views.py 24.5 KB
Newer Older
1
2
3
4
"""
go/views.py
"""

5
# Future Imports
David Haynes's avatar
David Haynes committed
6
7
from __future__ import (absolute_import, division, print_function,
                        unicode_literals)
8

David Haynes's avatar
David Haynes committed
9
10
11
# Python stdlib imports
from datetime import timedelta

12
# Django Imports
13
from django.conf import settings
David Haynes's avatar
David Haynes committed
14
15
16
17
from django.contrib.auth import REDIRECT_FIELD_NAME
from django.contrib.auth.decorators import login_required, user_passes_test
from django.core.exceptions import PermissionDenied  # ValidationError
from django.core.mail import EmailMessage, send_mail
18
from django.http import HttpResponseServerError  # Http404
19
from django.http import HttpResponseRedirect
David Haynes's avatar
David Haynes committed
20
from django.shortcuts import get_object_or_404, redirect, render
21
from django.utils import timezone
David Haynes's avatar
David Haynes committed
22
23

# Other imports
24
from ratelimit.decorators import ratelimit
25

26
# App Imports
David Haynes's avatar
David Haynes committed
27
from go.forms import SignupForm, URLForm
28
from go.models import URL, RegisteredUser
David Haynes's avatar
David Haynes committed
29

30

David Haynes's avatar
David Haynes committed
31
def index(request):
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
    """
    If a user is logged in, this view displays all the information about all
    of their URLs. Otherwise, it will show the public landing page
    """

    # If the user is not authenticated, show them a public landing page.
    if not request.user.is_authenticated():
        return render(request, 'public_landing.html')
    # Do not display this page to unapproved users
    if not request.user.registereduser.approved:
        return render(request, 'not_registered.html')

    # Get the current domain info
    domain = "%s://%s" % (request.scheme, request.META.get('HTTP_HOST')) + "/"

    # Grab a list of all the URL's that are currently owned by the user
    urls = URL.objects.filter(owner=request.user.registereduser)

50
    # Render my_links passing the list of URL's and Domain to the template
51
52
53
54
    return render(request, 'core/index.html', {
        'urls': urls,
        'domain': domain,
    })
Jean Michel Rouly's avatar
Jean Michel Rouly committed
55

56
@login_required
Zach Knox's avatar
Zach Knox committed
57
def new_link(request):
58
    """
David Haynes's avatar
David Haynes committed
59
    This view handles the homepage that the user is presented with when
60
    they request '/newLink'. If they're not logged in, they're redirected to
David Haynes's avatar
David Haynes committed
61
62
63
    login. If they're logged in but not registered, they're given the
    not_registered error page. If they are logged in AND registered, they
    get the URL registration form.
64
65
    """

David Haynes's avatar
David Haynes committed
66
    # If the user isn't approved, then display the you're not approved page.
67
    if not request.user.registereduser.approved:
68
        if request.user.registereduser.blocked:
Zosman's avatar
Zosman committed
69
            return render(request, 'banned.html')
70
        else:
Zosman's avatar
Zosman committed
71
            return render(request, 'not_registered.html')
72

73

David Haynes's avatar
David Haynes committed
74
    # Initialize a URL form
75
    url_form = URLForm(host=request.META.get('HTTP_HOST'))  # unbound form
76

David Haynes's avatar
David Haynes committed
77
78
    # If a POST request is received, then the user has submitted a form and it's
    # time to parse the form and create a new URL object
79
    if request.method == 'POST':
80
81
        # Now we initialize the form again but this time we have the POST
        # request
82
        url_form = URLForm(request.POST, host=request.META.get('HTTP_HOST'))
83
84
85

        # Django will check the form to make sure it's valid
        if url_form.is_valid():
86
            # Call our post method to assemble our new URL object
87
            res = post(request, url_form)
88

89
90
            # If there is a 500 error returned, handle it
            if res == 500:
91
                return HttpResponseServerError(render(request, '500.html'))
92

93
            # Redirect to the shiny new URL
94
            return redirect('view', res.short)
95

96
97
98
        # Else, there is an error, redisplay the form with the validation errors
        else:
            # Render index.html passing the form to the template
99
            return render(request, 'core/new_link.html', {
100
                'form': url_form,
101
            })
102

