def index(request): county_objects = County.typical_objects().exclude(code='21').order_by('code') # Exclude Svalbard # We'll use a "fake" county to represent the entire country, with a sentinel ID value fake_national_county = County( id='all', name='Hele landet', ) # Prepend "entire country" to the county listing counties = [fake_national_county] counties.extend(county_objects) # Split the counties into groups pre-divided for 3 columns counties_three_columns = ( [county for i, county in enumerate(counties) if i % 3 == 0], [county for i, county in enumerate(counties) if (i - 1) % 3 == 0], [county for i, county in enumerate(counties) if (i - 2) % 3 == 0], ) context = { 'categories': Forening.PUBLIC_CATEGORIES, 'chosen_category': request.GET.get('kategori', 'foreninger').lower(), 'counties': counties, 'counties_three_columns': counties_three_columns, 'chosen_county_name': request.GET.get('fylke', fake_national_county.name), 'prerendered_select': render_forening_select(request), } return render(request, 'central/foreninger/list.html', context)
def index(request): annonser, start_index, end = Annonse.get_by_filter(request.session.get('fjelltreffen.filter', {})) context = { 'annonser': annonser, 'start_index': start_index, 'end': end, 'counties': County.typical_objects(), 'annonse_retention_days': settings.FJELLTREFFEN_ANNONSE_RETENTION_DAYS, 'age_limits': settings.FJELLTREFFEN_AGE_LIMITS, 'filter': request.session.get('fjelltreffen.filter') } return render(request, 'central/fjelltreffen/index.html', context)
def new(request): if not request.user.payment.status['is_paid']: return render(request, 'central/fjelltreffen/payment_required.html') other_active_annonse_exists = Annonse.get_active().filter(user=request.user, hidden=False).exists() context = { 'counties': County.typical_objects(), 'annonse_retention_days': settings.FJELLTREFFEN_ANNONSE_RETENTION_DAYS, 'obscured_age': Annonse.obscure_age(request.user.get_age()), 'other_active_annonse_exists': other_active_annonse_exists } return render(request, 'central/fjelltreffen/edit.html', context)
def edit(request, id): try: annonse = Annonse.objects.get(id=id) # checks if the user is the owner if annonse.user != request.user: raise PermissionDenied except Annonse.DoesNotExist: return render(request, 'central/fjelltreffen/edit_not_found.html') other_active_annonse_exists = Annonse.get_active().exclude(id=annonse.id).filter(user=request.user).exists() context = { 'annonse': annonse, 'counties': County.typical_objects(), 'annonse_retention_days': settings.FJELLTREFFEN_ANNONSE_RETENTION_DAYS, 'obscured_age': Annonse.obscure_age(request.user.get_age()), 'other_active_annonse_exists': other_active_annonse_exists } return render(request, 'central/fjelltreffen/edit.html', context)
def index(request): county_objects = County.typical_objects().exclude(code='21').order_by('code') # Exclude Svalbard # We'll use a "fake" county to represent the entire country, with a sentinel ID value fake_national_county = County( id='all', name='Hele landet', ) # Prepend "entire country" to the county listing counties = [fake_national_county] counties.extend(county_objects) # Split the counties into groups pre-divided for 3 columns counties_three_columns = ( [county for i, county in enumerate(counties) if i % 3 == 0], [county for i, county in enumerate(counties) if (i-1) % 3 == 0], [county for i, county in enumerate(counties) if (i-2) % 3 == 0], ) full_list = cache.get('foreninger.all.sorted_by_name.with_active_url') if full_list is None: all_foreninger_by_name = cache.get('foreninger.all.sorted_by_name') if all_foreninger_by_name is None: all_foreninger_by_name = list(Forening.objects.order_by('name')) cache.set('foreninger.all.sorted_by_name', all_foreninger_by_name, 60 * 60 * 24 * 7) full_list = [ (f.name, f.get_active_url() or f.get_main_foreninger()[0].get_active_url()) for f in all_foreninger_by_name ] cache.set('foreninger.all.sorted_by_name.with_active_url', full_list, 60 * 60 * 24 * 7) context = { 'categories': Forening.PUBLIC_CATEGORIES, 'chosen_category': request.GET.get('kategori', 'foreninger').lower(), 'counties': counties, 'counties_three_columns': counties_three_columns, 'chosen_county_name': request.GET.get('fylke', fake_national_county.name), 'full_list': full_list, } return render(request, 'central/foreninger/list.html', context)
