xle/troggle-unchained
2
0
Fork 0
forked from expo/troggle
Code Issues 4 Pull Requests Projects 1 Wiki Activity

Use logon not cookie when editing pages

Browse Source
This commit is contained in:
Philip Sargent
2025-01-26 19:04:56 +00:00
parent 7fab42fa9e
commit ce508b0eb2
8 changed files with 67 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
core/models/troggle.py
View File

@@ -78,7 +78,12 @@ class Expedition(TroggleModel):
return reverse("expedition", args=[self.year])
class Person(TroggleModel):
"""single Person, can go on many years"""
"""single Person, can go on expo many years
Note that the class "User" and the class "Group
are standrd Django classes
definied in django.contrib.auth.models
"""
first_name = models.CharField(max_length=100)
last_name = models.CharField(max_length=100)
@@ -100,8 +105,7 @@ class Person(TroggleModel):
def get_absolute_url(self):
# we do not use URL_ROOT any more.
return reverse("person", kwargs={"slug": self.slug})
return reverse("person", kwargs={"first_name": self.first_name, "last_name": self.last_name})
class Meta:
verbose_name_plural = "People"
ordering = ("orderref",) # "Wookey" makes too complex for: ('last_name', 'first_name')

19
core/utils.py
View File

@@ -157,6 +157,25 @@ def current_expo():
else:
return settings.EPOCH.year # this is 1970
def is_identified_user(user):
if user.is_anonymous:
return False
if user.username in ["expo", "expoadmin"]:
return False
return True
def get_git_string(user):
if not is_identified_user(user):
return None
else:
people = Person.objects.filter(user=user)
if len(people) != 1:
# someone like "fluffy-bunny" not associated with a Person
return None
person = people[0]
return f"{person.fullname} <{user.email}>"
def parse_aliases(aliasfile):
"""Reads a long text string containing pairs of strings:
(alias, target)

20
core/views/expo.py
View File

@@ -19,7 +19,9 @@ from troggle.core.utils import (
current_expo,
get_cookie,
git_string,
get_git_string,
write_and_commit,
is_identified_user
)
from troggle.core.views.editor_helpers import HTMLarea
from troggle.core.views.uploads import edittxtpage
@@ -455,15 +457,17 @@ def editexpopage(request, path):
print("### File not found ### ", filepath)
filefound = False
editor = get_cookie(request)
current_user = request.user
if identified_login := is_identified_user(current_user):
editor = get_git_string(current_user)
else:
editor = get_cookie(request)
if request.method == "POST": # If the form has been submitted...
pageform = ExpoPageForm(request.POST) # A form bound to the POST data
if pageform.is_valid(): # Form valid therefore write file
editor = pageform.cleaned_data["who_are_you"]
editor = git_string(editor)
# print("### \n", str(pageform)[0:300])
# print("### \n csrfmiddlewaretoken: ",request.POST['csrfmiddlewaretoken'])
if filefound:
headmatch = re.match(r"(.*)<title>.*</title>(.*)", head, re.DOTALL + re.IGNORECASE)
if headmatch:
@@ -490,7 +494,7 @@ def editexpopage(request, path):
if not filefound or result != html: # Check if content changed at all
edit_response = HttpResponseRedirect(reverse("expopage", args=[path])) # Redirect after POST
edit_response.set_cookie('editor_id', editor, max_age=COOKIE_MAX_AGE) # cookie expires after COOKIE_MAX_AGE seconds
print(f"Cookie set: {editor} for {COOKIE_MAX_AGE/3600} hours")
print(f"Cookie set: {editor} for {COOKIE_MAX_AGE/(24*3600)} days")
try:
change_message = pageform.cleaned_data["change_message"]
editor = pageform.cleaned_data["who_are_you"]
@@ -507,9 +511,9 @@ def editexpopage(request, path):
(title,) = m.groups()
else:
title = ""
pageform = ExpoPageForm(initial={"who_are_you":editor, "html": body, "title": title})
pageform = ExpoPageForm(initial={"identified_login": identified_login, "who_are_you":editor, "html": body, "title": title})
else:
pageform = ExpoPageForm(initial={"who_are_you":editor})
pageform = ExpoPageForm(initial={"identified_login": identified_login, "who_are_you":editor})
return render(
@@ -540,6 +544,8 @@ class ExpoPageForm(forms.Form):
"style": "vertical-align: text-top;"}
)
)
identified_login = forms.BooleanField(widget=forms.CheckboxInput(attrs={"onclick":"return false"})) # make it readonly
who_are_you = forms.CharField(
widget=forms.Textarea(
attrs={"cols": 90, "rows": 1, "placeholder": "You have edited this page, who are you ? e.g. 'Animal <mta@gasthof.expo>'",

