html preview fix

[redakcja.git] / apps / catalogue / views.py
diff --git a/apps/catalogue/views.py b/apps/catalogue/views.py

index b6e4c40..2ee94ae 100644 (file)
--- a/apps/catalogue/views.py
+++ b/apps/catalogue/views.py
@@ -1,4 +1,4 @@
-from datetime import datetime
+from datetime import datetime, date, timedelta
  import logging
  import os
  from StringIO import StringIO
  import logging
  import os
  from StringIO import StringIO
@@ -11,7 +11,7 @@ from django.contrib.auth.decorators import login_required, permission_required
  from django.core.urlresolvers import reverse
  from django.db.models import Count, Q
  from django import http
  from django.core.urlresolvers import reverse
  from django.db.models import Count, Q
  from django import http
-from django.http import Http404
+from django.http import Http404, HttpResponse, HttpResponseForbidden
  from django.shortcuts import get_object_or_404, render
  from django.utils.encoding import iri_to_uri
  from django.utils.http import urlquote_plus
  from django.shortcuts import get_object_or_404, render
  from django.utils.encoding import iri_to_uri
  from django.utils.http import urlquote_plus
@@ -19,16 +19,12 @@ from django.utils.translation import ugettext_lazy as _
  from django.views.decorators.http import require_POST
  from django.views.generic.simple import direct_to_template
  
  from django.views.decorators.http import require_POST
  from django.views.generic.simple import direct_to_template
  
-import librarian.html
-import librarian.text
-
  from apiclient import NotAuthorizedError
  from catalogue import forms
  from catalogue import helpers
  from catalogue.helpers import active_tab
  from catalogue.models import Book, Chunk, BookPublishRecord, ChunkPublishRecord
  from catalogue.tasks import publishable_error
  from apiclient import NotAuthorizedError
  from catalogue import forms
  from catalogue import helpers
  from catalogue.helpers import active_tab
  from catalogue.models import Book, Chunk, BookPublishRecord, ChunkPublishRecord
  from catalogue.tasks import publishable_error
-from catalogue import xml_tools
  
  #
  # Quick hack around caching problems, TODO: use ETags
  
  #
  # Quick hack around caching problems, TODO: use ETags
@@ -71,8 +67,20 @@ def users(request):
  
  
  @active_tab('activity')
  
  
  @active_tab('activity')
-def activity(request):
-    return render(request, 'catalogue/activity.html')
+def activity(request, isodate=None):
+    today = date.today()
+    try:
+        day = helpers.parse_isodate(isodate)
+    except ValueError:
+        day = today
+
+    if day > today:
+        raise Http404
+    if day != today:
+        next_day = day + timedelta(1)
+    prev_day = day - timedelta(1)
+
+    return render(request, 'catalogue/activity.html', locals())
  
  
  @never_cache
  
  
  @never_cache
@@ -101,13 +109,15 @@ def create_missing(request, slug=None):
                  creator=creator,
                  slug=form.cleaned_data['slug'],
                  title=form.cleaned_data['title'],
                  creator=creator,
                  slug=form.cleaned_data['slug'],
                  title=form.cleaned_data['title'],
+                gallery=form.cleaned_data['gallery'],
              )
  
              )
  
-            return http.HttpResponseRedirect(reverse("wiki_editor", args=[book.slug]))
+            return http.HttpResponseRedirect(reverse("catalogue_book", args=[book.slug]))
      else:
          form = forms.DocumentCreateForm(initial={
                  "slug": slug,
                  "title": slug.replace('-', ' ').title(),
      else:
          form = forms.DocumentCreateForm(initial={
                  "slug": slug,
                  "title": slug.replace('-', ' ').title(),
+                "gallery": slug,
          })
  
      return direct_to_template(request, "catalogue/document_create_missing.html", extra_context={
          })
  
      return direct_to_template(request, "catalogue/document_create_missing.html", extra_context={
@@ -185,7 +195,10 @@ def upload(request):
  
  @never_cache
  def book_xml(request, slug):
  
