def sximporter(request): if (not User.objects.exists()) or (request.user.is_authenticated() and request.user.is_superuser): list = [] if request.method == "POST" and "dump" in request.FILES: dump = ZipFile(request.FILES['dump']) members = [f for f in dump.namelist() if f.endswith('.xml')] extract_to = os.path.join(os.path.dirname(__file__), 'tmp') if not os.path.exists(extract_to): os.makedirs(extract_to) for m in members: f = open(os.path.join(extract_to, m), 'w') f.write(dump.read(m)) f.close() #dump.extractall(extract_to, members) dump.close() options = dict([(k, v) for k, v in request.POST.items()]) options['authenticated_user'] = (request.user.is_authenticated() and (request.user, ) or (None, ))[0] importer.sximport(extract_to, options) return render_to_response('modules/sximporter/page.html', {'names': list}, context_instance=RequestContext(request)) else: return HttpResponseUnauthorized(request)
def user_questions(request, mode, user, slug): user = get_object_or_404(User, id=user) if mode == _('asked-by'): questions = Question.objects.filter(author=user) description = _("Questions asked by %s") elif mode == _('answered-by'): questions = Question.objects.filter(children__author=user, children__node_type='answer').distinct() description = _("Questions answered by %s") elif mode == _('subscribed-by'): if not (request.user.is_superuser or request.user == user): return HttpResponseUnauthorized(request) questions = user.subscriptions if request.user == user: description = _("Questions you subscribed %s") else: description = _("Questions subscribed by %s") else: raise Http404 return question_list(request, questions, mark_safe(description % hyperlink(user.get_profile_url(), user.username)), page_title=description % user.username)
def send_validation_email(request): if not request.user.is_authenticated(): return HttpResponseUnauthorized(request) else: # We check if there are some old validation hashes. If there are -- we delete them. try: hash = ValidationHash.objects.get(user=request.user, type='email') hash.delete() except: pass # We don't care if there are previous cashes in the database... In every case we have to create a new one hash = ValidationHash.objects.create_new(request.user, 'email', [request.user.email]) additional_get_params = urllib.urlencode( dict([k, v.encode('utf-8')] for k, v in request.GET.items())) send_template_email( [request.user], "auth/mail_validation.html", { 'validation_code': hash, 'additional_get_params': additional_get_params }) request.user.message_set.create(message=_( "A message with an email validation link was just sent to your address." )) return HttpResponseRedirect( request.META.get('HTTP_REFERER', reverse('index')))
def remove_external_provider(request, id): association = get_object_or_404(AuthKeyUserAssociation, id=id) if not (request.user.is_superuser or request.user == association.user): return HttpResponseUnauthorized(request) request.user.message_set.create(message=_("You removed the association with %s") % association.provider) association.delete() return HttpResponseRedirect(reverse('user_authsettings', kwargs={'id': association.user.id}))
def auth_settings(request, id): user_ = get_object_or_404(User, id=id) if not (request.user.is_superuser or request.user == user_): return HttpResponseUnauthorized(request) auth_keys = user_.auth_keys.all() if request.user.is_superuser or (not user_.has_usable_password()): FormClass = SetPasswordForm else: FormClass = ChangePasswordForm if request.POST: form = FormClass(request.POST, user=user_) if form.is_valid(): is_new_pass = not user_.has_usable_password() user_.set_password(form.cleaned_data['password1']) user_.save() if is_new_pass: request.user.message_set.create(message=_("New password set")) if not request.user.is_superuser: form = ChangePasswordForm(user=user_) else: request.user.message_set.create( message=_("Your password was changed")) return HttpResponseRedirect( reverse('user_authsettings', kwargs={'id': user_.id})) else: form = FormClass(user=user_) auth_keys_list = [] for k in auth_keys: provider = AUTH_PROVIDERS.get(k.provider, None) if provider is not None: name = "%s: %s" % (provider.context.human_name, provider.context.readable_key(k)) else: from forum.authentication.base import ConsumerTemplateContext "unknown: %s" % ConsumerTemplateContext.readable_key(k) auth_keys_list.append({'name': name, 'id': k.id}) return render_to_response( 'auth/auth_settings.html', { 'view_user': user_, "can_view_private": (user_ == request.user) or request.user.is_superuser, 'form': form, 'has_password': user_.has_usable_password(), 'auth_keys': auth_keys_list, 'allow_local_auth': AUTH_PROVIDERS.get('local', None), }, context_instance=RequestContext(request))
