OpenSlides/openslides/agenda/views.py

from cgi import escape

from django.contrib.auth import get_user_model
from django.utils.translation import ugettext as _
from django.utils.translation import ugettext_lazy
from reportlab.platypus import Paragraph

from openslides.utils.exceptions import OpenSlidesError
from openslides.utils.pdf import stylesheet
from openslides.utils.rest_api import (
    ModelViewSet,
    Response,
    ValidationError,
    detail_route,
    list_route,
)
from openslides.utils.views import PDFView

from .models import Item, Speaker
from .serializers import ItemSerializer


# Viewsets for the REST API

class ItemViewSet(ModelViewSet):
    """
    API endpoint for agenda items.

    There are the following views: metadata, list, retrieve, create,
    partial_update, update, destroy, manage_speaker, speak and tree.
    """
    queryset = Item.objects.all()
    serializer_class = ItemSerializer

    def check_view_permissions(self):
        """
        Returns True if the user has required permissions.
        """
        if self.action in ('metadata', 'list', 'retrieve', 'manage_speaker', 'tree'):
            result = self.request.user.has_perm('agenda.can_see')
            # For manage_speaker and tree requests the rest of the check is
            # done in the specific method. See below.
        elif self.action in ('create', 'partial_update', 'update', 'destroy'):
            result = (self.request.user.has_perm('agenda.can_see') and
                      self.request.user.has_perm('agenda.can_see_orga_items') and
                      self.request.user.has_perm('agenda.can_manage'))
        elif self.action == 'speak':
            result = (self.request.user.has_perm('agenda.can_see') and
                      self.request.user.has_perm('agenda.can_manage'))
        else:
            result = False
        return result

    def check_object_permissions(self, request, obj):
        """
        Checks if the requesting user has permission to see also an
        organizational item if it is one.
        """
        if obj.type == obj.ORGANIZATIONAL_ITEM and not request.user.has_perm('agenda.can_see_orga_items'):
            self.permission_denied(request)

    def get_queryset(self):
        """
        Filters organizational items if the user has no permission to see them.
        """
        queryset = super().get_queryset()
        if not self.request.user.has_perm('agenda.can_see_orga_items'):
            queryset = queryset.exclude(type__exact=Item.ORGANIZATIONAL_ITEM)
        return queryset

    @detail_route(methods=['POST', 'DELETE'])
    def manage_speaker(self, request, pk=None):
        """
        Special view endpoint to add users to the list of speakers or remove
        them. Send POST {'user': <user_id>} to add a new speaker. Omit
        data to add yourself. Send DELETE {'speaker': <speaker_id>} to remove
        someone from the list of speakers. Omit data to remove yourself.

        Checks also whether the requesting user can do this. He needs at
        least the permissions 'agenda.can_see' (see
        self.check_view_permissions()). In case of adding himself the
        permission 'agenda.can_be_speaker' is required. In case of adding
        someone else the permission 'agenda.can_manage' is required. In
        case of removing someone else 'agenda.can_manage' is required. In
        case of removing himself no other permission is required.
        """
        # Retrieve item.
        item = self.get_object()

        if request.method == 'POST':
            # Retrieve user_id
            user_id = request.data.get('user')

            # Check permissions and other conditions. Get user instance.
            if user_id is None:
                # Add oneself
                if not self.request.user.has_perm('agenda.can_be_speaker'):
                    self.permission_denied(request)
                if item.speaker_list_closed:
                    raise ValidationError({'detail': _('The list of speakers is closed.')})
                user = self.request.user
            else:
                # Add someone else.
                if not self.request.user.has_perm('agenda.can_manage'):
                    self.permission_denied(request)
                try:
                    user = get_user_model().objects.get(pk=int(user_id))
                except (ValueError, get_user_model().DoesNotExist):
                    raise ValidationError({'detail': _('User does not exist.')})

