# HG changeset patch # User verrierj # Date 1321524589 -3600 # Node ID 3cff86180fbe310271e388d1a4c2ce0e49e78056 # Parent bee98775a8e84a522236def6b8085a0b5d131707 Replaced calls to objects by calls to safe_objects in views + xml can be changed on the fly to hide a content diff -r bee98775a8e8 -r 3cff86180fbe src/ldt/ldt/ldt_utils/views.py --- a/src/ldt/ldt/ldt_utils/views.py Wed Nov 16 15:28:24 2011 +0100 +++ b/src/ldt/ldt/ldt_utils/views.py Thu Nov 17 11:09:49 2011 +0100 @@ -19,6 +19,7 @@ from django.utils.translation import ugettext as _, ungettext from forms import (LdtAddForm, SearchForm, AddProjectForm, CopyProjectForm, ContentForm, MediaForm, GroupAddForm, PermissionForm) +from guardian.core import ObjectPermissionChecker from guardian.shortcuts import assign, remove_perm, get_perms, get_objects_for_group from guardian.core import ObjectPermissionChecker from ldt.ldt_utils.models import Content @@ -45,13 +46,13 @@ @login_required -def workspace(request): +def workspace(request): #Checked # list of contents - content_list = Content.objects.all() #@UndefinedVariable + content_list = Content.safe_objects.all() #@UndefinedVariable # get list of projects owned by the current user - project_list = Project.objects.filter(owner=request.user) #@UndefinedVariable + project_list = Project.safe_objects.filter(owner=request.user) #@UndefinedVariable is_gecko = ((request.META['HTTP_USER_AGENT'].lower().find("firefox")) > -1); @@ -62,7 +63,7 @@ context_instance=RequestContext(request)) @login_required -def groups(request): +def groups(request): #Checked # get list of all published projects group_list = request.user.groups #@UndefinedVariable @@ -83,7 +84,7 @@ @login_required -def published_project(request): +def published_project(request): #checked # get list of all published projects project_list = Project.objects.filter(state=2) #@UndefinedVariable @@ -99,14 +100,14 @@ context_instance=RequestContext(request)) -def popup_embed(request): +def popup_embed(request): #checked json_url = request.GET.get("json_url") player_id = request.GET.get("player_id") ldt_id = request.GET.get("ldt_id") - project = Project.objects.get(ldt_id=ldt_id); #@UndefinedVariable + project = Project.safe_objects.get(ldt_id=ldt_id); #@UndefinedVariable stream_mode = project.stream_mode if stream_mode != "video": @@ -138,7 +139,7 @@ @login_required -def projects_filter(request, filter, is_owner=False, status=0, id_group=None): +def projects_filter(request, filter, is_owner=False, status=0, id_group=None): #checked is_owner = boolean_convert(is_owner) status = int(status) @@ -168,11 +169,10 @@ grp = Group.objects.get(id=id_group) #@UndefinedVariable users = User.objects.filter(groups__in=[grp]) #@UndefinedVariable query &= Q(owner__in=users) #@UndefinedVariable - #project_list = Project.objects.filter(query).extra(select={'lower_title': 'lower(title)'}).order_by('owner__username', 'lower_title') #@UndefinedVariable - project_list = get_objects_for_group(grp, 'ldt_utils.view_project') + project_list = Project.safe_objects.filter(query).extra(select={'lower_title': 'lower(title)'}).order_by('owner__username', 'lower_title') #@UndefinedVariable show_username = True else : - project_list = Project.objects.filter(query) #@UndefinedVariable + project_list = Project.safe_objects.filter(query) #@UndefinedVariable # Template depends on the projects's status if status == 2 : @@ -185,21 +185,21 @@ context_instance=RequestContext(request)) @login_required -def contents_filter(request, filter): +def contents_filter(request, filter): #checked if filter and len(filter) > 0 and filter[0] == '_': filter = filter[1:] if filter: - content_list = Content.objects.filter(title__icontains=filter) #@UndefinedVariable + content_list = Content.safe_objects.filter(title__icontains=filter) #@UndefinedVariable else: - content_list = Content.objects.all() #@UndefinedVariable + content_list = Content.safe_objects.all() #@UndefinedVariable return render_to_response("ldt/ldt_utils/partial/contentslist.html", {'contents': content_list}, context_instance=RequestContext(request)) -def search_form(request): +def search_form(request): # checked form = SearchForm() return render_to_response('ldt/ldt_utils/search_form.html', {'form': form} , context_instance=RequestContext(request)) @@ -224,7 +224,7 @@ results.sort(key=lambda k: k['iri_id']) for iri_id, item in groupby(results, itemgetter('iri_id')): try: - content = Content.objects.get(iri_id=iri_id) + content = Content.safe_objects.get(iri_id=iri_id) except Content.DoesNotExist: continue segments = list(item) @@ -261,7 +261,7 @@ def search_listing(request): - if not request.session.