annotate comments/views.py @ 661:15dbe0ccda95

Prevent exceptions when viewing downloads in the admin when the file doesn't exist on the filesystem. This is usually seen in development but can also happen in production if the file is missing.
author Brian Neal <bgneal@gmail.com>
date Tue, 14 May 2013 21:02:47 -0500
parents ee87ea74d46b
children ad69236e8501
rev   line source
gremmie@1 1 """
gremmie@1 2 Views for the comments application.
gremmie@1 3 """
gremmie@1 4 from django.contrib.auth.decorators import login_required
gremmie@1 5 from django.core.exceptions import ObjectDoesNotExist
gremmie@1 6 from django.http import HttpResponse
gremmie@1 7 from django.http import HttpResponseRedirect
gremmie@1 8 from django.http import HttpResponseBadRequest
gremmie@1 9 from django.http import HttpResponseForbidden
gremmie@1 10 from django.db.models import get_model
gremmie@1 11 from django.shortcuts import render_to_response
gremmie@1 12 from django.template import RequestContext
gremmie@1 13 from django.utils.html import escape
gremmie@1 14 from django.views.decorators.http import require_POST
gremmie@1 15
gremmie@1 16 from core.functions import email_admins
bgneal@136 17 from core.markup import site_markup
gremmie@1 18 from comments.forms import CommentForm
gremmie@1 19 from comments.models import Comment
gremmie@1 20 from comments.models import CommentFlag
bgneal@215 21 import antispam
bgneal@215 22 import antispam.utils
bgneal@215 23
gremmie@1 24
gremmie@1 25 @login_required
gremmie@1 26 @require_POST
gremmie@1 27 def post_comment(request):
gremmie@1 28 """
gremmie@1 29 This function handles the posting of comments. If successful, returns
bgneal@215 30 the comment text as the response. This function is meant to be the target
gremmie@1 31 of an AJAX post.
gremmie@1 32 """
gremmie@1 33 # Look up the object we're trying to comment about
gremmie@1 34 ctype = request.POST.get('content_type', None)
gremmie@1 35 object_pk = request.POST.get('object_pk', None)
gremmie@1 36 if ctype is None or object_pk is None:
gremmie@1 37 return HttpResponseBadRequest('Missing content_type or object_pk field.')
gremmie@1 38
gremmie@1 39 try:
gremmie@1 40 model = get_model(*ctype.split('.', 1))
gremmie@1 41 target = model.objects.get(pk=object_pk)
gremmie@1 42 except TypeError:
gremmie@1 43 return HttpResponseBadRequest(
gremmie@1 44 "Invalid content_type value: %r" % escape(ctype))
gremmie@1 45 except AttributeError:
gremmie@1 46 return HttpResponseBadRequest(
gremmie@1 47 "The given content-type %r does not resolve to a valid model." % \
gremmie@1 48 escape(ctype))
gremmie@1 49 except ObjectDoesNotExist:
gremmie@1 50 return HttpResponseBadRequest(
gremmie@1 51 "No object matching content-type %r and object PK %r exists." % \
gremmie@1 52 (escape(ctype), escape(object_pk)))
gremmie@1 53
gremmie@1 54 # Can we comment on the target object?
gremmie@1 55 if hasattr(target, 'can_comment_on'):
gremmie@1 56 if callable(target.can_comment_on):
gremmie@1 57 can_comment_on = target.can_comment_on()
gremmie@1 58 else:
gremmie@1 59 can_comment_on = target.can_comment_on
gremmie@1 60 else:
gremmie@1 61 can_comment_on = True
gremmie@1 62
gremmie@1 63 if not can_comment_on:
gremmie@1 64 return HttpResponseForbidden('Cannot comment on this item.')
gremmie@1 65
gremmie@1 66 # Check form validity
gremmie@1 67
gremmie@1 68 form = CommentForm(target, request.POST)
gremmie@1 69 if not form.is_valid():
gremmie@1 70 return HttpResponseBadRequest('Invalid comment; missing parameters?')
gremmie@1 71
bgneal@215 72 comment = form.get_comment_object(request.user, request.META.get("REMOTE_ADDR", None))
gremmie@1 73
bgneal@215 74 # Check for spam
bgneal@215 75
bgneal@215 76 if antispam.utils.spam_check(request, comment.comment):
bgneal@215 77 return HttpResponseForbidden(antispam.BUSTED_MESSAGE)
bgneal@215 78
gremmie@1 79 comment.save()
gremmie@1 80
gremmie@1 81 # return the rendered comment
gremmie@1 82 return render_to_response('comments/comment.html', {
gremmie@1 83 'comment': comment,
gremmie@1 84 },
gremmie@1 85 context_instance = RequestContext(request))
gremmie@1 86
gremmie@1 87
gremmie@1 88 @require_POST
gremmie@1 89 def flag_comment(request):
gremmie@1 90 """
gremmie@1 91 This function handles the flagging of comments by users. This function should
gremmie@1 92 be the target of an AJAX post.
gremmie@1 93 """
gremmie@1 94 if not request.user.is_authenticated():
gremmie@1 95 return HttpResponse('Please login or register to flag a comment.')
gremmie@1 96
gremmie@1 97 id = request.POST.get('id', None)
gremmie@1 98 if id is None:
gremmie@1 99 return HttpResponseBadRequest('No id')
gremmie@1 100
gremmie@1 101 try:
gremmie@1 102 comment = Comment.objects.get(pk=id)
gremmie@1 103 except Comment.DoesNotExist:
gremmie@1 104 return HttpResponseBadRequest('No comment with id %s' % id)
gremmie@1 105
gremmie@1 106 flag = CommentFlag(user=request.user, comment=comment)
gremmie@1 107 flag.save()
gremmie@1 108 email_admins('A Comment Has Been Flagged', """Hello,
gremmie@1 109
gremmie@1 110 A user has flagged a comment for review.
gremmie@1 111 """)
gremmie@1 112 return HttpResponse('The comment was flagged. A moderator will review the comment shortly. ' \
gremmie@1 113 'Thanks for helping to improve the discussions on this site.')
gremmie@1 114
gremmie@1 115
gremmie@1 116 @require_POST
gremmie@1 117 def markdown_preview(request):
gremmie@1 118 """
gremmie@1 119 This function should be the target of an AJAX POST. It takes the 'data' parameter
gremmie@1 120 from the POST parameters and returns a rendered HTML page from the data, which
gremmie@1 121 is assumed to be in markdown format. The HTML page is suitable for the preview
gremmie@1 122 function for a javascript editor such as markItUp.
gremmie@1 123 """
gremmie@1 124 if not request.user.is_authenticated():
gremmie@1 125 return HttpResponseForbidden('This service is only available to logged in users.')
gremmie@1 126
gremmie@1 127 data = request.POST.get('data', None)
gremmie@1 128 if data is None:
gremmie@1 129 return HttpResponseBadRequest('No data')
gremmie@1 130
gremmie@1 131 return render_to_response('comments/markdown_preview.html', {
bgneal@136 132 'data': site_markup(data),
gremmie@1 133 },
gremmie@1 134 context_instance = RequestContext(request))