Merge branch 'etherpad' with major security fix

Author: abhijitbonik

BasicArticle/views.py

@@ -23,25 +23,7 @@
 from django.conf import settings
 from Recommendation_API.views import get_Recommendations
 import json
-
-def getHTML(article):
-	epclient = EtherpadLiteClient(settings.APIKEY, settings.APIURL)
-	result =  epclient.getHtml(article.id)
-	return result['html']
-
-# +++++++++++++++++++++++++++++++++++++++++++
-
-
-def getText(article):
-	epclient = EtherpadLiteClient(settings.APIKEY, settings.APIURL)
-	result =  epclient.getText(article.id)
-	return result['text']
-
-# +++++++++++++++++++++++++++++++++++++++++++
-
-def deletePad(article):
-	epclient = EtherpadLiteClient(settings.APIKEY, settings.APIURL)
-	epclient.deletePad(article.id)
+from etherpad.views import getHTML, getText, deletePad, create_session_community, create_session_group, get_pad_id
 
 def article_autosave(request,pk):
 	if request.user.is_authenticated:
@@ -252,6 +234,7 @@ def edit_article(request, pk):
 
 				try:
 					cmember = CommunityMembership.objects.get(user =request.user.id, community = article.community.pk)
+					sessionid = create_session_community(request, article.community.id)
 					try:
 						transition = Transitions.objects.get(from_state=article.article.state)
 						state1 = States.objects.get(name='draft')
@@ -283,6 +266,7 @@ def edit_article(request, pk):
 						cmember = CommunityMembership.objects.get(user=request.user.id, community = communitygroup.community.pk)
 						try:
 							gmember =GroupMembership.objects.get(user=request.user.id, group = article.group.pk)
+							sessionid = create_session_group(request, article.group.id)
 						except GroupMembership.DoesNotExist:
 							gmember = 'FALSE'
 						try:
@@ -303,7 +287,10 @@ def edit_article(request, pk):
 					# print ("Hello6")
 
 					raise Http404
-			return render(request, 'edit_article.html', {'article': article, 'cmember':cmember,'gmember':gmember,'message':message, 'belongs_to':belongs_to,'transition': transition, 'private':private,'uname':request.user,'url':settings.SERVERURL})
+			padid = get_pad_id(article.article.id)
+			response = render(request, 'edit_article.html', {'article': article, 'cmember':cmember,'gmember':gmember,'message':message, 'belongs_to':belongs_to,'transition': transition, 'private':private,'url':settings.SERVERURL, 'padid':padid})
+			response.set_cookie('sessionID', sessionid)
+			return response
 	else:
 		return redirect('login')
 

CollaborationSystem/settings.py

@@ -78,6 +78,7 @@
     'wiki.plugins.images.apps.ImagesConfig',
     'wiki.plugins.macros.apps.MacrosConfig',
     'Recommendation_API',
+    'etherpad',
 ] + get_machina_apps()
 
 SITE_ID = 1

CollaborationSystem/urls.py

@@ -58,9 +58,6 @@
 
     url(r'^articles/$', articleview.display_articles, name='display_articles'),
     url(r'^article-view/(?P<pk>\d*)/$', articleview.view_article, name='article_view'),
-
-    url(r'^ajax/article_autosave/(?P<pk>\d*)/$', articleview.article_autosave, name='article_autosave'),
-
     url(r'^ajax/article_text/(?P<pk>\d*)/$', articleview.article_text, name='article_text'),
 
     url(r'^h5p-view/(?P<pk>\d*)/$', communityview.h5p_view, name='h5p_view'),

Community/views.py

@@ -30,7 +30,7 @@
 from ast import literal_eval
 import json
 import requests
-# Create your views here.
+from etherpad.views import create_community_ether, create_article_ether_community, create_session_community
 
 def display_communities(request):
 	if request.method == 'POST':
@@ -133,14 +133,19 @@ def community_article_create(request):
 			if status=='1':
 				article = create_article(request)
 				CommunityArticles.objects.create(article=article, user = request.user , community =community )
+
+				#create the ether id for artcile blonging to this community
+				padid = create_article_ether_community(cid, article)
+
 				# return community_article_create_body(request, article, community)
 				data={
 					'article_id':article.id,
 					'community_or_group_id':community.pk,
 					'user_id':request.user.id,
 					'username':request.user.username,
 					'url':settings.SERVERURL,
-					'articleof':'community'
+					'articleof':'community',
+					'padid':padid
 				}
 				return JsonResponse(data)
 				# return redirect('article_edit', article.pk)
@@ -166,7 +171,11 @@ def community_article_create(request):
 					data={}
 					return JsonResponse(data)
 			else:
-				return render(request, 'new_article.html', {'community':community, 'status':1})
+				#create the session for this article in ether pad
+				sid = create_session_community(request, cid)
+				response = render(request, 'new_article.html', {'community':community, 'status':1})
+				response.set_cookie('sessionID', sid)
+				return response
 		else:
 			return redirect('home')
 	else:
@@ -255,6 +264,9 @@ def handle_community_creation_requests(request):
 
