expo/troggle
2
0
Fork 1
mirror of https://expo.survex.com/repositories/troggle/.git synced 2024-11-25 08:41:51 +00:00
Code Issues 19 Projects 3 Activity

re-ordering middleware and logon system

Browse Source
This commit is contained in:
Philip Sargent 2021-03-27 18:22:07 +00:00
parent e7947069a2
commit ffaaea497c
9 changed files with 65 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/views_other.py
View File

@ -35,6 +35,10 @@ def showrequest(request):
return HttpResponse(request.GET) return HttpResponse(request.GET)
def frontpage(request): def frontpage(request):
'''never seen in practice'''
# bthe messages system does a popup on this page if there is a recent message, e.g. from the admin site actions.
# via django.contrib.messages.middleware.MessageMiddleware
# this is set in the templates.
if request.user.is_authenticated(): if request.user.is_authenticated():
return render(request,'tasks.html') return render(request,'tasks.html')

8
core/views_survex.py
View File

@ -146,7 +146,7 @@ class SvxForm(forms.Form):
return "SAVED ." return "SAVED ."
def Process(self): def Process(self):
print("....\n\n\n....Processing\n\n\n") print(">>>>....\n\n\n....Processing\n\n\n")
froox = os.fspath(survexdatasetpath / (self.data['filename'] + ".svx")) froox = os.fspath(survexdatasetpath / (self.data['filename'] + ".svx"))
froog = os.fspath(survexdatasetpath / (self.data['filename'] + ".log")) froog = os.fspath(survexdatasetpath / (self.data['filename'] + ".log"))
cwd = os.getcwd() cwd = os.getcwd()
@ -184,7 +184,7 @@ def svx(request, survex_file):
rcode = rform.cleaned_data['code'] rcode = rform.cleaned_data['code']
outputtype = rform.cleaned_data['outputtype'] outputtype = rform.cleaned_data['outputtype']
difflist = form.DiffCode(rcode) difflist = form.DiffCode(rcode)
#print("ssss ", rform.data) #print(">>>> ", rform.data)
if "revert" in rform.data: if "revert" in rform.data:
pass pass
@ -225,7 +225,7 @@ def svx(request, survex_file):
'difflist': difflist, 'difflist': difflist,
'logmessage':logmessage, 'logmessage':logmessage,
'form':form} 'form':form}
vmap.update(csrf(request)) # vmap.update(csrf(request)) # this now refreshes to the wrong value, now that we user render(request,
if outputtype == "ajax": if outputtype == "ajax":
return render(request, 'svxfiledifflistonly.html', vmap) return render(request, 'svxfiledifflistonly.html', vmap)
@ -331,7 +331,7 @@ def survexcaveslist(request):
arealist = sorted([ (area, -int(re.match(r"\d*", f).group(0) or "0"), f) for f in os.listdir(cavesdir) ]) arealist = sorted([ (area, -int(re.match(r"\d*", f).group(0) or "0"), f) for f in os.listdir(cavesdir) ])
fnumlist += arealist fnumlist += arealist
print(fnumlist) #print(fnumlist)
# go through the list and identify the contents of each cave directory # go through the list and identify the contents of each cave directory
for area, num, cavedir in fnumlist: for area, num, cavedir in fnumlist:

