def view_documents(request, organization_slug): organization = get_object_or_404(Organization, slug=organization_slug) if not get_permission_backend(request).can_view_organization(request.user, organization): raise Http404 UserOrganization.objects.filter(user=request.user).update(is_default=False) UserOrganization.objects.filter(organization=organization, user=request.user).update(is_default=True) shelves = get_permission_backend(request).get_viewable_shelves(request.user, organization) uploadable_shelves = get_permission_backend(request).get_uploadable_shelves(request.user, organization) recent_publications = Publication.objects.filter(shelves__in=shelves).order_by('-uploaded')[:10] invoice = organization.get_latest_invoice() is_organization_admin = UserOrganization.objects.filter(organization=organization, user=request.user, is_admin=True).exists() is_in_range_decide_first_month = organization.created.date() <= datetime.date.today()-datetime.timedelta(days=21) is_decide_on_first_month = is_organization_admin and is_in_range_decide_first_month and not OrganizationInvoice.objects.filter(organization=organization, payment_status='PAID') is_ready_to_pay = is_organization_admin and datetime.date.today() > invoice.end_date return render(request, 'document/documents.html', { 'organization': organization, 'shelves': shelves, 'uploadable_shelves': uploadable_shelves, 'recent_publications': recent_publications, 'is_decide_on_first_month': is_decide_on_first_month, 'invoice': invoice, 'is_organization_admin': is_organization_admin, 'is_ready_to_pay': is_ready_to_pay, 'invited_users': UserOrganizationInvitation.objects.filter(organization=organization).count(), })
def view_documents_by_shelf(request, organization_slug, shelf_id): organization = get_object_or_404(Organization, slug=organization_slug) shelf = get_object_or_404(OrganizationShelf, pk=shelf_id) if shelf.organization.id != organization.id or not get_permission_backend(request).can_view_shelf(request.user, organization, {'shelf':shelf}): raise Http404 uploadable_shelves = get_permission_backend(request).get_uploadable_shelves(request.user, organization) publications = Publication.objects.filter(organization=organization, shelves__in=[shelf]).order_by('-uploaded') return render(request, 'document/documents_shelf.html', {'organization':organization, 'publications':publications, 'shelf':shelf, 'uploadable_shelves':uploadable_shelves})
def ajax_query_publication(request, publication_uid): publication = get_object_or_404(Publication, uid=publication_uid) permission_backend = get_permission_backend(request) if not permission_backend.can_view_publication( request.user, publication.organization, {"publication": publication} ): raise Http404 return response_json_success( { "uid": str(publication.uid), "title": publication.title, "description": publication.description, "tag_names": ",".join([tag.tag_name for tag in publication.tags.all()]), "uploaded": format_abbr_datetime(publication.uploaded), "uploaded_by": publication.uploaded_by.get_profile().get_fullname(), "file_ext": publication.file_ext, "file_size_text": humanize_file_size(publication.uploaded_file.file.size), "shelves": ",".join([str(shelf.id) for shelf in publication.shelves.all()]), "thumbnail_url": publication.get_large_thumbnail(), "download_url": reverse("download_publication", args=[publication.uid]), "readonly": "true" if not permission_backend.can_edit_publication( request.user, publication.organization, {"publication": publication} ) else "false", } )
def edit_document_shelf(request, organization_slug, shelf_id): organization = get_object_or_404(Organization, slug=organization_slug) shelf = get_object_or_404(OrganizationShelf, pk=shelf_id) if shelf.organization.id != organization.id or not get_permission_backend(request).can_manage_shelf(request.user, organization): raise Http404 if request.method == 'POST': form = OrganizationShelfForm(request.POST) if form.is_valid(): shelf.name = form.cleaned_data['name'] shelf.auto_sync = form.cleaned_data['auto_sync'] shelf.archive = form.cleaned_data['archive'] shelf.icon = form.cleaned_data['shelf_icon'] shelf.save() _persist_shelf_permissions(request, organization, shelf) messages.success(request, _('Edit shelf successful')) return redirect('view_documents_by_shelf', organization_slug=organization.slug, shelf_id=shelf.id) else: form = OrganizationShelfForm(initial={'name':shelf.name, 'auto_sync':shelf.auto_sync, 'archive':shelf.archive, 'shelf_icon':shelf.icon}) return render(request, 'document/shelf_modify.html', {'organization':organization, 'form':form, 'shelf':shelf, 'shelf_type':'edit'})
