def get_user_access_to_path(user, path): dirs = path.split('/') if dirs[0][0] == "U": if not user.is_anonymous() and int(dirs[0][1:]) == user.pk: return True, True else: return False, False elif dirs[0][0] == "C": check = get_acl_for_model(Community) try: com = Community.objects.get(pk=int(dirs[0][1:])) bmanager = check.manage_community(com, user) buser = check.member_community(com, user) return buser or bmanager, bmanager except: return False, False elif dirs[0][0] == "F": check = get_acl_for_model(ZornaFolder) try: folder = ZornaFolder.objects.get(pk=int(dirs[0][1:])) if folder.inherit_permissions: parents = folder.get_ancestors() for f in parents: if f.inherit_permissions is False: folder = f break buser = check.reader_zornafolder(folder, user) bmanager = check.manager_zornafolder( folder, user) or check.writer_zornafolder(folder, user) return buser or bmanager, bmanager except: return False, False return False, False
def manager_faq_add_category(request, faq): try: faq = Faq.objects.get(pk=faq) except Faq.DoesNotExist: raise Http404 check = get_acl_for_model(Faq) if check.manager_faq(faq, request.user): initial_data = {} initial_data["faq"] = faq if request.method == "POST": form = FaqQuestionCategoryForm(request, request.POST, initial=initial_data) if form.is_valid(): form.save() return HttpResponseRedirect(reverse("manager_faq_list_categories", args=[faq.pk])) else: form = FaqQuestionCategoryForm(request, request.POST, initial=initial_data) else: form = FaqQuestionCategoryForm(request, initial=initial_data) context = RequestContext(request) extra_context = {"form": form, "curcategory": False} extra_context["curfaq"] = Faq.objects.get(pk=faq.pk) return render_to_response("faq/edit_category.html", extra_context, context_instance=context) else: return HttpResponseRedirect("/")
def render(self, context): request = context['request'] try: entry = FormsFormEntry.objects.select_related(depth=1).get( pk=self.entry) form = entry.form check = get_acl_for_model(form) if not check.viewer_formsform(form, request.user) and not isUserManager( request, form.workspace.slug): return '' except Exception as e: print e return '' columns, row = forms_get_entry(entry) panels = {'': {}} for panel in form.formsformpanel_set.all(): panel.fields = [] panels[panel.label] = panel for f in form.fields.visible(): if f.panel: panels[f.panel.label].fields.append(row[f.slug]) else: panels[''].setdefault('fields', []).append(row[f.slug]) context[self.var_name] = panels return ''
def manager_faq_edit_question(request, question): try: question = FaqQuestion.objects.get(pk=question) category = question.category faq = category.faq except FaqCategory.DoesNotExist: raise Http404 check = get_acl_for_model(Faq) if check.manager_faq(faq, request.user): initial_data = {} initial_data["category"] = category.pk if request.method == "POST": if request.POST.has_key("bdelete"): question.delete() return HttpResponseRedirect(reverse("manager_edit_faq", args=[faq.pk])) form = FaqQuestionForm(request, faq, request.POST, initial=initial_data, instance=question) if form.is_valid(): question = form.save(commit=False) question.owner = request.user question.slug = slugify(question.question) question.save() return HttpResponseRedirect(reverse("manager_edit_faq", args=[faq.pk])) else: form = FaqQuestionForm(request, faq, request.POST, initial=initial_data, instance=question) else: form = FaqQuestionForm(request, faq, initial=initial_data, instance=question) context = RequestContext(request) extra_context = {"form": form, "curcategory": category} extra_context["curfaq"] = faq extra_context["curquestion"] = True return render_to_response("faq/edit_question.html", extra_context, context_instance=context) else: return HttpResponseRedirect("/")
class check_form_permission_node(template.Node): def __init__(self, form, permission, var_name): self.form = template.Variable(form) self.var_name = var_name self.permission = permission def render(self, context): request = context['request'] try: slug = self.form.resolve(context) except template.VariableDoesNotExist: if self.form[0] == self.form[-1] and self.form[0] in ('"', "'"): slug = self.form[1:-1] else: slug = self.form try: if slug.isdigit(): form = FormsForm.objects.get(pk=slug) else: form = FormsForm.objects.get(slug=slug) except Exception, e: return '' try: check = get_acl_for_model(form) func = getattr(check, '%s_formsform' % self.permission, None) if func is None: raise Exception("No handler for type %r" % self.permission) else: context[self.var_name] = func(form, request.user) except Exception as e: pass return ''
