X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fema.git;a=blobdiff_plain;f=eventos%2Fviews.py;h=de4dbc0f9d55bc5c731e36091e9460a0e0f4e3ed;hp=a4709525aec09651fdbb767eb57c05420ef8e442;hb=ed3994ccb1acf88c350acf1b9b2c5cd5dafe5fcd;hpb=904c8cbfbcaf18c21e19f58d81adff6b8b271e9f diff --git a/eventos/views.py b/eventos/views.py index a470952..de4dbc0 100644 --- a/eventos/views.py +++ b/eventos/views.py @@ -15,13 +15,33 @@ # License along with this program; if not, write to the # Free Software Foundation, Inc., 59 Temple Place - Suite 330, # Boston, MA 02111-1307, USA. +from django.conf import settings from django.http import HttpResponseRedirect, HttpResponseForbidden -from django.contrib import auth -from django.contrib.auth.forms import AuthenticationForm -from django.newforms import form_for_instance, form_for_model +from django.contrib.auth import authenticate, login as login_django, \ + logout as logout_django +from django.contrib.auth.models import User, Group +from django.forms import HiddenInput, ModelForm from django.shortcuts import render_to_response, get_object_or_404 from django.template import RequestContext, Context, loader -from eventos.models import Palestrante, Trabalho +from eventos.models import Palestrante, Trabalho, TipoTrabalho, Trilha, Evento, Improve +from eventos.forms import RegisterSpeaker +from django.db.models import Q + +forbidden = \ + HttpResponseForbidden('

You are not allowed to do this action.

') + +class SpeakerForm(ModelForm): + class Meta: + model = Palestrante + exclude = ('usuario',) + +class TalkForm(ModelForm): + class Meta: + model = Trabalho + +class ImproveForm(ModelForm): + class Meta: + model = Improve def login(request): """This is a function that will be used as a front-end to the @@ -31,13 +51,13 @@ def login(request): If login is successful, user will be redirected to the referer address, otherwise will be redirected to /?login_failed. """ - errors = {} - manipulator = AuthenticationForm(request) - if request.POST: - errors = manipulator.get_validation_errors(request.POST) - got_user = manipulator.get_user() - if got_user: - auth.login(request, got_user) + username = request.POST['username'] + password = request.POST['password'] + user = authenticate(username=username, password=password) + + if user is not None: + if user.is_active: + login_django(request, user) try: request.session.delete_test_cookie() except KeyError: @@ -45,6 +65,8 @@ def login(request): return HttpResponseRedirect('/') else: return HttpResponseRedirect('/?login_failed') + else: + return HttpResponseRedirect('/?login_failed') request.session.set_test_cookie() return HttpResponseRedirect(request.META.get('HTTP_REFERER', '/')) @@ -53,48 +75,119 @@ def logout(request): """Simple front-end to django's logout stuff. This function should be mapped to an url and simply called without any parameter. """ - auth.logout(request) + logout_django(request) return HttpResponseRedirect('/') -def lecturer_details(request, lid): +def speaker_add(request): + """Adds a new speaker to the system. + """ + uform = RegisterSpeaker(request.POST or None) + + form = SpeakerForm(request.POST or None) + + if request.POST and form.is_valid() and uform.is_valid(): + cd = uform.cleaned_data + group = Group.objects.get_or_create(name='palestrantes')[0] + + # creating the user that will be set as the user of the + # speaker. + user = User(username=cd['username']) + user.set_password(cd['password1']) + user.is_active = True + user.save() + user.groups.add(group) + + # this commit=False is to avoid IntegritErrors, because at + # this point, the speaker doesn't have an user associated + # with it. + instance = form.save(commit=False) + instance.usuario = user + instance.save() + return HttpResponseRedirect('/') + + c = {'form': form, 'uform': uform} + return render_to_response('eventos/speaker-add.html', Context(c), + context_instance=RequestContext(request)) + +def speaker_details(request, lid): """Shows a simple form containing all editable fields of a - lecturer and gives the lecturer the possibility to save them =) + speaker and gives the speaker the possibility to save them =) """ + if not hasattr(request.user, 'palestrante_set'): + return forbidden + entity = request.user.palestrante_set.get() - # avoiding problems if some other user tries to edit the lecturer - # info. if entity.id != int(lid): - return HttpResponseForbidden('

You are not ' - 'allowed to edit ' - 'this info.

