moved textedit from uploads to expo

2025-12-18 17:37:11 +00:00 · 2025-02-13 16:55:12 +00:00
parent a976497b3a
commit ae36f1a9ce
2 changed files with 110 additions and 111 deletions
--- a/core/views/expo.py
+++ b/core/views/expo.py
@@ -25,7 +25,6 @@ from troggle.core.utils import (
    is_identified_user
 )
 from troggle.core.views.editor_helpers import HTMLarea
 from troggle.core.views.uploads import edittxtpage
 from .auth import login_required_if_public
@@ -529,6 +528,103 @@ def editexpopage(request, path):
        },
    )     
@login_required_if_public
 def edittxtpage(request, path, filepath):
    """Editing a .txt file on expoweb/
    Yes this is a security hazard as arbitrary text can be uploaded and it is not enclosed in any HTML furniture.
    """
    def simple_get(viewtext):
        print(f"simple_get {editor=}")
        form = ExpotextfileForm(initial={"identified_login": identified_login, "who_are_you":editor})
        if identified_login:
            # disable editing the git id string as we get it from the logged-on user data
            form.fields["who_are_you"].widget.attrs["readonly"]="readonly"
        return render(
            request,
            "textfileform.html",
            {
                "form": form,
                "path": path,
                "message": message,
                "filepath": filepath,
                "text": viewtext,
            },
        )
    message=""
    if not filepath.is_file():
        message = f"File not found '{filepath}\n\nfailure detected in expowebpage() in views.expo.py"
        print(f"Not a file: {filepath}")
        return render(request, "errors/generic.html", {"message": message})
    try:     
        with open(filepath, "r") as f:
            originaltext = f.read()
    except IOError:
        message = f'Cannot open {filepath} for text file reading even though it is a file.'
        print(message)
        return render(request, "errors/generic.html", {"message": message})
    identified_login  = is_identified_user(request.user)
    editor = get_editor(request)   
    if request.method == "GET":
        return simple_get(originaltext)
    elif request.method == "POST":
        form = ExpotextfileForm(request.POST)
        if not form.is_valid():
            message = f'Invalid form response for text file editing "{request.POST}"'
            print(message)
            return render(request, "errors/generic.html", {"message": message})
        else:
            editor = form.cleaned_data["who_are_you"]
            editor = git_string(editor)            
            # for i in request.POST:
                # print(":: ",i, " => ", request.POST[i])
            newtext = request.POST["text"]
        print("POST")
        if "Cancel" in request.POST:
            print("cancel")
            return simple_get(originaltext)
        if "Save" in request.POST:
            print("submitted for saving..")
            # should insert sanitization in here
            # but user cannot rename the file, and cannot create new files
            # and this is only used for .txt files
            if newtext != originaltext:  # Check if content has changed at all
                print("text changed.. saving and committing")
                try:
                     write_and_commit([(filepath, newtext, "utf-8")], f"Online edit of {path}", editor)
                except WriteAndCommitError as e:
                    return render(request, "errors/generic.html", {"message": e.message})
                print("re-reading from file..")   