def manager_faq_edit_category(request, category): try: category = FaqCategory.objects.get(pk=category) except FaqCategory.DoesNotExist: raise Http404 check = get_acl_for_model(Faq) if check.manager_faq(category.faq, request.user): if request.method == 'POST': form = FaqQuestionCategoryForm(request, request.POST, instance=category) if form.is_valid(): form.save() return HttpResponseRedirect( reverse('manager_faq_list_categories', args=[category.faq_id])) else: form = FaqQuestionCategoryForm(request, request.POST, instance=category) else: form = FaqQuestionCategoryForm(request, instance=category) context = RequestContext(request) extra_context = {'form': form, 'curcategory': category} extra_context['curfaq'] = category.faq return render_to_response('faq/edit_category.html', extra_context, context_instance=context) else: return HttpResponseRedirect('/')
def get_tabs(self, request, community_id=0): tabs = [] for form in self._forms.values(): check = get_acl_for_model(form) if check.creator_formsform(form, request.user): tabs.append(form.slug) return tabs
def manager_faq_add_category(request, faq): try: faq = Faq.objects.get(pk=faq) except Faq.DoesNotExist: raise Http404 check = get_acl_for_model(Faq) if check.manager_faq(faq, request.user): initial_data = {} initial_data['faq'] = faq if request.method == 'POST': form = FaqQuestionCategoryForm(request, request.POST, initial=initial_data) if form.is_valid(): form.save() return HttpResponseRedirect( reverse('manager_faq_list_categories', args=[faq.pk])) else: form = FaqQuestionCategoryForm(request, request.POST, initial=initial_data) else: form = FaqQuestionCategoryForm(request, initial=initial_data) context = RequestContext(request) extra_context = {'form': form, 'curcategory': False} extra_context['curfaq'] = Faq.objects.get(pk=faq.pk) return render_to_response('faq/edit_category.html', extra_context, context_instance=context) else: return HttpResponseRedirect('/')
def notes_share_category(request, category): if request.user.is_authenticated(): category = ZornaNoteCategory.objects.get(pk=category, owner=request.user) check = get_acl_for_model(category) return check.get_acl_users_forms(request, category.pk) else: return HttpResponseForbidden()
def notes_share_category(request, category): if request.user.is_authenticated(): category = ZornaNoteCategory.objects.get( pk=category, owner=request.user) check = get_acl_for_model(category) return check.get_acl_users_forms(request, category.pk) else: return HttpResponseForbidden()
def acl_users_object(request, ct, object): if request.user.is_superuser: ct = ContentType.objects.get(pk=ct) object = ct.get_object_for_this_type(pk=object) check = get_acl_for_model(object) return check.get_acl_users_forms(request, object.pk, template='acl/admin_acl_users.html') else: return HttpResponseRedirect('/')
def get_community_managers(user, community): if not isinstance(community, Community): community = Community.objects.get(pk=community) check = get_acl_for_model(community) if check.manage_community(community, user): return get_acl_by_object(community, 'manage') else: return Community.objects.none()
def get_menus(self, request, community_id=0): menus = [] for form in self._forms.values(): check = get_acl_for_model(form) if check.viewer_formsform(form, request.user): id = 'comforms_%s_menu' % form.slug menus.append({'title': form.name, 'url': reverse( 'communities_home_plugin', args=(id,)), 'id': id}) return menus
def is_access_valid(self, user, key_option): try: so = self.get(key=key_option) if so: check = get_acl_for_model(SiteOptions) return check.access_siteoptions(so, user) else: return False except Exception as e: return False
def calendar_share(request): if request.user.is_authenticated(): cal = get_personal_calendar(request.user) check = get_acl_for_model(cal) extra_context = check.get_acl_users_forms( request, cal.pk, template=None) context = RequestContext(request) return render_to_response('calendars/calendar_share.html', extra_context, context_instance=context) else: return HttpResponseForbidden()
