Block anonymous access to upload files

TODO.md

@@ -13,11 +13,11 @@ Not implemented - will be ASAP
  * Key-value meta data
  * Index views for urlpaths
  * Searching
- * South migrations **Soon**
+ * South migrations **Done**
  * View source for read-only articles + locked status
  * Global moderator permission **Almost done** (need to add grant form for users with *grant* permissions)
  * Are you sure you wanna leave this page?
- * Special view for deleted articles w/ restore button
+ * Special view for deleted articles w/ restore button **Done**
  
 Ideas
 =====

testproject/testproject/settings.py

@@ -9,6 +9,8 @@ ADMINS = (
     # ('Your Name', 'your_email@example.com'),
 )
 
+LOGIN_URL = '/_accounts/login/'
+
 MANAGERS = ADMINS
 
 DATABASES = {

wiki/conf/settings.py

@@ -8,6 +8,8 @@ URL_CASE_SENSITIVE = getattr(django_settings, 'WIKI_URL_CASE_SENSITIVE', False)
 APP_LABEL = 'wiki'
 WIKI_LANGUAGE = 'markdown'
 
+# The editor class to use -- maybe a 3rd party or your own...? You can always
+# extend the built-in editor and customize it....
 EDITOR = getattr(django_settings, 'WIKI_EDITOR', 'wiki.editors.MarkItUp')
 
 # This slug is used in URLPath if an article has been deleted. The children of the
@@ -15,9 +17,11 @@ EDITOR = getattr(django_settings, 'WIKI_EDITOR', 'wiki.editors.MarkItUp')
 # and all their content.
 LOST_AND_FOUND_SLUG = getattr(django_settings, 'WIKI_LOST_AND_FOUND_SLUG', 'lost-and-found')
 
+# Do we want to log IPs?
 LOG_IPS_ANONYMOUS = getattr(django_settings, 'WIKI_LOG_IPS_ANONYMOUS', True)
 LOG_IPS_USERS = getattr(django_settings, 'WIKI_LOG_IPS_USERS', False)
 
+# Sign up, login and logout views should be accessible 
 ACCOUNT_HANDLING = getattr(django_settings, 'WIKI_ACCOUNT_HANDLING', True)
 
 # Maximum amount of children to display in a menu before going "+more"

wiki/plugins/attachments/settings.py

@@ -2,6 +2,9 @@ from django.conf import settings as django_settings
 
 SLUG = "attachments"
 
+# Allow anonymous users to upload (not nice on an open network)
+ANONYMOUS = getattr(django_settings, 'WIKI_ATTACHMENTS_ANONYMOUS', False)
+
 # Maximum file sizes: Please using something like LimitRequestBody on
 # your web server.
 # http://httpd.apache.org/docs/2.2/mod/core.html#LimitRequestBody

wiki/plugins/attachments/templates/wiki/plugins/attachments/index.html

@@ -82,12 +82,16 @@
         
         <div id="collapse_upload" class="accordion-body collapse{% if form.errors %} in{% endif %}">
           <div class="accordion-inner">
+            {% if anonymous_disallowed %}
+              {% include "wiki/includes/anonymous_blocked.html" %}
+            {% else %}
             <form method="POST" class="form-vertical" id="attachment_form" enctype="multipart/form-data">
             {% wiki_form form %}
               <button type="submit" name="save" value="1" class="btn btn-large">
                 {% trans "Upload file" %}
               </button>
             </form>
+            {% endif %}
           </div>
         </div>
       

wiki/plugins/attachments/views.py

 # -*- coding: utf-8 -*-
+from django.conf import settings as django_settings
+from django.contrib import messages
+from django.db import transaction
+from django.db.models import Q
+from django.http import Http404
 from django.shortcuts import redirect, get_object_or_404
 from django.utils.decorators import method_decorator
 from django.utils.translation import ugettext as _
-from django.views.generic.edit import FormView 
-from django.db.models import Q
-
-from wiki.views.mixins import ArticleMixin
-from wiki.decorators import get_article
-from wiki.plugins.attachments import forms
-from wiki.plugins.attachments import models
-from django.contrib import messages
 from django.views.generic.base import TemplateView, View
-from wiki.core.http import send_file
-from django.http import Http404
-from django.db import transaction
+from django.views.generic.edit import FormView
 from django.views.generic.list import ListView
 
