def edit_discussion(request, id): """edit a discussion""" # prepare messages mm = MessageManager(request) d = get_object_or_404(Discussion, pk=id) if request.user.is_authenticated() and request.user.username == d.user.username: if request.POST: form = CreateDiscussionForm(request.POST, request.FILES, user=request.user) if form.is_valid(): form.update(request, d) mm.set_success("Your discussion has been updated") return redirect(d.get_absolute_url()) else: # form had errors return render(request, 'main/discussion/edit.html', mm.messages(), {'form':form, 'discussion':d}) else: # prepare new form for user dpk = None if d.group(): dpk = d.group().pk term_str = delim_list(object_taxon(d), ',') form = CreateDiscussionForm(user=request.user, initial={'group': dpk, 'title':d.title, 'body':d.body, 'type':d.type, 'terms':term_str}) return render(request, 'main/discussion/edit.html', mm.messages(), {'form':form, 'discussion':d}) else: return redirect(request.META.get('HTTP_REFERER','/'))
def edit_code_package(request, id): """edit a code package""" # prepare messages mm = MessageManager(request) cp = get_object_or_404(CodePackage, pk=id) if request.user.is_authenticated() and request.user.username == cp.user.username: if request.POST: form = EditCodePackageForm(request.POST, user=request.user) if form.is_valid(): form.save(request, cp) mm.set_success("Your code package has been updated") return redirect(cp.get_absolute_url()) else: # form had errors return render(request, 'main/code_package/edit.html', mm.messages(), {'form':form, 'code_package':cp}) else: # prepare new form for user cpk = None if cp.group(): cpk = cp.group().pk term_str = delim_list(object_taxon(cp), ',') form = EditCodePackageForm(user=request.user, initial={'group': cpk, 'title':cp.title, 'description':cp.description, 'terms':term_str}) return render(request, 'main/code_package/edit.html', mm.messages(), {'form':form, 'code_package':cp}) else: return redirect(request.META.get('HTTP_REFERER','/'))
def edit_link(request, id): """edit a link""" # prepare messages mm = MessageManager(request) link = get_object_or_404(Link, pk=id) if request.user.is_authenticated() and request.user.username == link.user.username: if request.POST: form = CreateLinkForm(request.POST, request.FILES, user=request.user) if form.is_valid(): form.update(request, link) mm.set_success("Your link has been updated") return redirect(link.get_absolute_url()) else: # form had errors return render(request, 'main/link/edit.html', mm.messages(), {'form':form, 'link':link}) else: # prepare new form for user lpk = None if link.group(): lpk = link.group().pk term_str = delim_list(object_taxon(link), ',') form = CreateLinkForm(user=request.user, initial={'group': lpk, 'title':link.title, 'url':link.url, 'terms':term_str}) return render(request, 'main/link/edit.html', mm.messages(), {'form':form, 'link':link}) else: return redirect(request.META.get('HTTP_REFERER','/'))
def discussion(request, id): """view a discussion""" mm = MessageManager(request) try: d = Discussion.objects.select_related('user', 'group').get(pk=id) except Discussion.DoesNotExist: return Http404 if d.type == 0 or request.user.is_authenticated() and (request.user.is_group_member(d.group()) or request.user.is_group_manager(d.group())) or d.user.username == request.user.username: #update metrics try: dmet = Metric.objects.get_metric(d, key='views') if d.user.username != request.user.username: dmet.value = int(dmet.value) + 1 except Metric.DoesNotExist: dmet = Metric.objects.create(d, 'views', 1) dmet.save() # get user settings try: user = cUser.objects.all().get(username=d.user.username) u_settings = user.settings except cUser.DoesNotExist: u_settings = None return render(request, 'main/discussion/index.html', {'discussion':d, 'views':dmet.value, 'settings':u_settings}, mm.messages()) else: mm.set_notice("you are not allowed to view that lab journal") return redirect(request.META.get('HTTP_REFERER','/'))
def edit_account(request, username): """edit a user's account details""" # prepare messages mm = MessageManager(request) try: u = cUser.objects.get(username=username) except cUser.DoesNotExist: u = get_object_or_404(User, username=username) # must be an authenticated user and own the profile in order to get the form. if request.user.is_authenticated() and request.user == u: if request.POST: # collect form form = EditAccountForm(request.POST) if form.is_valid(): form.update(request, u) mm.set_success("Your account has been updated") return redirect(request.user.get_absolute_url()) else: return render(request, 'accounts/user/edit.html', {'form':form}, mm.messages()) else: # prepare form form = EditAccountForm(initial={'username':u.username, 'email':u.email}) return render(request, 'accounts/user/edit.html', {'form':form}, mm.messages()) else: return redirect(u.get_absolute_url())
