
This commit is contained in:
D4rk4 2020-08-01 23:38:16 +02:00
parent 7c8239b942
commit 76170f973d
94 changed files with 119 additions and 5498 deletions

.gitignore vendored
View file

@ -1,14 +0,0 @@
# tools, IDEs, build folders
# Django and Python

View file

@ -0,0 +1,37 @@
apiVersion: apps/v1
kind: Deployment
name: {{ .Chart.Name }}
namespace: {{ .Chart.Name }}-{{ }}
replicas: 1
app: {{ .Chart.Name }}
app: {{ .Chart.Name }}
- name: {{ .Chart.Name }}
image: {{ .Values.DockerImage }}
- containerPort: 8888
value: "db-postgresql"
value: "postgres"
value: {{.Values.DBPwd | required "DBPwd is required" }}
cpu: 100m
memory: 150Mi
cpu: 100m
memory: 150Mi

View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
name: {{ .Chart.Name }}-service
namespace: {{ .Chart.Name }}-{{ }}
type: ClusterIP
- name: http
port: 8888
targetPort: 8888
app: {{ .Chart.Name }}

View file

@ -0,0 +1,16 @@
kind: Ingress
name: ingress-{{ .Chart.Name }}
namespace: {{ .Chart.Name }}-{{ }}
annotations: "nginx"
- http:
- path: /
serviceName: {{ .Chart.Name }}-service
servicePort: 8888

View file

@ -1,27 +0,0 @@
sudo: true
- sudo apt-get update -qq
- sudo apt-get install -qq build-essential gettext python-dev zlib1g-dev libpq-dev xvfb libjpeg8-dev
- sudo apt-get install -qq python-setuptools python3-dev python-virtualenv python-pip
postgresql: "9.6"
- "pip3 install pipenv"
- "pipenv install --dev"
- "pip3 install -e . --upgrade"
language: python
- "3.6"
# Attempt to use cached versions of python deps
cache: pip
- $HOME/.cache/pip
script: pipenv run pytest -x -v

Dockerfile Normal file
View file

@ -0,0 +1,15 @@
FROM python:3.6-alpine
RUN apk add git gcc musl-dev postgresql-dev && \
pip install pipenv && \
git clone /app && \
pipenv --python 3.6 && \
pipenv install --dev
ADD project/.
RUN chmod +x
CMD [ "./" ]

View file

@ -1,27 +0,0 @@
Copyright (c) 2010, Scot Hacker, Birdhouse Arts and individual contributors.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of Birdhouse Arts nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.

View file

@ -1,5 +0,0 @@
include LICENSE
recursive-include todo/data *
recursive-include todo/static *
recursive-include todo/templates *

View file

@ -1,23 +0,0 @@
url = ""
verify_ssl = true
name = "pypi"
django = "*"
django-extensions = "*"
"psycopg2-binary" = "*"
"flake8" = "*"
factory-boy = "*"
titlecase = "*"
bleach = "*"
django-autocomplete-light = "*"
html2text = "*"
mypy = "*"
pytest = "*"
pytest-django = "*"
python_version = "3.6"

Pipfile.lock generated
View file

@ -1,311 +0,0 @@
"_meta": {
"hash": {
"sha256": "c6fb601fc8a197ca280960d831a5386313c93ebe19d932afa01034d5520f2f94"
"pipfile-spec": 6,
"requires": {
"python_version": "3.6"
"sources": [
"name": "pypi",
"url": "",
"verify_ssl": true
"default": {
"bleach": {
"hashes": [
"index": "pypi",
"version": "==3.1.4"
"django": {
"hashes": [
"index": "pypi",
"version": "==2.2.13"
"django-autocomplete-light": {
"hashes": [
"index": "pypi",
"version": "==3.3.2"
"django-extensions": {
"hashes": [
"index": "pypi",
"version": "==2.1.6"
"entrypoints": {
"hashes": [
"version": "==0.3"
"factory-boy": {
"hashes": [
"index": "pypi",
"version": "==2.11.1"
"faker": {
"hashes": [
"version": "==4.1.0"
"flake8": {
"hashes": [
"index": "pypi",
"version": "==3.7.7"
"html2text": {
"hashes": [
"index": "pypi",
"version": "==2018.1.9"
"mccabe": {
"hashes": [
"version": "==0.6.1"
"psycopg2-binary": {
"hashes": [
"index": "pypi",
"version": "==2.7.7"
"pycodestyle": {
"hashes": [
"version": "==2.5.0"
"pyflakes": {
"hashes": [
"version": "==2.1.1"
"python-dateutil": {
"hashes": [
"version": "==2.8.1"
"pytz": {
"hashes": [
"version": "==2020.1"
"six": {
"hashes": [
"version": "==1.15.0"
"sqlparse": {
"hashes": [
"version": "==0.3.1"
"text-unidecode": {
"hashes": [
"version": "==1.3"
"titlecase": {
"hashes": [
"index": "pypi",
"version": "==0.12.0"
"webencodings": {
"hashes": [
"version": "==0.5.1"
"develop": {
"atomicwrites": {
"hashes": [
"version": "==1.4.0"
"attrs": {
"hashes": [
"version": "==19.3.0"
"importlib-metadata": {
"hashes": [
"markers": "python_version < '3.8'",
"version": "==1.6.0"
"more-itertools": {
"hashes": [
"markers": "python_version > '2.7'",
"version": "==8.3.0"
"mypy": {
"hashes": [
"index": "pypi",
"version": "==0.670"
"mypy-extensions": {
"hashes": [
"version": "==0.4.3"
"pluggy": {
"hashes": [
"version": "==0.13.1"
"py": {
"hashes": [
"version": "==1.8.1"
"pytest": {
"hashes": [
"index": "pypi",
"version": "==4.3.0"
"pytest-django": {
"hashes": [
"index": "pypi",
"version": "==3.4.8"
"six": {
"hashes": [
"version": "==1.15.0"
"typed-ast": {
"hashes": [
"version": "==1.3.5"
"zipp": {
"hashes": [
"version": "==3.1.0"

View file

@ -1,407 +0,0 @@
# django-todo
django-todo is a pluggable, multi-user, multi-group task management and
assignment application for Django, designed to be dropped into an existing site as a reusable app. django-todo can be used as a personal to-do tracker, or a group task management system, or a ticketing system for organizations (or all of these at once!)
**The best way to learn how django-todo works is to visit the live demo site at [](!**
## Features
* Drag and drop task prioritization
* Email task notification
* Search
* Comments on tasks
* Public-facing submission form for tickets
* Mobile-friendly (work in progress)
* Separate view for My Tasks (across lists)
* Batch-import tasks via CSV
* Multiple file attachments per task (see settings)
* Integrated mail tracking (unify a task list with an email box)
## Requirements
* Django 2.0+
* Python 3.6+
* jQuery (full version, not "slim", for drag/drop prioritization)
* Bootstrap (to work with provided templates, though you can override them)
* bleach (`pip install bleach`)
* django-autocomplete-light (optional, required for task merging)
## Overview
We assume that your organization has multiple groups of employees, each with multiple users (where actual users and groups map to Django Users and Groups). Users may belong to multiple groups, and each group can have multiple todo lists.
You must have at least one Group set up in Django admin, and that group must have at least one User as a member. This is true even if you're the sole user of django-todo.
Users can view and modify all to-do lists belonging to their group(s). Only users with `is_staff` can add or delete lists.
Identical list names can exist in different groups, but not in the same group.
Emails are generated to the assigned-to person when new tasks are created.
File attachments of a few types are allowed on tasks by default. See settings to disable or to limit filetypes. If you are concerned about file sizes, limit them in your web server configuration (not currently handled separately by django-todo).
Comment threads can be added to tasks. Each participant in a thread receives email when new comments are added.
django-todo is auth-only. You must set up a login system and at least one group before deploying.
All tasks are "created by" the current user and can optionally be "assigned to" a specific user. Unassigned tickets appear as belonging to "anyone" in the UI.
django-todo v2 makes use of features only available in Django 2.0. It will not work in previous versions. v2 is only tested against Python 3.x -- no guarantees if running it against older versions.
## Installation
django-todo is a Django app, not a project site. It needs a site to live in. You can either install it into an existing Django project site, or clone the django-todo [demo site (GTD)](
If using your own site, be sure you have jQuery and Bootstrap wired up and working.
django-todo views that require it will insert additional CSS/JavaScript into page heads, so your project's base templates must include:
{% block extrahead %}{% endblock extrahead %}
{% block extra_js %}{% endblock extra_js %}
django-todo comes with its own `todo/base.html`, which extends your master `base.html`. All content lives inside of:
`{% block content %}{% endblock %}`
If you use some other name for your main content area, you'll need to override and alter the provided templates.
All views are login-required. Therefore, you must have a working user authentication system.
For email notifications to work, make sure your site/project is [set up to send email](
Make sure you've installed the Django "sites" framework and have specified the default site in settings, e.g. `SITE_ID = 1`
Put django-todo/todo somewhere on your Python path, or install via pip:
pip install django-todo
Add to your settings:
Migrate in database tables:
`python migrate todo`
Add to your URL conf:
`path('todo/', include('todo.urls', namespace="todo")),`
Add links to your site's navigation system:
<a href="{% url 'todo:lists' %}">Todo Lists</a>
<a href="{% url 'todo:mine' %}">My Tasks</a>
django-todo makes use of the Django `messages` system. Make sure you have something like [this]( (link) in your `base.html`.
Log in and access `/todo`!
### Customizing Templates
The provided templates are fairly bare-bones, and are meant as starting points only. Unlike previous versions of django-todo, they now ship as Bootstrap examples, but feel free to override them - there is no hard dependency on Bootstrap. To override a template, create a `todo` folder in your project's `templates` dir, then copy the template you want to override from django-todo source and into that dir.
### Filing Public Tickets
If you wish to use the public ticket-filing system, first create the list into which those tickets should be filed, then add its slug to `TODO_DEFAULT_LIST_SLUG` in settings (more on settings below).
## Settings
Optional configuration params, which can be added to your project settings:
# Restrict access to ALL todo lists/views to `is_staff` users.
# If False or unset, all users can see all views (but more granular permissions are still enforced
# within views, such as requiring staff for adding and deleting lists).
# If you use the "public" ticket filing option, to whom should these tickets be assigned?
# Must be a valid username in your system. If unset, unassigned tickets go to "Anyone."
# If you use the "public" ticket filing option, to which list should these tickets be saved?
# Defaults to first list found, which is probably not what you want!
# If you use the "public" ticket filing option, to which *named URL* should the user be
# redirected after submitting? (since they can't see the rest of the ticket system).
# Defaults to "/"
# Enable or disable file attachments on Tasks
# Optionally limit list of allowed filetypes
TODO_ALLOWED_FILE_ATTACHMENTS = [".jpg", ".gif", ".csv", ".pdf", ".zip"]
# additionnal classes the comment body should hold
# adding "text-monospace" makes comment monospace
# The following two settings are relevant only if you want todo to track a support mailbox -
# see Mail Tracking below.
The current django-todo version number is available from the [todo package](
python -c "import todo; print(todo.__version__)"
## Importing Tasks via CSV
django-todo has the ability to batch-import ("upsert") tasks from a specifically formatted CSV spreadsheet. This ability is provided through both a management command and a web interface.
**Management Command**
`./ import_csv -f /path/to/file.csv`
**Web Importer**
Link from your navigation to `{url "todo:import_csv"}`. Follow the resulting link for the CSV web upload view.
### CSV Formatting
Copy `todo/data/import_example.csv` to another location on your system and edit in a spreadsheet or directly.
**Do not edit the header row!**
The first four columns: `'Title', 'Group', 'Task List', 'Created By'` are required -- all others are optional and should work pretty much exactly like manual task entry via the web UI.
Note: Internally, Tasks are keyed to TaskLists, not to Groups (TaskLists are in Gruops). However, we request the Group in the CSV
because it's possible to have multiple TaskLists with the same name in different groups; i.e. we need it for namespacing and permissions.
### Import Rules
Because data entered via CSV is not going through the same view permissions enforced in the rest of django-todo, and to simplify data dependency logic, and to pre-empt disagreements between django-todo users, the importer will *not* create new users, groups, or task lists. All users, groups, and task lists referenced in your CSV must already exist, and group memberships must be correct.
Any validation error (e.g. unparse-able dates, incorrect group memberships) **will result in that row being skipped.**
A report of rows upserted and rows skipped (with line numbers and reasons) is provided at the end of the run.
### Upsert Logic
For each valid row, we need to decide whether to create a new task or update an existing one. django-todo matches on the unique combination of the four required columns. If we find a task that matches those, we *update* the rest of the columns. In other words, if you import a CSV once, then edit the Assigned To for a task and import it again, the original task will be updated with a new assignee (and same for the other columns).
Otherwise we create a new task.
## Mail Tracking
What if you could turn django-todo into a shared mailbox? Django-todo includes an optional feature that allows emails
sent to a dedicated mailbox to be pushed into todo as new tasks, and responses to be added as comments on those tasks.
This allows support teams to work with a fully unified email + bug tracking system to avoid confusion over who's seen or
responded to what.
To enable mail tracking, you need to:
- Define an email backend for outgoing emails
- Define an email backend for incoming emails
- Start a worker, which will wait for new emails
In settings:
from todo.mail.producers import imap_producer
from todo.mail.consumers import tracker_consumer
from import smtp_backend, console_backend
# email notifications configuration
# each task list can get its own delivery method
# mail-queue is the name of the task list, not the worker name
"mail-queue": smtp_backend(
# used as the From field when sending notifications.
# a username might be prepended later on
# additionnal headers
# incoming mail worker configuration
# configuration for worker "test_tracker"
"test_tracker": {
"producer": imap_producer(
# process_all=False, # by default, only unseen emails are processed
# preserve=False, # delete emails if False
# nap_duration=1, # duration of the pause between polling rounds
# input_folder="INBOX", # where to read emails from
"consumer": tracker_consumer(
group="Mail Queuers",
task_title_format="[TEST_MAIL] {subject}",
A mail worker can be started with:
./ mail_worker test_tracker
Some views and URLs were renamed in 2.0 for logical consistency. If this affects you, see source code and the demo GTD site for reference to the new URL names.
If you want to log mail events, make sure to properly configure django logging:
'version': 1,
'disable_existing_loggers': False,
'handlers': {
'console': {
'class': 'logging.StreamHandler',
'loggers': {
'': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': True,
## Running Tests
django-todo uses pytest exclusively for testing. The best way to run the suite is to clone django-todo into its own directory, install pytest, then:
pip install pytest pytest-django
pip install --editable .
pytest -x -v
## Version History
**2.4.10** It is now possible to use unicode characters (such as Chinese) as the only chars in a list title.
**2.4.9** Fixed: Editing a task should not change its completed/incomplete status
**2.4.8** Fix bug when setting default values for unspecified settings
**2.4.7** Support custom user model in external_add
**2.4.6** Use `defaults` hash for default settings, update perms and tests
**2.4.5** Re-enable "notify" feature during task edit
**2.4.4** Fix issues with / installation
**2.4.0** Implement optional file attachments on tasks
**2.3.2** Update metadata
**2.3.1** Improve error handling for badly formatted or non-existent CSV uploads.
**2.3.0** Implement mail tracking system. Added ability to batch-import tasks via CSV. Fixed task re-ordering if task deleted behind the scenes.
**2.2.2** Update dependencies
**2.2.1** Convert task delete and toggle_done views to POST only
**2.2.0** Re-instate enforcement of TODO_STAFF_ONLY setting
**2.1.1** Correct Python version requirement in documentation to Python 3.6
**2.1.1** Split up views into separate modules.
**2.1.0** December 2018: No longer allowing Javascript in task or comment bodies. Misc bug fixes.
**2.0.3** April 2018: Bump production status in
**2.0.2** April 2018: Improve notification email subjects and bodies
**2.0.1** April 2018: Refactored "toggle done" and "delete" actions from list view.
**2.0** April 2018: Major project refactor, with almost completely rewritten views, templates, and todo's first real test suite.
**1.6.2** Added support for unicode characters in list name/slugs.
**1.6.1** Minor bug fixes.
**1.6** Allow unassigned ("Anyone") tasks. Clean-up / modernize templates and views. Testing infrastructure in place.
**1.5** flake8 support, Item note no longer a required field, fix warnings for Django 1.8, Python 2/3-compatible unicode strings, simple search for tasks, get_absolute_url() for items.
**1.4** - Removed styling from default templates. Added excludes fields from Form definitions to prevent warnings. Removed deprecated 'cycle' tags from templates. Added settings for various elements for public ticket submissions.
**1.3** - Removed stray direct_to_template reference. Quoted all named URL references for Django 1.5 compatibility.
**1.2** - Added CSRF protection to all sample templates. Added integrated search function. Now showing the ratio of completed/total items for each
list. Better separation of media and templates. Cleaned up Item editing form (removed extraneous fields). Re-assigning tasks now properly limits
the list of assignees. Moved project to github.
**1.1** - Completion date was set properly when checking items off a list, but not when saving from an Item detail page. Added a save method on Item to
fix. Fixed documentation bug re: context_processors. Newly added comments are now emailed to everyone who has participated in a thread on a task.
**1.0.1** - When viewing a single task that you want to close, it's useful to be able to comment on and close a task at the same time. We were using
django-comments so these were different models in different views. Solution was to stop using django-comments and roll our own, then rewire the
view. Apologies if you were using a previous version - you may need to port over your comments to the new system.
**1.0.0** - Major upgrade to release version. Drag and drop task prioritization. E-mail notifications (now works more like a ticket system). More
attractive date picker. Bug fixes.
**0.9.5** - Fixed jquery bug when editing existing events - datepicker now shows correct date. Removed that damned Django pony from base template.
**0.9.4** - Replaced str with unicode in models. Fixed links back to lists in "My Tasks" view.
**0.9.3** - Missing link to the individual task editing view
**0.9.2** - Now fails gracefully when trying to add a 2nd list with the same name to the same group. - Due dates for tasks are now truly optional. -
Corrected datetime editing conflict when editing tasks - Max length of a task name has been raised from 60 to 140 chars. If upgrading, please
modify your database accordingly (field = maxlength 140). - Security: Users supplied with direct task URLs can no longer view/edit
tasks outside their group scope Same for list views - authorized views only. - Correct item and group counts on homepage (note - admin users see
ALL groups, not just the groups they "belong" to)
**0.9.1** - Removed - leftover turdlet
**0.9** - First release
## Todo 2.0 Upgrade Notes
django-todo 2.0 was rebuilt almost from the ground up, and included some radical changes, including model name changes. As a result, it is *not compatible* with data from django-todo 1.x. If you would like to upgrade an existing installation, try this:
* Use `./ dumpdata todo --indent 4 > todo.json` to export your old todo data
* Edit the dump file, replacing the old model names `Item` and `List` with the new model names (`Task` and `TaskList`)
* Delete your existing todo data
* Uninstall the old todo app and reinstall
* Migrate, then use `./ loaddata todo.json` to import the edited data
### Why not provide migrations?
That was the plan, but unfortunately, `makemigrations` created new tables and dropped the old ones, making this a destructive update. Renaming models is unfortunately not something `makemigrations` can do, and I really didn't want to keep the badly named original models. Sorry!
### Datepicker
django-todo no longer references a jQuery datepicker, but defaults to native html5 browser datepicker (not supported by Safari, unforunately). Feel free to implement one of your choosing.
### URLs
Some views and URLs were renamed for logical consistency. If this affects you, see source code and the demo GTD site for reference to the new URL names.

View file

@ -1,13 +0,0 @@
from django.urls import include, path
This urlconf exists so we can run tests without an actual Django project
(Django expects ROOT_URLCONF to exist.) This helps the tests remain isolated.
For your project, ignore this file and add
`path('lists/', include('todo.urls')),`
to your site's urlconf.
urlpatterns = [path("lists/", include("todo.urls"))]

View file

@ -22,7 +22,6 @@ k8sDeploy () {
fi fi
sleep 10 sleep 10
done done
cd ${groot}/contrib
} }
InstallCSI () { InstallCSI () {
helm repo add rimusz helm repo add rimusz
@ -40,7 +39,7 @@ InstallPGSQL () {
helm install db bitnami/postgresql \ helm install db bitnami/postgresql \
--set persistence.storageClass=hostpath \ --set persistence.storageClass=hostpath \
--set persistence.size=1Gi --set persistence.size=1Gi
export POSTGRES_PASSWORD=$(kubectl get secret db-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) POSTGRES_PASSWORD=$(kubectl get secret db-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode)
} }
InstallIngress () { InstallIngress () {
# Allow scheduling on our master node # Allow scheduling on our master node
@ -51,6 +50,10 @@ InstallIngress () {
# Fix external IP for LB... # Fix external IP for LB...
kubectl patch svc $(kubectl get svc -n kube-system|grep nginx-ingress|awk '{print $1}') -n kube-system --patch "$(cat ${groot}/contrib/ymls/ingress.fix.yaml)" kubectl patch svc $(kubectl get svc -n kube-system|grep nginx-ingress|awk '{print $1}') -n kube-system --patch "$(cat ${groot}/contrib/ymls/ingress.fix.yaml)"
} }
InstallApp () {
cd ${groot}
werf deploy --env production --set 'DBPwd=$(kubectl get secret db-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode'
if [ ! -f ${bootflag} ]; then if [ ! -f ${bootflag} ]; then
touch ${bootflag} touch ${bootflag}

View file

@ -1,399 +0,0 @@
# django-todo
django-todo is a pluggable, multi-user, multi-group task management and
assignment application for Django, designed to be dropped into an existing site as a reusable app. django-todo can be used as a personal to-do tracker, or a group task management system, or a ticketing system for organizations (or all of these at once!)
**The best way to learn how django-todo works is to visit the live demo site at [](!**
## Features
* Drag and drop task prioritization
* Email task notification
* Search
* Comments on tasks
* Public-facing submission form for tickets
* Mobile-friendly (work in progress)
* Separate view for My Tasks (across lists)
* Batch-import tasks via CSV
* Integrated mail tracking (unify a task list with an email box)
## Requirements
* Django 2.0+
* Python 3.6+
* jQuery (full version, not "slim", for drag/drop prioritization)
* Bootstrap (to work with provided templates, though you can override them)
* bleach (`pip install bleach`)
* django-autocomplete-light (optional, required for task merging)
## Overview
We assume that your organization has multiple groups of employees, each with multiple users (where actual users and groups map to Django Users and Groups). Users may belong to multiple groups, and each group can have multiple todo lists.
You must have at least one Group set up in Django admin, and that group must have at least one User as a member. This is true even if you're the sole user of django-todo.
Users can view and modify all to-do lists belonging to their group(s). Only users with `is_staff` can add or delete lists.
Identical list names can exist in different groups, but not in the same group.
Emails are generated to the assigned-to person when new tasks are created.
Comment threads can be added to tasks. Each participant in a thread receives email when new comments are added.
django-todo is auth-only. You must set up a login system and at least one group before deploying.
All tasks are "created by" the current user and can optionally be "assigned to" a specific user. Unassigned tickets appear as belonging to "anyone" in the UI.
django-todo v2 makes use of features only available in Django 2.0. It will not work in previous versions. v2 is only tested against Python 3.x -- no guarantees if running it against older versions.
## Installation
django-todo is a Django app, not a project site. It needs a site to live in. You can either install it into an existing Django project site, or clone the django-todo [demo site (GTD)](
If using your own site, be sure you have jQuery and Bootstrap wired up and working.
django-todo views that require it will insert additional CSS/JavaScript into page heads, so your project's base templates must include:
{% block extrahead %}{% endblock extrahead %}
{% block extra_js %}{% endblock extra_js %}
django-todo comes with its own `todo/base.html`, which extends your master `base.html`. All content lives inside of:
`{% block content %}{% endblock %}`
If you use some other name for your main content area, you'll need to override and alter the provided templates.
All views are login-required. Therefore, you must have a working user authentication system.
For email notifications to work, make sure your site/project is [set up to send email](
Make sure you've installed the Django "sites" framework and have specified the default site in settings, e.g. `SITE_ID = 1`
Put django-todo/todo somewhere on your Python path, or install via pip:
pip install django-todo
Add to your settings:
Migrate in database tables:
`python migrate todo`
Add to your URL conf:
`path('todo/', include('todo.urls', namespace="todo")),`
Add links to your site's navigation system:
<a href="{% url 'todo:lists' %}">Todo Lists</a>
<a href="{% url 'todo:mine' %}">My Tasks</a>
django-todo makes use of the Django `messages` system. Make sure you have something like [this]( (link) in your `base.html`.
Log in and access `/todo`!
### Customizing Templates
The provided templates are fairly bare-bones, and are meant as starting points only. Unlike previous versions of django-todo, they now ship as Bootstrap examples, but feel free to override them - there is no hard dependency on Bootstrap. To override a template, create a `todo` folder in your project's `templates` dir, then copy the template you want to override from django-todo source and into that dir.
### Filing Public Tickets
If you wish to use the public ticket-filing system, first create the list into which those tickets should be filed, then add its slug to `TODO_DEFAULT_LIST_SLUG` in settings (more on settings below).
## Settings
Optional configuration params, which can be added to your project settings:
# Restrict access to ALL todo lists/views to `is_staff` users.
# If False or unset, all users can see all views (but more granular permissions are still enforced
# within views, such as requiring staff for adding and deleting lists).
# If you use the "public" ticket filing option, to whom should these tickets be assigned?
# Must be a valid username in your system. If unset, unassigned tickets go to "Anyone."
# If you use the "public" ticket filing option, to which list should these tickets be saved?
# Defaults to first list found, which is probably not what you want!
# If you use the "public" ticket filing option, to which *named URL* should the user be
# redirected after submitting? (since they can't see the rest of the ticket system).
# Defaults to "/"
# additionnal classes the comment body should hold
# adding "text-monospace" makes comment monospace
# The following two settings are relevant only if you want todo to track a support mailbox -
# see Mail Tracking below.
The current django-todo version number is available from the [todo package](
python -c "import todo; print(todo.__version__)"
## Importing Tasks via CSV
django-todo has the ability to batch-import ("upsert") tasks from a specifically formatted CSV spreadsheet. This ability is provided through both a management command and a web interface.
**Management Command**
`./ import_csv -f /path/to/file.csv`
**Web Importer**
Link from your navigation to `{url "todo:import_csv"}`. Follow the resulting link for the CSV web upload view.
### CSV Formatting
Copy `todo/data/import_example.csv` to another location on your system and edit in a spreadsheet or directly.
**Do not edit the header row!**
The first four columns: `'Title', 'Group', 'Task List', 'Created By'` are required -- all others are optional and should work pretty much exactly like manual task entry via the web UI.
Note: Internally, Tasks are keyed to TaskLists, not to Groups (TaskLists are in Gruops). However, we request the Group in the CSV
because it's possible to have multiple TaskLists with the same name in different groups; i.e. we need it for namespacing and permissions.
### Import Rules
Because data entered via CSV is not going through the same view permissions enforced in the rest of django-todo, and to simplify data dependency logic, and to pre-empt disagreements between django-todo users, the importer will *not* create new users, groups, or task lists. All users, groups, and task lists referenced in your CSV must already exist, and group memberships must be correct.
Any validation error (e.g. unparse-able dates, incorrect group memberships) **will result in that row being skipped.**
A report of rows upserted and rows skipped (with line numbers and reasons) is provided at the end of the run.
### Upsert Logic
For each valid row, we need to decide whether to create a new task or update an existing one. django-todo matches on the unique combination of the four required columns. If we find a task that matches those, we *update* the rest of the columns. In other words, if you import a CSV once, then edit the Assigned To for a task and import it again, the original task will be updated with a new assignee (and same for the other columns).
Otherwise we create a new task.
## Mail Tracking
What if you could turn django-todo into a shared mailbox? Django-todo includes an optional feature that allows emails
sent to a dedicated mailbox to be pushed into todo as new tasks, and responses to be added as comments on those tasks.
This allows support teams to work with a fully unified email + bug tracking system to avoid confusion over who's seen or
responded to what.
To enable mail tracking, you need to:
- Define an email backend for outgoing emails
- Define an email backend for incoming emails
- Start a worker, which will wait for new emails
In settings:
from todo.mail.producers import imap_producer
from todo.mail.consumers import tracker_consumer
from import smtp_backend, console_backend
# email notifications configuration
# each task list can get its own delivery method
# mail-queue is the name of the task list, not the worker name
"mail-queue": smtp_backend(
# used as the From field when sending notifications.
# a username might be prepended later on
# additionnal headers
# incoming mail worker configuration
# configuration for worker "test_tracker"
"test_tracker": {
"producer": imap_producer(
# process_all=False, # by default, only unseen emails are processed
# preserve=False, # delete emails if False
# nap_duration=1, # duration of the pause between polling rounds
# input_folder="INBOX", # where to read emails from
"consumer": tracker_consumer(
group="Mail Queuers",
task_title_format="[TEST_MAIL] {subject}",
A mail worker can be started with:
./ mail_worker test_tracker
Some views and URLs were renamed in 2.0 for logical consistency. If this affects you, see source code and the demo GTD site for reference to the new URL names.
If you want to log mail events, make sure to properly configure django logging:
'version': 1,
'disable_existing_loggers': False,
'handlers': {
'console': {
'class': 'logging.StreamHandler',
'loggers': {
'': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': True,
## Running Tests
django-todo uses pytest exclusively for testing. The best way to run the suite is to clone django-todo into its own directory, install pytest, then:
pip install pytest pytest-django
pip install --editable .
pytest -x -v
The previous `tox` system was removed with the v2 release, since we no longer aim to support older Python or Django versions.
## Upgrade Notes
django-todo 2.0 was rebuilt almost from the ground up, and included some radical changes, including model name changes. As a result, it is *not compatible* with data from django-todo 1.x. If you would like to upgrade an existing installation, try this:
* Use `./ dumpdata todo --indent 4 > todo.json` to export your old todo data
* Edit the dump file, replacing the old model names `Item` and `List` with the new model names (`Task` and `TaskList`)
* Delete your existing todo data
* Uninstall the old todo app and reinstall
* Migrate, then use `./ loaddata todo.json` to import the edited data
### Why not provide migrations?
That was the plan, but unfortunately, `makemigrations` created new tables and dropped the old ones, making this a destructive update. Renaming models is unfortunately not something `makemigrations` can do, and I really didn't want to keep the badly named original models. Sorry!
### Datepicker
django-todo no longer references a jQuery datepicker, but defaults to native html5 browser datepicker (not supported by Safari, unforunately). Feel free to implement one of your choosing.
## Version History
**2.3.0** Implement mail tracking system. Added ability to batch-import tasks via CSV. Fixed task re-ordering if task deleted behind the scenes.
**2.2.2** Update dependencies
**2.2.1** Convert task delete and toggle_done views to POST only
**2.2.0** Re-instate enforcement of TODO_STAFF_ONLY setting
**2.1.1** Correct Python version requirement in documentation to Python 3.6
**2.1.1** Split up views into separate modules.
**2.1.0** December 2018: No longer allowing Javascript in task or comment bodies. Misc bug fixes.
**2.0.3** April 2018: Bump production status in
**2.0.2** April 2018: Improve notification email subjects and bodies
**2.0.1** April 2018: Refactored "toggle done" and "delete" actions from list view.
**2.0** April 2018: Major project refactor, with almost completely rewritten views, templates, and todo's first real test suite.
**1.6.2** Added support for unicode characters in list name/slugs.
**1.6.1** Minor bug fixes.
**1.6** Allow unassigned ("Anyone") tasks. Clean-up / modernize templates and views. Testing infrastructure in place.
**1.5** flake8 support, Item note no longer a required field, fix warnings for Django 1.8, Python 2/3-compatible unicode strings, simple search for tasks, get_absolute_url() for items.
**1.4** - Removed styling from default templates. Added excludes fields from Form definitions to prevent warnings. Removed deprecated 'cycle' tags from templates. Added settings for various elements for public ticket submissions.
**1.3** - Removed stray direct_to_template reference. Quoted all named URL references for Django 1.5 compatibility.
**1.2** - Added CSRF protection to all sample templates. Added integrated search function. Now showing the ratio of completed/total items for each
list. Better separation of media and templates. Cleaned up Item editing form (removed extraneous fields). Re-assigning tasks now properly limits
the list of assignees. Moved project to github.
**1.1** - Completion date was set properly when checking items off a list, but not when saving from an Item detail page. Added a save method on Item to
fix. Fixed documentation bug re: context_processors. Newly added comments are now emailed to everyone who has participated in a thread on a task.
**1.0.1** - When viewing a single task that you want to close, it's useful to be able to comment on and close a task at the same time. We were using
django-comments so these were different models in different views. Solution was to stop using django-comments and roll our own, then rewire the
view. Apologies if you were using a previous version - you may need to port over your comments to the new system.
**1.0.0** - Major upgrade to release version. Drag and drop task prioritization. E-mail notifications (now works more like a ticket system). More
attractive date picker. Bug fixes.
**0.9.5** - Fixed jquery bug when editing existing events - datepicker now shows correct date. Removed that damned Django pony from base template.
**0.9.4** - Replaced str with unicode in models. Fixed links back to lists in "My Tasks" view.
**0.9.3** - Missing link to the individual task editing view
**0.9.2** - Now fails gracefully when trying to add a 2nd list with the same name to the same group. - Due dates for tasks are now truly optional. -
Corrected datetime editing conflict when editing tasks - Max length of a task name has been raised from 60 to 140 chars. If upgrading, please
modify your database accordingly (field = maxlength 140). - Security: Users supplied with direct task URLs can no longer view/edit
tasks outside their group scope Same for list views - authorized views only. - Correct item and group counts on homepage (note - admin users see
ALL groups, not just the groups they "belong" to)
**0.9.1** - Removed - leftover turdlet
**0.9** - First release
## Todo 2.0 Upgrade Notes
django-todo 2.0 was rebuilt almost from the ground up, and included some radical changes, including model name changes. As a result, it is *not compatible* with data from django-todo 1.x. If you would like to upgrade an existing installation, try this:
* Use `./ dumpdata todo --indent 4 > todo.json` to export your old todo data
* Edit the dump file, replacing the old model names `Item` and `List` with the new model names (`Task` and `TaskList`)
* Delete your existing todo data
* Uninstall the old todo app and reinstall
* Migrate, then use `./ loaddata todo.json` to import the edited data
### Why not provide migrations?
That was the plan, but unfortunately, `makemigrations` created new tables and dropped the old ones, making this a destructive update. Renaming models is unfortunately not something `makemigrations` can do, and I really didn't want to keep the badly named original models. Sorry!
### Datepicker
django-todo no longer references a jQuery datepicker, but defaults to native html5 browser datepicker (not supported by Safari, unforunately). Feel free to implement one of your choosing.
### URLs
Some views and URLs were renamed for logical consistency. If this affects you, see source code and the demo GTD site for reference to the new URL names.

