]> git.openstreetmap.org Git - osqa.git/blobdiff - forum/views/writers.py
projects / osqa.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
OSQA-696, user profile URLs shouldn't be arbitrary, comparing the passed slug and...
[osqa.git] / forum / views / writers.py
diff --git a/forum/views/writers.py b/forum/views/writers.py
index 2b2461dec19009fa762348b1c82681cb3dffef1c..41a1320012de0be60288981c0cb1e6e3f48473bc 100644 (file)
--- a/forum/views/writers.py
+++ b/forum/views/writers.py
@@ -1,42 +1,25 @@
 # encoding:utf-8
 import os.path
 # encoding:utf-8
 import os.path
-import time, datetime, random
-import logging
-from django.core.files.storage import default_storage
+
+from django.views.decorators.csrf import csrf_exempt
+from django.core.files.storage import FileSystemStorage
 from django.shortcuts import render_to_response, get_object_or_404
 from django.shortcuts import render_to_response, get_object_or_404
-from django.contrib.auth.decorators import login_required
-from django.http import HttpResponseRedirect, HttpResponse, HttpResponseForbidden, Http404
+from django.http import HttpResponseRedirect, HttpResponse, Http404
 from django.template import RequestContext
 from django.utils.html import *
 from django.template import RequestContext
 from django.utils.html import *
-from django.utils import simplejson
 from django.utils.translation import ugettext as _
 from django.utils.translation import ugettext as _
-from django.core.urlresolvers import reverse
-from django.core.exceptions import PermissionDenied
 
 
-from forum.utils.html import sanitize_html
-from markdown2 import Markdown
+from forum.actions import AskAction, AnswerAction, ReviseAction, RollbackAction, RetagAction, AnswerToQuestionAction, CommentToQuestionAction
 from forum.forms import *
 from forum.models import *
 from forum.forms import *
 from forum.models import *
-from forum.auth import *
-from forum.const import *
-from forum import auth
-from forum.utils.forms import get_next_url
-from forum.views.readers import _get_tags_cache_json
-
-# used in index page
-INDEX_PAGE_SIZE = 20
-INDEX_AWARD_SIZE = 15
-INDEX_TAGS_SIZE = 100
-# used in tags list
-DEFAULT_PAGE_SIZE = 60
-# used in questions
-QUESTIONS_PAGE_SIZE = 10
-# used in answers
-ANSWERS_PAGE_SIZE = 10
-
-markdowner = Markdown(html4tags=True)
-
-def upload(request):#ajax upload file to a question or answer 
+from forum.utils import html
+
+from forum.http_responses import HttpResponseUnauthorized
+
+from vars import PENDING_SUBMISSION_SESSION_ATTR
+
+@csrf_exempt
+def upload(request):#ajax upload file to a question or answer
     class FileTypeNotAllow(Exception):
         pass
     class FileSizeNotAllow(Exception):
     class FileTypeNotAllow(Exception):
         pass
     class FileSizeNotAllow(Exception):
@@ -44,149 +27,123 @@ def upload(request):#ajax upload file to a question or answer
     class UploadPermissionNotAuthorized(Exception):
         pass
 
     class UploadPermissionNotAuthorized(Exception):
         pass
 
-    #<result><msg><![CDATA[%s]]></msg><error><![CDATA[%s]]></error><file_url>%s</file_url></result>
     xml_template = "<result><msg><![CDATA[%s]]></msg><error><![CDATA[%s]]></error><file_url>%s</file_url></result>"
 
     try:
         f = request.FILES['file-upload']
         # check upload permission
     xml_template = "<result><msg><![CDATA[%s]]></msg><error><![CDATA[%s]]></error><file_url>%s</file_url></result>"
 
     try:
         f = request.FILES['file-upload']
         # check upload permission
-        if not auth.can_upload_files(request.user):
-            raise UploadPermissionNotAuthorized
+        if not request.user.can_upload_files():
+            raise UploadPermissionNotAuthorized()
 
