fnp
/
redakcja.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
top align in tables
[redakcja.git]
/
apps
/
wiki
/
views.py
diff --git
a/apps/wiki/views.py
b/apps/wiki/views.py
index
15fc462
..
fcbdf8b
100644
(file)
--- a/
apps/wiki/views.py
+++ b/
apps/wiki/views.py
@@
-1,18
+1,20
@@
from datetime import datetime
import os
import logging
from datetime import datetime
import os
import logging
+from time import mktime
+import urllib
from django.conf import settings
from django.core.urlresolvers import reverse
from django import http
from django.conf import settings
from django.core.urlresolvers import reverse
from django import http
-from django.http import Http404
+from django.http import Http404
, HttpResponseForbidden
from django.middleware.gzip import GZipMiddleware
from django.utils.decorators import decorator_from_middleware
from django.utils.encoding import smart_unicode
from django.middleware.gzip import GZipMiddleware
from django.utils.decorators import decorator_from_middleware
from django.utils.encoding import smart_unicode
+from django.utils.formats import localize
from django.utils.translation import ugettext as _
from django.views.decorators.http import require_POST, require_GET
from django.utils.translation import ugettext as _
from django.views.decorators.http import require_POST, require_GET
-from django.views.generic.simple import direct_to_template
-from django.shortcuts import get_object_or_404
+from django.shortcuts import get_object_or_404, render
from catalogue.models import Book, Chunk
import nice_diff
from catalogue.models import Book, Chunk
import nice_diff
@@
-46,11
+48,13
@@
def editor(request, slug, chunk=None, template_name='wiki/document_details.html'
return http.HttpResponseRedirect(reverse("catalogue_create_missing", args=[slug]))
else:
raise Http404
return http.HttpResponseRedirect(reverse("catalogue_create_missing", args=[slug]))
else:
raise Http404
+ if not chunk.book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
access_time = datetime.now()
last_books = request.session.get("wiki_last_books", {})
access_time = datetime.now()
last_books = request.session.get("wiki_last_books", {})
- last_books[
slug, chunk.slug
] = {
- 'time':
access_time
,
+ last_books[
reverse(editor, args=[chunk.book.slug, chunk.slug])
] = {
+ 'time':
mktime(access_time.timetuple())
,
'title': chunk.pretty_name(),
}
'title': chunk.pretty_name(),
}
@@
-59,13
+63,14
@@
def editor(request, slug, chunk=None, template_name='wiki/document_details.html'
del last_books[oldest_key]
request.session['wiki_last_books'] = last_books
del last_books[oldest_key]
request.session['wiki_last_books'] = last_books
- return
direct_to_template(request, template_name, extra_context=
{
+ return
render(request, template_name,
{
'chunk': chunk,
'forms': {
'chunk': chunk,
'forms': {
- "text_save": forms.DocumentTextSaveForm(prefix="textsave"),
+ "text_save": forms.DocumentTextSaveForm(
user=request.user,
prefix="textsave"),
"text_revert": forms.DocumentTextRevertForm(prefix="textrevert"),
"pubmark": forms.DocumentPubmarkForm(prefix="pubmark"),
},
"text_revert": forms.DocumentTextRevertForm(prefix="textrevert"),
"pubmark": forms.DocumentPubmarkForm(prefix="pubmark"),
},
+ 'can_pubmark': request.user.has_perm('catalogue.can_pubmark'),
'REDMINE_URL': settings.REDMINE_URL,
})
'REDMINE_URL': settings.REDMINE_URL,
})
@@
-77,11
+82,13
@@
def editor_readonly(request, slug, chunk=None, template_name='wiki/document_deta
revision = request.GET['revision']
except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist, KeyError):
raise Http404
revision = request.GET['revision']
except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist, KeyError):
raise Http404
+ if not chunk.book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
access_time = datetime.now()
last_books = request.session.get("wiki_last_books", {})
last_books[slug, chunk.slug] = {
access_time = datetime.now()
last_books = request.session.get("wiki_last_books", {})
last_books[slug, chunk.slug] = {
- 'time':
access_time
,
+ 'time':
mktime(access_time.timetuple())
,
'title': chunk.book.title,
}
'title': chunk.book.title,
}
@@
-90,7
+97,7
@@
def editor_readonly(request, slug, chunk=None, template_name='wiki/document_deta
del last_books[oldest_key]
request.session['wiki_last_books'] = last_books
del last_books[oldest_key]
request.session['wiki_last_books'] = last_books
- return
direct_to_template(request, template_name, extra_context=
{
+ return
render(request, template_name,
{
'chunk': chunk,
'revision': revision,
'readonly': True,
'chunk': chunk,
'revision': revision,
'readonly': True,
@@
-102,9
+109,11
@@
def editor_readonly(request, slug, chunk=None, template_name='wiki/document_deta
@decorator_from_middleware(GZipMiddleware)
def text(request, chunk_id):
doc = get_object_or_404(Chunk, pk=chunk_id)
@decorator_from_middleware(GZipMiddleware)
def text(request, chunk_id):
doc = get_object_or_404(Chunk, pk=chunk_id)
+ if not doc.book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
if request.method == 'POST':
if request.method == 'POST':
- form = forms.DocumentTextSaveForm(request.POST, prefix="textsave")
+ form = forms.DocumentTextSaveForm(request.POST,
user=request.user,
prefix="textsave")
if form.is_valid():
if request.user.is_authenticated():
author = request.user
if form.is_valid():
if request.user.is_authenticated():
author = request.user
@@
-118,11
+127,16
@@
def text(request, chunk_id):
parent = None
stage = form.cleaned_data['stage_completed']
tags = [stage] if stage else []
parent = None
stage = form.cleaned_data['stage_completed']
tags = [stage] if stage else []
+ publishable = (form.cleaned_data['publishable'] and
+ request.user.has_perm('catalogue.can_pubmark'))
doc.commit(author=author,
text=text,
parent=parent,
description=form.cleaned_data['comment'],
tags=tags,
doc.commit(author=author,
text=text,
parent=parent,
description=form.cleaned_data['comment'],
tags=tags,
+ author_name=form.cleaned_data['author_name'],
+ author_email=form.cleaned_data['author_email'],
+ publishable=publishable,
)
revision = doc.revision()
return JSONResponse({
)
revision = doc.revision()
return JSONResponse({
@@
-158,6
+172,8
@@
def revert(request, chunk_id):
form = forms.DocumentTextRevertForm(request.POST, prefix="textrevert")
if form.is_valid():
doc = get_object_or_404(Chunk, pk=chunk_id)
form = forms.DocumentTextRevertForm(request.POST, prefix="textrevert")
if form.is_valid():
doc = get_object_or_404(Chunk, pk=chunk_id)
+ if not doc.book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
revision = form.cleaned_data['revision']
revision = form.cleaned_data['revision']
@@
-187,22
+203,28
@@
def gallery(request, directory):
try:
base_url = ''.join((
smart_unicode(settings.MEDIA_URL),
try:
base_url = ''.join((
smart_unicode(settings.MEDIA_URL),
- smart_unicode(settings.
