X-Git-Url: https://git.mdrn.pl/edumed.git/blobdiff_plain/736d94f6ac63f205be2967f013a15c457032fc2f..d0f0e1412cc42d366b234e798dfb68feed05d751:/contact/views.py?ds=sidebyside diff --git a/contact/views.py b/contact/views.py index 245433e..580a65d 100644 --- a/contact/views.py +++ b/contact/views.py @@ -1,38 +1,61 @@ +# -*- coding: utf-8 -*- +from urllib import unquote + from django.contrib.auth.decorators import permission_required -from django.http import Http404, HttpResponse +from django.http import Http404 from django.shortcuts import get_object_or_404, redirect, render -from django.utils.translation import ugettext_lazy as _ +from django.views.decorators.cache import never_cache from fnpdjango.utils.views import serve_file -from .forms import contact_forms -from .models import Attachment +from honeypot.decorators import check_honeypot + +from .forms import contact_forms, update_forms +from .models import Attachment, Contact -def form(request, form_tag): +@check_honeypot +@never_cache +def form(request, form_tag, force_enabled=False, contact_id=None, key=None): + update = bool(contact_id and key) try: - form_class = contact_forms[form_tag] + if update and form_tag in update_forms: + form_class = update_forms[form_tag] + else: + form_class = contact_forms[form_tag] except KeyError: raise Http404 + if not (force_enabled and request.user.is_superuser): + if form_class.is_disabled(): + template = form_class.disabled_template + if template: + return render(request, template, {'title': form_class.form_title}) + raise Http404 + if contact_id: + contact = get_object_or_404(Contact, id=contact_id, form_tag=form_tag) + if not form_class.updatable: + raise Http404 + if key != contact.key: + raise Http404 + else: + contact = None if request.method == 'POST': - form = form_class(request.POST, request.FILES) - formsets = [] - valid = form.is_valid() - for formset in getattr(form, 'form_formsets', ()): - fset = formset(request.POST, request.FILES) - if not fset.is_valid(): - valid = False - formsets.append(fset) - if valid: - form.save(request, formsets) - return redirect('contact_thanks', form_tag) + form = form_class(request.POST, request.FILES, instance=contact) else: - form = form_class(initial=request.GET) - formsets = [] - for formset in getattr(form, 'form_formsets', ()): - formsets.append(formset()) - return render(request, - ['contact/%s/form.html' % form_tag, 'contact/form.html'], - {'form': form, 'formsets': formsets} - ) + form = form_class(initial=request.GET, instance=contact) + if request.method == 'POST': + formsets = form.get_formsets(request) + if form.is_valid() and all(formset.is_valid() for formset in formsets.itervalues()): + contact = form.save(request, formsets.values()) + if form.result_page: + return redirect('contact_results', contact.id, contact.digest()) + else: + return redirect('contact_thanks', form_tag) + else: + formsets = form.get_formsets() + + return render( + request, ['contact/%s/form.html' % form_tag, 'contact/form.html'], + {'form': form, 'formsets': formsets, 'formset_errors': any(formset.errors for formset in formsets.values())} + ) def thanks(request, form_tag): @@ -41,13 +64,40 @@ def thanks(request, form_tag): except KeyError: raise Http404 - return render(request, - ['contact/%s/thanks.html' % form_tag, 'contact/thanks.html'], - dict(base_template = getattr(form_class, 'base_template', None)) - ) + return render( + request, ['contact/%s/thanks.html' % form_tag, 'contact/thanks.html'], + {'base_template': getattr(form_class, 'base_template', None)}) + + +def results(request, contact_id, digest): + contact = get_object_or_404(Contact, id=contact_id) + if digest != contact.digest(): + raise Http404 + try: + form_class = contact_forms[contact.form_tag] + except KeyError: + raise Http404 + + return render( + request, 'contact/%s/results.html' % contact.form_tag, + { + 'results': form_class.results(contact), + 'base_template': getattr(form_class, 'base_template', None), + } + ) @permission_required('contact.change_attachment') def attachment(request, contact_id, tag): attachment = get_object_or_404(Attachment, contact_id=contact_id, tag=tag) - return serve_file(attachment.file.url) + attachment_url = unquote(attachment.file.url) + return serve_file(attachment_url) + + +def attachment_key(request, contact_id, tag, key): + contact = Contact.objects.get(id=contact_id) + if key != contact.key: + raise Http404 + attachment = get_object_or_404(Attachment, contact_id=contact_id, tag=tag) + attachment_url = unquote(attachment.file.url) + return serve_file(attachment_url)