def delete(request, username): """delete a user account""" # prepare messages mm = MessageManager(request) if request.user.is_active and request.user.username == username: if request.user.is_superuser: mm.set_error("um... you can't delete a super user silly.") return redirect(request.META.get('HTTP_REFERER','/')) # Build the removal key for account salt = sha.new(str(random.random())).hexdigest()[:5] removal_key = sha.new(salt+username).hexdigest() key_expires = datetime.datetime.today() + datetime.timedelta(2) request.user.removal_key = removal_key request.user.key_expires = key_expires request.user.save() # prepare email email_subject = 'Confirm account deletion' email_body =\ "We just received a request to delete your Comperio account.\ \n\nTo delete your account, click this link within 48 hours:\ \n%s/users/delete/confirm/%s" % ( SITE_URL, request.user.removal_key) send_mail(email_subject, email_body, '*****@*****.**', [request.user.email]) mm.set_success("We just sent you an email to verify your account removal.") return redirect(request.META.get('HTTP_REFERER','/'))
def admin_tools(request, tool): """automatically provides a list of tools to the administrator from the AdminTools class""" # # Do not add/register new tools in this def. it handles the AdminTools automatically # # debug is checked in AdminTools, so this is just extra protection. if DEBUG is False: return redirect('/') # prepare messages mm = MessageManager(request) # prepare tools at = AdminTools() if request.user.is_authenticated and request.user.is_superuser: # get the tools so we can compare them with the requested tool. tool_list = class_linker(AdminTools, '') # display tool index if tool == '': return render(request, 'main/admin/tools.html', mm.messages()) # Run the tools for t, d, u in tool_list: if tool == t: log_list = eval("at.%s(%s)" % (t, True)) log_message = "successfully performed \"%s\" on %s objects." % (t, len(log_list)) for log in log_list: log_message += "<Br />%s" % log mm.set_notice(log_message) break return redirect(request.META.get('HTTP_REFERER','/'))
def manage_group(request, gid): """manage a group""" mm = MessageManager(request) g = get_object_or_404(cGroup, pk=gid) if request.user.is_authenticated() and request.user.is_group_manager(g): return render(request, 'accounts/groups/manage.html', mm.messages(), {'group':g}) else: mm.set_error("you are not allowed to manage this group") return redirect(g.get_absolute_url())
def tags_page(request): """display a page of all the tags (tag cloud)""" # TODO: make a tag cloud. may be able to use the api from our analytics framework mm = MessageManager(request) return render(request, 'main/tags.html', mm.messages()) # #def image_uploader(request): # """uploads an image to the server""" # return None
def delete_curriculum(request, id): """delete an existing curriculum""" mm = MessageManager(request) c = get_object_or_404(Curriculum, pk=id) if request.user.is_authenticated() and request.user.username == c.user.username: c.delete() return redirect(request.user.get_absolute_url()) else: mm.set_notice('you are not authorized to delete this curriculum') return redirect(c.get_absolute_url())
def _survey_redirect( request, survey, group_slug=None, group_slug_field=None, group_qs=None, template_name="survey/thankyou.html", extra_context=None, *args, **kw ): """ Conditionally redirect to the appropriate page; if there is a "next" value in the GET URL parameter, go to the URL specified under Next. If there is no "next" URL specified, then go to the survey results page...but only if it is viewable by the user. Otherwise, only direct the user to a page showing their own survey answers...assuming they have answered any questions. If all else fails, go to the Thank You page. """ if ( "next" in request.REQUEST and request.REQUEST["next"].startswith("http:") and request.REQUEST["next"] != request.path ): return HttpResponseRedirect(request.REQUEST["next"]) if survey.answers_viewable_by(request.user): return HttpResponseRedirect(reverse("survey-results", None, (), {"survey_slug": survey.__dict__["slug"]})) # For this survey, have they answered any questions? # if (hasattr(request, 'session') and Answer.objects.filter( # session_key=request.session.session_key.lower(), # question__survey__visible=True, # question__survey__slug=survey.__dict__['slug']).count()): # print "ytest4" # return HttpResponseRedirect( # reverse('answers-detail', None, (), # {'survey_slug': survey.__dict__['slug'], # 'key': request.session.session_key.lower()})) # go to thank you page # return render() mm = MessageManager(request) mm.set_success("Thank You For Participating In The Survey!") return HttpResponseRedirect(request.user.get_absolute_url()) # return render_to_response(template_name, # {'survey': survey, 'title': 'Thank You'}, # context_instance=RequestContext(request)) return render(request, template_name, {"survey": survey, "title": "Thank You"})
