OpenSlides/openslides/core/views.py

from django.conf import settings
from django.contrib import messages
from django.contrib.staticfiles import finders
from django.core.exceptions import PermissionDenied
from django.core.urlresolvers import reverse
from django.db import IntegrityError
from django.shortcuts import redirect, render_to_response
from django.template import RequestContext
from django.utils.importlib import import_module
from django.utils.translation import ugettext as _
from haystack.views import SearchView as _SearchView
from django.http import HttpResponse
from django.views.decorators.csrf import ensure_csrf_cookie

from openslides import get_version as get_openslides_version
from openslides import get_git_commit_id, RELEASE
from openslides.config.api import config
from openslides.utils import views as utils_views
from openslides.utils.plugins import get_plugin_description, get_plugin_verbose_name, get_plugin_version
from openslides.utils.rest_api import ModelViewSet
from openslides.utils.signals import template_manipulation
from openslides.utils.widgets import Widget

from .forms import SelectWidgetsForm
from .models import CustomSlide, Tag
from .exceptions import TagException
from .serializers import CustomSlideSerializer, TagSerializer


class IndexView(utils_views.View):
    """
    The primary view for OpenSlides using AngularJS.

    The default base template is 'openslides/core/static/templates/index.html'.
    You can override it by simply adding a custom 'templates/index.html' file
    to the custom staticfiles directory. See STATICFILES_DIRS in settings.py.
    """

    @classmethod
    def as_view(cls, *args, **kwargs):
        """
        Makes sure that the csrf cookie is send.
        """
        view = super().as_view(*args, **kwargs)
        return ensure_csrf_cookie(view)

    def get(self, *args, **kwargs):
        with open(finders.find('templates/index.html')) as f:
            content = f.read()
        return HttpResponse(content)


class DashboardView(utils_views.AjaxMixin, utils_views.TemplateView):
    """
    Overview over all possible slides, the overlays and a live view: the
    Dashboard of OpenSlides. This main view uses the widget api to collect all
    widgets from all apps. See openslides.utils.widgets.Widget for more details.
    """
    required_permission = 'core.can_see_dashboard'
    template_name = 'core/dashboard.html'

    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        widgets = []
        for widget in Widget.get_all(self.request):
            if widget.is_active():
                widgets.append(widget)
                context['extra_stylefiles'].extend(widget.get_stylesheets())
                context['extra_javascript'].extend(widget.get_javascript_files())
        context['widgets'] = widgets
        return context


class SelectWidgetsView(utils_views.TemplateView):
    """
    Shows a form to select which widgets should be displayed on the own
    dashboard. The setting is saved in the session.
    """
    # TODO: Use another base view class here, e. g. a FormView
    required_permission = 'core.can_see_dashboard'
    template_name = 'core/select_widgets.html'

    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        widgets = Widget.get_all(self.request)
        for widget in widgets:
            initial = {'widget': widget.is_active()}
            prefix = widget.name
            if self.request.method == 'POST':
                widget.form = SelectWidgetsForm(
                    self.request.POST,
                    prefix=prefix,
                    initial=initial)
            else:
                widget.form = SelectWidgetsForm(prefix=prefix, initial=initial)
        context['widgets'] = widgets
        return context

    def post(self, request, *args, **kwargs):
        """
        Activates or deactivates the widgets in a post request.
        """
        context = self.get_context_data(**kwargs)
        session_widgets = self.request.session.get('widgets', {})
        for widget in context['widgets']:
            if widget.form.is_valid():
                session_widgets[widget.name] = widget.form.cleaned_data['widget']
            else:
                messages.error(request, _('There are errors in the form.'))
                break
        else:
            self.request.session['widgets'] = session_widgets
        return redirect(reverse('core_dashboard'))


class VersionView(utils_views.TemplateView):
    """
    Shows version infos.
    """
    template_name = 'core/version.html'

    def get_context_data(self, **kwargs):
        """
        Adds version strings to the context.
        """
        context = super().get_context_data(**kwargs)
        # OpenSlides version. During development the git commit id is added.
        if RELEASE:
            description = ''
        else:
            description = 'Commit %s' % get_git_commit_id()
        context['modules'] = [{'verbose_name': 'OpenSlides',
                               'description': description,
                               'version': get_openslides_version()}]
        # Versions of plugins.
        for plugin in settings.INSTALLED_PLUGINS:
            context['modules'].append({'verbose_name': get_plugin_verbose_name(plugin),
                                       'description': get_plugin_description(plugin),
                                       'version': get_plugin_version(plugin)})
        return context


class SearchView(_SearchView):
    """
    Shows search result page.
    """
    template = 'core/search.html'

    def __call__(self, request):
        if not request.user.is_authenticated() and not config['system_enable_anonymous']:
            raise PermissionDenied
        return super().__call__(request)

    def extra_context(self):
        """
        Adds extra context variables to set navigation and search filter.