 					)
 
+				#create the ether id for community
+				create_community_ether(communitycreation)
+
 				create_wiki_for_community(communitycreation)
 				communityadmin = Roles.objects.get(name='community_admin')
 				communitymembership = CommunityMembership.objects.create(
@@ -433,6 +445,9 @@ def create_community(request):
 				remove_or_add_user_feed(usr,community,'community_created')
 				notify_remove_or_add_user(request.user, usr,community,'community_created')
 
+				#create the ether id for community
+				create_community_ether(community)
+
 				create_wiki_for_community(community)
 
 				return redirect('community_view', community.pk)

Group/views.py

@@ -18,6 +18,7 @@
 from django.conf import settings
 import json
 import requests
+from etherpad.views import create_group_ether, create_article_ether_group, create_session_group
 
 def create_group(request):
 	if request.method == 'POST':
@@ -37,7 +38,11 @@ def create_group(request):
 			created_by = user
 			)
 		role = Roles.objects.get(name='group_admin')
-		obj = GroupMembership.objects.create(user=user, group=group, role=role)
+		GroupMembership.objects.create(user=user, group=group, role=role)
+
+		#create ether id for the group 
+		create_group_ether(group)
+		
 		notify_remove_or_add_user(request.user, user, group, 'group_created')
 		remove_or_add_user_feed(request.user, group, "group_created")
 		return group
@@ -133,14 +138,19 @@ def group_article_create(request):
 			if status=='1':
 				article = create_article(request)
 				GroupArticles.objects.create(article=article, user = request.user , group =group )
+
+				#create ether id for the article belonging to the group
+				padid = create_article_ether_group(gid, article)
+
 				# return community_article_create_body(request, article, community)
 				data={
 					'article_id':article.id,
 					'community_or_group_id':group.pk,#see this thing
 					'user_id':request.user.id,
 					'username':request.user.username,
 					'url':settings.SERVERURL,
-					'articleof':'group'
+					'articleof':'group',
+					'padid':padid
 				}
 				return JsonResponse(data)
 				# return redirect('article_edit', article.pk)
@@ -166,7 +176,11 @@ def group_article_create(request):
 					data={}
 					return JsonResponse(data)
 			else:
-				return render(request, 'new_article.html', {'group':group, 'status':1})
+				#create session for this group article in ether pad
+				sid = create_session_group(request, gid)
+				response = render(request, 'new_article.html', {'group':group, 'status':1})
+				response.set_cookie('sessionID', sid)
+				return response
 		else:
 			return redirect('home')
 	else:

UserRolesPermission/views.py

@@ -21,6 +21,7 @@
 from django.core import serializers
 from datetime import date
 from decouple import config
+from etherpad.views import create_ether_user
 
 def signup(request):
     """
@@ -58,6 +59,7 @@ def signup(request):
             else:
                 user = form.save()
                 assign_role(user, Author)
+                create_ether_user(user)
                 auth_login(request, user, backend='django.contrib.auth.backends.ModelBackend')
                 return redirect('user_dashboard')
         else:

etherpad/__init__.py

@@ -0,0 +1,8 @@
+from django.contrib import admin
+from .models import EtherUser, EtherCommunity, EtherGroup, EtherArticle
+# Register your models here.
+
+admin.site.register(EtherUser)
+admin.site.register(EtherCommunity)
+admin.site.register(EtherGroup)
+admin.site.register(EtherArticle)

etherpad/admin.py

@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class EtherpadConfig(AppConfig):
+    name = 'etherpad'

etherpad/apps.py

@@ -0,0 +1,54 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.7 on 2018-09-06 13:43
+from __future__ import unicode_literals
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('BasicArticle', '0020_merge_20180627_1228'),
+        ('Group', '0013_groupinvitations'),
+        ('Community', '0024_auto_20180614_0125'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='EtherArticle',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('article_ether_id', models.TextField()),
+                ('article', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='ether_article', to='BasicArticle.Articles')),
+            ],
+        ),
+        migrations.CreateModel(
+            name='EtherCommunity',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('community_ether_id', models.TextField()),
+                ('community', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='ether_community', to='Community.Community')),
+            ],
+        ),
+        migrations.CreateModel(
+            name='EtherGroup',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('group_ether_id', models.TextField()),
+                ('group', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='ether_group', to='Group.Group')),
+            ],
+        ),
+        migrations.CreateModel(
+            name='EtherUser',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('user_ether_id', models.TextField()),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='ether_user', to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+    ]