14
settings.py
View File

@ -126,16 +126,18 @@ INSTALLED_APPS = (
'troggle.flatpages', # Written by Martin Green 2011. This is NOT django.contrib.flatpages which stores HTML in the database 'troggle.flatpages', # Written by Martin Green 2011. This is NOT django.contrib.flatpages which stores HTML in the database
) )
# See the recommended order of these in https://docs.djangoproject.com/en/2.2/ref/middleware/
MIDDLEWARE_CLASSES = ( MIDDLEWARE_CLASSES = (
'django.middleware.csrf.CsrfViewMiddleware', # Cross Site Request Forgeries by adding hidden form fields to POST #'django.middleware.security.SecurityMiddleware', # SECURE_SSL_REDIRECT and SECURE_SSL_HOST # we don't use this
'django.middleware.security.SecurityMiddleware', # SECURE_SSL_REDIRECT and SECURE_SSL_HOST 'django.middleware.gzip.GZipMiddleware', # not needed as expofiles and photos served by apache
'django.contrib.sessions.middleware.SessionMiddleware', # Manages sessions across requests 'django.contrib.sessions.middleware.SessionMiddleware', # Manages sessions, if CSRF_USE_SESSIONS then it needs to be early
'django.middleware.common.CommonMiddleware', # DISALLOWED_USER_AGENTS, APPEND_SLASH and PREPEND_WWW 'django.middleware.common.CommonMiddleware', # DISALLOWED_USER_AGENTS, APPEND_SLASH and PREPEND_WWW
'django.middleware.csrf.CsrfViewMiddleware', # Cross Site Request Forgeries by adding hidden form fields to POST
'django.contrib.auth.middleware.AuthenticationMiddleware', # Adds the user attribute, representing the currently-logged-in user 'django.contrib.auth.middleware.AuthenticationMiddleware', # Adds the user attribute, representing the currently-logged-in user
'django.contrib.admindocs.middleware.XViewMiddleware', 'django.contrib.admindocs.middleware.XViewMiddleware', # this and docutils needed by admindocs
'django.contrib.messages.middleware.MessageMiddleware', # Cookie-based and session-based message support 'django.contrib.messages.middleware.MessageMiddleware', # Cookie-based and session-based message support. Needed by admin system
'django.middleware.clickjacking.XFrameOptionsMiddleware', # clickjacking protection via the X-Frame-Options header 'django.middleware.clickjacking.XFrameOptionsMiddleware', # clickjacking protection via the X-Frame-Options header
'troggle.middleware.SmartAppendSlashMiddleware' # Outdated & unneeded? 'troggle.middleware.SmartAppendSlashMiddleware' #
) )
ROOT_URLCONF = 'troggle.urls' ROOT_URLCONF = 'troggle.urls'

2
templates/base.html
View File

@ -23,7 +23,7 @@
You are logged in as {{ user.username }} You are logged in as {{ user.username }}
{% if user.person %}(<a href="{{ user.person.get_absolute_url }}">{{ user.person }}</a>) {% if user.person %}(<a href="{{ user.person.get_absolute_url }}">{{ user.person }}</a>)
{% endif %}. {% endif %}.
| <a href="{% url "auth_logout" %}">Log out</a> {% else %} <a href='{% url "registration_register" %}'>Sign up</a> | <a href='{% url "auth_login" %}'>Log in</a> {% endif %} | <a href="{% url "auth_logout" %}">Log out</a> {% else %} <a href='/accounts/logout'>Sign up</a> | <a href='{% url "auth_login" %}'>Log in</a> {% endif %}
{% endblock%} {% endblock%}
{% block editLink %} {% block editLink %}

4
templates/frontpage.html
View File

@ -4,7 +4,7 @@
{% block title %}Cambridge Expeditions to Austria{% endblock %} {% block title %}Cambridge Expeditions to Austria{% endblock %}
{% block related %} {% block related %}
<h2>Recent Actions</h2> <h2>Recent Actions - admin user</h5>
{% load log %} {% load log %}
{% get_admin_log 10 as admin_log for_user 1 %} {% get_admin_log 10 as admin_log for_user 1 %}
{% if not admin_log %} {% if not admin_log %}
@ -16,7 +16,7 @@
{% if entry.is_deletion %} {% if entry.is_deletion %}
{{ entry.object_repr }} {{ entry.object_repr }}
{% else %} {% else %}
<a href="admin/{{ entry.get_admin_url }}/">{{ entry.object_repr }}</a> <a href="{{ entry.get_admin_url }}/">{{ entry.object_repr }}</a>
{% endif %} {% endif %}
<br/> <br/>
{% if entry.content_type %} {% if entry.content_type %}

5
templates/pagenotfound.html
View File

@ -2,6 +2,9 @@
{% block title %}Page not found {{ path }}{% endblock %} {% block title %}Page not found {{ path }}{% endblock %}
{% block body %} {% block body %}
<h1>Page not found {{ path }}</h1> <h1>Page not found {{ path }}</h1>
<a href="{%url "editflatpage" path %}">Create this page.</a> <p>Probably a mistake. But you can use <a href="{%url "editflatpage" path %}">this link</a>
<p>
or 'Edit this page' in the menu on the left to create this page if you aare logged in.
<p>If you can't see that option in the menu, then you are not logged in and you can't create anything.
{% include "menu.html" %} {% include "menu.html" %}
{% endblock %} {% endblock %}

