def add(request): if request.method == 'POST': #-- Handle new quotes -- # Save quote request.POST[ 'quote_posters'] = request.user.username # So altering this in the POST request does nothing quote_form = QuoteForm(request.POST) quote_form.save() return redirect('/intranet/quote/') else: # -- Handle quote adding -- # Make new form and prepopulate it with poster name quote_form = QuoteForm() quote_form.fields["quote_posters"].widget = forms.HiddenInput() # We aren't going to depend on a quote_posters variable that is set here (for security reasons) return render_to_response('intranet/quote/add.html', { "section": "intranet", "page": 'quote', "form": quote_form, "members": Member.objects.all(), "user": request.user }, context_instance=RequestContext(request))
def edit(request, quoteId = 1): # Quote editing/modification logic if (request.method == 'POST') and ('delete' in request.POST): # --- Handle delete requests --- quote_in_question = get_object_or_404(Quote, pk=quoteId) quote_in_question.delete() return redirect('/intranet/quote/') elif (request.method == 'POST'): # --- Handle save requests (from edit form to quote list) --- quote_in_question = get_object_or_404(Quote, pk=quoteId) # Add current user to _posters list, if necessary if not ("," + request.user.username + ",") in quote_in_question.quote_posters: # Strip is used to provide backwards compatibility with old quotes quote_in_question.quote_posters = "," + quote_in_question.quote_posters.strip(",") + "," + request.user.username + "," quote_form = QuoteForm(request.POST, instance=quote_in_question) quote_form.save() return redirect('/intranet/quote/') else: # Make sure quote editor can actually edit the current quote (and reject their request if they can't) user = request.user quote_obj = get_object_or_404(Quote, pk=quoteId) quote_usernames = quote_obj.quote_sources.strip(",").split(",") poster_usernames = quote_obj.quote_posters.strip(",").split(",") canEdit = (not user.is_anonymous() and (user.username in quote_usernames) or (user.username in poster_usernames)) or (user.is_top4()) if (not canEdit): raise PermissionDenied # Current user cannot edit this quote # --- Handle edit page requests (from quote list to edit form) --- # Get authors' Member objects quoteMembers = Member.objects.filter(username__in=quote_usernames) # Unescape escaped quote text quote_obj.quote_text = HTMLParser.HTMLParser().unescape(quote_obj.quote_text) # Remove hashtags/authortags in text quote_obj.quote_text = string.replace(re.sub("<a href='.+?'>", "", quote_obj.quote_text), "</a>", "") # Convert <br />'s into newlines (\n - TODO?: this may cause issues for Windows users) quote_obj.quote_text = string.replace(quote_obj.quote_text, "<br />", "\n") quote_form = QuoteForm(instance=quote_obj) quote_form.fields["quote_posters"].widget = forms.HiddenInput() # -- Handle quote editing -- return render_to_response('intranet/quote/edit.html',{"section":"intranet","page":'quote',"form":quote_form, "members":Member.objects.all(),"quoteMembers":quoteMembers,"quote_id":quoteId,"user":request.user},context_instance=RequestContext(request))
def add(request): if request.method == 'POST': #-- Handle new quotes -- # Save quote quoteForm = QuoteForm(request.POST) quoteForm.save() return redirect('/intranet/quote/') else: # -- Handle quote adding -- return render_to_response('intranet/quote/add.html',{"section":"intranet","page":'quote',"form":QuoteForm(),"members":Member.objects.all()},context_instance=RequestContext(request))
def edit(request, quoteId = 1): # Quote editing/modification logic if (request.method == 'POST') and ('delete' in request.POST): # --- Handle delete requests --- quoteInQuestion = get_object_or_404(Quote, pk=quoteId) quoteInQuestion.delete() return redirect('/intranet/quote/') elif (request.method == 'POST'): # --- Handle save requests (from edit form to quote list) --- quoteInQuestion = get_object_or_404(Quote, pk=quoteId) quoteForm = QuoteForm(request.POST, instance=quoteInQuestion) quoteForm.save() return redirect('/intranet/quote/') else: # Make sure quote editor can actually edit the current quote (and reject their