views.py 13.3 KB
Newer Older
1
# Django Imports
2
from django.conf import settings
3
from django.http import HttpResponseServerError  # Http404
4
from django.utils import timezone
5
from django.core.exceptions import PermissionDenied  # ValidationError
6
from django.core.mail import send_mail, EmailMessage
7
from django.contrib.auth import REDIRECT_FIELD_NAME
David Haynes's avatar
David Haynes committed
8
from django.contrib.auth.models import User
9
from django.contrib.auth.decorators import user_passes_test, login_required
Jean Michel Rouly's avatar
Jean Michel Rouly committed
10
from django.shortcuts import render, get_object_or_404, redirect
11

12 13 14 15 16 17
# App Imports
from go.models import URL, RegisteredUser
from go.forms import URLForm, SignupForm

# Other Imports
from datetime import timedelta
Jean Michel Rouly's avatar
Jean Michel Rouly committed
18 19 20 21 22 23 24

##############################################################################
"""
Define useful helper methods here.
"""


25
def is_approved(user):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
26 27
    """
    This function checks if a user account has a corresponding RegisteredUser,
28
    thus checking if the user is approved.
Jean Michel Rouly's avatar
Jean Michel Rouly committed
29
    """
David Haynes's avatar
David Haynes committed
30
    return user.RegisteredUser
Jean Michel Rouly's avatar
Jean Michel Rouly committed
31

32 33 34 35 36
def is_registered(user):
    """
    This function checks if a user account has a corresponding RegisteredUser,
    thus checking if the user is registered.
    """
David Haynes's avatar
David Haynes committed
37
    return user.registereduser.requested
38

Jean Michel Rouly's avatar
Jean Michel Rouly committed
39 40 41 42 43 44
##############################################################################
"""
Define user views here.
"""


Jean Michel Rouly's avatar
Jean Michel Rouly committed
45
def index(request):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
46 47 48 49 50 51 52
    """
    This view handles the homepage that the user is presented with when
    they request '/'. If they're not logged in, they're redirected to
    login. If they're logged in but not registered, they're given the
    not_registered error page. If they are logged in AND registered, they
    get the URL registration form.
    """
Jean Michel Rouly's avatar
Jean Michel Rouly committed
53

54 55 56 57
    # If the user is not authenticated, show them a public landing page.
    if not request.user.is_authenticated():
        return render(request, 'public_landing.html')

Jean Michel Rouly's avatar
Jean Michel Rouly committed
58
    # If the user isn't registered, don't give them any leeway.
59
    if not is_approved(request.user):
60 61
        return render(request, 'not_registered.html')

62
    url_form = URLForm(host=request.META.get('HTTP_HOST'))  # unbound form
63 64

    if request.method == 'POST':
65
        url_form = URLForm(request.POST, host=request.META.get('HTTP_HOST'))  # bind dat form
66 67
        if url_form.is_valid():

Jean Michel Rouly's avatar
Jean Michel Rouly committed
68 69
            # We don't commit the url object yet because we need to add its
            # owner, and parse its date field.
70 71 72
            url = url_form.save(commit=False)
            url.owner = request.user

Jean Michel Rouly's avatar
Jean Michel Rouly committed
73
            # If the user entered a short url, it's already been validated,
Jean Michel Rouly's avatar
Jean Michel Rouly committed
74 75
            # so accept it. If they did not, however, then generate a
            # random one and use that instead.
76
            short = url_form.cleaned_data.get('short').strip()
77 78 79
            if len(short) > 0:
                url.short = short
            else:
80 81 82 83 84 85
                # If the user didn't enter a short url, generate a random
                # one. However, if a random one can't be generated, return
                # a 500 server error.
                random_short = URL.generate_valid_short()
                if random_short is None:
                    return HttpResponseServerError(
86
                        render(request, '500.html', {})
87 88 89
                    )
                else:
                    url.short = random_short
90

Jean Michel Rouly's avatar
Jean Michel Rouly committed
91 92 93
            # Grab the expiration field value. It's currently an unsable
            # string value, so we need to parse it into a datetime object
            # relative to right now.
94
            expires = url_form.cleaned_data.get('expires')
95 96 97 98 99 100 101

            if expires == URLForm.DAY:
                url.expires = timezone.now() + timedelta(days=1)
            elif expires == URLForm.WEEK:
                url.expires = timezone.now() + timedelta(weeks=1)
            elif expires == URLForm.MONTH:
                url.expires = timezone.now() + timedelta(weeks=3)
Matthew Rodgers's avatar
Matthew Rodgers committed
102 103
            elif expires == URLForm.CUSTOM:
                url.expires = url_form.cleaned_data.get('expires_custom')
104
            else:
105
                pass  # leave the field NULL
106

Jean Michel Rouly's avatar
Jean Michel Rouly committed
107 108
            # Make sure that our new URL object is clean, then save it and
            # let's redirect to view this baby.
109 110
            url.full_clean()
            url.save()
Jean Michel Rouly's avatar
Jean Michel Rouly committed
111
            return redirect('view', url.short)
112

