X-Git-Url: https://git.mdrn.pl/redakcja.git/blobdiff_plain/b103d6f69bec99cbcc3eb2f0509d950f0a1c0642..3263fb5558f69c727e61a6d4c0b3575a0f081ef6:/apps/catalogue/views.py diff --git a/apps/catalogue/views.py b/apps/catalogue/views.py index e3d98d8c..4c1a21ce 100644 --- a/apps/catalogue/views.py +++ b/apps/catalogue/views.py @@ -13,17 +13,22 @@ from django.conf import settings from django.contrib import auth from django.contrib.auth.models import User from django.contrib.auth.decorators import login_required +from django.contrib.sites.models import Site from django.core.urlresolvers import reverse from django import http -from django.http import Http404 +from django.http import Http404, HttpResponse, HttpResponseForbidden from django.shortcuts import get_object_or_404, render, redirect from django.utils.encoding import force_str from django.utils.http import urlquote_plus from django.views.decorators.http import require_POST +from unidecode import unidecode from catalogue import forms +from catalogue.forms import TagMultipleForm, TagSingleForm from catalogue.helpers import active_tab +from catalogue.models import Category from librarian import BuildError +from redakcja.utlis import send_notify_email from .constants import STAGES from .models import Document, Plan from dvcs.models import Revision @@ -39,12 +44,6 @@ from django.views.decorators.cache import never_cache logger = logging.getLogger("fnp.catalogue") -@active_tab('all') -@never_cache -def document_list(request): - return render(request, 'catalogue/document_list.html') - - @never_cache def user(request, username): user = get_object_or_404(User, username=username) @@ -74,7 +73,11 @@ def logout_then_redirect(request): def create_missing(request): if request.method == "POST": form = forms.DocumentCreateForm(request.POST, request.FILES) - if form.is_valid(): + tag_forms = [ + (TagMultipleForm if category.multiple else TagSingleForm)( + category=category, data=request.POST, prefix=category.dc_tag) + for category in Category.objects.all()] + if form.is_valid() and all(tag_form.is_valid() for tag_form in tag_forms): if request.user.is_authenticated(): creator = request.user @@ -97,7 +100,10 @@ def create_missing(request): path = settings.MEDIA_ROOT + uppath if not os.path.isdir(path): os.makedirs(path) - dest_path = path + cover.name # UNSAFE + cover.name = unidecode(cover.name) + dest_path = path + cover.name + if not os.path.abspath(dest_path).startswith(os.path.abspath(path)): + raise Http404 with open(dest_path, 'w') as destination: for chunk in cover.chunks(): destination.write(chunk) @@ -141,8 +147,14 @@ def create_missing(request): form = forms.DocumentCreateForm(initial={'owner_organization': org}) + tag_forms = [ + (TagMultipleForm if category.multiple else TagSingleForm)( + category=category, tutorial_no=i, prefix=category.dc_tag) + for i, category in enumerate(Category.objects.all(), start=2)] + return render(request, "catalogue/document_create_missing.html", { "form": form, + "tag_forms": tag_forms, "logout_to": '/', }) @@ -175,9 +187,13 @@ def book_html(request, pk, rev_pk=None, preview=False): was_published = revision == published_revision or doc.publish_log.filter(revision=revision).exists() - sst = SST.from_string(revision.materialize()) - html = HtmlFormat(sst).build( - files_path='http://%s/media/dynamic/uploads/%s/' % (request.get_host(), pk)).get_string() + try: + sst = SST.from_string(revision.materialize()) + except ValueError as e: + html = e + else: + html = HtmlFormat(sst).build( + files_path='http://%s/media/dynamic/uploads/%s/' % (request.get_host(), pk)).get_string() # response = http.HttpResponse(html, content_type='text/html', mimetype='text/html') # return response @@ -210,7 +226,10 @@ def book_pdf(request, pk, rev_pk): rev = get_object_or_404(Revision, pk=rev_pk) # Test - sst = SST.from_string(rev.materialize()) + try: + sst = SST.from_string(rev.materialize()) + except ValueError as e: + return HttpResponse(content=force_str(e.message), content_type='text/plain', status='400') ctx = Context( files_path='http://%s/media/dynamic/uploads/%s/' % (request.get_host(), pk), @@ -218,7 +237,10 @@ def book_pdf(request, pk, rev_pk): ) if doc.owner_organization is not None and doc.owner_organization.logo: ctx.cover_logo = 'http://%s%s' % (request.get_host(), doc.owner_organization.logo.url) - pdf_file = PdfFormat(sst).build(ctx) + try: + pdf_file = PdfFormat(sst).build(ctx) + except BuildError as e: + return HttpResponse(content=force_str(e.message), content_type='text/plain', status='400') from catalogue.ebook_utils import serve_file return serve_file(pdf_file.get_filename(), '%d.pdf' % doc.pk, 'application/pdf') @@ -234,7 +256,10 @@ def book_epub(request, pk, rev_pk): rev = get_object_or_404(Revision, pk=rev_pk) # Test - sst = SST.from_string(rev.materialize()) + try: + sst = SST.from_string(rev.materialize()) + except ValueError as e: + return HttpResponse(content=force_str(e.message), content_type='text/plain', status='400') ctx = Context( files_path='http://%s/media/dynamic/uploads/%s/' % (request.get_host(), pk), @@ -245,7 +270,6 @@ def book_epub(request, pk, rev_pk): try: epub_file = EpubFormat(sst).build(ctx) except BuildError as e: - from django.http import HttpResponse return HttpResponse(content=force_str(e.message), content_type='text/plain', status='400') from catalogue.ebook_utils import serve_file @@ -261,7 +285,10 @@ def book_mobi(request, pk, rev_pk): doc = get_object_or_404(Document, pk=pk) rev = get_object_or_404(Revision, pk=rev_pk) - sst = SST.from_string(rev.materialize()) + try: + sst = SST.from_string(rev.materialize()) + except ValueError as e: + return HttpResponse(content=force_str(e.message), content_type='text/plain', status='400') ctx = Context( files_path='http://%s/media/dynamic/uploads/%s/' % (request.get_host(), pk), @@ -272,7 +299,6 @@ def book_mobi(request, pk, rev_pk): try: epub_file = EpubFormat(sst).build(ctx) except BuildError as e: - from django.http import HttpResponse return HttpResponse(content=force_str(e.message), content_type='text/plain', status='400') output_file = NamedTemporaryFile(prefix='librarian', suffix='.mobi', delete=False) @@ -298,9 +324,11 @@ def book_mobi(request, pk, rev_pk): @login_required def book_schedule(request, pk): book = get_object_or_404(Document, pk=pk, deleted=False) + if not book.can_edit(request.user): + return HttpResponseForbidden("Not authorized.") if request.method == 'POST': Plan.objects.filter(document=book).delete() - for i, s in enumerate(STAGES): + for i, (s, name) in enumerate(STAGES): user_id = request.POST.get('s%d-user' % i) deadline = request.POST.get('s%d-deadline' % i) or None Plan.objects.create(document=book, stage=s, user_id=user_id, deadline=deadline) @@ -312,7 +340,7 @@ def book_schedule(request, pk): for p in Plan.objects.filter(document=book): current[p.stage] = (getattr(p.user, 'pk', None), (p.deadline.isoformat() if p.deadline else None)) - schedule = [(i, s, current.get(s, ())) for (i, s) in enumerate(STAGES)] + schedule = [(i, s, current.get(s, ())) for i, (s, name) in enumerate(STAGES)] if book.owner_organization: people = [m.user for m in book.owner_organization.membership_set.exclude(status='pending')] @@ -328,9 +356,8 @@ def book_schedule(request, pk): @login_required def book_owner(request, pk): doc = get_object_or_404(Document, pk=pk, deleted=False) - user_is_owner = doc.owner_organization and doc.owner_organization.is_member(request.user) - if not (doc.owner_user == request.user or user_is_owner): - raise Http404 + if not doc.can_edit(request.user): + return HttpResponseForbidden("Not authorized.") error = '' @@ -361,8 +388,8 @@ def book_owner(request, pk): @login_required def book_delete(request, pk): doc = get_object_or_404(Document, pk=pk, deleted=False) - if not (doc.owner_user == request.user or doc.owner_organization.is_member(request.user)): - raise Http404 + if not doc.can_edit(request.user): + return HttpResponseForbidden("Not authorized.") if request.method == 'POST': doc.deleted = True @@ -381,16 +408,26 @@ def publish(request, pk): from .models import PublishRecord from dvcs.models import Revision - # FIXME: check permissions - doc = get_object_or_404(Document, pk=pk, deleted=False) + if not doc.can_edit(request.user): + return HttpResponseForbidden("Not authorized.") form = forms.DocumentTextPublishForm(request.POST, prefix="textpublish") if form.is_valid(): rev = Revision.objects.get(pk=form.cleaned_data['revision']) # FIXME: check if in tree # if PublishRecord.objects.filter(revision=rev, document=doc).exists(): # return http.HttpResponse('exists') + if not doc.published: + site = Site.objects.get_current() + send_notify_email( + 'New published document in MIL/PEER', + '''New published document in MIL/PEER: %s. View it in browser: https://%s%s. + +-- +MIL/PEER team.''' % (doc.meta()['title'], site.domain, reverse('catalogue_html', args=[doc.pk]))) PublishRecord.objects.create(revision=rev, document=doc, user=request.user) + doc.published = True + doc.save() if request.is_ajax(): return http.HttpResponse('ok') else: @@ -408,9 +445,10 @@ def publish(request, pk): @require_POST @login_required def unpublish(request, pk): - # FIXME: check permissions - doc = get_object_or_404(Document, pk=pk, deleted=False) + if not doc.can_edit(request.user): + return HttpResponseForbidden("Not authorized.") + doc.publish_log.all().delete() if request.is_ajax(): return http.HttpResponse('ok')