# HG changeset patch
# User ymh <ymh.work@gmail.com>
# Date 1352723311 -3600
# Node ID fd2d4a7a5de69aa8a0dfe67982020c89b9daba00
# Parent  a820e2d64fe7e4555110856e5725ba656b035035
- secure access to content and project
- correct iriurl() in models.content

diff -r a820e2d64fe7 -r fd2d4a7a5de6 src/ldt/ldt/api/ldt/resources/content.py
--- a/src/ldt/ldt/api/ldt/resources/content.py	Fri Nov 09 18:31:13 2012 +0100
+++ b/src/ldt/ldt/api/ldt/resources/content.py	Mon Nov 12 13:28:31 2012 +0100
@@ -9,7 +9,7 @@
     class Meta:
         allowed_methods = ['get']
         resource_name = 'contents'
-        queryset = Content.objects.all()
+        queryset = Content.safe_objects.all()
         excludes = ['media_obj']
 
     def override_urls(self):
@@ -39,7 +39,7 @@
         result_list = get_results_list(field, keywords_search)
         score_dict = dict([(k,sum([e.score for e in i])) for k,i in groupby(result_list, lambda e: e.iri_id)])
         
-        res = [self.full_dehydrate(self.build_bundle(obj=c, request=request)) for c in Content.objects.filter(iri_id__in = score_dict.keys())]
+        res = [self.full_dehydrate(self.build_bundle(obj=c, request=request)) for c in Content.safe_objects.filter(iri_id__in = score_dict.keys())]
 
         def add_score(b,s):
             b.data['score'] = s
diff -r a820e2d64fe7 -r fd2d4a7a5de6 src/ldt/ldt/api/ldt/resources/project.py
--- a/src/ldt/ldt/api/ldt/resources/project.py	Fri Nov 09 18:31:13 2012 +0100
+++ b/src/ldt/ldt/api/ldt/resources/project.py	Mon Nov 12 13:28:31 2012 +0100
@@ -17,7 +17,7 @@
         authorization = Authorization() # BE CAREFUL WITH THAT, it's unsecure
         authentication = SessionAuthentication()
         resource_name = 'projects'
-        queryset = Project.objects.all()
+        queryset = Project.safe_objects.all()
         serializer = CinelabSerializer()
         # In the future version :
         # detail_uri_name = 'ldt_id'
diff -r a820e2d64fe7 -r fd2d4a7a5de6 src/ldt/ldt/ldt_utils/models.py
--- a/src/ldt/ldt/ldt_utils/models.py	Fri Nov 09 18:31:13 2012 +0100
+++ b/src/ldt/ldt/ldt_utils/models.py	Mon Nov 12 13:28:31 2012 +0100
@@ -306,7 +306,7 @@
         else:
             res_url = unicode(settings.MEDIA_URL) + u"ldt/" + unicode(self.iriurl)
             if not url_utils.is_absolute(res_url):
-                res_url += unicode(web_url)
+                res_url = unicode(web_url) + res_url
             return res_url 
     
     def iri_file_path(self):
diff -r a820e2d64fe7 -r fd2d4a7a5de6 src/ldt/ldt/ldt_utils/templates/front/front_base.html
--- a/src/ldt/ldt/ldt_utils/templates/front/front_base.html	Fri Nov 09 18:31:13 2012 +0100
+++ b/src/ldt/ldt/ldt_utils/templates/front/front_base.html	Mon Nov 12 13:28:31 2012 +0100
@@ -78,7 +78,7 @@
 <!-- FOOTER COMMUN -->
     <ul id="footer">
         <li>{% blocktrans %}{{WEB_VERSION}} | {{ VERSION }}{% endblocktrans %}</li>
-        <li>©2011 IRI</li>
+        <li>©2012 IRI</li>
         <li>
             <a target="_blank" href="http://www.iri.centrepompidou.fr" title="{% trans 'link IRI'%}">{% trans "about" %}</a>
         </li>