views.py 16 KB
Newer Older
1
# Django Imports
2
from django.conf import settings
3
from django.http import HttpResponseServerError  # Http404
4
from django.utils import timezone
5
from django.core.exceptions import PermissionDenied  # ValidationError
6
from django.core.mail import send_mail, EmailMessage
7
from django.contrib.auth import REDIRECT_FIELD_NAME
David Haynes's avatar
David Haynes committed
8
from django.contrib.auth.models import User
9
from django.contrib.auth.decorators import user_passes_test, login_required
Jean Michel Rouly's avatar
Jean Michel Rouly committed
10
from django.shortcuts import render, get_object_or_404, redirect
11

12
13
14
15
16
17
# App Imports
from go.models import URL, RegisteredUser
from go.forms import URLForm, SignupForm

# Other Imports
from datetime import timedelta
Jean Michel Rouly's avatar
Jean Michel Rouly committed
18

19
20
21
# requestObject = request.RegisteredUser.objects.get(user__username__exact=user)
# if requestObject.user.registereduser.blocked != False
#     raise PermissionDenied()
Zosman's avatar
draft 1    
Zosman committed
22
23


Jean Michel Rouly's avatar
Jean Michel Rouly committed
24
def index(request):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
25
26
27
28
29
30
31
    """
    This view handles the homepage that the user is presented with when
    they request '/'. If they're not logged in, they're redirected to
    login. If they're logged in but not registered, they're given the
    not_registered error page. If they are logged in AND registered, they
    get the URL registration form.
    """
Jean Michel Rouly's avatar
Jean Michel Rouly committed
32

33
    # If the user is blocked, redirect them to the blocked page.
34
    # If the user is not authenticated, show them a public landing page.
35
    if not request.user.is_authenticated():
Zosman's avatar
Zosman committed
36
        return render(request, 'public_landing.html')
37
38
    # If the user isn't approved, don't give them any leeway.
    elif not request.user.registereduser.approved:
39
40
41
        if request.user.registereduser.blocked:
            return render(request, 'blocked.html')
        else:
Zosman's avatar
Zosman committed
42
            return render(request, 'not_registered.html')
43

44

45
    url_form = URLForm(host=request.META.get('HTTP_HOST'))  # unbound form
46
47

    if request.method == 'POST':
48
        url_form = URLForm(request.POST, host=request.META.get('HTTP_HOST'))  # bind dat form
49
50
        if url_form.is_valid():

Jean Michel Rouly's avatar
Jean Michel Rouly committed
51
52
            # We don't commit the url object yet because we need to add its
            # owner, and parse its date field.
53
            url = url_form.save(commit=False)
54
            url.owner = request.user.registereduser
55

Jean Michel Rouly's avatar
Jean Michel Rouly committed
56
            # If the user entered a short url, it's already been validated,
Jean Michel Rouly's avatar
Jean Michel Rouly committed
57
58
            # so accept it. If they did not, however, then generate a
            # random one and use that instead.
59
            short = url_form.cleaned_data.get('short').strip()
60
61
62
            if len(short) > 0:
                url.short = short
            else:
63
64
65
66
67
68
                # If the user didn't enter a short url, generate a random
                # one. However, if a random one can't be generated, return
                # a 500 server error.
                random_short = URL.generate_valid_short()
                if random_short is None:
                    return HttpResponseServerError(
David Haynes's avatar
David Haynes committed
69
                        render(request, 'admin/500.html', {})
70
71
72
                    )
                else:
                    url.short = random_short
73

Jean Michel Rouly's avatar
Jean Michel Rouly committed
74
75
76
            # Grab the expiration field value. It's currently an unsable
            # string value, so we need to parse it into a datetime object
            # relative to right now.
77
            expires = url_form.cleaned_data.get('expires')
78
79
80
81
82
83
84

            if expires == URLForm.DAY:
                url.expires = timezone.now() + timedelta(days=1)
            elif expires == URLForm.WEEK:
                url.expires = timezone.now() + timedelta(weeks=1)
            elif expires == URLForm.MONTH:
                url.expires = timezone.now() + timedelta(weeks=3)
Matthew Rodgers's avatar
Matthew Rodgers committed
85
86
            elif expires == URLForm.CUSTOM:
                url.expires = url_form.cleaned_data.get('expires_custom')
87
            else:
88
                pass  # leave the field NULL
89

