# -*- coding: utf-8 -*- import os from datetime import datetime, date, time from django.shortcuts import render from django.contrib.auth import authenticate, login, logout from django.http import HttpResponseRedirect, HttpResponse, Http404 from django.contrib.auth.decorators import login_required from django.views.decorators.csrf import csrf_exempt from django.forms.models import inlineformset_factory from django.core import mail from django.core.mail import EmailMultiAlternatives from dynastie.models import * from dynastie.forms import * from django.template.defaultfilters import register from django.template import Variable, VariableDoesNotExist @register.filter def hash(object, attr): pseudo_context = { 'object' : object } try: value = Variable('object.%s' % attr).resolve(pseudo_context) except VariableDoesNotExist: value = None return value def have_I_right(request, blog_id=None, post_id=None, must_be_superuser=False): b = None p = None if must_be_superuser and not request.user.is_superuser: raise Http404 if not post_id is None: p = Post.objects.get(pk=post_id) if p is None: raise Http404 blog_id = p.blog.id if not blog_id is None: if not request.user.is_superuser: b = Blog.objects.filter(pk=blog_id).filter(writers=request.user.id) if len(b) == 0: raise Http404 b = b[0] else: b = Blog.objects.get(pk=post.blog.id) if b is None: raise Http404 return (b, p) def index(request): if request.user.is_authenticated(): return HttpResponseRedirect('/blog') login_failed = False if 'login' in request.POST: user = authenticate(username=request.POST['login'], password=request.POST['password']) if user is None: login_failed = True else: login(request, user) if 'next' in request.GET: return HttpResponseRedirect(request.GET['next']) else: return HttpResponseRedirect('/blog') c = {'auth_key': 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA',\ 'login_failed' : login_failed} return render(request, 'templates/login.html', c) def disconnect(request): logout(request) c = {'auth_key': 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA',\ 'login_failed' : False} return HttpResponseRedirect('/') @login_required def user(request): users = User.objects.all() c = {'users' : users} return render(request, 'templates/user.html', c) @login_required def add_user(request): if not request.user.is_superuser: return HttpResponseRedirect('/user') if request.method == 'POST': # If the form has been submitted... if 'add' in request.POST: form = UserForm(request.POST) # A form bound to the POST data if form.is_valid(): # All validation rules pass form = form.save() user = User.objects.get(pk=form.id) user.set_password(request.POST['password']) user.save() # Process the data in form.cleaned_data # ... return HttpResponseRedirect('/user') # Redirect after POST else: return HttpResponseRedirect('/user') # Redirect after POST else: form = UserForm() # An unbound form return render(request, 'add_user.html', { 'form': form, }) @login_required def edit_user(request, user_id): user = User.objects.get(pk=user_id) if user is None: raise Http404 edited = False if request.method == 'POST': # If the form has been submitted... if int(user_id) != int(request.user.id) and (not request.user.is_superuser): return HttpResponseRedirect('/user/' + str(user_id)) if 'edit' in request.POST: form = UserForm(request.POST, instance=user, initial={'password':''}) # A form bound to the POST data if form.is_valid(): # All validation rules pass form.save() if request.POST['password'] != '': user.set_password(request.POST['password']) user.save() edited = True else: if 'delete' in request.POST and request.user.is_superuser: User.objects.get(pk=user_id).delete() return HttpResponseRedirect('/user') if 'cancel' in request.POST: return HttpResponseRedirect('/user') else: form = UserForm(instance=user, initial={'password':''}) # An unbound form c = {'user_to_edit' : user, 'form' : form, 'edited' : edited} return render(request, 'templates/edit_user.html', c) @login_required def category(request, blog_id): b = have_I_right(request, blog_id) categories = Category.objects.filter(blog_id=blog_id) c = {'categories' : categories} return render(request, 'templates/category.html', c) @login_required def add_category(request, blog_id): b = have_I_right(request, blog_id)[0] if request.method == 'POST': # If the form has been submitted... if 'add' in request.POST: form = CategoryForm(request.POST) # A