                try:     
                    with open(filepath) as f:
                        rereadtext = f.read()
                except:
                    print("### File reading failure, but it exists.. ### ", filepath)
                    return render(request, "errors/generic.html", {"message": e.message})
                savepath = "/" + path
                print(f"redirect {savepath}")
                response = redirect(savepath) # Redirect after POST
                response.set_cookie('editor_id', editor, max_age=COOKIE_MAX_AGE) # cookie expires after COOKIE_MAX_AGE seconds
                return response  
            else:
                # no changes
                pass
        return simple_get(originaltext)
    else:
        # mistake not POST or GET
        message="Something went wrong"
        print(message)
        return simple_get(originaltext)
 class ExpoPageForm(forms.Form):
    """The form used by the editexpopage function"""
@@ -558,3 +654,14 @@ class ExpoPageForm(forms.Form):
        label = "Editor",
        )
 class ExpotextfileForm(forms.Form):  # not a model-form, just a form-form
    """Editing .txt files on /expoweb/ which is in a git repo"""
    text = forms.CharField(strip=True, required=False)
    identified_login = forms.BooleanField(required=False,widget=forms.CheckboxInput(attrs={"onclick":"return false"})) # makes it readonly
    who_are_you = forms.CharField(
        widget=forms.TextInput(
            attrs={"size":  100, "placeholder": "You are editing this page,  who are you ? e.g. 'Wookey' or 'Animal <mta@gasthof.expo>'", 
            "style": "vertical-align: text-top;"}
        )
    )    
--- a/core/views/uploads.py
+++ b/core/views/uploads.py
@@ -86,116 +86,8 @@ class FilesRenameForm(forms.Form):  # not a model-form, just a form-form
 class ExpofileRenameForm(forms.Form):  # not a model-form, just a form-form
    renameto = forms.CharField(strip=True, required=False)
 class ExpotextfileForm(forms.Form):  # not a model-form, just a form-form
    """Editing .txt files on /expoweb/ which is in a git repo"""
    text = forms.CharField(strip=True, required=False)
    identified_login = forms.BooleanField(required=False,widget=forms.CheckboxInput(attrs={"onclick":"return false"})) # makes it readonly
    who_are_you = forms.CharField(
        widget=forms.TextInput(
            attrs={"size":  100, "placeholder": "You are editing this page,  who are you ? e.g. 'Wookey' or 'Animal <mta@gasthof.expo>'", 
            "style": "vertical-align: text-top;"}
        )
    )    
@login_required_if_public
 def edittxtpage(request, path, filepath):
    """Editing a .txt file on expoweb/
    Yes this is a security hazard as arbitrary text can be uploaded and it is not enclosed in any HTML furniture.
    """
    def simple_get(viewtext):
        print(f"simple_get {editor=}")
        form = ExpotextfileForm(initial={"identified_login": identified_login, "who_are_you":editor})
        if identified_login:
            # disable editing the git id string as we get it from the logged-on user data
            form.fields["who_are_you"].widget.attrs["readonly"]="readonly"
        return render(
            request,
            "textfileform.html",
            {
                "form": form,
                "path": path,
                "message": message,
                "filepath": filepath,
                "text": viewtext,
            },
        )
    message=""
    if not filepath.is_file():
        message = f"File not found '{filepath}\n\nfailure detected in expowebpage() in views.expo.py"
        print(f"Not a file: {filepath}")
        return render(request, "errors/generic.html", {"message": message})
    try:     
        with open(filepath, "r") as f:
            originaltext = f.read()
    except IOError:
        message = f'Cannot open {filepath} for text file reading even though it is a file.'
        print(message)
        return render(request, "errors/generic.html", {"message": message})
    identified_login  = is_identified_user(request.user)
    editor = get_editor(request)   
    if request.method == "GET":
        return simple_get(originaltext)
    elif request.method == "POST":
        form = ExpotextfileForm(request.POST)
        if not form.is_valid():
            message = f'Invalid form response for text file editing "{request.POST}"'
            print(message)
            return render(request, "errors/generic.html", {"message": message})
        else:
            editor = form.cleaned_data["who_are_you"]
            editor = git_string(editor)            
            # for i in request.POST:
                # print(":: ",i, " => ", request.POST[i])
            newtext = request.POST["text"]
        print("POST")
        if "Cancel" in request.POST:
            print("cancel")
            return simple_get(originaltext)
        if "Save" in request.POST:
            print("submitted for saving..")
            # should insert sanitization in here
            # but user cannot rename the file, and cannot create new files
            # and this is only used for .txt files
            if newtext != originaltext:  # Check if content has changed at all
                print("text changed.. saving and committing")
                try:
                     write_and_commit([(filepath, newtext, "utf-8")], f"Online edit of {path}", editor)
                except WriteAndCommitError as e:
                    return render(request, "errors/generic.html", {"message": e.message})
                print("re-reading from file..")   
                try:     
                    with open(filepath) as f:
                        rereadtext = f.read()
                except:
                    print("### File reading failure, but it exists.. ### ", filepath)
                    return render(request, "errors/generic.html", {"message": e.message})
                savepath = "/" + path
                print(f"redirect {savepath}")
                response = redirect(savepath) # Redirect after POST
                response.set_cookie('editor_id', editor, max_age=COOKIE_MAX_AGE) # cookie expires after COOKIE_MAX_AGE seconds
                return response  
            else:
                # no changes
                pass
        return simple_get(originaltext)
    else:
        # mistake not POST or GET
        message="Something went wrong"
        print(message)
        return simple_get(originaltext)
@login_required_if_public
 def expofilerename(request, filepath):