X-Git-Url: https://git.mdrn.pl/redakcja.git/blobdiff_plain/31006b86a2e9883d8a4c5fe18128821b325773ab..1b97de98f9d2907bedc3dc15ab24b239e895e93e:/apps/catalogue/views.py?ds=sidebyside
diff --git a/apps/catalogue/views.py b/apps/catalogue/views.py
index 1d1b36ec..86dc74db 100644
--- a/apps/catalogue/views.py
+++ b/apps/catalogue/views.py
@@ -6,22 +6,29 @@
import logging
import os
import shutil
+import subprocess
+from tempfile import NamedTemporaryFile
from django.conf import settings
from django.contrib import auth
from django.contrib.auth.models import User
from django.contrib.auth.decorators import login_required
+from django.contrib.sites.models import Site
from django.core.urlresolvers import reverse
from django import http
-from django.http import Http404
+from django.http import Http404, HttpResponse, HttpResponseForbidden
from django.shortcuts import get_object_or_404, render, redirect
from django.utils.encoding import force_str
from django.utils.http import urlquote_plus
from django.views.decorators.http import require_POST
+from unidecode import unidecode
from catalogue import forms
+from catalogue.forms import TagMultipleForm, TagSingleForm
from catalogue.helpers import active_tab
+from catalogue.models import Category
from librarian import BuildError
+from redakcja.utlis import send_notify_email
from .constants import STAGES
from .models import Document, Plan
from dvcs.models import Revision
@@ -37,12 +44,6 @@ from django.views.decorators.cache import never_cache
logger = logging.getLogger("fnp.catalogue")
-@active_tab('all')
-@never_cache
-def document_list(request):
- return render(request, 'catalogue/document_list.html')
-
-
@never_cache
def user(request, username):
user = get_object_or_404(User, username=username)
@@ -72,7 +73,11 @@ def logout_then_redirect(request):
def create_missing(request):
if request.method == "POST":
form = forms.DocumentCreateForm(request.POST, request.FILES)
- if form.is_valid():
+ tag_forms = [
+ (TagMultipleForm if category.multiple else TagSingleForm)(
+ category=category, data=request.POST, prefix=category.dc_tag)
+ for category in Category.objects.all()]
+ if form.is_valid() and all(tag_form.is_valid() for tag_form in tag_forms):
if request.user.is_authenticated():
creator = request.user
@@ -89,13 +94,19 @@ def create_missing(request):
doc = Document.objects.create(**kwargs)
+ for tag_form in tag_forms:
+ tag_form.save(instance=doc)
+
cover = request.FILES.get('cover')
if cover:
uppath = 'uploads/%d/' % doc.pk
path = settings.MEDIA_ROOT + uppath
if not os.path.isdir(path):
os.makedirs(path)
- dest_path = path + cover.name # UNSAFE
+ cover.name = unidecode(cover.name)
+ dest_path = path + cover.name
+ if not os.path.abspath(dest_path).startswith(os.path.abspath(path)):
+ raise Http404
with open(dest_path, 'w') as destination:
for chunk in cover.chunks():
destination.write(chunk)
@@ -108,9 +119,7 @@ def create_missing(request):
''' + form.cleaned_data['publisher'] + '''
''' + form.cleaned_data['description'] + '''
- ''' + form.cleaned_data['language'] + '''
- ''' + form.cleaned_data['rights'] + '''
- ''' + form.cleaned_data['audience'] + '''
+ ''' + '\n'.join(tag_form.metadata_rows() for tag_form in tag_forms) + '''
''' + cover_url + '''
@@ -139,8 +148,14 @@ def create_missing(request):
form = forms.DocumentCreateForm(initial={'owner_organization': org})
+ tag_forms = [
+ (TagMultipleForm if category.multiple else TagSingleForm)(
+ category=category, tutorial_no=i, prefix=category.dc_tag)
+ for i, category in enumerate(Category.objects.all(), start=2)]
+
return render(request, "catalogue/document_create_missing.html", {
"form": form,
+ "tag_forms": tag_forms,
"logout_to": '/',
})
@@ -173,9 +188,13 @@ def book_html(request, pk, rev_pk=None, preview=False):
was_published = revision == published_revision or doc.publish_log.filter(revision=revision).exists()
