csrf and honeypots
[wolnelektury.git] / apps / catalogue / views.py
index 01600f5..5dff961 100644 (file)
@@ -7,7 +7,7 @@ import itertools
 
 from django.conf import settings
 from django.template import RequestContext
-from django.shortcuts import render_to_response, get_object_or_404
+from django.shortcuts import render_to_response, get_object_or_404, redirect
 from django.http import HttpResponse, HttpResponseRedirect, Http404, HttpResponsePermanentRedirect
 from django.core.urlresolvers import reverse
 from django.db.models import Q
@@ -15,13 +15,14 @@ from django.contrib.auth.decorators import login_required, user_passes_test
 from django.utils.datastructures import SortedDict
 from django.utils.http import urlquote_plus
 from django.utils import translation
-from django.utils.translation import ugettext as _
+from django.utils.translation import ugettext as _, ugettext_lazy
+from django.views.decorators.cache import never_cache
 
 from ajaxable.utils import JSONResponse, AjaxableFormView
 
 from catalogue import models
 from catalogue import forms
-from catalogue.utils import (split_tags, AttachmentHttpResponse,
+from catalogue.utils import (split_tags,
     async_build_pdf, MultiQuerySet)
 from pdcounter import models as pdcounter_models
 from pdcounter import views as pdcounter_views
@@ -29,6 +30,7 @@ from suggest.forms import PublishingSuggestForm
 from picture.models import Picture
 
 from os import path
+from waiter.models import WaitedFile
 
 staff_required = user_passes_test(lambda user: user.is_staff)
 
@@ -95,6 +97,7 @@ def differentiate_tags(request, tags, ambiguous_slugs):
                 context_instance=RequestContext(request))
 
 
+@never_cache
 def tagged_object_list(request, tags=''):
     try:
         tags = models.Tag.get_tag_list(tags)
@@ -202,6 +205,7 @@ def book_fragments(request, slug, theme_slug):
         context_instance=RequestContext(request))
 
 
+@never_cache
 def book_detail(request, slug):
     try:
         book = models.Book.objects.get(slug=slug)
@@ -243,10 +247,11 @@ def player(request, slug):
         else:
             have_oggs = False
         audiobooks.append(media)
-    print audiobooks
 
     projects = sorted(projects)
 
+    extra_info = book.get_extra_info_value()
+
     return render_to_response('catalogue/player.html', locals(),
         context_instance=RequestContext(request))
 
@@ -536,10 +541,11 @@ def download_custom_pdf(request, slug, method='GET'):
             cust = form.customizations
             pdf_file = models.get_customized_pdf_path(book, cust)
 
-            if not path.exists(pdf_file):
-                result = async_build_pdf.delay(book.id, cust, pdf_file)
-                result.wait()
-            return AttachmentHttpResponse(file_name=("%s.pdf" % book.slug), file_path=pdf_file, mimetype="application/pdf")
+            url = WaitedFile.order(pdf_file,
+                    lambda p: async_build_pdf.delay(book.id, cust, p),
+                    book.pretty_title()
+                )
+            return redirect(url)
         else:
             raise Http404(_('Incorrect customization options for PDF'))
     else:
@@ -548,17 +554,23 @@ def download_custom_pdf(request, slug, method='GET'):
 
 class CustomPDFFormView(AjaxableFormView):
     form_class = forms.CustomPDFForm
-    title = _('Download custom PDF')
-    submit = _('Download')
+    title = ugettext_lazy('Download custom PDF')
+    submit = ugettext_lazy('Download')
+    honeypot = True
 
     def __call__(self, request):
         from copy import copy
         if request.method == 'POST':
             request.GET = copy(request.GET)
-            request.GET['next'] = "%s?%s" % (reverse('catalogue.views.download_custom_pdf', args=[request.GET['slug']]),
+            request.GET['next'] = "%s?%s" % (reverse('catalogue.views.download_custom_pdf', args=[request.GET.get('slug')]),
                                              request.POST.urlencode())
         return super(CustomPDFFormView, self).__call__(request)
 
+    def get_object(self, request):
+        return get_object_or_404(models.Book, slug=request.GET.get('slug'))
+
+    def context_description(self, request, obj):
+        return obj.pretty_title()
 
     def success(self, *args):
         pass