Changeset 279:bde1c620c072

Timestamp:

30.10.2010 10:03:50 (19 months ago)

Author:

alafin <alafin@…>

Branch:

default

Message:

fix #71 Permissions of feeds

Location:

djangobb/djangobb_forum

Files:

• feeds.py (modified) (6 diffs)
• forms.py (modified) (2 diffs)
• models.py (modified) (1 diff)
• signals.py (modified) (3 diffs)
• subscription.py (modified) (2 diffs)
• templates/forum/base.html (modified) (1 diff)
• templates/forum/delete_posts.html (modified) (1 diff)
• templates/forum/forum.html (modified) (1 diff)
• templates/forum/forum_row.html (modified) (1 diff)
• templates/forum/topic.html (modified) (2 diffs)
• urls.py (modified) (2 diffs)
• views.py (modified) (1 diff)

djangobb/djangobb_forum/feeds.py

@@ -1 @@
-from django.contrib.syndication.feeds import Feed, FeedDoesNotExist
+from django.contrib.syndication.views import Feed, FeedDoesNotExist
 from django.core.exceptions import ObjectDoesNotExist
 from django.utils.feedgenerator import Atom1Feed
 from django.core.urlresolvers import reverse
 from django.utils.translation import ugettext_lazy as _
+from django.contrib.auth.models import User
+from django.db.models import Q
+from django.http import Http404
 
 from djangobb_forum.models import Post, Topic, Forum, Category
@@ -26 +29 @@
     description_template = 'forum/feeds/posts_description.html'
 
-    def items(self):
-        return Post.objects.order_by('-created')[:15]
+    def get_object(self, request):
+        user_groups = request.user.groups.all()
+        if request.user.is_anonymous():
+            user_groups = []
+        allow_forums = Forum.objects.filter(
+                Q(category__groups__in=user_groups) | \
+                Q(category__groups__isnull=True))
+        return allow_forums
+
+    def items(self, allow_forums):
+        return Post.objects.filter(topic__forum__in=allow_forums).order_by('-created')[:15]
 
 
@@ -36 +48 @@
     description_template = 'forum/feeds/topics_description.html'
 
-    def items(self):
-        return Topic.objects.order_by('-created')[:15]
+    def get_object(self, request):
+        user_groups = request.user.groups.all()
+        if request.user.is_anonymous():
+            user_groups = []
+        allow_forums = Forum.objects.filter(
+                Q(category__groups__in=user_groups) | \
+                Q(category__groups__isnull=True))
+        return allow_forums
+
+    def items(self, allow_forums):
+        return Topic.objects.filter(forum__in=allow_forums).order_by('-created')[:15]
 
 
@@ -44 +65 @@
     description_template = 'forum/feeds/posts_description.html'
     
-    def get_object(self, topics):
+    def get_object(self, request, topics):
         if len(topics) != 1:
             raise ObjectDoesNotExist
-        return Topic.objects.get(id=topics[0])
+        topic = Topic.objects.get(id=topics[0])
+        if not topic.forum.category.has_access(request.user):
+            raise Http404
+        return topic
 
     def title(self, obj):
@@ -68 +92 @@
     description_template = 'forum/feeds/posts_description.html'
 
-    def get_object(self, forums):
+    def get_object(self, request, forums):
         if len(forums) != 1:
             raise ObjectDoesNotExist
-        return Forum.objects.get(id=forums[0])
+        forum = Forum.objects.get(id=forums[0])
+        if not forum.category.has_access(request.user):
+            raise Http404
+        return forum
 
     def title(self, obj):
@@ -92 +119 @@
     description_template = 'forum/feeds/posts_description.html'
     
-    def get_object(self, categories):
+    def get_object(self, request, categories):
         if len(categories) != 1:
             raise ObjectDoesNotExist
-        return Category.objects.get(id=categories[0])
+        category = Category.objects.get(id=categories[0])
+        if not category.has_access(request.user):
+            raise Http404
+        return category
 
     def title(self, obj):

