def server(request, attachment, thumb=False):
try:
attachment = Attachment.objects.select_related('forum', 'thread', 'post', 'user').get(hash_id=attachment)
if attachment.forum:
request.acl.forums.allow_forum_view(attachment.forum)
if attachment.thread:
request.acl.threads.allow_thread_view(request.user, attachment.thread)
if attachment.forum.special == 'private_threads':
if not request.user.is_authenticated():
raise ACLError404()
can_see_thread_because_reported = (
request.acl.private_threads.is_mod() and attachment.thread.replies_reported)
can_see_thread_because_participates = request.user in attachment.thread.participants.all()
if not (can_see_thread_because_reported or can_see_thread_because_participates):
raise ACLError404()
if attachment.post:
request.acl.threads.allow_post_view(request.user, attachment.thread, attachment.post)
request.acl.threads.allow_attachment_download(request.user, attachment.forum, attachment.post)
return serve_file(attachment, thumb)
except ACLError403:
if attachment.is_image:
return serve_403_image()
return error403(request, _("You don't have permission to download this file."))
except (Attachment.DoesNotExist, ACLError404):
if thumb:
return serve_404_image()
return error404(request, _("Requested file could not be found."))
def allow_deleted_post_view(self, forum):
try:
forum_role = self.acl[forum.pk]
if not forum_role['can_delete_posts']:
raise ACLError404()
except KeyError:
raise ACLError404()
def allow_thread_view(self, user, thread):
try:
forum_role = self.acl[thread.forum_id]
if forum_role['can_read_threads'] == 0:
raise ACLError403(_("You don't have permission to read threads in this forum."))
if forum_role['can_read_threads'] == 1 and thread.weight < 2 and thread.start_poster_id != user.id:
raise ACLError404()
if thread.moderated and not (forum_role['can_approve'] or (user.is_authenticated() and user == thread.start_poster)):
raise ACLError404()
if thread.deleted and not forum_role['can_delete_threads']:
raise ACLError404()
except KeyError:
raise ACLError403(_("You don't have permission to read threads in this forum."))
def make_query(self, search_data):
try:
sqs = MisagoSearchQuerySet(self.request.user, self.request.acl)
if self.search_route == 'search_private_threads':
sqs.allow_forum_search(
Forum.objects.special_model('private_threads'))
elif self.search_route == 'search_reports':
sqs.allow_forum_search(Forum.objects.special_model('reports'))
else:
if search_data.get('search_forums'):
if search_data.get('search_forums_childs'):
Forum.objects.populate_tree()
forums_tree = Forum.objects.forums_tree
readable_forums = Forum.objects.readable_forums(
self.request.acl)
ranges = []
for forum in search_data.get('search_forums'):
if not ranges or ranges[-1][1] < forum.rght:
ranges.append((forum.lft, forum.rght))
forums = []
for rang in ranges:
for pk, forum in forums_tree.items():
if pk in readable_forums:
if forum.lft >= rang[
0] and forum.rght <= rang[1]:
forums.append(pk)
if forum.lft > rang[1]:
break
sqs.in_forums(forums)
else:
sqs.in_forums(
[f.pk for f in search_data.get('search_forums')])
else:
sqs.in_forums(
Forum.objects.readable_forums(self.request.acl))
if search_data.get('search_thread_titles'):
sqs.search_thread_name(search_data.get('search_query'))
sqs.search_thread_titles()
else:
sqs.search_content(search_data.get('search_query'))
if search_data.get('search_thread'):
sqs.search_thread_name_link(search_data.get('search_thread'))
if search_data.get('search_author'):
sqs.search_user_name(search_data.get('search_author'))
if search_data.get('search_before'):
sqs.search_before(search_data.get('search_before'))
if search_data.get('search_after'):
sqs.search_after(search_data.get('search_after'))
return sqs
except Thread.DoesNotExist:
raise ACLError404()
def fetch_poll(self):
self.poll = Poll.objects.select_for_update().get(thread=self.thread.pk)
if not self.poll:
raise ACLError404(_("Poll could not be found."))
self.poll.option_set.all()
self.poll.user_votes = self.request.user.pollvote_set.filter(poll=self.poll)
self.request.acl.threads.allow_vote_in_polls(self.forum, self.thread, self.poll)
def make_jump(self):
if not self.request.acl.threads.can_mod_posts(self.forum):
raise ACLError404()
try:
return self.redirect_to_post(
self.thread.post_set.get(reported=True))
except Post.DoesNotExist:
return error404(self.request)
def make_jump(self):
if not self.request.acl.threads.can_approve(self.forum):
raise ACLError404()
try:
return self.redirect_to_post(
self.thread.post_set.filter(moderated=True)[:1][0])
except IndexError:
return error404(self.request)
def check_permissions(self):
try:
if self.thread.pk:
if not ((self.thread.replies_reported > 0
and self.request.acl.private_threads.is_mod()) or
(self.request.user in self.thread.participants.all())):
raise ACLError404()
except AttributeError:
pass
def fetch_forum(self):
self.forum = Forum.objects.get(pk=self.kwargs.get('forum'),
type='forum')
self.prefixes = ThreadPrefix.objects.forum_prefixes(self.forum)
self.active_prefix = self.kwargs.get('prefix', None)
if self.active_prefix:
for prefix in self.prefixes.values():
if self.active_prefix == prefix.slug:
self.active_prefix = prefix
break
else:
raise ACLError404()
def __call__(self, request, **kwargs):
try:
if request.user.is_crawler():
raise ACLError404()
if not request.acl.search.can_search():
raise ACLError403(
_("You don't have permission to search community."))
self.request = request
return self.call(**kwargs)
except ACLError403 as e:
return error403(request, unicode(e))
except ACLError404 as e:
return error404(request, unicode(e))
def make_query(self, search_query):
sqs = SearchQuerySet()
if self.request.POST.get('search_thread_titles'):
sqs = sqs.filter(thread_name=AutoQuery(search_query))
else:
sqs = sqs.auto_query(search_query)
if self.request.POST.get('search_in') == 'private':
if not (self.request.acl.private_threads.can_participate()
and self.request.settings['enable_private_threads']):
raise ACLError404()
sqs = sqs.filter(thread__in=[
t.pk for t in self.request.user.private_thread_set.all()
])
elif self.request.POST.get('search_in') == 'reports':
if not self.request.acl.reports.can_handle():
raise ACLError404()
sqs = sqs.filter(forum=Forum.objects.special_pk('reports'))
elif self.request.POST.get('search_in') == 'thread':
try:
thread_id = int(self.request.POST.get('search_thread'))
thread_clean = Thread.objects.get(id=thread_id)
if not thread_clean.forum_id in Forum.objects.readable_forums(
self.request.acl, True):
raise ACLError404()
self.thread_clean = thread_clean
sqs = sqs.filter(thread=thread_clean.pk)
except (TypeError, Thread.DoesNotExist):
raise ACLError404()
else:
sqs = sqs.filter(
forum__in=Forum.objects.readable_forums(self.request.acl))
if self.request.POST.get('search_author'):
sqs = sqs.filter(
author__exact=self.request.POST.get('search_author'))
return sqs
def __call__(self, request, **kwargs):
self.search_route = self.default_search_route
self.search_form = self.default_search_form
try:
self.request = request
if request.user.is_crawler():
raise ACLError404()
self.check_acl()
if not request.acl.search.can_search():
raise ACLError403(
_("You don't have permission to search community."))
if self.request.method == "POST":
return self.search(request)
return self.draw_form(request)
except ACLError403 as e:
return error403(request, unicode(e))
except ACLError404 as e:
return error404(request, unicode(e))
def form_initial_data(self):
if self.kwargs.get('user'):
try:
user = User.objects.get(id=self.kwargs.get('user'))
acl = user.acl(self.request)
if not acl.private_threads.can_participate():
raise ACLError403(
_("This member can not participate in private threads."
))
if (not self.request.acl.private_threads.can_invite_ignoring()
and not user.allow_pd_invite(self.request.user)):
raise ACLError403(
_('%(user)s restricts who can invite him to private threads.'
) % {'user': user.username})
return {'invite_users': user.username}
except User.DoesNotExist:
raise ACLError404()
return {}
def check_acl(self):
if not self.request.acl.reports.can_handle():
raise ACLError404()
def allow_forum_view(self, forum):
if not self.can_see(forum):
raise ACLError404()
if not self.can_browse(forum):
raise ACLError403(_("You don't have permission to browse this forum."))
def check_acl(self):
if not self.request.acl.private_threads.can_participate():
raise ACLError404()
def allow_post_view(self, user, thread, post):
forum_role = self.acl[thread.forum_id]
if post.moderated and not (forum_role['can_approve'] or (user.is_authenticated() and user == post.user)):
raise ACLError404()
if post.deleted and not (forum_role['can_delete_posts'] or (user.is_authenticated() and user == post.user)):
raise ACLError404()
def check_permissions(self):
if self.request.method != 'POST':
raise ACLError404()
if not self.request.user.is_authenticated():
raise ACLError403(_("Only registered users can vote in polls."))
def fetch_poll(self):
if not self.thread.poll:
raise ACLError404(_('Selected poll could not be found.'))
self.poll = self.thread.poll
def allow_details_view(self):
if not self.acl['can_see_users_trails']:
raise ACLError404()
