views.py 25.4 KB
Newer Older
1 2 3
"""
go/views.py

David Haynes's avatar
David Haynes committed
4 5 6
The functions that handle a request to a given URL. Get some data, manipulate
it, and return a rendered template.
"""
David Haynes's avatar
David Haynes committed
7 8 9
# Python stdlib imports
from datetime import timedelta

10
# Django Imports
11
from django.conf import settings
12 13 14 15
from django.contrib.auth import REDIRECT_FIELD_NAME
from django.contrib.auth.decorators import login_required, user_passes_test
from django.core.exceptions import PermissionDenied  # ValidationError
from django.core.mail import EmailMessage, send_mail
16
from django.http import HttpResponseServerError  # Http404
17
from django.http import HttpResponseRedirect
18
from django.shortcuts import get_object_or_404, redirect, render
19
from django.utils import timezone
David Haynes's avatar
David Haynes committed
20 21

# Other imports
22
from ratelimit.decorators import ratelimit
23

24
# App Imports
25 26
from .forms import SignupForm, URLForm, EditForm
from .models import URL, RegisteredUser
27

David Haynes's avatar
David Haynes committed
28

David Haynes's avatar
David Haynes committed
29
def index(request):
30 31
    """
    If a user is logged in, this view displays all the information about all
32
    of their URLs. Otherwise, it will show the public landing page.
33
    """
34
    if not request.user.is_authenticated:
35
        return render(request, 'landing.html')
36 37 38
    if not request.user.registereduser.approved:
        return render(request, 'not_registered.html')

39 40
    # List of sort methods and their display name "Column" : "Name"
    SORT_METHODS = {
David Haynes's avatar
David Haynes committed
41
        "-date_created": "Most Recent",
42
        "date_created": "Oldest",
David Haynes's avatar
David Haynes committed
43 44 45 46 47
        "short": "Alphabetical (A-Z)",
        "-short": "Alphabetical (Z-A)",
        "-clicks": "Most Popular",
        "clicks": "Least Popular",
        "-expires": "Expiring Soon"
48
    }
David Haynes's avatar
David Haynes committed
49

50 51 52
    # Get the requested sort method, default to "-date_created" : "Most Recent"
    sort_method = request.GET.get('sort', '-date_created')

53
    # Get the current domain info
54
    domain = "%ss://%s" % (request.scheme, request.META.get('HTTP_HOST')) + "/"
55

56
    # Grab a list of all the URLs that are currently owned by the user
57 58
    urls = URL.objects.filter(owner=request.user.registereduser)

59 60 61 62 63 64
    # Check if provided sort method is valid, otherwise default
    if sort_method in SORT_METHODS:
        urls = urls.order_by(sort_method)
    else:
        urls = urls.order_by("-date_created")

65
    # Render my_links passing the list of URLs, Domain, and Sort Methods to
66
    # the template
67 68 69
    return render(request, 'core/index.html', {
        'urls': urls,
        'domain': domain,
70
        'sort_methods': SORT_METHODS
71
    })
72

David Haynes's avatar
David Haynes committed
73

74
@login_required
Zach Knox's avatar
Zach Knox committed
75
def new_link(request):
76
    """
David Haynes's avatar
David Haynes committed
77
    This view handles the homepage that the user is presented with when
78
    they request '/newLink'. If they're not logged in, they're redirected to
David Haynes's avatar
David Haynes committed
79 80 81
    login. If they're logged in but not registered, they're given the
    not_registered error page. If they are logged in AND registered, they
    get the URL registration form.
82
    """
David Haynes's avatar
David Haynes committed
83
    # If the user isn't approved, then display the you're not approved page.
84
    if not request.user.registereduser.approved:
85
        if request.user.registereduser.blocked:
Zosman's avatar
Zosman committed
86
            return render(request, 'banned.html')
87
        else:
Zosman's avatar
Zosman committed
88
            return render(request, 'not_registered.html')
89

David Haynes's avatar
David Haynes committed
90
    # Initialize a URL form
91
    url_form = URLForm(host=request.META.get('HTTP_HOST'))  # unbound form
92

