from rest_framework import viewsets from rest_framework.decorators import detail_route, list_route from rest_framework.response import Response from django.core.exceptions import PermissionDenied from django.db import transaction from django.utils.translation import ugettext as _ from misago.acl import add_acl from misago.core.shortcuts import get_int_or_404 from misago.threads.models import Post from misago.threads.moderation import posts as moderation from misago.threads.permissions import ( allow_delete_event, allow_delete_post, allow_edit_post, allow_reply_thread) from misago.threads.serializers import AttachmentSerializer, PostSerializer from misago.threads.viewmodels import ForumThread, PrivateThread, ThreadPost, ThreadPosts from misago.users.online.utils import make_users_status_aware from .postendpoints.edits import get_edit_endpoint, revert_post_endpoint from .postendpoints.likes import likes_list_endpoint from .postendpoints.merge import posts_merge_endpoint from .postendpoints.move import posts_move_endpoint from .postendpoints.patch_event import event_patch_endpoint from .postendpoints.patch_post import post_patch_endpoint from .postendpoints.read import post_read_endpoint from .postendpoints.split import posts_split_endpoint from .postingendpoint import PostingEndpoint class ViewSet(viewsets.ViewSet): thread = None posts = ThreadPosts post_ = ThreadPost def get_thread( self, request, pk, read_aware=True, subscription_aware=True, select_for_update=False ): return self.thread( request, get_int_or_404(pk), None, read_aware, subscription_aware, select_for_update ) def get_thread_for_update(self, request, pk): return self.get_thread( request, pk, read_aware=False, subscription_aware=False, select_for_update=True ) def get_posts(self, request, thread, page): return self.posts(request, thread, page) def get_post(self, request, thread, pk, select_for_update=False): return self.post_(request, thread, get_int_or_404(pk), select_for_update) def get_post_for_update(self, request, thread, pk): return self.get_post(request, thread, pk, select_for_update=True) def list(self, request, thread_pk): page = get_int_or_404(request.query_params.get('page', 0)) if page == 1: page = 0 # api allows explicit first page thread = self.get_thread(request, thread_pk) posts = self.get_posts(request, thread, page) data = thread.get_frontend_context() data['post_set'] = posts.get_frontend_context() return Response(data) @list_route(methods=['post']) @transaction.atomic def merge(self, request, thread_pk): thread = self.get_thread_for_update(request, thread_pk).unwrap() return posts_merge_endpoint(request, thread) @list_route(methods=['post']) @transaction.atomic def move(self, request, thread_pk): thread = self.get_thread_for_update(request, thread_pk).unwrap() return posts_move_endpoint(request, thread, self.thread) @list_route(methods=['post']) @transaction.atomic def split(self, request, thread_pk): thread = self.get_thread_for_update(request, thread_pk).unwrap() return posts_split_endpoint(request, thread) @transaction.atomic def create(self, request, thread_pk): thread = self.get_thread_for_update(request, thread_pk).unwrap() allow_reply_thread(request.user, thread) post = Post(thread=thread, category=thread.category) # Put them through posting pipeline posting = PostingEndpoint(request, PostingEndpoint.REPLY, thread=thread, post=post) if posting.is_valid(): user_posts = request.user.posts posting.save() # setup extra data for serialization post.is_read = False post.is_new = True post.poster.posts = user_posts + 1 make_users_status_aware(request.user, [post.poster]) return Response(PostSerializer(post, context={'user': request.user}).data) else: return Response(posting.errors, status=400) @transaction.atomic def update(self, request, thread_pk, pk): thread = self.get_thread_for_update(request, thread_pk).unwrap() post = self.get_post_for_update(request, thread, pk).unwrap() allow_edit_post(request.user, post) posting = PostingEndpoint(request, PostingEndpoint.EDIT, thread=thread, post=post) if posting.is_valid(): post_edits = post.edits posting.save() post.is_read = True post.is_new = False post.edits = post_edits + 1 if post.poster: make_users_status_aware(request.user, [post.poster]) return Response(PostSerializer(post, context={'user': request.user}).data) else: return Response(posting.errors, status=400) @transaction.atomic def partial_update(self, request, thread_pk, pk): thread = self.get_thread_for_update(request, thread_pk) post = self.get_post_for_update(request, thread, pk).unwrap() if post.is_event: return event_patch_endpoint(request, post) else: return post_patch_endpoint(request, post) @transaction.atomic def delete(self, request, thread_pk, pk): thread = self.get_thread_for_update(request, thread_pk) post = self.get_post_for_update(request, thread, pk).unwrap() if post.is_event: allow_delete_event(request.user, post) else: allow_delete_post(request.user, post) moderation.delete_post(request.user, post) thread.synchronize() thread.save() thread.category.synchronize() thread.category.save() return Response({}) @detail_route(methods=['post']) @transaction.atomic def read(self, request, thread_pk, pk): request.user.lock() thread = self.get_thread(request, thread_pk).unwrap() post = self.get_post(request, thread, pk).unwrap() return post_read_endpoint(request, thread, post) @detail_route(methods=['get'], url_path='editor') def post_editor(self, request, thread_pk, pk): thread = self.get_thread(request, thread_pk, read_aware=False, subscription_aware=False) post = self.get_post(request, thread, pk).unwrap() allow_edit_post(request.user, post) attachments = [] for attachment in post.attachment_set.order_by('-id'): add_acl(request.user, attachment) attachments.append(attachment) attachments_json = AttachmentSerializer( attachments, many=True, context={'user': request.user} ).data return Response({ 'id': post.pk, 'api': post.get_api_url(), 'post': post.original, 'attachments': attachments_json, 'can_protect': bool(thread.category.acl['can_protect_posts']), 'is_protected': post.is_protected, 'poster': post.poster_name }) @list_route(methods=['get'], url_path='editor') def reply_editor(self, request, thread_pk): thread = self.get_thread( request, thread_pk, read_aware=False, subscription_aware=False ).unwrap() allow_reply_thread(request.user, thread) if 'reply' in request.query_params: reply_to = self.get_post(request, thread, request.query_params['reply']).unwrap() if reply_to.is_event: raise PermissionDenied(_("You can't reply to events.")) if reply_to.is_hidden and not reply_to.acl['can_see_hidden']: raise PermissionDenied(_("You can't reply to hidden posts.")) return Response({ 'id': reply_to.pk, 'post': reply_to.original, 'poster': reply_to.poster_name }) else: return Response({}) @detail_route(methods=['get', 'post']) def edits(self, request, thread_pk, pk): if request.method == 'GET': thread = self.get_thread(request, thread_pk) post = self.get_post(request, thread, pk).unwrap() return get_edit_endpoint(request, post) if request.method == 'POST': with transaction.atomic(): thread = self.get_thread(request, thread_pk) post = self.get_post_for_update(request, thread, pk).unwrap() allow_edit_post(request.user, post) return revert_post_endpoint(request, post) @detail_route(methods=['get']) def likes(self, request, thread_pk, pk): thread = self.get_thread(request, thread_pk) post = self.get_post(request, thread, pk).unwrap() if post.acl['can_see_likes'] < 2: raise PermissionDenied(_("You can't see who liked this post.")) return likes_list_endpoint(request, post) class ThreadPostsViewSet(ViewSet): thread = ForumThread class PrivateThreadPostsViewSet(ViewSet): thread = PrivateThread