def show(request, username=None, id_string=None, uuid=None): if uuid: xform = get_object_or_404(XForm, uuid=uuid) request.session["public_link"] = xform.uuid if MetaData.public_link(xform) else False return HttpResponseRedirect( reverse(show, kwargs={"username": xform.user.username, "id_string": xform.id_string}) ) xform, is_owner, can_edit, can_view = get_xform_and_perms(username, id_string, request) # no access if not (xform.shared or can_view or request.session.get("public_link")): return HttpResponseRedirect(reverse(home)) context = RequestContext(request) context.cloned = ( len(XForm.objects.filter(user__username=request.user.username, id_string=id_string + XForm.CLONED_SUFFIX)) > 0 ) context.public_link = MetaData.public_link(xform) context.is_owner = is_owner context.can_edit = can_edit context.can_view = can_view or request.session.get("public_link") context.xform = xform context.content_user = xform.user context.base_url = "https://%s" % request.get_host() context.source = MetaData.source(xform) context.form_license = MetaData.form_license(xform).data_value context.data_license = MetaData.data_license(xform).data_value context.supporting_docs = MetaData.supporting_docs(xform) context.media_upload = MetaData.media_upload(xform) context.mapbox_layer = MetaData.mapbox_layer_upload(xform) if is_owner: context.sms_support_form = ActivateSMSSupportFom( initial={"enable_sms_support": xform.allows_sms, "sms_id_string": xform.sms_id_string} ) if not xform.allows_sms: context.sms_compatible = check_form_sms_compatibility(None, json_survey=json.loads(xform.json)) else: url_root = request.build_absolute_uri("/")[:-1] context.sms_providers_doc = providers_doc(url_root=url_root, username=username, id_string=id_string) context.url_root = url_root context.form_license_form = FormLicenseForm(initial={"value": context.form_license}) context.data_license_form = DataLicenseForm(initial={"value": context.data_license}) context.doc_form = SupportDocForm() context.source_form = SourceForm() context.media_form = MediaForm() context.mapbox_layer_form = MapboxLayerForm() users_with_perms = [] for perm in get_users_with_perms(xform, attach_perms=True).items(): has_perm = [] if "change_xform" in perm[1]: has_perm.append(_(u"Can Edit")) if "view_xform" in perm[1]: has_perm.append(_(u"Can View")) users_with_perms.append((perm[0], u" | ".join(has_perm))) context.users_with_perms = users_with_perms context.permission_form = PermissionForm(username) if xform.allows_sms: context.sms_support_doc = get_autodoc_for(xform) return render_to_response("show.html", context_instance=context)
def test_private_set_link_to_share_toggle_off(self): response = self.client.post(self.perm_url, {"for_user": "******", "perm_type": "link"}) self.assertEqual(MetaData.public_link(self.xform), True) response = self.anon.get(self.show_url) self.assertEqual(response.status_code, 302) self.assertEqual(response["Location"], "%s%s" % (self.base_url, self.show_normal_url)) response = self.client.post(self.perm_url, {"for_user": "******", "perm_type": "link"}) self.assertEqual(MetaData.public_link(self.xform), False) response = self.anon.get(self.show_url) # follow redirect response = self.anon.get(response["Location"]) self.assertEqual(response.status_code, 302) self.assertNotEqual(response["Location"], "%s%s" % (self.base_url, self.show_normal_url))
def show(request, username=None, id_string=None, uuid=None): if uuid: xform = get_object_or_404(XForm, uuid=uuid) request.session['public_link'] = MetaData.public_link(xform) return HttpResponseRedirect(reverse(show, kwargs={ 'username': xform.user.username, 'id_string': xform.id_string })) xform, is_owner, can_edit, can_view = get_xform_and_perms( username, id_string, request) # no access if not (xform.shared or can_view or request.session.get('public_link')): return HttpResponseRedirect(reverse(home)) context = RequestContext(request) context.cloned = len( XForm.objects.filter(user__username=request.user.username, id_string=id_string + XForm.CLONED_SUFFIX) ) > 0 context.public_link = MetaData.public_link(xform) context.is_owner = is_owner context.can_edit = can_edit context.can_view = can_view or request.session.get('public_link') context.xform = xform context.content_user = xform.user context.base_url = "https://%s" % request.get_host() context.source = MetaData.source(xform) context.form_license = MetaData.form_license(xform).data_value context.data_license = MetaData.data_license(xform).data_value context.supporting_docs = MetaData.supporting_docs(xform) context.media_upload = MetaData.media_upload(xform) context.mapbox_layer = MetaData.mapbox_layer_upload(xform) if is_owner: context.form_license_form = FormLicenseForm( initial={'value': context.form_license}) context.data_license_form = DataLicenseForm( initial={'value': context.data_license}) context.doc_form = SupportDocForm() context.source_form = SourceForm() context.media_form = MediaForm() context.mapbox_layer_form = MapboxLayerForm() context.users_with_perms = get_users_with_perms( xform, attach_perms=True ).items() context.permission_form = PermissionForm(username) user_list = [u.username for u in User.objects.exclude(username=username)] context.user_json_list = simplejson.dumps(user_list) return render_to_response("show.html", context_instance=context)
def test_public_with_link_to_share(self): response = self.client.post(self.perm_url, {"for_user": "******", "perm_type": "link"}) self.assertEqual(response.status_code, 302) self.assertEqual(MetaData.public_link(self.xform), True) response = self.anon.get(self.show_url) self.assertEqual(response.status_code, 302) self.assertEqual(response["Location"], "%s%s" % (self.base_url, self.show_normal_url))
def test_private_set_link_to_share_toggle_off(self): response = self.client.post(self.perm_url, {'for_user': '******', 'perm_type': 'link'}) self.assertEqual(MetaData.public_link(self.xform), True) response = self.anon.get(self.show_url) self.assertEqual(response.status_code, 302) self.assertEqual(response['Location'], '%s%s' % (self.base_url, self.show_normal_url)) response = self.client.post(self.perm_url, {'for_user': '******', 'perm_type': 'link'}) self.assertEqual(MetaData.public_link(self.xform), False) response = self.anon.get(self.show_url) # follow redirect response = self.anon.get(response['Location']) self.assertEqual(response.status_code, 302) self.assertNotEqual(response['Location'], '%s%s' % (self.base_url, self.show_normal_url))
def set_perm(request, username, id_string): xform = get_object_or_404(XForm, user__username=username, id_string=id_string) try: perm_type = request.POST["perm_type"] for_user = request.POST["for_user"] except KeyError: return HttpResponseBadRequest() if perm_type in ["edit", "view", "remove"]: user = User.objects.get(username=for_user) if perm_type == "edit": assign("change_xform", user, xform) elif perm_type == "view": assign("view_xform", user, xform) elif perm_type == "remove": remove_perm("change_xform", user, xform) remove_perm("view_xform", user, xform) elif perm_type == "link": if for_user == "all": MetaData.public_link(xform, True) elif for_user == "none": MetaData.public_link(xform, False) elif for_user == "toggle": current = MetaData.public_link(xform) MetaData.public_link(xform, not current) return HttpResponseRedirect(reverse(show, kwargs={"username": username, "id_string": id_string}))
def set_perm(request, username, id_string): xform = get_object_or_404(XForm, user__username=username, id_string=id_string) try: perm_type = request.POST['perm_type'] for_user = request.POST['for_user'] except KeyError: return HttpResponseBadRequest() if perm_type in ['edit', 'view', 'remove']: user = User.objects.get(username=for_user) if perm_type == 'edit': assign('change_xform', user, xform) elif perm_type == 'view': assign('view_xform', user, xform) elif perm_type == 'remove': remove_perm('change_xform', user, xform) remove_perm('view_xform', user, xform) elif perm_type == 'link': if for_user == 'all': MetaData.public_link(xform, True) elif for_user == 'none': MetaData.public_link(xform, False) elif for_user == 'toggle': current = MetaData.public_link(xform) MetaData.public_link(xform, not current) return HttpResponseRedirect(reverse(show, kwargs={ 'username': username, 'id_string': id_string }))
def test_public_with_link_to_share(self): response = self.client.post(self.perm_url, {'for_user': '******', 'perm_type': 'link'}) self.assertEqual(response.status_code, 302) self.assertEqual(MetaData.public_link(self.xform), True) response = self.anon.get(self.show_url) self.assertEqual(response.status_code, 302) self.assertEqual(response['Location'], '%s%s' % (self.base_url, self.show_normal_url))