2
core/views/other.py
View File

@@ -163,7 +163,7 @@ def controlpanel(request):
return render(
request,
"controlPanel.html",
{"error": ' - Needs "expoadmin" logon. \nLogout and login again.',
{"error": ' - Needs "expoadmin" or superuser logon. \nLogout and login again.',
"year": current_expo()}
)

45
core/views/signup.py
View File

@@ -8,20 +8,18 @@ from django.shortcuts import redirect, render
from django.urls import reverse
import troggle.settings as settings
from troggle.core.utils import (
COOKIE_MAX_AGE,
WriteAndCommitError,
current_expo,
get_cookie,
git_string,
write_and_commit,
)
from troggle.core.models.troggle import DataIssue, Person
from troggle.core.views.editor_helpers import HTMLarea
from troggle.core.utils import (
COOKIE_MAX_AGE,
WriteAndCommitError,
add_commit,
current_expo,
get_cookie,
get_git_string,
git_string,
is_identified_user,
write_and_commit,
current_expo
)
from troggle.parsers.users import get_encryptor, ENCRYPTED_DIR, how_many_previous_expos
@@ -51,27 +49,17 @@ def signupok(request):
{"year": SIGNUP_YEAR, "dates": SIGNUP_DATES, "signup_user": signup_user, "signedup_people": signedup_people},
)
def signup(request):
"""Display and processes the applicant signup form for the forthcoming expo
The user must be logged-on as a personal login and that is
who is being sighned up. You can't signup someone else.
who is being signed up. You can't signup someone else.
"""
signup_user = request.user
if signup_user.is_anonymous:
personal_login = False
elif signup_user.username in ["expo", "expoadmin"]:
personal_login = False
else:
personal_login = True
if personal_login:
people = Person.objects.filter(user=signup_user)
if len(people) != 1:
# someone like "fluffy-bunny" not associated with a Person
return HttpResponseRedirect("/accounts/login/?next=/signup")
signup_person = people[0]
editor = f"{signup_person.fullname} <{signup_user.email}>"
identified_login = is_identified_user(signup_user)
if identified_login:
editor = get_git_string(signup_user)
else:
editor = f"troggle <signup_anon@austria.expo>"
@@ -89,7 +77,7 @@ def signup(request):
print(f" # Signup form INVALID\n{pageform.errors} ")
return render(
request, "login/signup.html",
{"form": pageform, "personal_login": personal_login,
{"form": pageform, "identified_login": identified_login,
"year": SIGNUP_YEAR, "dates": SIGNUP_DATES,
}
)
@@ -107,16 +95,15 @@ def signup(request):
"top_tent_cap": 2,
"base_tent_cap": 3,
}
if personal_login:
if identified_login:
initial_context["name"] = signup_person.fullname
initial_context["email"] = signup_user.email
initial_context["experience"] = experience
pageform = ExpoSignupForm(initial=initial_context)
return render(
request, "login/signup.html",
{"form": pageform, "personal_login": personal_login,
{"form": pageform, "identified_login": identified_login,
"year": SIGNUP_YEAR, "dates": SIGNUP_DATES,
},
)