2006-05-02 09:31:56 +08:00
|
|
|
from django.contrib.flatpages.models import FlatPage
|
|
|
|
|
from django.template import loader, RequestContext
|
|
|
|
|
from django.shortcuts import get_object_or_404
|
2008-08-06 01:45:31 +08:00
|
|
|
from django.http import HttpResponse, HttpResponseRedirect
|
2006-05-02 09:31:56 +08:00
|
|
|
from django.conf import settings
|
2006-08-23 10:05:05 +08:00
|
|
|
from django.core.xheaders import populate_xheaders
|
2007-11-14 20:58:53 +08:00
|
|
|
from django.utils.safestring import mark_safe
|
2010-02-05 05:47:19 +08:00
|
|
|
from django.views.decorators.csrf import csrf_protect
|
2005-07-13 09:25:57 +08:00
|
|
|
|
2006-05-02 09:31:56 +08:00
|
|
|
DEFAULT_TEMPLATE = 'flatpages/default.html'
|
2005-09-24 06:09:42 +08:00
|
|
|
|
2010-02-05 05:47:19 +08:00
|
|
|
# This view is called from FlatpageFallbackMiddleware.process_response
|
|
|
|
|
# when a 404 is raised, which often means CsrfViewMiddleware.process_view
|
|
|
|
|
# has not been called even if CsrfViewMiddleware is installed. So we need
|
|
|
|
|
# to use @csrf_protect, in case the template needs {% csrf_token %}.
|
2010-08-27 21:55:11 +08:00
|
|
|
# However, we can't just wrap this view; if no matching flatpage exists,
|
|
|
|
|
# or a redirect is required for authentication, the 404 needs to be returned
|
|
|
|
|
# without any CSRF checks. Therefore, we only
|
|
|
|
|
# CSRF protect the internal implementation.
|
2005-11-11 12:45:05 +08:00
|
|
|
def flatpage(request, url):
|
2005-07-13 09:25:57 +08:00
|
|
|
"""
|
2010-08-27 21:55:11 +08:00
|
|
|
Public interface to the flat page view.
|
2005-07-13 09:25:57 +08:00
|
|
|
|
2005-11-11 12:45:05 +08:00
|
|
|
Models: `flatpages.flatpages`
|
2005-07-13 09:25:57 +08:00
|
|
|
Templates: Uses the template defined by the ``template_name`` field,
|
2006-05-02 09:31:56 +08:00
|
|
|
or `flatpages/default.html` if template_name is not defined.
|
2005-07-13 09:25:57 +08:00
|
|
|
Context:
|
2005-11-11 12:45:05 +08:00
|
|
|
flatpage
|
|
|
|
|
`flatpages.flatpages` object
|
2005-07-13 09:25:57 +08:00
|
|
|
"""
|
2008-08-06 01:45:31 +08:00
|
|
|
if not url.endswith('/') and settings.APPEND_SLASH:
|
2008-08-21 09:40:22 +08:00
|
|
|
return HttpResponseRedirect("%s/" % request.path)
|
2005-07-13 09:25:57 +08:00
|
|
|
if not url.startswith('/'):
|
|
|
|
|
url = "/" + url
|
2006-05-02 09:31:56 +08:00
|
|
|
f = get_object_or_404(FlatPage, url__exact=url, sites__id__exact=settings.SITE_ID)
|
2010-08-27 21:55:11 +08:00
|
|
|
return render_flatpage(request, f)
|
|
|
|
|
|
|
|
|
|
@csrf_protect
|
|
|
|
|
def render_flatpage(request, f):
|
|
|
|
|
"""
|
|
|
|
|
Internal interface to the flat page view.
|
|
|
|
|
"""
|
2005-07-13 09:25:57 +08:00
|
|
|
# If registration is required for accessing this page, and the user isn't
|
|
|
|
|
# logged in, redirect to the login page.
|
2006-07-19 10:09:26 +08:00
|
|
|
if f.registration_required and not request.user.is_authenticated():
|
2006-05-02 09:31:56 +08:00
|
|
|
from django.contrib.auth.views import redirect_to_login
|
2005-07-13 09:25:57 +08:00
|
|
|
return redirect_to_login(request.path)
|
2005-09-24 06:09:42 +08:00
|
|
|
if f.template_name:
|
2006-05-02 09:31:56 +08:00
|
|
|
t = loader.select_template((f.template_name, DEFAULT_TEMPLATE))
|
2005-09-24 06:09:42 +08:00
|
|
|
else:
|
2006-05-02 09:31:56 +08:00
|
|
|
t = loader.get_template(DEFAULT_TEMPLATE)
|
2007-11-14 20:58:53 +08:00
|
|
|
|
|
|
|
|
# To avoid having to always use the "|safe" filter in flatpage templates,
|
|
|
|
|
# mark the title and content as already safe (since they are raw HTML
|
|
|
|
|
# content in the first place).
|
|
|
|
|
f.title = mark_safe(f.title)
|
|
|
|
|
f.content = mark_safe(f.content)
|
|
|
|
|
|
2006-05-02 09:31:56 +08:00
|
|
|
c = RequestContext(request, {
|
2005-11-11 12:45:05 +08:00
|
|
|
'flatpage': f,
|
2005-07-13 09:25:57 +08:00
|
|
|
})
|
2006-08-23 10:05:05 +08:00
|
|
|
response = HttpResponse(t.render(c))
|
|
|
|
|
populate_xheaders(request, response, FlatPage, f.id)
|
|
|
|
|
return response
|