93 94
    # If a POST request is received, then the user has submitted a form and
    # it's time to parse the form and create a new URL object
95
    if request.method == 'POST':
96 97
        # Now we initialize the form again but this time we have the POST
        # request
98
        url_form = URLForm(request.POST, host=request.META.get('HTTP_HOST'))
99 100 101

        # Django will check the form to make sure it's valid
        if url_form.is_valid():
102
            # Call our post method to assemble our new URL object
103
            res = post(request, url_form)
104

David Haynes's avatar
David Haynes committed
105
            # 500 error
106
            if res == 500:
107
                return HttpResponseServerError(render(request, '500.html'))
108

109
            # Redirect to the shiny new URL
110
            return redirect('view', res.short)
111

112 113
        # Else, there is an error, redisplay the form with the validation
        # errors
114 115
        else:
            # Render index.html passing the form to the template
116
            return render(request, 'core/new.html', {
117
                'form': url_form,
118
            })
119

David Haynes's avatar
David Haynes committed
120
    # Render index.html passing the form to the template
121
    return render(request, 'core/new.html', {
122
        'form': url_form,
123
    })
Jean Michel Rouly's avatar
Jean Michel Rouly committed
124

David Haynes's avatar
David Haynes committed
125

126
@login_required
Zach Knox's avatar
Zach Knox committed
127
def my_links(request):
128 129 130 131 132 133 134 135 136 137
    """
    for compatibility, just in case
    shows the same thing as /, but requires login to be consistent with
    /newLink
    """
    if not request.user.registereduser.approved:
        if request.user.registereduser.blocked:
            return render(request, 'banned.html')
        else:
            return render(request, 'not_registered.html')
Zach Knox's avatar
Zach Knox committed
138 139
    return index(request)

David Haynes's avatar
David Haynes committed
140
# Rate limits are completely arbitrary
David Haynes's avatar
David Haynes committed
141 142


143 144
@ratelimit(key='user', rate='3/m', method='POST', block=True)
@ratelimit(key='user', rate='25/d', method='POST', block=True)
145
def post(request, url_form):
146
    """
147
    Helper function that handles POST requests for the URL creation
148 149
    """

150 151
    # We don't commit the url object yet because we need to add its
    # owner, and parse its date field.
152
    url = url_form.save(commit=False)
153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170
    url.owner = request.user.registereduser

    # If the user entered a short url, it's already been validated,
    # so accept it. If they did not, however, then generate a
    # random one and use that instead.
    short = url_form.cleaned_data.get('short').strip()

    # Check if a short URL was entered
    if len(short) > 0:
        url.short = short
    else:
        # If the user didn't enter a short url, generate a random
        # one. However, if a random one can't be generated, return
        # a 500 server error.
        random_short = URL.generate_valid_short()

        if random_short is None:
            return 500
171
        else:
172 173 174 175 176 177 178 179 180
            url.short = random_short

    # Grab the expiration field value. It's currently an unsable
    # string value, so we need to parse it into a datetime object
    # relative to right now.
    expires = url_form.cleaned_data.get('expires')

    # Determine what the expiration date is
    if expires == URLForm.DAY:
181
        url.expires = timezone.now() + timedelta(days=1)
182
    elif expires == URLForm.WEEK:
183
        url.expires = timezone.now() + timedelta(weeks=1)
184
    elif expires == URLForm.MONTH:
185
        url.expires = timezone.now() + timedelta(weeks=3)
186 187 188 189 190 191 192 193 194 195
    elif expires == URLForm.CUSTOM:
        url.expires = url_form.cleaned_data.get('expires_custom')
    else:
        pass  # leave the field NULL

    # Make sure that our new URL object is clean, then save it and
    # let's redirect to view this baby.
    url.full_clean()
    url.save()
    return url
196

David Haynes's avatar
David Haynes committed
197

David Haynes's avatar
David Haynes committed
198
def view(request, short):
199
    """
200 201
    This view allows the user to "view details" about a URL. Note that they
    do not need to be logged in to view this information.
202
    """
203

