_activation = user.activation
# Run checks
user_ban = Ban.objects.check_ban(username=user.username, email=user.email)
if user_ban:
return error_banned(request, user, user_ban)
if user.activation == User.ACTIVATION_NONE:
return redirect_message(request, Message(_("%(username)s, your account is already active.") % {'username': user.username}), 'info')
if user.activation == User.ACTIVATION_ADMIN:
return redirect_message(request, Message(_("%(username)s, only board administrator can activate your account.") % {'username': user.username}), 'info')
if not token or not user.token or user.token != token:
return redirect_message(request, Message(_("%(username)s, your activation link is invalid. Try again or request new activation e-mail.") % {'username': user.username}), 'error')
# Activate and sign in our member
user.activation = User.ACTIVATION_NONE
sign_user_in(request, user)
# Update monitor
User.objects.resync_monitor(request.monitor)
if current_activation == User.ACTIVATION_CREDENTIALS:
return redirect_message(request, Message(_("%(username)s, your account has been successfully reactivated after change of sign-in credentials.") % {'username': user.username}), 'success')
else:
return redirect_message(request, Message(_("%(username)s, your account has been successfully activated. Welcome aboard!") % {'username': user.username}), 'success')
except User.DoesNotExist:
return error404(request)
def decorator(*args, **kwargs):
try:
return f(*args, **kwargs)
except ACLError403 as e:
return error403(args[0], e)
except ACLError404 as e:
return error404(args[0], e)
def call(self, **kwargs):
result = self.request.session.get('search_results')
if not result:
return error404(self.request, _("No search results were found."))
items = result['search_results']
items_total = len(items);
try:
pagination = make_pagination(kwargs.get('page', 0), items_total, 12)
except Http404:
return redirect(reverse('search_results'))
return render_to_response('search/results.html',
{
'search_in': result.get('search_in'),
'search_route': result.get('search_route'),
'search_query': result['search_query'],
'search_author': result.get('search_author'),
'search_thread_titles': result.get('search_thread_titles'),
'search_thread': result.get('search_thread'),
'results': Post.objects.filter(id__in=items).select_related('forum', 'thread', 'user').order_by('-pk')[pagination['start']:pagination['stop']],
'items_total': items_total,
'pagination': pagination,
},
context_instance=RequestContext(self.request))
def unignore(request, user):
if request.user.pk == user.pk:
return error404(request)
if request.user.is_ignoring(user):
request.messages.set_flash(Message(_("You have stopped ignoring %(username)s") % {'username': user.username}))
request.user.ignores.remove(user)
return fallback(request)
def ignore(request, user):
if request.user.pk == user.pk:
return error404(request)
if not request.user.is_ignoring(user):
request.messages.set_flash(Message(_("You are now ignoring %(username)s") % {'username': user.username}), 'success')
request.user.ignores.add(user)
return fallback(request)
def reset(request, username="", user="******", token=""):
user = int(user)
try:
user = User.objects.get(pk=user)
user_ban = Ban.objects.check_ban(username=user.username, email=user.email)
if user_ban:
return error_banned(request, user, user_ban)
if user.activation != User.ACTIVATION_NONE:
return redirect_message(request, messages.INFO, _("%(username)s, your account has to be activated in order for you to be able to request new password.") % {'username': user.username})
if not token or not user.token or user.token != token:
return redirect_message(request, messages.ERROR, _("%(username)s, request confirmation link is invalid. Please request new confirmation link.") % {'username': user.username})
new_password = random_string(6)
user.token = None
user.set_password(new_password)
user.save(force_update=True)
# Logout signed in and kill remember me tokens
Session.objects.filter(user=user).update(user=None)
Token.objects.filter(user=user).delete()
# Set flash and mail new password
user.email_user(
request,
'users/password/new',
_("Your New Password"),
{'password': new_password}
)
return redirect_message(request, messages.SUCCESS, _("%(username)s, your password has been changed with new one that was sent to %(email)s.") % {'username': user.username, 'email': user.email})
except User.DoesNotExist:
return error404(request)
def server(request, attachment, thumb=False):
try:
attachment = Attachment.objects.select_related('forum', 'thread', 'post', 'user').get(hash_id=attachment)
if attachment.forum:
request.acl.forums.allow_forum_view(attachment.forum)
if attachment.thread:
request.acl.threads.allow_thread_view(request.user, attachment.thread)
if attachment.forum.special == 'private_threads':
if not request.user.is_authenticated():
raise ACLError404()
can_see_thread_because_reported = (
request.acl.private_threads.is_mod() and attachment.thread.replies_reported)
can_see_thread_because_participates = request.user in attachment.thread.participants.all()
if not (can_see_thread_because_reported or can_see_thread_because_participates):
raise ACLError404()
if attachment.post:
request.acl.threads.allow_post_view(request.user, attachment.thread, attachment.post)
request.acl.threads.allow_attachment_download(request.user, attachment.forum, attachment.post)
return serve_file(attachment, thumb)
except ACLError403:
if attachment.is_image:
return serve_403_image()
return error403(request, _("You don't have permission to download this file."))
except (Attachment.DoesNotExist, ACLError404):
if thumb:
return serve_404_image()
return error404(request, _("Requested file could not be found."))
def redirect(request, forum, slug):
if not request.acl.forums.can_see(forum):
return error404(request)
try:
forum = Forum.objects.get(pk=forum, type='redirect')
if not request.acl.forums.can_browse(forum):
return error403(request, _("You don't have permission to follow this redirect."))
redirects_tracker = request.session.get('redirects', [])
if forum.pk not in redirects_tracker:
redirects_tracker.append(forum.pk)
request.session['redirects'] = redirects_tracker
forum.redirects += 1
forum.save(force_update=True)
return django_redirect(forum.redirect)
except Forum.DoesNotExist:
return error404(request)
def activate(request, username="", user="******", token=""):
user = int(user)
try:
user = User.objects.get(pk=user)
current_activation = user.activation
# Run checks
user_ban = Ban.objects.check_ban(username=user.username, email=user.email)
if user_ban:
return error_banned(request, user, user_ban)
if user.activation == User.ACTIVATION_NONE:
return redirect_message(request, messages.INFO, _("%(username)s, your account is already active.") % {'username': user.username})
if user.activation == User.ACTIVATION_ADMIN:
return redirect_message(request, messages.INFO, _("%(username)s, only board administrator can activate your account.") % {'username': user.username})
if not token or not user.token or user.token != token:
return redirect_message(request, messages.ERROR, _("%(username)s, your activation link is invalid. Try again or request new activation e-mail.") % {'username': user.username})
# Activate and sign in our member
user.activation = User.ACTIVATION_NONE
sign_user_in(request, user)
# Update monitor
User.objects.resync_monitor()
if current_activation == User.ACTIVATION_CREDENTIALS:
return redirect_message(request, messages.SUCCESS, _("%(username)s, your account has been successfully reactivated after change of sign-in credentials.") % {'username': user.username})
else:
return redirect_message(request, messages.SUCCESS, _("%(username)s, your account has been successfully activated. Welcome aboard!") % {'username': user.username})
except User.DoesNotExist:
return error404(request)
def crop(request, upload=False):
if upload and (not request.user.avatar_temp or not 'upload' in settings.avatars_types):
return error404(request)
if not upload and request.user.avatar_type != 'upload':
messages.error(request, _("Crop Avatar option is avaiable only when you use uploaded image as your avatar."), 'usercp_avatar')
return redirect(reverse('usercp_avatar'))
message = request.messages.get_message('usercp_avatar')
if request.method == 'POST':
if request.csrf.request_secure(request):
try:
image_path = settings.MEDIA_ROOT + 'avatars/'
if upload:
source = Image.open(image_path + request.user.avatar_temp)
else:
source = Image.open(image_path + request.user.avatar_original)
width, height = source.size
aspect = float(width) / float(request.POST['crop_b'])
crop_x = int(aspect * float(request.POST['crop_x']))
crop_y = int(aspect * float(request.POST['crop_y']))
crop_w = int(aspect * float(request.POST['crop_w']))
crop = source.crop((crop_x, crop_y, crop_x + crop_w, crop_y + crop_w))
if upload:
image_name, image_extension = path(request.user.avatar_temp).splitext()
else:
image_name, image_extension = path(request.user.avatar_original).splitext()
image_name = '%s_%s%s' % (request.user.pk, random_string(8), image_extension)
resizeimage(crop, settings.AVATAR_SIZES[0], image_path + image_name, info=source.info, format=source.format)
for size in settings.AVATAR_SIZES[1:]:
resizeimage(crop, size, image_path + str(size) + '_' + image_name, info=source.info, format=source.format)
request.user.delete_avatar_image()
if upload:
request.user.delete_avatar_original()
request.user.avatar_type = 'upload'
request.user.avatar_original = '%s_org_%s%s' % (request.user.pk, random_string(8), image_extension)
source.save(image_path + request.user.avatar_original)
request.user.delete_avatar_temp()
request.user.avatar_image = image_name
request.user.avatar_crop = [str(float(request.POST[x])) for x in ('crop_x', 'crop_y', 'crop_w')]
request.user.save(force_update=True)
messages.success(request, _("Your avatar has been cropped."), 'usercp_avatar')
return redirect(reverse('usercp_avatar'))
except Exception:
message = Message(_("Form contains errors."), messages.ERROR)
else:
message = Message(_("Request authorisation is invalid."), messages.ERROR)
return render_to_response('usercp/avatar_crop.html',
context_instance=RequestContext(request, {
'message': message,
'after_upload': upload,
'avatar_size': settings.AVATAR_SIZES[0],
'avatar_crop': request.user.avatar_crop if not upload else None,
'source': 'avatars/%s' % (request.user.avatar_temp if upload else request.user.avatar_original),
'tab': 'avatar'}));
def make_jump(self):
if not self.request.acl.threads.can_mod_posts(self.forum):
raise ACLError404()
try:
return self.redirect_to_post(self.thread.post_set.get(reported=True))
except Post.DoesNotExist:
return error404(self.request)
def destroy_user(request, user, username):
try:
user = User.objects.get(pk=user)
except User.DoesNotExist:
return error404(request)
if user.pk == request.user.pk:
return error403(request, _("You can't destroy your own account."))
try:
request.acl.destroy_users.allow_destroy_user(user)
except ACLError403 as e:
return error403(request, unicode(e))
forums_to_sync = []
for thread in user.thread_set.iterator():
if not thread.forum_id in forums_to_sync:
forums_to_sync.append(thread.forum_id)
thread.delete()
if forums_to_sync:
for forum in Forum.objects.filter(id__in=forums_to_sync).iterator():
forum.sync()
forum.save()
user.post_set.update(deleted=True)
user.delete()
messages.success(request, _('User Account "%(username)s" has been destroyed.') % {'username': user.username})
return redirect('users')
def activate(request, token):
new_credentials = request.session.get("new_credentials")
if not new_credentials or new_credentials["token"] != token:
return error404(request)
if new_credentials["new_email"]:
request.user.set_email(new_credentials["new_email"])
if new_credentials["new_password"]:
request.user.set_password(new_credentials["new_password"])
try:
request.user.full_clean()
request.user.save(force_update=True)
request.user.sessions.exclude(id=request.session.id).delete()
request.user.signin_tokens.all().delete()
messages.success(
request,
_("%(username)s, your Sign-In credentials have been changed.") % {"username": request.user.username},
"security",
)
request.session.sign_out(request)
del request.session["new_credentials"]
return redirect(reverse("sign_in"))
except ValidationError:
messages.error(
request, _("Your new credentials have been invalidated. Please try again."), "usercp_credentials"
)
return redirect(reverse("usercp_credentials"))
def activate(request, token):
new_credentials = request.session.get('new_credentials')
if not new_credentials or new_credentials['token'] != token:
return error404(request)
if new_credentials['new_email']:
request.user.set_email(new_credentials['new_email'])
if new_credentials['new_password']:
request.user.set_password(new_credentials['new_password'])
try:
request.user.full_clean()
request.user.save(force_update=True)
request.user.sessions.exclude(id=request.session.id).delete()
request.user.signin_tokens.all().delete()
request.messages.set_flash(
Message(
_("%(username)s, your Sign-In credentials have been changed.")
% {'username': request.user.username}), 'success', 'security')
request.session.sign_out(request)
del request.session['new_credentials']
return redirect(reverse('sign_in'))
except ValidationError:
request.messages.set_flash(
Message(
_("Your new credentials have been invalidated. Please try again."
)), 'error', 'usercp_credentials')
return redirect(reverse('usercp_credentials'))
def unignore(request, user):
if request.user.pk == user.pk:
return error404(request)
if request.user.is_ignoring(user):
messages.info(request, _("You have stopped ignoring %(username)s") % {'username': user.username})
request.user.ignores.remove(user)
return fallback(request)
def ignore(request, user):
if request.user.pk == user.pk:
return error404(request)
if not request.user.is_ignoring(user):
messages.success(request, _("You are now ignoring %(username)s") % {'username': user.username})
request.user.ignores.add(user)
return fallback(request)
def settings(request, group_id=None, group_slug=None):
# Load groups and find selected group
settings_groups = SettingsGroup.objects.all().order_by('key')
if not group_id:
active_group = settings_groups[0]
group_id = active_group.pk
else:
group_id = int(group_id)
for group in settings_groups:
if group.pk == group_id:
active_group = group
break
else:
return error404(request, _('Requested settings group could not be found.'))