djangobb/djangobb_forum/forms.py

@@ -10 +10 @@
 from django.utils.translation import ugettext as _
 
-from djangobb_forum.models import Topic, Post, Profile, Reputation, Report, PrivateMessage,\
+from djangobb_forum.models import Topic, Post, Profile, Reputation, Report, \
     Forum, Attachment, TZ_CHOICES, PRIVACY_CHOICES
 from djangobb_forum.markups import bbmarkup
@@ -361 +361 @@
             report.save()
         return report
-
-
-class CreatePMForm(forms.ModelForm):
-    recipient = forms.CharField(label=_('Recipient'))
-    
-    class Meta:
-        model = PrivateMessage
-        fields = ['subject', 'body']
-        
-    def __init__(self, *args, **kwargs):
-        self.user = kwargs.pop('user', None)
-        super(CreatePMForm, self).__init__(*args, **kwargs)
-        self.fields.keyOrder = ['recipient', 'subject', 'body']
-        self.fields['subject'].widget = widget=forms.TextInput(attrs={'size':'115'})
-        self.fields['body'].widget = forms.Textarea(attrs={'class':'bbcode'})
-        
-    def clean_recipient(self):
-        name = self.cleaned_data['recipient']
-        try:
-            user = User.objects.get(username=name)
-        except User.DoesNotExist:
-            raise forms.ValidationError(_('User with login %s does not exist') % name)
-        else:
-            return user
-
-    def save(self):
-        pm = PrivateMessage(src_user=self.user, dst_user=self.cleaned_data['recipient'])
-        pm = forms.save_instance(self, pm)
-        return pm

djangobb/djangobb_forum/models.py

@@ -331 +331 @@
         return u'%s %s' % (self.reported_by ,self.zapped)
 
-
-class PrivateMessage(models.Model):
-    dst_user = models.ForeignKey(User, verbose_name=_('Recipient'), related_name='dst_users')
-    src_user = models.ForeignKey(User, verbose_name=_('Author'), related_name='src_users')
-    read = models.BooleanField(_('Read'), blank=True, default=False)
-    created = models.DateTimeField(_('Created'), auto_now_add=True)
-    markup = models.CharField(_('Markup'), max_length=15, default=forum_settings.DEFAULT_MARKUP, choices=MARKUP_CHOICES)
-    subject = models.CharField(_('Subject'), max_length=255)
-    body = models.TextField(_('Message'))
-    body_html = models.TextField(_('HTML version'))
-    body_text = models.TextField(_('Text version'))
-
-    class Meta:
-        ordering = ['-created']
-        verbose_name = _('Private message')
-        verbose_name_plural = _('Private messages')
-
-    def __unicode__(self):
-        return self.subject
-
-    def save(self, *args, **kwargs):
-        if self.markup == 'bbcode':
-            self.body_html = bbmarkup.bbcode(self.body)
-        elif self.markup == 'markdown':
-            self.body_html = unicode(Markdown(self.body, safe_mode='escape'))
-            #self.body_html = markdown(self.body, 'safe')
-        else:
-            raise Exception('Invalid markup property: %s' % self.markup)
-        self.body_html = urlize(self.body_html)
-        if forum_settings.SMILES_SUPPORT:
-            self.body_html = smiles(self.body_html)
-        super(PrivateMessage, self).save(*args, **kwargs)
-
-    @models.permalink
-    def get_absolute_url(self):
-        return  ('djangobb:forum_show_pm', [self.id])
-
-    # TODO: summary and part of the save method is the same as in the Post model
-    # move to common functions
-    def summary(self):
-        LIMIT = 50
-        tail = len(self.body) > LIMIT and '...' or '' 
-        return self.body[:LIMIT] + tail
-
-
 class Ban(models.Model):
     user = models.OneToOneField(User, verbose_name=_('Banned user'), related_name='ban_users')

djangobb/djangobb_forum/signals.py

@@ -3 +3 @@
 from django.db.models.signals import post_save, pre_save, post_delete
 
-from djangobb_forum.subscription import notify_topic_subscribers, notify_pm_recipients
-from djangobb_forum.models import Topic, Post, PrivateMessage
+from djangobb_forum.subscription import notify_topic_subscribers
+from djangobb_forum.models import Topic, Post
 
 
@@ -23 +23 @@
 
 
-def pm_saved(instance, **kwargs):
-    notify_pm_recipients(instance) 
-
-
 def topic_saved(instance, **kwargs):
     created = kwargs.get('created')
@@ -39 +35 @@
 
 post_save.connect(post_saved, sender=Post)
-post_save.connect(pm_saved, sender=PrivateMessage)
 post_save.connect(topic_saved, sender=Topic)

djangobb/djangobb_forum/subscription.py

@@ -14 +14 @@
 See topic: %(post_url)s
 Unsubscribe %(unsubscribe_url)s""")
-
-PM_RECIPIENT_TEXT_TEMPLATE = (u"""User %(username)s have sent your the new private message.
----
-%(message)s
----
-See message online: %(pm_url)s""")
 