103

David Haynes's avatar
David Haynes committed
104
    # Render index.html passing the form to the template
Zach Knox's avatar
Zach Knox committed
105
    return render(request, 'core/new_link.html', {
106
        'form': url_form,
107
    })
Jean Michel Rouly's avatar
Jean Michel Rouly committed
108

109
@login_required
Zach Knox's avatar
Zach Knox committed
110
def my_links(request):
111
112
113
114
115
116
117
118
119
120
    """
    for compatibility, just in case
    shows the same thing as /, but requires login to be consistent with
    /newLink
    """
    if not request.user.registereduser.approved:
        if request.user.registereduser.blocked:
            return render(request, 'banned.html')
        else:
            return render(request, 'not_registered.html')
Zach Knox's avatar
Zach Knox committed
121
122
    return index(request)

David Haynes's avatar
David Haynes committed
123
# Rate limits are completely arbitrary
124
125
@ratelimit(key='user', rate='3/m', method='POST', block=True)
@ratelimit(key='user', rate='25/d', method='POST', block=True)
126
def post(request, url_form):
127
    """
128
    Helper function that handles POST requests for the URL creation
129
130
    """

131
132
    # We don't commit the url object yet because we need to add its
    # owner, and parse its date field.
133
    url = url_form.save(commit=False)
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
    url.owner = request.user.registereduser

    # If the user entered a short url, it's already been validated,
    # so accept it. If they did not, however, then generate a
    # random one and use that instead.
    short = url_form.cleaned_data.get('short').strip()

    # Check if a short URL was entered
    if len(short) > 0:
        url.short = short
    else:
        # If the user didn't enter a short url, generate a random
        # one. However, if a random one can't be generated, return
        # a 500 server error.
        random_short = URL.generate_valid_short()

        if random_short is None:
            return 500
152
        else:
153
154
155
156
157
158
159
160
161
            url.short = random_short

    # Grab the expiration field value. It's currently an unsable
    # string value, so we need to parse it into a datetime object
    # relative to right now.
    expires = url_form.cleaned_data.get('expires')

    # Determine what the expiration date is
    if expires == URLForm.DAY:
162
        url.expires = timezone.now() + timedelta(days=1)
163
    elif expires == URLForm.WEEK:
164
        url.expires = timezone.now() + timedelta(weeks=1)
165
    elif expires == URLForm.MONTH:
166
        url.expires = timezone.now() + timedelta(weeks=3)
167
168
169
170
171
172
173
174
175
176
    elif expires == URLForm.CUSTOM:
        url.expires = url_form.cleaned_data.get('expires_custom')
    else:
        pass  # leave the field NULL

    # Make sure that our new URL object is clean, then save it and
    # let's redirect to view this baby.
    url.full_clean()
    url.save()
    return url
177

David Haynes's avatar
David Haynes committed
178
def view(request, short):
179
    """
180
181
    This view allows the user to "view details" about a URL. Note that they
    do not need to be logged in to view this information.
182
    """
Jean Michel Rouly's avatar
Jean Michel Rouly committed
183

David Haynes's avatar
David Haynes committed
184
    # Get the current domain info
Nicholas Anderson's avatar
Nicholas Anderson committed
185
    domain = "%s://%s" % (request.scheme, request.META.get('HTTP_HOST')) + "/"
186

David Haynes's avatar
David Haynes committed
187
    # Get the URL that is being requested
188
    url = get_object_or_404(URL, short__iexact=short)
189

David Haynes's avatar
David Haynes committed
190
    # Render view.html passing the specified URL and Domain to the template
Jean Michel Rouly's avatar
Jean Michel Rouly committed
191
    return render(request, 'view.html', {
192
        'url': url,
193
        'domain': domain,
194
    })
195

David Haynes's avatar
David Haynes committed
196
197
198
199
200
201
202
203
204
205
@login_required
def edit(request, short):
    """
    This view allows a logged in user to edit the details of a Go link that they
    own. They can modify any value that they wish. If `short` is modified then
    we will need to create a new link and copy over stats from the previous.
    """

    # Do not allow unapproved users to edit links
    if not request.user.registereduser.approved:
David Haynes's avatar
David Haynes committed
206
207
208
209
210
        if request.user.registereduser.blocked:
            return render(request, 'banned.html')
        else:
            return render(request, 'not_registered.html')

