def _wrapped_view(request, event_id, *args, **kwargs):
event = get_object_or_404(Event, id=event_id)
if not request.user.has_perm("events.view_any_event") and not event.is_guest(request) and event.is_private:
# if the user does not have view_any privledges, is not already a guest or is
# and the event is private, ensure they have a valid token
token = kwargs.get("token", request.POST.get("token", None))
if not token:
return forbidden(request, "You need an invitation for this event")
if not event.is_token_valid(token):
return forbidden(request, "Invitation code is not valid for this event")
return view_func(request, event_id, *args, **kwargs)
def _wrapped_view(request, event_id, *args, **kwargs):
event = get_object_or_404(Event, id=event_id)
if not request.user.has_perm(
"events.view_any_event") and not event.is_guest(
request) and event.is_private:
# if the user does not have view_any privledges, is not already a guest or is
# and the event is private, ensure they have a valid token
token = kwargs.get("token", request.POST.get("token", None))
if not token:
return forbidden(request,
"You need an invitation for this event")
if not event.is_token_valid(token):
return forbidden(
request, "Invitation code is not valid for this event")
return view_func(request, event_id, *args, **kwargs)
def lambda_handler(event, context):
if 'httpMethod' not in event:
return bad_request('Not an HTTP invokation')
# if it is an HTTP invokation, validate the token
email = get_cognito_email(event)
print(email)
user_id = get_user_id_by_email(email)
print(user_id)
if not user_id:
return forbidden()
# for get or patch method, queryString should be sent with the permission type
query_string = event['queryStringParameters'] if event[
'queryStringParameters'] else None
if not query_string:
return bad_request(
{'message': 'The event does not contain queryStringParameters'})
if event['httpMethod'] == 'GET':
return get_settings_from_event(query_string, user_id)
elif event['httpMethod'] == 'PATCH':
return patch_settings_from_event(event=event,
query_string=query_string,
user_id=user_id,
email=email)
return bad_request({'message': 'Bad request'})
def lambda_handler(event, context):
body = event["body"] if event["body"] else None
if not body:
return bad_request(
{'message': 'Event request does not contain body object'})
if 'action' not in body:
return bad_request({'message': 'Body does not contain \'action\' key'})
if body["action"] not in ALLOWED_ACTIONS:
return bad_request({
'message':
'Body does not contain a valid action. Valid actions are: ' +
','.join(ALLOWED_ACTIONS)
})
if body["action"] == 'check-user-permissions':
if ACL_MANAGEMENT_VALIDATOR.validate(body):
# get the permission of the user
user_permission = get_permissions_by_user_id(body["user_id"])
if body["permission"] in user_permission:
return ok({'authorized': 'True'})
else:
# else, return bad request
return forbidden()
else:
return bad_request(ACL_MANAGEMENT_VALIDATOR.errors)
def group_association_request(request, group_id, object_id, action, content_type):
group = get_object_or_404(Group, id=group_id, is_geo_group=False)
model_type = get_model(*content_type.split("."))