3 Normal file
View file

@ -0,0 +1,3 @@
pipenv run python migrate todo
pipenv run python runserver

26 Normal file
View file

@ -0,0 +1,26 @@
from .settings import *
import os
DEBUG = True
'default': {
'ENGINE': 'django.db.backends.postgresql',
'NAME': os.environ['DATABASE_NAME'],
'HOST': os.environ['DATABASE_HOST'],
'USER': os.environ['DATABASE_USER'],
'PORT': '',
SECRET_KEY = os.environ['SECRET_KEY']
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
# TODO-specific settings

View file

@ -1,2 +0,0 @@
site_name: "readthedocs"
theme: "readthedocs"

View file

@ -1,4 +0,0 @@
# -- recommended but optional:
python_files = test_*.py *

View file

@ -1,49 +0,0 @@
# Based on master example at
from io import open
from os import path
from setuptools import setup, find_packages
import todo
here = path.abspath(path.dirname(__file__))
# Get the long description from the README file
with open(path.join(here, ""), encoding="utf-8") as f:
long_description =
description="A multi-user, multi-group task management and assignment system for Django.",
author="Scot Hacker",
# For a list of valid classifiers, see
"Development Status :: 5 - Production/Stable",
"Intended Audience :: Developers",
"License :: OSI Approved :: BSD License",
"Programming Language :: Python :: 3.6",
"Programming Language :: Python :: 3.7",
"Environment :: Web Environment",
"Framework :: Django",
"Operating System :: OS Independent",
"Topic :: Office/Business :: Groupware",
"Topic :: Office/Business :: Groupware",
"Topic :: Software Development :: Bug Tracking",
"Topic :: Software Development :: Bug Tracking",
keywords="lists todo bug bugs tracking",
packages=find_packages(), # Finds modules with an
include_package_data=True, # Pulls in non-module data from
"Demo Site": "",
"Bug Reports": "",
"Source": "",

View file

@ -1,71 +0,0 @@
import os
DEBUG = (True,)
BASE_DIR = os.path.dirname(os.path.dirname(__file__))
DATABASES = {"default": {"ENGINE": "django.db.backends.sqlite3"}}
EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
# Document
SECRET_KEY = "LKFSD8sdl.,8&sdf--"
ROOT_URLCONF = "base_urls"
"BACKEND": "django.template.backends.django.DjangoTemplates",
"DIRS": [os.path.join(BASE_DIR, "todo", "templates")],
"APP_DIRS": True,
"context_processors": [
# Your stuff: custom template context processors go here
"version": 1,
"disable_existing_loggers": False,
"handlers": {"console": {"class": "logging.StreamHandler"}},
"loggers": {
"": {"handlers": ["console"], "level": "DEBUG", "propagate": True},
"django": {"handlers": ["console"], "level": "WARNING", "propagate": True},
"django.request": {"handlers": ["console"], "level": "DEBUG", "propagate": True},

View file

@ -1,12 +0,0 @@
A multi-user, multi-group task management and assignment system for Django.
__version__ = "2.4.10"
__author__ = "Scot Hacker"
__email__ = ""
__url__ = ""
__license__ = "BSD License"
from . import check

View file

@ -1,25 +0,0 @@
from django.contrib import admin
from todo.models import Attachment, Comment, Task, TaskList
class TaskAdmin(admin.ModelAdmin):
list_display = ("title", "task_list", "completed", "priority", "due_date")
list_filter = ("task_list",)
ordering = ("priority",)
search_fields = ("title",)
class CommentAdmin(admin.ModelAdmin):
list_display = ("author", "date", "snippet")
class AttachmentAdmin(admin.ModelAdmin):
list_display = ("task", "added_by", "timestamp", "file")
autocomplete_fields = ["added_by", "task"], CommentAdmin), TaskAdmin), AttachmentAdmin)

View file

@ -1,17 +0,0 @@
from django.core.checks import Error, register
# the sole purpose of this warning is to prevent people who have
# django-autocomplete-light installed but not configured to start the app
def dal_check(app_configs, **kwargs):
from django.conf import settings
from todo.features import HAS_AUTOCOMPLETE
return []
errors = []
missing_apps = {"dal", "dal_select2"} - set(settings.INSTALLED_APPS)
for missing_app in missing_apps:
errors.append(Error("{} needs to be in INSTALLED_APPS".format(missing_app)))
return errors

View file

@ -1,4 +0,0 @@
Title,Group,Task List,Created By,Created Date,Due Date,Completed,Assigned To,Note,Priority
Make dinner,Scuba Divers,Web project,shacker,,2019-06-14,No,,Please check with mgmt first,3
Bake bread,Scuba Divers,Example List,mr_random,2012-03-14,,Yes,,,
Bring dessert,Scuba Divers,Web project,user1,2015-06-248,,,user1,Every generation throws a hero up the pop charts,77
1 Title Group Task List Created By Created Date Due Date Completed Assigned To Note Priority
2 Make dinner Scuba Divers Web project shacker 2019-06-14 No Please check with mgmt first 3
3 Bake bread Scuba Divers Example List mr_random 2012-03-14 Yes
4 Bring dessert Scuba Divers Web project user1 2015-06-248 user1 Every generation throws a hero up the pop charts 77

View file

@ -1,28 +0,0 @@
# If a documented django-todo option is NOT configured in settings, use these values.
from django.conf import settings
hash = {
"TODO_LIMIT_FILE_ATTACHMENTS": [".jpg", ".gif", ".png", ".csv", ".pdf", ".zip"],
# These intentionally have no defaults (user MUST set a value if their features are used):
def defaults(key: str):
"""Try to get a setting from project settings.
If empty or doesn't exist, fall back to a value from defaults hash."""
if hasattr(settings, key):
val = getattr(settings, key)
val = hash.get(key)
return val

View file

@ -1,16 +0,0 @@
# The integrated mail queue functionality can enable advanced functionality if
# django-autocomplete-light is installed and configured. We can use this module
# to check for other installed dependencies in the future.
import dal
except ImportError:
import dal.autocomplete
if getattr(dal.autocomplete, "Select2QuerySetView", None) is not None:

View file

@ -1,87 +0,0 @@
from django import forms
from django.contrib.auth.models import Group
from django.forms import ModelForm
from todo.models import Task, TaskList
class AddTaskListForm(ModelForm):
"""The picklist showing allowable groups to which a new list can be added
determines which groups the user belongs to. This queries the form object
to derive that list."""
def __init__(self, user, *args, **kwargs):
super(AddTaskListForm, self).__init__(*args, **kwargs)
self.fields["group"].queryset = Group.objects.filter(user=user)
self.fields["group"].widget.attrs = {
"id": "id_group",
"class": "custom-select mb-3",
"name": "group",
class Meta:
model = TaskList
exclude = ["created_date", "slug"]
class AddEditTaskForm(ModelForm):
"""The picklist showing the users to which a new task can be assigned
must find other members of the group this TaskList is attached to."""
def __init__(self, user, *args, **kwargs):
super().__init__(*args, **kwargs)
task_list = kwargs.get("initial").get("task_list")
members =
self.fields["assigned_to"].queryset = members
self.fields["assigned_to"].label_from_instance = lambda obj: "%s (%s)" % (
self.fields["assigned_to"].widget.attrs = {
"id": "id_assigned_to",
"class": "custom-select mb-3",
"name": "assigned_to",
self.fields["task_list"].value = kwargs["initial"]["task_list"].id
due_date = forms.DateField(widget=forms.DateInput(attrs={"type": "date"}), required=False)
title = forms.CharField(widget=forms.widgets.TextInput())
note = forms.CharField(widget=forms.Textarea(), required=False)
completed = forms.BooleanField(required=False)
def clean_created_by(self):
"""Keep the existing created_by regardless of anything coming from the submitted form.
If creating a new task, then created_by will be None, but we set it before saving."""
return self.instance.created_by
class Meta:
model = Task
exclude = []
class AddExternalTaskForm(ModelForm):
"""Form to allow users who are not part of the GTD system to file a ticket."""
title = forms.CharField(widget=forms.widgets.TextInput(attrs={"size": 35}), label="Summary")
note = forms.CharField(widget=forms.widgets.Textarea(), label="Problem Description")
priority = forms.IntegerField(widget=forms.HiddenInput())
class Meta:
model = Task
exclude = (
class SearchForm(forms.Form):
q = forms.CharField(widget=forms.widgets.TextInput(attrs={"size": 35}))

View file

View file

@ -1,9 +0,0 @@
def tracker_consumer(**kwargs):
def tracker_factory(producer):
# the import needs to be delayed until call to enable
# using the wrapper in the django settings
from .tracker import tracker_consumer
return tracker_consumer(producer, **kwargs)
return tracker_factory

View file

@ -1,151 +0,0 @@
import re
import logging
from email.charset import Charset as EMailCharset
from django.db import transaction
from django.db.models import Count
from html2text import html2text
from todo.models import Comment, Task, TaskList
logger = logging.getLogger(__name__)
def part_decode(message):
charset = ("ascii", "ignore")
email_charset = message.get_content_charset()
if email_charset:
charset = (EMailCharset(email_charset).input_charset,)
body = message.get_payload(decode=True)
return body.decode(*charset)
def message_find_mime(message, mime_type):
for submessage in message.walk():
if submessage.get_content_type() == mime_type:
return submessage
return None
def message_text(message):
text_part = message_find_mime(message, "text/plain")
if text_part is not None:
return part_decode(text_part)
html_part = message_find_mime(message, "text/html")
if html_part is not None:
return html2text(part_decode(html_part))
# TODO: find something smart to do when no text if found
return ""
def format_task_title(format_string, message):
return format_string.format(subject=message["subject"], author=message["from"])
DJANGO_TODO_THREAD = re.compile(r"<thread-(\d+)@django-todo>")
def parse_references(task_list, references):
related_messages = []
answer_thread = None
for related_message in references.split():"checking reference: %r", related_message)
match = re.match(DJANGO_TODO_THREAD, related_message)
if match is None:
thread_id = int(
new_answer_thread = Task.objects.filter(task_list=task_list, pk=thread_id).first()
if new_answer_thread is not None:
answer_thread = new_answer_thread
if answer_thread is None:"no answer thread found in references")
else:"found an answer thread: %d", answer_thread)
return related_messages, answer_thread
def insert_message(task_list, message, priority, task_title_format):
if "message-id" not in message:
logger.warning("missing message id, ignoring message")
if "from" not in message:
logger.warning('missing "From" header, ignoring message')
if "subject" not in message:
logger.warning('missing "Subject" header, ignoring message')
"received message:\t"
f"[Subject: {message['subject']}]\t"
f"[Message-ID: {message['message-id']}]\t"
f"[References: {message['references']}]\t"
f"[To: {message['to']}]\t"
f"[From: {message['from']}]"
# Due to limitations in MySQL wrt unique_together and TextField (grrr),
# we must use a CharField rather than TextField for message_id.
# In the unlikeley event that we get a VERY long inbound
# message_id, truncate it to the max_length of a MySQL CharField.
original_message_id = message["message-id"]
message_id = (
(original_message_id[:252] + "...")
if len(original_message_id) > 255
else original_message_id
message_from = message["from"]
text = message_text(message)
related_messages, answer_thread = parse_references(task_list, message.get("references", ""))
# find the most relevant task to add a comment on.
# among tasks in the selected task list, find the task having the
# most email comments the current message references
best_task = (
Task.objects.filter(task_list=task_list, comment__email_message_id__in=related_messages)
# if no related comment is found but a thread message-id
# (generated by django-todo) could be found, use it
if best_task is None and answer_thread is not None:
best_task = answer_thread
with transaction.atomic():
if best_task is None:
best_task = Task.objects.create(
title=format_task_title(task_title_format, message),
)"using task: %r", best_task)
comment, comment_created = Comment.objects.get_or_create(
defaults={"email_from": message_from, "body": text},
)"created comment: %r", comment)
def tracker_consumer(
producer, group=None, task_list_slug=None, priority=1, task_title_format="[MAIL] {subject}"
task_list = TaskList.objects.get(group__name=group, slug=task_list_slug)
for message in producer:
insert_message(task_list, message, priority, task_title_format)
except Exception:
# ignore exceptions during insertion, in order to avoid
logger.exception("got exception while inserting message")

View file

@ -1,27 +0,0 @@
import importlib
def _declare_backend(backend_path):
backend_path = backend_path.split(".")
backend_module_name = ".".join(backend_path[:-1])
class_name = backend_path[-1]
def backend(*args, headers={}, from_address=None, **kwargs):
def _backend():
backend_module = importlib.import_module(backend_module_name)
backend = getattr(backend_module, class_name)
return backend(*args, **kwargs)
if from_address is None:
raise ValueError("missing from_address")
_backend.from_address = from_address
_backend.headers = headers
return _backend
return backend
smtp_backend = _declare_backend("django.core.mail.backends.smtp.EmailBackend")
console_backend = _declare_backend("django.core.mail.backends.console.EmailBackend")
locmem_backend = _declare_backend("django.core.mail.backends.locmem.EmailBackend")

View file

@ -1,9 +0,0 @@
def imap_producer(**kwargs):
def imap_producer_factory():
# the import needs to be delayed until call to enable
# using the wrapper in the django settings
from .imap import imap_producer
return imap_producer(**kwargs)
return imap_producer_factory

View file

@ -1,98 +0,0 @@
import email
import email.parser
import imaplib
import logging
import time
from email.policy import default
from contextlib import contextmanager
logger = logging.getLogger(__name__)
def imap_check(command_tuple):
status, ids = command_tuple
assert status == "OK", ids
def imap_connect(host, port, username, password):
conn = imaplib.IMAP4_SSL(host=host, port=port)
conn.login(username, password)
yield conn
def parse_message(message):
for response_part in message:
if not isinstance(response_part, tuple):
message_metadata, message_content = response_part
email_parser = email.parser.BytesFeedParser(policy=default)
return email_parser.close()
def search_message(conn, *filters):
status, message_ids =, *filters)
for message_id in message_ids[0].split():
status, message = conn.fetch(message_id, "(RFC822)")
yield message_id, parse_message(message)
def imap_producer(
logger.debug("starting IMAP worker")
imap_filter = "(ALL)" if process_all else "(UNSEEN)"
def process_batch():
logger.debug("starting to process batch")
# reconnect each time to avoid repeated failures due to a lost connection
with imap_connect(host, port, username, password) as conn:
# select the requested folder
imap_check(, readonly=False))
for message_uid, message in search_message(conn, imap_filter):"received message {message_uid}")
yield message
except Exception:
logger.exception(f"something went wrong while processing {message_uid}")
if not preserve:
# tag the message for deletion, "+FLAGS", "\\Deleted")
logger.debug("did not receive any message")
if not preserve:
# flush deleted messages
while True:
yield from process_batch()
except (GeneratorExit, KeyboardInterrupt):
# the generator was closed, due to the consumer
# breaking out of the loop, or an exception occuring
except Exception:
logger.exception("mail fetching went wrong, retrying")
# sleep to avoid using too much resources
# TODO: get notified when a new message arrives

View file

@ -1,152 +0,0 @@
import factory
from faker import Faker
from titlecase import titlecase
import random
from import BaseCommand
from django.contrib.auth.models import Group
from django.contrib.auth import get_user_model
from django.utils.text import slugify
from todo.models import Task, TaskList
num_lists = 5
def gen_title(tc=True):
# faker doesn't provide a way to generate headlines in Title Case, without periods, so make our own.
# With arg `tc=True`, Title Cases The Generated Text
fake = Faker()
thestr = fake.text(max_nb_chars=32).rstrip(".")
if tc:
thestr = titlecase(thestr)
return thestr
def gen_content():
# faker provides paragraphs as a list; convert with linebreaks
fake = Faker()
grafs = fake.paragraphs()
thestr = ""
for g in grafs:
thestr += "{}\n\n".format(g)
return thestr
class Command(BaseCommand):
help = """Create random list and task data for a few fake users."""
def add_arguments(self, parser):
help="Wipe out existing content before generating new.",
def handle(self, *args, **options):
if options.get("delete"):
# Wipe out previous contents? Cascade deletes the Tasks from the TaskLists.
print("Content from previous run deleted.")
fake = Faker() # Use to create user's names
# Create users and groups, add different users to different groups. Staff user is in both groups.
sd_group, created = Group.objects.get_or_create(name="Scuba Divers")
bw_group, created = Group.objects.get_or_create(name="Basket Weavers")
# Put user1 and user2 in one group, user3 and user4 in another
usernames = ["user1", "user2", "user3", "user4", "staffer"]
for username in usernames:
if get_user_model().objects.filter(username=username).exists():
user = get_user_model().objects.get(username=username)
user = get_user_model().objects.create_user(
if username in ["user1", "user2"]:
if username in ["user3", "user4"]:
if username == "staffer":
user.is_staff = True
user.first_name = fake.first_name()
user.last_name = fake.last_name()
# Create lists with tasks, plus one with fixed name for externally added tasks
TaskListFactory.create_batch(5, group=bw_group)
TaskListFactory.create_batch(5, group=sd_group)
TaskListFactory.create(name="Public Tickets", slug="tickets", group=bw_group)
"For each of two groups, created fake tasks in each of {} fake lists.".format(num_lists)
class TaskListFactory(factory.django.DjangoModelFactory):
"""Group not generated here - call with group as arg."""
class Meta:
model = TaskList
name = factory.LazyAttribute(lambda o: gen_title(tc=True))
slug = factory.LazyAttribute(lambda o: slugify(
group = None # Pass this in
def add_tasks(self, build, extracted, **kwargs):
num = random.randint(5, 25)
TaskFactory.create_batch(num, task_list=self)
class TaskFactory(factory.django.DjangoModelFactory):
"""TaskList not generated here - call with TaskList as arg."""
class Meta:
model = Task
title = factory.LazyAttribute(lambda o: gen_title(tc=False))
task_list = None # Pass this in
note = factory.LazyAttribute(lambda o: gen_content())
priority = factory.LazyAttribute(lambda o: random.randint(1, 100))
completed = factory.Faker("boolean", chance_of_getting_true=30)
created_by = factory.LazyAttribute(
lambda o: get_user_model().objects.get(username="staffer")
) # Randomized in post
created_date = factory.Faker("date_this_year")
def add_details(self, build, extracted, **kwargs):
fake = Faker() # Use to create user's names
taskgroup =
self.created_by = taskgroup.user_set.all().order_by("?").first()
if self.completed:
self.completed_date = fake.date_this_year()
# 1/3 of generated tasks have a due_date
if random.randint(1, 3) == 1:
self.due_date = fake.date_this_year()
# 1/3 of generated tasks are assigned to someone in this tasks's group
if random.randint(1, 3) == 1:
self.assigned_to = taskgroup.user_set.all().order_by("?").first()