            # Try to add the user. This ensurse that a user is not twice in the
            # list of coming speakers.
            try:
                Speaker.objects.add(user, item)
            except OpenSlidesError as e:
                raise ValidationError({'detail': str(e)})
            message = _('User %s was successfully added to the list of speakers.') % user

        else:
            # request.method == 'DELETE'
            # Retrieve speaker_id
            speaker_id = request.data.get('speaker')

            # Check permissions and other conditions. Get speaker instance.
            if speaker_id is None:
                # Remove oneself
                queryset = Speaker.objects.filter(
                    item=item, user=self.request.user).exclude(weight=None)
                try:
                    # We assume that there aren't multiple entries because this
                    # is forbidden by the Manager's add method. We assume that
                    # there is only one speaker instance or none.
                    speaker = queryset.get()
                except Speaker.DoesNotExist:
                    raise ValidationError({'detail': _('You are not on the list of speakers.')})
            else:
                # Remove someone else.
                if not self.request.user.has_perm('agenda.can_manage'):
                    self.permission_denied(request)
                try:
                    speaker = Speaker.objects.get(pk=int(speaker_id))
                except (ValueError, Speaker.DoesNotExist):
                    raise ValidationError({'detail': _('Speaker does not exist.')})

            # Delete the speaker.
            speaker.delete()
            message = _('Speaker %s was successfully removed from the list of speakers.') % speaker

        # Initiate response.
        return Response({'detail': message})

    @detail_route(methods=['PUT', 'DELETE'])
    def speak(self, request, pk=None):
        """
        Special view endpoint to begin and end speach of speakers. Send PUT
        {'speaker': <speaker_id>} to begin speach. Omit data to begin speach of
        the next speaker. Send DELETE to end speach of current speaker.
        """
        # Retrieve item.
        item = self.get_object()

        if request.method == 'PUT':
            # Retrieve speaker_id
            speaker_id = request.data.get('speaker')
            if speaker_id is None:
                speaker = item.get_next_speaker()
                if speaker is None:
                    raise ValidationError({'detail': _('The list of speakers is empty.')})
            else:
                try:
                    speaker = Speaker.objects.get(pk=int(speaker_id))
                except (ValueError, Speaker.DoesNotExist):
                    raise ValidationError({'detail': _('Speaker does not exist.')})
            speaker.begin_speach()
            message = _('User is now speaking.')

        else:
            # request.method == 'DELETE'
            try:
                # We assume that there aren't multiple entries because this
                # is forbidden by the Model's begin_speach method. We assume that
                # there is only one speaker instance or none.
                current_speaker = Speaker.objects.filter(item=item, end_time=None).exclude(begin_time=None).get()
            except Speaker.DoesNotExist:
                raise ValidationError(
                    {'detail': _('There is no one speaking at the moment according to %(item)s.') % {'item': item}})
            current_speaker.end_speach()
            message = _('The speach is finished now.')

        # Initiate response.
        return Response({'detail': message})

    @list_route(methods=['get', 'put'])
    def tree(self, request):
        """
        Returns or sets the agenda tree.
        """
        if request.method == 'PUT':
            if not (request.user.has_perm('agenda.can_manage') and
                    request.user.has_perm('agenda.can_see_orga_items')):
                self.permission_denied(request)
            try:
                Item.objects.set_tree(request.data['tree'])
            except ValueError as error:
                return Response({'detail': str(error)}, status=400)
            else:
                return Response({'detail': 'Agenda tree successfully updated.'})
        return Response(Item.objects.get_tree())


