annotate gpp/core/views.py @ 162:6a5bdcf93ad3

Fix #48; shoutbox was no longer escaping user input on display.
author Brian Neal <bgneal@gmail.com>
date Tue, 22 Dec 2009 03:55:37 +0000
parents ab7830b067b3
children be3fff614b93
rev   line source
bgneal@127 1 """
bgneal@127 2 Views for the core application. These are mainly shared, common views
bgneal@127 3 used by multiple applications.
bgneal@127 4 """
bgneal@149 5 from django.contrib.auth.models import User
bgneal@149 6 from django.http import HttpResponse
bgneal@149 7 from django.http import HttpResponseBadRequest
bgneal@149 8 from django.http import HttpResponseForbidden
bgneal@127 9 from django.shortcuts import render_to_response
bgneal@127 10 from django.template import RequestContext
bgneal@127 11 from django.contrib.auth.decorators import login_required
bgneal@127 12 from django.views.decorators.http import require_GET
bgneal@127 13
bgneal@127 14 @login_required
bgneal@127 15 @require_GET
bgneal@127 16 def markdown_help(request):
bgneal@127 17 """
bgneal@127 18 This view provides the Markdown help cheat sheet. It is expected
bgneal@127 19 to be called via AJAX.
bgneal@127 20 """
bgneal@127 21 return render_to_response('core/markdown_help.html')
bgneal@149 22
bgneal@149 23
bgneal@149 24 def ajax_users(request):
bgneal@149 25 """
bgneal@149 26 If the user is authenticated, return a string of usernames whose names start with
bgneal@149 27 the 'q' GET parameter, limited by the 'limit' GET parameters. The names are separated
bgneal@149 28 by newlines. Only active usernames are returned.
bgneal@149 29 If the user is not authenticated, return an empty string.
bgneal@149 30 """
bgneal@149 31 q = request.GET.get('q', None)
bgneal@149 32 if q is None:
bgneal@149 33 return HttpResponseBadRequest()
bgneal@149 34
bgneal@149 35 if request.user.is_authenticated():
bgneal@149 36 q = request.GET.get('q', ' ')
bgneal@149 37 limit = int(request.GET.get('limit', 10))
bgneal@149 38 users = User.objects.filter(is_active=True,
bgneal@149 39 username__istartswith=q).values_list('username', flat=True)[:limit]
bgneal@149 40 user_list = u"\n".join(users)
bgneal@149 41 return HttpResponse(user_list)
bgneal@149 42 return HttpResponseForbidden()