Request validation fix.
[wolnelektury.git] / src / catalogue / views.py
index bba773d..2c6692f 100644 (file)
@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
 # This file is part of Wolnelektury, licensed under GNU Affero GPLv3 or later.
 # Copyright © Fundacja Nowoczesna Polska. See NOTICE for more information.
 #
 # This file is part of Wolnelektury, licensed under GNU Affero GPLv3 or later.
 # Copyright © Fundacja Nowoczesna Polska. See NOTICE for more information.
 #
@@ -6,27 +5,30 @@ from collections import OrderedDict
 import random
 
 from django.conf import settings
 import random
 
 from django.conf import settings
-from django.template import RequestContext
+from django.http.response import HttpResponseForbidden
 from django.template.loader import render_to_string
 from django.template.loader import render_to_string
-from django.shortcuts import render_to_response, get_object_or_404, render, redirect
+from django.shortcuts import get_object_or_404, render, redirect
 from django.http import HttpResponse, HttpResponseRedirect, Http404, HttpResponsePermanentRedirect
 from django.http import HttpResponse, HttpResponseRedirect, Http404, HttpResponsePermanentRedirect
-from django.core.urlresolvers import reverse
+from django.urls import reverse
 from django.db.models import Q, QuerySet
 from django.contrib.auth.decorators import login_required, user_passes_test
 from django.utils.http import urlquote_plus
 from django.utils import translation
 from django.utils.translation import ugettext as _, ugettext_lazy
 from django.db.models import Q, QuerySet
 from django.contrib.auth.decorators import login_required, user_passes_test
 from django.utils.http import urlquote_plus
 from django.utils import translation
 from django.utils.translation import ugettext as _, ugettext_lazy
+from django.views.decorators.cache import never_cache
 
 from ajaxable.utils import AjaxableFormView
 
 from ajaxable.utils import AjaxableFormView
+from club.models import Membership
+from annoy.models import DynamicTextInsert
 from pdcounter import views as pdcounter_views
 from picture.models import Picture, PictureArea
 from pdcounter import views as pdcounter_views
 from picture.models import Picture, PictureArea
-from ssify import ssi_included, ssi_expect, SsiVariable as Var
 from catalogue import constants
 from catalogue import forms
 from catalogue.helpers import get_top_level_related_tags
 from catalogue.models import Book, Collection, Tag, Fragment
 from catalogue.utils import split_tags
 from catalogue.models.tag import prefetch_relations
 from catalogue import constants
 from catalogue import forms
 from catalogue.helpers import get_top_level_related_tags
 from catalogue.models import Book, Collection, Tag, Fragment
 from catalogue.utils import split_tags
 from catalogue.models.tag import prefetch_relations
+from wolnelektury.utils import is_crawler
 
 staff_required = user_passes_test(lambda user: user.is_staff)
 
 
 staff_required = user_passes_test(lambda user: user.is_staff)
 
@@ -49,15 +51,14 @@ def book_list(request, filters=None, template_name='catalogue/book_list.html',
     for tag in books_by_author:
         if books_by_author[tag]:
             books_nav.setdefault(tag.sort_key[0], []).append(tag)
     for tag in books_by_author:
         if books_by_author[tag]:
             books_nav.setdefault(tag.sort_key[0], []).append(tag)
-    # WTF: dlaczego nie include?
-    return render_to_response(template_name, {
+    return render(request, template_name, {
         'rendered_nav': render_to_string(nav_template_name, {'books_nav': books_nav}),
         'rendered_book_list': render_to_string(list_template_name, {
             'books_by_author': books_by_author,
             'orphans': orphans,
             'books_by_parent': books_by_parent,
         })
         'rendered_nav': render_to_string(nav_template_name, {'books_nav': books_nav}),
         'rendered_book_list': render_to_string(list_template_name, {
             'books_by_author': books_by_author,
             'orphans': orphans,
             'books_by_parent': books_by_parent,
         })
-    }, context_instance=RequestContext(request))
+    })
 
 
 def daisy_list(request):
 
 
 def daisy_list(request):
@@ -78,12 +79,15 @@ def differentiate_tags(request, tags, ambiguous_slugs):
             'url_args': '/'.join((beginning, tag.url_chunk, unparsed)).strip('/'),
             'tags': [tag]
         })
             'url_args': '/'.join((beginning, tag.url_chunk, unparsed)).strip('/'),
             'tags': [tag]
         })
-    return render_to_response(
-        'catalogue/differentiate_tags.html', {'tags': tags, 'options': options, 'unparsed': ambiguous_slugs[1:]},
-        context_instance=RequestContext(request))
+    return render(
+        request,
+        'catalogue/differentiate_tags.html',
+        {'tags': tags, 'options': options, 'unparsed': ambiguous_slugs[1:]}
+    )
 
