def attachments(request, title): document = get_object_or_404(Document, url_title=title) check_permissions(document, request.user, [document.edit_permission_name]) success, form, __ = handle_attachment(request, document) if success: messages.success(request, _("File has been uploaded successfully!")) return HttpResponseRedirect( reverse(document.get_attachments_url_name(), args=[document.url_title])) else: return render( request, "documents_attachments.html", { 'document': document, 'edit_url': reverse(document.get_attachments_url_name(), args=[document.url_title]), 'form': form, 'attachments': document.attachments.all().order_by('index'), 'active_page': 'attachments', 'permission_overview': document_permission_overview(request.user, document), })
def edit(request, title, new_autosaved_pages=None, initial=None): document = Document.objects.get(url_title=title) content_type = ContentType.objects.get_for_model(document) check_permissions(document, request.user, [document.edit_permission_name]) # if the edit form has a formset we will initialize it here formset_factory = document.Form.get_formset_factory() formset = formset_factory(request.POST or None, instance=document) if formset_factory is not None else None if formset is not None: template_name = "{app}_edit.html".format(app=content_type.app_label) else: template_name = "documents_edit.html" success, form = handle_edit(request, document, formset, initial) __, attachment_form, __ = handle_attachment(request, document) if success: messages.success(request, _("Successfully saved changes")) return HttpResponseRedirect(reverse('documents:view', args=[document.url_title])) else: return render(request, template_name, { 'document': document, 'form': form, 'attachment_form': attachment_form, 'active_page': 'edit', 'creation': (len(revisions.get_for_object(document)) == 0), 'new_autosaved_pages': new_autosaved_pages, 'permission_warning': permission_warning(request.user, content_type, document), 'supported_image_types': settings.SUPPORTED_IMAGE_TYPES, 'formset': formset, })
def delete_document(request, title): document = get_object_or_404(Document, url_title=title) check_permissions(document, request.user, [document.edit_permission_name]) document.delete() messages.success(request, _("Successfully deleted document: {}".format(document.title))) return HttpResponse()
def delete_document(request, title): document = get_object_or_404(Document, url_title=title) if document.is_in_creation: try: # check super user permissions check_permissions(document, request.user, [document.edit_permission_name]) except PermissionDenied: # check if an autosave has already been created autosaves_for_document = TemporaryDocumentText.objects.filter( document=document) if autosaves_for_document.exists(): # with an unsaved document, only one user can have autosaves if autosaves_for_document.first().author != request.user: raise PermissionDenied else: # no permission check possible if no autosave was saved (current behavior is not ideal) raise PermissionDenied else: check_permissions(document, request.user, [document.edit_permission_name]) document.delete() messages.success( request, _("Successfully deleted document: {}").format(document.title)) return HttpResponse()
def view(request, title): document = get_object_or_404(Document, url_title=title) content_type = ContentType.objects.get_for_model(document) check_permissions(document, request.user, [document.view_permission_name]) try: function = get_model_function(content_type, 'view') return function(request, title) except (ImportError, AttributeError): pass text, toc = convert_markdown(document.text) return render( request, 'documents_base.html', { 'document': document, 'text': text, 'toc': toc, 'attachments': document.attachments.filter( no_direct_download=False).order_by('index'), 'active_page': 'view', 'view_page': True, 'permission_overview': document_permission_overview(request.user, document), })
def delete_autosave(request, title): if request.method != 'POST': raise Http404 # first check that the user actually may change this document document = get_object_or_404(Document, url_title=title) check_permissions(document, request.user, [document.edit_permission_name]) # second check that the supplied autosave id matches to the document and has been created by the user autosave_id = request.POST['autosave_id'] autosave = get_object_or_404(TemporaryDocumentText, id=autosave_id) autosaves_for_object_and_user = TemporaryDocumentText.objects.filter( document=document, author=request.user) if autosave not in autosaves_for_object_and_user: raise SuspiciousOperation if document.is_in_creation: # this is a new document that only has this autosave right now and nothing else, we can safely delete this document document.delete() messages.success( request, _("Successfully deleted document: {}").format(document.title)) response = HttpResponseRedirect(reverse("index")) else: # everything seems to be alright, we can delete the autosave and leave the document as such intact autosave.delete() messages.success(request, _("Successfully deleted autosave")) response = HttpResponseRedirect( reverse("edit", args=[document.url_title])) return response
