from django.conf import settings
from django.core.urlresolvers import reverse
from django import http
-from django.http import Http404
+from django.http import Http404, HttpResponseForbidden
from django.middleware.gzip import GZipMiddleware
from django.utils.decorators import decorator_from_middleware
from django.utils.encoding import smart_unicode
+from django.utils.formats import localize
from django.utils.translation import ugettext as _
from django.views.decorators.http import require_POST, require_GET
from django.views.generic.simple import direct_to_template
return http.HttpResponseRedirect(reverse("catalogue_create_missing", args=[slug]))
else:
raise Http404
+ if not chunk.book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
access_time = datetime.now()
last_books = request.session.get("wiki_last_books", {})
"text_revert": forms.DocumentTextRevertForm(prefix="textrevert"),
"pubmark": forms.DocumentPubmarkForm(prefix="pubmark"),
},
+ 'can_pubmark': request.user.has_perm('catalogue.can_pubmark'),
'REDMINE_URL': settings.REDMINE_URL,
})
revision = request.GET['revision']
except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist, KeyError):
raise Http404
+ if not chunk.book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
access_time = datetime.now()
last_books = request.session.get("wiki_last_books", {})
@decorator_from_middleware(GZipMiddleware)
def text(request, chunk_id):
doc = get_object_or_404(Chunk, pk=chunk_id)
+ if not doc.book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
if request.method == 'POST':
form = forms.DocumentTextSaveForm(request.POST, user=request.user, prefix="textsave")
parent = None
stage = form.cleaned_data['stage_completed']
tags = [stage] if stage else []
+ publishable = (form.cleaned_data['publishable'] and
+ request.user.has_perm('catalogue.can_pubmark'))
doc.commit(author=author,
text=text,
parent=parent,
tags=tags,
author_name=form.cleaned_data['author_name'],
author_email=form.cleaned_data['author_email'],
+ publishable=publishable,
)
revision = doc.revision()
return JSONResponse({
form = forms.DocumentTextRevertForm(request.POST, prefix="textrevert")
if form.is_valid():
doc = get_object_or_404(Chunk, pk=chunk_id)
+ if not doc.book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
revision = form.cleaned_data['revision']
try:
base_url = ''.join((
smart_unicode(settings.MEDIA_URL),
- smart_unicode(settings.FILEBROWSER_DIRECTORY),
+ smart_unicode(settings.IMAGE_DIR),
smart_unicode(directory)))
base_dir = os.path.join(
smart_unicode(settings.MEDIA_ROOT),
- smart_unicode(settings.FILEBROWSER_DIRECTORY),
+ smart_unicode(settings.IMAGE_DIR),
smart_unicode(directory))
def map_to_url(filename):
images = [map_to_url(f) for f in map(smart_unicode, os.listdir(base_dir)) if is_image(f)]
images.sort()
+
+ if not request.user.is_authenticated():
+ return HttpResponseForbidden("Not authorized.")
+
return JSONResponse(images)
except (IndexError, OSError):
logger.exception("Unable to fetch gallery")
revB = None
doc = get_object_or_404(Chunk, pk=chunk_id)
+ if not doc.book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
+
# allow diff from the beginning
if revA:
docA = doc.at_revision(revA).materialize()
@never_cache
def revision(request, chunk_id):
doc = get_object_or_404(Chunk, pk=chunk_id)
+ if not doc.book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
return http.HttpResponse(str(doc.revision()))
def history(request, chunk_id):
# TODO: pagination
doc = get_object_or_404(Chunk, pk=chunk_id)
+ if not doc.book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
changes = []
- for change in doc.history().order_by('-created_at'):
+ for change in doc.history().reverse():
changes.append({
"version": change.revision,
"description": change.description,
"author": change.author_str(),
- "date": change.created_at,
+ "date": localize(change.created_at),
"publishable": _("Publishable") + "\n" if change.publishable else "",
"tag": ',\n'.join(unicode(tag) for tag in change.tags.all()),
})
form = forms.DocumentPubmarkForm(request.POST, prefix="pubmark")
if form.is_valid():
doc = get_object_or_404(Chunk, pk=chunk_id)
+ if not doc.book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
revision = form.cleaned_data['revision']
publishable = form.cleaned_data['publishable']
fnp / redakcja.git / blobdiff