def test_public_with_link_to_share_toggle_on(self): response = self.client.post(self.perm_url, {'for_user': '******', 'perm_type': 'link'}) self.assertEqual(response.status_code, 302) self.assertEqual(MetaData.public_link(self.xform), True) response = self.anon.get(self.show_url) self.assertEqual(response.status_code, 302) response = self.anon.get(self.url) self.assertEqual(response.status_code, 302)
def show(request, username=None, id_string=None, uuid=None): if uuid: xform = get_object_or_404(XForm, uuid=uuid) request.session['public_link'] = MetaData.public_link(xform) return HttpResponseRedirect(reverse(show, kwargs={ 'username': xform.user.username, 'id_string': xform.id_string })) xform, is_owner, can_edit, can_view = get_xform_and_perms(username,\ id_string, request) # no access if not (xform.shared or can_view or request.session.get('public_link')): return HttpResponseRedirect(reverse(home)) context = RequestContext(request) context.cloned = len( XForm.objects.filter(user__username=request.user.username, id_string=id_string + XForm.CLONED_SUFFIX) ) > 0 context.public_link = MetaData.public_link(xform) context.is_owner = is_owner context.can_edit = can_edit context.can_view = can_view or request.session.get('public_link') context.xform = xform context.content_user = xform.user context.base_url = "https://%s" % request.get_host() context.source = MetaData.source(xform) context.form_license = MetaData.form_license(xform).data_value context.data_license = MetaData.data_license(xform).data_value context.supporting_docs = MetaData.supporting_docs(xform) context.media_upload = MetaData.media_upload(xform) context.mapbox_layer = MetaData.mapbox_layer_upload(xform) if is_owner: context.form_license_form = FormLicenseForm( initial={'value': context.form_license}) context.data_license_form = DataLicenseForm( initial={'value': context.data_license}) context.doc_form = SupportDocForm() context.source_form = SourceForm() context.media_form = MediaForm() context.mapbox_layer_form = MapboxLayerForm() context.users_with_perms = get_users_with_perms(xform, attach_perms=True).items() context.permission_form = PermissionForm(username) return render_to_response("show.html", context_instance=context)
def test_only_access_shared_link_form(self): response = self.client.post(self.perm_url, {"for_user": "******", "perm_type": "link"}) self.assertEqual(MetaData.public_link(self.xform), True) # publish a second form to make sure the user cant access other forms self._publish_xls_file(os.path.join(self.this_directory, "fixtures", "csv_export", "tutorial.xls")) xform_2 = XForm.objects.order_by("pk").reverse()[0] url_2 = reverse(show, kwargs={"username": self.user.username, "id_string": xform_2.id_string}) response = self.anon.get(url_2) self.assertEqual(response.status_code, 302) self.assertEqual(response["Location"], "%s/" % self.base_url)
def test_public_with_link_to_share_toggle_on(self): response = self.client.post(self.perm_url, {'for_user': '******', 'perm_type': 'link'}) self.assertEqual(response.status_code, 302) self.assertEqual(MetaData.public_link(self.xform), True) response = self.anon.get(self.show_url) self.assertEqual(response.status_code, 302) response = self.anon.get(self.url) status_code = 200 if self._running_touchforms() else 302 self.assertEqual(response.status_code, status_code)
def test_public_with_link_to_share(self): response = self.client.post(self.perm_url, { 'for_user': '******', 'perm_type': 'link' }) self.assertEqual(response.status_code, 302) self.assertEqual(MetaData.public_link(self.xform), True) response = self.anon.get(self.show_url) self.assertEqual(response.status_code, 302) self.assertEqual(response['Location'], '%s%s' % (self.base_url, self.show_normal_url))
def test_public_with_link_to_share_toggle_on(self): response = self.client.post(self.perm_url, {'for_user': '******', 'perm_type': 'link'}) self.assertEqual(response.status_code, 302) self.assertEqual(MetaData.public_link(self.xform), True) response = self.anon.get(self.show_url) self.assertEqual(response.status_code, 302) self.assertEqual(response['Location'], '%s%s' % (self.base_url, self.show_normal_url)) response = self.anon.get(self.show_normal_url) self.assertEqual(response.status_code, 200) self.assertContains(response, '/forms/%s' % self.xform.uuid)
