views.py 4.1 KB
Newer Older
stef's avatar
stef committed
1 2
from forms import AddViolation
from django.http import HttpResponse, HttpResponseRedirect, Http404
3
from django.shortcuts import render_to_response, get_object_or_404
4
from django.template import RequestContext
stef's avatar
stef committed
5 6
from django.core.files import File
from django.conf import settings
stef's avatar
stef committed
7
from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger
8
from django.core.exceptions import ObjectDoesNotExist
stef's avatar
stef committed
9 10 11
from models import Violation, Attachment, Comment
from tempfile import mkstemp
from datetime import datetime
12
import hashlib, os, re, json
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
from urlparse import urljoin
from BeautifulSoup import BeautifulSoup, Comment as BComment

def sanitizeHtml(value, base_url=None):
    rjs = r'[\s]*(&#x.{1,7})?'.join(list('javascript:'))
    rvb = r'[\s]*(&#x.{1,7})?'.join(list('vbscript:'))
    re_scripts = re.compile('(%s)|(%s)' % (rjs, rvb), re.IGNORECASE)
    validTags = 'p i strong b u a h1 h2 h3 pre br img'.split()
    validAttrs = 'href src width height'.split()
    urlAttrs = 'href src'.split() # Attributes which should have a URL
    soup = BeautifulSoup(value)
    for comment in soup.findAll(text=lambda text: isinstance(text, BComment)):
        # Get rid of comments
        comment.extract()
    for tag in soup.findAll(True):
        if tag.name not in validTags:
            tag.hidden = True
        attrs = tag.attrs
        tag.attrs = []
        for attr, val in attrs:
            if attr in validAttrs:
                val = re_scripts.sub('', val) # Remove scripts (vbs & js)
                if attr in urlAttrs:
                    val = urljoin(base_url, val) # Calculate the absolute url
                tag.attrs.append((attr, val))

    return soup.renderContents().decode('utf8')
stef's avatar
stef committed
40 41

def add(request):
stef's avatar
stef committed
42 43 44 45 46 47 48 49
    if request.method == 'POST':
        form = AddViolation(request.POST)
        if form.is_valid():
            v=Violation(
                country = form.cleaned_data['country'],
                operator = form.cleaned_data['operator'],
                contract = form.cleaned_data['contract'],
                resource = form.cleaned_data['resource'],
stef's avatar
stef committed
50
                resource_name = form.cleaned_data['resource_name'],
stef's avatar
stef committed
51 52 53 54
                type = form.cleaned_data['type'],
                media = form.cleaned_data['media'],
                temporary = form.cleaned_data['temporary'],
                contractual = form.cleaned_data['contractual'],
55
                contract_excerpt = sanitizeHtml(form.cleaned_data['contract_excerpt']),
stef's avatar
stef committed
56 57 58 59 60
                loophole = form.cleaned_data['loophole']
                )
            v.save()
            c = Comment(
                comment=form.cleaned_data['comment'],
61 62
                submitter_email=form.cleaned_data['email'],
                submitter_name=form.cleaned_data['nick'],
stef's avatar
stef committed
63 64 65 66 67 68 69 70
                timestamp=datetime.now(),
                violation=v,
                )
            c.save()
            for f in request.FILES.getlist('attachments[]'):
                a=Attachment(comment=c)
                a.storage.save(f.name,f)
                a.save()
stef's avatar
stef committed
71 72
            return HttpResponseRedirect('/') # Redirect after POST
    else:
stef's avatar
stef committed
73
        form = AddViolation()
stef's avatar
stef committed
74

stef's avatar
stef committed
75 76 77 78
    return render_to_response(
        'add.html',
        { 'form': form, },
        context_instance=RequestContext(request))
stef's avatar
stef committed
79

80 81
def ajax(request, country=None, operator=None):
    if not operator:
82
        return HttpResponse(json.dumps(sorted(list(set([x.operator for x in Violation.objects.filter(country=country)])))))
83
    else:
84
        return HttpResponse(json.dumps(sorted(list(set([x.contract for x in Violation.objects.filter(country=country).filter(operator=operator)])))))
stef's avatar
stef committed
85 86

def index(request):
stef's avatar
stef committed
87 88 89 90 91 92 93 94 95 96 97 98
    v_list = Violation.objects.all()
    paginator = Paginator(v_list, 25)

    page = request.GET.get('page','1')
    try:
        violations = paginator.page(page)
    except PageNotAnInteger:
        violations = paginator.page(1)
    except EmptyPage:
        violations = paginator.page(paginator.num_pages)

    return render_to_response('list.html', {"violations": violations})
99 100 101

def view(request,id):
    v = get_object_or_404(Violation, pk=id)
stef's avatar
stef committed
102
    return render_to_response('view.html', { 'v': v, },context_instance=RequestContext(request))