def photoset_details(request, id, template_name="photos/photo-set/details.html"):
""" View photos in photo set """
photo_set = get_object_or_404(PhotoSet, id=id)
if not has_view_perm(request.user, 'photos.view_photoset', photo_set):
raise Http403
order = get_setting('module', 'photos', 'photoordering')
#if order == 'descending':
# photos = photo_set.get_images(user=request.user).order_by('-pk')
#else:
# photos = photo_set.get_images(user=request.user).order_by('pk')
photos = photo_set.get_images(user=request.user).order_by("position")
EventLog.objects.log(**{
'event_id': 991500,
'event_data': '%s (%d) viewed by %s' % (photo_set._meta.object_name, photo_set.pk, request.user),
'description': '%s viewed' % photo_set._meta.object_name,
'user': request.user,
'request': request,
'instance': photo_set,
})
return render_to_response(template_name, {
"photos": photos,
"photo_set": photo_set,
}, context_instance=RequestContext(request))
def detail(request, slug=None, hash=None, template_name="articles/view.html"):
if not slug and not hash:
return HttpResponseRedirect(reverse('articles'))
if hash:
version = get_object_or_404(Version, hash=hash)
current_article = get_object_or_404(Article, pk=version.object_id)
article = version.get_version_object()
msg_string = 'You are viewing a previous version of this article. View the <a href="%s%s">Current Version</a>.' % (get_setting('site', 'global', 'siteurl'), current_article.get_absolute_url())
messages.add_message(request, messages.WARNING, _(msg_string))
else:
article = get_object_or_404(Article, slug=slug)
# non-admin can not view the non-active content
# status=0 has been taken care of in the has_perm function
if (article.status_detail).lower() != 'active' and (not request.user.profile.is_superuser):
raise Http403
if not article.release_dt_local and article.release_dt:
article.assign_release_dt_local()
if not article.release_dt_local or article.release_dt_local >= datetime.now():
if not any([
has_perm(request.user, 'articles.view_article'),
request.user == article.owner,
request.user == article.creator
]):
raise Http403
if has_view_perm(request.user, 'articles.view_article', article):
EventLog.objects.log(instance=article)
return render_to_resp(request=request, template_name=template_name,
context={'article': article})
else:
raise Http403
def group_membership_self_add(request, slug, user_id):
group = get_object_or_404(Group, slug=slug)
user = get_object_or_404(User, pk=user_id)
if not has_view_perm(request.user,'user_groups.view_group', group) and not group.allow_self_add:
raise Http403
group_membership = GroupMembership.objects.filter(member=user, group=group)
if not group_membership:
group_membership = GroupMembership()
group_membership.group = group
group_membership.member = user
group_membership.creator_id = user.id
group_membership.creator_username = user.username
group_membership.owner_id = user.id
group_membership.owner_username = user.username
group_membership.save()
EventLog.objects.log(instance=group_membership)
if group_membership.is_newsletter_subscribed:
group_membership.subscribe_to_newsletter()
messages.add_message(request, messages.SUCCESS, _('Successfully added yourself to group %(grp)s' % {'grp':group}))
else:
messages.add_message(request, messages.INFO, _('You are already in the group %(grp)s' % {'grp': group}))
return HttpResponseRedirect(reverse('group.search'))
def group_detail(request, group_slug, template_name="user_groups/detail.html"):
group = get_object_or_404(Group, slug=group_slug)
membership_view_perms = get_setting('module', 'memberships', 'memberprotection')
if not has_view_perm(request.user,'user_groups.view_group',group):
raise Http403
if group in request.user.profile.get_groups():
is_group_member = True
gm = GroupMembership.objects.get(group=group, member=request.user)
else:
is_group_member = False
gm = None
EventLog.objects.log(instance=group)
if request.user.profile.is_superuser or membership_view_perms <> 'private':
groupmemberships = GroupMembership.objects.filter(
group=group,
status=True,
status_detail='active').order_by('member__last_name')
else:
groupmemberships = GroupMembership.objects.none()
count_members = len(groupmemberships)
return render_to_response(
template_name,
locals(),
context_instance=RequestContext(request))
def group_membership_self_remove(request, slug, user_id):
group = get_object_or_404(Group, slug=slug)
if not has_view_perm(request.user, 'user_groups.view_group',
group) and not group.allow_self_remove:
raise Http403
