def _submit_photo(request,hunt):
f = SubmissionForm(request.POST, request.FILES)
if not f.is_valid():
return api_utils.api_error(request,str(f.errors))
# Ensure the time is within the hunt
response = _ensure_current(request, hunt)
if response:
return response
photo = f.save(commit=False)
if request.user.is_authenticated():
photo.user = request.user
else:
photo.anon_source = get_anon_source(request)
photo.ip_address = request.META.get('REMOTE_ADDR')
photo.hunt = hunt
photo.submit()
# response_content_type is an idiotic hack to work around some
# weird interaction between JSONView and ajaxSubmit().
response = HttpResponse(api_utils.to_json(request,photo),
status=201,
content_type=request.POST.get('response_content_type',
api_utils.JSON_TYPE))
response['Content-Location'] = request.build_absolute_uri(photo.get_api_url())
return response;
def photo_by_id(request,slug,object_id):
submission = get_object_or_404(Submission,pk=object_id)
if request.method == 'GET':
return api_utils.to_json(request, submission)
elif request.method == 'DELETE':
return _delete_photo(request, submission)
else:
return HttpResponseBadRequest()
def _comment_by_id(request,slug,comment_id,object_id=None):
comment = get_object_or_404(Comment,pk=comment_id)
if request.method == 'GET':
return api_utils.to_json(request, comment)
elif request.method == 'DELETE':
# TODO: Only allow deleting comments from the source
# or from someone who has permission to do so
return HttpResponse()
else:
return HttpResponseBadRequest()
def _submit_comment(request, hunt, submission):
f = CommentForm(request.POST)
if not f.is_valid():
return api_utils.api_error(request,str(f.errors))
# You can leave a comment at any time
comment = f.save(commit=False)
if request.user.is_authenticated():
comment.user = request.user
else:
comment.anon_source = get_anon_source(request)
comment.ip_address = request.META.get('REMOTE_ADDR')
comment.hunt = hunt
comment.submission = submission
comment.save()
response = HttpResponse(api_utils.to_json(request,comment),
status=201,
content_type=api_utils.JSON_TYPE)
response['Content-Location'] = request.build_absolute_uri(comment.get_api_url())
return response
def user_activity_view(request,slug):
user = get_object_or_404(User, username=slug)
profile,created = Profile.objects.get_or_create(user=user)
if not profile.public_activity:
if request.user != user:
return HttpResponseForbidden()
since = request.REQUEST.get("since")
if since:
# better be parsable as ISO
try:
since = iso8601.parse_date(since)
if since.utcoffset():
return utils.api_error(request, "We currently don't support non-UTC times")
since = since.replace(tzinfo=None)
except ValueError:
return utils.api_error(request, "Unable to parse: " + since)
url = request.build_absolute_uri(reverse('profile', kwargs={ 'slug': slug }))
activity = map(_convert_to_activity(request), user_activity(user, since))
return utils.to_json(request, { 'user': { 'name': slug, 'url': url }, 'activity': activity })
def user_info(request,slug):
user = get_object_or_404(User, username=slug)
activity_url = request.build_absolute_uri(reverse('api-user-activity',
kwargs={ 'slug': slug }))
return utils.to_json(request, { 'activity': activity_url })
def _get_comments(request,set):
# TODO: BAD! Don't use list() on a QuerySet. We don't know how large it is!
# We should use pagination for this.
return api_utils.to_json(request,{ 'comments':list(_slice(request,set))})