def __init__(self, address): # Add fields, replacing NULL values with the empty string self.field1 = address.a1.strip() if address.a1 is not None else '' self.field2 = address.a2.strip() if address.a2 is not None else '' self.field3 = address.a3.strip() if address.a3 is not None else '' # Set the actual country object # Uppercase the country code (just in case - you never know with Focus) self.country = FocusCountry.get_by_code(code=address.country_code.upper()) if self.country.code == 'NO': # Norwegians - set the actual zipcode object try: self.zipcode = Zipcode.get_by_zipcode(zipcode=address.zipcode_id) except Zipcode.DoesNotExist: # Some addresses have NULL in the zipcode field for some reason. # Use a zipcode object with empty fields. self.zipcode = Zipcode() # Set the actual County object based on the zipcode if self.zipcode.zipcode != '': county_code = address.zipcode.county_code if county_code == INTERNATIONAL_ADDRESS_COUNTY_CODE: # International address; define the county as None for now. self.county = None else: self.county = County.get_by_code(code=county_code) else: self.county = None else: # Foreigners - ignore zipcode/area # Remove country code prefixes if self.field1.lower().startswith("%s-" % self.country.code.lower()): self.field1 = self.field1[len(self.country.code) + 1:].strip() if self.field2.lower().startswith("%s-" % self.country.code.lower()): self.field2 = self.field2[len(self.country.code) + 1:].strip() if self.field3.lower().startswith("%s-" % self.country.code.lower()): self.field3 = self.field3[len(self.country.code) + 1:].strip()
def save(request): if request.method != 'POST': return redirect('fjelltreffen:mine') # If user hasn't paid, allow editing, but not creating new annonser if not request.user.payment.status['is_paid'] and request.POST['id'] == '': raise PermissionDenied # Pre-save validations errors = False if request.POST.get('id', '') == '': # New annonse (not editing an existing one), create it annonse = Annonse() annonse.user = request.user else: annonse = Annonse.objects.get(id=request.POST['id']) if annonse.user != request.user: # someone is trying to edit an annonse that dosent belong to them raise PermissionDenied if request.POST.get('title', '') == '': messages.error(request, 'missing_title') errors = True if not validator.email(request.POST['email']): messages.error(request, 'invalid_email') errors = True if request.POST.get('text', '') == '': messages.error(request, 'missing_text') errors = True if 'image' in request.FILES: try: # Uploading image file = request.FILES['image'] data = file.read() extension = standardize_extension(file.name.split(".")[-1]) # Create the thumbnail thumb = PIL.Image.open(BytesIO(data)).copy() fp = BytesIO() thumb.thumbnail( [settings.FJELLTREFFEN_IMAGE_THUMB_SIZE, settings.FJELLTREFFEN_IMAGE_THUMB_SIZE], PIL.Image.ANTIALIAS, ) thumb.save(fp, extension) thumb_data = fp.getvalue() # Calculate sha1-hashes sha1 = hashlib.sha1() sha1.update(data) hash = sha1.hexdigest() sha1 = hashlib.sha1() sha1.update(thumb_data) thumb_hash = sha1.hexdigest() except Exception: logger.warning( "Kunne ikke laste opp Fjelltreffen-bilde", exc_info=sys.exc_info(), extra={'request': request} ) messages.error(request, 'image_upload_error') errors = True if errors: if request.POST.get('id', '') == '': return redirect('fjelltreffen:new') else: return redirect('fjelltreffen:edit', request.POST['id']) hidden = request.POST.get('hidden', 'hide') == 'hide' # Don't allow showing an already hidden annonse when you haven't paid if request.POST['id'] != '': if annonse.hidden and not request.user.payment.status['is_paid']: hidden = True # Don't create new annonser if you already have an active annonse if request.POST.get('id', '') == '': annonser_to_check = Annonse.get_active() else: annonser_to_check = Annonse.get_active().exclude(id=request.POST['id']) if annonser_to_check.filter(user=request.user).exists(): hidden = True if request.POST.get('county', '') == 'international': annonse.county = None else: annonse.county = County.typical_objects().get(id=request.POST.get('county', '')) # TODO: Validate and return form to user with error message annonse.title = request.POST.get('title', '')[:255] annonse.email = request.POST.get('email', '')[:255] if 'image' in request.FILES: # Delete any existing image annonse.delete_image() # Setup AWS connection conn = boto.connect_s3(settings.AWS_ACCESS_KEY_ID, settings.AWS_SECRET_ACCESS_KEY) bucket = conn.get_bucket(settings.AWS_S3_BUCKET) # Upload the original image to AWS key = bucket.new_key("%s/%s.%s" % (settings.AWS_S3_FOLDERS['fjelltreffen'], hash, extension)) key.content_type = file.content_type key.set_contents_from_string(data, policy='public-read') # Upload the thumbnail to AWS key = bucket.new_key("%s/%s.%s" % (settings.AWS_S3_FOLDERS['fjelltreffen'], thumb_hash, extension)) key.content_type = file.content_type key.set_contents_from_string(thumb_data, policy='public-read') # Update the DB fields with new images annonse.image = "%s.%s" % (hash, extension) annonse.image_thumb = "%s.%s" % (thumb_hash, extension) annonse.text = request.POST.get('text', '') annonse.hidden = hidden annonse.hideage = request.POST.get('hideage', '') == 'hide' annonse.save() return redirect('fjelltreffen:mine')
