def submission_deletion(hashid, submissionid):
submission = Submission.query.get(submissionid)
form = Form.get_with_hashid(hashid)
# check that this request came from user dashboard to prevent XSS and CSRF
referrer = referrer_to_baseurl(request.referrer)
service = referrer_to_baseurl(settings.SERVICE_URL)
if referrer != service:
return render_template('error.html',
title='Improper Request',
text='The request you made is not valid.<br />Please visit your dashboard and try again.'), 400
if form.owner_id != current_user.id:
if form not in current_user.forms: #accounts for bug when form isn't assigned owner_id bc it was not created from dashboard
return render_template('error.html',
title='Wrong user',
text='You aren\'t the owner of that form.<br />Please log in as the form owner and try again.' + str(form.id)), 400
if not submission:
return render_template('error.html',
title='Not a valid submission',
text='That submission does not exist.<br />Please check the link and try again.'), 400
elif submission.form_id != form.id:
return render_template('error.html',
title='Not a valid submissions',
text='That submission does not match the form provided.<br />Please check the link and try again.'), 400
else:
DB.session.delete(submission)
form.counter -= 1
DB.session.add(form)
DB.session.commit()
flash(u'Submission successfully deleted', 'success')
return redirect(url_for('form-submissions', hashid=hashid))
def form_toggle(hashid):
form = Form.get_with_hashid(hashid)
# check that this request came from user dashboard to prevent XSS and CSRF
referrer = referrer_to_baseurl(request.referrer)
service = referrer_to_baseurl(settings.SERVICE_URL)
if referrer != service:
return render_template('error.html',
title='Improper Request',
text='The request you made is not valid.<br />Please visit your dashboard and try again.'), 400
if form.owner_id != current_user.id:
if form not in current_user.forms: #accounts for bug when form isn't assigned owner_id bc it was not created from dashboard
return render_template('error.html',
title='Wrong user',
text='You aren\'t the owner of that form.<br />Please log in as the form owner and try again.'), 400
if not form:
return render_template('error.html',
title='Not a valid form',
text='That form does not exist.<br />Please check the link and try again.'), 400
else:
form.disabled = not form.disabled
DB.session.add(form)
DB.session.commit()
if form.disabled:
flash('Form successfully disabled', 'success')
else:
flash('Form successfully enabled', 'success')
return redirect(url_for('dashboard'))
def submission_deletion(hashid, submissionid):
submission = Submission.query.get(submissionid)
form = Form.get_with_hashid(hashid)
# check that this request came from user dashboard to prevent XSS and CSRF
referrer = referrer_to_baseurl(request.referrer)
service = referrer_to_baseurl(settings.SERVICE_URL)
if referrer != service:
return render_template('error.html',
title='Improper Request',
text='The request you made is not valid.<br />Please visit your dashboard and try again.'), 400
if form.owner_id != current_user.id:
if form not in current_user.forms: #accounts for bug when form isn't assigned owner_id bc it was not created from dashboard
return render_template('error.html',
title='Wrong user',
text='You aren\'t the owner of that form.<br />Please log in as the form owner and try again.' + str(form.id)), 400
if not submission:
return render_template('error.html',
title='Not a valid submission',
text='That submission does not exist.<br />Please check the link and try again.'), 400
elif submission.form_id != form.id:
return render_template('error.html',
title='Not a valid submissions',
text='That submission does not match the form provided.<br />Please check the link and try again.'), 400
else:
DB.session.delete(submission)
form.counter -= 1
DB.session.add(form)
DB.session.commit()
flash('Submission successfully deleted', 'success')
return redirect(url_for('form-submissions', hashid=hashid))
def form_toggle(hashid):
form = Form.get_with_hashid(hashid)
# check that this request came from user dashboard to prevent XSS and CSRF
referrer = referrer_to_baseurl(request.referrer)
service = referrer_to_baseurl(settings.SERVICE_URL)
if referrer != service:
return render_template('error.html',
title='Improper Request',
text='The request you made is not valid.<br />Please visit your dashboard and try again.'), 400
if form.owner_id != current_user.id:
if form not in current_user.forms: #accounts for bug when form isn't assigned owner_id bc it was not created from dashboard
return render_template('error.html',
title='Wrong user',
text='You aren\'t the owner of that form.<br />Please log in as the form owner and try again.'), 400
if not form:
return render_template('error.html',
title='Not a valid form',
text='That form does not exist.<br />Please check the link and try again.'), 400
else:
form.disabled = not form.disabled
DB.session.add(form)
DB.session.commit()
if form.disabled:
flash(u'Form successfully disabled', 'success')
else:
flash(u'Form successfully enabled', 'success')
return redirect(url_for('dashboard'))