 
 
 
-def object_list(request, objects, fragments=None, related_tags=None, tags=None, list_type='books', extra=None):
+def object_list(request, objects, fragments=None, related_tags=None, tags=None,
+                list_type='books', extra=None):
     if not tags:
         tags = []
     tag_ids = [tag.pk for tag in tags]
     if not tags:
         tags = []
     tag_ids = [tag.pk for tag in tags]
@@ -93,7 +97,9 @@ def object_list(request, objects, fragments=None, related_tags=None, tags=None,
         related_tag_lists.append(related_tags)
     else:
         related_tag_lists.append(
         related_tag_lists.append(related_tags)
     else:
         related_tag_lists.append(
-            Tag.objects.usage_for_queryset(objects, counts=True).exclude(category='set').exclude(pk__in=tag_ids))
+            Tag.objects.usage_for_queryset(
+                objects, counts=True
+            ).exclude(category='set').exclude(pk__in=tag_ids))
     if not (extra and extra.get('theme_is_set')):
         if fragments is None:
             if list_type == 'gallery':
     if not (extra and extra.get('theme_is_set')):
         if fragments is None:
             if list_type == 'gallery':
@@ -101,7 +107,9 @@ def object_list(request, objects, fragments=None, related_tags=None, tags=None,
             else:
                 fragments = Fragment.objects.filter(book__in=objects)
         related_tag_lists.append(
             else:
                 fragments = Fragment.objects.filter(book__in=objects)
         related_tag_lists.append(
-            Tag.objects.usage_for_queryset(fragments, counts=True).filter(category='theme').exclude(pk__in=tag_ids)
+            Tag.objects.usage_for_queryset(
+                fragments, counts=True
+            ).filter(category='theme').exclude(pk__in=tag_ids)
             .only('name', 'sort_key', 'category', 'slug'))
         if isinstance(objects, QuerySet):
             objects = prefetch_relations(objects, 'author')
             .only('name', 'sort_key', 'category', 'slug'))
         if isinstance(objects, QuerySet):
             objects = prefetch_relations(objects, 'author')
@@ -131,22 +139,15 @@ def object_list(request, objects, fragments=None, related_tags=None, tags=None,
     }
     if extra:
         result.update(extra)
     }
     if extra:
         result.update(extra)
-    return render_to_response(
+    return render(
+        request,
         'catalogue/tagged_object_list.html', result,
         'catalogue/tagged_object_list.html', result,
-        context_instance=RequestContext(request))
+    )
 
 
 def literature(request):
     books = Book.objects.filter(parent=None)
 
 
 def literature(request):
     books = Book.objects.filter(parent=None)
-
-    # last_published = Book.objects.exclude(cover_thumb='').filter(parent=None).order_by('-created_at')[:20]
-    # most_popular = Book.objects.exclude(cover_thumb='')\
-    #                    .order_by('-popularity__count', 'sort_key_author', 'sort_key')[:20]
     return object_list(request, books, related_tags=get_top_level_related_tags([]))
     return object_list(request, books, related_tags=get_top_level_related_tags([]))
-    # extra={
-    #     'last_published': last_published,
-    #     'most_popular': most_popular,
-    # })
 
 
 def gallery(request):
 
