diff options
Diffstat (limited to 'webapp/django/contrib/comments')
-rw-r--r-- | webapp/django/contrib/comments/__init__.py | 0 | ||||
-rw-r--r-- | webapp/django/contrib/comments/admin.py | 30 | ||||
-rw-r--r-- | webapp/django/contrib/comments/feeds.py | 44 | ||||
-rw-r--r-- | webapp/django/contrib/comments/models.py | 286 | ||||
-rw-r--r-- | webapp/django/contrib/comments/templates/comments/form.html | 38 | ||||
-rw-r--r-- | webapp/django/contrib/comments/templates/comments/freeform.html | 13 | ||||
-rw-r--r-- | webapp/django/contrib/comments/templatetags/__init__.py | 0 | ||||
-rw-r--r-- | webapp/django/contrib/comments/templatetags/comments.py | 332 | ||||
-rw-r--r-- | webapp/django/contrib/comments/tests.py | 13 | ||||
-rw-r--r-- | webapp/django/contrib/comments/urls/__init__.py | 0 | ||||
-rw-r--r-- | webapp/django/contrib/comments/urls/comments.py | 12 | ||||
-rw-r--r-- | webapp/django/contrib/comments/views/__init__.py | 0 | ||||
-rw-r--r-- | webapp/django/contrib/comments/views/comments.py | 393 | ||||
-rw-r--r-- | webapp/django/contrib/comments/views/karma.py | 32 | ||||
-rw-r--r-- | webapp/django/contrib/comments/views/userflags.py | 62 |
15 files changed, 1255 insertions, 0 deletions
diff --git a/webapp/django/contrib/comments/__init__.py b/webapp/django/contrib/comments/__init__.py new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/webapp/django/contrib/comments/__init__.py diff --git a/webapp/django/contrib/comments/admin.py b/webapp/django/contrib/comments/admin.py new file mode 100644 index 0000000000..81ecc699c7 --- /dev/null +++ b/webapp/django/contrib/comments/admin.py @@ -0,0 +1,30 @@ +from django.contrib import admin +from django.contrib.comments.models import Comment, FreeComment + + +class CommentAdmin(admin.ModelAdmin): + fieldsets = ( + (None, {'fields': ('content_type', 'object_id', 'site')}), + ('Content', {'fields': ('user', 'headline', 'comment')}), + ('Ratings', {'fields': ('rating1', 'rating2', 'rating3', 'rating4', 'rating5', 'rating6', 'rating7', 'rating8', 'valid_rating')}), + ('Meta', {'fields': ('is_public', 'is_removed', 'ip_address')}), + ) + list_display = ('user', 'submit_date', 'content_type', 'get_content_object') + list_filter = ('submit_date',) + date_hierarchy = 'submit_date' + search_fields = ('comment', 'user__username') + raw_id_fields = ('user',) + +class FreeCommentAdmin(admin.ModelAdmin): + fieldsets = ( + (None, {'fields': ('content_type', 'object_id', 'site')}), + ('Content', {'fields': ('person_name', 'comment')}), + ('Meta', {'fields': ('is_public', 'ip_address', 'approved')}), + ) + list_display = ('person_name', 'submit_date', 'content_type', 'get_content_object') + list_filter = ('submit_date',) + date_hierarchy = 'submit_date' + search_fields = ('comment', 'person_name') + +admin.site.register(Comment, CommentAdmin) +admin.site.register(FreeComment, FreeCommentAdmin)
\ No newline at end of file diff --git a/webapp/django/contrib/comments/feeds.py b/webapp/django/contrib/comments/feeds.py new file mode 100644 index 0000000000..901254f3c4 --- /dev/null +++ b/webapp/django/contrib/comments/feeds.py @@ -0,0 +1,44 @@ +from django.conf import settings +from django.contrib.comments.models import Comment, FreeComment +from django.contrib.syndication.feeds import Feed +from django.contrib.sites.models import Site + +class LatestFreeCommentsFeed(Feed): + """Feed of latest free comments on the current site.""" + + comments_class = FreeComment + + def title(self): + if not hasattr(self, '_site'): + self._site = Site.objects.get_current() + return u"%s comments" % self._site.name + + def link(self): + if not hasattr(self, '_site'): + self._site = Site.objects.get_current() + return "http://%s/" % (self._site.domain) + + def description(self): + if not hasattr(self, '_site'): + self._site = Site.objects.get_current() + return u"Latest comments on %s" % self._site.name + + def get_query_set(self): + return self.comments_class.objects.filter(site__pk=settings.SITE_ID, is_public=True) + + def items(self): + return self.get_query_set()[:40] + +class LatestCommentsFeed(LatestFreeCommentsFeed): + """Feed of latest comments on the current site.""" + + comments_class = Comment + + def get_query_set(self): + qs = super(LatestCommentsFeed, self).get_query_set() + qs = qs.filter(is_removed=False) + if settings.COMMENTS_BANNED_USERS_GROUP: + where = ['user_id NOT IN (SELECT user_id FROM auth_users_group WHERE group_id = %s)'] + params = [settings.COMMENTS_BANNED_USERS_GROUP] + qs = qs.extra(where=where, params=params) + return qs diff --git a/webapp/django/contrib/comments/models.py b/webapp/django/contrib/comments/models.py new file mode 100644 index 0000000000..fdf34c8997 --- /dev/null +++ b/webapp/django/contrib/comments/models.py @@ -0,0 +1,286 @@ +import datetime + +from django.db import models +from django.contrib.contenttypes.models import ContentType +from django.contrib.sites.models import Site +from django.contrib.auth.models import User +from django.utils.translation import ugettext_lazy as _ +from django.conf import settings + +MIN_PHOTO_DIMENSION = 5 +MAX_PHOTO_DIMENSION = 1000 + +# Option codes for comment-form hidden fields. +PHOTOS_REQUIRED = 'pr' +PHOTOS_OPTIONAL = 'pa' +RATINGS_REQUIRED = 'rr' +RATINGS_OPTIONAL = 'ra' +IS_PUBLIC = 'ip' + +# What users get if they don't have any karma. +DEFAULT_KARMA = 5 +KARMA_NEEDED_BEFORE_DISPLAYED = 3 + + +class CommentManager(models.Manager): + def get_security_hash(self, options, photo_options, rating_options, target): + """ + Returns the MD5 hash of the given options (a comma-separated string such as + 'pa,ra') and target (something like 'lcom.eventtimes:5157'). Used to + validate that submitted form options have not been tampered-with. + """ + from django.utils.hashcompat import md5_constructor + return md5_constructor(options + photo_options + rating_options + target + settings.SECRET_KEY).hexdigest() + + def get_rating_options(self, rating_string): + """ + Given a rating_string, this returns a tuple of (rating_range, options). + >>> s = "scale:1-10|First_category|Second_category" + >>> Comment.objects.get_rating_options(s) + ([1, 2, 3, 4, 5, 6, 7, 8, 9, 10], ['First category', 'Second category']) + """ + rating_range, options = rating_string.split('|', 1) + rating_range = range(int(rating_range[6:].split('-')[0]), int(rating_range[6:].split('-')[1])+1) + choices = [c.replace('_', ' ') for c in options.split('|')] + return rating_range, choices + + def get_list_with_karma(self, **kwargs): + """ + Returns a list of Comment objects matching the given lookup terms, with + _karma_total_good and _karma_total_bad filled. + """ + extra_kwargs = {} + extra_kwargs.setdefault('select', {}) + extra_kwargs['select']['_karma_total_good'] = 'SELECT COUNT(*) FROM comments_karmascore, comments_comment WHERE comments_karmascore.comment_id=comments_comment.id AND score=1' + extra_kwargs['select']['_karma_total_bad'] = 'SELECT COUNT(*) FROM comments_karmascore, comments_comment WHERE comments_karmascore.comment_id=comments_comment.id AND score=-1' + return self.filter(**kwargs).extra(**extra_kwargs) + + def user_is_moderator(self, user): + if