def edit(request, id, form_class=NewsForm, template_name="news/edit.html"):
news = get_object_or_404(News, pk=id)
# check permission
if not has_perm(request.user, "news.change_news", news):
raise Http403
form = form_class(instance=news, user=request.user)
if request.method == "POST":
form = form_class(request.POST, instance=news, user=request.user)
if form.is_valid():
news = form.save(commit=False)
# update all permissions and save the model
news = update_perms_and_save(request, form, news)
log_defaults = {
"event_id": 305200,
"event_data": "%s (%d) edited by %s" % (news._meta.object_name, news.pk, request.user),
"description": "%s edited" % news._meta.object_name,
"user": request.user,
"request": request,
"instance": news,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, "Successfully updated %s" % news)
return HttpResponseRedirect(reverse("news.view", args=[news.slug]))
return render_to_response(template_name, {"news": news, "form": form}, context_instance=RequestContext(request))
def add(request, form_class=NavForm, template_name="navs/add.html"):
if not has_perm(request.user, 'navs.add_nav'):
raise Http403
if request.method == "POST":
form = form_class(request.POST, user=request.user)
if form.is_valid():
nav = form.save(commit=False)
nav = update_perms_and_save(request, form, nav)
log_defaults = {
'event_id' : 195100,
'event_data': '%s (%d) added by %s' % (nav._meta.object_name, nav.pk, request.user),
'description': '%s added' % nav._meta.object_name,
'user': request.user,
'request': request,
'instance': nav,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % nav)
return redirect('navs.edit_items', id=nav.id)
else:
form = form_class(user=request.user)
return render_to_response(
template_name,
{'form':form},
context_instance=RequestContext(request),
)
def save_model(self, request, object, form, change):
instance = form.save(commit=False)
# update all permissions and save the model
instance = update_perms_and_save(request, form, instance)
return instance
def user_membership_add(request, username, form_class=UserMembershipForm, template_name="profiles/add_membership.html"):
user = get_object_or_404(User, username=username)
try:
profile = Profile.objects.get(user=user)
except Profile.DoesNotExist:
profile = Profile.objects.create_profile(user=user)
if not is_admin(request.user):
raise Http403
if request.method == 'POST':
form = form_class(request.POST)
if form.is_valid():
membership = form.save(commit=False)
membership = update_perms_and_save(request, form, membership)
messages.add_message(request, messages.SUCCESS, 'Successfully updated memberships for %s' % user.get_full_name())
return HttpResponseRedirect("%s%s" % (reverse('profile', args=[user.username]),'#userview-memberships'))
else:
form = form_class(initial={'user':user})
return render_to_response(template_name, {
'form': form,
'user_this': user,
}, context_instance=RequestContext(request))
def edit(request, id, form_class=FileForm, template_name="files/edit.html"):
file = get_object_or_404(File, pk=id)
# check permission
if not has_perm(request.user,'files.change_file',file):
raise Http403
if request.method == "POST":
form = form_class(request.POST, request.FILES, instance=file, user=request.user)
if form.is_valid():
file = form.save(commit=False)
file.name = file.file.path.split('/')[-1]
# update all permissions and save the model
file = update_perms_and_save(request, form, file)
log_defaults = {
'event_id' : 182000,
'event_data': '%s (%d) edited by %s' % (file._meta.object_name, file.pk, request.user),
'description': '%s edited' % file._meta.object_name,
'user': request.user,
'request': request,
'instance': file,
}
EventLog.objects.log(**log_defaults)
return HttpResponseRedirect(reverse('file.search'))
else:
form = form_class(instance=file, user=request.user)
return render_to_response(template_name, {'file': file, 'form':form},
context_instance=RequestContext(request))
def add(request, form_class=DiscountForm, template_name="discounts/add.html"):
if not has_perm(request.user, 'discounts.add_discount'):
raise Http403
if request.method == "POST":
form = form_class(request.POST, user=request.user)
if form.is_valid():
discount = form.save(commit=False)
discount = update_perms_and_save(request, form, discount)
log_defaults = {
'event_id' : 1010100,
'event_data': '%s (%d) added by %s' % (discount._meta.object_name, discount.pk, request.user),
'description': '%s added' % discount._meta.object_name,
'user': request.user,
'request': request,
'instance': discount,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % discount)
return redirect('discount.detail', id=discount.id)
else:
form = form_class(user=request.user)
return render_to_response(
template_name,
{'form':form},
context_instance=RequestContext(request),
)
def save_model(self, request, object, form, change):
"""
update the permissions backend
"""
instance = form.save(commit=False)
perms = update_perms_and_save(request, form, instance)
return instance
def edit(request, id, form_class=EntityForm, template_name="entities/edit.html"):
entity = get_object_or_404(Entity, pk=id)
if has_perm(request.user,'entities.change_entity',entity):
if request.method == "POST":
form = form_class(request.POST, instance=entity, user=request.user)
if form.is_valid():
entity = form.save(commit=False)
# update all permissions and save the model
entity = update_perms_and_save(request, form, entity)