         # check file type
 
         # check file type
-        file_name_suffix = os.path.splitext(f.name)[1].lower()
-        if not file_name_suffix in settings.ALLOW_FILE_TYPES:
-            raise FileTypeNotAllow
-
-        # generate new file name
-        new_file_name = str(time.time()).replace('.', str(random.randint(0,100000))) + file_name_suffix
-        # use default storage to store file
-        default_storage.save(new_file_name, f)
+        try:
+            file_name_suffix = os.path.splitext(f.name)[1].lower()
+        except KeyError:
+            raise FileTypeNotAllow()
+
+        if not file_name_suffix in ('.jpg', '.jpeg', '.gif', '.png', '.bmp', '.tiff', '.ico'):
+            raise FileTypeNotAllow()
+
+        storage = FileSystemStorage(str(settings.UPFILES_FOLDER), str(settings.UPFILES_ALIAS))
+        new_file_name = storage.save("_".join(f.name.split()), f)
         # check file size
         # byte
         # check file size
         # byte
-        size = default_storage.size(new_file_name)
-        if size > settings.ALLOW_MAX_FILE_SIZE:
-            default_storage.delete(new_file_name)
-            raise FileSizeNotAllow
+        size = storage.size(new_file_name)
+
+        if size > float(settings.ALLOW_MAX_FILE_SIZE) * 1024 * 1024:
+            storage.delete(new_file_name)
+            raise FileSizeNotAllow()
 
 
-        result = xml_template % ('Good', '', default_storage.url(new_file_name))
+        result = xml_template % ('Good', '', str(settings.UPFILES_ALIAS) + new_file_name)
     except UploadPermissionNotAuthorized:
         result = xml_template % ('', _('uploading images is limited to users with >60 reputation points'), '')
     except FileTypeNotAllow:
         result = xml_template % ('', _("allowed file types are 'jpg', 'jpeg', 'gif', 'bmp', 'png', 'tiff'"), '')
     except FileSizeNotAllow:
     except UploadPermissionNotAuthorized:
         result = xml_template % ('', _('uploading images is limited to users with >60 reputation points'), '')
     except FileTypeNotAllow:
         result = xml_template % ('', _("allowed file types are 'jpg', 'jpeg', 'gif', 'bmp', 'png', 'tiff'"), '')
     except FileSizeNotAllow:
-        result = xml_template % ('', _("maximum upload file size is %sK") % settings.ALLOW_MAX_FILE_SIZE / 1024, '')
-    except Exception:
-        result = xml_template % ('', _('Error uploading file. Please contact the site administrator. Thank you. %s' % Exception), '')
+        result = xml_template % ('', _("maximum upload file size is %sM") % settings.ALLOW_MAX_FILE_SIZE, '')
+    except Exception, e:
+        result = xml_template % ('', _('Error uploading file. Please contact the site administrator. Thank you. %s' % e), '')
 
     return HttpResponse(result, mimetype="application/xml")
 
 
     return HttpResponse(result, mimetype="application/xml")
 
-#@login_required #actually you can post anonymously, but then must register
-def ask(request):#view used to ask a new question
-    """a view to ask a new question
-    gives space for q title, body, tags and checkbox for to post as wiki
+def ask(request):
+    form = None
 
 
-    user can start posting a question anonymously but then
-    must login/register in order for the question go be shown
-    """
-    if request.method == "POST":
-        form = AskForm(request.POST)
-        if form.is_valid():
+    if request.POST:
+        if request.session.pop('reviewing_pending_data', False):
+            form = AskForm(initial=request.POST, user=request.user)
+        elif "text" in request.POST:
+            form = AskForm(request.POST, user=request.user)
+            if form.is_valid():
+                if request.user.is_authenticated() and request.user.email_valid_and_can_ask():
+                    ask_action = AskAction(user=request.user, ip=request.META['REMOTE_ADDR']).save(data=form.cleaned_data)
+                    question = ask_action.node
 
 
-            added_at = datetime.datetime.now()
-            title = strip_tags(form.cleaned_data['title'].strip())
-            wiki = form.cleaned_data['wiki']
-            tagnames = form.cleaned_data['tags'].strip()
-            text = form.cleaned_data['text']
-            html = sanitize_html(markdowner.convert(text))
-            summary = strip_tags(html)[:120]
+                    if settings.WIKI_ON and request.POST.get('wiki', False):
+                        question.nstate.wiki = ask_action
 