user.is_superuser: + return True + for g in user.groups.all(): + if g.id == settings.COMMENTS_MODERATORS_GROUP: + return True + return False + + +class Comment(models.Model): + """A comment by a registered user.""" + user = models.ForeignKey(User) + content_type = models.ForeignKey(ContentType) + object_id = models.IntegerField(_('object ID')) + headline = models.CharField(_('headline'), max_length=255, blank=True) + comment = models.TextField(_('comment'), max_length=3000) + rating1 = models.PositiveSmallIntegerField(_('rating #1'), blank=True, null=True) + rating2 = models.PositiveSmallIntegerField(_('rating #2'), blank=True, null=True) + rating3 = models.PositiveSmallIntegerField(_('rating #3'), blank=True, null=True) + rating4 = models.PositiveSmallIntegerField(_('rating #4'), blank=True, null=True) + rating5 = models.PositiveSmallIntegerField(_('rating #5'), blank=True, null=True) + rating6 = models.PositiveSmallIntegerField(_('rating #6'), blank=True, null=True) + rating7 = models.PositiveSmallIntegerField(_('rating #7'), blank=True, null=True) + rating8 = models.PositiveSmallIntegerField(_('rating #8'), blank=True, null=True) + # This field designates whether to use this row's ratings in aggregate + # functions (summaries). We need this because people are allowed to post + # multiple reviews on the same thing, but the system will only use the + # latest one (with valid_rating=True) in tallying the reviews. + valid_rating = models.BooleanField(_('is valid rating')) + submit_date = models.DateTimeField(_('date/time submitted'), auto_now_add=True) + is_public = models.BooleanField(_('is public')) + ip_address = models.IPAddressField(_('IP address'), blank=True, null=True) + is_removed = models.BooleanField(_('is removed'), help_text=_('Check this box if the comment is inappropriate. A "This comment has been removed" message will be displayed instead.')) + site = models.ForeignKey(Site) + objects = CommentManager() + + class Meta: + verbose_name = _('comment') + verbose_name_plural = _('comments') + ordering = ('-submit_date',) + + def __unicode__(self): + return "%s: %s..." % (self.user.username, self.comment[:100]) + + def get_absolute_url(self): + try: + return self.get_content_object().get_absolute_url() + "#c" + str(self.id) + except AttributeError: + return "" + + def get_crossdomain_url(self): + return "/r/%d/%d/" % (self.content_type_id, self.object_id) + + def get_flag_url(self): + return "/comments/flag/%s/" % self.id + + def get_deletion_url(self): + return "/comments/delete/%s/" % self.id + + def get_content_object(self): + """ + Returns the object that this comment is a comment on. Returns None if + the object no longer exists. + """ + from django.core.exceptions import ObjectDoesNotExist + try: + return self.content_type.get_object_for_this_type(pk=self.object_id) + except ObjectDoesNotExist: + return None + + get_content_object.short_description = _('Content object') + + def _fill_karma_cache(self): + """Helper function that populates good/bad karma caches.""" + good, bad = 0, 0 + for k in self.karmascore_set: + if k.score == -1: + bad +=1 + elif k.score == 1: + good +=1 + self._karma_total_good, self._karma_total_bad = good, bad + + def get_good_karma_total(self): + if not hasattr(self, "_karma_total_good"): + self._fill_karma_cache() + return self._karma_total_good + + def get_bad_karma_total(self): + if not hasattr(self, "_karma_total_bad"): + self._fill_karma_cache() + return self._karma_total_bad + + def get_karma_total(self): + if not hasattr(self, "_karma_total_good") or not hasattr(self, "_karma_total_bad"): + self._fill_karma_cache() + return self._karma_total_good + self._karma_total_bad + + def get_as_text(self): + return _('Posted by %(user)s at %(date)s\n\n%(comment)s\n\nhttp://%(domain)s%(url)s') % \ + {'user': self.user.username, 'date': self.submit_date, + 'comment': self.comment, 'domain': self.site.domain, 'url': self.get_absolute_url()} + + +class FreeComment(models.Model): + """A comment by a non-registered user.""" + content_type = models.ForeignKey(ContentType) + object_id = models.IntegerField(_('object ID')) + comment = models.TextField(_('comment'), max_length=3000) + person_name = models.CharField(_("person's name"), max_length=50) + submit_date = models.DateTimeField(_('date/time submitted'), auto_now_add=True) + is_public = models.BooleanField(_('is public')) + ip_address = models.IPAddressField(_('ip address')) + # TODO: Change this to is_removed, like Comment + approved = models.BooleanField(_('approved by staff')) + site = models.ForeignKey(Site) + + class Meta: + verbose_name = _('free comment') + verbose_name_plural = _('free comments') + ordering = ('-submit_date',) + + def __unicode__(self): + return "%s: %s..." % (self.person_name, self.comment[:100]) + + def get_absolute_url(self): + try: + return self.get_content_object().get_absolute_url() + "#c" + str(self.id) + except AttributeError: + return "" + + def get_content_object(self): + """ + Returns the object that this comment is a comment on. Returns None if + the object no longer exists. + """ + from django.core.exceptions import ObjectDoesNotExist + try: + return self.content_type.get_object_for_this_type(pk=self.object_id) + except ObjectDoesNotExist: + return None + + get_content_object.short_description = _('Content object') + + +class KarmaScoreManager(models.Manager): + def vote(self, user_id, comment_id, score): + try: + karma = self.get(comment__pk=comment_id, user__pk=user_id) + except self.model.DoesNotExist: + karma = self.model(None, user_id=user_id, comment_id=comment_id, score=score, scored_date=datetime.datetime.now()) + karma.save() + else: + karma.score = score + karma.scored_date = datetime.datetime.now() + karma.save() + + def get_pretty_score(self, score): + """ + Given a score between -1 and 1 (inclusive), returns the same score on a + scale between 1 and 10 (inclusive), as an integer. + """ + if score is None: + return DEFAULT_KARMA + return int(round((4.5 * score) + 5.5)) + + +class KarmaScore(models.Model): + user = models.ForeignKey(User) + comment = models.ForeignKey(Comment) + score = models.SmallIntegerField(_('score'), db_index=True) + scored_date = models.DateTimeField(_('score date'), auto_now=True) + objects = KarmaScoreManager() + + class Meta: + verbose_name = _('karma score') + verbose_name_plural = _('karma scores') + unique_together = (('user', 'comment'),) + + def __unicode__(self): + return _("%(score)d rating by %(user)s") % {'score': self.score, 'user': self.user} + + +class UserFlagManager(models.Manager): + def flag(self, comment, user): + """ + Flags the given comment by the given user. If the comment has already + been flagged by the user, or it was a comment posted by the user, + nothing happens. + """ + if int(comment.user_id) == int(user.id): + return # A user can't flag his own comment. Fail silently. + try: + f = self.get(user__pk=user.id, comment__pk=comment.id) + except self.model.DoesNotExist: + from django.core.mail import mail_managers + f = self.model(None, user.id, comment.id, None) + message = _('This comment was flagged by %(user)s:\n\n%(text)s') % {'user': user.username, 'text': comment.get_as_text()} + mail_managers('Comment flagged', message, fail_silently=True) + f.save() + + +class UserFlag(models.Model): + user = models.ForeignKey(User) + comment = models.ForeignKey(Comment) + flag_date = models.DateTimeField(_('flag date'), auto_now_add=True) + objects = UserFlagManager() + + class Meta: + verbose_name = _('user flag') + verbose_name_plural = _('user flags') + unique_together = (('user', 'comment'),) + + def __unicode__(self): + return _("Flag by %r") % self.user + + +class ModeratorDeletion(models.Model): + user = models.ForeignKey(User, verbose_name='moderator') + comment = models.ForeignKey(Comment) + deletion_date = models.DateTimeField(_('deletion date'), auto_now_add=True) + + class Meta: + verbose_name = _('moderator deletion') + verbose_name_plural = _('moderator deletions') + unique_together = (('user', 'comment'),) + + def __unicode__(self): + return _("Moderator deletion by %r") % self.user +
