annotate gpp/comments/views.py @ 207:8bbefaa3e408

Fix #79; user should get security pin when reporting profiles.
author Brian Neal <bgneal@gmail.com>
date Mon, 03 May 2010 02:59:48 +0000
parents d203a4a986d2
children 8c1832b9d815
rev   line source
gremmie@1 1 """
gremmie@1 2 Views for the comments application.
gremmie@1 3 """
gremmie@1 4 from django.contrib.auth.decorators import login_required
gremmie@1 5 from django.core.exceptions import ObjectDoesNotExist
gremmie@1 6 from django.http import HttpResponse
gremmie@1 7 from django.http import HttpResponseRedirect
gremmie@1 8 from django.http import HttpResponseBadRequest
gremmie@1 9 from django.http import HttpResponseForbidden
gremmie@1 10 from django.db.models import get_model
gremmie@1 11 from django.shortcuts import render_to_response
gremmie@1 12 from django.template import RequestContext
gremmie@1 13 from django.utils.html import escape
gremmie@1 14 from django.views.decorators.http import require_POST
gremmie@1 15
gremmie@1 16 from core.functions import email_admins
bgneal@136 17 from core.markup import site_markup
gremmie@1 18 from comments.forms import CommentForm
gremmie@1 19 from comments.models import Comment
gremmie@1 20 from comments.models import CommentFlag
gremmie@1 21
gremmie@1 22 @login_required
gremmie@1 23 @require_POST
gremmie@1 24 def post_comment(request):
gremmie@1 25 """
gremmie@1 26 This function handles the posting of comments. If successful, returns
gremmie@1 27 the comment text as the response. This function is mean't to be the target
gremmie@1 28 of an AJAX post.
gremmie@1 29 """
gremmie@1 30 # Look up the object we're trying to comment about
gremmie@1 31 ctype = request.POST.get('content_type', None)
gremmie@1 32 object_pk = request.POST.get('object_pk', None)
gremmie@1 33 if ctype is None or object_pk is None:
gremmie@1 34 return HttpResponseBadRequest('Missing content_type or object_pk field.')
gremmie@1 35
gremmie@1 36 try:
gremmie@1 37 model = get_model(*ctype.split('.', 1))
gremmie@1 38 target = model.objects.get(pk=object_pk)
gremmie@1 39 except TypeError:
gremmie@1 40 return HttpResponseBadRequest(
gremmie@1 41 "Invalid content_type value: %r" % escape(ctype))
gremmie@1 42 except AttributeError:
gremmie@1 43 return HttpResponseBadRequest(
gremmie@1 44 "The given content-type %r does not resolve to a valid model." % \
gremmie@1 45 escape(ctype))
gremmie@1 46 except ObjectDoesNotExist:
gremmie@1 47 return HttpResponseBadRequest(
gremmie@1 48 "No object matching content-type %r and object PK %r exists." % \
gremmie@1 49 (escape(ctype), escape(object_pk)))
gremmie@1 50
gremmie@1 51 # Can we comment on the target object?
gremmie@1 52 if hasattr(target, 'can_comment_on'):
gremmie@1 53 if callable(target.can_comment_on):
gremmie@1 54 can_comment_on = target.can_comment_on()
gremmie@1 55 else:
gremmie@1 56 can_comment_on = target.can_comment_on
gremmie@1 57 else:
gremmie@1 58 can_comment_on = True
gremmie@1 59
gremmie@1 60 if not can_comment_on:
gremmie@1 61 return HttpResponseForbidden('Cannot comment on this item.')
gremmie@1 62
gremmie@1 63 # Check form validity
gremmie@1 64
gremmie@1 65 form = CommentForm(target, request.POST)
gremmie@1 66 if not form.is_valid():
gremmie@1 67 return HttpResponseBadRequest('Invalid comment; missing parameters?')
gremmie@1 68
gremmie@1 69 # else, create and save the comment
gremmie@1 70
gremmie@1 71 comment = form.get_comment_object(request.user, request.META.get("REMOTE_ADDR", None))
gremmie@1 72 comment.save()
gremmie@1 73
gremmie@1 74 # return the rendered comment
gremmie@1 75 return render_to_response('comments/comment.html', {
gremmie@1 76 'comment': comment,
gremmie@1 77 },
gremmie@1 78 context_instance = RequestContext(request))
gremmie@1 79
gremmie@1 80
gremmie@1 81 @require_POST
gremmie@1 82 def flag_comment(request):
gremmie@1 83 """
gremmie@1 84 This function handles the flagging of comments by users. This function should
gremmie@1 85 be the target of an AJAX post.
gremmie@1 86 """
gremmie@1 87 if not request.user.is_authenticated():
gremmie@1 88 return HttpResponse('Please login or register to flag a comment.')
gremmie@1 89
gremmie@1 90 id = request.POST.get('id', None)
gremmie@1 91 if id is None:
gremmie@1 92 return HttpResponseBadRequest('No id')
gremmie@1 93
gremmie@1 94 try:
gremmie@1 95 comment = Comment.objects.get(pk=id)
gremmie@1 96 except Comment.DoesNotExist:
gremmie@1 97 return HttpResponseBadRequest('No comment with id %s' % id)
gremmie@1 98
gremmie@1 99 flag = CommentFlag(user=request.user, comment=comment)
gremmie@1 100 flag.save()
gremmie@1 101 email_admins('A Comment Has Been Flagged', """Hello,
gremmie@1 102
gremmie@1 103 A user has flagged a comment for review.
gremmie@1 104 """)
gremmie@1 105 return HttpResponse('The comment was flagged. A moderator will review the comment shortly. ' \
gremmie@1 106 'Thanks for helping to improve the discussions on this site.')
gremmie@1 107
gremmie@1 108
gremmie@1 109 @require_POST
gremmie@1 110 def markdown_preview(request):
gremmie@1 111 """
gremmie@1 112 This function should be the target of an AJAX POST. It takes the 'data' parameter
gremmie@1 113 from the POST parameters and returns a rendered HTML page from the data, which
gremmie@1 114 is assumed to be in markdown format. The HTML page is suitable for the preview
gremmie@1 115 function for a javascript editor such as markItUp.
gremmie@1 116 """
gremmie@1 117 if not request.user.is_authenticated():
gremmie@1 118 return HttpResponseForbidden('This service is only available to logged in users.')
gremmie@1 119
gremmie@1 120 data = request.POST.get('data', None)
gremmie@1 121 if data is None:
gremmie@1 122 return HttpResponseBadRequest('No data')
gremmie@1 123
gremmie@1 124 return render_to_response('comments/markdown_preview.html', {
bgneal@136 125 'data': site_markup(data),
gremmie@1 126 },
gremmie@1 127 context_instance = RequestContext(request))