smarter mark final form

[redakcja.git] / apps / wiki / views.py
diff --git a/apps/wiki/views.py b/apps/wiki/views.py

index dc2ec6f..e1ef6ae 100644 (file)
--- a/apps/wiki/views.py
+++ b/apps/wiki/views.py
@@ -1,17 +1,21 @@
+# -*- coding: utf-8 -*-
  from datetime import datetime
  import os
  import logging
  from datetime import datetime
  import os
  import logging
+from time import mktime
+import urllib
  
  from django.conf import settings
  from django.core.urlresolvers import reverse
  from django import http
  
  from django.conf import settings
  from django.core.urlresolvers import reverse
  from django import http
-from django.http import Http404
+from django.http import Http404, HttpResponseForbidden
  from django.middleware.gzip import GZipMiddleware
  from django.utils.decorators import decorator_from_middleware
  from django.utils.encoding import smart_unicode
  from django.middleware.gzip import GZipMiddleware
  from django.utils.decorators import decorator_from_middleware
  from django.utils.encoding import smart_unicode
+from django.utils.formats import localize
  from django.utils.translation import ugettext as _
  from django.views.decorators.http import require_POST, require_GET
  from django.utils.translation import ugettext as _
  from django.views.decorators.http import require_POST, require_GET
-from django.views.generic.simple import direct_to_template
+from django.shortcuts import get_object_or_404, render
  
  from catalogue.models import Book, Chunk
  import nice_diff
  
  from catalogue.models import Book, Chunk
  import nice_diff
@@ -45,11 +49,13 @@ def editor(request, slug, chunk=None, template_name='wiki/document_details.html'
                  return http.HttpResponseRedirect(reverse("catalogue_create_missing", args=[slug]))
          else:
              raise Http404
                  return http.HttpResponseRedirect(reverse("catalogue_create_missing", args=[slug]))
          else:
              raise Http404
+    if not chunk.book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
  
      access_time = datetime.now()
      last_books = request.session.get("wiki_last_books", {})
  
      access_time = datetime.now()
      last_books = request.session.get("wiki_last_books", {})
-    last_books[slug, chunk.slug] = {
-        'time': access_time,
+    last_books[reverse(editor, args=[chunk.book.slug, chunk.slug])] = {
+        'time': mktime(access_time.timetuple()),
          'title': chunk.pretty_name(),
          }
  
          'title': chunk.pretty_name(),
          }
  
@@ -58,13 +64,14 @@ def editor(request, slug, chunk=None, template_name='wiki/document_details.html'
          del last_books[oldest_key]
      request.session['wiki_last_books'] = last_books
  
          del last_books[oldest_key]
      request.session['wiki_last_books'] = last_books
  
-    return direct_to_template(request, template_name, extra_context={
+    return render(request, template_name, {
          'chunk': chunk,
          'forms': {
          'chunk': chunk,
          'forms': {
-            "text_save": forms.DocumentTextSaveForm(prefix="textsave"),
+            "text_save": forms.DocumentTextSaveForm(user=request.user, prefix="textsave"),
              "text_revert": forms.DocumentTextRevertForm(prefix="textrevert"),
              "pubmark": forms.DocumentPubmarkForm(prefix="pubmark"),
          },
              "text_revert": forms.DocumentTextRevertForm(prefix="textrevert"),
              "pubmark": forms.DocumentPubmarkForm(prefix="pubmark"),
          },
+        'can_pubmark': request.user.has_perm('catalogue.can_pubmark'),
          'REDMINE_URL': settings.REDMINE_URL,
      })
  
          'REDMINE_URL': settings.REDMINE_URL,
      })
  
@@ -76,11 +83,13 @@ def editor_readonly(request, slug, chunk=None, template_name='wiki/document_deta
          revision = request.GET['revision']
      except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist, KeyError):
          raise Http404
          revision = request.GET['revision']
      except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist, KeyError):
          raise Http404
+    if not chunk.book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
  
      access_time = datetime.now()
      last_books = request.session.get("wiki_last_books", {})
      last_books[slug, chunk.slug] = {
  
      access_time = datetime.now()
      last_books = request.session.get("wiki_last_books", {})
      last_books[slug, chunk.slug] = {
-        'time': access_time,
+        'time': mktime(access_time.timetuple()),
          'title': chunk.book.title,
          }
  