# Load selected group settings and turn them into form
group_settings = Setting.objects.filter(group=active_group).order_by('position')
last_fieldset = (None, [])
group_form = {'layout': []}
for setting in group_settings:
# New field subgroup?
if setting.separator and last_fieldset[0] != setting.separator:
if last_fieldset[0]:
group_form['layout'].append(last_fieldset)
last_fieldset = (_(setting.separator), [])
last_fieldset[1].append(setting.pk)
group_form[setting.pk] = setting.get_field()
group_form['layout'].append(last_fieldset)
SettingsGroupForm = type('SettingsGroupForm', (Form,), group_form)
#Submit form
message = request.messages.get_message('admin_settings')
if request.method == 'POST':
form = SettingsGroupForm(request.POST, request=request)
if form.is_valid():
for setting in form.cleaned_data.keys():
request.settings[setting] = form.cleaned_data[setting]
cache.delete('settings')
request.messages.set_flash(Message(_('Configuration has been changed.')), 'success', 'admin_settings')
return redirect(reverse('admin_settings', kwargs={
'group_id': active_group.pk,
'group_slug': active_group.key,
}))
else:
message = Message(form.non_field_errors()[0], 'error')
else:
form = SettingsGroupForm(request=request)
# Display settings group form
return request.theme.render_to_response('settings/settings.html',
{
'message': message,
'groups': settings_groups,
'active_group': active_group,
'search_form': FormFields(SearchForm(request=request)),
'form': FormLayout(form),
'raw_form': form,
},
context_instance=RequestContext(request));
def settings(request, group_id=None, group_slug=None):
# Load groups and find selected group
settings_groups = SettingsGroup.objects.all().order_by('key')
if not group_id:
active_group = settings_groups[0]
group_id = active_group.pk
else:
group_id = int(group_id)
for group in settings_groups:
if group.pk == group_id:
active_group = group
break
else:
return error404(request, _('Requested settings group could not be found.'))
# Load selected group settings and turn them into form
group_settings = Setting.objects.filter(group=active_group).order_by('position')
last_fieldset = (None, [])
group_form = {'fieldsets': []}
for setting in group_settings:
# New field subgroup?
if setting.separator and last_fieldset[0] != setting.separator:
if last_fieldset[0]:
group_form['fieldsets'].append(last_fieldset)
last_fieldset = (_(setting.separator), [])
last_fieldset[1].append(setting.pk)
group_form[setting.pk] = setting.get_field()
group_form['fieldsets'].append(last_fieldset)
SettingsGroupForm = type('SettingsGroupForm', (Form,), group_form)
#Submit form
message = messages.get_message(request, 'admin_settings')
if request.method == 'POST':
form = SettingsGroupForm(request.POST, request=request)
if form.is_valid():
for setting in form.cleaned_data.keys():
misago_settings[setting] = form.cleaned_data[setting]
cache.delete('settings')
messages.success(request, _('Configuration has been changed.'), 'admin_settings')
return redirect(reverse('admin_settings', kwargs={
'group_id': active_group.pk,
'group_slug': active_group.key,
}))
else:
message = Message(form.non_field_errors()[0], messages.ERROR)
else:
form = SettingsGroupForm(request=request)
# Display settings group form
return render_to_response('settings/settings.html',
{
'message': message,
'groups': settings_groups,
'active_group': active_group,
'search_form': SearchForm(request=request),
'form': FormIterator(form),
'raw_form': form,
},
context_instance=RequestContext(request));
def inner_decorator(request, user, *args, **kwargs):
request = request
user_pk = int(user)
try:
user = User.objects.get(pk=user_pk)
return f(request, user, *args, **kwargs)
except User.DoesNotExist:
return error404(request)
def inner_decorator(request, user, *args, **kwargs):
request = request
user_pk = int(user)
try:
user = User.objects.get(pk=user_pk)
return f(request, user, *args, **kwargs)
except User.DoesNotExist:
return error404(request)
def __call__(self, request, **kwargs):
self.request = request
self.kwargs = kwargs
self.parents = []
try:
self._type_available()
self._set_context()
self._check_permissions()
self.delete()
self.message()
return self.response()
except (Forum.DoesNotExist, Thread.DoesNotExist, Post.DoesNotExist, Checkpoint.DoesNotExist):
return error404(request)
except ACLError403 as e:
return error403(request, unicode(e))
except ACLError404 as e:
return error404(request, unicode(e))
def make_jump(self):
if not self.request.acl.threads.can_approve(self.forum):
raise ACLError404()
try:
return self.redirect_to_post(
self.thread.post_set.filter(moderated=True)[:1][0])
except IndexError:
return error404(self.request)
def make_jump(self):
if not self.request.acl.threads.can_mod_posts(self.forum):
raise ACLError404()
try:
return self.redirect_to_post(
self.thread.post_set.get(reported=True))
except Post.DoesNotExist:
return error404(self.request)
def make_jump(self):
if not self.request.acl.threads.can_approve(self.forum):
raise ACLError404()
try:
return self.redirect_to_post(
self.thread.post_set.filter(moderated=True)[:1][0])
except IndexError:
return error404(self.request)
def category(request, forum, slug):
if not request.acl.forums.can_see(forum):
return error404(request)
try:
forum = Forum.objects.get(pk=forum, type='category')
if not request.acl.forums.can_browse(forum):
return error403(request, _("You don't have permission to browse this category."))
