def view(request): if not self.post.reported: return error404(request) reports = Forum.objects.special_model("reports") self.request.acl.forums.allow_forum_view(reports) report = self.post.live_report() if not report: return error404(request) return redirect(reverse("report", kwargs={"thread": report.pk, "slug": report.slug}))
def __call__(self, request, **kwargs): self.request = request self.kwargs = kwargs self.parents = [] self.ignored = False self.watcher = False self.message = request.messages.get_message("threads") try: self._type_available() self.fetch_thread() self.check_forum_type() self._check_permissions() response = self.fetch_posts() if response: return response self.make_thread_form() if self.thread_form: response = self.handle_thread_form() if response: return response self.make_posts_form() if self.posts_form: response = self.handle_posts_form() if response: return response except (Forum.DoesNotExist, Thread.DoesNotExist): return error404(request) except ACLError403 as e: return error403(request, unicode(e)) except ACLError404 as e: return error404(request, unicode(e)) # Merge proxy into forum self.forum.closed = self.proxy.closed return render_to_response( "%ss/thread.html" % self.type_prefix, self._template_vars( { "message": self.message, "forum": self.forum, "parents": self.parents, "thread": self.thread, "is_read": self.tracker.is_read(self.thread), "count": self.count, "posts": self.posts, "ignored_posts": self.ignored, "watcher": self.watcher, "pagination": self.pagination, "emojis": emojis(), "quick_reply": QuickReplyForm(request=request), "thread_form": self.thread_form or None, "posts_form": self.posts_form or None, } ), context_instance=RequestContext(request), )
def view(request): if not self.post.reported: return error404(request) reports = Forum.objects.special_model('reports') self.request.acl.forums.allow_forum_view(reports) report = self.post.live_report() if not report: return error404(request) return redirect(reverse('report', kwargs={'thread': report.pk, 'slug': report.slug}))
def __call__(self, request, **kwargs): self.request = request self.kwargs = kwargs self.parents = [] self.ignored = False self.watcher = False self.message = request.messages.get_message('threads') try: self._type_available() self.fetch_thread() self.check_forum_type() self._check_permissions() response = self.fetch_posts() if response: return response self.make_thread_form() if self.thread_form: response = self.handle_thread_form() if response: return response self.make_posts_form() if self.posts_form: response = self.handle_posts_form() if response: return response except (Forum.DoesNotExist, Thread.DoesNotExist): return error404(request) except ACLError403 as e: return error403(request, unicode(e)) except ACLError404 as e: return error404(request, unicode(e)) # Merge proxy into forum self.forum.closed = self.proxy.closed return request.theme.render_to_response('%ss/thread.html' % self.type_prefix, self.template_vars({ 'type_prefix': self.type_prefix, 'message': self.message, 'forum': self.forum, 'parents': self.parents, 'thread': self.thread, 'is_read': self.tracker.is_read(self.thread), 'count': self.count, 'posts': self.posts, 'ignored_posts': self.ignored, 'watcher': self.watcher, 'pagination': self.pagination, 'emojis': emojis(), 'quick_reply': FormFields(QuickReplyForm(request=request)).fields, 'thread_form': FormFields(self.thread_form).fields if self.thread_form else None, 'posts_form': FormFields(self.posts_form).fields if self.posts_form else None, }), context_instance=RequestContext(request));
def __call__(self, request, **kwargs): self.request = request self.kwargs = kwargs self.parents = [] self.ignored = False self.watcher = False self.message = request.messages.get_message('threads') try: self._type_available() self.fetch_thread() self.check_forum_type() self._check_permissions() response = self.fetch_posts() if response: return response self.make_thread_form() if self.thread_form: response = self.handle_thread_form() if response: return response self.make_posts_form() if self.posts_form: response = self.handle_posts_form() if response: return response except (Forum.DoesNotExist, Thread.DoesNotExist): return error404(request) except ACLError403 as e: return error403(request, unicode(e)) except ACLError404 as e: return error404(request, unicode(e)) # Merge proxy into forum self.forum.closed = self.proxy.closed return render_to_response('%ss/thread.html' % self.type_prefix, self._template_vars({ 'message': self.message, 'forum': self.forum, 'parents': self.parents, 'thread': self.thread, 'is_read': self.tracker.is_read(self.thread), 'count': self.count, 'posts': self.posts, 'ignored_posts': self.ignored, 'watcher': self.watcher, 'pagination': self.pagination, 'emojis': emojis(), 'quick_reply': QuickReplyForm(request=request), 'thread_form': self.thread_form or None, 'posts_form': self.posts_form or None, }), context_instance=RequestContext(request));