user = get_object_or_404(User, pk=user_id)
group_membership = GroupMembership.objects.filter(member=user, group=group)
if group_membership:
group_membership = group_membership[0]
if group_membership.member == user:
EventLog.objects.log(instance=group_membership)
group_membership.delete()
messages.add_message(
request, messages.SUCCESS,
_('Successfully removed yourself from group %(grp)s' %
{'grp': group}))
else:
messages.add_message(
request, messages.INFO,
_('You are not in the group %(grp)s' % {'grp': group}))
return HttpResponseRedirect(reverse('group.search'))
def photoset_details(request, id, template_name="photos/photo-set/details.html"):
""" View photos in photo set """
photo_set = get_object_or_404(PhotoSet, id=id)
if not has_view_perm(request.user, 'photos.view_photoset', photo_set):
raise Http403
order = get_setting('module', 'photos', 'photoordering')
#if order == 'descending':
# photos = photo_set.get_images(user=request.user).order_by('-pk')
#else:
# photos = photo_set.get_images(user=request.user).order_by('pk')
photos = photo_set.get_images(user=request.user).order_by("position")
EventLog.objects.log(**{
'event_id': 991500,
'event_data': '%s (%d) viewed by %s' % (photo_set._meta.object_name, photo_set.pk, request.user),
'description': '%s viewed' % photo_set._meta.object_name,
'user': request.user,
'request': request,
'instance': photo_set,
})
return render_to_response(template_name, {
"photos": photos,
"photo_set": photo_set,
}, context_instance=RequestContext(request))
def display_header_image(request, id):
page = get_object_or_404(Page, pk=id)
if not has_view_perm(request.user, '[pages.view_page', page):
raise Http403
return file_display(request, page.header_image.file.name)
def group_detail(request, group_slug, template_name="user_groups/detail.html"):
group = get_object_or_404(Group, slug=group_slug)
membership_view_perms = get_setting('module', 'memberships',
'memberprotection')
if not has_view_perm(request.user, 'user_groups.view_group', group):
raise Http403
if group in request.user.profile.get_groups():
is_group_member = True
gm = GroupMembership.objects.get(group=group, member=request.user)
else:
is_group_member = False
gm = None
EventLog.objects.log(instance=group)
if request.user.profile.is_superuser or membership_view_perms <> 'private':
groupmemberships = GroupMembership.objects.filter(
group=group, status=True,
status_detail='active').order_by('member__last_name')
else:
groupmemberships = GroupMembership.objects.none()
count_members = len(groupmemberships)
return render_to_response(template_name,
locals(),
context_instance=RequestContext(request))
def group_membership_self_add(request, slug, user_id):
group = get_object_or_404(Group, slug=slug)
user = get_object_or_404(User, pk=user_id)
if not has_view_perm(request.user,'user_groups.view_group', group) and not group.allow_self_add:
raise Http403
group_membership = GroupMembership.objects.filter(member=user, group=group)
if not group_membership:
group_membership = GroupMembership()
group_membership.group = group
group_membership.member = user
group_membership.creator_id = user.id
group_membership.creator_username = user.username
group_membership.owner_id = user.id
group_membership.owner_username = user.username
group_membership.save()
EventLog.objects.log(instance=group_membership)
if group_membership.is_newsletter_subscribed:
group_membership.subscribe_to_newsletter()
messages.add_message(request, messages.SUCCESS, _('Successfully added yourself to group %(grp)s' % {'grp':group}))
else:
messages.add_message(request, messages.INFO, _('You are already in the group %(grp)s' % {'grp': group}))
return HttpResponseRedirect(reverse('group.search'))
def display_header_image(request, id):
page = get_object_or_404(Page, pk=id)
if not has_view_perm(request.user, "[pages.view_page", page):
raise Http403
return file_display(request, page.header_image.file.name)
def details(request, slug=None, template_name="directories/view.html"):
if not slug: return HttpResponseRedirect(reverse('directories'))
directory = get_object_or_404(Directory, slug=slug)
if has_view_perm(request.user, 'directories.view_directory', directory) \
or directory.has_membership_with(request.user):
EventLog.objects.log(instance=directory)
if get_setting('module', 'directories', 'affiliates_enabled'):
affiliates_list = directory.get_list_affiliates()
parents_list = directory.get_list_parent_directories()
# list of affiliate requests
affiliate_requests = directory.from_directory.all()
else:
affiliates_list = None
parents_list = None
affiliate_requests = None
return render_to_resp(request=request,
template_name=template_name,
context={
'directory': directory,
'affiliates_list': affiliates_list,
'parents_list': parents_list,
'affiliate_requests': affiliate_requests
})
raise Http403
def print_view(request, id, template_name="contacts/print-view.html"):
contact = get_object_or_404(Contact, pk=id)
if has_view_perm(request.user,'contacts.view_contact',contact):
return render_to_response(template_name, {'contact': contact},
context_instance=RequestContext(request))
else:
raise Http403
def print_view(request, id, template_name="contacts/print-view.html"):
contact = get_object_or_404(Contact, pk=id)
if has_view_perm(request.user,'contacts.view_contact',contact):
return render_to_resp(request=request, template_name=template_name,
context={'contact': contact})
else:
raise Http403
def logo_display(request, id):
directory = get_object_or_404(Directory, pk=id)
if not has_view_perm(request.user, 'directories.view_directory',
directory):
raise Http403
return file_display(request, directory.logo.name)
def print_view(request, id, template_name="contacts/print-view.html"):
contact = get_object_or_404(Contact, pk=id)
if has_view_perm(request.user, 'contacts.view_contact', contact):
return render_to_response(template_name, {'contact': contact},
context_instance=RequestContext(request))
else:
raise Http403
def logo_display(request, id):
directory = get_object_or_404(Directory, pk=id)
if not has_view_perm(request.user,
'directories.view_directory',
directory):
raise Http403
return file_display(request, directory.logo.name)
def details(request, id=None, template_name="contacts/view.html"):
if not id: return HttpResponseRedirect(reverse('contacts'))
contact = get_object_or_404(Contact, pk=id)
if has_view_perm(request.user, 'contacts.view_contact', contact):
return render_to_response(template_name, {'contact': contact},
context_instance=RequestContext(request))
else:
raise Http403
def details(request, id=None, template_name="contacts/view.html"):
if not id: return HttpResponseRedirect(reverse('contacts'))
contact = get_object_or_404(Contact, pk=id)
if has_view_perm(request.user,'contacts.view_contact',contact):
return render_to_resp(request=request, template_name=template_name,
context={'contact': contact})
else:
raise Http403
def print_view(request, slug, template_name="directories/print-view.html"):
directory = get_object_or_404(Directory, slug=slug)
if has_view_perm(request.user,'directories.view_directory',directory):
EventLog.objects.log(instance=directory)
return render_to_response(template_name, {'directory': directory},
context_instance=RequestContext(request))
else:
raise Http403
def print_view(request, id, template_name="files/print-view.html"):
file = get_object_or_404(File, pk=id)
# check permission
if not has_view_perm(request.user, 'files.view_file', file):
raise Http403
return render_to_response(template_name, {'file': file},
context_instance=RequestContext(request))
def print_details(request, id, template_name="stories/print_details.html"):
story = get_object_or_404(Story, pk=id)
if not has_view_perm(request.user,'stories.view_story', story):
raise Http403
EventLog.objects.log(instance=story)
return render_to_response(template_name, {'story': story},
context_instance=RequestContext(request))
def detail(request, slug, template_name="locations/view.html"):
location = get_object_or_404(Location, slug=slug)
if has_view_perm(request.user,'locations.view_location',location):
EventLog.objects.log(instance=location)
return render_to_resp(request=request, template_name=template_name,
context={'location': location})
else:
raise Http403
def detail(request, slug, template_name="locations/view.html"):
location = get_object_or_404(Location, slug=slug)
if has_view_perm(request.user, 'locations.view_location', location):
EventLog.objects.log(instance=location)
return render_to_response(template_name, {'location': location},
context_instance=RequestContext(request))
else:
raise Http403
def print_details(request, id, template_name="stories/print_details.html"):
story = get_object_or_404(Story, pk=id)
if not has_view_perm(request.user, 'stories.view_story', story):
raise Http403
EventLog.objects.log(instance=story)
return render_to_response(template_name, {'story': story},
context_instance=RequestContext(request))
def index(request,
slug=None,
id=None,
hash=None,
template_name="pages/view.html"):
"""
Return page object, either as an archive, active, or version.
