def q_test(request):
context = add_parameters_to_context(request)
project = QProject.objects.get(pk=1)
# work out user roles...
project_authenticated = project.authenticated
current_user = request.user
is_admin = is_admin_of(current_user, project)
is_user = is_user_of(current_user, project)
is_member = is_member_of(current_user, project)
is_pending = is_pending_of(current_user, project)
can_view = True
can_edit = not project_authenticated or (is_user or is_admin)
can_customize = not project_authenticated or is_admin
can_join = current_user.is_authenticated() and not (is_member or is_user or is_admin)
can_delete = is_admin
can_manage = is_admin
can_publish = is_user or is_admin
# gather all the extra information required by the template
template_context = {
"project": project,
"can_customize": can_customize,
"can_edit": can_edit,
"can_view": can_view,
"can_join": can_join,
"can_delete": can_delete,
"can_manage": can_manage,
"can_publish": can_publish,
}
return render_to_response('questionnaire/q_test.html', template_context, context_instance=context)
def has_object_permission(self, request, view, obj):
# anybody can submit GET, HEAD, or OPTIONS requests
if request.method in permissions.SAFE_METHODS:
return True
# only the superuser or the project admin can submit PUT, POST, or DELETE requests
current_user = request.user
if current_user.is_superuser or is_admin_of(current_user, obj):
return True
else:
return False
def has_object_permission(self, request, view, obj):
# anybody can submit GET, HEAD, or OPTIONS requests
if request.method in permissions.SAFE_METHODS:
return True
project = obj.project
if not project.authenticated:
return True
# every other request requires project admin permissions
current_user = request.user
return current_user.is_authenticated() and is_admin_of(current_user, project)
def q_project(request, project_name=None):
context = add_parameters_to_context(request)
try:
project = QProject.objects.get(name=project_name)
except QProject.DoesNotExist:
if not project_name:
msg = u"Please specify a project name."
else:
msg = u"Unable to locate project '%s'" % (project_name)
return q_error(request, error_msg=msg)
if not project.is_active:
msg = u"This project has been disabled."
return q_error(request, error_msg=msg)
# work out user roles...
project_authenticated = project.authenticated
current_user = request.user
can_view = True # is_member_of(current_user, project) or not project_authenticated
can_edit = not project_authenticated or (is_user_of(current_user, project) or is_admin_of(current_user, project))
can_customize = not project_authenticated or is_admin_of(current_user, project)
can_join = current_user.is_authenticated() and not (is_member_of(current_user, project) and is_user_of(current_user, project) and is_admin_of(current_user, project))
can_delete = is_admin_of(current_user, project)
# TODO:
# has_published = project.models.published_documents().count() > 0
has_published = project.models_bak.filter(is_document=True, is_root=True, is_published=True).count() > 0
# gather all the extra information required by the template
_dict = {
"project": project,
"can_customize": can_customize,
"can_edit": can_edit,
"can_view": can_view,
"can_join": can_join,
"can_delete": can_delete,
"has_published": has_published,
}
return render_to_response('questionnaire/q_project.html', _dict, context_instance=context)
def q_project_add_member(request, project_name=None):
"""
approve a project join request
:param request:
:param project_name:
:return:
"""
valid_request, msg = validate_request(request)
if not valid_request:
return HttpResponseForbidden(msg)
try:
project = QProject.objects.get(name=project_name)
except QProject.DoesNotExist:
msg = u"Unable to locate project '%s'" % project_name
return HttpResponseBadRequest(msg)
if not project.is_active:
msg = u"This project has been disabled."
return HttpResponseBadRequest(msg)
user_id = request.POST.get("user_id")
try:
user = User.objects.get(pk=user_id)
except User.DoesNotExist:
msg = u"Unable to locate user"
return HttpResponseBadRequest(msg)
if not is_admin_of(request.user, project):
msg = u"This user has not requested to join this project"
return HttpResponseBadRequest(msg)
if not is_pending_of(user, project):
msg = u"This user has not requested to join this project"
return HttpResponseBadRequest(msg)
if project_join(project, user, site=request.current_site):
serialized_user = QProjectUserSerializer(user).data
return JsonResponse(serialized_user)
else:
msg = "Error adding user to project."