except Forum.DoesNotExist:
return error404(request)
forum.subforums = Forum.objects.treelist(request.acl.forums, forum, tracker=ForumsTracker(request.user))
return render_to_response('category.html',
{
'category': forum,
'parents': Forum.objects.forum_parents(forum.pk),
},
context_instance=RequestContext(request));
def graph(request, model, date_start, date_end, precision):
"""
Generate fancy graph for model and stuff
"""
if date_start == date_end:
# Bad dates
raise error404(RequestContext)
# Turn stuff into datetime's
date_start = datetime.strptime(date_start, "%Y-%m-%d")
date_end = datetime.strptime(date_end, "%Y-%m-%d")
statistics_providers = []
models_map = {}
for model_obj in models.get_models():
try:
getattr(model_obj.objects, "filter_stats")
statistics_providers.append((str(model_obj.__name__).lower(), model_obj.statistics_name))
models_map[str(model_obj.__name__).lower()] = model_obj
except AttributeError:
pass
if not statistics_providers:
# Like before, q.q on lack of models
return render_to_response("stats/not_available.html", context_instance=RequestContext(request))
if not model in models_map or check_dates(date_start, date_end, precision):
# Bad model name or graph data!
raise error404(request)
form = GenerateStatisticsForm(
provider_choices=statistics_providers,
request=request,
initial={"provider_model": model, "date_start": date_start, "date_end": date_end, "stats_precision": precision},
)
return render_to_response(
"stats/graph.html",
{
"title": models_map[model].statistics_name,
"graph": build_graph(models_map[model], date_start, date_end, precision),
"form": form,
"message": request.messages.get_message("admin_stats"),
},
context_instance=RequestContext(request),
)
def clear_recent(request):
if not request.is_ajax() or not request.method == 'POST':
return error404(request)
del request.session['recent_alerts']
response_html = render_to_string('alerts/cleared.html',
context_instance=RequestContext(request))
return json_response(request,
json={'html': response_html})
def redirect(request, forum, slug):
if not request.acl.forums.can_see(forum):
return error404(request)
try:
forum = Forum.objects.get(pk=forum, type='redirect')
if not request.acl.forums.can_browse(forum):
return error403(
request,
_("You don't have permission to follow this redirect."))
redirects_tracker = request.session.get('redirects', [])
if forum.pk not in redirects_tracker:
redirects_tracker.append(forum.pk)
request.session['redirects'] = redirects_tracker
forum.redirects += 1
forum.save(force_update=True)
return django_redirect(forum.redirect)
except Forum.DoesNotExist:
return error404(request)
def __call__(self, request, **kwargs):
self.request = request
self.kwargs = kwargs
self.parents = []
try:
self._type_available()
self._set_context()
self._check_permissions()
self.delete()
self.message()
return self.response()
except (Forum.DoesNotExist, Thread.DoesNotExist, Post.DoesNotExist,
Checkpoint.DoesNotExist):
return error404(request)
except ACLError403 as e:
return error403(request, unicode(e))
except ACLError404 as e:
return error404(request, unicode(e))
def graph(request, model, date_start, date_end, precision):
"""
Generate fancy graph for model and stuff
"""
if date_start == date_end:
# Bad dates
raise error404(RequestContext)
# Turn stuff into datetime's
date_start = datetime.strptime(date_start, '%Y-%m-%d')
date_end = datetime.strptime(date_end, '%Y-%m-%d')
statistics_providers = []
models_map = {}
for model_obj in models.get_models():
try:
getattr(model_obj.objects, 'filter_stats')
statistics_providers.append((str(model_obj.__name__).lower(), model_obj.statistics_name))
models_map[str(model_obj.__name__).lower()] = model_obj
except AttributeError:
pass
if not statistics_providers:
# Like before, q.q on lack of models
return render_to_response('stats/not_available.html',
context_instance=RequestContext(request));
if not model in models_map or check_dates(date_start, date_end, precision):
