fixes #2525: nofollow for preview links
[redakcja.git] / apps / catalogue / views.py
index 72cf63d..74036f0 100644 (file)
@@ -1,4 +1,4 @@
-from datetime import datetime
+from datetime import datetime, date, timedelta
 import logging
 import os
 from StringIO import StringIO
 import logging
 import os
 from StringIO import StringIO
@@ -10,24 +10,22 @@ from django.contrib.auth.models import User
 from django.contrib.auth.decorators import login_required, permission_required
 from django.core.urlresolvers import reverse
 from django.db.models import Count, Q
 from django.contrib.auth.decorators import login_required, permission_required
 from django.core.urlresolvers import reverse
 from django.db.models import Count, Q
+from django.db import transaction
 from django import http
 from django import http
-from django.http import Http404
-from django.shortcuts import get_object_or_404, render
+from django.http import Http404, HttpResponse, HttpResponseForbidden
+from django.shortcuts import get_object_or_404, render, render_to_response
 from django.utils.encoding import iri_to_uri
 from django.utils.http import urlquote_plus
 from django.utils.translation import ugettext_lazy as _
 from django.views.decorators.http import require_POST
 from django.views.generic.simple import direct_to_template
 from django.utils.encoding import iri_to_uri
 from django.utils.http import urlquote_plus
 from django.utils.translation import ugettext_lazy as _
 from django.views.decorators.http import require_POST
 from django.views.generic.simple import direct_to_template
-
-import librarian.html
-import librarian.text
+from django.template import RequestContext
 
 from apiclient import NotAuthorizedError
 from catalogue import forms
 from catalogue import helpers
 from catalogue.helpers import active_tab
 from catalogue.models import Book, Chunk, BookPublishRecord, ChunkPublishRecord
 
 from apiclient import NotAuthorizedError
 from catalogue import forms
 from catalogue import helpers
 from catalogue.helpers import active_tab
 from catalogue.models import Book, Chunk, BookPublishRecord, ChunkPublishRecord
-from catalogue import xml_tools
 
 #
 # Quick hack around caching problems, TODO: use ETags
 
 #
 # Quick hack around caching problems, TODO: use ETags
@@ -70,8 +68,20 @@ def users(request):
 
 
 @active_tab('activity')
 
 
 @active_tab('activity')
-def activity(request):
-    return render(request, 'catalogue/activity.html')
+def activity(request, isodate=None):
+    today = date.today()
+    try:
+        day = helpers.parse_isodate(isodate)
+    except ValueError:
+        day = today
+
+    if day > today:
+        raise Http404
+    if day != today:
+        next_day = day + timedelta(1)
+    prev_day = day - timedelta(1)
+
+    return render(request, 'catalogue/activity.html', locals())
 
 
 @never_cache
 
 
 @never_cache
@@ -100,13 +110,15 @@ def create_missing(request, slug=None):
                 creator=creator,
                 slug=form.cleaned_data['slug'],
                 title=form.cleaned_data['title'],
                 creator=creator,
                 slug=form.cleaned_data['slug'],
                 title=form.cleaned_data['title'],
+                gallery=form.cleaned_data['gallery'],
             )
 
             )
 
-            return http.HttpResponseRedirect(reverse("wiki_editor", args=[book.slug]))
+            return http.HttpResponseRedirect(reverse("catalogue_book", args=[book.slug]))
     else:
         form = forms.DocumentCreateForm(initial={
                 "slug": slug,
                 "title": slug.replace('-', ' ').title(),
     else:
         form = forms.DocumentCreateForm(initial={
                 "slug": slug,
                 "title": slug.replace('-', ' ').title(),
+                "gallery": slug,
         })
 
     return direct_to_template(request, "catalogue/document_create_missing.html", extra_context={
         })
 
     return direct_to_template(request, "catalogue/document_create_missing.html", extra_context={
@@ -184,7 +196,10 @@ def upload(request):
 
 @never_cache
 def book_xml(request, slug):
 
 @never_cache
 def book_xml(request, slug):
-    xml = get_object_or_404(Book, slug=slug).materialize()
+    book = get_object_or_404(Book, slug=slug)
+    if not book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
+    xml = book.materialize()
 
     response = http.HttpResponse(xml, content_type='application/xml', mimetype='application/wl+xml')
     response['Content-Disposition'] = 'attachment; filename=%s.xml' % slug
 
     response = http.HttpResponse(xml, content_type='application/xml', mimetype='application/wl+xml')
     response['Content-Disposition'] = 'attachment; filename=%s.xml' % slug
@@ -193,11 +208,12 @@ def book_xml(request, slug):
 
 @never_cache
 def book_txt(request, slug):
 