FILEBROWSER_DIRECTORY
),
+ smart_unicode(settings.
IMAGE_DIR
),
smart_unicode(directory)))
base_dir = os.path.join(
smart_unicode(settings.MEDIA_ROOT),
smart_unicode(directory)))
base_dir = os.path.join(
smart_unicode(settings.MEDIA_ROOT),
- smart_unicode(settings.
FILEBROWSER_DIRECTORY
),
+ smart_unicode(settings.
IMAGE_DIR
),
smart_unicode(directory))
def map_to_url(filename):
smart_unicode(directory))
def map_to_url(filename):
- return
"%s/%s" % (base_url, smart_unicode(filename
))
+ return
urllib.quote("%s/%s" % (base_url, smart_unicode(filename)
))
def is_image(filename):
return os.path.splitext(f)[1].lower() in (u'.jpg', u'.jpeg', u'.png')
images = [map_to_url(f) for f in map(smart_unicode, os.listdir(base_dir)) if is_image(f)]
images.sort()
def is_image(filename):
return os.path.splitext(f)[1].lower() in (u'.jpg', u'.jpeg', u'.png')
images = [map_to_url(f) for f in map(smart_unicode, os.listdir(base_dir)) if is_image(f)]
images.sort()
+
+ book = Book.objects.get(gallery=directory)
+
+ if not book.public and not request.user.is_authenticated():
+ return HttpResponseForbidden("Not authorized.")
+
return JSONResponse(images)
except (IndexError, OSError):
logger.exception("Unable to fetch gallery")
return JSONResponse(images)
except (IndexError, OSError):
logger.exception("Unable to fetch gallery")
@@
-221,6
+243,9
@@
def diff(request, chunk_id):
revB = None
doc = get_object_or_404(Chunk, pk=chunk_id)
revB = None
doc = get_object_or_404(Chunk, pk=chunk_id)
+ if not doc.book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
+
# allow diff from the beginning
if revA:
docA = doc.at_revision(revA).materialize()
# allow diff from the beginning
if revA:
docA = doc.at_revision(revA).materialize()
@@
-235,6
+260,8
@@
def diff(request, chunk_id):
@never_cache
def revision(request, chunk_id):
doc = get_object_or_404(Chunk, pk=chunk_id)
@never_cache
def revision(request, chunk_id):
doc = get_object_or_404(Chunk, pk=chunk_id)
+ if not doc.book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
return http.HttpResponse(str(doc.revision()))
return http.HttpResponse(str(doc.revision()))
@@
-242,16
+269,21
@@
def revision(request, chunk_id):
def history(request, chunk_id):
# TODO: pagination
doc = get_object_or_404(Chunk, pk=chunk_id)
def history(request, chunk_id):
# TODO: pagination
doc = get_object_or_404(Chunk, pk=chunk_id)
+ if not doc.book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
changes = []
changes = []
- for change in doc.history().
order_by('-created_at'
):
+ for change in doc.history().
reverse(
):
changes.append({
"version": change.revision,
"description": change.description,
"author": change.author_str(),
changes.append({
"version": change.revision,
"description": change.description,
"author": change.author_str(),
- "date":
change.created_at
,
+ "date":
localize(change.created_at)
,
"publishable": _("Publishable") + "\n" if change.publishable else "",
"tag": ',\n'.join(unicode(tag) for tag in change.tags.all()),
"publishable": _("Publishable") + "\n" if change.publishable else "",
"tag": ',\n'.join(unicode(tag) for tag in change.tags.all()),
+ "published": _("Published") + ": " + \
+ localize(change.publish_log.order_by('-book_record__timestamp')[0].book_record.timestamp) \
+ if change.publish_log.exists() else "",
})
return JSONResponse(changes)
})
return JSONResponse(changes)
@@
-262,6
+294,8
@@
def pubmark(request, chunk_id):
form = forms.DocumentPubmarkForm(request.POST, prefix="pubmark")
if form.is_valid():
doc = get_object_or_404(Chunk, pk=chunk_id)
form = forms.DocumentPubmarkForm(request.POST, prefix="pubmark")
if form.is_valid():
doc = get_object_or_404(Chunk, pk=chunk_id)
+ if not doc.book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
revision = form.cleaned_data['revision']
publishable = form.cleaned_data['publishable']
revision = form.cleaned_data['revision']
publishable = form.cleaned_data['publishable']