def permissions(request, title): document = get_object_or_404(Document, url_title=title) content_type = ContentType.objects.get_for_model(document) check_permissions(document, request.user, [document.edit_permission_name]) if not document.show_permissions_editor(): raise PermissionDenied() PermissionForm = get_permission_form(document) PermissionFormset = formset_factory(get_permission_form(document), extra=0) initial_data = PermissionForm.prepare_initial_data(Group.objects.all(), content_type, document) formset = PermissionFormset(request.POST or None, initial=initial_data) if request.POST and formset.is_valid(): for form in formset: form.save(document) messages.success(request, _("Permissions have been changed successfully.")) if request.user.has_perm(document.edit_permission_name, document): return HttpResponseRedirect(reverse(document.get_permissions_url_name(), args=[document.url_title])) if request.user.has_perm(document.view_permission_name, document): return HttpResponseRedirect(reverse(document.get_view_url_name(), args=[document.url_title])) return HttpResponseRedirect(reverse('index')) return render(request, 'documents_permissions.html', { 'document': document, 'formset_header': PermissionForm.header(content_type), 'formset': formset, 'active_page': 'permissions', 'permission_overview': document_permission_overview(request.user, document), })
def delete_autosave(request, title): if request.method != 'POST': raise Http404 # first check that the user actually may change this document document = get_object_or_404(Document, url_title=title) check_permissions(document, request.user, [document.edit_permission_name]) # second check that the supplied autosave id matches to the document and has been created by the user autosave_id = request.POST['autosave_id'] autosave = get_object_or_404(TemporaryDocumentText, id=autosave_id) autosaves_for_object_and_user = TemporaryDocumentText.objects.filter(document=document, author=request.user) if autosave not in autosaves_for_object_and_user: raise SuspiciousOperation if document.is_in_creation: # this is a new document that only has this autosave right now and nothing else, we can safely delete this document document.delete() messages.success(request, _("Successfully deleted document: {}").format(document.title)) response = HttpResponseRedirect(reverse("index")) else: # everything seems to be alright, we can delete the autosave and leave the document as such intact autosave.delete() messages.success(request, _("Successfully deleted autosave")) response = HttpResponseRedirect(reverse("edit", args=[document.url_title])) return response
def delete_document(request, title): document = get_object_or_404(Document, url_title=title) check_permissions(document, request.user, [document.edit_permission_name]) document.delete() messages.success( request, _("Successfully deleted document: {}").format(document.title)) return HttpResponse()
def publish(request, title): document = Document.objects.get(url_title=title) check_permissions(document, request.user, [document.edit_permission_name]) if not document.show_publish_button(): raise PermissionDenied() document.publish() messages.success(request, _("Minutes document has been published.")) return HttpResponseRedirect(reverse("documents:view", args=[document.url_title]))
def publish(request, title, state_id): document = get_object_or_404(Document, url_title=title) check_permissions(document, request.user, [document.edit_permission_name]) if not document.show_publish_button(): raise PermissionDenied() document.publish(state_id) messages.success(request, _("Minutes document has been published.")) return HttpResponseRedirect(reverse(document.get_view_url_name(), args=[document.url_title]))
def autosave(request, title): document = None try: document = Document.objects.get(url_title=title) check_permissions(document, request.user, [document.edit_permission_name]) except Document.DoesNotExist: pass handle_autosave(request, document) return HttpResponse()
