def search(request): items_per_page = 30 d = {} d['user'] = request.user manipulator = QueryManipulator() if request.method == 'POST': new_data = request.POST.copy() errors = manipulator.get_validation_errors(new_data) if not errors: manipulator.do_html2python(new_data) result = manipulator.execute_query(new_data) request.session['results'] = result['newsitems'] d['q'] = new_data['q'] request.session['q'] = new_data['q'] # Create the FormWrapper, template, context, response. form = forms.FormWrapper(manipulator, new_data, errors) d['form'] = form queryset = request.session['results'] return object_list(request, queryset, paginate_by=items_per_page, template_name="nm/search.html", extra_context=d) else: # 'GET' errors = new_data = { } # No POST, so we want a brand new form without any data or errors. if 'page' not in request.GET: request.session['results'] = None request.session['q'] = "" # Create the FormWrapper, template, context, response. form = forms.FormWrapper(manipulator, {'q': request.session['q']}, errors) d['form'] = form if 'results' in request.session and request.session['results'] != None: d['q'] = request.session['q'] queryset = request.session['results'] return object_list(request, queryset, paginate_by=items_per_page, template_name="nm/search.html", extra_context=d) queryset = Newsitem.objects.filter(pk=0) return object_list(request, queryset, paginate_by=1, template_name="nm/search.html", extra_context=d)
def login(request, template_name='registration/login.html'): "Displays the login form and handles the login action." manipulator = AuthenticationForm(request) redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, '') if request.POST: errors = manipulator.get_validation_errors(request.POST) if not errors: # Light security check -- make sure redirect_to isn't garbage. if not redirect_to or '://' in redirect_to or ' ' in redirect_to: from django.conf import settings redirect_to = settings.LOGIN_REDIRECT_URL from django.contrib.auth import login login(request, manipulator.get_user()) request.session.delete_test_cookie() return HttpResponseRedirect(redirect_to) else: errors = {} request.session.set_test_cookie() return render_to_response( template_name, { 'form': oldforms.FormWrapper(manipulator, request.POST, errors), REDIRECT_FIELD_NAME: redirect_to, 'site_name': Site.objects.get_current().name, }, context_instance=RequestContext(request))
def user_change_password(request, id): if not request.user.has_perm('auth.change_user'): raise PermissionDenied user = get_object_or_404(User, pk=id) manipulator = AdminPasswordChangeForm(user) if request.method == 'POST': new_data = request.POST.copy() errors = manipulator.get_validation_errors(new_data) if not errors: new_user = manipulator.save(new_data) msg = _('Password changed successfully.') request.user.message_set.create(message=msg) return HttpResponseRedirect('..') else: errors = new_data = {} form = oldforms.FormWrapper(manipulator, new_data, errors) return render_to_response( 'admin/auth/user/change_password.html', { 'title': _('Change password: %s') % escape(user.username), 'form': form, 'is_popup': '_popup' in request.REQUEST, 'add': True, 'change': False, 'has_delete_permission': False, 'has_change_permission': True, 'has_absolute_url': False, 'first_form_field_id': 'id_password1', 'opts': User._meta, 'original': user, 'show_save': True, }, context_instance=template.RequestContext(request))
def password_change(request, template_name='registration/password_change_form.html'): new_data, errors = {}, {} form = PasswordChangeForm(request.user) if request.POST: new_data = request.POST.copy() errors = form.get_validation_errors(new_data) if not errors: form.save(new_data) return HttpResponseRedirect('%sdone/' % request.path) return render_to_response(template_name, {'form': oldforms.FormWrapper(form, new_data, errors)}, context_instance=RequestContext(request))
def password_reset(request, is_admin_site=False, template_name='registration/password_reset_form.html', email_template_name='registration/password_reset_email.html'): new_data, errors = {}, {} form = PasswordResetForm() if request.POST: new_data = request.POST.copy() errors = form.get_validation_errors(new_data) if not errors: if is_admin_site: form.save(domain_override=request.META['HTTP_HOST']) else: form.save(email_template_name=email_template_name) return HttpResponseRedirect('%sdone/' % request.path) return render_to_response(template_name, {'form': oldforms.FormWrapper(form, new_data, errors)}, context_instance=RequestContext(request))
def user_add_stage(request): if not request.user.has_perm('auth.change_user'): raise PermissionDenied manipulator = UserCreationForm() if request.method == 'POST': new_data = request.POST.copy() errors = manipulator.get_validation_errors(new_data) if not errors: new_user = manipulator.save(new_data) msg = _('The %(name)s "%(obj)s" was added successfully.') % { 'name': 'user', 'obj': new_user } if "_addanother" in request.POST: request.user.message_set.create(message=msg) return HttpResponseRedirect(request.path) else: request.user.message_set.create( message=msg + ' ' + _("You may edit it again below.")) return HttpResponseRedirect('../%s/' % new_user.id) else: errors = new_data = {} form = oldforms.FormWrapper(manipulator, new_data, errors) return render_to_response( 'admin/auth/user/add_form.html', { 'title': _('Add user'), 'form': form, 'is_popup': '_popup' in request.REQUEST, 'add': True, 'change': False, 'has_delete_permission': False, 'has_change_permission': True, 'has_file_field': False, 'has_absolute_url': False, 'auto_populated_fields': (), 'bound_field_sets': (), 'first_form_field_id': 'id_username', 'opts': User._meta, 'username_help_text': User._meta.get_field('username').help_text, }, context_instance=template.RequestContext(request))
def template_validator(request): """ Displays the template validator form, which finds and displays template syntax errors. """ # get a dict of {site_id : settings_module} for the validator settings_modules = {} for mod in settings.ADMIN_FOR: settings_module = __import__(mod, {}, {}, ['']) settings_modules[settings_module.SITE_ID] = settings_module manipulator = TemplateValidator(settings_modules) new_data, errors = {}, {} if request.POST: new_data = request.POST.copy() errors = manipulator.get_validation_errors(new_data) if not errors: request.user.message_set.create(message='The template is valid.') return render_to_response('admin/template_validator.html', { 'title': 'Template validator', 'form': oldforms.FormWrapper(manipulator, new_data, errors), }, context_instance=template.RequestContext(request))
def change_stage(request, app_label, model_name, object_id): model = models.get_model(app_label, model_name) object_id = unquote(object_id) if model is None: raise Http404("App %r, model %r, not found" % (app_label, model_name)) opts = model._meta if not request.user.has_perm(app_label + '.' + opts.get_change_permission()): raise PermissionDenied if request.POST and request.POST.has_key("_saveasnew"): return add_stage(request, app_label, model_name, form_url='../../add/') try: manipulator = model.ChangeManipulator(object_id) except model.DoesNotExist: raise Http404('%s object with primary key %r does not exist' % (model_name, escape(object_id))) if request.POST: new_data = request.POST.copy() if opts.has_field_type(models.FileField): new_data.update(request.FILES) errors = manipulator.get_validation_errors(new_data) manipulator.do_html2python(new_data) if not errors: new_object = manipulator.save(new_data) pk_value = new_object._get_pk_val() # Construct the change message. change_message = [] if manipulator.fields_added: change_message.append(_('Added %s.') % get_text_list(manipulator.fields_added, _('and'))) if manipulator.fields_changed: change_message.append(_('Changed %s.') % get_text_list(manipulator.fields_changed, _('and'))) if manipulator.fields_deleted: change_message.append(_('Deleted %s.') % get_text_list(manipulator.fields_deleted, _('and'))) change_message = ' '.join(change_message) if not change_message: change_message = _('No fields changed.') LogEntry.objects.log_action(request.user.id, ContentType.objects.get_for_model(model).id, pk_value, str(new_object), CHANGE, change_message) msg = _('The %(name)s "%(obj)s" was changed successfully.') % {'name': opts.verbose_name, 'obj': new_object} if request.POST.has_key("_continue"): request.user.message_set.create(message=msg + ' ' + _("You may edit it again below.")) if request.REQUEST.has_key('_popup'): return HttpResponseRedirect(request.path + "?