 @never_cache
 def book_txt(request, slug):
-    xml = get_object_or_404(Book, slug=slug).materialize()
-    output = StringIO()
-    # errors?
-    librarian.text.transform(StringIO(xml), output)
-    text = output.getvalue()
+    book = get_object_or_404(Book, slug=slug)
+    if not book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
+
+    doc = book.wldocument()
+    text = doc.as_text().get_string()
     response = http.HttpResponse(text, content_type='text/plain', mimetype='text/plain')
     response['Content-Disposition'] = 'attachment; filename=%s.txt' % slug
     return response
     response = http.HttpResponse(text, content_type='text/plain', mimetype='text/plain')
     response['Content-Disposition'] = 'attachment; filename=%s.txt' % slug
     return response
@@ -205,13 +221,55 @@ def book_txt(request, slug):
 
 @never_cache
 def book_html(request, slug):
 
 @never_cache
 def book_html(request, slug):
-    xml = get_object_or_404(Book, slug=slug).materialize()
-    output = StringIO()
-    # errors?
-    librarian.html.transform(StringIO(xml), output, parse_dublincore=False,
-                             flags=['full-page'])
-    html = output.getvalue()
-    response = http.HttpResponse(html, content_type='text/html', mimetype='text/html')
+    book = get_object_or_404(Book, slug=slug)
+    if not book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
+
+    doc = book.wldocument(parse_dublincore=False)
+    html = doc.as_html()
+
+    html = html.get_string() if html is not None else ''
+    # response = http.HttpResponse(html, content_type='text/html', mimetype='text/html')
+    # return response
+    # book_themes = {}
+    # for fragment in book.fragments.all().iterator():
+    #     for theme in fragment.tags.filter(category='theme').iterator():
+    #         book_themes.setdefault(theme, []).append(fragment)
+
+    # book_themes = book_themes.items()
+    # book_themes.sort(key=lambda s: s[0].sort_key)
+    return render_to_response('catalogue/book_text.html', locals(),
+        context_instance=RequestContext(request))
+
+
+@never_cache
+def book_pdf(request, slug):
+    book = get_object_or_404(Book, slug=slug)
+    if not book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
+
+    # TODO: move to celery
+    doc = book.wldocument()
+    # TODO: error handling
+    pdf_file = doc.as_pdf()
+    from catalogue.ebook_utils import serve_file
+    return serve_file(pdf_file.get_filename(),
+                book.slug + '.pdf', 'application/pdf')
+
+
+@never_cache
+def book_epub(request, slug):
+    book = get_object_or_404(Book, slug=slug)
+    if not book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
+
+    # TODO: move to celery
+    doc = book.wldocument()
+    # TODO: error handling
+    epub = doc.as_epub().get_string()
+    response = HttpResponse(mimetype='application/epub+zip')
+    response['Content-Disposition'] = 'attachment; filename=%s' % book.slug + '.epub'
+    response.write(epub)
     return response
 
 
     return response
 
 
@@ -221,11 +279,15 @@ def revision(request, slug, chunk=None):
         doc = Chunk.get(slug, chunk)
     except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
         raise Http404
         doc = Chunk.get(slug, chunk)
     except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
         raise Http404
+    if not doc.book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
     return http.HttpResponse(str(doc.revision()))
 
 
 def book(request, slug):
     book = get_object_or_404(Book, slug=slug)
     return http.HttpResponse(str(doc.revision()))
 
 
 def book(request, slug):
     book = get_object_or_404(Book, slug=slug)
+    if not book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
 
     if request.user.has_perm('catalogue.change_book'):
         if request.method == "POST":
 
     if request.user.has_perm('catalogue.change_book'):
         if request.method == "POST":
@@ -235,25 +297,18 @@ def book(request, slug):
                 return http.HttpResponseRedirect(book.get_absolute_url())
         else:
             form = forms.BookForm(instance=book)
                 return http.HttpResponseRedirect(book.get_absolute_url())
         else:
             form = forms.BookForm(instance=book)
-            editable = True
+        editable = True
     else:
         form = forms.ReadonlyBookForm(instance=book)
         editable = False
 
     else:
         form = forms.ReadonlyBookForm(instance=book)
         editable = False
 
-
-    try:
-        book.assert_publishable()
-    except AssertionError, e:
-        publishable = False
-        publishable_error = e
-    else:
-        publishable = True
-        publishable_error = None
+    publish_error = book.publishable_error()
+    publishable = publish_error is None
 
     return direct_to_template(request, "catalogue/book_detail.html", extra_context={
         "book": book,
         "publishable": publishable,
 
     return direct_to_template(request, "catalogue/book_detail.html", extra_context={
         "book": book,
         "publishable": publishable,
-        "publishable_error": publishable_error,
+        "publishable_error": publish_error,
         "form": form,
         "editable": editable,
     })
         "form": form,
         "editable": editable,
     })
@@ -265,6 +320,8 @@ def chunk_add(request, slug, chunk):
         doc = Chunk.get(slug, chunk)
     except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
         raise Http404
         doc = Chunk.get(slug, chunk)
     except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
         raise Http404
+    if not doc.book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
 
