def check_access(obj, user): """ This function checkes whether the user is allowed to delete or modify the object passed in as an argument. Such an object must be a model instance of this application. i.e. project, group of tasks or a task. Returns True/False. """ if user.is_anonymous(): return False # The "creator" can always delete his/her "work" access = user == obj.creator # The Superadmin is omnipotent if not access and user.is_superuser: access = True # We check the mods rights if not access: location = None if hasattr(obj, 'location'): # Project location = obj.location elif hasattr(obj, 'project'): # A Group of taks or a topic in the forum location = obj.project.location elif hasattr(obj, 'group'): # Task location = obj.group.project.location else: # Entry in the forum location = obj.discussion.project.location if is_moderator(user, location): access = True return access
def get_context_data(self, **kwargs): from maps.forms import AjaxPointerForm context = super(PollDetails, self).get_context_data(**kwargs) context['location'] = self.object.location context['title'] = self.object.title context['form'] = PollEntryAnswerForm(self.object) context['links'] = links['polls'] context['is_moderator'] = is_moderator(self.request.user, self.object.location) context['map_markers'] = MapPointer.objects.filter( content_type=ContentType.objects.get_for_model(Poll)).filter( object_pk=self.object.pk) if self.request.user == self.object.creator: context['marker_form'] = AjaxPointerForm(initial={ 'content_type': ContentType.objects.get_for_model(Poll), 'object_pk': self.object.pk, }) context['can_vote'] = True try: chk = AnswerSet.objects.filter(user=self.request.user).filter( poll=self.object) if len(chk) > 0: context['can_vote'] = False except: context['can_vote'] = False return context
def post(self, request, content_type, object_pk): ct = ContentType.objects.get(pk=request.POST.get('content_type', None)) self.object = ct.get_object_for_this_type( pk=request.POST.get('object_pk', None)) user = request.user if not user.is_authenticated(): return HttpResponseNotFound() access = False if user.is_superuser: access = True if is_moderator(request.user, self.object.location): access = True if hasattr(self.object, 'creator'): if user == self.object.creator: access = True elif hasattr(self.object, 'user'): if user == self.object.user: access = True if not access: return HttpResponseNotFound() self.object.delete() return redirect( reverse('locations:details', kwargs={'slug': self.object.location.slug}))
def get_context_data(self, **kwargs): from maps.forms import AjaxPointerForm topic = super(DiscussionDetailView, self).get_object() context = super(DiscussionDetailView, self).get_context_data(**kwargs) replies = Entry.objects.filter(discussion=topic) paginator = Paginator(replies, settings.PAGE_PAGINATION_LIMIT) page = self.request.GET.get('page') moderator = is_moderator(self.request.user, topic.location) try: context['replies'] = paginator.page(page) except PageNotAnInteger: context['replies'] = paginator.page(1) except EmptyPage: context['replies'] = paginator.page(paginator.num_pages) context['form'] = ReplyForm(initial={ 'discussion': topic.slug }) context['title'] = topic.question context['location'] = topic.location context['map_markers'] = MapPointer.objects.filter( content_type = ContentType.objects.get_for_model(self.object) ).filter(object_pk=self.object.pk) if self.request.user == self.object.creator or moderator: context['marker_form'] = AjaxPointerForm(initial={ 'content_type': ContentType.objects.get_for_model(Discussion), 'object_pk' : self.object.pk, }) context['is_moderator'] = moderator context['links'] = links['discussions'] context['content_type'] = ContentType.objects.get_for_model(Discussion).pk context['ct'] = ContentType.objects.get_for_model(Entry).pk return context
def get_context_data(self, **kwargs): context = super(LocationFollowersList, self).get_context_data(**kwargs) followers = self.object.users.all() max_per_page = settings.LIST_PAGINATION_LIMIT paginator = Paginator(followers, max_per_page) page = self.request.GET.get('page') try: context['followers'] = paginator.page(page) except PageNotAnInteger: context['followers'] = paginator.page(1) except EmptyPage: context['followers'] = paginator.page(paginator.num_pages) if paginator.num_pages <= max_per_page: context['navigation'] = False else: context['navigation'] = True context['title'] = self.object.name + ', ' + _("Followers") context['is_moderator'] = is_moderator(self.request.user, self.object) context['top_followers'] = self.object.most_active_followers() context['links'] = links['followers'] context['tags'] = TagFilter(self.object).get_items() return context