"""
if not slug and not id and not hash:
return HttpResponseRedirect(reverse('page.search'))
if hash:
version = get_object_or_404(Version, hash=hash)
current_page = get_object_or_404(Page, pk=version.object_id)
page = version.get_version_object()
msg_string = 'You are viewing a previous version of this article. View the ' + \
'<a href="%s">Current Version</a>.' % current_page.get_absolute_url()
messages.add_message(request, messages.WARNING, _(msg_string))
elif id:
page = get_object_or_404(Page, pk=id)
if page.status_detail != 'active':
if not request.user.is_authenticated():
pages = Page.objects.filter(
slug=page.slug, status_detail='active').order_by('-pk')
if not pages:
pages = Page.objects.filter(slug=slug).order_by('-pk')
if not pages:
raise Http404
return HttpResponseRedirect(reverse('page', args=[page.slug]))
else:
try:
page = get_object_or_404(Page, slug=slug)
except Page.MultipleObjectsReturned:
pages = Page.objects.filter(slug=slug,
status_detail='active').order_by('-pk')
if not pages:
pages = Page.objects.filter(slug=slug).order_by('-pk')
if not pages:
raise Http404
page = pages[0]
if not has_view_perm(request.user, 'pages.view_page', page):
raise Http403
if not page.template or not template_exists(page.template):
page.template = "pages/base.html"
EventLog.objects.log(instance=page)
return render_to_response(template_name, {
'page': page,
'association_name': get_association_name(request)
},
context_instance=RequestContext(request))
def print_view(request, slug, template_name="resumes/print-view.html"):
resume = get_object_or_404(Resume, slug=slug)
EventLog.objects.log(instance=resume)
if has_view_perm(request.user,'resumes.view_resume',resume):
return render_to_response(template_name, {'resume': resume},
context_instance=RequestContext(request))
else:
raise Http403
def print_view(request, id, template_name="locations/print-view.html"):
location = get_object_or_404(Location, pk=id)
if has_view_perm(request.user,'locations.view_location',location):
EventLog.objects.log(instance=location)
return render_to_response(template_name, {'location': location},
context_instance=RequestContext(request))
else:
raise Http403
def print_view(request, slug, template_name="resumes/print-view.html"):
resume = get_object_or_404(Resume, slug=slug)
EventLog.objects.log(instance=resume)
if has_view_perm(request.user,'resumes.view_resume',resume):
return render_to_resp(request=request, template_name=template_name,
context={'resume': resume})
else:
raise Http403
def detail(request, slug, template_name="help_files/details.html"):
"""Help file details"""
help_file = get_object_or_404(HelpFile, slug=slug)
if has_view_perm(request.user, 'help_files.view_helpfile', help_file):
HelpFile.objects.filter(pk=help_file.pk).update(view_totals=help_file.view_totals+1)
EventLog.objects.log(instance=help_file)
return render_to_resp(request=request, template_name=template_name,
context={'help_file': help_file})
else:
raise Http403
def details(request, id=None, template_name="stories/view.html"):
if not id: return HttpResponseRedirect(reverse('story.search'))
story = get_object_or_404(Story, pk=id)
if not has_view_perm(request.user,'stories.view_story', story):
raise Http403
EventLog.objects.log(instance=story)
return render_to_response(template_name, {'story': story},
context_instance=RequestContext(request))
def print_view(request, id, template_name="files/print-view.html"):
file = get_object_or_404(File, pk=id)
# check permission
if not has_view_perm(request.user, 'files.view_file', file):
raise Http403
return render_to_response(
template_name, {
'file': file
}, context_instance=RequestContext(request))
def details(request, id=None, template_name="stories/view.html"):
if not id: return HttpResponseRedirect(reverse('story.search'))
story = get_object_or_404(Story, pk=id)
if not has_view_perm(request.user, 'stories.view_story', story):
raise Http403
EventLog.objects.log(instance=story)
return render_to_response(template_name, {'story': story},
context_instance=RequestContext(request))
def details(request, slug=None, template_name="directories/view.html"):
if not slug: return HttpResponseRedirect(reverse('directories'))
directory = get_object_or_404(Directory, slug=slug)
if has_view_perm(request.user,'directories.view_directory',directory):
EventLog.objects.log(instance=directory)
return render_to_response(template_name, {'directory': directory},
context_instance=RequestContext(request))
else:
raise Http403
def print_view(request, id, template_name="locations/print-view.html"):
location = get_object_or_404(Location, pk=id)
if has_view_perm(request.user, 'locations.view_location', location):
EventLog.objects.log(instance=location)
return render_to_resp(request=request,
template_name=template_name,
context={'location': location})
else:
raise Http403
def print_view(request, slug, template_name="jobs/print-view.html"):
job = get_object_or_404(Job, slug=slug)
can_view = has_view_perm(request.user, 'jobs.view_job', job)
if can_view:
EventLog.objects.log(instance=job)
return render_to_response(template_name, {'job': job},
context_instance=RequestContext(request))
else:
raise Http403
def print_view(request, slug, template_name="jobs/print-view.html"):
job = get_object_or_404(Job, slug=slug)
can_view = has_view_perm(request.user, 'jobs.view_job', job)
if can_view:
EventLog.objects.log(instance=job)
return render_to_response(template_name, {'job': job},
context_instance=RequestContext(request))
else:
raise Http403
def details(request, slug=None, template_name="directories/view.html"):
if not slug: return HttpResponseRedirect(reverse('directories'))
directory = get_object_or_404(Directory, slug=slug)
if has_view_perm(request.user, 'directories.view_directory', directory) \
or directory.has_membership_with(request.user):
EventLog.objects.log(instance=directory)
return render_to_resp(request=request, template_name=template_name,
context={'directory': directory})
raise Http403
def detail(request, slug, template_name="help_files/details.html"):
"""Help file details"""
help_file = get_object_or_404(HelpFile, slug=slug)
if has_view_perm(request.user, 'help_files.view_helpfile', help_file):
HelpFile.objects.filter(pk=help_file.pk).update(
view_totals=help_file.view_totals + 1)
EventLog.objects.log(instance=help_file)
return render_to_response(template_name, {'help_file': help_file},
context_instance=RequestContext(request))
else:
raise Http403
def index(request, slug=None, id=None, hash=None,
template_name="pages/view.html"):
"""
Return page object, either as an archive, active, or version.
"""
if not slug and not id and not hash:
return HttpResponseRedirect(reverse('page.search'))
if hash:
version = get_object_or_404(Version, hash=hash)
current_page = get_object_or_404(Page, pk=version.object_id)
page = version.get_version_object()
msg_string = 'You are viewing a previous version of this article. View the ' + \
'<a href="%s">Current Version</a>.' % current_page.get_absolute_url()
messages.add_message(request, messages.WARNING, _(msg_string))
elif id:
page = get_object_or_404(Page, pk=id)
if page.status_detail != 'active':
if not request.user.is_authenticated():
pages = Page.objects.filter(
slug=page.slug, status_detail='active'
).order_by('-pk')
if not pages:
pages = Page.objects.filter(slug=slug).order_by('-pk')
if not pages:
raise Http404
return HttpResponseRedirect(reverse('page', args=[page.slug]))
else:
try:
page = get_object_or_404(Page, slug=slug)
except Page.MultipleObjectsReturned:
pages = Page.objects.filter(
slug=slug, status_detail='active'
).order_by('-pk')
if not pages:
pages = Page.objects.filter(slug=slug).order_by('-pk')
if not pages:
raise Http404
page = pages[0]
if not has_view_perm(request.user, 'pages.view_page', page):
raise Http403
if not page.template or not template_exists(page.template):
page.template = "pages/base.html"
EventLog.objects.log(instance=page)
return render_to_response(template_name, {'page': page},
context_instance=RequestContext(request))
def detail(request, slug=None, template_name="jobs/view.html"):
if not slug:
return HttpResponseRedirect(reverse('jobs'))
job = get_object_or_404(Job.objects.select_related(), slug=slug)
can_view = has_view_perm(request.user, 'jobs.view_job', job)
if can_view:
EventLog.objects.log(instance=job)
return render_to_response(template_name, {'job': job},
context_instance=RequestContext(request))
else:
raise Http403
def detail(request, slug=None, template_name="jobs/view.html"):
if not slug:
return HttpResponseRedirect(reverse('jobs'))
job = get_object_or_404(Job.objects.select_related(), slug=slug)
can_view = has_view_perm(request.user, 'jobs.view_job', job)
if can_view:
EventLog.objects.log(instance=job)
return render_to_response(template_name, {'job': job},
context_instance=RequestContext(request))
else:
raise Http403
def sizes(request, id, size_name='', template_name="photos/sizes.html"):
""" Show all photo sizes """
# security-check on size name
if not size_name:
return redirect('photo_square', id=id)
photo = get_object_or_404(Image, id=id)
if not has_view_perm(request.user, 'photos.view_image', photo):
raise Http403
# get sizes
if size_name == 'original':
sizes = (photo.image.width, photo.image.height)
else: # use photos size table
if not photo.file_exists():
raise Http404
sizes = getattr(photo, 'get_%s_size' % size_name)()
if not sizes or not all(sizes):
raise Http404
# get download url
if size_name == 'square':
source_url = reverse('photo.size', kwargs={'id':id, 'crop':'crop', 'size':"%sx%s" % sizes})
download_url = reverse('photo_crop_download', kwargs={'id':id, 'size':"%sx%s" % sizes})
else:
source_url = reverse('photo.size', kwargs={'id':id, 'size':"%sx%s" % sizes})
download_url = reverse('photo_download', kwargs={'id':id, 'size':"%sx%s" % sizes})
try:
original_source_url = reverse('photo.size', kwargs={'id':id, 'size':"%sx%s" % (photo.image.width, photo.image.height)})
except TypeError:
# exception happens if image is corrupted. maybe it should raise 404 here?
original_source_url = ''
view_original_requirments = [
request.user.profile.is_superuser,
request.user == photo.creator,
request.user == photo.owner,
photo.get_license().name != 'All Rights Reserved',
]
return render_to_resp(request=request, template_name=template_name, context={
"photo": photo,
"size_name": size_name.replace("_"," "),
"download_url": download_url,
"source_url": source_url,
"original_source_url": original_source_url,
"can_view_original": any(view_original_requirments),
})
def index(request, slug=None, template_name="resumes/view.html"):
if not get_setting('module', 'resumes', 'enabled'):
redirect = get_object_or_404(Redirect, from_app='resumes')
return HttpResponseRedirect('/' + redirect.to_url)
if not slug: return HttpResponseRedirect(reverse('resume.search'))
resume = get_object_or_404(Resume, slug=slug)
if has_view_perm(request.user,'resumes.view_resume',resume):
EventLog.objects.log()
return render_to_response(template_name, {'resume': resume},
context_instance=RequestContext(request))
else:
raise Http403
def index(request, slug=None, template_name="resumes/view.html"):
if not get_setting('module', 'resumes', 'enabled'):
redirect = get_object_or_404(Redirect, from_app='resumes')
return HttpResponseRedirect('/' + redirect.to_url)
if not slug: return HttpResponseRedirect(reverse('resume.search'))
resume = get_object_or_404(Resume, slug=slug)
if has_view_perm(request.user,'resumes.view_resume',resume):
EventLog.objects.log()
return render_to_resp(request=request, template_name=template_name,
context={'resume': resume})
else:
raise Http403
def print_view(request, slug, template_name="articles/print-view.html"):
article = get_object_or_404(Article, slug=slug)
if article.release_dt >= datetime.now():
if not any([
has_perm(request.user, 'articles.view_article'), request.user
== article.owner, request.user == article.creator
]):
raise Http403
if has_view_perm(request.user, 'articles.view_article', article):
EventLog.objects.log(instance=article)
return render_to_response(template_name, {'article': article},
context_instance=RequestContext(request))
else:
raise Http403
def resume_file(request, slug=None, template_name="resumes/view.html"):
if not slug: return HttpResponseRedirect(reverse('resume.search'))
resume = get_object_or_404(Resume, slug=slug)
if has_view_perm(request.user,'resumes.view_resume',resume):
if resume.resume_file:
EventLog.objects.log(instance=resume)
response = HttpResponse(resume.resume_file)
response['Content-Disposition'] = 'attachment; filename="%s"' % (os.path.basename(unicode(resume.resume_file)))
return response
else:
return HttpResponseRedirect(reverse('resume.search'))
else:
raise Http403
def resume_file(request, slug=None, template_name="resumes/view.html"):
if not slug: return HttpResponseRedirect(reverse('resume.search'))
resume = get_object_or_404(Resume, slug=slug)
if has_view_perm(request.user,'resumes.view_resume',resume):
if resume.resume_file:
EventLog.objects.log(instance=resume)
response = HttpResponse(resume.resume_file)
response['Content-Disposition'] = 'attachment; filename="%s"' % (os.path.basename(str(resume.resume_file)))
return response
else:
return HttpResponseRedirect(reverse('resume.search'))
else:
raise Http403
def sizes(request, id, size_name='', template_name="photos/sizes.html"):
""" Show all photo sizes """
# security-check on size name
if not size_name:
return redirect('photo_square', id=id)
photo = get_object_or_404(Image, id=id)
if not has_view_perm(request.user, 'photos.view_image', photo):
raise Http403
# get sizes
if size_name == 'original':
sizes = (photo.image.width, photo.image.height)
else: # use photos size table
if not photo.file_exists():
raise Http404
sizes = getattr(photo, 'get_%s_size' % size_name)()
# get download url
if size_name == 'square':
source_url = reverse('photo.size', kwargs={'id':id, 'crop':'crop', 'size':"%sx%s" % sizes})
download_url = reverse('photo_crop_download', kwargs={'id':id, 'size':"%sx%s" % sizes})
else:
source_url = reverse('photo.size', kwargs={'id':id, 'size':"%sx%s" % sizes})
download_url = reverse('photo_download', kwargs={'id':id, 'size':"%sx%s" % sizes})
try:
original_source_url = reverse('photo.size', kwargs={'id':id, 'size':"%sx%s" % (photo.image.width, photo.image.height)})
except TypeError:
# exception happens if image is corrupted. maybe it should raise 404 here?
original_source_url = ''
view_original_requirments = [
request.user.profile.is_superuser,
request.user == photo.creator,
request.user == photo.owner,
photo.get_license().name != 'All Rights Reserved',
]
return render_to_response(template_name, {
"photo": photo,
"size_name": size_name.replace("_"," "),
"download_url": download_url,
"source_url": source_url,
"original_source_url": original_source_url,
"can_view_original": any(view_original_requirments),
}, context_instance=RequestContext(request))
def print_view(request, slug, template_name="articles/print-view.html"):
article = get_object_or_404(Article, slug=slug)
if article.release_dt >= datetime.now():
if not any([
has_perm(request.user, 'articles.view_article'),
request.user == article.owner,
request.user == article.creator
]):
raise Http403
if has_view_perm(request.user, 'articles.view_article', article):
EventLog.objects.log(instance=article)
return render_to_resp(request=request, template_name=template_name,
context={'article': article})
else:
raise Http403
def detail(request, slug=None, template_name="case_studies/view.html"):
if not slug: return HttpResponseRedirect(reverse('case_study'))
case_study = get_object_or_404(CaseStudy, slug=slug)
services = Service.objects.all()
technologies = Technology.objects.all()
# non-admin can not view the non-active content
# status=0 has been taken care of in the has_perm function
if (case_study.status_detail).lower() <> 'active' and (not request.user.profile.is_superuser):
raise Http403
if has_view_perm(request.user, 'case_studies.view_casestudy', case_study):
EventLog.objects.log(instance=case_study)
return render_to_response(template_name, {'case_study': case_study, 'services': services, 'technologies': technologies},
context_instance=RequestContext(request))
else:
raise Http403
def detail(request, slug=None, template_name="case_studies/view.html"):
if not slug: return HttpResponseRedirect(reverse('case_study'))
case_study = get_object_or_404(CaseStudy, slug=slug)
services = Service.objects.all()
technologies = Technology.objects.all()