+from wiki.core.http import send_file
+from wiki.decorators import get_article
+from wiki.plugins.attachments import models, settings, forms
+from wiki.views.mixins import ArticleMixin
+
+
 class AttachmentView(ArticleMixin, FormView):
     
     form_class = forms.AttachmentForm
@@ -34,6 +35,9 @@ class AttachmentView(ArticleMixin, FormView):
     # WARNING! The below decorator silences other exceptions that may occur!
     #@transaction.commit_manually
     def form_valid(self, form):
+        if self.request.user.is_anonymous and not settings.ANONYMOUS:
+            return redirect(django_settings.LOGIN_URL)
+            
         try:
             attachment_revision = form.save(commit=False)
             attachment = models.Attachment()
@@ -59,6 +63,7 @@ class AttachmentView(ArticleMixin, FormView):
         kwargs['attachments'] = self.attachments
         kwargs['search_form'] = forms.SearchForm()
         kwargs['selected_tab'] = 'attachments'
+        kwargs['anonymous_disallowed'] = self.request.user.is_anonymous and not settings.ANONYMOUS
         return super(AttachmentView, self).get_context_data(**kwargs)
 
 

wiki/plugins/images/settings.py

 from django.conf import settings as django_settings
 
 # Where to store images
-IMAGE_PATH = getattr(django_settings, "WIKI_IMAGE_PATH", 'wiki/images/%aid/')
+IMAGE_PATH = getattr(django_settings, 'WIKI_IMAGE_PATH', "wiki/images/%aid/")
+
+SLUG = 'images'
\ No newline at end of file

wiki/plugins/images/views.py

+from wiki.views.mixins import ArticleMixin
+from django.views.generic.base import TemplateView
+from django.utils.decorators import method_decorator
+from wiki.decorators import get_article
+
+class ImageView(ArticleMixin, TemplateView):
+    
+    @method_decorator(get_article(can_read=True))
+    def dispatch(self, request, article, *args, **kwargs):
+        return super(ImageView, self).dispatch(request, article, *args, **kwargs)
+
+    
\ No newline at end of file

wiki/plugins/images/wiki_plugin.py

+# -*- coding: utf-8 -*-
+from django.conf.urls.defaults import patterns, url
+from django.utils.translation import ugettext as _
+
+from wiki.core import plugins_registry
+from wiki import plugins
+from wiki.plugins.images import views, models, settings
+from wiki.plugins.notifications import ARTICLE_EDIT
+
+class ImagePlugin(plugins.BasePlugin):
+    
+    #settings_form = 'wiki.plugins.notifications.forms.SubscriptionForm'
+    
+    slug = settings.SLUG
+    urlpatterns = patterns('',
+        url('^$', views.ImageView.as_view(), name='images_index'),
+    )
+    
+    # List of notifications to construct signal handlers for. This
+    # is handled inside the notifications plugin.
+    notifications = [{'model': models.Image,
+                      'message': lambda obj: _(u"An image was added: %s") % obj.get_filename(),
+                      'key': ARTICLE_EDIT,
+                      'created': True,
+                      'get_article': lambda obj: obj.attachment.article}
+                     ]
+    
+    #markdown_extensions = [AttachmentExtension()]
+    
+    def __init__(self):
+        #print "I WAS LOADED!"
+        pass
+    
+plugins_registry.register(ImagePlugin)
+

wiki/templates/wiki/includes/anonymous_blocked.html

+{% load i18n %}
+{% load url from future %}
+<em>
+{% url 'wiki:signup' as signup_url %}
+{% url 'wiki:login' as login_url %}
+{% if login_url and signup_url %}
+  {% blocktrans %}
+  You need to <a href="{{ login_url }}">log in</a> or <a href="{{ signup_url }}">sign up</a> to use this function.
+  {% endblocktrans %}
+{% else %}
+  {% trans "You need to log in og sign up to use this function." %}
+{% endif %}
+</em>