# Views to generate PDFs

class AgendaPDF(PDFView):
    """
    Create a full agenda-PDF.
    """
    required_permission = 'agenda.can_see'
    filename = ugettext_lazy('Agenda')
    document_title = ugettext_lazy('Agenda')

    def append_to_pdf(self, story):
        tree = Item.objects.get_tree(only_agenda_items=True, include_content=True)

        def walk_tree(tree, ancestors=0):
            """
            Generator that yields a two-element-tuple. The first element is an
            agenda-item and the second a number for steps to the root element.
            """
            for element in tree:
                yield element['item'], ancestors
                yield from walk_tree(element['children'], ancestors + 1)

        for item, ancestors in walk_tree(tree):
            if ancestors:
                space = "&nbsp;" * 6 * ancestors
                story.append(Paragraph(
                    "%s%s" % (space, escape(item.get_title())),
                    stylesheet['Subitem']))
            else:
                story.append(Paragraph(escape(item.get_title()), stylesheet['Item']))
Show special characters in PDF, like "&". (Fixed #1415) Added escape function for agenda, motion, assignment and participants pdf views. 2015-01-21 12:58:46 +01:00			`from cgi import escape`
Generate Agenda-PDF in a generic View. Added PDFView in utils.views.py 2012-02-21 13:17:42 +01:00
Added view to add and remove users from the list of speakers. 2015-05-26 18:21:30 +02:00			`from django.contrib.auth import get_user_model`
Use flake8 instead of pep8. Orderd the imports with isort * changed the fab-command pep8 to check * checked and fixed any code with flake8. Also the urls.py * checkt the projector app with pylint 2013-09-25 10:01:01 +02:00			`from django.utils.translation import ugettext as _`
			`from django.utils.translation import ugettext_lazy`
			`from reportlab.platypus import Paragraph`
generic views for the Agenda-App 2012-02-20 17:46:45 +01:00
Added view to add and remove users from the list of speakers. 2015-05-26 18:21:30 +02:00			`from openslides.utils.exceptions import OpenSlidesError`
Use flake8 instead of pep8. Orderd the imports with isort * changed the fab-command pep8 to check * checked and fixed any code with flake8. Also the urls.py * checkt the projector app with pylint 2013-09-25 10:01:01 +02:00			`from openslides.utils.pdf import stylesheet`
Added view to add and remove users from the list of speakers. 2015-05-26 18:21:30 +02:00			`from openslides.utils.rest_api import (`
			`ModelViewSet,`
			`Response,`
			`ValidationError,`
			`detail_route,`
			`list_route,`
			`)`
Remove old thinks not needed for the 2.0 release: * django templates * widgets * views * mppt * main_menu * projector 1.x api Sorted all imports Add a ending slash to each url with a redirect view 2015-06-16 10:37:23 +02:00			`from openslides.utils.views import PDFView`
Added CSV import, fixed #1186. Also cleaned up motion and user CSV import. 2014-03-27 20:30:15 +01:00
Added view to add and remove users from the list of speakers. 2015-05-26 18:21:30 +02:00			`from .models import Item, Speaker`
Added api viewset for agenda items. Fixed style checker problem. 2015-01-06 00:14:49 +01:00			`from .serializers import ItemSerializer`
generic views for the Agenda-App 2012-02-20 17:46:45 +01:00

Refactored view permissions. Refactored permission check for REST API viewsets. Removed old PermissionMixin. Cleaned up several views.py files. 2015-07-01 23:18:48 +02:00			`# Viewsets for the REST API`
PEP8 errors resolved 2013-02-16 10:41:22 +01:00
Updated ViewSets to Django REST Framework 3.0.5. Refactored imports from openslides/utils/rest_api.py for better overriding them later. Fixed #1450. Updated requirements. 2015-02-12 18:48:14 +01:00			`class ItemViewSet(ModelViewSet):`
Added api viewset for agenda items. Fixed style checker problem. 2015-01-06 00:14:49 +01:00			`"""`
Refactored view permissions. Refactored permission check for REST API viewsets. Removed old PermissionMixin. Cleaned up several views.py files. 2015-07-01 23:18:48 +02:00			`API endpoint for agenda items.`