View file

@ -1,57 +0,0 @@
import sys
from typing import Any
from pathlib import Path
from import BaseCommand, CommandParser
from todo.operations.csv_importer import CSVImporter
class Command(BaseCommand):
help = """Import specifically formatted CSV file containing incoming tasks to be loaded.
For specfic format of inbound CSV, see data/import_example.csv.
For documentation on upsert logic and required fields, see
def add_arguments(self, parser: CommandParser) -> None:
"-f", "--file", dest="file", default=None, help="File to to inbound CSV file."
def handle(self, *args: Any, **options: Any) -> None:
# Need a file to proceed
if not options.get("file"):
print("Sorry, we need a filename to work from.")
filepath = Path(options["file"])
if not filepath.exists():
print(f"Sorry, couldn't find file: {filepath}")
# Encoding "utf-8-sig" means "ignore byte order mark (BOM), which Excel inserts when saving CSVs."
with"r", encoding="utf-8-sig") as fileobj:
importer = CSVImporter()
results = importer.upsert(fileobj, as_string_obj=True)
# Report successes, failures and summaries
if results["upserts"]:
for upsert_msg in results["upserts"]:
# Stored errors has the form:
# self.errors = [{3: ["Incorrect foo", "Non-existent bar"]}, {7: [...]}]
if results["errors"]:
for error_dict in results["errors"]:
for k, error_list in error_dict.items():
print(f"\nSkipped CSV row {k}:")
for msg in error_list:
print(f"- {msg}")
if results["summaries"]:
for summary_msg in results["summaries"]:

View file

@ -1,41 +0,0 @@
import logging
import socket
import sys
from import BaseCommand
from django.conf import settings
logger = logging.getLogger(__name__)
class Command(BaseCommand):
help = "Starts a mail worker"
def add_arguments(self, parser):
parser.add_argument("--imap_timeout", type=int, default=30)
def handle(self, *args, **options):
if not hasattr(settings, "TODO_MAIL_TRACKERS"):
logger.error("missing TODO_MAIL_TRACKERS setting")
worker_name = options["worker_name"]
tracker = settings.TODO_MAIL_TRACKERS.get(worker_name, None)
if tracker is None:
logger.error("couldn't find configuration for %r in TODO_MAIL_TRACKERS", worker_name)
# set the default socket timeout (imaplib doesn't enable configuring it)
timeout = options["imap_timeout"]
if timeout:
# run the mail polling loop
producer = tracker["producer"]
consumer = tracker["consumer"]

View file

@ -1,101 +0,0 @@
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from django.db import models, migrations
import datetime
from django.conf import settings
class Migration(migrations.Migration):
dependencies = [
("auth", "0001_initial"),
operations = [
verbose_name="ID", serialize=False, auto_created=True, primary_key=True
("date", models.DateTimeField(,
("body", models.TextField(blank=True)),
models.ForeignKey(to=settings.AUTH_USER_MODEL, on_delete=models.CASCADE),
verbose_name="ID", serialize=False, auto_created=True, primary_key=True
("title", models.CharField(max_length=140)),
("created_date", models.DateField(auto_now=True, auto_now_add=True)),
("due_date", models.DateField(null=True, blank=True)),
("completed", models.BooleanField(default=None)),
("completed_date", models.DateField(null=True, blank=True)),
("note", models.TextField(null=True, blank=True)),
("priority", models.PositiveIntegerField(max_length=3)),
options={"ordering": ["priority"]},
verbose_name="ID", serialize=False, auto_created=True, primary_key=True
("name", models.CharField(max_length=60)),
("slug", models.SlugField(max_length=60, editable=False)),
("group", models.ForeignKey(to="auth.Group", on_delete=models.CASCADE)),
options={"ordering": ["name"], "verbose_name_plural": "Lists"},
migrations.AlterUniqueTogether(name="list", unique_together=set([("group", "slug")])),
field=models.ForeignKey(to="todo.List", on_delete=models.CASCADE),
field=models.ForeignKey(to="todo.Item", on_delete=models.CASCADE),

View file

@ -1,18 +0,0 @@
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from django.db import models, migrations
class Migration(migrations.Migration):
dependencies = [("todo", "0001_initial")]
operations = [
model_name="item", name="created_date", field=models.DateField(auto_now=True)
model_name="item", name="priority", field=models.PositiveIntegerField()

View file

@ -1,26 +0,0 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.9.5 on 2016-04-09 11:11
from __future__ import unicode_literals
from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [("todo", "0002_auto_20150614_2339")]
operations = [

View file

@ -1,45 +0,0 @@
# Generated by Django 2.0.2 on 2018-02-09 23:15
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
("auth", "0009_alter_user_last_name_max_length"),
("todo", "0003_assignee_optional"),
operations = [
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
("name", models.CharField(max_length=60)),
("slug", models.SlugField(default="")),
models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to="auth.Group"),
options={"verbose_name_plural": "Lists", "ordering": ["name"]},
migrations.AlterUniqueTogether(name="list", unique_together=set()),
migrations.RemoveField(model_name="list", name="group"),
migrations.RemoveField(model_name="item", name="list"),
null=True, on_delete=django.db.models.deletion.CASCADE, to="todo.TaskList"
migrations.AlterUniqueTogether(name="tasklist", unique_together={("group", "slug")}),

View file

@ -1,17 +0,0 @@
# Generated by Django 2.0.2 on 2018-02-12 23:25
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [("todo", "0004_rename_list_tasklist")]
operations = [
name="tasklist", options={"ordering": ["name"], "verbose_name_plural": "Task Lists"}
model_name="item", name="completed", field=models.BooleanField(default=False)

View file

@ -1,14 +0,0 @@
# Generated by Django 2.0.3 on 2018-03-28 22:40
from django.conf import settings
from django.db import migrations
class Migration(migrations.Migration):
atomic = False
dependencies = [
("todo", "0005_auto_20180212_2325"),
operations = [migrations.RenameModel(old_name="Item", new_name="Task")]

View file

@ -1,17 +0,0 @@
# Generated by Django 2.0.4 on 2018-04-05 00:24
from django.db import migrations, models
import django.utils.timezone
class Migration(migrations.Migration):
dependencies = [("todo", "0006_rename_item_model")]
operations = [
field=models.DateField(blank=True,, null=True),

View file

@ -1,46 +0,0 @@
# Generated by Django 2.1.7 on 2019-03-24 22:50
from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [("todo", "0007_auto_update_created_date")]
operations = [
field=models.CharField(blank=True, max_length=320, null=True),
field=models.CharField(blank=True, max_length=255, null=True),
name="comment", unique_together={("task", "email_message_id")}

View file

@ -1,19 +0,0 @@
# Generated by Django 2.1.7 on 2019-03-18 23:14
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [("todo", "0008_mail_tracker")]
operations = [
name="task", options={"ordering": ["priority", "created_date"]}
field=models.PositiveIntegerField(blank=True, null=True),

View file

@ -1,46 +0,0 @@
# Generated by Django 2.2 on 2019-04-06 16:28
import datetime
from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
import todo.models
class Migration(migrations.Migration):
dependencies = [
("todo", "0009_priority_optional"),
operations = [
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
("timestamp", models.DateTimeField(,
max_length=255, upload_to=todo.models.get_attachment_upload_dir
on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL
models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to="todo.Task"),

View file

@ -1,20 +0,0 @@
# Generated by Django 2.1.8 on 2019-07-24 11:30
from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
('todo', '0010_attachment'),
operations = [
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='todo_created_by', to=settings.AUTH_USER_MODEL),

View file

@ -1,185 +0,0 @@
from __future__ import unicode_literals
import datetime
import os
import textwrap
from django.conf import settings
from django.contrib.auth.models import Group
from django.db import DEFAULT_DB_ALIAS, models
from django.db.transaction import Atomic, get_connection
from django.urls import reverse
from django.utils import timezone
def get_attachment_upload_dir(instance, filename):
"""Determine upload dir for task attachment files.
return "/".join(["tasks", "attachments", str(, filename])
class LockedAtomicTransaction(Atomic):
modified from
this is needed for safely merging
Does a atomic transaction, but also locks the entire table for any transactions, for the duration of this
transaction. Although this is the only way to avoid concurrency issues in certain situations, it should be used with
caution, since it has impacts on performance, for obvious reasons...
def __init__(self, *models, using=None, savepoint=None):
if using is None:
super().__init__(using, savepoint)
self.models = models
def __enter__(self):
super(LockedAtomicTransaction, self).__enter__()
# Make sure not to lock, when sqlite is used, or you'll run into problems while running tests!!!
if settings.DATABASES[self.using]["ENGINE"] != "django.db.backends.sqlite3":
cursor = None
cursor = get_connection(self.using).cursor()
for model in self.models:
"LOCK TABLE {table_name}".format(table_name=model._meta.db_table)
if cursor and not cursor.closed:
class TaskList(models.Model):
name = models.CharField(max_length=60)
slug = models.SlugField(default="")
group = models.ForeignKey(Group, on_delete=models.CASCADE)
def __str__(self):
class Meta:
ordering = ["name"]
verbose_name_plural = "Task Lists"
# Prevents (at the database level) creation of two lists with the same slug in the same group
unique_together = ("group", "slug")
class Task(models.Model):
title = models.CharField(max_length=140)
task_list = models.ForeignKey(TaskList, on_delete=models.CASCADE, null=True)
created_date = models.DateField(, blank=True, null=True)
due_date = models.DateField(blank=True, null=True)
completed = models.BooleanField(default=False)
completed_date = models.DateField(blank=True, null=True)
created_by = models.ForeignKey(
assigned_to = models.ForeignKey(
note = models.TextField(blank=True, null=True)
priority = models.PositiveIntegerField(blank=True, null=True)
# Has due date for an instance of this object passed?
def overdue_status(self):
"Returns whether the Tasks's due date has passed or not."
if self.due_date and > self.due_date:
return True
def __str__(self):
return self.title
def get_absolute_url(self):
return reverse("todo:task_detail", kwargs={"task_id":})
# Auto-set the Task creation / completed date
def save(self, **kwargs):
# If Task is being marked complete, set the completed_date
if self.completed:
self.completed_date =
super(Task, self).save()
def merge_into(self, merge_target):
if ==
raise ValueError("can't merge a task with self")
# lock the comments to avoid concurrent additions of comments after the
# update request. these comments would be irremediably lost because of
# the cascade clause
with LockedAtomicTransaction(Comment):
class Meta:
ordering = ["priority", "created_date"]
class Comment(models.Model):
Not using Django's built-in comments because we want to be able to save
a comment and change task details at the same time. Rolling our own since it's easy.
author = models.ForeignKey(
settings.AUTH_USER_MODEL, on_delete=models.CASCADE, blank=True, null=True
task = models.ForeignKey(Task, on_delete=models.CASCADE)
date = models.DateTimeField(
email_from = models.CharField(max_length=320, blank=True, null=True)
email_message_id = models.CharField(max_length=255, blank=True, null=True)
body = models.TextField(blank=True)
class Meta:
# an email should only appear once per task
unique_together = ("task", "email_message_id")
def author_text(self):
if is not None:
return str(
assert self.email_message_id is not None
return str(self.email_from)
def snippet(self):
body_snippet = textwrap.shorten(self.body, width=35, placeholder="...")
# Define here rather than in __str__ so we can use it in the admin list_display
return "{author} - {snippet}...".format(author=self.author_text, snippet=body_snippet)
def __str__(self):
return self.snippet
class Attachment(models.Model):
Defines a generic file attachment for use in M2M relation with Task.
task = models.ForeignKey(Task, on_delete=models.CASCADE)
added_by = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE)
timestamp = models.DateTimeField(
file = models.FileField(upload_to=get_attachment_upload_dir, max_length=255)
def filename(self):
return os.path.basename(
def extension(self):
name, extension = os.path.splitext(
return extension
def __str__(self):
return f"{} - {}"

View file

@ -1,201 +0,0 @@
import codecs
import csv
import datetime
import logging
from django.contrib.auth import get_user_model
from django.contrib.auth.models import Group
from todo.models import Task, TaskList
log = logging.getLogger(__name__)
class CSVImporter:
"""Core upsert functionality for CSV import, for re-use by `import_csv` management command, web UI and tests.
Supplies a detailed log of what was and was not imported at the end. See README for usage notes.
def __init__(self):
self.errors = []
self.upserts = []
self.summaries = []
self.line_count = 0
self.upsert_count = 0
def upsert(self, fileobj, as_string_obj=False):
"""Expects a file *object*, not a file path. This is important because this has to work for both
the management command and the web uploader; the web uploader will pass in in-memory file
with no path!
Header row is:
Title, Group, Task List, Created Date, Due Date, Completed, Created By, Assigned To, Note, Priority
if as_string_obj:
# fileobj comes from mgmt command
csv_reader = csv.DictReader(fileobj)
# fileobj comes from browser upload (in-memory)
csv_reader = csv.DictReader(codecs.iterdecode(fileobj, "utf-8"))
# DI check: Do we have expected header row?
header = csv_reader.fieldnames
expected = [
"Task List",
"Created By",
"Created Date",
"Due Date",
"Assigned To",
if header != expected:
f"Inbound data does not have expected columns.\nShould be: {expected}"
for row in csv_reader:
self.line_count += 1
newrow = self.validate_row(row)
if newrow:
# newrow at this point is fully validated, and all FK relations exist,
# e.g. `newrow.get("Assigned To")`, is a Django User instance.
assignee = newrow.get("Assigned To") if newrow.get("Assigned To") else None
created_date = (
newrow.get("Created Date")
if newrow.get("Created Date")
due_date = newrow.get("Due Date") if newrow.get("Due Date") else None
priority = newrow.get("Priority") if newrow.get("Priority") else None
obj, created = Task.objects.update_or_create(
created_by=newrow.get("Created By"),
task_list=newrow.get("Task List"),
"assigned_to": assignee,
"completed": newrow.get("Completed"),
"created_date": created_date,
"due_date": due_date,
"note": newrow.get("Note"),
"priority": priority,
self.upsert_count += 1
msg = (
f'Upserted task {}: "{obj.title}"'
f' in list "{obj.task_list}" (group "{}")'
self.summaries.append(f"Processed {self.line_count} CSV rows")
self.summaries.append(f"Upserted {self.upsert_count} rows")
self.summaries.append(f"Skipped {self.line_count - self.upsert_count} rows")
return {"summaries": self.summaries, "upserts": self.upserts, "errors": self.errors}
def validate_row(self, row):
"""Perform data integrity checks and set default values. Returns a valid object for insertion, or False.
Errors are stored for later display. Intentionally not broken up into separate validator functions because
there are interdpendencies, such as checking for existing `creator` in one place and then using
that creator for group membership check in others."""
row_errors = []
# #######################
# Task creator must exist
if not row.get("Created By"):
msg = f"Missing required task creator."
creator = get_user_model().objects.filter(username=row.get("Created By")).first()
if not creator:
msg = f"Invalid task creator {row.get('Created By')}"
# #######################
# If specified, Assignee must exist
assignee = None # Perfectly valid
if row.get("Assigned To"):
assigned = get_user_model().objects.filter(username=row.get("Assigned To"))
if assigned.exists():
assignee = assigned.first()
msg = f"Missing or invalid task assignee {row.get('Assigned To')}"
# #######################
# Group must exist
target_group = Group.objects.get(name=row.get("Group"))
except Group.DoesNotExist:
msg = f"Could not find group {row.get('Group')}."
target_group = None
# #######################
# Task creator must be in the target group
if creator and target_group not in creator.groups.all():
msg = f"{creator} is not in group {target_group}"
# #######################
# Assignee must be in the target group
if assignee and target_group not in assignee.groups.all():
msg = f"{assignee} is not in group {target_group}"
# #######################
# Task list must exist in the target group
tasklist = TaskList.objects.get(name=row.get("Task List"), group=target_group)
row["Task List"] = tasklist
except TaskList.DoesNotExist:
msg = f"Task list {row.get('Task List')} in group {target_group} does not exist"
# #######################
# Validate Dates
datefields = ["Due Date", "Created Date"]
for datefield in datefields:
datestring = row.get(datefield)
if datestring:
valid_date = self.validate_date(datestring)
if valid_date:
row[datefield] = valid_date
msg = f"Could not convert {datefield} {datestring} to valid date instance"
# #######################
# Group membership checks have passed
row["Created By"] = creator
row["Group"] = target_group
if assignee:
row["Assigned To"] = assignee
# Set Completed
row["Completed"] = row["Completed"] == "Yes"
# #######################
if row_errors:
self.errors.append({self.line_count: row_errors})
return False
# No errors:
return row
def validate_date(self, datestring):
"""Inbound date string from CSV translates to a valid python date."""
date_obj = datetime.datetime.strptime(datestring, "%Y-%m-%d")
return date_obj
except ValueError:
return False

View file

@ -1,4 +0,0 @@
label {
display: block;
font-weight: bold;