def notes_get_content(request, extra={}, category=None): if request.user.is_authenticated(): extra_context = dict(**extra) extra_context['category'] = category extra_context['search_text'] = request.GET.get('search_text', '') extra_context['search_tag'] = request.GET.get('search_tag', '') if category: try: category = ZornaNoteCategory.objects.get(pk=category) check = get_acl_for_model(ZornaNoteCategory) extra_context['owner'] = category.owner == request.user if extra_context['owner'] or check.viewer_zornanotecategory(category, request.user): extra_context['category'] = category extra_context[ 'category_ancestors'] = category.get_ancestors() notes = category.zornanote_set.all() if extra_context['search_text']: notes = notes.filter(Q(title__icontains=extra_context[ 'search_text']) | Q(content__icontains=extra_context['search_text'])) if extra_context['search_tag']: notes = notes.filter(Q( tags__icontains=extra_context['search_tag'])) for n in notes: n.attachments = [] for f in n.zornanotefile_set.all(): n.attachments.append({'file_name': os.path.basename( f.file.name), 'pk': f.pk}) extra_context['notes'] = notes except Exception as e: return '%s' % e else: ob = get_allowed_objects(request.user, ZornaNoteCategory, 'viewer') extra_context['owner'] = False extra_context['category'] = None extra_context['category_ancestors'] = [] notes = ZornaNote.objects.filter(Q( owner=request.user) | Q(category__in=ob)) if extra_context['search_text']: notes = notes.filter(Q(title__icontains=extra_context[ 'search_text']) | Q(content__icontains=extra_context['search_text'])) if extra_context['search_tag']: notes = notes.filter(Q( tags__icontains=extra_context['search_tag'])) for n in notes: n.attachments = [] for f in n.zornanotefile_set.all(): n.attachments.append({'file_name': os.path.basename( f.file.name), 'pk': f.pk}) extra_context['notes'] = notes t = loader.get_template('notes/notes_view_notes.html') c = RequestContext(request, extra_context) return t.render(c) else: return 'Access denied'
def render(self, context): request = context['request'] check = get_acl_for_model(Community) allowed_objects = get_allowed_objects( request.user, Community, 'member') communities = Community.objects.filter( id__in=allowed_objects).order_by('name') for com in communities: com.manager = check.manage_community(com, request.user) com.member = True context[self.var_name] = communities return ''
def render(self, context): request = context['request'] check = get_acl_for_model(Community) allowed_objects = get_allowed_objects(request.user, Community, 'member') communities = Community.objects.filter( id__in=allowed_objects).order_by('name') for com in communities: com.manager = check.manage_community(com, request.user) com.member = True context[self.var_name] = communities return ''
def calendar_share(request): if request.user.is_authenticated(): cal = get_personal_calendar(request.user) check = get_acl_for_model(cal) extra_context = check.get_acl_users_forms(request, cal.pk, template=None) context = RequestContext(request) return render_to_response('calendars/calendar_share.html', extra_context, context_instance=context) else: return HttpResponseForbidden()
def manager_faq_edit_question(request, question): try: question = FaqQuestion.objects.get(pk=question) category = question.category faq = category.faq except FaqCategory.DoesNotExist: raise Http404 check = get_acl_for_model(Faq) if check.manager_faq(faq, request.user): initial_data = {} initial_data['category'] = category.pk if request.method == 'POST': if request.POST.has_key('bdelete'): question.delete() return HttpResponseRedirect( reverse('manager_edit_faq', args=[faq.pk])) form = FaqQuestionForm(request, faq, request.POST, initial=initial_data, instance=question) if form.is_valid(): question = form.save(commit=False) question.owner = request.user question.slug = slugify(question.question) question.save() return HttpResponseRedirect( reverse('manager_edit_faq', args=[faq.pk])) else: form = FaqQuestionForm(request, faq, request.POST, initial=initial_data, instance=question) else: form = FaqQuestionForm(request, faq, initial=initial_data, instance=question) context = RequestContext(request) extra_context = {'form': form, 'curcategory': category} extra_context['curfaq'] = faq extra_context['curquestion'] = True return render_to_response('faq/edit_question.html', extra_context, context_instance=context) else: return HttpResponseRedirect('/')
def get_menus(self, request, community_id=0): menus = [] for form in self._forms.values(): check = get_acl_for_model(form) if check.viewer_formsform(form, request.user): id = 'comforms_%s_menu' % form.slug menus.append({ 'title': form.name, 'url': reverse('communities_home_plugin', args=(id, )), 'id': id }) return menus