def create_document_shelf(request, organization_slug): organization = get_object_or_404(Organization, slug=organization_slug) if not get_permission_backend(request).can_manage_shelf(request.user, organization): raise Http404 if request.method == 'POST': print request.POST form = OrganizationShelfForm(request.POST) if form.is_valid(): name = form.cleaned_data['name'] auto_sync = form.cleaned_data['auto_sync'] shelf_icon = form.cleaned_data['shelf_icon'] archive = form.cleaned_data['archive'] shelf = OrganizationShelf.objects.create(organization=organization, name=name, auto_sync=auto_sync, archive=archive, icon=shelf_icon, created_by=request.user) _persist_shelf_permissions(request, organization, shelf) messages.success(request, _('Create shelf successful')) return redirect('view_documents_by_shelf', organization_slug=organization.slug, shelf_id=shelf.id) else: form = OrganizationShelfForm(initial={'shelf_icon':settings.DEFAULT_SHELF_ICON}) return render(request, 'document/shelf_modify.html', {'organization':organization, 'form':form, 'shelf':None, 'shelf_type':'create'})
def download_publication(request, publication_uid): publication = get_object_or_404(Publication, uid=publication_uid) if not get_permission_backend(request).can_view_publication(request.user, publication.organization, {'publication':publication}): raise Http404 return private_files_get_file(request, 'domain', 'Publication', 'uploaded_file', str(publication.id), '%s.%s' % (publication.original_file_name, publication.file_ext))
def add_organization_group(request, organization_slug): organization = get_object_or_404(Organization, slug=organization_slug) if not get_permission_backend(request).can_manage_group(request.user, organization): raise Http404 if request.method == 'POST': form = OrganizationGroupForm(request.POST) if form.is_valid(): name = form.cleaned_data['name'] description = form.cleaned_data['description'] group = OrganizationGroup.objects.create(organization=organization, name=name, description=description) for admin_permission in form.cleaned_data['admin_permissions']: group.admin_permissions.add(admin_permission) group.save() messages.success(request, _('Add group successful')) return redirect('view_organization_groups', organization_slug=organization.slug) else: form = OrganizationGroupForm() return render(request, 'organization/organization_group_modify.html', {'organization':organization, 'form':form})
def edit_organization_group(request, organization_group_id): group = get_object_or_404(OrganizationGroup, pk=organization_group_id) organization = group.organization if not get_permission_backend(request).can_manage_group(request.user, organization): raise Http404 if request.method == 'POST': form = OrganizationGroupForm(request.POST) if form.is_valid(): group.name = form.cleaned_data['name'] group.description = form.cleaned_data['description'] group.admin_permissions.clear() for admin_permission in form.cleaned_data['admin_permissions']: group.admin_permissions.add(admin_permission) group.save() messages.success(request, _('Edit group successful')) return redirect('view_organization_groups', organization_slug=organization.slug) else: form = OrganizationGroupForm(initial={ 'name':group.name, 'description':group.description, 'admin_permissions':group.admin_permissions.all(), }) return render(request, 'organization/organization_group_modify.html', {'organization':organization, 'group':group, 'form':form})
def delete_document_shelf(request, organization_slug, shelf_id): organization = get_object_or_404(Organization, slug=organization_slug) shelf = get_object_or_404(OrganizationShelf, pk=shelf_id) if shelf.organization.id != organization.id or not get_permission_backend(request).can_manage_shelf(request.user, organization): raise Http404 if request.method == 'POST': print request.POST if 'submit-delete' in request.POST: to_delete_documents = request.POST.get('delete_documents') == 'on' if to_delete_documents: for publication in Publication.objects.filter(shelves__in=[shelf]): domain_functions.delete_publication(publication) messages.success(request, _('Delete shelf and all files in group successful')) else: messages.success(request, _('Delete shelf successful')) PublicationShelf.objects.filter(shelf=shelf).delete() OrganizationShelfPermission.objects.filter(shelf=shelf).delete() GroupShelfPermission.objects.filter(shelf=shelf).delete() UserShelfPermission.objects.filter(shelf=shelf).delete() shelf.delete() return redirect('view_documents', organization_slug=organization.slug) else: return redirect('view_documents_by_shelf', organization_slug=organization.slug, shelf_id=shelf.id) shelf_documents_count = Publication.objects.filter(shelves__in=[shelf]).count() return render(request, 'document/shelf_delete.html', {'organization':organization, 'shelf_documents_count':shelf_documents_count, 'shelf':shelf, 'shelf_type':'delete'})