Jean Michel Rouly's avatar
Jean Michel Rouly committed
90
91
            # Make sure that our new URL object is clean, then save it and
            # let's redirect to view this baby.
92
93
            url.full_clean()
            url.save()
Jean Michel Rouly's avatar
Jean Michel Rouly committed
94
            return redirect('view', url.short)
95

96
    return render(request, 'core/index.html', {
97
        'form': url_form,
Jean Michel Rouly's avatar
Jean Michel Rouly committed
98
99
100
    },
    )

Jean Michel Rouly's avatar
Jean Michel Rouly committed
101

Jean Michel Rouly's avatar
Jean Michel Rouly committed
102
def view(request, short):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
103
104
105
106
107
    """
    This view allows the user to view details about a URL. Note that they
    do not need to be logged in to view info.
    """

Nicholas Anderson's avatar
Nicholas Anderson committed
108
    domain = "%s://%s" % (request.scheme, request.META.get('HTTP_HOST')) + "/"
109

110
    url = get_object_or_404(URL, short__iexact=short)
111

Jean Michel Rouly's avatar
Jean Michel Rouly committed
112
    return render(request, 'view.html', {
113
        'url': url,
114
        'domain': domain,
115
116
117
    },
    )

Jean Michel Rouly's avatar
Jean Michel Rouly committed
118

119
@login_required
120
def my_links(request):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
121
122
123
124
125
    """
    This view displays all the information about all of your URLs. You
    obviously need to be logged in to view your URLs.
    """

126
    if not request.user.registereduser.approved:
127
        return render(request, 'not_registered.html')
Jean Michel Rouly's avatar
Jean Michel Rouly committed
128

129
    urls = URL.objects.filter(owner=request.user.registereduser)
130

131
    domain = "%s://%s" % (request.scheme, request.META.get('HTTP_HOST')) + "/"
132

133
    return render(request, 'my_links.html', {
134
135
        'urls': urls,
        'domain': domain,
136
137
138
    },
    )

Jean Michel Rouly's avatar
Jean Michel Rouly committed
139

140
@login_required
141
def delete(request, short):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
142
143
144
145
146
    """
    This view deletes a URL if you have the permission to. User must be
    logged in and registered, and must also be the owner of the URL.
    """

147
    if not request.user.registereduser.approved:
148
        return render(request, 'not_registered.html')
Jean Michel Rouly's avatar
Jean Michel Rouly committed
149

150
    url = get_object_or_404(URL, short__iexact=short)
151
    if url.owner == request.user.registereduser:
152
        url.delete()
153
154
        return redirect('my_links')
    else:
155
        raise PermissionDenied()
156

Jean Michel Rouly's avatar
Jean Michel Rouly committed
157

158
@login_required
Jean Michel Rouly's avatar
Jean Michel Rouly committed
159
def signup(request):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
160
    """
161
    This view presents the user with a registration form. You can register yourself.
Jean Michel Rouly's avatar
Jean Michel Rouly committed
162
    """
163
164
    # Do not display signup page to registered or approved users
    if request.user.registereduser.approved:
David Haynes's avatar
David Haynes committed
165
        return redirect('/')
166
    elif request.user.registereduser.registered:
David Haynes's avatar
David Haynes committed
167
        return redirect('registered')
168

169
170
171
    signup_form = SignupForm(request,
        initial={'full_name': request.user.first_name + " " + request.user.last_name})
    signup_form.fields['full_name'].widget.attrs['readonly'] = 'readonly'
Jean Michel Rouly's avatar
Jean Michel Rouly committed
172
173

    if request.method == 'POST':
174
175
176
        signup_form = SignupForm(request, request.POST, instance=request.user.registereduser,
            initial={'full_name': request.user.first_name + " " + request.user.last_name})
        signup_form.fields['full_name'].widget.attrs['readonly'] = 'readonly'
177

178
179
        if signup_form.is_valid():
            description = signup_form.cleaned_data.get('description')
180
            full_name = signup_form.cleaned_data.get('full_name')
181
            organization = signup_form.cleaned_data.get('organization')
182
            registered = signup_form.cleaned_data.get('registered')
183

