from django.conf.urls import url
from corehq.apps.data_dictionary.views import (
DataDictionaryView,
ExportDataDictionaryView,
UploadDataDictionaryView,
data_dictionary_json,
generate_data_dictionary,
update_case_property,
update_case_property_description,
)
from corehq.apps.hqwebapp.decorators import waf_allow
urlpatterns = [
url(r"^generate/$", generate_data_dictionary, name='generate_data_dictionary'),
url(r"^json/$", data_dictionary_json, name='data_dictionary_json'),
url(r"^json/?(?P<case_type_name>\w+)/?$", data_dictionary_json, name='case_type_dictionary_json'),
url(r"^update_case_property/$", update_case_property, name='update_case_property'),
url(r"^update_case_property_description/$", update_case_property_description, name='update_property_description'),
url(r"^export/$", ExportDataDictionaryView.as_view(), name=ExportDataDictionaryView.urlname),
url(r"^$", DataDictionaryView.as_view(), name=DataDictionaryView.urlname),
url(r"^import$", waf_allow('XSS_BODY')(UploadDataDictionaryView.as_view()), name=UploadDataDictionaryView.urlname),
]
DataDictionaryView,
ExportDataDictionaryView,
UploadDataDictionaryView,
data_dictionary_json,
generate_data_dictionary,
update_case_property,
update_case_property_description,
)
from corehq.apps.hqwebapp.decorators import waf_allow
urlpatterns = [
url(r"^generate/$", generate_data_dictionary),
url(r"^json/$", data_dictionary_json, name='data_dictionary_json'),
url(r"^json/?(?P<case_type_name>\w+)/?$",
data_dictionary_json,
name='case_type_dictionary_json'),
url(r"^update_case_property/$",
update_case_property,
name='update_case_property'),
url(r"^update_case_property_description/$",
update_case_property_description,
name='update_property_description'),
url(r"^export/$",
ExportDataDictionaryView.as_view(),
name=ExportDataDictionaryView.urlname),
url(r"^$", DataDictionaryView.as_view(), name=DataDictionaryView.urlname),
url(r"^import$",
waf_allow('XSS_BODY')(UploadDataDictionaryView.as_view()),
name=UploadDataDictionaryView.urlname),
]
from django.conf.urls import url
from corehq.apps.hqwebapp.decorators import waf_allow
from corehq.messaging.smsbackends.trumpia.views import TrumpiaIncomingView
urlpatterns = [
url(r'^sms/(?P<api_key>[\w-]+)/?$',
waf_allow('XSS_QUERYSTRING')(TrumpiaIncomingView.as_view()),
name=TrumpiaIncomingView.urlname),
]
url(r'^view/(?P<app_id>[\w-]+)/modules-(?P<module_id>[\w-]+)/forms-(?P<form_id>[\w-]+)/context/$',
form_context, name='cloudcare_form_context'),
url(r'^v2/$', FormplayerMain.as_view(), name=FormplayerMain.urlname),
url(r'^v2/preview/$', FormplayerMainPreview.as_view(), name=FormplayerMainPreview.urlname),
url(
r'^v2/preview/(?P<app_id>[\w-]+)/$',
FormplayerPreviewSingleApp.as_view(),
name=FormplayerPreviewSingleApp.urlname,
),
url(r'^preview_app/(?P<app_id>[\w-]+)/$', PreviewAppView.as_view(), name=PreviewAppView.urlname),
url(r'^report_formplayer_error', report_formplayer_error, name='report_formplayer_error'),
]
api_urls = [
url(r'^login_as/users/$', LoginAsUsers.as_view(), name=LoginAsUsers.urlname),
url(r'^readable_questions/$', waf_allow('XSS_BODY')(ReadableQuestions.as_view()), name=ReadableQuestions.urlname),
]
# used in settings urls
settings_urls = [
url(r'^app/', EditCloudcareUserPermissionsView.as_view(), name=EditCloudcareUserPermissionsView.urlname),
]
urlpatterns = [
url(r'^$', default, name='cloudcare_default'),
url(r'^apps/', include(app_urls)),
url(r'^api/', include(api_urls)),
]
# This isn't strictly the appropriate place to put this,
download_file,
download_item_lists,
fixture_api_upload_status,
