~panosl/+junk/django-attachments

1 by Martin Mahner
Initial structure and data
1
from django.shortcuts import render_to_response, get_object_or_404
2
from django.views.decorators.http import require_POST
3
from django.http import HttpResponseRedirect
4
from django.db.models.loading import get_model
5
from django.core.urlresolvers import reverse
6
from django.utils.translation import ugettext, ugettext_lazy as _
7
from django.template.context import RequestContext
20 by Martin Mahner
The views now require that the user is logged in. Before that, a non-authenticated user could add an attachments (if he guesses the url) which would raised an exception.
8
from django.contrib.auth.decorators import login_required
1 by Martin Mahner
Initial structure and data
9
from attachments.models import Attachment
10
from attachments.forms import AttachmentForm
11
12
def add_url_for_obj(obj):
13
    return reverse('add_attachment', kwargs={
14
                        'app_label': obj._meta.app_label,
15
                        'module_name': obj._meta.module_name,
16
                        'pk': obj.pk
17
                    })
18
19
@require_POST
20 by Martin Mahner
The views now require that the user is logged in. Before that, a non-authenticated user could add an attachments (if he guesses the url) which would raised an exception.
20
@login_required
1 by Martin Mahner
Initial structure and data
21
def add_attachment(request, app_label, module_name, pk,
22
                   template_name='attachments/add.html', extra_context={}):
23
10 by Martin Mahner
The add-view now redirects to the homepage if a nasty user alteres the url.
24
    next = request.POST.get('next', '/')
1 by Martin Mahner
Initial structure and data
25
    model = get_model(app_label, module_name)
10 by Martin Mahner
The add-view now redirects to the homepage if a nasty user alteres the url.
26
    if model is None:
27
        return HttpResponseRedirect(next)
1 by Martin Mahner
Initial structure and data
28
    obj = get_object_or_404(model, pk=pk)
29
    form = AttachmentForm(request.POST, request.FILES)
30
31
    if form.is_valid():
32
        form.save(request, obj)
33
        request.user.message_set.create(message=ugettext('Your attachment was uploaded.'))
34
        return HttpResponseRedirect(next)
35
    else:
36
        template_context = {
37
            'form': form,
38
            'form_url': add_url_for_obj(obj),
39
            'next': next,
40
        }
41
        template_context.update(extra_context)
42
        return render_to_response(template_name, template_context,
43
                                  RequestContext(request))
44
20 by Martin Mahner
The views now require that the user is logged in. Before that, a non-authenticated user could add an attachments (if he guesses the url) which would raised an exception.
45
@login_required
1 by Martin Mahner
Initial structure and data
46
def delete_attachment(request, attachment_pk):
47
    g = get_object_or_404(Attachment, pk=attachment_pk)
6 by Martin Mahner
Added further README, changed permission checkup order.
48
    if request.user.has_perm('delete_foreign_attachments') \
49
       or request.user == g.creator:
1 by Martin Mahner
Initial structure and data
50
        g.delete()
51
        request.user.message_set.create(message=ugettext('Your attachment was deleted.'))
52
    next = request.REQUEST.get('next') or '/'
53
    return HttpResponseRedirect(next)