          'title': chunk.book.title,
          }
  
@@ -89,7 +98,7 @@ def editor_readonly(request, slug, chunk=None, template_name='wiki/document_deta
          del last_books[oldest_key]
      request.session['wiki_last_books'] = last_books
  
          del last_books[oldest_key]
      request.session['wiki_last_books'] = last_books
  
-    return direct_to_template(request, template_name, extra_context={
+    return render(request, template_name, {
          'chunk': chunk,
          'revision': revision,
          'readonly': True,
          'chunk': chunk,
          'revision': revision,
          'readonly': True,
@@ -99,14 +108,13 @@ def editor_readonly(request, slug, chunk=None, template_name='wiki/document_deta
  
  @never_cache
  @decorator_from_middleware(GZipMiddleware)
  
  @never_cache
  @decorator_from_middleware(GZipMiddleware)
-def text(request, slug, chunk=None):
-    try:
-        doc = Chunk.get(slug, chunk)
-    except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
-        raise Http404
+def text(request, chunk_id):
+    doc = get_object_or_404(Chunk, pk=chunk_id)
+    if not doc.book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
  
      if request.method == 'POST':
  
      if request.method == 'POST':
-        form = forms.DocumentTextSaveForm(request.POST, prefix="textsave")
+        form = forms.DocumentTextSaveForm(request.POST, user=request.user, prefix="textsave")
          if form.is_valid():
              if request.user.is_authenticated():
                  author = request.user
          if form.is_valid():
              if request.user.is_authenticated():
                  author = request.user
@@ -120,11 +128,16 @@ def text(request, slug, chunk=None):
                  parent = None
              stage = form.cleaned_data['stage_completed']
              tags = [stage] if stage else []
                  parent = None
              stage = form.cleaned_data['stage_completed']
              tags = [stage] if stage else []
+            publishable = (form.cleaned_data['publishable'] and
+                    request.user.has_perm('catalogue.can_pubmark'))
              doc.commit(author=author,
                         text=text,
                         parent=parent,
                         description=form.cleaned_data['comment'],
                         tags=tags,
              doc.commit(author=author,
                         text=text,
                         parent=parent,
                         description=form.cleaned_data['comment'],
                         tags=tags,
+                       author_name=form.cleaned_data['author_name'],
+                       author_email=form.cleaned_data['author_email'],
+                       publishable=publishable,
                         )
              revision = doc.revision()
              return JSONResponse({
                         )
              revision = doc.revision()
              return JSONResponse({
@@ -156,13 +169,12 @@ def text(request, slug, chunk=None):
  
  @never_cache
  @require_POST
  
  @never_cache
  @require_POST
-def revert(request, slug, chunk=None):
+def revert(request, chunk_id):
      form = forms.DocumentTextRevertForm(request.POST, prefix="textrevert")
      if form.is_valid():
      form = forms.DocumentTextRevertForm(request.POST, prefix="textrevert")
      if form.is_valid():
-        try:
-            doc = Chunk.get(slug, chunk)
-        except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
-            raise Http404
+        doc = get_object_or_404(Chunk, pk=chunk_id)
+        if not doc.book.accessible(request):
+            return HttpResponseForbidden("Not authorized.")
  
          revision = form.cleaned_data['revision']
  
  
          revision = form.cleaned_data['revision']
  
@@ -175,7 +187,7 @@ def revert(request, slug, chunk=None):
              author = None
  
          before = doc.revision()
              author = None
  
          before = doc.revision()
-        logger.info("Reverting %s to %s", slug, revision)
+        logger.info("Reverting %s to %s", chunk_id, revision)
          doc.at_revision(revision).revert(author=author, description=comment)
  
          return JSONResponse({
          doc.at_revision(revision).revert(author=author, description=comment)
  
          return JSONResponse({
@@ -192,22 +204,28 @@ def gallery(request, directory):
      try:
          base_url = ''.join((
                          smart_unicode(settings.MEDIA_URL),
      try:
          base_url = ''.join((
                          smart_unicode(settings.MEDIA_URL),
-                        smart_unicode(settings.FILEBROWSER_DIRECTORY),
+                        smart_unicode(settings.IMAGE_DIR),
                          smart_unicode(directory)))
  
          base_dir = os.path.join(
                      smart_unicode(settings.MEDIA_ROOT),
                          smart_unicode(directory)))
  
          base_dir = os.path.join(
                      smart_unicode(settings.MEDIA_ROOT),
-                    smart_unicode(settings.FILEBROWSER_DIRECTORY),
+                    smart_unicode(settings.IMAGE_DIR),
                      smart_unicode(directory))
  
          def map_to_url(filename):
                      smart_unicode(directory))
  
          def map_to_url(filename):
-            return "%s/%s" % (base_url, smart_unicode(filename))
+            return urllib.quote(("%s/%s" % (base_url, smart_unicode(filename))).encode('utf-8'))
  
          def is_image(filename):
  