def revert(request): if not request.is_ajax() or not request.POST: raise Http404 version_id = request.POST['id'] document_url_title = request.POST['url_title'] document = get_object_or_404(Document, url_title=document_url_title) check_permissions(document, request.user, [document.edit_permission_name]) versions = revisions.get_for_object(document) if not document.can_be_reverted: raise SuspiciousOperation('This Document can not be reverted!') # find the we want to revert to revert_version = None for version in versions: if version.pk == int(version_id): revert_version = version break if revert_version is None: # user supplied version_id that does not exist raise SuspiciousOperation('Could not find document') revert_version.revision.revert(delete=False) fields = revert_version.field_dict document_class = ContentType.objects.get_for_id(fields.pop('polymorphic_ctype')).model_class() # Remove all references to parent objects, rename ForeignKeyFields, extract ManyToManyFields. new_fields = fields.copy() many_to_many_fields = {} for key in fields.keys(): if "_ptr" in key: del new_fields[key] continue if hasattr(document_class, key): field = getattr(document_class, key).field if isinstance(field, models.ManyToManyField): many_to_many_fields[key] = fields[key] else: new_fields[field.attname] = fields[key] del new_fields[key] reverted_document = document_class(**new_fields) with transaction.atomic(), revisions.create_revision(): reverted_document.save() # Restore ManyToManyFields for key in many_to_many_fields.keys(): getattr(reverted_document, key).clear() getattr(reverted_document, key).add(*many_to_many_fields[key]) revisions.set_user(request.user) revisions.set_comment( _('reverted to revision \"{revision_comment}\"'.format(revision_comment=revert_version.revision.comment))) return HttpResponse(reverse('versions', args=[reverted_document.url_title]))
def render_text(request, title): if request.method != 'POST': raise SuspiciousOperation document = Document.objects.get(url_title=title) check_permissions(document, request.user, [document.view_permission_name, document.edit_permission_name]) text = request.POST['text'] md = markdown.Markdown(safe_mode='escape', extensions=[TocExtension(baselevel=2), InternalLinksMarkdownExtension()]) text = md.convert(text) return HttpResponse(text, content_type='text/plain')
def autosave(request, title): document = None try: document = get_object_or_404(Document, url_title=title) if document.has_perms(): check_permissions(document, request.user, [document.edit_permission_name]) except Document.DoesNotExist: pass handle_autosave(request, document) return HttpResponse()
def versions(request, title): document = get_object_or_404(Document, url_title=title) check_permissions(document, request.user, [document.edit_permission_name]) document_versions = prepare_versions(document) return render(request, 'documents_versions.html', { 'active_page': 'versions', 'versions': document_versions, 'document': document, 'permission_warning': permission_warning(request.user, document), })
def publish(request, title, next_state_id): document = get_object_or_404(Document, url_title=title) check_permissions(document, request.user, [document.edit_permission_name]) if not document.show_publish_button(): raise PermissionDenied() document.publish(next_state_id) messages.success(request, _("Minutes document has been published.")) return HttpResponseRedirect( reverse(document.get_view_url_name(), args=[document.url_title]))
def view(request, title): poll = get_object_or_404(Document, url_title=title) check_permissions(poll, request.user, [Poll.get_view_permission()]) if poll.end_date < datetime.date.today() or poll.participants.filter(id=request.user.pk).exists(): return results(request, poll, title) elif poll.start_date > datetime.date.today(): messages.warning(request, _("This poll has not yet started.")) return index(request) else: if not request.user.has_perm('polls.vote_poll', poll): return results(request, poll, title) return vote(request, poll, title)
def render_text(request, title): if request.method != 'POST': raise SuspiciousOperation document = get_object_or_404(Document, url_title=title) if document.has_perms(): check_permissions(document, request.user, [document.view_permission_name, document.edit_permission_name]) text = request.POST['text'] md = markdown.Markdown(safe_mode='escape', extensions=[TocExtension(baselevel=2), InternalLinksMarkdownExtension(), 'markdown.extensions.abbr']) text = md.convert(text + abbreviation_explanation_markdown()) return HttpResponse(text, content_type='text/plain')
def versions(request, title): document = Document.objects.get(url_title=title) content_type = ContentType.objects.get_for_model(document) check_permissions(document, request.user, [document.edit_permission_name]) document_versions = prepare_versions(document) return render(request, 'documents_versions.html', { 'active_page': 'versions', 'versions': document_versions, 'document': document, 'permission_warning': permission_warning(request.user, content_type, document), })