messages.add_message(request, messages.ERROR, msg)
return JsonResponse({"msg": msg})
def q_customization_delete(request):
# check the request was valid...
valid_request, msg = validate_request(request)
if not valid_request:
return HttpResponseForbidden(msg)
# check the requested customization exists...
customization_id = request.POST.get("customization_id")
try:
customization = QModelCustomization.objects.get(id=customization_id)
project = customization.project
except QModelCustomization.DoesNotExist:
msg = u"Unable to locate customization w/ id '%s'" % customization_id
return HttpResponseBadRequest(msg)
# check the user has permission to delete the customization...
current_user = request.user
if project.authenticated:
if not current_user.is_authenticated() or not is_admin_of(current_user, project):
msg = "{0} does not have permission to delete {1}".format(current_user, customization)
return HttpResponseForbidden(msg)
# check the customization can be deleted...
if customization.is_default:
msg = u"You cannot delete the default customization."
return HttpResponseBadRequest(msg)
# delete it!
customization.delete()
# make sure the customization no loner exists...
try:
customization.refresh_from_db()
msg = "Error deleting customization"
messages.add_message(request, messages.ERROR, msg)
except QModelCustomization.DoesNotExist:
msg = "You have successfully deleted this customization."
messages.add_message(request, messages.INFO, msg)
return JsonResponse({"msg": msg})
def q_customize_new(request, project_name=None, ontology_key=None, document_type=None):
# save any request parameters...
# (in case of redirection)
context = add_parameters_to_context(request)
# check the arguments...
validity, project, ontology, proxy, msg = validate_view_arguments(
project_name=project_name,
ontology_key=ontology_key,
document_type=document_type
)
if not validity:
return q_error(request, msg)
# check authentication...
# (not using "@login_required" b/c some projects ignore authentication)
if project.authenticated:
current_user = request.user
if not current_user.is_authenticated():
next_page = "/login/?next=%s" % request.path
return HttpResponseRedirect(next_page)
if not is_admin_of(current_user, project):
next_page = "/%s/" % project_name
msg = "You have tried to view a restricted resource for this project. Please consider joining."
messages.add_message(request, messages.WARNING, msg)
return HttpResponseRedirect(next_page)
# get the set of vocabularies that apply to this project/ontology/proxy...
vocabularies = project.vocabularies.filter(document_type__iexact=document_type)
# get (or set) customization objects from the cache...
session_key = get_key_from_request(request)
cached_customization_set_key = "{0}_customization_set".format(session_key)
customization_set = get_or_create_cached_object(request.session, cached_customization_set_key,
get_new_customization_set,
**{
"project": project,
"ontology": ontology,
"proxy": proxy,
"vocabularies": vocabularies,
}
)
model_customization = customization_set["model_customization"]
# I am only generating the model_customization_form at this top-level
# all other forms (and formsets) are genearted as needed via the "load_section" view
# called by the "section" directive according to the load-on-demand paradigm
model_customization_form = QModelCustomizationForm(
instance=model_customization,
form_name="model_customization_form",
# prefix=?!?,
scope_prefix="model_customization",
)