def check_access(obj, user): """ Funkcja sprawdza, czy dany użytkownik ma możliwość usuwania lub modyfikacji obiektu przekazanego jako argument. Obiektem musi być instancja modelu z tej aplikacji, tzn projekt, grupa zadań lub zadanie. Zwraca True/False. """ if user.is_anonymous(): return False # "Twórca" zawsze może usunąć swoje "dzieło" access = user == obj.creator # Superadmin może wszystko if not access and user.is_superuser: access = True # Sprawdzamy prawa moderatora if not access: location = None if hasattr(obj, 'location'): # Projekt location = obj.location elif hasattr(obj, 'project'): # Grupa zadań lub temat na forum location = obj.project.location elif hasattr(obj, 'group'): # Zadanie location = obj.group.project.location else: # Wpis na forum location = obj.discussion.project.location if is_moderator(user, location): access = True return access
def get_context_data(self, **kwargs): from maps.forms import AjaxPointerForm topic = super(DiscussionDetailView, self).get_object() context = super(DiscussionDetailView, self).get_context_data(**kwargs) replies = Entry.objects.filter(discussion=topic) paginator = Paginator(replies, settings.PAGE_PAGINATION_LIMIT) page = self.request.GET.get('page') moderator = is_moderator(self.request.user, topic.location) try: context['replies'] = paginator.page(page) except PageNotAnInteger: context['replies'] = paginator.page(1) except EmptyPage: context['replies'] = paginator.page(paginator.num_pages) context['form'] = ReplyForm(initial={'discussion': topic.slug}) context['title'] = topic.question context['location'] = topic.location context['map_markers'] = MapPointer.objects.filter( content_type=ContentType.objects.get_for_model( self.object)).filter(object_pk=self.object.pk) if self.request.user == self.object.creator or moderator: context['marker_form'] = AjaxPointerForm( initial={ 'content_type': ContentType.objects.get_for_model( Discussion), 'object_pk': self.object.pk, }) context['is_moderator'] = moderator context['links'] = links['discussions'] context['content_type'] = ContentType.objects.get_for_model( Discussion).pk context['ct'] = ContentType.objects.get_for_model(Entry).pk return context
def get_context_data(self, **kwargs): context = super(LocationGalleryView, self).get_context_data(**kwargs) context['title'] = _("Gallery") context['location'] = self.get_current_location() context['links'] = links['gallery'] context['is_moderator'] = is_moderator(self.request.user, context['location']) return context
def get_context_data(self, **kwargs): context = super(InviteUsersByEmailView, self).get_context_data(**kwargs) context.update({ 'location': self.location, 'is_moderator': is_moderator(self.request.user, self.location), }) return context
def get_context_data(self, **kwargs): context = super(AttachmentListView, self).get_context_data(**kwargs) context.update({ 'location': self.object.location, 'is_moderator': is_moderator(self.request.user, self.object.location), 'project_access': check_access(self.object, self.request.user), }) return context
def post(self, request, content_type, object_pk): ct = ContentType.objects.get(pk=request.POST.get('content_type', None)) self.object = ct.get_object_for_this_type(pk=request.POST.get('object_pk', None)) if not request.user.is_superuser and not is_moderator(request.user, self.object.location): return HttpResponseNotFound() self.object.delete() return redirect(reverse('locations:details', kwargs={'slug': self.object.location.slug}))
def get_context_data(self, **kwargs): context = super(PlacePictureView, self).get_context_data(**kwargs) context['is_moderator'] = is_moderator(self.request.user, self.object.location) context['title'] = self.object.name context['location'] = self.object.location context['picture'] = self.get_object() context['links'] = links['gallery'] return context
def has_permission(self, user): """ Check if given user is permitted to moderate this comment. """ if user.is_superuser: return True if self.content_object is not None: if hasattr(self.content_object, 'location'): return is_moderator(user, self.content_object.location) return False
