def past(request): if not has_access(request): raise PermissionDenied allowed_events = get_objects_for_user(request.user, 'events.change_event', accept_global_perms=False) events = allowed_events.filter( event_start__lt=timezone.now().date()).order_by('-event_start') context = get_base_context(request) context['events'] = events return render(request, 'events/dashboard/index.html', context)
def index(request): if not has_access(request): raise PermissionDenied allowed_events = get_objects_for_user(request.user, "events.change_event", accept_global_perms=False) events = allowed_events.filter( event_start__gte=timezone.now().date()).order_by("event_start") context = get_base_context(request) context["events"] = events return render(request, "events/dashboard/index.html", context)
def groups_index(request): """ Group module in dashboard that lists groups. """ if not has_access(request): raise PermissionDenied context = get_base_context(request) context['groups'] = list(Group.objects.all()) context['groups'].sort(key=lambda x: str(x).lower()) return render(request, 'auth/dashboard/groups_index.html', context)
def index(request): if not has_access(request): raise PermissionDenied context = get_base_context(request) # "cops" is short for "careeropportunities" which is a f*****g long word # "cop" is short for "careeropportunity" which also is a f*****g long word cops = CareerOpportunity.objects.all() context['cops'] = cops.filter(end__gte=timezone.now()).order_by('end') context['archive'] = cops.filter(end__lte=timezone.now()).order_by('-id') return render(request, 'careeropportunity/dashboard/index.html', context)
def item_delete(request, item_pk): if not has_access(request): raise PermissionDenied item = get_object_or_404(Item, pk=item_pk) if request.method == 'POST': item.delete() messages.success(request, 'Varen %s ble slettet.' % item.name) return redirect(index) raise PermissionDenied
def index(request): # Generic check to see if user has access to dashboard. (In Komiteer or superuser) if not has_access(request): raise PermissionDenied # Create the base context needed for the sidebar context = get_base_context(request) context["membership_applications"] = MembershipApproval.objects.filter( processed=False) context["processed_applications"] = MembershipApproval.objects.filter( processed=True).order_by("-processed_date")[:10] return render(request, "approval/dashboard/index.html", context)
def category_delete(request, category_pk): if not has_access(request): raise PermissionDenied category = get_object_or_404(ItemCategory, pk=category_pk) items = Item.objects.filter(category=category) # Removes the category binding to prevent cascading delete for item in items: item.category = None item.save() category.delete() messages.success(request, 'Kategorien %s ble slettet.' % category.name) return redirect(category_index) raise PermissionDenied
def members_index(request): """ Index overview for allowedusernames in dashboard """ if not has_access(request): raise PermissionDenied def merge_names(members): for i in members: user = list(User.objects.filter(ntnu_username=i.username)) if user: i.full_name = user[0].get_full_name() return members context = get_base_context(request) members = AllowedUsername.objects.all() context['members'] = merge_names(members) return render(request, 'auth/dashboard/user_list.html', context)
def marks_delete(request, pk): """ Display details for a given Mark """ # Check permission if not has_access(request): raise PermissionDenied # Get object mark = get_object_or_404(Mark, pk=pk) # Save message messages.success(request, "%s er ble slettet." % mark.title) # Delete the mark mark.delete() # Redirect user return redirect(index)
def groups_detail(request, pk): """ Group module in dashboard that lists groups. """ if not has_access(request): raise PermissionDenied context = get_base_context(request) online_groups = get_objects_for_user(request.user, "authentication.change_onlinegroup") group = get_object_or_404(online_groups, pk=pk) context["group"] = group context["form"] = OnlineGroupForm(instance=group, user=request.user) if request.method == "POST": return groups_detail_post_handler(request, group) if hasattr(settings, "GROUP_SYNCER") and settings.GROUP_SYNCER: group_id = int(pk) # Groups that list this one as their destination context["sync_group_from"] = [] # Groups that list this one as one of their sources context["sync_group_to"] = [] # Make a dict that simply maps {id: name} for all groups groups = {g.id: g.name for g in Group.objects.all().order_by("id")} for job in settings.GROUP_SYNCER: if group_id in job["source"]: context["sync_group_to"].extend( [groups[g_id] for g_id in job["destination"]]) if group_id in job["destination"]: context["sync_group_from"].extend( [groups[g_id] for g_id in job["source"]]) context["group_permissions"] = list(group.group.permissions.all()) context["group_permissions"].sort(key=lambda x: str(x)) context["roles"] = GroupRole.objects.all() return render(request, "auth/dashboard/groups_detail.html", context)
