fnp / edumed.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
validate filename length
[edumed.git] / stage2 / views.py
diff --git a/stage2/views.py b/stage2/views.py
index 974e375..e199de0 100644 (file)
--- a/stage2/views.py
+++ b/stage2/views.py
@@ -6,6 +6,7 @@ from django.http.response import HttpResponseRedirect, HttpResponse, HttpRespons
 from django.shortcuts import get_object_or_404, render
 from django.utils import timezone
 from django.views.decorators.http import require_POST
+from unidecode import unidecode
 
 from stage2.forms import AttachmentForm, MarkForm
 from stage2.models import Participant, Assignment, Answer, Attachment, Mark
@@ -54,7 +55,8 @@ def upload(request, assignment_id, participant_id, key):
 def attachment_download(attachment):
     response = HttpResponse(content_type='application/force-download')
     response.write(attachment.file.read())
-    response['Content-Disposition'] = 'attachment; filename="%s"' % attachment.filename()
+    # workaround to this: https://code.djangoproject.com/ticket/20889
+    response['Content-Disposition'] = 'attachment; filename="%s"' % unidecode(attachment.filename().replace('\n', ' '))
     response['Content-Length'] = response.tell()
     return response
 
@@ -75,7 +77,7 @@ def get_file(request, assignment_id, file_no, participant_id, key):
 def assignment_list(request):
     assignments = request.user.stage2_assignments.all()
     if not assignments:
-        return HttpResponseForbidden()
+        return HttpResponseForbidden('Not allowed')
     for assignment in assignments:
         assignment.marked_count = Mark.objects.filter(expert=request.user, answer__assignment=assignment).count()
         assignment.to_mark_count = assignment.available_answers(request.user).count()
@@ -109,7 +111,7 @@ def available_answers(assignment, expert, answer_with_errors=None, form_with_err
 def answer_list(request, assignment_id):
     assignment = get_object_or_404(Assignment, id=assignment_id)
     if request.user not in assignment.experts.all():
-        return HttpResponseForbidden()
+        return HttpResponseForbidden('Not allowed')
     return render(request, 'stage2/answer_list.html',
                   {'answers': available_answers(assignment, request.user), 'assignment': assignment})
 
@@ -118,7 +120,7 @@ def answer_list(request, assignment_id):
 def marked_answer_list(request, assignment_id):
     assignment = get_object_or_404(Assignment, id=assignment_id)
     if request.user not in assignment.experts.all():
-        return HttpResponseForbidden()
+        return HttpResponseForbidden('Not allowed')
     return render(request, 'stage2/answer_list.html', {
         'answers': available_answers(assignment, request.user, marked=True),
         'assignment': assignment,
@@ -137,9 +139,9 @@ def expert_download(request, attachment_id):
 def mark_answer(request, answer_id):
     answer = get_object_or_404(Answer, id=answer_id)
     if request.user not in answer.assignment.experts.all():
-        return HttpResponseForbidden()
+        return HttpResponseForbidden('Not allowed')
     if answer.assignment.is_active():
-        return HttpResponseForbidden()
+        return HttpResponseForbidden('Not allowed')
     mark, created = Mark.objects.get_or_create(answer=answer, expert=request.user, defaults={'points': 0})
     form = MarkForm(data=request.POST, answer=answer, instance=mark, prefix='ans%s' % answer.id)
     if form.is_valid():