X-Git-Url: https://git.mdrn.pl/redakcja.git/blobdiff_plain/a7ef44e7769429470cbf5c8708be37f6ca098ab3..0f68e6fc21bd981cf57b263e94d92b712fc84e63:/apps/wiki/views.py?ds=sidebyside diff --git a/apps/wiki/views.py b/apps/wiki/views.py index b137a541..7a561064 100644 --- a/apps/wiki/views.py +++ b/apps/wiki/views.py @@ -1,24 +1,26 @@ +# -*- coding: utf-8 -*- from datetime import datetime import os import logging +import urllib +import json from django.conf import settings from django.core.urlresolvers import reverse from django import http -from django.http import Http404 +from django.http import Http404, HttpResponseForbidden from django.middleware.gzip import GZipMiddleware from django.utils.decorators import decorator_from_middleware from django.utils.encoding import smart_unicode +from django.utils.formats import localize from django.utils.translation import ugettext as _ from django.views.decorators.http import require_POST, require_GET -from django.views.generic.simple import direct_to_template -from django.shortcuts import get_object_or_404 +from django.shortcuts import get_object_or_404, render -from catalogue.models import Book, Chunk +from catalogue.models import Book, Chunk, Template import nice_diff from wiki import forms -from wiki.helpers import (JSONResponse, JSONFormInvalid, JSONServerError, - ajax_require_permission) +from wiki.helpers import JSONResponse, JSONFormInvalid, ajax_require_permission from wiki.models import Theme # @@ -31,8 +33,27 @@ logger = logging.getLogger("fnp.wiki") MAX_LAST_DOCS = 10 +def get_history(chunk): + changes = [] + for change in chunk.history(): + changes.append({ + "version": change.revision, + "description": change.description, + "author": change.author_str(), + "date": localize(change.created_at), + "publishable": _("Publishable") + "\n" if change.publishable else "", + "tag": ',\n'.join(unicode(tag) for tag in change.tags.all()), + "published": ( + _("Published") + ": " + + localize(change.publish_log.order_by('-book_record__timestamp')[0].book_record.timestamp) + if change.publish_log.exists() else ""), + }) + return changes + + @never_cache -def editor(request, slug, chunk=None, template_name='wiki/document_details.html'): +# @login_required +def editor(request, slug, chunk=None, template_name='wiki/bootstrap.html'): try: chunk = Chunk.get(slug, chunk) except Chunk.MultipleObjectsReturned: @@ -46,6 +67,8 @@ def editor(request, slug, chunk=None, template_name='wiki/document_details.html' return http.HttpResponseRedirect(reverse("catalogue_create_missing", args=[slug])) else: raise Http404 + if not chunk.book.accessible(request): + return HttpResponseForbidden("Not authorized.") access_time = datetime.now() last_books = request.session.get("wiki_last_books", {}) @@ -59,14 +82,35 @@ def editor(request, slug, chunk=None, template_name='wiki/document_details.html' del last_books[oldest_key] request.session['wiki_last_books'] = last_books - return direct_to_template(request, template_name, extra_context={ - 'chunk': chunk, + save_form = forms.DocumentTextSaveForm(user=request.user, chunk=chunk, prefix="textsave") + try: + version = int(request.GET.get('version', None)) + except: + version = None + if version: + text = chunk.at_revision(version).materialize() + else: + text = chunk.materialize() + return render(request, template_name, { + 'serialized_document_data': json.dumps({ + 'document': text, + 'document_id': chunk.id, + 'title': chunk.book.title, + 'history': get_history(chunk), + 'version': version or chunk.revision(), + 'stage': chunk.stage.name if chunk.stage else None, + 'assignment': chunk.user.username if chunk.user else None + }), + 'serialized_templates': json.dumps([ + {'id': t.id, 'name': t.name, 'content': t.content} for t in Template.objects.filter(is_partial=True) + ]), 'forms': { - "text_save": forms.DocumentTextSaveForm(user=request.user, prefix="textsave"), - "text_revert": forms.DocumentTextRevertForm(prefix="textrevert"), - "pubmark": forms.DocumentPubmarkForm(prefix="pubmark"), + "text_save": save_form, + "text_revert": forms.DocumentTextRevertForm(prefix="textrevert") }, - 'REDMINE_URL': settings.REDMINE_URL, + 'tags': list(save_form.fields['stage_completed'].choices), + 'can_pubmark': request.user.has_perm('catalogue.can_pubmark'), + 'slug': chunk.book.slug }) @@ -77,6 +121,8 @@ def editor_readonly(request, slug, chunk=None, template_name='wiki/document_deta revision = request.GET['revision'] except (Chunk.MultipleObjectsReturned, Chunk.DoesNotExist, KeyError): raise Http404 + if not chunk.book.accessible(request): + return HttpResponseForbidden("Not authorized.") access_time = datetime.now() last_books = request.session.get("wiki_last_books", {}) @@ -90,7 +136,7 @@ def editor_readonly(request, slug, chunk=None, template_name='wiki/document_deta del last_books[oldest_key] request.session['wiki_last_books'] = last_books - return direct_to_template(request, template_name, extra_context={ + return render(request, template_name, { 'chunk': chunk, 'revision': revision, 'readonly': True, @@ -102,41 +148,26 @@ def editor_readonly(request, slug, chunk=None, template_name='wiki/document_deta @decorator_from_middleware(GZipMiddleware) def text(request, chunk_id): doc = get_object_or_404(Chunk, pk=chunk_id) + if not doc.book.accessible(request): + return HttpResponseForbidden("Not authorized.") if request.method == 'POST': - form = forms.DocumentTextSaveForm(request.POST, user=request.user, prefix="textsave") + form = forms.DocumentTextSaveForm(request.POST, user=request.user, chunk=doc, prefix="textsave") if form.is_valid(): - if request.user.is_authenticated(): - author = request.user - else: - author = None - text = form.cleaned_data['text'] + form.save() parent_revision = form.cleaned_data['parent_revision'] - if parent_revision is not None: - parent = doc.at_revision(parent_revision) - else: - parent = None - stage = form.cleaned_data['stage_completed'] - tags = [stage] if stage else [] - doc.commit(author=author, - text=text, - parent=parent, - description=form.cleaned_data['comment'], - tags=tags, - author_name=form.cleaned_data['author_name'], - author_email=form.cleaned_data['author_email'], - ) revision = doc.revision() return JSONResponse({ 'text': doc.materialize() if parent_revision != revision else None, - 'meta': {}, - 'revision': revision, + 'version': revision, + 'stage': doc.stage.name if doc.stage else None, + 'assignment': doc.user.username if doc.user else None }) else: return JSONFormInvalid(form) else: revision = request.GET.get("revision", None) - + try: revision = int(revision) except (ValueError, TypeError): @@ -160,6 +191,8 @@ def revert(request, chunk_id): form = forms.DocumentTextRevertForm(request.POST, prefix="textrevert") if form.is_valid(): doc = get_object_or_404(Chunk, pk=chunk_id) + if not doc.book.accessible(request): + return HttpResponseForbidden("Not authorized.") revision = form.cleaned_data['revision'] @@ -176,9 +209,8 @@ def revert(request, chunk_id): doc.at_revision(revision).revert(author=author, description=comment) return JSONResponse({ - 'text': doc.materialize() if before != doc.revision() else None, - 'meta': {}, - 'revision': doc.revision(), + 'document': doc.materialize() if before != doc.revision() else None, + 'version': doc.revision(), }) else: return JSONFormInvalid(form) @@ -189,22 +221,26 @@ def gallery(request, directory): try: base_url = ''.join(( smart_unicode(settings.MEDIA_URL), - smart_unicode(settings.FILEBROWSER_DIRECTORY), + smart_unicode(settings.IMAGE_DIR), smart_unicode(directory))) base_dir = os.path.join( smart_unicode(settings.MEDIA_ROOT), - smart_unicode(settings.FILEBROWSER_DIRECTORY), + smart_unicode(settings.IMAGE_DIR), smart_unicode(directory)) def map_to_url(filename): - return "%s/%s" % (base_url, smart_unicode(filename)) + return urllib.quote("%s/%s" % (base_url, smart_unicode(filename))) def is_image(filename): return os.path.splitext(f)[1].lower() in (u'.jpg', u'.jpeg', u'.png') images = [map_to_url(f) for f in map(smart_unicode, os.listdir(base_dir)) if is_image(f)] images.sort() + + if not request.user.is_authenticated(): + return HttpResponseForbidden("Not authorized.") + return JSONResponse(images) except (IndexError, OSError): logger.exception("Unable to fetch gallery") @@ -223,6 +259,9 @@ def diff(request, chunk_id): revB = None doc = get_object_or_404(Chunk, pk=chunk_id) + if not doc.book.accessible(request): + return HttpResponseForbidden("Not authorized.") + # allow diff from the beginning if revA: docA = doc.at_revision(revA).materialize() @@ -230,13 +269,14 @@ def diff(request, chunk_id): docA = "" docB = doc.at_revision(revB).materialize() - return http.HttpResponse(nice_diff.html_diff_table(docA.splitlines(), - docB.splitlines(), context=3)) + return http.HttpResponse(nice_diff.html_diff_table(docA.splitlines(), docB.splitlines(), context=3)) @never_cache def revision(request, chunk_id): doc = get_object_or_404(Chunk, pk=chunk_id) + if not doc.book.accessible(request): + return HttpResponseForbidden("Not authorized.") return http.HttpResponse(str(doc.revision())) @@ -244,18 +284,10 @@ def revision(request, chunk_id): def history(request, chunk_id): # TODO: pagination doc = get_object_or_404(Chunk, pk=chunk_id) + if not doc.book.accessible(request): + return HttpResponseForbidden("Not authorized.") - changes = [] - for change in doc.history().order_by('-created_at'): - changes.append({ - "version": change.revision, - "description": change.description, - "author": change.author_str(), - "date": change.created_at, - "publishable": _("Publishable") + "\n" if change.publishable else "", - "tag": ',\n'.join(unicode(tag) for tag in change.tags.all()), - }) - return JSONResponse(changes) + return JSONResponse(get_history(doc)) @require_POST @@ -264,6 +296,8 @@ def pubmark(request, chunk_id): form = forms.DocumentPubmarkForm(request.POST, prefix="pubmark") if form.is_valid(): doc = get_object_or_404(Chunk, pk=chunk_id) + if not doc.book.accessible(request): + return HttpResponseForbidden("Not authorized.") revision = form.cleaned_data['revision'] publishable = form.cleaned_data['publishable']