# -*- coding: utf8 -*- # This file is part of k4ever, a point-of-sale system # Contact............ # Website............ http://k4ever.someserver.de/ # Bug tracker........ http://k4ever.someserver.de/report # # Licensed under GNU Affero General Public License v3 or later from django.contrib.auth.forms import PasswordChangeForm from django.contrib.auth.decorators import login_required from django.db.models import Count, Max from django.http import HttpResponseRedirect from django.shortcuts import render from django.template import RequestContext from django.core.urlresolvers import reverse import django.contrib.auth.views from buyable.models import Purchase, Buyable, BuyableType from main.helper import getUserFromAuthblob from main.models import Plugin, PluginPermission from k4ever.settings import SNACK_TYPE_ID, DRINK_TYPE_ID @login_required def startpage(request): ''' Diese Funktion wird wahrscheinlich viel Last erzeugen, da sie ueber mehrere Tabellen joined,filtered und wieder reduced. ''' drinks = BuyableType.objects.get(pk=DRINK_TYPE_ID).buyable_set.all() snacks = BuyableType.objects.get(pk=SNACK_TYPE_ID).buyable_set.all() context = {} drink_data = (drinks, ('allMostDrinks', 'usersMostDrinks', 'usersLastDrinks')) snack_data = (snacks, ('allMostSnacks', 'usersMostSnacks', 'usersLastSnacks')) for buyables, context_vars in (drink_data, snack_data): buyables = buyables.values('name', 'id','image','price','deposit') # allMost context[context_vars[0]] = buyables.filter(purchase__isDeposit=False).annotate( num_buys=Count('purchase')).order_by('-num_buys')[:5] # filtert fuer die anderen Variablen vor buyables = buyables.filter( purchase__order__user=request.user.id, purchase__isDeposit=False) buyables = buyables.annotate(num_buys=Count('purchase')) # usersMost context[context_vars[1]] = buyables.order_by('-num_buys')[:5] # usersLast buyables = buyables.annotate(max_dateTime=Max('purchase__order__dateTime')) context[context_vars[2]] = buyables.order_by('-max_dateTime')[:5] return render(request, "main/startpage.html", context) def register(request): """ The "no registration available" page... """ return render(request, "registration/register.html") def getPluginDict(request): """ Generate a dict containing the users plugin information. """ plugins = Plugin.objects.all() allowed = Plugin.objects.filter(pluginpermission__user=request.user) unallowed = Plugin.objects.exclude(pluginpermission__user=request.user) perms = PluginPermission.objects.filter(user=request.user) form = None if request.user.has_usable_password(): form = PasswordChangeForm(request.user) return {'plugins': plugins, 'allowed': allowed, 'unallowed': unallowed, 'permissions': perms, 'form': form} @login_required def settings(request): """ Render settings page. """ pdict = getPluginDict(request) if request.method == "POST": form = PasswordChangeForm(request.user, data=request.POST) if form.is_valid(): form.save() pdict['password_success'] = "Es wurde ein neues Passwort gesetzt." pdict['form'] = form return render(request, "settings/settings.html", pdict) @login_required def pluginPermission(request, method, pluginId): """ View to edit the users :class:`Plugin` permissions. """ plugin = None try: plugin = Plugin.objects.get(id=pluginId) except Plugin.DoesNotExist: d = getPluginDict(request) d['pluginerror'] = "Ein Plugin mit der angegebenen ID existiert nicht" return render(request, "settings/settings.html", d) if method == "allow": try: p = PluginPermission.objects.get(user=request.user, plugin=plugin) d = getPluginDict(request) d['pluginerror'] = "Dieses Plugin wurde bereits erlaubt" return render(request, "settings/settings.html", d) except PluginPermission.DoesNotExist: p = PluginPermission(user=request.user, plugin=plugin) p.save() else: try: p = PluginPermission.objects.get(user=request.user, plugin=plugin) p.delete() except PluginPermission.DoesNotExist: d = getPluginDict(request) d['pluginerror'] = "Keine Berechtigungen für dieses Plugin gefunden - kann also auch nicht zurückgezogen werden" return render(request, "settings/settings.html", d) return HttpResponseRedirect("/user/settings/") @login_required def pluginAuthblob(request, pluginId): """ View to edit the users :attr:`authblob `. """ if request.method != "POST": return HttpResponseRedirect("/user/settings/") # find plugin plugin = None try: plugin = Plugin.objects.get(id=pluginId) except Plugin.DoesNotExist: d = getPluginDict(request) d['pluginerror'] = "Ein Plugin mit der angegebenen ID existiert nicht" return render(request, "settings/settings.html", d) # find plugin permission for user p = None try: p = PluginPermission.objects.get(user=request.user, plugin=plugin) except PluginPermission.DoesNotExist: d = getPluginDict(request) d['pluginerror'] = "Vor dem editieren vom Authblob muss das Plugin ersteinmal erlaubt werden" return render(request, "settings/settings.html", d) # has the user write access to the authblob? if not p.plugin.userCanWriteAuthblob or not "authblob" in request.POST: d = getPluginDict(request) d['pluginerror'] = "Der Authblob darf für dieses Plugin nicht vom User verändert werden (oder der Authblob war kaputt)" return render(request, "settings/settings.html", d) # clean authblob \r\n ==> \n authblob = request.POST["authblob"].replace("\r\n", "\n") # is the authblob too long (too many lines)? if p.plugin.maxLinesPerAuthblob > 0 and (authblob.rstrip().count("\n") + 1) > p.plugin.maxLinesPerAuthblob: d = getPluginDict(request) d['pluginerror'] = "Der Authblob darf maximal %d Zeilen haben" % (p.plugin.maxLinesPerAuthblob,) return render(request, "settings/settings.html", d) # check, if this is equal to the old users plugin pluginsWithAuthblob = PluginPermission.objects.filter(plugin=plugin, user=request.user, authblob__exact=authblob) if pluginsWithAuthblob.count() > 0: d = getPluginDict(request) d['pluginerror'] = "Das ist der gleiche Authblob, den du vorher auch hattest." return render(request, "settings/settings.html", d) # check for every authblob-line, if there is somebody who has it (if unique) if p.plugin.uniqueAuthblob: print authblob.split("\n") for line in authblob.split("\n"): usr = getUserFromAuthblob(line, plugin) if usr: if usr == request.user: # we know this one continue else: d = getPluginDict(request) d['pluginerror'] = "Achtung! Dein Authblob (bzw. eine der Zeile davon) wird bereits von einer anderen Person benutzt. Bitte wähle einen anderen (eindeutigen) Authblob!" return render(request, "settings/settings.html", d) p.authblob = authblob p.save() d = getPluginDict(request) d['pluginmsg'] = "Authblob erfolgreich geändert" return render(request, "settings/settings.html", d) def login(request): ''' Login - redirect wenn schon angemeldet. ''' if request.user.is_authenticated(): return HttpResponseRedirect(reverse('main.views.startpage')) return django.contrib.auth.views.login(request)