 
 def gallery(request):
@@ -175,12 +176,11 @@ def analyse_tags(request, tag_str):
         chunks = tag_str.split('/')
         if len(chunks) == 2 and chunks[0] == 'autor':
             raise ResponseInstead(pdcounter_views.author_detail(request, chunks[1]))
         chunks = tag_str.split('/')
         if len(chunks) == 2 and chunks[0] == 'autor':
             raise ResponseInstead(pdcounter_views.author_detail(request, chunks[1]))
-        else:
-            raise Http404
-    except Tag.MultipleObjectsReturned, e:
+        raise Http404
+    except Tag.MultipleObjectsReturned as e:
         # Ask the user to disambiguate
         raise ResponseInstead(differentiate_tags(request, e.tags, e.ambiguous_slugs))
         # Ask the user to disambiguate
         raise ResponseInstead(differentiate_tags(request, e.tags, e.ambiguous_slugs))
-    except Tag.UrlDeprecationWarning, e:
+    except Tag.UrlDeprecationWarning as e:
         raise ResponseInstead(HttpResponsePermanentRedirect(
             reverse('tagged_object_list', args=['/'.join(tag.url_chunk for tag in e.tags)])))
 
         raise ResponseInstead(HttpResponsePermanentRedirect(
             reverse('tagged_object_list', args=['/'.join(tag.url_chunk for tag in e.tags)])))
 
@@ -222,6 +222,9 @@ def tagged_object_list(request, tags, list_type):
     except ResponseInstead as e:
         return e.response
 
     except ResponseInstead as e:
         return e.response
 
+    if is_crawler(request) and len(tags) > 1:
+        return HttpResponseForbidden('address removed from crawling. check robots.txt')
+
     if list_type == 'gallery' and any(tag.category == 'set' for tag in tags):
         raise Http404
 
     if list_type == 'gallery' and any(tag.category == 'set' for tag in tags):
         raise Http404
 
@@ -246,7 +249,9 @@ def tagged_object_list(request, tags, list_type):
         params = {
             'objects': Book.tagged.with_all(tags, audiobooks),
             'extra': {
         params = {
             'objects': Book.tagged.with_all(tags, audiobooks),
             'extra': {
-                'daisy': Book.tagged.with_all(tags, audiobooks.filter(media__type='daisy').distinct()),
+                'daisy': Book.tagged.with_all(
+                    tags, audiobooks.filter(media__type='daisy').distinct()
+                ),
             }
         }
     else:
             }
         }
     else:
@@ -261,26 +266,32 @@ def book_fragments(request, slug, theme_slug):
     fragments = Fragment.tagged.with_all([theme]).filter(
         Q(book=book) | Q(book__ancestor=book))
 
     fragments = Fragment.tagged.with_all([theme]).filter(
         Q(book=book) | Q(book__ancestor=book))
 
-    return render_to_response('catalogue/book_fragments.html', {
-        'book': book,
-        'theme': theme,
-        'fragments': fragments,
-        'active_menu_item': 'books',
-    }, context_instance=RequestContext(request))
+    return render(
+        request,
+        'catalogue/book_fragments.html',
+        {
+            'book': book,
+            'theme': theme,
+            'fragments': fragments,
+            'active_menu_item': 'books',
+        })
 
 
 
 
+@never_cache
 def book_detail(request, slug):
     try:
         book = Book.objects.get(slug=slug)
     except Book.DoesNotExist:
         return pdcounter_views.book_stub_detail(request, slug)
 
 def book_detail(request, slug):
     try:
         book = Book.objects.get(slug=slug)
     except Book.DoesNotExist:
         return pdcounter_views.book_stub_detail(request, slug)
 
-    return render_to_response('catalogue/book_detail.html', {
-        'book': book,
-        'tags': book.tags.exclude(category__in=('set', 'theme')),
-        'book_children': book.children.all().order_by('parent_number', 'sort_key'),
-        'active_menu_item': 'books',
-    }, context_instance=RequestContext(request))
+    return render(
+        request,
+        'catalogue/book_detail.html',
+        {
+            'book': book,
+            'book_children': book.children.all().order_by('parent_number', 'sort_key'),
+            'active_menu_item': 'books',
+        })
 
 
 # używane w publicznym interfejsie
 
 
 # używane w publicznym interfejsie
@@ -291,20 +302,33 @@ def player(request, slug):
 
     audiobooks, projects = book.get_audiobooks()
 
 
     audiobooks, projects = book.get_audiobooks()
 
