X-Git-Url: https://git.mdrn.pl/edumed.git/blobdiff_plain/30343946f333b9b63113bdda185c30924bab0337..d0f0e1412cc42d366b234e798dfb68feed05d751:/contact/views.py diff --git a/contact/views.py b/contact/views.py index e52b6b2..580a65d 100644 --- a/contact/views.py +++ b/contact/views.py @@ -4,42 +4,57 @@ from urllib import unquote from django.contrib.auth.decorators import permission_required from django.http import Http404 from django.shortcuts import get_object_or_404, redirect, render +from django.views.decorators.cache import never_cache from fnpdjango.utils.views import serve_file -from .forms import contact_forms -from .models import Attachment +from honeypot.decorators import check_honeypot +from .forms import contact_forms, update_forms +from .models import Attachment, Contact -def form(request, form_tag, force_enabled=False): + +@check_honeypot +@never_cache +def form(request, form_tag, force_enabled=False, contact_id=None, key=None): + update = bool(contact_id and key) try: - form_class = contact_forms[form_tag] + if update and form_tag in update_forms: + form_class = update_forms[form_tag] + else: + form_class = contact_forms[form_tag] except KeyError: raise Http404 - if (getattr(form_class, 'disabled', False) and - not (force_enabled and request.user.is_superuser)): - template = getattr(form_class, 'disabled_template', None) - if template: - return render(request, template, {'title': form_class.form_title}) - raise Http404 + if not (force_enabled and request.user.is_superuser): + if form_class.is_disabled(): + template = form_class.disabled_template + if template: + return render(request, template, {'title': form_class.form_title}) + raise Http404 + if contact_id: + contact = get_object_or_404(Contact, id=contact_id, form_tag=form_tag) + if not form_class.updatable: + raise Http404 + if key != contact.key: + raise Http404 + else: + contact = None + if request.method == 'POST': + form = form_class(request.POST, request.FILES, instance=contact) + else: + form = form_class(initial=request.GET, instance=contact) if request.method == 'POST': - form = form_class(request.POST, request.FILES) - formsets = [] - valid = form.is_valid() - for formset in getattr(form, 'form_formsets', ()): - fset = formset(request.POST, request.FILES) - if not fset.is_valid(): - valid = False - formsets.append(fset) - if valid: - form.save(request, formsets) - return redirect('contact_thanks', form_tag) + formsets = form.get_formsets(request) + if form.is_valid() and all(formset.is_valid() for formset in formsets.itervalues()): + contact = form.save(request, formsets.values()) + if form.result_page: + return redirect('contact_results', contact.id, contact.digest()) + else: + return redirect('contact_thanks', form_tag) else: - form = form_class(initial=request.GET) - formsets = [] - for formset in getattr(form, 'form_formsets', ()): - formsets.append(formset()) + formsets = form.get_formsets() + return render( request, ['contact/%s/form.html' % form_tag, 'contact/form.html'], - {'form': form, 'formsets': formsets} + {'form': form, 'formsets': formsets, 'formset_errors': any(formset.errors for formset in formsets.values())} ) @@ -54,8 +69,35 @@ def thanks(request, form_tag): {'base_template': getattr(form_class, 'base_template', None)}) +def results(request, contact_id, digest): + contact = get_object_or_404(Contact, id=contact_id) + if digest != contact.digest(): + raise Http404 + try: + form_class = contact_forms[contact.form_tag] + except KeyError: + raise Http404 + + return render( + request, 'contact/%s/results.html' % contact.form_tag, + { + 'results': form_class.results(contact), + 'base_template': getattr(form_class, 'base_template', None), + } + ) + + @permission_required('contact.change_attachment') def attachment(request, contact_id, tag): attachment = get_object_or_404(Attachment, contact_id=contact_id, tag=tag) attachment_url = unquote(attachment.file.url) return serve_file(attachment_url) + + +def attachment_key(request, contact_id, tag, key): + contact = Contact.objects.get(id=contact_id) + if key != contact.key: + raise Http404 + attachment = get_object_or_404(Attachment, contact_id=contact_id, tag=tag) + attachment_url = unquote(attachment.file.url) + return serve_file(attachment_url)