X-Git-Url: https://git.mdrn.pl/redakcja.git/blobdiff_plain/4fbd1c359e6f2b8b15536179021a6cb0bc3e390c..1b97de98f9d2907bedc3dc15ab24b239e895e93e:/apps/catalogue/views.py?ds=sidebyside

diff --git a/apps/catalogue/views.py b/apps/catalogue/views.py
index 2e82dfa3..86dc74db 100644
--- a/apps/catalogue/views.py
+++ b/apps/catalogue/views.py
@@ -21,6 +21,7 @@ from django.shortcuts import get_object_or_404, render, redirect
 from django.utils.encoding import force_str
 from django.utils.http import urlquote_plus
 from django.views.decorators.http import require_POST
+from unidecode import unidecode
 
 from catalogue import forms
 from catalogue.forms import TagMultipleForm, TagSingleForm
@@ -72,11 +73,11 @@ def logout_then_redirect(request):
 def create_missing(request):
     if request.method == "POST":
         form = forms.DocumentCreateForm(request.POST, request.FILES)
-        # tag_forms = [
-        #     (TagMultipleForm if category.multiple else TagSingleForm)(
-        #         category=category, data=request.POST, prefix=category.dc_tag)
-        #     for category in Category.objects.all()]
-        if form.is_valid():  # and all(tag_form.is_valid() for tag_form in tag_forms):
+        tag_forms = [
+            (TagMultipleForm if category.multiple else TagSingleForm)(
+                category=category, data=request.POST, prefix=category.dc_tag)
+            for category in Category.objects.all()]
+        if form.is_valid() and all(tag_form.is_valid() for tag_form in tag_forms):
             
             if request.user.is_authenticated():
                 creator = request.user
@@ -93,13 +94,19 @@ def create_missing(request):
 
             doc = Document.objects.create(**kwargs)
 
+            for tag_form in tag_forms:
+                tag_form.save(instance=doc)
+
             cover = request.FILES.get('cover')
             if cover:
                 uppath = 'uploads/%d/' % doc.pk
                 path = settings.MEDIA_ROOT + uppath
                 if not os.path.isdir(path):
                     os.makedirs(path)
-                dest_path = path + cover.name   # UNSAFE
+                cover.name = unidecode(cover.name)
+                dest_path = path + cover.name
+                if not os.path.abspath(dest_path).startswith(os.path.abspath(path)):
+                    raise Http404
                 with open(dest_path, 'w') as destination:
                     for chunk in cover.chunks():
                         destination.write(chunk)
@@ -112,9 +119,7 @@ def create_missing(request):
                 <metadata>
                     <dc:publisher>''' + form.cleaned_data['publisher'] + '''</dc:publisher>
                     <dc:description>''' + form.cleaned_data['description'] + '''</dc:description>
-                    <dc:language>''' + form.cleaned_data['language'] + '''</dc:language>
-                    <dc:rights>''' + form.cleaned_data['rights'] + '''</dc:rights>
-                    <dc:audience>''' + form.cleaned_data['audience'] + '''</dc:audience>
+                    ''' + '\n'.join(tag_form.metadata_rows() for tag_form in tag_forms) + '''
                     <dc:relation.coverImage.url>''' + cover_url + '''</dc:relation.coverImage.url>
                 </metadata>
                 <header>''' + title + '''</header>
@@ -143,13 +148,14 @@ def create_missing(request):
 
         form = forms.DocumentCreateForm(initial={'owner_organization': org})
 
-        # tag_forms = [
-        #     (TagMultipleForm if category.multiple else TagSingleForm)(category=category, prefix=category.dc_tag)
-        #     for category in Category.objects.all()]
+        tag_forms = [
+            (TagMultipleForm if category.multiple else TagSingleForm)(
+                category=category, tutorial_no=i, prefix=category.dc_tag)
+            for i, category in enumerate(Category.objects.all(), start=2)]
 
     return render(request, "catalogue/document_create_missing.html", {
         "form": form,
-        # "tag_forms": tag_forms,
+        "tag_forms": tag_forms,
 
         "logout_to": '/',
     })