def manager_edit_faq(request, faq): try: faq = Faq.objects.get(pk=faq) except Faq.DoesNotExist: raise Http404 check = get_acl_for_model(Faq) if check.manager_faq(faq, request.user): ob_list = FaqCategory.objects.filter(faq=faq) extra_context = {} extra_context["categories"] = ob_list extra_context["curfaq"] = faq context = RequestContext(request) return render_to_response("faq/manager_edit_faq.html", extra_context, context_instance=context) else: return HttpResponseRedirect("/")
def manager_faq_list_questions(request, category): try: category = FaqCategory.objects.get(pk=category) except Faq.DoesNotExist: raise Http404 check = get_acl_for_model(Faq) if check.manager_faq(category.faq, request.user): ob_list = FaqQuestion.objects.filter(category=category) extra_context = {} extra_context["questions"] = ob_list extra_context["curfaq"] = category.faq extra_context["curcategory"] = category context = RequestContext(request) return render_to_response("faq/list_questions.html", extra_context, context_instance=context) else: return HttpResponseRedirect("/")
def manager_edit_faq(request, faq): try: faq = Faq.objects.get(pk=faq) except Faq.DoesNotExist: raise Http404 check = get_acl_for_model(Faq) if check.manager_faq(faq, request.user): ob_list = FaqCategory.objects.filter(faq=faq) extra_context = {} extra_context['categories'] = ob_list extra_context['curfaq'] = faq context = RequestContext(request) return render_to_response('faq/manager_edit_faq.html', extra_context, context_instance=context) else: return HttpResponseRedirect('/')
def render(self, context): request = context['request'] try: slug = self.form.resolve(context) except: slug = self.form try: form = FormsForm.objects.get(slug=slug) check = get_acl_for_model(form) func = getattr(check, '%s_formsform' % self.permission, None) if func is None: raise Exception("No handler for type %r" % self.permission) else: context[self.var_name] = func(form, request.user) except Exception as e: pass return ''
def manager_faq_list_questions(request, category): try: category = FaqCategory.objects.get(pk=category) except Faq.DoesNotExist: raise Http404 check = get_acl_for_model(Faq) if check.manager_faq(category.faq, request.user): ob_list = FaqQuestion.objects.filter(category=category) extra_context = {} extra_context['questions'] = ob_list extra_context['curfaq'] = category.faq extra_context['curcategory'] = category context = RequestContext(request) return render_to_response('faq/list_questions.html', extra_context, context_instance=context) else: return HttpResponseRedirect('/')
def browse_faq(request, faqslug): slugs = faqslug.split("/") try: faq = Faq.objects.get(slug=slugs[0]) if len(slugs) > 1: category = FaqCategory.objects.get(slug=slugs[1], faq=faq) else: category = None except Faq.DoesNotExist or FaqCategory.DoesNotExist: raise Http404 check = get_acl_for_model(Faq) if check.reader_faq(faq, request.user): ob_list = FaqCategory.objects.filter(faq=faq) extra_context = {} extra_context["categories"] = ob_list extra_context["curfaq"] = faq extra_context["curcategory"] = category context = RequestContext(request) return render_to_response("faq/browse_faq.html", extra_context, context_instance=context) else: return HttpResponseRedirect("/")
def get_note_attachment(request, file_id): if request.user.is_authenticated(): try: note_file = ZornaNoteFile.objects.get(pk=file_id) note = note_file.note if note.owner != request.user: check = get_acl_for_model(ZornaNoteCategory) if not check.viewer_zornanotecategory(note.category, request.user): return HttpResponseForbidden() except: return HttpResponseForbidden() path = "%s/%s" % (get_upload_notes_attachments(), note_file.file.name) fp = open(path, 'rb') content_type = note_file.mimetype response = HttpResponse(fp.read(), content_type=content_type) response['Content-Length'] = os.path.getsize(path) response['Content-Disposition'] = "attachment; filename=%s" % os.path.basename( note_file.file.name) return response else: return HttpResponseForbidden()
def render(self, context): request = context['request'] try: entry = FormsFormEntry.objects.select_related(depth=1).get(pk=self.entry) form = entry.form check = get_acl_for_model(form) if not check.viewer_formsform(form, request.user) and not isUserManager(request, form.workspace.slug): return '' except Exception as e: print e return '' columns, row = forms_get_entry(entry) panels = {'':{}} for panel in form.formsformpanel_set.all(): panel.fields = [] panels[panel.label] = panel for f in form.fields.visible(): if f.panel: panels[f.panel.label].fields.append(row[f.slug]) else: panels[''].setdefault('fields', []).append(row[f.slug]) context[self.var_name] = panels return ''
