Use secure transport for requirements.
[wolnelektury.git] / apps / ajaxable / utils.py
1 # -*- coding: utf-8 -*-
2 # This file is part of Wolnelektury, licensed under GNU Affero GPLv3 or later.
3 # Copyright © Fundacja Nowoczesna Polska. See NOTICE for more information.
4 #
5 from functools import wraps
6
7 from django.http import (HttpResponse, HttpResponseRedirect,
8         HttpResponseForbidden)
9 from django.shortcuts import render_to_response
10 from django.template import RequestContext
11 from django.utils.encoding import force_unicode
12 from django.utils.functional import Promise
13 from django.utils.http import urlquote_plus
14 import json
15 from django.utils.translation import ugettext_lazy as _
16 from django.views.decorators.vary import vary_on_headers
17 from honeypot.decorators import verify_honeypot_value
18
19
20 class LazyEncoder(json.JSONEncoder):
21     def default(self, obj):
22         if isinstance(obj, Promise):
23             return force_unicode(obj)
24         return obj
25
26
27 def method_decorator(function_decorator):
28     """Converts a function decorator to a method decorator.
29
30     It just makes it ignore first argument.
31     """
32     def decorator(method):
33         @wraps(method)
34         def wrapped_method(self, *args, **kwargs):
35             def function(*fargs, **fkwargs):
36                 return method(self, *fargs, **fkwargs)
37             return function_decorator(function)(*args, **kwargs)
38         return wrapped_method
39     return decorator
40
41
42 def require_login(request):
43     """Return 403 if request is AJAX. Redirect to login page if not."""
44     if request.is_ajax():
45         return HttpResponseForbidden('Not logged in')
46     else:
47         return HttpResponseRedirect('/uzytkownicy/zaloguj')# next?=request.build_full_path())
48
49
50 def placeholdized(form):
51     for field in form.fields.values():
52         field.widget.attrs['placeholder'] = field.label
53     return form
54
55
56 class AjaxableFormView(object):
57     """Subclass this to create an ajaxable view for any form.
58
59     In the subclass, provide at least form_class.
60
61     """
62     form_class = None
63     placeholdize = False
64     # override to customize form look
65     template = "ajaxable/form.html"
66     submit = _('Send')
67
68     title = ''
69     success_message = ''
70     POST_login = False
71     formname = "form"
72     form_prefix = None
73     full_template = "ajaxable/form_on_page.html"
74     honeypot = False
75
76     @method_decorator(vary_on_headers('X-Requested-With'))
77     def __call__(self, request, *args, **kwargs):
78         """A view displaying a form, or JSON if request is AJAX."""
79         obj = self.get_object(request, *args, **kwargs)
80         form_args, form_kwargs = self.form_args(request, obj)
81         if self.form_prefix:
82             form_kwargs['prefix'] = self.form_prefix
83
84         if request.method == "POST":
85             if self.honeypot:
86                 response = verify_honeypot_value(request, None)
87                 if response:
88                     return response
89
90             # do I need to be logged in?
91             if self.POST_login and not request.user.is_authenticated():
92                 return require_login(request)
93
94             form_kwargs['data'] = request.POST
95             form = self.form_class(*form_args, **form_kwargs)
96             if form.is_valid():
97                 add_args = self.success(form, request)
98                 response_data = {
99                     'success': True,
100                     'message': self.success_message,
101                     'redirect': request.GET.get('next')
102                     }
103                 if add_args:
104                     response_data.update(add_args)
105                 if not request.is_ajax() and response_data['redirect']:
106                     return HttpResponseRedirect(urlquote_plus(
107                             response_data['redirect'], safe='/?=&'))
108             elif request.is_ajax():
109                 # Form was sent with errors. Send them back.
110                 if self.form_prefix:
111                     errors = {}
112                     for key, value in form.errors.items():
113                         errors["%s-%s" % (self.form_prefix, key)] = value
114                 else:
115                     errors = form.errors
116                 response_data = {'success': False, 'errors': errors}
117             else:
118                 response_data = None
119             if request.is_ajax():
120                 return HttpResponse(LazyEncoder(ensure_ascii=False).encode(response_data))
121         else:
122             if (self.POST_login and not request.user.is_authenticated()
123                     and not request.is_ajax()):
124                 return require_login(request)
125
126             form = self.form_class(*form_args, **form_kwargs)
127             response_data = None
128
129         title = self.title
130         if request.is_ajax():
131             template = self.template
132         else:
133             template = self.full_template
134             cd = self.context_description(request, obj)
135             if cd:
136                 title += ": " + cd
137         if self.placeholdize:
138             form = placeholdized(form)
139         context = {
140                 self.formname: form,
141                 "title": title,
142                 "honeypot": self.honeypot,
143                 "placeholdize": self.placeholdize,
144                 "submit": self.submit,
145                 "response_data": response_data,
146                 "ajax_template": self.template,
147                 "view_args": args,
148                 "view_kwargs": kwargs,
149             }
150         context.update(self.extra_context(request, obj))
151         return render_to_response(template, context,
152             context_instance=RequestContext(request))
153
154     def redirect_or_refresh(self, request, path, message=None):
155         """If the form is AJAX, refresh the page. If not, go to `path`."""
156         if request.is_ajax():
157             output = "<script>window.location.reload()</script>"
158             if message:
159                 output = "<div class='normal-text'>" + message + "</div>" + output
160             return HttpResponse(output)
161         else:
162             return HttpResponseRedirect(path)
163
164     def get_object(self, request, *args, **kwargs):
165         """Override to parse view args and get some associated data."""
166         return None
167
168     def form_args(self, request, obj):
169         """Override to parse view args and give additional args to the form."""
170         return (), {}
171
172     def extra_context(self, request, obj):
173         """Override to pass something to template."""
174         return {}
175
176     def context_description(self, request, obj):
177         """Description to appear in standalone form, but not in AJAX form."""
178         return ""
179
180     def success(self, form, request):
181         """What to do when the form is valid.
182
183         By default, just save the form.
184
185         """
186         return form.save(request)