def params(request, id, slug=None): user = get_object_or_404(User, id=id) if private and not (user == request.user or request.user.is_superuser): raise ReturnImediatelyException(HttpResponseUnauthorized(request)) if render_to and (not render_to(user)): raise ReturnImediatelyException(HttpResponseRedirect(user.get_profile_url())) return [request, user], {}
def convert_to_question(request, id): user = request.user answer = get_object_or_404(Answer, id=id) if not user.can_convert_to_question(answer): return HttpResponseUnauthorized(request) return _edit_question( request, answer, template='node/convert_to_question.html', summary=_("Converted to question"), action_class=AnswerToQuestionAction, allow_rollback=False, url_getter=lambda a: Question.objects.get(id=a.id).get_absolute_url())
def convert_to_question(request, id): user = request.user node_type = request.GET.get('node_type', 'answer') if node_type == 'comment': node = get_object_or_404(Comment, id=id) action_class = CommentToQuestionAction else: node = get_object_or_404(Answer, id=id) action_class = AnswerToQuestionAction if not user.can_convert_to_question(node): return HttpResponseUnauthorized(request) return _edit_question(request, node, template='node/convert_to_question.html', summary=_("Converted to question"), action_class =action_class, allow_rollback=False, url_getter=lambda a: Question.objects.get(id=a.id).get_absolute_url())
def params(request, id=None, slug=None): # Get the user object by id if the id parameter has been passed if id is not None: user = get_object_or_404(User, id=id) # ...or by slug if the slug has been given elif slug is not None: try: user = User.objects.get(username__iexact=slug) except User.DoesNotExist: raise Http404 if private and not (user == request.user or request.user.is_superuser): raise ReturnImediatelyException(HttpResponseUnauthorized(request)) if render_to and (not render_to(user)): raise ReturnImediatelyException(HttpResponseRedirect(user.get_profile_url())) return [request, user], { 'slug' : slug, }
def edit_user(request, id, slug): user = get_object_or_404(User, id=id) if not (request.user.is_superuser or request.user == user): return HttpResponseUnauthorized(request) if request.method == "POST": form = EditUserForm(user, request.POST) if form.is_valid(): new_email = sanitize_html(form.cleaned_data['email']) if new_email != user.email: user.email = new_email user.email_isvalid = False try: hash = ValidationHash.objects.get(user=request.user, type='email') hash.delete() except: pass if settings.EDITABLE_SCREEN_NAME: user.username = sanitize_html(form.cleaned_data['username']) user.real_name = sanitize_html(form.cleaned_data['realname']) user.website = sanitize_html(form.cleaned_data['website']) user.location = sanitize_html(form.cleaned_data['city']) user.date_of_birth = form.cleaned_data['birthday'] if user.date_of_birth == "None": user.date_of_birth = datetime(1900, 1, 1, 0, 0) user.about = sanitize_html(form.cleaned_data['about']) user.save() EditProfileAction(user=user, ip=request.META['REMOTE_ADDR']).save() messages.info(request, _("Profile updated.")) return HttpResponseRedirect(user.get_profile_url()) else: form = EditUserForm(user) return render_to_response('users/edit.html', { 'user': user, 'form': form, 'gravatar_faq_url': reverse('faq') + '#gravatar', }, context_instance=RequestContext(request))
def send_validation_email(request): if not request.user.is_authenticated(): return HttpResponseUnauthorized(request) else: try: hash = ValidationHash.objects.get(user=request.user, type='email') hash.delete() # If we were able to get a previous validation hash we should raise an # Exception immediately. Otherwise new validation hash will not be created # and users will not receive the desired e-mail vaidation link. raise Exception("Validation has already been sent") except: hash = ValidationHash.objects.create_new(request.user, 'email', [request.user.email]) send_template_email([request.user], "auth/mail_validation.html", {'validation_code': hash}) request.user.message_set.create(message=_( "A message with an email validation link was just sent to your address." )) return HttpResponseRedirect(request.META.get('HTTP_REFERER', '/'))
def wrapper(request, *args, **kwargs): if request.user.is_authenticated() and request.user.is_superuser: return fn(request, *args, **kwargs) else: return HttpResponseUnauthorized(request)