def get(self, request, pk=None): try: location = Location.objects.get(pk=pk) except Location.DoesNotExist: raise Http404() user = request.user if not user.is_superuser and not is_moderator(user, location): raise Http404() return super(LocationBackgroundView, self).get(request, pk)
def get_context_data(self, **kwargs): context = super(LocationBackgroundUploadView, self).get_context_data() context.update({ 'location': self.object, 'is_moderator': is_moderator(self.request.user, self.object), }) return context
def get_context_data(self, **kwargs): context = super(UpdateIdeaView, self).get_context_data(**kwargs) context["is_moderator"] = is_moderator(self.request.user, self.object.location) if self.object.creator != self.request.user and not context["is_moderator"]: raise PermissionDenied context["location"] = self.object.location context["title"] = self.object.name context["action"] = "update" context["links"] = links["ideas"] return context
def get_context_data(self, object=None, form=None): context = super(LocationContextMixin, self).get_context_data() location_slug = self.kwargs.get('location_slug') if location_slug is not None: location = get_object_or_404(Location, slug=location_slug) context.update({ 'location': location, 'is_moderator': is_moderator(self.request.user, location), }) return context
def get_context_data(self, **kwargs): context = super(UpdateIdeaView, self).get_context_data(**kwargs) context['is_moderator'] = is_moderator(self.request.user, self.object.location) if self.object.creator != self.request.user and not context['is_moderator']: raise PermissionDenied context['location'] = self.object.location context['title'] = self.object.name context['action'] = 'update' context['links'] = links['ideas'] return context
def has_access(self, user): access = False if user.is_superuser: access = True elif user == self.owner: access = True elif user in self.editors.all(): access = True elif is_moderator(user, self.location): access = True return access
def get_context_data(self, object=None, form=None): context = super(LocationContextMixin, self).get_context_data() location_slug = self.kwargs.get('location_slug') if location_slug is not None: location = get_object_or_404(Location, slug=location_slug) context.update({ 'location': location, 'is_moderator': is_moderator(self.request.user, location), }) self.location = location return context
def get_context_data(self, **kwargs): self.object = self.get_object() user = self.request.user context = super(ProjectGalleryMixin, self).get_context_data(**kwargs) context.update({ 'location': self.object.location, 'is_moderator': is_moderator(user, self.object.location), 'project_access': check_access(self.object, user), 'gallery_access': user in self.object.participants.all(), }) return context
def get_context_data(self, **kwargs): self.object = self.get_object() context = super(IdeaMixedContextMixin, self).get_context_data(**kwargs) context.update({ 'idea': self.object, 'location': self.object.location, 'links': links['ideas'], 'is_moderator': is_moderator(self.request.user, self.object.location), 'idea_access': self.check_access(), }) return context
def get_context_data(self, **kwargs): context = super(IdeasDetailView, self).get_context_data(**kwargs) context['is_moderator'] = is_moderator(self.request.user, self.object.location) context['title'] = self.object.name + " | " + self.object.location.name + " - Civilhub.org" context['location'] = self.object.location context['links'] = links['ideas'] if self.request.user == self.object.creator: context['marker_form'] = AjaxPointerForm(initial={ 'content_type': ContentType.objects.get_for_model(self.object), 'object_pk' : self.object.pk, }) return context
def get_context_data(self, **kwargs): obj = super(DiscussionUpdateView, self).get_object() context = super(DiscussionUpdateView, self).get_context_data(**kwargs) moderator = is_moderator(self.request.user, obj.location) if self.request.user != obj.creator and not moderator: raise PermissionDenied context['title'] = obj.question context['subtitle'] = _('Edit this topic') context['location'] = obj.location context['links'] = links['discussions'] context['is_moderator'] = moderator return context
def get_context_data(self, **kwargs): context = super(UpdateIdeaView, self).get_context_data(**kwargs) context['is_moderator'] = is_moderator(self.request.user, self.object.location) if self.object.creator != self.request.user and not context[ 'is_moderator']: raise PermissionDenied context['location'] = self.object.location context['title'] = self.object.name context['action'] = 'update' context['links'] = links['ideas'] return context
