Mercurial > public > sg101

view comments/views.py @ 989:2908859c2fe4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Smilies now use relative links. This is for upcoming switch to SSL. Currently we do not need absolute URLs for smilies. If this changes we can add it later.
author Brian Neal <bgneal@gmail.com>
date Thu, 29 Oct 2015 20:54:34 -0500
parents a828e80223d2
children 68c3343f3318
line wrap: on
line source
"""
Views for the comments application.

"""
from django.contrib.auth.decorators import login_required
from django.core.exceptions import ObjectDoesNotExist
from django.http import HttpResponse
from django.http import HttpResponseBadRequest
from django.http import HttpResponseForbidden
from django.db.models import get_model
from django.shortcuts import render_to_response
from django.template import RequestContext
from django.utils.html import escape
from django.views.decorators.http import require_POST

from core.functions import email_admins
from core.html import image_check, ImageCheckError
from core.markup import site_markup
from comments.forms import CommentForm
from comments.models import Comment
from comments.models import CommentFlag
import antispam
import antispam.utils


PREVIEW_UNAVAILABLE = """
<p><strong>Error</strong>: {}</p>
<p>Sorry, preview is unavailable.</p>
<p>There is an image in your post which failed our image check. We can only
accept images from a small number of sources for security reasons. You may use
the forms below this box to safely hot-link to images hosted elsewhere on the
Internet or upload from your computer or device.</p>
"""


@login_required
@require_POST
def post_comment(request):
    """
    This function handles the posting of comments. If successful, returns
    the comment text as the response. This function is meant to be the target
    of an AJAX post.
    """
    # Look up the object we're trying to comment about
    ctype = request.POST.get('content_type', None)
    object_pk = request.POST.get('object_pk', None)
    if ctype is None or object_pk is None:
        return HttpResponseBadRequest('Missing content_type or object_pk field.')

    try:
        model = get_model(*ctype.split('.', 1))
        target = model.objects.get(pk=object_pk)
    except TypeError:
        return HttpResponseBadRequest(
            "Invalid content_type value: %r" % escape(ctype))
    except AttributeError:
        return HttpResponseBadRequest(
            "The given content-type %r does not resolve to a valid model." % \
                escape(ctype))
    except ObjectDoesNotExist:
        return HttpResponseBadRequest(
            "No object matching content-type %r and object PK %r exists." % \
                (escape(ctype), escape(object_pk)))

    # Can we comment on the target object?
    if hasattr(target, 'can_comment_on'):
        if callable(target.can_comment_on):
            can_comment_on = target.can_comment_on()
        else:
            can_comment_on = target.can_comment_on
    else:
        can_comment_on = True

    if not can_comment_on:
        return HttpResponseForbidden('Cannot comment on this item.')

    # Check form validity

    form = CommentForm(target, request.POST)
    if not form.is_valid():
        # The client side javascript is pretty simplistic right now and we don't
        # want to change it yet. It is expecting a single error string. Just grab
        # the first error message and use that.
        errors = form.errors.as_data()
        msg = errors.values()[0][0].message if errors else 'Unknown error'
        return HttpResponseBadRequest(msg)

    comment = form.get_comment_object(request.user, request.META.get("REMOTE_ADDR", None))

    # Check for spam

    if antispam.utils.spam_check(request, comment.comment):
        return HttpResponseForbidden(antispam.BUSTED_MESSAGE)

    comment.save(html=form.comment_html)

    # return the rendered comment
    return render_to_response('comments/comment.html', {
        'comment': comment,
        },
        context_instance = RequestContext(request))


@require_POST
def flag_comment(request):
    """
    This function handles the flagging of comments by users. This function should
    be the target of an AJAX post.
    """
    if not request.user.is_authenticated():
        return HttpResponse('Please login or register to flag a comment.')

    id = request.POST.get('id', None)
    if id is None:
        return HttpResponseBadRequest('No id')

    try:
        comment = Comment.objects.get(pk=id)
    except Comment.DoesNotExist:
        return HttpResponseBadRequest('No comment with id %s' % id)

    flag = CommentFlag(user=request.user, comment=comment)
    flag.save()
    email_admins('A Comment Has Been Flagged', """Hello,

A user has flagged a comment for review.
""")
    return HttpResponse('The comment was flagged. A moderator will review the comment shortly. ' \
            'Thanks for helping to improve the discussions on this site.')


@require_POST
def markdown_preview(request):
    """
    This function should be the target of an AJAX POST. It takes the 'data' parameter
    from the POST parameters and returns a rendered HTML page from the data, which
    is assumed to be in markdown format. The HTML page is suitable for the preview
    function for a javascript editor such as markItUp.
    """
    if not request.user.is_authenticated():
        return HttpResponseForbidden('This service is only available to logged in users.')

    data = request.POST.get('data', None)
    if data is None:
        return HttpResponseBadRequest('No data')

    html = site_markup(data)
    if html:
        try:
            image_check(html)
        except ImageCheckError as ex:
            html = PREVIEW_UNAVAILABLE.format(ex)

    return render_to_response('comments/markdown_preview.html', {
        'data': html,
        },
        context_instance = RequestContext(request))