log_defaults = {
'event_id' : 292000,
'event_data': '%s (%d) edited by %s' % (entity._meta.object_name, entity.pk, request.user),
'description': '%s edited' % entity._meta.object_name,
'user': request.user,
'request': request,
'instance': entity,
}
EventLog.objects.log(**log_defaults)
return HttpResponseRedirect(reverse('entity', args=[entity.pk]))
else:
form = form_class(instance=entity, user=request.user)
return render_to_response(template_name, {'entity': entity, 'form':form},
context_instance=RequestContext(request))
else:
raise Http403
def add(request, form_class=EntityForm, template_name="entities/add.html"):
if has_perm(request.user,'entities.add_entity'):
if request.method == "POST":
form = form_class(request.POST, user=request.user)
if form.is_valid():
entity = form.save(commit=False)
# update all permissions and save the model
entity = update_perms_and_save(request, form, entity)
log_defaults = {
'event_id' : 291000,
'event_data': '%s (%d) added by %s' % (entity._meta.object_name, entity.pk, request.user),
'description': '%s added' % entity._meta.object_name,
'user': request.user,
'request': request,
'instance': entity,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % entity)
return HttpResponseRedirect(reverse('entity', args=[entity.pk]))
else:
form = form_class(user=request.user)
return render_to_response(template_name, {'form':form},
context_instance=RequestContext(request))
else:
raise Http403
def edit(request, id, form_class=LocationForm, template_name="locations/edit.html"):
location = get_object_or_404(Location, pk=id)
if has_perm(request.user,'locations.change_location',location):
if request.method == "POST":
form = form_class(request.POST, instance=location, user=request.user)
if form.is_valid():
location = form.save(commit=False)
# update all permissions and save the model
location = update_perms_and_save(request, form, location)
log_defaults = {
'event_id' : 832000,
'event_data': '%s (%d) edited by %s' % (location._meta.object_name, location.pk, request.user),
'description': '%s edited' % location._meta.object_name,
'user': request.user,
'request': request,
'instance': location,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, 'Successfully updated %s' % location)
return HttpResponseRedirect(reverse('location', args=[location.pk]))
else:
form = form_class(instance=location, user=request.user)
return render_to_response(template_name, {'location': location, 'form':form},
context_instance=RequestContext(request))
else:
raise Http403
def edit(request, id, form_class=ResumeForm, template_name="resumes/edit.html"):
resume = get_object_or_404(Resume, pk=id)
if has_perm(request.user,'resumes.change_resume',resume):
if request.method == "POST":
form = form_class(request.POST, instance=resume, user=request.user)
if form.is_valid():
resume = form.save(commit=False)
resume = update_perms_and_save(request, form, resume)
log_defaults = {
'event_id' : 352000,
'event_data': '%s (%d) edited by %s' % (resume._meta.object_name, resume.pk, request.user),
'description': '%s edited' % resume._meta.object_name,
'user': request.user,
'request': request,
'instance': resume,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, 'Successfully updated %s' % resume)
return HttpResponseRedirect(reverse('resume', args=[resume.slug]))
else:
form = form_class(instance=resume, user=request.user)
return render_to_response(template_name, {'resume': resume, 'form':form},
context_instance=RequestContext(request))
else:
raise Http403
def save_model(self, request, object, form, change):
app = form.save(commit=False)
add = not change
# update all permissions and save the model
app = update_perms_and_save(request, form, app)
if add:
# default application fields
for default_field in get_default_membership_fields(use_for_corp=app.use_for_corp):
default_field.update({'app':app})
AppField.objects.create(**default_field)
if change:
edit_app_update_corp_fields(app)
form.save_m2m()
reserved_names = (
'membership_type',
'payment_method',
'first_name',
'last_name',
'email',
'corporate_membership'
)
for field in app.fields.visible():
if 'membership-type' in field.field_type:
field.content_type = ContentType.objects.get_for_model(MembershipType)
choices = [item.name for item in app.membership_types.all()]
field.choices = ", ".join(choices)
elif 'payment-method' in field.field_type:
field.content_type = ContentType.objects.get_for_model(PaymentMethod)
choices = [item.human_name for item in app.payment_methods.all()]
field.choices = ", ".join(choices)
if 'first-name' in field.field_type:
field.content_type = ContentType.objects.get_for_model(User)
elif 'last-name' in field.field_type:
field.content_type = ContentType.objects.get_for_model(User)
elif 'email' in field.field_type:
field.content_type = ContentType.objects.get_for_model(User)
elif 'corporate_membership_id' in field.field_type:
field.content_type = ContentType.objects.get_for_model(Membership)
if not field.field_name in reserved_names:
field.field_name = slugify(field.label).replace('-','_')
# check field_name after slugify
if field.field_name in reserved_names:
hex_tail = uuid.uuid1().get_hex()[:3]
field.field_name = '%s_%s' % (field.field_name, hex_tail)
field.save()
return app
def save_model(self, request, object, form, change):
instance = form.save(commit=False)