 
-            if request.user.is_authenticated():
-                author = request.user 
-
-                question = Question.objects.create_new(
-                    title            = title,
-                    author           = author, 
-                    added_at         = added_at,
-                    wiki             = wiki,
-                    tagnames         = tagnames,
-                    summary          = summary,
-                    text = sanitize_html(markdowner.convert(text))
-                )
+                    return HttpResponseRedirect(question.get_absolute_url())
+                else:
+                    request.session[PENDING_SUBMISSION_SESSION_ATTR] = {
+                        'POST': request.POST,
+                        'data_name': _("question"),
+                        'type': 'ask',
+                        'submission_url': reverse('ask'),
+                        'time': datetime.datetime.now()
+                    }
 
 
-                return HttpResponseRedirect(question.get_absolute_url())
-            else:
-                request.session.flush()
-                session_key = request.session.session_key
-                question = AnonymousQuestion(
-                    session_key = session_key,
-                    title       = title,
-                    tagnames = tagnames,
-                    wiki = wiki,
-                    text = text,
-                    summary = summary,
-                    added_at = added_at,
-                    ip_addr = request.META['REMOTE_ADDR'],
-                )
-                question.save()
-                return HttpResponseRedirect(reverse('auth_action_signin', kwargs={'action': 'newquestion'}))
-    else:
-        form = AskForm()
+                    if request.user.is_authenticated():
+                        request.user.message_set.create(message=_("Your question is pending until you %s.") % html.hyperlink(
+                            reverse('send_validation_email'), _("validate your email")
+                        ))
+                        return HttpResponseRedirect(reverse('index'))
+                    else:
+                        return HttpResponseRedirect(reverse('auth_signin'))
+        elif "go" in request.POST:
+            form = AskForm({'title': request.POST['q']}, user=request.user)
+            
+    if not form:
+        form = AskForm(user=request.user)
 
 
-    tags = _get_tags_cache_json()
     return render_to_response('ask.html', {
         'form' : form,
     return render_to_response('ask.html', {
         'form' : form,
-        'tags' : tags,
-        'email_validation_faq_url':reverse('faq') + '#validate',
+        'tab' : 'ask'
         }, context_instance=RequestContext(request))
 
         }, context_instance=RequestContext(request))
 
-@login_required
-def edit_question(request, id):#edit or retag a question
-    """view to edit question
-    """
+def convert_to_question(request, id):
+    user = request.user
+
+    node_type = request.GET.get('node_type', 'answer')
+    if node_type == 'comment':
+        node = get_object_or_404(Comment, id=id)
+        action_class = CommentToQuestionAction
+    else:
+        node = get_object_or_404(Answer, id=id)
+        action_class = AnswerToQuestionAction
+
+    if not user.can_convert_to_question(node):
+        return HttpResponseUnauthorized(request)
+
+    return _edit_question(request, node, template='node/convert_to_question.html', summary=_("Converted to question"),
+                           action_class =action_class, allow_rollback=False, url_getter=lambda a: Question.objects.get(id=a.id).get_absolute_url())
+
+def edit_question(request, id):
     question = get_object_or_404(Question, id=id)
     question = get_object_or_404(Question, id=id)
-    if question.deleted and not auth.can_view_deleted_post(request.user, question):
+    if question.nis.deleted and not request.user.can_view_deleted_post(question):
         raise Http404
         raise Http404
-    if auth.can_edit_post(request.user, question):
+    if request.user.can_edit_post(question):
         return _edit_question(request, question)
         return _edit_question(request, question)
-    elif auth.can_retag_questions(request.user):
+    elif request.user.can_retag_questions():
         return _retag_question(request, question)
     else:
         raise Http404
 
         return _retag_question(request, question)
     else:
         raise Http404
 
-def _retag_question(request, question):#non-url subview of edit question - just retag
-    """retag question sub-view used by
-    view "edit_question"
-    """
+def _retag_question(request, question):
     if request.method == 'POST':
         form = RetagQuestionForm(question, request.POST)
         if form.is_valid():
             if form.has_changed():
     if request.method == 'POST':
         form = RetagQuestionForm(question, request.POST)
         if form.is_valid():
             if form.has_changed():
-                latest_revision = question.get_latest_revision()
-                retagged_at = datetime.datetime.now()
-                # Update the Question itself
-                Question.objects.filter(id=question.id).update(
-                    tagnames         = form.cleaned_data['tags'],
-                    last_edited_at   = retagged_at,
-                    last_edited_by   = request.user,
-                    last_activity_at = retagged_at,
-                    last_activity_by = request.user
-                )
-                # Update the Question's tag associations
-                tags_updated = Question.objects.update_tags(question,
-                    form.cleaned_data['tags'], request.user)
-                # Create a new revision
-                QuestionRevision.objects.create(
-                    question   = question,
-                    title      = latest_revision.title,
-                    author     = request.user,
-                    revised_at = retagged_at,
-                    tagnames   = form.cleaned_data['tags'],
-                    summary    = CONST['retagged'],
-                    text       = latest_revision.text
-                )
-                # send tags updated singal
-                tags_updated.send(sender=question.__class__, question=question)
+                RetagAction(user=request.user, node=question, ip=request.META['REMOTE_ADDR']).save(data=dict(tagnames=form.cleaned_data['tags']))
 
             return HttpResponseRedirect(question.get_absolute_url())
     else:
 
             return HttpResponseRedirect(question.get_absolute_url())
     else:
@@ -194,249 +151,140 @@ def _retag_question(request, question):#non-url subview of edit question - just
     return render_to_response('question_retag.html', {
         'question': question,
         'form' : form,
     return render_to_response('question_retag.html', {
         'question': question,
         'form' : form,
-        'tags' : _get_tags_cache_json(),
+        #'tags' : _get_tags_cache_json(),
     }, context_instance=RequestContext(request))
 
     }, context_instance=RequestContext(request))
 
-def _edit_question(request, question):#non-url subview of edit_question - just edit the body/title
-    latest_revision = question.get_latest_revision()
-    revision_form = None
+def _edit_question(request, question, template='question_edit.html', summary='', action_class=ReviseAction, allow_rollback=True, url_getter=lambda q: q.get_absolute_url()):
     if request.method == 'POST':
     if request.method == 'POST':
+        revision_form = RevisionForm(question, data=request.POST)
+        revision_form.is_valid()
+        revision = question.revisions.get(revision=revision_form.cleaned_data['revision'])
+
         if 'select_revision' in request.POST:
         if 'select_revision' in request.POST:
-            # user has changed revistion number
-            revision_form = RevisionForm(question, latest_revision, request.POST)
-            if revision_form.is_valid():
-                # Replace with those from the selected revision
-                form = EditQuestionForm(question,
-                    QuestionRevision.objects.get(question=question,
-                        revision=revision_form.cleaned_data['revision']))
-            else:
-                form = EditQuestionForm(question, latest_revision, request.POST)
+            form = EditQuestionForm(question, request.user, revision)
         else:
         else:
-            # Always check modifications against the latest revision
-            form = EditQuestionForm(question, latest_revision, request.POST)
-            if form.is_valid():
-                html = sanitize_html(markdowner.convert(form.cleaned_data['text']))
-                if form.has_changed():
-                    edited_at = datetime.datetime.now()
-                    tags_changed = (latest_revision.tagnames !=
-                                    form.cleaned_data['tags'])
-                    tags_updated = False
-                    # Update the Question itself
-                    updated_fields = {
-                        'title': form.cleaned_data['title'],
-                        'last_edited_at': edited_at,
-                        'last_edited_by': request.user,
-                        'last_activity_at': edited_at,
-                        'last_activity_by': request.user,
-                        'tagnames': form.cleaned_data['tags'],
-                        'summary': strip_tags(html)[:120],
-                        'html': html,
-                    }
+            form = EditQuestionForm(question, request.user, revision, data=request.POST)
+
+        if not 'select_revision' in request.POST and form.is_valid():
+            if form.has_changed():
+                action = action_class(user=request.user, node=question, ip=request.META['REMOTE_ADDR']).save(data=form.cleaned_data)
 