\ No newline at end of file diff --git a/webapp/django/contrib/comments/templates/comments/form.html b/webapp/django/contrib/comments/templates/comments/form.html new file mode 100644 index 0000000000..11eaa8d00d --- /dev/null +++ b/webapp/django/contrib/comments/templates/comments/form.html @@ -0,0 +1,38 @@ +{% load i18n %} +{% if display_form %} +<form {% if photos_optional or photos_required %}enctype="multipart/form-data" {% endif %}action="/comments/post/" method="post"> + +{% if user.is_authenticated %} +<p>{% trans "Username:" %} <strong>{{ user.username }}</strong> (<a href="{{ logout_url }}">{% trans "Log out" %}</a>)</p> +{% else %} +<p><label for="id_username">{% trans "Username:" %}</label> <input type="text" name="username" id="id_username" /><br />{% trans "Password:" %} <input type="password" name="password" id="id_password" /> (<a href="/accounts/password_reset/">{% trans "Forgotten your password?" %}</a>)</p> +{% endif %} + +{% if ratings_optional or ratings_required %} +<p>{% trans "Ratings" %} ({% if ratings_required %}{% trans "Required" %}{% else %}{% trans "Optional" %}{% endif %}):</p> +<table> +<tr><th> </th>{% for value in rating_range %}<th>{{ value }}</th>{% endfor %}</tr> +{% for rating in rating_choices %} +<tr><th>{{ rating }}</th>{% for value in rating_range %}<th><input type="radio" name="rating{{ forloop.parentloop.counter }}" value="{{ value }}" /></th>{% endfor %}</tr> +{% endfor %} +</table> +<input type="hidden" name="rating_options" value="{{ rating_options }}" /> +{% endif %} + +{% if photos_optional or photos_required %} +<p><label for="id_photo">{% trans "Post a photo" %}</label> ({% if photos_required %}{% trans "Required" %}{% else %}{% trans "Optional" %}{% endif %}): +<input type="file" name="photo" id="id_photo" /></p> +<input type="hidden" name="photo_options" value="{{ photo_options }}" /> +{% endif %} + +<p><label for="id_comment">{% trans "Comment:" %}</label><br /> +<textarea name="comment" id="id_comment" rows="10" cols="60"></textarea></p> + +<p> +<input type="hidden" name="options" value="{{ options }}" /> +<input type="hidden" name="target" value="{{ target }}" /> +<input type="hidden" name="gonzo" value="{{ hash }}" /> +<input type="submit" name="preview" value="{% trans "Preview comment" %}" /> +</p> +</form> +{% endif %} diff --git a/webapp/django/contrib/comments/templates/comments/freeform.html b/webapp/django/contrib/comments/templates/comments/freeform.html new file mode 100644 index 0000000000..f0d00b91c7 --- /dev/null +++ b/webapp/django/contrib/comments/templates/comments/freeform.html @@ -0,0 +1,13 @@ +{% load i18n %} +{% if display_form %} +<form action="/comments/postfree/" method="post"> +<p><label for="id_person_name">{% trans "Your name:" %}</label> <input type="text" id="id_person_name" name="person_name" /></p> +<p><label for="id_comment">{% trans "Comment:" %}</label><br /><textarea name="comment" id="id_comment" rows="10" cols="60"></textarea></p> +<p> +<input type="hidden" name="options" value="{{ options }}" /> +<input type="hidden" name="target" value="{{ target }}" /> +<input type="hidden" name="gonzo" value="{{ hash }}" /> +<input type="submit" name="preview" value="{% trans "Preview comment" %}" /> +</p> +</form> +{% endif %} diff --git a/webapp/django/contrib/comments/templatetags/__init__.py b/webapp/django/contrib/comments/templatetags/__init__.py new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/webapp/django/contrib/comments/templatetags/__init__.py diff --git a/webapp/django/contrib/comments/templatetags/comments.py b/webapp/django/contrib/comments/templatetags/comments.py new file mode 100644 index 0000000000..959cec4c7f --- /dev/null +++ b/webapp/django/contrib/comments/templatetags/comments.py @@ -0,0 +1,332 @@ +from django.contrib.comments.models import Comment, FreeComment +from django.contrib.comments.models import PHOTOS_REQUIRED, PHOTOS_OPTIONAL, RATINGS_REQUIRED, RATINGS_OPTIONAL, IS_PUBLIC +from django.contrib.comments.models import MIN_PHOTO_DIMENSION, MAX_PHOTO_DIMENSION +from django import template +from django.template import loader +from django.core.exceptions import ObjectDoesNotExist +from django.contrib.contenttypes.models import ContentType +from django.utils.encoding import smart_str +import re + +register = template.Library() + +COMMENT_FORM = 'comments/form.html' +FREE_COMMENT_FORM = 'comments/freeform.html' + +class CommentFormNode(template.Node): + def __init__(self, content_type, obj_id_lookup_var, obj_id, free, + photos_optional=False, photos_required=False, photo_options='', + ratings_optional=False, ratings_required=False, rating_options='', + is_public=True): + self.content_type = content_type + if obj_id_lookup_var is not None: + obj_id_lookup_var = template.Variable(obj_id_lookup_var) + self.obj_id_lookup_var, self.obj_id, self.free = obj_id_lookup_var, obj_id, free + self.photos_optional, self.photos_required = photos_optional, photos_required + self.ratings_optional, self.ratings_required = ratings_optional, ratings_required + self.photo_options, self.rating_options = photo_options, rating_options + self.is_public = is_public + + def render(self, context): + from django.conf import settings + from django.utils.text import normalize_newlines + import base64 + context.push() + if self.obj_id_lookup_var is not None: + try: + self.obj_id = self.obj_id_lookup_var.resolve(context) + except template.VariableDoesNotExist: + return '' + # Validate that this object ID is valid for this content-type. + # We only have to do this validation if obj_id_lookup_var is provided, + # because do_comment_form() validates hard-coded object IDs. + try: + self.content_type.get_object_for_this_type(pk=self.obj_id) + except ObjectDoesNotExist: + context['display_form'] = False + else: + context['display_form'] = True + else: + context['display_form'] = True + context['target'] = '%s:%s' % (self.content_type.id, self.obj_id) + options = [] + for var, abbr in (('photos_required', PHOTOS_REQUIRED), + ('photos_optional', PHOTOS_OPTIONAL), + ('ratings_required', RATINGS_REQUIRED), + ('ratings_optional', RATINGS_OPTIONAL), + ('is_public', IS_PUBLIC)): + context[var] = getattr(self, var) + if getattr(self, var): + options.append(abbr) + context['options'] = ','.join(options) + if self.free: + context['hash'] = Comment.objects.get_security_hash(context['options'], '', '', context['target']) + default_form = loader.get_template(FREE_COMMENT_FORM) + else: + context['photo_options'] = self.photo_options + context['rating_options'] = normalize_newlines(base64.encodestring(self.rating_options).strip()) + if self.rating_options: + context['rating_range'], context['rating_choices'] = Comment.objects.get_rating_options(self.rating_options) + context['hash'] = Comment.objects.get_security_hash(context['options'], context['photo_options'], context['rating_options'], context['target']) + context['logout_url'] = settings.LOGOUT_URL + default_form = loader.get_template(COMMENT_FORM) + output = default_form.render(context) + context.pop() + return output + +class CommentCountNode(template.Node): + def __init__(self, package, module, context_var_name, obj_id, var_name, free): + self.package, self.module = package, module + if context_var_name is not None: + context_var_name = template.Variable(context_var_name) + self.context_var_name, self.obj_id = context_var_name, obj_id + self.var_name, self.free = var_name, free + + def render(self, context): + from django.conf import settings + manager = self.free and FreeComment.objects or Comment.objects + if self.context_var_name is not None: + self.obj_id = self.context_var_name.resolve(context) + comment_count = manager.filter(object_id__exact=self.obj_id, + content_type__app_label__exact=self.package, + content_type__model__exact=self.module, site__id__exact=settings.SITE_ID).count() + context[self.var_name] = comment_count + return '' + +class CommentListNode(template.Node): + def __init__(self, package, module, context_var_name, obj_id, var_name, free, ordering, extra_kwargs=None): + self.package, self.module = package, module + if context_var_name is not None: + context_var_name = template.Variable(context_var_name) + self.context_var_name, self.obj_id = context_var_name, obj_id + self.var_name, self.free = var_name, free + self.ordering = ordering + self.extra_kwargs = extra_kwargs or {} + + def render(self, context): + from django.conf import settings + get_list_function = self.free and FreeComment.objects.filter or Comment.objects.get_list_with_karma + if self.context_var_name is not None: + try: + self.obj_id = self.context_var_name.resolve(context) + except template.VariableDoesNotExist: + return '' + kwargs = { + 'object_id__exact': self.obj_id, + 'content_type__app_label__exact': self.package, + 'content_type__model__exact': self.module, + 'site__id__exact': settings.SITE_ID, + } + kwargs.update(self.extra_kwargs) + comment_list = get_list_function(**kwargs).order_by(self.ordering + 'submit_date').select_related() + if not self.free and settings.COMMENTS_BANNED_USERS_GROUP: + comment_list = comment_list.extra(select={'is_hidden': 'user_id IN (SELECT user_id FROM auth_user_groups WHERE group_id = %s)' % settings.COMMENTS_BANNED_USERS_GROUP}) + + if not self.free: + if 'user' in context and context['user'].is_authenticated(): + user_id = context['user'].id + context['user_can_moderate_comments'] = Comment.objects.user_is_moderator(context['user']) + else: + user_id = None + context['user_can_moderate_comments'] = False + # Only display comments by banned users to those users themselves. + if settings.COMMENTS_BANNED_USERS_GROUP: + comment_list = [c for c in comment_list if not c.is_hidden or (user_id == c.user_id)] + + context[self.var_name] = comment_list + return '' + +class DoCommentForm: + """ + Displays a comment form for the given params. + + Syntax:: + + {% comment_form for [pkg].[py_module_name] [context_var_containing_obj_id] with [list of options] %} + + Example usage:: + + {% comment_form for lcom.eventtimes event.id with is_public yes photos_optional thumbs,200,400 ratings_optional scale:1-5|first_option|second_option %} + + ``[context_var_containing_obj_id]`` can be a hard-coded integer or a variable containing the ID. + """ + def __init__(self, free): + self.free = free + + def __call__(self, parser, token): + tokens = token.contents.split() + if len(tokens) < 4: + raise template.TemplateSyntaxError, "%r tag requires at least 3 arguments" % tokens[0] + if tokens[1] != 'for': + raise template.TemplateSyntaxError, "Second argument in %r tag must be 'for'" % tokens[0] + try: + package, module = tokens[2].split('.') + except ValueError: # unpack list of wrong size + raise template.TemplateSyntaxError, "Third argument in %r tag must be in the format 'package.module'" % tokens[0] + try: + content_type = ContentType.objects.get(app_label__exact=package, model__exact=module) + except ContentType.DoesNotExist: + raise template.TemplateSyntaxError, "%r tag has invalid content-type '%s.%s'" % (tokens[0], package, module) + obj_id_lookup_var, obj_id = None, None + if tokens[3].isdigit(): + obj_id = tokens[3] + try: # ensure the object ID is valid + content_type.get_object_for_this_type(pk=obj_id) + except ObjectDoesNotExist: + raise template.TemplateSyntaxError, "%r tag refers to %s object with ID %s, which doesn't exist" % (tokens[0], content_type.name, obj_id) + else: + obj_id_lookup_var = tokens[3] + kwargs = {} + if len(tokens) > 4: + if tokens[4] != 'with': + raise template.TemplateSyntaxError, "Fourth argument in %r tag must be 'with'" % tokens[0] + for option, args in zip(tokens[5::2], tokens[6::2]): + option = smart_str(option) + if option in ('photos_optional', 'photos_required') and not self.free: + # VALIDATION ############################################## + option_list = args.split(',') + if len(option_list) % 3 != 0: + raise template.TemplateSyntaxError, "Incorrect number of comma-separated arguments to %r tag" % tokens[0] + for opt in option_list[::3]: + if not opt.isalnum(): + raise template.TemplateSyntaxError, "Invalid photo directory name in %r tag: '%s'" % (tokens[0], opt) + for opt in option_list[1::3] + option_list[2::3]: + if not opt.isdigit() or not (MIN_PHOTO_DIMENSION <= int(opt) <= MAX_PHOTO_DIMENSION): + raise template.TemplateSyntaxError, "Invalid photo dimension in %r tag: '%s'. Only values between %s and %s are allowed." % (tokens[0], opt, MIN_PHOTO_DIMENSION, MAX_PHOTO_DIMENSION) + # VALIDATION ENDS ######################################### + kwargs[option] = True + kwargs['photo_options'] = args + elif option in ('ratings_optional', 'ratings_required') and not self.free: + # VALIDATION ############################################## + if 2 < len(args.split('|')) > 9: + raise template.TemplateSyntaxError, "Incorrect number of '%s' options in %r tag. Use between 2 and 8." % (option, tokens[0]) + if re.match('^scale:\d+\-\d+\:$', args.split('|')[0]): + raise template.TemplateSyntaxError, "Invalid 'scale' in %r tag's '%s' options" % (tokens[0], option) + # VALIDATION ENDS ######################################### + kwargs[option] = True + kwargs['rating_options'] = args + elif option in ('is_public'): + kwargs[option] = (args == 'true') + else: + raise template.TemplateSyntaxError, "%r tag got invalid parameter '%s'" % (tokens[0], option) + return CommentFormNode(content_type, obj_id_lookup_var, obj_id, self.free, **kwargs) + +class DoCommentCount: + """ + Gets comment count for the given params and populates the template context + with a variable containing that value, whose name is defined by the 'as' + clause. + + Syntax:: + + {% get_comment_count for [pkg].[py_module_name] [context_var_containing_obj_id] as [varname] %} + + Example usage:: + + {% get_comment_count for lcom.eventtimes event.id as comment_count %} + + Note: ``[context_var_containing_obj_id]`` can also be a hard-coded integer, like this:: + + {% get_comment_count for lcom.eventtimes 23 as comment_count %} + """ + def __init__(self, free): + self.free = free + + def __call__(self, parser, token): + tokens = token.contents.split() + # Now tokens is a list like this: + # ['get_comment_list', 'for', 'lcom.eventtimes', 'event.id', 'as', 'comment_list'] + if len(tokens) != 6: + raise template.TemplateSyntaxError, "%r tag requires 5 arguments" % tokens[0] + if tokens[1] != 'for': + raise template.TemplateSyntaxError, "Second argument in %r tag must be 'for'" % tokens[0] + try: + package, module = tokens[2].split('.') + except ValueError: # unpack list of wrong size + raise template.TemplateSyntaxError, "Third argument in %r tag must be in the format 'package.module'" % tokens[0] + try: + content_type = ContentType.objects.get(app_label__exact=package, model__exact=module) + except ContentType.DoesNotExist: + raise template.TemplateSyntaxError, "%r tag has invalid content-type '%s.%s'" % (tokens[0], package, module) + var_name, obj_id = None, None + if tokens[3].isdigit(): + obj_id = tokens[3] + try: # ensure the object ID is valid + content_type.get_object_for_this_type(pk=obj_id) + except ObjectDoesNotExist: + raise template.TemplateSyntaxError, "%r tag refers to %s object with ID %s, which doesn't exist" % (tokens[0], content_type.name, obj_id) + else: + var_name = tokens[3] + if tokens[4] != 'as': + raise template.TemplateSyntaxError, "Fourth argument in %r must be 'as'" % tokens[0] + return CommentCountNode(package, module, var_name, obj_id, tokens[5], self.free) + +class DoGetCommentList: + """ + Gets comments for the given params and populates the template context with a + special comment_package variable, whose name is defined by the ``as`` + clause. + + Syntax:: + + {% get_comment_list for [pkg].[py_module_name] [context_var_containing_obj_id] as [varname] (reversed) %} + + Example usage:: + + {% get_comment_list for lcom.eventtimes event.id as comment_list %} + + Note: ``[context_var_containing_obj_id]`` can also be a hard-coded integer, like this:: + + {% get_comment_list for lcom.eventtimes 23 as comment_list %} + + To get a list of comments in reverse order -- that is, most recent first -- + pass ``reversed`` as the last param:: + + {% get_comment_list for lcom.eventtimes event.id as comment_list reversed %} + """ + def __init__(self, free): + self.free = free + + def __call__(self, parser, token): + tokens = token.contents.split() + # Now tokens is a list like this: + # ['get_comment_list', 'for', 'lcom.eventtimes', 'event.id', 'as', 'comment_list'] + if not len(tokens) in (6, 7): + raise template.TemplateSyntaxError, "%r tag requires 5 or 6 arguments" % tokens[0] + if tokens[1] != 'for': + raise template.TemplateSyntaxError, "Second argument in %r tag must be 'for'" % tokens[0] + try: + package, module = tokens[2].split('.') + except ValueError: # unpack list of wrong size + raise template.TemplateSyntaxError, "Third argument in %r tag must be in the format 'package.module'" % tokens[0] + try: + content_type = ContentType.objects.get(app_label__exact=package,model__exact=module) + except ContentType.DoesNotExist: + raise template.TemplateSyntaxError, "%r tag has invalid content-type '%s.%s'" % (tokens[0], package, module) + var_name, obj_id = None, None + if tokens[3].isdigit(): + obj_id = tokens[3] + try: # ensure the object ID is valid + content_type.get_object_for_this_type(pk=obj_id) + except ObjectDoesNotExist: + raise template.TemplateSyntaxError, "%r tag refers to %s object with ID %s, which doesn't exist" % (tokens[0], content_type.name, obj_id) + else: + var_name = tokens[3] + if tokens[4] != 'as': + raise template.TemplateSyntaxError, "Fourth argument in %r must be 'as'" % tokens[0] + if len(tokens) == 7: + if tokens[6] != 'reversed': + raise template.TemplateSyntaxError, "Final argument in %r must be 'reversed' if given" % tokens[0] + ordering = "-" + else: + ordering = "" + return CommentListNode(package, module, var_name, obj_id, tokens[5], self.free, ordering) + +# registration comments +register.tag('get_comment_list', DoGetCommentList(False)) +register.tag('comment_form', DoCommentForm(False)) +register.tag('get_comment_count', DoCommentCount(False)) +# free comments +register.tag('get_free_comment_list', DoGetCommentList(True)) +register.tag('free_comment_form', DoCommentForm(True)) +register.tag('get_free_comment_count', DoCommentCount(True)) diff --git a/webapp/django/contrib/comments/tests.py b/webapp/django/contrib/comments/tests.py new file mode 100644 index 0000000000..a8275debf6 --- /dev/null +++ b/webapp/django/contrib/comments/tests.py @@ -0,0 +1,13 @@ +# coding: utf-8 + +r""" +>>> from django.contrib.comments.models import Comment +>>> from django.contrib.auth.models import User +>>> u = User.objects.create_user('commenttestuser', 'commenttest@example.com', 'testpw') +>>> c = Comment(user=u, comment=u'\xe2') +>>> c +<Comment: commenttestuser: â...> +>>> print c +commenttestuser: â... +""" + diff --git a/webapp/django/contrib/comments/urls/__init__.py b/webapp/django/contrib/comments/urls/__init__.py new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/webapp/django/contrib/comments/urls/__init__.py diff --git a/webapp/django/contrib/comments/urls/comments.py b/webapp/django/contrib/comments/urls/comments.py new file mode 100644 index 0000000000..bbb4c435b6 --- /dev/null +++ b/webapp/django/contrib/comments/urls/comments.py @@ -0,0 +1,12 @@ +from django.conf.urls.defaults import * + +urlpatterns = patterns('django.contrib.comments.views', + (r'^post/$', 'comments.post_comment'), + (r'^postfree/$', 'comments.post_free_comment'), + (r'^posted/$', 'comments.comment_was_posted'), + (r'^karma/vote/(?P<comment_id>\d+)/(?P<vote>up|down)/$', 'karma.vote'), + (r'^flag/(?P<comment_id>\d+)/$', 'userflags.flag'), + (r'^flag/(?P<comment_id>\d+)/done/$', 'userflags.flag_done'), + (r'^delete/(?P<comment_id>\d+)/$', 'userflags.delete'), + (r'^delete/(?P<comment_id>\d+)/done/$', 'userflags.delete_done'), +) diff --git a/webapp/django/contrib/comments/views/__init__.py b/webapp/django/contrib/comments/views/__init__.py new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/webapp/django/contrib/comments/views/__init__.py diff --git a/webapp/django/contrib/comments/views/comments.py b/webapp/django/contrib/comments/views/comments.py new file mode 100644 index 0000000000..ba59cbafc9 --- /dev/null +++ b/webapp/django/contrib/comments/views/comments.py @@ -0,0 +1,393 @@ +import base64 +import datetime + +from django.core import validators +from django import oldforms +from django.core.mail import mail_admins, mail_managers +from django.http import Http404 +from django.core.exceptions import ObjectDoesNotExist +from django.shortcuts import render_to_response +from django.template import RequestContext +from django.contrib.comments.models import Comment, FreeComment, RATINGS_REQUIRED, RATINGS_OPTIONAL, IS_PUBLIC +from django.contrib.contenttypes.models import ContentType +from django.contrib.auth import authenticate +from django.http import HttpResponseRedirect +from django.utils.text import normalize_newlines +from django.conf import settings +from django.utils.translation import ungettext, ugettext as _ +from django.utils.encoding import smart_unicode + +COMMENTS_PER_PAGE = 20 + +# TODO: This is a copy of the manipulator-based form that used to live in +# contrib.auth.forms. It should be replaced with the newforms version that +# has now been added to contrib.auth.forms when the comments app gets updated +# for newforms. + +class AuthenticationForm(oldforms.Manipulator): + """ + Base class for authenticating users. Extend this to get a form that accepts + username/password logins. + """ + def __init__(self, request=None): + """ + If request is passed in, the manipulator will validate that cookies are + enabled. Note that the request (a HttpRequest object) must have set a + cookie with the key TEST_COOKIE_NAME and value TEST_COOKIE_VALUE before + running this validator. + """ + self.request = request + self.fields = [ + oldforms.TextField(field_name="username", length=15, max_length=30, is_required=True, + validator_list=[self.isValidUser, self.hasCookiesEnabled]), + oldforms.PasswordField(field_name="password", length=15, max_length=30, is_required=True), + ] + self.user_cache = None + + def hasCookiesEnabled(self, field_data, all_data): + if self.request and not self.request.session.test_cookie_worked(): + raise validators.ValidationError, _("Your Web browser doesn't appear to have cookies enabled. Cookies are required for logging in.") + + def isValidUser(self, field_data, all_data): + username = field_data + password = all_data.get('password', None) + self.user_cache = authenticate(username=username, password=password) + if self.user_cache is None: + raise validators.ValidationError, _("Please enter a correct username and password. Note that both fields are case-sensitive.") + elif not self.user_cache.is_active: + raise validators.ValidationError, _("This account is inactive.") + + def get_user_id(self): + if self.user_cache: + return self.user_cache.id + return None + + def get_user(self): + return self.user_cache + +class PublicCommentManipulator(AuthenticationForm): + "Manipulator that handles public registered comments" + def __init__(self, user, ratings_required, ratings_range, num_rating_choices): + AuthenticationForm.__init__(self) + self.ratings_range, self.num_rating_choices = ratings_range, num_rating_choices + choices = [(c, c) for c in ratings_range] + def get_validator_list(rating_num): + if rating_num <= num_rating_choices: + return [validators.RequiredIfOtherFieldsGiven(['rating%d' % i for i in range(1, 9) if i != rating_num], _("This rating is required because you've entered at least one other rating."))] + else: + return [] + self.fields.extend([ + oldforms.LargeTextField(field_name="comment", max_length=3000, is_required=True, + validator_list=[self.hasNoProfanities]), + oldforms.RadioSelectField(field_name="rating1", choices=choices, + is_required=ratings_required and num_rating_choices > 0, + validator_list=get_validator_list(1), + ), + oldforms.RadioSelectField(field_name="rating2", choices=choices, + is_required=ratings_required and num_rating_choices > 1, + validator_list=get_validator_list(2), + ), + oldforms.RadioSelectField(field_name="rating3", choices=choices, + is_required=ratings_required and num_rating_choices > 2, + validator_list=get_validator_list(3), + ), + oldforms.RadioSelectField(field_name="rating4", choices=choices, + is_required=ratings_required and num_rating_choices > 3, + validator_list=get_validator_list(4), + ), + oldforms.RadioSelectField(field_name="rating5", choices=choices, + is_required=ratings_required and num_rating_choices > 4, + validator_list=get_validator_list(5), + ), + oldforms.RadioSelectField(field_name="rating6", choices=choices, + is_required=ratings_required and num_rating_choices > 5, + validator_list=get_validator_list(6), + ), + oldforms.RadioSelectField(field_name="rating7", choices=choices, + is_required=ratings_required and num_rating_choices > 6, + validator_list=get_validator_list(7), + ), + oldforms.RadioSelectField(field_name="rating8", choices=choices, + is_required=ratings_required and num_rating_choices > 7, + validator_list=get_validator_list(8), + ), + ]) + if user.is_authenticated(): + self["username"].is_required = False + self["username"].validator_list = [] + self["password"].is_required = False + self["password"].validator_list = [] + self.user_cache = user + + def hasNoProfanities(self, field_data, all_data): + if settings.COMMENTS_ALLOW_PROFANITIES: + return + return validators.hasNoProfanities(field_data, all_data) + + def get_comment(self, new_data): + "Helper function" + return Comment(None, self.get_user_id(), new_data["content_type_id"], + new_data["object_id"], new_data.get("headline", "").strip(), + new_data["comment"].strip(), new_data.get("rating1", None), + new_data.get("rating2", None), new_data.get("rating3", None), + new_data.get("rating4", None), new_data.get("rating5", None), + new_data.get("rating6", None), new_data.get("rating7", None), + new_data.get("rating8", None), new_data.get("rating1", None) is not None, + datetime.datetime.now(), new_data["is_public"], new_data["ip_address"], False, settings.SITE_ID) + + def save(self, new_data): + today = datetime.date.today() + c = self.get_comment(new_data) + for old in Comment.objects.filter(content_type__id__exact=new_data["content_type_id"], + object_id__exact=new_data["object_id"], user__id__exact=self.get_user_id()): + # Check that this comment isn't duplicate. (Sometimes people post + # comments twice by mistake.) If it is, fail silently by pretending + # the comment was posted successfully. + if old.submit_date.date() == today and old.comment == c.comment \ + and old.rating1 == c.rating1 and old.rating2 == c.rating2 \ + and old.rating3 == c.rating3 and old.rating4 == c.rating4 \ + and old.rating5 == c.rating5 and old.rating6 == c.rating6 \ + and old.rating7 == c.rating7 and old.rating8 == c.rating8: + return old + # If the user is leaving a rating, invalidate all old ratings. + if c.rating1 is not None: + old.valid_rating = False + old.save() + c.save() + # If the commentor has posted fewer than COMMENTS_FIRST_FEW comments, + # send the comment to the managers. + if self.user_cache.comment_set.count() <= settings.COMMENTS_FIRST_FEW: + message = ungettext('This comment was posted by a user who has posted fewer than %(count)s comment:\n\n%(text)s', + 'This comment was posted by a user who has posted fewer than %(count)s comments:\n\n%(text)s', settings.COMMENTS_FIRST_FEW) % \ + {'count': settings.COMMENTS_FIRST_FEW, 'text': c.get_as_text()} + mail_managers("Comment posted by rookie user", message) + if settings.COMMENTS_SKETCHY_USERS_GROUP and settings.COMMENTS_SKETCHY_USERS_GROUP in [g.id for g in self.user_cache.groups.all()]: + message = _('This comment was posted by a sketchy user:\n\n%(text)s') % {'text': c.get_as_text()} + mail_managers("Comment posted by sketchy user (%s)" % self.user_cache.username, c.get_as_text()) + return c + +class PublicFreeCommentManipulator(oldforms.Manipulator): + "Manipulator that handles public free (unregistered) comments" + def __init__(self): + self.fields = ( + oldforms.TextField(field_name="person_name", max_length=50, is_required=True, + validator_list=[self.hasNoProfanities]), + oldforms.LargeTextField(field_name="comment", max_length=3000, is_required=True, + validator_list=[self.hasNoProfanities]), + ) + + def hasNoProfanities(self, field_data, all_data): + if settings.COMMENTS_ALLOW_PROFANITIES: + return + return validators.hasNoProfanities(field_data, all_data) + + def get_comment(self, new_data): + "Helper function" + return FreeComment(None, new_data["content_type_id"], + new_data["object_id"], new_data["comment"].strip(), + new_data["person_name"].strip(), datetime.datetime.now(), new_data["is_public"], + new_data["ip_address"], False, settings.SITE_ID) + + def save(self, new_data): + today = datetime.date.today() + c = self.get_comment(new_data) + # Check that this comment isn't duplicate. (Sometimes people post + # comments twice by mistake.) If it is, fail silently by pretending + # the comment was posted successfully. + for old_comment in FreeComment.objects.filter(content_type__id__exact=new_data["content_type_id"], + object_id__exact=new_data["object_id"], person_name__exact=new_data["person_name"], + submit_date__year=today.year, submit_date__month=today.month, + submit_date__day=today.day): + if old_comment.comment == c.comment: + return old_comment + c.save() + return c + +def post_comment(request, extra_context=None, context_processors=None): + """ + Post a comment + + Redirects to the `comments.comments.comment_was_posted` view upon success. + + Templates: `comment_preview` + Context: + comment + the comment being posted + comment_form + the comment form + options + comment options + target + comment target + hash + security hash (must be included in a posted form to succesfully + post a comment). + rating_options + comment ratings options + ratings_optional + are ratings optional? + ratings_required + are ratings required? + rating_range + range of ratings + rating_choices + choice of ratings + """ + if extra_context is None: extra_context = {} + if not request.POST: + raise Http404, _("Only POSTs are allowed") + try: + options, target, security_hash = request.POST['options'], request.POST['target'], request.POST['gonzo'] + except KeyError: + raise Http404, _("One or more of the required fields wasn't submitted") + photo_options = request.POST.get('photo_options', '') + rating_options = normalize_newlines(request.POST.get('rating_options', '')) + if Comment.objects.get_security_hash(options, photo_options, rating_options, target) != security_hash: + raise Http404, _("Somebody tampered with the comment form (security violation)") + # Now we can be assured the data is valid. + if rating_options: + rating_range, rating_choices = Comment.objects.get_rating_options(base64.decodestring(rating_options)) + else: + rating_range, rating_choices = [], [] + content_type_id, object_id = target.split(':') # target is something like '52:5157' + try: + obj = ContentType.objects.get(pk=content_type_id).get_object_for_this_type(pk=object_id) + except ObjectDoesNotExist: + raise Http404, _("The comment form had an invalid 'target' parameter -- the object ID was invalid") + option_list = options.split(',') # options is something like 'pa,ra' + new_data = request.POST.copy() + new_data['content_type_id'] = content_type_id + new_data['object_id'] = object_id + new_data['ip_address'] = request.META.get('REMOTE_ADDR') + new_data['is_public'] = IS_PUBLIC in option_list + manipulator = PublicCommentManipulator(request.user, + ratings_required=RATINGS_REQUIRED in option_list, + ratings_range=rating_range, + num_rating_choices=len(rating_choices)) + errors = manipulator.get_validation_errors(new_data) + # If user gave correct username/password and wasn't already logged in, log them in + # so they don't have to enter a username/password again. + if manipulator.get_user() and not manipulator.get_user().is_authenticated() and 'password' in new_data and manipulator.get_user().check_password(new_data['password']): + from django.contrib.auth import login + login(request, manipulator.get_user()) + if errors or 'preview' in request.POST: + class CommentFormWrapper(oldforms.FormWrapper): + def __init__(self, manipulator, new_data, errors, rating_choices): + oldforms.FormWrapper.__init__(self, manipulator, new_data, errors) + self.rating_choices = rating_choices + def ratings(self): + field_list = [self['rating%d' % (i+1)] for i in range(len(rating_choices))] + for i, f in enumerate(field_list): + f.choice = rating_choices[i] + return field_list + comment = errors and '' or manipulator.get_comment(new_data) + comment_form = CommentFormWrapper(manipulator, new_data, errors, rating_choices) + return render_to_response('comments/preview.html', { + 'comment': comment, + 'comment_form': comment_form, + 'options': options, + 'target': target, + 'hash': security_hash, + 'rating_options': rating_options, + 'ratings_optional': RATINGS_OPTIONAL in option_list, + 'ratings_required': RATINGS_REQUIRED in option_list, + 'rating_range': rating_range, + 'rating_choices': rating_choices, + }, context_instance=RequestContext(request, extra_context, context_processors)) + elif 'post' in request.POST: + # If the IP is banned, mail the admins, do NOT save the comment, and + # serve up the "Thanks for posting" page as if the comment WAS posted. + if request.META['REMOTE_ADDR'] in settings.BANNED_IPS: + mail_admins("Banned IP attempted to post comment", smart_unicode(request.POST) + "\n\n" + str(request.META)) + else: + manipulator.do_html2python(new_data) + comment = manipulator.save(new_data) + return HttpResponseRedirect("../posted/?c=%s:%s" % (content_type_id, object_id)) + else: + raise Http404, _("The comment form didn't provide either 'preview' or 'post'") + +def post_free_comment(request, extra_context=None, context_processors=None): + """ + Post a free comment (not requiring a log in) + + Redirects to `comments.comments.comment_was_posted` view on success. + + Templates: `comment_free_preview` + Context: + comment + comment being posted + comment_form + comment form object + options + comment options + target + comment target + hash + security hash (must be included in a posted form to succesfully + post a comment). + """ + if extra_context is None: extra_context = {} + if not request.POST: + raise Http404, _("Only POSTs are allowed") + try: + options, target, security_hash = request.POST['options'], request.POST['target'], request.POST['gonzo'] + except KeyError: + raise Http404, _("One or more of the required fields wasn't submitted") + if Comment.objects.get_security_hash(options, '', '', target) != security_hash: + raise Http404, _("Somebody tampered with the comment form (security violation)") + content_type_id, object_id = target.split(':') # target is something like '52:5157' + content_type = ContentType.objects.get(pk=content_type_id) + try: + obj = content_type.get_object_for_this_type(pk=object_id) + except ObjectDoesNotExist: + raise Http404, _("The comment form had an invalid 'target' parameter -- the object ID was invalid") + option_list = options.split(',') + new_data = request.POST.copy() + new_data['content_type_id'] = content_type_id + new_data['object_id'] = object_id + new_data['ip_address'] = request.META['REMOTE_ADDR'] + new_data['is_public'] = IS_PUBLIC in option_list + manipulator = PublicFreeCommentManipulator() + errors = manipulator.get_validation_errors(new_data) + if errors or 'preview' in request.POST: + comment = errors and '' or manipulator.get_comment(new_data) + return render_to_response('comments/free_preview.html', { + 'comment': comment, + 'comment_form': oldforms.FormWrapper(manipulator, new_data, errors), + 'options': options, + 'target': target, + 'hash': security_hash, + }, context_instance=RequestContext(request, extra_context, context_processors)) + elif 'post' in request.POST: + # If the IP is banned, mail the admins, do NOT save the comment, and + # serve up the "Thanks for posting" page as if the comment WAS posted. + if request.META['REMOTE_ADDR'] in settings.BANNED_IPS: + from django.core.mail import mail_admins + mail_admins("Practical joker", smart_unicode(request.POST) + "\n\n" + str(request.META)) + else: + manipulator.do_html2python(new_data) + comment = manipulator.save(new_data) + return HttpResponseRedirect("../posted/?c=%s:%s" % (content_type_id, object_id)) + else: + raise Http404, _("The comment form didn't provide either 'preview' or 'post'") + +def comment_was_posted(request, extra_context=None, context_processors=None): + """ + Display "comment was posted" success page + + Templates: `comment_posted` + Context: + object + The object the comment was posted on + """ + if extra_context is None: extra_context = {} + obj = None + if 'c' in request.GET: + content_type_id, object_id = request.GET['c'].split(':') + try: + content_type = ContentType.objects.get(pk=content_type_id) + obj = content_type.get_object_for_this_type(pk=object_id) + except ObjectDoesNotExist: + pass + return render_to_response('comments/posted.html', {'object': obj}, + context_instance=RequestContext(request, extra_context, context_processors)) diff --git a/webapp/django/contrib/comments/views/karma.py b/webapp/django/contrib/comments/views/karma.py new file mode 100644 index 0000000000..7c0e284ae9 --- /dev/null +++ b/webapp/django/contrib/comments/views/karma.py @@ -0,0 +1,32 @@ +from django.http import Http404 +from django.shortcuts import render_to_response +from django.template import RequestContext +from django.contrib.comments.models import Comment, KarmaScore +from django.utils.translation import ugettext as _ + +def vote(request, comment_id, vote, extra_context=None, context_processors=None): + """ + Rate a comment (+1 or -1) + + Templates: `karma_vote_accepted` + Context: + comment + `comments.comments` object being rated + """ + if extra_context is None: extra_context = {} + rating = {'up': 1, 'down': -1}.get(vote, False) + if not rating: + raise Http404, "Invalid vote" + if not request.user.is_authenticated(): + raise Http404, _("Anonymous users cannot vote") + try: + comment = Comment.objects.get(pk=comment_id) + except Comment.DoesNotExist: + raise Http404, _("Invalid comment ID") + if comment.user.id == request.user.id: + raise Http404, _("No voting for yourself") + KarmaScore.objects.vote(request.user.id, comment_id, rating) + # Reload comment to ensure we have up to date karma count + comment = Comment.objects.get(pk=comment_id) + return render_to_response('comments/karma_vote_accepted.html', {'comment': comment}, + context_instance=RequestContext(request, extra_context, context_processors)) diff --git a/webapp/django/contrib/comments/views/userflags.py b/webapp/django/contrib/comments/views/userflags.py new file mode 100644 index 0000000000..91518dc5dd --- /dev/null +++ b/webapp/django/contrib/comments/views/userflags.py @@ -0,0 +1,62 @@ +from django.shortcuts import render_to_response, get_object_or_404 +from django.template import RequestContext +from django.http import Http404 +from django.contrib.comments.models import Comment, ModeratorDeletion, UserFlag +from django.contrib.auth.decorators import login_required +from django.http import HttpResponseRedirect +from django.conf import settings + +def flag(request, comment_id, extra_context=None, context_processors=None): + """ + Flags a comment. Confirmation on GET, action on POST. + + Templates: `comments/flag_verify`, `comments/flag_done` + Context: + comment + the flagged `comments.comments` object + """ + if extra_context is None: extra_context = {} + comment = get_object_or_404(Comment,pk=comment_id, site__id__exact=settings.SITE_ID) + if request.POST: + UserFlag.objects.flag(comment, request.user) + return HttpResponseRedirect('%sdone/' % request.path) + return render_to_response('comments/flag_verify.html', {'comment': comment}, + context_instance=RequestContext(request, extra_context, context_processors)) +flag = login_required(flag) + +def flag_done(request, comment_id, extra_context=None, context_processors=None): + if extra_context is None: extra_context = {} + comment = get_object_or_404(Comment,pk=comment_id, site__id__exact=settings.SITE_ID) + return render_to_response('comments/flag_done.html', {'comment': comment}, + context_instance=RequestContext(request, extra_context, context_processors)) + +def delete(request, comment_id, extra_context=None, context_processors=None): + """ + Deletes a comment. Confirmation on GET, action on POST. + + Templates: `comments/delete_verify`, `comments/delete_done` + Context: + comment + the flagged `comments.comments` object + """ + if extra_context is None: extra_context = {} + comment = get_object_or_404(Comment,pk=comment_id, site__id__exact=settings.SITE_ID) + if not Comment.objects.user_is_moderator(request.user): + raise Http404 + if request.POST: + # If the comment has already been removed, silently fail. + if not comment.is_removed: + comment.is_removed = True + comment.save() + m = ModeratorDeletion(None, request.user.id, comment.id, None) + m.save() + return HttpResponseRedirect('%sdone/' % request.path) + return render_to_response('comments/delete_verify.html', {'comment': comment}, + context_instance=RequestContext(request, extra_context, context_processors)) +delete = login_required(delete) + +def delete_done(request, comment_id, extra_context=None, context_processors=None): + if extra_context is None: extra_context = {} + comment = get_object_or_404(Comment,pk=comment_id, site__id__exact=settings.SITE_ID) + return render_to_response('comments/delete_done.html', {'comment': comment}, + context_instance=RequestContext(request, extra_context, context_processors)) |