user_media.views: 90 total statements, 100.0% covered

Generated: Thu 2013-03-14 13:13 SGT

Source file: /Users/martin/Repos/django-user-media/user_media/views.py

Stats: 81 executed, 0 missed, 9 excluded, 100 ignored

1. """Views for the ``django-user-media`` app."""
2. from django.contrib.auth.decorators import login_required
3. from django.contrib.contenttypes.models import ContentType
4. from django.db.models import ObjectDoesNotExist
5. from django.http import Http404
6. from django.utils.decorators import method_decorator
7. from django.views.generic import CreateView, DeleteView, UpdateView
9. from django_libs.views_mixins import AjaxResponseMixin
11. from user_media.forms import UserMediaImageForm
12. from user_media.models import UserMediaImage
15. class UserMediaImageViewMixin(object):
16. """
17. Mixin for views that deal with `UserMediaImage` objects.
19. When using this mixin please make sure that you call `_add_next_and_user()`
20. in your `dispatch()` method.
22. """
23. model = UserMediaImage
25. def _add_next_and_user(self, request):
26. self.next = request.POST.get('next', '') or request.GET.get('next', '')
27. self.user = request.user
29. def get_context_data(self, **kwargs):
30. """
31. Adds `next` to the context.
33. This makes sure that the `next` parameter doesn't get lost if the
34. form was submitted invalid.
36. """
37. ctx = super(UserMediaImageViewMixin, self).get_context_data(**kwargs)
38. ctx.update({
39. 'action': self.action,
40. 'next': self.next,
41. })
42. return ctx
44. def get_success_url(self):
45. """
46. Returns the success URL.
48. This is either the given `next` URL parameter or the content object's
49. `get_absolute_url` method's return value.
51. """
52. if self.next:
53. return self.next
54. if self.object and self.object.content_object:
55. return self.object.content_object.get_absolute_url()
56. raise Exception(
57. 'No content object given. Please provide ``next`` in your POST'
58. ' data')
61. class CreateImageView(AjaxResponseMixin, UserMediaImageViewMixin, CreateView):
62. action = 'create'
63. form_class = UserMediaImageForm
64. ajax_template_prefix = 'partials/ajax_'
66. @method_decorator(login_required)
67. def dispatch(self, request, *args, **kwargs):
68. """Adds useful objects to the class and performs security checks."""
69. self._add_next_and_user(request)
70. self.content_object = None
71. self.content_type = None
72. self.object_id = kwargs.get('object_id', None)
74. if kwargs.get('content_type'):
75. # Check if the user forged the URL and posted a non existant
76. # content type
77. try:
78. self.content_type = ContentType.objects.get(
79. model=kwargs.get('content_type'))
80. except ContentType.DoesNotExist:
81. raise Http404
83. if self.content_type:
84. # Check if the user forged the URL and tries to append the image to
85. # an object that does not exist
86. try:
87. self.content_object = \
88. self.content_type.get_object_for_this_type(
89. pk=self.object_id)
90. except ObjectDoesNotExist:
91. raise Http404
93. if self.content_object:
94. # Check if the user forged the URL and tries to append the image to
95. # an object that does not belong to him
96. if not self.content_object.user == self.user:
97. raise Http404
99. return super(CreateImageView, self).dispatch(request, *args, **kwargs)
101. def get_context_data(self, **kwargs):
102. ctx = super(CreateImageView, self).get_context_data(**kwargs)
103. ctx.update({
104. 'content_type': self.content_type,
105. 'object_id': self.object_id,
106. })
107. return ctx
109. def get_form_kwargs(self):
110. kwargs = super(CreateImageView, self).get_form_kwargs()
111. kwargs.update({
112. 'user': self.user,
113. 'content_type': self.content_type,
114. 'object_id': self.object_id,
115. })
116. return kwargs
119. class DeleteImageView(AjaxResponseMixin, UserMediaImageViewMixin, DeleteView):
120. """Deletes an `UserMediaImage` object."""
121. action = 'delete'
122. model = UserMediaImage
123. ajax_template_prefix = 'partials/ajax_'
125. @method_decorator(login_required)
126. def dispatch(self, request, *args, **kwargs):
127. """Adds useful objects to the class."""
128. self._add_next_and_user(request)
129. return super(DeleteImageView, self).dispatch(request, *args, **kwargs)
131. def get_context_data(self, **kwargs):
132. ctx = super(DeleteImageView, self).get_context_data(**kwargs)
133. ctx.update({
134. 'image_pk': self.object.pk,
135. })
136. return ctx
138. def get_queryset(self):
139. """
140. Making sure that a user can only delete his own images.
142. Even when he forges the request URL.
144. """
145. queryset = super(DeleteImageView, self).get_queryset()
146. queryset = queryset.filter(user=self.user)
147. return queryset
150. class UpdateImageView(AjaxResponseMixin, UserMediaImageViewMixin, UpdateView):
151. """Updates an existing `UserMediaImage` object."""
152. action = 'update'
153. model = UserMediaImage
154. form_class = UserMediaImageForm
155. ajax_template_prefix = 'partials/ajax_'
157. @method_decorator(login_required)
158. def dispatch(self, request, *args, **kwargs):
159. """Adds useful objects to the class."""
160. self._add_next_and_user(request)
161. return super(UpdateImageView, self).dispatch(request, *args, **kwargs)
163. def get_context_data(self, **kwargs):
164. ctx = super(UpdateImageView, self).get_context_data(**kwargs)
165. ctx.update({
166. 'content_type': self.object.content_type,
167. 'object_id': self.object.object_id,
168. 'image_pk': self.object.pk,
169. })
170. return ctx
172. def get_form_kwargs(self):
173. kwargs = super(UpdateImageView, self).get_form_kwargs()
174. kwargs.update({
175. 'user': self.user,
176. 'content_type': self.object.content_type,
177. 'object_id': self.object.object_id,
178. })
179. return kwargs
181. def get_queryset(self):
182. """
183. Making sure that a user can only edit his own images.
185. Even when he forges the request URL.
187. """
188. queryset = super(UpdateImageView, self).get_queryset()
189. queryset = queryset.filter(user=self.user)
190. return queryset