-from datetime import datetime
+from datetime import datetime, date, timedelta
import logging
import os
from StringIO import StringIO
from django.core.urlresolvers import reverse
from django.db.models import Count, Q
from django import http
-from django.http import Http404
+from django.http import Http404, HttpResponseForbidden
from django.shortcuts import get_object_or_404, render
from django.utils.encoding import iri_to_uri
from django.utils.http import urlquote_plus
from catalogue.helpers import active_tab
from catalogue.models import Book, Chunk, BookPublishRecord, ChunkPublishRecord
from catalogue.tasks import publishable_error
-from catalogue import xml_tools
#
# Quick hack around caching problems, TODO: use ETags
@active_tab('activity')
-def activity(request):
- return render(request, 'catalogue/activity.html')
+def activity(request, isodate=None):
+ today = date.today()
+ try:
+ day = helpers.parse_isodate(isodate)
+ except ValueError:
+ day = today
+
+ if day > today:
+ raise Http404
+ if day != today:
+ next_day = day + timedelta(1)
+ prev_day = day - timedelta(1)
+
+ return render(request, 'catalogue/activity.html', locals())
@never_cache
creator=creator,
slug=form.cleaned_data['slug'],
title=form.cleaned_data['title'],
+ gallery=form.cleaned_data['gallery'],
)
- return http.HttpResponseRedirect(reverse("wiki_editor", args=[book.slug]))
+ return http.HttpResponseRedirect(reverse("catalogue_book", args=[book.slug]))
else:
form = forms.DocumentCreateForm(initial={
"slug": slug,
"title": slug.replace('-', ' ').title(),
+ "gallery": slug,
})
return direct_to_template(request, "catalogue/document_create_missing.html", extra_context={
@never_cache
def book_xml(request, slug):
- xml = get_object_or_404(Book, slug=slug).materialize()
+ book = get_object_or_404(Book, slug=slug)
+ if not book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
+ xml = book.materialize()
response = http.HttpResponse(xml, content_type='application/xml', mimetype='application/wl+xml')
response['Content-Disposition'] = 'attachment; filename=%s.xml' % slug
@never_cache
def book_txt(request, slug):
- xml = get_object_or_404(Book, slug=slug).materialize()
+ book = get_object_or_404(Book, slug=slug)
+ if not book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
+ xml = book.materialize()
output = StringIO()
# errors?
librarian.text.transform(StringIO(xml), output)
@never_cache
def book_html(request, slug):
- xml = get_object_or_404(Book, slug=slug).materialize()
+ book = get_object_or_404(Book, slug=slug)
+ if not book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
+ xml = book.materialize()
output = StringIO()
# errors?
librarian.html.transform(StringIO(xml), output, parse_dublincore=False,
response = http.HttpResponse(html, content_type='text/html', mimetype='text/html')
return response
-
@never_cache
def revision(request, slug, chunk=None):
try:
doc = Chunk.get(slug, chunk)
except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
raise Http404
+ if not doc.book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
return http.HttpResponse(str(doc.revision()))
def book(request, slug):
book = get_object_or_404(Book, slug=slug)
+ if not book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
if request.user.has_perm('catalogue.change_book'):
if request.method == "POST":
form = forms.ReadonlyBookForm(instance=book)
editable = False
- task = publishable_error.delay(book)
- publish_error = t.wait()
+ publish_error = publishable_error(book)
publishable = publish_error is None
- try:
- book.assert_publishable()
- except AssertionError, e:
- publishable = False
- publishable_error = e
- else:
- publishable = True
- publishable_error = None
-
return direct_to_template(request, "catalogue/book_detail.html", extra_context={
"book": book,
"publishable": publishable,
doc = Chunk.get(slug, chunk)
except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
raise Http404
+ if not doc.book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
if request.method == "POST":
form = forms.ChunkAddForm(request.POST, instance=doc)
doc.split(creator=creator,
slug=form.cleaned_data['slug'],
title=form.cleaned_data['title'],
+ gallery_start=form.cleaned_data['gallery_start'],
+ user=form.cleaned_data['user'],
+ stage=form.cleaned_data['stage']
)
return http.HttpResponseRedirect(doc.book.get_absolute_url())
doc = Chunk.get(slug, chunk)
except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
raise Http404
+ if not doc.book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
+
if request.method == "POST":
form = forms.ChunkForm(request.POST, instance=doc)
if form.is_valid():
else:
form = forms.ChunkForm(instance=doc)
- parts = urlsplit(request.META['HTTP_REFERER'])
- parts = ['', ''] + list(parts[2:])
- go_next = urlquote_plus(urlunsplit(parts))
+ referer = request.META.get('HTTP_REFERER')
+ if referer:
+ parts = urlsplit(referer)
+ parts = ['', ''] + list(parts[2:])
+ go_next = urlquote_plus(urlunsplit(parts))
+ else:
+ go_next = ''
return direct_to_template(request, "catalogue/chunk_edit.html", extra_context={
"chunk": doc,
@permission_required('catalogue.change_book')
def book_append(request, slug):
book = get_object_or_404(Book, slug=slug)
+ if not book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
+
if request.method == "POST":
form = forms.BookAppendForm(book, request.POST)
if form.is_valid():
@login_required
def publish(request, slug):
book = get_object_or_404(Book, slug=slug)
+ if not book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
+
try:
book.publish(request.user)
except NotAuthorizedError: