diff options
| author | Evgeny Fadeev <evgeny.fadeev@gmail.com> | 2010-07-29 22:59:44 -0400 |
|---|---|---|
| committer | Evgeny Fadeev <evgeny.fadeev@gmail.com> | 2010-07-29 22:59:44 -0400 |
| commit | abb6ed03bac2464e0ca0e7473b1351d8c3c73db6 (patch) | |
| tree | bdec32ba5d96e4aff921441f887e00875ec34e23 | |
| parent | 2206b7f7a8471bef0c64f6084b00730e7a3ab340 (diff) | |
| download | askbot-abb6ed03bac2464e0ca0e7473b1351d8c3c73db6.tar.gz askbot-abb6ed03bac2464e0ca0e7473b1351d8c3c73db6.tar.bz2 askbot-abb6ed03bac2464e0ca0e7473b1351d8c3c73db6.zip | |
added permission asserts on posting, suspended and blocked users cannot post from logged out state
20 files changed, 406 insertions, 45 deletions
diff --git a/askbot/locale/de/LC_MESSAGES/django.mo b/askbot/locale/de/LC_MESSAGES/django.mo Binary files differindex 8ee39e01..89fda585 100644 --- a/askbot/locale/de/LC_MESSAGES/django.mo +++ b/askbot/locale/de/LC_MESSAGES/django.mo diff --git a/askbot/locale/de/LC_MESSAGES/django.po b/askbot/locale/de/LC_MESSAGES/django.po index 56cc1160..12c8c21c 100644 --- a/askbot/locale/de/LC_MESSAGES/django.po +++ b/askbot/locale/de/LC_MESSAGES/django.po @@ -24,6 +24,21 @@ msgstr "i-names werden nicht unterstützt." msgid "Account with this name already exists on the forum" msgstr "Ein Zugang dieses Namens existiert bereits!" +#, fuzzy +msgid "blocked users cannot post" +msgstr "Sorry, your account appears to be blocked and you " +"cannot make new posts until this issue is resolved. " +"Please contact the forum administrator to reach a " +"resolution." + +#, fuzzy +msgid "suspended users cannot post" +msgstr "Sorry, your account appears to be suspended and you " +"cannot make new posts until this issue is resolved. " +"You can, however edit your existing posts. " +"Please contact the forum administrator to " +"reach a resolution." + #: django_authopenid/forms.py:135 msgid "can't have two logins to the same account yet, sorry." msgstr "Zwei Logins für den selben Zugang sind leider noch nicht möglich." diff --git a/askbot/locale/en/LC_MESSAGES/django.mo b/askbot/locale/en/LC_MESSAGES/django.mo Binary files differindex e80b4343..21a76706 100644 --- a/askbot/locale/en/LC_MESSAGES/django.mo +++ b/askbot/locale/en/LC_MESSAGES/django.mo diff --git a/askbot/locale/en/LC_MESSAGES/django.po b/askbot/locale/en/LC_MESSAGES/django.po index 50125247..4442a2e6 100644 --- a/askbot/locale/en/LC_MESSAGES/django.po +++ b/askbot/locale/en/LC_MESSAGES/django.po @@ -27,6 +27,19 @@ msgstr "" msgid "anonymous users cannot vote" msgstr "sorry, anonymous users cannot vote " +msgid "blocked users cannot post" +msgstr "Sorry, your account appears to be blocked and you " +"cannot make new posts until this issue is resolved. " +"Please contact the forum administrator to reach a " +"resolution." + +msgid "suspended users cannot post" +msgstr "Sorry, your account appears to be suspended and you " +"cannot make new posts until this issue is resolved. " +"You can, however edit your existing posts. " +"Please contact the forum administrator to " +"reach a resolution." + #, python-format msgid ">%(points)s points required to upvote" msgstr ">%(points)s points required to upvote " diff --git a/askbot/locale/es/LC_MESSAGES/django.po b/askbot/locale/es/LC_MESSAGES/django.po index 16f2fd17..2ca70d45 100644 --- a/askbot/locale/es/LC_MESSAGES/django.po +++ b/askbot/locale/es/LC_MESSAGES/django.po @@ -27,6 +27,21 @@ msgstr "HTML básico es soportado" msgid "Account with this name already exists on the forum" msgstr "" +#, fuzzy +msgid "blocked users cannot post" +msgstr "Sorry, your account appears to be blocked and you " +"cannot make new posts until this issue is resolved. " +"Please contact the forum administrator to reach a " +"resolution." + +#, fuzzy +msgid "suspended users cannot post" +msgstr "Sorry, your account appears to be suspended and you " +"cannot make new posts until this issue is resolved. " +"You can, however edit your existing posts. " +"Please contact the forum administrator to " +"reach a resolution." + #: django_authopenid/forms.py:135 msgid "can't have two logins to the same account yet, sorry." msgstr "" diff --git a/askbot/locale/fi/LC_MESSAGES/django.mo b/askbot/locale/fi/LC_MESSAGES/django.mo Binary files differindex 6277ccb6..379c9f26 100644 --- a/askbot/locale/fi/LC_MESSAGES/django.mo +++ b/askbot/locale/fi/LC_MESSAGES/django.mo diff --git a/askbot/locale/fi/LC_MESSAGES/django.po b/askbot/locale/fi/LC_MESSAGES/django.po index 01528d3d..c9835245 100644 --- a/askbot/locale/fi/LC_MESSAGES/django.po +++ b/askbot/locale/fi/LC_MESSAGES/django.po @@ -26,6 +26,21 @@ msgstr "Kysymyksesi ja kaikki sen vastaukset on poistettu" msgid "Your question has been deleted" msgstr "Kysymyksesi on poistettu" +#, fuzzy +msgid "blocked users cannot post" +msgstr "Sorry, your account appears to be blocked and you " +"cannot make new posts until this issue is resolved. " +"Please contact the forum administrator to reach a " +"resolution." + +#, fuzzy +msgid "suspended users cannot post" +msgstr "Sorry, your account appears to be suspended and you " +"cannot make new posts until this issue is resolved. " +"You can, however edit your existing posts. " +"Please contact the forum administrator to " +"reach a resolution." + #: auth.py:535 msgid "The question and all of it's answers have been deleted" msgstr "Kysymys ja kaikki sen vastaukset on poistettu" diff --git a/askbot/locale/ru/LC_MESSAGES/django.mo b/askbot/locale/ru/LC_MESSAGES/django.mo Binary files differindex feb9d081..1b85b6e7 100644 --- a/askbot/locale/ru/LC_MESSAGES/django.mo +++ b/askbot/locale/ru/LC_MESSAGES/django.mo diff --git a/askbot/locale/ru/LC_MESSAGES/django.po b/askbot/locale/ru/LC_MESSAGES/django.po index ecf66f68..dd763261 100644 --- a/askbot/locale/ru/LC_MESSAGES/django.po +++ b/askbot/locale/ru/LC_MESSAGES/django.po @@ -25,6 +25,21 @@ msgstr "извините, но i-names не поддерживаются" msgid "Account with this name already exists on the forum" msgstr "аккаунт с таким именем уже существует на форуме" +#, fuzzy +msgid "blocked users cannot post" +msgstr "Sorry, your account appears to be blocked and you " +"cannot make new posts until this issue is resolved. " +"Please contact the forum administrator to reach a " +"resolution." + +#, fuzzy +msgid "suspended users cannot post" +msgstr "Sorry, your account appears to be suspended and you " +"cannot make new posts until this issue is resolved. " +"You can, however edit your existing posts. " +"Please contact the forum administrator to " +"reach a resolution." + #: django_authopenid/forms.py:136 msgid "can't have two logins to the same account yet, sorry." msgstr "извините, но пока нельзя входить в аккаунт больше чем одним методом" diff --git a/askbot/locale/sr/LC_MESSAGES/django.mo b/askbot/locale/sr/LC_MESSAGES/django.mo Binary files differindex bdc63f43..4e254449 100644 --- a/askbot/locale/sr/LC_MESSAGES/django.mo +++ b/askbot/locale/sr/LC_MESSAGES/django.mo diff --git a/askbot/locale/sr/LC_MESSAGES/django.po b/askbot/locale/sr/LC_MESSAGES/django.po index c4d12f9b..79506c18 100644 --- a/askbot/locale/sr/LC_MESSAGES/django.po +++ b/askbot/locale/sr/LC_MESSAGES/django.po @@ -30,6 +30,21 @@ msgstr "Налог са овим именом већ постоји на фор msgid "can't have two