Fix CSRF issues in svx form

Set date formats Add DataIssue model and add errors to it to allow us to give people a list of stuff to fix
2024-11-21 23:01:52 +00:00 · 2019-04-14 22:45:31 +01:00 · 2019-04-14 22:45:31 +01:00 · 23df89cf31
commit 23df89cf31
parent d1d0c24ed8
8 changed files with 37 additions and 15 deletions
--- a/core/admin.py
+++ b/core/admin.py
@ -139,6 +139,7 @@ admin.site.register(SurvexStation)
 admin.site.register(SurvexScansFolder)
 admin.site.register(SurvexScanSingle)

+admin.site.register(DataIssue)

 def export_as_json(modeladmin, request, queryset):
    response = HttpResponse(content_type="text/json")
--- a/core/models.py
+++ b/core/models.py
@ -870,3 +870,11 @@ class Survey(TroggleModel):

    def elevations(self):
        return self.scannedimage_set.filter(contents='elevation')
+
+class DataIssue(TroggleModel):
+    date = models.DateTimeField(auto_now_add=True, blank=True)
+    parser = models.CharField(max_length=50, blank=True, null=True)
+    message = models.CharField(max_length=400, blank=True, null=True)
+
+    def __unicode__(self):
+        return u"%s - %s" % (self.parser, self.message)
--- a/core/views_logbooks.py
+++ b/core/views_logbooks.py
@ -54,7 +54,7 @@ def personindex(request):
            if person.bisnotable():
                notablepersons.append(person)

-    return render(request,'personindex.html', {'persons': persons, 'personss':personss, 'notablepersons':notablepersons, })
+    return render(request,'personindex.html', {'persons': persons, 'personss':personss, 'notablepersons':notablepersons})


 def expedition(request, expeditionname):
--- a/core/views_survex.py
+++ b/core/views_survex.py
@ -1,6 +1,7 @@
 from django import forms
 from django.http import HttpResponseRedirect, HttpResponse
-from django.shortcuts import render_to_response
+from django.shortcuts import render_to_response, render
+from django.core.context_processors import csrf
 from django.http import HttpResponse, Http404
 import re
 import os
@ -172,6 +173,7 @@ def svx(request, survex_file):
            'difflist': difflist,
            'logmessage':logmessage,
            'form':form}
+    vmap.update(csrf(request))
    if outputtype == "ajax":
        return render_to_response('svxfiledifflistonly.html', vmap)
    return render_to_response('svxfile.html', vmap)
--- a/parsers/caves.py
+++ b/parsers/caves.py
@ -6,10 +6,10 @@ import re


 def readcaves():
-  newArea = models.Area(short_name = "1623", parent = None)
-  newArea.save()
-  newArea = models.Area(short_name = "1626", parent = None)
-  newArea.save()
+  area_1623 = models.Area(short_name = "1623", parent = None)
+  area_1623.save()
+  area_1626 = models.Area(short_name = "1626", parent = None)
+  area_1626.save()
  print("Reading Entrances")
  #print "list of <Slug> <Filename>"
  for filename in os.walk(settings.ENTRANCEDESCRIPTIONS).next()[2]: #Should be a better way of getting a list of files
@ -171,11 +171,16 @@ def readcave(filename):
 def getXML(text, itemname, minItems = 1, maxItems = None, printwarnings = True, context = ""):
    items = re.findall("<%(itemname)s>(.*?)</%(itemname)s>" % {"itemname": itemname}, text, re.S)
    if len(items) < minItems and printwarnings:
-        print("%(count)i %(itemname)s found, at least %(min)i expected" % {"count": len(items),
+        message = "%(count)i %(itemname)s found, at least %(min)i expected" % {"count": len(items),
                                                                           "itemname": itemname,
-                                                                           "min": minItems} + context)
+                                                                           "min": minItems} + context
+        models.DataIssue.objects.create(parser='caves', message=message)
+        print(message)
+        
    if maxItems is not None and len(items) > maxItems and printwarnings:
-        print("%(count)i %(itemname)s found, no more than %(max)i expected" % {"count": len(items),
+        message = "%(count)i %(itemname)s found, no more than %(max)i expected" % {"count": len(items),
                                                                               "itemname": itemname,
-                                                                               "max": maxItems} + context)
+                                                                               "max": maxItems} + context
+        models.DataIssue.objects.create(parser='caves', message=message)
+        print(message)
    return items
--- a/parsers/logbooks.py
+++ b/parsers/logbooks.py
@ -7,6 +7,8 @@ from parsers.people import GetPersonExpeditionNameLookup
 from parsers.cavetab import GetCaveLookup

