def move_post_processing(request): if not request.method == 'POST': raise PermissionDenied field_list = ('move_from_topic', 'move_to_topic', 'move_post_list') if not all(field in request.POST for field in field_list): # FIXME print "select at least one post" return redirect(request.META['HTTP_REFERER']) move_from_topic = request.POST.get('move_from_topic') move_to_topic = request.POST.get('move_to_topic') move_post_list = list(set(request.POST.getlist('move_post_list'))) old_topic = Topic.objects.get(pk=move_from_topic) new_topic = Topic.objects.get(pk=move_to_topic) if (not perms.may_moderate_topic(request.user, old_topic) or not perms.may_moderate_topic(request.user, new_topic)): raise PermissionDenied # filter by topic for prevent access violations post_qs = Post.objects.filter(topic=move_from_topic, pk__in=move_post_list) post_qs = perms.filter_posts(request.user, post_qs) post_qs.update(topic=move_to_topic) old_topic.update_counters() new_topic.update_counters() first_moved_post = Post.objects.get(pk=min(move_post_list)) # FIXME print "success" return redirect(first_moved_post.get_absolute_url())
def get_queryset(self): if not perms.may_view_topic(self.request.user, self.topic): raise PermissionDenied if self.request.user.is_authenticated() or not defaults.PYBB_ANONYMOUS_VIEWS_CACHE_BUFFER: Topic.objects.filter(id=self.topic.id).update(views=F('views') + 1) else: cache_key = util.build_cache_key('anonymous_topic_views', topic_id=self.topic.id) cache.add(cache_key, 0) if cache.incr(cache_key) % defaults.PYBB_ANONYMOUS_VIEWS_CACHE_BUFFER == 0: Topic.objects.filter(id=self.topic.id).update(views=F('views') + defaults.PYBB_ANONYMOUS_VIEWS_CACHE_BUFFER) cache.set(cache_key, 0) qs = self.topic.posts.all().select_related('user') if defaults.PYBB_PROFILE_RELATED_NAME: if defaults.PYBB_POST_SORT_REVERSE: qs = qs.select_related('user__%s' % defaults.PYBB_PROFILE_RELATED_NAME).order_by('-created') else: qs = qs.select_related('user__%s' % defaults.PYBB_PROFILE_RELATED_NAME) if not perms.may_moderate_topic(self.request.user, self.topic): if defaults.PYBB_POST_SORT_REVERSE: qs = perms.filter_posts(self.request.user, qs).order_by('-created') else: qs = perms.filter_posts(self.request.user, qs) return qs
def get_context_data(self, **kwargs): ctx = super(TopicView, self).get_context_data(**kwargs) if self.request.user.is_authenticated(): self.request.user.is_moderator = perms.may_moderate_topic(self.request.user, self.topic) self.request.user.is_subscribed = self.request.user in self.topic.subscribers.all() if perms.may_post_as_admin(self.request.user): ctx["form"] = AdminPostForm( initial={"login": getattr(self.request.user, username_field)}, topic=self.topic ) else: ctx["form"] = PostForm(topic=self.topic) self.mark_read(self.request.user, self.topic) elif defaults.PYBB_ENABLE_ANONYMOUS_POST: ctx["form"] = PostForm(topic=self.topic) else: ctx["form"] = None if defaults.PYBB_ATTACHMENT_ENABLE: aformset = AttachmentFormSet() ctx["aformset"] = aformset if defaults.PYBB_FREEZE_FIRST_POST: ctx["first_post"] = self.topic.head else: ctx["first_post"] = None ctx["topic"] = self.topic if ( self.request.user.is_authenticated() and self.topic.poll_type != Topic.POLL_TYPE_NONE and pybb_topic_poll_not_voted(self.topic, self.request.user) ): ctx["poll_form"] = PollForm(self.topic) return ctx
def get_context_data(self, **kwargs): ctx = super(TopicView, self).get_context_data(**kwargs) if self.request.user.is_authenticated(): self.request.user.is_moderator = perms.may_moderate_topic(self.request.user, self.topic) self.request.user.is_subscribed = self.request.user in self.topic.subscribers.all() if perms.may_post_as_admin(self.request.user): ctx['form'] = self.get_admin_post_form_class()( initial={'login': getattr(self.request.user, username_field)}, topic=self.topic) else: ctx['form'] = self.get_post_form_class()(topic=self.topic) self.mark_read(self.request.user, self.topic) elif defaults.PYBB_ENABLE_ANONYMOUS_POST: ctx['form'] = self.get_post_form_class()(topic=self.topic) else: ctx['form'] = None ctx['next'] = self.get_login_redirect_url() if perms.may_attach_files(self.request.user): aformset = self.get_attachment_formset_class()() ctx['aformset'] = aformset if defaults.PYBB_FREEZE_FIRST_POST: ctx['first_post'] = self.topic.head else: ctx['first_post'] = None ctx['topic'] = self.topic if self.request.user.is_authenticated() and self.topic.poll_type != Topic.POLL_TYPE_NONE and \ pybb_topic_poll_not_voted(self.topic, self.request.user): ctx['poll_form'] = self.get_poll_form_class()(self.topic) return ctx
def get_context_data(self, **kwargs): ctx = super(TopicView, self).get_context_data(**kwargs) if self.request.user.is_authenticated(): self.request.user.is_moderator = perms.may_moderate_topic(self.request.user, self.topic) self.request.user.is_subscribed = self.request.user in self.topic.subscribers.all() if perms.may_post_as_admin(self.request.user): ctx["form"] = self.get_admin_post_form_class()( initial={"login": getattr(self.request.user, username_field)}, topic=self.topic ) else: ctx["form"] = self.get_post_form_class()(topic=self.topic) self.mark_read(self.request.user, self.topic) elif defaults.PYBB_ENABLE_ANONYMOUS_POST: ctx["form"] = self.get_post_form_class()(topic=self.topic) else: ctx["form"] = None ctx["next"] = self.get_login_redirect_url() if perms.may_attach_files(self.request.user): aformset = self.get_attachment_formset_class()() ctx["aformset"] = aformset if defaults.PYBB_FREEZE_FIRST_POST: ctx["first_post"] = self.topic.head else: ctx["first_post"] = None ctx["topic"] = self.topic ctx["forum_id"] = self.topic.forum.id if perms.may_vote_in_topic(self.request.user, self.topic) and pybb_topic_poll_not_voted( self.topic, self.request.user ): ctx["poll_form"] = self.get_poll_form_class()(self.topic) return ctx
def get_redirect_url(self, **kwargs): post = get_object_or_404(Post, pk=self.kwargs['pk']) if not perms.may_moderate_topic(self.request.user, post.topic): raise PermissionDenied post.on_moderation = False post.save() return post.get_absolute_url()
def get_context_data(self, **kwargs): ctx = super(TopicView, self).get_context_data(**kwargs) if self.request.user.is_authenticated(): self.request.user.is_moderator = perms.may_moderate_topic( self.request.user, self.topic) self.request.user.is_subscribed = self.request.user in self.topic.subscribers.all( ) if perms.may_post_as_admin(self.request.user): ctx['form'] = AdminPostForm(initial={ 'login': getattr(self.request.user, username_field) }, topic=self.topic) else: ctx['form'] = PostForm(topic=self.topic) self.mark_read(self.request, self.topic) elif defaults.PYBB_ENABLE_ANONYMOUS_POST: ctx['form'] = PostForm(topic=self.topic) else: ctx['form'] = None if defaults.PYBB_ATTACHMENT_ENABLE: aformset = AttachmentFormSet() ctx['aformset'] = aformset if defaults.PYBB_FREEZE_FIRST_POST: ctx['first_post'] = self.topic.head else: ctx['first_post'] = None ctx['topic'] = self.topic if self.request.user.is_authenticated() and self.topic.poll_type != Topic.POLL_TYPE_NONE and \ pybb_topic_poll_not_voted(self.topic, self.request.user): ctx['poll_form'] = PollForm(self.topic) return ctx
def get_context_data(self, **kwargs): ctx = super(TopicView, self).get_context_data(**kwargs) if self.request.user.is_authenticated(): self.request.user.is_moderator = perms.may_moderate_topic(self.request.user, self.topic) self.request.user.is_subscribed = self.request.user in self.topic.subscribers.all() if perms.may_post_as_admin(self.request.user): ctx['form'] = self.get_admin_post_form_class()( initial={'login': getattr(self.request.user, username_field)}, topic=self.topic) else: ctx['form'] = self.get_post_form_class()(topic=self.topic) self.mark_read(self.request.user, self.topic) elif defaults.PYBB_ENABLE_ANONYMOUS_POST: ctx['form'] = self.get_post_form_class()(topic=self.topic) else: ctx['form'] = None ctx['next'] = self.get_login_redirect_url() if perms.may_attach_files(self.request.user): aformset = self.get_attachment_formset_class()() ctx['aformset'] = aformset if defaults.PYBB_FREEZE_FIRST_POST: ctx['first_post'] = self.topic.head else: ctx['first_post'] = None ctx['topic'] = self.topic if perms.may_vote_in_topic(self.request.user, self.topic) and \ pybb_topic_poll_not_voted(self.topic, self.request.user): ctx['poll_form'] = self.get_poll_form_class()(self.topic) return ctx