def graph(request, model, date_start, date_end, precision): """ Generate fancy graph for model and stuff """ if date_start == date_end: # Bad dates raise error404(RequestContext) # Turn stuff into datetime's date_start = datetime.strptime(date_start, '%Y-%m-%d') date_end = datetime.strptime(date_end, '%Y-%m-%d') statistics_providers = [] models_map = {} for model_obj in models.get_models(): try: getattr(model_obj.objects, 'filter_stats') statistics_providers.append( (str(model_obj.__name__).lower(), model_obj.statistics_name)) models_map[str(model_obj.__name__).lower()] = model_obj except AttributeError: pass if not statistics_providers: # Like before, q.q on lack of models return request.theme.render_to_response( 'stats/not_available.html', context_instance=RequestContext(request)) if not model in models_map or check_dates(date_start, date_end, precision): # Bad model name or graph data! raise error404(request) form = GenerateStatisticsForm(provider_choices=statistics_providers, request=request, initial={ 'provider_model': model, 'date_start': date_start, 'date_end': date_end, 'stats_precision': precision }) return request.theme.render_to_response( 'stats/graph.html', { 'title': models_map[model].statistics_name, 'graph': build_graph(models_map[model], date_start, date_end, precision), 'form': FormLayout(form), 'message': request.messages.get_message('admin_stats'), }, context_instance=RequestContext(request))
def __call__(self, request, **kwargs): self.request = request self.kwargs = kwargs self.pagination = {} self.parents = [] self.threads = [] self.message = request.messages.get_message('threads') try: self._type_available() self._fetch_forum() self._check_permissions() response = self.fetch_threads() if response: return response self.form = None self.make_form() if self.form: response = self.handle_form() if response: return response except (Forum.DoesNotExist, Thread.DoesNotExist): return error404(request) except ACLError403 as e: return error403(request, unicode(e)) except ACLError404 as e: return error404(request, unicode(e)) # Merge proxy into forum self.forum.closed = self.proxy.closed return request.theme.render_to_response( '%ss/%s.html' % (self.type_prefix, self.template), self.template_vars({ 'type_prefix': self.type_prefix, 'message': self.message, 'forum': self.forum, 'parents': self.parents, 'count': self.count, 'list_form': FormFields(self.form).fields if self.form else None, 'threads': self.threads, 'pagination': self.pagination, }), context_instance=RequestContext(request))
def view(request): if not self.post.reported: return error404(request) reports = Forum.objects.special_model('reports') self.request.acl.forums.allow_forum_view(reports) report = self.post.live_report() if not report: return error404(request) return redirect( reverse('report', kwargs={ 'thread': report.pk, 'slug': report.slug }))
def activate(request, username="", user="******", token=""): user = int(user) try: user = User.objects.get(pk=user) current_activation = user.activation # Run checks user_ban = Ban.objects.check_ban(username=user.username, email=user.email) if user_ban: return error_banned(request, user, user_ban) if user.activation == User.ACTIVATION_NONE: return redirect_message(request, Message(_("%(username)s, your account is already active.") % {'username': user.username}), 'info') if user.activation == User.ACTIVATION_ADMIN: return redirect_message(request, Message(_("%(username)s, only board administrator can activate your account.") % {'username': user.username}), 'info') if not token or not user.token or user.token != token: return redirect_message(request, Message(_("%(username)s, your activation link is invalid. Try again or request new activation e-mail.") % {'username': user.username}), 'error') # Activate and sign in our member user.activation = User.ACTIVATION_NONE sign_user_in(request, user) # Update monitor User.objects.resync_monitor(request.monitor) if current_activation == User.ACTIVATION_CREDENTIALS: return redirect_message(request, Message(_("%(username)s, your account has been successfully reactivated after change of sign-in credentials.") % {'username': user.username}), 'success') else: return redirect_message(request, Message(_("%(username)s, your account has been successfully activated. Welcome aboard!") % {'username': user.username}), 'success') except User.DoesNotExist: return error404(request)
def decorator(*args, **kwargs): try: return f(*args, **kwargs) except ACLError403 as e: return error403(args[0], e) except ACLError404 as e: return error404(args[0], e)
def call(self, **kwargs): result = self.request.session.get('search_results') if not result: return error404(self.request, _("No search results were found.")) items = result['search_results'] items_total = len(items); try: pagination = make_pagination(kwargs.get('page', 0), items_total, 12) except Http404: return redirect(reverse('search_results')) return render_to_response('search/results.html', { 'search_in': result.get('search_in'), 'search_route': result.get('search_route'), 'search_query': result['search_query'], 'search_author': result.get('search_author'), 'search_thread_titles': result.get('search_thread_titles'), 'search_thread': result.get('search_thread'), 'results': Post.objects.filter(id__in=items).select_related('forum', 'thread', 'user').order_by('-pk')[pagination['start']:pagination['stop']], 'items_total': items_total, 'pagination': pagination, }, context_instance=RequestContext(self.request))
def unignore(request, user): if request.user.pk == user.pk: return error404(request) if request.user.is_ignoring(user): request.messages.set_flash(Message(_("You have stopped ignoring %(username)s") % {'username': user.username})) request.user.ignores.remove(user) return fallback(request)