content_type = ContentType.objects.get_for_model(model_type)
content_object = get_object_or_404(model_type, id=object_id)
if not group.is_user_manager(request.user):
return forbidden(request)
try:
association_request = GroupAssociationRequest.objects.get(
content_type=content_type, object_id=object_id, group=group)
except GroupAssociationRequest.DoesNotExist:
association_request = None
if association_request:
if action == "approve":
content_object.groups.add(group)
association_request.approved = True
association_request.save()
messages.success(request, _("Your community has been linked with %(object)s") % {
'object': content_object})
elif action == "deny":
association_request.delete()
messages.success(request, _("Your community will not be linked with %(object)s") % {
'object': content_object})
elif content_object.groups.filter(id=group_id).exists():
print "Already"
messages.info(request, _("%(object)s has already been linked with your community") % {
'object': content_object})
else:
print "Never"
messages.info(request, _("%(object)s has not been linked with your community") % {
'object': content_object})
return redirect("group_detail", group_slug=group.slug)
def group_edit(request, group_slug):
nav_selected = "communities"
group = get_object_or_404(Group, slug=group_slug, is_geo_group=False)
if not group.is_user_manager(request.user):
return forbidden(request)
if group.is_external_link_only:
return _group_external_link_only_edit(request, group)
external_group = False
if request.method == "POST":
if "change_group" in request.POST:
group_form = GroupForm(request.POST, request.FILES, instance=group)
if group_form.is_valid():
group = group_form.save()
messages.success(request, _("%(group)s has been updated.") % {'group': group})
return redirect("group_edit", group_slug=group.slug)
else:
membership_form = MembershipForm(group=group)
discussions_form = DiscussionSettingsForm(instance=group)
if "discussion_settings" in request.POST:
discussions_form = DiscussionSettingsForm(request.POST, instance=group)
if discussions_form.is_valid():
group = discussions_form.save()
messages.success(request, _("%(group)s has been updated.") % {'group': group})
return redirect("group_edit", group_slug=group.slug)
else:
membership_form = MembershipForm(group=group)
group_form = GroupForm(instance=group)
elif "delete_group" in request.POST:
group.delete()
messages.success(request, _("%(group)s has been deleted.") % {'group': group})
return redirect("group_list")
elif "change_membership" in request.POST:
membership_form = MembershipForm(group=group, data=request.POST)
if membership_form.is_valid():
membership_form.save()
if group.is_user_manager(request.user):
messages.success(request, _("%(group)s's memberships have been updated.") % {
'group': group})
return render_to_response("groups/group_edit.html", locals(),
context_instance=RequestContext(request))
else:
messages.success(request,
_("You no longer have permissions to edit %(group)s") % {
'group': group})
return redirect("group_detail", group_slug=group.slug)
else:
group_form = GroupForm(instance=group)
discussions_form = DiscussionSettingsForm(instance=group)
else:
messages.error(request, _("No action specified."))
else:
group_form = GroupForm(instance=group)
membership_form = MembershipForm(group=group)
discussions_form = DiscussionSettingsForm(instance=group)
site = Site.objects.get_current()
requesters = group.requesters_to_grant_or_deny(request.user)
return render_to_response("groups/group_edit.html", locals(),
context_instance=RequestContext(request))
def group_membership_request(request, group_id, user_id, action):
group = get_object_or_404(Group, id=group_id, is_geo_group=False)
user = get_object_or_404(User, id=user_id)
if not group.is_user_manager(request.user):
return forbidden(request)
try:
membership_request = MembershipRequests.objects.get(group=group,
user=user)
except MembershipRequests.DoesNotExist:
membership_request = None
if membership_request:
if action == "approve":
GroupUsers.objects.create(group=group, user=user, is_manager=False)
Stream.objects.get(slug="community-membership-approved").enqueue(
content_object=membership_request, start=datetime.now())
membership_request.delete()
messages.success(
request,
"%s has been added to the community" % user.get_full_name())
elif action == "deny":
Stream.objects.get(slug="community-membership-denied").enqueue(
content_object=membership_request, start=datetime.now())
membership_request.delete()
messages.success(
request, "%s has been denied access to the community" %
user.get_full_name())
elif GroupUsers.objects.filter(group=group, user=user).exists():
messages.info(
request, "%s has already been added to this community" %
user.get_full_name())
else:
messages.info(
request, "%s has already been denied access to this community" %
user.get_full_name())
return redirect("group_detail", group_slug=group.slug)
def group_disc_create(request, group_slug):
group = Group.objects.get(slug=group_slug)
if not group.is_poster(request.user):
return forbidden(request)
if request.method == "POST":
disc_form = DiscussionCreateForm(request.POST)
if disc_form.is_valid():
group = Group.objects.get(slug=group_slug)
disc = Discussion.objects.create(
subject=disc_form.cleaned_data['subject'],
body=disc_form.cleaned_data['body'],
parent_id=disc_form.cleaned_data['parent_id'],
user=request.user,
group=group,
is_public=not group.moderate_disc(request.user),
reply_count=None if disc_form.cleaned_data['parent_id'] else 0)
messages.success(request, "Discussion posted")
return_to = disc_form.cleaned_data[
'parent_id'] if disc_form.cleaned_data['parent_id'] else disc.id
return redirect("group_disc_detail",
group_slug=group.slug,
disc_id=return_to)
else:
disc_form = DiscussionCreateForm()
return render_to_response("groups/group_disc_create.html",
locals(),
context_instance=RequestContext(request))
def group_event_request(request, group_id, event_id, action):
group = get_object_or_404(Group, id=group_id, is_geo_group=False)
event = get_object_or_404(Event, id=event_id)
if not group.is_user_manager(request.user):
return forbidden(request)
try:
event_request = GroupAssociationRequest.objects.get(event=event,
group=group)
except GroupAssociationRequest.DoesNotExist:
event_request = None
if event_request:
if action == "approve":
event.groups.add(group)
event_request.approved = True
event_request.save()
messages.success(request,
"Your community has been linked with %s" % event)
elif action == "deny":
event_request.delete()
messages.success(
request, "Your community will not be linked with %s" % event)
elif group.event_set.filter(event=event).exists():
messages.info(request,
"%s has already been linked with your community" % event)
else:
messages.info(request,
"%s has not been linked with your community" % event)
return redirect("group_detail", group_slug=group.slug)
def group_disc_create(request, group_slug):
group = Group.objects.get(slug=group_slug)
if not group.is_poster(request.user):
return forbidden(request)
if request.method == "POST":
disc_form = DiscussionCreateForm(request.POST)
if disc_form.is_valid():
group = Group.objects.get(slug=group_slug)
disc = Discussion.objects.create(
subject=disc_form.cleaned_data['subject'],
body=disc_form.cleaned_data['body'],
parent_id=disc_form.cleaned_data['parent_id'],
user=request.user,
group=group,
is_public=not group.moderate_disc(request.user),
reply_count=None if disc_form.cleaned_data['parent_id'] else 0
)
messages.success(request, _("Discussion posted"))
return_to = (disc_form.cleaned_data['parent_id']
if disc_form.cleaned_data['parent_id']
else disc.id)
return redirect("group_disc_detail", group_slug=group.slug, disc_id=return_to)
else:
disc_form = DiscussionCreateForm()
return render_to_response("groups/group_disc_create.html", locals(),
context_instance=RequestContext(request))
def challenges_disc_create(request, challenge_id):
nav_selected = "challenges"
challenge = get_object_or_404(Challenge, id=challenge_id)
if not challenge.has_manager_privileges(request.user):
return forbidden(request, _('You do not have permissions'))
from groups.forms import DiscussionCreateForm
from discussions.models import Discussion
if request.method == "POST":
disc_form = DiscussionCreateForm(request.POST)
if disc_form.is_valid():
disc = Discussion.objects.create(
subject=disc_form.cleaned_data['subject'],
body=disc_form.cleaned_data['body'],
parent_id=None,
user=request.user,
content_object=challenge,
reply_count=0,
is_public=False,
disallow_replies=True)
messages.success(request, "Your message has been sent to the campaign's supporters.")
return redirect(challenge)
else:
disc_form = DiscussionCreateForm()
return render_to_response("challenges/challenge_disc_create.html",
locals(),
context_instance=RequestContext(request))
def group_membership_request(request, group_id, user_id, action):
group = get_object_or_404(Group, id=group_id, is_geo_group=False)
user = get_object_or_404(User, id=user_id)
if not group.is_user_manager(request.user):
return forbidden(request)
try:
membership_request = MembershipRequests.objects.get(group=group, user=user)
except MembershipRequests.DoesNotExist:
membership_request = None
if membership_request:
if action == "approve":
GroupUsers.objects.create(group=group, user=user, is_manager=False)
Stream.objects.get(slug="community-membership-approved").enqueue(
content_object=membership_request, start=datetime.now())
membership_request.delete()
messages.success(request, _("%(user)s has been added to the community") % {
'user': user.get_full_name()})
elif action == "deny":
Stream.objects.get(slug="community-membership-denied").enqueue(
content_object=membership_request, start=datetime.now())
membership_request.delete()
messages.success(request, _("%(user)s has been denied access to the community") % {
'user': user.get_full_name()})
elif GroupUsers.objects.filter(group=group, user=user).exists():
messages.info(request, _("%(user)s has already been added to this community") % {
'user': user.get_full_name()})