def view(request, title): poll = get_object_or_404(Document, url_title=title) check_permissions(poll, request.user, [Poll.get_view_permission()]) if poll.end_date < datetime.date.today() or poll.participants.filter( id=request.user.pk).exists(): return results(request, poll, title) elif poll.start_date > datetime.date.today(): messages.warning(request, _("This poll has not yet started.")) return index(request) else: if not request.user.has_perm('polls.vote_poll', poll): return results(request, poll, title) return vote(request, poll, title)
def render_text(request, title): if request.method != 'POST': raise SuspiciousOperation document = get_object_or_404(Document, url_title=title) if document.has_perms(): check_permissions( document, request.user, [document.view_permission_name, document.edit_permission_name]) text, __ = convert_markdown(request.POST['text']) WebsocketGroup(get_group_name(document.hash_value)).send({'text': text}) return HttpResponse(text, content_type='text/plain')
def render_text(request, title): if request.method != 'POST': raise SuspiciousOperation document = get_object_or_404(Document, url_title=title) if document.has_perms(): check_permissions(document, request.user, [document.view_permission_name, document.edit_permission_name]) text, __ = convert_markdown(request.POST['text']) WebsocketGroup(get_group_name(document.hash_value)).send({ 'text': text }) return HttpResponse(text, content_type='text/plain')
def versions(request, title): document = get_object_or_404(Document, url_title=title) check_permissions(document, request.user, [document.edit_permission_name]) document_versions = prepare_versions(document) if not document.can_be_reverted: messages.warning(request, _('This Document can not be reverted!')) return render(request, 'documents_versions.html', { 'active_page': 'versions', 'versions': document_versions, 'document': document, 'permission_overview': document_permission_overview(request.user, document), 'can_be_reverted': document.can_be_reverted, })
def get_delete_cascade(request, title): document = get_object_or_404(Document, url_title=title) check_permissions(document, request.user, [document.edit_permission_name]) collector = NestedObjects(using=DEFAULT_DB_ALIAS) collector.collect([document]) delete_cascade = collector.nested() # remove all subclasses of current document from the list because that does not add much helpful information simplified_delete_cascade = [] for cascade_item in delete_cascade: if issubclass(type(document), type(cascade_item)) and not type(document) == type(cascade_item): continue simplified_delete_cascade.append(cascade_item) return HttpResponse(json.dumps(delete_cascade_to_json(simplified_delete_cascade)))
def edit(request, title, new_autosaved_pages=None, initial=None): document = get_object_or_404(Document, url_title=title) content_type = ContentType.objects.get_for_model(document) if document.has_perms(): check_permissions(document, request.user, [document.edit_permission_name]) elif new_autosaved_pages is None and initial is None: # page is not new and has no permissions set, it is likely that somebody tries to view an autosaved page # users are only allowed to view autosaved pages if they have the "add" permission for documents check_permissions(document, request.user, [document.add_permission_name]) try: autosave = TemporaryDocumentText.objects.get(document=document) if autosave.author != request.user: raise PermissionDenied except ObjectDoesNotExist: # There is no autosave linked to this document, this means that the document can be treated as a new # document, hence everyone with add permissions may work with this document pass # if the edit form has a formset we will initialize it here formset_factory = document.Form.get_formset_factory() formset = formset_factory(request.POST or None, instance=document) if formset_factory is not None else None if formset is not None: template_name = "{app}_edit.html".format(app=content_type.app_label) else: template_name = "documents_edit.html" success, form = handle_edit(request, document, formset, initial) __, attachment_form, __ = handle_attachment(request, document) if success: messages.success(request, _("Successfully saved changes")) return HttpResponseRedirect(reverse(document.get_view_url_name(), args=[document.url_title])) else: return render(request, template_name, { 'document': document, 'form': form, 'attachment_form': attachment_form, 'active_page': 'edit', 'creation': document.is_in_creation, 'new_autosaved_pages': new_autosaved_pages, 'permission_warning': permission_warning(request.user, document), 'supported_image_types': settings.SUPPORTED_IMAGE_TYPES, 'formset': formset, })