View file

@ -1,382 +0,0 @@
* TableDnD plug-in for JQuery, allows you to drag and drop table rows
* You can set up various options to control how the system will work
* Copyright (c) Denis Howlett <>
* Licensed like jQuery, see
* Configuration options:
* onDragStyle
* This is the style that is assigned to the row during drag. There are limitations to the styles that can be
* associated with a row (such as you can't assign a border--well you can, but it won't be
* displayed). (So instead consider using onDragClass.) The CSS style to apply is specified as
* a map (as used in the jQuery css(...) function).
* onDropStyle
* This is the style that is assigned to the row when it is dropped. As for onDragStyle, there are limitations
* to what you can do. Also this replaces the original style, so again consider using onDragClass which
* is simply added and then removed on drop.
* onDragClass
* This class is added for the duration of the drag and then removed when the row is dropped. It is more
* flexible than using onDragStyle since it can be inherited by the row cells and other content. The default
* is class is tDnD_whileDrag. So to use the default, simply customise this CSS class in your
* stylesheet.
* onDrop
* Pass a function that will be called when the row is dropped. The function takes 2 parameters: the table
* and the row that was dropped. You can work out the new order of the rows by using
* table.rows.
* onDragStart
* Pass a function that will be called when the user starts dragging. The function takes 2 parameters: the
* table and the row which the user has started to drag.
* onAllowDrop
* Pass a function that will be called as a row is over another row. If the function returns true, allow
* dropping on that row, otherwise not. The function takes 2 parameters: the dragged row and the row under
* the cursor. It returns a boolean: true allows the drop, false doesn't allow it.
* scrollAmount
* This is the number of pixels to scroll if the user moves the mouse cursor to the top or bottom of the
* window. The page should automatically scroll up or down as appropriate (tested in IE6, IE7, Safari, FF2,
* FF3 beta
* dragHandle
* This is the name of a class that you assign to one or more cells in each row that is draggable. If you
* specify this class, then you are responsible for setting cursor: move in the CSS and only these cells
* will have the drag behaviour. If you do not specify a dragHandle, then you get the old behaviour where
* the whole row is draggable.
* Other ways to control behaviour:
* Add class="nodrop" to any rows for which you don't want to allow dropping, and class="nodrag" to any rows
* that you don't want to be draggable.
* Inside the onDrop method you can also call $.tableDnD.serialize() this returns a string of the form
* <tableID>[]=<rowID1>&<tableID>[]=<rowID2> so that you can send this back to the server. The table must have
* an ID as must all the rows.
* Other methods:
* $("...").tableDnDUpdate()
* Will update all the matching tables, that is it will reapply the mousedown method to the rows (or handle cells).
* This is useful if you have updated the table rows using Ajax and you want to make the table draggable again.
* The table maintains the original configuration (so you don't have to specify it again).
* $("...").tableDnDSerialize()
* Will serialize and return the serialized string as above, but for each of the matching tables--so it can be
* called from anywhere and isn't dependent on the currentTable being set up correctly before calling
* Known problems:
* - Auto-scoll has some problems with IE7 (it scrolls even when it shouldn't), work-around: set scrollAmount to 0
* Version 0.2: 2008-02-20 First public version
* Version 0.3: 2008-02-07 Added onDragStart option
* Made the scroll amount configurable (default is 5 as before)
* Version 0.4: 2008-03-15 Changed the noDrag/noDrop attributes to nodrag/nodrop classes
* Added onAllowDrop to control dropping
* Fixed a bug which meant that you couldn't set the scroll amount in both directions
* Added serialize method
* Version 0.5: 2008-05-16 Changed so that if you specify a dragHandle class it doesn't make the whole row
* draggable
* Improved the serialize method to use a default (and settable) regular expression.
* Added tableDnDupate() and tableDnDSerialize() to be called when you are outside the table
jQuery.tableDnD = {
/** Keep hold of the current table being dragged */
currentTable : null,
/** Keep hold of the current drag object if any */
dragObject: null,
/** The current mouse offset */
mouseOffset: null,
/** Remember the old value of Y so that we don't do too much processing */
oldY: 0,
/** Actually build the structure */
build: function(options) {
// Set up the defaults if any
this.each(function() {
// This is bound to each matching table, set up the defaults and override with user options
this.tableDnDConfig = jQuery.extend({
onDragStyle: null,
onDropStyle: null,
// Add in the default class for whileDragging
onDragClass: "tDnD_whileDrag",
onDrop: null,
onDragStart: null,
scrollAmount: 5,
serializeRegexp: /[^\-]*$/, // The regular expression to use to trim row IDs
serializeParamName: null, // If you want to specify another parameter name instead of the table ID
dragHandle: null // If you give the name of a class here, then only Cells with this class will be draggable
}, options || {});
// Now make the rows draggable
// Now we need to capture the mouse up and mouse move event
// We can use bind so that we don't interfere with other event handlers
.bind('mousemove', jQuery.tableDnD.mousemove)
.bind('mouseup', jQuery.tableDnD.mouseup);
// Don't break the chain
return this;
/** This function makes all the rows on the table draggable apart from those marked as "NoDrag" */
makeDraggable: function(table) {
var config = table.tableDnDConfig;
if (table.tableDnDConfig.dragHandle) {
// We only need to add the event to the specified cells
var cells = jQuery("td."+table.tableDnDConfig.dragHandle, table);
cells.each(function() {
// The cell is bound to "this"
jQuery(this).mousedown(function(ev) {
jQuery.tableDnD.dragObject = this.parentNode;
jQuery.tableDnD.currentTable = table;
jQuery.tableDnD.mouseOffset = jQuery.tableDnD.getMouseOffset(this, ev);
if (config.onDragStart) {
// Call the onDrop method if there is one
config.onDragStart(table, this);
return false;
} else {
// For backwards compatibility, we add the event to the whole row
var rows = jQuery("tr", table); // get all the rows as a wrapped set
rows.each(function() {
// Iterate through each row, the row is bound to "this"
var row = jQuery(this);
if (! row.hasClass("nodrag")) {
row.mousedown(function(ev) {
if ( == "TD") {
jQuery.tableDnD.dragObject = this;
jQuery.tableDnD.currentTable = table;
jQuery.tableDnD.mouseOffset = jQuery.tableDnD.getMouseOffset(this, ev);
if (config.onDragStart) {
// Call the onDrop method if there is one
config.onDragStart(table, this);
return false;
}).css("cursor", "move"); // Store the tableDnD object
updateTables: function() {
this.each(function() {
// this is now bound to each matching table
if (this.tableDnDConfig) {
/** Get the mouse coordinates from the event (allowing for browser differences) */
mouseCoords: function(ev){
if(ev.pageX || ev.pageY){
return {x:ev.pageX, y:ev.pageY};
return {
x:ev.clientX + document.body.scrollLeft - document.body.clientLeft,
y:ev.clientY + document.body.scrollTop - document.body.clientTop
/** Given a target element and a mouse event, get the mouse offset from that element.
To do this we need the element's position and the mouse position */
getMouseOffset: function(target, ev) {
ev = ev || window.event;
var docPos = this.getPosition(target);
var mousePos = this.mouseCoords(ev);
return {x:mousePos.x - docPos.x, y:mousePos.y - docPos.y};
/** Get the position of an element by going up the DOM tree and adding up all the offsets */
getPosition: function(e){
var left = 0;
var top = 0;
/** Safari fix -- thanks to Luis Chato for this! */
if (e.offsetHeight == 0) {
/** Safari 2 doesn't correctly grab the offsetTop of a table row
this is detailed here:
the solution is likewise noted there, grab the offset of a table cell in the row - the firstChild.
note that firefox will return a text node as a first child, so designing a more thorough
solution may need to take that into account, for now this seems to work in firefox, safari, ie */
e = e.firstChild; // a table cell
while (e.offsetParent){
left += e.offsetLeft;
top += e.offsetTop;
e = e.offsetParent;
left += e.offsetLeft;
top += e.offsetTop;
return {x:left, y:top};
mousemove: function(ev) {
if (jQuery.tableDnD.dragObject == null) {
var dragObj = jQuery(jQuery.tableDnD.dragObject);
var config = jQuery.tableDnD.currentTable.tableDnDConfig;
var mousePos = jQuery.tableDnD.mouseCoords(ev);
var y = mousePos.y - jQuery.tableDnD.mouseOffset.y;
//auto scroll the window
var yOffset = window.pageYOffset;
if (document.all) {
// Windows version
if (typeof document.compatMode != 'undefined' &&
document.compatMode != 'BackCompat') {
yOffset = document.documentElement.scrollTop;
else if (typeof document.body != 'undefined') {
if (mousePos.y-yOffset < config.scrollAmount) {
window.scrollBy(0, -config.scrollAmount);
} else {
var windowHeight = window.innerHeight ? window.innerHeight
: document.documentElement.clientHeight ? document.documentElement.clientHeight : document.body.clientHeight;
if (windowHeight-(mousePos.y-yOffset) < config.scrollAmount) {
window.scrollBy(0, config.scrollAmount);
if (y != jQuery.tableDnD.oldY) {
// work out if we're going up or down...
var movingDown = y > jQuery.tableDnD.oldY;
// update the old value
jQuery.tableDnD.oldY = y;
// update the style to show we're dragging
if (config.onDragClass) {
} else {
// If we're over a row then move the dragged row to there so that the user sees the
// effect dynamically
var currentRow = jQuery.tableDnD.findDropTargetRow(dragObj, y);
if (currentRow) {
// TODO worry about what happens when there are multiple TBODIES
if (movingDown && jQuery.tableDnD.dragObject != currentRow) {
jQuery.tableDnD.dragObject.parentNode.insertBefore(jQuery.tableDnD.dragObject, currentRow.nextSibling);
} else if (! movingDown && jQuery.tableDnD.dragObject != currentRow) {
jQuery.tableDnD.dragObject.parentNode.insertBefore(jQuery.tableDnD.dragObject, currentRow);
return false;
/** We're only worried about the y position really, because we can only move rows up and down */
findDropTargetRow: function(draggedRow, y) {
var rows = jQuery.tableDnD.currentTable.rows;
for (var i=0; i<rows.length; i++) {
var row = rows[i];
var rowY = this.getPosition(row).y;
var rowHeight = parseInt(row.offsetHeight)/2;
if (row.offsetHeight == 0) {
rowY = this.getPosition(row.firstChild).y;
rowHeight = parseInt(row.firstChild.offsetHeight)/2;
// Because we always have to insert before, we need to offset the height a bit
if ((y > rowY - rowHeight) && (y < (rowY + rowHeight))) {
// that's the row we're over
// If it's the same as the current row, ignore it
if (row == draggedRow) {return null;}
var config = jQuery.tableDnD.currentTable.tableDnDConfig;
if (config.onAllowDrop) {
if (config.onAllowDrop(draggedRow, row)) {
return row;
} else {
return null;
} else {
// If a row has nodrop class, then don't allow dropping (inspired by John Tarr and Famic)
var nodrop = jQuery(row).hasClass("nodrop");
if (! nodrop) {
return row;
} else {
return null;
return row;
return null;
mouseup: function(e) {
if (jQuery.tableDnD.currentTable && jQuery.tableDnD.dragObject) {
var droppedRow = jQuery.tableDnD.dragObject;
var config = jQuery.tableDnD.currentTable.tableDnDConfig;
// If we have a dragObject, then we need to release it,
// The row will already have been moved to the right place so we just reset stuff
if (config.onDragClass) {
} else {
jQuery.tableDnD.dragObject = null;
if (config.onDrop) {
// Call the onDrop method if there is one
config.onDrop(jQuery.tableDnD.currentTable, droppedRow);
jQuery.tableDnD.currentTable = null; // let go of the table too
serialize: function() {
if (jQuery.tableDnD.currentTable) {
return jQuery.tableDnD.serializeTable(jQuery.tableDnD.currentTable);
} else {
return "Error: No Table id set, you need to set an id on your table and every row";
serializeTable: function(table) {
var result = "";
var tableId =;
var rows = table.rows;
for (var i=0; i<rows.length; i++) {
if (result.length > 0) result += "&";
var rowId = rows[i].id;
if (rowId && rowId && table.tableDnDConfig && table.tableDnDConfig.serializeRegexp) {
rowId = rowId.match(table.tableDnDConfig.serializeRegexp)[0];
result += tableId + '[]=' + rowId;
return result;
serializeTables: function() {
var result = "";
this.each(function() {
// this is now bound to each matching table
result += jQuery.tableDnD.serializeTable(this);
return result;
tableDnD :,
tableDnDUpdate : jQuery.tableDnD.updateTables,
tableDnDSerialize: jQuery.tableDnD.serializeTables

View file

@ -1 +0,0 @@
This file not actually used by django-todo - here to satisfy the test runner.

View file

@ -1,23 +0,0 @@
{% extends "todo/base.html" %}
{% block page_heading %}{% endblock %}
{% block title %}Add Todo List{% endblock %}
{% block content %}
<h2>Add a list:</h2>
<form action="" method="post">
{% csrf_token %}
<div class="form-group">
<label for="id_name">List Name</label>
<input type="text" class="form-control" id="id_name" name="name" aria-describedby="inputNameHelp" placeholder="">
<small id="inputNameHelp" class="form-text text-muted">The full display name for this list.</small>
<div class="form-group">
<label for="id_group">Group</label>
<button type="submit" class="btn btn-primary">Submit</button>
{% endblock %}

View file

@ -1,47 +0,0 @@
{% extends "todo/base.html" %}
{% block page_heading %}{% endblock %}
{% block title %}File Ticket{% endblock %}
{% block content %}
<h2>{{ task }}</h2>
<form action="" method="POST">
{% csrf_token %}
<h3>File Trouble Ticket</h3>
Have a support issue? Use this form to report the difficulty - we'll get right back to you.
{% if form.errors %}
{% for error in form.errors %}
<ul class="errorlist">
<strong>The {{ error|escape }} field is required.</strong>
{% endfor %}
{% endif %}
<form action="" name="add_task" method="post">
{% csrf_token %}
<div class="form-group">
<label for="id_title" name="title">Subject</label>
<input type="text" class="form-control" id="id_title" name="title" required placeholder="Our spaceship doesn't go"
value="{% if form.title.value %}{{ form.title.value }}{% endif %}">
<div class="form-group">
<label for="id_note">Description</label>
<textarea class="form-control" id="id_note" name="note" rows="5"
aria-describedby="inputNoteHelp">{% if form.note.value %}{{ form.note.value }}{% endif %}</textarea>
<small id="inputNoteHelp" class="form-text text-muted">
Describe the issue. Please include essential details.
<input type="hidden" id="id_priority" name="priority" value="50">
<p><input type="submit" class="btn btn-primary" name="add_task" value="Submit"></p>
{% endblock %}

View file

@ -1,7 +0,0 @@
{% extends "base.html" %}
{% load static %}
{% block extrahead %}
<!-- CSS and JavaScripts for django-todo -->
<link rel="stylesheet" type="text/css" href="{% static 'todo/css/styles.css' %}" />
{% endblock extrahead %}

View file

@ -1,33 +0,0 @@
{% extends "todo/base.html" %}
{% block title %}Delete list{% endblock %}
{% block content %}
{% if user.is_staff %}
<h1>Delete entire list: {{ }} ?</h1>
<p>Category tally:</p>
<li>Incomplete: {{ task_count_undone }} </li>
<li>Complete: {{ task_count_done }} </li>
<strong>Total: {{ task_count_total }}</strong>
<p> ... all of which will be irretrievably
<strong>blown away</strong>. Are you sure you want to do that?</p>
<form action="" method="post" accept-charset="utf-8">
{% csrf_token %}
<input type="hidden" name="task_list" value="{{ }}">
<a href="{% url 'todo:list_detail' task_list.slug %}" class="btn btn-success">Return to list: {{ }}</a>
<input type="submit" name="delete-confirm" value="Do it! &rarr;" class="btn btn-danger">
{% else %}
<p>Sorry, you don't have permission to delete lists. Please contact your group administrator.</p>
{% endif %} {% endblock %}

View file

@ -1,17 +0,0 @@
{{ task.assigned_to.first_name }} -
A new task on the list {{ }} has been assigned to you by {{ task.created_by.get_full_name }}:
{{ task.title }}
{% if task.note %}
{% autoescape off %}
Note: {{ task.note }}
{% endautoescape %}
{% endif %}
Task details/comments:
http://{{ site }}{% url 'todo:task_detail' %}
List {{ }}:
http://{{ site }}{% url 'todo:list_detail' task.task_list.slug %}

View file

@ -1 +0,0 @@
A new task has been assigned to you - {% autoescape off %}{{ task.title }}{% endautoescape %}

View file

@ -1,16 +0,0 @@
A new task comment has been added.
Task: {{ task.title }}
Commenter: {{ user.first_name }} {{ user.last_name }}
{% autoescape off %}
{{ body }}
{% endautoescape %}
Task details/comments:
https://{{ site }}{% url 'todo:task_detail' %}
List {{ }}:
https://{{ site }}{% url 'todo:list_detail' task.task_list.slug %}

View file

@ -1,84 +0,0 @@
{% extends "todo/base.html" %}
{% load static %}
{% block title %}Import CSV{% endblock %}
{% block content %}
Import CSV
Batch-import tasks by uploading a specifically-formatted CSV.
See documentation for formatting rules.
Successs and failures will be reported here.
{% if results %}
<div class="card mb-4">
<div class="card-header">
Results of CSV upload
<div class="card-body">
{% if results.summaries %}
{% for line in results.summaries %}
<li>{{ line }}</li>
{% endfor %}
{% endif %}
{% if results.upserts %}
<b>Upserts (tasks created or updated):</b>
{% for line in results.upserts %}
<li>{{ line }}</li>
{% endfor %}
{% endif %}
{% if results.errors %}
<b>Errors (tasks NOT created or updated):</b>
{% for error_row in results.errors %}
{% for k, error_list in error_row.items %}
<li>CSV row {{ k }}</li>
{% for err in error_list %}
<li>{{ err }}</li>
{% endfor %}
{% endfor %}
{% endfor %}
{% endif %}
{% endif %}
<div class="card">
<div class="card-header">
Upload Tasks
<div class="card-body">
<form method="post" enctype="multipart/form-data">
{% csrf_token %}
<input type="file" name="csvfile" accept="text/csv">
<button type="submit" class="btn btn-primary mt-4">Upload</button>
{% endblock %}

