views.py 15.7 KB
Newer Older
1
# Django Imports
2
from django.conf import settings
3
from django.http import HttpResponseServerError  # Http404
4
from django.utils import timezone
5
from django.core.exceptions import PermissionDenied  # ValidationError
6
from django.core.mail import send_mail, EmailMessage
7
from django.contrib.auth import REDIRECT_FIELD_NAME
David Haynes's avatar
David Haynes committed
8
from django.contrib.auth.models import User
9
from django.contrib.auth.decorators import user_passes_test, login_required
Jean Michel Rouly's avatar
Jean Michel Rouly committed
10
from django.shortcuts import render, get_object_or_404, redirect
11

12
13
14
15
16
17
# App Imports
from go.models import URL, RegisteredUser
from go.forms import URLForm, SignupForm

# Other Imports
from datetime import timedelta
Jean Michel Rouly's avatar
Jean Michel Rouly committed
18

19
20
21
# requestObject = request.RegisteredUser.objects.get(user__username__exact=user)
# if requestObject.user.registereduser.blocked != False
#     raise PermissionDenied()
Zosman's avatar
draft 1    
Zosman committed
22
23


Jean Michel Rouly's avatar
Jean Michel Rouly committed
24
def index(request):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
25
26
27
28
29
30
31
    """
    This view handles the homepage that the user is presented with when
    they request '/'. If they're not logged in, they're redirected to
    login. If they're logged in but not registered, they're given the
    not_registered error page. If they are logged in AND registered, they
    get the URL registration form.
    """
Jean Michel Rouly's avatar
Jean Michel Rouly committed
32

33
34
35
    # If the user is not authenticated, show them a public landing page.
    if not request.user.is_authenticated():
        return render(request, 'public_landing.html')
36
37
    # If the user isn't approved, don't give them any leeway.
    elif not request.user.registereduser.approved:
38
39
        return render(request, 'not_registered.html')

40
    url_form = URLForm(host=request.META.get('HTTP_HOST'))  # unbound form
41
42

    if request.method == 'POST':
43
        url_form = URLForm(request.POST, host=request.META.get('HTTP_HOST'))  # bind dat form
44
45
        if url_form.is_valid():

Jean Michel Rouly's avatar
Jean Michel Rouly committed
46
47
            # We don't commit the url object yet because we need to add its
            # owner, and parse its date field.
48
            url = url_form.save(commit=False)
49
            url.owner = request.user.registereduser
50

Jean Michel Rouly's avatar
Jean Michel Rouly committed
51
            # If the user entered a short url, it's already been validated,
Jean Michel Rouly's avatar
Jean Michel Rouly committed
52
53
            # so accept it. If they did not, however, then generate a
            # random one and use that instead.
54
            short = url_form.cleaned_data.get('short').strip()
55
56
57
            if len(short) > 0:
                url.short = short
            else:
58
59
60
61
62
63
                # If the user didn't enter a short url, generate a random
                # one. However, if a random one can't be generated, return
                # a 500 server error.
                random_short = URL.generate_valid_short()
                if random_short is None:
                    return HttpResponseServerError(
David Haynes's avatar
David Haynes committed
64
                        render(request, 'admin/500.html', {})
65
66
67
                    )
                else:
                    url.short = random_short
68

Jean Michel Rouly's avatar
Jean Michel Rouly committed
69
70
71
            # Grab the expiration field value. It's currently an unsable
            # string value, so we need to parse it into a datetime object
            # relative to right now.
72
            expires = url_form.cleaned_data.get('expires')
73
74
75
76
77
78
79

            if expires == URLForm.DAY:
                url.expires = timezone.now() + timedelta(days=1)
            elif expires == URLForm.WEEK:
                url.expires = timezone.now() + timedelta(weeks=1)
            elif expires == URLForm.MONTH:
                url.expires = timezone.now() + timedelta(weeks=3)
Matthew Rodgers's avatar
Matthew Rodgers committed
80
81
            elif expires == URLForm.CUSTOM:
                url.expires = url_form.cleaned_data.get('expires_custom')
82
            else:
83
                pass  # leave the field NULL
84

Jean Michel Rouly's avatar
Jean Michel Rouly committed
85
86
            # Make sure that our new URL object is clean, then save it and
            # let's redirect to view this baby.
87
88
            url.full_clean()
            url.save()
Jean Michel Rouly's avatar
Jean Michel Rouly committed
89
            return redirect('view', url.short)
90

91
    return render(request, 'core/index.html', {
92
        'form': url_form,
Jean Michel Rouly's avatar
Jean Michel Rouly committed
93
94
95
    },
    )

Jean Michel Rouly's avatar
Jean Michel Rouly committed
96

Jean Michel Rouly's avatar
Jean Michel Rouly committed
97
def view(request, short):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
98
99
100
101
102
    """
    This view allows the user to view details about a URL. Note that they
    do not need to be logged in to view info.
    """

Nicholas Anderson's avatar
Nicholas Anderson committed
103
    domain = "%s://%s" % (request.scheme, request.META.get('HTTP_HOST')) + "/"
104

105
    url = get_object_or_404(URL, short__iexact=short)
106

Jean Michel Rouly's avatar
Jean Michel Rouly committed
107
    return render(request, 'view.html', {
108
        'url': url,
109
        'domain': domain,
110
111
112
    },
    )

Jean Michel Rouly's avatar
Jean Michel Rouly committed
113

114
@login_required
115
def my_links(request):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
116
117
118
119
120
    """
    This view displays all the information about all of your URLs. You
    obviously need to be logged in to view your URLs.
    """

121
    if not request.user.registereduser.approved:
122
        return render(request, 'not_registered.html')
Jean Michel Rouly's avatar
Jean Michel Rouly committed
123

124
    urls = URL.objects.filter(owner=request.user.registereduser)
125

126
    domain = "%s://%s" % (request.scheme, request.META.get('HTTP_HOST')) + "/"
127

128
    return render(request, 'my_links.html', {
129
130
        'urls': urls,
        'domain': domain,
131
132
133
    },
    )

Jean Michel Rouly's avatar
Jean Michel Rouly committed
134

135
@login_required
136
def delete(request, short):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
137
138
139
140
141
    """
    This view deletes a URL if you have the permission to. User must be
    logged in and registered, and must also be the owner of the URL.
    """

142
    if not request.user.registereduser.approved:
143
        return render(request, 'not_registered.html')
Jean Michel Rouly's avatar
Jean Michel Rouly committed
144

145
    url = get_object_or_404(URL, short__iexact=short)
146
    if url.owner == request.user.registereduser:
147
        url.delete()
148
149
        return redirect('my_links')
    else:
150
        raise PermissionDenied()
151

Jean Michel Rouly's avatar
Jean Michel Rouly committed
152

153
@login_required
Jean Michel Rouly's avatar
Jean Michel Rouly committed
154
def signup(request):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
155
    """
156
    This view presents the user with a registration form. You can register yourself.
Jean Michel Rouly's avatar
Jean Michel Rouly committed
157
    """
158
159
    # Do not display signup page to registered or approved users
    if request.user.registereduser.approved:
David Haynes's avatar
David Haynes committed
160
        return redirect('/')
161
    elif request.user.registereduser.registered:
David Haynes's avatar
David Haynes committed
162
        return redirect('registered')
163

164
165
166
    signup_form = SignupForm(request,
        initial={'full_name': request.user.first_name + " " + request.user.last_name})
    signup_form.fields['full_name'].widget.attrs['readonly'] = 'readonly'
Jean Michel Rouly's avatar
Jean Michel Rouly committed
167
168

    if request.method == 'POST':
169
170
171
        signup_form = SignupForm(request, request.POST, instance=request.user.registereduser,
            initial={'full_name': request.user.first_name + " " + request.user.last_name})
        signup_form.fields['full_name'].widget.attrs['readonly'] = 'readonly'
172

173
174
        if signup_form.is_valid():
            description = signup_form.cleaned_data.get('description')
175
            full_name = signup_form.cleaned_data.get('full_name')
176
            organization = signup_form.cleaned_data.get('organization')
177
            registered = signup_form.cleaned_data.get('registered')
178

179
180
            # Only send mail if we've defined the mailserver
            if settings.EMAIL_HOST and settings.EMAIL_PORT:
root's avatar
root committed
181
                user_mail = request.user.username + settings.EMAIL_DOMAIN
182
                # Email sent to notify Admins
183
                to_admin = EmailMessage(
184
                    'Signup from %s' % (request.user.registereduser.user),
185
186
187
188
189
                    ######################
                    '%s signed up at %s\n\n'
                    'Username: %s\n'
                    'Organization: %s\n\n'
                    'Message: %s\n\n'
190
191
                    'You can contact the user directly by replying to this email or '
                    'reply all to contact the user and notfiy the mailing list.\n'
192
193
194
                    'Please head to go.gmu.edu/useradmin to approve or '
                    'deny this application.'
                    % (str(full_name), str(timezone.now()).strip(),
195
                    str(request.user.registereduser.user), str(organization), str(description)),
196
197
                    ######################
                    settings.EMAIL_FROM,
198
199
                    [settings.EMAIL_TO],
                    reply_to=[user_mail]
200
                ).send()
201
                # Confirmation email sent to Users
202
                send_mail(
203
204
205
206
207
208
209
210
211
212
213
214
215
                    'We have received your Go application!',
                    ######################
                    'Hey there %s,\n\n'
                    'The Go admins have received your application and are '
                    'currently in the process of reviewing it.\n\n'
                    'You will receive another email when you have been '
                    'approved.\n\n'
                    '- Go Admins'
                    % (str(full_name)),
                    ######################
                    settings.EMAIL_FROM,
                    [user_mail]
                )
216

217
            signup_form.save()
218
            return redirect('registered')
Jean Michel Rouly's avatar
Jean Michel Rouly committed
219

220
    return render(request, 'core/signup.html', {
221
        'form': signup_form,
222
        'registered': False,
Jean Michel Rouly's avatar
Jean Michel Rouly committed
223
224
    },
    )
Jean Michel Rouly's avatar
Jean Michel Rouly committed
225

Jean Michel Rouly's avatar
Jean Michel Rouly committed
226

Jean Michel Rouly's avatar
Jean Michel Rouly committed
227
def redirection(request, short):
Jean Michel Rouly's avatar
Jean Michel Rouly committed
228
229
230
    """
    This view redirects a user based on the short URL they requested.
    """
Jean Michel Rouly's avatar
Jean Michel Rouly committed
231

232
    url = get_object_or_404(URL, short__iexact=short)
Jean Michel Rouly's avatar
Jean Michel Rouly committed
233
    url.clicks = url.clicks + 1
234

235
236
    domain = "%s://%s" % (request.scheme, request.META.get('HTTP_HOST')) + "/"
    if url.target == domain + short:
David Haynes's avatar
David Haynes committed
237
        return redirect('admin/404.html')
238

239
240
241
242
243
244
    if 'qr' in request.GET:
        url.qrclicks += 1

    if 'social' in request.GET:
        url.socialclicks += 1

Jean Michel Rouly's avatar
Jean Michel Rouly committed
245
    url.save()
246

Jean Michel Rouly's avatar
Jean Michel Rouly committed
247
248
249
250
251
    """
    Include server-side tracking because there is no template displayed to
    the user which would include javascript tracking.
    """

252
253
    from piwikapi.tracking import PiwikTracker
    from django.conf import settings
254
    # First, if PIWIK variables are undefined, don't try to push
255
    if settings.PIWIK_SITE_ID != "" and settings.PIWIK_URL != "":
256
257
258
259
260
261
262
        try:
            piwiktracker = PiwikTracker(settings.PIWIK_SITE_ID, request)
            piwiktracker.set_api_url(settings.PIWIK_URL)
            piwiktracker.do_track_page_view('Redirect to %s' % url.target)
        # Second, if we do get an error, don't let that keep us from redirecting
        except:
            pass
263

264
    return redirect(url.target)
Jean Michel Rouly's avatar
Jean Michel Rouly committed
265
266


267
def staff_member_required(view_func, redirect_field_name=REDIRECT_FIELD_NAME, login_url='/'):
268
269
270
271
272
273
274
275
276
277
278
279
    """
    Decorator for views that checks that the user is logged in and is a staff
    member, displaying the login page if necessary.
    """
    return user_passes_test(
        lambda u: u.is_active and u.is_staff,
        login_url=login_url,
        redirect_field_name=redirect_field_name
    )(view_func)


