def view_documents(request, organization_slug):
organization = get_object_or_404(Organization, slug=organization_slug)
if not get_permission_backend(request).can_view_organization(request.user, organization):
raise Http404
UserOrganization.objects.filter(user=request.user).update(is_default=False)
UserOrganization.objects.filter(organization=organization, user=request.user).update(is_default=True)
shelves = get_permission_backend(request).get_viewable_shelves(request.user, organization)
uploadable_shelves = get_permission_backend(request).get_uploadable_shelves(request.user, organization)
recent_publications = Publication.objects.filter(shelves__in=shelves).order_by('-uploaded')[:10]
invoice = organization.get_latest_invoice()
is_organization_admin = UserOrganization.objects.filter(organization=organization, user=request.user, is_admin=True).exists()
is_in_range_decide_first_month = organization.created.date() <= datetime.date.today()-datetime.timedelta(days=21)
is_decide_on_first_month = is_organization_admin and is_in_range_decide_first_month and not OrganizationInvoice.objects.filter(organization=organization, payment_status='PAID')
is_ready_to_pay = is_organization_admin and datetime.date.today() > invoice.end_date
return render(request, 'document/documents.html', {
'organization': organization,
'shelves': shelves,
'uploadable_shelves': uploadable_shelves,
'recent_publications': recent_publications,
'is_decide_on_first_month': is_decide_on_first_month,
'invoice': invoice,
'is_organization_admin': is_organization_admin,
'is_ready_to_pay': is_ready_to_pay,
'invited_users': UserOrganizationInvitation.objects.filter(organization=organization).count(),
})
def view_documents_by_shelf(request, organization_slug, shelf_id):
organization = get_object_or_404(Organization, slug=organization_slug)
shelf = get_object_or_404(OrganizationShelf, pk=shelf_id)
if shelf.organization.id != organization.id or not get_permission_backend(request).can_view_shelf(request.user, organization, {'shelf':shelf}):
raise Http404
uploadable_shelves = get_permission_backend(request).get_uploadable_shelves(request.user, organization)
publications = Publication.objects.filter(organization=organization, shelves__in=[shelf]).order_by('-uploaded')
return render(request, 'document/documents_shelf.html', {'organization':organization, 'publications':publications, 'shelf':shelf, 'uploadable_shelves':uploadable_shelves})
def ajax_query_publication(request, publication_uid):
publication = get_object_or_404(Publication, uid=publication_uid)
permission_backend = get_permission_backend(request)
if not permission_backend.can_view_publication(
request.user, publication.organization, {"publication": publication}
):
raise Http404
return response_json_success(
{
"uid": str(publication.uid),
"title": publication.title,
"description": publication.description,
"tag_names": ",".join([tag.tag_name for tag in publication.tags.all()]),
"uploaded": format_abbr_datetime(publication.uploaded),
"uploaded_by": publication.uploaded_by.get_profile().get_fullname(),
"file_ext": publication.file_ext,
"file_size_text": humanize_file_size(publication.uploaded_file.file.size),
"shelves": ",".join([str(shelf.id) for shelf in publication.shelves.all()]),
"thumbnail_url": publication.get_large_thumbnail(),
"download_url": reverse("download_publication", args=[publication.uid]),
"readonly": "true"
if not permission_backend.can_edit_publication(
request.user, publication.organization, {"publication": publication}
)
else "false",
}
)
def edit_document_shelf(request, organization_slug, shelf_id):
organization = get_object_or_404(Organization, slug=organization_slug)
shelf = get_object_or_404(OrganizationShelf, pk=shelf_id)
if shelf.organization.id != organization.id or not get_permission_backend(request).can_manage_shelf(request.user, organization):
raise Http404
if request.method == 'POST':
form = OrganizationShelfForm(request.POST)
if form.is_valid():
shelf.name = form.cleaned_data['name']
shelf.auto_sync = form.cleaned_data['auto_sync']
shelf.archive = form.cleaned_data['archive']
shelf.icon = form.cleaned_data['shelf_icon']
shelf.save()
_persist_shelf_permissions(request, organization, shelf)
messages.success(request, _('Edit shelf successful'))
return redirect('view_documents_by_shelf', organization_slug=organization.slug, shelf_id=shelf.id)
else:
form = OrganizationShelfForm(initial={'name':shelf.name, 'auto_sync':shelf.auto_sync, 'archive':shelf.archive, 'shelf_icon':shelf.icon})