fixture_metadata,
fixture_upload_job_poll,
update_tables,
upload_fixture_api,
)
from corehq.apps.hqwebapp.decorators import waf_allow
urlpatterns = [
url(r'^fixapi/status/(?P<download_id>(?:dl-)?[0-9a-fA-Z]{25,32})/$',
fixture_api_upload_status, name='fixture_api_status'),
url(r'^fixapi/', upload_fixture_api),
url(r'^metadata/$', fixture_metadata, name='fixture_metadata'),
url(r'^$', RedirectView.as_view(url='edit_lookup_tables', permanent=True), name='edit_lookup_tables'),
FixtureInterfaceDispatcher.url_pattern(),
url(r'^edit_lookup_tables/download/$', download_item_lists, name="download_fixtures"),
url(r'^edit_lookup_tables/upload/$', waf_allow('XSS_BODY')(UploadItemLists.as_view()), name='upload_fixtures'),
url(r'^edit_lookup_tables/file/$', download_file, name="download_fixture_file"),
url(r'^edit_lookup_tables/update-tables/(?P<data_type_id>[\w-]+)?$', update_tables,
name='update_lookup_tables'),
# upload status
url(r'^upload/status/(?P<download_id>(?:dl-)?[0-9a-fA-Z]{25,32})/$',
FixtureUploadStatusView.as_view(),
name=FixtureUploadStatusView.urlname),
url(r'^upload/status/poll/(?P<download_id>(?:dl-)?[0-9a-fA-Z]{25,32})/$',
fixture_upload_job_poll, name='fixture_upload_job_poll'),
]
url(r'^send_test_scheduled_report/(?P<scheduled_report_id>[\w-]+)/$',
send_test_scheduled_report,
name='send_test_scheduled_report'),
url(r'^view_scheduled_report/(?P<scheduled_report_id>[\w_]+)/$',
view_scheduled_report,
name='view_scheduled_report'),
# V2 Reports
url(r'^v2/', include('corehq.apps.reports.v2.urls')),
url(r'^tableau/(?P<viz_id>[\d]+)/$',
TableauView.as_view(),
name=TableauView.urlname),
# Internal Use
url(r'^reprocess_error_form/$',
ReprocessXFormErrorView.as_view(),
name=ReprocessXFormErrorView.urlname),
url(r'^custom/', include(custom_report_urls)),
url(r'^filters/', include(filter_urls)),
ProjectReportDispatcher.url_pattern(),
url(r'^user_management/', include(user_management_urls)),
url(r'^release_management/', include(release_management_urls)),
]
# Exporting Case List Explorer reports with the word " on*" at the end of the search query
# get filtered by the WAF
waf_allow(
"XSS_BODY",
hard_code_pattern=
r'^/a/([\w\.:-]+)/reports/export/(case_list_explorer|duplicate_cases)/$')
accounting.BillingAccountResource,
accounting.SubscriptionResource,
accounting.InvoiceResource,
accounting.CustomerInvoiceResource,
accounting.LineItemResource,
accounting.PaymentMethodResource,
accounting.BillingContactInfoResource,
accounting.PaymentRecordResource,
accounting.CreditLineResource,
accounting.CreditAdjustmentResource,
accounting.SubscriptionAndAdjustmentResource,
accounting.BillingRecordResource,
MaltResource,
GIRResource,
)
USER_API_LIST = (UserDomainsResource, )
def api_url_patterns():
api = CommCareHqApi(api_name='global')
for resource in ADMIN_API_LIST + USER_API_LIST:
api.register(resource())
yield url(r'^', include(api.urls))
admin_urlpatterns = list(api_url_patterns())
waf_allow('XSS_BODY',
hard_code_pattern=r'^/a/([\w\.:-]+)/api/v([\d\.]+)/form/$')
from corehq.apps.hqwebapp.decorators import waf_allow
urlpatterns = [
url(r'^fixapi/status/(?P<download_id>(?:dl-)?[0-9a-fA-Z]{25,32})/$',
fixture_api_upload_status,
name='fixture_api_status'),
url(r'^fixapi/', upload_fixture_api),
url(r'^metadata/$', fixture_metadata, name='fixture_metadata'),
url(r'^$',
RedirectView.as_view(url='edit_lookup_tables', permanent=True),
name='edit_lookup_tables'),
FixtureInterfaceDispatcher.url_pattern(),
url(r'^edit_lookup_tables/download/$',
download_item_lists,
name="download_fixtures"),
url(r'^edit_lookup_tables/upload/$',
