csrf continued

core/views_survex.py

@@ -6,10 +6,12 @@ from pathlib import Path
 
 from django import forms
 from django.http import HttpResponseRedirect, HttpResponse
+from django.template import RequestContext
 from django.shortcuts import render_to_response, render
 #from django.core.context_processors import csrf
 from django.template.context_processors import csrf
 from django.http import HttpResponse, Http404
+from django.views.decorators.csrf import ensure_csrf_cookie
 
 from django.core.exceptions import ObjectDoesNotExist, MultipleObjectsReturned
 
@@ -104,7 +106,7 @@ class SvxForm(forms.Form):
     def GetDiscCode(self):
         fname = survexdatasetpath / (self.data['filename'] + ".svx")
         if not os.path.isfile(fname):
-            print(">>> >>> WARNING - svx file not found, showiung TEMPLATE SVX",fname, flush=True)
+            print(">>> >>> WARNING - svx file not found, showing TEMPLATE SVX",fname, flush=True)
             return survextemplatefile
         fin = open(fname, "rt",encoding='utf8',newline='')
         svxtext = fin.read() 
@@ -158,7 +160,12 @@ class SvxForm(forms.Form):
         return log
 
 
+@ensure_csrf_cookie
 def svx(request, survex_file):
+    '''Displays a singhle survex file in an textarea window (using a javascript online editor to enable 
+    editing) with buttons which allow SAVE, check for DIFFerences from saved, and RUN (which runs the
+    cavern executable and displays the output below the main textarea). Requires CSRF to be set upcorrect;ly, and requires permission to write to  the filesystem.
+    '''
     # get the basic data from the file given in the URL
     dirname = os.path.split(survex_file)[0]
     dirname += "/"
@@ -177,7 +184,7 @@ def svx(request, survex_file):
             rcode = rform.cleaned_data['code']
             outputtype = rform.cleaned_data['outputtype']
             difflist = form.DiffCode(rcode)
-            #print "ssss", rform.data
+            #print("ssss ", rform.data)
             
             if "revert" in rform.data:
                 pass
@@ -193,7 +200,7 @@ def svx(request, survex_file):
                 if request.user.is_authenticated():
                     message = form.SaveCode(rcode)
                 else:
-                    message = "You do not have authority to save this file"
+                    message = "You do not have authority to save this file. Please log in."
                 if message != "SAVED":
                     form.data['code'] = rcode
             if "diff" in rform.data:
@@ -219,11 +226,14 @@ def svx(request, survex_file):
             'logmessage':logmessage,
             'form':form}
     vmap.update(csrf(request))
+    
     if outputtype == "ajax":
-        return render_to_response('svxfiledifflistonly.html', vmap)
-    return render_to_response('svxfile.html', vmap)
+        return render(request, 'svxfiledifflistonly.html', vmap)
+        
+    return render(request, 'svxfile.html', vmap)
 
 def svxraw(request, survex_file):
+    '''Used for rendering .log files from survex outputtype'''
     svx = open(os.path.join(survexdatasetpath /  survex_file / ".svx"), "rt",encoding='utf8')
     return HttpResponse(svx, content_type="text")
 
@@ -260,6 +270,7 @@ def err(request, survex_file):
 
 def identifycavedircontents(gcavedir):
     # find the primary survex file in each cave directory
+    # this should be in a configuration, not buried in the code...
     name = os.path.split(gcavedir)[1]
     subdirs = [ ]
     subsvx = [ ]
@@ -363,7 +374,7 @@ def survexcaveslist(request):
             elif len(survdirobj) == 1:
                 onefilecaves.append(survdirobj[0])
     
-    return render_to_response('svxfilecavelist.html', {'settings': settings, "onefilecaves":onefilecaves, "multifilecaves":multifilecaves, "subdircaves":subdircaves })
+    return render(request, 'svxfilecavelist.html', {'settings': settings, "onefilecaves":onefilecaves, "multifilecaves":multifilecaves, "subdircaves":subdircaves })
 
 def survexcavesingle(request, survex_cave):
     '''parsing all the survex files of a single cave and showing that it's consistent and can find all 
@@ -371,10 +382,11 @@ def survexcavesingle(request, survex_cave):
     kataster numbers are not unique across areas. Fix this.
     '''
     sc = survex_cave
-
+    context = RequestContext(request)
+    context_dict = {}
     try:
         cave = Cave.objects.get(kataster_number=sc) # This may not be unique.
-        return render_to_response('svxcavesingle.html', {'settings': settings, "cave":cave })
+        return render(request, 'svxcavesingle.html', {'settings': settings, "cave":cave })
 
     except ObjectDoesNotExist:
         # can get here if the survex file is in a directory labelled with unofficial number not kataster number.
@@ -382,17 +394,17 @@ def survexcavesingle(request, survex_cave):
         for unoff in [sc, sc.replace('-','_'), sc.replace('_','-'), sc.replace('-',''), sc.replace('_','')]:
             try:
                 cave = Cave.objects.get(unofficial_number=unoff) # return on first one we find
-                return render_to_response('svxcavesingle.html', {'settings': settings, "cave":cave })
+                return render(request, 'svxcavesingle.html', {'settings': settings, "cave":cave })
             except ObjectDoesNotExist:
                 continue # next attempt in for loop
-        return render_to_response('svxcavesingle404.html', {'settings': settings, "cave":sc })
+        return render(request, 'svxcavesingle404.html', {'settings': settings, "cave":sc })
 
     except MultipleObjectsReturned:
         caves = Cave.objects.filter(kataster_number=survex_cave) 
-        return render_to_response('svxcaveseveral.html', {'settings': settings, "caves":caves })
+        return render(request, 'svxcaveseveral.html', {'settings': settings, "caves":caves })
 
     except:
-        return render_to_response('svxcavesingle404.html', {'settings': settings, "cave":sc })
+        return render(request, 'svxcavesingle404.html', {'settings': settings, "cave":sc })
 
  
 def check_cave_registered(area, survex_cave):