def get_queryset(self): self.topic = get_object_or_404(perms.filter_topics(self.request.user, Topic.objects.select_related('forum')), pk=self.kwargs['pk']) self.topic.views += 1 self.topic.save() qs = self.topic.posts.all().select_related('user') if not perms.may_moderate_topic(self.request.user, self.topic): qs = perms.filter_posts(self.request.user, qs) return qs
def pybb_topic_moderated_by(topic, user): """ Check if user is moderator of topic's forum. """ warnings.warn("pybb_topic_moderated_by filter is deprecated and will be removed in later releases. " "Use pybb_may_moderate_topic(user, topic) filter instead", DeprecationWarning) return perms.may_moderate_topic(user, topic)
def get_object(self, queryset=None): post = get_object_or_404(Post.objects.select_related('topic', 'topic__forum'), pk=self.kwargs['pk']) if not perms.may_delete_post(self.request.user, post): raise PermissionDenied self.topic = post.topic self.forum = post.topic.forum if not perms.may_moderate_topic(self.request.user, self.topic): raise PermissionDenied return post
def get_queryset(self): if not perms.may_view_topic(self.request.user, self.topic): raise PermissionDenied self.topic.views += 1 self.topic.save() qs = self.topic.posts.all().select_related('user') if not perms.may_moderate_topic(self.request.user, self.topic): qs = perms.filter_posts(self.request.user, qs) return qs
def get_queryset(self): if not perms.may_view_topic(self.request.user, self.topic): raise PermissionDenied self.topic.views += 1 self.topic.save() qs = self.topic.posts.all().select_related('user') if defaults.PYBB_PROFILE_RELATED_NAME: qs = qs.select_related('user__%s' % defaults.PYBB_PROFILE_RELATED_NAME) if not perms.may_moderate_topic(self.request.user, self.topic): qs = perms.filter_posts(self.request.user, qs) return qs
def get_queryset(self): if not perms.may_view_topic(self.request.user, self.topic): raise PermissionDenied if self.request.user.is_authenticated() or not defaults.PYBB_ANONYMOUS_VIEWS_CACHE_BUFFER: Topic.objects.filter(id=self.topic.id).update(views=F('views') + 1) else: cache_key = util.build_cache_key('anonymous_topic_views', topic_id=self.topic.id) cache.add(cache_key, 0) if cache.incr(cache_key) % defaults.PYBB_ANONYMOUS_VIEWS_CACHE_BUFFER == 0: Topic.objects.filter(id=self.topic.id).update(views=F('views') + defaults.PYBB_ANONYMOUS_VIEWS_CACHE_BUFFER) cache.set(cache_key, 0) qs = self.topic.posts.all().select_related('user') if defaults.PYBB_PROFILE_RELATED_NAME: qs = qs.select_related('user__%s' % defaults.PYBB_PROFILE_RELATED_NAME) if not perms.may_moderate_topic(self.request.user, self.topic): qs = perms.filter_posts(self.request.user, qs) return qs
def get_object(self, queryset=None): post = super(MovePostView, self).get_object(queryset) if not perms.may_moderate_topic(self.request.user, post.topic): raise PermissionDenied return post
def dispatch(self, request, *args, **kwargs): topic = Topic.objects.get(pk=kwargs['pk']) if not perms.may_moderate_topic(request.user, topic): raise PermissionDenied return super(MovePostView, self).dispatch(request, *args, **kwargs)
def pybb_is_moderator(topic, user): tmp_user = User.objects.get_by_natural_key(username=user) return perms.may_moderate_topic(tmp_user, topic)
def pybb_topic_moderated_by(topic, user): """ Check if user is moderator of topic's forum. """ return perms.may_moderate_topic(user, topic)