return render(request, 'document/shelf_modify.html', {'organization':organization, 'form':form, 'shelf':shelf, 'shelf_type':'edit'})
def create_document_shelf(request, organization_slug):
organization = get_object_or_404(Organization, slug=organization_slug)
if not get_permission_backend(request).can_manage_shelf(request.user, organization):
raise Http404
if request.method == 'POST':
print request.POST
form = OrganizationShelfForm(request.POST)
if form.is_valid():
name = form.cleaned_data['name']
auto_sync = form.cleaned_data['auto_sync']
shelf_icon = form.cleaned_data['shelf_icon']
archive = form.cleaned_data['archive']
shelf = OrganizationShelf.objects.create(organization=organization, name=name, auto_sync=auto_sync, archive=archive, icon=shelf_icon, created_by=request.user)
_persist_shelf_permissions(request, organization, shelf)
messages.success(request, _('Create shelf successful'))
return redirect('view_documents_by_shelf', organization_slug=organization.slug, shelf_id=shelf.id)
else:
form = OrganizationShelfForm(initial={'shelf_icon':settings.DEFAULT_SHELF_ICON})
return render(request, 'document/shelf_modify.html', {'organization':organization, 'form':form, 'shelf':None, 'shelf_type':'create'})
def download_publication(request, publication_uid):
publication = get_object_or_404(Publication, uid=publication_uid)
if not get_permission_backend(request).can_view_publication(request.user, publication.organization, {'publication':publication}):
raise Http404
return private_files_get_file(request, 'domain', 'Publication', 'uploaded_file', str(publication.id), '%s.%s' % (publication.original_file_name, publication.file_ext))
def add_organization_group(request, organization_slug):
organization = get_object_or_404(Organization, slug=organization_slug)
if not get_permission_backend(request).can_manage_group(request.user, organization):
raise Http404
if request.method == 'POST':
form = OrganizationGroupForm(request.POST)
if form.is_valid():
name = form.cleaned_data['name']
description = form.cleaned_data['description']
group = OrganizationGroup.objects.create(organization=organization, name=name, description=description)
for admin_permission in form.cleaned_data['admin_permissions']:
group.admin_permissions.add(admin_permission)
group.save()
messages.success(request, _('Add group successful'))
return redirect('view_organization_groups', organization_slug=organization.slug)
else:
form = OrganizationGroupForm()
return render(request, 'organization/organization_group_modify.html', {'organization':organization, 'form':form})
def edit_organization_group(request, organization_group_id):
group = get_object_or_404(OrganizationGroup, pk=organization_group_id)
organization = group.organization
if not get_permission_backend(request).can_manage_group(request.user, organization):
raise Http404
if request.method == 'POST':
form = OrganizationGroupForm(request.POST)
if form.is_valid():
group.name = form.cleaned_data['name']
group.description = form.cleaned_data['description']
group.admin_permissions.clear()
for admin_permission in form.cleaned_data['admin_permissions']:
group.admin_permissions.add(admin_permission)
group.save()
messages.success(request, _('Edit group successful'))
return redirect('view_organization_groups', organization_slug=organization.slug)
else:
form = OrganizationGroupForm(initial={
'name':group.name,
'description':group.description,
'admin_permissions':group.admin_permissions.all(),
})
return render(request, 'organization/organization_group_modify.html', {'organization':organization, 'group':group, 'form':form})
def delete_document_shelf(request, organization_slug, shelf_id):
organization = get_object_or_404(Organization, slug=organization_slug)
shelf = get_object_or_404(OrganizationShelf, pk=shelf_id)
if shelf.organization.id != organization.id or not get_permission_backend(request).can_manage_shelf(request.user, organization):
raise Http404
if request.method == 'POST':
print request.POST
if 'submit-delete' in request.POST:
to_delete_documents = request.POST.get('delete_documents') == 'on'
if to_delete_documents:
for publication in Publication.objects.filter(shelves__in=[shelf]):
domain_functions.delete_publication(publication)
messages.success(request, _('Delete shelf and all files in group successful'))
else:
messages.success(request, _('Delete shelf successful'))
PublicationShelf.objects.filter(shelf=shelf).delete()
OrganizationShelfPermission.objects.filter(shelf=shelf).delete()
GroupShelfPermission.objects.filter(shelf=shelf).delete()