def ajax_delete_publication(request, organization_slug): organization = get_object_or_404(Organization, slug=organization_slug) publication_uid = request.POST.get("uid") if publication_uid: publication_uids = [publication_uid] else: publication_uids = request.POST.getlist("uid[]") if not publication_uids: raise Http404 publications = [] for publication_uid in publication_uids: try: publication = Publication.objects.get(uid=publication_uid) except Publication.DoesNotExist: continue if get_permission_backend(request).can_edit_publication( request.user, organization, {"publication": publication} ): publications.append(publication) if not publications: return response_json_error("invalid-publication") domain_functions.delete_publications(publications) return response_json_success()
def request_download_publication(request, publication_uid): try: publication = Publication.objects.get(uid=publication_uid) except Publication.DoesNotExist: return HttpResponse('Page not found', status=404) user = _extract_user(request) try: user_organization = UserOrganization.objects.get(organization=publication.organization, user=user, is_active=True) except: return HttpResponse('No permissions', status=403) if not get_permission_backend(request).get_publication_access(user, publication): return HttpResponse('No permissions', status=403) # ----- CDN support is not available for NBTC ----- # server_urls = [] # for server in OrganizationDownloadServer.objects.filter(organization=publication.organization).order_by('-priority'): # download_url = generate_download_url(server, publication) # if download_url: # server_urls.append(download_url) # return HttpResponse(simplejson.dumps(server_urls)) return private_files_get_file(request, 'domain', 'Publication', 'uploaded_file', str(publication.id), '%s.%s' % (publication.original_file_name, publication.file_ext))
def view_organization_invited_users(request, organization_slug): organization = get_object_or_404(Organization, slug=organization_slug) if not get_permission_backend(request).can_manage_user(request.user, organization): raise Http404 invited_users = UserOrganizationInvitation.objects.filter(organization=organization).order_by('-created') return render(request, 'organization/organization_users_invited.html', {'organization':organization, 'invited_users':invited_users})
def upload_publication(request, organization_slug): organization = get_object_or_404(Organization, slug=organization_slug) shelf_id = request.POST.get("shelf") if shelf_id: shelf = get_object_or_404(OrganizationShelf, pk=shelf_id) else: transaction.rollback() raise Http404 if shelf.organization.id != organization.id or not get_permission_backend(request).can_upload_shelf( request.user, organization, {"shelf": shelf} ): transaction.rollback() raise Http404 try: file = request.FILES[u"files[]"] if file.size > settings.MAX_PUBLICATION_FILE_SIZE: transaction.rollback() return response_json_error("file-size-exceed") uploading_file = UploadedFile(file) publication = domain_functions.upload_publication(request, uploading_file, organization, shelf) if not publication: transaction.rollback() return response_json_error() transaction.commit() # Need to commit before create task try: generate_thumbnails.delay(publication.uid) except: import sys import traceback logger.critical(traceback.format_exc(sys.exc_info()[2])) return response_json_success( { "uid": str(publication.uid), "title": publication.title, "file_ext": publication.file_ext, "file_size_text": humanize_file_size(uploading_file.file.size), "shelf": shelf.id if shelf else "", "uploaded": format_abbr_datetime(publication.uploaded), "thumbnail_url": publication.get_large_thumbnail(), "download_url": reverse("download_publication", args=[publication.uid]), } ) except: transaction.rollback() return response_json_error()