else:
messages.info(request, _("%(user)s has already been denied access to this community") % {
'user': user.get_full_name()})
return redirect("group_detail", group_slug=group.slug)
def group_edit(request, group_slug):
nav_selected = "communities"
group = get_object_or_404(Group, slug=group_slug, is_geo_group=False)
if not group.is_user_manager(request.user):
return forbidden(request)
if request.method == "POST":
if "change_group" in request.POST:
group_form = GroupForm(request.POST, request.FILES, instance=group)
if group_form.is_valid():
group = group_form.save()
messages.success(request, "%s has been updated." % group)
return redirect("group_edit", group_slug=group.slug)
else:
membership_form = MembershipForm(group=group)
discussions_form = DiscussionSettingsForm(instance=group)
if "discussion_settings" in request.POST:
discussions_form = DiscussionSettingsForm(request.POST,
instance=group)
if discussions_form.is_valid():
group = discussions_form.save()
messages.success(request, "%s has been updated." % group)
return redirect("group_edit", group_slug=group.slug)
else:
membership_form = MembershipForm(group=group)
group_form = GroupForm(instance=group)
elif "delete_group" in request.POST:
group.delete()
messages.success(request, "%s has been deleted." % group)
return redirect("group_list")
elif "change_membership" in request.POST:
membership_form = MembershipForm(group=group, data=request.POST)
if membership_form.is_valid():
membership_form.save()
if group.is_user_manager(request.user):
messages.success(
request, "%s's memberships have been updated." % group)
return render_to_response(
"groups/group_edit.html",
locals(),
context_instance=RequestContext(request))
else:
messages.success(
request,
"You no longer have permissions to edit %s" % group)
return redirect("group_detail", group_slug=group.slug)
else:
group_form = GroupForm(instance=group)
discussions_form = DiscussionSettingsForm(instance=group)
else:
messages.error(request, "No action specified.")
else:
group_form = GroupForm(instance=group)
membership_form = MembershipForm(group=group)
discussions_form = DiscussionSettingsForm(instance=group)
site = Site.objects.get_current()
requesters = group.requesters_to_grant_or_deny(request.user)
return render_to_response("groups/group_edit.html",
locals(),
context_instance=RequestContext(request))
def card(request, contrib_id=None, form_name=None):
# Get the contributor object if specified
if not contrib_id:
contributor = Contributor()
else:
contributor = get_object_or_404(Contributor, pk=contrib_id)
# Make sure the logged in user has access to view the card. User must have entered a survey for this
# contributor, or else have the edit_any_contributor permission
if ContributorSurvey.objects.filter(entered_by=request.user, contributor=contributor).exists() == False \
and request.user.has_perm("contributor.edit_any_contributor") == False:
return forbidden(request, "You don't have permission to edit this contributor.")
contrib_form = ContributorForm((request.POST or None), instance=contributor)
# If a survey_form was specified, use that, otherwise use a default
form_name = request.GET.get("form_name", str(form_name))
try:
survey_form = getattr(survey_forms, form_name)(contributor, request.user, (request.POST or None))
except AttributeError:
survey_form = survey_forms.PledgeCard(contributor, request.user, (request.POST or None))
if request.method == 'POST' and contrib_form.is_valid() and survey_form.is_valid():
# If the contrib form finds that the email already exists, it'll return the matched contributor
contributor = contrib_form.save()
# Make sure the survey form has the right contributor in case one was matched on email
survey_form.contributor = contributor
survey_form.save()
messages.success(request, "Commitment card for %s saved" % contributor.name)
if request.is_ajax():
if request.method == 'POST':
message_html = loader.render_to_string('_messages.html', {}, RequestContext(request))
return HttpResponse(message_html)
template = 'commitments/_card.html'
else:
if request.method == 'POST':
if request.POST.get("submit") == "save_and_add_another":
return redirect("commitments_card_create")
else:
return redirect("commitments_show")
template = 'commitments/card.html'
# Get the Surveys for the survey select widget
survey_types = Survey.objects.filter(is_active=True)
return render_to_response(template, {
"survey_form": survey_form,
"contrib_form": contrib_form,
"survey_types": survey_types,
"current_form_name": survey_form.__class__.__name__
}, context_instance=RequestContext(request))
def pdf_download(request, challenge_id=None):
challenge = get_object_or_404(Challenge, id=challenge_id)
if request.user != challenge.creator:
return forbidden(request, _('You do not have permissions to download %(challenge)s'
) % {'challenge': challenge})
supporters = Support.objects.filter(challenge=challenge).order_by("-pledged_at")
if not len(supporters):
messages.error(request, _("No one has signed this petition yet."))