View file

@ -1,55 +0,0 @@
{# Form used by both Add Task and Edit Task views #}
<form action="" name="add_task" method="post">
{% csrf_token %}
<div class="mt-3">
<div class="form-group">
<label for="id_title" name="title">Task</label>
<input type="text" class="form-control" id="id_title" name="title" required placeholder="Task title"
value="{% if form.title.value %}{{ form.title.value }}{% endif %}">
<div class="form-group">
<label for="id_note">Description</label>
<textarea class="form-control" id="id_note" name="note" rows="5"
aria-describedby="inputNoteHelp">{% if form.note.value %}{{ form.note.value }}{% endif %}</textarea>
<small id="inputNoteHelp" class="form-text text-muted">
Describe the task or bug. Provide steps to reproduce the issue.
<div class="form-group">
<label for="id_due_date">Due Date</label>
<input type="date" class="form-control" id="id_due_date" name="due_date"
value="{% if form.due_date.value %}{{ form.due_date.value|date:"Y-m-d" }}{% endif %}">
<div class="form-group">
<label for="id_assigned_to">Assigned To</label>
{# See todo.forms.AddEditTaskForm #}
<div class="form-group">
<div class="form-check">
<input name="notify" class="form-check-input" type="checkbox" aria-describedby="inputNotifyHelp" checked="checked" id="id_notify">
<label class="form-check-label" for="id_notify">
<small id="inputNotifyHelp" class="form-text text-muted">
Email notifications will only be sent if task is assigned to someone other than yourself.
<input type="hidden" name="priority"
value="{% if form.priority.value %}{{ form.priority.value }}{% else %}999{% endif %}" id="id_priority">
<input type="hidden" name="task_list" value="{{ form.task_list.value }}" id="id_task_list">
<input type="hidden" name="completed" class="form-check-input" type="checkbox" checked="{%if task.completed%}checked{% endif %}" id="id_completed">
<input type="submit" name="add_edit_task" value="Submit" class="btn btn-primary">

View file

@ -1,12 +0,0 @@
{% if list_slug != "mine" %}
{% if view_completed %}
<a href="{% url 'todo:list_detail' list_id list_slug %}" class="btn btn-sm btn-warning">View incomplete tasks</a>
{% else %}
<a href="{% url 'todo:list_detail_completed' list_id list_slug %}" class="btn btn-sm btn-warning">View completed tasks</a>
{% endif %}
<a href="{% url 'todo:del_list' list_id list_slug %}" class="btn btn-sm btn-danger">Delete this list</a>
{% endif %}

View file

@ -1,114 +0,0 @@
{% extends "todo/base.html" %}
{% load static %}
{% block title %}Todo List: {{ }}{% endblock %}
{% block content %}
{% if list_slug != "mine" %}
<button class="btn btn-primary" id="AddTaskButton" type="button"
data-toggle="collapse" data-target="#AddEditTask">Add Task</button>
{# Task edit / new task form #}
<div id="AddEditTask" class="collapse">
{% include 'todo/include/task_edit.html' %}
<hr />
{% endif %}
{% if tasks %}
{% if list_slug == "mine" %}
<h1>Tasks assigned to me (in all groups)</h1>
{% else %}
<h1>{{ view_completed|yesno:"Completed tasks, Tasks" }} in "{{ }}"</h1>
<p><small><i>In workgroup "{{ }}" - drag rows to set priorities.</i></small></p>
{% endif %}
<table class="table" id="tasktable">
<tr class="nodrop">
<th>Due on</th>
{% for task in tasks %}
<tr id="{{ }}">
<a href="{% url 'todo:task_detail' %}">{{ task.title|truncatewords:10 }}</a>
{{ task.created_date|date:"m/d/Y" }}
<span {% if task.overdue_status %}class="overdue"{% endif %}>
{{ task.due_date|date:"m/d/Y" }}
{{ task.created_by }}
{% if task.assigned_to %}{{ task.assigned_to }}{% else %}Anyone{% endif %}
<form method="post" action="{% url "todo:task_toggle_done" %}" role="form">
{% csrf_token %}
<button class="btn btn-info btn-sm" type="submit" name="toggle_done">
{% if view_completed %}
Not Done
{% else %}
{% endif %}
{% endfor %}
{% include 'todo/include/toggle_delete.html' %}
{% else %}
<h4>No tasks on this list yet (add one!)</h4>
{% include 'todo/include/toggle_delete.html' %}
{% endif %}
{% endblock %}
{% block extra_js %}
<script src="{% static 'todo/js/jquery.tablednd_0_5.js' %}" type="text/javascript"></script>
<script type="text/javascript">
function order_tasks(data) {
// The JQuery plugin tableDnD provides a serialize() function which provides the re-ordered
// data in a list. We pass that list as an object ("data") to a Django view
// to save new priorities on each task in the list.
$.post("{% url 'todo:reorder_tasks' %}", data, "json");
return false;
$(document).ready(function() {
// Initialise the task table for drag/drop re-ordering
onDrop: function(table, row) {
// When adding a task, change the text of the Add Task button
function handleClick()
this.innerHTML = (this.innerHTML == 'Add Task' ? 'Cancel' : 'Add Task');
{% endblock extra_js %}

View file

@ -1,33 +0,0 @@
{% extends "todo/base.html" %}
{% block title %}{{ list_title }} Todo Lists{% endblock %}
{% block content %}
<h1>Todo Lists</h1>
<p>{{ task_count }} tasks in {{ list_count }} list{{ list_count|pluralize }}</p>
{% regroup lists by group as section_list %}
{% for group in section_list %}
<h3>Group: {{ group.grouper }}</h3>
<ul class="list-group mb-4">
{% for task in group.list %}
<li class="list-group-item d-flex justify-content-between align-items-center">
<a href="{% url 'todo:list_detail' task.slug %}">{{ }}</a>
<span class="badge badge-primary badge-pill">{{ task.task_set.count }}</span>
{% endfor %}
{% endfor %}
<div class="mt-3">
{% if user.is_staff %}
<a href="{% url 'todo:add_list' %}" class="btn btn-primary">Create new todo list</a>
{% else %}
<a href="" class="btn btn-primary disabled">If you were staff, you could create a new list</a>
{% endif %}
{% endblock %}

View file

@ -1,30 +0,0 @@
{% extends "todo/base.html" %}
{% block title %}Search results{% endblock %}
{% block content_title %}<h2 class="page_title">Search</h2>{% endblock %}
{% block content %}
{% if found_tasks %}
<h2>{{found_tasks.count}} search results for term: "{{ query_string }}"</h2>
<div class="post_list">
{% for f in found_tasks %}
<a href="{% url 'todo:task_detail' %}">{{ f.title }}</a>
<br />
<span class="minor">
In list:
<a href="{% url 'todo:list_detail' f.task_list.slug %}">
{{ }}
<br /> Assigned to: {% if f.assigned_to %}{{ f.assigned_to }}{% else %}Anyone{% endif %}
<br /> Complete: {{ f.completed|yesno:"Yes,No" }}
{% endfor %}
{% else %}
<h2> No results to show, sorry.</h2>
{% endif %}
{% endblock %}

View file

@ -1,223 +0,0 @@
{% extends "todo/base.html" %}
{% block title %}Task:{{ task.title }}{% endblock %}
{% block extrahead %}
.select2 {
width: 100% !important;
.select2-container {
min-width: 0 !important;
{{ }}
{{ }}
{% endblock %}
{% block content %}
<div class="card-deck">
<div class="card col-sm-8">
<div class="card-body">
<h3 class="card-title">{{ task.title }}</h3>
{% if task.note %}
<div class="card-text">{{ task.note|safe|urlize|linebreaks }}</div>
{% endif %}
<div class="card col-sm-4 p-0">
<ul class="list-group list-group-flush">
<li class="list-group-item">
class="btn btn-sm btn-primary"
Edit Task
<form method="post" action="{% url "todo:task_toggle_done" %}" role="form" class="d-inline">
{% csrf_token %}
<div style="display:inline;">
<button class="btn btn-info btn-sm" type="submit" name="toggle_done">
{% if task.completed %} Mark Not Done {% else %} Mark Done {% endif %}
<form method="post" action="{% url "todo:delete_task" %}" role="form" class="d-inline">
{% csrf_token %}
<div style="display:inline;">
<button class="btn btn-danger btn-sm" type="submit" name="submit_delete">
<li class="list-group-item">
<strong>Assigned to:</strong>
{% if task.assigned_to %} {{ task.assigned_to.get_full_name }} {% else %} Anyone {% endif %}
<li class="list-group-item">
<strong>Reported by:</strong> {{ task.created_by.get_full_name }}
<li class="list-group-item">
<strong>Due date:</strong> {{ task.due_date }}
{% if task.completed %}
<li class="list-group-item">
<strong>Completed on:</strong> {{ task.completed_date}}
{% else %}
<li class="list-group-item">
<strong>Completed:</strong> {{ task.completed|yesno:"Yes,No" }}
{% endif %}
<li class="list-group-item">
<strong>In list:</strong>
<a href="{% url 'todo:list_detail' task.task_list.slug %}">
{{ task.task_list }}
<div id="TaskEdit" class="collapse">
{# Task edit / new task form #}
{% include 'todo/include/task_edit.html' %}
{% if merge_form is not None %}
<form action="" method="post">
<div class="card border-danger">
<div class="card-header">Merge task</div>
<div class="card-body">
<div class="">
<p>Merging is a destructive operation. This task will not exist anymore, and comments will be moved to the target task.</p>
{% csrf_token %}
{% for field in merge_form.visible_fields %}
{{ field.errors }}
{{ field }}
{% endfor %}
<input class="d-inline btn btn-sm btn-outline-danger" type="submit" name="merge_task_into" value="Merge">
{% endif %}
{% if attachments_enabled %}
<div class="card mt-4">
<h5 class="card-header">
<div class="card-body pb-0">
{% if task.attachment_set.count %}
<div class="table-responsive">
<table class="table mb-3">
{% for attachment in task.attachment_set.all %}
<td><a href="{{ attachment.file.url }}">{{ attachment.filename }}</a></td>
<td>{{ attachment.timestamp }}</td>
<td>{{ attachment.added_by.get_full_name }}</td>
<td>{{ attachment.extension.lower }}</td>
<form action="{% url "todo:remove_attachment" %}" method="POST">
{% csrf_token %}
<input type="submit" value="X" class="btn btn-danger btn-sm">
{% endfor %}
{% endif %}
<form method="POST" action="" enctype="multipart/form-data" style="width:50%;">
{% csrf_token %}
<div class="input-group mb-3">
<div class="custom-file">
<input type="file" class="custom-file-input" id="attachment_file_input" name="attachment_file_input" />
<label class="custom-file-label" for="attachment_file_input">Choose file</label>
<div class="input-group-append">
<button class="btn btn-primary">Upload</button>
{% endif %}
<div class="mt-3">
<h5>Add comment</h5>
<form action="" method="post">
{% csrf_token %}
<div class="form-group">
<textarea class="form-control" name="comment-body" rows="3" required></textarea>
<input class="btn btn-sm btn-primary" type="submit" name="add_comment" value="Add Comment">
<div class="task_comments mt-4">
{% if comment_list %}
<h5>Comments on this task</h5>
{% for comment in comment_list %}
<div class="mb-3 card">
<div class="card-header">
<div class="float-left">
{% if comment.email_message_id %}
<span class="badge badge-warning">email</span>
{% endif %}
{{ comment.author_text }}
<span class="float-right d-inline-block text-muted">
{{|date:"F d Y P" }}
<div class="{{ comment_classes | join:" " }} card-body">
{{ comment.body|safe|urlize|linebreaks }}
{% endfor %}
{% else %}
<h5>No comments (yet).</h5>
{% endif %}
{% endblock %}
{% block extra_js %}
{# Support file attachment uploader #}
// Get the file name and remove browser-added "fakepath."
// Then replace the "Choose a file" label.
var fileName = $(this).val().replace('C:\\fakepath\\', " ");
{% endblock extra_js %}

View file

View file

@ -1,42 +0,0 @@
import pytest
from django.contrib.auth.models import Group
from todo.models import Task, TaskList
def todo_setup(django_user_model):
# Two groups with different users, two sets of tasks.
g1 = Group.objects.create(name="Workgroup One")
u1 = django_user_model.objects.create_user(
username="u1", password="password", email="", is_staff=True
tlist1 = TaskList.objects.create(group=g1, name="Zip", slug="zip")
Task.objects.create(created_by=u1, title="Task 1", task_list=tlist1, priority=1)
Task.objects.create(created_by=u1, title="Task 2", task_list=tlist1, priority=2, completed=True)
Task.objects.create(created_by=u1, title="Task 3", task_list=tlist1, priority=3)
g2 = Group.objects.create(name="Workgroup Two")
u2 = django_user_model.objects.create_user(
username="u2", password="password", email="", is_staff=True
tlist2 = TaskList.objects.create(group=g2, name="Zap", slug="zap")
Task.objects.create(created_by=u2, title="Task 1", task_list=tlist2, priority=1)
Task.objects.create(created_by=u2, title="Task 2", task_list=tlist2, priority=2, completed=True)
Task.objects.create(created_by=u2, title="Task 3", task_list=tlist2, priority=3)
# Add a third user for a test that needs two users in the same group.
extra_g2_user = django_user_model.objects.create_user(
username="extra_g2_user", password="password", email="", is_staff=True
# Set up an in-memory mail server to receive test emails
def email_backend_setup(settings):
settings.EMAIL_BACKEND = "django.core.mail.backends.locmem.EmailBackend"

View file

@ -1,4 +0,0 @@
Title,Group,Task List,Created By,Created Date,Due Date,Completed,Assigned To,Note,Priority
Make dinner,Workgroup One,Zip,u1,,2019-06-14,No,u1,This is note one,3
Bake bread,Workgroup One,Zip,u1,2012-03-14,,Yes,,,
Bring dessert,Workgroup Two,Zap,u2,2015-06-248,,,,This is note two,77
1 Title Group Task List Created By Created Date Due Date Completed Assigned To Note Priority
2 Make dinner Workgroup One Zip u1 2019-06-14 No u1 This is note one 3
3 Bake bread Workgroup One Zip u1 2012-03-14 Yes
4 Bring dessert Workgroup Two Zap u2 2015-06-248 This is note two 77

View file

@ -1,76 +0,0 @@
import datetime
from pathlib import Path
import pytest
from django.contrib.auth import get_user_model
from todo.models import Task, TaskList
from todo.operations.csv_importer import CSVImporter
Exercise the "Import CSV" feature, which shares a functional module that serves
both the `import_csv` management command and the "Import CSV" web interface.
def import_setup(todo_setup):
app_path = Path(__file__).resolve().parent.parent
filepath = Path(app_path, "tests/data/csv_import_data.csv")
with"r", encoding="utf-8-sig") as fileobj:
importer = CSVImporter()
results = importer.upsert(fileobj, as_string_obj=True)
assert results
return {"results": results}
def test_setup(todo_setup):
"""Confirm what we should have from conftest, prior to importing CSV."""
assert TaskList.objects.all().count() == 2
assert Task.objects.all().count() == 6
def test_import(import_setup):
"""Confirm that importing the CSV gave us two more rows (one should have been skipped)"""
assert Task.objects.all().count() == 8 # 2 out of 3 rows should have imported; one was an error
def test_report(import_setup):
"""Confirm that importing the CSV returned expected report messaging."""
results = import_setup["results"]
assert "Processed 3 CSV rows" in results["summaries"]
assert "Upserted 2 rows" in results["summaries"]
assert "Skipped 1 rows" in results["summaries"]
assert isinstance(results["errors"], list)
assert len(results["errors"]) == 1
assert (
== "Could not convert Created Date 2015-06-248 to valid date instance"
assert (
'Upserted task 7: "Make dinner" in list "Zip" (group "Workgroup One")' in results["upserts"]
assert (
'Upserted task 8: "Bake bread" in list "Zip" (group "Workgroup One")' in results["upserts"]
def test_inserted_row(import_setup):
"""Confirm that one inserted row is exactly right."""
task = Task.objects.get(title="Make dinner", task_list__name="Zip")
assert task.created_by == get_user_model().objects.get(username="u1")
assert task.assigned_to == get_user_model().objects.get(username="u1")
assert not task.completed
assert task.note == "This is note one"
assert task.priority == 3
assert task.created_date ==

View file

@ -1,60 +0,0 @@
import pytest
from django.core import mail
from todo.models import Task, Comment
from todo.mail.consumers import tracker_consumer
from email.message import EmailMessage
def consumer(*args, title_format="[TEST] {subject}", **kwargs):
return tracker_consumer(
group="Workgroup One", task_list_slug="zip", priority=1, task_title_format=title_format
)(*args, **kwargs)
def make_message(subject, content):
msg = EmailMessage()
msg["Subject"] = subject
return msg
def test_tracker_task_creation(todo_setup, django_user_model):
msg = make_message("test1 subject", "test1 content")
msg["From"] = ""
msg["Message-ID"] = "<>"
# test task creation
task_count = Task.objects.count()
assert task_count + 1 == Task.objects.count(), "task wasn't created"
task = Task.objects.filter(title="[TEST] test1 subject").first()
assert task is not None, "task was created with the wrong name"
# test thread answers
msg = make_message("test2 subject", "test2 content")
msg["From"] = ""
msg["Message-ID"] = "<>"
msg["References"] = "<> <>"
task_count = Task.objects.count()
assert task_count == Task.objects.count(), "comment created another task"
task=task, body__contains="test2 content", email_message_id="<>"
# test notification answer
msg = make_message("test3 subject", "test3 content")
msg["From"] = ""
msg["Message-ID"] = "<>"
msg["References"] = "<thread-{}@django-todo> <>".format(
task_count = Task.objects.count()
assert task_count == Task.objects.count(), "comment created another task"
task=task, body__contains="test3 content", email_message_id="<>"