# else: # request.method == "POST"
#
# # IN THEORY, I NEVER ENTER THIS BRANCH B/C ALL FORM SUBMISSION IS DONE VIA REST / ANGULAR
# # BUT I'M KEEPING THIS CODE HERE IN-CASE I NEED TO REFER TO IT LATER
#
# data = request.POST.copy() # sometimes I need to alter the data for unloaded forms;
# # this cannot be done on the original (immutable) QueryDict
#
# model_customization_form = QModelCustomizationForm(
# data,
# instance=customization_set["model_customization"],
# # prefix=?!?,
# scope_prefix="model_customization",
# form_name="model_customization_form",
# )
#
# if model_customization_form.is_valid():
# customization = model_customization_form.save()
# messages.add_message(request, messages.SUCCESS, "Successfully saved customization '%s'." % customization.name)
# customize_existing_url = reverse("customize_existing", kwargs={
# "project_name": project_name,
# "ontology_key": ontology_key,
# "document_type": document_type,
# "customizer_name": customization.name,
# })
# return HttpResponseRedirect(customize_existing_url)
#
# else:
#
# messages.add_message(request, messages.ERROR, "Failed to save customization.")
# work out the various paths,
# so that angular can reload things as needed
view_url = request.path
view_url_sections = [section for section in view_url.split('/') if section]
view_url_dirname = '/'.join(view_url_sections[:])
api_url = reverse("customization-list", kwargs={})
api_url_sections = [section for section in api_url.split('/') if section]
api_url_dirname = '/'.join(api_url_sections[:])
# gather all the extra information required by the template
_dict = {
"session_key": session_key,
"view_url_dirname": "/{0}/".format(view_url_dirname),
"api_url_dirname": "/{0}/".format(api_url_dirname),
"ontology": ontology,
"proxy": proxy,
"project": project,
"vocabularies": vocabularies,
"customization": model_customization,
"model_customization_form": model_customization_form,
}
return render_to_response('questionnaire/q_customize.html', _dict, context_instance=context)
def q_customize_existing(request, project_name=None, ontology_key=None, document_type=None, customization_name=None):
# save any request parameters...
# (in case of redirection)
context = add_parameters_to_context(request)
# check the arguments...
validity, project, ontology, proxy, msg = validate_view_arguments(
project_name=project_name,
ontology_key=ontology_key,
document_type=document_type
)
if not validity:
return q_error(request, msg)
# check authentication...
# (not using "@login_required" b/c some projects ignore authentication)
if project.authenticated:
current_user = request.user
if not current_user.is_authenticated():
next_page = "/login/?next=%s" % request.path
return HttpResponseRedirect(next_page)
if not is_admin_of(current_user, project):
next_page = "/%s/" % project_name
msg = "You have tried to view a restricted resource for this project. Please consider joining."
messages.add_message(request, messages.WARNING, msg)
return HttpResponseRedirect(next_page)
# get (or set) customization objects from the cache...
# note that unlike in "q_customize_new" above, this bit is enclosed in a try/catch block
# this is to deal w/ the possibility of an invalid customization_name
try:
session_key = get_key_from_request(request)
cached_customization_set_key = "{0}_customization_set".format(session_key)
customization_set = get_or_create_cached_object(request.session, cached_customization_set_key,
get_existing_customization_set,
**{
"project": project,
"ontology": ontology,
"proxy": proxy,
"customization_name": customization_name,
}
)
except ObjectDoesNotExist:
msg = "Cannot find the customization '{0}' for that project/ontology/model combination.".format(customization_name)
return q_error(request, msg)
model_customization = customization_set["model_customization"]
# I am only generating the model_customization_form at this top-level
# all other forms (and formsets) are generated as needed via the "load_section" view
# called by the "section" directive according to the load-on-demand paradigm
model_customization_form = QModelCustomizationForm(
instance=model_customization,
form_name="model_customization_form",
# prefix=?!?,
scope_prefix="model_customization",
)
# work out the various paths,
# so that angular can reload things as needed
view_url = request.path
view_url_sections = [section for section in view_url.split('/') if section]
view_url_dirname = '/'.join(view_url_sections[:-1])
api_url = reverse("customization-detail", kwargs={"pk": model_customization.pk})
api_url_sections = [section for section in api_url.split('/') if section]
api_url_dirname = '/'.join(api_url_sections[:-1])
# gather all the extra information required by the template
_dict = {
"session_key": session_key,
"view_url_dirname": "/{0}/".format(view_url_dirname),
"api_url_dirname": "/{0}/".format(api_url_dirname),
"ontology": ontology,
"proxy": proxy,
"project": project,
"vocabularies": [v.vocabulary for v in customization_set["vocabulary_customizations"]],
"customization": model_customization,
"model_customization_form": model_customization_form,
}
return render_to_response('questionnaire/q_customize.html', _dict, context_instance=context)
def q_customize_new(request, project_name=None, ontology_key=None, document_type=None):
# save any request parameters...
# (in case of redirection)
context = add_parameters_to_context(request)
# check the arguments...
validity, project, ontology, model_proxy, msg = validate_view_arguments(
project_name=project_name,
ontology_key=ontology_key,
document_type=document_type
)
if not validity:
return q_error(request, msg)
# check authentication...
# (not using "@login_required" b/c some projects ignore authentication)
current_user = request.user
if project.authenticated:
if not current_user.is_authenticated():
next_page = "/login/?next=%s" % request.path
return HttpResponseRedirect(next_page)
if not is_admin_of(current_user, project):
next_page = "/%s/" % project_name
msg = "You have tried to view a restricted resource for this project. Please consider joining."
