summaryrefslogtreecommitdiff
path: root/pgweb/util/helpers.py
AgeCommit message (Collapse)Author
2022-12-15Allow deletion of draft news articlesMagnus Hagander
When somebody posts a news article, make it possible to delete it before it's submitted to moderation (or after it's been withdrawn or bounced), instead of forcing the user to leave it around ForEver (TM). Do this by adding some generic functionality for confirmation popups, that can also be used for other things in the future.
2021-11-18Use separate title for save button for tristate moderationMagnus Hagander
When the save and submit steps are different, use "Save draft" for the save button instead of "submit new" -- since the submit is a separate step.
2020-11-23Add modified object title to notifications of end user editsMagnus Hagander
Commit c2d58d6 only added the title of the object to notifications when an object were modified by a moderator/admin, not by the end user. Fix that to make it consistent.
2020-11-12Make it possible to have a separate form intro for new vs existing itemsMagnus Hagander
2020-11-12Re-do markdown handling for better user experience and securityMagnus Hagander
* Get rid of the django_markwhat dependency, and implement our own classes to get more control. In passing also remove django-markdown, because we never used that. * Instead of trying to clean markdown with regexps, use the bleach library (NEW DEPENDENCY) with special whitelisting of allowed tags based off standard markdown. This means that one can input links or formatting in HTML if one prefers, as long as it renders to the same subset of tags that markdown allows. * Replace javascript based client side preview with an actual call to a preview URL that renders the exact result using the same function, since the use of showdown on the client was increasingly starting to differ from the server, and since that cannot be kept secure the same way. Rewrite the client side javascript to work better with the now longer interval between updates of the preview. Long in planning, but never got around to it. Suggestion to use bleach for escaping from David Fetter.
2020-09-10Don't send notifications for new objects that are tri-state moderationMagnus Hagander
These will get a notification when they are explicitly submitted for moderation, so there is no point in having a separate notice sent when they're created, since there is nothing for the moderators to do at that point.
2020-09-10Re-work moderation of submitted itemsMagnus Hagander
This includes a number of new features: * Move some moderation functionality into shared places, so we don't keep re-inventing the wheel. * Implement three-state moderation, where the submitter can edit their item and then explicitly say "i'm done, please moderate this now". This is currently only implemented for News, but done in a reusable way. * Move moderation workflow to it's own set of URLs instead of overloading it on the general admin interface. Admin interface remains for editing things, but these are now separated out into separate things. * Do proper stylesheet clearing for moderation of markdown fields, using a dynamic sandboxed iframe, so it's not ruined by the /admin/ css. * Move moderation email notification into dedicated moderation code, thereby simplifying the admin subclassing we did which was in some places quite fragile. * Reset date of news postings to the date of their approval, when approved. This avoids some annoying ordering issues.
2020-09-10Ensure markdown fields cannot contain HTML or imagesMagnus Hagander
Since images can be used to drop things like tracking pixels, simply disallow them in all submissions.
2020-07-04Fix up some incorrect importsMagnus Hagander
2020-04-04Avoid returning HttpServerError for things not server errorsMagnus Hagander
With the new django, alerts are raised for everything with status 500, not juse exceptions. This put a light on a number of places where we were returning 500 server error code for things that are not actually server errors. Some should be a regular 200 ok with an error message, and others should be a permissions error.
2020-01-24Raise PermissionDenied instead of generic exception for non-owned itemsMagnus Hagander
Raising a generic exception generates a http 500 internal error and a stackdump. Instead raising PermissionDenied appopriately turns it into a http 403 forbidden response.
2020-01-24Reorder imports for readabilityMagnus Hagander
2019-01-26Re-implement modification notifications in simple_formMagnus Hagander
The way signals are sent for many2many apparently changed completely between the python2 and python3 versions of the same Django version, which broke the way we did this before. And it was always a bit of a hack... Instead, reimplement notifications in the simple_form handler. This now also consolidates regular field notificationss and many2many notifications in a much cleaner way. This will, however, *only* have an effect on changes made through simple_form. Luckily that's the most common way we handle forms, with the exception being /admin/. So leave the old code in place to handle the changes through /admin/, as well as the deletion of objects. In the end the only thing lost is the ability to get m2m differences when an admin makes changes, and that's the least important of all notification. And as a bonus, the regular change notifications and in particular "new item" notifications look a lot nicer.
