X-Git-Url: https://git.mdrn.pl/redakcja.git/blobdiff_plain/4e7aaa55651ce32fed3e729ff6b8da680a30fd36..15e6c9027a47700418d9b80bdfac488529f09e4d:/apps/catalogue/views.py diff --git a/apps/catalogue/views.py b/apps/catalogue/views.py index 1021c878..0e7dff35 100644 --- a/apps/catalogue/views.py +++ b/apps/catalogue/views.py @@ -8,6 +8,7 @@ import os import shutil import subprocess from tempfile import NamedTemporaryFile +from xml.sax.saxutils import escape as escape_xml from django.conf import settings from django.contrib import auth @@ -21,13 +22,20 @@ from django.shortcuts import get_object_or_404, render, redirect from django.utils.encoding import force_str from django.utils.http import urlquote_plus from django.views.decorators.http import require_POST +from unidecode import unidecode from catalogue import forms +from catalogue.filters import DocumentFilterSet from catalogue.forms import TagMultipleForm, TagSingleForm from catalogue.helpers import active_tab from catalogue.models import Category from librarian import BuildError -from redakcja.utlis import send_notify_email +from librarian.utils import Context +from librarian.document import Document as SST +from librarian.formats.html import HtmlFormat +from librarian.formats.pdf import PdfFormat +from librarian.formats.epub import EpubFormat +from redakcja.utils import send_notify_email from .constants import STAGES from .models import Document, Plan from dvcs.models import Revision @@ -72,11 +80,11 @@ def logout_then_redirect(request): def create_missing(request): if request.method == "POST": form = forms.DocumentCreateForm(request.POST, request.FILES) - # tag_forms = [ - # (TagMultipleForm if category.multiple else TagSingleForm)( - # category=category, data=request.POST, prefix=category.dc_tag) - # for category in Category.objects.all()] - if form.is_valid(): # and all(tag_form.is_valid() for tag_form in tag_forms): + tag_forms = [ + (TagMultipleForm if category.multiple else TagSingleForm)( + category=category, data=request.POST, prefix=category.dc_tag) + for category in Category.objects.all()] + if form.is_valid() and all(tag_form.is_valid() for tag_form in tag_forms): if request.user.is_authenticated(): creator = request.user @@ -93,13 +101,19 @@ def create_missing(request): doc = Document.objects.create(**kwargs) + for tag_form in tag_forms: + tag_form.save(instance=doc) + cover = request.FILES.get('cover') if cover: uppath = 'uploads/%d/' % doc.pk path = settings.MEDIA_ROOT + uppath if not os.path.isdir(path): os.makedirs(path) - dest_path = path + cover.name # UNSAFE + cover.name = unidecode(cover.name) + dest_path = path + cover.name + if not os.path.abspath(dest_path).startswith(os.path.abspath(path)): + raise Http404 with open(dest_path, 'w') as destination: for chunk in cover.chunks(): destination.write(chunk) @@ -107,19 +121,24 @@ def create_missing(request): else: cover_url = '' - doc.commit( - text='''
+ text = '''
- ''' + form.cleaned_data['publisher'] + ''' - ''' + form.cleaned_data['description'] + ''' - ''' + form.cleaned_data['language'] + ''' - ''' + form.cleaned_data['rights'] + ''' - ''' + form.cleaned_data['audience'] + ''' - ''' + cover_url + ''' + %s + %s + %s + %s -
''' + title + '''
+
%s
-
''', +
''' % ( + escape_xml(form.cleaned_data['publisher']), + escape_xml(form.cleaned_data['description']), + '\n'.join(tag_form.metadata_rows() for tag_form in tag_forms), + escape_xml(cover_url), + escape_xml(title)) + + doc.commit( + text=text, author=creator ) doc.assigned_to = request.user @@ -143,13 +162,14 @@ def create_missing(request): form = forms.DocumentCreateForm(initial={'owner_organization': org}) - # tag_forms = [ - # (TagMultipleForm if category.multiple else TagSingleForm)(category=category, prefix=category.dc_tag) - # for category in Category.objects.all()] + tag_forms = [ + (TagMultipleForm if category.multiple else TagSingleForm)( + category=category, tutorial_no=i, prefix=category.dc_tag) + for i, category in enumerate(Category.objects.all(), start=2)] return render(request, "catalogue/document_create_missing.html", { "form": form, - # "tag_forms": tag_forms, + "tag_forms": tag_forms, "logout_to": '/', }) @@ -157,9 +177,6 @@ def create_missing(request): @never_cache def book_html(request, pk, rev_pk=None, preview=False): - from librarian.document import Document as SST - from librarian.formats.html import HtmlFormat - doc = get_object_or_404(Document, pk=pk, deleted=False) try: @@ -213,10 +230,6 @@ def book_html(request, pk, rev_pk=None, preview=False): @never_cache def book_pdf(request, pk, rev_pk): - from librarian.utils import Context - from librarian.document import Document as SST - from librarian.formats.pdf import PdfFormat - doc = get_object_or_404(Document, pk=pk) rev = get_object_or_404(Revision, pk=rev_pk) # Test @@ -229,6 +242,7 @@ def book_pdf(request, pk, rev_pk): ctx = Context( files_path='http://%s/media/dynamic/uploads/%s/' % (request.get_host(), pk), source_url='http://%s%s' % (request.get_host(), reverse('catalogue_html', args=[doc.pk])), + organization=doc.owner_organization.name if doc.owner_organization else doc.owner_user.get_full_name(), ) if doc.owner_organization is not None and doc.owner_organization.logo: ctx.cover_logo = 'http://%s%s' % (request.get_host(), doc.owner_organization.logo.url) @@ -243,10 +257,6 @@ def book_pdf(request, pk, rev_pk): @never_cache def book_epub(request, pk, rev_pk): - from librarian.utils import Context - from librarian.document import Document as SST - from librarian.formats.epub import EpubFormat - doc = get_object_or_404(Document, pk=pk) rev = get_object_or_404(Revision, pk=rev_pk) # Test @@ -273,10 +283,6 @@ def book_epub(request, pk, rev_pk): @never_cache def book_mobi(request, pk, rev_pk): - from librarian.utils import Context - from librarian.document import Document as SST - from librarian.formats.epub import EpubFormat - doc = get_object_or_404(Document, pk=pk) rev = get_object_or_404(Revision, pk=rev_pk) @@ -353,9 +359,6 @@ def book_owner(request, pk): doc = get_object_or_404(Document, pk=pk, deleted=False) if not doc.can_edit(request.user): return HttpResponseForbidden("Not authorized.") - user_is_owner = doc.owner_organization and doc.owner_organization.is_member(request.user) - if not (doc.owner_user == request.user or user_is_owner): - raise Http404 error = '' @@ -507,12 +510,16 @@ def fork(request, pk): def upcoming(request): + f = DocumentFilterSet(request.GET, queryset=Document.objects.filter(deleted=False).filter(publish_log=None)) return render(request, "catalogue/upcoming.html", { - 'objects_list': Document.objects.filter(deleted=False).filter(publish_log=None), + 'filter_set': f, + 'link_url': 'catalogue_preview', }) def finished(request): + f = DocumentFilterSet(request.GET, queryset=Document.objects.filter(deleted=False).exclude(publish_log=None)) return render(request, "catalogue/finished.html", { - 'objects_list': Document.objects.filter(deleted=False).exclude(publish_log=None), + 'filter_set': f, + 'link_url': 'catalogue_html', })