waf_allow('XSS_BODY')(UploadItemLists.as_view()),
name='upload_fixtures'),
url(r'^edit_lookup_tables/update-tables/(?P<data_type_id>[\w-]+)?$',
update_tables,
name='update_lookup_tables'),
# upload status
url(r'^upload/status/(?P<download_id>(?:dl-)?[0-9a-fA-Z]{25,32})/$',
FixtureUploadStatusView.as_view(),
name=FixtureUploadStatusView.urlname),
url(r'^upload/status/poll/(?P<download_id>(?:dl-)?[0-9a-fA-Z]{25,32})/$',
fixture_upload_job_poll,
name='fixture_upload_job_poll'),
]
DeIdDashboardFeedListView.as_view(),
name=DeIdDashboardFeedListView.urlname),
url(r"^custom/case/$",
CaseExportListView.as_view(),
name=CaseExportListView.urlname),
url(r"^custom/daily_saved/$",
DailySavedExportListView.as_view(),
name=DailySavedExportListView.urlname),
url(r"^custom/dashboard_feed/$",
DashboardFeedListView.as_view(),
name=DashboardFeedListView.urlname),
url(r"^custom/odata_feed/$",
ODataFeedListView.as_view(),
name=ODataFeedListView.urlname),
url(r"^custom/download_data_files/$",
waf_allow('XSS_BODY')(DataFileDownloadList.as_view()),
name=DataFileDownloadList.urlname),
url(r"^custom/download_data_files/(?P<pk>[\w\-]+)/(?P<filename>.*)$",
DataFileDownloadDetail.as_view(),
name=DataFileDownloadDetail.urlname),
url(r"^custom/inc_export/$",
IncrementalExportView.as_view(),
name=IncrementalExportView.urlname),
url(r"^custom/inc_export_file/(?P<checkpoint_id>[\w\-]+)$",
incremental_export_checkpoint_file,
name='incremental_export_checkpoint_file'),
url(r"^custom/inc_export_reset/(?P<checkpoint_id>[\w\-]+)$",
incremental_export_reset_checkpoint,
name='incremental_export_reset_checkpoint'),
url(r"^custom/inc_export_resend_all/(?P<incremental_export_id>[\w\-]+)$",
incremental_export_resend_all,
from django.conf.urls import re_path as url
from corehq.apps.hqwebapp.decorators import waf_allow
from corehq.motech.dhis2.views import (
DataSetMapCreateView,
DataSetMapListView,
DataSetMapUpdateView,
DataSetMapJsonCreateView,
DataSetMapJsonEditView,
send_dataset_now,
)
urlpatterns = [
url(r'^map/$',
DataSetMapListView.as_view(),
name=DataSetMapListView.urlname),
url(r'^map/json/add/$',
DataSetMapJsonCreateView.as_view(),
name=DataSetMapJsonCreateView.urlname),
url(r'^map/json/(?P<pk>\w+)/$',
DataSetMapJsonEditView.as_view(),
name=DataSetMapJsonEditView.urlname),
url(r'^map/add/$',
DataSetMapCreateView.as_view(),
name=DataSetMapCreateView.urlname),
url(r'^map/(?P<pk>\w+)/$',
waf_allow('XSS_BODY')(DataSetMapUpdateView.as_view()),
name=DataSetMapUpdateView.urlname),
url(r'^send/(?P<pk>[\w-]+)/$', send_dataset_now, name='send_dataset_now'),
]
from django.conf.urls import re_path as url
from corehq.apps.hqwebapp.decorators import waf_allow
from corehq.messaging.smsbackends.trumpia.views import TrumpiaIncomingView
urlpatterns = [
url(r'^sms/(?P<api_key>[\w-]+)/?$', waf_allow('XSS_QUERYSTRING')(TrumpiaIncomingView.as_view()),
name=TrumpiaIncomingView.urlname),
]
name=FormplayerPreviewSingleApp.urlname,
),
url(r'^preview_app/(?P<app_id>[\w-]+)/$',
PreviewAppView.as_view(),
name=PreviewAppView.urlname),
url(r'^report_formplayer_error',
report_formplayer_error,
name='report_formplayer_error')
]
api_urls = [
url(r'^login_as/users/$',
LoginAsUsers.as_view(),
name=LoginAsUsers.urlname),
url(r'^readable_questions/$',
waf_allow('XSS_BODY')(ReadableQuestions.as_view()),
name=ReadableQuestions.urlname),
]
# used in settings urls
settings_urls = [
url(r'^app/',
EditCloudcareUserPermissionsView.as_view(),
name=EditCloudcareUserPermissionsView.urlname),
]
urlpatterns = [
url(r'^$', default, name='cloudcare_default'),