def manager_faq_edit_category(request, category): try: category = FaqCategory.objects.get(pk=category) except FaqCategory.DoesNotExist: raise Http404 check = get_acl_for_model(Faq) if check.manager_faq(category.faq, request.user): if request.method == "POST": form = FaqQuestionCategoryForm(request, request.POST, instance=category) if form.is_valid(): form.save() return HttpResponseRedirect(reverse("manager_faq_list_categories", args=[category.faq_id])) else: form = FaqQuestionCategoryForm(request, request.POST, instance=category) else: form = FaqQuestionCategoryForm(request, instance=category) context = RequestContext(request) extra_context = {"form": form, "curcategory": category} extra_context["curfaq"] = category.faq return render_to_response("faq/edit_category.html", extra_context, context_instance=context) else: return HttpResponseRedirect("/")
def browse_faq(request, faqslug): slugs = faqslug.split('/') try: faq = Faq.objects.get(slug=slugs[0]) if len(slugs) > 1: category = FaqCategory.objects.get(slug=slugs[1], faq=faq) else: category = None except Faq.DoesNotExist or FaqCategory.DoesNotExist: raise Http404 check = get_acl_for_model(Faq) if check.reader_faq(faq, request.user): ob_list = FaqCategory.objects.filter(faq=faq) extra_context = {} extra_context['categories'] = ob_list extra_context['curfaq'] = faq extra_context['curcategory'] = category context = RequestContext(request) return render_to_response('faq/browse_faq.html', extra_context, context_instance=context) else: return HttpResponseRedirect('/')
def get_note_attachment(request, file_id): if request.user.is_authenticated(): try: note_file = ZornaNoteFile.objects.get(pk=file_id) note = note_file.note if note.owner != request.user: check = get_acl_for_model(ZornaNoteCategory) if not check.viewer_zornanotecategory(note.category, request.user): return HttpResponseForbidden() except: return HttpResponseForbidden() path = "%s/%s" % (get_upload_notes_attachments(), note_file.file.name) fp = open(path, 'rb') content_type = note_file.mimetype response = HttpResponse(fp.read(), content_type=content_type) response['Content-Length'] = os.path.getsize(path) response[ 'Content-Disposition'] = "attachment; filename=%s" % os.path.basename( note_file.file.name) return response else: return HttpResponseForbidden()
def get_acl_forms(request, object, **kwargs): if request.user.is_superuser: check = get_acl_for_model(object) return check.get_acl_groups_forms(request, object.pk, **kwargs) else: return HttpResponseRedirect('/')
def notes_get_content(request, extra={}, category=None): if request.user.is_authenticated(): extra_context = dict(**extra) extra_context['category'] = category extra_context['search_text'] = request.GET.get('search_text', '') extra_context['search_tag'] = request.GET.get('search_tag', '') if category: try: category = ZornaNoteCategory.objects.get(pk=category) check = get_acl_for_model(ZornaNoteCategory) extra_context['owner'] = category.owner == request.user if extra_context['owner'] or check.viewer_zornanotecategory( category, request.user): extra_context['category'] = category extra_context[ 'category_ancestors'] = category.get_ancestors() notes = category.zornanote_set.all() if extra_context['search_text']: notes = notes.filter( Q(title__icontains=extra_context['search_text']) | Q(content__icontains=extra_context['search_text'])) if extra_context['search_tag']: notes = notes.filter( Q(tags__icontains=extra_context['search_tag'])) for n in notes: n.attachments = [] for f in n.zornanotefile_set.all(): n.attachments.append({ 'file_name': os.path.basename(f.file.name), 'pk': f.pk }) extra_context['notes'] = notes except Exception as e: return '%s' % e else: ob = get_allowed_objects(request.user, ZornaNoteCategory, 'viewer') extra_context['owner'] = False extra_context['category'] = None extra_context['category_ancestors'] = [] notes = ZornaNote.objects.filter( Q(owner=request.user) | Q(category__in=ob)) if extra_context['search_text']: notes = notes.filter( Q(title__icontains=extra_context['search_text']) | Q(content__icontains=extra_context['search_text'])) if extra_context['search_tag']: notes = notes.filter( Q(tags__icontains=extra_context['search_tag'])) for n in notes: n.attachments = [] for f in n.zornanotefile_set.all(): n.attachments.append({ 'file_name': os.path.basename(f.file.name), 'pk': f.pk }) extra_context['notes'] = notes t = loader.get_template('notes/notes_view_notes.html') c = RequestContext(request, extra_context) return t.render(c) else: return 'Access denied'