def location_gallery_delete(request, slug=None, pk=None): """ A view that allows to delete images from the gallery. The 'pk' parameter is compulsory and when it is empty, an error will occur. The 'slug' parameter is here only to match the view in urlconf with the 'locations' application. """ item = get_object_or_404(LocationGalleryItem, pk=pk) if request.user.is_superuser or is_moderator(request.user, item.location): item.delete() return redirect( reverse('locations:gallery', kwargs={'slug': item.location.slug})) else: return HttpResponseForbidden()
def get_context_data(self, **kwargs): context = super(IdeasDetailView, self).get_context_data(**kwargs) context["is_moderator"] = is_moderator(self.request.user, self.object.location) context["title"] = self.object.name + " | " + self.object.location.name + " - Civilhub.org" context["location"] = self.object.location context["links"] = links["ideas"] context["idea_access"] = self.object.check_access(self.request.user) context["gallery"] = ContentObjectGallery.objects.for_object(self.object).first() if self.request.user == self.object.creator: context["marker_form"] = AjaxPointerForm( initial={"content_type": ContentType.objects.get_for_model(self.object), "object_pk": self.object.pk} ) return context
def get_context_data(self, form=None, **kwargs): context = super(ProjectForumContextMixin, self).get_context_data() project_slug = self.kwargs.get('project_slug') if project_slug is not None: context['object'] = get_object_or_404(SocialProject, slug=project_slug) context['location'] = context['object'].location context['is_moderator'] = is_moderator(self.request.user, context['location']) if form is not None: context['form'] = form discussion_slug = self.kwargs.get('discussion_slug') if discussion_slug is not None: context['discussion'] = get_object_or_404(SocialForumTopic, slug=discussion_slug) return context
def get_context_data(self, **kwargs): self.object = self.get_object() context = super(IdeaMixedContextMixin, self).get_context_data(**kwargs) context.update( { "idea": self.object, "location": self.object.location, "links": links["ideas"], "is_moderator": is_moderator(self.request.user, self.object.location), "idea_access": self.check_access(), } ) return context
def location_gallery_delete(request, slug=None, pk=None): """ Widok umożliwiający usuwanie obrazów z galerii. Parametr `pk` jest wymagany i jego brak zaskutkuje błędem. Parametr `slug` jest tylko po to, żeby wpasować widok w urlconf z aplikacji `locations`. Prawo do usuwania obrazów mają tylko superadmini oraz moderatorzy lokalizacji. """ item = get_object_or_404(LocationGalleryItem, pk=pk) if request.user.is_superuser or is_moderator(request.user, item.location): item.delete() return redirect( reverse('locations:gallery', kwargs={'slug': item.location.slug})) else: return HttpResponseForbidden()
def location_gallery_delete(request, slug=None, pk=None): """ A view that allows to delete images from the gallery. The 'pk' parameter is compulsory and when it is empty, an error will occur. The 'slug' parameter is here only to match the view in urlconf with the 'locations' application. """ item = get_object_or_404(LocationGalleryItem, pk=pk) if request.user.is_superuser or is_moderator(request.user, item.location): item.delete() return redirect( reverse('locations:gallery', kwargs={'slug':item.location.slug}) ) else: return HttpResponseForbidden()
def get_context_data(self, **kwargs): context = super(IdeasDetailView, self).get_context_data(**kwargs) context['is_moderator'] = is_moderator(self.request.user, self.object.location) context[ 'title'] = self.object.name + " | " + self.object.location.name + " | CivilHub" context['location'] = self.object.location context['links'] = links['ideas'] if self.request.user == self.object.creator: context['marker_form'] = AjaxPointerForm( initial={ 'content_type': ContentType.objects.get_for_model( self.object), 'object_pk': self.object.pk, }) return context