return redirect("challenges_detail", challenge_id=challenge_id)
from challenges.pdf import _download
return _download(request, challenge, supporters)
def receive_mail(request):
try:
msg = base64.b64decode(request.raw_post_data)
except TypeError:
return forbidden(request)
msg = email.message_from_string(msg)
addr = msg.get("To")
if not addr:
return forbidden(request)
try:
values, tamper_check = base64.b64decode(addr).split("\0")
except TypeError:
return forbidden(request)
if hash_val(values) != tamper_check:
return forbidden(request)
try:
values = json.loads(values)
except ValueError:
return forbidden(request)
# The Discussion Form wants this hashed value as a tamper-proof check
values['parent_id_sig'] = hash_val(values['parent_id'])
try:
user = User.objects.get(email=values.pop("user"))
group = Group.objects.get(slug=values.pop("group"))
parent_disc = Discussion.objects.get(group=group, id=values['parent_id'])
except (User.DoesNotExist, Group.DoesNotExist, Discussion.DoesNotExist), e:
return forbidden(request)
def guests_edit(request, event_id, guest_id, type):
event = get_object_or_404(Event, id=event_id)
guest = get_object_or_404(Guest, id=guest_id)
if guest.event != event:
return forbidden(request, "Guest is not a member of this event")
if not hasattr(guest, type) and not hasattr(guest.contributor, type):
return forbidden(request, "Guest has no attribute %s" % type)
data = request.POST.copy()
for field in guest._meta.fields:
data[field.name] = field.value_from_object(guest)
data[type] = data.get("value")
form = GuestEditForm(instance=guest, data=data)
if form.is_valid():
form.save()
messages.success(request, "%s has been updated" % guest)
else:
for field,errors in form.errors.items():
for error in errors:
messages.error(request, error)
guest = Guest.objects.get(id=guest_id)
message_html = render_to_string("_messages.html", {}, context_instance=RequestContext(request))
guest_status = render_to_string("events/_guest_status.html", {"event": event, "guest": guest}, context_instance=RequestContext(request))
return HttpResponse(json.dumps({"message_html": message_html, "guest_status": guest_status}), mimetype="text/json")
def get_settings_from_event(query_string, user_id):
if ADMIN_SETTINGS_URL_VALIDATOR.validate(query_string):
# get the permission of the user
user_permission = get_current_user_permission(
user_id, query_string['permission'])
print(user_permission)
if user_permission['authorized'] == 'True':
# if yes, then get data
return get_site_settings_values()
else:
# else, return bad request
return forbidden()
else:
return bad_request(ADMIN_SETTINGS_URL_VALIDATOR.errors)
def group_event_request(request, group_id, event_id, action):
group = get_object_or_404(Group, id=group_id, is_geo_group=False)
event = get_object_or_404(Event, id=event_id)
if not group.is_user_manager(request.user):
return forbidden(request)
try:
event_request = GroupAssociationRequest.objects.get(event=event, group=group)
except GroupAssociationRequest.DoesNotExist:
event_request = None
if event_request:
if action == "approve":
event.groups.add(group)
event_request.approved = True
event_request.save()
messages.success(request, "Your community has been linked with %s" % event)
elif action == "deny":
event_request.delete()
messages.success(request, "Your community will not be linked with %s" % event)
elif group.event_set.filter(event=event).exists():
messages.info(request, "%s has already been linked with your community" % event)
else:
messages.info(request, "%s has not been linked with your community" % event)
return redirect("group_detail", group_slug=group.slug)
def patch_settings_from_event(**kwargs):
event = kwargs.get('event')
user_id = kwargs.get('user_id')
query_string = kwargs.get('query_string')
email = kwargs.get('email')
print(event)
body_or_bad_request = get_body_or_bad_request(event)
if body_or_bad_request['error']:
return body_or_bad_request['response']
body = body_or_bad_request['response']
print(body)
user_permission = get_current_user_permission(
user_id, query_string['permission'])
print(user_permission)
if not user_permission['authorized']:
return forbidden()
return patch_site_settings_values(body=body, email=email)
def group_external_link_form(request, group_id, link_type=None):
nav_selected = "communities"
group = get_object_or_404(Group, id=group_id)
if not group.is_user_manager(request.user):
return forbidden(request)