- sst = SST.from_string(revision.materialize())
- html = HtmlFormat(sst).build(
- files_path='http://%s/media/dynamic/uploads/%s/' % (request.get_host(), pk)).get_string()
+ try:
+ sst = SST.from_string(revision.materialize())
+ except ValueError as e:
+ html = e
+ else:
+ html = HtmlFormat(sst).build(
+ files_path='http://%s/media/dynamic/uploads/%s/' % (request.get_host(), pk)).get_string()
# response = http.HttpResponse(html, content_type='text/html', mimetype='text/html')
# return response
@@ -208,7 +227,10 @@ def book_pdf(request, pk, rev_pk):
rev = get_object_or_404(Revision, pk=rev_pk)
# Test
- sst = SST.from_string(rev.materialize())
+ try:
+ sst = SST.from_string(rev.materialize())
+ except ValueError as e:
+ return HttpResponse(content=force_str(e.message), content_type='text/plain', status='400')
ctx = Context(
files_path='http://%s/media/dynamic/uploads/%s/' % (request.get_host(), pk),
@@ -216,7 +238,10 @@ def book_pdf(request, pk, rev_pk):
)
if doc.owner_organization is not None and doc.owner_organization.logo:
ctx.cover_logo = 'http://%s%s' % (request.get_host(), doc.owner_organization.logo.url)
- pdf_file = PdfFormat(sst).build(ctx)
+ try:
+ pdf_file = PdfFormat(sst).build(ctx)
+ except BuildError as e:
+ return HttpResponse(content=force_str(e.message), content_type='text/plain', status='400')
from catalogue.ebook_utils import serve_file
return serve_file(pdf_file.get_filename(), '%d.pdf' % doc.pk, 'application/pdf')
@@ -232,7 +257,10 @@ def book_epub(request, pk, rev_pk):
rev = get_object_or_404(Revision, pk=rev_pk)
# Test
- sst = SST.from_string(rev.materialize())
+ try:
+ sst = SST.from_string(rev.materialize())
+ except ValueError as e:
+ return HttpResponse(content=force_str(e.message), content_type='text/plain', status='400')
ctx = Context(
files_path='http://%s/media/dynamic/uploads/%s/' % (request.get_host(), pk),
@@ -243,13 +271,46 @@ def book_epub(request, pk, rev_pk):
try:
epub_file = EpubFormat(sst).build(ctx)
except BuildError as e:
- from django.http import HttpResponse
return HttpResponse(content=force_str(e.message), content_type='text/plain', status='400')
from catalogue.ebook_utils import serve_file
return serve_file(epub_file.get_filename(), '%d.epub' % doc.pk, 'application/epub+zip')
+@never_cache
+def book_mobi(request, pk, rev_pk):
+ from librarian.utils import Context
+ from librarian.document import Document as SST
+ from librarian.formats.epub import EpubFormat
+
+ doc = get_object_or_404(Document, pk=pk)
+ rev = get_object_or_404(Revision, pk=rev_pk)
+
+ try:
+ sst = SST.from_string(rev.materialize())
+ except ValueError as e:
+ return HttpResponse(content=force_str(e.message), content_type='text/plain', status='400')
+
+ ctx = Context(
+ files_path='http://%s/media/dynamic/uploads/%s/' % (request.get_host(), pk),
+ source_url='http://%s%s' % (request.get_host(), reverse('catalogue_html', args=[doc.pk])),
+ )
+ if doc.owner_organization is not None and doc.owner_organization.logo:
+ ctx.cover_logo = 'http://%s%s' % (request.get_host(), doc.owner_organization.logo.url)
+ try:
+ epub_file = EpubFormat(sst).build(ctx)
+ except BuildError as e:
+ return HttpResponse(content=force_str(e.message), content_type='text/plain', status='400')
+
+ output_file = NamedTemporaryFile(prefix='librarian', suffix='.mobi', delete=False)
+ output_file.close()
+ subprocess.check_call(
+ ['ebook-convert', epub_file.get_filename(), output_file.name, '--no-inline-toc'])
+
+ from catalogue.ebook_utils import serve_file
+ return serve_file(output_file.name, '%d.mobi' % doc.pk, 'application/epub+zip')
+
+
# @never_cache
# def revision(request, slug, chunk=None):
# try:
@@ -264,9 +325,11 @@ def book_epub(request, pk, rev_pk):
@login_required
def book_schedule(request, pk):
book = get_object_or_404(Document, pk=pk, deleted=False)
+ if not book.can_edit(request.user):
+ return HttpResponseForbidden("Not authorized.")