') + return forbidden - FormKlass = form_for_instance(entity) - del FormKlass.base_fields['usuario'] + form = SpeakerForm(request.POST or None, instance=entity) - form = FormKlass(request.POST or None) if request.POST and form.is_valid(): form.save() c = {'form': form} - return render_to_response('eventos/lecturer-details.html', Context(c), + return render_to_response('eventos/speaker-details.html', Context(c), context_instance=RequestContext(request)) -def lecturer_talks(request, lid): - """Lists all talks of a lecturer (based on lecturer id -- lid +def speaker_talks(request, lid): + """Lists all talks of a speaker (based on speaker id -- lid parameter). """ - lecturer = get_object_or_404(Palestrante, pk=lid) - talks = Trabalho.objects.filter(palestrante=lecturer) - c = {'lecturer': lecturer, 'talks': talks} + if not hasattr(request.user, 'palestrante_set'): + return forbidden + + entity = request.user.palestrante_set.get() + if entity.id != int(lid): + return forbidden + + talks = Trabalho.objects.filter( + Q(palestrante=entity) | Q(outros_palestrantes=entity) ) + + c = {'speaker': entity, 'talks': talks} return render_to_response('eventos/talk-list.html', Context(c), context_instance=RequestContext(request)) def talk_details(request, tid): """Shows a form to edit a talk """ + # If the user is not a speaker we should not try to show anything. + if not hasattr(request.user, 'palestrante_set'): + return forbidden + + # Selected in settings.py (SITE_ID) variable, because an event can + # be linked with only one site. + event = Evento.objects.get(site__id__exact=settings.SITE_ID) + + # building the form entity = get_object_or_404(Trabalho, pk=tid) - FormKlass = form_for_instance(entity) - form = FormKlass(request.POST or None) + form = TalkForm(request.POST or None, instance=entity) + + # These fields should not be shown to the user. + form.fields['palestrante'].widget = HiddenInput() + form.fields['evento'].widget = HiddenInput() + + # These fields are event specific + trilhas = Trilha.objects.filter(evento=event) + form.fields['trilha']._set_queryset(trilhas) + + tipos = TipoTrabalho.objects.filter(evento=event) + form.fields['tipo']._set_queryset(tipos) + + # hidding the owner in the other speakers list + other = Palestrante.objects.exclude(pk=entity.id) + form.fields['outros_palestrantes']._set_queryset(other) + if other.count() == 0: + # I need set the value to '', otherwise the wise django + # newforms will fill the field with the invalid string '[]' + form.fields['outros_palestrantes'].initial = '' + form.fields['outros_palestrantes'].widget = HiddenInput() + + # avoiding smart people trying to se talks of other speakers. + speaker = request.user.palestrante_set.get() + if speaker.id != entity.palestrante.id \ + and speaker not in entity.outros_palestrantes.all(): + return forbidden + if request.POST and form.is_valid(): form.save() @@ -105,33 +198,101 @@ def talk_details(request, tid): def talk_delete(request, tid): """Drops a talk but only if the logged in user is its owner. """ - entity = get_object_or_404(Trabalho, pk=tid) - palestrante = request.user.palestrante_set.get() - owner = Trabalho.objects.filter(pk=tid, palestrante=palestrante) - if not owner: - return HttpResponseForbidden('

You are not ' - 'allowed to edit ' - 'this info.

') - entity.delete() - return HttpResponseRedirect('/lecturer/%d/talks/' % palestrante.id) + if not hasattr(request.user, 'palestrante_set'): + return forbidden + + entity = request.user.palestrante_set.get() + talk = Trabalho.objects.filter(pk=tid, palestrante=entity) + if not talk: + return forbidden + + talk.delete() + return HttpResponseRedirect('/speaker/%d/talks/' % entity.id) def talk_add(request): - """Shows a form to the lecturer send a talk + """Shows a form to the speaker send a talk """ - palestrante = request.user.palestrante_set.get() - FormKlass = form_for_model(Trabalho) - form = FormKlass(request.POST or None) + if not hasattr(request.user, 'palestrante_set'): + return forbidden - other = Palestrante.objects.exclude(pk=palestrante.id) - form.fields['palestrante'].label = u'Outros Palestrantes' - form.fields['palestrante'].required = False - form.fields['palestrante']._set_queryset(other) + # building the form + form = TalkForm(request.POST or None) + + # These fields should not be shown to the user. + + # Selected in settings.py (SITE_ID) variable, because an event can + # be linked with only one site. + entity = request.user.palestrante_set.get() + form.fields['palestrante'].widget = HiddenInput(attrs={'value' : entity.id}) + + event = Evento.objects.get(site__id__exact=settings.SITE_ID) + form.fields['evento'].widget = HiddenInput(attrs={'value' : event.id}) + + # These fields are event specific + trilhas = Trilha.objects.filter(evento=event) + form.fields['trilha']._set_queryset(trilhas) + + tipos = TipoTrabalho.objects.filter(evento=event) + form.fields['tipo']._set_queryset(tipos) + + # hidding the owner in the other speakers list + other = Palestrante.objects.exclude(pk=entity.id) + form.fields['outros_palestrantes']._set_queryset(other) + if other.count() == 0: + form.fields['outros_palestrantes'].widget = HiddenInput() if request.POST and form.is_valid(): + # validation + cleaned = form.cleaned_data + if cleaned['tipo'].evento.id != event.id: + return forbidden + + if cleaned['trilha'].evento.id != event.id: + return forbidden + instance = form.save() - instance.palestrante.add(palestrante) - return HttpResponseRedirect('/lecturer/%d/talks/' % palestrante.id) + return HttpResponseRedirect('/speaker/%d/talks/' % entity.id) c = {'form': form} return render_to_response('eventos/talk-add.html', Context(c), context_instance=RequestContext(request)) + +def list_all_talks(request): + event = Evento.objects.get(site__id__exact=settings.SITE_ID) + trilhas = Trilha.objects.filter(evento=event) + + improve = [] + for t in trilhas: + talks = Trabalho.objects.filter(trilha=t) + aux = {'trilha':t.nome, 'talks':talks} + improve.append(aux) + + c = {'improve': improve,} + return render_to_response('eventos/improve.html', Context(c), + context_instance=RequestContext(request)) + +def talk_improve(request, tid): + if not request.user: + return forbidden + + talk = get_object_or_404(Trabalho, pk=tid) + improve = Improve.objects.filter(trabalho=talk) + + # building the form + form = ImproveForm(request.POST or None) + form.fields['trabalho'].widget = HiddenInput(attrs={'value':talk.id}) + form.fields['usuario'].widget = HiddenInput(attrs={'value':request.user.id}) + + if request.POST and form.is_valid(): + event = Evento.objects.get(site__id__exact=settings.SITE_ID) + # validation + cleaned = form.cleaned_data + if cleaned['trabalho'].evento.id != event.id: + return forbidden + + instance = form.save() + return HttpResponseRedirect('/improve/%d/' % talk.id) + + c = {'talk': talk, 'form': form, 'improve': improve} + return render_to_response('eventos/talk_improve.html', Context(c), + context_instance=RequestContext(request))