form bound to the POST data form.blog = b if form.is_valid(): # All validation rules pass form = form.save() # Process the data in form.cleaned_data # ... return HttpResponseRedirect('/category/' + str(b.id)) else: return HttpResponseRedirect('/category/' + str(b.id)) else: form = CategoryForm() # An unbound form return render(request, 'add_category.html', { 'form': form, }) @login_required def edit_category(request, category_id): category = Category.objects.get(pk=category_id) if category is None: raise Http404 b = have_I_right(request, category.blog.id)[0] if request.method == 'POST': # If the form has been submitted... if 'cancel' in request.POST: return HttpResponseRedirect('/category' + str(b.id)) if 'edit' in request.POST: name = category.name form = CategoryForm(request.POST, instance=category) # A form bound to the POST data if form.is_valid(): # All validation rules pass if request.POST['name'] != name: category.remove() form.save() return HttpResponseRedirect('/category/' + str(b.id)) else: form = CategoryForm(instance=category) # An unbound form c = {'category' : category, 'form' : form} return render(request, 'templates/edit_category.html', c) @login_required def delete_category(request, category_id): category = Category.objects.get(pk=category_id) if category is None: raise Http404 b = have_I_right(request, category.blog.id)[0] category.remove() category.delete() return HttpResponseRedirect('/category/' + str(b.id)) @login_required def blog(request): if request.user.is_superuser: b = Blog.objects.all() else: b = Blog.objects.filter(writers=request.user.id) c = {'blogs' : b} return render(request, 'templates/blog.html', c) @login_required def add_blog(request): if not request.user.is_superuser: return HttpResponseRedirect('/blog') if request.method == 'POST': # If the form has been submitted... if 'add' in request.POST: form = BlogForm(request.POST) # A form bound to the POST data if form.is_valid(): # All validation rules pass form = form.save() form.create() return HttpResponseRedirect('/blog') # Redirect after POST else: return HttpResponseRedirect('/blog') # Redirect after POST else: form = BlogForm() # An unbound form return render(request, 'add_blog.html', { 'form': form, }) @login_required def view_blog(request, blog_id): if not request.user.is_superuser: b = Blog.objects.filter(id=blog_id).filter(writers=request.user.id) else: b = Blog.objects.get(pk=blog_id) if b is None: raise Http404 posts = Post.objects.filter(blog=b).order_by('-creation_date') b = Blog.objects.get(pk=blog_id) form = BlogForm(instance=b) comments = Comment.objects.all() dict_comments = {} for comment in comments: key = comment.post.id if not key in dict_comments: dict_comments[key] = 1 else: dict_comments[key] = dict_comments[key] + 1 c = {'blog' : b, 'posts' : posts, 'form' : form, 'comments' : dict_comments} return render(request, 'templates/view_blog.html', c) @login_required def edit_blog(request, blog_id): if not request.user.is_superuser: return HttpResponseRedirect('/blog/' + str(blog_id)) b = Blog.objects.get(pk=blog_id) if b is None: raise Http404 if request.method == 'POST': # If the form has been submitted... if 'edit' in request.POST: form = BlogForm(request.POST, instance=b) # A form bound to the POST data if form.is_valid(): # All validation rules pass form.save() else: if 'delete' in request.POST: b = Blog.objects.get(pk=blog_id) b.delete() return HttpResponseRedirect('/blog') else: form = BlogForm(instance=b) # An unbound form posts = Post.objects.filter(blog=b).order_by('-creation_date') c = {'blog' : b, 'posts' : posts, 'form' : form} return render(request, 'templates/view_blog.html', c) @login_required def add_post(request, blog_id): (b,) = have_I_right(request, blog_id) if request.method == 'POST': # If the form has been submitted... if 'add' in request.POST: post = Post(blog=Blog.objects.get(pk=blog_id), author=User.objects.get(pk=request.user.id), creation_date=datetime.now(), modification_date=datetime.now()) content = request.POST['content'] # del request.POST['content'] form = PostForm(request.POST, instance=post) # A form bound to the POST data if form.is_valid(): # All validation rules pass form = form.save() form.createPost(content) # Process the data in form.cleaned_data # ... return HttpResponseRedirect('/blog/' + blog_id) # Redirect after POST else: return HttpResponseRedirect('/blog/' + blog_id) # Redirect after POST else: form = PostForm() # An unbound form return render(request, 'add_post.html', { 'form': form, 'blog_id' : blog_id }) @login_required def edit_post(request, post_id): (b, post) = have_I_right(request, None, post_id) post = Post.objects.get(pk=post_id) title = post.title blog_id = b.id if request.method == 'POST': # If the form has been submitted... if 'edit' in request.POST: post.modification_date = datetime.now() form = PostForm(request.POST, instance=post) # A form bound to the POST data if form.is_valid(): # All validation rules pass if title != request.POST['title']: post.remove() form.save() post.createPost(request.POST['content']) # Process the data in form.cleaned_data # ... return HttpResponseRedirect('/blog/' + str(blog_id)) # Redirect after POST else: if 'cancel' in request.POST: return HttpResponseRedirect('/blog/' + str(blog_id)) # Redirect after POST else: form = PostForm(instance=post) # An unbound form b.create_paths() filename = b.src_path + '/_post/' + str(post.pk) if os.path.exists(filename): f = open(filename, 'rb') content = f.read() f.close() else: content = 'Empty post' comments = Comment.objects.filter(post=post).order_by('date') comment_list = [] for comment in comments: comment_list.append(comment) return render(request, 'edit_post.html', { 'form': form, 'post_id' : post_id, 'content' : content, 'blog_id' : blog_id, 'comments' : comment_list }) @login_required def delete_post(request, post_id): (b, post) = have_I_right(request, None, post_id) blog_id = b.id post.delete() return HttpResponseRedirect('/blog/' + str(blog_id)) @login_required def generate(request, blog_id): (b, post) = have_I_right(request, blog_id) b.create_paths() report = b.generate() posts = Post.objects.filter(blog=b).order_by('-creation_date') b = Blog.objects.get(pk=blog_id) form = BlogForm(instance=b) comments = Comment.objects.all() dict_comments = {} for comment in comments: key = comment.post.id if not key in dict_comments: dict_comments[key] = 1 else: dict_comments[key] = dict_comments[key] + 1 c = {'blog' : b, 'posts' : posts, 'form' : form, 'report': report, 'comments' : dict_comments} return render(request, 'templates/generate.html', c) @login_required def preview(request, blog_id): from dynastie.generators import post values = {'title' : request.POST['title'], \ 'author' : request.user.first_name + ' ' + request.user.last_name, \ 'content' : request.POST['content'] } (b, ) = have_I_right(request, blog_id) b.create_paths() engine = globals()['post'] for name, obj in inspect.getmembers(engine): if inspect.isclass(obj) and obj.__module__.startswith("dynastie.generators") \ and obj.__module__.endswith("post"): e = obj() content = e.preview(b.src_path, values) break output = b.output_path path = output + '/preview.html' if os.path.exists(path): os.unlink(path) f = open(path, 'wb') f.write(content) f.close() c = {'content' : content} return HttpResponseRedirect('http://' + b.name + '/preview.html') # return HttpResponseRedirect('http://' + 'localhost:8080' + '/preview.html') def _tinymcelist(request, b, year, month): ret = 'var tinyMCEImageList = new Array(' b.create_paths() if month < 10: suffix = '/images/' + str(year) + '/0' + str(month) else: suffix = '/images/' + str(year) + '/' + str(month) path = b.src_path + '/' + suffix # url = 'http://' + 'localhost:8080' + '/' + suffix + '/' url = 'http://' + b.name + '/' + suffix + '/' if os.path.exists(path): files = '' for p in os.listdir(path): files += '["' + p + '", "' + url + p + '"],' # Remove last comma if len(files) != 0: ret += files[:-1] ret += ');' return ret @login_required def tinymcelist_add(request, blog_id): now = datetime.now() year = now.year month = now.month try: (b, ) = have_I_right(request, blog_id) except Http404: return HttpResponse('', content_type='application/x-javascript') ret = _tinymcelist(request, b, year, month) return HttpResponse(ret, content_type='application/x-javascript') @login_required def tinymcelist_edit(request, post_id): try: (b, post) = have_I_right(request, None, post_id) except Http404: return HttpResponse('', content_type='application/x-javascript') year = post.creation_date.year() month = post.creation_date.month() ret = _tinymcelist(request, b, year, month) return HttpResponse(ret, content_type='application/x-javascript') @csrf_exempt def add_comment(request, post_id, parent_id): from dynastie.generators import post