 from django.template.defaultfilters import slugify
+from django.utils.timezone import get_current_timezone
+from django.utils.timezone import make_aware

 import csv
 import re
@ -36,6 +38,8 @@ def GetTripPersons(trippeople, expedition, logtime_underground):
            personyear = GetPersonExpeditionNameLookup(expedition).get(tripperson.lower())
            if not personyear:
                print("   - No name match for: '%s'" % tripperson)
+                message = "No name match for: '%s' in year '%s'" % (tripperson, expedition.year)
+                models.DataIssue.objects.create(parser='logbooks', message=message)
            res.append((personyear, logtime_underground))
            if mul:
                author = personyear
@ -79,6 +83,8 @@ def EnterLogIntoDbase(date, place, title, text, trippeople, expedition, logtime_
    trippersons, author = GetTripPersons(trippeople, expedition, logtime_underground)
    if not author:
        print("   - Skipping logentry: " + title + " - no author for entry")
+        message = "Skipping logentry: %s - no author for entry in year '%s'" % (title, expedition.year)
+        models.DataIssue.objects.create(parser='logbooks', message=message)
        return

    #tripCave = GetTripCave(place)
--- a/templates/logbookentry.html
+++ b/templates/logbookentry.html
@ -20,10 +20,10 @@

 <p>
  {% if logbookentry.get_previous_by_date %}
-    <a href="{{ logbookentry.get_previous_by_date.get_absolute_url }}">{{logbookentry.get_previous_by_date.date}}</a>
+    <a href="{{ logbookentry.get_previous_by_date.get_absolute_url }}">{{logbookentry.get_previous_by_date.date|date:"D d M Y"}}</a>
  {% endif %}
  {% if logbookentry.get_next_by_date %}
-    <a href="{{ logbookentry.get_next_by_date.get_absolute_url }}">{{logbookentry.get_next_by_date.date}}</a>
+    <a href="{{ logbookentry.get_next_by_date.get_absolute_url }}">{{logbookentry.get_next_by_date.date|date:"D d M Y"}}</a>
  {% endif %}
 </p>

@ -47,12 +47,12 @@

  <td>
  {% if persontrip.persontrip_prev %}
-    <a href="{{ persontrip.persontrip_prev.logbook_entry.get_absolute_url }}">{{persontrip.persontrip_prev.logbook_entry.date}}</a>
+    <a href="{{ persontrip.persontrip_prev.logbook_entry.get_absolute_url }}">{{persontrip.persontrip_prev.logbook_entry.date|date:"D d M Y"}}</a>
  {% endif %}
  </td>
  <td>
  {% if persontrip.persontrip_next %}
-    <a href="{{ persontrip.persontrip_next.logbook_entry.get_absolute_url }}">{{persontrip.persontrip_next.logbook_entry.date}}</a>
+    <a href="{{ persontrip.persontrip_next.logbook_entry.get_absolute_url }}">{{persontrip.persontrip_next.logbook_entry.date|date:"D d M Y"}}</a>
  {% endif %}
  </td>

--- a/templates/svxfile.html
+++ b/templates/svxfile.html
@ -46,7 +46,7 @@ $(document).ready(function()
 </p>
 {% endif %}

-<form id="codewikiform" action="" method="POST">
+<form id="codewikiform" action="" method="POST">{% csrf_token %}
    <div class="codeframebit">{{form.code}}</div>
    <div style="display:none">{{form.filename}} {{form.dirname}} {{form.datetime}} {{form.outputtype}}</div>
    <input type="submit" name="diff" value="Diffy" />