X-Git-Url: https://git.openstreetmap.org./osqa.git/blobdiff_plain/c6c168511f18d8984901b2c828a47310a2d54d64..a0273ff358d8725b4f137dfa95754c3c43379ecb:/forum/views/admin.py

diff --git a/forum/views/admin.py b/forum/views/admin.py
index 4b07915..da9dc67 100644
--- a/forum/views/admin.py
+++ b/forum/views/admin.py
@@ -1,20 +1,21 @@
 from datetime import datetime, timedelta
-import os, time, csv, random
+import time
 
+from django.views.decorators.csrf import csrf_exempt
 from django.shortcuts import render_to_response, get_object_or_404
 from django.core.urlresolvers import reverse
 from django.http import HttpResponseRedirect, HttpResponse, Http404
-from forum.http_responses import HttpResponseUnauthorized
 from django.template import RequestContext
 from django.utils.translation import ugettext as _
 from django.utils import simplejson
 from django.db import models
+
+from forum.http_responses import HttpResponseUnauthorized
 from forum.settings.base import Setting
 from forum.forms import MaintenanceModeForm, PageForm, CreateUserForm
 from forum.settings.forms import SettingsSetForm
 from forum.utils import pagination, html
 from forum.utils.mail import send_template_email
-
 from forum.models import Question, Answer, User, Node, Action, Page, NodeState, Tag
 from forum.models.node import NodeMetaClass
 from forum.actions import NewPageAction, EditPageAction, PublishAction, DeleteAction, UserJoinsAction, CloseAction
@@ -31,28 +32,51 @@ def super_user_required(fn):
 
     return wrapper
 
-def admin_page(fn):
-    @super_user_required
+def staff_user_required(fn):
     def wrapper(request, *args, **kwargs):
-        res = fn(request, *args, **kwargs)
-        if isinstance(res, HttpResponse):
-            return res
+        if request.user.is_authenticated() and (request.user.is_staff or request.user.is_superuser):
+            return fn(request, *args, **kwargs)
+        else:
+            return HttpResponseUnauthorized(request)
+
+    return wrapper
+
+def admin_page_wrapper(fn, request, *args, **kwargs):
+    res = fn(request, *args, **kwargs)
+    if isinstance(res, HttpResponse):
+        return res
 
-        template, context = res
-        context['basetemplate'] = settings.DJSTYLE_ADMIN_INTERFACE and "osqaadmin/djstyle_base.html" or "osqaadmin/base.html"
-        context['allsets'] = Setting.sets
-        context['othersets'] = sorted(
-                [s for s in Setting.sets.values() if not s.name in
-                ('basic', 'users', 'email', 'paths', 'extkeys', 'repgain', 'minrep', 'voting', 'accept', 'badges', 'about', 'faq', 'sidebar',
-                'form', 'moderation', 'css', 'headandfoot', 'head', 'view', 'urls')]
-                , lambda s1, s2: s1.weight - s2.weight)
+    template, context = res
+    context['basetemplate'] = settings.DJSTYLE_ADMIN_INTERFACE and "osqaadmin/djstyle_base.html" or "osqaadmin/base.html"
+    context['allsets'] = Setting.sets
+    context['othersets'] = sorted(
+            [s for s in Setting.sets.values() if not s.name in
+            ('basic', 'users', 'email', 'paths', 'extkeys', 'repgain', 'minrep', 'voting', 'accept', 'badges', 'about', 'faq', 'sidebar',
+            'form', 'moderation', 'css', 'headandfoot', 'head', 'view', 'urls')]
+            , lambda s1, s2: s1.weight - s2.weight)
 
-        context['tools'] = TOOLS
+    context['tools'] = [(name, fn.label) for name, fn in TOOLS.items()]
 
-        unsaved = request.session.get('previewing_settings', {})
-        context['unsaved'] = set([getattr(settings, s).set.name for s in unsaved.keys() if hasattr(settings, s)])
+    # Show the navigation only to moderators and super users
+    if not context.has_key("hide_navigation"):
+        context['hide_navigation'] = not request.user.is_superuser
 
-        return render_to_response(template, context, context_instance=RequestContext(request))
+    unsaved = request.session.get('previewing_settings', {})
+    context['unsaved'] = set([getattr(settings, s).set.name for s in unsaved.keys() if hasattr(settings, s)])
+
+    return render_to_response(template, context, context_instance=RequestContext(request))
+
+def admin_page(fn):
+    @super_user_required
+    def wrapper(request, *args, **kwargs):
+        return admin_page_wrapper(fn, request, *args, **kwargs)
+
+    return wrapper
+
+def moderation_page(fn):
+    @staff_user_required
+    def wrapper(request, *args, **kwargs):
+        return admin_page_wrapper(fn, request, *args, **kwargs)
 
     return wrapper
 
@@ -328,7 +352,7 @@ def maintenance(request):
                                            })
 
 
-@admin_page
+@moderation_page
 def flagged_posts(request):
     return ('osqaadmin/flagged_posts.html', {
     'flagged_posts': get_flagged_posts(),
@@ -382,6 +406,12 @@ def edit_page(request, id=None):
     'published': published
     })
 
+@admin_page
+def delete_page(request, id=None):
+    page = get_object_or_404(Page, id=id)
+    page.delete()
+    return HttpResponseRedirect(reverse('admin_static_pages'))
+
 @admin_tools_page(_('createuser'), _("Create new user"))
 def create_user(request):
     if request.POST:
@@ -439,7 +469,7 @@ def node_management(request):
             selected_nodes = request.POST.getlist('_selected_node')
 
             if selected_nodes and request.POST.get('action', None):
-                action = request.POST['action']
+                action = str(request.POST['action'])
                 selected_nodes = Node.objects.filter(id__in=selected_nodes)
 
                 message = _("No action performed")
@@ -546,9 +576,10 @@ def node_management(request):
     'state_types': state_types,
     'authors': authors,
     'tags': tags,
-    'hide_menu': True
+    'hide_navigation': True
     }))
 
+@csrf_exempt
 @super_user_required
 def test_email_settings(request):
     user = request.user