instance = update_perms_and_save(request, form, instance)
# save the object
form.save_m2m()
return instance
def add(request, form_class=ResumeForm, template_name="resumes/add.html"):
can_add_active = has_perm(request.user, 'resumes.add_resume')
if request.method == "POST":
form = form_class(request.POST, user=request.user)
if form.is_valid():
resume = form.save(commit=False)
# set it to pending if the user does not have add permission
if not can_add_active:
resume.status = 0
resume.status_detail = 'pending'
# set up the expiration time based on requested duration
now = now_localized()
resume.expiration_dt = now + timedelta(days=resume.requested_duration)
resume = update_perms_and_save(request, form, resume)
log_defaults = {
'event_id' : 351000,
'event_data': '%s (%d) added by %s' % (resume._meta.object_name, resume.pk, request.user),
'description': '%s added' % resume._meta.object_name,
'user': request.user,
'request': request,
'instance': resume,
}
EventLog.objects.log(**log_defaults)
if request.user.is_authenticated():
messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % resume)
# send notification to administrators
recipients = get_notice_recipients('module', 'resumes', 'resumerecipients')
if recipients:
if notification:
extra_context = {
'object': resume,
'request': request,
}
notification.send_emails(recipients,'resume_added', extra_context)
if not request.user.is_authenticated():
return HttpResponseRedirect(reverse('resume.thank_you'))
else:
return HttpResponseRedirect(reverse('resume', args=[resume.slug]))
else:
form = form_class(user=request.user)
return render_to_response(template_name, {'form':form},
context_instance=RequestContext(request))
def edit(request, id, set_id=0, form_class=PhotoEditForm, template_name="photos/edit.html"):
""" edit photo view """
# get photo
photo = get_object_or_404(Image, id=id)
set_id = int(set_id)
# permissions
if not has_perm(request.user,'photologue.change_photo',photo):
raise Http403
# get available photo sets
photo_sets = PhotoSet.objects.all()
if request.method == "POST":
#if photo.member != request.user: # no permission
# request.user.message_set.create(message="You can't edit photos that aren't yours")
# return HttpResponseRedirect(reverse('photo', args=(photo.id, set_id)))
if request.POST["action"] == "update":
form = form_class(request.POST, instance=photo, user=request.user)
if form.is_valid():
photo = form.save(commit=False)
# update all permissions and save the model
photo = update_perms_and_save(request, form, photo)
log_defaults = {
'event_id' : 990200,
'event_data': '%s (%d) edited by %s' % (photo._meta.object_name, photo.pk, request.user),
'description': '%s edited' % photo._meta.object_name,
'user': request.user,
'request': request,
'instance': photo,
}
EventLog.objects.log(**log_defaults)
request.user.message_set.create(message=_("Successfully updated photo '%s'") % photo.title)
return HttpResponseRedirect(reverse("photo", kwargs={"id": photo.id, "set_id": set_id}))
else:
form = form_class(instance=photo, user=request.user)
else:
form = form_class(instance=photo, user=request.user)
return render_to_response(template_name, {
"photo_form": form,
"photo": photo,
"photo_sets": photo_sets,
"id": photo.id,
"set_id": set_id,
}, context_instance=RequestContext(request))
def photoset_edit(request, id, form_class=PhotoSetEditForm, template_name="photos/photo-set/edit.html"):
from perms.object_perms import ObjectPermission
photo_set = get_object_or_404(PhotoSet, id=id)
# if no permission; permission exception
if not has_perm(request.user,'photos.change_photoset',photo_set):
raise Http403
if request.method == "POST":
if request.POST["action"] == "edit":
form = form_class(request.POST, instance=photo_set, user=request.user)
if form.is_valid():
photo_set = form.save(commit=False)
# update all permissions and save the model
photo_set = update_perms_and_save(request, form, photo_set)
# copy all privacy settings from photo set to photos
Image.objects.filter(photoset=photo_set).update(**get_privacy_settings(photo_set))
# photo set group permissions
group_perms = photo_set.perms.filter(group__isnull=False).values_list('group','codename')
group_perms = tuple([(unicode(g), c.split('_')[0]) for g, c in group_perms ])
photos = Image.objects.filter(photoset=photo_set)
for photo in photos:
ObjectPermission.objects.remove_all(photo)
ObjectPermission.objects.assign_group(group_perms, photo)
request.user.message_set.create(message=_("Successfully updated photo set! ") + '')
EventLog.objects.log(**{
'event_id' : 991200,
'event_data': '%s (%d) edited by %s' % (photo_set._meta.object_name, photo_set.pk, request.user),
'description': '%s edited' % photo_set._meta.object_name,
'user': request.user,
'request': request,
'instance': photo_set,
})
return HttpResponseRedirect(reverse('photoset_details', args=[photo_set.id]))
else:
form = form_class(instance=photo_set, user=request.user)
return render_to_response(template_name, {
'photo_set': photo_set,
"photoset_form": form,
}, context_instance=RequestContext(request))
def save_model(self, request, object, form, change):
instance = form.save(commit=False)
# update all permissions and save the model
instance = update_perms_and_save(request, form, instance)
# notifications
if not is_admin(request.user):
# send notification to administrators
recipients = get_notice_recipients('site', 'global', 'allnoticerecipients')