David Haynes's avatar
David Haynes committed
211
212
213
214
215
216

    # Get the URL that is going to be edited
    url = get_object_or_404(URL, short__iexact=short)

    # If the RegisteredUser is the owner of the URL
    if url.owner == request.user.registereduser:
217

218
219
220
221
222
223
224
225
226
        # If a POST request is received, then the user has submitted a form and it's
        # time to parse the form and edit that URL object
        if request.method == 'POST':
            # Now we initialize the form again but this time we have the POST
            # request
            url_form = URLForm(request.POST, host=request.META.get('HTTP_HOST'))

            # Django will check the form to make sure it's valid
            if url_form.is_valid():
David Haynes's avatar
David Haynes committed
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
                # If the short changed then we need to create a new object and
                # migrate some data over
                if url_form.cleaned_data.get('short').strip() != url.short:
                    # Parse the form and create a new URL object
                    res = post(request, url_form)

                    # If there is a 500 error returned, handle it
                    if res == 500:
                        return HttpResponseServerError(render(request, '500.html'))

                    # We can procede with the editing process
                    else:
                        # Migrate clicks data
                        res.clicks = url.clicks
                        res.qrclicks = url.clicks
                        res.socialclicks = url.clicks

                        # Remove the old one
                        url.delete()

                        # Save the new URL
                        res.save()

                        # Redirect to the shiny new *edited URL
                        return redirect('view', res.short)

                # The short was not edited and thus, we can directly edit the url
                else:
                    if url_form.cleaned_data.get('target').strip() != url.target:
                        url.target = url_form.cleaned_data.get('target').strip()
                        url.save()

                    # Grab the expiration field value. It's currently an unsable
                    # string value, so we need to parse it into a datetime object
                    # relative to right now.
                    expires = url_form.cleaned_data.get('expires')

                    # Determine what the expiration date is
                    if expires == URLForm.DAY:
                        edited_expires = timezone.now() + timedelta(days=1)
                    elif expires == URLForm.WEEK:
                        edited_expires = timezone.now() + timedelta(weeks=1)
                    elif expires == URLForm.MONTH:
                        edited_expires = timezone.now() + timedelta(weeks=3)
                    elif expires == URLForm.CUSTOM:
                        edited_expires = url_form.cleaned_data.get('expires_custom')
                    else:
                        pass  # leave the field NULL

                    if edited_expires != url.expires:
                        url.expires = edited_expires
                        url.save()

                    # Redirect to the shiny new *edited URL
                    return redirect('view', res.short)
282
283
284
285
286
287
288
289

            # Else, there is an error, redisplay the form with the validation errors
            else:
                # Render index.html passing the form to the template
                return render(request, 'core/edit_link.html', {
                    'form': url_form
                })
        else:
David Haynes's avatar
David Haynes committed
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
            # Initial data set here
            if url.expires != None:
                # Initialize a URL form with an expire date
                url_form = URLForm(host=request.META.get('HTTP_HOST'), initial={
                    'target': url.target,
                    'short': url.short,
                    'expires': 'Custom Date',
                    'expires_custom': url.expires
                })  # unbound form
            else:
                # Initialize a URL form without an expire date
                url_form = URLForm(host=request.META.get('HTTP_HOST'), initial={
                    'target': url.target,
                    'short': url.short,
                    'expires': 'Never',
                })  # unbound form

307
308
309
310
            # Render index.html passing the form to the template
            return render(request, 'core/edit_link.html', {
                'form': url_form
            })
311

David Haynes's avatar
David Haynes committed
312
        # redirect to my_links
313
        # return redirect('my_links')
David Haynes's avatar
David Haynes committed
314
315
316
317
    else:
        # do not allow them to edit
        raise PermissionDenied()

David Haynes's avatar
David Haynes committed
318
319
@login_required
def delete(request, short):
320
    """
David Haynes's avatar
David Haynes committed
321
322
    This view deletes a URL if you have the permission to. User must be
    logged in and registered, and must also be the owner of the URL.
323
    """
Jean Michel Rouly's avatar
Jean Michel Rouly committed
324

David Haynes's avatar
David Haynes committed
325
    # Do not allow unapproved users to delete links
326
    if not request.user.registereduser.approved:
327
        return render(request, 'not_registered.html')
Jean Michel Rouly's avatar
Jean Michel Rouly committed
328

David Haynes's avatar
David Haynes committed
329
    # Get the URL that is going to be deleted
330
    url = get_object_or_404(URL, short__iexact=short)
David Haynes's avatar
David Haynes committed
331
332

    # If the RegisteredUser is the owner of the URL
333
    if url.owner == request.user.registereduser:
David Haynes's avatar
David Haynes committed
334
        # remove the URL
335
        url.delete()
David Haynes's avatar
David Haynes committed
336
        # redirect to my_links
337
338
        return redirect('my_links')
    else:
David Haynes's avatar
David Haynes committed
339
        # do not allow them to delete
340
        raise PermissionDenied()
341

342
@login_required
Jean Michel Rouly's avatar
Jean Michel Rouly committed
343
def signup(request):
344
    """
345
346
    This view presents the user with a registration form. You can register
    yourself.
347
348
    """

349
    # Do not display signup page to registered or approved users
350
    if request.user.registereduser.blocked:
351
        return render(request, 'banned.html')
352
    elif request.user.registereduser.approved:
David Haynes's avatar
David Haynes committed
353
        return redirect('/')
354
    elif request.user.registereduser.registered:
David Haynes's avatar
David Haynes committed
355
        return redirect('registered')
356

David Haynes's avatar
David Haynes committed
357
    # Initialize our signup form
358
359
360
361
362
363
    signup_form = SignupForm(
        request,
        initial={
            'full_name': request.user.first_name + " " + request.user.last_name
        }
    )
David Haynes's avatar
David Haynes committed
364
365

    # Set the full_name field to readonly since CAS will fill that in for them
366
    signup_form.fields['full_name'].widget.attrs['readonly'] = 'readonly'
Jean Michel Rouly's avatar
Jean Michel Rouly committed
367

David Haynes's avatar
David Haynes committed
368
369
    # If a POST request is received, then the user has submitted a form and it's
    # time to parse the form and create a new RegisteredUser
Jean Michel Rouly's avatar
Jean Michel Rouly committed
370
    if request.method == 'POST':
David Haynes's avatar
David Haynes committed
371
372
        # Now we initialize the form again but this time we have the POST
        # request
373
374
375
376
377
378
        signup_form = SignupForm(
            request, request.POST, instance=request.user.registereduser,
            initial={
                'full_name': request.user.first_name + " " + request.user.last_name
            }
        )
David Haynes's avatar
David Haynes committed
379
380

        # set the readonly flag again for good measure
381
        signup_form.fields['full_name'].widget.attrs['readonly'] = 'readonly'
382

David Haynes's avatar
David Haynes committed
383
        # Django will check the form to make sure it's valid
384
        if signup_form.is_valid():
David Haynes's avatar
David Haynes committed
385
            # Grab data from the form and store into variables
386
            description = signup_form.cleaned_data.get('description')
387
            full_name = signup_form.cleaned_data.get('full_name')
388
            organization = signup_form.cleaned_data.get('organization')
389

390
391
            # Only send mail if we've defined the mailserver
            if settings.EMAIL_HOST and settings.EMAIL_PORT:
root's avatar
root committed
392
                user_mail = request.user.username + settings.EMAIL_DOMAIN
393
                # Email sent to notify Admins
394
                to_admin = EmailMessage(
395
                    'Signup from %s' % (request.user.registereduser.user),
396
397
398
399
400
                    ######################
                    '%s signed up at %s\n\n'
                    'Username: %s\n'
                    'Organization: %s\n\n'
                    'Message: %s\n\n'
401
402
                    'You can contact the user directly by replying to this email or '
                    'reply all to contact the user and notfiy the mailing list.\n'
403
404
                    'Please head to go.gmu.edu/useradmin to approve or '
                    'deny this application.'
405
406
407
408
409
                    %(
                        str(full_name), str(timezone.now()).strip(),
                        str(request.user.registereduser.user), str(organization),
                        str(description)
                    ),
410
411
                    ######################
                    settings.EMAIL_FROM,
412
                    [settings.EMAIL_TO],
413
414
415
                    reply_to=[user_mail]
                )
                to_admin.send()
416
                # Confirmation email sent to Users
417
                send_mail(
418
419
420
421
422
423
424
425
426
427
428
429
430
                    'We have received your Go application!',
                    ######################
                    'Hey there %s,\n\n'
                    'The Go admins have received your application and are '
                    'currently in the process of reviewing it.\n\n'
                    'You will receive another email when you have been '
                    'approved.\n\n'
                    '- Go Admins'
                    % (str(full_name)),
                    ######################
                    settings.EMAIL_FROM,
                    [user_mail]
                )
431

David Haynes's avatar
David Haynes committed
432
433
            # Make sure that our new RegisteredUser object is clean, then save
            # it and let's redirect to tell the user they have registered.
434
            signup_form.save()
435
            return redirect('registered')
Jean Michel Rouly's avatar
Jean Michel Rouly committed
436

David Haynes's avatar
David Haynes committed
437
438
    # render signup.html passing along the form and the current registered
    # status
439
    return render(request, 'core/signup.html', {
440
        'form': signup_form,
441
        'registered': False,
442
    })
Jean Michel Rouly's avatar
Jean Michel Rouly committed
443

David Haynes's avatar
David Haynes committed
444
def redirection(request, short):
445
    """
David Haynes's avatar
David Haynes committed
446
    This view redirects a user based on the short URL they requested.
447
    """
Jean Michel Rouly's avatar
Jean Michel Rouly committed
448

David Haynes's avatar
David Haynes committed
449
450
    # Get the current domain info
    domain = "%s://%s" % (request.scheme, request.META.get('HTTP_HOST')) + "/"
Jean Michel Rouly's avatar
Jean Michel Rouly committed
451

David Haynes's avatar
David Haynes committed
452
    # Get the URL object that relates to the requested Go link
453
    url = get_object_or_404(URL, short__iexact=short)
David Haynes's avatar
David Haynes committed
454
455
    # Increment our clicks by one
    url.clicks += 1
456

David Haynes's avatar
David Haynes committed
457
    # If the user is trying to make a Go link to itself, we 404 them
458
    if url.target == domain + short:
459
        return redirect('404.html')
460

David Haynes's avatar
David Haynes committed
461
    # If the user is coming from a QR request then increment qrclicks
462
463
464
    if 'qr' in request.GET:
        url.qrclicks += 1

David Haynes's avatar
David Haynes committed
465
    # If the user is coming from a social media request then increment qrclicks
466
467
468
    if 'social' in request.GET:
        url.socialclicks += 1

David Haynes's avatar
David Haynes committed
469
    # Save our data and redirect the user towards thier destination
Jean Michel Rouly's avatar
Jean Michel Rouly committed
470
    url.save()
471
    return redirect(url.target)
Jean Michel Rouly's avatar
Jean Michel Rouly committed
472

473
474
def staff_member_required(view_func, redirect_field_name=REDIRECT_FIELD_NAME, login_url='/'):
    """
David Haynes's avatar
David Haynes committed
475
476
    Decorator function for views that checks that the user is logged in and is
    a staff member, displaying the login page if necessary.
477
478
    """

479
480
    return user_passes_test(
        lambda u: u.is_active and u.is_staff,
481
482
        login_url=login_url,
        redirect_field_name=redirect_field_name
483
484
    )(view_func)

David Haynes's avatar
David Haynes committed
485
486
@staff_member_required
def useradmin(request):
487
    """
David Haynes's avatar
David Haynes committed
488
489
    This view is a simplified admin panel, so that staff don't need to log in
    to approve links
490
    """
David Haynes's avatar
David Haynes committed
491
492

    # If we receive a POST request
493
    if request.POST:
David Haynes's avatar
David Haynes committed
494
        # Get a list of the potential victims (users)
495
        userlist = request.POST.getlist('username')
David Haynes's avatar
David Haynes committed
496
        # If we're approving users
497
        if '_approve' in request.POST:
498
            for name in userlist:
499
500
501
                to_approve = RegisteredUser.objects.get(user__username__exact=name)
                to_approve.approved = True
                to_approve.save()
David Haynes's avatar
David Haynes committed
502
503

                # Send an email letting them know they are approved
504
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
505
                    user_mail = to_approve.user.username + settings.EMAIL_DOMAIN
506
507
508
509
510
511
512
513
                    send_mail(
                        'Your Account has been Approved!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have reviewed your application and have '
                        'approved you to use Go!\n\n'
                        'Head over to go.gmu.edu to create your first address.\n\n'
                        '- Go Admins'
514
                        % (str(to_approve.full_name)),
515
516
517
518
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
Zosman's avatar
Zosman committed
519