2019-01-26More generic changes from 2to3Magnus Hagander
2019-01-17Remove multi-statement lines, per pep8Magnus Hagander
2019-01-17Fix whitespace and indentation, per pep8Magnus Hagander
2019-01-17Tabs, meet your new overlords: spacesMagnus Hagander
In a quest to reach pep8, use spaces to indent rather than tabs.
2018-12-20Move javascript for forms into separate JS fileMagnus Hagander
In passing also clean up a few things that can be passed directly in the template instead, and simplify things now that we have jquery all the time.
2018-06-29Remove unused variable referencesMagnus Hagander
2018-04-17New base HTML for PostgreSQL.orgJonathan S. Katz
The base HTML structure enables the responsiveness for the website. In addition to the primary base template, the generic page and form templates are also modernized. Authors: Sarah Conway <sarah.conway@crunchydata.com> and me
2018-03-10Rendering a template takes a dict and not a contextMagnus Hagander
This is optional in Django 1.8, but a mandatory change in 1.11. Backwards compatible.
2018-03-10Fix that HttpServerError now takes a request as parameterMagnus Hagander
2018-03-10Replace NavContext and render_to_response with render_pgwebMagnus Hagander
render_to_response does not work on newer django, so it needs to be replaced. And using a speicfic context actually overcomplicates things, it's easier to just use a wrapper function. For those cases where we don't need NavContext, just use render() (the new shortcut function from django), which also removes the need to use RequestContext.
2017-12-11Add support for descriptive texts over m2m checkboxesMagnus Hagander
This allows the assignment of "hover mouse to show"-descriptions for m2m fields with multiple checkboxes.
2017-12-11Fix submission forms for many2many fields with checkboxesMagnus Hagander
This includes proper styling (no more centering of the checkbox itself) and actually saving the m2m fields on submit.
2017-11-29Clean up whitespace in primary Python / HTML filesJonathan S. Katz
Clean up the whitespace in the primary Python / HTML files in order to make it easier to apply changes going forward.
2017-02-26Trap invalid URLs for submission formsMagnus Hagander
I still haven't figured out where these come from, but generate a proper 404 when the URL is malformatted rather than trying to render it and crash with an exception
2013-06-20Make it possible to pre-select a mailinglist in the subcription formMagnus Hagander
This is done by putting #<id> at the end of the URL.
2013-01-30Add ability to toggle fields in formsMagnus Hagander
This uses jQuery to make it possible to enable and disable fields in the default forms, by specifying an attribute on the form class. The form class still has to implement proper validators, so it does not rely on client side validations.
2011-12-07Move fixedfields back to before the .save(), to unbreak doc commentsMagnus Hagander
It was moved down to support ManyToMany value fields for Organisation, but that is no longer used. If we want to use it for ManyToMany fields in the future it needs to be split up in two sections, but for now, I'm moving it back up so it works for regular fields again.
2011-11-27Make it possible to autocreate an object in simple_formMagnus Hagander
Previously, one had to specify "new" as objectid to create a new one, but in some cases it may not be known ahead of time if the object exists or not.
2011-11-15Make sure the submitter is always listed as an organisation adminMagnus Hagander
This fixes organisation submitting again, and also makes it impossible to orphan oneself from an organisation.
2011-08-17Render server errors with a nicer templateMagnus Hagander
2010-02-27Control the headline of forms to say "New" and "Edit" dependingMagnus Hagander
on what we're actually doing.
2010-02-27Make the base form support different names for the save buttonMagnus Hagander
2010-02-26Make it possible to add new organisations again - they need to be taggedMagnus Hagander
with the logged in user as the first manager, or they become orphans before they're even created...
2010-02-26Make filter_by_user apply to forms when they are edited as well, not justMagnus Hagander
when they are created. This is to make sure the organisation list, for example, doesn't list all non-avaiable organisations when there was a missing field somewhere else in the form.
2010-01-16Support fixed fields in forms, such as the version and filename forMagnus Hagander
a doc comment.
2010-01-13Turn the XML generation helper into a class for better flexibilityMagnus Hagander
2010-01-11Add function to render a template to a stringMagnus Hagander
2010-01-02Generate mirrors.xml fileMagnus Hagander
2009-12-28Support short introductory text on a form driven from the model,Magnus Hagander
without the need to create a separate template. (Anything more advanced should still use a template, of course)
2009-12-28Support filtering by indirect usernames when building default formsMagnus Hagander
(such as looking up the user through an intermediate model)
2009-09-18Add markdown previews for generic forms in the site as well, notMagnus Hagander
just the admin site.
2009-09-14A first very basic import.Magnus Hagander
Contains basic functionality, and an import of most of the static content from the old site. There is still plenty more to do...