David Haynes's avatar
David Haynes committed
204
    # Get the current domain info
205
    domain = "%ss://%s" % (request.scheme, request.META.get('HTTP_HOST')) + "/"
206

David Haynes's avatar
David Haynes committed
207
    # Get the URL that is being requested
208
    url = get_object_or_404(URL, short__iexact=short)
209

David Haynes's avatar
David Haynes committed
210
    # Render view.html passing the specified URL and Domain to the template
Jean Michel Rouly's avatar
Jean Michel Rouly committed
211
    return render(request, 'view.html', {
212
        'url': url,
213
        'domain': domain,
214
    })
215

David Haynes's avatar
David Haynes committed
216

David Haynes's avatar
David Haynes committed
217
@login_required
218
def edit(request, short):
219
    """
220 221 222
    This view allows a logged in user to edit the details of a Go link that they
    own. They can modify any value that they wish. If `short` is modified then
    we will need to create a new link and copy over stats from the previous.
223
    """
224

225
    # Do not allow unapproved users to edit links
226
    if not request.user.registereduser.approved:
David Haynes's avatar
David Haynes committed
227 228 229 230
        if request.user.registereduser.blocked:
            return render(request, 'banned.html')
        else:
            return render(request, 'not_registered.html')
231

232 233
    # Get the URL that is going to be edited
    url = get_object_or_404(URL, short__iexact=short)
David Haynes's avatar
David Haynes committed
234

235 236
    # If the RegisteredUser is the owner of the URL
    if url.owner == request.user.registereduser:
237

238 239 240 241 242
        # If a POST request is received, then the user has submitted a form and it's
        # time to parse the form and edit that URL object
        if request.method == 'POST':
            # Now we initialize the form again but this time we have the POST
            # request
David Haynes's avatar
David Haynes committed
243 244
            url_form = EditForm(
                request.POST, host=request.META.get('HTTP_HOST'))
245

246 247 248 249 250
            # Make a copy of the old URL
            copy = url
            # Remove the old one
            url.delete()

251 252
            # Django will check the form to make sure it's valid
            if url_form.is_valid():
David Haynes's avatar
David Haynes committed
253 254
                # If the short changed then we need to create a new object and
                # migrate some data over
255
                if url_form.cleaned_data.get('short').strip() != copy.short:
David Haynes's avatar
David Haynes committed
256 257 258 259 260 261 262 263 264 265
                    # Parse the form and create a new URL object
                    res = post(request, url_form)

                    # If there is a 500 error returned, handle it
                    if res == 500:
                        return HttpResponseServerError(render(request, '500.html'))

                    # We can procede with the editing process
                    else:
                        # Migrate clicks data
266
                        res.clicks = copy.clicks
David Haynes's avatar
David Haynes committed
267 268
                        res.qrclicks = copy.qrclicks
                        res.socialclicks = copy.socialclicks
David Haynes's avatar
David Haynes committed
269 270 271 272 273 274 275 276 277

                        # Save the new URL
                        res.save()

                        # Redirect to the shiny new *edited URL
                        return redirect('view', res.short)

                # The short was not edited and thus, we can directly edit the url
                else:
278 279 280
                    if url_form.cleaned_data.get('destination').strip() != copy.destination:
                        copy.destination = url_form.cleaned_data.get(
                            'destination').strip()
281
                        copy.save()
David Haynes's avatar
David Haynes committed
282 283 284 285 286 287 288 289 290 291 292 293 294 295

                    # Grab the expiration field value. It's currently an unsable
                    # string value, so we need to parse it into a datetime object
                    # relative to right now.
                    expires = url_form.cleaned_data.get('expires')

                    # Determine what the expiration date is
                    if expires == URLForm.DAY:
                        edited_expires = timezone.now() + timedelta(days=1)
                    elif expires == URLForm.WEEK:
                        edited_expires = timezone.now() + timedelta(weeks=1)
                    elif expires == URLForm.MONTH:
                        edited_expires = timezone.now() + timedelta(weeks=3)
                    elif expires == URLForm.CUSTOM:
David Haynes's avatar
David Haynes committed
296 297
                        edited_expires = url_form.cleaned_data.get(
                            'expires_custom')
David Haynes's avatar
David Haynes committed
298 299 300
                    else:
                        pass  # leave the field NULL