def test_private_set_link_to_share_toggle_off(self): response = self.client.post(self.perm_url, { 'for_user': '******', 'perm_type': 'link' }) self.assertEqual(MetaData.public_link(self.xform), True) response = self.anon.get(self.show_url) self.assertEqual(response.status_code, 302) self.assertEqual(response['Location'], '%s%s' % (self.base_url, self.show_normal_url)) response = self.client.post(self.perm_url, { 'for_user': '******', 'perm_type': 'link' }) self.assertEqual(MetaData.public_link(self.xform), False) response = self.anon.get(self.show_url) # follow redirect response = self.anon.get(response['Location']) self.assertEqual(response.status_code, 302) self.assertNotEqual(response['Location'], '%s%s' % (self.base_url, self.show_normal_url))
def test_public_with_link_to_share_toggle_on(self): response = self.client.post(self.perm_url, { 'for_user': '******', 'perm_type': 'link' }) self.assertEqual(response.status_code, 302) self.assertEqual(MetaData.public_link(self.xform), True) response = self.anon.get(self.show_url) self.assertEqual(response.status_code, 302) self.assertEqual(response['Location'], '%s%s' % (self.base_url, self.show_normal_url)) response = self.anon.get(self.show_normal_url) self.assertEqual(response.status_code, 200) self.assertContains(response, '/forms/%s' % self.xform.uuid)
def show(request, username=None, id_string=None, uuid=None): if uuid: xform = get_object_or_404(XForm, uuid=uuid) request.session['public_link'] = MetaData.public_link(xform) return HttpResponseRedirect(reverse(show, kwargs={ 'username': xform.user.username, 'id_string': xform.id_string })) xform, is_owner, can_edit, can_view = get_xform_and_perms(username,\ id_string, request) # no access if not (xform.shared or can_view or request.session.get('public_link')): return HttpResponseRedirect(reverse(home)) context = RequestContext(request) context.public_link = MetaData.public_link(xform) context.is_owner = is_owner context.can_edit = can_edit context.can_view = can_view or request.session.get('public_link') context.xform = xform context.content_user = xform.user context.base_url = "https://%s" % request.get_host() context.source = MetaData.source(xform) context.form_license = MetaData.form_license(xform).data_value context.data_license = MetaData.data_license(xform).data_value context.supporting_docs = MetaData.supporting_docs(xform) if is_owner: context.form_license_form = FormLicenseForm( initial={'value': context.form_license}) context.data_license_form = DataLicenseForm( initial={'value': context.data_license}) context.doc_form = SupportDocForm() context.source_form = SourceForm() context.users_with_perms = get_users_with_perms(xform, attach_perms=True).items() context.permission_form = PermissionForm(username) return render_to_response("show.html", context_instance=context)
def test_public_with_link_to_share_toggle_on(self): #sharing behavior as of 09/13/2012: #it requires both data_share and form_share both turned on #in order to grant anon access to form uploading #TODO: findout 'for_user': '******' and what it means response = self.client.post(self.perm_url, {'for_user': '******', 'perm_type': 'link'}) self.assertEqual(response.status_code, 302) self.assertEqual(MetaData.public_link(self.xform), True) #toggle shared on self.xform.shared = True self.xform.shared_data = True self.xform.save() response = self.anon.get(self.show_url) self.assertEqual(response.status_code, 302) response = self.anon.get(self.url) status_code = 302 if self._running_enketo() else 403 self.assertEqual(response.status_code, status_code)
def test_only_access_shared_link_form(self): response = self.client.post(self.perm_url, { 'for_user': '******', 'perm_type': 'link' }) self.assertEqual(MetaData.public_link(self.xform), True) # publish a second form to make sure the user cant access other forms self._publish_xls_file( os.path.join(self.this_directory, "fixtures", "csv_export", "tutorial.xls")) xform_2 = XForm.objects.order_by('pk').reverse()[0] url_2 = reverse(show, kwargs={ 'username': self.user.username, 'id_string': xform_2.id_string }) response = self.anon.get(url_2) self.assertEqual(response.status_code, 302) self.assertEqual(response["Location"], "%s/" % self.base_url)
