def profile(request): context = PatchworkRequestContext(request) if request.method == 'POST': form = UserProfileForm(instance=request.user.profile, data=request.POST) if form.is_valid(): form.save() else: form = UserProfileForm(instance=request.user.profile) context.project = request.user.profile.primary_project context['bundles'] = Bundle.objects.filter(owner=request.user) context['profileform'] = form optout_query = '%s.%s IN (SELECT %s FROM %s)' % ( Person._meta.db_table, Person._meta.get_field('email').column, EmailOptout._meta.get_field('email').column, EmailOptout._meta.db_table) people = Person.objects.filter(user = request.user) \ .extra(select = {'is_optout': optout_query}) context['linked_emails'] = people context['linkform'] = UserPersonLinkForm() return render_to_response('patchwork/profile.html', context)
def profile(request): if request.method == 'POST': form = UserProfileForm(instance=request.user.profile, data=request.POST) if form.is_valid(): form.save() else: form = UserProfileForm(instance=request.user.profile) # TODO(stephenfin): Add a related_name for User->Bundle context = { 'bundles': Bundle.objects.filter(owner=request.user), 'profileform': form, } # FIXME(stephenfin): This looks unsafe. Investigate. optout_query = '%s.%s IN (SELECT %s FROM %s)' % ( Person._meta.db_table, Person._meta.get_field('email').column, EmailOptout._meta.get_field('email').column, EmailOptout._meta.db_table) people = Person.objects.filter(user=request.user) \ .extra(select={'is_optout': optout_query}) context['linked_emails'] = people context['linkform'] = EmailForm() return render(request, 'patchwork/profile.html', context)
def profile(request): if request.method == 'POST': form = UserProfileForm(instance=request.user.profile, data=request.POST) if form.is_valid(): form.save() else: form = UserProfileForm(instance=request.user.profile) context = { 'bundles': request.user.bundles.all(), 'profileform': form, } # This looks unsafe but is actually fine: it just gets the names # of tables and columns, not user-supplied data. # # An example of generated SQL is: # patchwork_person.email IN (SELECT email FROM patchwork_emailoptout) optout_query = '%s.%s IN (SELECT %s FROM %s)' % ( Person._meta.db_table, Person._meta.get_field('email').column, EmailOptout._meta.get_field('email').column, EmailOptout._meta.db_table) people = Person.objects.filter(user=request.user) \ .extra(select={'is_optout': optout_query}) context['linked_emails'] = people context['linkform'] = EmailForm() context['api_token'] = request.user.profile.token if settings.ENABLE_REST_API: context['rest_api_enabled'] = True return render(request, 'patchwork/profile.html', context)
def profile(request): context = PatchworkRequestContext(request) if request.method == 'POST': form = UserProfileForm(instance = request.user.get_profile(), data = request.POST) if form.is_valid(): form.save() else: form = UserProfileForm(instance = request.user.get_profile()) context.project = request.user.get_profile().primary_project context['bundles'] = Bundle.objects.filter(owner = request.user) context['profileform'] = form optout_query = '%s.%s IN (SELECT %s FROM %s)' % ( Person._meta.db_table, Person._meta.get_field('email').column, EmailOptout._meta.get_field('email').column, EmailOptout._meta.db_table) people = Person.objects.filter(user = request.user) \ .extra(select = {'is_optout': optout_query}) context['linked_emails'] = people context['linkform'] = UserPersonLinkForm() return render_to_response('patchwork/profile.html', context)
def profile(request): if request.method == 'POST': form = UserProfileForm(instance=request.user.profile, data=request.POST) if form.is_valid(): form.save() else: form = UserProfileForm(instance=request.user.profile) # TODO(stephenfin): Add a related_name for User->Bundle context = { 'bundles': Bundle.objects.filter(owner=request.user), 'profileform': form, } # This looks unsafe but is actually fine: it just gets the names # of tables and columns, not user-supplied data. # # An example of generated SQL is: # patchwork_person.email IN (SELECT email FROM patchwork_emailoptout) optout_query = '%s.%s IN (SELECT %s FROM %s)' % ( Person._meta.db_table, Person._meta.get_field('email').column, EmailOptout._meta.get_field('email').column, EmailOptout._meta.db_table) people = Person.objects.filter(user=request.user) \ .extra(select={'is_optout': optout_query}) context['linked_emails'] = people context['linkform'] = EmailForm() context['api_token'] = request.user.profile.token if settings.ENABLE_REST_API: context['rest_api_enabled'] = True return render(request, 'patchwork/profile.html', context)
def profile(request): context = PatchworkRequestContext(request) if request.method == 'POST': form = UserProfileForm(instance = request.user.get_profile(), data = request.POST) if form.is_valid(): form.save() else: form = UserProfileForm(instance = request.user.get_profile()) context.project = request.user.get_profile().primary_project context['bundles'] = Bundle.objects.filter(owner = request.user) context['profileform'] = form people = Person.objects.filter(user = request.user) context['linked_emails'] = people context['linkform'] = UserPersonLinkForm() return render_to_response('patchwork/profile.html', context)