-    return render_to_response('catalogue/player.html', {
-        'book': book,
-        'audiobook': '',
-        'audiobooks': audiobooks,
-        'projects': projects,
-    }, context_instance=RequestContext(request))
+    return render(
+        request,
+        'catalogue/player.html',
+        {
+            'book': book,
+            'audiobook': '',
+            'audiobooks': audiobooks,
+            'projects': projects,
+        })
 
 
 def book_text(request, slug):
     book = get_object_or_404(Book, slug=slug)
 
 
 
 def book_text(request, slug):
     book = get_object_or_404(Book, slug=slug)
 
+    if book.preview and not Membership.is_active_for(request.user):
+        return HttpResponseRedirect(book.get_absolute_url())
+
     if not book.has_html_file():
         raise Http404
     if not book.has_html_file():
         raise Http404
-    return render_to_response('catalogue/book_text.html', {'book': book}, context_instance=RequestContext(request))
+    with book.html_file.open('r') as f:
+        book_text = f.read()
+
+    return render(request, 'catalogue/book_text.html', {
+        'book': book,
+        'book_text': book_text,
+        'inserts': DynamicTextInsert.get_all(request)
+    })
 
 
 # =========
 
 
 # =========
@@ -326,11 +350,13 @@ def import_book(request):
             exception = pprint.pformat(info[1])
             tb = '\n'.join(traceback.format_tb(info[2]))
             return HttpResponse(
             exception = pprint.pformat(info[1])
             tb = '\n'.join(traceback.format_tb(info[2]))
             return HttpResponse(
-                    _("An error occurred: %(exception)s\n\n%(tb)s") % {'exception': exception, 'tb': tb},
-                    mimetype='text/plain')
+                _("An error occurred: %(exception)s\n\n%(tb)s") % {
+                    'exception': exception, 'tb': tb
+                },
+                mimetype='text/plain'
+            )
         return HttpResponse(_("Book imported successfully"))
         return HttpResponse(_("Book imported successfully"))
-    else:
-        return HttpResponse(_("Error importing file: %r") % book_import_form.errors)
+    return HttpResponse(_("Error importing file: %r") % book_import_form.errors)
 
 
 # info views for API
 
 
 # info views for API
@@ -339,7 +365,7 @@ def book_info(request, book_id, lang='pl'):
     book = get_object_or_404(Book, id=book_id)
     # set language by hand
     translation.activate(lang)
     book = get_object_or_404(Book, id=book_id)
     # set language by hand
     translation.activate(lang)
-    return render_to_response('catalogue/book_info.html', {'book': book}, context_instance=RequestContext(request))
+    return render(request, 'catalogue/book_info.html', {'book': book})
 
 
 def tag_info(request, tag_id):
 
 
 def tag_info(request, tag_id):
@@ -347,6 +373,19 @@ def tag_info(request, tag_id):
     return HttpResponse(tag.description)
 
 
     return HttpResponse(tag.description)
 
 
+@never_cache
+def embargo_link(request, key, format_, slug):
+    book = get_object_or_404(Book, slug=slug)
+    if format_ not in Book.formats:
+        raise Http404
+    if key != book.preview_key:
+        raise Http404
+    media_file = book.get_media(format_)
+    if not book.preview:
+        return HttpResponseRedirect(media_file.url)
+    return HttpResponse(media_file, content_type=constants.EBOOK_CONTENT_TYPES[format_])
+
+
 def download_zip(request, format, slug=None):
     if format in Book.ebook_formats:
         url = Book.zip_format(format)
 def download_zip(request, format, slug=None):
     if format in Book.ebook_formats:
         url = Book.zip_format(format)
@@ -374,98 +413,20 @@ class CustomPDFFormView(AjaxableFormView):
         """Override to parse view args and give additional args to the form."""
         return (obj,), {}
 
         """Override to parse view args and give additional args to the form."""
         return (obj,), {}
 
+    def validate_object(self, obj, request):
+        book = obj
+        if book.preview and not Membership.is_active_for(request.user):
+            return HttpResponseRedirect(book.get_absolute_url())
+        return super(CustomPDFFormView, self).validate_object(obj, request)
+
     def get_object(self, request, slug, *args, **kwargs):
     def get_object(self, request, slug, *args, **kwargs):
-        return get_object_or_404(Book, slug=slug)
+        book = get_object_or_404(Book, slug=slug)
+        return book
 
     def context_description(self, request, obj):
         return obj.pretty_title()
 