if recipients:
if notification:
extra_context = {
'object': instance,
'request': request,
}
notification.send_emails(recipients, notice_type, extra_context)
return instance
def edit(request, id, form_class=FormForm, template_name="forms/edit.html"):
form_instance = get_object_or_404(Form, pk=id)
if not has_perm(request.user,'forms.change_form',form_instance):
raise Http403
PricingFormSet = inlineformset_factory(Form, Pricing, form=PricingForm, extra=2)
if request.method == "POST":
form = form_class(request.POST, instance=form_instance, user=request.user)
formset = PricingFormSet(request.POST, instance=form_instance)
if form.is_valid() and formset.is_valid():
form_instance = form.save(commit=False)
form_instance = update_perms_and_save(request, form, form_instance)
form.save_m2m() # save payment methods
formset.save() # save price options
# remove all pricings if no custom_payment form
if not form.cleaned_data['custom_payment']:
form_instance.pricing_set.all().delete()
log_defaults = {
'event_id' : 587200,
'event_data': '%s (%d) edited by %s' % (form_instance._meta.object_name, form_instance.pk, request.user),
'description': '%s edited' % form_instance._meta.object_name,
'user': request.user,
'request': request,
'instance': form_instance,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, 'Successfully edited %s' % form_instance)
return HttpResponseRedirect(reverse('form_field_update', args=[form_instance.pk]))
else:
form = form_class(instance=form_instance, user=request.user)
formset = PricingFormSet(instance=form_instance)
return render_to_response(template_name, {
'form':form,
'formset':formset,
'form_instance':form_instance,
},context_instance=RequestContext(request))
def edit(request, id, form_class=StoryForm, template_name="stories/edit.html"):
story = get_object_or_404(Story, pk=id)
if has_perm(request.user,'stories.change_story', story):
if request.method == "POST":
form = form_class(request.POST, request.FILES,
instance=story, user=request.user)
if form.is_valid():
story = form.save(commit=False)
story = update_perms_and_save(request, form, story)
# save photo
photo = form.cleaned_data['photo_upload']
if photo: story.save(photo=photo)
log_defaults = {
'event_id' : 1060200,
'event_data': '%s (%d) edited by %s' % (story._meta.object_name, story.pk, request.user),
'description': '%s edited' % story._meta.object_name,
'user': request.user,
'request': request,
'instance': story,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, 'Successfully updated %s' % story)
redirect_to = request.REQUEST.get('next', '')
if redirect_to:
return HttpResponseRedirect(redirect_to)
else:
return redirect('story', id=story.pk)
else:
form = form_class(instance=story, user=request.user)
else:
raise Http403
return render_to_response(template_name, {'story': story, 'form':form },
context_instance=RequestContext(request))
def add(request, form_class=StoryForm, template_name="stories/add.html"):
if has_perm(request.user,'stories.add_story'):
if request.method == "POST":
form = form_class(request.POST, request.FILES, user=request.user)
if form.is_valid():
story = form.save(commit=False)
story = update_perms_and_save(request, form, story)
# save photo
photo = form.cleaned_data['photo_upload']
if photo: story.save(photo=photo)
log_defaults = {
'event_id' : 1060100,
'event_data': '%s (%d) added by %s' % (story._meta.object_name, story.pk, request.user),
'description': '%s added' % story._meta.object_name,
'user': request.user,
'request': request,
'instance': story,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % story)
return HttpResponseRedirect(reverse('story', args=[story.pk]))
else:
from pprint import pprint
pprint(form.errors.items())
else:
form = form_class(user=request.user)
tags = request.GET.get('tags', '')
if tags:
form.fields['tags'].initial = tags
else:
raise Http403
return render_to_response(template_name, {'form':form},
context_instance=RequestContext(request))
def edit(request, id=None, form_class=HelpFileForm, template_name="help_files/edit.html"):
help_file = get_object_or_404(HelpFile, pk=id)
if has_perm(request.user, "help_files.change_helpfile", help_file):
if request.method == "POST":
form = form_class(request.POST, instance=help_file, user=request.user)
if form.is_valid():
help_file = form.save(commit=False)
# add all permissions and save the model
help_file = update_perms_and_save(request, form, help_file)
form.save_m2m()
log_defaults = {
"event_id": 1000200,
"event_data": "%s (%d) edited by %s" % (help_file._meta.object_name, help_file.pk, request.user),
"description": "%s edited" % help_file._meta.object_name,
"user": request.user,
"request": request,
"instance": help_file,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, "Successfully edited %s" % help_file)
# send notification to administrator(s) and module recipient(s)
recipients = get_notice_recipients("module", "help_files", "helpfilerecipients")
# if recipients and notification:
# notification.send_emails(recipients,'help_file_added', {
# 'object': help_file,
# 'request': request,
# })
return HttpResponseRedirect(reverse("help_file.details", args=[help_file.slug]))
else:
form = form_class(instance=help_file, user=request.user)
return render_to_response(
template_name, {"help_file": help_file, "form": form}, context_instance=RequestContext(request)
)
else:
raise Http403
def add(request, form_class=FormForm, template_name="forms/add.html"):
if not has_perm(request.user,'forms.add_form'):
raise Http403
PricingFormSet = inlineformset_factory(Form, Pricing, form=PricingForm, extra=2, can_delete=False)
formset = PricingFormSet()
if request.method == "POST":
form = form_class(request.POST, user=request.user)
if form.is_valid():
form_instance = form.save(commit=False)
formset = PricingFormSet(request.POST, instance=form_instance)
if formset.is_valid():
# save form and associated pricings
form_instance = update_perms_and_save(request, form, form_instance)
# update_perms_and_save does not appear to consider ManyToManyFields
for method in form.cleaned_data['payment_methods']:
form_instance.payment_methods.add(method)
formset.save()
log_defaults = {
'event_id' : 587100,
'event_data': '%s (%d) added by %s' % (form_instance._meta.object_name, form_instance.pk, request.user),
'description': '%s added' % form_instance._meta.object_name,
'user': request.user,
'request': request,
'instance': form_instance,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % form_instance)
return HttpResponseRedirect(reverse('form_field_update', args=[form_instance.pk]))
else:
form = form_class(user=request.user)
return render_to_response(template_name, {
'form':form,
'formset':formset,
}, context_instance=RequestContext(request))
def save_model(self, request, object, form, change):
instance = form.save(commit=False)
instance = update_perms_and_save(request, form, instance)
# notifications
if not is_admin(request.user):
# send notification to administrators
recipients = get_notice_recipients('module', 'pages', 'pagerecipients')
notice_type = 'page_added'
if change: notice_type = 'page_edited'
if recipients:
if notification:
extra_context = {
'object': instance,
'request': request,
}
notification.send_emails(recipients, notice_type, extra_context)
return instance
# admin.site.register(Page, PageAdmin)
def add(request, form_class=ArticleForm, template_name="articles/add.html"):
if has_perm(request.user,'articles.add_article'):
if request.method == "POST":
form = form_class(request.POST, user=request.user)
if form.is_valid():
article = form.save(commit=False)
# add all permissions and save the model
articles = update_perms_and_save(request, form, article)
log_defaults = {
'event_id' : 431000,
'event_data': '%s (%d) added by %s' % (article._meta.object_name, article.pk, request.user),
'description': '%s added' % article._meta.object_name,
'user': request.user,
'request': request,
'instance': article,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % article)
# send notification to administrator(s) and module recipient(s)
recipients = get_notice_recipients('module', 'articles', 'articlerecipients')
if recipients and notification:
notification.send_emails(recipients,'article_added', {
'object': article,
'request': request,
})
return HttpResponseRedirect(reverse('article', args=[article.slug]))
else:
form = form_class(user=request.user)
return render_to_response(template_name, {'form':form},
context_instance=RequestContext(request))
else:
raise Http403
def add(request, form_class=NewsForm, template_name="news/add.html"):
# check permission
if not has_perm(request.user, "news.add_news"):
raise Http403
if request.method == "POST":
form = form_class(request.POST, user=request.user)
if form.is_valid():
news = form.save(commit=False)
# update all permissions and save the model
news = update_perms_and_save(request, form, news)
log_defaults = {
"event_id": 305100,
"event_data": "%s (%d) added by %s" % (news._meta.object_name, news.pk, request.user),
"description": "%s added" % news._meta.object_name,
"user": request.user,
"request": request,
"instance": news,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, "Successfully added %s" % news)
# send notification to administrators
recipients = get_notice_recipients("module", "news", "newsrecipients")
if recipients:
if notification:
extra_context = {"object": news, "request": request}
notification.send_emails(recipients, "news_added", extra_context)
return HttpResponseRedirect(reverse("news.view", args=[news.slug]))
else:
form = form_class(user=request.user)
return render_to_response(template_name, {"form": form}, context_instance=RequestContext(request))
def photoset_add(request, form_class=PhotoSetAddForm, template_name="photos/photo-set/add.html"):
""" Add a photo set """
# if no permission; permission exception
if not has_perm(request.user,'photos.add_photoset'):
raise Http403
if request.method == "POST":
if request.POST["action"] == "add":
form = form_class(request.POST, user=request.user)
if form.is_valid():
photo_set = form.save(commit=False)
photo_set.author = request.user
# update all permissions and save the model
photo_set = update_perms_and_save(request, form, photo_set)
log_defaults = {
'event_id' : 991100,
'event_data': '%s (%d) added by %s' % (photo_set._meta.object_name, photo_set.pk, request.user),
'description': '%s added' % photo_set._meta.object_name,
'user': request.user,
'request': request,
'instance': photo_set,
}
EventLog.objects.log(**log_defaults)
request.user.message_set.create(message=_("Successfully added photo set!") + '')
return HttpResponseRedirect(reverse('photos_batch_add', kwargs={'photoset_id':photo_set.id}))
else:
form = form_class(user=request.user)