     if request.method == "POST":
         form = forms.ChunkAddForm(request.POST, instance=doc)
 
     if request.method == "POST":
         form = forms.ChunkAddForm(request.POST, instance=doc)
@@ -276,6 +333,9 @@ def chunk_add(request, slug, chunk):
             doc.split(creator=creator,
                 slug=form.cleaned_data['slug'],
                 title=form.cleaned_data['title'],
             doc.split(creator=creator,
                 slug=form.cleaned_data['slug'],
                 title=form.cleaned_data['title'],
+                gallery_start=form.cleaned_data['gallery_start'],
+                user=form.cleaned_data['user'],
+                stage=form.cleaned_data['stage']
             )
 
             return http.HttpResponseRedirect(doc.book.get_absolute_url())
             )
 
             return http.HttpResponseRedirect(doc.book.get_absolute_url())
@@ -296,6 +356,9 @@ def chunk_edit(request, slug, chunk):
         doc = Chunk.get(slug, chunk)
     except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
         raise Http404
         doc = Chunk.get(slug, chunk)
     except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist):
         raise Http404
+    if not doc.book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
+
     if request.method == "POST":
         form = forms.ChunkForm(request.POST, instance=doc)
         if form.is_valid():
     if request.method == "POST":
         form = forms.ChunkForm(request.POST, instance=doc)
         if form.is_valid():
@@ -309,9 +372,13 @@ def chunk_edit(request, slug, chunk):
     else:
         form = forms.ChunkForm(instance=doc)
 
     else:
         form = forms.ChunkForm(instance=doc)
 
-    parts = urlsplit(request.META['HTTP_REFERER'])
-    parts = ['', ''] + list(parts[2:])
-    go_next = urlquote_plus(urlunsplit(parts))
+    referer = request.META.get('HTTP_REFERER')
+    if referer:
+        parts = urlsplit(referer)
+        parts = ['', ''] + list(parts[2:])
+        go_next = urlquote_plus(urlunsplit(parts))
+    else:
+        go_next = ''
 
     return direct_to_template(request, "catalogue/chunk_edit.html", extra_context={
         "chunk": doc,
 
     return direct_to_template(request, "catalogue/chunk_edit.html", extra_context={
         "chunk": doc,
@@ -320,9 +387,60 @@ def chunk_edit(request, slug, chunk):
     })
 
 
     })
 
 
+@transaction.commit_on_success
+def chunk_mass_edit(request):
+    if request.method == 'POST':
+        ids = map(int, filter(lambda i: i.strip()!='', request.POST.get('ids').split(',')))
+        chunks = map(lambda i: Chunk.objects.get(id=i), ids)
+        
+        stage = request.POST.get('stage')
+        if stage:
+            try:
+                stage = Chunk.tag_model.objects.get(slug=stage)
+            except Chunk.DoesNotExist, e:
+                stage = None
+           
+            for c in chunks: c.stage = stage
+
+        username = request.POST.get('user')
+        logger.info("username: %s" % username)
+        logger.info(request.POST)
+        if username:
+            try:
+                user = User.objects.get(username=username)
+            except User.DoesNotExist, e:
+                user = None
+                
+            for c in chunks: c.user = user
+
+        status = request.POST.get('status')
+        if status:
+            books_affected = set()
+            for c in chunks:
+                if status == 'publish':
+                    c.head.publishable = True
+                    c.head.save()
+                elif status == 'unpublish':
+                    c.head.publishable = False
+                    c.head.save()
+                c.touch()  # cache
+                books_affected.add(c.book)
+            for b in books_affected:
+                b.touch()  # cache
+
+        for c in chunks: c.save()
+
+        return HttpResponse("", content_type="text/plain")
+    else:
+        raise Http404
+
+
 @permission_required('catalogue.change_book')
 def book_append(request, slug):
     book = get_object_or_404(Book, slug=slug)
 @permission_required('catalogue.change_book')
 def book_append(request, slug):
     book = get_object_or_404(Book, slug=slug)
+    if not book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
+
     if request.method == "POST":
         form = forms.BookAppendForm(book, request.POST)
         if form.is_valid():
     if request.method == "POST":
         form = forms.BookAppendForm(book, request.POST)
         if form.is_valid():
@@ -343,6 +461,9 @@ def book_append(request, slug):
 @login_required
 def publish(request, slug):
     book = get_object_or_404(Book, slug=slug)
 @login_required
 def publish(request, slug):
     book = get_object_or_404(Book, slug=slug)
+    if not book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
+
     try:
         book.publish(request.user)
     except NotAuthorizedError:
     try:
         book.publish(request.user)
     except NotAuthorizedError: