sg101: gpp/forums/views/main.py comparison

comparison gpp/forums/views/main.py @ 459:9d3bd7304050

Fixing #221. Also combined all permissions checks into a new module, permissions.py. This allows us to cache user, category, and forum groups information since it rarely changes.

author	Brian Neal <bgneal@gmail.com>
date	Sat, 02 Jul 2011 23:35:45 +0000
parents	72ef6e809f79
children	2ff5f4c1476d

comparison

equal deleted inserted replaced

-:9a4bffdf37c3
+:9d3bd7304050
 from django.template import RequestContext
 from django.views.decorators.http import require_POST
 from django.utils.text import wrap
 from django.db.models import F
+import antispam
+import antispam.utils
+from bio.models import UserProfile, BadgeOwnership
 from core.paginator import DiggPaginator
 from core.functions import email_admins
-from forums.models import Forum, Topic, Post, FlaggedPost, TopicLastVisit, \
-ForumLastVisit, Attachment
+from forums.models import (Forum, Topic, Post, FlaggedPost, TopicLastVisit,
-from forums.forms import NewTopicForm, NewPostForm, PostForm, MoveTopicForm, \
+ForumLastVisit, Attachment)
-SplitTopicForm
+from forums.forms import (NewTopicForm, NewPostForm, PostForm, MoveTopicForm,
-from forums.unread import get_forum_unread_status, get_topic_unread_status, \
+SplitTopicForm)
-get_post_unread_status, get_unread_topics
+from forums.unread import (get_forum_unread_status, get_topic_unread_status,
+get_post_unread_status, get_unread_topics)
-from bio.models import UserProfile, BadgeOwnership
-import antispam
-import antispam.utils
 from forums.attachments import AttachmentProcessor
+import forums.permissions as perms
 #######################################################################
 TOPICS_PER_PAGE = 50
 POSTS_PER_PAGE = 20
 """
 Displays all the topics in a forum.
 """
 forum = get_object_or_404(Forum.objects.select_related(), slug=slug)
-if not forum.category.can_access(request.user):
+if not perms.can_access(forum.category, request.user):
 return HttpResponseForbidden()
 feed = None
 if not forum.category.groups.all():
 feed = {
 attach_topic_page_ranges(page.object_list)
 # we do this for the template since it is rendered twice
 page_nav = render_to_string('forums/pagination.html', {'page': page})
-can_moderate = _can_moderate(forum, request.user)
+can_moderate = perms.can_moderate(forum, request.user)
 return render_to_response('forums/forum_index.html', {
 'forum': forum,
 'feed': feed,
 'page': page,
 Displays all the posts in a topic.
 """
 topic = get_object_or_404(Topic.objects.select_related(
 'forum', 'forum__category', 'last_post'), pk=id)
-if not topic.forum.category.can_access(request.user):
+if not perms.can_access(topic.forum.category, request.user):
 return HttpResponseForbidden()
 topic.view_count = F('view_count') + 1
 topic.save(force_update=True)
 _update_last_visit(request.user, topic, visit_time)
 # we do this for the template since it is rendered twice
 page_nav = render_to_string('forums/pagination.html', {'page': page})
-can_moderate = _can_moderate(topic.forum, request.user)
+can_moderate = perms.can_moderate(topic.forum, request.user)
 can_reply = request.user.is_authenticated() and (
 not topic.locked or can_moderate)
 is_favorite = request.user.is_authenticated() and (
 """
 This view handles the creation of new topics.
 """
 forum = get_object_or_404(Forum.objects.select_related(), slug=slug)
-if not forum.category.can_access(request.user):
+if not perms.can_access(forum.category, request.user):
 return HttpResponseForbidden()
 if request.method == 'POST':
 form = NewTopicForm(request.user, forum, request.POST)
 if form.is_valid():
 if not request.user.is_authenticated():
 return HttpResponseForbidden('Please login or register to post.')
 form = NewPostForm(request.POST)
 if form.is_valid():
-if not _can_post_in_topic(form.topic, request.user):
+if not perms.can_post(form.topic, request.user):
 return HttpResponseForbidden("You don't have permission to post in this topic.")
 if antispam.utils.spam_check(request, form.cleaned_data['body']):
 return HttpResponseForbidden(antispam.BUSTED_MESSAGE)
 post = form.save(request.user, request.META.get("REMOTE_ADDR", ""))
 _bump_post_count(request.user)
 _update_last_visit(request.user, form.topic, datetime.datetime.now())
 return render_to_response('forums/display_post.html', {
 'post': post,
-'can_moderate': _can_moderate(form.topic.forum, request.user),
+'can_moderate': perms.can_moderate(form.topic.forum, request.user),
 'can_reply': True,
 },
 context_instance=RequestContext(request))
 return HttpResponseBadRequest("Oops, did you forget some text?");
 This view function allows authorized users to edit posts.
 The superuser, forum moderators, and original author can edit posts.
 """
 post = get_object_or_404(Post.objects.select_related(), pk=id)
-can_moderate = _can_moderate(post.topic.forum, request.user)
+can_moderate = perms.can_moderate(post.topic.forum, request.user)
 can_edit = can_moderate or request.user == post.user
 if not can_edit:
 return HttpResponseForbidden("You don't have permission to edit that post.")
 """
 This function is the view for creating a normal, non-quick reply
 to a topic.
 """
 topic = get_object_or_404(Topic.objects.select_related(), pk=topic_id)
-can_post = _can_post_in_topic(topic, request.user)
+can_post = perms.can_post(topic, request.user)
 if can_post:
 if request.method == 'POST':
 form = PostForm(request.POST)
 if form.is_valid():
 def mod_topic_stick(request, id):
 """
 This view function is for moderators to toggle the sticky status of a topic.
 """
 topic = get_object_or_404(Topic.objects.select_related(), pk=id)
-if _can_moderate(topic.forum, request.user):
+if perms.can_moderate(topic.forum, request.user):
 topic.sticky = not topic.sticky
 topic.save()
 return HttpResponseRedirect(topic.get_absolute_url())
 return HttpResponseForbidden()
 def mod_topic_lock(request, id):
 """
 This view function is for moderators to toggle the locked status of a topic.
 """
 topic = get_object_or_404(Topic.objects.select_related(), pk=id)
-if _can_moderate(topic.forum, request.user):
+if perms.can_moderate(topic.forum, request.user):
 topic.locked = not topic.locked
 topic.save()
 return HttpResponseRedirect(topic.get_absolute_url())
 return HttpResponseForbidden()
 def mod_topic_delete(request, id):
 """
 This view function is for moderators to delete an entire topic.
 """
 topic = get_object_or_404(Topic.objects.select_related(), pk=id)
-if _can_moderate(topic.forum, request.user):
+if perms.can_moderate(topic.forum, request.user):
 forum_url = topic.forum.get_absolute_url()
 _delete_topic(topic)
 return HttpResponseRedirect(forum_url)
 return HttpResponseForbidden()
 def mod_topic_move(request, id):
 """
 This view function is for moderators to move a topic to a different forum.
 """
 topic = get_object_or_404(Topic.objects.select_related(), pk=id)
-if not _can_moderate(topic.forum, request.user):
+if not perms.can_moderate(topic.forum, request.user):
 return HttpResponseForbidden()
 if request.method == 'POST':
 form = MoveTopicForm(request.user, request.POST)
 if form.is_valid():
 Displays a view to allow moderators to perform various operations
 on topics in a forum in bulk. We currently support mass locking/unlocking,
 stickying and unstickying, moving, and deleting topics.
 """
 forum = get_object_or_404(Forum.objects.select_related(), slug=slug)
-if not _can_moderate(forum, request.user):
+if not perms.can_moderate(forum, request.user):
 return HttpResponseForbidden()
 topics = forum.topics.select_related('user', 'last_post', 'last_post__user')
 paginator = create_topic_paginator(topics)
 page_num = get_page_num(request)
 """
 This view marks all the topics in the forum as being read.
 """
 forum = get_object_or_404(Forum.objects.select_related(), slug=slug)
-if not forum.category.can_access(request.user):
+if not perms.can_access(forum.category, request.user):
 return HttpResponseForbidden()
 forum.catchup(request.user)
 return HttpResponseRedirect(forum.get_absolute_url())
 def mod_topic_split(request, id):
 """
 This view function allows moderators to split posts off to a new topic.
 """
 topic = get_object_or_404(Topic.objects.select_related(), pk=id)
-if not _can_moderate(topic.forum, request.user):
+if not perms.can_moderate(topic.forum, request.user):
 return HttpResponseRedirect(topic.get_absolute_url())
 if request.method == "POST":
 form = SplitTopicForm(request.user, request.POST)
 if form.is_valid():
 @login_required
 def post_ip_info(request, post_id):
 """Displays information about the IP address the post was made from."""
 post = get_object_or_404(Post.objects.select_related(), pk=post_id)
-if not _can_moderate(post.topic.forum, request.user):
+if not perms.can_moderate(post.topic.forum, request.user):
 return HttpResponseForbidden("You don't have permission for this post.")
 ip_users = sorted(set(Post.objects.filter(
 user_ip=post.user_ip).values_list('user__username', flat=True)))
 'title': page_title,
 'page': page,
 'page_nav': page_nav,
 },
 context_instance=RequestContext(request))
-def _can_moderate(forum, user):
-"""
-Determines if a user has permission to moderate a given forum.
-"""
-return user.is_authenticated() and (
-user.is_superuser or user in forum.moderators.all())
-def _can_post_in_topic(topic, user):
-"""
-This function returns true if the given user can post in the given topic
-and false otherwise.
-"""
-return (not topic.locked and topic.forum.category.can_access(user)) or \
-(user.is_superuser or user in topic.forum.moderators.all())
 def _bump_post_count(user):
 """
 Increments the forum_post_count for the given user.

Mercurial > public > sg101

comparison gpp/forums/views/main.py @ 459:9d3bd7304050