301 302 303
                    if edited_expires != copy.expires:
                        copy.expires = edited_expires
                        copy.save()
David Haynes's avatar
David Haynes committed
304 305

                    # Redirect to the shiny new *edited URL
306
                    return redirect('view', copy.short)
307 308 309 310 311 312 313 314

            # Else, there is an error, redisplay the form with the validation errors
            else:
                # Render index.html passing the form to the template
                return render(request, 'core/edit_link.html', {
                    'form': url_form
                })
        else:
David Haynes's avatar
David Haynes committed
315 316 317
            # Initial data set here
            if url.expires != None:
                # Initialize a URL form with an expire date
318
                url_form = EditForm(host=request.META.get('HTTP_HOST'), initial={
319
                    'destination': url.destination,
David Haynes's avatar
David Haynes committed
320 321 322 323 324 325
                    'short': url.short,
                    'expires': 'Custom Date',
                    'expires_custom': url.expires
                })  # unbound form
            else:
                # Initialize a URL form without an expire date
326
                url_form = EditForm(host=request.META.get('HTTP_HOST'), initial={
327
                    'destination': url.destination,
David Haynes's avatar
David Haynes committed
328 329 330 331
                    'short': url.short,
                    'expires': 'Never',
                })  # unbound form

332 333 334 335
            # Render index.html passing the form to the template
            return render(request, 'core/edit_link.html', {
                'form': url_form
            })
336 337 338
    else:
        # do not allow them to edit
        raise PermissionDenied()
339

David Haynes's avatar
David Haynes committed
340

David Haynes's avatar
David Haynes committed
341 342
@login_required
def delete(request, short):
343
    """
David Haynes's avatar
David Haynes committed
344 345
    This view deletes a URL if you have the permission to. User must be
    logged in and registered, and must also be the owner of the URL.
346
    """
David Haynes's avatar
David Haynes committed
347
    # Do not allow unapproved users to delete links
348
    if not request.user.registereduser.approved:
349
        return render(request, 'not_registered.html')
350

David Haynes's avatar
David Haynes committed
351
    # Get the URL that is going to be deleted
352
    url = get_object_or_404(URL, short__iexact=short)
David Haynes's avatar
David Haynes committed
353 354

    # If the RegisteredUser is the owner of the URL
David Haynes's avatar
David Haynes committed
355
    if url.owner == request.user.registereduser:
David Haynes's avatar
David Haynes committed
356 357 358 359
        # remove the URL
        url.delete()
        # redirect to my_links
        return redirect('my_links')
360
    else:
David Haynes's avatar
David Haynes committed
361
        # do not allow them to delete
362
        raise PermissionDenied()
363

David Haynes's avatar
David Haynes committed
364

365
@login_required
Jean Michel Rouly's avatar
Jean Michel Rouly committed
366
def signup(request):
367
    """
368 369
    This view presents the user with a registration form. You can register
    yourself.
370 371
    """

372
    # Do not display signup page to registered or approved users
373
    if request.user.registereduser.blocked:
374
        return render(request, 'banned.html')
375
    elif request.user.registereduser.approved:
David Haynes's avatar
David Haynes committed
376
        return redirect('/')
377
    elif request.user.registereduser.registered:
David Haynes's avatar
David Haynes committed
378
        return redirect('registered')
379

David Haynes's avatar
David Haynes committed
380
    # Initialize our signup form
381 382 383 384 385 386
    signup_form = SignupForm(
        request,
        initial={
            'full_name': request.user.first_name + " " + request.user.last_name
        }
    )
David Haynes's avatar
David Haynes committed
387 388

    # Set the full_name field to readonly since CAS will fill that in for them
389
    signup_form.fields['full_name'].widget.attrs['readonly'] = 'readonly'
390

David Haynes's avatar
David Haynes committed
391 392
    # If a POST request is received, then the user has submitted a form and it's
    # time to parse the form and create a new RegisteredUser
393
    if request.method == 'POST':
David Haynes's avatar
David Haynes committed
394 395
        # Now we initialize the form again but this time we have the POST
        # request
396 397 398 399 400 401
        signup_form = SignupForm(
            request, request.POST, instance=request.user.registereduser,
            initial={
                'full_name': request.user.first_name + " " + request.user.last_name
            }
        )
David Haynes's avatar
David Haynes committed
402 403

        # set the readonly flag again for good measure
404
        signup_form.fields['full_name'].widget.attrs['readonly'] = 'readonly'
405

David Haynes's avatar
David Haynes committed
406
        # Django will check the form to make sure it's valid
407
        if signup_form.is_valid():
David Haynes's avatar
David Haynes committed
408
            # Grab data from the form and store into variables
409
            description = signup_form.cleaned_data.get('description')
410
            full_name = signup_form.cleaned_data.get('full_name')
411
            organization = signup_form.cleaned_data.get('organization')
412

413 414
            # Only send mail if we've defined the mailserver
            if settings.EMAIL_HOST and settings.EMAIL_PORT:
root's avatar
root committed
415
                user_mail = request.user.username + settings.EMAIL_DOMAIN
416
                # Email sent to notify Admins
417
                to_admin = EmailMessage(
418
                    'Signup from %s' % (request.user.registereduser.user),
419
                    ######################
David Haynes's avatar
David Haynes committed
420 421 422 423 424 425 426 427 428 429 430 431
                    """
                    %s signed up at %s\n\n

                    Username: %s\n
                    Organization: %s\n\n

                    Message: %s\n\n

                    You can contact the user directly by replying to this email or reply all to contact the user and notify the mailing list.\n
                    Please head to go.gmu.edu/manage to approve or deny this application.'
                    """
                    % (
432 433 434 435
                        str(full_name), str(timezone.now()).strip(),
                        str(request.user.registereduser.user), str(organization),
                        str(description)
                    ),
436 437
                    ######################
                    settings.EMAIL_FROM,
438
                    [settings.EMAIL_TO],
439 440 441
                    reply_to=[user_mail]
                )
                to_admin.send()
442
                # Confirmation email sent to Users
443
                send_mail(
444 445
                    'We have received your Go application!',
                    ######################
David Haynes's avatar
David Haynes committed
446 447 448 449 450 451 452 453 454
                    """
                    Hey there %s,\n\n

                    The Go admins have received your application and are currently in the process of reviewing it.\n\n

                    You will receive another email when you have been approved.\n\n

                    - Go Admins
                    """
455 456 457 458 459
                    % (str(full_name)),
                    ######################
                    settings.EMAIL_FROM,
                    [user_mail]
                )
460

David Haynes's avatar
David Haynes committed
461 462
            # Make sure that our new RegisteredUser object is clean, then save
            # it and let's redirect to tell the user they have registered.
463
            signup_form.save()
464
            return redirect('registered')
Jean Michel Rouly's avatar
Jean Michel Rouly committed
465

David Haynes's avatar
David Haynes committed
466 467
    # render signup.html passing along the form and the current registered
    # status
468
    return render(request, 'core/signup.html', {
469
        'form': signup_form,
470
        'registered': False,
471
    })
Jean Michel Rouly's avatar
Jean Michel Rouly committed
472

David Haynes's avatar
David Haynes committed
473

David Haynes's avatar
David Haynes committed
474
def redirection(request, short):
475
    """
David Haynes's avatar
David Haynes committed
476
    This view redirects a user based on the short URL they requested.
477
    """
Jean Michel Rouly's avatar
Jean Michel Rouly committed
478

David Haynes's avatar
David Haynes committed
479 480
    # Get the current domain info
    domain = "%s://%s" % (request.scheme, request.META.get('HTTP_HOST')) + "/"
David Haynes's avatar
David Haynes committed
481

David Haynes's avatar
David Haynes committed
482
    # Get the URL object that relates to the requested Go link
483
    url = get_object_or_404(URL, short__iexact=short)
David Haynes's avatar
David Haynes committed
484 485
    # Increment our clicks by one
    url.clicks += 1
Eyad Hasan's avatar
Eyad Hasan committed
486 487 488
    # Get the URL short link
    doesExist = URL.objects.get(short__iexact=short)
    # Checks to see if the link exists, if not we 404 the user.
David Haynes's avatar
David Haynes committed
489
    if doesExist.destination is None:
Eyad Hasan's avatar
Eyad Hasan committed
490
        return redirect('go/404.html')
David Haynes's avatar
David Haynes committed
491
    # If the user is trying to make a Go link to itself, we 404 them
David Haynes's avatar
David Haynes committed
492
    if url.destination == domain + short:
493
        return redirect('404.html')
494

David Haynes's avatar
David Haynes committed
495
    # If the user is coming from a QR request then increment qrclicks
496 497 498
    if 'qr' in request.GET:
        url.qrclicks += 1

David Haynes's avatar
David Haynes committed
499
    # If the user is coming from a social media request then increment qrclicks
500 501 502
    if 'social' in request.GET:
        url.socialclicks += 1

David Haynes's avatar
David Haynes committed
503
    # Save our data and redirect the user towards their destination
Jean Michel Rouly's avatar
Jean Michel Rouly committed
504
    url.save()
David Haynes's avatar
David Haynes committed
505
    return redirect(url.destination)
506

David Haynes's avatar
David Haynes committed
507

508 509
def staff_member_required(view_func, redirect_field_name=REDIRECT_FIELD_NAME, login_url='/'):
    """
David Haynes's avatar
David Haynes committed
510 511
    Decorator function for views that checks that the user is logged in and is
    a staff member, displaying the login page if necessary.
512
    """
513 514
    return user_passes_test(
        lambda u: u.is_active and u.is_staff,
515 516
        login_url=login_url,
        redirect_field_name=redirect_field_name
517 518
    )(view_func)

David Haynes's avatar
David Haynes committed
519

David Haynes's avatar
David Haynes committed
520 521
@staff_member_required
def useradmin(request):
522
    """
David Haynes's avatar
David Haynes committed
523 524
    This view is a simplified admin panel, so that staff don't need to log in
    to approve links
525
    """
David Haynes's avatar
David Haynes committed
526 527

    # If we receive a POST request
528
    if request.POST:
David Haynes's avatar
David Haynes committed
529
        # Get a list of the potential victims (users)
530
        userlist = request.POST.getlist('username')
David Haynes's avatar
David Haynes committed
531
        # If we're approving users
532
        if '_approve' in request.POST:
533
            for name in userlist:
David Haynes's avatar
David Haynes committed
534 535
                to_approve = RegisteredUser.objects.get(
                    user__username__exact=name)
536 537
                to_approve.approved = True
                to_approve.save()
David Haynes's avatar
David Haynes committed
538 539

                # Send an email letting them know they are approved
540
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
541
                    user_mail = to_approve.user.username + settings.EMAIL_DOMAIN
542 543 544 545 546 547 548 549
                    send_mail(
                        'Your Account has been Approved!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have reviewed your application and have '
                        'approved you to use Go!\n\n'
                        'Head over to go.gmu.edu to create your first address.\n\n'
                        '- Go Admins'
550
                        % (str(to_approve.full_name)),
551 552 553 554
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
Zosman's avatar
Zosman committed
555

David Haynes's avatar
David Haynes committed
556
        # If we're denying users
557
        elif '_deny' in request.POST:
558
            for name in userlist:
David Haynes's avatar
David Haynes committed
559 560
                to_deny = RegisteredUser.objects.get(
                    user__username__exact=name)
561
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
562
                    user_mail = to_deny.user.username + settings.EMAIL_DOMAIN
David Haynes's avatar
David Haynes committed
563
                    # Send an email letting them know they are denied
564 565 566 567 568 569 570 571 572
                    send_mail(
                        'Your Account has been Denied!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have reviewed your application and have '
                        'decided to not approve you to use Go.\n\n'
                        'Please reach out to srct@gmu.edu to appeal '
                        'this decision.\n\n'
                        '- Go Admins'
573
                        % (str(to_deny.full_name)),
574 575 576 577
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
David Haynes's avatar
David Haynes committed
578
                # Delete their associated RegisteredUsers
579
                to_deny.user.delete()
David Haynes's avatar
David Haynes committed
580
                return HttpResponseRedirect('manage')
Zosman's avatar
Zosman committed
581