7
templates/registration/login.html
View File

@ -7,14 +7,21 @@
<p>Your username and password didn't match. Please try again.</p> <p>Your username and password didn't match. Please try again.</p>
{% endif %} {% endif %}
<div align="center">
<pre>This uses the registration/login.html template</pre>
<form method="post" action=".">{% csrf_token %} <form method="post" action=".">{% csrf_token %}
<table> <table>
<tr><td>{{ form.username.label_tag }}</td><td>{{ form.username }}</td></tr> <tr><td>{{ form.username.label_tag }}</td><td>{{ form.username }}</td></tr>
<tr><td>{{ form.password.label_tag }}</td><td>{{ form.password }}</td></tr> <tr><td>{{ form.password.label_tag }}</td><td>{{ form.password }}</td></tr>
</table> </table>
<input type="submit" value="login" /> <input type="submit" value="login" />
<input type="hidden" name="next" value="{{ next }}" /> <input type="hidden" name="next" value="{{ next }}" />
</form> </form>
</div>
{% endblock %} {% endblock %}

27
templates/tasks.html
View File

@ -4,6 +4,33 @@
{% block title %}Cambridge Expeditions to Austria{% endblock %} {% block title %}Cambridge Expeditions to Austria{% endblock %}
{% block related %}
<h2>Recent Actions - admin user</h5>
{% load log %}
{% get_admin_log 10 as admin_log for_user 1 %}
{% if not admin_log %}
<p>No recent actions</p>
{% else %}
<ul class="actionlist">
{% for entry in admin_log %}
<li class="{% if entry.is_addition %}addlink{% endif %}{% if entry.is_change %}changelink{% endif %}{% if entry.is_deletion %}deletelink{% endif %}">
{% if entry.is_deletion %}
{{ entry.object_repr }}
{% else %}
<a href="{{ entry.get_admin_url }}/">{{ entry.object_repr }}</a>
{% endif %}
<br/>
{% if entry.content_type %}
<span class="mini quiet">{% filter capfirst %}{{entry.content_type.name}}{% endfilter %}</span>
{% else %}
<span class="mini quiet">Unknown content</span>
{% endif %}
</li>
{% endfor %}
</ul>
{% endif %}
{% endblock %}
{% block content %} {% block content %}
<h2>This is not fully working currently</h2> <h2>This is not fully working currently</h2>
<h2>The code behind this page is under repair</h2> <h2>The code behind this page is under repair</h2>

9
urls.py
View File

@ -44,14 +44,19 @@ else:
actualurlpatterns = [ actualurlpatterns = [
url(r'^expofiles/', include(expofilesurls)), url(r'^expofiles/', include(expofilesurls)),
url(r'^troggle$', views_other.frontpage, name="frontpage"), url(r'^troggle$', views_other.frontpage, name="frontpage"), # control panel. Shows recent actions.
url(r'^caves$', views_caves.caveindex, name="caveindex"), url(r'^caves$', views_caves.caveindex, name="caveindex"),
url(r'^indxal.htm$', views_caves.caveindex, name="caveindex"), # ~420 hrefs to this url in expoweb files url(r'^indxal.htm$', views_caves.caveindex, name="caveindex"), # ~420 hrefs to this url in expoweb files
url(r'^people/?$', views_logbooks.personindex, name="personindex"), url(r'^people/?$', views_logbooks.personindex, name="personindex"),
url(r'^admin/doc/', include('django.contrib.admindocs.urls')), # needs docutils Python module (http://docutils.sf.net/). url(r'^admin/doc/', include('django.contrib.admindocs.urls')), # needs docutils Python module (http://docutils.sf.net/).
url(r'^admin/', admin.site.urls), url(r'^admin/', admin.site.urls),
url(r'^accounts/', include('registration.backends.default.urls')), #LOGIN_URL = '/accounts/login/' # default
# setting LOGIN_URL = '/accounts/login/' is default
#url(r'^accounts/', include('registration.backends.default.urls')), # deprecated, replace with .model_activation.urls
url(r'^accounts/', include('registration.backends.model_activation.urls')), # deprecated in Dj3.0, but must not be commented out.
url(r'^accounts/', include('django.contrib.auth.urls')), # from Dj3.0, see site-packages\registration\auth_urls_classes.py
url(r'^newqmnumber/?$', views_other.ajax_QM_number, ), url(r'^newqmnumber/?$', views_other.ajax_QM_number, ),
# url(r'^lbo_suggestions/?$', logbook_entry_suggestions), #broken, removed. # url(r'^lbo_suggestions/?$', logbook_entry_suggestions), #broken, removed.