View file

@ -1,80 +0,0 @@
from django.core import mail
from todo.defaults import defaults
from todo.models import Comment, Task
from todo.utils import send_email_to_thread_participants, send_notify_mail
def test_send_notify_mail_not_me(todo_setup, django_user_model, email_backend_setup):
"""Assign a task to someone else, mail should be sent.
TODO: Future tests could check for email contents.
u1 = django_user_model.objects.get(username="u1")
u2 = django_user_model.objects.get(username="u2")
task = Task.objects.filter(created_by=u1).first()
task.assigned_to = u2
assert len(mail.outbox) == 1
def test_send_notify_mail_myself(todo_setup, django_user_model, email_backend_setup):
"""Assign a task to myself, no mail should be sent.
u1 = django_user_model.objects.get(username="u1")
task = Task.objects.filter(created_by=u1).first()
task.assigned_to = u1
assert len(mail.outbox) == 0
def test_send_email_to_thread_participants(todo_setup, django_user_model, email_backend_setup):
"""For a given task authored by one user, add comments by two other users.
Notification email should be sent to all three users."""
u1 = django_user_model.objects.get(username="u1")
task = Task.objects.filter(created_by=u1).first()
u3 = django_user_model.objects.create_user(
username="u3", password="zzz", email=""
u4 = django_user_model.objects.create_user(
username="u4", password="zzz", email=""
Comment.objects.create(author=u3, task=task, body="Hello")
Comment.objects.create(author=u4, task=task, body="Hello")
send_email_to_thread_participants(task, "test body", u1)
assert len(mail.outbox) == 1 # One message to multiple recipients
assert "" in mail.outbox[0].recipients()
assert "" in mail.outbox[0].recipients()
assert "" in mail.outbox[0].recipients()
def test_defaults(settings):
"""todo's `defaults` module provides reasonable default values for unspecified settings.
If a value is NOT set, it should be pulled from the hash in
If a value IS set, it should be respected.
n.b. TODO_STAFF_ONLY which defaults to True in the `defaults` module."""
# Setting is not set, and should default to True (the value in
assert not hasattr(settings, key)
assert defaults(key)
# Setting is already set to True and should be respected.
settings.TODO_STAFF_ONLY = True
assert defaults(key)
# Setting is already set to False and should be respected.
settings.TODO_STAFF_ONLY = False
assert not defaults(key)
# FIXME: Add tests for:
# Attachments: Test whether allowed, test multiple, test extensions

View file

@ -1,352 +0,0 @@
import bleach
import pytest
from django.contrib.auth import get_user_model
from django.contrib.auth.models import Group
from django.urls import reverse
from todo.models import Task, TaskList
First the "smoketests" - do they respond at all for a logged in admin user?
Next permissions tests - some views should respond for staffers only.
After that, view contents and behaviors.
def test_todo_setup(todo_setup):
assert Task.objects.all().count() == 6
def test_view_list_lists(todo_setup, admin_client):
url = reverse("todo:lists")
response = admin_client.get(url)
assert response.status_code == 200
def test_view_reorder(todo_setup, admin_client):
url = reverse("todo:reorder_tasks")
response = admin_client.get(url)
assert response.status_code == 201 # Special case return value expected
def test_view_external_add(todo_setup, admin_client, settings):
default_list = TaskList.objects.first()
settings.TODO_DEFAULT_LIST_SLUG = default_list.slug
assert settings.TODO_DEFAULT_LIST_SLUG == default_list.slug
url = reverse("todo:external_add")
response = admin_client.get(url)
assert response.status_code == 200
def test_view_mine(todo_setup, admin_client):
url = reverse("todo:mine")
response = admin_client.get(url)
assert response.status_code == 200
def test_view_list_completed(todo_setup, admin_client):
tlist = TaskList.objects.get(slug="zip")
url = reverse(
"todo:list_detail_completed", kwargs={"list_id":, "list_slug": tlist.slug}
response = admin_client.get(url)
assert response.status_code == 200
def test_view_list(todo_setup, admin_client):
tlist = TaskList.objects.get(slug="zip")
url = reverse("todo:list_detail", kwargs={"list_id":, "list_slug": tlist.slug})
response = admin_client.get(url)
assert response.status_code == 200
def test_view_add_list(todo_setup, admin_client):
url = reverse("todo:add_list")
response = admin_client.get(url)
assert response.status_code == 200
def test_view_task_detail(todo_setup, admin_client):
task = Task.objects.first()
url = reverse("todo:task_detail", kwargs={"task_id":})
response = admin_client.get(url)
assert response.status_code == 200
def test_del_task(todo_setup, admin_user, client):
task = Task.objects.first()
url = reverse("todo:delete_task", kwargs={"task_id":})
# View accepts POST, not GET
client.login(username="admin", password="password")
response = client.get(url)
assert response.status_code == 403
response =
assert not Task.objects.filter(
def test_task_toggle_done(todo_setup, admin_user, client):
task = Task.objects.first()
assert not task.completed
url = reverse("todo:task_toggle_done", kwargs={"task_id":})
# View accepts POST, not GET
client.login(username="admin", password="password")
response = client.get(url)
assert response.status_code == 403
assert task.completed
def test_view_search(todo_setup, admin_client):
url = reverse("todo:search")
response = admin_client.get(url)
assert response.status_code == 200
def test_no_javascript_in_task_note(todo_setup, client):
task_list = TaskList.objects.first()
user = get_user_model().objects.get(username="u2")
title = "Some Unique String"
note = "foo <script>alert('oh noez');</script> bar"
data = {
"priority": 10,
"title": title,
"note": note,
"add_edit_task": "Submit",
client.login(username="u2", password="password")
url = reverse("todo:list_detail", kwargs={"list_id":, "list_slug": task_list.slug})
response =, data)
assert response.status_code == 302
# Retrieve new task and compare notes field
task = Task.objects.get(title=title)
assert task.note != note # Should have been modified by bleach since note included javascript!
assert task.note == bleach.clean(note, strip=True)
def test_created_by_unchanged(todo_setup, client):
task_list = TaskList.objects.first()
u2 = get_user_model().objects.get(username="u2")
title = "Some Unique String with unique chars: ab78539e"
note = "a note"
data = {
"priority": 10,
"title": title,
"note": note,
"add_edit_task": "Submit",
client.login(username="u2", password="password")
url_add_task = reverse(
"todo:list_detail", kwargs={"list_id":, "list_slug": task_list.slug}
response =, data)
assert response.status_code == 302
# Retrieve new task and compare created_by
task = Task.objects.get(title=title)
assert task.created_by == u2
# Now that we've created the task, edit it as another user.
# After saving, created_by should remain unchanged.
extra_g2_user = get_user_model().objects.get(username="extra_g2_user")
client.login(username="extra_g2_user", password="password")
url_edit_task = reverse("todo:task_detail", kwargs={"task_id":})
dataTwo = {
"created_by":, # this submission is attempting to change created_by
"priority": 10,
"title": task.title,
"note": "the note was changed",
"add_edit_task": "Submit",
response =, dataTwo)
assert response.status_code == 302
# Proof that the task was saved:
assert task.note == "the note was changed"
# client was unable to modify created_by:
assert task.created_by == u2
@pytest.mark.parametrize("test_input, expected", [(True, True), (False, False)])
def test_completed_unchanged(test_input, expected, todo_setup, client):
"""Tasks are marked completed/uncompleted by buttons,
not via checkbox on the task edit form. Editing a task should
not change its completed status. Test with both completed and incomplete Tasks."""
task = Task.objects.get(title="Task 1", created_by__username="u1")
task.completed = test_input
assert task.completed == expected
url_edit_task = reverse("todo:task_detail", kwargs={"task_id":})
data = {
"title": "Something",
"note": "the note was changed",
"add_edit_task": "Submit",
"completed": task.completed,
client.login(username="u1", password="password")
response =, data)
assert response.status_code == 302
# Prove the task is still marked complete/incomplete
# (despite the default default state for completed being False)
assert task.completed == expected
def test_no_javascript_in_comments(todo_setup, client):
user = get_user_model().objects.get(username="u2")
client.login(username="u2", password="password")
task = Task.objects.first()
task.created_by = user
comment = "foo <script>alert('oh noez');</script> bar"
data = {"comment-body": comment, "add_comment": "Submit"}
url = reverse("todo:task_detail", kwargs={"task_id":})
response =, data)
assert response.status_code == 200
newcomment = task.comment_set.last()
assert newcomment != comment # Should have been modified by bleach
assert newcomment.body == bleach.clean(comment, strip=True)
def test_view_add_list_nonadmin(todo_setup, client):
url = reverse("todo:add_list")
client.login(username="you", password="password")
response = client.get(url)
assert response.status_code == 302 # Redirected to login
def test_view_del_list_nonadmin(todo_setup, client):
tlist = TaskList.objects.get(slug="zip")
url = reverse("todo:del_list", kwargs={"list_id":, "list_slug": tlist.slug})
client.login(username="you", password="password")
response = client.get(url)
assert response.status_code == 302 # Fedirected to login
def test_del_list_not_in_list_group(todo_setup, admin_client):
tlist = TaskList.objects.get(slug="zip")
url = reverse("todo:del_list", kwargs={"list_id":, "list_slug": tlist.slug})
response = admin_client.get(url)
assert response.status_code == 403
def test_view_list_mine(todo_setup, client):
"""View a list in a group I belong to.
tlist = TaskList.objects.get(slug="zip") # User u1 is in this group's list
url = reverse("todo:list_detail", kwargs={"list_id":, "list_slug": tlist.slug})
client.login(username="u1", password="password")
response = client.get(url)
assert response.status_code == 200
def test_view_list_not_mine(todo_setup, client):
"""View a list in a group I don't belong to.
tlist = TaskList.objects.get(slug="zip") # User u1 is in this group, user u2 is not.
url = reverse("todo:list_detail", kwargs={"list_id":, "list_slug": tlist.slug})
client.login(username="u2", password="password")
response = client.get(url)
assert response.status_code == 403
def test_view_task_mine(todo_setup, client):
# Users can always view their own tasks
task = Task.objects.filter(created_by__username="u1").first()
client.login(username="u1", password="password")
url = reverse("todo:task_detail", kwargs={"task_id":})
response = client.get(url)
assert response.status_code == 200
def test_view_task_my_group(todo_setup, client, django_user_model):
"""User can always view tasks that are NOT theirs IF the task is in a shared group.
u1 and u2 are in different groups in the fixture -
Put them in the same group."""
g1 = Group.objects.get(name="Workgroup One")
u2 = django_user_model.objects.get(username="u2")
# Now u2 should be able to view one of u1's tasks.
task = Task.objects.filter(created_by__username="u1").first()
url = reverse("todo:task_detail", kwargs={"task_id":})
client.login(username="u2", password="password")
response = client.get(url)
assert response.status_code == 200
def test_view_task_not_in_my_group(todo_setup, client):
# User canNOT view a task that isn't theirs if the two users are not in a shared group.
# For this we can use the fixture data as-is.
task = Task.objects.filter(created_by__username="u1").first()
url = reverse("todo:task_detail", kwargs={"task_id":})
client.login(username="u2", password="password")
response = client.get(url)
assert response.status_code == 403
def test_setting_TODO_STAFF_ONLY_False(todo_setup, client, settings):
# We use Django's user_passes_test to call `staff_check` utility function on all views.
# Just testing one view here; if it works, it works for all of them.
settings.TODO_STAFF_ONLY = False
url = reverse("todo:lists")
client.login(username="u2", password="password")
response = client.get(url)
assert response.status_code == 200
def test_setting_TODO_STAFF_ONLY_True(todo_setup, client, settings, django_user_model):
# We use Django's user_passes_test to call `staff_check` utility function on some views.
# Just testing one view here...
settings.TODO_STAFF_ONLY = True
url = reverse("todo:lists")
# Remove staff privileges from user u2; they should not be able to access
u2 = django_user_model.objects.get(username="u2")
u2.is_staff = False
client.login(username="u2", password="password")
response = client.get(url)
assert response.status_code == 302 # Redirected to login view

View file

@ -1,49 +0,0 @@
from django.conf import settings
from django.urls import path
from todo import views
from todo.features import HAS_TASK_MERGE
app_name = "todo"
urlpatterns = [
path("", views.list_lists, name="lists"),
# View reorder_tasks is only called by JQuery for drag/drop task ordering.
path("reorder_tasks/", views.reorder_tasks, name="reorder_tasks"),
# Allow users to post tasks from outside django-todo (e.g. for filing tickets - see docs)
path("ticket/add/", views.external_add, name="external_add"),
# Three paths into `list_detail` view
path("mine/", views.list_detail, {"list_slug": "mine"}, name="mine"),
{"view_completed": True},
path("<int:list_id>/<str:list_slug>/", views.list_detail, name="list_detail"),
path("<int:list_id>/<str:list_slug>/delete/", views.del_list, name="del_list"),
path("add_list/", views.add_list, name="add_list"),
path("task/<int:task_id>/", views.task_detail, name="task_detail"),
"attachment/remove/<int:attachment_id>/", views.remove_attachment, name="remove_attachment"
# ensure mail tracker autocomplete is optional
from todo.views.task_autocomplete import TaskAutocomplete
"task/<int:task_id>/autocomplete/", TaskAutocomplete.as_view(), name="task_autocomplete"
path("toggle_done/<int:task_id>/", views.toggle_done, name="task_toggle_done"),
path("delete/<int:task_id>/", views.delete_task, name="delete_task"),
path("search/",, name="search"),
path("import_csv/", views.import_csv, name="import_csv"),

View file

@ -1,173 +0,0 @@
import email.utils
import logging
import os
import time
from django.conf import settings
from django.contrib.sites.models import Site
from django.core import mail
from django.template.loader import render_to_string
from todo.defaults import defaults
from todo.models import Attachment, Comment, Task
log = logging.getLogger(__name__)
def staff_check(user):
"""If TODO_STAFF_ONLY is set to True, limit view access to staff users only.
# FIXME: More granular access control needed - see
if defaults("TODO_STAFF_ONLY"):
return user.is_staff
# If unset or False, allow all logged in users
return True
def user_can_read_task(task, user):
return in user.groups.all() or user.is_superuser
def todo_get_backend(task):
"""Returns a mail backend for some task"""
mail_backends = getattr(settings, "TODO_MAIL_BACKENDS", None)
if mail_backends is None:
return None
task_backend = mail_backends[task.task_list.slug]
if task_backend is None:
return None
return task_backend
def todo_get_mailer(user, task):
"""A mailer is a (from_address, backend) pair"""
task_backend = todo_get_backend(task)
if task_backend is None:
return (None, mail.get_connection)
from_address = getattr(task_backend, "from_address")
from_address = email.utils.formataddr((user.username, from_address))
return (from_address, task_backend)
def todo_send_mail(user, task, subject, body, recip_list):
"""Send an email attached to task, triggered by user"""
references = Comment.objects.filter(task=task).only("email_message_id")
references = (ref.email_message_id for ref in references)
references = " ".join(filter(bool, references))
from_address, backend = todo_get_mailer(user, task)
message_hash = hash((subject, body, from_address, frozenset(recip_list), references))
message_id = (
# the task_id enables attaching back notification answers
# the message hash / epoch pair enables deduplication
# avoid the -hexstring case (hashes can be negative)
# the thread message id is used as a common denominator between all
# notifications for some task. This message doesn't actually exist,
# it's just there to make threading possible
thread_message_id = "<thread-{}@django-todo>".format(
references = "{} {}".format(references, thread_message_id)
with backend() as connection:
message = mail.EmailMessage(
[], # Bcc
**getattr(backend, "headers", {}),
"Message-ID": message_id,
"References": references,
"In-reply-to": thread_message_id,
def send_notify_mail(new_task):
Send email to assignee if task is assigned to someone other than submittor.
Unassigned tasks should not try to notify.
if new_task.assigned_to == new_task.created_by:
current_site = Site.objects.get_current()
subject = render_to_string("todo/email/assigned_subject.txt", {"task": new_task})
body = render_to_string(
"todo/email/assigned_body.txt", {"task": new_task, "site": current_site}
recip_list = []
todo_send_mail(new_task.created_by, new_task, subject, body, recip_list)
def send_email_to_thread_participants(task, msg_body, user, subject=None):
"""Notify all previous commentors on a Task about a new comment."""
current_site = Site.objects.get_current()
email_subject = subject
if not subject:
subject = render_to_string("todo/email/assigned_subject.txt", {"task": task})
email_body = render_to_string(
{"task": task, "body": msg_body, "site": current_site, "user": user},
# Get all thread participants
commenters = Comment.objects.filter(task=task)
recip_list = set( for ca in commenters if is not None)
for related_user in (task.created_by, task.assigned_to):
if related_user is not None:
recip_list = list(m for m in recip_list if m)
todo_send_mail(user, task, email_subject, email_body, recip_list)
def toggle_task_completed(task_id: int) -> bool:
"""Toggle the `completed` bool on Task from True to False or vice versa."""
task = Task.objects.get(id=task_id)
task.completed = not task.completed
return True
except Task.DoesNotExist:"Task {task_id} not found.")
return False
def remove_attachment_file(attachment_id: int) -> bool:
"""Delete an Attachment object and its corresponding file from the filesystem."""
attachment = Attachment.objects.get(id=attachment_id)
if attachment.file:
if os.path.isfile(attachment.file.path):
return True
except Attachment.DoesNotExist:"Attachment {attachment_id} not found.")
return False

View file

@ -1,12 +0,0 @@
from todo.views.add_list import add_list # noqa: F401
from todo.views.del_list import del_list # noqa: F401
from todo.views.delete_task import delete_task # noqa: F401
from todo.views.external_add import external_add # noqa: F401
from todo.views.import_csv import import_csv # noqa: F401
from todo.views.list_detail import list_detail # noqa: F401
from todo.views.list_lists import list_lists # noqa: F401
from todo.views.remove_attachment import remove_attachment # noqa: F401
from todo.views.reorder_tasks import reorder_tasks # noqa: F401
from import search # noqa: F401
from todo.views.task_detail import task_detail # noqa: F401
from todo.views.toggle_done import toggle_done # noqa: F401