 
 
     def context_description(self, request, obj):
         return obj.pretty_title()
 
 
-####
-# Includes
-####
-
-
-@ssi_included
-def book_mini(request, pk, with_link=True):
-    # book = get_object_or_404(Book, pk=pk)
-    try:
-        book = Book.objects.only('cover_thumb', 'title', 'language', 'slug').get(pk=pk)
-    except Book.DoesNotExist:
-        raise Http404
-    return render(request, 'catalogue/book_mini_box.html', {
-        'book': book,
-        'no_link': not with_link,
-    })
-
-
-@ssi_included(get_ssi_vars=lambda pk: (lambda ipk: (
-        ('ssify.get_csrf_token',),
-        ('social_tags.likes_book', (ipk,)),
-        ('social_tags.book_shelf_tags', (ipk,)),
-    ))(ssi_expect(pk, int)))
-def book_short(request, pk):
-    book = get_object_or_404(Book, pk=pk)
-
-    return render(request, 'catalogue/book_short.html', {
-        'book': book,
-    })
-
-
-@ssi_included(
-    get_ssi_vars=lambda pk: book_short.get_ssi_vars(pk) +
-    (lambda ipk: (
-        ('social_tags.choose_cite', [ipk]),
-        ('catalogue_tags.choose_fragment', [ipk], {
-            'unless': Var('social_tags.choose_cite', [ipk])}),
-    ))(ssi_expect(pk, int)))
-def book_wide(request, pk):
-    book = get_object_or_404(Book, pk=pk)
-    extra_info = book.extra_info
-
-    return render(request, 'catalogue/book_wide.html', {
-        'book': book,
-        'parents': book.parents(),
-        'tags': split_tags(book.tags.exclude(category__in=('set', 'theme'))),
-        'show_lang': book.language_code() != settings.LANGUAGE_CODE,
-
-        'main_link': reverse('book_text', args=[book.slug]) if book.html_file else None,
-        'extra_info': extra_info,
-        'hide_about': extra_info.get('about', '').startswith('http://wiki.wolnepodreczniki.pl'),
-    })
-
-
-@ssi_included
-def fragment_short(request, pk):
-    fragment = get_object_or_404(Fragment, pk=pk)
-    return render(request, 'catalogue/fragment_short.html', {'fragment': fragment})
-
-
-@ssi_included
-def fragment_promo(request, pk):
-    fragment = get_object_or_404(Fragment, pk=pk)
-    return render(request, 'catalogue/fragment_promo.html', {'fragment': fragment})
-
-
-@ssi_included
-def tag_box(request, pk):
-    tag = get_object_or_404(Tag, pk=pk)
-    assert tag.category != 'set'
-
-    return render(request, 'catalogue/tag_box.html', {
-        'tag': tag,
-    })
-
-
-@ssi_included
-def collection_box(request, pk):
-    collection = get_object_or_404(Collection, pk=pk)
-
-    return render(request, 'catalogue/collection_box.html', {
-        'collection': collection,
-    })
-
-
 def tag_catalogue(request, category):
     if category == 'theme':
         tags = Tag.objects.usage_for_model(
 def tag_catalogue(request, category):
     if category == 'theme':
         tags = Tag.objects.usage_for_model(
@@ -493,7 +454,7 @@ def collections(request):
     objects = Collection.objects.all()
 
     if len(objects) > 3:
     objects = Collection.objects.all()
 
     if len(objects) > 3:
-        best = random.sample(objects, 3)
+        best = random.sample(list(objects), 3)
     else:
         best = objects
 
     else:
         best = objects
 
@@ -514,4 +475,4 @@ def ridero_cover(request, slug):
 
 def get_isbn(request, book_format, slug):
     book = Book.objects.get(slug=slug)
 
 def get_isbn(request, book_format, slug):
     book = Book.objects.get(slug=slug)
-    return HttpResponse(book.extra_info.get('isbn_%s' % book_format))
+    return HttpResponse(book.get_extra_info_json().get('isbn_%s' % book_format))