]> git.openstreetmap.org Git - osqa.git/blobdiff - forum/views/commands.py
Prevent XSS attacks with wmd using the google-caja html sanitizer.
[osqa.git] / forum / views / commands.py
index c4c0326e704f20651e1842371dff46251d860fb0..2f35c1ecc82abc7f866ebf3287526f3f41e9eddd 100644 (file)
@@ -3,12 +3,14 @@
 import datetime
 import logging
 
+from urllib import urlencode
+
 from django.core.exceptions import ObjectDoesNotExist
 from django.core.urlresolvers import reverse
 from django.utils import simplejson
 from django.utils.encoding import smart_unicode
 from django.utils.translation import ungettext, ugettext as _
-from django.http import HttpResponse, Http404
+from django.http import HttpResponse, HttpResponseRedirect, Http404
 from django.shortcuts import get_object_or_404, render_to_response
 
 from forum.models import *
@@ -20,12 +22,23 @@ from forum import settings
 from decorators import command, CommandException, RefreshPageCommand
 
 class NotEnoughRepPointsException(CommandException):
-    def __init__(self, action):
-        super(NotEnoughRepPointsException, self).__init__(
-                _(
-                        """Sorry, but you don't have enough reputation points to %(action)s.<br />Please check the <a href='%(faq_url)s'>faq</a>"""
-                        ) % {'action': action, 'faq_url': reverse('faq')}
-                )
+    def __init__(self, action, user_reputation=None, reputation_required=None, node=None):
+        if reputation_required is not None and user_reputation is not None:
+            message = _(
+                """Sorry, but you don't have enough reputation points to %(action)s.<br />
+                The minimum reputation required is %(reputation_required)d (yours is %(user_reputation)d).
+                Please check the <a href='%(faq_url)s'>FAQ</a>"""
+            ) % {
+                'action': action,
+                'faq_url': reverse('faq'),
+                'reputation_required' : reputation_required,
+                'user_reputation' : user_reputation,
+            }
+        else:
+            message = _(
+                """Sorry, but you don't have enough reputation points to %(action)s.<br />Please check the <a href='%(faq_url)s'>faq</a>"""
+            ) % {'action': action, 'faq_url': reverse('faq')}
+        super(NotEnoughRepPointsException, self).__init__(message)
 
 class CannotDoOnOwnException(CommandException):
     def __init__(self, action):
@@ -72,7 +85,9 @@ def vote_post(request, id, vote_type):
         raise CannotDoOnOwnException(_('vote'))
 
     if not (vote_type == 'up' and user.can_vote_up() or user.can_vote_down()):
-        raise NotEnoughRepPointsException(vote_type == 'up' and _('upvote') or _('downvote'))
+        reputation_required = int(settings.REP_TO_VOTE_UP) if vote_type == 'up' else int(settings.REP_TO_VOTE_DOWN)
+        action_type = vote_type == 'up' and _('upvote') or _('downvote')
+        raise NotEnoughRepPointsException(action_type, user_reputation=user.reputation, reputation_required=reputation_required, node=post)
 
     user_vote_count_today = user.get_vote_count_today()
     user_can_vote_count_today = user.can_vote_count_today()
@@ -163,7 +178,7 @@ def like_comment(request, id):
         raise CannotDoOnOwnException(_('like'))
 
     if not user.can_like_comment(comment):
-        raise NotEnoughRepPointsException( _('like comments'))
+        raise NotEnoughRepPointsException( _('like comments'), node=comment)
 
     like = VoteAction.get_action_for(node=comment, user=user)
 
@@ -203,17 +218,17 @@ def delete_comment(request, id):
 
 @decorate.withfn(command)
 def mark_favorite(request, id):
-    question = get_object_or_404(Question, id=id)
+    node = get_object_or_404(Node, id=id)
 
     if not request.user.is_authenticated():
         raise AnonymousNotAllowedException(_('mark a question as favorite'))
 
     try:
-        favorite = FavoriteAction.objects.get(canceled=False, node=question, user=request.user)
+        favorite = FavoriteAction.objects.get(canceled=False, node=node, user=request.user)
         favorite.cancel(ip=request.META['REMOTE_ADDR'])
         added = False
     except ObjectDoesNotExist:
-        FavoriteAction(node=question, user=request.user, ip=request.META['REMOTE_ADDR']).save()
+        FavoriteAction(node=node, user=request.user, ip=request.META['REMOTE_ADDR']).save()
         added = True
 
     return {
@@ -269,6 +284,7 @@ def comment(request, id):
                 reverse('node_markdown', kwargs={'id': comment.id}),
                 reverse('convert_comment', kwargs={'id': comment.id}),
                 user.can_convert_comment_to_answer(comment),
+                bool(settings.SHOW_LATEST_COMMENTS_FIRST)
                 ]
         }
         }
@@ -325,6 +341,21 @@ def accept_answer(request, id):
 
 
         AcceptAnswerAction(node=answer, user=user, ip=request.META['REMOTE_ADDR']).save()
+
+        # If the request is not an AJAX redirect to the answer URL rather than to the home page
+        if not request.is_ajax():
+            msg = _("""
+              Congratulations! You've accepted an answer.
+            """)
+
+            # Notify the user with a message that an answer has been accepted
+            request.user.message_set.create(message=msg)
+
+            # Redirect URL should include additional get parameters that might have been attached
+            redirect_url = answer.parent.get_absolute_url() + "?accepted_answer=true&%s" % smart_unicode(urlencode(request.GET))
+
+            return HttpResponseRedirect(redirect_url)
+
         commands['mark_accepted'] = [answer.id]
 
     return {'commands': commands}