def marks_details(request, pk): """ Display details for a given Mark """ # Check permission if not has_access(request): raise PermissionDenied # Get context context = get_base_context(request) # Get object mark = get_object_or_404(Mark, pk=pk) mark.category_clean = mark.get_category_display() context["mark"] = mark # Get users connected to the mark context["mark_users"] = mark.given_to.all() # AJAX if request.method == "POST": if request.is_ajax and "action" in request.POST: resp = {"status": 200} context, resp = _handle_mark_detail(request, context, resp) # Set mark resp["mark"] = { "last_changed_date": context["mark"].last_changed_date.strftime("%Y-%m-%d"), "last_changed_by": context["mark"].last_changed_by.get_full_name(), } # Return ajax return HttpResponse(json.dumps(resp), status=resp["status"]) # Render view return render(request, "marks/dashboard/marks_details.html", context)
def batch(request, item_pk, batch_pk): if not has_access(request): raise PermissionDenied # Get base context get_object_or_404(Item, pk=item_pk) b = get_object_or_404(Batch, pk=batch_pk) if request.method == 'POST': batch_form = BatchForm(request.POST, instance=b) if not batch_form.is_valid(): messages.error(request, 'Noen av de påkrevde feltene inneholder feil.') else: batch_form.save() messages.success(request, 'Batchen ble oppdatert.') return redirect(details, item_pk=item_pk) raise PermissionDenied
def create_event(request): if not has_access(request): raise PermissionDenied context = get_base_context(request) if request.method == 'POST': form = dashboard_forms.ChangeEventForm(request.POST) if form.is_valid(): cleaned = form.cleaned_data if cleaned['event_type'] not in get_types_allowed(request.user): messages.error( request, _("Du har ikke tilgang til å lage arranngement av typen '%s'." ) % cleaned['event_type']) context['change_event_form'] = form else: # Create object, but do not commit to db. We need to add stuff. event = form.save(commit=False) # Add author event.author = request.user event.save() messages.success(request, _("Arrangementet ble opprettet.")) return redirect('dashboard_event_details', event_id=event.id) else: context['change_event_form'] = form if 'change_event_form' not in context.keys(): context['change_event_form'] = dashboard_forms.ChangeEventForm() context['event'] = _('Nytt arrangement') context['active_tab'] = 'details' return render(request, 'events/dashboard/details.html', context)
def category_new(request): if not has_access(request): raise PermissionDenied # Get base context context = get_base_context(request) if request.method == 'POST': form = CategoryForm(request.POST) if not form.is_valid(): messages.error(request, 'Noen av de påkrevde feltene inneholder feil.') else: form.save() messages.success(request, 'Kategorien ble opprettet') return redirect(category_index) context['form'] = form else: context['form'] = CategoryForm() return render(request, 'inventory/dashboard/category_new.html', context)
def detail(request, pk): """ Detailed company view per PK """ if not has_access(request): raise PermissionDenied context = get_base_context(request) context["company"] = get_object_or_404(Company, pk=pk) if request.method == "POST": company_form = CompanyForm(request.POST, instance=context["company"]) if not company_form.is_valid(): messages.error(request, "Noen av de påkrevde feltene inneholder feil.") else: company_form.save() messages.success(request, "Bedriften ble oppdatert.") context["form"] = company_form else: context["form"] = CompanyForm(instance=context["company"]) return render(request, "company/dashboard/detail.html", context)