def attachments(request, title): document = get_object_or_404(Document, url_title=title) check_permissions(document, request.user, [document.edit_permission_name]) success, form, __ = handle_attachment(request, document) if success: messages.success(request, _("File has been uploaded successfully!")) return HttpResponseRedirect(reverse(document.get_attachments_url_name(), args=[document.url_title])) else: return render(request, "documents_attachments.html", { 'document': document, 'edit_url': reverse(document.get_attachments_url_name(), args=[document.url_title]), 'form': form, 'attachments': document.attachments.all().order_by('index'), 'active_page': 'attachments', 'permission_overview': document_permission_overview(request.user, document), })
def get_delete_cascade(request, title): document = get_object_or_404(Document, url_title=title) check_permissions(document, request.user, [document.edit_permission_name]) collector = NestedObjects(using=DEFAULT_DB_ALIAS) collector.collect([document]) delete_cascade = collector.nested() # remove all subclasses of current document from the list because that does not add much helpful information simplified_delete_cascade = [] for cascade_item in delete_cascade: if issubclass(type(document), type( cascade_item)) and not type(document) == type(cascade_item): continue simplified_delete_cascade.append(cascade_item) return HttpResponse( json.dumps(delete_cascade_to_json(simplified_delete_cascade)))
def attachments(request, title): document = Document.objects.get(url_title=title) content_type = ContentType.objects.get_for_model(document) check_permissions(document, request.user, [document.edit_permission_name]) success, form, __ = handle_attachment(request, document) if success: messages.success(request, _("File has been uploaded successfully!")) return HttpResponseRedirect(reverse("documents:attachments", args=[document.url_title])) else: return render(request, "documents_attachments.html", { 'document': document, 'edit_url': reverse('documents:attachments', args=[document.url_title]), 'form': form, 'attachments': document.attachments.all().order_by('index'), 'active_page': 'attachments', 'permission_warning': permission_warning(request.user, content_type, document), })
def render_text(request, title): if request.method != 'POST': raise SuspiciousOperation document = get_object_or_404(Document, url_title=title) if document.has_perms(): check_permissions( document, request.user, [document.view_permission_name, document.edit_permission_name]) text, __ = convert_markdown(request.POST['text']) channel_layer = channels.layers.get_channel_layer() async_to_sync(channel_layer.group_send)(document.hash_value, { 'type': 'update_preview', 'message': text, }) return HttpResponse(text, content_type='text/plain')
def edit(request, title, new_autosaved_pages=None, initial=None): document = get_object_or_404(Document, url_title=title) content_type = ContentType.objects.get_for_model(document) if document.has_perms(): check_permissions(document, request.user, [document.edit_permission_name]) elif new_autosaved_pages is None and initial is None: # page is not new and has no permissions set, it is likely that somebody tries to view an autosaved page # users are only allowed to view autosaved pages if they have the "add" permission for documents check_permissions(document, request.user, [document.add_permission_name]) # if the edit form has a formset we will initialize it here formset_factory = document.Form.get_formset_factory() formset = formset_factory(request.POST or None, instance=document) if formset_factory is not None else None if formset is not None: template_name = "{app}_edit.html".format(app=content_type.app_label) else: template_name = "documents_edit.html" try: creation_group = request.user.groups.get(id=request.GET.get('group', False)) except Group.DoesNotExist: creation_group = None success, form = handle_edit(request, document, formset, initial, creation_group=creation_group) __, attachment_form, __ = handle_attachment(request, document) if success: messages.success(request, _("Successfully saved changes")) return HttpResponseRedirect(reverse(document.get_view_url_name(), args=[document.url_title])) else: return render(request, template_name, { 'document': document, 'form': form, 'attachment_form': attachment_form, 'active_page': 'edit', 'creation': document.is_in_creation, 'new_autosaved_pages': new_autosaved_pages, 'permission_overview': document_permission_overview(request.user, document), 'supported_image_types': settings.SUPPORTED_IMAGE_TYPES, 'formset': formset, })
def view(request, title): document = get_object_or_404(Document, url_title=title) content_type = ContentType.objects.get_for_model(document) check_permissions(document, request.user, [document.view_permission_name]) try: function = get_model_function(content_type, 'view') return function(request, title) except (ImportError, AttributeError): pass if document.text == "" and (document.text_en != "" or document.text_de != ""): messages.warning( request, _('The requested document is not available in the selected language. It will be shown in the available language instead.' )) text, toc = convert_markdown( next((text for text in (document.text_de, document.text_en) if text != ""), "")) else: text, toc = convert_markdown(document.text) return render( request, 'documents_base.html', { 'document': document, 'text': text, 'toc': toc, 'attachments': document.attachments.filter( no_direct_download=False).order_by('index'), 'active_page': 'view', 'view_page': True, 'permission_overview': document_permission_overview(request.user, document), })
def permissions(request, title): document = get_object_or_404(Document, url_title=title) content_type = ContentType.objects.get_for_model(document) check_permissions(document, request.user, [document.edit_permission_name]) if not document.show_permissions_editor(): raise PermissionDenied() PermissionForm = get_permission_form(document) PermissionFormset = formset_factory(get_permission_form(document), extra=0) initial_data = PermissionForm.prepare_initial_data(Group.objects.all(), content_type, document) formset = PermissionFormset(request.POST or None, initial=initial_data) if request.POST and formset.is_valid(): for form in formset: form.save(document) messages.success(request, _("Permissions have been changed successfully.")) if request.user.has_perm(document.edit_permission_name, document): return HttpResponseRedirect( reverse(document.get_permissions_url_name(), args=[document.url_title])) if request.user.has_perm(document.view_permission_name, document): return HttpResponseRedirect( reverse(document.get_view_url_name(), args=[document.url_title])) return HttpResponseRedirect(reverse('index')) return render( request, 'documents_permissions.html', { 'document': document, 'formset_header': PermissionForm.header(content_type), 'formset': formset, 'active_page': 'permissions', 'permission_overview': document_permission_overview(request.user, document), })
def versions(request, title): document = get_object_or_404(Document, url_title=title) check_permissions(document, request.user, [document.edit_permission_name]) document_versions = prepare_versions(document) if not document.can_be_reverted: messages.warning(request, _('This Document can not be reverted!')) return render( request, 'documents_versions.html', { 'active_page': 'versions', 'versions': document_versions, 'document': document, 'permission_overview': document_permission_overview(request.user, document), 'can_be_reverted': document.can_be_reverted, })
def autosave(request, title): if request.user.is_anonymous or request.user == get_anonymous_user(): raise PermissionDenied() document = None try: document = get_object_or_404(Document, url_title=title) if document.has_perms(): check_permissions(document, request.user, [document.edit_permission_name]) except Document.DoesNotExist: pass handle_autosave(request, document) data = { 'preview_url': request.build_absolute_uri( reverse('documents:preview') + '?hash_value=' + document.hash_value ) } return HttpResponse(json.dumps(data))
def view(request, title): document = Document.objects.get(url_title=title) content_type = ContentType.objects.get_for_model(document) check_permissions(document, request.user, [document.view_permission_name]) try: function = get_model_function(content_type, 'view') return function(request, title) except (ImportError, AttributeError): pass md = markdown.Markdown(safe_mode='escape', extensions=[TocExtension(baselevel=2), InternalLinksMarkdownExtension()]) text = md.convert(document.text) return render(request, 'documents_base.html', { 'document': document, 'text': text, 'toc': md.toc, 'attachments': document.attachments.filter(no_direct_download=False).order_by('index'), 'active_page': 'view', 'permission_warning': permission_warning(request.user, content_type, document), })
def view(request, title): document = get_object_or_404(Document, url_title=title) content_type = ContentType.objects.get_for_model(document) check_permissions(document, request.user, [document.view_permission_name]) try: function = get_model_function(content_type, 'view') return function(request, title) except (ImportError, AttributeError): pass text, toc = convert_markdown(document.text) return render(request, 'documents_base.html', { 'document': document, 'text': text, 'toc': toc, 'attachments': document.attachments.filter(no_direct_download=False).order_by('index'), 'active_page': 'view', 'view_page': True, 'permission_overview': document_permission_overview(request.user, document), })
def autosave(request, title): if request.user.is_anonymous or request.user == get_anonymous_user(): raise PermissionDenied() document = None try: document = get_object_or_404(Document, url_title=title) if document.has_perms(): check_permissions(document, request.user, [document.edit_permission_name]) except Document.DoesNotExist: pass handle_autosave(request, document) data = { 'preview_url': request.build_absolute_uri( reverse('documents:preview') + '?hash_value=' + document.hash_value) } return HttpResponse(json.dumps(data))
def revert(request): if not request.is_ajax() or not request.POST: raise Http404 version_id = request.POST['id'] document_url_title = request.POST['url_title'] document = get_object_or_404(Document, url_title=document_url_title) check_permissions(document, request.user, [document.edit_permission_name]) versions = Version.objects.get_for_object(document) if not document.can_be_reverted: raise SuspiciousOperation('This Document can not be reverted!') # find the we want to revert to revert_version = None for version in versions: if version.pk == int(version_id): revert_version = version break if revert_version is None: # user supplied version_id that does not exist raise SuspiciousOperation('Could not find document') revert_version.revision.revert(delete=False) fields = revert_version.field_dict document_class = ContentType.objects.get_for_id( fields.pop('polymorphic_ctype_id')).model_class() # Remove all references to parent objects, rename ForeignKeyFields, extract ManyToManyFields. new_fields = fields.copy() many_to_many_fields = {} for key in fields.keys(): if "_ptr" in key: del new_fields[key] continue try: field = getattr(document_class, key).field except AttributeError: continue if isinstance(field, models.ManyToManyField): many_to_many_fields[key] = fields[key] del new_fields[key] else: new_fields[field.attname] = fields[key] reverted_document = document_class(**new_fields) with transaction.atomic(), revisions.create_revision(): reverted_document.save() # Restore ManyToManyFields for key in many_to_many_fields.keys(): getattr(reverted_document, key).clear() getattr(reverted_document, key).add(*many_to_many_fields[key]) revisions.set_user(request.user) revisions.set_comment( _('reverted to revision \"{revision_comment}\" (at {date})'.format( revision_comment=revert_version.revision.get_comment(), date=datetime.utcnow().strftime("%Y-%m-%d %H:%M"), ))) return HttpResponse(reverse('versions', args=[reverted_document.url_title]))
def edit(request, title, new_autosaved_pages=None, initial=None): document = get_object_or_404(Document, url_title=title) content_type = ContentType.objects.get_for_model(document) if document.has_perms(): check_permissions(document, request.user, [document.edit_permission_name]) elif new_autosaved_pages is None and initial is None: # page is not new and has no permissions set, it is likely that somebody tries to view an autosaved page # users are only allowed to view autosaved pages if they have the "add" permission for documents check_permissions(document, request.user, [document.add_permission_name]) # if the edit form has a formset we will initialize it here formset_factory = document.Form.get_formset_factory() formset = formset_factory( request.POST or None, instance=document) if formset_factory is not None else None if formset is not None: template_name = "{app}_edit.html".format(app=content_type.app_label) else: template_name = "documents_edit.html" try: creation_group = request.user.groups.get( id=request.GET.get('group', False)) except Group.DoesNotExist: creation_group = None success, form = handle_edit(request, document, formset, initial, creation_group=creation_group) __, attachment_form, __ = handle_attachment(request, document) if success: messages.success(request, _("Successfully saved changes")) return HttpResponseRedirect( reverse(document.get_view_url_name(), args=[document.url_title])) else: return render( request, template_name, { 'document': document, 'form': form, 'attachment_form': attachment_form, 'active_page': 'edit', 'creation': document.is_in_creation, 'new_autosaved_pages': new_autosaved_pages, 'permission_overview': document_permission_overview(request.user, document), 'supported_image_types': settings.SUPPORTED_IMAGE_TYPES, 'formset': formset, })