logins to the same account yet, sorry." msgstr "не можете имати два начина пријаве за исти налог." +#, fuzzy +msgid "blocked users cannot post" +msgstr "Sorry, your account appears to be blocked and you " +"cannot make new posts until this issue is resolved. " +"Please contact the forum administrator to reach a " +"resolution." + +#, fuzzy +msgid "suspended users cannot post" +msgstr "Sorry, your account appears to be suspended and you " +"cannot make new posts until this issue is resolved. " +"You can, however edit your existing posts. " +"Please contact the forum administrator to " +"reach a resolution." + #: django_authopenid/forms.py:157 msgid "Please enter valid username and password (both are case-sensitive)." msgstr "" diff --git a/askbot/locale/tr/LC_MESSAGES/django.mo b/askbot/locale/tr/LC_MESSAGES/django.mo Binary files differindex 64cd2338..80579c5f 100644 --- a/askbot/locale/tr/LC_MESSAGES/django.mo +++ b/askbot/locale/tr/LC_MESSAGES/django.mo diff --git a/askbot/locale/tr/LC_MESSAGES/django.po b/askbot/locale/tr/LC_MESSAGES/django.po index ccaabdbf..434a7ef6 100644 --- a/askbot/locale/tr/LC_MESSAGES/django.po +++ b/askbot/locale/tr/LC_MESSAGES/django.po @@ -28,6 +28,22 @@ msgstr "Hesap bu adla zaten forum var" msgid "can't have two logins to the same account yet, sorry." msgstr "Üzgünüm.. Bir hesaba aynı anda iki giriş mümkün değil." +#, fuzzy +msgid "blocked users cannot post" +msgstr "Sorry, your account appears to be blocked and you " +"cannot make new posts until this issue is resolved. " +"Please contact the forum administrator to reach a " +"resolution." + +#, fuzzy +msgid "suspended users cannot post" +msgstr "Sorry, your account appears to be suspended and you " +"cannot make new posts until this issue is resolved. " +"You can, however edit your existing posts. " +"Please contact the forum administrator to " +"reach a resolution." + + msgid "anonymous users cannot vote" msgstr "üye girişi yapmadan oy kullanamazsınız" diff --git a/askbot/locale/vi/LC_MESSAGES/django.mo b/askbot/locale/vi/LC_MESSAGES/django.mo Binary files differindex 67785c70..ec2723ca 100644 --- a/askbot/locale/vi/LC_MESSAGES/django.mo +++ b/askbot/locale/vi/LC_MESSAGES/django.mo diff --git a/askbot/locale/vi/LC_MESSAGES/django.po b/askbot/locale/vi/LC_MESSAGES/django.po index 00b324e6..0835418e 100644 --- a/askbot/locale/vi/LC_MESSAGES/django.po +++ b/askbot/locale/vi/LC_MESSAGES/django.po @@ -26,6 +26,22 @@ msgstr "i-names không được hỗ trợ" msgid "Account with this name already exists on the forum" msgstr "Tài khoản với tên này đã tồn tại trên diễn đàn" +#, fuzzy +msgid "blocked users cannot post" +msgstr "Sorry, your account appears to be blocked and you " +"cannot make new posts until this issue is resolved. " +"Please contact the forum administrator to reach a " +"resolution." + +#, fuzzy +msgid "suspended users cannot post" +msgstr "Sorry, your account appears to be suspended and you " +"cannot make new posts until this issue is resolved. " +"You can, however edit your existing posts. " +"Please contact the forum administrator to " +"reach a resolution." + + #: django_authopenid/forms.py:135 msgid "can't have two logins to the same account yet, sorry." msgstr "" diff --git a/askbot/locale/zh-cn/LC_MESSAGES/django.mo b/askbot/locale/zh-cn/LC_MESSAGES/django.mo Binary files differindex be6432a8..0d5ba50f 100644 --- a/askbot/locale/zh-cn/LC_MESSAGES/django.mo +++ b/askbot/locale/zh-cn/LC_MESSAGES/django.mo diff --git a/askbot/locale/zh-cn/LC_MESSAGES/django.po b/askbot/locale/zh-cn/LC_MESSAGES/django.po index a5d9375c..7d0e0834 100644 --- a/askbot/locale/zh-cn/LC_MESSAGES/django.po +++ b/askbot/locale/zh-cn/LC_MESSAGES/django.po @@ -30,6 +30,22 @@ msgstr "" msgid "anonymous users cannot vote" msgstr "匿名用户不能投票" +#, fuzzy +msgid "blocked users cannot post" +msgstr "Sorry, your account appears to be blocked and you " +"cannot make new posts until this issue is resolved. " +"Please contact the forum administrator to reach a " +"resolution." + +#, fuzzy +msgid "suspended users cannot post" +msgstr "Sorry, your account appears to be suspended and you " +"cannot make new posts until this issue is resolved. " +"You can, however edit your existing posts. " +"Please contact the forum administrator to " +"reach a resolution." + + #, python-format msgid ">%(points)s points required to downvote" msgstr "需要+%(points)s积分才能投反对票。" diff --git a/askbot/models/__init__.py b/askbot/models/__init__.py index ceb93dd7..9d4d6db7 100644 --- a/askbot/models/__init__.py +++ b/askbot/models/__init__.py @@ -164,6 +164,52 @@ def user_assert_can_upload_file(request_user): raise exceptions.PermissionDenied(_('Sorry, anonymous users cannot upload files')) +def user_assert_can_post_question(self): + """raises exceptions.PermissionDenied with + text that has the reason for the denial + """ + + if self.is_suspended(): + raise exceptions.PermissionDenied(_('suspended users cannot post')) + if self.is_blocked(): + raise exceptions.PermissionDenied(_('blocked users cannot post')) + +def user_assert_can_post_answer(self): + """same as user_can_post_question + """ + self.assert_can_post_question() + +def user_assert_can_post_comment(self, parent_post): + """raises exceptions.PermissionDenied if + user cannot post comment + + the reason will be in text of exception + """ + if self.is_authenticated(): + if self.is_blocked(): + error_message = _('blocked users cannot post') + elif self == parent_post.author: + return + elif self.is_suspended(): + error_message = _( + 'Sorry, since your account is suspended ' + \ + 'you can comment only you own posts' + ) + elif self.is_administrator() or self.is_moderator(): + return + elif self.reputation < askbot_settings.MIN_REP_TO_LEAVE_COMMENTS: + error_message = _( + 'Sorry, to comment any post a minimum reputation of ' + \ + '%(min_rep)s points is required.' + ) % {'min_rep': askbot_settings.MIN_REP_TO_LEAVE_COMMENTS} + else: + return + else: + error_message = _('anonymous users cannot comment %(sign_in_url)s') % \ + {'sign_in_url': reverse('user_signin')} + raise exceptions.PermissionDenied(error_message) + + def user_assert_can_revoke_old_vote(self, vote): """raises exceptions.PermissionDenied if old vote cannot be revoked due to age of the vote @@ -196,12 +242,16 @@ def user_post_comment( """post a comment on behalf of the user to parent_post """ + if body_text is None: raise ValueError('body_text is required to post comment') if parent_post is None: - raise ValueError('parent_post is required to post question') + raise ValueError('parent_post is required to post comment') if timestamp is None: timestamp = datetime.datetime.now() + + self.assert_can_post_comment(parent_post = parent_post) + comment = parent_post.add_comment( user = self, comment = body_text, @@ -230,6 +280,9 @@ def user_post_question( wiki = False, timestamp = None ): + + self.assert_can_post_question() + if title is None: raise ValueError('Title is required to post question') if body_text is None: @@ -267,8 +320,12 @@ def user_post_answer( question = None, body_text = None, follow = False, + wiki = False, timestamp = None ): + + self.assert_can_post_answer() + if not isinstance(question, Question): raise TypeError('question argument must be provided') if