def variable_fav_save(request, variable_fav_id=0):
data = json.loads(request.body)
result = {}
name = data['name']
whitelist = re.compile(WHITELIST_RE, re.UNICODE)
match = whitelist.search(unicode(name))
if match:
# XSS risk, log and fail this cohort save
match = whitelist.findall(unicode(name))
logger.error(
'[ERROR] While saving a variable list, saw a malformed name: ' + name + ', characters: ' + match.__str__())
messages.error(request, "Your variable list's name contains invalid characters; please choose another name.")
result['error'] = "Your variable list's name contains invalid characters; please choose another name."
return HttpResponse(json.dumps(result), status=200)
if variable_fav_id:
try:
variable_model = VariableFavorite.objects.get(id=variable_fav_id)
if variable_model.user == request.user :
variable_model.update(name = data['name'], variables = data['variables'])
result['model'] = { 'id' : variable_model.id, 'name' : variable_model.name }
else :
result['error'] = 'You do not have permission to update this gene favorite list'
messages.error(request, 'You do not have permission to update this gene favorite list')
except ObjectDoesNotExist:
messages.error(request, 'The gene list you want does not exist.')
result['error'] = 'You do not have permission to update this gene favorite list'
else :
variable_model = VariableFavorite.create(name = data['name'],
variables = data['variables'],
user = request.user)
result['model'] = { 'id' : variable_model['id'], 'name' : variable_model['name'] }
return HttpResponse(json.dumps(result), status=200)
def variable_fav_save(request, variable_fav_id=0):
data = json.loads(request.body)
result = {}
name = data['name']
whitelist = re.compile(WHITELIST_RE, re.UNICODE)
match = whitelist.search(unicode(name))
if match:
# XSS risk, log and fail this cohort save
match = whitelist.findall(unicode(name))
logger.error(
'[ERROR] While saving a variable list, saw a malformed name: ' + name + ', characters: ' + match.__str__())
messages.error(request, "Your variable list's name contains invalid characters; please choose another name.")
result['error'] = "Your variable list's name contains invalid characters; please choose another name."
return HttpResponse(json.dumps(result), status=200)
if variable_fav_id:
try:
variable_model = VariableFavorite.objects.get(id=variable_fav_id)
if variable_model.user == request.user :
variable_model.update(name = data['name'], variables = data['variables'])
result['model'] = { 'id' : variable_model.id, 'name' : variable_model.name }
else :
result['error'] = 'You do not have permission to update this gene favorite list'
messages.error(request, 'You do not have permission to update this gene favorite list')
except ObjectDoesNotExist:
messages.error(request, 'The gene list you want does not exist.')
result['error'] = 'You do not have permission to update this gene favorite list'
else:
variable_model = VariableFavorite.create(name = data['name'],
variables = data['variables'],
user = request.user)
result['model'] = { 'id' : variable_model['id'], 'name' : variable_model['name'] }
return HttpResponse(json.dumps(result), status=200)
def variable_fav_save(request, variable_fav_id=0):
data = json.loads(request.body)
result = {}
if variable_fav_id :
try:
variable_model = VariableFavorite.objects.get(id=variable_fav_id)
if variable_model.user == request.user :
variable_model.update(name = data['name'], variables = data['variables'])
result['model'] = { 'id' : variable_model.id, 'name' : variable_model.name }
else :
result['error'] = 'You do not have permission to update this gene favorite list'
messages.error(request, 'You do not have permission to update this gene favorite list')
except ObjectDoesNotExist:
messages.error(request, 'The gene list you want does not exist.')
result['error'] = 'You do not have permission to update this gene favorite list'
else :
variable_model = VariableFavorite.create(name = data['name'],
variables = data['variables'],
user = request.user)
result['model'] = { 'id' : variable_model['id'], 'name' : variable_model['name'] }
return HttpResponse(json.dumps(result), status=200)