url(r'^apps/', include(app_urls)),
url(r'^api/', include(api_urls)),
]
from django.conf.urls import include, re_path as url
from corehq.apps.hqwebapp.decorators import waf_allow
from .models import GrapevineResource
gvi_resource = GrapevineResource()
urlpatterns = [
url(r'^api/', include(gvi_resource.urls)),
]
waf_allow('XSS_BODY', hard_code_pattern=r'^/gvi/api/sms/$')
urlpatterns = [
url(r'^file/(?P<media_type>[\w\-]+)/(?P<doc_id>[\w\-]+)/(.+)?$',
ViewMultimediaFile.as_view(), name=ViewMultimediaFile.urlname),
url(r'^upload_status/$', MultimediaUploadStatusView.as_view(), name=MultimediaUploadStatusView.urlname)
]
application_urls = [
url(r'^upload/$', BulkUploadMultimediaView.as_view(), name=BulkUploadMultimediaView.urlname),
url(r'^paths/$', ManageMultimediaPathsView.as_view(), name=ManageMultimediaPathsView.urlname),
url(r'^paths/download/$', download_multimedia_paths, name='download_multimedia_paths'),
url(r'^audio_translator_file/$', MultimediaAudioTranslatorFileView.as_view(),
name=MultimediaAudioTranslatorFileView.urlname),
url(r'^translations/$', MultimediaTranslationsCoverageView.as_view(),
name=MultimediaTranslationsCoverageView.urlname),
url(r'^uploaded/bulk/$', ProcessBulkUploadView.as_view(), name=ProcessBulkUploadView.urlname),
url(r'^uploaded/image/$', waf_allow('XSS_BODY')(ProcessImageFileUploadView.as_view()),
name=ProcessImageFileUploadView.urlname),
url(r'^uploaded/app_logo/(?P<logo_name>[\w\-]+)/$', waf_allow('XSS_BODY')(ProcessLogoFileUploadView.as_view()),
name=ProcessLogoFileUploadView.urlname),
url(r'^uploaded/audio/$', waf_allow('XSS_BODY')(ProcessAudioFileUploadView.as_view()),
name=ProcessAudioFileUploadView.urlname),
url(r'^uploaded/video/$', waf_allow('XSS_BODY')(ProcessVideoFileUploadView.as_view()),
name=ProcessVideoFileUploadView.urlname),
url(r'^uploaded/text/$', ProcessTextFileUploadView.as_view(),
name=ProcessTextFileUploadView.urlname),
url(r'^uploaded/detail_print/(?P<module_unique_id>[\w-]+)/$', ProcessDetailPrintTemplateUploadView.as_view(),
name=ProcessDetailPrintTemplateUploadView.urlname),
url(r'^remove_logo/$', RemoveLogoView.as_view(), name=RemoveLogoView.urlname),
url(r'^remove_print_template/$', RemoveDetailPrintTemplateView.as_view(),
name=RemoveDetailPrintTemplateView.urlname),
url(r'^map/$', MultimediaReferencesView.as_view(), name=MultimediaReferencesView.urlname),
ManageMultimediaPathsView.as_view(),
name=ManageMultimediaPathsView.urlname),
url(r'^paths/download/$',
download_multimedia_paths,
name='download_multimedia_paths'),
url(r'^audio_translator_file/$',
MultimediaAudioTranslatorFileView.as_view(),
name=MultimediaAudioTranslatorFileView.urlname),
url(r'^translations/$',
MultimediaTranslationsCoverageView.as_view(),
name=MultimediaTranslationsCoverageView.urlname),
url(r'^uploaded/bulk/$',
ProcessBulkUploadView.as_view(),
name=ProcessBulkUploadView.urlname),
url(r'^uploaded/image/$',
waf_allow('XSS_BODY')(ProcessImageFileUploadView.as_view()),
name=ProcessImageFileUploadView.urlname),
url(r'^uploaded/app_logo/(?P<logo_name>[\w\-]+)/$',
waf_allow('XSS_BODY')(ProcessLogoFileUploadView.as_view()),
name=ProcessLogoFileUploadView.urlname),
url(r'^uploaded/audio/$',
ProcessAudioFileUploadView.as_view(),
name=ProcessAudioFileUploadView.urlname),
url(r'^uploaded/video/$',
ProcessVideoFileUploadView.as_view(),
name=ProcessVideoFileUploadView.urlname),
url(r'^uploaded/text/$',
ProcessTextFileUploadView.as_view(),
name=ProcessTextFileUploadView.urlname),
url(r'^uploaded/detail_print/(?P<module_unique_id>[\w-]+)/$',
ProcessDetailPrintTemplateUploadView.as_view(),