@staff_member_required
Chris Reffett's avatar
Chris Reffett committed
280
def useradmin(request):
281
282
283
284
285
    """
    This view is a simplified admin panel, so that staff don't need to log in
    to approve links
    """
    if request.POST:
286
        userlist = request.POST.getlist('username')
287
        if '_approve' in request.POST:
288
            for name in userlist:
289
                toapprove = RegisteredUser.objects.get(user__username__exact=name)
290
291
                toapprove.approved = True
                toapprove.save()
292
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
root's avatar
root committed
293
                    user_mail = toapprove.user.username + settings.EMAIL_DOMAIN
294
295
296
297
298
299
300
301
302
303
304
305
306
                    send_mail(
                        'Your Account has been Approved!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have reviewed your application and have '
                        'approved you to use Go!\n\n'
                        'Head over to go.gmu.edu to create your first address.\n\n'
                        '- Go Admins'
                        % (str(toapprove.full_name)),
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
307
        elif '_deny' in request.POST:
308
            for name in userlist:
309
                todeny = RegisteredUser.objects.get(user__username__exact=name)
310
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
David Haynes's avatar
David Haynes committed
311
                    user_mail = todeny.user.username + settings.EMAIL_DOMAIN
312
313
314
315
316
317
318
319
320
321
322
323
324
325
                    send_mail(
                        'Your Account has been Denied!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have reviewed your application and have '
                        'decided to not approve you to use Go.\n\n'
                        'Please reach out to srct@gmu.edu to appeal '
                        'this decision.\n\n'
                        '- Go Admins'
                        % (str(todeny.full_name)),
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
326
                todeny.user.delete()
Zosman's avatar
draft 1    
Zosman committed
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
        elif '_block' in request.POST:
            for name in userlist:
                toblock = RegisteredUser.objects.get(user__username__exact=name)
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
                    user_mail = toblock.user.username + settings.EMAIL_DOMAIN
                    send_mail(
                        'Your Account has been Blocked!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have reviewed your application and have '
                        'blocked you from using Go.\n\n'
                        'Please reach out to srct@gmu.edu to appeal '
                        'this decision.\n\n'
                        '- Go Admins'
                        % (str(toblock.full_name)),
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
                # toblock.user.delete()
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
                toblock.blocked = True
                toblock.approved = False
                toblock.save()
        elif '_unblock' in request.POST:
            for name in userlist:
                toUNblock = RegisteredUser.objects.get(user__username__exact=name)
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
                    user_mail = toUNblock.user.username + settings.EMAIL_DOMAIN
                    send_mail(
                        'Your Account has been Blocked!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have reviewed your application and have '
                        'unblocked you from using Go.\n\n'
                        'Congratulations! '
                        '- Go Admins'
                        % (str(toblock.full_name)),
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
                # toblock.user.delete()
                toUNblock.blocked = False
                toUNblock.approved = True
                toUNblock.save()
        elif '_remove' in request.POST:
            for name in userlist:
                toremove = RegisteredUser.objects.get(user__username__exact=name)
                if settings.EMAIL_HOST and settings.EMAIL_PORT:
                    user_mail = toremove.user.username + settings.EMAIL_DOMAIN
                    send_mail(
                        'Your Account has been Deleted!',
                        ######################
                        'Hey there %s,\n\n'
                        'The Go admins have decided to remove you from Go. \n\n'
                        'Please reach out to srct@gmu.edu to appeal '
                        'this decision.\n\n'
                        '- Go Admins'
                        % (str(toremove.full_name)),
                        ######################
                        settings.EMAIL_FROM,
                        [user_mail]
                    )
                toremove.user.delete()

392
    need_approval = RegisteredUser.objects.filter(registered=True).filter(approved=False)
393
394
    current_users = RegisteredUser.objects.filter(approved=True).filter(registered=True)
    blocked_users = RegisteredUser.objects.filter(blocked=True)
395
    return render(request, 'admin/useradmin.html', {
396
397
398
        'need_approval': need_approval,
        'current_users': current_users,
        'blocked_users': blocked_users
399
400
    },
    )