184
185
            # Only send mail if we've defined the mailserver
            if settings.EMAIL_HOST and settings.EMAIL_PORT:
root's avatar
root committed
186
                user_mail = request.user.username + settings.EMAIL_DOMAIN
187
                # Email sent to notify Admins
188
                to_admin = EmailMessage(
189
                    'Signup from %s' % (request.user.registereduser.user),
190
191
192
193
194
                    ######################
                    '%s signed up at %s\n\n'
                    'Username: %s\n'
                    'Organization: %s\n\n'
                    'Message: %s\n\n'
195
196
                    'You can contact the user directly by replying to this email or '
                    'reply all to contact the user and notfiy the mailing list.\n'
197
198
199
                    'Please head to go.gmu.edu/useradmin to approve or '
                    'deny this application.'
                    % (str(full_name), str(timezone.now()).strip(),
200
                    str(request.user.registereduser.user), str(organization), str(description)),
201
202
                    ######################
                    settings.EMAIL_FROM,
203
204
                    [settings.EMAIL_TO],
                    reply_to=[user_mail]
205
                ).send()
206
                # Confirmation email sent to Users
207
                send_mail(
208
209
210
211
212
213
214
215
216
217
218
219
220
                    'We have received your Go application!',
                    ######################
                    'Hey there %s,\n\n'
                    'The Go admins have received your application and are '
                    'currently in the process of reviewing it.\n\n'
                    'You will receive another email when you have been '
                    'approved.\n\n'
                    '- Go Admins'
                    % (str(full_name)),
                    ######################
                    settings.EMAIL_FROM,
                    [user_mail]
                )
221

222
            signup_form.save()
223
            return redirect('registered')
Jean Michel Rouly's avatar
Jean Michel Rouly committed
224

225
    return render(request, 'core/signup.html', {
226
        'form': signup_form,
227
        'registered': False,
Jean Michel Rouly's avatar
Jean Michel Rouly committed
228
229
    },
    )
Jean Michel Rouly's avatar
Jean Michel Rouly committed
230

Jean Michel Rouly's avatar
Jean Michel Rouly committed
231

Jean Michel Rouly's avatar
Jean Michel Rouly committed
232
def redirection(request, short):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
233
234
235
    """
    This view redirects a user based on the short URL they requested.
    """
Jean Michel Rouly's avatar
Jean Michel Rouly committed
236

237
    url = get_object_or_404(URL, short__iexact=short)
Jean Michel Rouly's avatar
Jean Michel Rouly committed
238
    url.clicks = url.clicks + 1
239

240
241
    domain = "%s://%s" % (request.scheme, request.META.get('HTTP_HOST')) + "/"
    if url.target == domain + short:
David Haynes's avatar
David Haynes committed
242
        return redirect('admin/404.html')
243

244
245
246
247
248
249
    if 'qr' in request.GET:
        url.qrclicks += 1

    if 'social' in request.GET:
        url.socialclicks += 1

Jean Michel Rouly's avatar
Jean Michel Rouly committed
250
    url.save()
251

Jean Michel Rouly's avatar
Jean Michel Rouly committed
252
253
254
255
256
    """
    Include server-side tracking because there is no template displayed to
    the user which would include javascript tracking.
    """

257
258
    from piwikapi.tracking import PiwikTracker
    from django.conf import settings
259
    # First, if PIWIK variables are undefined, don't try to push
260
    if settings.PIWIK_SITE_ID != "" and settings.PIWIK_URL != "":
261
262
263
264
265
266
267
        try:
            piwiktracker = PiwikTracker(settings.PIWIK_SITE_ID, request)
            piwiktracker.set_api_url(settings.PIWIK_URL)
            piwiktracker.do_track_page_view('Redirect to %s' % url.target)
        # Second, if we do get an error, don't let that keep us from redirecting
        except:
            pass
268

269
    return redirect(url.target)
Jean Michel Rouly's avatar
Jean Michel Rouly committed
270
271


272
def staff_member_required(view_func, redirect_field_name=REDIRECT_FIELD_NAME, login_url='/'):
273
274
275
276
277
278
279
280
281
282
283
284
    """
    Decorator for views that checks that the user is logged in and is a staff
    member, displaying the login page if necessary.
    """
    return user_passes_test(
        lambda u: u.is_active and u.is_staff,
        login_url=login_url,
        redirect_field_name=redirect_field_name
    )(view_func)