instance = None
if link_type == "twitter":
instance = group.twitter_link()
elif link_type == "facebook":
instance = group.facebook_link()
if request.method == "POST":
form = ExternalLinkForm(request.POST, instance=instance)
if form.is_valid():
link = form.save(group=group)
return redirect(group)
else:
form = ExternalLinkForm(instance=instance)
template = "group_links/_form.html" if request.is_ajax() \
else "group_links/form.html"
return render_to_response(template, locals(),
context_instance=RequestContext(request))
def edit(request, challenge_id=None):
challenge = get_object_or_404(Challenge, id=challenge_id)
if request.user != challenge.creator:
return forbidden(request, 'You do not have permissions to edit %s' % challenge)
return _edit(request, challenge)
def _wrapped_view(request, event_id, *args, **kwargs):
event = get_object_or_404(Event, id=event_id)
if event.has_manager_privileges(request.user):
return view_func(request, event_id, *args, **kwargs)
return forbidden(request, "You must be an event manager")
def _wrapped_view(request, event_id, *args, **kwargs):
event = get_object_or_404(Event, id=event_id)
if request.user.has_perm("events.view_any_event") or event.is_guest(request):
return view_func(request, event_id, *args, **kwargs)
return forbidden(request, "You are not a registered guest")
def handle_login(request):
logger.info("Starting handle_login")
args = parse_qs(request["querystring"])
redirect_to = "/"
# check if state is present
if "state" in args:
# need to decode state
state = args["state"][0]
logger.info("Got state of: {state}".format(state=state))
state = base64.b64decode(state).decode("utf-8")
logger.info("Decoded state: {state}".format(state=state))
state = json.loads(state)
if "source_url" in state:
# check hash
source_url_secret = CONFIG["STATE_SECRET"] + state["source_url"]
source_url_secret_hash = sha256(
source_url_secret.encode("utf-8")).hexdigest()
if source_url_secret_hash != state["hash"]:
return return_bad_request("Error validating state")
redirect_to = state["source_url"]
logger.info(
"Got source url from state of {url}".format(url=redirect_to))
try:
auth_code = args["code"]
logger.info(
"Got auth code from query string: {code}".format(code=auth_code))
# swap the authorisation code for tokens
resp = post_to_url(url=wkc_data["token_endpoint"],
grant_type="authorization_code",
client_id=CONFIG["CLIENT_ID"],
client_secret=CONFIG["CLIENT_SECRET"],
code=auth_code,
redirect_uri=CONFIG["REDIRECT_URI"])
resp = json.loads(resp)
logger.info("Exchanged authorisation code for tokens")
access_token = resp["access_token"]
refresh_token = resp["refresh_token"]
# if there is an allowed group set, we need to check the token has the claim for that group
if "ALLOWED_GROUP" in CONFIG:
allowed_group = CONFIG["ALLOWED_GROUP"]
if allowed_group != "":
logger.info("Need to check groups")
decoded_token = validate_jwt(api=CONFIG["VAL_API_URL"],
token=access_token,
key_set=keys,
aud=CONFIG["CLIENT_ID"])
decoded_token = json.loads(decoded_token.decode("utf-8"))
if "groups" in decoded_token:
if allowed_group in decoded_token["groups"]:
logger.info(
f"user has expected group of {allowed_group}")
else:
logger.info(
f"user is missing expected group of {allowed_group}"
)
return forbidden(
message=CONFIG["ACCESS_DENIED_MESSAGE"])
else:
logger.info("no groups claim in token")
return forbidden(message=CONFIG["ACCESS_DENIED_MESSAGE"])
# prepare response
r = redirect(redirect_to)
cookies = {}
cookies[CONFIG["AUTH_COOKIE"]] = access_token
cookies[CONFIG["REFRESH_COOKIE"]] = refresh_token
r = set_cookies(response=r,
cookies=cookies,
max_age=CONFIG.get("MAX_AGE", "10"))
logger.info("Returning response to client")
return r
except KeyError:
return return_bad_request("Bad request missing parameter")
def card(request, contrib_id=None, form_name=None):
# Get the contributor object if specified
if not contrib_id:
contributor = Contributor()
else:
contributor = get_object_or_404(Contributor, pk=contrib_id)
# Make sure the logged in user has access to view the card. User must have entered a survey for this
# contributor, or else have the edit_any_contributor permission
if ContributorSurvey.objects.filter(entered_by=request.user, contributor=contributor).exists() == False \
and request.user.has_perm("contributor.edit_any_contributor") == False:
return forbidden(
request, "You don't have permission to edit this contributor.")