 
-                    # only save when it's checked
-                    # because wiki doesn't allow to be edited if last version has been enabled already
-                    # and we make sure this in forms.
-                    if ('wiki' in form.cleaned_data and
-                        form.cleaned_data['wiki']):
-                        updated_fields['wiki'] = True
-                        updated_fields['wikified_at'] = edited_at
-
-                    Question.objects.filter(
-                        id=question.id).update(**updated_fields)
-                    # Update the Question's tag associations
-                    if tags_changed:
-                        tags_updated = Question.objects.update_tags(
-                            question, form.cleaned_data['tags'], request.user)
-                    # Create a new revision
-                    revision = QuestionRevision(
-                        question   = question,
-                        title      = form.cleaned_data['title'],
-                        author     = request.user,
-                        revised_at = edited_at,
-                        tagnames   = form.cleaned_data['tags'],
-                        text       = form.cleaned_data['text'],
-                    )
-                    if form.cleaned_data['summary']:
-                        revision.summary = form.cleaned_data['summary']
+                if settings.WIKI_ON:
+                    if request.POST.get('wiki', False) and not question.nis.wiki:
+                        question.nstate.wiki = action
+                    elif question.nis.wiki and (not request.POST.get('wiki', False)) and request.user.can_cancel_wiki(question):
+                        question.nstate.wiki = None
+            else:
+                if not revision == question.active_revision:
+                    if allow_rollback:
+                        RollbackAction(user=request.user, node=question).save(data=dict(activate=revision))
                     else:
                     else:
-                        revision.summary = 'No.%s Revision' % latest_revision.revision
-                    revision.save()
+                        pass
 
 
-                return HttpResponseRedirect(question.get_absolute_url())
+            return HttpResponseRedirect(url_getter(question))
     else:
     else:
+        revision_form = RevisionForm(question)
+        form = EditQuestionForm(question, request.user, initial={'summary': summary})
 
 
-        revision_form = RevisionForm(question, latest_revision)
-        form = EditQuestionForm(question, latest_revision)
-    return render_to_response('question_edit.html', {
+    return render_to_response(template, {
         'question': question,
         'revision_form': revision_form,
         'form' : form,
         'question': question,
         'revision_form': revision_form,
         'form' : form,
-        'tags' : _get_tags_cache_json()
     }, context_instance=RequestContext(request))
 
     }, context_instance=RequestContext(request))
 