__contains__('complete_results'): + if not request.session.has_key('complete_results'): msg = _("Please enter valid keywords.") return render_to_response('ldt/ldt_utils/search_results.html', {'msg' : msg}, context_instance=RequestContext(request)) @@ -285,8 +285,8 @@ return render_to_response('ldt/ldt_utils/search_results.html', {'results': results, 'nb_results' : paginator.count, 'search' : search, 'LDT_MEDIA_PREFIX': settings.LDT_MEDIA_PREFIX, 'colorurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/pkg/color.xml', 'i18nurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/pkg/i18n', 'language': language_code, 'baseurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/'}, context_instance=RequestContext(request)) -def search_index_get(request, field, query): - +def search_index_get(request, field, query): # checked + language_code = request.LANGUAGE_CODE[:2] url = settings.WEB_URL + django.core.urlresolvers.reverse("ldt.ldt_utils.views.search_init", args=[field, query]) @@ -302,7 +302,7 @@ resp.write(lxml.etree.tostring(doc, pretty_print=True, encoding="utf-8")) return resp -def search_ldt(request, field, query, edition=None): +def search_ldt(request, field, query, edition=None): #checked contentList = [] resp = HttpResponse(mimetype="text/xml") @@ -325,8 +325,8 @@ # ids_editions = map(lambda t:t[0], filter(lambda id: id[0] is not None, Speak.objects.filter(session__day__edition=edition).order_by("session__start_ts", "order").values_list("content__iri_id"))) # id_list = filter(lambda id: id in id_list, ids_editions) - contentList = Content.objects.filter(iri_id__in=id_list) #@UndefinedVariable - projectList = Project.objects.filter(ldt_id__in=projId_list); + contentList = Content.safe_objects.filter(iri_id__in=id_list) #@UndefinedVariable + projectList = Project.safe_objects.filter(ldt_id__in=projId_list); ldtgen = LdtUtils() @@ -372,13 +372,13 @@ @login_required -def list_ldt(request): - contents = Content.objects.all() #@UndefinedVariable +def list_ldt(request): #checked + contents = Content.safe_objects.all() #@UndefinedVariable try: owner = request.user #@UndefinedVariable except: return HttpResponseRedirect(settings.LOGIN_URL) - ldtProjects = Project.objects.filter(owner=owner) #@UndefinedVariable + ldtProjects = Project.safe_objects.filter(owner=owner) #@UndefinedVariable context = { 'contents': contents, 'projects': ldtProjects.reverse(), @@ -386,23 +386,24 @@ return render_to_response('ldt/ldt_utils/ldt_list.html', context, context_instance=RequestContext(request)) @login_required -def list_content(request): - contents = Content.objects.all() #@UndefinedVariable +def list_content(request): #checked + contents = Content.safe_objects.all() #@UndefinedVariable context = { 'contents': contents, } return render_to_response('ldt/ldt_utils/content_list.html', context, context_instance=RequestContext(request)) @login_required -def create_ldt_view(request): +def create_ldt_view(request): #checked permission_formset = formset_factory(PermissionForm, extra=0) if request.method == "POST" : form = LdtAddForm(request.POST) form_status = "none" - contents = Content.objects.all() + contents = Content.safe_objects.all() groups = request.user.groups.all() group_form = permission_formset(request.POST) + management_form = None if form.is_valid() and group_form.is_valid(): user = request.user @@ -416,7 +417,7 @@ contents = [] else: form = LdtAddForm() - contents = Content.objects.all() #@UndefinedVariable + contents = Content.safe_objects.all() #@UndefinedVariable groups = request.user.groups.all() perm_list = [] @@ -427,19 +428,15 @@ management_form = permission.management_form group_form = zip(permission, groups) - form_status = "none" - - if form_status != 'none': - management_form = None - + form_status = "none" return render_to_response('ldt/ldt_utils/create_ldt.html', {'contents': contents, 'form': form, 'group_form': group_form, 'management_form': management_form, 'form_status':form_status, 'create_project_action':reverse(create_ldt_view), 'language_code' : settings.LANGUAGE_CODE[2:]}, context_instance=RequestContext(request)) -def created_ldt(request): +def created_ldt(request): #checked return render_to_response('ldt/ldt_utils/save_done.html', context_instance=RequestContext(request)) -def index_segment(request, project_id, content_id, cutting_id, ensemble_id, segment_id): +def index_segment(request, project_id, content_id, cutting_id, ensemble_id, segment_id): #checked url_str = settings.WEB_URL + reverse("ldt.ldt_utils.views.init_segment", args=[project_id, content_id, ensemble_id, cutting_id, segment_id]) post_url = "" language_code = request.LANGUAGE_CODE[:2] @@ -448,15 +445,23 @@ return render_to_response(template_path, {'LDT_MEDIA_PREFIX': settings.LDT_MEDIA_PREFIX, 'colorurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/pkg/color.xml', 'i18nurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/pkg/i18n', 'language': language_code, 'baseurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/', 'url': url_str, 'posturl': post_url, 'id': id, 'readonly': readonly}, context_instance=RequestContext(request)) -def init_segment(request, project_id, content_id, ensemble_id, cutting_id, segment_id): +def init_segment(request, project_id, content_id, ensemble_id, cutting_id, segment_id): #checked + + if project_id != u"_": + get_object_or_404(Project.safe_objects, ldt_id=project_id) + get_object_or_404(Content.safe_objects, iri_id=content_id) ldtgen = LdtUtils() doc = ldtgen.generate_init([project_id, content_id, ensemble_id, cutting_id, segment_id], 'ldt.ldt_utils.views.ldt_segment', 'ldt.ldt_utils.views.highlight_segment') return HttpResponse(lxml.etree.tostring(lxml.etree.ElementTree(doc), pretty_print=True), mimetype="text/xml;charset=utf-8") -def highlight_segment(request, project_id, content_id, ensemble_id, cutting_id, segment_id): +def highlight_segment(request, project_id, content_id, ensemble_id, cutting_id, segment_id): #checked + if project_id != u"_": + get_object_or_404(Project.safe_objects, ldt_id=project_id) + get_object_or_404(Content.safe_objects, iri_id=content_id) + iri = lxml.etree.Element('iri') doc = lxml.etree.ElementTree(iri) @@ -471,14 +476,14 @@ return HttpResponse(lxml.etree.tostring(doc, pretty_print=True), mimetype="text/xml;charset=utf-8") -def ldt_segment(request, project_id, content_id, ensemble_id, cutting_id, segment_id): +def ldt_segment(request, project_id, content_id, ensemble_id, cutting_id, segment_id): #checked resp = HttpResponse(mimetype="text/xml") resp['Cache-Control'] = 'no-cache, must-revalidate' resp['Pragma'] = 'no-cache' if project_id and project_id != "_" : - project = Project.objects.get(ldt_id=project_id) #@UndefinedVariable + project = Project.safe_objects.get(ldt_id=project_id) #@UndefinedVariable ldtdoc = lxml.etree.fromstring(project.ldt.encode("utf-8")) displays_node = ldtdoc.find("displays") if not displays_node: @@ -510,7 +515,7 @@ else: # generate ldt from ldtgen = LdtUtils() - content_list = Content.objects.filter(iri_id=content_id) + content_list = Content.safe_objects.filter(iri_id=content_id) if request.user and request.user.username: username = request.user.username else: @@ -531,18 +536,18 @@ # ldtgen. -def index_project(request, id, full=False): +def index_project(request, id, full=False): # checked urlStr = settings.WEB_URL + reverse("space_ldt_init", args=['ldt_project', id]) posturl = settings.WEB_URL + reverse("ldt.ldt_utils.views.save_ldt_project") language_code = request.LANGUAGE_CODE[:2] - ldt = get_object_or_404(Project, ldt_id=id) + ldt = get_object_or_404(Project.safe_objects, ldt_id=id) if ldt.state == 2: #published readonly = 'true' else: readonly = 'false' - + if full: template_path = 'ldt/ldt_utils/init_ldt_full.html' else: @@ -554,41 +559,54 @@ def init(request, method, url): ldtgen = LdtUtils() - doc = ldtgen.generate_init([url], 'ldt.ldt_utils.views.' + method, None) + doc = ldtgen.generate_init([url], 'ldt.ldt_utils.views.' + method, None) resp = HttpResponse(mimetype="text/xml") resp['Cache-Control'] = 'no-cache, must-revalidate' resp['Pragma'] = 'no-cache' + f = open('D:/verrierj/platform_group/test', 'w') + f.write(method) + f.close() + resp.write(lxml.etree.tostring(doc, pretty_print=True, xml_declaration=True, encoding="utf-8")) return resp -def ldt_project(request, id): +def ldt_project(request, id): #checked resp = HttpResponse(mimetype="text/xml") resp['Cache-Control'] = 'no-cache, must-revalidate' resp['Pragma'] = 'no-cache' - project = Project.objects.get(ldt_id=id) #@UndefinedVariable - resp.write(project.ldt) + project = Project.safe_objects.get(ldt_id=id) #@UndefinedVariable + + doc = lxml.etree.fromstring(project.ldt) + checker = ObjectPermissionChecker(request.user) + + for elem in doc.xpath('/iri/medias/media'): + content = Content.objects.get(iri_id=elem.get('id')) + if not checker.has_perm('view_content', content): + elem.set('video', settings.FORBIDDEN_STREAM_URL) + resp.write(lxml.etree.tostring(doc, pretty_print=True, xml_declaration=True, encoding="utf-8")) + return resp -def project_json_id(request, id): +def project_json_id(request, id): # checked - project = get_object_or_404(Project, ldt_id=id) + project = get_object_or_404(Project.safe_objects, ldt_id=id) return project_json(request, project, False) -def project_json_externalid(request, id): +def project_json_externalid(request, id): #checked - res_proj = get_list_or_404(Project.objects.order_by('-modification_date'), contents__external_id=id) #@UndefinedVariable + res_proj = get_list_or_404(Project.safe_objects.order_by('-modification_date'), contents__external_id=id) #@UndefinedVariable return project_json(request, res_proj[0], False) -def project_json(request, project, serialize_contents=True): +def project_json(request, project, serialize_contents=True): if not ldt_auth.check_access(request.user, project): return HttpResponseForbidden(_("You can not access this project")) @@ -632,9 +650,9 @@ return resp -def project_annotations_rdf(request, ldt_id): +def project_annotations_rdf(request, ldt_id): #checked - project = Project.objects.get(ldt_id=ldt_id); #@UndefinedVariable + project = Project.safe_objects.get(ldt_id=ldt_id); #@UndefinedVariable if not ldt_auth.check_access(request.user, project): return HttpResponseForbidden(_("You can not access this project")) @@ -689,12 +707,11 @@ if request.method == "POST": ldt = request.POST['ldt'] id = request.POST['id'] - ldtproject = Project.objects.get(ldt_id=id) #@UndefinedVariable + ldtproject = Project.safe_objects.get(ldt_id=id) #@UndefinedVariable #save xml ldt ldtproject.ldt = ldt - doc = lxml.etree.fromstring(ldtproject.ldt.encode("utf-8")) result = doc.xpath("/iri/project") @@ -721,9 +738,10 @@ return render_to_response('ldt/ldt_utils/save_done.html', {'ldt': ldt, 'id':id, 'title':ldtproject.title, 'contents': new_contents}, context_instance=RequestContext(request)) @login_required -def publish(request, id, redirect=True): - ldt = get_object_or_404(Project, ldt_id=id) - ldt.publish() +def publish(request, id, redirect=True): #checked + ldt = get_object_or_404(Project.safe_objects, ldt_id=id) + ldt.state = 2 + ldt.save() redirect = boolean_convert(redirect) if redirect: return HttpResponseRedirect(reverse("ldt.ldt_utils.views.list_ldt")) @@ -731,9 +749,10 @@ return HttpResponse(simplejson.dumps({'res':True, 'ldt': {'id': ldt.id, 'state':ldt.state, 'ldt_id': ldt.ldt_id}}, ensure_ascii=False), mimetype='application/json') @login_required -def unpublish(request, id, redirect=True): - ldt = get_object_or_404(Project, ldt_id=id) - ldt.unpublish() +def unpublish(request, id, redirect=True): #checked + ldt = get_object_or_404(Project.safe_objects, ldt_id=id) + ldt.state = 1 + ldt.save() redirect = boolean_convert(redirect) if redirect: return HttpResponseRedirect(reverse("ldt.ldt_utils.views.list_ldt")) @@ -741,7 +760,7 @@ return HttpResponse(simplejson.dumps({'res':True, 'ldt': {'id': ldt.id, 'state':ldt.state, 'ldt_id': ldt.ldt_id}}, ensure_ascii=False), mimetype='application/json') -def