Mercurial > public > sg101
view gpp/messages/views.py @ 507:8631d32e6b16
Some users are still having problems with the pop-up login. I think they are actually getting 403s because of the CSRF protection. So I have modified the base template to always have a javascript variable called csrf_token available when they aren't logged in. The ajax_login.js script was then modified to send this value with the ajax post. Fingers crossed.
author | Brian Neal <bgneal@gmail.com> |
---|---|
date | Sun, 04 Dec 2011 03:05:21 +0000 |
parents | 33d0c55e57a9 |
children | 4b9970ad0edb |
line wrap: on
line source
""" Views for the messages application. """ import datetime from django.contrib.auth.decorators import login_required from django.contrib.auth.models import User from django.contrib import messages as django_messages from django.core.paginator import Paginator, EmptyPage, InvalidPage from django.core.urlresolvers import reverse from django.http import HttpResponse from django.http import HttpResponseForbidden from django.http import HttpResponseNotAllowed from django.http import HttpResponseRedirect from django.shortcuts import get_object_or_404 from django.shortcuts import render import django.utils.simplejson as json from messages.models import Message, Options from messages.forms import OptionsForm, ComposeForm from messages.utils import reply_subject, quote_message from messages import MSG_BOX_LIMIT MSGS_PER_PAGE = 20 # message pagination value # This must match the jQuery UI tab control TAB_INDICES = { 'inbox': 0, 'compose': 1, 'outbox': 2, 'trash': 3, 'options': 4, } def _get_page(request): try: n = int(request.GET.get('page', '1')) except ValueError: n = 1 return n def _quota_check(box_name, count, request): """ Checks the message box count against MSG_BOX_LIMIT. Emits a message to the user if the quota is exceeded. """ if count >= MSG_BOX_LIMIT: django_messages.warning(request, "Your %s is full. Please delete some messages." % box_name) @login_required def index(request, tab=None): """ This function displays the base tabbed private messages view. """ tab_index = TAB_INDICES[tab] if tab else 0 return render(request, 'messages/tabbed_base.html', { 'tab': tab_index, 'unread_count': Message.objects.unread_count(request.user), }) @login_required def compose_to(request, receiver): """ This function displays the base tabbed private messages view, and configures it to display the compose PM tab for the given receiver. """ user = get_object_or_404(User, username=receiver) tab_index = TAB_INDICES['compose'] return render(request, 'messages/tabbed_base.html', { 'tab': tab_index, 'receiver': receiver, 'unread_count': Message.objects.unread_count(request.user), }) def inbox(request): """ Returns the inbox for the user. """ if not request.user.is_authenticated(): return HttpResponseForbidden() msg_list = Message.objects.inbox(request.user) _quota_check('inbox', msg_list.count(), request) paginator = Paginator(msg_list, MSGS_PER_PAGE) try: msgs = paginator.page(_get_page(request)) except EmptyPage, InvalidPage: msgs = paginator.page(paginator.num_pages) return render(request, 'messages/inbox_tab.html', { 'msgs': msgs, 'url': reverse('messages-inbox'), }) def outbox(request): """ Returns the outbox for the user. """ if not request.user.is_authenticated(): return HttpResponseForbidden() msg_list = Message.objects.outbox(request.user) _quota_check('outbox', msg_list.count(), request) paginator = Paginator(msg_list, MSGS_PER_PAGE) try: msgs = paginator.page(_get_page(request)) except EmptyPage, InvalidPage: msgs = paginator.page(paginator.num_pages) return render(request, 'messages/outbox_tab.html', { 'msgs': msgs, 'url': reverse('messages-outbox'), }) def trash(request): """ Returns the trash for the user. """ if not request.user.is_authenticated(): return HttpResponseForbidden() msg_list = Message.objects.trash(request.user) paginator = Paginator(msg_list, MSGS_PER_PAGE) try: msgs = paginator.page(_get_page(request)) except EmptyPage, InvalidPage: msgs = paginator.page(paginator.num_pages) return render(request, 'messages/trash_tab.html', { 'msgs': msgs, 'url': reverse('messages-trash'), }) def message(request): """ This view function retrieves a message and returns it as a JSON object. """ if not request.user.is_authenticated(): return HttpResponseForbidden() if request.method != 'POST': return HttpResponseNotAllowed(['POST']) msg_id = request.POST.get('msg_id') msg = get_object_or_404(Message.objects.select_related(), pk=msg_id) if msg.sender != request.user and msg.receiver != request.user: return HttpResponseForbidden() if msg.receiver == request.user and msg.read_date is None: msg.read_date = datetime.datetime.now() msg.save() msg_dict = dict(subject=msg.subject, sender=msg.sender.username, receiver=msg.receiver.username, content=msg.html, re_subject=reply_subject(msg.subject), re_content=quote_message(msg.sender.username, msg.send_date, msg.message)) result = json.dumps(msg_dict, ensure_ascii=False) return HttpResponse(result, content_type='application/json') def options(request): """ This view handles the displaying and changing of private message options. """ if not request.user.is_authenticated(): return HttpResponseForbidden() if request.method == "POST": options = Options.objects.for_user(request.user) form = OptionsForm(request.POST, instance=options, prefix='opts') if form.is_valid(): form.save() django_messages.success(request, 'Options saved.') else: options = Options.objects.for_user(request.user) form = OptionsForm(instance=options, prefix='opts') return render(request, 'messages/options_tab.html', { 'form': form, }) def compose(request, receiver=None): """ Process or prepare the compose form to create a new private message. """ if not request.user.is_authenticated(): return HttpResponseForbidden() if request.method == "POST": compose_form = ComposeForm(request.user, request.POST) # Is this a reply to another message? parent_msg_id = request.POST.get('reply_to') if parent_msg_id: parent_msg = get_object_or_404(Message, id=parent_msg_id) if (request.user != parent_msg.receiver and request.user != parent_msg.sender): return HttpResponseForbidden() else: parent_msg = None if compose_form.is_valid(): compose_form.save(parent_msg=parent_msg) django_messages.success(request, 'Message sent.') compose_form = ComposeForm(request.user) else: if receiver is not None: form_data = {'receiver': receiver} compose_form = ComposeForm(request.user, initial=form_data) else: compose_form = ComposeForm(request.user) _quota_check('outbox', Message.objects.outbox(request.user).count(), request) return render(request, 'messages/compose_tab.html', { 'compose_form': compose_form, }) def _only_integers(slist): """ Accepts a list of strings. Returns a list of integers consisting of only those elements from the original list that could be converted to integers """ result = [] for s in slist: try: n = int(s) except ValueError: pass else: result.append(n) return result def _delete_msgs(user, msg_ids): """ Deletes the messages given by the list of msg_ids. For this to succeed, the user has to be either the sender or receiver on each message. """ msg_ids = _only_integers(msg_ids) msgs = Message.objects.filter(id__in=msg_ids) for msg in msgs: if msg.sender == user: if (msg.receiver_delete_date is not None or msg.read_date is None): # Both parties deleted the message or receiver hasn't read it # yet, we can delete it now msg.delete() else: # receiver still has it in inbox msg.sender_delete_date = datetime.datetime.now() msg.save() elif msg.receiver == user: if msg.sender_delete_date is not None: # both parties deleted the message, we can delete it now msg.delete() else: # sender still has it in the outbox msg.receiver_delete_date = datetime.datetime.now() msg.save() def _undelete_msgs(user, msg_ids): """ Attempts to "undelete" the messages given by the msg_ids list. This will only succeed if the user is either the sender or receiver. """ msg_ids = _only_integers(msg_ids) msgs = Message.objects.filter(id__in=msg_ids) for msg in msgs: if msg.sender == user: msg.sender_delete_date = None msg.save() elif msg.receiver == user: msg.receiver_delete_date = None msg.save() def bulk(request): """ This view processes messages in bulk. Arrays of message ids are expected in the POST query dict: inbox_ids and outbox_ids will be deleted; trash_ids will be undeleted. """ if not request.user.is_authenticated(): return HttpResponseForbidden() if request.method != 'POST': return HttpResponseNotAllowed(['POST']) delete_ids = [] if 'inbox_ids' in request.POST: delete_ids.extend(request.POST.getlist('inbox_ids')) if 'outbox_ids' in request.POST: delete_ids.extend(request.POST.getlist('outbox_ids')) if len(delete_ids): _delete_msgs(request.user, delete_ids) if 'trash_ids' in request.POST: _undelete_msgs(request.user, request.POST.getlist('trash_ids')) return HttpResponse('');