hyperkitty.git - Unnamed repository; edit this file 'description' to name the repository.

diff options


context:
space:
mode:

Diffstat (limited to 'hyperkitty/views')

-rw-r--r--

hyperkitty/views/list.py

-rw-r--r--

hyperkitty/views/message.py

-rw-r--r--

hyperkitty/views/search.py

-rw-r--r--

hyperkitty/views/thread.py

4 files changed, 24 insertions, 0 deletions

diff --git a/hyperkitty/views/list.py b/hyperkitty/views/list.py
index b4a97a6..cbcc678 100644
--- a/hyperkitty/views/list.py
+++ b/hyperkitty/views/list.py

@@ -37,6 +37,7 @@ from hyperkitty.lib.view_helpers import FLASH_MESSAGES, paginate, \

get_category_widget, get_months, get_display_dates, daterange, \

is_thread_unread

from hyperkitty.lib.voting import set_message_votes, set_thread_votes

+from hyperkitty.lib.mailman import check_mlist_private

if settings.USE_MOCKUPS:

@@ -49,6 +50,7 @@ Thread = namedtuple('Thread', [

])

+@check_mlist_private

def archives(request, mlist_fqdn, year=None, month=None, day=None):

if year is None and month is None:

today = datetime.date.today()

@@ -136,6 +138,7 @@ def _thread_list(request, mlist, threads, template_name='thread_list.html', extr

return render(request, template_name, context)

+@check_mlist_private

def overview(request, mlist_fqdn=None):

if not mlist_fqdn:

return redirect('/')

diff --git a/hyperkitty/views/message.py b/hyperkitty/views/message.py
index 6e3a640..414df68 100644
--- a/hyperkitty/views/message.py
+++ b/hyperkitty/views/message.py

@@ -35,10 +35,12 @@ from hyperkitty.lib import get_store

from hyperkitty.lib.view_helpers import get_months

from hyperkitty.lib.posting import post_to_list, PostingFailed

from hyperkitty.lib.voting import set_message_votes

+from hyperkitty.lib.mailman import check_mlist_private

from hyperkitty.models import Rating

from forms import ReplyForm, PostForm

+@check_mlist_private

def index(request, mlist_fqdn, message_id_hash):

'''

Displays a single message identified by its message_id_hash (derived from

@@ -62,6 +64,7 @@ def index(request, mlist_fqdn, message_id_hash):

return render(request, "message.html", context)

+@check_mlist_private

def attachment(request, mlist_fqdn, message_id_hash, counter, filename):

"""

Sends the numbered attachment for download. The filename is not used for

@@ -87,6 +90,7 @@ def attachment(request, mlist_fqdn, message_id_hash, counter, filename):

return response

+@check_mlist_private

def vote(request, mlist_fqdn, message_id_hash):

""" Add a rating to a given message identified by messageid. """

if request.method != 'POST':

@@ -142,6 +146,7 @@ def vote(request, mlist_fqdn, message_id_hash):

@login_required

+@check_mlist_private

def reply(request, mlist_fqdn, message_id_hash):

""" Sends a reply to the list.

TODO: unit tests

@@ -186,6 +191,7 @@ def reply(request, mlist_fqdn, message_id_hash):

@login_required

+@check_mlist_private

def new_message(request, mlist_fqdn):

""" Sends a new thread-starting message to the list.

TODO: unit tests

diff --git a/hyperkitty/views/search.py b/hyperkitty/views/search.py
index d398ae2..3eb179f 100644
--- a/hyperkitty/views/search.py
+++ b/hyperkitty/views/search.py

@@ -30,6 +30,7 @@ from hyperkitty.lib.view_helpers import paginate

from hyperkitty.lib.voting import set_message_votes

from hyperkitty.views.list import _thread_list

+from hyperkitty.lib.mailman import check_mlist_private, is_mlist_authorized

class SearchPaginator(Paginator):

@@ -46,6 +47,7 @@ class SearchPaginator(Paginator):

return Page(self.object_list, number, self)

+@check_mlist_private

def search_tag(request, mlist_fqdn, tag):

'''Returns threads having a particular tag'''

store = get_store(request)

@@ -84,6 +86,10 @@ def search(request, page=1):

mlist = store.get_list(mlist_fqdn)

if mlist is None:

raise Http404("No archived mailing-list by that name.")

+ if not is_mlist_authorized(request, mlist):

+ return render(request, "error-private.html", {

+ "mlist": mlist,

+ }, status=403)

if not query:

return render(request, "search_results.html", {

diff --git a/hyperkitty/views/thread.py b/hyperkitty/views/thread.py
index 76bfbc9..6f70b86 100644
--- a/hyperkitty/views/thread.py
+++ b/hyperkitty/views/thread.py

@@ -40,6 +40,7 @@ from hyperkitty.lib import get_store, stripped_subject

from hyperkitty.lib.view_helpers import (get_months, get_category_widget,

FLASH_MESSAGES)

from hyperkitty.lib.voting import set_message_votes

+from hyperkitty.lib.mailman import check_mlist_private

def _get_thread_replies(request, thread, offset=1, limit=None):

@@ -73,6 +74,7 @@ def _get_thread_replies(request, thread, offset=1, limit=None):

return emails

+@check_mlist_private

def thread_index(request, mlist_fqdn, threadid, month=None, year=None):

''' Displays all the email for a given thread identifier '''

store = get_store(request)

@@ -180,6 +182,7 @@ def thread_index(request, mlist_fqdn, threadid, month=None, year=None):

return render(request, "thread.html", context)

+@check_mlist_private

def replies(request, mlist_fqdn, threadid):

"""Get JSON encoded lists with the replies and the participants"""

chunk_size = 5

@@ -216,6 +219,7 @@ def replies(request, mlist_fqdn, threadid):

mimetype='application/javascript')

+@check_mlist_private

def tags(request, mlist_fqdn, threadid):

""" Add or remove a tag on a given thread. """

if not request.user.is_authenticated():

@@ -263,6 +267,7 @@ def tags(request, mlist_fqdn, threadid):

return HttpResponse(json.dumps(response),

mimetype='application/javascript')

+@check_mlist_private

def suggest_tags(request, mlist_fqdn, threadid):

term = request.GET.get("term")

current_tags = Tag.objects.filter(

@@ -277,6 +282,7 @@ def suggest_tags(request, mlist_fqdn, threadid):

return HttpResponse(json.dumps(tags), mimetype='application/javascript')

+@check_mlist_private

def favorite(request, mlist_fqdn, threadid):

""" Add or remove from favorites"""

if not request.user.is_authenticated():

@@ -305,6 +311,7 @@ def favorite(request, mlist_fqdn, threadid):

return HttpResponse("success", mimetype='text/plain')

+@check_mlist_private

def set_category(request, mlist_fqdn, threadid):

""" Set the category for a given thread. """

if not request.user.is_authenticated():

@@ -334,6 +341,7 @@ def set_category(request, mlist_fqdn, threadid):

return render(request, "threads/category.html", context)

+@check_mlist_private

def reattach(request, mlist_fqdn, threadid):

if not request.user.is_staff:

return HttpResponse('You must be a staff member to reattach a thread',

@@ -385,6 +393,7 @@ def reattach(request, mlist_fqdn, threadid):

return render(request, "reattach.html", context)

+@check_mlist_private

def reattach_suggest(request, mlist_fqdn, threadid):

store = get_store(request)

mlist = store.get_list(mlist_fqdn)