messages.add_message(request, messages.WARNING, msg)
return HttpResponseRedirect(next_page)
# get (or set) customization objects from the cache...
session_key = get_key_from_request(request)
cached_customizations_key = "{0}_customizations".format(session_key)
model_customization = get_or_create_cached_object(request.session, cached_customizations_key,
get_new_customizations,
**{
"project": project,
"ontology": ontology,
"model_proxy": model_proxy,
"key": model_proxy.name,
}
)
model_customization_key = model_customization.get_key()
if current_user.is_authenticated():
set_owner(model_customization, evaluate_lazy_object(current_user))
# I generate the model_customization_form at this top-level
# all other forms are generated as needed via the "load_section" view
# which is called by the "section" directive according to the load-on-demand paradigm
model_customization_form_class = MODEL_CUSTOMIZATION_FORM_MAP["form_class"]
model_customization_form = model_customization_form_class(
instance=model_customization,
form_name=MODEL_CUSTOMIZATION_FORM_MAP["form_name"].format(safe_key=model_customization_key.replace('-', '_')),
# prefix=?!?
scope_prefix=MODEL_CUSTOMIZATION_FORM_MAP["form_scope_prefix"],
)
# work out the various paths,
# so that ng can reload things as needed
view_url = request.path
view_url_sections = [section for section in view_url.split('/') if section]
view_url_dirname = '/'.join(view_url_sections[:])
api_url = reverse("customization-list", kwargs={})
api_url_sections = [section for section in api_url.split('/') if section]
api_url_dirname = '/'.join(api_url_sections[:])
# gather all the extra information required by the template
_dict = {
"session_key": session_key,
"view_url_dirname": "/{0}/".format(view_url_dirname),
"api_url_dirname": "/{0}/".format(api_url_dirname),
"project": project,
"ontology": ontology,
"proxy": model_proxy,
"customization": model_customization,
"form": model_customization_form,
}
return render_to_response('questionnaire/q_customize.html', _dict, context_instance=context)
def q_customize_new(request, project_name=None, ontology_key=None, document_type=None):
# save any request parameters...
# (in case of redirection)
context = add_parameters_to_context(request)
# check the arguments...
validity, project, ontology, model_proxy, msg = validate_view_arguments(
project_name=project_name,
ontology_key=ontology_key,
document_type=document_type
)
if not validity:
return q_error(request, msg)
# check authentication...
# (not using "@login_required" b/c some projects ignore authentication)
current_user = request.user
if project.authenticated:
if not current_user.is_authenticated():
next_page = add_parameters_to_url(reverse("account_login"), next=request.path)
return HttpResponseRedirect(next_page)
if not is_admin_of(current_user, project):
next_page = reverse("project", kwargs={"project_name": project_name})
msg = "You have tried to view a restricted resource for this project. Please consider joining."
messages.add_message(request, messages.WARNING, msg)
return HttpResponseRedirect(next_page)
# get (or set) customization objects from the cache...
session_key = get_key_from_request(request)
cached_customizations_key = "{0}_customizations".format(session_key)
model_customization = get_or_create_cached_object(request.session, cached_customizations_key,
get_new_customizations,
**{
"project": project,
"ontology": ontology,
"model_proxy": model_proxy,
# "key": model_proxy.name,
"key": model_proxy.key,
}
)
if current_user.is_authenticated():
set_owner(model_customization, evaluate_lazy_object(current_user))
# setup top-level form...
# (subforms are handled by the load-on-demand paradigm)
model_customization_form_class = MODEL_CUSTOMIZATION_FORM_MAP["form_class"]
model_customization_form = model_customization_form_class(
instance=model_customization,
form_name=MODEL_CUSTOMIZATION_FORM_MAP["form_name"].format(safe_key=model_customization.key.replace('-', '_')),
scope_prefix=MODEL_CUSTOMIZATION_FORM_MAP["form_scope_prefix"],
# prefix=?!?
)
# work out various paths, so that ng can reload things as needed...
view_url_dirname = request.path.rsplit('/', 1)[0]
api_url_dirname = reverse("customization-list").rsplit('/', 1)[0]
# gather all the extra information required by the template...
template_context = {
"project": project,
"ontology": ontology,
"proxy": model_proxy,
"view_url_dirname": view_url_dirname,
"api_url_dirname": api_url_dirname,
"session_key": session_key,
"customization": model_customization,
"form": model_customization_form,
}
return render_to_response('questionnaire/q_customize.html', template_context, context_instance=context)
