def EditBookInstanceView(request, pk): if not request.user.is_staff or not request.user.groups.filter( name='Manager').exists(): return redirect('404') copy = BookInstance.objects.get(pk=pk) if request.method == 'POST': form = BookInstanceForm(request.POST, instance=copy) if form.is_valid(): bookinstance = form.save() LogEntry.objects.log_action( user_id=request.user.id, content_type_id=ContentType.objects.get_for_model( bookinstance).pk, object_id=bookinstance.id, object_repr=str(bookinstance.__str__()), action_flag=CHANGE, change_message=construct_change_message( form, None, False) # Set to False when edited, set to True when added ) messages.success(request, 'Your edits to this book copy has been saved!') return HttpResponseRedirect(reverse('book-copies')) else: form = BookInstanceForm(instance=copy) else: form = BookInstanceForm(instance=copy) return render(request, "manager/edit_book_instance.html", { 'form': form, 'copy': copy })
def AddBookInstanceView(request): if not request.user.is_staff or not request.user.groups.filter( name='Manager').exists(): return redirect('404') if request.method == "POST": form = BookInstanceForm(request.POST) if form.is_valid(): bookinstance = form.save() bookinstance.save() LogEntry.objects.log_action( user_id=request.user.id, content_type_id=ContentType.objects.get_for_model( bookinstance).pk, object_id=bookinstance.id, object_repr=str(bookinstance.__str__()), action_flag=ADDITION, change_message=construct_change_message( form, None, True) # Set to False when edited, set to True when added ) messages.success(request, 'You have now added a copy for this book!') return HttpResponseRedirect(reverse('book-copies')) else: form = BookInstanceForm() return render(request, "manager/add_book_instance.html", {"form": form})
def ChangePasswordView(request): if request.user.is_staff: return redirect('404') if request.method == 'POST': form = PasswordChangeForm(request.user, request.POST) if form.is_valid(): user = form.save() update_session_auth_hash(request, user) # Important! LogEntry.objects.log_action( user_id=request.user.id, content_type_id=ContentType.objects.get_for_model(user).pk, object_id=user.id, object_repr=str(user.__str__()), action_flag=CHANGE, change_message=construct_change_message( form, None, False) # Set to False when edited, set to True when added ) messages.success(request, 'Your password was successfully updated!') return redirect('user-profile', username=user.username) else: messages.error(request, 'Please correct the error below.') else: form = PasswordChangeForm(request.user) return render(request, 'catalog/change_password.html', {'form': form})
def form_valid(self, form): adv_id = self.request.GET.get('advisory', '') cust_id = self.request.GET.get('customer', '') advisory = Advisory.objects.get(pk=adv_id) customer = Customer.objects.get(pk=cust_id) form.instance.advisory = advisory form.instance.customer = customer from django.contrib.admin.utils import construct_change_message change_message = construct_change_message(None, None, True) #self.log_addition(self.request, form.instance, change_message) return super(DetailAddView, self).form_valid(form)
def log_form_addition_or_change(self, form, was_adding, formsets=None): """ Shortcut for logging the addition/deletion made via form. Resembles ModelAdmin too. If there are accompanyed formset to the main action, their change could be logged too. """ if not form.is_valid(): raise ValidationError("Form invalid.") if formsets and not all_valid(formsets): raise ValidationError("Some of the formsets not valid.") message_list = construct_change_message(form, formsets, was_adding) if was_adding: self.log_addition(form.instance, message_list) else: self.log_change(form.instance, message_list)
def SignUpView(request): if not request.user.is_anonymous: return redirect('404') else: form = SignUpForm(request.POST) if form.is_valid(): user = form.save() user.refresh_from_db() # used to handle synchronism issue user.profile.first_name = form.cleaned_data.get('first_name') user.profile.last_name = form.cleaned_data.get('last_name') user.profile.email = form.cleaned_data.get('email') user.profile.ID_num = form.cleaned_data.get( 'ID_num' ) # set all user info as well as ID number and role to profile model user.profile.role = form.cleaned_data.get('role') LibraryMember = Group.objects.get( name='Library Members' ) # add a user to the Library Members group (default is teacher or student) LibraryMember.user_set.add( user) # Library Members do not have any CRUD permissions user.save() LogEntry.objects.log_action( user_id=user.id, content_type_id=ContentType.objects.get_for_model(user).pk, object_id=user.id, object_repr=str(user.__str__()), action_flag=ADDITION, change_message=construct_change_message( form, None, True) # Set to False when edited, set to True when added ) messages.success( request, "Account saved! Please login again to verify it is you!") return redirect( 'login' ) # redirect to homepage once account has been successfully registered else: form = SignUpForm() return render(request, '../templates/registration/signup.html', {'form': form})