UserShelfPermission.objects.filter(shelf=shelf).delete()
shelf.delete()
return redirect('view_documents', organization_slug=organization.slug)
else:
return redirect('view_documents_by_shelf', organization_slug=organization.slug, shelf_id=shelf.id)
shelf_documents_count = Publication.objects.filter(shelves__in=[shelf]).count()
return render(request, 'document/shelf_delete.html', {'organization':organization, 'shelf_documents_count':shelf_documents_count, 'shelf':shelf, 'shelf_type':'delete'})
def ajax_delete_publication(request, organization_slug):
organization = get_object_or_404(Organization, slug=organization_slug)
publication_uid = request.POST.get("uid")
if publication_uid:
publication_uids = [publication_uid]
else:
publication_uids = request.POST.getlist("uid[]")
if not publication_uids:
raise Http404
publications = []
for publication_uid in publication_uids:
try:
publication = Publication.objects.get(uid=publication_uid)
except Publication.DoesNotExist:
continue
if get_permission_backend(request).can_edit_publication(
request.user, organization, {"publication": publication}
):
publications.append(publication)
if not publications:
return response_json_error("invalid-publication")
domain_functions.delete_publications(publications)
return response_json_success()
def request_download_publication(request, publication_uid):
try:
publication = Publication.objects.get(uid=publication_uid)
except Publication.DoesNotExist:
return HttpResponse('Page not found', status=404)
user = _extract_user(request)
try:
user_organization = UserOrganization.objects.get(organization=publication.organization, user=user, is_active=True)
except:
return HttpResponse('No permissions', status=403)
if not get_permission_backend(request).get_publication_access(user, publication):
return HttpResponse('No permissions', status=403)
# ----- CDN support is not available for NBTC -----
# server_urls = []
# for server in OrganizationDownloadServer.objects.filter(organization=publication.organization).order_by('-priority'):
# download_url = generate_download_url(server, publication)
# if download_url:
# server_urls.append(download_url)
# return HttpResponse(simplejson.dumps(server_urls))
return private_files_get_file(request, 'domain', 'Publication', 'uploaded_file', str(publication.id), '%s.%s' % (publication.original_file_name, publication.file_ext))
def view_organization_invited_users(request, organization_slug):
organization = get_object_or_404(Organization, slug=organization_slug)
if not get_permission_backend(request).can_manage_user(request.user, organization):
raise Http404
invited_users = UserOrganizationInvitation.objects.filter(organization=organization).order_by('-created')
return render(request, 'organization/organization_users_invited.html', {'organization':organization, 'invited_users':invited_users})
def upload_publication(request, organization_slug):
organization = get_object_or_404(Organization, slug=organization_slug)
shelf_id = request.POST.get("shelf")
if shelf_id:
shelf = get_object_or_404(OrganizationShelf, pk=shelf_id)
else:
transaction.rollback()
raise Http404
if shelf.organization.id != organization.id or not get_permission_backend(request).can_upload_shelf(
request.user, organization, {"shelf": shelf}
):
transaction.rollback()
raise Http404
try:
file = request.FILES[u"files[]"]
if file.size > settings.MAX_PUBLICATION_FILE_SIZE:
transaction.rollback()
return response_json_error("file-size-exceed")
uploading_file = UploadedFile(file)
publication = domain_functions.upload_publication(request, uploading_file, organization, shelf)
if not publication:
transaction.rollback()
return response_json_error()
transaction.commit() # Need to commit before create task
try:
generate_thumbnails.delay(publication.uid)
except:
import sys
import traceback
logger.critical(traceback.format_exc(sys.exc_info()[2]))
return response_json_success(
{
"uid": str(publication.uid),
"title": publication.title,
"file_ext": publication.file_ext,
"file_size_text": humanize_file_size(uploading_file.file.size),
"shelf": shelf.id if shelf else "",
"uploaded": format_abbr_datetime(publication.uploaded),
"thumbnail_url": publication.get_large_thumbnail(),
"download_url": reverse("download_publication", args=[publication.uid]),
}
)
except:
transaction.rollback()
return response_json_error()
def replace_publication(request, organization_slug):
organization = get_object_or_404(Organization, slug=organization_slug)
publication_id = request.POST.get("publication_id")
print publication_id
if publication_id:
publication = get_object_or_404(Publication, uid=publication_id)
else:
transaction.rollback()
raise Http404
if not get_permission_backend(request).can_edit_publication(
request.user, publication.organization, {"publication": publication}
):
transaction.rollback()
raise Http404
try:
file = request.FILES[u"files[]"]
if file.size > settings.MAX_PUBLICATION_FILE_SIZE:
transaction.rollback()
return response_json_error("file-size-exceed")
uploading_file = UploadedFile(file)
publication = domain_functions.replace_publication(request, uploading_file, publication)
if not publication:
transaction.rollback()
return response_json_error()
transaction.commit()
try:
generate_thumbnails.delay(publication.uid)
except:
import sys
import traceback
logger.critical(traceback.format_exc(sys.exc_info()[2]))
return response_json_success(
{
"uid": str(publication.uid),
"file_ext": publication.file_ext,
"file_size": humanize_file_size(uploading_file.file.size),
"uploaded": format_abbr_datetime(publication.uploaded),
"replaced": format_abbr_datetime(publication.replaced),
"thumbnail_url": publication.get_large_thumbnail(),
"download_url": reverse("download_publication", args=[publication.uid]),
}
)
except:
transaction.rollback()
return response_json_error()
def edit_organization_user(request, organization_user_id):
user_organization = get_object_or_404(UserOrganization, pk=organization_user_id)
organization = user_organization.organization
if not get_permission_backend(request).can_manage_user(request.user, organization):
raise Http404
if request.method == 'POST':
form = EditOrganizationUserForm(user_organization, request.POST)
if form.is_valid():
user_profile = user_organization.user.get_profile()
user_profile.user.email = form.cleaned_data['email']
user_profile.first_name = form.cleaned_data['first_name']
user_profile.last_name = form.cleaned_data['last_name']
user_profile.user.save()
user_profile.save()
new_groups = set()
for group in form.cleaned_data['groups']:
new_groups.add(group)
old_groups = set()
for user_group in UserGroup.objects.filter(user_organization=user_organization):
old_groups.add(user_group.group)
creating_groups = new_groups.difference(old_groups)
removing_groups = old_groups.difference(new_groups)
for group in creating_groups:
UserGroup.objects.create(group=group, user_organization=user_organization)
UserGroup.objects.filter(user_organization=user_organization, group__in=removing_groups).delete()
messages.success(request, _('Edit user profile successful'))
next = request.POST.get('next')
return redirect(next) if next else redirect('view_organization_users', organization_slug=organization.slug)
else:
form = EditOrganizationUserForm(user_organization, initial={
'email':user_organization.user.email,
'first_name':user_organization.user.get_profile().first_name,
'last_name':user_organization.user.get_profile().last_name,
'groups':user_organization.groups.all()}
)
return render(request,
'organization/organization_user_edit.html', {
'form' :form,
'organization' :organization,
'user_organization' :user_organization,
'next' :request.GET.get('next', ''),
}
)
def ajax_query_organization_shelves(request, organization_slug):
organization = get_object_or_404(Organization, slug=organization_slug)
permission_backend = get_permission_backend(request)
if not permission_backend.can_view_organization(request.user, organization):
raise Http404
shelves_json = []
for shelf in permission_backend.get_viewable_shelves(request.user, organization):
shelves_json.append({"id": shelf.id, "name": shelf.name, "document_count": shelf.num_of_documents})
return response_json_success({"shelves": shelves_json})
def ajax_query_groups(request, organization_slug):
organization = get_object_or_404(Organization, slug=organization_slug)
if not get_permission_backend(request).can_view_organization(request.user, organization):
raise Http404
result = []
organization_groups = OrganizationGroup.objects.filter(organization=organization).order_by("name")
for organization_group in organization_groups:
result.append([organization_group.id, organization_group.name])
return HttpResponse(simplejson.dumps(result))
def view_organization_group_members(request, organization_group_id):
group = get_object_or_404(OrganizationGroup, pk=organization_group_id)
organization = group.organization
if not get_permission_backend(request).can_manage_user(request.user, organization):
raise Http404
group_members = UserGroup.objects.filter(group=group, user_organization__is_active=True)
return render(request, 'organization/organization_group_members.html', {