def ignore(request, user): if request.user.pk == user.pk: return error404(request) if not request.user.is_ignoring(user): request.messages.set_flash(Message(_("You are now ignoring %(username)s") % {'username': user.username}), 'success') request.user.ignores.add(user) return fallback(request)
def reset(request, username="", user="******", token=""): user = int(user) try: user = User.objects.get(pk=user) user_ban = Ban.objects.check_ban(username=user.username, email=user.email) if user_ban: return error_banned(request, user, user_ban) if user.activation != User.ACTIVATION_NONE: return redirect_message(request, messages.INFO, _("%(username)s, your account has to be activated in order for you to be able to request new password.") % {'username': user.username}) if not token or not user.token or user.token != token: return redirect_message(request, messages.ERROR, _("%(username)s, request confirmation link is invalid. Please request new confirmation link.") % {'username': user.username}) new_password = random_string(6) user.token = None user.set_password(new_password) user.save(force_update=True) # Logout signed in and kill remember me tokens Session.objects.filter(user=user).update(user=None) Token.objects.filter(user=user).delete() # Set flash and mail new password user.email_user( request, 'users/password/new', _("Your New Password"), {'password': new_password} ) return redirect_message(request, messages.SUCCESS, _("%(username)s, your password has been changed with new one that was sent to %(email)s.") % {'username': user.username, 'email': user.email}) except User.DoesNotExist: return error404(request)
def server(request, attachment, thumb=False): try: attachment = Attachment.objects.select_related('forum', 'thread', 'post', 'user').get(hash_id=attachment) if attachment.forum: request.acl.forums.allow_forum_view(attachment.forum) if attachment.thread: request.acl.threads.allow_thread_view(request.user, attachment.thread) if attachment.forum.special == 'private_threads': if not request.user.is_authenticated(): raise ACLError404() can_see_thread_because_reported = ( request.acl.private_threads.is_mod() and attachment.thread.replies_reported) can_see_thread_because_participates = request.user in attachment.thread.participants.all() if not (can_see_thread_because_reported or can_see_thread_because_participates): raise ACLError404() if attachment.post: request.acl.threads.allow_post_view(request.user, attachment.thread, attachment.post) request.acl.threads.allow_attachment_download(request.user, attachment.forum, attachment.post) return serve_file(attachment, thumb) except ACLError403: if attachment.is_image: return serve_403_image() return error403(request, _("You don't have permission to download this file.")) except (Attachment.DoesNotExist, ACLError404): if thumb: return serve_404_image() return error404(request, _("Requested file could not be found."))
def redirect(request, forum, slug): if not request.acl.forums.can_see(forum): return error404(request) try: forum = Forum.objects.get(pk=forum, type='redirect') if not request.acl.forums.can_browse(forum): return error403(request, _("You don't have permission to follow this redirect.")) redirects_tracker = request.session.get('redirects', []) if forum.pk not in redirects_tracker: redirects_tracker.append(forum.pk) request.session['redirects'] = redirects_tracker forum.redirects += 1 forum.save(force_update=True) return django_redirect(forum.redirect) except Forum.DoesNotExist: return error404(request)
def activate(request, username="", user="******", token=""): user = int(user) try: user = User.objects.get(pk=user) current_activation = user.activation # Run checks user_ban = Ban.objects.check_ban(username=user.username, email=user.email) if user_ban: return error_banned(request, user, user_ban) if user.activation == User.ACTIVATION_NONE: return redirect_message(request, messages.INFO, _("%(username)s, your account is already active.") % {'username': user.username}) if user.activation == User.ACTIVATION_ADMIN: return redirect_message(request, messages.INFO, _("%(username)s, only board administrator can activate your account.") % {'username': user.username}) if not token or not user.token or user.token != token: return redirect_message(request, messages.ERROR, _("%(username)s, your activation link is invalid. Try again or request new activation e-mail.") % {'username': user.username}) # Activate and sign in our member user.activation = User.ACTIVATION_NONE sign_user_in(request, user) # Update monitor User.objects.resync_monitor() if current_activation == User.ACTIVATION_CREDENTIALS: return redirect_message(request, messages.SUCCESS, _("%(username)s, your account has been successfully reactivated after change of sign-in credentials.") % {'username': user.username}) else: return redirect_message(request, messages.SUCCESS, _("%(username)s, your account has been successfully activated. Welcome aboard!") % {'username': user.username}) except User.DoesNotExist: return error404(request)