# If the contributor has a location, get the zipcode
# TODO: move this to the form's init
contrib_loc = contributor.location.zipcode if contributor.location else ""
# Setup a contrib form
contrib_form = ContributorForm((request.POST or None),
instance=contributor,
initial={"zipcode": contrib_loc})
# If a survey_form was specified, use that, otherwise use a default
form_name = request.GET.get("form_name", str(form_name))
try:
survey_form = getattr(survey_forms,
form_name)(contributor, request.user,
(request.POST or None))
except AttributeError:
survey_form = survey_forms.PledgeCard(contributor, request.user,
(request.POST or None))
if request.method == 'POST' and contrib_form.is_valid(
) and survey_form.is_valid():
# If the contrib form finds that the email already exists, it'll return the matched contributor
contributor = contrib_form.save()
# Make sure the survey form has the right contributor in case one was matched on email
survey_form.contributor = contributor
survey_form.save()
messages.success(
request, "Commitment card for %s %s saved" % (
contributor.first_name,
contributor.last_name,
))
if request.is_ajax():
if request.method == 'POST':
message_html = loader.render_to_string('_messages.html', {},
RequestContext(request))
return HttpResponse(message_html)
template = 'commitments/_card.html'
else:
if request.method == 'POST':
if request.POST.get("submit") == "save_and_add_another":
return redirect("commitments_card_create")
else:
return redirect("commitments_show")
template = 'commitments/card.html'
# Get the Surveys for the survey select widget
survey_types = Survey.objects.filter(is_active=True)
return render_to_response(
template, {
"survey_form": survey_form,
"contrib_form": contrib_form,
"survey_types": survey_types,
"current_form_name": survey_form.__class__.__name__
},
context_instance=RequestContext(request))
def _wrapped_view(request, event_id, *args, **kwargs):
event = get_object_or_404(Event, id=event_id)
if request.user.has_perm("events.view_any_event") or event.is_guest(
request):
return view_func(request, event_id, *args, **kwargs)
return forbidden(request, "You are not a registered guest")
values['subject'] = "Re: %s" % parent_disc.subject
best_choice = None
for part in msg.walk():
if part.get_content_maintype() == 'multipart':
continue
if part.get_content_type() == 'text/plain':
best_choice = part
break
if best_choice is None and part.get_content_type() == 'text/html':
best_choice = part
if best_choice is None:
# No text/plain or text/html message was found in the email
# so we'll just reject it for now.
# TODO: figure out a sane approach to email content-type handling
return forbidden(request)
# TODO: process text/html message differently
charset = (best_choice.get_content_charset() or best_choice.get_charset()
or msg.get_content_charset() or msg.get_charset()
or 'utf-8')
values['body'] = best_choice.get_payload(decode=True).decode(charset)
disc_form = DiscussionCreateForm(values)
if not disc_form.is_valid():
return forbidden(request)
values = dict(
subject=disc_form.cleaned_data['subject'],
body=disc_form.cleaned_data['body'],
parent_id=disc_form.cleaned_data['parent_id'],
user=user,
def edit(request, challenge_id=None):
challenge = get_object_or_404(Challenge, id=challenge_id)
if request.user != challenge.creator:
return forbidden(request,
'You do not have permissions to edit %s' % challenge)
return _edit(request, challenge)
def _wrapped_view(request, event_id, *args, **kwargs):
event = get_object_or_404(Event, id=event_id)
if event.has_manager_privileges(request.user):
return view_func(request, event_id, *args, **kwargs)
return forbidden(request, "You must be an event manager")
