]> git.openstreetmap.org Git - osqa.git/blobdiff - forum/views/commands.py
Prevent XSS attacks with wmd using the google-caja html sanitizer.
[osqa.git] / forum / views / commands.py
index 95895e382a92b072cc97520d1b6a893df57d4a4d..2f35c1ecc82abc7f866ebf3287526f3f41e9eddd 100644 (file)
@@ -1,7 +1,10 @@
+# -*- coding: utf-8 -*-
+
 import datetime
 import logging
 
 import datetime
 import logging
 
-from forum import settings
+from urllib import urlencode
+
 from django.core.exceptions import ObjectDoesNotExist
 from django.core.urlresolvers import reverse
 from django.utils import simplejson
 from django.core.exceptions import ObjectDoesNotExist
 from django.core.urlresolvers import reverse
 from django.utils import simplejson
@@ -9,12 +12,9 @@ from django.utils.encoding import smart_unicode
 from django.utils.translation import ungettext, ugettext as _
 from django.http import HttpResponse, HttpResponseRedirect, Http404
 from django.shortcuts import get_object_or_404, render_to_response
 from django.utils.translation import ungettext, ugettext as _
 from django.http import HttpResponse, HttpResponseRedirect, Http404
 from django.shortcuts import get_object_or_404, render_to_response
-from django.template import RequestContext
 
 
-from django.template.loader import render_to_string
 from forum.models import *
 from forum.models import *
-from forum.models.node import NodeMetaClass
-from forum.utils.decorators import ajax_method, ajax_login_required
+from forum.utils.decorators import ajax_login_required
 from forum.actions import *
 from forum.modules import decorate
 from forum import settings
 from forum.actions import *
 from forum.modules import decorate
 from forum import settings
@@ -22,12 +22,23 @@ from forum import settings
 from decorators import command, CommandException, RefreshPageCommand
 
 class NotEnoughRepPointsException(CommandException):
 from decorators import command, CommandException, RefreshPageCommand
 
 class NotEnoughRepPointsException(CommandException):
-    def __init__(self, action):
-        super(NotEnoughRepPointsException, self).__init__(
-                _(
-                        """Sorry, but you don't have enough reputation points to %(action)s.<br />Please check the <a href='%(faq_url)s'>faq</a>"""
-                        ) % {'action': action, 'faq_url': reverse('faq')}
-                )
+    def __init__(self, action, user_reputation=None, reputation_required=None, node=None):
+        if reputation_required is not None and user_reputation is not None:
+            message = _(
+                """Sorry, but you don't have enough reputation points to %(action)s.<br />
+                The minimum reputation required is %(reputation_required)d (yours is %(user_reputation)d).
+                Please check the <a href='%(faq_url)s'>FAQ</a>"""
+            ) % {
+                'action': action,
+                'faq_url': reverse('faq'),
+                'reputation_required' : reputation_required,
+                'user_reputation' : user_reputation,
+            }
+        else:
+            message = _(
+                """Sorry, but you don't have enough reputation points to %(action)s.<br />Please check the <a href='%(faq_url)s'>faq</a>"""
+            ) % {'action': action, 'faq_url': reverse('faq')}
+        super(NotEnoughRepPointsException, self).__init__(message)
 
 class CannotDoOnOwnException(CommandException):
     def __init__(self, action):
 
 class CannotDoOnOwnException(CommandException):
     def __init__(self, action):
@@ -74,7 +85,9 @@ def vote_post(request, id, vote_type):
         raise CannotDoOnOwnException(_('vote'))
 
     if not (vote_type == 'up' and user.can_vote_up() or user.can_vote_down()):
         raise CannotDoOnOwnException(_('vote'))
 
     if not (vote_type == 'up' and user.can_vote_up() or user.can_vote_down()):
-        raise NotEnoughRepPointsException(vote_type == 'up' and _('upvote') or _('downvote'))
+        reputation_required = int(settings.REP_TO_VOTE_UP) if vote_type == 'up' else int(settings.REP_TO_VOTE_DOWN)
+        action_type = vote_type == 'up' and _('upvote') or _('downvote')
+        raise NotEnoughRepPointsException(action_type, user_reputation=user.reputation, reputation_required=reputation_required, node=post)
 
     user_vote_count_today = user.get_vote_count_today()
     user_can_vote_count_today = user.can_vote_count_today()
 
     user_vote_count_today = user.get_vote_count_today()
     user_can_vote_count_today = user.can_vote_count_today()
@@ -165,7 +178,7 @@ def like_comment(request, id):
         raise CannotDoOnOwnException(_('like'))
 
     if not user.can_like_comment(comment):
         raise CannotDoOnOwnException(_('like'))
 
     if not user.can_like_comment(comment):
-        raise NotEnoughRepPointsException( _('like comments'))
+        raise NotEnoughRepPointsException( _('like comments'), node=comment)
 
     like = VoteAction.get_action_for(node=comment, user=user)
 
 
     like = VoteAction.get_action_for(node=comment, user=user)
 