return render_to_response(template_name, {
"photoset_form": form,
}, context_instance=RequestContext(request))
def photos_batch_add(request, photoset_id=0):
"""
params: request, photoset_id
returns: HttpResponse
on flash request:
photoset_id is passed via request.POST
and received as type unicode; i convert to type integer
on http request:
photoset_id is passed via url
"""
import uuid
from perms.object_perms import ObjectPermission
# photoset permission required to add photos
if not has_perm(request.user,'photos.add_photoset'):
raise Http403
if request.method == 'POST':
for field_name in request.FILES:
uploaded_file = request.FILES[field_name]
# use file to create title; remove extension
filename, extension = os.path.splitext(uploaded_file.name)
request.POST.update({'title': filename, })
# clean filename; alphanumeric with dashes
filename = re.sub(r'[^a-zA-Z0-9._]+', '-', filename)
# truncate; make unique; append extension
request.FILES[field_name].name = \
filename[:70] + '-' + unicode(uuid.uuid1())[:5] + extension
# photoset_id set in swfupload
photoset_id = int(request.POST["photoset_id"])
request.POST.update({
'owner': request.user.id,
'owner_username': unicode(request.user),
'creator_username': unicode(request.user),
'status': True,
'status_detail': 'active',
})
photo_form = PhotoUploadForm(request.POST, request.FILES, user=request.user)
if photo_form.is_valid():
# save photo
photo = photo_form.save(commit=False)
photo.creator = request.user
photo.member = request.user
photo.safetylevel = 3
photo.allow_anonymous_view = True
# update all permissions and save the model
photo = update_perms_and_save(request, photo_form, photo)
EventLog.objects.log(**{
'event_id' : 990100,
'event_data': '%s (%d) added by %s' % (photo._meta.object_name, photo.pk, request.user),
'description': '%s added' % photo._meta.object_name,
'user': request.user,
'request': request,
'instance': photo,
})
# add to photo set if photo set is specified
if photoset_id:
photo_set = get_object_or_404(PhotoSet, id=photoset_id)
photo_set.image_set.add(photo)
privacy = get_privacy_settings(photo_set)
# photo privacy = album privacy
for k, v in privacy.items():
setattr(photo, k, v)
photo.save() # real time search index hooked to save method
print 'i waited'
# photo group perms = album group perms
group_perms = photo_set.perms.filter(group__isnull=False).values_list('group','codename')
group_perms = tuple([(unicode(g), c.split('_')[0]) for g, c in group_perms ])
ObjectPermission.objects.assign_group(group_perms, photo)
# serialize queryset
data = serializers.serialize("json", Image.objects.filter(id=photo.id))
# returning a response of "ok" (flash likes this)
# response is for flash, not humans
return HttpResponse(data, mimetype="text/plain")
else:
return HttpResponse("photo is not valid", mimetype="text/plain")
else:
if not photoset_id:
HttpResponseRedirect(reverse('photoset_latest'))
photo_set = get_object_or_404(PhotoSet, id=photoset_id)
# show the upload UI
return render_to_response('photos/batch-add.html', {
"photoset_id":photoset_id,
"photo_set": photo_set,
"csrf_token": csrf_get_token(request)
},
context_instance=RequestContext(request))
def application_details(request, slug=None, cmb_id=None, imv_id=0, imv_guid=None, secret_hash="", membership_id=0, template_name="memberships/applications/details.html"):
"""
Display a built membership application and handle submission.
"""
if not slug: raise Http404
user = request.user
app = get_object_or_404(App, slug=slug)
if not app.allow_view_by(user):
raise Http403
# if this app is for corporation individuals, redirect them to corp-pre page if
# they have not passed the security check.
is_corp_ind = False
corporate_membership = None
if hasattr(app, 'corp_app') and app.corp_app:
if not cmb_id:
# redirect them to the corp_pre page
return redirect(reverse('membership.application_details_corp_pre', args=[app.slug]))
is_corp_ind = True
corporate_membership = get_object_or_404(CorporateMembership, id=cmb_id)
# check if they have verified their email or entered the secret code
is_verified = False
if is_admin(request.user) or app.corp_app.authentication_method == 'admin':
is_verified = True
elif app.corp_app.authentication_method == 'email':
try:
indiv_veri = IndivMembEmailVeri8n.objects.get(pk=imv_id,
guid=imv_guid)
if indiv_veri.verified:
is_verified = True
except IndivMembEmailVeri8n.DoesNotExist:
pass
elif app.corp_app.authentication_method == 'secret_code':
tmp_secret_hash = md5('%s%s' % (corporate_membership.secret_code,
request.session.get('corp_hash_random_string', ''))).hexdigest()
if secret_hash == tmp_secret_hash:
is_verified = True
if not is_verified:
return redirect(reverse('membership.application_details_corp_pre', args=[slug]))
# log application details view
EventLog.objects.log(**{
'event_id' : 655000,
'event_data': '%s (%d) viewed by %s' % (app._meta.object_name, app.pk, user),
'description': '%s viewed' % app._meta.object_name,
'user': user,
'request': request,
'instance': app,
})
initial_dict = {}
if hasattr(user, 'memberships'):
membership = user.memberships.get_membership()
is_only_a_member = [
is_developer(user) == False,
is_admin(user) == False,
is_member(user) == True,
]
if corporate_membership:
# exclude corp. reps, creator and owner - they should be able to add new
is_only_a_member.append(corporate_membership.allow_edit_by(user)==False)