def AddManagerView(request): if not request.user.is_staff or not request.user.groups.filter( name='Administrator').exists(): return redirect('404') form = CreateManagerForm(request.POST) if form.is_valid(): user = form.save() user.refresh_from_db() # used to handle synchronism issue user.profile.first_name = form.cleaned_data.get('first_name') user.profile.last_name = form.cleaned_data.get('last_name') user.profile.email = form.cleaned_data.get('email') user.profile.ID_num = form.cleaned_data.get( 'ID_num' ) # set all user info as well as ID number and role to profile model user.profile.role = 'manager' LibraryMember = Group.objects.get( name='Manager') # add a user to the Manager group LibraryMember.user_set.add( user) # Managers have permissions for books and bookinstances user.is_staff = True user.save() LogEntry.objects.log_action( user_id=request.user.id, content_type_id=ContentType.objects.get_for_model(user).pk, object_id=user.id, object_repr=str(user.__str__()), action_flag=ADDITION, change_message=construct_change_message( form, None, True) # Set to False when edited, set to True when added ) messages.success(request, 'The new manager is now added to the system!') return redirect( '../managers' ) # redirect to manager list page once account has been successfully registered else: form = CreateManagerForm() return render(request, 'administrator/add_manager.html', {'form': form})
def ReviewBookView(request, pk): book = get_object_or_404(Book, pk=pk) if request.user.is_staff: return redirect('404') if request.method == 'POST': form = ReviewForm(request.POST) if form.is_valid(): review = form.save() review.book = book review.user = request.user review.save() LogEntry.objects.log_action( user_id=request.user.id, content_type_id=ContentType.objects.get_for_model(review).pk, object_id=review.id, object_repr=str(review.__str__()), action_flag=ADDITION, change_message=construct_change_message( form, None, True) # Set to False when edited, set to True when added ) messages.success(request, 'Your review has been posted to the website!') return redirect('book-detail', pk=pk) # return to the current book-detail page else: messages.error(request, 'Please correct the error below.') else: form = ReviewForm() return render(request, 'catalog/book_review.html', { 'form': form, 'book': book, })
def form_valid(self, form): from django.contrib.admin.utils import construct_change_message change_message = construct_change_message(form, None, None) self.log_change(self.request, self.object, change_message) return super(UserprofileDetailView, self).form_valid(form)
def get_info(vuln_raw): data = json.loads(vuln_raw) now = datetime.now(utc) tdelta = now - timedelta(days=365) liste = StringIO.StringIO() db = StringIO.StringIO() debug = StringIO.StringIO() # get my user try: user = User.objects.get(username='******') except User.DoesNotExist: # We have to make this customer print "Making user cisco_import.." user = User.objects.create(username='******') # get Cisco vendor ID try: cisco = Vendor.objects.get(vendor_name='Cisco') except Vendor.DoesNotExist: # We have to make this customer print "Making customer Cisco.." cisco = Vendor.objects.create(vendor_name='Cisco') for vuln in sorted(data, reverse=True, key=getdate): print "Starting on %s" % (vuln['advisory_id']) products = [] for product in vuln['product_names']: product = product.strip(' \t\n\r') #print "Check if the product \"%s\" is a part of the database" % (product) #Check if product is part of database try: p = Product.objects.get(product_vendor=cisco, product_name=product) except Product.DoesNotExist: print "Product \"%s\" is NOT a part of the database, adding" % ( product) p = Product.objects.create(product_vendor=cisco, product_name=product) change_message = construct_change_message(None, None, True) log_addition(user, p, change_message) products.append(p) cves = [] for cve in vuln['cves']: cve = cve.strip(' \t\n\r') #Check if cve is part of database try: p = CVE.objects.get(cve_id=cve) except CVE.DoesNotExist: print "Creating new CVE signature %s" % (cve) p = CVE.objects.create(cve_id=cve) change_message = construct_change_message(None, None, True) log_addition(user, p, change_message) cves.append(p) bugs = [] for bug in vuln['bug_ids']: bug = bug.strip(' \t\n\r') #Check if bug is part of database try: p = Bug.objects.get(bug_id=bug, bug_vendor=cisco) except Bug.DoesNotExist: print "Creating new BUG id %s" % (bug) p = Bug.objects.create(bug_id=bug, bug_vendor=cisco) change_message = construct_change_message(None, None, True) log_addition(user, p, change_message) bugs.append(p) cwes = [] for cwe in vuln['cwe']: cwe = cwe.strip(' \t\n\r') #Check if cwe is part of database try: p = CWE.objects.get(cwe_id=cwe) except CWE.DoesNotExist: print "Creating new CWE %s" % (cwe) p = CWE.objects.create(cwe_id=cwe) change_message = construct_change_message(None, None, True) log_addition(user, p, change_message) cwes.append(p) ipssigs = [] for ipssig in vuln['ips_signatures']: #print "Check if the IPS signature \"%s\" is a part of the database" % (ipssig) if type(ipssig) is dict: legacy_ips_id = ipssig['legacy_ips_id'].strip(' \t\n\r') elif type(ipssig) is str: legacy_ips_id = ipssig.strip(' \t\n\r') ipssig = { "legacy_ips_id": legacy_ips_id, "legacy_ips_url": "", "release_version": "", "software_version": "", } else: legacy_ips_id = "NA" ipssig = { "legacy_ips_id": legacy_ips_id, "legacy_ips_url": "", "release_version": "", "software_version": "", } #Check if ipssig is part of database try: p = Ips_signature.objects.get(legacy_ips_id=legacy_ips_id) except Ips_signature.DoesNotExist: print "Creating new IPS signature %s" % (legacy_ips_id) p = Ips_signature.objects.create( legacy_ips_id=legacy_ips_id, legacy_ips_url=ipssig['legacy_ips_url'], release_version=ipssig['release_version'], software_version=ipssig['software_version']) change_message = construct_change_message(None, None, True) log_addition(user, p, change_message) ipssigs.append(p) first_published = parse(vuln['first_published']) last_updated = parse(vuln['last_updated']) # Check if this advisory exists, if not, make it advisory_id = vuln['advisory_id'].strip(' \t\n\r') try: advisory = Ciscoadvisory.objects.get(advisory_id=advisory_id) except Ciscoadvisory.DoesNotExist: print "Creating new Advisory ID %s" % (advisory_id) advisory = Ciscoadvisory.objects.create( advisory_id=advisory_id, advisory_vendor=cisco, advisory_title=vuln['advisory_title'], cvrf_url=vuln['cvrf_url'], cvss_base_score=vuln['cvss_base_score'], first_published=first_published, last_updated=last_updated, publication_url=vuln['publication_url'], sir=vuln['sir'], summary=vuln['summary']) for bug in bugs: advisory.bug_ids.add(bug) for cve in cves: advisory.cves.add(cve) for cwe in cwes: advisory.cwe.add(cwe) for ips in ipssigs: advisory.ips_signatures.add(ips) for product in products: advisory.product_names.add(product) advisory.save() change_message = construct_change_message(None, None, True) log_addition(user, advisory, change_message) # Check if the advisory has been updated if advisory.last_updated < last_updated: change_message = [] print "Updating advisory ID %s" % (advisory_id) if vuln['advisory_title'] != advisory.advisory_title: advisory.advisory_title = vuln['advisory_title'] change_message.append( {'changed': { 'fields': 'advisory_title', }}) if advisory.cvrf_url != vuln['cvrf_url']: advisory.cvrf_url = vuln['cvrf_url'] change_message.append({'changed': { 'fields': 'cvrf_url', }}) if advisory.cvss_base_score != vuln['cvss_base_score']: advisory.cvss_base_score = vuln['cvss_base_score'] change_message.append( {'changed': { 'fields': 'cvss_base_score', }}) if list(advisory.bug_ids.all()) != list(bugs): advisory.bug_ids.set(bugs) change_message.append({'changed': { 'fields': 'bug_ids', }}) if list(advisory.cves.all()) != list(cves): advisory.cves.set(cves) change_message.append({'changed': { 'fields': 'cves', }}) if list(advisory.cwe.all()) != list(cwes): advisory.cwe.set(cwes) change_message.append({'changed': { 'fields': 'cwe', }}) if advisory.first_published != first_published: advisory.first_published = first_published change_message.append( {'changed': { 'fields': 'first_published', }}) if advisory.ips_signatures != ipssigs: advisory.ips_signatures = ipssigs change_message.append( {'changed': { 'fields': 'ips_signatures', }}) if advisory.last_updated != last_updated: advisory.last_updated = last_updated change_message.append( {'changed': { 'fields': 'last_updated', }}) if list(advisory.product_names.all()) != list(products): advisory.product_names.set(products) change_message.append( {'changed': { 'fields': 'product_names', }}) if advisory.publication_url != vuln['publication_url']: advisory.publication_url = vuln['publication_url'] change_message.append( {'changed': { 'fields': 'publication_url', }}) if advisory.sir != vuln['sir']: advisory.sir = vuln['sir'] change_message.append({'changed': { 'fields': 'sir', }}) if advisory.summary != vuln['summary']: advisory.summary = vuln['summary'] change_message.append({'changed': { 'fields': 'summary', }}) advisory.save() log_change(user, advisory, change_message) #now we'll have to make all assessments of this advisory invalid a = Advisory.objects.get( object_id=advisory.pk, content_type=get_content_type_for_model(Ciscoadvisory)) assessments = a.assessment_set.all() for assessment in assessments: print "Invalidating assessment %s" % (assessment) assessment.valid = Assessment.NO assessment.save()