gremmie@1
|
1 """
|
gremmie@1
|
2 Views for the comments application.
|
bgneal@693
|
3
|
gremmie@1
|
4 """
|
gremmie@1
|
5 from django.contrib.auth.decorators import login_required
|
gremmie@1
|
6 from django.core.exceptions import ObjectDoesNotExist
|
gremmie@1
|
7 from django.http import HttpResponse
|
gremmie@1
|
8 from django.http import HttpResponseBadRequest
|
gremmie@1
|
9 from django.http import HttpResponseForbidden
|
gremmie@1
|
10 from django.db.models import get_model
|
bgneal@1032
|
11 from django.shortcuts import render
|
gremmie@1
|
12 from django.utils.html import escape
|
gremmie@1
|
13 from django.views.decorators.http import require_POST
|
gremmie@1
|
14
|
gremmie@1
|
15 from core.functions import email_admins
|
bgneal@974
|
16 from core.html import image_check, ImageCheckError
|
bgneal@136
|
17 from core.markup import site_markup
|
gremmie@1
|
18 from comments.forms import CommentForm
|
gremmie@1
|
19 from comments.models import Comment
|
gremmie@1
|
20 from comments.models import CommentFlag
|
bgneal@215
|
21 import antispam
|
bgneal@215
|
22 import antispam.utils
|
bgneal@215
|
23
|
gremmie@1
|
24
|
bgneal@974
|
25 PREVIEW_UNAVAILABLE = """
|
bgneal@974
|
26 <p><strong>Error</strong>: {}</p>
|
bgneal@974
|
27 <p>Sorry, preview is unavailable.</p>
|
bgneal@974
|
28 <p>There is an image in your post which failed our image check. We can only
|
bgneal@1021
|
29 accept images from a small number of sources for security reasons.</p>
|
bgneal@1021
|
30 <p>If there are forms below this post box, you may use them to safely hot-link
|
bgneal@1021
|
31 to images hosted elsewhere on the Internet or upload from your computer or
|
bgneal@1021
|
32 device.</p>
|
bgneal@1021
|
33 <p>If there are no image forms on this page, you can upload a photo from your
|
bgneal@1021
|
34 computer or device from your user profile. Copy the image code you receive
|
bgneal@1021
|
35 into the post box here.</p>
|
bgneal@974
|
36 """
|
bgneal@974
|
37
|
bgneal@974
|
38
|
gremmie@1
|
39 @login_required
|
gremmie@1
|
40 @require_POST
|
gremmie@1
|
41 def post_comment(request):
|
gremmie@1
|
42 """
|
gremmie@1
|
43 This function handles the posting of comments. If successful, returns
|
bgneal@215
|
44 the comment text as the response. This function is meant to be the target
|
gremmie@1
|
45 of an AJAX post.
|
gremmie@1
|
46 """
|
gremmie@1
|
47 # Look up the object we're trying to comment about
|
gremmie@1
|
48 ctype = request.POST.get('content_type', None)
|
gremmie@1
|
49 object_pk = request.POST.get('object_pk', None)
|
gremmie@1
|
50 if ctype is None or object_pk is None:
|
gremmie@1
|
51 return HttpResponseBadRequest('Missing content_type or object_pk field.')
|
gremmie@1
|
52
|
gremmie@1
|
53 try:
|
gremmie@1
|
54 model = get_model(*ctype.split('.', 1))
|
gremmie@1
|
55 target = model.objects.get(pk=object_pk)
|
gremmie@1
|
56 except TypeError:
|
gremmie@1
|
57 return HttpResponseBadRequest(
|
gremmie@1
|
58 "Invalid content_type value: %r" % escape(ctype))
|
gremmie@1
|
59 except AttributeError:
|
gremmie@1
|
60 return HttpResponseBadRequest(
|
gremmie@1
|
61 "The given content-type %r does not resolve to a valid model." % \
|
gremmie@1
|
62 escape(ctype))
|
gremmie@1
|
63 except ObjectDoesNotExist:
|
gremmie@1
|
64 return HttpResponseBadRequest(
|
gremmie@1
|
65 "No object matching content-type %r and object PK %r exists." % \
|
gremmie@1
|
66 (escape(ctype), escape(object_pk)))
|
gremmie@1
|
67
|
gremmie@1
|
68 # Can we comment on the target object?
|
gremmie@1
|
69 if hasattr(target, 'can_comment_on'):
|
gremmie@1
|
70 if callable(target.can_comment_on):
|
gremmie@1
|
71 can_comment_on = target.can_comment_on()
|
gremmie@1
|
72 else:
|
gremmie@1
|
73 can_comment_on = target.can_comment_on
|
gremmie@1
|
74 else:
|
gremmie@1
|
75 can_comment_on = True
|
gremmie@1
|
76
|
gremmie@1
|
77 if not can_comment_on:
|
gremmie@1
|
78 return HttpResponseForbidden('Cannot comment on this item.')
|
gremmie@1
|
79
|
gremmie@1
|
80 # Check form validity
|
gremmie@1
|
81
|
gremmie@1
|
82 form = CommentForm(target, request.POST)
|
gremmie@1
|
83 if not form.is_valid():
|
bgneal@963
|
84 # The client side javascript is pretty simplistic right now and we don't
|
bgneal@963
|
85 # want to change it yet. It is expecting a single error string. Just grab
|
bgneal@963
|
86 # the first error message and use that.
|
bgneal@963
|
87 errors = form.errors.as_data()
|
bgneal@963
|
88 msg = errors.values()[0][0].message if errors else 'Unknown error'
|
bgneal@963
|
89 return HttpResponseBadRequest(msg)
|
gremmie@1
|
90
|
bgneal@215
|
91 comment = form.get_comment_object(request.user, request.META.get("REMOTE_ADDR", None))
|
gremmie@1
|
92
|
bgneal@693
|
93 # Check for spam
|
bgneal@215
|
94
|
bgneal@215
|
95 if antispam.utils.spam_check(request, comment.comment):
|
bgneal@215
|
96 return HttpResponseForbidden(antispam.BUSTED_MESSAGE)
|
bgneal@215
|
97
|
bgneal@963
|
98 comment.save(html=form.comment_html)
|
gremmie@1
|
99
|
gremmie@1
|
100 # return the rendered comment
|
bgneal@1032
|
101 return render(request, 'comments/comment.html', {
|
gremmie@1
|
102 'comment': comment,
|
bgneal@1032
|
103 })
|
bgneal@693
|
104
|
gremmie@1
|
105
|
gremmie@1
|
106 @require_POST
|
gremmie@1
|
107 def flag_comment(request):
|
gremmie@1
|
108 """
|
gremmie@1
|
109 This function handles the flagging of comments by users. This function should
|
gremmie@1
|
110 be the target of an AJAX post.
|
gremmie@1
|
111 """
|
gremmie@1
|
112 if not request.user.is_authenticated():
|
gremmie@1
|
113 return HttpResponse('Please login or register to flag a comment.')
|
gremmie@1
|
114
|
gremmie@1
|
115 id = request.POST.get('id', None)
|
gremmie@1
|
116 if id is None:
|
gremmie@1
|
117 return HttpResponseBadRequest('No id')
|
gremmie@1
|
118
|
gremmie@1
|
119 try:
|
gremmie@1
|
120 comment = Comment.objects.get(pk=id)
|
gremmie@1
|
121 except Comment.DoesNotExist:
|
gremmie@1
|
122 return HttpResponseBadRequest('No comment with id %s' % id)
|
gremmie@1
|
123
|
gremmie@1
|
124 flag = CommentFlag(user=request.user, comment=comment)
|
gremmie@1
|
125 flag.save()
|
gremmie@1
|
126 email_admins('A Comment Has Been Flagged', """Hello,
|
gremmie@1
|
127
|
gremmie@1
|
128 A user has flagged a comment for review.
|
gremmie@1
|
129 """)
|
gremmie@1
|
130 return HttpResponse('The comment was flagged. A moderator will review the comment shortly. ' \
|
gremmie@1
|
131 'Thanks for helping to improve the discussions on this site.')
|
gremmie@1
|
132
|
gremmie@1
|
133
|
gremmie@1
|
134 @require_POST
|
gremmie@1
|
135 def markdown_preview(request):
|
gremmie@1
|
136 """
|
gremmie@1
|
137 This function should be the target of an AJAX POST. It takes the 'data' parameter
|
gremmie@1
|
138 from the POST parameters and returns a rendered HTML page from the data, which
|
bgneal@693
|
139 is assumed to be in markdown format. The HTML page is suitable for the preview
|
gremmie@1
|
140 function for a javascript editor such as markItUp.
|
gremmie@1
|
141 """
|
gremmie@1
|
142 if not request.user.is_authenticated():
|
gremmie@1
|
143 return HttpResponseForbidden('This service is only available to logged in users.')
|
gremmie@1
|
144
|
gremmie@1
|
145 data = request.POST.get('data', None)
|
gremmie@1
|
146 if data is None:
|
gremmie@1
|
147 return HttpResponseBadRequest('No data')
|
gremmie@1
|
148
|
bgneal@974
|
149 html = site_markup(data)
|
bgneal@978
|
150 if html:
|
bgneal@978
|
151 try:
|
bgneal@978
|
152 image_check(html)
|
bgneal@978
|
153 except ImageCheckError as ex:
|
bgneal@978
|
154 html = PREVIEW_UNAVAILABLE.format(ex)
|
bgneal@974
|
155
|
bgneal@1032
|
156 return render(request, 'comments/markdown_preview.html', {
|
bgneal@974
|
157 'data': html,
|
bgneal@1032
|
158 })
|