def crop(request, upload=False): if upload and (not request.user.avatar_temp or not 'upload' in settings.avatars_types): return error404(request) if not upload and request.user.avatar_type != 'upload': messages.error(request, _("Crop Avatar option is avaiable only when you use uploaded image as your avatar."), 'usercp_avatar') return redirect(reverse('usercp_avatar')) message = request.messages.get_message('usercp_avatar') if request.method == 'POST': if request.csrf.request_secure(request): try: image_path = settings.MEDIA_ROOT + 'avatars/' if upload: source = Image.open(image_path + request.user.avatar_temp) else: source = Image.open(image_path + request.user.avatar_original) width, height = source.size aspect = float(width) / float(request.POST['crop_b']) crop_x = int(aspect * float(request.POST['crop_x'])) crop_y = int(aspect * float(request.POST['crop_y'])) crop_w = int(aspect * float(request.POST['crop_w'])) crop = source.crop((crop_x, crop_y, crop_x + crop_w, crop_y + crop_w)) if upload: image_name, image_extension = path(request.user.avatar_temp).splitext() else: image_name, image_extension = path(request.user.avatar_original).splitext() image_name = '%s_%s%s' % (request.user.pk, random_string(8), image_extension) resizeimage(crop, settings.AVATAR_SIZES[0], image_path + image_name, info=source.info, format=source.format) for size in settings.AVATAR_SIZES[1:]: resizeimage(crop, size, image_path + str(size) + '_' + image_name, info=source.info, format=source.format) request.user.delete_avatar_image() if upload: request.user.delete_avatar_original() request.user.avatar_type = 'upload' request.user.avatar_original = '%s_org_%s%s' % (request.user.pk, random_string(8), image_extension) source.save(image_path + request.user.avatar_original) request.user.delete_avatar_temp() request.user.avatar_image = image_name request.user.avatar_crop = [str(float(request.POST[x])) for x in ('crop_x', 'crop_y', 'crop_w')] request.user.save(force_update=True) messages.success(request, _("Your avatar has been cropped."), 'usercp_avatar') return redirect(reverse('usercp_avatar')) except Exception: message = Message(_("Form contains errors."), messages.ERROR) else: message = Message(_("Request authorisation is invalid."), messages.ERROR) return render_to_response('usercp/avatar_crop.html', context_instance=RequestContext(request, { 'message': message, 'after_upload': upload, 'avatar_size': settings.AVATAR_SIZES[0], 'avatar_crop': request.user.avatar_crop if not upload else None, 'source': 'avatars/%s' % (request.user.avatar_temp if upload else request.user.avatar_original), 'tab': 'avatar'}));
def make_jump(self): if not self.request.acl.threads.can_mod_posts(self.forum): raise ACLError404() try: return self.redirect_to_post(self.thread.post_set.get(reported=True)) except Post.DoesNotExist: return error404(self.request)
def destroy_user(request, user, username): try: user = User.objects.get(pk=user) except User.DoesNotExist: return error404(request) if user.pk == request.user.pk: return error403(request, _("You can't destroy your own account.")) try: request.acl.destroy_users.allow_destroy_user(user) except ACLError403 as e: return error403(request, unicode(e)) forums_to_sync = [] for thread in user.thread_set.iterator(): if not thread.forum_id in forums_to_sync: forums_to_sync.append(thread.forum_id) thread.delete() if forums_to_sync: for forum in Forum.objects.filter(id__in=forums_to_sync).iterator(): forum.sync() forum.save() user.post_set.update(deleted=True) user.delete() messages.success(request, _('User Account "%(username)s" has been destroyed.') % {'username': user.username}) return redirect('users')
def activate(request, token): new_credentials = request.session.get("new_credentials") if not new_credentials or new_credentials["token"] != token: return error404(request) if new_credentials["new_email"]: request.user.set_email(new_credentials["new_email"]) if new_credentials["new_password"]: request.user.set_password(new_credentials["new_password"]) try: request.user.full_clean() request.user.save(force_update=True) request.user.sessions.exclude(id=request.session.id).delete() request.user.signin_tokens.all().delete() messages.success( request, _("%(username)s, your Sign-In credentials have been changed.") % {"username": request.user.username}, "security", ) request.session.sign_out(request) del request.session["new_credentials"] return redirect(reverse("sign_in")) except ValidationError: messages.error( request, _("Your new credentials have been invalidated. Please try again."), "usercp_credentials" ) return redirect(reverse("usercp_credentials"))
def activate(request, token): new_credentials = request.session.get('new_credentials') if not new_credentials or new_credentials['token'] != token: return error404(request) if new_credentials['new_email']: request.user.set_email(new_credentials['new_email']) if new_credentials['new_password']: request.user.set_password(new_credentials['new_password']) try: request.user.full_clean() request.user.save(force_update=True) request.user.sessions.exclude(id=request.session.id).delete() request.user.signin_tokens.all().delete() request.messages.set_flash( Message( _("%(username)s, your Sign-In credentials have been changed.") % {'username': request.user.username}), 'success', 'security') request.session.sign_out(request) del request.session['new_credentials'] return redirect(reverse('sign_in')) except ValidationError: request.messages.set_flash( Message( _("Your new credentials have been invalidated. Please try again." )), 'error', 'usercp_credentials') return redirect(reverse('usercp_credentials'))
