--- a/src/ldt/ldt/ldt_utils/views.py Thu Nov 17 11:48:23 2011 +0100
+++ b/src/ldt/ldt/ldt_utils/views.py Mon Nov 21 15:33:17 2011 +0100
@@ -21,10 +21,9 @@
ContentForm, MediaForm, GroupAddForm, PermissionForm)
from guardian.core import ObjectPermissionChecker
from guardian.shortcuts import assign, remove_perm, get_perms, get_objects_for_group
-from guardian.core import ObjectPermissionChecker
from ldt.ldt_utils.models import Content
from ldt.ldt_utils.utils import boolean_convert, LdtUtils, LdtSearch
-from ldt.security.utils import assign_project_to_groups
+from ldt.security.utils import assign_project_to_groups, set_forbidden_stream
from lxml.html import fragment_fromstring
from models import Media, Project
from projectserializer import ProjectSerializer
@@ -46,7 +45,7 @@
@login_required
-def workspace(request): #Checked
+def workspace(request):
# list of contents
content_list = Content.safe_objects.all() #@UndefinedVariable
@@ -63,7 +62,7 @@
context_instance=RequestContext(request))
@login_required
-def groups(request): #Checked
+def groups(request):
# get list of all published projects
group_list = request.user.groups #@UndefinedVariable
@@ -84,7 +83,7 @@
@login_required
-def published_project(request): #checked
+def published_project(request):
# get list of all published projects
project_list = Project.objects.filter(state=2) #@UndefinedVariable
@@ -100,13 +99,12 @@
context_instance=RequestContext(request))
-def popup_embed(request): #checked
+def popup_embed(request):
json_url = request.GET.get("json_url")
player_id = request.GET.get("player_id")
ldt_id = request.GET.get("ldt_id")
-
project = Project.safe_objects.get(ldt_id=ldt_id); #@UndefinedVariable
stream_mode = project.stream_mode
@@ -139,7 +137,7 @@
@login_required
-def projects_filter(request, filter, is_owner=False, status=0, id_group=None): #checked
+def projects_filter(request, filter, is_owner=False, status=0, id_group=None):
is_owner = boolean_convert(is_owner)
status = int(status)
@@ -185,7 +183,7 @@
context_instance=RequestContext(request))
@login_required
-def contents_filter(request, filter): #checked
+def contents_filter(request, filter):
if filter and len(filter) > 0 and filter[0] == '_':
filter = filter[1:]
@@ -199,7 +197,7 @@
context_instance=RequestContext(request))
-def search_form(request): # checked
+def search_form(request):
form = SearchForm()
return render_to_response('ldt/ldt_utils/search_form.html', {'form': form} , context_instance=RequestContext(request))
@@ -220,17 +218,26 @@
else:
results = get_results_with_context(field, search)
complete_results = []
+ checker = ObjectPermissionChecker(request.user)
results.sort(key=lambda k: k['iri_id'])
- for iri_id, item in groupby(results, itemgetter('iri_id')):
- try:
- content = Content.safe_objects.get(iri_id=iri_id)
+ for iri_id, item in groupby(results, itemgetter('iri_id')):
+ try:
+ content = Content.objects.get(iri_id=iri_id)
except Content.DoesNotExist:
continue
segments = list(item)
+ i = 0
for s in segments:
if not s['project_id']:
s['project_id'] = '_'
+ else:
+ project = Project.objects.get(ldt_id=s['project_id'])
+ if not checker.has_perm('view_project', project):
+ segments.pop(i)
+ i += 1
+ if not segments:
+ continue
score = sum([seg['score'] for seg in segments])
if content.description == None:
@@ -238,8 +245,8 @@
else:
desc = content.description
complete_results.append({'list' : segments, 'score' : score, 'content_title' : content.title, 'content_id' : content.iri_id, 'content_description' : desc })
- complete_results.sort(key=lambda k: k['score'])
-
+ complete_results.sort(key=lambda k: k['score'])
+
request.session['complete_results'] = complete_results
request.session['search'] = search
request.session['field'] = field
@@ -285,7 +292,7 @@
return render_to_response('ldt/ldt_utils/search_results.html', {'results': results, 'nb_results' : paginator.count, 'search' : search, 'LDT_MEDIA_PREFIX': settings.LDT_MEDIA_PREFIX, 'colorurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/pkg/color.xml', 'i18nurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/pkg/i18n', 'language': language_code, 'baseurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/'}, context_instance=RequestContext(request))
-def search_index_get(request, field, query): # checked
+def search_index_get(request, field, query):
language_code = request.LANGUAGE_CODE[:2]
@@ -302,7 +309,7 @@
resp.write(lxml.etree.tostring(doc, pretty_print=True, encoding="utf-8"))
return resp
-def search_ldt(request, field, query, edition=None): #checked
+def search_ldt(request, field, query, edition=None):
contentList = []
resp = HttpResponse(mimetype="text/xml")
@@ -325,15 +332,16 @@
# ids_editions = map(lambda t:t[0], filter(lambda id: id[0] is not None, Speak.objects.filter(session__day__edition=edition).order_by("session__start_ts", "order").values_list("content__iri_id")))
# id_list = filter(lambda id: id in id_list, ids_editions)
- contentList = Content.safe_objects.filter(iri_id__in=id_list) #@UndefinedVariable
+ contentList = Content.objects.filter(iri_id__in=id_list) #@UndefinedVariable
projectList = Project.safe_objects.filter(ldt_id__in=projId_list);
-
+
ldtgen = LdtUtils()
# generate_ldt(contentList, title=u"", author=u"IRI Web", web_url=u"", startSegment=None, projects=None):
doc = ldtgen.generate_ldt(contentList, title=u"Recherche : " + queryStr, projects=projectList)
+ doc = set_forbidden_stream(doc, request.user)
+
doc.write(resp, pretty_print=True)
-
return resp
@@ -344,7 +352,7 @@
searcher = LdtSearch()
queryStr = base64.urlsafe_b64decode(query.encode("ascii")).decode("utf8")
- res = searcher.query(field, queryStr)
+ res = searcher.query(field, queryStr)
else:
res = []
@@ -372,7 +380,7 @@
@login_required
-def list_ldt(request): #checked
+def list_ldt(request):
contents = Content.safe_objects.all() #@UndefinedVariable
try:
owner = request.user #@UndefinedVariable
@@ -386,7 +394,7 @@
return render_to_response('ldt/ldt_utils/ldt_list.html', context, context_instance=RequestContext(request))
@login_required
-def list_content(request): #checked
+def list_content(request):
contents = Content.safe_objects.all() #@UndefinedVariable
context = {
'contents': contents,
@@ -394,7 +402,7 @@
return render_to_response('ldt/ldt_utils/content_list.html', context, context_instance=RequestContext(request))
@login_required
-def create_ldt_view(request): #checked
+def create_ldt_view(request):
permission_formset = formset_factory(PermissionForm, extra=0)
if request.method == "POST" :
@@ -432,11 +440,11 @@
return render_to_response('ldt/ldt_utils/create_ldt.html', {'contents': contents, 'form': form, 'group_form': group_form, 'management_form': management_form, 'form_status':form_status, 'create_project_action':reverse(create_ldt_view), 'language_code' : settings.LANGUAGE_CODE[2:]}, context_instance=RequestContext(request))
-def created_ldt(request): #checked
+def created_ldt(request):
return render_to_response('ldt/ldt_utils/save_done.html', context_instance=RequestContext(request))
-def index_segment(request, project_id, content_id, cutting_id, ensemble_id, segment_id): #checked
+def index_segment(request, project_id, content_id, cutting_id, ensemble_id, segment_id):
url_str = settings.WEB_URL + reverse("ldt.ldt_utils.views.init_segment", args=[project_id, content_id, ensemble_id, cutting_id, segment_id])
post_url = ""
language_code = request.LANGUAGE_CODE[:2]
@@ -444,23 +452,20 @@
template_path = 'ldt/ldt_utils/init_ldt.html'
return render_to_response(template_path, {'LDT_MEDIA_PREFIX': settings.LDT_MEDIA_PREFIX, 'colorurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/pkg/color.xml', 'i18nurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/pkg/i18n', 'language': language_code, 'baseurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/', 'url': url_str, 'posturl': post_url, 'id': id, 'readonly': readonly}, context_instance=RequestContext(request))
+
+def init_segment(request, project_id, content_id, ensemble_id, cutting_id, segment_id):
-def init_segment(request, project_id, content_id, ensemble_id, cutting_id, segment_id): #checked
-
if project_id != u"_":
get_object_or_404(Project.safe_objects, ldt_id=project_id)
- get_object_or_404(Content.safe_objects, iri_id=content_id)
ldtgen = LdtUtils()
doc = ldtgen.generate_init([project_id, content_id, ensemble_id, cutting_id, segment_id], 'ldt.ldt_utils.views.ldt_segment', 'ldt.ldt_utils.views.highlight_segment')
return HttpResponse(lxml.etree.tostring(lxml.etree.ElementTree(doc), pretty_print=True), mimetype="text/xml;charset=utf-8")
-def highlight_segment(request, project_id, content_id, ensemble_id, cutting_id, segment_id): #checked
-
+def highlight_segment(request, project_id, content_id, ensemble_id, cutting_id, segment_id):
if project_id != u"_":
get_object_or_404(Project.safe_objects, ldt_id=project_id)
- get_object_or_404(Content.safe_objects, iri_id=content_id)
iri = lxml.etree.Element('iri')
doc = lxml.etree.ElementTree(iri)
@@ -476,7 +481,7 @@
return HttpResponse(lxml.etree.tostring(doc, pretty_print=True), mimetype="text/xml;charset=utf-8")
-def ldt_segment(request, project_id, content_id, ensemble_id, cutting_id, segment_id): #checked
+def ldt_segment(request, project_id, content_id, ensemble_id, cutting_id, segment_id):
resp = HttpResponse(mimetype="text/xml")
resp['Cache-Control'] = 'no-cache, must-revalidate'
@@ -485,6 +490,8 @@
if project_id and project_id != "_" :
project = Project.safe_objects.get(ldt_id=project_id) #@UndefinedVariable
ldtdoc = lxml.etree.fromstring(project.ldt.encode("utf-8"))
+
+ ldtdoc = set_forbidden_stream(ldtdoc, request.user)
displays_node = ldtdoc.find("displays")
if not displays_node:
displays_node = lxml.etree.SubElement(ldtdoc, u"displays")
@@ -515,7 +522,7 @@
else:
# generate ldt from
ldtgen = LdtUtils()
- content_list = Content.safe_objects.filter(iri_id=content_id)
+ content_list = Content.objects.filter(iri_id=content_id)
if request.user and request.user.username:
username = request.user.username
else:
@@ -526,17 +533,18 @@
'idgroup' : ensemble_id,
'idcutting' : cutting_id,
'idsegment' : segment_id
- }
+ }
doc = ldtgen.generate_ldt(content_list, "segment : ", author=username, startSegment=start_segment)
-
+ doc = set_forbidden_stream(doc, request.user)
+
doc.write(resp, pretty_print=('DEBUG' in dir(settings) and settings.DEBUG))
return resp
# ldtgen.
-def index_project(request, id, full=False): # checked
+def index_project(request, id, full=False):
urlStr = settings.WEB_URL + reverse("space_ldt_init", args=['ldt_project', id])
posturl = settings.WEB_URL + reverse("ldt.ldt_utils.views.save_ldt_project")
@@ -565,14 +573,10 @@
resp['Cache-Control'] = 'no-cache, must-revalidate'
resp['Pragma'] = 'no-cache'
- f = open('D:/verrierj/platform_group/test', 'w')
- f.write(method)
- f.close()
-
resp.write(lxml.etree.tostring(doc, pretty_print=True, xml_declaration=True, encoding="utf-8"))
return resp
-def ldt_project(request, id): #checked
+def ldt_project(request, id):
resp = HttpResponse(mimetype="text/xml")
resp['Cache-Control'] = 'no-cache, must-revalidate'
resp['Pragma'] = 'no-cache'
@@ -580,25 +584,20 @@
project = Project.safe_objects.get(ldt_id=id) #@UndefinedVariable
doc = lxml.etree.fromstring(project.ldt)
- checker = ObjectPermissionChecker(request.user)
-
- for elem in doc.xpath('/iri/medias/media'):
- content = Content.objects.get(iri_id=elem.get('id'))
- if not checker.has_perm('view_content', content):
- elem.set('video', settings.FORBIDDEN_STREAM_URL)
+ doc = set_forbidden_stream(doc, request.user)
resp.write(lxml.etree.tostring(doc, pretty_print=True, xml_declaration=True, encoding="utf-8"))
return resp
-def project_json_id(request, id): # checked
+def project_json_id(request, id):
project = get_object_or_404(Project.safe_objects, ldt_id=id)
return project_json(request, project, False)
-def project_json_externalid(request, id): #checked
+def project_json_externalid(request, id):
res_proj = get_list_or_404(Project.safe_objects.order_by('-modification_date'), contents__external_id=id) #@UndefinedVariable
@@ -606,7 +605,7 @@
-def project_json(request, project, serialize_contents=True):
+def project_json(request, project, serialize_contents=True): # Not checked
if not ldt_auth.check_access(request.user, project):
return HttpResponseForbidden(_("You can not access this project"))
@@ -650,7 +649,7 @@
return resp
-def project_annotations_rdf(request, ldt_id): #checked
+def project_annotations_rdf(request, ldt_id):
project = Project.safe_objects.get(ldt_id=ldt_id); #@UndefinedVariable
@@ -738,7 +737,7 @@
return render_to_response('ldt/ldt_utils/save_done.html', {'ldt': ldt, 'id':id, 'title':ldtproject.title, 'contents': new_contents}, context_instance=RequestContext(request))
@login_required
-def publish(request, id, redirect=True): #checked
+def publish(request, id, redirect=True):
ldt = get_object_or_404(Project.safe_objects, ldt_id=id)
ldt.state = 2
ldt.save()
@@ -749,7 +748,7 @@
return HttpResponse(simplejson.dumps({'res':True, 'ldt': {'id': ldt.id, 'state':ldt.state, 'ldt_id': ldt.ldt_id}}, ensure_ascii=False), mimetype='application/json')
@login_required
-def unpublish(request, id, redirect=True): #checked
+def unpublish(request, id, redirect=True):
ldt = get_object_or_404(Project.safe_objects, ldt_id=id)
ldt.state = 1
ldt.save()
@@ -760,7 +759,7 @@
return HttpResponse(simplejson.dumps({'res':True, 'ldt': {'id': ldt.id, 'state':ldt.state, 'ldt_id': ldt.ldt_id}}, ensure_ascii=False), mimetype='application/json')
-def index(request, url): #checked
+def index(request, url):
urlStr = settings.WEB_URL + reverse("ldt_init", args=['ldt', url])
language_code = request.LANGUAGE_CODE[:2]
@@ -768,7 +767,7 @@
return render_to_response('ldt/ldt_utils/init_ldt.html', {'LDT_MEDIA_PREFIX': settings.LDT_MEDIA_PREFIX, 'colorurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/pkg/color.xml', 'i18nurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/pkg/i18n', 'language': language_code, 'baseurl': settings.LDT_MEDIA_PREFIX + 'swf/ldt/', 'url': urlStr, 'weburl':settings.WEB_URL + settings.BASE_URL}, context_instance=RequestContext(request))
-def ldt(request, url, startSegment=None): #checked
+def ldt(request, url, startSegment=None):
resp = HttpResponse(mimetype="text/xml; charset=utf-8")
resp['Cache-Control'] = 'no-cache'
@@ -777,17 +776,18 @@
ldtgen = LdtUtils()
doc = ldtgen.generate_ldt(contentList, title=contentList[0].title, startSegment=startSegment)
+ doc = set_forbidden_stream(doc, request.user)
doc.write(resp, pretty_print=True)
return resp
-def loading(request): #checked
+def loading(request):
return render_to_response('ldt/ldt_utils/loading.html', context_instance=RequestContext(request))
@login_required
-def create_project(request, iri_id): #checked
+def create_project(request, iri_id):
content = get_object_or_404(Content.safe_objects, iri_id=iri_id)
contents = [ content, ]
@@ -810,7 +810,7 @@
return render_to_response('ldt/ldt_utils/create_ldt.html', {'form':form, 'contents':contents, 'groups' : groups, 'create_project_action':reverse("ldt.ldt_utils.views.create_project", args=[iri_id]), 'target_parent':target_parent}, context_instance=RequestContext(request))
@login_required
-def update_project(request, ldt_id): #checked
+def update_project(request, ldt_id):
permission_formset = formset_factory(PermissionForm, extra=0)
project = get_object_or_404(Project.safe_objects, ldt_id=ldt_id)
contents = project.contents.all()
@@ -880,7 +880,7 @@
'create_project_action':reverse("ldt.ldt_utils.views.update_project", args=[ldt_id])}, context_instance=RequestContext(request))
@login_required
-def copy_project(request, ldt_id): # checked
+def copy_project(request, ldt_id):
project = get_object_or_404(Project.safe_objects, ldt_id=ldt_id)
if request.method == "POST" :
@@ -900,7 +900,7 @@
return render_to_response('ldt/ldt_utils/copy_ldt.html', {'form':form, 'project':project, 'target_parent':target_parent}, context_instance=RequestContext(request))
-def write_content_base(request, iri_id=None): #checked
+def write_content_base(request, iri_id=None):
if iri_id:
instance_content = Content.safe_objects.get(iri_id=iri_id) #@UndefinedVariable
@@ -1095,7 +1095,7 @@
return content_form, media_form, form_status
@login_required
-def write_content(request, iri_id=None): #checked
+def write_content(request, iri_id=None):
submit_action = request.REQUEST.get("submit_button", False)
@@ -1127,7 +1127,7 @@
return render_to_response('ldt/ldt_utils/create_content.html', {'content_form': content_form, 'media_form': media_form, 'form_status': form_status, 'create_content_action': create_content_action, 'iri_id': iri_id, 'session_key':session_key, 'cookie_name':cookie_name}, context_instance=RequestContext(request))
@login_required
-def prepare_delete_content(request, iri_id=None): #checked
+def prepare_delete_content(request, iri_id=None):
errors = []
titles = []
if not iri_id:
@@ -1147,7 +1147,7 @@
@login_required
-def delete_content(request, iri_id=None): #checked
+def delete_content(request, iri_id=None):
if not iri_id:
iri_id = request.REQUEST.get("iri_id", None)
@@ -1155,7 +1155,7 @@
Content.objects_safe.filter(iri_id=iri_id).delete() #@UndefinedVariable
-def upload(request): #checked
+def upload(request):
if request.method == 'POST':
for field_name in request.FILES:
# We get the file name
@@ -1182,14 +1182,14 @@
else:
return HttpResponse("notok", mimetype="text/plain")
-def remove_temp_file(request): #checked
+def remove_temp_file(request):
# The filename arrives with a GET var.
file_path = os.path.join(settings.STREAM_PATH, "tmp/" + request.COOKIES[settings.SESSION_COOKIE_NAME] + "/", ldt_utils_path.sanitize_filename(request.GET["filename"]))
if os.path.exists(file_path):
os.remove(file_path)
return HttpResponse("remove ok", mimetype="text/plain")
-def get_duration(request): #checked
+def get_duration(request):
try:
# The filename arrives with a GET var.
file_path = os.path.join(settings.STREAM_PATH, "tmp/" + request.COOKIES[settings.SESSION_COOKIE_NAME] + "/", ldt_utils_path.sanitize_filename(request.GET["filename"]))
@@ -1207,7 +1207,7 @@
@login_required
-def get_group_projects(request): #checked
+def get_group_projects(request):
# Get group, user and project_list
grp = Group.objects.get(id=request.POST["id_group"]) #@UndefinedVariable
@@ -1222,7 +1222,7 @@
context_instance=RequestContext(request))
@login_required
-def create_group(request): #checked
+def create_group(request):
user_list = User.objects.exclude(id=settings.ANONYMOUS_USER_ID).exclude(id=request.user.id)
form_status = ''
@@ -1252,7 +1252,7 @@
return render_to_response("ldt/ldt_utils/create_group.html", {'form' : form, 'form_status' : form_status, 'user_list' : user_list, 'admin_list': user_list}, context_instance=RequestContext(request))
@login_required
-def update_group(request, group_id): #checked
+def update_group(request, group_id):
group = get_object_or_404(Group, id=group_id)
user_list = User.objects.exclude(id=settings.ANONYMOUS_USER_ID).exclude(id=request.user.id)
@@ -1306,7 +1306,7 @@
return render_to_response("ldt/ldt_utils/create_group.html", {'group_id' : group_id, 'form' : form, 'form_status' : form_status, 'user_list' : user_list}, context_instance=RequestContext(request))
@login_required
-def leave_group(request, group_id, redirect=True): #checked
+def leave_group(request, group_id, redirect=True):
group = get_object_or_404(Group, id=group_id)
redirect = boolean_convert(redirect)