 
@@ -60 +54 @@
                 #html_content = html_version(post)
                 send_mail([to_email], subject, text_content)
-
-
-def notify_pm_recipients(pm):
-    if not pm.read:
-        from djangobb_forum.models import PrivateMessage 
-        subject = (u'There are new messages')
-        to_email = pm.dst_user.email
-        text_content = PM_RECIPIENT_TEXT_TEMPLATE % {
-            'username': pm.src_user.username,
-            'message': pm.body_text,
-            'pm_url': absolute_url(pm.get_absolute_url()),
-         }
-        send_mail([to_email], subject, text_content)

djangobb/djangobb_forum/templates/forum/base.html

@@ -16 +16 @@
         <link rel="stylesheet" type="text/css" href="{{ MEDIA_URL }}forum/js/markitup/sets/bbcode/style.css" />
 
-        <link rel="alternate" type="application/atom+xml" href="{% url djangobb:forum_feed "posts" %}" title="{% trans "Latest posts on forum" %}" />
-        <link rel="alternate" type="application/atom+xml" href="{% url djangobb:forum_feed "topics" %}" title="{% trans "Latest topics on forum" %}" />
+        <link rel="alternate" type="application/atom+xml" href="{% url djangobb:forum_posts_feed %}" title="{% trans "Latest posts on forum" %}" />
+        <link rel="alternate" type="application/atom+xml" href="{% url djangobb:forum_topics_feed %}" title="{% trans "Latest topics on forum" %}" />
 
         <link rel="shortcut icon" href="{{ MEDIA_URL }}forum/favicon.png" type="image/png" />

djangobb/djangobb_forum/templates/forum/delete_posts.html

@@ -8 +8 @@
                 <p class="pagelink conl">{% pagination %}</p>
                                 <ul><li><a href="{% url djangobb:index %}">{% trans "Root" %} </a></li><li>&raquo; {% link topic.forum %} </li><li>&raquo; {{ topic }} 
-                                <a href="{% url djangobb:forum_feed "topic" %}{{ topic.id }}"><img src="{{ MEDIA_URL }}/forum/img/feed-icon-small.png" alt="[RSS Feed]" title="[RSS Feed]" style="vertical-align:middle;" /></a>
+                                <a href="{% url djangobb:forum_topic_feed %}{{ topic.id }}"><img src="{{ MEDIA_URL }}/forum/img/feed-icon-small.png" alt="[RSS Feed]" title="[RSS Feed]" style="vertical-align:middle;" /></a>
                                 </li></ul>
                 <div class="clearer"></div>

djangobb/djangobb_forum/templates/forum/forum.html

@@ -17 +17 @@
 <div id="vf" class="blocktable">
         <h2>
-                <a href="{% url djangobb:forum_feed "forum" %}{{ forum.id }}"><img src="{{ MEDIA_URL }}/forum/img/feed-icon-small.png"  alt="[RSS Feed]" title="[RSS Feed]" class="rss" /></a>
+                <a href="{% url djangobb:forum_forum_feed forum.id %}"><img src="{{ MEDIA_URL }}/forum/img/feed-icon-small.png"  alt="[RSS Feed]" title="[RSS Feed]" class="rss" /></a>
                 <b><span>{{ forum.name }}</span></b>
         </h2>

djangobb/djangobb_forum/templates/forum/forum_row.html

@@ -14 +14 @@
                         </div>
                         <div class="tclcon">
-                                <h3>{% link forum %} <a href="{% url djangobb:forum_feed "forum" %}{{ forum.id }}/"><img src="{{ MEDIA_URL }}forum/img/feed-icon-small.png"  alt="[RSS Feed]" title="[RSS Feed]" class="rss" /></a></h3>
+                                <h3>{% link forum %} <a href="{% url djangobb:forum_forum_feed forum.id %}"><img src="{{ MEDIA_URL }}forum/img/feed-icon-small.png"  alt="[RSS Feed]" title="[RSS Feed]" class="rss" /></a></h3>
                                 {{ forum.description|safe }}                            
                                 <p>