-@login_required
+
 def edit_answer(request, id):
     answer = get_object_or_404(Answer, id=id)
 def edit_answer(request, id):
     answer = get_object_or_404(Answer, id=id)
-    if answer.deleted and not auth.can_view_deleted_post(request.user, answer):
+    if answer.deleted and not request.user.can_view_deleted_post(answer):
         raise Http404
         raise Http404
-    elif not auth.can_edit_post(request.user, answer):
+    elif not request.user.can_edit_post(answer):
         raise Http404
         raise Http404
-    else:
-        latest_revision = answer.get_latest_revision()
-        if request.method == "POST":
-            if 'select_revision' in request.POST:
-                # user has changed revistion number
-                revision_form = RevisionForm(answer, latest_revision, request.POST)
-                if revision_form.is_valid():
-                    # Replace with those from the selected revision
-                    form = EditAnswerForm(answer,
-                                          AnswerRevision.objects.get(answer=answer,
-                                          revision=revision_form.cleaned_data['revision']))
-                else:
-                    form = EditAnswerForm(answer, latest_revision, request.POST)
-            else:
-                form = EditAnswerForm(answer, latest_revision, request.POST)
-                if form.is_valid():
-                    html = sanitize_html(markdowner.convert(form.cleaned_data['text']))
-                    if form.has_changed():
-                        edited_at = datetime.datetime.now()
-                        updated_fields = {
-                            'last_edited_at': edited_at,
-                            'last_edited_by': request.user,
-                            'html': html,
-                        }
-                        Answer.objects.filter(id=answer.id).update(**updated_fields)
-
-                        revision = AnswerRevision(
-                                                  answer=answer,
-                                                  author=request.user,
-                                                  revised_at=edited_at,
-                                                  text=form.cleaned_data['text']
-                                                  )
-
-                        if form.cleaned_data['summary']:
-                            revision.summary = form.cleaned_data['summary']
-                        else:
-                            revision.summary = 'No.%s Revision' % latest_revision.revision
-                        revision.save()
-
-                        answer.question.last_activity_at = edited_at
-                        answer.question.last_activity_by = request.user
-                        answer.question.save()
-
-                    return HttpResponseRedirect(answer.get_absolute_url())
+
+    if request.method == "POST":
+        revision_form = RevisionForm(answer, data=request.POST)
+        revision_form.is_valid()
+        revision = answer.revisions.get(revision=revision_form.cleaned_data['revision'])
+
+        if 'select_revision' in request.POST:
+            form = EditAnswerForm(answer, request.user, revision)
         else:
         else:
-            revision_form = RevisionForm(answer, latest_revision)
-            form = EditAnswerForm(answer, latest_revision)
-        return render_to_response('answer_edit.html', {
-                                  'answer': answer,
-                                  'revision_form': revision_form,
-                                  'form': form,
-                                  }, context_instance=RequestContext(request))
-
-def answer(request, id):#process a new answer
+            form = EditAnswerForm(answer, request.user, revision, data=request.POST)
+
+        if not 'select_revision' in request.POST and form.is_valid():
+            if form.has_changed():
+                action = ReviseAction(user=request.user, node=answer, ip=request.META['REMOTE_ADDR']).save(data=form.cleaned_data)
+
+                if settings.WIKI_ON:
+                    if request.POST.get('wiki', False) and not answer.nis.wiki:
+                        answer.nstate.wiki = action
+                    elif answer.nis.wiki and (not request.POST.get('wiki', False)) and request.user.can_cancel_wiki(answer):
+                        answer.nstate.wiki = None
+            else:
+                if not revision == answer.active_revision:
+                    RollbackAction(user=request.user, node=answer, ip=request.META['REMOTE_ADDR']).save(data=dict(activate=revision))
+
+            return HttpResponseRedirect(answer.get_absolute_url())
+
+    else:
+        revision_form = RevisionForm(answer)
+        form = EditAnswerForm(answer, request.user)
+    return render_to_response('answer_edit.html', {
+                              'answer': answer,
+                              'revision_form': revision_form,
+                              'form': form,
+                              }, context_instance=RequestContext(request))
+
+def answer(request, id):
     question = get_object_or_404(Question, id=id)
     question = get_object_or_404(Question, id=id)
-    if request.method == "POST":
-        form = AnswerForm(question, request.user, request.POST)
-        if form.is_valid():
-            wiki = form.cleaned_data['wiki']
-            text = form.cleaned_data['text']
-            update_time = datetime.datetime.now()
+
+    if request.POST:
+        form = AnswerForm(request.POST, request.user)
+
+        if request.session.pop('reviewing_pending_data', False) or not form.is_valid():
+            request.session['redirect_POST_data'] = request.POST
+            return HttpResponseRedirect(question.get_absolute_url() + '#fmanswer')
+
+        if request.user.is_authenticated() and request.user.email_valid_and_can_answer():
+            answer_action = AnswerAction(user=request.user, ip=request.META['REMOTE_ADDR']).save(dict(question=question, **form.cleaned_data))
+            answer = answer_action.node
+
+            if settings.WIKI_ON and request.POST.get('wiki', False):
+                answer.nstate.wiki = answer_action
+
+            return HttpResponseRedirect(answer.get_absolute_url())
+        else:
+            request.session[PENDING_SUBMISSION_SESSION_ATTR] = {
+                'POST': request.POST,
+                'data_name': _("answer"),
+                'type': 'answer',
+                'submission_url': reverse('answer', kwargs={'id': id}),
+                'time': datetime.datetime.now()
+            }
 
             if request.user.is_authenticated():
 
             if request.user.is_authenticated():
-                Answer.objects.create_new(
-                                  question=question,
-                                  author=request.user,
-                                  added_at=update_time,
-                                  wiki=wiki,
-                                  text=sanitize_html(markdowner.convert(text)),
-                                  email_notify=form.cleaned_data['email_notify']
-                                  )
+                request.user.message_set.create(message=_("Your answer is pending until you %s.") % html.hyperlink(
+                    reverse('send_validation_email'), _("validate your email")
+                ))
+                return HttpResponseRedirect(question.get_absolute_url())
             else:
             else:
-                request.session.flush()
-                html = sanitize_html(markdowner.convert(text))
-                summary = strip_tags(html)[:120]
-                anon = AnonymousAnswer(
-                                       question=question,
-                                       wiki=wiki,
-                                       text=text,
-                                       summary=summary,
-                                       session_key=request.session.session_key,
-                                       ip_addr=request.META['REMOTE_ADDR'],
-                                       )
-                anon.save()
-                return HttpResponseRedirect(reverse('auth_action_signin', kwargs={'action': 'newanswer'}))
+                return HttpResponseRedirect(reverse('auth_signin'))
 
     return HttpResponseRedirect(question.get_absolute_url())
 
 
     return HttpResponseRedirect(question.get_absolute_url())
 