ref = request.META['HTTP_REFERER'] post = Post.objects.get(pk=post_id) if post is None: print 'no post' return HttpResponseRedirect(ref) blog = Blog.objects.get(pk=post.blog_id) if blog is None: print 'no blog ' + str(post.blog.id) return HttpResponseRedirect(ref) parent_id = int(parent_id) if parent_id != 0: parentComment = Comment.objects.get(pk=parent_id) if parentComment is None: return HttpResponseRedirect(ref) else: parentComment = None if request.POST['author'] == '' or request.POST['the_comment'] == '': print 'Error on author or the_comment' return HttpResponseRedirect(ref) # Behind nginx proxy if 'HTTP_X_FORWARDED_FOR' in request.META: ip = request.META['HTTP_X_FORWARDED_FOR'] else: ip = request.META['REMOTE_ADDR'] comment = Comment(post=post, parent=parentComment, date=datetime.now(), author=request.POST['author'],\ email=request.POST['email'], the_comment=request.POST['the_comment'], ip=ip) comment.save() engine = globals()['post'] blog.create_paths() post_list = [post] for name, obj in inspect.getmembers(engine): if inspect.isclass(obj) and obj.__module__.startswith("dynastie.generators") \ and obj.__module__.endswith("post"): e = obj() content = e._generate(blog, blog.src_path, blog.output_path, post_list) break # Send emails emails = {} comments = Comment.objects.filter(post=post).order_by('date') comment_index = str(len(comments)) for comment in comments: email = comment.email if email != '' and email != request.POST['email'] and not email in emails: emails[email] = comment.author if post.author.email not in email: emails[post.author.email] = post.author.first_name if len(emails) > 0: connection = mail.get_connection(fail_silently=True) connection.open() messages = [] subject = '[%s] Nouveau commentaire pour l\'article "%s"' % (blog.name, post.title) for email,author in emails.items(): text_body = u'Bonjour %s,\n\nUn nouveau commentaire a été posté pour l\'article "%s".\n\n' % (author, post.title) text_body += u'Pour le consulter, rendez vous sur http://%s%s/#comment_%s\n\n----------------\n\n' % (blog.name, post.getPath(), comment_index) text_body += comment.the_comment text_body += '\n' html_body = u'' html_body += u'Bonjour %s,

Un nouveau commentaire a été posté pour l\'article "%s".

' % (author, post.title) html_body = html_body + u'Pour le consulter, rendez vous sur http://%s%s#comment_%s

----------------
'  % (blog.name, post.getPath(), comment_index, blog.name, post.getPath(), comment_index)
            c = comment.the_comment
            # Avoid script injection
            c = c.replace('
', '<pre>')
            c = c.replace('
', '</pre>') html_body += c + '
' html_body += '' msg = EmailMultiAlternatives(subject, text_body, 'no-reply@%s' % blog.name , [email]) msg.attach_alternative(html_body, "text/html") messages.append(msg) connection.send_messages(messages) connection.close() response = HttpResponseRedirect(ref) response['Cache-Control'] = 'no-cache' response.set_cookie('author', request.POST['author'], domain=blog.name, secure=True, httponly=False); if request.POST['email'] != '': response.set_cookie('email', request.POST['email'], domain=blog.name, secure=True, httponly=False); return response @login_required def edit_comment(request, comment_id): comment = Comment.objects.get(pk=comment_id) if comment is None: return Http404 (b, post) = have_I_right(request, None, comment.post_id) post_id = comment.post_id if request.method == 'POST': # If the form has been submitted... if 'edit' in request.POST: form = CommentForm(request.POST, instance=comment) # A form bound to the POST data if form.is_valid(): # All validation rules pass form = form.save() # Process the data in form.cleaned_data # ... return HttpResponseRedirect('/post/edit/' + str(post_id)) else: return HttpResponseRedirect('/post/edit/' + str(post_id)) else: form = CommentForm(instance=comment) # An unbound form return render(request, 'edit_comment.html', { 'form': form, 'comment':comment }) @login_required def delete_comment(request, comment_id): comment = Comment.objects.get(pk=comment_id) if comment is None: return Http404 (b, post) = have_I_right(request, None, comment.post_id) post_id = comment.post_id childs = Comment.objects.filter(parent=comment.id) try: parent = comment.parent except: parent = None for child in childs: child.parent = parent child.save() comment.delete() return HttpResponseRedirect('/post/edit/' + str(post_id))