def edit(request, aktivitet): if request.method == 'GET': aktivitet = Aktivitet.objects.prefetch_related('municipalities', 'counties').get(id=aktivitet) context = { 'aktivitet': aktivitet, 'difficulties': Aktivitet.DIFFICULTY_CHOICES, 'audiences': AktivitetAudience.AUDIENCE_CHOICES, 'categories': Aktivitet.CATEGORY_CHOICES, 'all_foreninger': Forening.get_all_sorted(), 'cabins': Cabin.objects.order_by('name'), 'admin_user_search_char_length': settings.ADMIN_USER_SEARCH_CHAR_LENGTH, 'counties': County.typical_objects().order_by('name'), 'municipalities': Municipality.objects.order_by('name'), 'omrader': sorted(Omrade.lookup(), key=lambda o: o.navn), 'now': datetime.now() } return render(request, 'common/admin/aktiviteter/edit/edit.html', context) elif request.method == 'POST': errors = False aktivitet = Aktivitet.objects.get(id=aktivitet) if aktivitet.is_imported(): # Should only be possible by circumventing client-side restrictions return redirect('admin.aktiviteter.views.edit', aktivitet.id) if 'code' in request.POST: aktivitet.code = request.POST['code'] if 'title' in request.POST: aktivitet.title = request.POST['title'] if 'description' in request.POST: aktivitet.description = request.POST['description'] if 'difficulty' in request.POST: aktivitet.difficulty = request.POST['difficulty'] if 'audiences' in request.POST: aktivitet.audiences = [ AktivitetAudience.objects.get(name=audience) for audience in request.POST.getlist('audiences') ] if 'category' in request.POST: aktivitet.category = request.POST['category'] if 'category_type' in request.POST: aktivitet.category_type = request.POST['category_type'] if 'publish' in request.POST: aktivitet.published = request.POST.get('publish') == 'publish' if 'getting_there' in request.POST: aktivitet.getting_there = request.POST['getting_there'] if 'omrader' in request.POST: aktivitet.omrader = request.POST.getlist('omrader') if 'ntb_id' not in request.POST or request.POST['ntb_id'] == '': aktivitet.turforslag = None else: aktivitet.turforslag = request.POST['ntb_id'] if aktivitet.published: # If published, set the extra relevant fields (otherwise ignore them) aktivitet.private = request.POST['private'] == 'private' try: aktivitet.pub_date = datetime.strptime(request.POST['pub_date'], "%d.%m.%Y").date() except ValueError: errors = True messages.error(request, 'invalid_date_format') forening_type, forening_id = request.POST['forening'].split(':') if forening_type == 'forening': forening = Forening.objects.get(id=forening_id) if not forening in request.user.children_foreninger(): raise PermissionDenied aktivitet.forening = forening elif forening_type == 'cabin': aktivitet.forening_cabin = Cabin.objects.get(id=forening_id) else: raise PermissionDenied if 'co_foreninger[]' in request.POST and request.POST['co_foreninger[]'] != '': co_foreninger = [] co_foreninger_cabin = [] for co_forening in request.POST.getlist('co_foreninger[]'): type, id = co_forening.split(':') if type == 'forening': co_foreninger.append(id) elif type == 'cabin': co_foreninger_cabin.append(id) else: raise PermissionDenied aktivitet.co_foreninger = co_foreninger aktivitet.co_foreninger_cabin = co_foreninger_cabin else: aktivitet.co_foreninger = [] aktivitet.co_foreninger_cabin = [] if 'latlng' in request.POST: latlng = request.POST['latlng'].split(',') if len(latlng) == 2: aktivitet.start_point = Point(float(latlng[0]), float(latlng[1])) aktivitet.save() aktivitet.counties = request.POST.getlist('counties') aktivitet.municipalities = request.POST.getlist('municipalities') aktivitet.category_tags.clear() if 'category_tags' in request.POST and request.POST['category_tags'] != '': for tag in request.POST.getlist('category_tags'): obj, created = Tag.objects.get_or_create(name=tag) aktivitet.category_tags.add(obj) aktivitet.images.all().delete() for i, image in parse_html_array(request.POST, 