def replace_publication(request, organization_slug): organization = get_object_or_404(Organization, slug=organization_slug) publication_id = request.POST.get("publication_id") print publication_id if publication_id: publication = get_object_or_404(Publication, uid=publication_id) else: transaction.rollback() raise Http404 if not get_permission_backend(request).can_edit_publication( request.user, publication.organization, {"publication": publication} ): transaction.rollback() raise Http404 try: file = request.FILES[u"files[]"] if file.size > settings.MAX_PUBLICATION_FILE_SIZE: transaction.rollback() return response_json_error("file-size-exceed") uploading_file = UploadedFile(file) publication = domain_functions.replace_publication(request, uploading_file, publication) if not publication: transaction.rollback() return response_json_error() transaction.commit() try: generate_thumbnails.delay(publication.uid) except: import sys import traceback logger.critical(traceback.format_exc(sys.exc_info()[2])) return response_json_success( { "uid": str(publication.uid), "file_ext": publication.file_ext, "file_size": humanize_file_size(uploading_file.file.size), "uploaded": format_abbr_datetime(publication.uploaded), "replaced": format_abbr_datetime(publication.replaced), "thumbnail_url": publication.get_large_thumbnail(), "download_url": reverse("download_publication", args=[publication.uid]), } ) except: transaction.rollback() return response_json_error()
def edit_organization_user(request, organization_user_id): user_organization = get_object_or_404(UserOrganization, pk=organization_user_id) organization = user_organization.organization if not get_permission_backend(request).can_manage_user(request.user, organization): raise Http404 if request.method == 'POST': form = EditOrganizationUserForm(user_organization, request.POST) if form.is_valid(): user_profile = user_organization.user.get_profile() user_profile.user.email = form.cleaned_data['email'] user_profile.first_name = form.cleaned_data['first_name'] user_profile.last_name = form.cleaned_data['last_name'] user_profile.user.save() user_profile.save() new_groups = set() for group in form.cleaned_data['groups']: new_groups.add(group) old_groups = set() for user_group in UserGroup.objects.filter(user_organization=user_organization): old_groups.add(user_group.group) creating_groups = new_groups.difference(old_groups) removing_groups = old_groups.difference(new_groups) for group in creating_groups: UserGroup.objects.create(group=group, user_organization=user_organization) UserGroup.objects.filter(user_organization=user_organization, group__in=removing_groups).delete() messages.success(request, _('Edit user profile successful')) next = request.POST.get('next') return redirect(next) if next else redirect('view_organization_users', organization_slug=organization.slug) else: form = EditOrganizationUserForm(user_organization, initial={ 'email':user_organization.user.email, 'first_name':user_organization.user.get_profile().first_name, 'last_name':user_organization.user.get_profile().last_name, 'groups':user_organization.groups.all()} ) return render(request, 'organization/organization_user_edit.html', { 'form' :form, 'organization' :organization, 'user_organization' :user_organization, 'next' :request.GET.get('next', ''), } )
def ajax_query_organization_shelves(request, organization_slug): organization = get_object_or_404(Organization, slug=organization_slug) permission_backend = get_permission_backend(request) if not permission_backend.can_view_organization(request.user, organization): raise Http404 shelves_json = [] for shelf in permission_backend.get_viewable_shelves(request.user, organization): shelves_json.append({"id": shelf.id, "name": shelf.name, "document_count": shelf.num_of_documents}) return response_json_success({"shelves": shelves_json})
def ajax_query_groups(request, organization_slug): organization = get_object_or_404(Organization, slug=organization_slug) if not get_permission_backend(request).can_view_organization(request.user, organization): raise Http404 result = [] organization_groups = OrganizationGroup.objects.filter(organization=organization).order_by("name") for organization_group in organization_groups: result.append([organization_group.id, organization_group.name]) return HttpResponse(simplejson.dumps(result))
def view_organization_group_members(request, organization_group_id): group = get_object_or_404(OrganizationGroup, pk=organization_group_id) organization = group.organization if not get_permission_backend(request).can_manage_user(request.user, organization): raise Http404 group_members = UserGroup.objects.filter(group=group, user_organization__is_active=True) return render(request, 'organization/organization_group_members.html', { 'organization': organization, 'group' :group, 'group_members': group_members })