def test_public_with_link_to_share_toggle_on(self): #sharing behavior as of 09/13/2012: #it requires both data_share and form_share both turned on #in order to grant anon access to form uploading #TODO: findout 'for_user': '******' and what it means response = self.client.post(self.perm_url, { 'for_user': '******', 'perm_type': 'link' }) self.assertEqual(response.status_code, 302) self.assertEqual(MetaData.public_link(self.xform), True) #toggle shared on self.xform.shared = True self.xform.shared_data = True self.xform.save() response = self.anon.get(self.show_url) self.assertEqual(response.status_code, 302) response = self.anon.get(self.url) status_code = 302 if self._running_enketo() else 403 self.assertEqual(response.status_code, status_code)
def test_public_with_link_to_share_toggle_on(self): #sharing behavior as of 09/13/2012: #it requires both data_share and form_share both turned on #in order to grant anon access to form uploading #TODO: findout 'for_user': '******' and what it means response = self.client.post(self.perm_url, {'for_user': '******', 'perm_type': 'link'}) self.assertEqual(response.status_code, 302) self.assertEqual(MetaData.public_link(self.xform), True) #toggle shared on self.xform.shared = True self.xform.shared_data = True self.xform.save() response = self.anon.get(self.show_url) self.assertEqual(response.status_code, 302) if not self._running_enketo(): raise SkipTest with HTTMock(enketo_mock): factory = RequestFactory() request = factory.get('/') request.user = AnonymousUser() response = enter_data( request, self.user.username, self.xform.id_string) self.assertEqual(response.status_code, 302)
def show(request, username=None, id_string=None, uuid=None): if uuid: xform = get_object_or_404(XForm, uuid=uuid) request.session['public_link'] = xform.uuid if MetaData.public_link(xform) else False return HttpResponseRedirect(reverse(show, kwargs={ 'username': xform.user.username, 'id_string': xform.id_string })) xform, is_owner, can_edit, can_view = get_xform_and_perms( username, id_string, request) # no access if not ( xform.shared or can_view or\ request.session.get('public_link')): return HttpResponseRedirect(reverse(home)) context = RequestContext(request) context.cloned = len( XForm.objects.filter(user__username=request.user.username, id_string=id_string + XForm.CLONED_SUFFIX) ) > 0 context.public_link = MetaData.public_link(xform) context.is_owner = is_owner context.can_edit = can_edit context.can_view = can_view or request.session.get('public_link') context.xform = xform context.content_user = xform.user context.base_url = "https://%s" % request.get_host() context.source = MetaData.source(xform) context.form_license = MetaData.form_license(xform).data_value context.data_license = MetaData.data_license(xform).data_value context.supporting_docs = MetaData.supporting_docs(xform) context.media_upload = MetaData.media_upload(xform) context.mapbox_layer = MetaData.mapbox_layer_upload(xform) if is_owner: context.sms_support_form = ActivateSMSSupportFom( initial={'enable_sms_support': xform.allows_sms, 'sms_id_string': xform.sms_id_string}) if not xform.allows_sms: context.sms_compatible = check_form_sms_compatibility(None, json_survey=json.loads(xform.json)) else: url_root = request.build_absolute_uri('/')[:-1] context.sms_providers_doc = providers_doc( url_root=url_root, username=username, id_string=id_string) context.url_root = url_root context.form_license_form = FormLicenseForm( initial={'value': context.form_license}) context.data_license_form = DataLicenseForm( initial={'value': context.data_license}) context.doc_form = SupportDocForm() context.source_form = SourceForm() context.media_form = MediaForm() context.mapbox_layer_form = MapboxLayerForm() context.users_with_perms = get_users_with_perms( xform, attach_perms=True ).items() context.permission_form = PermissionForm(username) context.sms_support_doc = get_autodoc_for(xform) user_list = [u.username for u in User.objects.exclude(username=username)] context.user_json_list = simplejson.dumps(user_list) return render_to_response("show.html", context_instance=context)