if request.method == 'POST':
Plan.objects.filter(document=book).delete()
- for i, s in enumerate(STAGES):
+ for i, (s, name) in enumerate(STAGES):
user_id = request.POST.get('s%d-user' % i)
deadline = request.POST.get('s%d-deadline' % i) or None
Plan.objects.create(document=book, stage=s, user_id=user_id, deadline=deadline)
@@ -278,7 +341,7 @@ def book_schedule(request, pk):
for p in Plan.objects.filter(document=book):
current[p.stage] = (getattr(p.user, 'pk', None), (p.deadline.isoformat() if p.deadline else None))
- schedule = [(i, s, current.get(s, ())) for (i, s) in enumerate(STAGES)]
+ schedule = [(i, s, current.get(s, ())) for i, (s, name) in enumerate(STAGES)]
if book.owner_organization:
people = [m.user for m in book.owner_organization.membership_set.exclude(status='pending')]
@@ -294,9 +357,8 @@ def book_schedule(request, pk):
@login_required
def book_owner(request, pk):
doc = get_object_or_404(Document, pk=pk, deleted=False)
- user_is_owner = doc.owner_organization and doc.owner_organization.is_member(request.user)
- if not (doc.owner_user == request.user or user_is_owner):
- raise Http404
+ if not doc.can_edit(request.user):
+ return HttpResponseForbidden("Not authorized.")
error = ''
@@ -327,8 +389,8 @@ def book_owner(request, pk):
@login_required
def book_delete(request, pk):
doc = get_object_or_404(Document, pk=pk, deleted=False)
- if not (doc.owner_user == request.user or doc.owner_organization.is_member(request.user)):
- raise Http404
+ if not doc.can_edit(request.user):
+ return HttpResponseForbidden("Not authorized.")
if request.method == 'POST':
doc.deleted = True
@@ -347,16 +409,26 @@ def publish(request, pk):
from .models import PublishRecord
from dvcs.models import Revision
- # FIXME: check permissions
-
doc = get_object_or_404(Document, pk=pk, deleted=False)
+ if not doc.can_edit(request.user):
+ return HttpResponseForbidden("Not authorized.")
form = forms.DocumentTextPublishForm(request.POST, prefix="textpublish")
if form.is_valid():
rev = Revision.objects.get(pk=form.cleaned_data['revision'])
# FIXME: check if in tree
# if PublishRecord.objects.filter(revision=rev, document=doc).exists():
# return http.HttpResponse('exists')
+ if not doc.published:
+ site = Site.objects.get_current()
+ send_notify_email(
+ 'New published document in MIL/PEER',
+ '''New published document in MIL/PEER: %s. View it in browser: https://%s%s.
+
+--
+MIL/PEER team.''' % (doc.meta()['title'], site.domain, reverse('catalogue_html', args=[doc.pk])))
PublishRecord.objects.create(revision=rev, document=doc, user=request.user)
+ doc.published = True
+ doc.save()
if request.is_ajax():
return http.HttpResponse('ok')
else:
@@ -374,9 +446,10 @@ def publish(request, pk):
@require_POST
@login_required
def unpublish(request, pk):
- # FIXME: check permissions
-
doc = get_object_or_404(Document, pk=pk, deleted=False)
+ if not doc.can_edit(request.user):
+ return HttpResponseForbidden("Not authorized.")
+
doc.publish_log.all().delete()
if request.is_ajax():
return http.HttpResponse('ok')