@staff_member_required
Chris Reffett's avatar
Chris Reffett committed
285
def useradmin(request):
286
287
288
289
290
    """
    This view is a simplified admin panel, so that staff don't need to log in
    to approve links
    """
    if request.POST:
291
        userlist = request.POST.getlist('username')
292
        if '_approve' in request.POST:
293
            for name in userlist:
294
                toapprove = RegisteredUser.objects.get(user__username__exact=name)
295
296
                toapprove.approved = True
                toapprove.save()
297
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
root's avatar
root committed
298
                    user_mail = toapprove.user.username + settings.EMAIL_DOMAIN
299
300
301
302
303
304
305
306
307
308
309
310
311
                    send_mail(
                        'Your Account has been Approved!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have reviewed your application and have '
                        'approved you to use Go!\n\n'
                        'Head over to go.gmu.edu to create your first address.\n\n'
                        '- Go Admins'
                        % (str(toapprove.full_name)),
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
312
        elif '_deny' in request.POST:
313
            for name in userlist:
314
                todeny = RegisteredUser.objects.get(user__username__exact=name)
315
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
David Haynes's avatar
David Haynes committed
316
                    user_mail = todeny.user.username + settings.EMAIL_DOMAIN
317
318
319
320
321
322
323
324
325
326
327
328
329
330
                    send_mail(
                        'Your Account has been Denied!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have reviewed your application and have '
                        'decided to not approve you to use Go.\n\n'
                        'Please reach out to srct@gmu.edu to appeal '
                        'this decision.\n\n'
                        '- Go Admins'
                        % (str(todeny.full_name)),
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
331
                todeny.user.delete()
Zosman's avatar
draft 1    
Zosman committed
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
        elif '_block' in request.POST:
            for name in userlist:
                toblock = RegisteredUser.objects.get(user__username__exact=name)
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
                    user_mail = toblock.user.username + settings.EMAIL_DOMAIN
                    send_mail(
                        'Your Account has been Blocked!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have reviewed your application and have '
                        'blocked you from using Go.\n\n'
                        'Please reach out to srct@gmu.edu to appeal '
                        'this decision.\n\n'
                        '- Go Admins'
                        % (str(toblock.full_name)),
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
                # toblock.user.delete()
352
353
                toblock.blocked = True
                toblock.approved = False
354
                toblock.registered = False
355
356
357
358
359
360
361
362
363
364
365
366
                toblock.save()
        elif '_unblock' in request.POST:
            for name in userlist:
                toUNblock = RegisteredUser.objects.get(user__username__exact=name)
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
                    user_mail = toUNblock.user.username + settings.EMAIL_DOMAIN
                    send_mail(
                        'Your Account has been Blocked!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have reviewed your application and have '
                        'unblocked you from using Go.\n\n'
367
                        'If you wish to continue Go use please register again. \n\n'
368
369
370
371
372
373
374
                        'Congratulations! '
                        '- Go Admins'
                        % (str(toblock.full_name)),
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
375
376
377
378
                toUNblock.user.delete()
                # toUNblock.blocked = False
                # toUNblock.approved = False
                # toUNblock.save()
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
        elif '_remove' in request.POST:
            for name in userlist:
                toremove = RegisteredUser.objects.get(user__username__exact=name)
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
                    user_mail = toremove.user.username + settings.EMAIL_DOMAIN
                    send_mail(
                        'Your Account has been Deleted!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have decided to remove you from Go. \n\n'
                        'Please reach out to srct@gmu.edu to appeal '
                        'this decision.\n\n'
                        '- Go Admins'
                        % (str(toremove.full_name)),
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
                toremove.user.delete()

399
    need_approval = RegisteredUser.objects.filter(registered=True).filter(approved=False)
400
401
    current_users = RegisteredUser.objects.filter(approved=True).filter(registered=True)
    blocked_users = RegisteredUser.objects.filter(blocked=True)
402
    return render(request, 'admin/useradmin.html', {
403
404
405
        'need_approval': need_approval,
        'current_users': current_users,
        'blocked_users': blocked_users
406
407
    },
    )