def delete_group(request, gid): """delete a group""" mm = MessageManager(request) g = get_object_or_404(cGroup, pk=gid) if request.user.is_authenticated() and request.user.is_group_manager(g): # TODO: do we need to remove group reference from users? g.delete() return redirect(request.user.get_absolute_url() + "#groups") else: mm.set_error("you are not allowed to delete this group") return redirect(request.META.get('HTTP_REFERER','/'))
def group_page(request, gid): """display the group page""" mm = MessageManager(request) group = get_object_or_404(cGroup, pk=gid) manager = False member = False if request.user.is_authenticated() and request.user.__class__ == cUser: manager = request.user.is_group_manager(group) member = request.user.is_group_member(group) pending = request.user in group.pending_users.all() return render(request, 'accounts/groups/group_page.html', mm.messages(), {'group':group,'is_group_manager':manager, 'is_group_member':member, 'is_pending_member':pending})
def delete_task(request, id): """delete a task""" mm = MessageManager(request) t = get_object_or_404(Task, pk=id) if request.user.is_authenticated() and request.user.username == t.user.username: t.delete() mm.set_success("task removed") return redirect(request.user.get_absolute_url()) else: mm.set_notice("you are not authorized to delete that task.") return redirect(request.META.get('HTTP_REFERER','/'))
def delete_lesson(request, c_id, l_id): """delete an existing lesson""" mm = MessageManager(request) l = get_object_or_404(Lesson, pk=l_id) c = get_object_or_404(Curriculum, pk=c_id) if request.user.is_authenticated() and request.user.username == l.user.username: name = l.title l.delete() mm.set_success('"%s" has been deleted' % name) else: mm.set_notice('you are not authorized to delete this lesson') return redirect(c.get_absolute_url())
def delete_group_invitation(request, gid): """delete the current group invitation key so that it cannot be used""" mm = MessageManager(request) g = get_object_or_404(cGroup, pk=gid) if request.user.is_authenticated() and request.user.is_group_manager(g): g.invitation_key = None g.key_expires = None g.save() return redirect(g.get_absolute_url() + "/manage") else: mm.set_error("you are not authorized to perform this action") return redirect(g.get_absolute_url())
def list_user_code(request): """return a list of code packages uploaded by a user""" mm = MessageManager(request) if request.GET: form = LoginForm(request.GET) if form.is_valid(): e = form.cleaned_data['username'] p = form.cleaned_data['password'] try: user = authenticate(username=e, password=p) except NameError: user = None if user is not None: if user.is_active: packages = CodePackage.objects.filter(user=user) results = '' for p in packages: results += p.title + "\n" return render_to_response('api/serve.html', {'result':results.rstrip('\n')}) else: # account is disabled mm.set_error('This account has been disabled, or has not been activated.') else: # invalid login mm.set_error('Invalid credentials.') return render(request, 'api/list_user_code.html', {'form':form}, mm.messages()) else: # return form errors to user return render(request, 'api/list_user_code.html', {'form':form}, mm.messages()) else: form = DeleteCodePackageForm() return render(request, 'api/list_user_code.html', {'form':form}, mm.messages())
def contact(request): """contact page""" # prepare messages mm = MessageManager(request) if request.POST: form = ContactForm(request.POST) if form.is_valid(): data = request.POST.copy() # make sure we have a human if not form.isValidHuman(data): mm.set_error('Sorry only humans can contact us. Try reloading the page.') return render(request, 'main/contact.html', mm.messages(), {'form':form}) # prepare email email_subject = 'Comperio Form Submission' email_body =\ "Form submission from %s\n\nName: %s\nEmail: %s\n\n%s" % ( SITE_URL, data['name'], data['email'], data['message']) emails = [x[1] for x in ADMINS] send_mail(email_subject, email_body, '*****@*****.**', emails) mm.set_success("Thank you! We received your message.") return redirect('/') else: return render(request, 'main/contact.html', {'form':form}, mm.messages()) else: form = ContactForm() return render(request, 'main/contact.html', {'form':form}, mm.messages())
def reject_from_group(request, gid, uid): """reject a pending membership request""" mm = MessageManager(request) g = get_object_or_404(cGroup, pk=gid) u = get_object_or_404(cUser, pk=uid) if request.user.is_authenticated() and request.user.is_group_manager(g): if u in g.pending_users.all(): mm.set_success("membership refused for %s" % u.username) g.pending_users.remove(u) g.save() else: mm.set_error("you can't just reject whomever you want!") return redirect(reverse('manage-group', None, (), {'gid':g.pk})) return redirect(g.get_absolute_url())