request if they can't) user = request.user quoteObj = get_object_or_404(Quote, pk=quoteId) quoteUsernames = quoteObj.quote_sources.split(",") canEdit = (not user.is_anonymous() and user.username in quoteUsernames) or (user.is_top4()) if (not canEdit): raise PermissionDenied # Current user cannot edit this quote # --- Handle edit page requests (from quote list to edit form) --- # Get authors' Member objects quoteMembers = Member.objects.filter(username__in=quoteUsernames) # Unescape escaped quote text quoteObj.quote_text = HTMLParser.HTMLParser().unescape(quoteObj.quote_text) # Remove hashtags/authortags in text quoteObj.quote_text = string.replace(re.sub("<a href='.+?'>", "", quoteObj.quote_text), "</a>", "") quoteForm = QuoteForm(instance=quoteObj) # -- Handle quote editing -- return render_to_response('intranet/quote/edit.html',{"section":"intranet","page":'quote',"form":quoteForm, "members":Member.objects.all(),"quoteMembers":quoteMembers,"quote_id":quoteId},context_instance=RequestContext(request))
def add(request): if request.method == 'POST': #-- Handle new quotes -- # Save quote request.POST['quote_posters'] = request.user.username # So altering this in the POST request does nothing quote_form = QuoteForm(request.POST) quote_form.save() return redirect('/intranet/quote/') else: # -- Handle quote adding -- # Make new form and prepopulate it with poster name quote_form = QuoteForm() quote_form.fields["quote_posters"].widget = forms.HiddenInput() # We aren't going to depend on a quote_posters variable that is set here (for security reasons) return render_to_response('intranet/quote/add.html',{"section":"intranet","page":'quote',"form":quote_form,"members":Member.objects.all(),"user":request.user},context_instance=RequestContext(request))
def edit(request, quoteId=1): # Quote editing/modification logic if (request.method == 'POST') and ('delete' in request.POST): # --- Handle delete requests --- quote_in_question = get_object_or_404(Quote, pk=quoteId) quote_in_question.delete() return redirect('/intranet/quote/') elif (request.method == 'POST'): # --- Handle save requests (from edit form to quote list) --- quote_in_question = get_object_or_404(Quote, pk=quoteId) # Add current user to _posters list, if necessary if not ("," + request.user.username + ",") in quote_in_question.quote_posters: # Strip is used to provide backwards compatibility with old quotes quote_in_question.quote_posters = "," + quote_in_question.quote_posters.strip( ",") + "," + request.user.username + "," quote_form = QuoteForm(request.POST, instance=quote_in_question) quote_form.save() return redirect('/intranet/quote/') else: # Make sure quote editor can actually edit the current quote (and reject their request if they can't) user = request.user quote_obj = get_object_or_404(Quote, pk=quoteId) quote_usernames = quote_obj.quote_sources.strip(",").split(",") poster_usernames = quote_obj.quote_posters.strip(",").split(",") canEdit = (not user.is_anonymous() and (user.username in quote_usernames) or (user.username in poster_usernames)) or (user.is_top4()) if (not canEdit): raise PermissionDenied # Current user cannot edit this quote # --- Handle edit page requests (from quote list to edit form) --- # Get authors' Member objects quoteMembers = Member.objects.filter(username__in=quote_usernames) # Unescape escaped quote text quote_obj.quote_text = HTMLParser.HTMLParser().unescape( quote_obj.quote_text) # Remove hashtags/authortags in text quote_obj.quote_text = string.replace( re.sub("<a href='.+?'>", "", quote_obj.quote_text), "</a>", "") # Convert <br />'s into newlines (\n - TODO?: this may cause issues for Windows users) quote_obj.quote_text = string.replace(quote_obj.quote_text, "<br />", "\n") quote_form = QuoteForm(instance=quote_obj) quote_form.fields["quote_posters"].widget = forms.HiddenInput() # -- Handle quote editing -- return render_to_response('intranet/quote/edit.html', { "section": "intranet", "page": 'quote', "form": quote_form, "members": Member.objects.all(), "quoteMembers": quoteMembers, "quote_id": quoteId, "user": request.user }, context_instance=RequestContext(request))