X-Git-Url: https://git.mdrn.pl/redakcja.git/blobdiff_plain/d8990e1ab64fe3bf453d06fab8e983d25f2df2c4..c6080aa55a8852f1c9aa05d80c2fd0c91ff48f12:/apps/catalogue/views.py

diff --git a/apps/catalogue/views.py b/apps/catalogue/views.py
index c6ae4197..fc572c25 100644
--- a/apps/catalogue/views.py
+++ b/apps/catalogue/views.py
@@ -15,15 +15,18 @@ from django.db.models import Count, Q
 from django.db import transaction
 from django import http
 from django.http import Http404, HttpResponse, HttpResponseForbidden
+from django.http.response import HttpResponseRedirect
 from django.shortcuts import get_object_or_404, render
 from django.utils.encoding import iri_to_uri
 from django.utils.http import urlquote_plus
 from django.utils.translation import ugettext_lazy as _
 from django.views.decorators.http import require_POST
+from django_cas.decorators import user_passes_test
 
 from apiclient import NotAuthorizedError
 from catalogue import forms
 from catalogue import helpers
+from catalogue.forms import MarkFinalForm
 from catalogue.helpers import active_tab
 from catalogue.models import (Book, Chunk, Image, BookPublishRecord, 
         ChunkPublishRecord, ImagePublishRecord, Project)
@@ -205,6 +208,8 @@ def upload(request):
 
 
 def serve_xml(request, book, slug):
+    if not book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
     xml = book.materialize(publishable=True)
     response = http.HttpResponse(xml, content_type='application/xml')
     response['Content-Disposition'] = 'attachment; filename=%s.xml' % slug
@@ -214,14 +219,11 @@ def serve_xml(request, book, slug):
 @never_cache
 def book_xml(request, slug):
     book = get_object_or_404(Book, slug=slug)
-    if not book.accessible(request):
-        return HttpResponseForbidden("Not authorized.")
     return serve_xml(request, book, slug)
 
 
 @never_cache
 def book_xml_dc(request, slug):
-    # no permission check, because non-public books
     book = get_object_or_404(Book, dc_slug=slug)
     return serve_xml(request, book, slug)
 
@@ -572,7 +574,7 @@ def publish(request, slug):
     except NotAuthorizedError:
         return http.HttpResponseRedirect(reverse('apiclient_oauth'))
     except BaseException, e:
-        return http.HttpResponse(e)
+        return http.HttpResponse(repr(e))
     else:
         return http.HttpResponseRedirect(book.get_absolute_url())
 
@@ -643,3 +645,17 @@ def active_users_list(request):
     })
 
 
+@user_passes_test(lambda u: u.is_superuser)
+def mark_final(request):
+    if request.method == 'POST':
+        form = MarkFinalForm(data=request.POST)
+        if form.is_valid():
+            form.save()
+            return HttpResponseRedirect(reverse('mark_final_completed'))
+    else:
+        form = MarkFinalForm()
+    return render(request, 'catalogue/mark_final.html', {'form': form})
+
+
+def mark_final_completed(request):
+    return render(request, 'catalogue/mark_final_completed.html')