def group_invitation(request, gid): """generate an invitation url for a group""" mm = MessageManager(request) g = get_object_or_404(cGroup, pk=gid) if request.user.is_authenticated() and request.user.is_group_manager(g): # Build the invitation key salt = sha.new(str(random.random())).hexdigest()[:5] g.invitation_key = sha.new(salt+g.name).hexdigest()[:13] g.key_expires = datetime.datetime.today() + datetime.timedelta(2) g.save() return redirect(g.get_absolute_url() + "/manage") else: mm.set_error("you are not authorized to perform this action") return redirect(g.get_absolute_url())
def edit_task(request, id): """edit and existing task""" mm = MessageManager(request) t = get_object_or_404(Task, pk=id) if request.user.is_authenticated() and request.user.username == t.user.username: if request.POST: # receive sent form form = NewTaskForm(request.POST) if form.is_valid(): mm.set_success("task updated") t.due_date = form.cleaned_data['due_date'] t.description = form.cleaned_data['description'] notify = form.cleaned_data['notify'] if notify is False: t.notify = False else: t.notify = True t.save() return redirect(t.get_absolute_url()) else: mm.set_error("error") # error pass else: # setup new form form = NewTaskForm(initial={'due_date':t.due_date, 'description':t.description, 'notify':t.notify}) return render(request, 'tasks/edit.html', {'form':form, 'task':t}, mm.messages()) else: mm.set_notice("you are not authorized to edit that task.") return redirect(request.META.get('HTTP_REFERER','/'))
def login_view(request): """Login to a user account and redirect to profile""" # TODO: put link on profile page to return to original page # prepare messages mm = MessageManager(request) if request.user.is_authenticated(): return redirect(request.user.get_absolute_url()) if request.POST: if request.session.test_cookie_worked(): request.session.delete_test_cookie() # cookies are enabled form = LoginForm(request.POST) if not form == None and form.is_valid(): # log the user in. we extended to backend to allow using email # instead of just username e = form.cleaned_data['username'] p = form.cleaned_data['password'] try: user = authenticate(username=e, password=p) except NameError: user = None if user is not None: if user.is_active: #request.user = user login(request, user) mm.set_success('you are logged in!') return redirect(request.user.get_absolute_url()) else: # account is disabled mm.set_error('This account has been disabled, or has not been activated.') else: # invalid login mm.set_error('Invalid credentials.') else: #mm.set_error('The form is invalid') pass else: # cookies are not enabled mm.set_error('Please enable cookies and try again.') else: form = LoginForm() request.session.set_test_cookie() return render(request, 'accounts/login.html', {'form':form}, mm.messages())
def index(request): """this is the site entrance""" # prepare messages mm = MessageManager(request) results = list() if request.POST: # collect form form = SearchForm(request.POST) if form.is_valid(): query = form.cleaned_data['metrics'] # try to use the search API sMeta = SearchAPI(request) # otherwise throw it into the url if not sMeta: return redirect('/?q=%s' % string.replace(query, " ", "+")) # generate the html nodes results = list() for obj in sMeta.results: results.append(HTMLWrapper(obj)) # build pager p = Pager(node_count=sMeta.node_count, page_len=sMeta.page_len, start=sMeta.start, prev=sMeta.previous, next=sMeta.next, data=sMeta.query) # return search form return render(request, 'main/index.html', {'search_form':form, 'search_results':results, 'pager': p, 'search':sMeta != None}, mm.messages()) else: results = list() # return invalid form #mm.set_error('Invalid search!') pass else: # try to use the search API sMeta = SearchAPI(request) # otherwise do it manually if not sMeta: sMeta = SearchCore() form = SearchForm() p = Pager() # normal page loads should not return sMeta if sMeta: # generate the html nodes results = list() for obj in sMeta.results: results.append(HTMLWrapper(obj)) # prepare new form form = SearchForm(initial={'metrics': sMeta.query}) # build pager p = Pager(node_count=sMeta.node_count, page_len=sMeta.page_len, start=sMeta.start, prev=sMeta.previous, next=sMeta.next, data=sMeta.query) return render(request, 'main/index.html', {'search_form':form, 'search_results':results, 'pager': p, 'search':sMeta != None}, mm.messages())