        Returns a context dictionary.
        """
        context = {}
        template_manipulation.send(
            sender=self.__class__, request=self.request, context=context)
        context['models'] = self.get_indexed_searchmodels()
        context['get_values'] = self.request.GET.getlist('models')
        return context

    def get_indexed_searchmodels(self):
        """
        Iterate over all INSTALLED_APPS and return a list of models which are
        indexed by haystack/whoosh for using in customized model search filter
        in search template search.html. Each list entry contains a verbose name
        of the model and a special form field value for haystack (app_name.model_name),
        e.g. ['Agenda', 'agenda.item'].
        """
        models = []
        # TODO: cache this query!
        for app in settings.INSTALLED_APPS:
            try:
                module = import_module(app + '.search_indexes')
            except ImportError:
                pass
            else:
                models.append([module.Index.modelfilter_name, module.Index.modelfilter_value])
        return models


class ErrorView(utils_views.View):
    """
    View for Http 403, 404 and 500 error pages.
    """
    status_code = None

    def dispatch(self, request, *args, **kwargs):
        http_error_strings = {
            403: {'name': _('Forbidden'),
                  'description': _('Sorry, you have no permission to see this page.'),
                  'status_code': '403'},
            404: {'name': _('Not Found'),
                  'description': _('Sorry, the requested page could not be found.'),
                  'status_code': '404'},
            500: {'name': _('Internal Server Error'),
                  'description': _('Sorry, there was an unknown error. Please contact the event manager.'),
                  'status_code': '500'}}
        context = {}
        context['http_error'] = http_error_strings[self.status_code]
        template_manipulation.send(sender=self.__class__, request=request, context=context)
        response = render_to_response(
            'core/error.html',
            context_instance=RequestContext(request, context))
        response.status_code = self.status_code
        return response


class CustomSlideViewMixin(object):
    """
    Mixin for for CustomSlide Views.
    """
    fields = ('title', 'text', 'weight',)
    required_permission = 'core.can_manage_projector'
    template_name = 'core/customslide_update.html'
    model = CustomSlide
    success_url_name = 'core_dashboard'
    url_name_args = []


class CustomSlideCreateView(CustomSlideViewMixin, utils_views.CreateView):
    """
    Create a custom slide.
    """
    pass


class CustomSlideUpdateView(CustomSlideViewMixin, utils_views.UpdateView):
    """
    Update a custom slide.
    """
    pass


class CustomSlideDeleteView(CustomSlideViewMixin, utils_views.DeleteView):
    """
    Delete a custom slide.
    """
    pass


class CustomSlideViewSet(ModelViewSet):
    """
    API endpoint to list, retrieve, create, update and destroy custom slides.
    """
    queryset = CustomSlide.objects.all()
    serializer_class = CustomSlideSerializer

    def check_permissions(self, request):
        """
        Calls self.permission_denied() if the requesting user has not the
        permission to manage projector.
        """
        if not request.user.has_perm('core.can_manage_projector'):
            self.permission_denied(request)


class TagListView(utils_views.AjaxMixin, utils_views.ListView):
    """
    View to list and manipulate tags.

    Shows all tags when requested via a GET-request. Manipulates tags with
    POST-requests.
    """

    model = Tag
    required_permission = 'core.can_manage_tags'

    def post(self, *args, **kwargs):
        return self.ajax_get(*args, **kwargs)

    def ajax_get(self, request, *args, **kwargs):
        name, value = request.POST['name'], request.POST.get('value', None)

        # Create a new tag
        if name == 'new':
            try:
                tag = Tag.objects.create(name=value)
            except IntegrityError:
                # The name of the tag is already taken. It must be unique.
                self.error = 'Tag name is already taken'
            else:
                self.pk = tag.pk
                self.action = 'created'

        # Update an existing tag
        elif name.startswith('edit-tag-'):
            try:
                self.get_tag_queryset(name, 9).update(name=value)
            except TagException as error:
                self.error = str(error)
            except IntegrityError:
                self.error = 'Tag name is already taken'
            except Tag.DoesNotExist:
                self.error = 'Tag does not exist'
            else:
                self.action = 'updated'

        # Delete a tag
        elif name.startswith('delete-tag-'):
            try:
                self.get_tag_queryset(name, 11).delete()
            except TagException as error:
                self.error = str(error)
            except Tag.DoesNotExist:
                self.error = 'Tag does not exist'
            else:
                self.action = 'deleted'
        return super().ajax_get(request, *args, **kwargs)

    def get_tag_queryset(self, name, place_in_str):
        """
        Get a django-tag-queryset from a string.

        'name' is the string in which the pk is (at the end).

        'place_in_str' is the place where to look for the pk. It has to be an int.

        Returns a Tag QuerySet or raises TagException.
        Also sets self.pk to the pk inside the name.
        """
        try:
            self.pk = int(name[place_in_str:])
        except ValueError:
            raise TagException('Invalid name in request')
        return Tag.objects.filter(pk=self.pk)

    def get_ajax_context(self, **context):
        return super().get_ajax_context(
            pk=getattr(self, 'pk', None),
            action=getattr(self, 'action', None),
            error=getattr(self, 'error', None),
            **context)


class TagViewSet(ModelViewSet):
    """
    API endpoint to list, retrieve, create, update and destroy tags.
    """
    queryset = Tag.objects.all()
    serializer_class = TagSerializer

    def check_permissions(self, request):
        """
        Calls self.permission_denied() if the requesting user has not the
        permission to manage tags and it is a create, update or detroy request.
        """
        if (self.action in ('create', 'update', 'destroy') and
                not request.user.has_perm('core.can_manage_tags')):
            self.permission_denied(request)