def groupsView(request, group_id): if not request.user.is_authenticated: raise PermissionDenied # group_id = request.POST.get("group_id", "default") if not group_exists(group_id): raise PermissionDenied group = Groups.objects.get(id=group_id) if group.post_view_access == 0 and (not isMember(request.user, group) and not isAdmin(request.user, group)): raise PermissionDenied obj = Groups.objects.get(pk=group_id) x = giveGroupMembers(obj) all_posts = getGroupPosts(group) # pending_requests = getPendingRequests(obj) # context = {'members': x, 'group_id': group_id, 'member_requests': pending_requests} is_admin = isAdmin(request.user, group) # is_member = isMember(request.user, group) # print(is_admin) can_post = isMember(request.user, group) or isAdmin(request.user, group) print(isMember(request.user, group)) context = { 'members': x, 'group_id': group_id, 'group': group, 'all_posts': all_posts, 'is_admin': is_admin, 'can_post': can_post } return render(request, 'group_view.html', context)
def update_group_details(request): if not request.user.is_authenticated: raise PermissionDenied group_id = request.POST.get("group_id", "null") if not group_exists(group_id): raise PermissionDenied group = Groups.objects.get(id=group_id) if not isAdmin(request.user, group): raise PermissionDenied group_name = request.POST.get("group_name", "null") group_description = request.POST.get("group_description", "null") group_fees = 0 try: group_fees = int(request.POST.get("group_fees", "null")) except: raise PermissionDenied if group_fees < 0: raise PermissionDenied if group_fees != group.fees: transaction_now = Transaction.objects.filter(transaction_user_2=request.user, transaction_group=True, transaction_accepted=False) for transaction in transaction_now: transaction.transaction_user_1.user_balance += transaction.transaction_amount transaction.transaction_user_1.save() transaction_now.delete() Group_Members.objects.filter(confirmed=False, group_id=group_id).delete() group.group_name = group_name group.description = group_description group.fees = group_fees group.save() return HttpResponseRedirect(reverse('privacy_settings:group_settings', kwargs={'group_id' : group_id}))
def add_group_post(request): if not request.user.is_authenticated: raise PermissionDenied group_id = request.POST.get("group_id", "null") member_id = request.POST.get("member_id", "null") post_text = request.POST.get("post_text", "null") utils.check_captcha(request) if not group_exists(group_id): raise PermissionDenied if not member_exists(member_id): raise PermissionDenied group = Groups.objects.get(id=group_id) member = CustomUser.objects.get(id=member_id) if not (isMember(member, group) or isAdmin(member, group)): raise PermissionDenied Group_Posts.objects.create(group=group, author=member, description=post_text) return HttpResponseRedirect( reverse('groups:group_view', kwargs={'group_id': group_id}))
def group_settings(request, group_id): if not request.user.is_authenticated: raise PermissionDenied if not group_exists(group_id): raise PermissionDenied group = Groups.objects.get(id=group_id) if not isAdmin(request.user, group): raise PermissionDenied context = {'group' : group} return render(request, 'group_settings.html', context=context)
def acceptJoinRequest(request): if not request.user.is_authenticated: raise PermissionDenied if request.user.user_type == 1: raise PermissionDenied group_id = request.POST.get("group_id", "default") member_id = request.POST.get("member_id", "default") if not group_exists(group_id): raise PermissionDenied if not member_exists(member_id): raise PermissionDenied ## zap group = Groups.objects.get(id=group_id) if not isAdmin(request.user, group): raise PermissionDenied member = CustomUser.objects.get(id=member_id) # print(group_id, member_id) obj = None try: obj = Group_Members.objects.get(member_id=member_id, group_id=group_id) except: raise PermissionDenied transaction = None try: transaction = Transaction.objects.get(transaction_user_1=member, transaction_user_2=group.admin, transaction_group=True, transaction_accepted=False, transaction_amount=group.fees) except: raise PermissionDenied obj.confirmed = True obj.save() group = Groups.objects.get(id=group_id) group.admin.user_balance += group.fees group.admin.save() transaction.transaction_accepted = True transaction.save() return HttpResponseRedirect(reverse('groups:group_admin'))
def update_post_view_access(request): # actually it restricts from showing the whole group if not request.user.is_authenticated: raise PermissionDenied group_id = request.POST.get("group_id", "null") if not group_exists(group_id): raise PermissionDenied group = Groups.objects.get(id = group_id) if not isAdmin(request.user, group): raise PermissionDenied post_view_access = 0 try: post_view_access = int(request.POST.get("post_view_access", "null")) except: raise PermissionDenied if post_view_access not in [0, 1]: raise PermissionDenied group.post_view_access = post_view_access group.save() return HttpResponseRedirect(reverse('privacy_settings:group_settings', kwargs={'group_id': group_id}))
def update_member_deletion_access(request): if not request.user.is_authenticated: raise PermissionDenied group_id = request.POST.get("group_id", "null") if not group_exists(group_id): raise PermissionDenied group = Groups.objects.get(id = group_id) if not isAdmin(request.user, group): raise PermissionDenied member_deletion_access = 0 try: member_deletion_access = int(request.POST.get("member_deletion_access", "null")) except: raise PermissionDenied if member_deletion_access not in [0, 1]: raise PermissionDenied group.member_deletion_access = member_deletion_access group.save() return HttpResponseRedirect(reverse('privacy_settings:group_settings', kwargs={'group_id': group_id}))
def remove_other_from_group(request): if not request.user.is_authenticated: raise PermissionDenied group_id = request.POST.get("group_id", "default") username = request.POST.get("username", "default") if not group_exists(group_id): raise PermissionDenied if not username_exists(username): raise PermissionDenied group = Groups.objects.get(id=group_id) _user = CustomUser.objects.get(username=username) # print(isAdmin(_user, group)) if not isAdmin(request.user, group) and group.member_deletion_access == 0: raise PermissionDenied members = Group_Members.objects.filter(member=_user, group_id=group_id) if len(members) == 0: raise PermissionDenied members.delete() return HttpResponseRedirect( reverse('groups:group_view', kwargs={'group_id': group_id}))
def rejectJoinRequest(request): if not request.user.is_authenticated: raise PermissionDenied if request.user.user_type == 1: raise PermissionDenied group_id = request.POST.get("group_id", "default") member_id = request.POST.get("member_id", "default") if not group_exists(group_id): raise PermissionDenied if not member_exists(member_id): raise PermissionDenied member = CustomUser.objects.get(id=member_id) group = Groups.objects.get(id=group_id) if not isAdmin(request.user, group): raise PermissionDenied try: Group_Members.objects.get(member_id=member_id, group_id=group_id).delete() except: raise PermissionDenied try: Transaction.objects.get(transaction_user_1=member, transaction_user_2=group.admin, transaction_group=True, transaction_accepted=False, transaction_amount=group.fees).delete() except: raise PermissionDenied member.user_balance += group.fees member.save() return HttpResponseRedirect(reverse('groups:group_admin'))