def unignore(request, user): if request.user.pk == user.pk: return error404(request) if request.user.is_ignoring(user): messages.info(request, _("You have stopped ignoring %(username)s") % {'username': user.username}) request.user.ignores.remove(user) return fallback(request)
def ignore(request, user): if request.user.pk == user.pk: return error404(request) if not request.user.is_ignoring(user): messages.success(request, _("You are now ignoring %(username)s") % {'username': user.username}) request.user.ignores.add(user) return fallback(request)
def settings(request, group_id=None, group_slug=None): # Load groups and find selected group settings_groups = SettingsGroup.objects.all().order_by('key') if not group_id: active_group = settings_groups[0] group_id = active_group.pk else: group_id = int(group_id) for group in settings_groups: if group.pk == group_id: active_group = group break else: return error404(request, _('Requested settings group could not be found.')) # Load selected group settings and turn them into form group_settings = Setting.objects.filter(group=active_group).order_by('position') last_fieldset = (None, []) group_form = {'layout': []} for setting in group_settings: # New field subgroup? if setting.separator and last_fieldset[0] != setting.separator: if last_fieldset[0]: group_form['layout'].append(last_fieldset) last_fieldset = (_(setting.separator), []) last_fieldset[1].append(setting.pk) group_form[setting.pk] = setting.get_field() group_form['layout'].append(last_fieldset) SettingsGroupForm = type('SettingsGroupForm', (Form,), group_form) #Submit form message = request.messages.get_message('admin_settings') if request.method == 'POST': form = SettingsGroupForm(request.POST, request=request) if form.is_valid(): for setting in form.cleaned_data.keys(): request.settings[setting] = form.cleaned_data[setting] cache.delete('settings') request.messages.set_flash(Message(_('Configuration has been changed.')), 'success', 'admin_settings') return redirect(reverse('admin_settings', kwargs={ 'group_id': active_group.pk, 'group_slug': active_group.key, })) else: message = Message(form.non_field_errors()[0], 'error') else: form = SettingsGroupForm(request=request) # Display settings group form return request.theme.render_to_response('settings/settings.html', { 'message': message, 'groups': settings_groups, 'active_group': active_group, 'search_form': FormFields(SearchForm(request=request)), 'form': FormLayout(form), 'raw_form': form, }, context_instance=RequestContext(request));
def settings(request, group_id=None, group_slug=None): # Load groups and find selected group settings_groups = SettingsGroup.objects.all().order_by('key') if not group_id: active_group = settings_groups[0] group_id = active_group.pk else: group_id = int(group_id) for group in settings_groups: if group.pk == group_id: active_group = group break else: return error404(request, _('Requested settings group could not be found.')) # Load selected group settings and turn them into form group_settings = Setting.objects.filter(group=active_group).order_by('position') last_fieldset = (None, []) group_form = {'fieldsets': []} for setting in group_settings: # New field subgroup? if setting.separator and last_fieldset[0] != setting.separator: if last_fieldset[0]: group_form['fieldsets'].append(last_fieldset) last_fieldset = (_(setting.separator), []) last_fieldset[1].append(setting.pk) group_form[setting.pk] = setting.get_field() group_form['fieldsets'].append(last_fieldset) SettingsGroupForm = type('SettingsGroupForm', (Form,), group_form) #Submit form message = messages.get_message(request, 'admin_settings') if request.method == 'POST': form = SettingsGroupForm(request.POST, request=request) if form.is_valid(): for setting in form.cleaned_data.keys(): misago_settings[setting] = form.cleaned_data[setting] cache.delete('settings') messages.success(request, _('Configuration has been changed.'), 'admin_settings') return redirect(reverse('admin_settings', kwargs={ 'group_id': active_group.pk, 'group_slug': active_group.key, })) else: message = Message(form.non_field_errors()[0], messages.ERROR) else: form = SettingsGroupForm(request=request) # Display settings group form return render_to_response('settings/settings.html', { 'message': message, 'groups': settings_groups, 'active_group': active_group, 'search_form': SearchForm(request=request), 'form': FormIterator(form), 'raw_form': form, }, context_instance=RequestContext(request));
def inner_decorator(request, user, *args, **kwargs): request = request user_pk = int(user) try: user = User.objects.get(pk=user_pk) return f(request, user, *args, **kwargs) except User.DoesNotExist: return error404(request)
def __call__(self, request, **kwargs): self.request = request self.kwargs = kwargs self.parents = [] try: self._type_available() self._set_context() self._check_permissions() self.delete() self.message() return self.response() except (Forum.DoesNotExist, Thread.DoesNotExist, Post.DoesNotExist, Checkpoint.DoesNotExist): return error404(request) except ACLError403 as e: return error403(request, unicode(e)) except ACLError404 as e: return error404(request, unicode(e))
def make_jump(self): if not self.request.acl.threads.can_approve(self.forum): raise ACLError404() try: return self.redirect_to_post( self.thread.post_set.filter(moderated=True)[:1][0]) except IndexError: return error404(self.request)