index(request, url): +def index(request, url): #checked urlStr = settings.WEB_URL + reverse("ldt_init", args=['ldt', url]) language_code = request.LANGUAGE_CODE[:2] @@ -749,12 +768,12 @@ return render_to_response('ldt/ldt_utils/init_ldt.html', {'LDT_MEDIA_PREFIX': settings.LDT_MEDIA_PREFIX, 'colorurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/pkg/color.xml', 'i18nurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/pkg/i18n', 'language': language_code, 'baseurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/', 'url': urlStr, 'weburl':settings.WEB_URL + settings.BASE_URL}, context_instance=RequestContext(request)) -def ldt(request, url, startSegment=None): +def ldt(request, url, startSegment=None): #checked resp = HttpResponse(mimetype="text/xml; charset=utf-8") resp['Cache-Control'] = 'no-cache' - contentList = Content.objects.filter(iri_id=url) #@UndefinedVariable + contentList = Content.safe_objects.filter(iri_id=url) #@UndefinedVariable ldtgen = LdtUtils() doc = ldtgen.generate_ldt(contentList, title=contentList[0].title, startSegment=startSegment) @@ -763,14 +782,14 @@ return resp -def loading(request): +def loading(request): #checked return render_to_response('ldt/ldt_utils/loading.html', context_instance=RequestContext(request)) @login_required -def create_project(request, iri_id): +def create_project(request, iri_id): #checked - content = get_object_or_404(Content, iri_id=iri_id) + content = get_object_or_404(Content.safe_objects, iri_id=iri_id) contents = [ content, ] groups = request.user.groups.all() if request.method == "POST" : @@ -791,9 +810,9 @@ return render_to_response('ldt/ldt_utils/create_ldt.html', {'form':form, 'contents':contents, 'groups' : groups, 'create_project_action':reverse("ldt.ldt_utils.views.create_project", args=[iri_id]), 'target_parent':target_parent}, context_instance=RequestContext(request)) @login_required -def update_project(request, ldt_id): +def update_project(request, ldt_id): #checked permission_formset = formset_factory(PermissionForm, extra=0) - project = get_object_or_404(Project, ldt_id=ldt_id) + project = get_object_or_404(Project.safe_objects, ldt_id=ldt_id) contents = project.contents.all() groups = request.user.groups.all() @@ -861,9 +880,9 @@ 'create_project_action':reverse("ldt.ldt_utils.views.update_project", args=[ldt_id])}, context_instance=RequestContext(request)) @login_required -def copy_project(request, ldt_id): +def copy_project(request, ldt_id): # checked - project = get_object_or_404(Project, ldt_id=ldt_id) + project = get_object_or_404(Project.safe_objects, ldt_id=ldt_id) if request.method == "POST" : form = CopyProjectForm(request.POST) if form.is_valid(): @@ -881,10 +900,10 @@ return render_to_response('ldt/ldt_utils/copy_ldt.html', {'form':form, 'project':project, 'target_parent':target_parent}, context_instance=RequestContext(request)) -def write_content_base(request, iri_id=None): +def write_content_base(request, iri_id=None): #checked if iri_id: - instance_content = Content.objects.get(iri_id=iri_id) #@UndefinedVariable + instance_content = Content.safe_objects.get(iri_id=iri_id) #@UndefinedVariable instance_media = instance_content.media_obj logging.debug("write_content_base : valid form: for instance : media -> " + repr(instance_media) + " content : for instance : " + repr(instance_content)) #@UndefinedVariable else: @@ -1044,7 +1063,6 @@ media.save() - if form_status != "error": #try: content_defaults = {} @@ -1052,7 +1070,10 @@ content_defaults['media_obj'] = media del content_defaults["media_input_type"] content, created = Content.objects.get_or_create(iri_id=content_form.cleaned_data['iri_id'], defaults=content_defaults) #@UndefinedVariable - if not created: + if created: + assign('change_content', request.user, content) + assign('view_content', request.user, content) + else: for attribute in ('iriurl', 'title', 'description', 'duration', 'content_creation_date', 'tags', 'media_obj'): setattr(content, attribute, content_defaults[attribute]) content.save() @@ -1074,7 +1095,7 @@ return content_form, media_form, form_status @login_required -def write_content(request, iri_id=None): +def