body_text is None: @@ -280,7 +337,8 @@ def user_post_answer( author = self, text = body_text, added_at = timestamp, - email_notify = follow + email_notify = follow, + wiki = wiki ) return answer @@ -693,6 +751,9 @@ User.add_to_class('assert_can_vote_for_post', user_assert_can_vote_for_post) User.add_to_class('get_old_vote_for_post', user_get_old_vote_for_post) User.add_to_class('assert_can_revoke_old_vote', user_assert_can_revoke_old_vote) User.add_to_class('assert_can_upload_file', user_assert_can_upload_file) +User.add_to_class('assert_can_post_question', user_assert_can_post_question) +User.add_to_class('assert_can_post_answer', user_assert_can_post_answer) +User.add_to_class('assert_can_post_comment', user_assert_can_post_comment) User.add_to_class('get_unused_votes_today', user_get_unused_votes_today) #todo: move this to askbot/utils ?? @@ -1056,11 +1117,18 @@ def post_stored_anonymous_content( aa.author = user aa.save() #maybe add pending posts message? - else: #just publish the questions - for aq in aq_list: - aq.publish(user) - for aa in aa_list: - aa.publish(user) + else: + if user.is_blocked(): + msg = _('blocked users cannot post') + user.message_set.create(message = msg) + elif user.is_suspended(): + msg = _('suspended users cannot post') + user.message_set.create(message = msg) + else: + for aq in aq_list: + aq.publish(user) + for aa in aa_list: + aa.publish(user) #signal for User model save changes django_signals.pre_save.connect(calculate_gravatar_hash, sender=User) diff --git a/askbot/tests.py b/askbot/tests.py index 804553f0..0dbdafcb 100644 --- a/askbot/tests.py +++ b/askbot/tests.py @@ -19,7 +19,7 @@ from django.template import defaultfilters from django.core import management from django.core.urlresolvers import reverse from django.contrib.auth.models import AnonymousUser -from askbot.models import User, Question, Answer, Activity +from askbot.models import User, Question, Answer, Activity, Comment from askbot.models import EmailFeedSetting from askbot import const from askbot.conf import settings as askbot_settings @@ -122,8 +122,149 @@ def get_re_notif_after(timestamp): ) return notifications +class CommentPermissionAssertionTests(TestCase): -class UploadPermissionTests(TestCase): + def setUp(self): + self.user = create_user( + username = 'test', + email = 'test@test.com' + ) + self.min_rep = askbot_settings.MIN_REP_TO_LEAVE_COMMENTS + + def create_other_user(self): + return create_user( + username = 'other', + email = 'other@test.com' + ) + + def post_question(self, author = None): + if author is None: + author = self.user + return author.post_question( + title = 'test question title', + body_text = 'test question body', + tags = 'test' + ) + + def post_answer(self, question = None, author = None): + if author is None: + author = self.user + return author.post_answer( + question = question, + body_text = 'test answer' + ) + + def test_blocked_user_cannot_comment_own_question(self): + question = self.post_question() + + self.user.set_status('b') + self.assertRaises( + exceptions.PermissionDenied, + self.user.post_comment, + parent_post = question, + body_text = 'test comment' + ) + + def test_blocked_user_cannot_comment_own_answer(self): + question = self.post_question() + answer = self.post_answer(question) + + self.user.set_status('b') + + self.assertRaises( + exceptions.PermissionDenied, + self.user.post_comment, + parent_post = answer, + body_text = 'test comment' + ) + + def test_low_rep_user_cannot_comment_others(self): + other_user = create_user( + username = 'other', + email = 'other@test.com' + ) + question = self.post_question( + author = other_user + ) + assert(self.user.reputation < self.min_rep) + self.assertRaises( + exceptions.PermissionDenied, + self.user.post_comment, + parent_post = question, + body_text = 'test comment' + ) + + def test_low_rep_user_can_comment_others_answer_to_own_question(self): + question = self.post_question() + assert(self.user.reputation < self.min_rep) + other_user = self.create_other_user() + answer = other_user.post_answer( + question = question, + body_text = 'test answer' + ) + comment = other_user.post_comment( + parent_post = answer, + body_text = 'test comment' + ) + self.assertTrue(isinstance(comment, Comment)) + + def test_high_rep_user_can_comment(self): + other_user = self.create_other_user() + question = self.post_question( + author = other_user + ) + self.user.reputation = self.min_rep + comment = self.user.post_comment( + parent_post = question, + body_text = 'test comment' + ) + self.assertTrue(isinstance(comment, Comment)) + + def test_suspended_user_cannot_comment_others_question(self): + other_user = self.create_other_user() + question = self.post_question(author = other_user) + self.user.set_status('s') + self.assertRaises( + exceptions.PermissionDenied, + self.user.post_comment, + parent_post = question, + body_text = 'test comment' + ) + + def test_suspended_user_can_comment_own_question(self): + question = self.post_question() + self.user.set_status('s') + comment = self.user.post_comment( + parent_post = question, + body_text = 'test comment' + ) + self.assertTrue(isinstance(comment, Comment)) + + def test_low_rep_admin_can_comment_others_question(self): + question = self.post_question() + other_user = self.create_other_user() + other_user.is_superuser = True + assert(other_user.is_administrator()) + assert(other_user.reputation < self.min_rep) + comment = other_user.post_comment( + parent_post = question, + body_text = 'test comment' + ) + self.assertTrue(isinstance(comment, Comment)) + + def test_low_rep_moderator_can_comment_others_question(self): + question = self.post_question() + other_user = self.create_other_user() + other_user.set_status('m') + assert(other_user.is_moderator()) + assert(other_user.reputation < self.min_rep) + comment = other_user.post_comment( + parent_post = question, + body_text = 'test comment' + ) + self.assertTrue(isinstance(comment, Comment)) + +class UploadPermissionAssertionTests(TestCase): """Tests permissions for file uploads """ @@ -239,6 +380,11 @@ class EmailAlertTests(TestCase): notification_schedule = self.notification_schedule, date_joined = self.setup_timestamp ) + #moderators to avoid permission issues + self.other_user.set_status('m') + self.other_user.save() + self.target_user.set_status('m') + self.target_user.save() def post_comment( self, diff --git a/askbot/views/writers.py b/askbot/views/writers.py index 70473fdc..3e3f33df 100644 --- a/askbot/views/writers.py +++ b/askbot/views/writers.py @@ -41,9 +41,6 @@ def upload(request):#ajax upload file to a question or answer """view that handles file upload via Ajax """ - #<result><msg><![CDATA[%s]]></msg><error><![CDATA[%s]]></error><file_url>%s</file_url></result> - xml_template = "<result><msg><![CDATA[%s]]></msg><error><![CDATA[%s]]></error><file_url>%s</file_url></result>" - f = request.FILES['file-upload'] # check upload permission result = '' @@ -100,8 +97,9 @@ def upload(request):#ajax upload file to a question or answer result = '' file_url = '' + #<result><msg><![CDATA[%s]]></msg><error><![CDATA[%s]]></error><file_url>%s</file_url></result> + xml_template = "<result><msg><![CDATA[%s]]></msg><error><![CDATA[%s]]></error><file_url>%s</file_url></result>" xml = xml_template % (result, error, file_url) - print xml return HttpResponse(xml, mimetype="application/xml") @@ -118,7 +116,7 @@ def ask(request):#view used to ask a new question form = forms.AskForm(request.POST) if form.is_valid(): - added_at = datetime.datetime.now() + timestamp = datetime.datetime.now() #todo: move this to clean_title title = form.cleaned_data['title'].strip() wiki = form.cleaned_data['wiki'] @@ -126,23 +124,22 @@ def ask(request):#view used to ask a new question tagnames = form.cleaned_data['tags'].strip() text = form.cleaned_data['text'] - #todo: move this to AskForm.clean_text - #todo: make custom MarkDownField - text = form.cleaned_data['text'] - if request.user.is_authenticated(): - author = request.user - - question = models.Question.objects.create_new( - title = title, - author = author, - added_at = added_at, - wiki = wiki, - tagnames = tagnames, - text = text, - ) - return HttpResponseRedirect(question.get_absolute_url()) + try: + question = request.user.post_question( + self, + title = title, + body_text = text, + tags = tagnames, + wiki = wiki, + timestamp = timestamp + ) + return HttpResponseRedirect(question.get_absolute_url()) + except exceptions.PermissionDenied, e: + request.user.message_set.create(message = str(e)) + return HttpResponseRedirect(reverse('index')) + else: request.session.flush() session_key = request.session.session_key @@ -154,7 +151,7 @@ def ask(request):#view used to ask a new question wiki = wiki, text = text, summary = summary, - added_at = added_at, + added_at = timestamp, ip_addr = request.META['REMOTE_ADDR'], ) question.save() @@ -307,6 +304,13 @@ def edit_answer(request, id): #todo: rename this function to post_new_answer def answer(request, id):#process a new answer + """view that posts new answer + + anonymous users post into anonymous storage + and redirected to login page + + authenticated users post directly + """ question = get_object_or_404(models.Question, id=id) if request.method == "POST": form = forms.AnswerForm(question, request.user, request.POST) @@ -316,14 +320,18 @@ def answer(request, id):#process a new answer update_time = datetime.datetime.now() if request.user.is_authenticated(): - models.Answer.objects.create_new( - question=question, - author=request.user, - added_at=update_time, - wiki=wiki, - text=text, - email_notify=form.cleaned_data['email_notify'] - ) + try: + follow = form.cleaned_data['email_notify'] + answer = request.user.post_answer( + question = question, + body_text = text, + follow = follow, + wiki = wiki, + timestamp = update_time, + ) + return HttpResponseRedirect(answer.get_absolute_url()) + except exceptions.PermissionDenied, e: + request.user.message_set.create(message = str(e)) else: request.session.flush() anon = models.AnonymousAnswer( @@ -392,14 +400,17 @@ def __comments(request, obj):#non-view generic ajax handler to load comments to if request.method == "GET": response = __generate_comments_json(obj, user) elif request.method == "POST": - if auth.can_add_comments(user, obj): - obj.add_comment( - comment = request.POST.get('comment'), - user = request.user, - ) + try: + user.post_comment( + parent_post = obj, + body_text = request.POST.get('comment') + ) response = __generate_comments_json(obj, user) - else: - response = HttpResponseForbidden(mimetype="application/json") + except exceptions.PermissionDenied, e: + response = HttpResponseForbidden( + str(e), + mimetype="application/json" + ) return response def delete_comment(request, object_id='', comment_id='', commented_object_type=None):#ajax handler to delete comment |