def prepare_vars(request, vars): vars_with_user = vars.copy() vars_with_user['user'] = get_user(request) # csrf protection if request.session.has_key('csrf_token'): vars_with_user['csrf_token'] = request.session['csrf_token'] vars_with_user['utils'] = utils vars_with_user['settings'] = settings vars_with_user['HELIOS_STATIC'] = '/static/helios/helios' vars_with_user['TEMPLATE_BASE'] = helios.TEMPLATE_BASE vars_with_user['CURRENT_URL'] = request.path vars_with_user['SECURE_URL_HOST'] = settings.SECURE_URL_HOST vars_with_user['voter'] = request.session.get('CURRENT_VOTER') trustee = None if request.session.has_key('helios_trustee_uuid') and not 'trustee' in vars: try: from helios.models import Trustee trustee = Trustee.objects.get(uuid=request.session.get('helios_trustee_uuid')) election = trustee.election except: try: del request.session['helios_trustee_uuid'] except: pass vars_with_user['trustee'] = vars.get('trustee', trustee) return vars_with_user
def index(request): """ the page from which one chooses how to log in. """ user = get_user(request) # single auth system? if len(auth.ENABLED_AUTH_SYSTEMS) == 1 and not user: return HttpResponseRedirect( reverse(start, args=[auth.ENABLED_AUTH_SYSTEMS[0]]) + '?return_url=' + request.GET.get('return_url', '')) #if auth.DEFAULT_AUTH_SYSTEM and not user: # return HttpResponseRedirect(reverse(start, args=[auth.DEFAULT_AUTH_SYSTEM])+ '?return_url=' + request.GET.get('return_url', '')) default_auth_system_obj = None if auth.DEFAULT_AUTH_SYSTEM: default_auth_system_obj = AUTH_SYSTEMS[auth.DEFAULT_AUTH_SYSTEM] #form = password.LoginForm() return render_template( request, 'index', { 'return_url': request.GET.get('return_url', reverse('home')), 'enabled_auth_systems': auth.ENABLED_AUTH_SYSTEMS, 'default_auth_system': auth.DEFAULT_AUTH_SYSTEM, 'default_auth_system_obj': default_auth_system_obj })
def follow_view(request): if request.method == "GET": from heliosauth.view_utils import render_template from heliosauth.views import after return render_template(request, 'twitter/follow', { 'user_to_follow': USER_TO_FOLLOW, 'reason_to_follow': REASON_TO_FOLLOW }) if request.method == "POST": follow_p = bool(request.POST.get('follow_p', False)) if follow_p: from heliosauth.security import get_user user = get_user(request) twitter_client = _get_client_by_token(user.token) result = twitter_client.oauth_request( 'http://api.twitter.com/1/friendships/create.json', args={'screen_name': USER_TO_FOLLOW}, method='POST') from heliosauth.views import after_intervention return HttpResponseRedirect(reverse(after_intervention))
def election_admin_wrapper(request, election_uuid=None, *args, **kw): election = get_election_by_uuid(election_uuid) if not election: raise Http404 if election.canceled_at: from helios.views import render_template return render_template(request, 'election_canceled', {'election': election}) user = get_user(request) skip_admin_check = False if user and user.superadmin_p and checks.get( 'allow_superadmin', False): skip_admin_check = True if not user_can_admin_election(user, election) and not skip_admin_check: raise PermissionDenied('5') # do checks do_election_checks(election, checks) return func(request, election, *args, **kw)
def stats(request): user = get_user(request) uuid = request.GET.get('uuid', None) election = None if uuid: election = Election.objects.filter(uuid=uuid) if not (user and user.superadmin_p): election = election.filter(is_completed=True) election = election.defer('encrypted_tally', 'result')[0] if user and user.superadmin_p: elections = Election.objects.filter(is_completed=True) else: elections = Election.objects.filter(is_completed=True) elections = elections.order_by('-created_at').defer('encrypted_tally', 'result') return render_template(request, 'zeus/stats', {'menu_active': 'stats', 'election': election, 'uuid': uuid, 'user': user, 'elections': elections})
def resources(request): user = get_user(request) MANUALS_URL = '/static/documentation/manuals/' return render_template(request, "zeus/resources", { 'MANUALS_URL': MANUALS_URL, 'menu_active': 'resources', 'user': user})
def can_create_election(request): user = get_user(request) if not user: return False if helios.ADMIN_ONLY: return user.admin_p else: return user != None
def render_template(request, template_name, vars = {}): t = loader.get_template(template_name + '.html') vars_with_user = vars.copy() vars_with_user['user'] = get_user(request) vars_with_user['settings'] = settings vars_with_user['CURRENT_URL'] = request.path # csrf protection if request.session.has_key('csrf_token'): vars_with_user['csrf_token'] = request.session['csrf_token'] return render_to_response('server_ui/templates/%s.html' % template_name, vars_with_user)
def render_template(request, template_name, vars={}): t = loader.get_template(template_name + '.html') vars_with_user = vars.copy() vars_with_user['user'] = get_user(request) vars_with_user['settings'] = settings vars_with_user['CURRENT_URL'] = request.path # csrf protection if request.session.has_key('csrf_token'): vars_with_user['csrf_token'] = request.session['csrf_token'] return render_to_response('server_ui/templates/%s.html' % template_name, vars_with_user)
def prepare_vars(request, vars): vars_with_user = vars.copy() if request: vars_with_user['user'] = get_user(request) vars_with_user['csrf_token'] = request.session['csrf_token'] vars_with_user['SECURE_URL_HOST'] = settings.SECURE_URL_HOST vars_with_user['STATIC'] = '/static/auth' vars_with_user['MEDIA_URL'] = '/static/auth/' vars_with_user['TEMPLATE_BASE'] = auth.TEMPLATE_BASE vars_with_user['settings'] = settings return vars_with_user
def user_can_see_election(request, election): user = get_user(request) if not election.private_p: return True # election is private # but maybe this user is the administrator? if user_can_admin_election(user, election): return True # or maybe this is a trustee of the election? trustee = get_logged_in_trustee(request) if trustee and trustee.election.uuid == election.uuid: return True # then this user has to be a voter return (get_voter(request, user, election) != None)
def follow_view(request): if request.method == "GET": from heliosauth.view_utils import render_template from heliosauth.views import after return render_template(request, 'twitter/follow', {'user_to_follow': USER_TO_FOLLOW, 'reason_to_follow' : REASON_TO_FOLLOW}) if request.method == "POST": follow_p = bool(request.POST.get('follow_p',False)) if follow_p: from heliosauth.security import get_user user = get_user(request) twitter_client = _get_client_by_token(user.token) result = twitter_client.oauth_request('http://api.twitter.com/1/friendships/create.json', args={'screen_name': USER_TO_FOLLOW}, method='POST') from heliosauth.views import after_intervention return HttpResponseRedirect(reverse(after_intervention))
def change_password(request): user = get_user(request) if not user or user.user_type != 'password': return HttpResponseRedirect('/') password_changed = request.GET.get('password_changed', None) if not user.user_type == "password": return HttpResponseForbidden() form = ChangePasswordForm(user) if request.method == "POST": form = ChangePasswordForm(user, request.POST) if form.is_valid(): form.save() return HttpResponseRedirect(reverse('heliosauth.views.change_password') + \ '?password_changed=1') return render_template(request, 'change_password', {'form': form, 'password_changed': password_changed})
def election_admin_wrapper(request, election_uuid=None, *args, **kw): election = get_election_by_uuid(election_uuid) if not election: raise Http404 if election.canceled_at: from helios.views import render_template return render_template(request, 'election_canceled', {'election': election}) user = get_user(request) skip_admin_check = False if user and user.superadmin_p and checks.get('allow_superadmin', False): skip_admin_check = True if not user_can_admin_election(user, election) and not skip_admin_check: raise PermissionDenied('5') # do checks do_election_checks(election, checks) return func(request, election, *args, **kw)
def index(request): """ the page from which one chooses how to log in. """ user = get_user(request) # single auth system? if len(auth.ENABLED_AUTH_SYSTEMS) == 1 and not user: return HttpResponseRedirect(reverse(start, args=[auth.ENABLED_AUTH_SYSTEMS[0]])+ '?return_url=' + request.GET.get('return_url', '')) #if auth.DEFAULT_AUTH_SYSTEM and not user: # return HttpResponseRedirect(reverse(start, args=[auth.DEFAULT_AUTH_SYSTEM])+ '?return_url=' + request.GET.get('return_url', '')) default_auth_system_obj = None if auth.DEFAULT_AUTH_SYSTEM: default_auth_system_obj = AUTH_SYSTEMS[auth.DEFAULT_AUTH_SYSTEM] #form = password.LoginForm() return render_template(request,'index', {'return_url' : request.GET.get('return_url', reverse('home')), 'enabled_auth_systems' : auth.ENABLED_AUTH_SYSTEMS, 'default_auth_system': auth.DEFAULT_AUTH_SYSTEM, 'default_auth_system_obj': default_auth_system_obj})
def faqs_trustee(request): user = get_user(request) return render_template(request, "zeus/faqs_admin", {'menu_active': 'faqs', 'submenu': 'admin', 'user': user})
def home(request): user = get_user(request) return render_template(request, "zeus/home", {'menu_active': 'home', 'user': user, 'bad_login': request.GET.get('bad_login')})
def faqs_voter(request): user = get_user(request) return render_template(request, "zeus/faqs_voter", {'menu_active': 'faqs', 'submenu': 'voter', 'user': user})
def require_admin(request): user = get_user(request) if not user or not user.admin_p: raise PermissionDenied() return user