4 files changed, 81 insertions, 65 deletions

diff --git a/commentingapp/views.py b/commentingapp/views.py
index b4c2b84..f2a0f36 100644
--- a/commentingapp/views.py
+++ b/commentingapp/views.py
@@ -4,37 +4,43 @@ from django.template import RequestContext
 from .models import Url, Comments
 from django.contrib.auth.decorators import user_passes_test
 from django.db.models import Q
-from tbc.models import Book, Chapters
 from django.contrib.auth.models import User
 from collections import Counter
 import os.path
 from email.mime.text import MIMEText
+from django.http import Http404
+from tbc.models import Book, Chapters
+from tbc.views import is_reviewer
 
 @user_passes_test(lambda u:u.is_superuser, login_url="/admin/login/")
 
-def commenting(req):
-    ci = RequestContext(req)
-    url_instance = Url.objects.filter(Q(comments__is_notified = 0)).distinct()
-    context = {"url_context": url_instance, "user": req.user}
+def commenting(request):
+    ci = RequestContext(request)
+    curr_user = request.user
+    if not is_reviewer(curr_user):
+        raise Http404("You are not allowed to view this page")
+    else:
+        url_instance = Url.objects.filter(Q(comments__is_notified = 0)).distinct()
+        context = {"url_context": url_instance, "user": curr_user}
 
-    if req.method == "POST":
-        notified_comment_list = req.POST.getlist("comment")
-        url_list = []
-        for notified_comments in notified_comment_list:
-            url_comment_list= notified_comments.split(", ")
-            url_list.append(url_comment_list[0])
-            Comments.objects.filter(comments = url_comment_list[1]).update(is_notified = 1)
+        if request.method == "POST":
+            notified_comment_list = request.POST.getlist("comment")
+            url_list = []
+            for notified_comments in notified_comment_list:
+                url_comment_list= notified_comments.split(", ")
+                url_list.append(url_comment_list[0])
+                Comments.objects.filter(comments = url_comment_list[1]).update(is_notified = 1)
 
-        counter  = Counter(url_list)
-        url_db_instance = Url()
-        contributor_details = url_db_instance.get_contributor_details(counter)
-        status = url_db_instance.send_mail_to_contributor(contributor_details)
-       
-        if status == True:
-            context =  {"notified_comments": "You have suceesfully notified the contributors"}
-        else:
-            context =  {"notified_comments": "Mail couldnot be sent"}
-        return render_to_response("notified.html", context, ci)
+            counter  = Counter(url_list)
+            url_db_instance = Url()
+            contributor_details = url_db_instance.get_contributor_details(counter)
+            status = url_db_instance.send_mail_to_contributor(contributor_details)
+           
+            if status == True:
+                context =  {"notified_comments": "You have suceesfully notified the contributors"}
+            else:
+                context =  {"notified_comments": "Mail couldnot be sent"}
+            return render_to_response("notified.html", context, ci)
 
 
-    return render_to_response ("commenting.html", context, ci)
+        return render_to_response ("commenting.html", context, ci)
diff --git a/tbc/templates/base.html b/tbc/templates/base.html
index a1b4c8f..40812eb 100755
--- a/tbc/templates/base.html
+++ b/tbc/templates/base.html
@@ -133,7 +133,6 @@
                           <li><a href="{% url 'tbc:GetCertificate' %}">Get Certificate</a></li>
                           <li><a href="{% url 'tbc:UpdateProfile' %}">Update Profile</a></li>
                           <li><a href="{% url 'tbc:UpdatePassword' %}">Update Password</a></li>
-                          <li><a href="{% url 'tbc:admin_tools' %}">Admin Tools </a></li>
                           <li><a href="{% url 'tbc:UserLogout' %}">Logout</a></li>
                         </ul>
                      </li>
@@ -160,7 +159,9 @@
                     <ul class="dropdown-menu">
                       <li><a href="{% url 'tbc:BookReview' %}">Review Books</a></li>
                       <li><a href="{% url 'tbc:ReviewProposals' %}">Review Proposals</a></li>
+                      <li><a href="{% url 'tbc:admin_tools' %}">Admin Tools </a></li>
                       <li><a href="{% url 'tbc:UserLogout' %}">Logout</a></li>
+
                     </ul>
                  </li>
             {% endif %}
diff --git a/tbc/views.py b/tbc/views.py
index 767dd4e..18e2d4d 100755
--- a/tbc/views.py
+++ b/tbc/views.py
@@ -1,6 +1,6 @@
 from django.utils.encoding import force_text
 from django.contrib.contenttypes.models import ContentType
-from django.http import HttpResponse, HttpResponseRedirect
+from django.http import HttpResponse, HttpResponseRedirect, Http404
 from django.shortcuts import render_to_response, redirect
 from django.views.decorators.csrf import csrf_exempt
 from django.core.context_processors import csrf
@@ -1189,6 +1189,7 @@ def BrowseBooks(request):
     return render_to_response('tbc/browse-books.html', context)
 