def make_jump(self): if not self.request.acl.threads.can_mod_posts(self.forum): raise ACLError404() try: return self.redirect_to_post( self.thread.post_set.get(reported=True)) except Post.DoesNotExist: return error404(self.request)
def category(request, forum, slug): if not request.acl.forums.can_see(forum): return error404(request) try: forum = Forum.objects.get(pk=forum, type='category') if not request.acl.forums.can_browse(forum): return error403(request, _("You don't have permission to browse this category.")) except Forum.DoesNotExist: return error404(request) forum.subforums = Forum.objects.treelist(request.acl.forums, forum, tracker=ForumsTracker(request.user)) return render_to_response('category.html', { 'category': forum, 'parents': Forum.objects.forum_parents(forum.pk), }, context_instance=RequestContext(request));
def graph(request, model, date_start, date_end, precision): """ Generate fancy graph for model and stuff """ if date_start == date_end: # Bad dates raise error404(RequestContext) # Turn stuff into datetime's date_start = datetime.strptime(date_start, "%Y-%m-%d") date_end = datetime.strptime(date_end, "%Y-%m-%d") statistics_providers = [] models_map = {} for model_obj in models.get_models(): try: getattr(model_obj.objects, "filter_stats") statistics_providers.append((str(model_obj.__name__).lower(), model_obj.statistics_name)) models_map[str(model_obj.__name__).lower()] = model_obj except AttributeError: pass if not statistics_providers: # Like before, q.q on lack of models return render_to_response("stats/not_available.html", context_instance=RequestContext(request)) if not model in models_map or check_dates(date_start, date_end, precision): # Bad model name or graph data! raise error404(request) form = GenerateStatisticsForm( provider_choices=statistics_providers, request=request, initial={"provider_model": model, "date_start": date_start, "date_end": date_end, "stats_precision": precision}, ) return render_to_response( "stats/graph.html", { "title": models_map[model].statistics_name, "graph": build_graph(models_map[model], date_start, date_end, precision), "form": form, "message": request.messages.get_message("admin_stats"), }, context_instance=RequestContext(request), )
def clear_recent(request): if not request.is_ajax() or not request.method == 'POST': return error404(request) del request.session['recent_alerts'] response_html = render_to_string('alerts/cleared.html', context_instance=RequestContext(request)) return json_response(request, json={'html': response_html})
def redirect(request, forum, slug): if not request.acl.forums.can_see(forum): return error404(request) try: forum = Forum.objects.get(pk=forum, type='redirect') if not request.acl.forums.can_browse(forum): return error403( request, _("You don't have permission to follow this redirect.")) redirects_tracker = request.session.get('redirects', []) if forum.pk not in redirects_tracker: redirects_tracker.append(forum.pk) request.session['redirects'] = redirects_tracker forum.redirects += 1 forum.save(force_update=True) return django_redirect(forum.redirect) except Forum.DoesNotExist: return error404(request)
def graph(request, model, date_start, date_end, precision): """ Generate fancy graph for model and stuff """ if date_start == date_end: # Bad dates raise error404(RequestContext) # Turn stuff into datetime's date_start = datetime.strptime(date_start, '%Y-%m-%d') date_end = datetime.strptime(date_end, '%Y-%m-%d') statistics_providers = [] models_map = {} for model_obj in models.get_models(): try: getattr(model_obj.objects, 'filter_stats') statistics_providers.append((str(model_obj.__name__).lower(), model_obj.statistics_name)) models_map[str(model_obj.__name__).lower()] = model_obj except AttributeError: pass if not statistics_providers: # Like before, q.q on lack of models return render_to_response('stats/not_available.html', context_instance=RequestContext(request)); if not model in models_map or check_dates(date_start, date_end, precision): # Bad model name or graph data! raise error404(request) form = GenerateStatisticsForm( provider_choices=statistics_providers, request=request, initial={'provider_model': model, 'date_start': date_start, 'date_end': date_end, 'stats_precision': precision}) return render_to_response('stats/graph.html', { 'title': models_map[model].statistics_name, 'graph': build_graph(models_map[model], date_start, date_end, precision), 'form': form, 'message': request.messages.get_message('admin_stats'), }, context_instance=RequestContext(request));
def __call__(self, request, slug=None, thread=None, post=None): self.request = request self.parents = [] try: self._type_available() self.fetch_thread(thread) if self.forum.level: self.parents = Forum.objects.forum_parents(self.forum.pk, True) self.check_forum_type() self._check_permissions() if post: self.fetch_post(post) return self.make_jump() except (Thread.DoesNotExist, Post.DoesNotExist): return error404(self.request) except ACLError403 as e: return error403(request, e) except ACLError404 as e: return error404(request, e)
def decorator(*args, **kwargs): request, user = args request.acl.warnings.allow_member_warns_view(request.user, user) warning_pk = kwargs['warning'] try: warning = user.warning_set.get(pk=warning_pk) f(request, user, warning) return redirect('user_warnings', username=user.username_slug, user=user.pk) except Warn.DoesNotExist: return error404(request, _("Requested warning could not be found."))