def groups_detail(request, pk): """ Group module in dashboard that lists groups. """ if not has_access(request): raise PermissionDenied context = get_base_context(request) context["group"] = get_object_or_404(Group, pk=pk) # AJAX if request.method == "POST": if request.is_ajax and "action" in request.POST: resp = {"status": 200} if request.POST["action"] == "remove_user": user = get_object_or_404(User, pk=int(request.POST["user_id"])) context["group"].user_set.remove(user) resp["message"] = "%s ble fjernet fra %s" % ( user.get_full_name(), context["group"].name, ) resp["users"] = [{ "user": u.get_full_name(), "id": u.id } for u in context["group"].user_set.all()] resp["users"].sort(key=lambda x: x["user"]) return HttpResponse(json.dumps(resp), status=200) elif request.POST["action"] == "add_user": user = get_object_or_404(User, pk=int(request.POST["user_id"])) context["group"].user_set.add(user) resp["full_name"] = user.get_full_name() resp["users"] = [{ "user": u.get_full_name(), "id": u.id } for u in context["group"].user_set.all()] resp["users"].sort(key=lambda x: x["user"]) resp["message"] = "%s ble lagt til i %s" % ( resp["full_name"], context["group"].name, ) return HttpResponse(json.dumps(resp), status=200) return HttpResponse("Ugyldig handling.", status=400) if hasattr(settings, "GROUP_SYNCER") and settings.GROUP_SYNCER: group_id = int(pk) # Groups that list this one as their destination context["sync_group_from"] = [] # Groups that list this one as one of their sources context["sync_group_to"] = [] # Make a dict that simply maps {id: name} for all groups groups = {g.id: g.name for g in Group.objects.all().order_by("id")} for job in settings.GROUP_SYNCER: if group_id in job["source"]: context["sync_group_to"].extend( [groups[g_id] for g_id in job["destination"]]) if group_id in job["destination"]: context["sync_group_from"].extend( [groups[g_id] for g_id in job["source"]]) context["group_users"] = list(context["group"].user_set.all()) context["group_permissions"] = list(context["group"].permissions.all()) context["group_users"].sort(key=lambda x: str(x).lower()) context["group_permissions"].sort(key=lambda x: str(x)) return render(request, "auth/dashboard/groups_detail.html", context)
def groups_detail(request, pk): """ Group module in dashboard that lists groups. """ if not has_access(request): raise PermissionDenied context = get_base_context(request) context['group'] = get_object_or_404(Group, pk=pk) # AJAX if request.method == 'POST': if request.is_ajax and 'action' in request.POST: resp = {'status': 200} if request.POST['action'] == 'remove_user': user = get_object_or_404(User, pk=int(request.POST['user_id'])) context['group'].user_set.remove(user) resp['message'] = '%s ble fjernet fra %s' % ( user.get_full_name(), context['group'].name) resp['users'] = [{ 'user': u.get_full_name(), 'id': u.id } for u in context['group'].user_set.all()] resp['users'].sort(key=lambda x: x['user']) return HttpResponse(json.dumps(resp), status=200) elif request.POST['action'] == 'add_user': user = get_object_or_404(User, pk=int(request.POST['user_id'])) context['group'].user_set.add(user) resp['full_name'] = user.get_full_name() resp['users'] = [{ 'user': u.get_full_name(), 'id': u.id } for u in context['group'].user_set.all()] resp['users'].sort(key=lambda x: x['user']) resp['message'] = '%s ble lagt til i %s' % ( resp['full_name'], context['group'].name) return HttpResponse(json.dumps(resp), status=200) return HttpResponse('Ugyldig handling.', status=400) if hasattr(settings, 'GROUP_SYNCER') and settings.GROUP_SYNCER: group_id = int(pk) # Groups that list this one as their destination context['sync_group_from'] = [] # Groups that list this one as one of their sources context['sync_group_to'] = [] # Make a dict that simply maps {id: name} for all groups groups = {g.id: g.name for g in Group.objects.all().order_by('id')} for job in settings.GROUP_SYNCER: if group_id in job['source']: context['sync_group_to'].extend( [groups[g_id] for g_id in job['destination']]) if group_id in job['destination']: context['sync_group_from'].extend( [groups[g_id] for g_id in job['source']]) context['group_users'] = list(context['group'].user_set.all()) context['group_permissions'] = list(context['group'].permissions.all()) context['group_users'].sort(key=lambda x: str(x).lower()) context['group_permissions'].sort(key=lambda x: str(x)) return render(request, 'auth/dashboard/groups_detail.html', context)
def _create_profile_context(request): groups = Group.objects.all() Privacy.objects.get_or_create(user=request.user) # This is a hack """ To make sure a privacy exists when visiting /profiles/privacy/. Until now, it has been generated upon loading models.py, which is a bit hacky. The code is refactored to use Django signals, so whenever a user is created, a privacy-property is set up. """ if request.user.is_staff and not request.user.online_mail: create_online_mail_alias(request.user) context = { # edit "position_form": PositionForm(), "user_profile_form": ProfileForm(instance=request.user), # positions "groups": groups, # privacy "privacy_form": PrivacyForm(instance=request.user.privacy), # nibble