Mercurial > public > sg101

view gpp/forums/views/attachments.py @ 507:8631d32e6b16

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Some users are still having problems with the pop-up login. I think they are actually getting 403s because of the CSRF protection. So I have modified the base template to always have a javascript variable called csrf_token available when they aren't logged in. The ajax_login.js script was then modified to send this value with the ajax post. Fingers crossed.
author Brian Neal <bgneal@gmail.com>
date Sun, 04 Dec 2011 03:05:21 +0000
parents 72fd300685d5
children
line wrap: on
line source
"""
This module contains views for working with post attachments.
"""
from django.http import HttpResponse
from django.http import HttpResponseForbidden
from django.http import HttpResponseBadRequest
from django.http import HttpResponseNotFound
import django.utils.simplejson as json

from forums.models import Post


def fetch_attachments(request):
    """
    This view is the target of an AJAX GET request to retrieve the
    attachment embed data for a given forum post.

    """
    if not request.user.is_authenticated():
        return HttpResponseForbidden('Please login or register.')

    post_id = request.GET.get('pid')
    if post_id is None:
        return HttpResponseBadRequest('Missing post ID.')

    try:
        post = Post.objects.get(pk=post_id)
    except Post.DoesNotExist:
        return HttpResponseNotFound("That post doesn't exist.")

    embeds = post.attachments.all().select_related('embed')
    data = [{'id': embed.id, 'html': embed.html} for embed in embeds]

    return HttpResponse(json.dumps(data), content_type='application/json')