113
    return render(request, 'core/index.html', {
114
        'form': url_form,
Jean Michel Rouly's avatar
Jean Michel Rouly committed
115 116 117
    },
    )

Jean Michel Rouly's avatar
Jean Michel Rouly committed
118

Jean Michel Rouly's avatar
Jean Michel Rouly committed
119
def view(request, short):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
120 121 122 123 124
    """
    This view allows the user to view details about a URL. Note that they
    do not need to be logged in to view info.
    """

Nicholas Anderson's avatar
Nicholas Anderson committed
125
    domain = "%s://%s" % (request.scheme, request.META.get('HTTP_HOST')) + "/"
126

127
    url = get_object_or_404(URL, short__iexact=short)
128

Jean Michel Rouly's avatar
Jean Michel Rouly committed
129
    return render(request, 'view.html', {
130
        'url': url,
131
        'domain': domain,
132 133 134
    },
    )

Jean Michel Rouly's avatar
Jean Michel Rouly committed
135

136
@login_required
137
def my_links(request):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
138 139 140 141 142
    """
    This view displays all the information about all of your URLs. You
    obviously need to be logged in to view your URLs.
    """

143
    if not is_approved(request.user):
144
        return render(request, 'not_registered.html')
Jean Michel Rouly's avatar
Jean Michel Rouly committed
145

146
    urls = URL.objects.filter(owner=request.user)
147

148
    domain = "%s://%s" % (request.scheme, request.META.get('HTTP_HOST')) + "/"
149

150
    return render(request, 'my_links.html', {
151 152
        'urls': urls,
        'domain': domain,
153 154 155
    },
    )

Jean Michel Rouly's avatar
Jean Michel Rouly committed
156

157
@login_required
158
def delete(request, short):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
159 160 161 162 163
    """
    This view deletes a URL if you have the permission to. User must be
    logged in and registered, and must also be the owner of the URL.
    """

164
    if not is_approved(request.user):
165
        return render(request, 'not_registered.html')
Jean Michel Rouly's avatar
Jean Michel Rouly committed
166

167
    url = get_object_or_404(URL, short__iexact=short)
168 169
    if url.owner == request.user:
        url.delete()
170 171
        return redirect('my_links')
    else:
172
        raise PermissionDenied()
173

Jean Michel Rouly's avatar
Jean Michel Rouly committed
174

175
@login_required
Jean Michel Rouly's avatar
Jean Michel Rouly committed
176
def signup(request):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
177 178 179 180 181
    """
    This view presents the user with a registration form. You can register
    yourself, or another person.

    """
182
    # Do not display signup page to registered or approved users (Staff can still see these pages)
183
    if is_registered(request.user) and not request.user.is_staff:
184
        return render(request, 'core/signup.html', {
185
            'registered': True,
186 187 188 189
            'approved': False,
        },
        )
    elif is_approved(request.user) and not request.user.is_staff:
190
        return render(request, 'core/signup.html', {
191 192
            'registered': True,
            'approved': True,
193 194 195
        },
        )

David Haynes's avatar
David Haynes committed
196 197
    signup_form = SignupForm(request, initial={'username': request.user.username})

198 199
    # Non-staff have the username field read-only and pre-filled
    if request.user.is_staff:
David Haynes's avatar
David Haynes committed
200
        signup_form = SignupForm(request)
201
    else:
David Haynes's avatar
David Haynes committed
202 203
        signup_form = SignupForm(request,
            initial={'username': request.user.username, 'full_name': request.user.first_name + " " + request.user.last_name})
204
        signup_form.fields['username'].widget.attrs['readonly'] = 'readonly'
Jean Michel Rouly's avatar
Jean Michel Rouly committed
205 206

    if request.method == 'POST':
David Haynes's avatar
David Haynes committed
207 208 209
        signup_form = SignupForm(request, request.POST,
            initial={'approved': False, 'username': request.user.username})
        signup_form.fields['username'].widget.attrs['readonly'] = 'readonly'
210

211
        if signup_form.is_valid():
212 213 214 215
            if not request.user.is_staff:
                username = request.user.username
            else:
                username = signup_form.cleaned_data.get('username')
216 217
            full_name = signup_form.cleaned_data.get('full_name')
            description = signup_form.cleaned_data.get('description')
218
            organization = signup_form.cleaned_data.get('organization')
219

220 221
            # Only send mail if we've defined the mailserver
            if settings.EMAIL_HOST and settings.EMAIL_PORT:
222 223
                user_mail = username + settings.EMAIL_DOMAIN
                # Email sent to notify Admins
224
                to_admin = EmailMessage(
225 226 227 228 229 230
                    'Signup from %s' % (request.user.username),
                    ######################
                    '%s signed up at %s\n\n'
                    'Username: %s\n'
                    'Organization: %s\n\n'
                    'Message: %s\n\n'
231 232
                    'You can contact the user directly by replying to this email or '
                    'reply all to contact the user and notfiy the mailing list.\n'
233 234 235 236 237 238
                    'Please head to go.gmu.edu/useradmin to approve or '
                    'deny this application.'
                    % (str(full_name), str(timezone.now()).strip(),
                    str(request.user.username), str(organization), str(description)),
                    ######################
                    settings.EMAIL_FROM,
239 240 241
                    [settings.EMAIL_TO],
                    reply_to=[user_mail]
                ).send(fail_silently=False)
242
                # Confirmation email sent to Users
243
                send_mail(
244 245 246 247 248 249 250 251 252 253 254 255 256
                    'We have received your Go application!',
                    ######################
                    'Hey there %s,\n\n'
                    'The Go admins have received your application and are '
                    'currently in the process of reviewing it.\n\n'
                    'You will receive another email when you have been '
                    'approved.\n\n'
                    '- Go Admins'
                    % (str(full_name)),
                    ######################
                    settings.EMAIL_FROM,
                    [user_mail]
                )
257
            signup_form.save()
258
            return redirect('registered')
Jean Michel Rouly's avatar
Jean Michel Rouly committed
259

260
    return render(request, 'core/signup.html', {
261
        'form': signup_form,
262
        'registered': False,
Jean Michel Rouly's avatar
Jean Michel Rouly committed
263 264
    },
    )
Jean Michel Rouly's avatar
Jean Michel Rouly committed
265

Jean Michel Rouly's avatar
Jean Michel Rouly committed
266

Jean Michel Rouly's avatar
Jean Michel Rouly committed
267
def redirection(request, short):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
268 269 270
    """
    This view redirects a user based on the short URL they requested.
    """
Jean Michel Rouly's avatar
Jean Michel Rouly committed
271

272
    url = get_object_or_404(URL, short__iexact=short)
Jean Michel Rouly's avatar
Jean Michel Rouly committed
273
    url.clicks = url.clicks + 1
274

275 276 277 278
    domain = "%s://%s" % (request.scheme, request.META.get('HTTP_HOST')) + "/"
    if url.target == domain + short:
        return redirect('404.html')

279 280 281 282 283 284
    if 'qr' in request.GET:
        url.qrclicks += 1

    if 'social' in request.GET:
        url.socialclicks += 1

Jean Michel Rouly's avatar
Jean Michel Rouly committed
285
    url.save()
286

Jean Michel Rouly's avatar
Jean Michel Rouly committed
287 288 289 290 291
    """
    Include server-side tracking because there is no template displayed to
    the user which would include javascript tracking.
    """

292 293
    from piwikapi.tracking import PiwikTracker
    from django.conf import settings
294
    # First, if PIWIK variables are undefined, don't try to push
295
    if settings.PIWIK_SITE_ID != "" and settings.PIWIK_URL != "":
296 297 298 299 300 301 302
        try:
            piwiktracker = PiwikTracker(settings.PIWIK_SITE_ID, request)
            piwiktracker.set_api_url(settings.PIWIK_URL)
            piwiktracker.do_track_page_view('Redirect to %s' % url.target)
        # Second, if we do get an error, don't let that keep us from redirecting
        except:
            pass
303

304
    return redirect(url.target)
Jean Michel Rouly's avatar
Jean Michel Rouly committed
305 306


307 308 309 310 311 312 313 314 315 316 317 318 319
def staff_member_required(view_func, redirect_field_name=REDIRECT_FIELD_NAME, login_url='about'):
    """
    Decorator for views that checks that the user is logged in and is a staff
    member, displaying the login page if necessary.
    """
    return user_passes_test(
        lambda u: u.is_active and u.is_staff,
        login_url=login_url,
        redirect_field_name=redirect_field_name
    )(view_func)


@staff_member_required
Chris Reffett's avatar
Chris Reffett committed
320
def useradmin(request):
321 322 323 324 325
    """
    This view is a simplified admin panel, so that staff don't need to log in
    to approve links
    """
    if request.POST:
326
        userlist = request.POST.getlist('username')
327
        if '_approve' in request.POST:
328 329 330 331
            for name in userlist:
                toapprove = RegisteredUser.objects.get(username=name)
                toapprove.approved = True
                toapprove.save()
332 333 334 335 336 337 338 339 340 341 342 343 344 345 346
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
                    user_mail = toapprove.username + settings.EMAIL_DOMAIN
                    send_mail(
                        'Your Account has been Approved!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have reviewed your application and have '
                        'approved you to use Go!\n\n'
                        'Head over to go.gmu.edu to create your first address.\n\n'
                        '- Go Admins'
                        % (str(toapprove.full_name)),
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
347
        elif '_deny' in request.POST:
348 349
            for name in userlist:
                todeny = RegisteredUser.objects.get(username=name)
350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
                    user_mail = todeny.username + settings.EMAIL_DOMAIN
                    send_mail(
                        'Your Account has been Denied!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have reviewed your application and have '
                        'decided to not approve you to use Go.\n\n'
                        'Please reach out to srct@gmu.edu to appeal '
                        'this decision.\n\n'
                        '- Go Admins'
                        % (str(todeny.full_name)),
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
366
                todeny.delete()
367
    need_approval = RegisteredUser.objects.filter(approved=False)
368
    return render(request, 'admin/useradmin.html', {
369 370 371
        'need_approval': need_approval
    },
    )