_popup=1") else: return HttpResponseRedirect(request.path) elif request.POST.has_key("_saveasnew"): request.user.message_set.create(message=_('The %(name)s "%(obj)s" was added successfully. You may edit it again below.') % {'name': opts.verbose_name, 'obj': new_object}) return HttpResponseRedirect("../%s/" % pk_value) elif request.POST.has_key("_addanother"): request.user.message_set.create(message=msg + ' ' + (_("You may add another %s below.") % opts.verbose_name)) return HttpResponseRedirect("../add/") else: request.user.message_set.create(message=msg) return HttpResponseRedirect("../") else: # Populate new_data with a "flattened" version of the current data. new_data = manipulator.flatten_data() # TODO: do this in flatten_data... # If the object has ordered objects on its admin page, get the existing # order and flatten it into a comma-separated list of IDs. id_order_list = [] for rel_obj in opts.get_ordered_objects(): id_order_list.extend(getattr(manipulator.original_object, 'get_%s_order' % rel_obj.object_name.lower())()) if id_order_list: new_data['order_'] = ','.join(map(str, id_order_list)) errors = {} # Populate the FormWrapper. form = oldforms.FormWrapper(manipulator, new_data, errors) form.original = manipulator.original_object form.order_objects = [] #TODO Should be done in flatten_data / FormWrapper construction for related in opts.get_followed_related_objects(): wrt = related.opts.order_with_respect_to if wrt and wrt.rel and wrt.rel.to == opts: func = getattr(manipulator.original_object, 'get_%s_list' % related.get_accessor_name()) orig_list = func() form.order_objects.extend(orig_list) c = template.RequestContext(request, { 'title': _('Change %s') % opts.verbose_name, 'form': form, 'object_id': object_id, 'original': manipulator.original_object, 'is_popup': request.REQUEST.has_key('_popup'), }) return render_change_form(model, manipulator, c, change=True)
def add_stage(request, app_label, model_name, show_delete=False, form_url='', post_url=None, post_url_continue='../%s/', object_id_override=None): model = models.get_model(app_label, model_name) if model is None: raise Http404("App %r, model %r, not found" % (app_label, model_name)) opts = model._meta if not request.user.has_perm(app_label + '.' + opts.get_add_permission()): raise PermissionDenied if post_url is None: if request.user.has_perm(app_label + '.' + opts.get_change_permission()): # redirect to list view post_url = '../' else: # Object list will give 'Permission Denied', so go back to admin home post_url = '../../../' manipulator = model.AddManipulator() if request.POST: new_data = request.POST.copy() if opts.has_field_type(models.FileField): new_data.update(request.FILES) errors = manipulator.get_validation_errors(new_data) manipulator.do_html2python(new_data) if not errors: new_object = manipulator.save(new_data) pk_value = new_object._get_pk_val() LogEntry.objects.log_action(request.user.id, ContentType.objects.get_for_model(model).id, pk_value, str(new_object), ADDITION) msg = _('The %(name)s "%(obj)s" was added successfully.') % {'name': opts.verbose_name, 'obj': new_object} # Here, we distinguish between different save types by checking for # the presence of keys in request.POST. if request.POST.has_key("_continue"): request.user.message_set.create(message=msg + ' ' + _("You may edit it again below.")) if request.POST.has_key("_popup"): post_url_continue += "?_popup=1" return HttpResponseRedirect(post_url_continue % pk_value) if request.POST.has_key("_popup"): if type(pk_value) is str: # Quote if string, so JavaScript doesn't think it's a variable. pk_value = '"%s"' % pk_value.replace('"', '\\"') return HttpResponse('<script type="text/javascript">opener.dismissAddAnotherPopup(window, %s, "%s");</script>' % \ (pk_value, str(new_object).replace('"', '\\"'))) elif request.POST.has_key("_addanother"): request.user.message_set.create(message=msg + ' ' + (_("You may add another %s below.") % opts.verbose_name)) return HttpResponseRedirect(request.path) else: request.user.message_set.create(message=msg) return HttpResponseRedirect(post_url) else: # Add default data. new_data = manipulator.flatten_data() # Override the defaults with GET params, if they exist. new_data.update(dict(request.GET.items())) errors = {} # Populate the FormWrapper. form = oldforms.FormWrapper(manipulator, new_data, errors) c = template.RequestContext(request, { 'title': _('Add %s') % opts.verbose_name, 'form': form, 'is_popup': request.REQUEST.has_key('_popup'), 'show_delete': show_delete, }) if object_id_override is not None: c['object_id'] = object_id_override return render_change_form(model, manipulator, c, add=True)
def post_free_comment(request, extra_context=None, context_processors=None): """ Post a free comment (not requiring a log in) Redirects to `comments.comments.comment_was_posted` view on success. Templates: `comment_free_preview` Context: comment comment being posted comment_form comment form object options comment options target comment target hash security hash (must be included in a posted form to succesfully post a comment). """ if extra_context is None: extra_context = {} if not request.POST: raise Http404, _("Only POSTs are allowed") try: options, target, security_hash = request.POST['options'], request.POST[ 'target'], request.POST['gonzo'] except KeyError: raise Http404, _("One or more of the required fields wasn't submitted") if Comment.objects.get_security_hash(options, '', '', target) != security_hash: raise Http404, _( "Somebody tampered with the comment form (security violation)") content_type_id, object_id = target.split( ':') # target is something like '52:5157' content_type = ContentType.objects.get(pk=content_type_id) try: obj = content_type.get_object_for_this_type(pk=object_id) except ObjectDoesNotExist: raise Http404, _( "The comment form had an invalid 'target' parameter -- the object ID was invalid" ) option_list = options.split(',') new_data = request.POST.copy() new_data['content_type_id'] = content_type_id new_data['object_id'] = object_id new_data['ip_address'] = request.META['REMOTE_ADDR'] new_data['is_public'] = IS_PUBLIC in option_list manipulator = PublicFreeCommentManipulator() errors = manipulator.get_validation_errors(new_data) if errors or 'preview' in request.POST: comment = errors and '' or manipulator.get_comment(new_data) return render_to_response( 'comments/free_preview.html', { 'comment': comment, 'comment_form': oldforms.FormWrapper(manipulator, new_data, errors), 'options': options, 'target': target, 'hash': security_hash, }, context_instance=RequestContext(request, extra_context, context_processors)) elif 'post' in request.POST: # If the IP is banned, mail the admins, do NOT save the comment, and # serve up the "Thanks for posting" page as if the comment WAS posted. if request.META['REMOTE_ADDR'] in settings.BANNED_IPS: from django.core.mail import mail_admins mail_admins( "Practical joker", smart_unicode(request.POST) + "\n\n" + str(request.META)) else: manipulator.do_html2python(new_data) comment = manipulator.save(new_data) return HttpResponseRedirect("../posted/?c=%s:%s" % (content_type_id, object_id)) else: raise Http404, _( "The comment form didn't provide either 'preview' or 'post'")