djangobb/djangobb_forum/templates/forum/topic.html

@@ -14 +14 @@
                         <li>
                         <a href="{% url djangobb:index %}">{% trans "Root" %} </a></li><li>&raquo; {% link topic.forum %} </li><li>&raquo; {{ topic.name }}
-                        <a href="{% url djangobb:forum_feed "topic" %}{{ topic.id }}/"><img src="{{ MEDIA_URL }}forum/img/feed-icon-small.png" alt="[RSS Feed]" title="[RSS Feed]" class="breadcrumb_rss" /></a>
+                        <a href="{% url djangobb:forum_topic_feed topic.id %}"><img src="{{ MEDIA_URL }}forum/img/feed-icon-small.png" alt="[RSS Feed]" title="[RSS Feed]" class="breadcrumb_rss" /></a>
                         </li>
                 </ul>
@@ -134 +134 @@
                 <p class="postlink conr"><a href="{% url djangobb:add_post topic.id %}">{% trans "Reply" %}</a></p>
                                 <ul><li><a href="{% url djangobb:index %}">{% trans "Root" %} </a></li><li>&raquo; {% link topic.forum %} </li><li>&raquo; {{ topic }} 
-                                <a href="{% url djangobb:forum_feed "topic" %}{{ topic.id }}"><img src="{{ MEDIA_URL }}/forum/img/feed-icon-small.png"  alt="[RSS Feed]" title="[RSS Feed]" class="breadcrumb_rss" /></a>
+                                <a href="{% url djangobb:forum_topic_feed topic.id %}"><img src="{{ MEDIA_URL }}/forum/img/feed-icon-small.png"  alt="[RSS Feed]" title="[RSS Feed]" class="breadcrumb_rss" /></a>
                                 </li></ul>
                 {% if user.is_authenticated %}

djangobb/djangobb_forum/urls.py

@@ -5 +5 @@
 from djangobb_forum.feeds import LastPosts, LastTopics, LastPostsOnForum,\
      LastPostsOnCategory, LastPostsOnTopic
-
-feeds = {
-    'posts': LastPosts,
-    'topics': LastTopics,
-    'topic': LastPostsOnTopic,
-    'forum': LastPostsOnForum,
-    'category': LastPostsOnCategory,
-}
+     
 
 urlpatterns = patterns('',
@@ -48 +41 @@
     url('^subscription/topic/(?P<topic_id>\d+)/delete/$', forum_views.delete_subscription, name='forum_delete_subscription'),
     url('^subscription/topic/(?P<topic_id>\d+)/add/$', forum_views.add_subscription, name='forum_add_subscription'),
+    
     # Feeds
-    url(r'^feeds/(?P<url>.*)/$', 'django.contrib.syndication.views.feed',
-        {'feed_dict': feeds}, name='forum_feed'),
+    url(r'^feeds/posts/$', LastPosts(), name='forum_posts_feed'),
+    url(r'^feeds/topics/$', LastTopics(), name='forum_topics_feed'),
+    url(r'^feeds/topic/(?P<topics>\d+)/$', LastPostsOnTopic(), name='forum_topic_feed'),
+    url(r'^feeds/forum/(?P<forums>\d+)/$', LastPostsOnForum(), name='forum_forum_feed'),
+    url(r'^feeds/category/(?P<categories>\d+)/$', LastPostsOnCategory(), name='forum_category_feed'),
 )
-
 
 ### EXTENSIONS ###

djangobb/djangobb_forum/views.py

@@ -20 +20 @@
 from djangobb_forum.util import render_to, paged, build_form, paginate, set_language
 from djangobb_forum.models import Category, Forum, Topic, Post, Profile, Reputation,\
-    Report, PrivateMessage, Attachment, PostTracking
+    Report, Attachment, PostTracking
 from djangobb_forum.forms import AddPostForm, EditPostForm, UserSearchForm,\
     PostSearchForm, ReputationForm, MailToForm, EssentialsProfileForm,\
     PersonalProfileForm, MessagingProfileForm, PersonalityProfileForm,\
-    DisplayProfileForm, PrivacyProfileForm, ReportForm, UploadAvatarForm, CreatePMForm
+    DisplayProfileForm, PrivacyProfileForm, ReportForm, UploadAvatarForm
 from djangobb_forum.markups import bbmarkup
 from djangobb_forum.templatetags import forum_extras