# Bad model name or graph data!
raise error404(request)
form = GenerateStatisticsForm(
provider_choices=statistics_providers,
request=request,
initial={'provider_model': model, 'date_start': date_start, 'date_end': date_end, 'stats_precision': precision})
return render_to_response('stats/graph.html',
{
'title': models_map[model].statistics_name,
'graph': build_graph(models_map[model], date_start, date_end, precision),
'form': form,
'message': request.messages.get_message('admin_stats'),
},
context_instance=RequestContext(request));
def __call__(self, request, slug=None, thread=None, post=None):
self.request = request
self.parents = []
try:
self._type_available()
self.fetch_thread(thread)
if self.forum.level:
self.parents = Forum.objects.forum_parents(self.forum.pk, True)
self.check_forum_type()
self._check_permissions()
if post:
self.fetch_post(post)
return self.make_jump()
except (Thread.DoesNotExist, Post.DoesNotExist):
return error404(self.request)
except ACLError403 as e:
return error403(request, e)
except ACLError404 as e:
return error404(request, e)
def __call__(self, request, slug=None, thread=None, post=None):
self.request = request
self.parents = []
try:
self._type_available()
self.fetch_thread(thread)
if self.forum.level:
self.parents = Forum.objects.forum_parents(self.forum.pk, True)
self.check_forum_type()
self._check_permissions()
if post:
self.fetch_post(post)
return self.make_jump()
except (Thread.DoesNotExist, Post.DoesNotExist):
return error404(self.request)
except ACLError403 as e:
return error403(request, e)
except ACLError404 as e:
return error404(request, e)
def decorator(*args, **kwargs):
request, user = args
request.acl.warnings.allow_member_warns_view(request.user, user)
warning_pk = kwargs['warning']
try:
warning = user.warning_set.get(pk=warning_pk)
f(request, user, warning)
return redirect('user_warnings', username=user.username_slug, user=user.pk)
except Warn.DoesNotExist:
return error404(request, _("Requested warning could not be found."))
def inner_decorator(request, user, username, *args, **kwargs):
request = request
user_pk = int(user)
user_slug = username
try:
user = User.objects
if settings.PROFILE_EXTENSIONS_PRELOAD:
user = user.select_related(*settings.PROFILE_EXTENSIONS_PRELOAD)
user = user.get(pk=user_pk)
if user.username_slug != user_slug:
# Force crawlers to take notice of updated username
return redirect(reverse(fallback, args=(user.username_slug, user.pk)), permanent=True)
return f(request, user, *args, **kwargs)
except User.DoesNotExist:
return error404(request)
except ACLError404:
return error404(request)
except ACLError403 as e:
return error403(request, e.message)
def __call__(self, request, **kwargs):
self.request = request
self.kwargs = kwargs
self.forum = None
self.thread = None
self.post = None
self.parents = []
try:
self._type_available()
self.fetch_target()
self.check_acl()
self._check_permissions()
except (Forum.DoesNotExist, Thread.DoesNotExist, Post.DoesNotExist):
return error404(self.request)
except ACLError403 as e:
return error403(request, e)
except ACLError404 as e:
return error404(request, e)
return self.response()
def __call__(self, request, **kwargs):
self.request = request
self.kwargs = kwargs
self.forum = None
self.thread = None
self.post = None
self.parents = []
try:
self._type_available()
self.fetch_target()
self.check_acl()
self._check_permissions()
except (Forum.DoesNotExist, Thread.DoesNotExist, Post.DoesNotExist):
return error404(self.request)
except ACLError403 as e:
return error403(request, e)
except ACLError404 as e:
return error404(request, e)
return self.response()
def username(request):
if not request.acl.usercp.show_username_change():
return error404(request)
changes_left = request.acl.usercp.changes_left(request.user)
next_change = None
if request.acl.usercp.changes_expire() and not changes_left:
next_change = request.user.namechanges.filter(
date__gte=timezone.now() - timedelta(days=request.acl.usercp.acl['changes_expire']),
).order_by('-date')[0]
next_change = next_change.date + timedelta(days=request.acl.usercp.acl['changes_expire'])
message = request.messages.get_message('usercp_username')
if request.method == 'POST':
if not changes_left:
message = Message(_("You have exceeded the maximum number of name changes."), 'error')
form = UsernameChangeForm(request=request)
else:
org_username = request.user.username
form = UsernameChangeForm(request.POST, request=request)
if form.is_valid():
request.user.set_username(form.cleaned_data['username'])
request.user.save(force_update=True)
request.user.sync_username()
request.user.namechanges.create(date=timezone.now(), old_username=org_username)
request.messages.set_flash(Message(_("Your username has been changed.")), 'success', 'usercp_username')
# Alert followers of namechange
alert_time = timezone.now()
bulk_alerts = []
alerted_users = []
for follower in request.user.follows_set.iterator():
alerted_users.append(follower.pk)
alert = Alert(user=follower, message=ugettext_lazy("User that you are following, %(username)s, has changed his name to %(newname)s").message, date=alert_time)
alert.strong('username', org_username)
alert.profile('newname', request.user)
alert.hydrate()
bulk_alerts.append(alert)
if bulk_alerts:
Alert.objects.bulk_create(bulk_alerts)
User.objects.filter(id__in=alerted_users).update(alerts=F('alerts') + 1)
