from django.core.urlresolvers import reverse
from django.db.models import Count, Q
from django import http
from django.core.urlresolvers import reverse
from django.db.models import Count, Q
from django import http
from django.shortcuts import get_object_or_404, render
from django.utils.encoding import iri_to_uri
from django.utils.http import urlquote_plus
from django.shortcuts import get_object_or_404, render
from django.utils.encoding import iri_to_uri
from django.utils.http import urlquote_plus
from catalogue.helpers import active_tab
from catalogue.models import Book, Chunk, BookPublishRecord, ChunkPublishRecord
from catalogue.tasks import publishable_error
from catalogue.helpers import active_tab
from catalogue.models import Book, Chunk, BookPublishRecord, ChunkPublishRecord
from catalogue.tasks import publishable_error
creator=creator,
slug=form.cleaned_data['slug'],
title=form.cleaned_data['title'],
creator=creator,
slug=form.cleaned_data['slug'],
title=form.cleaned_data['title'],
else:
form = forms.DocumentCreateForm(initial={
"slug": slug,
"title": slug.replace('-', ' ').title(),
else:
form = forms.DocumentCreateForm(initial={
"slug": slug,
"title": slug.replace('-', ' ').title(),
- xml = get_object_or_404(Book, slug=slug).materialize()
+ book = get_object_or_404(Book, slug=slug)
+ if not book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
+ xml = book.materialize()
response = http.HttpResponse(xml, content_type='application/xml', mimetype='application/wl+xml')
response['Content-Disposition'] = 'attachment; filename=%s.xml' % slug
response = http.HttpResponse(xml, content_type='application/xml', mimetype='application/wl+xml')
response['Content-Disposition'] = 'attachment; filename=%s.xml' % slug
- xml = get_object_or_404(Book, slug=slug).materialize()
+ book = get_object_or_404(Book, slug=slug)
+ if not book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
+ xml = book.materialize()
- xml = get_object_or_404(Book, slug=slug).materialize()
+ book = get_object_or_404(Book, slug=slug)
+ if not book.accessible(request):
+ return HttpResponseForbidden("Not authorized.")
+ xml = book.materialize()
output = StringIO()
# errors?
librarian.html.transform(StringIO(xml), output, parse_dublincore=False,
output = StringIO()
# errors?
librarian.html.transform(StringIO(xml), output, parse_dublincore=False,
@never_cache
def revision(request, slug, chunk=None):
try:
doc = Chunk.get(slug, chunk)
except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
raise Http404
@never_cache
def revision(request, slug, chunk=None):
try:
doc = Chunk.get(slug, chunk)
except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
raise Http404
return http.HttpResponse(str(doc.revision()))
def book(request, slug):
book = get_object_or_404(Book, slug=slug)
return http.HttpResponse(str(doc.revision()))
def book(request, slug):
book = get_object_or_404(Book, slug=slug)
return direct_to_template(request, "catalogue/book_detail.html", extra_context={
"book": book,
"publishable": publishable,
return direct_to_template(request, "catalogue/book_detail.html", extra_context={
"book": book,
"publishable": publishable,
doc = Chunk.get(slug, chunk)
except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
raise Http404
doc = Chunk.get(slug, chunk)
except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
raise Http404
if request.method == "POST":
form = forms.ChunkAddForm(request.POST, instance=doc)
if request.method == "POST":
form = forms.ChunkAddForm(request.POST, instance=doc)
doc = Chunk.get(slug, chunk)
except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
raise Http404
doc = Chunk.get(slug, chunk)
except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
raise Http404
if request.method == "POST":
form = forms.ChunkForm(request.POST, instance=doc)
if form.is_valid():
if request.method == "POST":
form = forms.ChunkForm(request.POST, instance=doc)
if form.is_valid():
@permission_required('catalogue.change_book')
def book_append(request, slug):
book = get_object_or_404(Book, slug=slug)
@permission_required('catalogue.change_book')
def book_append(request, slug):
book = get_object_or_404(Book, slug=slug)
if request.method == "POST":
form = forms.BookAppendForm(book, request.POST)
if form.is_valid():
if request.method == "POST":
form = forms.BookAppendForm(book, request.POST)
if form.is_valid():
@login_required
def publish(request, slug):
book = get_object_or_404(Book, slug=slug)
@login_required
def publish(request, slug):
book = get_object_or_404(Book, slug=slug)