def invite_organization_user(request, organization_slug): organization = get_object_or_404(Organization, slug=organization_slug) if not get_permission_backend(request).can_manage_user(request.user, organization): raise Http404 if request.method == 'POST': form = InviteOrganizationUserForm(organization, request.POST) if form.is_valid(): return summarize_organization_users(request, organization_slug=organization_slug, action='invite', context={'emails': form.cleaned_data['emails'], 'groups': form.cleaned_data['groups']}) else: form = InviteOrganizationUserForm(organization) return render(request, 'organization/organization_user_invite.html', {'organization':organization, 'form':form})
def ajax_query_publication_tags(request, organization_slug): organization = get_object_or_404(Organization, slug=organization_slug) term = request.GET.get("term") if not get_permission_backend(request).can_view_organization(request.user, organization): raise Http404 tags = OrganizationTag.objects.filter(organization=organization, tag_name__icontains=term) result = [] for tag in tags: result.append({"id": str(tag.id), "label": tag.tag_name, "value": tag.tag_name}) return HttpResponse(simplejson.dumps(result))
def render(self, context): user = self.user.resolve(context) permissions = self.action.split(',') organization = self.organization.resolve(context) permission_backend = get_permission_backend(context['request']) parameters = {} for key in self.parameters.keys(): parameters[key] = self.parameters[key].resolve(context) if self._has_any_permission(permission_backend, permissions, user, organization, parameters): return self.nodelist_true.render(context) else: return self.nodelist_false.render(context)
def ajax_remove_organization_group(request, organization_group_id): if request.is_ajax(): group = get_object_or_404(OrganizationGroup, pk=organization_group_id) organization = group.organization if not get_permission_backend(request).can_manage_group(request.user, organization): raise Http404 UserGroup.objects.filter(group=group).delete() group.delete() messages.success(request, _("Deleted user groups successful")) return response_json_success({"redirect_url": reverse("view_organization_groups", args=[organization.slug])}) else: raise Http404
def ajax_resend_user_invitation(request, invitation_id): if request.is_ajax(): invitation = get_object_or_404(UserOrganizationInvitation, pk=invitation_id) organization = invitation.organization if not get_permission_backend(request).can_manage_user(request.user, organization): raise Http404 if invitation.send_invitation_email(): invitation.created = now() invitation.save() return response_json_success() else: return response_json_error("send-invitation-failed") else: raise Http404
def ajax_cancel_user_invitation(request, invitation_id): if request.is_ajax(): invitation = get_object_or_404(UserOrganizationInvitation, pk=invitation_id) organization = invitation.organization if not get_permission_backend(request).can_manage_user(request.user, organization): raise Http404 invitation.delete() messages.success(request, _("Cancelled user invitation successful")) return response_json_success( {"redirect_url": reverse("view_organization_invited_users", args=[organization.slug])} ) else: raise Http404
def ajax_remove_organization_user(request, organization_user_id): if request.is_ajax(): user_organization = get_object_or_404(UserOrganization, pk=organization_user_id) organization = user_organization.organization if not get_permission_backend(request).can_manage_user(request.user, organization): raise Http404 user_organization.is_active = False user_organization.modified = datetime.datetime.now() user_organization.save() messages.success(request, _("Removed user from organization successful")) return response_json_success({"redirect_url": reverse("view_organization_users", args=[organization.slug])}) else: raise Http404
