def edit_user(request, id): """View that allows to edit user profile. This view is accessible to profile owners or site administrators """ user = get_object_or_404(models.User, id=id) if not(request.user == user or request.user.is_superuser): raise Http404 if request.method == "POST": form = EditUserForm(user, request.POST) if form.is_valid(): # new_email = bleach_html(form.cleaned_data['email']) # set_new_email(user, new_email) user.first_name = bleach_html(form.cleaned_data['first_name']) user.last_name = bleach_html(form.cleaned_data['last_name']) user.display_name = bleach_html(form.cleaned_data['display_name']) user.privacy_email_form = form.cleaned_data['privacy_email_form'] user.privacy_show_followed = form.cleaned_data['privacy_show_followed'] user.save() description = form.cleaned_data['user_description'] if user.description: request.user.edit_post(user.description, body_text=description) else: request.user.post_object_description(user, body_text=description) # send user updated signal if full fields have been updated request.user.message_set.create(message=_('Profile has been succesfully saved.')) return HttpResponseRedirect(user.get_profile_url()) else: form = EditUserForm(user) data = { 'active_tab': 'users', 'page_class': 'user-profile-edit-page', 'form': form, 'marked_tags_setting': openode_settings.MARKED_TAGS_ARE_PUBLIC_WHEN, 'support_custom_avatars': ('avatar' in django_settings.INSTALLED_APPS), 'view_user': user, } return render_into_skin('user_profile/user_edit.html', data, request)
def post_comments(request): # generic ajax handler to load comments to an object # only support get post comments by ajax now post_type = request.REQUEST.get('post_type', '') if not request.is_ajax() or post_type not in ('question', 'answer', 'discussion'): # TODO: Shouldn't be 404! More like 400, 403 or sth more specific raise Http404 user = request.user obj = get_object_or_404(models.Post, pk=request.REQUEST['post_id']) if obj.thread and not user.has_openode_perm("%s_answer_comment_create" % obj.thread.thread_type, obj.thread): return HttpResponseForbidden(mimetype="application/json") if request.method == "GET": response = __generate_comments_json(obj, user) elif request.method == "POST": text = request.POST.get('comment') clean_text = strip_tags(text).replace(" ", "").strip() if not clean_text: return HttpResponse( simplejson.dumps({"errors": _("Comment is empty.")}), mimetype="application/json" ) elif len(clean_text) < openode_settings.MIN_ANSWER_BODY_LENGTH: return HttpResponse( simplejson.dumps({ "errors": _("Comment must be at least %d character long." % openode_settings.MIN_ANSWER_BODY_LENGTH) }), mimetype="application/json" ) try: if user.is_anonymous(): msg = _('Sorry, you appear to be logged out and ' 'cannot post comments. Please ' '<a href="%(sign_in_url)s">sign in</a>.') % \ {'sign_in_url': url_utils.get_login_url()} raise exceptions.PermissionDenied(msg) response = __generate_comments_json( obj, user, new_comment=user.post_comment( parent_post=obj, body_text=bleach_html(text) ) ) except exceptions.PermissionDenied, e: response = HttpResponseForbidden(unicode(e), mimetype="application/json")
def revisions(request, id, post_type=None): assert post_type in ('question', 'answer') post = get_object_or_404(models.Post, post_type=post_type, id=id) revisions = list(models.PostRevision.objects.filter(post=post)) revisions.reverse() for i, revision in enumerate(revisions): if i == 0: revision.diff = bleach_html(revisions[i].html) revision.summary = _('initial version') else: revision.diff = htmldiff( bleach_html(revisions[i - 1].html), bleach_html(revision.html) ) data = { 'page_class': 'revisions-page', 'active_tab': 'questions', 'post': post, 'revisions': revisions, } return render_into_skin('revisions.html', data, request)
def clean(self, value): """ clean raw html """ value = super(WysiwygFormField, self).clean(value).strip() # replace html entities to unicode chars # × > ×, & > & ... value = HTMLParser.HTMLParser().unescape(value) # force replacing for old, new in self.TO_REPLACE: value = value.replace(old, new) # update IMG tag: # replace # <img src="link.jpg" /> to # <img src="link.jpg"> for img in re.findall("\<img\ .+\ />+", value): clean_img = re.sub("\ ?/>", ">", img) value = value.replace(img, clean_img) # clean html cleaned = bleach_html(value) # remove whitespaces value = strip_spaces_between_tags(value) cleaned = strip_spaces_between_tags(cleaned) # diff cleaned value with 'raw' value space_re = re.compile(" ") if not (re.sub(space_re, "", cleaned) == re.sub(space_re, "", value)): diff = self.find_diff(value, cleaned) raise ValidationError(mark_safe("Not supported html: %s" % diff)) # check and valid length raw_text_len = len(strip_tags(value).strip()) if self.min_length and (raw_text_len < self.min_length): raise ValidationError( mark_safe( _(u'Text must be at least %d characters long.' % self.min_length))) if self.max_length and (raw_text_len > self.max_length): raise ValidationError( mark_safe( _(u'Text must be shorter than %d characters.' % self.min_length))) return cleaned