@@ -205,17 +218,17 @@ def delete_comment(request, id):
 
 @decorate.withfn(command)
 def mark_favorite(request, id):
 
 @decorate.withfn(command)
 def mark_favorite(request, id):
-    question = get_object_or_404(Question, id=id)
+    node = get_object_or_404(Node, id=id)
 
     if not request.user.is_authenticated():
         raise AnonymousNotAllowedException(_('mark a question as favorite'))
 
     try:
 
     if not request.user.is_authenticated():
         raise AnonymousNotAllowedException(_('mark a question as favorite'))
 
     try:
-        favorite = FavoriteAction.objects.get(canceled=False, node=question, user=request.user)
+        favorite = FavoriteAction.objects.get(canceled=False, node=node, user=request.user)
         favorite.cancel(ip=request.META['REMOTE_ADDR'])
         added = False
     except ObjectDoesNotExist:
         favorite.cancel(ip=request.META['REMOTE_ADDR'])
         added = False
     except ObjectDoesNotExist:
-        FavoriteAction(node=question, user=request.user, ip=request.META['REMOTE_ADDR']).save()
+        FavoriteAction(node=node, user=request.user, ip=request.META['REMOTE_ADDR']).save()
         added = True
 
     return {
         added = True
 
     return {
@@ -271,6 +284,7 @@ def comment(request, id):
                 reverse('node_markdown', kwargs={'id': comment.id}),
                 reverse('convert_comment', kwargs={'id': comment.id}),
                 user.can_convert_comment_to_answer(comment),
                 reverse('node_markdown', kwargs={'id': comment.id}),
                 reverse('convert_comment', kwargs={'id': comment.id}),
                 user.can_convert_comment_to_answer(comment),
+                bool(settings.SHOW_LATEST_COMMENTS_FIRST)
                 ]
         }
         }
                 ]
         }
         }
@@ -327,6 +341,21 @@ def accept_answer(request, id):
 
 
         AcceptAnswerAction(node=answer, user=user, ip=request.META['REMOTE_ADDR']).save()
 
 
         AcceptAnswerAction(node=answer, user=user, ip=request.META['REMOTE_ADDR']).save()
+
+        # If the request is not an AJAX redirect to the answer URL rather than to the home page
+        if not request.is_ajax():
+            msg = _("""
+              Congratulations! You've accepted an answer.
+            """)
+
+            # Notify the user with a message that an answer has been accepted
+            request.user.message_set.create(message=msg)
+
+            # Redirect URL should include additional get parameters that might have been attached
+            redirect_url = answer.parent.get_absolute_url() + "?accepted_answer=true&%s" % smart_unicode(urlencode(request.GET))
+
+            return HttpResponseRedirect(redirect_url)
+
         commands['mark_accepted'] = [answer.id]
 
     return {'commands': commands}
         commands['mark_accepted'] = [answer.id]
 
     return {'commands': commands}
@@ -493,31 +522,6 @@ def subscribe(request, id, user=None):
         }
     }
 
         }
     }
 
-@decorate.withfn(command)
-def canned_comments(request, post_id):
-    user = request.user
-
-    # Check whether the user has the required permissions to use the tool.
-    if not user.can_use_canned_comments:
-        raise CommandException(_("You cannot use the canned comments tool."))
-
-    if not request.POST:
-        canned_comments = []
-        for comment in settings.CANNED_COMMENTS:
-            canned_comments.append(smart_unicode(comment))
-
-        return render_to_response('node/canned_comments.html', {
-            'canned_comments' : canned_comments,
-        }, RequestContext(request))
-
-    comment = request.POST.get('comment', '')
-
-    return {
-        'commands' : {
-            'canned_comment' : [post_id, comment],
-        }
-    }
-
 #internally grouped views - used by the tagging system
 @ajax_login_required
 def mark_tag(request, tag=None, **kwargs):#tagging system
 #internally grouped views - used by the tagging system
 @ajax_login_required
 def mark_tag(request, tag=None, **kwargs):#tagging system