xle/troggle-unchained
2
0
Fork 0
forked from expo/troggle
Code Issues 4 Pull Requests Projects 1 Wiki Activity

csrf continued

Browse Source
This commit is contained in:
Philip Sargent 2021-03-26 19:42:58 +00:00
parent 1c7e99e91b
commit ec83c1ff12
1 changed files with 24 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
core/views_survex.py
View File

@ -6,10 +6,12 @@ from pathlib import Path
from django import forms from django import forms
from django.http import HttpResponseRedirect, HttpResponse from django.http import HttpResponseRedirect, HttpResponse
from django.template import RequestContext
from django.shortcuts import render_to_response, render from django.shortcuts import render_to_response, render
#from django.core.context_processors import csrf #from django.core.context_processors import csrf
from django.template.context_processors import csrf from django.template.context_processors import csrf
from django.http import HttpResponse, Http404 from django.http import HttpResponse, Http404
from django.views.decorators.csrf import ensure_csrf_cookie
from django.core.exceptions import ObjectDoesNotExist, MultipleObjectsReturned from django.core.exceptions import ObjectDoesNotExist, MultipleObjectsReturned
@ -104,7 +106,7 @@ class SvxForm(forms.Form):
def GetDiscCode(self): def GetDiscCode(self):
fname = survexdatasetpath / (self.data['filename'] + ".svx") fname = survexdatasetpath / (self.data['filename'] + ".svx")
if not os.path.isfile(fname): if not os.path.isfile(fname):
print(">>> >>> WARNING - svx file not found, showiung TEMPLATE SVX",fname, flush=True) print(">>> >>> WARNING - svx file not found, showing TEMPLATE SVX",fname, flush=True)
return survextemplatefile return survextemplatefile
fin = open(fname, "rt",encoding='utf8',newline='') fin = open(fname, "rt",encoding='utf8',newline='')
svxtext = fin.read() svxtext = fin.read()
@ -158,7 +160,12 @@ class SvxForm(forms.Form):
return log return log
@ensure_csrf_cookie
def svx(request, survex_file): def svx(request, survex_file):
'''Displays a singhle survex file in an textarea window (using a javascript online editor to enable
editing) with buttons which allow SAVE, check for DIFFerences from saved, and RUN (which runs the
cavern executable and displays the output below the main textarea). Requires CSRF to be set upcorrect;ly, and requires permission to write to the filesystem.
'''
# get the basic data from the file given in the URL # get the basic data from the file given in the URL
dirname = os.path.split(survex_file)[0] dirname = os.path.split(survex_file)[0]
dirname += "/" dirname += "/"
@ -177,7 +184,7 @@ def svx(request, survex_file):
rcode = rform.cleaned_data['code'] rcode = rform.cleaned_data['code']
outputtype = rform.cleaned_data['outputtype'] outputtype = rform.cleaned_data['outputtype']
difflist = form.DiffCode(rcode) difflist = form.DiffCode(rcode)
#print "ssss", rform.data #print("ssss ", rform.data)
if "revert" in rform.data: if "revert" in rform.data:
pass pass
@ -193,7 +200,7 @@ def svx(request, survex_file):
if request.user.is_authenticated(): if request.user.is_authenticated():
message = form.SaveCode(rcode) message = form.SaveCode(rcode)
else: else:
message = "You do not have authority to save this file" message = "You do not have authority to save this file. Please log in."
if message != "SAVED": if message != "SAVED":
form.data['code'] = rcode form.data['code'] = rcode
if "diff" in rform.data: if "diff" in rform.data:
@ -219,11 +226,14 @@ def svx(request, survex_file):
'logmessage':logmessage, 'logmessage':logmessage,
'form':form} 'form':form}
vmap.update(csrf(request)) vmap.update(csrf(request))
if outputtype == "ajax": if outputtype == "ajax":
return render_to_response('svxfiledifflistonly.html', vmap) return render(request, 'svxfiledifflistonly.html', vmap)
return render_to_response('svxfile.html', vmap)
return render(request, 'svxfile.html', vmap)
def svxraw(request, survex_file): def svxraw(request, survex_file):