information "transactions": PaymentTransaction.objects.filter(user=request.user), "orders": Order.objects.filter(order_line__user=request.user).order_by( "-order_line__datetime" ), # SSO / OAuth2 approved apps "connected_apps": AccessToken.objects.filter( user=request.user, expires__gte=timezone.now() ).order_by("expires"), # marks "mark_rule_set": MarkRuleSet.get_current_rule_set(), "mark_rules_accepted": request.user.mark_rules_accepted, "marks": [ # Tuple syntax ('title', list_of_marks, is_collapsed) (_("aktive prikker"), Mark.marks.active(request.user), False), (_("inaktive prikker"), Mark.marks.inactive(request.user), True), ], "suspensions": [ # Tuple syntax ('title', list_of_marks, is_collapsed) ( _("aktive suspensjoner"), Suspension.objects.filter(user=request.user, active=True), False, ), ( _("inaktive suspensjoner"), Suspension.objects.filter(user=request.user, active=False), True, ), ], # password "password_change_form": PasswordChangeForm(request.user), # email "new_email": NewEmailForm(), # approvals "field_of_study_application": FieldOfStudyApplicationForm(), "has_active_approvals": MembershipApproval.objects.filter( applicant=request.user, processed=False ).count() > 0, "approvals": [ # Tuple syntax ('title', list_of_approvals, is_collapsed) ( _("aktive søknader"), MembershipApproval.objects.filter( applicant=request.user, processed=False ), False, ), ( _("avslåtte søknader"), MembershipApproval.objects.filter( applicant=request.user, processed=True, approved=False ), True, ), ( _("godkjente søknader"), MembershipApproval.objects.filter( applicant=request.user, processed=True ), True, ), ], "payments": [ ( _("ubetalt"), PaymentDelay.objects.all().filter(user=request.user, active=True), False, ), ( _("betalt"), PaymentRelation.objects.all().filter(user=request.user), True, ), ], "internal_services_form": InternalServicesForm(), "in_comittee": has_access(request), "enable_dataporten_application": settings.DATAPORTEN.get("STUDY").get("ENABLED") or settings.DATAPORTEN.get("STUDY").get("TESTING"), } return context
def _create_profile_context(request): groups = Group.objects.all() Privacy.objects.get_or_create(user=request.user) # This is a hack """ To make sure a privacy exists when visiting /profiles/privacy/. Until now, it has been generated upon loading models.py, which is a bit hacky. The code is refactored to use Django signals, so whenever a user is created, a privacy-property is set up. """ if request.user.is_staff and not request.user.online_mail: create_online_mail_alias(request.user) context = { # edit 'position_form': PositionForm(), 'user_profile_form': ProfileForm(instance=request.user), # positions 'groups': groups, # privacy 'privacy_form': PrivacyForm(instance=request.user.privacy), # nibble information 'transactions': PaymentTransaction.objects.filter(user=request.user), 'orders': Order.objects.filter( order_line__user=request.user).order_by('-order_line__datetime'), # SSO / OAuth2 approved apps 'connected_apps': AccessToken.objects.filter( user=request.user, expires__gte=timezone.now()).order_by('expires'), # marks 'mark_rules_accepted': request.user.mark_rules, 'marks': [ # Tuple syntax ('title', list_of_marks, is_collapsed) (_('aktive prikker'), Mark.marks.active(request.user), False), (_('inaktive prikker'), Mark.marks.inactive(request.user), True), ], 'suspensions': [ # Tuple syntax ('title', list_of_marks, is_collapsed) (_('aktive suspensjoner'), Suspension.objects.filter(user=request.user, active=True), False), (_('inaktive suspensjoner'), Suspension.objects.filter(user=request.user, active=False), True), ], # password 'password_change_form': PasswordChangeForm(request.user), # email 'new_email': NewEmailForm(), # approvals 'field_of_study_application': FieldOfStudyApplicationForm(), 'has_active_approvals': MembershipApproval.objects.filter(applicant=request.user, processed=False).count() > 0, 'approvals': [ # Tuple syntax ('title', list_of_approvals, is_collapsed) (_("aktive søknader"), MembershipApproval.objects.filter(applicant=request.user, processed=False), False), (_("avslåtte søknader"), MembershipApproval.objects.filter(applicant=request.user, processed=True, approved=False), True), (_("godkjente søknader"), MembershipApproval.objects.filter(applicant=request.user, processed=True), True), ], 'payments': [ (_('ubetalt'), PaymentDelay.objects.all().filter(user=request.user, active=True), False), (_('betalt'), PaymentRelation.objects.all().filter(user=request.user), True), ], 'internal_services_form': InternalServicesForm(), 'in_comittee': has_access(request) } return context