def create_lesson(request, c_id): """create a new lesson""" c = get_object_or_404(Curriculum, pk=c_id) mm = MessageManager(request) if request.POST: form = CreateLessonForm(request.POST) if form.is_valid(): # save it l = form.save(request, c) mm.set_success("the lesson was saved") return redirect(c.get_absolute_url()) else: mm.set_error("the form has errors") pass else: form = CreateLessonForm() return render(request, 'curricula/create_lesson.html', {'form':form, 'curriculum':c}, mm.messages())
def delete_link(request, id): """delete a link""" mm = MessageManager(request) try: l = Link.objects.get(pk=id) except Link.DoesNotExist: raise Http404 if request.user.is_authenticated() and request.user.username == l.user.username: l.delete() mm.set_success("Link %s has been deleted" % l.title ) if l.group(): return redirect(l.group().get_absolute_url() + "#links") else: return redirect(request.user.get_absolute_url() + "#links") else: raise Http404
def link(request, id): """display a link""" mm = MessageManager(request) try: l = Link.objects.select_related('user', 'group').get(pk=id) except Discussion.DoesNotExist: return Http404 #update metrics try: dmet = Metric.objects.get_metric(l, key='views') dmet.value = int(dmet.value) + 1 except Metric.DoesNotExist: dmet = Metric.objects.create(l, 'views', 1) dmet.save() return render(request, 'main/link/index.html', {'link':l, 'views':dmet.value}, mm.messages())
def create_group(request): """create a new user group""" mm = MessageManager(request) if request.user.is_authenticated() and request.user.__class__ is cUser: if request.POST: form = CreateGroupForm(request.POST) if form.is_valid(): data = request.POST.copy() # make sure the group name is unique try: cGroup.objects.get(name=data["title"]) mm.set_error("that group name is already taken") return render(request,'accounts/groups/create.html', mm.messages(), {'form':form}) except cGroup.DoesNotExist: # create group g = cGroup() g.name = data["title"] g.description = data["description"] g.type = data["type"] g.visibility = data["visibility"] g.open_registration = data.has_key("open_registration") g.save() # add user to group request.user.groups.add(g) g.managers.add(request.user) # Build the invitation key salt = sha.new(str(random.random())).hexdigest()[:5] g.invitation_key = sha.new(salt+g.name).hexdigest()[:13] g.key_expires = datetime.datetime.today() + datetime.timedelta(2) g.save() manage_url = reverse('manage-group', None, (), {'gid':g.pk}) invite_url = "%s%s/%s" % (SITE_URL, reverse('join-group', None, (), {'gid':g.pk}), g.invitation_key) mm.set_success("Successfully Created Group \"%s\"!<p> We automatically generated an invitation url that you can share with your friends. For more information check out the <a href=\"%s\">Administration Page</a>.</p><p>Invitation Url: <a href=\"%s\">%s</a></p>" % (g.name, manage_url, invite_url, invite_url)) # TODO: take to new group page return redirect(g.get_absolute_url()) else: return render(request,'accounts/groups/create.html', mm.messages(), {'form':form}) else: # prepare new form for user form = CreateGroupForm(initial={'open_registration':True}) return render(request,'accounts/groups/create.html', mm.messages(), {'form':form}) else: mm.set_error("you are not allowed to create a group") return redirect(request.META.get('HTTP_REFERER','/'))
def delete_discussion(request, id): """delete a discussion""" mm = MessageManager(request) try: d = Discussion.objects.get(pk=id) except Discussion.DoesNotExist: raise Http404 if request.user.is_authenticated() and request.user.username == d.user.username: d.delete() mm.set_success("Discussion %s has been deleted" % d.title ) if d.group(): return redirect(d.group().get_absolute_url() + "#discussions") else: return redirect(request.user.get_absolute_url() + "#discussions") else: raise Http404
def admit_to_group(request, gid, uid): """admit a user into a group""" mm = MessageManager(request) g = get_object_or_404(cGroup, pk=gid) u = get_object_or_404(cUser, pk=uid) if request.user.is_authenticated() and request.user.is_group_manager(g): if u in g.pending_users.all(): mm.set_success("%s has been admitted" % u.username) g.pending_users.remove(u) u.groups.add(g) g.members.add(u) u.save() g.save() else: mm.set_error("you can't just add whomever you want to your group!") return redirect(reverse('manage-group', None, (), {'gid':g.pk})) return redirect(g.get_absolute_url())
def delete_code_package(request, id): """delete a code package""" mm = MessageManager(request) try: cp = CodePackage.objects.get(pk=id) except CodePackage.DoesNotExist: raise Http404 if request.user.is_authenticated() and request.user.username == cp.user.username: cp.delete() mm.set_success("Code package %s has been deleted" % cp.title ) if cp.group(): return redirect(cp.group().get_absolute_url() + "#code") else: return redirect(request.user.get_absolute_url() + "#code") else: raise Http404