X-Git-Url: https://git.mdrn.pl/wolnelektury.git/blobdiff_plain/dbe845386fa136ccb8571e50dadb3c882661a59b..f421853fd43fe24de22e1be4dfcddaf65e80dccf:/apps/catalogue/views.py diff --git a/apps/catalogue/views.py b/apps/catalogue/views.py index 64d0cde16..acf2ea244 100644 --- a/apps/catalogue/views.py +++ b/apps/catalogue/views.py @@ -71,12 +71,12 @@ def tags_starting_with(request): def main_page(request): if request.user.is_authenticated(): - extra_where = '((NOT catalogue_tag.category = "set" AND catalogue_tag.main_page = 1) OR catalogue_tag.user_id = %d)' % request.user.id - else: - extra_where = 'NOT catalogue_tag.category = "set" AND catalogue_tag.main_page = 1' + shelves = models.Tag.objects.filter(category='set', user=request.user) + new_set_form = forms.NewSetForm() + extra_where = 'NOT catalogue_tag.category = "set"' tags = models.Tag.objects.usage_for_model(models.Book, counts=True, extra={'where': [extra_where]}) fragment_tags = models.Tag.objects.usage_for_model(models.Fragment, counts=True, - extra={'where': ['catalogue_tag.category = "theme"']}) + extra={'where': ['catalogue_tag.category = "theme"'] + [extra_where]}) categories = split_tags(tags) form = forms.SearchForm() @@ -97,20 +97,22 @@ def book_list(request): def tagged_object_list(request, tags=''): + # Prevent DoS attacks on our database + if len(tags.split('/')) > 6: + raise Http404 + try: tags = models.Tag.get_tag_list(tags) except models.Tag.DoesNotExist: raise Http404 model = models.Book + shelf_is_set = (len(tags) == 1 and tags[0].category == 'set') theme_is_set = any(tag.category == 'theme' for tag in tags) if theme_is_set: model = models.Fragment - - if request.user.is_authenticated(): - extra_where = '(NOT catalogue_tag.category = "set" OR catalogue_tag.user_id = %d)' % request.user.id - else: - extra_where = 'NOT catalogue_tag.category = "set"' + + extra_where = 'NOT catalogue_tag.category = "set"' related_tags = models.Tag.objects.related_for_model(tags, model, counts=True, extra={'where': [extra_where]}) categories = split_tags(related_tags) @@ -120,7 +122,7 @@ def tagged_object_list(request, tags=''): queryset_or_model=model, tags=tags, template_name='catalogue/tagged_object_list.html', - extra_context = {'categories': categories }, + extra_context = {'categories': categories, 'shelf_is_set': shelf_is_set }, ) @@ -134,6 +136,13 @@ def book_detail(request, slug): context_instance=RequestContext(request)) +def book_text(request, slug): + book = get_object_or_404(models.Book, slug=slug) + + return render_to_response('catalogue/book_text.html', locals(), + context_instance=RequestContext(request)) + + def logout_then_redirect(request): auth.logout(request) return HttpResponseRedirect(request.GET.get('next', '/')) @@ -222,7 +231,11 @@ def new_set(request): new_set_form = forms.NewSetForm(request.POST) if new_set_form.is_valid(): new_set = new_set_form.save(request.user) - return HttpResponse(u'

Półka %s została utworzona

' % new_set) + + if request.is_ajax(): + return HttpResponse(u'

Półka %s została utworzona

' % new_set) + else: + return HttpResponseRedirect('/') return render_to_response('catalogue/book_sets.html', locals(), context_instance=RequestContext(request)) @@ -233,9 +246,13 @@ def new_set(request): def delete_shelf(request, slug): user_set = get_object_or_404(models.Tag, slug=slug, category='set', user=request.user) user_set.delete() - return HttpResponse(u'

Półka %s została usunięta

' % user_set.name) - + if request.is_ajax(): + return HttpResponse(u'

Półka %s została usunięta

' % user_set.name) + else: + return HttpResponseRedirect('/') + + @login_required def user_shelves(request): shelves = models.Tag.objects.filter(category='set', user=request.user)