write_content(request, iri_id=None): #checked submit_action = request.REQUEST.get("submit_button", False) @@ -1106,14 +1127,14 @@ return render_to_response('ldt/ldt_utils/create_content.html', {'content_form': content_form, 'media_form': media_form, 'form_status': form_status, 'create_content_action': create_content_action, 'iri_id': iri_id, 'session_key':session_key, 'cookie_name':cookie_name}, context_instance=RequestContext(request)) @login_required -def prepare_delete_content(request, iri_id=None): +def prepare_delete_content(request, iri_id=None): #checked errors = [] titles = [] if not iri_id: iri_id = request.REQUEST.get("iri_id", None) if iri_id: - for content in Content.objects.filter(iri_id=iri_id): #@UndefinedVariable + for content in Content.safe_objects.filter(iri_id=iri_id): #@UndefinedVariable titles.append(unicode(content.title)) projects = content.project_set.all() projects_nb = len(projects) @@ -1126,15 +1147,15 @@ @login_required -def delete_content(request, iri_id=None): +def delete_content(request, iri_id=None): #checked if not iri_id: iri_id = request.REQUEST.get("iri_id", None) if iri_id: - Content.objects.filter(iri_id=iri_id).delete() #@UndefinedVariable + Content.objects_safe.filter(iri_id=iri_id).delete() #@UndefinedVariable -def upload(request): +def upload(request): #checked if request.method == 'POST': for field_name in request.FILES: # We get the file name @@ -1161,14 +1182,14 @@ else: return HttpResponse("notok", mimetype="text/plain") -def remove_temp_file(request): +def remove_temp_file(request): #checked # The filename arrives with a GET var. file_path = os.path.join(settings.STREAM_PATH, "tmp/" + request.COOKIES[settings.SESSION_COOKIE_NAME] + "/", ldt_utils_path.sanitize_filename(request.GET["filename"])) if os.path.exists(file_path): os.remove(file_path) return HttpResponse("remove ok", mimetype="text/plain") -def get_duration(request): +def get_duration(request): #checked try: # The filename arrives with a GET var. file_path = os.path.join(settings.STREAM_PATH, "tmp/" + request.COOKIES[settings.SESSION_COOKIE_NAME] + "/", ldt_utils_path.sanitize_filename(request.GET["filename"])) @@ -1186,11 +1207,11 @@ @login_required -def get_group_projects(request): +def get_group_projects(request): #checked # Get group, user and project_list grp = Group.objects.get(id=request.POST["id_group"]) #@UndefinedVariable - project_list = get_objects_for_group(grp, 'ldt_utils.view_project') + project_list = get_objects_for_group(grp, 'ldt_utils.view_project') | Project.objects.filter(state=2).filter(owner__in=[grp]) is_gecko = ((request.META['HTTP_USER_AGENT'].lower().find("firefox")) > -1); @@ -1201,7 +1222,7 @@ context_instance=RequestContext(request)) @login_required -def create_group(request): +def create_group(request): #checked user_list = User.objects.exclude(id=settings.ANONYMOUS_USER_ID).exclude(id=request.user.id) form_status = '' @@ -1231,7 +1252,7 @@ return render_to_response("ldt/ldt_utils/create_group.html", {'form' : form, 'form_status' : form_status, 'user_list' : user_list, 'admin_list': user_list}, context_instance=RequestContext(request)) @login_required -def update_group(request, group_id): +def update_group(request, group_id): #checked group = get_object_or_404(Group, id=group_id) user_list = User.objects.exclude(id=settings.ANONYMOUS_USER_ID).exclude(id=request.user.id) @@ -1285,7 +1306,7 @@ return render_to_response("ldt/ldt_utils/create_group.html", {'group_id' : group_id, 'form' : form, 'form_status' : form_status, 'user_list' : user_list}, context_instance=RequestContext(request)) @login_required -def leave_group(request, group_id, redirect=True): +def leave_group(request, group_id, redirect=True): #checked group = get_object_or_404(Group, id=group_id) redirect = boolean_convert(redirect) diff -r bee98775a8e8 -r 3cff86180fbe web/ldtplatform/config.py.tmpl --- a/web/ldtplatform/config.py.tmpl Wed Nov 16 15:28:24 2011 +0100 +++ b/web/ldtplatform/config.py.tmpl Thu Nov 17 11:09:49 2011 +0100 @@ -82,3 +82,6 @@ EMPTY_MEDIA_EXTERNALID = None AUTO_INDEX_AFTER_SAVE = True + +USE_GROUP_PERMISSIONS = ['Project', 'Content'] +FORBIDDEN_STREAM_URL = "rtmp://"