# Hop back
return redirect(reverse('usercp_username'))
message = Message(form.non_field_errors()[0], 'error')
else:
form = UsernameChangeForm(request=request)
return request.theme.render_to_response('usercp/username.html',
context_instance=RequestContext(request, {
'message': message,
'changes_left': changes_left,
'form': FormLayout(form),
'next_change': next_change,
'changes_history': request.user.namechanges.order_by('-date')[:10],
'tab': 'username',
}));
def __call__(self, request, **kwargs):
self.request = request
self.kwargs = kwargs
self.pagination = {}
self.parents = []
self.threads = []
self.message = request.messages.get_message('threads')
try:
self._type_available()
self._fetch_forum()
self._check_permissions()
response = self.fetch_threads()
if response:
return response
self.form = None
self.make_form()
if self.form:
response = self.handle_form()
if response:
return response
except (Forum.DoesNotExist, Thread.DoesNotExist):
return error404(request)
except ACLError403 as e:
return error403(request, unicode(e))
except ACLError404 as e:
return error404(request, unicode(e))
# Merge proxy into forum
self.forum.closed = self.proxy.closed
return request.theme.render_to_response('%ss/%s.html' % (self.type_prefix, self.template),
self.template_vars({
'type_prefix': self.type_prefix,
'message': self.message,
'forum': self.forum,
'parents': self.parents,
'count': self.count,
'list_form': FormFields(self.form).fields if self.form else None,
'threads': self.threads,
'pagination': self.pagination,
}),
context_instance=RequestContext(request));
def unfollow(request, user):
if request.user.pk == user.pk:
return error404(request)
if request.user.is_following(user):
messages.info(request, _("You have stopped following %(username)s") % {'username': user.username})
request.user.follows.remove(user)
request.user.following -= 1
request.user.save(force_update=True)
user.followers -= 1
user.save(force_update=True)
return fallback(request)
def username(request):
if not request.acl.usercp.show_username_change():
return error404(request)
changes_left = request.acl.usercp.changes_left(request.user)
next_change = None
if request.acl.usercp.changes_expire() and not changes_left:
next_change = request.user.namechanges.filter(
date__gte=timezone.now() - timedelta(days=request.acl.usercp.acl['changes_expire']),
).order_by('-date')[0]
next_change = next_change.date + timedelta(days=request.acl.usercp.acl['changes_expire'])
message = request.messages.get_message('usercp_username')
if request.method == 'POST':
if not changes_left:
message = Message(_("You have exceeded the maximum number of name changes."), messages.ERROR)
form = UsernameChangeForm(request=request)
else:
org_username = request.user.username
form = UsernameChangeForm(request.POST, request=request)
if form.is_valid():
request.user.set_username(form.cleaned_data['username'])
request.user.save(force_update=True)
request.user.sync_username()
request.user.namechanges.create(date=timezone.now(), old_username=org_username)
messages.success(request, _("Your username has been changed."), 'usercp_username')
# Alert followers of namechange
alert_time = timezone.now()
bulk_alerts = []
alerted_users = []
for follower in request.user.follows_set.iterator():
alerted_users.append(follower.pk)
alert = Alert(user=follower, message=ugettext_lazy("User that you are following, %(username)s, has changed his name to %(newname)s").message, date=alert_time)
alert.strong('username', org_username)
alert.profile('newname', request.user)
alert.hydrate()
bulk_alerts.append(alert)
if bulk_alerts:
Alert.objects.bulk_create(bulk_alerts)
User.objects.filter(id__in=alerted_users).update(alerts=F('alerts') + 1)
# Hop back
return redirect(reverse('usercp_username'))
message = Message(form.non_field_errors()[0], messages.ERROR)
else:
form = UsernameChangeForm(request=request)
return render_to_response('usercp/username.html',
context_instance=RequestContext(request, {
'message': message,
'changes_left': changes_left,
'form': form,
'next_change': next_change,
'changes_history': request.user.namechanges.order_by('-date')[:10],
'tab': 'username'}));
def clear_recent(request):
if not request.is_ajax() or not request.method == 'POST':
return error404(request)
try:
del request.session['recent_alerts']
except KeyError:
pass
response_html = render_to_string('alerts/cleared.html',
context_instance=RequestContext(request))
return json_response(request, json={'html': response_html})
def gravatar(request):
if not 'gravatar' in request.settings.avatars_types:
return error404(request)
if request.user.avatar_type != 'gravatar':
if request.csrf.request_secure(request):
request.user.delete_avatar()
request.user.avatar_type = 'gravatar'
request.user.save(force_update=True)
request.messages.set_flash(Message(_("Your avatar has been changed to Gravatar.")), 'success', 'usercp_avatar')
else:
request.messages.set_flash(Message(_("Request authorisation is invalid.")), 'error', 'usercp_avatar')
return redirect(reverse('usercp_avatar'))
def category(request, forum, slug):
if not request.acl.forums.can_see(forum):
return error404(request)
try:
forum = Forum.objects.get(pk=forum, type='category')
if not request.acl.forums.can_browse(forum):
return error403(
request,
_("You don't have permission to browse this category."))