# deny access to renew memberships
if all(is_only_a_member):
initial_dict = membership.get_app_initial(app)
if not membership.can_renew():
return render_to_response("memberships/applications/no-renew.html", {
"app": app, "user":user, "membership": membership},
context_instance=RequestContext(request))
pending_entries = []
if hasattr(user, 'appentry_set'):
pending_entries = user.appentry_set.filter(
is_approved__isnull = True, # pending
)
# if an application entry was submitted
# after your current membership was created
if user.memberships.get_membership():
pending_entries.filter(
entry_time__gte = user.memberships.get_membership().subscribe_dt
)
app_entry_form = AppEntryForm(
app,
request.POST or None,
request.FILES or None,
user=user,
corporate_membership=corporate_membership,
initial=initial_dict,
)
if request.method == "POST":
if app_entry_form.is_valid():
entry = app_entry_form.save(commit=False)
entry_invoice = entry.save_invoice()
if user.is_authenticated():
entry.user = user
entry.is_renewal = all(is_only_a_member)
# add all permissions and save the model
entry = update_perms_and_save(request, app_entry_form, entry)
# administrators go to approve/disapprove page
if is_admin(user):
return redirect(reverse('membership.application_entries', args=[entry.pk]))
# send "joined" notification
Notice.send_notice(
entry=entry,
request = request,
emails=entry.email,
notice_type='join',
membership_type=entry.membership_type,
)
if entry_invoice.total == 0:
if not entry_invoice.is_tendered:
entry_invoice.tender(request.user)
# online payment
if entry_invoice.total>0 and entry.payment_method and entry.payment_method.is_online:
return HttpResponseRedirect(reverse(
'payments.views.pay_online',
args=[entry_invoice.pk, entry_invoice.guid]
))
if not entry.approval_required():
entry.approve()
# silence old memberships within renewal period
Membership.objects.silence_old_memberships(entry.user)
# get user from the membership since it's null in the entry
entry.user = entry.membership.user
membership_total = Membership.objects.filter(status=True, status_detail='active').count()
# send "approved" notification
Notice.send_notice(
request = request,
emails=entry.email,
notice_type='approve',
membership=entry.membership,
membership_type=entry.membership_type,
)
if not user.is_authenticated():
from django.core.mail import send_mail
from django.utils.http import int_to_base36
from django.contrib.auth.tokens import default_token_generator
from site_settings.utils import get_setting
token_generator = default_token_generator
site_url = get_setting('site', 'global', 'siteurl')
site_name = get_setting('site', 'global', 'sitedisplayname')
# send new user account welcome email (notification)
notification.send_emails([entry.user.email],'user_welcome', {
'site_url': site_url,
'site_name': site_name,
'uid': int_to_base36(entry.user.id),
'user': entry.user,
'username': entry.user.username,
'token': token_generator.make_token(entry.user),
})
# log - entry approval
EventLog.objects.log(**{
'event_id' : 1082101,
'event_data': '%s (%d) approved by %s' % (entry._meta.object_name, entry.pk, entry.judge),
'description': '%s viewed' % entry._meta.object_name,
'user': user,
'request': request,
'instance': entry,
})
# log - entry submission
EventLog.objects.log(**{
'event_id' : 1081000,
'event_data': '%s (%d) submitted by %s' % (entry._meta.object_name, entry.pk, request.user),
'description': '%s viewed' % entry._meta.object_name,
'user': user,
'request': request,
'instance': entry,
})
return redirect(entry.confirmation_url)
return render_to_response(template_name, {
'app': app,
'app_entry_form': app_entry_form,
'pending_entries': pending_entries,
}, context_instance=RequestContext(request))
def edit(request, id, form_class=JobForm, template_name="jobs/edit.html"):
job = get_object_or_404(Job, pk=id)
if not has_perm(request.user, 'jobs.change_job', job):
raise Http403
form = form_class(request.POST or None,
instance=job,
user=request.user)
#setup categories
content_type = get_object_or_404(ContentType, app_label='jobs',model='job')
category = Category.objects.get_for_object(job,'category')
sub_category = Category.objects.get_for_object(job,'sub_category')
initial_category_form_data = {
'app_label': 'jobs',
'model': 'job',
'pk': job.pk,
'category': getattr(category,'name','0'),
'sub_category': getattr(sub_category,'name','0')
}
if is_admin(request.user):
category_form_class = CategoryForm
else:
category_form_class = CategoryForm2
categoryform = category_form_class(
content_type,
request.POST or None,
initial= initial_category_form_data,
prefix='category')
# delete admin only fields for non-admin on edit - GJQ 8/25/2010
if not is_admin(request.user):
del form.fields['pricing']
del form.fields['list_type']
if form.fields.has_key('activation_dt'):
del form.fields['activation_dt']
if form.fields.has_key('post_dt'):
del form.fields['post_dt']
if form.fields.has_key('expiration_dt'):
del form.fields['expiration_dt']
if form.fields.has_key('entity'):
del form.fields['entity']
del form.fields['payment_method']
if request.method == "POST":
if form.is_valid() and categoryform.is_valid():
job = form.save(commit=False)
job = update_perms_and_save(request, form, job)
## update the category of the job
category_removed = False
category = categoryform.cleaned_data['category']
if category != '0':
Category.objects.update(job ,category,'category')
else: # remove
category_removed = True
Category.objects.remove(job ,'category')
Category.objects.remove(job ,'sub_category')
if not category_removed:
# update the sub category of the article
sub_category = categoryform.cleaned_data['sub_category']
if sub_category != '0':
Category.objects.update(job, sub_category,'sub_category')
else: # remove
Category.objects.remove(job,'sub_category')
#save relationships
job.save()
log_defaults = {
'event_id': 252000,
'event_data': '%s (%d) edited by %s' % (job._meta.object_name, job.pk, request.user),
'description': '%s edited' % job._meta.object_name,
'user': request.user,
'request': request,
'instance': job,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, 'Successfully updated %s' % job)
return HttpResponseRedirect(reverse('job', args=[job.slug]))
return render_to_response(template_name,
{'job': job, 'form': form, 'categoryform':categoryform},
context_instance=RequestContext(request))
def add(request, form_class=JobForm, template_name="jobs/add.html"):
require_payment = get_setting('module', 'jobs', 'jobsrequirespayment')
can_add_active = has_perm(request.user, 'jobs.add_job')
content_type = get_object_or_404(ContentType, app_label='jobs',model='job')
if is_admin(request.user):
category_form_class = CategoryForm
else:
category_form_class = CategoryForm2
if request.method == "POST":
form = form_class(request.POST, user=request.user)
categoryform = category_form_class(
content_type,
request.POST,
prefix='category')
# adjust the fields depending on user type
if not require_payment:
del form.fields['payment_method']
del form.fields['list_type']
if form.is_valid() and categoryform.is_valid():
job = form.save(commit=False)
pricing = form.cleaned_data['pricing']
# set it to pending if the user is anonymous or not an admin
if not can_add_active:
#job.status = 1
job.status_detail = 'pending'
# list types and duration
if not job.requested_duration:
job.requested_duration = 30
if not job.list_type:
job.list_type = 'regular'
# set up all the times
now = now_localized()
job.activation_dt = now
if not job.post_dt:
job.post_dt = now
# set the expiration date
job.expiration_dt = job.activation_dt + timedelta(days=job.requested_duration)
# semi-anon job posts don't get a slug field on the form
# see __init__ method in JobForm
if not job.slug:
#job.slug = get_job_unique_slug(slugify(job.title))
job.slug = '%s-%s' % (slugify(job.title), Job.objects.count())
job = update_perms_and_save(request, form, job)
# create invoice
job_set_inv_payment(request.user, job, pricing)
#setup categories
category = Category.objects.get_for_object(job,'category')
sub_category = Category.objects.get_for_object(job,'sub_category')
## update the category of the article
category_removed = False
category = categoryform.cleaned_data['category']
if category != '0':
Category.objects.update(job,category,'category')
else: # remove
category_removed = True
Category.objects.remove(job,'category')
Category.objects.remove(job,'sub_category')
if not category_removed:
# update the sub category of the article
sub_category = categoryform.cleaned_data['sub_category']
if sub_category != '0':
Category.objects.update(job, sub_category,'sub_category')
else: # remove
Category.objects.remove(job,'sub_category')
#save relationships
job.save()
log_defaults = {
'event_id': 251000,
'event_data': '%s (%d) added by %s' % (job._meta.object_name, job.pk, request.user),
'description': '%s added' % job._meta.object_name,
'user': request.user,
'request': request,
'instance': job,
}
EventLog.objects.log(**log_defaults)
messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % job)
# send notification to administrators
recipients = get_notice_recipients('module', 'jobs', 'jobrecipients')
if recipients:
if notification:
extra_context = {
'object': job,
'request': request,
}
notification.send_emails(recipients, 'job_added', extra_context)
# send user to the payment page if payment is required
if require_payment:
if job.payment_method.lower() in ['credit card', 'cc']:
if job.invoice and job.invoice.balance > 0:
return HttpResponseRedirect(reverse(
'payments.views.pay_online',
args=[job.invoice.id, job.invoice.guid])
)
# send user to thank you or view page
if is_admin(request.user):
return HttpResponseRedirect(reverse('job', args=[job.slug]))
else:
return HttpResponseRedirect(reverse('job.thank_you'))
else:
# Redirect user w/perms to create pricing if none exist
pricings = JobPricing.objects.all()
if not pricings and has_perm(request.user, 'jobs.add_jobpricing'):
messages.add_message(request, messages.WARNING, 'You need to add a %s Pricing before you can add a %s.' % (get_setting('module', 'jobs', 'label_plural'),get_setting('module', 'jobs', 'label')))
return HttpResponseRedirect(reverse('job_pricing.add'))
form = form_class(user=request.user)
initial_category_form_data = {
'app_label': 'jobs',
'model': 'job',
'pk': 0, #not used for this view but is required for the form
}
categoryform = category_form_class(
content_type,
initial=initial_category_form_data,
prefix='category')
# adjust the fields depending on user type
if not require_payment:
del form.fields['payment_method']
del form.fields['list_type']
return render_to_response(template_name,
{'form': form, 'categoryform':categoryform},
context_instance=RequestContext(request))