def ajax_add_publications_tag(request, organization_slug): organization = get_object_or_404(Organization, slug=organization_slug) publication_uids = request.POST.getlist("publication[]") tag_names = request.POST.get("tags") if tag_names: publications = [] for publication_uid in publication_uids: try: publication = Publication.objects.get(uid=publication_uid) except Publication.DoesNotExist: continue if get_permission_backend(request).can_edit_publication( request.user, organization, {"publication": publication} ): publications.append(publication) tag_names = tag_names.split(",") saved_tag_names = [] if publications and tag_names: for tag_name in tag_names: if tag_name and len(tag_name.strip()) > 0: tag_name = tag_name.lower().strip() try: tag = OrganizationTag.objects.get(organization=organization, tag_name=tag_name) except OrganizationTag.DoesNotExist: tag = OrganizationTag.objects.create(organization=organization, tag_name=tag_name) for publication in publications: publication_tag, created = PublicationTag.objects.get_or_create( publication=publication, tag=tag ) if created: saved_tag_names.append(tag_name) return response_json_success({"tag_names": saved_tag_names}) else: return response_json_error("invalid-publication") else: return response_json_error("missing-parameter")
def view_organization_profile(request, organization_slug): organization = get_object_or_404(Organization, slug=organization_slug) if not get_permission_backend(request).can_view_organization(request.user, organization): raise Http404 statistics = { 'publication_count': Publication.objects.filter(organization=organization).count(), 'shelf_count': OrganizationShelf.objects.filter(organization=organization).count(), 'active_user_count': UserOrganization.objects.filter(organization=organization, is_active=True).count(), } return render(request, 'organization/organization_profile.html', { 'organization':organization, 'statistics':statistics, 'is_organization_admin': UserOrganization.objects.filter(organization=organization, user=request.user, is_admin=True).exists(), })
def view_organization_users_groups(request, organization_slug): organization = get_object_or_404(Organization, slug=organization_slug) if not get_permission_backend(request).can_manage_user(request.user, organization) and not get_permission_backend(request).can_manage_group(request.user, organization): raise Http404 organization_users = UserOrganization.objects.filter(organization=organization).order_by('user__userprofile__first_name', 'user__userprofile__last_name') organization_groups = OrganizationGroup.objects.filter(organization=organization).order_by('name') return render( request, 'organization/organization_manage_users_groups.html', { 'organization' :organization, 'organization_users' :organization_users, 'organization_groups' :organization_groups } )
def ajax_edit_publication(request, organization_slug): organization = get_object_or_404(Organization, slug=organization_slug) publication_uid = request.POST.get("uid") title = request.POST.get("title") description = request.POST.get("description") tag_names = request.POST.get("tags") try: publication = Publication.objects.get(uid=publication_uid) except Publication.DoesNotExist: return response_json_error("publication-notfound") if not get_permission_backend(request).can_edit_publication( request.user, organization, {"publication": publication} ): raise Http404 if not title: return response_json_error("parameter-missing") publication.title = title publication.description = description publication.modified = now() publication.modified_by = request.user publication.save() PublicationTag.objects.filter(publication=publication).delete() saved_tag_names = [] tag_names = tag_names.split(",") for tag_name in tag_names: if tag_name and len(tag_name.strip()) > 0: tag_name = tag_name.lower().strip() try: tag = OrganizationTag.objects.get(organization=organization, tag_name=tag_name) except OrganizationTag.DoesNotExist: tag = OrganizationTag.objects.create(organization=organization, tag_name=tag_name) PublicationTag.objects.get_or_create(publication=publication, tag=tag) saved_tag_names.append(tag_name) return response_json_success({"tag_names": saved_tag_names})
def edit_user_invitation(request, invitation_id): invitation = get_object_or_404(UserOrganizationInvitation, pk=invitation_id) organization = invitation.organization if not get_permission_backend(request).can_manage_user(request.user, organization): raise Http404 if request.method == 'POST': form = EditOrganizationUserInviteForm(organization, request.POST) if form.is_valid(): invitation.groups = form.cleaned_data['groups'] messages.success(request, _('Edit user profile successful')) return redirect('view_organization_invited_users', organization_slug=organization.slug) else: form = EditOrganizationUserInviteForm(organization, initial={'groups':invitation.groups.all()}) return render(request, 'organization/organization_user_invite_edit.html', {'organization':organization, 'invitation':invitation, 'form':form})