except Forum.DoesNotExist:
return error404(request)
forum.subforums = Forum.objects.treelist(request.acl.forums,
forum,
tracker=ForumsTracker(
request.user))
return render_to_response('category.html', {
'category': forum,
'parents': Forum.objects.forum_parents(forum.pk),
},
context_instance=RequestContext(request))
def gallery(request):
if not 'gallery' in settings.avatars_types:
return error404(request)
allowed_avatars = []
galleries = []
for directory in path(
settings.STATICFILES_DIRS[0]).joinpath('avatars').dirs():
if directory[-7:] != '_locked' and directory[-8:] != '_default':
gallery = {'name': directory[-7:], 'avatars': []}
avatars = directory.files('*.gif')
avatars += directory.files('*.jpg')
avatars += directory.files('*.jpeg')
avatars += directory.files('*.png')
for item in avatars:
gallery['avatars'].append('/'.join(path(item).splitall()[-2:]))
galleries.append(gallery)
allowed_avatars += gallery['avatars']
if not allowed_avatars:
messages.info(request,
_("No avatar galleries are available at the moment."),
'usercp_avatar')
return redirect(reverse('usercp_avatar'))
message = request.messages.get_message('usercp_avatar')
if request.method == 'POST':
if request.csrf.request_secure(request):
new_avatar = request.POST.get('avatar_image')
if new_avatar in allowed_avatars:
request.user.delete_avatar()
request.user.avatar_type = 'gallery'
request.user.avatar_image = new_avatar
request.user.save(force_update=True)
messages.success(
request,
_("Your avatar has been changed to one from gallery."),
'usercp_avatar')
return redirect(reverse('usercp_avatar'))
message = Message(_("Selected Avatar is incorrect."),
messages.ERROR)
else:
message = Message(_("Request authorisation is invalid."),
messages.ERROR)
return render_to_response('usercp/avatar_gallery.html',
context_instance=RequestContext(
request, {
'message': message,
'galleries': galleries,
'tab': 'avatar'
}))
def __call__(self, request, **kwargs):
try:
if request.user.is_crawler():
raise ACLError404()
if not request.acl.search.can_search():
raise ACLError403(
_("You don't have permission to search community."))
self.request = request
return self.call(**kwargs)
except ACLError403 as e:
return error403(request, unicode(e))
except ACLError404 as e:
return error404(request, unicode(e))
def inner_decorator(request, user, username, *args, **kwargs):
request = request
user_pk = int(user)
user_slug = username
try:
user = User.objects
if settings.PROFILE_EXTENSIONS_PRELOAD:
user = user.select_related(
*settings.PROFILE_EXTENSIONS_PRELOAD)
user = user.get(pk=user_pk)
if user.username_slug != user_slug:
# Force crawlers to take notice of updated username
return redirect(reverse(fallback,
args=(user.username_slug,
user.pk)),
permanent=True)
return f(request, user, *args, **kwargs)
except User.DoesNotExist:
return error404(request)
except ACLError404:
return error404(request)
except ACLError403 as e:
return error403(request, e.message)
def __call__(self, request, **kwargs):
self.request = request
self.kwargs = kwargs
self.forum = None
self.thread = None
self.post = None
self.parents = []
try:
self._type_available()
self.fetch_target()
self._check_permissions()
if not request.user.is_authenticated():
raise ACLError403(
_("Guest, you have to sign-in in order to see posts changelogs."
))
except (Forum.DoesNotExist, Thread.DoesNotExist, Post.DoesNotExist,
Change.DoesNotExist):
return error404(self.request)
except ACLError403 as e:
return error403(request, e)
except ACLError404 as e:
return error404(request, e)
return self.dispatch(request)