def update_object(request, model, object_id=None, slug=None, slug_field=None, template_name=None, template_loader=loader, extra_context=None, post_save_redirect=None, login_required=False, follow=None, context_processors=None, template_object_name='object'): """ Generic object-update function. Templates: ``<app_label>/<model_name>_form.html`` Context: form the form wrapper for the object object the original object being edited """ if extra_context is None: extra_context = {} if login_required and not request.user.is_authenticated(): return redirect_to_login(request.path) # Look up the object to be edited lookup_kwargs = {} if object_id: lookup_kwargs['%s__exact' % model._meta.pk.name] = object_id elif slug and slug_field: lookup_kwargs['%s__exact' % slug_field] = slug else: raise AttributeError( "Generic edit view must be called with either an object_id or a slug/slug_field" ) try: object = model.objects.get(**lookup_kwargs) except ObjectDoesNotExist: raise Http404, "No %s found for %s" % (model._meta.verbose_name, lookup_kwargs) manipulator = model.ChangeManipulator(getattr(object, object._meta.pk.attname), follow=follow) if request.POST: new_data = request.POST.copy() if model._meta.has_field_type(FileField): new_data.update(request.FILES) errors = manipulator.get_validation_errors(new_data) manipulator.do_html2python(new_data) if not errors: object = manipulator.save(new_data) if request.user.is_authenticated(): request.user.message_set.create( message=gettext( "The %(verbose_name)s was updated successfully.") % {"verbose_name": model._meta.verbose_name}) # Do a post-after-redirect so that reload works, etc. if post_save_redirect: return HttpResponseRedirect(post_save_redirect % object.__dict__) elif hasattr(object, 'get_absolute_url'): return HttpResponseRedirect(object.get_absolute_url()) else: raise ImproperlyConfigured( "No URL to redirect to from generic create view.") else: errors = {} # This makes sure the form acurate represents the fields of the place. new_data = manipulator.flatten_data() form = oldforms.FormWrapper(manipulator, new_data, errors) if not template_name: template_name = "%s/%s_form.html" % (model._meta.app_label, model._meta.object_name.lower()) t = template_loader.get_template(template_name) c = RequestContext(request, { 'form': form, template_object_name: object, }, context_processors) for key, value in extra_context.items(): if callable(value): c[key] = value() else: c[key] = value response = HttpResponse(t.render(c)) populate_xheaders(request, response, model, getattr(object, object._meta.pk.attname)) return response
def create_object(request, model, template_name=None, template_loader=loader, extra_context=None, post_save_redirect=None, login_required=False, follow=None, context_processors=None): """ Generic object-creation function. Templates: ``<app_label>/<model_name>_form.html`` Context: form the form wrapper for the object """ if extra_context is None: extra_context = {} if login_required and not request.user.is_authenticated(): return redirect_to_login(request.path) manipulator = model.AddManipulator(follow=follow) if request.POST: # If data was POSTed, we're trying to create a new object new_data = request.POST.copy() if model._meta.has_field_type(FileField): new_data.update(request.FILES) # Check for errors errors = manipulator.get_validation_errors(new_data) manipulator.do_html2python(new_data) if not errors: # No errors -- this means we can save the data! new_object = manipulator.save(new_data) if request.user.is_authenticated(): request.user.message_set.create( message=gettext( "The %(verbose_name)s was created successfully.") % {"verbose_name": model._meta.verbose_name}) # Redirect to the new object: first by trying post_save_redirect, # then by obj.get_absolute_url; fail if neither works. if post_save_redirect: return HttpResponseRedirect(post_save_redirect % new_object.__dict__) elif hasattr(new_object, 'get_absolute_url'): return HttpResponseRedirect(new_object.get_absolute_url()) else: raise ImproperlyConfigured( "No URL to redirect to from generic create view.") else: # No POST, so we want a brand new form without any data or errors errors = {} new_data = manipulator.flatten_data() # Create the FormWrapper, template, context, response form = oldforms.FormWrapper(manipulator, new_data, errors) if not template_name: template_name = "%s/%s_form.html" % (model._meta.app_label, model._meta.object_name.lower()) t = template_loader.get_template(template_name) c = RequestContext(request, { 'form': form, }, context_processors) for key, value in extra_context.items(): if callable(value): c[key] = value() else: c[key] = value return HttpResponse(t.render(c))