582
        # If we're blocking users
Zosman's avatar
Zosman committed
583 584
        elif '_block' in request.POST:
            for name in userlist:
David Haynes's avatar
David Haynes committed
585 586
                to_block = RegisteredUser.objects.get(
                    user__username__exact=name)
Zosman's avatar
Zosman committed
587
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
588
                    user_mail = to_block.user.username + settings.EMAIL_DOMAIN
Zosman's avatar
Zosman committed
589 590 591 592 593 594 595 596 597
                    send_mail(
                        'Your Account has been Blocked!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have reviewed your application and have '
                        'blocked you from using Go.\n\n'
                        'Please reach out to srct@gmu.edu to appeal '
                        'this decision.\n\n'
                        '- Go Admins'
598
                        % (str(to_block.full_name)),
Zosman's avatar
Zosman committed
599 600 601 602
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
603 604 605 606
                to_block.blocked = True
                to_block.approved = False
                to_block.registered = False
                to_block.save()
Zosman's avatar
Zosman committed
607

608
        # If we're un-blocking users
609 610
        elif '_unblock' in request.POST:
            for name in userlist:
David Haynes's avatar
David Haynes committed
611 612
                to_un_block = RegisteredUser.objects.get(
                    user__username__exact=name)
613
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
614
                    user_mail = to_un_block.user.username + settings.EMAIL_DOMAIN
615
                    send_mail(
616
                        'Your Account has been Un-Blocked!',
617 618 619
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have reviewed your application and have '
620
                        'Un-Blocked you from using Go.\n\n'
621
                        'If you wish to continue Go use please register again. \n\n'
622 623
                        'Congratulations! '
                        '- Go Admins'
624
                        % (str(to_un_block.full_name)),
625 626 627 628
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
629 630
                to_un_block.blocked = False
                to_un_block.save()
David Haynes's avatar
David Haynes committed
631
                return HttpResponseRedirect('manage')
632

633
        # If we're removing existing users
634 635
        elif '_remove' in request.POST:
            for name in userlist:
David Haynes's avatar
David Haynes committed
636 637
                to_remove = RegisteredUser.objects.get(
                    user__username__exact=name)
638
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
639
                    user_mail = to_remove.user.username + settings.EMAIL_DOMAIN
640 641 642 643 644 645 646 647
                    send_mail(
                        'Your Account has been Deleted!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have decided to remove you from Go. \n\n'
                        'Please reach out to srct@gmu.edu to appeal '
                        'this decision.\n\n'
                        '- Go Admins'
648
                        % (str(to_remove.full_name)),
649 650 651 652
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
653
                to_remove.user.delete()
David Haynes's avatar
David Haynes committed
654
                return HttpResponseRedirect('manage')
655

656
    # Get a list of all RegisteredUsers that need to be approved
David Haynes's avatar
David Haynes committed
657 658
    need_approval = RegisteredUser.objects.filter(
        registered=True).filter(approved=False).filter(blocked=False)
Zosman's avatar
Zosman committed
659
    # Get a list of all RegisteredUsers that are currently users
David Haynes's avatar
David Haynes committed
660 661
    current_users = RegisteredUser.objects.filter(
        approved=True).filter(registered=True).filter(blocked=False)
Zosman's avatar
Zosman committed
662
    # Get a list of all RegisteredUsers that are blocked
663
    blocked_users = RegisteredUser.objects.filter(blocked=True)
664

David Haynes's avatar
David Haynes committed
665
    # Pass that list to the template
666
    return render(request, 'manage.html', {
667 668 669
        'need_approval': need_approval,
        'current_users': current_users,
        'blocked_users': blocked_users
David Haynes's avatar
David Haynes committed
670
    })