'images').items(): AktivitetImage( aktivitet=aktivitet, url=image['url'], text=image['description'], photographer=image['photographer'], order=i ).save() dates = parse_html_array(request.POST, 'dates').items() # Remove the date objects that were explicitly deleted (checks and verifications are done # client-side). Verify that those that would be implicitly deleted (by not being POSTed for # editing) match those explicitly POSTed. date_ids = [int(d['id']) for k, d in dates if d['id'] != ''] implicit_del = set([date.id for date in aktivitet.dates.all() if date.id not in date_ids]) if len(implicit_del) > 0: # Better to raise an exception and not delete anything. The user will be confused and # lose edits, but we'll get a report and hopefully be able to fix this, if it ever # happens. raise Exception("Implicit delete of AktivitetDate is strictly forbidden!") for i, date in dates: if date['id'] != '': # @TODO Check if this can be exploited. Can you hijack another trip's date by # setting an arbitrary ID in the date['id'] field? model = AktivitetDate.objects.get(id=date['id']) else: model = AktivitetDate(aktivitet=aktivitet) # @TODO for existing dates; if model.start_date > now; dissalow editing. # Explicit delete of dates if date['status'] == 'delete': if date['id'] != '': if model.participant_count() > 0: raise Exception("Date with participants can not be deleted!") model.delete() continue try: if not date['start_time']: date['start_time'] = '08:00' if not date['end_time']: date['end_time'] = '16:00' # @TODO check start_time > now model.start_date = datetime.strptime( "%s %s" % (date['start_date'], date['start_time']), "%d.%m.%Y %H:%M" ) # @TODO check end_time > start_time model.end_date = datetime.strptime( "%s %s" % (date['end_date'], date['end_time']), "%d.%m.%Y %H:%M" ) # @TODO check start_date > meeting_time if date['start_date'] and date['meeting_time']: model.meeting_time = datetime.strptime( "%s %s" % (date['start_date'], date['meeting_time']), "%d.%m.%Y %H:%M" ) if not date['signup_method'] or date['signup_method'] == 'none': # To the next maintainer. This block indicates that a date does not allow # signup. However, keep in mind that this might be an existing date with # participants. Hence, do not set model.participant to None event though it # might be tempting! model.signup_enabled = False model.signup_start = None model.signup_deadline = None model.cancel_deadline = None elif date['signup_method'] == 'normal' or date['signup_method'] == 'simple': model.signup_enabled = True if date.get('max_participants_limited'): model.max_participants = date['max_participants'] else: model.max_participants = None if date.get('no_signup_start') == '1': model.signup_start = None else: model.signup_start = datetime.strptime( date['signup_start'], "%d.%m.%Y", ).date() if 'no_signup_deadline' in date and date['no_signup_deadline'] == '1': model.signup_deadline = None elif 'signup_deadline' in date and date['signup_deadline'] != '': model.signup_deadline = datetime.strptime( date['signup_deadline'], "%d.%m.%Y", ).date() if 'no_cancel_deadline' in date and date['no_cancel_deadline'] == '1': model.cancel_deadline = None elif 'cancel_deadline' in date and date['cancel_deadline'] != '': model.cancel_deadline = datetime.strptime( date['cancel_deadline'], "%d.%m.%Y" ).date() else: raise Exception("Unrecognized POST value for signup_method field") except ValueError: errors = True messages.error(request, 'invalid_date_format') return redirect('admin.aktiviteter.views.edit', aktivitet.id) # Note that simple signup is currently disabled and due to be removed model.signup_simple_allowed = False model.meeting_place = date['meeting_place'] model.contact_type = date['contact_type'] model.contact_custom_name = date['contact_custom_name'] model.contact_custom_phone = date['contact_custom_phone'] model.contact_custom_email = date['contact_custom_email'] model.should_have_turleder = date.get('should_have_turleder') == '1' model.save() if date.get('should_have_turleder') == '1': # We need to specify the key for this particular field because the parse_html_array # function does not properly parse multidimensional arrays. key = 'dates[%s][turleder][]' % i if key in request.POST and request.POST[key] != '': model.turledere = request.POST.getlist(key) else: model.turledere = [] if not errors: messages.info(request, 'save_success') if json.loads(request.POST['preview']): return redirect('admin.aktiviteter.views.preview', aktivitet.id) else: return redirect('admin.aktiviteter.views.edit', aktivitet.id)