Set permissions for OPTIONS requests. Fixed js-data dependency. Fixed blank in some motion model fields. Fixed error handling in agenda and core views. 2015-08-31 14:07:24 +02:00			`There are the following views: metadata, list, retrieve, create,`
			`partial_update, update, destroy, manage_speaker, speak and tree.`
Added api viewset for agenda items. Fixed style checker problem. 2015-01-06 00:14:49 +01:00			`"""`
Updated ViewSets to Django REST Framework 3.0.5. Refactored imports from openslides/utils/rest_api.py for better overriding them later. Fixed #1450. Updated requirements. 2015-02-12 18:48:14 +01:00			`queryset = Item.objects.all()`
Added api viewset for agenda items. Fixed style checker problem. 2015-01-06 00:14:49 +01:00			`serializer_class = ItemSerializer`

Refactored view permissions. Refactored permission check for REST API viewsets. Removed old PermissionMixin. Cleaned up several views.py files. 2015-07-01 23:18:48 +02:00			`def check_view_permissions(self):`
Added api viewset for agenda items. Fixed style checker problem. 2015-01-06 00:14:49 +01:00			`"""`
Refactored view permissions. Refactored permission check for REST API viewsets. Removed old PermissionMixin. Cleaned up several views.py files. 2015-07-01 23:18:48 +02:00			`Returns True if the user has required permissions.`
Added api viewset for agenda items. Fixed style checker problem. 2015-01-06 00:14:49 +01:00			`"""`
Set permissions for OPTIONS requests. Fixed js-data dependency. Fixed blank in some motion model fields. Fixed error handling in agenda and core views. 2015-08-31 14:07:24 +02:00			`if self.action in ('metadata', 'list', 'retrieve', 'manage_speaker', 'tree'):`
Refactored view permissions. Refactored permission check for REST API viewsets. Removed old PermissionMixin. Cleaned up several views.py files. 2015-07-01 23:18:48 +02:00			`result = self.request.user.has_perm('agenda.can_see')`
			`# For manage_speaker and tree requests the rest of the check is`
			`# done in the specific method. See below.`
			`elif self.action in ('create', 'partial_update', 'update', 'destroy'):`
			`result = (self.request.user.has_perm('agenda.can_see') and`
			`self.request.user.has_perm('agenda.can_see_orga_items') and`
			`self.request.user.has_perm('agenda.can_manage'))`
			`elif self.action == 'speak':`
			`result = (self.request.user.has_perm('agenda.can_see') and`
			`self.request.user.has_perm('agenda.can_manage'))`
			`else:`
			`result = False`
			`return result`
Added api viewset for agenda items. Fixed style checker problem. 2015-01-06 00:14:49 +01:00
			`def check_object_permissions(self, request, obj):`
			`"""`
			`Checks if the requesting user has permission to see also an`
			`organizational item if it is one.`
			`"""`
			`if obj.type == obj.ORGANIZATIONAL_ITEM and not request.user.has_perm('agenda.can_see_orga_items'):`
			`self.permission_denied(request)`

			`def get_queryset(self):`
			`"""`
Added REST api for motion, mediafile and config app. Refactor REST api in other apps. 2015-01-24 16:35:50 +01:00			`Filters organizational items if the user has no permission to see them.`
Added api viewset for agenda items. Fixed style checker problem. 2015-01-06 00:14:49 +01:00			`"""`
Updated ViewSets to Django REST Framework 3.0.5. Refactored imports from openslides/utils/rest_api.py for better overriding them later. Fixed #1450. Updated requirements. 2015-02-12 18:48:14 +01:00			`queryset = super().get_queryset()`
Refactored REST api in agenda, core and users app. 2015-01-17 14:25:05 +01:00			`if not self.request.user.has_perm('agenda.can_see_orga_items'):`
Added api viewset for agenda items. Fixed style checker problem. 2015-01-06 00:14:49 +01:00			`queryset = queryset.exclude(type__exact=Item.ORGANIZATIONAL_ITEM)`
			`return queryset`
Send tree for agenda items 2015-03-29 14:42:27 +02:00
Added view to add and remove users from the list of speakers. 2015-05-26 18:21:30 +02:00			`@detail_route(methods=['POST', 'DELETE'])`
			`def manage_speaker(self, request, pk=None):`
			`"""`
			`Special view endpoint to add users to the list of speakers or remove`
			`them. Send POST {'user': <user_id>} to add a new speaker. Omit`
			`data to add yourself. Send DELETE {'speaker': <speaker_id>} to remove`
			`someone from the list of speakers. Omit data to remove yourself.`

			`Checks also whether the requesting user can do this. He needs at`
			`least the permissions 'agenda.can_see' (see`
Refactored view permissions. Refactored permission check for REST API viewsets. Removed old PermissionMixin. Cleaned up several views.py files. 2015-07-01 23:18:48 +02:00			`self.check_view_permissions()). In case of adding himself the`
			`permission 'agenda.can_be_speaker' is required. In case of adding`
			`someone else the permission 'agenda.can_manage' is required. In`
			`case of removing someone else 'agenda.can_manage' is required. In`
			`case of removing himself no other permission is required.`
Added view to add and remove users from the list of speakers. 2015-05-26 18:21:30 +02:00			`"""`
			`# Retrieve item.`
			`item = self.get_object()`

			`if request.method == 'POST':`
			`# Retrieve user_id`
			`user_id = request.data.get('user')`

			`# Check permissions and other conditions. Get user instance.`
			`if user_id is None:`
			`# Add oneself`
			`if not self.request.user.has_perm('agenda.can_be_speaker'):`
			`self.permission_denied(request)`
			`if item.speaker_list_closed:`
			`raise ValidationError({'detail': _('The list of speakers is closed.')})`
			`user = self.request.user`
			`else:`
			`# Add someone else.`
			`if not self.request.user.has_perm('agenda.can_manage'):`
			`self.permission_denied(request)`
			`try:`
			`user = get_user_model().objects.get(pk=int(user_id))`
			`except (ValueError, get_user_model().DoesNotExist):`
			`raise ValidationError({'detail': _('User does not exist.')})`

			`# Try to add the user. This ensurse that a user is not twice in the`
			`# list of coming speakers.`
			`try:`
			`Speaker.objects.add(user, item)`
			`except OpenSlidesError as e:`
Set permissions for OPTIONS requests. Fixed js-data dependency. Fixed blank in some motion model fields. Fixed error handling in agenda and core views. 2015-08-31 14:07:24 +02:00			`raise ValidationError({'detail': str(e)})`
Added view to begin and end speach. 2015-05-27 15:42:32 +02:00			`message = _('User %s was successfully added to the list of speakers.') % user`
Added view to add and remove users from the list of speakers. 2015-05-26 18:21:30 +02:00
			`else:`
			`# request.method == 'DELETE'`
			`# Retrieve speaker_id`
			`speaker_id = request.data.get('speaker')`

			`# Check permissions and other conditions. Get speaker instance.`
			`if speaker_id is None:`
			`# Remove oneself`
			`queryset = Speaker.objects.filter(`
			`item=item, user=self.request.user).exclude(weight=None)`
			`try:`
			`# We assume that there aren't multiple entries because this`
			`# is forbidden by the Manager's add method. We assume that`
			`# there is only one speaker instance or none.`
			`speaker = queryset.get()`
			`except Speaker.DoesNotExist:`
			`raise ValidationError({'detail': _('You are not on the list of speakers.')})`
			`else:`
			`# Remove someone else.`
			`if not self.request.user.has_perm('agenda.can_manage'):`
			`self.permission_denied(request)`
			`try:`
Added view to begin and end speach. 2015-05-27 15:42:32 +02:00			`speaker = Speaker.objects.get(pk=int(speaker_id))`
			`except (ValueError, Speaker.DoesNotExist):`
Added view to add and remove users from the list of speakers. 2015-05-26 18:21:30 +02:00			`raise ValidationError({'detail': _('Speaker does not exist.')})`

			`# Delete the speaker.`
			`speaker.delete()`
Added view to begin and end speach. 2015-05-27 15:42:32 +02:00			`message = _('Speaker %s was successfully removed from the list of speakers.') % speaker`

