views.py 15.8 KB
Newer Older
1
# Django Imports
2
from django.conf import settings
3
from django.http import HttpResponseServerError  # Http404
4
from django.utils import timezone
5
from django.core.exceptions import PermissionDenied  # ValidationError
6
from django.core.mail import send_mail, EmailMessage
7
from django.contrib.auth import REDIRECT_FIELD_NAME
David Haynes's avatar
David Haynes committed
8
from django.contrib.auth.models import User
9
from django.contrib.auth.decorators import user_passes_test, login_required
Jean Michel Rouly's avatar
Jean Michel Rouly committed
10
from django.shortcuts import render, get_object_or_404, redirect
11

12 13 14 15 16 17
# App Imports
from go.models import URL, RegisteredUser
from go.forms import URLForm, SignupForm

# Other Imports
from datetime import timedelta
Jean Michel Rouly's avatar
Jean Michel Rouly committed
18

19 20 21
# requestObject = request.RegisteredUser.objects.get(user__username__exact=user)
# if requestObject.user.registereduser.blocked != False
#     raise PermissionDenied()
Zosman's avatar
draft 1  
Zosman committed
22 23


Jean Michel Rouly's avatar
Jean Michel Rouly committed
24
def index(request):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
25 26 27 28 29 30 31
    """
    This view handles the homepage that the user is presented with when
    they request '/'. If they're not logged in, they're redirected to
    login. If they're logged in but not registered, they're given the
    not_registered error page. If they are logged in AND registered, they
    get the URL registration form.
    """
Jean Michel Rouly's avatar
Jean Michel Rouly committed
32

33 34 35
    # If the user is blocked, redirect them to the blocked page.
    if request.user.registereduser.blocked:
        return render(request, 'blocked.html')
36
    # If the user is not authenticated, show them a public landing page.
37
    elif not request.user.is_authenticated():
38
        return render(request, 'public_landing.html')
39 40
    # If the user isn't approved, don't give them any leeway.
    elif not request.user.registereduser.approved:
41 42
        return render(request, 'not_registered.html')

43

44
    url_form = URLForm(host=request.META.get('HTTP_HOST'))  # unbound form
45 46

    if request.method == 'POST':
47
        url_form = URLForm(request.POST, host=request.META.get('HTTP_HOST'))  # bind dat form
48 49
        if url_form.is_valid():

Jean Michel Rouly's avatar
Jean Michel Rouly committed
50 51
            # We don't commit the url object yet because we need to add its
            # owner, and parse its date field.
52
            url = url_form.save(commit=False)
53
            url.owner = request.user.registereduser
54

Jean Michel Rouly's avatar
Jean Michel Rouly committed
55
            # If the user entered a short url, it's already been validated,
Jean Michel Rouly's avatar
Jean Michel Rouly committed
56 57
            # so accept it. If they did not, however, then generate a
            # random one and use that instead.
58
            short = url_form.cleaned_data.get('short').strip()
59 60 61
            if len(short) > 0:
                url.short = short
            else:
62 63 64 65 66 67
                # If the user didn't enter a short url, generate a random
                # one. However, if a random one can't be generated, return
                # a 500 server error.
                random_short = URL.generate_valid_short()
                if random_short is None:
                    return HttpResponseServerError(
David Haynes's avatar
David Haynes committed
68
                        render(request, 'admin/500.html', {})
69 70 71
                    )
                else:
                    url.short = random_short
72

Jean Michel Rouly's avatar
Jean Michel Rouly committed
73 74 75
            # Grab the expiration field value. It's currently an unsable
            # string value, so we need to parse it into a datetime object
            # relative to right now.
76
            expires = url_form.cleaned_data.get('expires')
77 78 79 80 81 82 83

            if expires == URLForm.DAY:
                url.expires = timezone.now() + timedelta(days=1)
            elif expires == URLForm.WEEK:
                url.expires = timezone.now() + timedelta(weeks=1)
            elif expires == URLForm.MONTH:
                url.expires = timezone.now() + timedelta(weeks=3)
Matthew Rodgers's avatar
Matthew Rodgers committed
84 85
            elif expires == URLForm.CUSTOM:
                url.expires = url_form.cleaned_data.get('expires_custom')
86
            else:
87
                pass  # leave the field NULL
88

Jean Michel Rouly's avatar
Jean Michel Rouly committed
89 90
            # Make sure that our new URL object is clean, then save it and
            # let's redirect to view this baby.
91 92
            url.full_clean()
            url.save()
Jean Michel Rouly's avatar
Jean Michel Rouly committed
93
            return redirect('view', url.short)
94

95
    return render(request, 'core/index.html', {
96
        'form': url_form,
Jean Michel Rouly's avatar
Jean Michel Rouly committed
97 98 99
    },
    )

Jean Michel Rouly's avatar
Jean Michel Rouly committed
100

Jean Michel Rouly's avatar
Jean Michel Rouly committed
101
def view(request, short):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
102 103 104 105 106
    """
    This view allows the user to view details about a URL. Note that they
    do not need to be logged in to view info.
    """

Nicholas Anderson's avatar
Nicholas Anderson committed
107
    domain = "%s://%s" % (request.scheme, request.META.get('HTTP_HOST')) + "/"
108

109
    url = get_object_or_404(URL, short__iexact=short)
110

Jean Michel Rouly's avatar
Jean Michel Rouly committed
111
    return render(request, 'view.html', {
112
        'url': url,
113
        'domain': domain,
114 115 116
    },
    )

Jean Michel Rouly's avatar
Jean Michel Rouly committed
117

118
@login_required
119
def my_links(request):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
120 121 122 123 124
    """
    This view displays all the information about all of your URLs. You
    obviously need to be logged in to view your URLs.
    """

125
    if not request.user.registereduser.approved:
126
        return render(request, 'not_registered.html')
Jean Michel Rouly's avatar
Jean Michel Rouly committed
127

128
    urls = URL.objects.filter(owner=request.user.registereduser)
129

130
    domain = "%s://%s" % (request.scheme, request.META.get('HTTP_HOST')) + "/"
131

132
    return render(request, 'my_links.html', {
133 134
        'urls': urls,
        'domain': domain,
135 136 137
    },
    )

Jean Michel Rouly's avatar
Jean Michel Rouly committed
138

139
@login_required
140
def delete(request, short):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
141 142 143 144 145
    """
    This view deletes a URL if you have the permission to. User must be
    logged in and registered, and must also be the owner of the URL.
    """

146
    if not request.user.registereduser.approved:
147
        return render(request, 'not_registered.html')
Jean Michel Rouly's avatar
Jean Michel Rouly committed
148

149
    url = get_object_or_404(URL, short__iexact=short)
150
    if url.owner == request.user.registereduser:
151
        url.delete()
152 153
        return redirect('my_links')
    else:
154
        raise PermissionDenied()
155

Jean Michel Rouly's avatar
Jean Michel Rouly committed
156

157
@login_required
Jean Michel Rouly's avatar
Jean Michel Rouly committed
158
def signup(request):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
159
    """
160
    This view presents the user with a registration form. You can register yourself.
Jean Michel Rouly's avatar
Jean Michel Rouly committed
161
    """
162 163
    # Do not display signup page to registered or approved users
    if request.user.registereduser.approved:
David Haynes's avatar
David Haynes committed
164
        return redirect('/')
165
    elif request.user.registereduser.registered:
David Haynes's avatar
David Haynes committed
166
        return redirect('registered')
167

168 169 170
    signup_form = SignupForm(request,
        initial={'full_name': request.user.first_name + " " + request.user.last_name})
    signup_form.fields['full_name'].widget.attrs['readonly'] = 'readonly'
Jean Michel Rouly's avatar
Jean Michel Rouly committed
171 172

    if request.method == 'POST':
173 174 175
        signup_form = SignupForm(request, request.POST, instance=request.user.registereduser,
            initial={'full_name': request.user.first_name + " " + request.user.last_name})
        signup_form.fields['full_name'].widget.attrs['readonly'] = 'readonly'
176

177 178
        if signup_form.is_valid():
            description = signup_form.cleaned_data.get('description')
179
            full_name = signup_form.cleaned_data.get('full_name')
180
            organization = signup_form.cleaned_data.get('organization')
181
            registered = signup_form.cleaned_data.get('registered')
182

183 184
            # Only send mail if we've defined the mailserver
            if settings.EMAIL_HOST and settings.EMAIL_PORT:
root's avatar
root committed
185
                user_mail = request.user.username + settings.EMAIL_DOMAIN
186
                # Email sent to notify Admins
187
                to_admin = EmailMessage(
188
                    'Signup from %s' % (request.user.registereduser.user),
189 190 191 192 193
                    ######################
                    '%s signed up at %s\n\n'
                    'Username: %s\n'
                    'Organization: %s\n\n'
                    'Message: %s\n\n'
194 195
                    'You can contact the user directly by replying to this email or '
                    'reply all to contact the user and notfiy the mailing list.\n'
196 197 198
                    'Please head to go.gmu.edu/useradmin to approve or '
                    'deny this application.'
                    % (str(full_name), str(timezone.now()).strip(),
199
                    str(request.user.registereduser.user), str(organization), str(description)),
200 201
                    ######################
                    settings.EMAIL_FROM,
202 203
                    [settings.EMAIL_TO],
                    reply_to=[user_mail]
204
                ).send()
205
                # Confirmation email sent to Users
206
                send_mail(
207 208 209 210 211 212 213 214 215 216 217 218 219
                    'We have received your Go application!',
                    ######################
                    'Hey there %s,\n\n'
                    'The Go admins have received your application and are '
                    'currently in the process of reviewing it.\n\n'
                    'You will receive another email when you have been '
                    'approved.\n\n'
                    '- Go Admins'
                    % (str(full_name)),
                    ######################
                    settings.EMAIL_FROM,
                    [user_mail]
                )
220

221
            signup_form.save()
222
            return redirect('registered')
Jean Michel Rouly's avatar
Jean Michel Rouly committed
223

224
    return render(request, 'core/signup.html', {
225
        'form': signup_form,
226
        'registered': False,
Jean Michel Rouly's avatar
Jean Michel Rouly committed
227 228
    },
    )
Jean Michel Rouly's avatar
Jean Michel Rouly committed
229

Jean Michel Rouly's avatar
Jean Michel Rouly committed
230

Jean Michel Rouly's avatar
Jean Michel Rouly committed
231
def redirection(request, short):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
232 233 234
    """
    This view redirects a user based on the short URL they requested.
    """
Jean Michel Rouly's avatar
Jean Michel Rouly committed
235

236
    url = get_object_or_404(URL, short__iexact=short)
Jean Michel Rouly's avatar
Jean Michel Rouly committed
237
    url.clicks = url.clicks + 1
238

239 240
    domain = "%s://%s" % (request.scheme, request.META.get('HTTP_HOST')) + "/"
    if url.target == domain + short:
David Haynes's avatar
David Haynes committed
241
        return redirect('admin/404.html')
242

243 244 245 246 247 248
    if 'qr' in request.GET:
        url.qrclicks += 1

    if 'social' in request.GET:
        url.socialclicks += 1

Jean Michel Rouly's avatar
Jean Michel Rouly committed
249
    url.save()
250

Jean Michel Rouly's avatar
Jean Michel Rouly committed
251 252 253 254 255
    """
    Include server-side tracking because there is no template displayed to
    the user which would include javascript tracking.
    """

256 257
    from piwikapi.tracking import PiwikTracker
    from django.conf import settings
258
    # First, if PIWIK variables are undefined, don't try to push
259
    if settings.PIWIK_SITE_ID != "" and settings.PIWIK_URL != "":
260 261 262 263 264 265 266
        try:
            piwiktracker = PiwikTracker(settings.PIWIK_SITE_ID, request)
            piwiktracker.set_api_url(settings.PIWIK_URL)
            piwiktracker.do_track_page_view('Redirect to %s' % url.target)
        # Second, if we do get an error, don't let that keep us from redirecting
        except:
            pass
267

268
    return redirect(url.target)
Jean Michel Rouly's avatar
Jean Michel Rouly committed
269 270


271
def staff_member_required(view_func, redirect_field_name=REDIRECT_FIELD_NAME, login_url='/'):
272 273 274 275 276 277 278 279 280 281 282 283
    """
    Decorator for views that checks that the user is logged in and is a staff
    member, displaying the login page if necessary.
    """
    return user_passes_test(
        lambda u: u.is_active and u.is_staff,
        login_url=login_url,
        redirect_field_name=redirect_field_name
    )(view_func)


@staff_member_required
Chris Reffett's avatar
Chris Reffett committed
284
def useradmin(request):
285 286 287 288 289
    """
    This view is a simplified admin panel, so that staff don't need to log in
    to approve links
    """
    if request.POST:
290
        userlist = request.POST.getlist('username')
291
        if '_approve' in request.POST:
292
            for name in userlist:
293
                toapprove = RegisteredUser.objects.get(user__username__exact=name)
294 295
                toapprove.approved = True
                toapprove.save()
296
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
root's avatar
root committed
297
                    user_mail = toapprove.user.username + settings.EMAIL_DOMAIN
298 299 300 301 302 303 304 305 306 307 308 309 310
                    send_mail(
                        'Your Account has been Approved!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have reviewed your application and have '
                        'approved you to use Go!\n\n'
                        'Head over to go.gmu.edu to create your first address.\n\n'
                        '- Go Admins'
                        % (str(toapprove.full_name)),
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
311
        elif '_deny' in request.POST:
312
            for name in userlist:
313
                todeny = RegisteredUser.objects.get(user__username__exact=name)
314
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
David Haynes's avatar
David Haynes committed
315
                    user_mail = todeny.user.username + settings.EMAIL_DOMAIN
316 317 318 319 320 321 322 323 324 325 326 327 328 329
                    send_mail(
                        'Your Account has been Denied!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have reviewed your application and have '
                        'decided to not approve you to use Go.\n\n'
                        'Please reach out to srct@gmu.edu to appeal '
                        'this decision.\n\n'
                        '- Go Admins'
                        % (str(todeny.full_name)),
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
330
                todeny.user.delete()
Zosman's avatar
draft 1  
Zosman committed
331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350
        elif '_block' in request.POST:
            for name in userlist:
                toblock = RegisteredUser.objects.get(user__username__exact=name)
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
                    user_mail = toblock.user.username + settings.EMAIL_DOMAIN
                    send_mail(
                        'Your Account has been Blocked!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have reviewed your application and have '
                        'blocked you from using Go.\n\n'
                        'Please reach out to srct@gmu.edu to appeal '
                        'this decision.\n\n'
                        '- Go Admins'
                        % (str(toblock.full_name)),
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
                # toblock.user.delete()
351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395
                toblock.blocked = True
                toblock.approved = False
                toblock.save()
        elif '_unblock' in request.POST:
            for name in userlist:
                toUNblock = RegisteredUser.objects.get(user__username__exact=name)
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
                    user_mail = toUNblock.user.username + settings.EMAIL_DOMAIN
                    send_mail(
                        'Your Account has been Blocked!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have reviewed your application and have '
                        'unblocked you from using Go.\n\n'
                        'Congratulations! '
                        '- Go Admins'
                        % (str(toblock.full_name)),
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
                # toblock.user.delete()
                toUNblock.blocked = False
                toUNblock.approved = True
                toUNblock.save()
        elif '_remove' in request.POST:
            for name in userlist:
                toremove = RegisteredUser.objects.get(user__username__exact=name)
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
                    user_mail = toremove.user.username + settings.EMAIL_DOMAIN
                    send_mail(
                        'Your Account has been Deleted!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have decided to remove you from Go. \n\n'
                        'Please reach out to srct@gmu.edu to appeal '
                        'this decision.\n\n'
                        '- Go Admins'
                        % (str(toremove.full_name)),
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
                toremove.user.delete()

396
    need_approval = RegisteredUser.objects.filter(registered=True).filter(approved=False)
397 398
    current_users = RegisteredUser.objects.filter(approved=True).filter(registered=True)
    blocked_users = RegisteredUser.objects.filter(blocked=True)
399
    return render(request, 'admin/useradmin.html', {
400 401 402
        'need_approval': need_approval,
        'current_users': current_users,
        'blocked_users': blocked_users
403 404
    },
    )