 
+
 def ConvertNotebook(request, notebook_path=None):
     """ Checks for the modified time of ipython notebooks and corresponding html page and replaces html page with 
     new one if corresponding ipython notebook has been modified. """ 
@@ -1417,8 +1418,10 @@ def link_image(request):
 @login_required( login_url= "/admin")
 def admin_tools(request):
     ci = RequestContext(request)
-    user = request.user
-    context = {"user":user}
-    return render_to_response('tbc/admin-tools.html', context, context_instance=ci)
-
-
+    curr_user = request.user
+    
+    if not is_reviewer(curr_user):
+        raise Http404("You are not allowed to view this page")
+    else:
+        context = {"user":curr_user}
+        return render_to_response('tbc/admin-tools.html', context, context_instance=ci)
diff --git a/tbc_error_page/views.py b/tbc_error_page/views.py
index aa32453..099f996 100644
--- a/tbc_error_page/views.py
+++ b/tbc_error_page/views.py
@@ -2,55 +2,61 @@ from django.shortcuts import render_to_response
 from .models import Error, Broken, get_json_from_file
 from django.contrib.auth.decorators import user_passes_test
 from django.template import RequestContext
+from django.http import Http404
 import json
 import os
+from tbc.views import is_reviewer
 
 
-#@login_required(login_url="/admin/login/")
 @user_passes_test(lambda u:u.is_superuser, login_url="/admin/login")
-
-
-
-def error(req):
-    ci = RequestContext(req)
-    db_instance = Error()
-    error_json_data = get_json_from_file("error.pickle")
-
-    if not Error.objects.exists():
-        db_instance.create_new_error_data(error_json_data)        
+def error(request):
+    ci = RequestContext(request)
+    curr_user = request.user
+    if not is_reviewer(curr_user):
+        raise Http404("You are not allowed to view this page")
     else:
-        db_instance.delete_redundant_error_data(error_json_data)
-        db_instance.update_error_data(error_json_data)    
+        db_instance = Error()
+        error_json_data = get_json_from_file("error.pickle")
 
-    error_details = Error.objects.filter(is_deliberate = 0)
+        if not Error.objects.exists():
+            db_instance.create_new_error_data(error_json_data)        
+        else:
+            db_instance.delete_redundant_error_data(error_json_data)
+            db_instance.update_error_data(error_json_data)    
 
-    if req.method == "POST":
-        deliberate_urls_list = req.POST.getlist("deliberate")
-        db_instance.update_deliberate_error(deliberate_urls_list)
+        error_details = Error.objects.filter(is_deliberate = 0)
 
-        context = {"user":req.user, "deliberate" :deliberate_urls_list}
-    
-        return render_to_response ("deliberate.html", context, ci)
+        if request.method == "POST":
+            deliberate_urls_list = request.POST.getlist("deliberate")
+            db_instance.update_deliberate_error(deliberate_urls_list)
 
+            context = {"user":request.user, "deliberate" :deliberate_urls_list}
+        
+            return render_to_response ("deliberate.html", context, ci)
 
-    context = {"context": error_details, "user": req.user}
-    return render_to_response ("error.html", context, ci)
-
-def broken(req):
 
-    ci = RequestContext(req)    
-    db_instance = Broken()
-    broken_json_data = get_json_from_file("broken.pickle")
-    
-    if not Broken.objects.exists():
-        db_instance.create_new_broken_data(broken_json_data)
+        context = {"context": error_details, "user": curr_user}
+        return render_to_response ("error.html", context, ci)
 
+@user_passes_test(lambda u:u.is_superuser, login_url="/admin/login")
+def broken(request):
+    ci = RequestContext(request)
+    curr_user = request.user
+    if not is_reviewer(curr_user):
+        raise Http404("You are not allowed to view this page")
     else:
-        db_instance.delete_redundant_broken_data(broken_json_data)
-        db_instance.update_broken_data(broken_json_data)
+        db_instance = Broken()
+        broken_json_data = get_json_from_file("broken.pickle")
         
-    broken = Broken.objects.all() 
-    context = {"broken": broken, "user": req.user}
-    return render_to_response("broken.html", context, ci)
+        if not Broken.objects.exists():
+            db_instance.create_new_broken_data(broken_json_data)
+
+        else:
+            db_instance.delete_redundant_broken_data(broken_json_data)
+            db_instance.update_broken_data(broken_json_data)
+            
+        broken = Broken.objects.all() 
+        context = {"broken": broken, "user": curr_user}
+        return render_to_response("broken.html", context, ci)