'''Used for rendering .log files from survex outputtype'''
svx = open(os.path.join(survexdatasetpath / survex_file / ".svx"), "rt",encoding='utf8') svx = open(os.path.join(survexdatasetpath / survex_file / ".svx"), "rt",encoding='utf8')
return HttpResponse(svx, content_type="text") return HttpResponse(svx, content_type="text")
@ -260,6 +270,7 @@ def err(request, survex_file):
def identifycavedircontents(gcavedir): def identifycavedircontents(gcavedir):
# find the primary survex file in each cave directory # find the primary survex file in each cave directory
# this should be in a configuration, not buried in the code...
name = os.path.split(gcavedir)[1] name = os.path.split(gcavedir)[1]
subdirs = [ ] subdirs = [ ]
subsvx = [ ] subsvx = [ ]
@ -363,7 +374,7 @@ def survexcaveslist(request):
elif len(survdirobj) == 1: elif len(survdirobj) == 1:
onefilecaves.append(survdirobj[0]) onefilecaves.append(survdirobj[0])
return render_to_response('svxfilecavelist.html', {'settings': settings, "onefilecaves":onefilecaves, "multifilecaves":multifilecaves, "subdircaves":subdircaves }) return render(request, 'svxfilecavelist.html', {'settings': settings, "onefilecaves":onefilecaves, "multifilecaves":multifilecaves, "subdircaves":subdircaves })
def survexcavesingle(request, survex_cave): def survexcavesingle(request, survex_cave):
'''parsing all the survex files of a single cave and showing that it's consistent and can find all '''parsing all the survex files of a single cave and showing that it's consistent and can find all
@ -371,10 +382,11 @@ def survexcavesingle(request, survex_cave):
kataster numbers are not unique across areas. Fix this. kataster numbers are not unique across areas. Fix this.
''' '''
sc = survex_cave sc = survex_cave
context = RequestContext(request)
context_dict = {}
try: try:
cave = Cave.objects.get(kataster_number=sc) # This may not be unique. cave = Cave.objects.get(kataster_number=sc) # This may not be unique.
return render_to_response('svxcavesingle.html', {'settings': settings, "cave":cave }) return render(request, 'svxcavesingle.html', {'settings': settings, "cave":cave })
except ObjectDoesNotExist: except ObjectDoesNotExist:
# can get here if the survex file is in a directory labelled with unofficial number not kataster number. # can get here if the survex file is in a directory labelled with unofficial number not kataster number.
@ -382,17 +394,17 @@ def survexcavesingle(request, survex_cave):
for unoff in [sc, sc.replace('-','_'), sc.replace('_','-'), sc.replace('-',''), sc.replace('_','')]: for unoff in [sc, sc.replace('-','_'), sc.replace('_','-'), sc.replace('-',''), sc.replace('_','')]:
try: try:
cave = Cave.objects.get(unofficial_number=unoff) # return on first one we find cave = Cave.objects.get(unofficial_number=unoff) # return on first one we find
return render_to_response('svxcavesingle.html', {'settings': settings, "cave":cave }) return render(request, 'svxcavesingle.html', {'settings': settings, "cave":cave })
except ObjectDoesNotExist: except ObjectDoesNotExist:
continue # next attempt in for loop continue # next attempt in for loop
return render_to_response('svxcavesingle404.html', {'settings': settings, "cave":sc }) return render(request, 'svxcavesingle404.html', {'settings': settings, "cave":sc })
except MultipleObjectsReturned: except MultipleObjectsReturned:
caves = Cave.objects.filter(kataster_number=survex_cave) caves = Cave.objects.filter(kataster_number=survex_cave)
return render_to_response('svxcaveseveral.html', {'settings': settings, "caves":caves }) return render(request, 'svxcaveseveral.html', {'settings': settings, "caves":caves })
except: except:
return render_to_response('svxcavesingle404.html', {'settings': settings, "cave":sc }) return render(request, 'svxcavesingle404.html', {'settings': settings, "cave":sc })
def check_cave_registered(area, survex_cave): def check_cave_registered(area, survex_cave):