-def __generate_comments_json(obj, type, user):#non-view generates json data for the post comments
-    comments = obj.comments.all().order_by('id')
-    # {"Id":6,"PostId":38589,"CreationDate":"an hour ago","Text":"hello there!","UserDisplayName":"Jarrod Dixon","UserUrl":"/users/3/jarrod-dixon","DeleteUrl":null}
-    json_comments = []
-    from forum.templatetags.extra_tags import diff_date
-    for comment in comments:
-        comment_user = comment.user
-        delete_url = ""
-        if user != None and auth.can_delete_comment(user, comment):
-            #/posts/392845/comments/219852/delete
-            #todo translate this url
-            delete_url = reverse('index') + type + "s/%s/comments/%s/delete/" % (obj.id, comment.id)
-        json_comments.append({"id" : comment.id,
-            "object_id" : obj.id,
-            "comment_age" : diff_date(comment.added_at),
-            "text" : comment.comment,
-            "user_display_name" : comment_user.username,
-            "user_url" : comment_user.get_profile_url(),
-            "delete_url" : delete_url
-        })
-
-    data = simplejson.dumps(json_comments)
-    return HttpResponse(data, mimetype="application/json")
-
-
-def question_comments(request, id):#ajax handler for loading comments to question
-    question = get_object_or_404(Question, id=id)
-    user = request.user
-    return __comments(request, question, 'question')
 
 
-def answer_comments(request, id):#ajax handler for loading comments on answer
-    answer = get_object_or_404(Answer, id=id)
-    user = request.user
-    return __comments(request, answer, 'answer')
+def manage_pending_data(request, action, forward=None):
+    pending_data = request.session.pop(PENDING_SUBMISSION_SESSION_ATTR, None)
+
+    if not pending_data:
+        raise Http404
+
+    if action == _("cancel"):
+        return HttpResponseRedirect(forward or request.META.get('HTTP_REFERER', '/'))
+    else:
+        if action == _("review"):
+            request.session['reviewing_pending_data'] = True
+
+        request.session['redirect_POST_data'] = pending_data['POST']
+        return HttpResponseRedirect(pending_data['submission_url'])
+
 
 
-def __comments(request, obj, type):#non-view generic ajax handler to load comments to an object
-    # only support get post comments by ajax now
-    user = request.user
-    if request.is_ajax():
-        if request.method == "GET":
-            response = __generate_comments_json(obj, type, user)
-        elif request.method == "POST":
-            if auth.can_add_comments(user,obj):
-                comment_data = request.POST.get('comment')
-                comment = Comment(content_object=obj, comment=comment_data, user=request.user)
-                comment.save()
-                obj.comment_count = obj.comment_count + 1
-                obj.save()
-                response = __generate_comments_json(obj, type, user)
-            else:
-                response = HttpResponseForbidden(mimetype="application/json")
-        return response
-
-def delete_comment(request, object_id='', comment_id='', commented_object_type=None):#ajax handler to delete comment
-    response = None
-    commented_object = None
-    if commented_object_type == 'question':
-        commented_object = Question
-    elif commented_object_type == 'answer':
-        commented_object = Answer
-
-    if request.is_ajax():
-        comment = get_object_or_404(Comment, id=comment_id)
-        if auth.can_delete_comment(request.user, comment):
-            obj = get_object_or_404(commented_object, id=object_id)
-            obj.comments.remove(comment)
-            obj.comment_count = obj.comment_count - 1
-            obj.save()
-            user = request.user
-            return __generate_comments_json(obj, commented_object_type, user)
-    raise PermissionDenied()
OSQA