def set_perm(request, username, id_string): xform = get_object_or_404(XForm, user__username=username, id_string=id_string) owner = xform.user if username != request.user.username\ and not has_permission(xform, username, request): return HttpResponseForbidden(_(u'Permission denied.')) try: perm_type = request.POST['perm_type'] for_user = request.POST['for_user'] except KeyError: return HttpResponseBadRequest() if perm_type in ['edit', 'view', 'remove']: try: user = User.objects.get(username=for_user) except User.DoesNotExist: messages.add_message( request, messages.INFO, _(u'Username "%s" does not exist.' % for_user), extra_tags='alert-error') else: if perm_type == 'edit' and\ not user.has_perm('change_xform', xform): audit = { 'xform': xform.id_string } audit_log( Actions.FORM_PERMISSIONS_UPDATED, request.user, owner, _("Edit permissions on '%(id_string)s' assigned to " "'%(for_user)s'.") % { 'id_string': xform.id_string, 'for_user': for_user }, audit, request) assign_perm('change_xform', user, xform) elif perm_type == 'view' and\ not user.has_perm('view_xform', xform): audit = { 'xform': xform.id_string } audit_log( Actions.FORM_PERMISSIONS_UPDATED, request.user, owner, _("View permissions on '%(id_string)s' " "assigned to '%(for_user)s'.") % { 'id_string': xform.id_string, 'for_user': for_user }, audit, request) assign_perm('view_xform', user, xform) elif perm_type == 'remove': audit = { 'xform': xform.id_string } audit_log( Actions.FORM_PERMISSIONS_UPDATED, request.user, owner, _("All permissions on '%(id_string)s' " "removed from '%(for_user)s'.") % { 'id_string': xform.id_string, 'for_user': for_user }, audit, request) remove_perm('change_xform', user, xform) remove_perm('view_xform', user, xform) elif perm_type == 'link': current = MetaData.public_link(xform) if for_user == 'all': MetaData.public_link(xform, True) elif for_user == 'none': MetaData.public_link(xform, False) elif for_user == 'toggle': MetaData.public_link(xform, not current) audit = { 'xform': xform.id_string } audit_log( Actions.FORM_PERMISSIONS_UPDATED, request.user, owner, _("Public link on '%(id_string)s' %(action)s.") % { 'id_string': xform.id_string, 'action': "created" if for_user == "all" or (for_user == "toggle" and not current) else "removed" }, audit, request) if request.is_ajax(): return HttpResponse( json.dumps( {'status': 'success'}), mimetype='application/json') return HttpResponseRedirect(reverse(show, kwargs={ 'username': username, 'id_string': id_string }))
def set_perm(request, username, id_string): xform = get_object_or_404(XForm, user__username=username, id_string=id_string) owner = xform.user if username != request.user.username and not has_permission(xform, username, request): return HttpResponseForbidden(_(u"Permission denied.")) try: perm_type = request.POST["perm_type"] for_user = request.POST["for_user"] except KeyError: return HttpResponseBadRequest() if perm_type in ["edit", "view", "remove"]: try: user = User.objects.get(username=for_user) except User.DoesNotExist: messages.add_message( request, messages.INFO, _(u"Wrong username <b>%s</b>." % for_user), extra_tags="alert-error" ) else: if perm_type == "edit" and not user.has_perm("change_xform", xform): audit = {"xform": xform.id_string} audit_log( Actions.FORM_PERMISSIONS_UPDATED, request.user, owner, _("Edit permissions on '%(id_string)s' assigned to " "'%(for_user)s'.") % {"id_string": xform.id_string, "for_user": for_user}, audit, request, ) assign_perm("change_xform", user, xform) elif perm_type == "view" and not user.has_perm("view_xform", xform): audit = {"xform": xform.id_string} audit_log( Actions.FORM_PERMISSIONS_UPDATED, request.user, owner, _("View permissions on '%(id_string)s' " "assigned to '%(for_user)s'.") % {"id_string": xform.id_string, "for_user": for_user}, audit, request, ) assign_perm("view_xform", user, xform) elif perm_type == "remove": audit = {"xform": xform.id_string} audit_log( Actions.FORM_PERMISSIONS_UPDATED, request.user, owner, _("All permissions on '%(id_string)s' " "removed from '%(for_user)s'.") % {"id_string": xform.id_string, "for_user": for_user}, audit, request, ) remove_perm("change_xform", user, xform) remove_perm("view_xform", user, xform) elif perm_type == "link": current = MetaData.public_link(xform) if for_user == "all": MetaData.public_link(xform, True) elif for_user == "none": MetaData.public_link(xform, False) elif for_user == "toggle": MetaData.public_link(xform, not current) audit = {"xform": xform.id_string} audit_log( Actions.FORM_PERMISSIONS_UPDATED, request.user, owner, _("Public link on '%(id_string)s' %(action)s.") % { "id_string": xform.id_string, "action": "created" if for_user == "all" or (for_user == "toggle" and not current) else "removed", }, audit, request, ) if request.is_ajax(): return HttpResponse(json.dumps({"status": "success"}), mimetype="application/json") return HttpResponseRedirect(reverse(show, kwargs={"username": username, "id_string": id_string}))