def inner_decorator(request, user, username, *args, **kwargs): request = request user_pk = int(user) user_slug = username try: user = User.objects if settings.PROFILE_EXTENSIONS_PRELOAD: user = user.select_related(*settings.PROFILE_EXTENSIONS_PRELOAD) user = user.get(pk=user_pk) if user.username_slug != user_slug: # Force crawlers to take notice of updated username return redirect(reverse(fallback, args=(user.username_slug, user.pk)), permanent=True) return f(request, user, *args, **kwargs) except User.DoesNotExist: return error404(request) except ACLError404: return error404(request) except ACLError403 as e: return error403(request, e.message)
def __call__(self, request, **kwargs): self.request = request self.kwargs = kwargs self.forum = None self.thread = None self.post = None self.parents = [] try: self._type_available() self.fetch_target() self.check_acl() self._check_permissions() except (Forum.DoesNotExist, Thread.DoesNotExist, Post.DoesNotExist): return error404(self.request) except ACLError403 as e: return error403(request, e) except ACLError404 as e: return error404(request, e) return self.response()
def username(request): if not request.acl.usercp.show_username_change(): return error404(request) changes_left = request.acl.usercp.changes_left(request.user) next_change = None if request.acl.usercp.changes_expire() and not changes_left: next_change = request.user.namechanges.filter( date__gte=timezone.now() - timedelta(days=request.acl.usercp.acl['changes_expire']), ).order_by('-date')[0] next_change = next_change.date + timedelta(days=request.acl.usercp.acl['changes_expire']) message = request.messages.get_message('usercp_username') if request.method == 'POST': if not changes_left: message = Message(_("You have exceeded the maximum number of name changes."), 'error') form = UsernameChangeForm(request=request) else: org_username = request.user.username form = UsernameChangeForm(request.POST, request=request) if form.is_valid(): request.user.set_username(form.cleaned_data['username']) request.user.save(force_update=True) request.user.sync_username() request.user.namechanges.create(date=timezone.now(), old_username=org_username) request.messages.set_flash(Message(_("Your username has been changed.")), 'success', 'usercp_username') # Alert followers of namechange alert_time = timezone.now() bulk_alerts = [] alerted_users = [] for follower in request.user.follows_set.iterator(): alerted_users.append(follower.pk) alert = Alert(user=follower, message=ugettext_lazy("User that you are following, %(username)s, has changed his name to %(newname)s").message, date=alert_time) alert.strong('username', org_username) alert.profile('newname', request.user) alert.hydrate() bulk_alerts.append(alert) if bulk_alerts: Alert.objects.bulk_create(bulk_alerts) User.objects.filter(id__in=alerted_users).update(alerts=F('alerts') + 1) # Hop back return redirect(reverse('usercp_username')) message = Message(form.non_field_errors()[0], 'error') else: form = UsernameChangeForm(request=request) return request.theme.render_to_response('usercp/username.html', context_instance=RequestContext(request, { 'message': message, 'changes_left': changes_left, 'form': FormLayout(form), 'next_change': next_change, 'changes_history': request.user.namechanges.order_by('-date')[:10], 'tab': 'username', }));
def __call__(self, request, **kwargs): self.request = request self.kwargs = kwargs self.pagination = {} self.parents = [] self.threads = [] self.message = request.messages.get_message('threads') try: self._type_available() self._fetch_forum() self._check_permissions() response = self.fetch_threads() if response: return response self.form = None self.make_form() if self.form: response = self.handle_form() if response: return response except (Forum.DoesNotExist, Thread.DoesNotExist): return error404(request) except ACLError403 as e: return error403(request, unicode(e)) except ACLError404 as e: return error404(request, unicode(e)) # Merge proxy into forum self.forum.closed = self.proxy.closed return request.theme.render_to_response('%ss/%s.html' % (self.type_prefix, self.template), self.template_vars({ 'type_prefix': self.type_prefix, 'message': self.message, 'forum': self.forum, 'parents': self.parents, 'count': self.count, 'list_form': FormFields(self.form).fields if self.form else None, 'threads': self.threads, 'pagination': self.pagination, }), context_instance=RequestContext(request));
def unfollow(request, user): if request.user.pk == user.pk: return error404(request) if request.user.is_following(user): messages.info(request, _("You have stopped following %(username)s") % {'username': user.username}) request.user.follows.remove(user) request.user.following -= 1 request.user.save(force_update=True) user.followers -= 1 user.save(force_update=True) return fallback(request)
def username(request): if not request.acl.usercp.show_username_change(): return error404(request) changes_left = request.acl.usercp.changes_left(request.user) next_change = None if request.acl.usercp.changes_expire() and not changes_left: next_change = request.user.namechanges.filter( date__gte=timezone.now() - timedelta(days=request.acl.usercp.acl['changes_expire']), ).order_by('-date')[0] next_change = next_change.date + timedelta(days=request.acl.usercp.acl['changes_expire']) message = request.messages.get_message('usercp_username') if request.method == 'POST': if not changes_left: message = Message(_("You have exceeded the maximum number of name changes."), messages.ERROR) form = UsernameChangeForm(request=request) else: org_username = request.user.username form = UsernameChangeForm(request.POST, request=request) if form.is_valid(): request.user.set_username(form.cleaned_data['username']) request.user.save(force_update=True) request.user.sync_username() request.user.namechanges.create(date=timezone.now(), old_username=org_username) messages.success(request, _("Your