View file

@ -1,48 +0,0 @@
from django.contrib import messages
from django.contrib.auth.decorators import login_required, user_passes_test
from django.core.exceptions import PermissionDenied
from django.db import IntegrityError
from django.http import HttpResponse
from django.shortcuts import redirect, render
from django.utils.text import slugify
from todo.forms import AddTaskListForm
from todo.utils import staff_check
def add_list(request) -> HttpResponse:
"""Allow users to add a new todo list to the group they're in.
# Only staffers can add lists, regardless of TODO_STAFF_USER setting.
if not request.user.is_staff:
raise PermissionDenied
if request.POST:
form = AddTaskListForm(request.user, request.POST)
if form.is_valid():
newlist =
newlist.slug = slugify(, allow_unicode=True)
messages.success(request, "A new list has been added.")
return redirect("todo:lists")
except IntegrityError:
"There was a problem saving the new list. "
"Most likely a list with the same name in the same group already exists.",
if request.user.groups.all().count() == 1:
# FIXME: Assuming first of user's groups here; better to prompt for group
form = AddTaskListForm(request.user, initial={"group": request.user.groups.all()[0]})
form = AddTaskListForm(request.user)
context = {"form": form}
return render(request, "todo/add_list.html", context)

View file

@ -1,41 +0,0 @@
from django.contrib import messages
from django.contrib.auth.decorators import login_required, user_passes_test
from django.core.exceptions import PermissionDenied
from django.http import HttpResponse
from django.shortcuts import get_object_or_404, redirect, render
from todo.models import Task, TaskList
from todo.utils import staff_check
def del_list(request, list_id: int, list_slug: str) -> HttpResponse:
"""Delete an entire list. Only staff members should be allowed to access this view.
task_list = get_object_or_404(TaskList, id=list_id)
# Ensure user has permission to delete list. Get the group this list belongs to,
# and check whether current user is a member of that group AND a staffer.
if not in request.user.groups.all():
raise PermissionDenied
if not request.user.is_staff:
raise PermissionDenied
if request.method == "POST":
messages.success(request, "{list_name} is gone.".format(
return redirect("todo:lists")
task_count_done = Task.objects.filter(, completed=True).count()
task_count_undone = Task.objects.filter(, completed=False).count()
task_count_total = Task.objects.filter(
context = {
"task_list": task_list,
"task_count_done": task_count_done,
"task_count_undone": task_count_undone,
"task_count_total": task_count_total,
return render(request, "todo/del_list.html", context)

View file

@ -1,42 +0,0 @@
from django.contrib import messages
from django.contrib.auth.decorators import login_required, user_passes_test
from django.core.exceptions import PermissionDenied
from django.http import HttpResponse
from django.shortcuts import get_object_or_404, redirect
from django.urls import reverse
from todo.models import Task
from todo.utils import staff_check
def delete_task(request, task_id: int) -> HttpResponse:
"""Delete specified task.
Redirect to the list from which the task came.
if request.method == "POST":
task = get_object_or_404(Task, pk=task_id)
redir_url = reverse(
kwargs={"list_id":, "list_slug": task.task_list.slug},
# Permissions
if not (
(task.created_by == request.user)
or (request.user.is_superuser)
or (task.assigned_to == request.user)
or ( in request.user.groups.all())
raise PermissionDenied
messages.success(request, "Task '{}' has been deleted".format(task.title))
return redirect(redir_url)
raise PermissionDenied

View file

@ -1,81 +0,0 @@
from django.conf import settings
from django.contrib import messages
from django.contrib.auth.decorators import login_required, user_passes_test
from django.contrib.auth import get_user_model
from django.contrib.sites.models import Site
from django.core.mail import send_mail
from django.http import HttpResponse
from django.shortcuts import redirect, render
from django.template.loader import render_to_string
from todo.defaults import defaults
from todo.forms import AddExternalTaskForm
from todo.models import TaskList
from todo.utils import staff_check
def external_add(request) -> HttpResponse:
"""Allow authenticated users who don't have access to the rest of the ticket system to file a ticket
in the list specified in settings (e.g. django-todo can be used a ticket filing system for a school, where
students can file tickets without access to the rest of the todo system).
Publicly filed tickets are unassigned unless settings.DEFAULT_ASSIGNEE exists.
if not settings.TODO_DEFAULT_LIST_SLUG:
# We do NOT provide a default in defaults
raise RuntimeError(
"This feature requires TODO_DEFAULT_LIST_SLUG: in settings. See documentation."
if not TaskList.objects.filter(slug=settings.TODO_DEFAULT_LIST_SLUG).exists():
raise RuntimeError(
"There is no TaskList with slug specified for TODO_DEFAULT_LIST_SLUG in settings."
if request.POST:
form = AddExternalTaskForm(request.POST)
if form.is_valid():
current_site = Site.objects.get_current()
task =
task.task_list = TaskList.objects.get(slug=settings.TODO_DEFAULT_LIST_SLUG)
task.created_by = request.user
task.assigned_to = get_user_model().objects.get(username=settings.TODO_DEFAULT_ASSIGNEE)
# Send email to assignee if we have one
if task.assigned_to:
email_subject = render_to_string(
"todo/email/assigned_subject.txt", {"task": task.title}
email_body = render_to_string(
"todo/email/assigned_body.txt", {"task": task, "site": current_site}
except ConnectionRefusedError:
request, "Task saved but mail not sent. Contact your administrator."
request, "Your trouble ticket has been submitted. We'll get back to you soon."
return redirect(defaults("TODO_PUBLIC_SUBMIT_REDIRECT"))
form = AddExternalTaskForm(initial={"priority": 999})
context = {"form": form}
return render(request, "todo/add_task_external.html", context)

View file

@ -1,34 +0,0 @@
from django.contrib import messages
from django.contrib.auth.decorators import login_required, user_passes_test
from django.http import HttpResponse
from django.shortcuts import redirect, render, reverse
from todo.operations.csv_importer import CSVImporter
from todo.utils import staff_check
def import_csv(request) -> HttpResponse:
"""Import a specifically formatted CSV into stored tasks.
ctx = {"results": None}
if request.method == "POST":
filepath = request.FILES.get("csvfile")
if not filepath:
messages.error(request, "You must supply a CSV file to import.")
return redirect(reverse("todo:import_csv"))
importer = CSVImporter()
results = importer.upsert(filepath)
if results:
ctx["results"] = results
messages.error(request, "Could not parse provided CSV file.")
return redirect(reverse("todo:import_csv"))
return render(request, "todo/import_csv.html", context=ctx)

View file

@ -1,85 +0,0 @@
import bleach
from django.contrib import messages
from django.contrib.auth.decorators import login_required, user_passes_test
from django.core.exceptions import PermissionDenied
from django.http import HttpResponse
from django.shortcuts import get_object_or_404, redirect, render
from django.utils import timezone
from todo.forms import AddEditTaskForm
from todo.models import Task, TaskList
from todo.utils import send_notify_mail, staff_check
def list_detail(request, list_id=None, list_slug=None, view_completed=False) -> HttpResponse:
"""Display and manage tasks in a todo list.
# Defaults
task_list = None
form = None
# Which tasks to show on this list view?
if list_slug == "mine":
tasks = Task.objects.filter(assigned_to=request.user)
# Show a specific list, ensuring permissions.
task_list = get_object_or_404(TaskList, id=list_id)
if not in request.user.groups.all() and not request.user.is_superuser:
raise PermissionDenied
tasks = Task.objects.filter(
# Additional filtering
if view_completed:
tasks = tasks.filter(completed=True)
tasks = tasks.filter(completed=False)
# ######################
# Add New Task Form
# ######################
if request.POST.getlist("add_edit_task"):
form = AddEditTaskForm(
initial={"assigned_to":, "priority": 999, "task_list": task_list},
if form.is_valid():
new_task =
new_task.created_by = request.user
new_task.note = bleach.clean(form.cleaned_data["note"], strip=True)
# Send email alert only if Notify checkbox is checked AND assignee is not same as the submitter
if (
"notify" in request.POST
and new_task.assigned_to
and new_task.assigned_to != request.user
messages.success(request, 'New task "{t}" has been added.'.format(t=new_task.title))
return redirect(request.path)
# Don't allow adding new tasks on some views
if list_slug not in ["mine", "recent-add", "recent-complete"]:
form = AddEditTaskForm(
initial={"assigned_to":, "priority": 999, "task_list": task_list},
context = {
"list_id": list_id,
"list_slug": list_slug,
"task_list": task_list,
"form": form,
"tasks": tasks,
"view_completed": view_completed,
return render(request, "todo/list_detail.html", context)

View file

@ -1,54 +0,0 @@
import datetime
from django.contrib import messages
from django.contrib.auth.decorators import login_required, user_passes_test
from django.http import HttpResponse
from django.shortcuts import render
from todo.forms import SearchForm
from todo.models import Task, TaskList
from todo.utils import staff_check
def list_lists(request) -> HttpResponse:
"""Homepage view - list of lists a user can view, and ability to add a list.
thedate =
searchform = SearchForm(auto_id=False)
# Make sure user belongs to at least one group.
if not request.user.groups.all().exists():
"You do not yet belong to any groups. Ask your administrator to add you to one.",
# Superusers see all lists
lists = TaskList.objects.all().order_by("group__name", "name")
if not request.user.is_superuser:
lists = lists.filter(group__in=request.user.groups.all())
list_count = lists.count()
# superusers see all lists, so count shouldn't filter by just lists the admin belongs to
if request.user.is_superuser:
task_count = Task.objects.filter(completed=0).count()
task_count = (
context = {
"lists": lists,
"thedate": thedate,
"searchform": searchform,
"list_count": list_count,
"task_count": task_count,
return render(request, "todo/list_lists.html", context)

View file

@ -1,40 +0,0 @@
from django.contrib import messages
from django.contrib.auth.decorators import login_required
from django.core.exceptions import PermissionDenied
from django.http import HttpResponse
from django.shortcuts import get_object_or_404, redirect
from django.urls import reverse
from todo.models import Attachment
from todo.utils import remove_attachment_file
def remove_attachment(request, attachment_id: int) -> HttpResponse:
"""Delete a previously posted attachment object and its corresponding file
from the filesystem, permissions allowing.
if request.method == "POST":
attachment = get_object_or_404(Attachment, pk=attachment_id)
redir_url = reverse("todo:task_detail", kwargs={"task_id":})
# Permissions
if not ( in request.user.groups.all()
or request.user.is_superuser
raise PermissionDenied
if remove_attachment_file(
messages.success(request, f"Attachment {} removed.")
request, f"Sorry, there was a problem deleting attachment {}."
return redirect(redir_url)
raise PermissionDenied

View file

@ -1,35 +0,0 @@
from django.contrib.auth.decorators import login_required, user_passes_test
from django.http import HttpResponse
from django.views.decorators.csrf import csrf_exempt
from todo.models import Task
from todo.utils import staff_check
def reorder_tasks(request) -> HttpResponse:
"""Handle task re-ordering (priorities) from JQuery drag/drop in list_detail.html
newtasklist = request.POST.getlist("tasktable[]")
if newtasklist:
# First task in received list is always empty - remove it
del newtasklist[0]
# Re-prioritize each task in list
i = 1
for id in newtasklist:
task = Task.objects.get(pk=id)
task.priority = i
i += 1
except Task.DoesNotExist:
# Can occur if task is deleted behind the scenes during re-ordering.
# Not easy to remove it from the UI without page refresh, but prevent crash.
# All views must return an httpresponse of some kind ... without this we get
# error 500s in the log even though things look peachy in the browser.
return HttpResponse(status=201)

View file

@ -1,43 +0,0 @@
from django.contrib.auth.decorators import login_required, user_passes_test
from django.db.models import Q
from django.http import HttpResponse
from django.shortcuts import render
from todo.models import Task
from todo.utils import staff_check
def search(request) -> HttpResponse:
"""Search for tasks user has permission to see.
query_string = ""
if request.GET:
found_tasks = None
if ("q" in request.GET) and request.GET["q"].strip():
query_string = request.GET["q"]
found_tasks = Task.objects.filter(
Q(title__icontains=query_string) | Q(note__icontains=query_string)
# What if they selected the "completed" toggle but didn't enter a query string?
# We still need found_tasks in a queryset so it can be "excluded" below.
found_tasks = Task.objects.all()
if "inc_complete" in request.GET:
found_tasks = found_tasks.exclude(completed=True)
found_tasks = None
# Only include tasks that are in groups of which this user is a member:
if not request.user.is_superuser:
found_tasks = found_tasks.filter(task_list__group__in=request.user.groups.all())
context = {"query_string": query_string, "found_tasks": found_tasks}
return render(request, "todo/search_results.html", context)

View file

@ -1,29 +0,0 @@
from dal import autocomplete
from django.contrib.auth.decorators import login_required
from django.core.exceptions import PermissionDenied
from django.shortcuts import get_object_or_404
from django.utils.decorators import method_decorator
from todo.models import Task
from todo.utils import user_can_read_task
class TaskAutocomplete(autocomplete.Select2QuerySetView):
def dispatch(self, request, task_id, *args, **kwargs):
self.task = get_object_or_404(Task, pk=task_id)
if not user_can_read_task(self.task, request.user):
raise PermissionDenied
return super().dispatch(request, task_id, *args, **kwargs)
def get_queryset(self):
# Don't forget to filter out results depending on the visitor !
if not self.request.user.is_authenticated:
return Task.objects.none()
qs = Task.objects.filter(task_list=self.task.task_list).exclude(
if self.q:
qs = qs.filter(title__istartswith=self.q)
return qs

View file

@ -1,151 +0,0 @@
import datetime
import os
import bleach
from django import forms
from django.conf import settings
from django.contrib import messages
from django.contrib.auth.decorators import login_required, user_passes_test
from django.core.exceptions import PermissionDenied
from django.http import HttpResponse
from django.shortcuts import get_object_or_404, redirect, render
from django.urls import reverse
from todo.defaults import defaults
from todo.features import HAS_TASK_MERGE
from todo.forms import AddEditTaskForm
from todo.models import Attachment, Comment, Task
from todo.utils import (
from dal import autocomplete
def handle_add_comment(request, task):
if not request.POST.get("add_comment"):
author=request.user, task=task, body=bleach.clean(request.POST["comment-body"], strip=True)
subject='New comment posted on task "{}"'.format(task.title),
messages.success(request, "Comment posted. Notification email sent to thread participants.")
def task_detail(request, task_id: int) -> HttpResponse:
"""View task details. Allow task details to be edited. Process new comments on task.
task = get_object_or_404(Task, pk=task_id)
comment_list = Comment.objects.filter(task=task_id).order_by("-date")
# Ensure user has permission to view task. Superusers can view all tasks.
# Get the group this task belongs to, and check whether current user is a member of that group.
if not user_can_read_task(task, request.user):
raise PermissionDenied
# Handle task merging
merge_form = None
class MergeForm(forms.Form):
merge_target = forms.ModelChoiceField(
url=reverse("todo:task_autocomplete", kwargs={"task_id": task_id})
# Handle task merging
if not request.POST.get("merge_task_into"):
merge_form = MergeForm()
merge_form = MergeForm(request.POST)
if merge_form.is_valid():
merge_target = merge_form.cleaned_data["merge_target"]
if not user_can_read_task(merge_target, request.user):
raise PermissionDenied
return redirect(reverse("todo:task_detail", kwargs={"task_id":}))
# Save submitted comments
handle_add_comment(request, task)
# Save task edits
if not request.POST.get("add_edit_task"):
form = AddEditTaskForm(request.user, instance=task, initial={"task_list": task.task_list})
form = AddEditTaskForm(
request.user, request.POST, instance=task, initial={"task_list": task.task_list}
if form.is_valid():
item =
item.note = bleach.clean(form.cleaned_data["note"], strip=True)
item.title = bleach.clean(form.cleaned_data["title"], strip=True)
messages.success(request, "The task has been edited.")
return redirect(
"todo:list_detail",, list_slug=task.task_list.slug
# Mark complete
if request.POST.get("toggle_done"):
results_changed = toggle_task_completed(
if results_changed:
messages.success(request, f"Changed completion status for task {}")
return redirect("todo:task_detail",
if task.due_date:
thedate = task.due_date
thedate =
# Handle uploaded files
if request.FILES.get("attachment_file_input"):
file = request.FILES.get("attachment_file_input")
if file.size > defaults("TODO_MAXIMUM_ATTACHMENT_SIZE"):
messages.error(request, f"File exceeds maximum attachment size.")
return redirect("todo:task_detail",
name, extension = os.path.splitext(
if extension not in defaults("TODO_LIMIT_FILE_ATTACHMENTS"):
messages.error(request, f"This site does not allow upload of {extension} files.")
return redirect("todo:task_detail",
task=task, added_by=request.user,, file=file
messages.success(request, f"File attached successfully")
return redirect("todo:task_detail",
context = {
"task": task,
"comment_list": comment_list,
"form": form,
"merge_form": merge_form,
"thedate": thedate,
"comment_classes": defaults("TODO_COMMENT_CLASSES"),
"attachments_enabled": defaults("TODO_ALLOW_FILE_ATTACHMENTS"),
return render(request, "todo/task_detail.html", context)

View file

@ -1,43 +0,0 @@
from django.contrib import messages
from django.contrib.auth.decorators import login_required, user_passes_test
from django.core.exceptions import PermissionDenied
from django.http import HttpResponse
from django.shortcuts import get_object_or_404, redirect
from django.urls import reverse
from todo.models import Task
from todo.utils import toggle_task_completed
from todo.utils import staff_check
def toggle_done(request, task_id: int) -> HttpResponse:
"""Toggle the completed status of a task from done to undone, or vice versa.
Redirect to the list from which the task came.
if request.method == "POST":
task = get_object_or_404(Task, pk=task_id)
redir_url = reverse(
kwargs={"list_id":, "list_slug": task.task_list.slug},
# Permissions
if not (
(task.created_by == request.user)
or (request.user.is_superuser)
or (task.assigned_to == request.user)
or ( in request.user.groups.all())
raise PermissionDenied
messages.success(request, "Task status changed for '{}'".format(task.title))
return redirect(redir_url)
raise PermissionDenied

werf.yml Normal file
View file

@ -0,0 +1,2 @@
project: coins-demo
configVersion: 1