def delete_topic(request): """ Delete topic from discussion list via AJAX request. """ pk = request.POST.get('object_pk') if not pk: return HttpResponse( json.dumps({ 'success': False, 'message': _("No entry ID provided"), 'level': 'danger', })) try: topic = Discussion.objects.get(pk=pk) except Discussion.DoesNotExist as ex: return HttpResponse( json.dumps({ 'success': False, 'message': str(ex), 'level': 'danger', })) moderator = is_moderator(request.user, topic.location) if request.user != topic.creator and not moderator: return HttpResponse( json.dumps({ 'success': False, 'message': _("Permission required!"), 'level': 'danger', })) try: with transaction.commit_on_success(): topic.delete() return HttpResponse( json.dumps({ 'success': True, 'message': _("Entry deleted"), 'level': 'success', })) except Exception as ex: return HttpResponse( json.dumps({ 'success': False, 'message': str(ex), 'level': 'danger', }))
def get_context_data(self, **kwargs): news = super(NewsDetailView, self).get_object() content_type = ContentType.objects.get_for_model(news) context = super(NewsDetailView, self).get_context_data(**kwargs) context['is_moderator'] = is_moderator(self.request.user, news.location) context['location'] = news.location context['content_type'] = content_type.pk context['title'] = news.title context['map_markers'] = MapPointer.objects.filter( content_type = ContentType.objects.get_for_model(self.object) ).filter(object_pk=self.object.pk) if self.request.user == self.object.creator: context['marker_form'] = AjaxPointerForm(initial={ 'content_type': ContentType.objects.get_for_model(self.object), 'object_pk' : self.object.pk, }) context['links'] = links['news'] return context
def get_context_data(self, **kwargs): context = super(IdeasDetailView, self).get_context_data(**kwargs) context['is_moderator'] = is_moderator(self.request.user, self.object.location) context[ 'title'] = self.object.name + " | " + self.object.location.name + " - Civilhub.org" context['location'] = self.object.location context['links'] = links['ideas'] context['idea_access'] = self.object.check_access(self.request.user) context['gallery'] = ContentObjectGallery.objects\ .for_object(self.object).first() if self.request.user == self.object.creator: context['marker_form'] = AjaxPointerForm( initial={ 'content_type': ContentType.objects.get_for_model( self.object), 'object_pk': self.object.pk, }) return context
def delete_topic(request): """ Delete topic from discussion list via AJAX request. """ pk = request.POST.get('object_pk') if not pk: return HttpResponse(json.dumps({ 'success': False, 'message': _("No entry ID provided"), 'level': 'danger', })) try: topic = Discussion.objects.get(pk=pk) except Discussion.DoesNotExist as ex: return HttpResponse(json.dumps({ 'success': False, 'message': str(ex), 'level': 'danger', })) moderator = is_moderator(request.user, topic.location) if request.user != topic.creator and not moderator: return HttpResponse(json.dumps({ 'success': False, 'message': _("Permission required!"), 'level': 'danger', })) try: with transaction.commit_on_success(): topic.delete() return HttpResponse(json.dumps({ 'success': True, 'message': _("Entry deleted"), 'level': 'success', })) except Exception as ex: return HttpResponse(json.dumps({ 'success': False, 'message': str(ex), 'level': 'danger', }))
def post(self, request, content_type, object_pk): ct = ContentType.objects.get(pk=request.POST.get('content_type', None)) self.object = ct.get_object_for_this_type(pk=request.POST.get('object_pk', None)) user = request.user if not user.is_authenticated(): return HttpResponseNotFound() access = False if user.is_superuser: access = True if is_moderator(request.user, self.object.location): access = True if hasattr(self.object, 'creator'): if user == self.object.creator: access = True elif hasattr(self.object, 'user'): if user == self.object.user: access = True if not access: return HttpResponseNotFound() self.object.delete() return redirect(reverse('locations:details', kwargs={'slug': self.object.location.slug}))
def dispatch(self, *args, **kwargs): self.object = self.get_object() if not is_moderator(self.request.user, self.object): raise PermissionDenied return super(LocationBackgroundView, self).dispatch(*args, **kwargs)
def get_context_data(self, **kwargs): context = super(LocationViewMixin, self).get_context_data(**kwargs) context['title'] = self.object.name context['is_moderator'] = is_moderator(self.request.user, self.object) return context
def get_object(self): location = super(LocationAccessMixin, self).get_object() if not is_moderator(self.request.user, location): raise PermissionDenied return location
def post(self, request, pk=None): if not is_moderator(request.user, self.get_object().project.location): raise PermissionDenied return super(ProjectForumDeleteView, self).post(request, pk)