username has been changed."), 'usercp_username') # Alert followers of namechange alert_time = timezone.now() bulk_alerts = [] alerted_users = [] for follower in request.user.follows_set.iterator(): alerted_users.append(follower.pk) alert = Alert(user=follower, message=ugettext_lazy("User that you are following, %(username)s, has changed his name to %(newname)s").message, date=alert_time) alert.strong('username', org_username) alert.profile('newname', request.user) alert.hydrate() bulk_alerts.append(alert) if bulk_alerts: Alert.objects.bulk_create(bulk_alerts) User.objects.filter(id__in=alerted_users).update(alerts=F('alerts') + 1) # Hop back return redirect(reverse('usercp_username')) message = Message(form.non_field_errors()[0], messages.ERROR) else: form = UsernameChangeForm(request=request) return render_to_response('usercp/username.html', context_instance=RequestContext(request, { 'message': message, 'changes_left': changes_left, 'form': form, 'next_change': next_change, 'changes_history': request.user.namechanges.order_by('-date')[:10], 'tab': 'username'}));
def clear_recent(request): if not request.is_ajax() or not request.method == 'POST': return error404(request) try: del request.session['recent_alerts'] except KeyError: pass response_html = render_to_string('alerts/cleared.html', context_instance=RequestContext(request)) return json_response(request, json={'html': response_html})
def gravatar(request): if not 'gravatar' in request.settings.avatars_types: return error404(request) if request.user.avatar_type != 'gravatar': if request.csrf.request_secure(request): request.user.delete_avatar() request.user.avatar_type = 'gravatar' request.user.save(force_update=True) request.messages.set_flash(Message(_("Your avatar has been changed to Gravatar.")), 'success', 'usercp_avatar') else: request.messages.set_flash(Message(_("Request authorisation is invalid.")), 'error', 'usercp_avatar') return redirect(reverse('usercp_avatar'))
def category(request, forum, slug): if not request.acl.forums.can_see(forum): return error404(request) try: forum = Forum.objects.get(pk=forum, type='category') if not request.acl.forums.can_browse(forum): return error403( request, _("You don't have permission to browse this category.")) except Forum.DoesNotExist: return error404(request) forum.subforums = Forum.objects.treelist(request.acl.forums, forum, tracker=ForumsTracker( request.user)) return render_to_response('category.html', { 'category': forum, 'parents': Forum.objects.forum_parents(forum.pk), }, context_instance=RequestContext(request))
def gallery(request): if not 'gallery' in settings.avatars_types: return error404(request) allowed_avatars = [] galleries = [] for directory in path( settings.STATICFILES_DIRS[0]).joinpath('avatars').dirs(): if directory[-7:] != '_locked' and directory[-8:] != '_default': gallery = {'name': directory[-7:], 'avatars': []} avatars = directory.files('*.gif') avatars += directory.files('*.jpg') avatars += directory.files('*.jpeg') avatars += directory.files('*.png') for item in avatars: gallery['avatars'].append('/'.join(path(item).splitall()[-2:])) galleries.append(gallery) allowed_avatars += gallery['avatars'] if not allowed_avatars: messages.info(request, _("No avatar galleries are available at the moment."), 'usercp_avatar') return redirect(reverse('usercp_avatar')) message = request.messages.get_message('usercp_avatar') if request.method == 'POST': if request.csrf.request_secure(request): new_avatar = request.POST.get('avatar_image') if new_avatar in allowed_avatars: request.user.delete_avatar() request.user.avatar_type = 'gallery' request.user.avatar_image = new_avatar request.user.save(force_update=True) messages.success( request, _("Your avatar has been changed to one from gallery."), 'usercp_avatar') return redirect(reverse('usercp_avatar')) message = Message(_("Selected Avatar is incorrect."), messages.ERROR) else: message = Message(_("Request authorisation is invalid."), messages.ERROR) return render_to_response('usercp/avatar_gallery.html', context_instance=RequestContext( request, { 'message': message, 'galleries': galleries, 'tab': 'avatar' }))
def __call__(self, request, **kwargs): try: if request.user.is_crawler(): raise ACLError404() if not request.acl.search.can_search(): raise ACLError403( _("You don't have permission to search community.")) self.request = request return self.call(**kwargs) except ACLError403 as e: return error403(request, unicode(e)) except ACLError404 as e: return error404(request, unicode(e))
def inner_decorator(request, user, username, *args, **kwargs): request = request user_pk = int(user) user_slug = username try: user = User.objects if settings.PROFILE_EXTENSIONS_PRELOAD: user = user.select_related( *settings.PROFILE_EXTENSIONS_PRELOAD) user = user.get(pk=user_pk) if user.username_slug != user_slug: # Force crawlers to take notice of updated username return redirect(reverse(fallback, args=(user.username_slug, user.pk)), permanent=True) return f(request, user, *args, **kwargs) except User.DoesNotExist: return error404(request) except ACLError404: return error404(request) except ACLError403 as e: return error403(request, e.message)
def __call__(self, request, **kwargs): self.request = request self.kwargs = kwargs self.forum = None self.thread = None self.post = None self.parents = [] try: self._type_available() self.fetch_target() self._check_permissions() if not request.user.is_authenticated(): raise ACLError403( _("Guest, you have to sign-in in order to see posts changelogs." )) except (Forum.DoesNotExist, Thread.DoesNotExist, Post.DoesNotExist, Change.DoesNotExist): return error404(self.request) except ACLError403 as e: return error403(request, e) except ACLError404 as e: return error404(request, e) return self.dispatch(request)