          def is_image(filename):
-            return os.path.splitext(f)[1].lower() in (u'.jpg', u'.jpeg', u'.png')
+            return os.path.splitext(filename)[1].lower() in (u'.jpg', u'.jpeg', u'.png')
  
          images = [map_to_url(f) for f in map(smart_unicode, os.listdir(base_dir)) if is_image(f)]
          images.sort()
  
          images = [map_to_url(f) for f in map(smart_unicode, os.listdir(base_dir)) if is_image(f)]
          images.sort()
+
+        books = Book.objects.filter(gallery=directory)
+
+        if not all(book.public for book in books) and not request.user.is_authenticated():
+            return HttpResponseForbidden("Not authorized.")
+
          return JSONResponse(images)
      except (IndexError, OSError):
          logger.exception("Unable to fetch gallery")
          return JSONResponse(images)
      except (IndexError, OSError):
          logger.exception("Unable to fetch gallery")
@@ -215,7 +233,7 @@ def gallery(request, directory):
  
  
  @never_cache
  
  
  @never_cache
-def diff(request, slug, chunk=None):
+def diff(request, chunk_id):
      revA = int(request.GET.get('from', 0))
      revB = int(request.GET.get('to', 0))
  
      revA = int(request.GET.get('from', 0))
      revB = int(request.GET.get('to', 0))
  
@@ -225,10 +243,10 @@ def diff(request, slug, chunk=None):
      if revB == 0:
          revB = None
  
      if revB == 0:
          revB = None
  
-    try:
-        doc = Chunk.get(slug, chunk)
-    except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
-        raise Http404
+    doc = get_object_or_404(Chunk, pk=chunk_id)
+    if not doc.book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
+
      # allow diff from the beginning
      if revA:
          docA = doc.at_revision(revA).materialize()
      # allow diff from the beginning
      if revA:
          docA = doc.at_revision(revA).materialize()
@@ -241,44 +259,44 @@ def diff(request, slug, chunk=None):
  
  
  @never_cache
  
  
  @never_cache
-def revision(request, slug, chunk=None):
-    try:
-        doc = Chunk.get(slug, chunk)
-    except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
-        raise Http404
+def revision(request, chunk_id):
+    doc = get_object_or_404(Chunk, pk=chunk_id)
+    if not doc.book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
      return http.HttpResponse(str(doc.revision()))
  
  
  @never_cache
      return http.HttpResponse(str(doc.revision()))
  
  
  @never_cache
-def history(request, slug, chunk=None):
+def history(request, chunk_id):
      # TODO: pagination
      # TODO: pagination
-    try:
-        doc = Chunk.get(slug, chunk)
-    except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
-        raise Http404
+    doc = get_object_or_404(Chunk, pk=chunk_id)
+    if not doc.book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
  
      changes = []
  
      changes = []
-    for change in doc.history().order_by('-created_at'):
+    for change in doc.history().reverse():
          changes.append({
                  "version": change.revision,
                  "description": change.description,
                  "author": change.author_str(),
          changes.append({
                  "version": change.revision,
                  "description": change.description,
                  "author": change.author_str(),
-                "date": change.created_at,
+                "date": localize(change.created_at),
                  "publishable": _("Publishable") + "\n" if change.publishable else "",
                  "tag": ',\n'.join(unicode(tag) for tag in change.tags.all()),
                  "publishable": _("Publishable") + "\n" if change.publishable else "",
                  "tag": ',\n'.join(unicode(tag) for tag in change.tags.all()),
+                "published": _("Published") + ": " + \
+                    localize(change.publish_log.order_by('-book_record__timestamp')[0].book_record.timestamp) \
+                    if change.publish_log.exists() else "",
              })
      return JSONResponse(changes)
  
  
  @require_POST
  @ajax_require_permission('catalogue.can_pubmark')
              })
      return JSONResponse(changes)
  
  
  @require_POST
  @ajax_require_permission('catalogue.can_pubmark')
-def pubmark(request, slug, chunk=None):
+def pubmark(request, chunk_id):
      form = forms.DocumentPubmarkForm(request.POST, prefix="pubmark")
      if form.is_valid():
      form = forms.DocumentPubmarkForm(request.POST, prefix="pubmark")
      if form.is_valid():
-        try:
-            doc = Chunk.get(slug, chunk)
-        except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
-            raise Http404
+        doc = get_object_or_404(Chunk, pk=chunk_id)
+        if not doc.book.accessible(request):
+            return HttpResponseForbidden("Not authorized.")
  
          revision = form.cleaned_data['revision']
          publishable = form.cleaned_data['publishable']
  
          revision = form.cleaned_data['revision']
          publishable = form.cleaned_data['publishable']