			`# Initiate response.`
			`return Response({'detail': message})`

			`@detail_route(methods=['PUT', 'DELETE'])`
			`def speak(self, request, pk=None):`
			`"""`
			`Special view endpoint to begin and end speach of speakers. Send PUT`
			`{'speaker': <speaker_id>} to begin speach. Omit data to begin speach of`
			`the next speaker. Send DELETE to end speach of current speaker.`
			`"""`
			`# Retrieve item.`
			`item = self.get_object()`

			`if request.method == 'PUT':`
			`# Retrieve speaker_id`
			`speaker_id = request.data.get('speaker')`
			`if speaker_id is None:`
			`speaker = item.get_next_speaker()`
			`if speaker is None:`
			`raise ValidationError({'detail': _('The list of speakers is empty.')})`
			`else:`
			`try:`
			`speaker = Speaker.objects.get(pk=int(speaker_id))`
			`except (ValueError, Speaker.DoesNotExist):`
			`raise ValidationError({'detail': _('Speaker does not exist.')})`
			`speaker.begin_speach()`
			`message = _('User is now speaking.')`

			`else:`
			`# request.method == 'DELETE'`
			`try:`
			`# We assume that there aren't multiple entries because this`
			`# is forbidden by the Model's begin_speach method. We assume that`
			`# there is only one speaker instance or none.`
			`current_speaker = Speaker.objects.filter(item=item, end_time=None).exclude(begin_time=None).get()`
			`except Speaker.DoesNotExist:`
			`raise ValidationError(`
			`{'detail': _('There is no one speaking at the moment according to %(item)s.') % {'item': item}})`
			`current_speaker.end_speach()`
			`message = _('The speach is finished now.')`
Added view to add and remove users from the list of speakers. 2015-05-26 18:21:30 +02:00
			`# Initiate response.`
			`return Response({'detail': message})`

Send tree for agenda items 2015-03-29 14:42:27 +02:00			`@list_route(methods=['get', 'put'])`
			`def tree(self, request):`
			`"""`
			`Returns or sets the agenda tree.`
			`"""`
			`if request.method == 'PUT':`
			`if not (request.user.has_perm('agenda.can_manage') and`
			`request.user.has_perm('agenda.can_see_orga_items')):`
			`self.permission_denied(request)`
Moved agenda tree code to the Item-Manager and used it at the AgendaPDFView. fixed #1561 2015-06-25 09:53:55 +02:00			`try:`
			`Item.objects.set_tree(request.data['tree'])`
			`except ValueError as error:`
			`return Response({'detail': str(error)}, status=400)`
			`else:`
			`return Response({'detail': 'Agenda tree successfully updated.'})`
			`return Response(Item.objects.get_tree())`
Refactored view permissions. Refactored permission check for REST API viewsets. Removed old PermissionMixin. Cleaned up several views.py files. 2015-07-01 23:18:48 +02:00

			`# Views to generate PDFs`

			`class AgendaPDF(PDFView):`
			`"""`
			`Create a full agenda-PDF.`
			`"""`
			`required_permission = 'agenda.can_see'`
			`filename = ugettext_lazy('Agenda')`
			`document_title = ugettext_lazy('Agenda')`

			`def append_to_pdf(self, story):`
			`tree = Item.objects.get_tree(only_agenda_items=True, include_content=True)`

			`def walk_tree(tree, ancestors=0):`
			`"""`
			`Generator that yields a two-element-tuple. The first element is an`
			`agenda-item and the second a number for steps to the root element.`
			`"""`
			`for element in tree:`
			`yield element['item'], ancestors`
			`yield from walk_tree(element['children'], ancestors + 1)`

			`for item, ancestors in walk_tree(tree):`
			`if ancestors:`
			`space = " " * 6 * ancestors`
			`story.append(Paragraph(`
			`"%s%s" % (space, escape(item.get_title())),`
			`stylesheet['Subitem']))`
			`else:`
			`story.append(Paragraph(escape(item.get_title()), stylesheet['Item']))`