  @never_cache
  def book_xml(request, slug):
-    xml = get_object_or_404(Book, slug=slug).materialize()
+    book = get_object_or_404(Book, slug=slug)
+    if not book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
+    xml = book.materialize()
  
      response = http.HttpResponse(xml, content_type='application/xml', mimetype='application/wl+xml')
      response['Content-Disposition'] = 'attachment; filename=%s.xml' % slug
  
      response = http.HttpResponse(xml, content_type='application/xml', mimetype='application/wl+xml')
      response['Content-Disposition'] = 'attachment; filename=%s.xml' % slug
@@ -194,11 +207,12 @@ def book_xml(request, slug):
  
  @never_cache
  def book_txt(request, slug):
  
  @never_cache
  def book_txt(request, slug):
-    xml = get_object_or_404(Book, slug=slug).materialize()
-    output = StringIO()
-    # errors?
-    librarian.text.transform(StringIO(xml), output)
-    text = output.getvalue()
+    book = get_object_or_404(Book, slug=slug)
+    if not book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
+
+    doc = book.wldocument()
+    text = doc.as_text().get_string()
      response = http.HttpResponse(text, content_type='text/plain', mimetype='text/plain')
      response['Content-Disposition'] = 'attachment; filename=%s.txt' % slug
      return response
      response = http.HttpResponse(text, content_type='text/plain', mimetype='text/plain')
      response['Content-Disposition'] = 'attachment; filename=%s.txt' % slug
      return response
@@ -206,27 +220,63 @@ def book_txt(request, slug):
  
  @never_cache
  def book_html(request, slug):
  
  @never_cache
  def book_html(request, slug):
-    xml = get_object_or_404(Book, slug=slug).materialize()
-    output = StringIO()
-    # errors?
-    librarian.html.transform(StringIO(xml), output, parse_dublincore=False,
-                             flags=['full-page'])
-    html = output.getvalue()
+    book = get_object_or_404(Book, slug=slug)
+    if not book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
+
+    doc = book.wldocument(parse_dublincore=False)
+    html = doc.as_html(flags=['full-page'])
+    html = html.get_string() if html is not None else ''
      response = http.HttpResponse(html, content_type='text/html', mimetype='text/html')
      return response
  
  
      response = http.HttpResponse(html, content_type='text/html', mimetype='text/html')
      return response
  
  
+@never_cache
+def book_pdf(request, slug):
+    book = get_object_or_404(Book, slug=slug)
+    if not book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
+
+    # TODO: move to celery
+    doc = book.wldocument()
+    # TODO: error handling
+    pdf_file = doc.as_pdf()
+    from catalogue.ebook_utils import serve_file
+    return serve_file(pdf_file.get_filename(),
+                book.slug + '.pdf', 'application/pdf')
+
+
+@never_cache
+def book_epub(request, slug):
+    book = get_object_or_404(Book, slug=slug)
+    if not book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
+
+    # TODO: move to celery
+    doc = book.wldocument()
+    # TODO: error handling
+    epub = doc.as_epub().get_string()
+    response = HttpResponse(mimetype='application/epub+zip')
+    response['Content-Disposition'] = 'attachment; filename=%s' % book.slug + '.epub'
+    response.write(epub)
+    return response
+
+
  @never_cache
  def revision(request, slug, chunk=None):
      try:
          doc = Chunk.get(slug, chunk)
      except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
          raise Http404
  @never_cache
  def revision(request, slug, chunk=None):
      try:
          doc = Chunk.get(slug, chunk)
      except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
          raise Http404
+    if not doc.book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
      return http.HttpResponse(str(doc.revision()))
  
  
  def book(request, slug):
      book = get_object_or_404(Book, slug=slug)
      return http.HttpResponse(str(doc.revision()))
  
  
  def book(request, slug):
      book = get_object_or_404(Book, slug=slug)
+    if not book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
  
      if request.user.has_perm('catalogue.change_book'):
          if request.method == "POST":
  
      if request.user.has_perm('catalogue.change_book'):
          if request.method == "POST":
@@ -236,24 +286,14 @@ def book(request, slug):
                  return http.HttpResponseRedirect(book.get_absolute_url())
          else:
              form = forms.BookForm(instance=book)
                  return http.HttpResponseRedirect(book.get_absolute_url())
          else:
              form = forms.BookForm(instance=book)
-            editable = True
+        editable = True
      else:
          form = forms.ReadonlyBookForm(instance=book)
          editable = False
  
      else:
          form = forms.ReadonlyBookForm(instance=book)
          editable = False
  
-    task = publishable_error.delay(book)
-    publish_error = t.wait()
+    publish_error = publishable_error(book)
      publishable = publish_error is None
  
      publishable = publish_error is None
  
-    try:
-        book.assert_publishable()
-    except AssertionError, e:
-        publishable = False
-        publishable_error = e
-    else:
-        publishable = True
-        publishable_error = None
-
      return direct_to_template(request, "catalogue/book_detail.html", extra_context={
          "book": book,
          "publishable": publishable,
      return direct_to_template(request, "catalogue/book_detail.html", extra_context={
          "book": book,
          "publishable": publishable,
@@ -269,6 +309,8 @@ def chunk_add(request, slug, chunk):
          doc = Chunk.get(slug, chunk)
      except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
          raise Http404
          doc = Chunk.get(slug, chunk)
      except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
          raise Http404
+    if not doc.book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
  
      if request.method == "POST":
          form = forms.ChunkAddForm(request.POST, instance=doc)
  
      if request.method == "POST":
          form = forms.ChunkAddForm(request.POST, instance=doc)
@@ -280,6 +322,9 @@ def chunk_add(request, slug, chunk):
              doc.split(creator=creator,
                  slug=form.cleaned_data['slug'],
                  title=form.cleaned_data['title'],
              doc.split(creator=creator,
                  slug=form.cleaned_data['slug'],
                  title=form.cleaned_data['title'],
+                gallery_start=form.cleaned_data['gallery_start'],
+                user=form.cleaned_data['user'],
+                stage=form.cleaned_data['stage']
              )
  
              return http.HttpResponseRedirect(doc.book.get_absolute_url())
              )
  
              return http.HttpResponseRedirect(doc.book.get_absolute_url())
@@ -300,6 +345,9 @@ def chunk_edit(request, slug, chunk):
          doc = Chunk.get(slug, chunk)
      except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
          raise Http404
          doc = Chunk.get(slug, chunk)
      except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
          raise Http404
+    if not doc.book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
+
      if request.method == "POST":
          form = forms.ChunkForm(request.POST, instance=doc)
          if form.is_valid():
      if request.method == "POST":
          form = forms.ChunkForm(request.POST, instance=doc)
          if form.is_valid():
@@ -313,9 +361,13 @@ def chunk_edit(request, slug, chunk):
      else:
          form = forms.ChunkForm(instance=doc)
  
      else:
          form = forms.ChunkForm(instance=doc)
  
-    parts = urlsplit(request.META['HTTP_REFERER'])
-    parts = ['', ''] + list(parts[2:])
-    go_next = urlquote_plus(urlunsplit(parts))
+    referer = request.META.get('HTTP_REFERER')
+    if referer:
+        parts = urlsplit(referer)
+        parts = ['', ''] + list(parts[2:])
+        go_next = urlquote_plus(urlunsplit(parts))
+    else:
+        go_next = ''
  
      return direct_to_template(request, "catalogue/chunk_edit.html", extra_context={
          "chunk": doc,
  
      return direct_to_template(request, "catalogue/chunk_edit.html", extra_context={
          "chunk": doc,
@@ -327,6 +379,9 @@ def chunk_edit(request, slug, chunk):
  @permission_required('catalogue.change_book')
  def book_append(request, slug):
      book = get_object_or_404(Book, slug=slug)
  @permission_required('catalogue.change_book')
  def book_append(request, slug):
      book = get_object_or_404(Book, slug=slug)
+    if not book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
+
      if request.method == "POST":
          form = forms.BookAppendForm(book, request.POST)
          if form.is_valid():
      if request.method == "POST":
          form = forms.BookAppendForm(book, request.POST)
          if form.is_valid():
@@ -347,6 +402,9 @@ def book_append(request, slug):
  @login_required
  def publish(request, slug):
      book = get_object_or_404(Book, slug=slug)
  @login_required
  def publish(request, slug):
      book = get_object_or_404(Book, slug=slug)
+    if not book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
+
      try:
          book.publish(request.user)
      except NotAuthorizedError:
      try:
          book.publish(request.user)
      except NotAuthorizedError: