mybuddy/babybuddy/views.py

207 lines
7.0 KiB
Python
Raw Normal View History

2017-11-09 12:24:32 +00:00
# -*- coding: utf-8 -*-
from django.contrib import messages
2017-12-02 21:20:15 +00:00
from django.contrib.auth import update_session_auth_hash
from django.contrib.auth.forms import PasswordChangeForm
from django.contrib.auth.models import User
2021-12-18 22:38:08 +00:00
from django.contrib.auth.views import LogoutView as LogoutViewBase
from django.contrib.messages.views import SuccessMessageMixin
from django.http import HttpResponseForbidden
from django.middleware.csrf import REASON_BAD_ORIGIN
2017-11-11 22:27:42 +00:00
from django.shortcuts import redirect, render
2022-02-22 16:31:14 +00:00
from django.template import loader
from django.urls import reverse, reverse_lazy
from django.utils import translation
2021-12-18 22:38:08 +00:00
from django.utils.decorators import method_decorator
from django.utils.text import format_lazy
2020-02-14 17:22:25 +00:00
from django.utils.translation import gettext as _, gettext_lazy
from django.views import csrf
2021-12-18 22:38:08 +00:00
from django.views.decorators.cache import never_cache
from django.views.decorators.csrf import csrf_protect
from django.views.decorators.http import require_POST
2017-11-11 22:27:42 +00:00
from django.views.generic import View
2017-11-09 12:24:32 +00:00
from django.views.generic.base import TemplateView, RedirectView
from django.views.generic.edit import CreateView, UpdateView, DeleteView
from django.views.i18n import set_language
from django_filters.views import FilterView
2017-11-09 12:24:32 +00:00
from babybuddy import forms
2022-02-10 00:00:30 +00:00
from babybuddy.mixins import LoginRequiredMixin, PermissionRequiredMixin, StaffOnlyMixin
2017-11-09 12:24:32 +00:00
def csrf_failure(request, reason=""):
"""
Overrides the 403 CSRF failure template for bad origins in order to provide more
userful information about how to resolve the issue.
"""
2022-02-22 16:31:14 +00:00
print(reason == REASON_BAD_ORIGIN % request.META["HTTP_ORIGIN"])
if (
"HTTP_ORIGIN" in request.META
and reason == REASON_BAD_ORIGIN % request.META["HTTP_ORIGIN"]
):
2022-02-22 16:37:34 +00:00
context = {
"title": _("Forbidden"),
"main": _("CSRF verification failed. Request aborted."),
"reason": reason,
"origin": request.META["HTTP_ORIGIN"],
}
2022-02-22 16:31:14 +00:00
template = loader.get_template("error/403_csrf_bad_origin.html")
2022-02-22 16:37:34 +00:00
return HttpResponseForbidden(template.render(context), content_type="text/html")
return csrf.csrf_failure(request, reason, "403_csrf.html")
2017-11-09 12:24:32 +00:00
class RootRouter(LoginRequiredMixin, RedirectView):
2017-11-11 22:27:42 +00:00
"""
Redirects to the site dashboard.
2017-11-11 22:27:42 +00:00
"""
2022-02-10 00:00:30 +00:00
2017-11-09 12:24:32 +00:00
def get_redirect_url(self, *args, **kwargs):
2022-02-10 00:00:30 +00:00
self.url = reverse("dashboard:dashboard")
2017-11-09 12:24:32 +00:00
return super(RootRouter, self).get_redirect_url(self, *args, **kwargs)
class BabyBuddyFilterView(FilterView):
"""
Disables "strictness" for django-filter. It is unclear from the
documentation exactly what this does...
"""
2022-02-10 00:00:30 +00:00
# TODO Figure out the correct way to use this.
strict = False
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
2022-02-10 00:00:30 +00:00
children = {o.child for o in context["object_list"] if hasattr(o, "child")}
if len(children) == 1:
2022-02-10 00:00:30 +00:00
context["unique_child"] = True
return context
2022-02-10 00:00:30 +00:00
@method_decorator(csrf_protect, name="dispatch")
@method_decorator(never_cache, name="dispatch")
@method_decorator(require_POST, name="dispatch")
2021-12-18 22:38:08 +00:00
class LogoutView(LogoutViewBase):
pass
class UserList(StaffOnlyMixin, BabyBuddyFilterView):
model = User
2022-02-10 00:00:30 +00:00
template_name = "babybuddy/user_list.html"
ordering = "username"
paginate_by = 10
2022-02-10 00:00:30 +00:00
filterset_fields = ("username", "first_name", "last_name", "email")
2022-02-10 00:00:30 +00:00
class UserAdd(StaffOnlyMixin, PermissionRequiredMixin, SuccessMessageMixin, CreateView):
model = User
2022-02-10 00:00:30 +00:00
template_name = "babybuddy/user_form.html"
permission_required = ("admin.add_user",)
form_class = forms.UserAddForm
2022-02-10 00:00:30 +00:00
success_url = reverse_lazy("babybuddy:user-list")
success_message = gettext_lazy("User %(username)s added!")
2022-02-10 00:00:30 +00:00
class UserUpdate(
StaffOnlyMixin, PermissionRequiredMixin, SuccessMessageMixin, UpdateView
):
model = User
2022-02-10 00:00:30 +00:00
template_name = "babybuddy/user_form.html"
permission_required = ("admin.change_user",)
form_class = forms.UserUpdateForm
2022-02-10 00:00:30 +00:00
success_url = reverse_lazy("babybuddy:user-list")
success_message = gettext_lazy("User %(username)s updated.")
2022-02-10 00:00:30 +00:00
class UserDelete(
StaffOnlyMixin, PermissionRequiredMixin, DeleteView, SuccessMessageMixin
):
model = User
2022-02-10 00:00:30 +00:00
template_name = "babybuddy/user_confirm_delete.html"
permission_required = ("admin.delete_user",)
success_url = reverse_lazy("babybuddy:user-list")
2022-01-16 03:32:18 +00:00
def get_success_message(self, cleaned_data):
2022-02-10 00:00:30 +00:00
return format_lazy(gettext_lazy("User {user} deleted."), user=self.get_object())
2017-12-02 21:20:15 +00:00
class UserPassword(LoginRequiredMixin, View):
"""
Handles user password changes.
"""
2022-02-10 00:00:30 +00:00
form_class = forms.UserPasswordForm
2022-02-10 00:00:30 +00:00
template_name = "babybuddy/user_password_form.html"
2017-12-02 21:20:15 +00:00
def get(self, request):
2022-02-10 00:00:30 +00:00
return render(
request, self.template_name, {"form": self.form_class(request.user)}
)
2017-12-02 21:20:15 +00:00
def post(self, request):
form = PasswordChangeForm(request.user, request.POST)
if form.is_valid():
user = form.save()
update_session_auth_hash(request, user)
2022-02-10 00:00:30 +00:00
messages.success(request, _("Password updated."))
return render(request, self.template_name, {"form": form})
2017-12-02 21:20:15 +00:00
2017-11-11 22:27:42 +00:00
class UserSettings(LoginRequiredMixin, View):
"""
Handles both the User and Settings models.
Based on this SO answer: https://stackoverflow.com/a/45056835.
"""
2022-02-10 00:00:30 +00:00
form_user_class = forms.UserForm
form_settings_class = forms.UserSettingsForm
2022-02-10 00:00:30 +00:00
template_name = "babybuddy/user_settings_form.html"
2017-11-11 22:27:42 +00:00
def get(self, request):
2022-02-10 00:00:30 +00:00
return render(
request,
self.template_name,
{
"form_user": self.form_user_class(instance=request.user),
"form_settings": self.form_settings_class(
instance=request.user.settings
),
},
)
2017-11-11 22:27:42 +00:00
def post(self, request):
2022-02-10 00:00:30 +00:00
if request.POST.get("api_key_regenerate"):
request.user.settings.api_key(reset=True)
2022-02-10 00:00:30 +00:00
messages.success(request, _("User API key regenerated."))
return redirect("babybuddy:user-settings")
2022-02-10 00:00:30 +00:00
form_user = self.form_user_class(instance=request.user, data=request.POST)
2017-11-11 22:27:42 +00:00
form_settings = self.form_settings_class(
2022-02-10 00:00:30 +00:00
instance=request.user.settings, data=request.POST
)
2017-11-11 22:27:42 +00:00
if form_user.is_valid() and form_settings.is_valid():
user = form_user.save(commit=False)
user_settings = form_settings.save(commit=False)
user.settings = user_settings
user.save()
translation.activate(user.settings.language)
2022-02-10 00:00:30 +00:00
messages.success(request, _("Settings saved!"))
translation.deactivate()
return set_language(request)
2022-02-10 00:00:30 +00:00
return render(
request,
self.template_name,
{"user_form": form_user, "settings_form": form_settings},
)
2017-11-11 22:27:42 +00:00
2017-11-09 12:24:32 +00:00
class Welcome(LoginRequiredMixin, TemplateView):
2017-11-11 22:27:42 +00:00
"""
Basic introduction to Baby Buddy (meant to be shown when no data is in the
database).
"""
2022-02-10 00:00:30 +00:00
template_name = "babybuddy/welcome.html"