Beispiel #1
0
def submission_deletion(hashid, submissionid):
    submission = Submission.query.get(submissionid)
    form = Form.get_with_hashid(hashid)

    # check that this request came from user dashboard to prevent XSS and CSRF
    referrer = referrer_to_baseurl(request.referrer)
    service = referrer_to_baseurl(settings.SERVICE_URL)
    if referrer != service:
        return render_template('error.html',
                               title='Improper Request',
                               text='The request you made is not valid.<br />Please visit your dashboard and try again.'), 400

    if form.owner_id != current_user.id:
        if form not in current_user.forms: #accounts for bug when form isn't assigned owner_id bc it was not created from dashboard
            return render_template('error.html',
                                  title='Wrong user',
                                  text='You aren\'t the owner of that form.<br />Please log in as the form owner and try again.' + str(form.id)), 400
    if not submission:
        return render_template('error.html',
                              title='Not a valid submission',
                              text='That submission does not exist.<br />Please check the link and try again.'), 400
    elif submission.form_id != form.id:
        return render_template('error.html',
                              title='Not a valid submissions',
                              text='That submission does not match the form provided.<br />Please check the link and try again.'), 400
    else:
        DB.session.delete(submission)
        form.counter -= 1
        DB.session.add(form)
        DB.session.commit()
        flash(u'Submission successfully deleted', 'success')
        return redirect(url_for('form-submissions', hashid=hashid))
Beispiel #2
0
def form_toggle(hashid):
    form = Form.get_with_hashid(hashid)

    # check that this request came from user dashboard to prevent XSS and CSRF
    referrer = referrer_to_baseurl(request.referrer)
    service = referrer_to_baseurl(settings.SERVICE_URL)
    if referrer != service:
        return render_template('error.html',
                               title='Improper Request',
                               text='The request you made is not valid.<br />Please visit your dashboard and try again.'), 400

    if form.owner_id != current_user.id:
        if form not in current_user.forms: #accounts for bug when form isn't assigned owner_id bc it was not created from dashboard
            return render_template('error.html',
                                  title='Wrong user',
                                  text='You aren\'t the owner of that form.<br />Please log in as the form owner and try again.'), 400
    if not form:
            return render_template('error.html',
                                   title='Not a valid form',
                                   text='That form does not exist.<br />Please check the link and try again.'), 400
    else:
        form.disabled = not form.disabled
        DB.session.add(form)
        DB.session.commit()
        if form.disabled:
            flash('Form successfully disabled', 'success')
        else:
            flash('Form successfully enabled', 'success')
        return redirect(url_for('dashboard'))
Beispiel #3
0
def submission_deletion(hashid, submissionid):
    submission = Submission.query.get(submissionid)
    form = Form.get_with_hashid(hashid)

    # check that this request came from user dashboard to prevent XSS and CSRF
    referrer = referrer_to_baseurl(request.referrer)
    service = referrer_to_baseurl(settings.SERVICE_URL)
    if referrer != service:
        return render_template('error.html',
                               title='Improper Request',
                               text='The request you made is not valid.<br />Please visit your dashboard and try again.'), 400

    if form.owner_id != current_user.id:
        if form not in current_user.forms: #accounts for bug when form isn't assigned owner_id bc it was not created from dashboard
            return render_template('error.html',
                                  title='Wrong user',
                                  text='You aren\'t the owner of that form.<br />Please log in as the form owner and try again.' + str(form.id)), 400
    if not submission:
        return render_template('error.html',
                              title='Not a valid submission',
                              text='That submission does not exist.<br />Please check the link and try again.'), 400
    elif submission.form_id != form.id:
        return render_template('error.html',
                              title='Not a valid submissions',
                              text='That submission does not match the form provided.<br />Please check the link and try again.'), 400
    else:
        DB.session.delete(submission)
        form.counter -= 1
        DB.session.add(form)
        DB.session.commit()
        flash('Submission successfully deleted', 'success')
        return redirect(url_for('form-submissions', hashid=hashid))
Beispiel #4
0
def form_toggle(hashid):
    form = Form.get_with_hashid(hashid)

    # check that this request came from user dashboard to prevent XSS and CSRF
    referrer = referrer_to_baseurl(request.referrer)
    service = referrer_to_baseurl(settings.SERVICE_URL)
    if referrer != service:
        return render_template('error.html',
                               title='Improper Request',
                               text='The request you made is not valid.<br />Please visit your dashboard and try again.'), 400

    if form.owner_id != current_user.id:
        if form not in current_user.forms: #accounts for bug when form isn't assigned owner_id bc it was not created from dashboard
            return render_template('error.html',
                                  title='Wrong user',
                                  text='You aren\'t the owner of that form.<br />Please log in as the form owner and try again.'), 400
    if not form:
            return render_template('error.html',
                                   title='Not a valid form',
                                   text='That form does not exist.<br />Please check the link and try again.'), 400
    else:
        form.disabled = not form.disabled
        DB.session.add(form)
        DB.session.commit()
        if form.disabled:
            flash(u'Form successfully disabled', 'success')
        else:
            flash(u'Form successfully enabled', 'success')
        return redirect(url_for('dashboard'))