David Haynes's avatar
David Haynes committed
520
        # If we're denying users
521
        elif '_deny' in request.POST:
522
            for name in userlist:
523
                to_deny = RegisteredUser.objects.get(user__username__exact=name)
524
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
525
                    user_mail = to_deny.user.username + settings.EMAIL_DOMAIN
David Haynes's avatar
David Haynes committed
526
                    # Send an email letting them know they are denied
527
528
529
530
531
532
533
534
535
                    send_mail(
                        'Your Account has been Denied!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have reviewed your application and have '
                        'decided to not approve you to use Go.\n\n'
                        'Please reach out to srct@gmu.edu to appeal '
                        'this decision.\n\n'
                        '- Go Admins'
536
                        % (str(to_deny.full_name)),
537
538
539
540
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
David Haynes's avatar
David Haynes committed
541
                # Delete their associated RegisteredUsers
542
                to_deny.user.delete()
543
                return HttpResponseRedirect('useradmin')
Zosman's avatar
Zosman committed
544

545
        # If we're blocking users
Zosman's avatar
draft 1    
Zosman committed
546
547
        elif '_block' in request.POST:
            for name in userlist:
548
                to_block = RegisteredUser.objects.get(user__username__exact=name)
Zosman's avatar
draft 1    
Zosman committed
549
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
550
                    user_mail = to_block.user.username + settings.EMAIL_DOMAIN
Zosman's avatar
draft 1    
Zosman committed
551
552
553
554
555
556
557
558
559
                    send_mail(
                        'Your Account has been Blocked!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have reviewed your application and have '
                        'blocked you from using Go.\n\n'
                        'Please reach out to srct@gmu.edu to appeal '
                        'this decision.\n\n'
                        '- Go Admins'
560
                        % (str(to_block.full_name)),
Zosman's avatar
draft 1    
Zosman committed
561
562
563
564
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
565
566
567
568
                to_block.blocked = True
                to_block.approved = False
                to_block.registered = False
                to_block.save()
Zosman's avatar
Zosman committed
569

570
        # If we're un-blocking users
571
572
        elif '_unblock' in request.POST:
            for name in userlist:
573
                to_un_block = RegisteredUser.objects.get(user__username__exact=name)
574
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
575
                    user_mail = to_un_block.user.username + settings.EMAIL_DOMAIN
576
                    send_mail(
577
                        'Your Account has been Un-Blocked!',
578
579
580
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have reviewed your application and have '
581
                        'Un-Blocked you from using Go.\n\n'
582
                        'If you wish to continue Go use please register again. \n\n'
583
584
                        'Congratulations! '
                        '- Go Admins'
585
                        % (str(to_un_block.full_name)),
586
587
588
589
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
590
591
                to_un_block.blocked = False
                to_un_block.save()
592
                return HttpResponseRedirect('useradmin')
593

594
        # If we're removing existing users
595
596
        elif '_remove' in request.POST:
            for name in userlist:
597
                to_remove = RegisteredUser.objects.get(user__username__exact=name)
598
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
599
                    user_mail = to_remove.user.username + settings.EMAIL_DOMAIN
600
601
602
603
604
605
606
607
                    send_mail(
                        'Your Account has been Deleted!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have decided to remove you from Go. \n\n'
                        'Please reach out to srct@gmu.edu to appeal '
                        'this decision.\n\n'
                        '- Go Admins'
608
                        % (str(to_remove.full_name)),
609
610
611
612
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
613
                to_remove.user.delete()
614
                return HttpResponseRedirect('useradmin')
615

616
    # Get a list of all RegisteredUsers that need to be approved
617
618
    need_approval = RegisteredUser.objects.filter(registered=True).filter(
        approved=False).filter(blocked=False)
Zosman's avatar
Zosman committed
619
    # Get a list of all RegisteredUsers that are currently users
620
621
    current_users = RegisteredUser.objects.filter(approved=True).filter(
        registered=True).filter(blocked=False)
Zosman's avatar
Zosman committed
622
    # Get a list of all RegisteredUsers that are blocked
623
    blocked_users = RegisteredUser.objects.filter(blocked=True)
624

David Haynes's avatar
David Haynes committed
625
    # Pass that list to the template
626
    return render(request, 'admin/useradmin.html', {
627
628
629
        'need_approval': need_approval,
        'current_users': current_users,
        'blocked_users': blocked_users
David Haynes's avatar
David Haynes committed
630
    })