]> git.openstreetmap.org Git - osqa.git/blobdiff - forum/views/writers.py
OSQA-696, user profile URLs shouldn't be arbitrary, comparing the passed slug and...
[osqa.git] / forum / views / writers.py
index 74708d651b685dd310350f0042423fae10c63c0f..41a1320012de0be60288981c0cb1e6e3f48473bc 100644 (file)
@@ -1,25 +1,24 @@
 # encoding:utf-8
 import os.path
-import time, datetime, random
-import logging
+
+from django.views.decorators.csrf import csrf_exempt
 from django.core.files.storage import FileSystemStorage
 from django.shortcuts import render_to_response, get_object_or_404
-from django.contrib.auth.decorators import login_required
 from django.http import HttpResponseRedirect, HttpResponse, Http404
 from django.template import RequestContext
 from django.utils.html import *
-from django.utils import simplejson
 from django.utils.translation import ugettext as _
-from django.core.urlresolvers import reverse
-from django.core.exceptions import PermissionDenied
 
-from forum.actions import AskAction, AnswerAction, ReviseAction, RollbackAction, RetagAction
+from forum.actions import AskAction, AnswerAction, ReviseAction, RollbackAction, RetagAction, AnswerToQuestionAction, CommentToQuestionAction
 from forum.forms import *
 from forum.models import *
-from forum.forms import get_next_url
 from forum.utils import html
 
+from forum.http_responses import HttpResponseUnauthorized
+
+from vars import PENDING_SUBMISSION_SESSION_ATTR
 
+@csrf_exempt
 def upload(request):#ajax upload file to a question or answer
     class FileTypeNotAllow(Exception):
         pass
@@ -85,7 +84,7 @@ def ask(request):
 
                     return HttpResponseRedirect(question.get_absolute_url())
                 else:
-                    request.session['pending_submission_data'] = {
+                    request.session[PENDING_SUBMISSION_SESSION_ATTR] = {
                         'POST': request.POST,
                         'data_name': _("question"),
                         'type': 'ask',
@@ -108,9 +107,26 @@ def ask(request):
 
     return render_to_response('ask.html', {
         'form' : form,
+        'tab' : 'ask'
         }, context_instance=RequestContext(request))
 
-@login_required
+def convert_to_question(request, id):
+    user = request.user
+
+    node_type = request.GET.get('node_type', 'answer')
+    if node_type == 'comment':
+        node = get_object_or_404(Comment, id=id)
+        action_class = CommentToQuestionAction
+    else:
+        node = get_object_or_404(Answer, id=id)
+        action_class = AnswerToQuestionAction
+
+    if not user.can_convert_to_question(node):
+        return HttpResponseUnauthorized(request)
+
+    return _edit_question(request, node, template='node/convert_to_question.html', summary=_("Converted to question"),
+                           action_class =action_class, allow_rollback=False, url_getter=lambda a: Question.objects.get(id=a.id).get_absolute_url())
+
 def edit_question(request, id):
     question = get_object_or_404(Question, id=id)
     if question.nis.deleted and not request.user.can_view_deleted_post(question):
@@ -138,7 +154,7 @@ def _retag_question(request, question):
         #'tags' : _get_tags_cache_json(),
     }, context_instance=RequestContext(request))
 
-def _edit_question(request, question):
+def _edit_question(request, question, template='question_edit.html', summary='', action_class=ReviseAction, allow_rollback=True, url_getter=lambda q: q.get_absolute_url()):
     if request.method == 'POST':
         revision_form = RevisionForm(question, data=request.POST)
         revision_form.is_valid()
@@ -151,7 +167,7 @@ def _edit_question(request, question):
 
         if not 'select_revision' in request.POST and form.is_valid():
             if form.has_changed():
-                action = ReviseAction(user=request.user, node=question, ip=request.META['REMOTE_ADDR']).save(data=form.cleaned_data)
+                action = action_class(user=request.user, node=question, ip=request.META['REMOTE_ADDR']).save(data=form.cleaned_data)
 
                 if settings.WIKI_ON:
                     if request.POST.get('wiki', False) and not question.nis.wiki:
@@ -160,21 +176,23 @@ def _edit_question(request, question):
                         question.nstate.wiki = None
             else:
                 if not revision == question.active_revision:
-                    RollbackAction(user=request.user, node=question).save(data=dict(activate=revision))
+                    if allow_rollback:
+                        RollbackAction(user=request.user, node=question).save(data=dict(activate=revision))
+                    else:
+                        pass
 
-            return HttpResponseRedirect(question.get_absolute_url())
+            return HttpResponseRedirect(url_getter(question))
     else:
         revision_form = RevisionForm(question)
-        form = EditQuestionForm(question, request.user)
+        form = EditQuestionForm(question, request.user, initial={'summary': summary})
 
-    return render_to_response('question_edit.html', {
+    return render_to_response(template, {
         'question': question,
         'revision_form': revision_form,
         'form' : form,
-        #'tags' : _get_tags_cache_json()
     }, context_instance=RequestContext(request))
 
-@login_required
+
 def edit_answer(request, id):
     answer = get_object_or_404(Answer, id=id)
     if answer.deleted and not request.user.can_view_deleted_post(answer):
@@ -220,7 +238,7 @@ def answer(request, id):
     question = get_object_or_404(Question, id=id)
 
     if request.POST:
-        form = AnswerForm(question, request.POST)
+        form = AnswerForm(request.POST, request.user)
 
         if request.session.pop('reviewing_pending_data', False) or not form.is_valid():
             request.session['redirect_POST_data'] = request.POST
@@ -235,7 +253,7 @@ def answer(request, id):
 
             return HttpResponseRedirect(answer.get_absolute_url())
         else:
-            request.session['pending_submission_data'] = {
+            request.session[PENDING_SUBMISSION_SESSION_ATTR] = {
                 'POST': request.POST,
                 'data_name': _("answer"),
                 'type': 'answer',
@@ -255,7 +273,7 @@ def answer(request, id):
 
 
 def manage_pending_data(request, action, forward=None):
-    pending_data = request.session.pop('pending_submission_data', None)
+    pending_data = request.session.pop(PENDING_SUBMISSION_SESSION_ATTR, None)
 
     if not pending_data:
         raise Http404