X-Git-Url: https://git.mdrn.pl/wolnelektury.git/blobdiff_plain/dbe845386fa136ccb8571e50dadb3c882661a59b..e90ee714cc724f21519efa3499dd71d03bb44db0:/apps/catalogue/views.py
diff --git a/apps/catalogue/views.py b/apps/catalogue/views.py
index 64d0cde16..acf2ea244 100644
--- a/apps/catalogue/views.py
+++ b/apps/catalogue/views.py
@@ -71,12 +71,12 @@ def tags_starting_with(request):
def main_page(request):
if request.user.is_authenticated():
- extra_where = '((NOT catalogue_tag.category = "set" AND catalogue_tag.main_page = 1) OR catalogue_tag.user_id = %d)' % request.user.id
- else:
- extra_where = 'NOT catalogue_tag.category = "set" AND catalogue_tag.main_page = 1'
+ shelves = models.Tag.objects.filter(category='set', user=request.user)
+ new_set_form = forms.NewSetForm()
+ extra_where = 'NOT catalogue_tag.category = "set"'
tags = models.Tag.objects.usage_for_model(models.Book, counts=True, extra={'where': [extra_where]})
fragment_tags = models.Tag.objects.usage_for_model(models.Fragment, counts=True,
- extra={'where': ['catalogue_tag.category = "theme"']})
+ extra={'where': ['catalogue_tag.category = "theme"'] + [extra_where]})
categories = split_tags(tags)
form = forms.SearchForm()
@@ -97,20 +97,22 @@ def book_list(request):
def tagged_object_list(request, tags=''):
+ # Prevent DoS attacks on our database
+ if len(tags.split('/')) > 6:
+ raise Http404
+
try:
tags = models.Tag.get_tag_list(tags)
except models.Tag.DoesNotExist:
raise Http404
model = models.Book
+ shelf_is_set = (len(tags) == 1 and tags[0].category == 'set')
theme_is_set = any(tag.category == 'theme' for tag in tags)
if theme_is_set:
model = models.Fragment
-
- if request.user.is_authenticated():
- extra_where = '(NOT catalogue_tag.category = "set" OR catalogue_tag.user_id = %d)' % request.user.id
- else:
- extra_where = 'NOT catalogue_tag.category = "set"'
+
+ extra_where = 'NOT catalogue_tag.category = "set"'
related_tags = models.Tag.objects.related_for_model(tags, model, counts=True, extra={'where': [extra_where]})
categories = split_tags(related_tags)
@@ -120,7 +122,7 @@ def tagged_object_list(request, tags=''):
queryset_or_model=model,
tags=tags,
template_name='catalogue/tagged_object_list.html',
- extra_context = {'categories': categories },
+ extra_context = {'categories': categories, 'shelf_is_set': shelf_is_set },
)
@@ -134,6 +136,13 @@ def book_detail(request, slug):
context_instance=RequestContext(request))
+def book_text(request, slug):
+ book = get_object_or_404(models.Book, slug=slug)
+
+ return render_to_response('catalogue/book_text.html', locals(),
+ context_instance=RequestContext(request))
+
+
def logout_then_redirect(request):
auth.logout(request)
return HttpResponseRedirect(request.GET.get('next', '/'))
@@ -222,7 +231,11 @@ def new_set(request):
new_set_form = forms.NewSetForm(request.POST)
if new_set_form.is_valid():
new_set = new_set_form.save(request.user)
- return HttpResponse(u'PóÅka %s zostaÅa utworzona
' % new_set)
+
+ if request.is_ajax():
+ return HttpResponse(u'PóÅka %s zostaÅa utworzona
' % new_set)
+ else:
+ return HttpResponseRedirect('/')
return render_to_response('catalogue/book_sets.html', locals(),
context_instance=RequestContext(request))
@@ -233,9 +246,13 @@ def new_set(request):
def delete_shelf(request, slug):
user_set = get_object_or_404(models.Tag, slug=slug, category='set', user=request.user)
user_set.delete()
- return HttpResponse(u'PóÅka %s zostaÅa usuniÄta
' % user_set.name)
-
+ if request.is_ajax():
+ return HttpResponse(u'PóÅka %s zostaÅa usuniÄta
' % user_set.name)
+ else:
+ return HttpResponseRedirect('/')
+
+
@login_required
def user_shelves(request):
shelves = models.Tag.objects.filter(category='set', user=request.user)