# non-admin can not view the non-active content
# status=0 has been taken care of in the has_perm function
if (case_study.status_detail).lower() != 'active' and (not request.user.profile.is_superuser):
raise Http403
if has_view_perm(request.user, 'case_studies.view_casestudy', case_study):
EventLog.objects.log(instance=case_study)
return render_to_resp(request=request, template_name=template_name,
context={'case_study': case_study, 'services': services, 'technologies': technologies})
else:
raise Http403
def detail(request, id=None, template_name="locations/view.html"):
if not id: return HttpResponseRedirect(reverse('locations'))
try:
int_id = int(id)
except:
int_id = 0
try:
location = get_object_or_404(Location, slug=id)
except Http404:
location = get_object_or_404(Location, pk=int_id)
return HttpResponseRedirect(location.get_absolute_url())
if has_view_perm(request.user,'locations.view_location',location):
EventLog.objects.log(instance=location)
return render_to_response(template_name, {'location': location},
context_instance=RequestContext(request))
else:
raise Http403
def detail(request, id=None, template_name="locations/view.html"):
if not id: return HttpResponseRedirect(reverse('locations'))
try:
int_id = int(id)
except:
int_id = 0
try:
location = get_object_or_404(Location, slug=id)
except Http404:
location = get_object_or_404(Location, pk=int_id)
return HttpResponseRedirect(location.get_absolute_url())
if has_view_perm(request.user, 'locations.view_location', location):
EventLog.objects.log(instance=location)
return render_to_response(template_name, {'location': location},
context_instance=RequestContext(request))
else:
raise Http403
def detail(request, slug=None, cv=None):
"""Staff plugin details view"""
staff = get_object_or_404(Staff, slug=slug)
# non-admin can not view the non-active content
# status=0 has been taken care of in the has_perm function
if (staff.status_detail).lower() <> 'active' and (not request.user.profile.is_superuser):
raise Http403
if cv:
template_name="staff/cv.html"
else:
template_name="staff/view.html"
if has_view_perm(request.user, 'staff.view_staff', staff):
EventLog.objects.log(instance=staff)
return render_to_response(template_name, {'staff': staff},
context_instance=RequestContext(request))
else:
raise Http403
def group_membership_self_remove(request, slug, user_id):
group = get_object_or_404(Group, slug=slug)
if not has_view_perm(request.user,'user_groups.view_group', group) and not group.allow_self_remove:
raise Http403
user = get_object_or_404(User, pk=user_id)
group_membership = GroupMembership.objects.filter(member=user, group=group)
if group_membership:
group_membership = group_membership[0]
if group_membership.member == user:
EventLog.objects.log(instance=group_membership)
group_membership.delete()
messages.add_message(request, messages.SUCCESS, _('Successfully removed yourself from group %(grp)s' % {'grp':group}))
else:
messages.add_message(request, messages.INFO, _('You are not in the group %(grp)s' % {'grp': group}))
return HttpResponseRedirect(reverse('group.search'))
def files(request, id):
"""
Returns file. Allows us to handle privacy.
If default storage is remote:
We can get data from remote location, convert to file
object and return a file response.
"""
import os
import mimetypes
from django.http import Http404
from django.core.files.base import ContentFile
from django.core.files.storage import default_storage
from tendenci.apps.perms.utils import has_view_perm
from tendenci.apps.forms_builder.forms.models import FieldEntry
field = get_object_or_404(FieldEntry, pk=id)
form = field.field.form
base_name = os.path.basename(field.value)
mime_type = mimetypes.guess_type(base_name)[0]
if not has_view_perm(request.user, 'forms.view_form', form):
raise Http403
if not mime_type:
raise Http404
if not default_storage.exists(field.value):
raise Http404
data = default_storage.open(field.value).read()
f = ContentFile(data)
EventLog.objects.log()
response = HttpResponse(f.read(), content_type=mime_type)
response['Content-Disposition'] = 'filename="%s"' % base_name
return response