'organization': organization,
'group' :group,
'group_members': group_members
})
def invite_organization_user(request, organization_slug):
organization = get_object_or_404(Organization, slug=organization_slug)
if not get_permission_backend(request).can_manage_user(request.user, organization):
raise Http404
if request.method == 'POST':
form = InviteOrganizationUserForm(organization, request.POST)
if form.is_valid():
return summarize_organization_users(request, organization_slug=organization_slug, action='invite', context={'emails': form.cleaned_data['emails'], 'groups': form.cleaned_data['groups']})
else:
form = InviteOrganizationUserForm(organization)
return render(request, 'organization/organization_user_invite.html', {'organization':organization, 'form':form})
def ajax_query_publication_tags(request, organization_slug):
organization = get_object_or_404(Organization, slug=organization_slug)
term = request.GET.get("term")
if not get_permission_backend(request).can_view_organization(request.user, organization):
raise Http404
tags = OrganizationTag.objects.filter(organization=organization, tag_name__icontains=term)
result = []
for tag in tags:
result.append({"id": str(tag.id), "label": tag.tag_name, "value": tag.tag_name})
return HttpResponse(simplejson.dumps(result))
def render(self, context):
user = self.user.resolve(context)
permissions = self.action.split(',')
organization = self.organization.resolve(context)
permission_backend = get_permission_backend(context['request'])
parameters = {}
for key in self.parameters.keys():
parameters[key] = self.parameters[key].resolve(context)
if self._has_any_permission(permission_backend, permissions, user, organization, parameters):
return self.nodelist_true.render(context)
else:
return self.nodelist_false.render(context)
def ajax_remove_organization_group(request, organization_group_id):
if request.is_ajax():
group = get_object_or_404(OrganizationGroup, pk=organization_group_id)
organization = group.organization
if not get_permission_backend(request).can_manage_group(request.user, organization):
raise Http404
UserGroup.objects.filter(group=group).delete()
group.delete()
messages.success(request, _("Deleted user groups successful"))
return response_json_success({"redirect_url": reverse("view_organization_groups", args=[organization.slug])})
else:
raise Http404
def ajax_resend_user_invitation(request, invitation_id):
if request.is_ajax():
invitation = get_object_or_404(UserOrganizationInvitation, pk=invitation_id)
organization = invitation.organization
if not get_permission_backend(request).can_manage_user(request.user, organization):
raise Http404
if invitation.send_invitation_email():
invitation.created = now()
invitation.save()
return response_json_success()
else:
return response_json_error("send-invitation-failed")
else:
raise Http404
def ajax_cancel_user_invitation(request, invitation_id):
if request.is_ajax():
invitation = get_object_or_404(UserOrganizationInvitation, pk=invitation_id)
organization = invitation.organization
if not get_permission_backend(request).can_manage_user(request.user, organization):
raise Http404
invitation.delete()
messages.success(request, _("Cancelled user invitation successful"))
return response_json_success(
{"redirect_url": reverse("view_organization_invited_users", args=[organization.slug])}
)
else:
raise Http404
def ajax_remove_organization_user(request, organization_user_id):
if request.is_ajax():
user_organization = get_object_or_404(UserOrganization, pk=organization_user_id)
organization = user_organization.organization
if not get_permission_backend(request).can_manage_user(request.user, organization):
raise Http404
user_organization.is_active = False
user_organization.modified = datetime.datetime.now()
user_organization.save()
messages.success(request, _("Removed user from organization successful"))
return response_json_success({"redirect_url": reverse("view_organization_users", args=[organization.slug])})
else:
raise Http404
def ajax_add_publications_tag(request, organization_slug):
organization = get_object_or_404(Organization, slug=organization_slug)
publication_uids = request.POST.getlist("publication[]")
tag_names = request.POST.get("tags")
if tag_names:
publications = []
for publication_uid in publication_uids:
try:
publication = Publication.objects.get(uid=publication_uid)
except Publication.DoesNotExist:
continue
if get_permission_backend(request).can_edit_publication(
request.user, organization, {"publication": publication}
):
publications.append(publication)
tag_names = tag_names.split(",")
saved_tag_names = []
if publications and tag_names:
for tag_name in tag_names:
if tag_name and len(tag_name.strip()) > 0:
tag_name = tag_name.lower().strip()
try:
tag = OrganizationTag.objects.get(organization=organization, tag_name=tag_name)
except OrganizationTag.DoesNotExist:
tag = OrganizationTag.objects.create(organization=organization, tag_name=tag_name)
for publication in publications:
publication_tag, created = PublicationTag.objects.get_or_create(
publication=publication, tag=tag
)
if created:
saved_tag_names.append(tag_name)
return response_json_success({"tag_names": saved_tag_names})
else:
return response_json_error("invalid-publication")
else:
return response_json_error("missing-parameter")
def view_organization_profile(request, organization_slug):
organization = get_object_or_404(Organization, slug=organization_slug)
if not get_permission_backend(request).can_view_organization(request.user, organization):
raise Http404
statistics = {
'publication_count': Publication.objects.filter(organization=organization).count(),
'shelf_count': OrganizationShelf.objects.filter(organization=organization).count(),
'active_user_count': UserOrganization.objects.filter(organization=organization, is_active=True).count(),
}
return render(request, 'organization/organization_profile.html', {
'organization':organization,
'statistics':statistics,
'is_organization_admin': UserOrganization.objects.filter(organization=organization, user=request.user, is_admin=True).exists(),
})
def view_organization_users_groups(request, organization_slug):
organization = get_object_or_404(Organization, slug=organization_slug)
if not get_permission_backend(request).can_manage_user(request.user, organization) and not get_permission_backend(request).can_manage_group(request.user, organization):
raise Http404
organization_users = UserOrganization.objects.filter(organization=organization).order_by('user__userprofile__first_name', 'user__userprofile__last_name')
organization_groups = OrganizationGroup.objects.filter(organization=organization).order_by('name')
return render(
request,
'organization/organization_manage_users_groups.html', {
'organization' :organization,
'organization_users' :organization_users,
'organization_groups' :organization_groups
}
)
def ajax_edit_publication(request, organization_slug):
organization = get_object_or_404(Organization, slug=organization_slug)
publication_uid = request.POST.get("uid")
title = request.POST.get("title")
description = request.POST.get("description")
tag_names = request.POST.get("tags")
try:
publication = Publication.objects.get(uid=publication_uid)
except Publication.DoesNotExist:
return response_json_error("publication-notfound")
if not get_permission_backend(request).can_edit_publication(
request.user, organization, {"publication": publication}
):
raise Http404
if not title:
return response_json_error("parameter-missing")
publication.title = title
publication.description = description
publication.modified = now()
publication.modified_by = request.user
publication.save()
PublicationTag.objects.filter(publication=publication).delete()
saved_tag_names = []
tag_names = tag_names.split(",")
for tag_name in tag_names:
if tag_name and len(tag_name.strip()) > 0:
tag_name = tag_name.lower().strip()
try:
tag = OrganizationTag.objects.get(organization=organization, tag_name=tag_name)
except OrganizationTag.DoesNotExist:
tag = OrganizationTag.objects.create(organization=organization, tag_name=tag_name)
PublicationTag.objects.get_or_create(publication=publication, tag=tag)
saved_tag_names.append(tag_name)
return response_json_success({"tag_names": saved_tag_names})
def edit_user_invitation(request, invitation_id):
invitation = get_object_or_404(UserOrganizationInvitation, pk=invitation_id)
organization = invitation.organization
if not get_permission_backend(request).can_manage_user(request.user, organization):
raise Http404
if request.method == 'POST':
form = EditOrganizationUserInviteForm(organization, request.POST)
if form.is_valid():
invitation.groups = form.cleaned_data['groups']
messages.success(request, _('Edit user profile successful'))
return redirect('view_organization_invited_users', organization_slug=organization.slug)
else:
form = EditOrganizationUserInviteForm(organization, initial={'groups':invitation.groups.all()})
return render(request, 'organization/organization_user_invite_edit.html', {'organization':organization, 'invitation':invitation, 'form':form})
