def edit(request, username, id_string):
xform = XForm.objects.get(user__username__iexact=username,
id_string__exact=id_string)
owner = xform.user
if username == request.user.username or\
request.user.has_perm('logger.change_xform', xform):
if request.POST.get('media_url'):
uri = request.POST.get('media_url')
try:
SSRFProtect.validate(uri)
except SSRFProtectException:
return HttpResponseForbidden(
t('URL {uri} is forbidden.').format(uri=uri))
MetaData.media_add_uri(xform, uri)
elif request.FILES.get('media'):
audit = {'xform': xform.id_string}
audit_log(
Actions.FORM_UPDATED, request.user, owner,
t("Media added to '%(id_string)s'.") %
{'id_string': xform.id_string}, audit, request)
for aFile in request.FILES.getlist("media"):
MetaData.media_upload(xform, aFile)
xform.update()
if request.is_ajax():
return HttpResponse(t('Updated succeeded.'))
else:
if 'HTTP_REFERER' in request.META and request.META[
'HTTP_REFERER'].strip():
return HttpResponseRedirect(request.META['HTTP_REFERER'])
return HttpResponseRedirect(
reverse(show,
kwargs={
'username': username,
'id_string': id_string
}))
return HttpResponseForbidden(t('Update failed.'))
def edit(request, username, id_string):
xform = XForm.objects.get(user__username=username, id_string=id_string)
owner = xform.user
if username == request.user.username or\
request.user.has_perm('logger.change_xform', xform):
if request.POST.get('description'):
audit = {
'xform': xform.id_string
}
audit_log(
Actions.FORM_UPDATED, request.user, owner,
_("Description for '%(id_string)s' updated from "
"'%(old_description)s' to '%(new_description)s'.") %
{
'id_string': xform.id_string,
'old_description': xform.description,
'new_description': request.POST['description']
}, audit, request)
xform.description = request.POST['description']
elif request.POST.get('title'):
audit = {
'xform': xform.id_string
}
audit_log(
Actions.FORM_UPDATED, request.user, owner,
_("Title for '%(id_string)s' updated from "
"'%(old_title)s' to '%(new_title)s'.") %
{
'id_string': xform.id_string,
'old_title': xform.title,
'new_title': request.POST.get('title')
}, audit, request)
xform.title = request.POST['title']
elif request.POST.get('toggle_shared'):
if request.POST['toggle_shared'] == 'data':
audit = {
'xform': xform.id_string
}
audit_log(
Actions.FORM_UPDATED, request.user, owner,
_("Data sharing updated for '%(id_string)s' from "
"'%(old_shared)s' to '%(new_shared)s'.") %
{
'id_string': xform.id_string,
'old_shared': _("shared")
if xform.shared_data else _("not shared"),
'new_shared': _("shared")
if not xform.shared_data else _("not shared")
}, audit, request)
xform.shared_data = not xform.shared_data
elif request.POST['toggle_shared'] == 'form':
audit = {
'xform': xform.id_string
}
audit_log(
Actions.FORM_UPDATED, request.user, owner,
_("Form sharing for '%(id_string)s' updated "
"from '%(old_shared)s' to '%(new_shared)s'.") %
{
'id_string': xform.id_string,
'old_shared': _("shared")
if xform.shared else _("not shared"),
'new_shared': _("shared")
if not xform.shared else _("not shared")
}, audit, request)
xform.shared = not xform.shared
elif request.POST['toggle_shared'] == 'active':
audit = {
'xform': xform.id_string
}
audit_log(
Actions.FORM_UPDATED, request.user, owner,
_("Active status for '%(id_string)s' updated from "
"'%(old_shared)s' to '%(new_shared)s'.") %
{
'id_string': xform.id_string,
'old_shared': _("shared")
if xform.downloadable else _("not shared"),
'new_shared': _("shared")
if not xform.downloadable else _("not shared")
}, audit, request)
xform.downloadable = not xform.downloadable
elif request.POST.get('form-license'):
audit = {
'xform': xform.id_string
}
audit_log(
Actions.FORM_UPDATED, request.user, owner,
_("Form License for '%(id_string)s' updated to "
"'%(form_license)s'.") %
{
'id_string': xform.id_string,
'form_license': request.POST['form-license'],
}, audit, request)
MetaData.form_license(xform, request.POST['form-license'])
elif request.POST.get('data-license'):
audit = {
'xform': xform.id_string
}
audit_log(
Actions.FORM_UPDATED, request.user, owner,
_("Data license for '%(id_string)s' updated to "
"'%(data_license)s'.") %
{
'id_string': xform.id_string,
'data_license': request.POST['data-license'],
}, audit, request)
MetaData.data_license(xform, request.POST['data-license'])
elif request.POST.get('source') or request.FILES.get('source'):
audit = {
'xform': xform.id_string
}
audit_log(
Actions.FORM_UPDATED, request.user, owner,
_("Source for '%(id_string)s' updated to '%(source)s'.") %
{
'id_string': xform.id_string,
'source': request.POST.get('source'),
}, audit, request)
MetaData.source(xform, request.POST.get('source'),
request.FILES.get('source'))
elif request.POST.get('enable_sms_support_trigger') is not None:
sms_support_form = ActivateSMSSupportFom(request.POST)
if sms_support_form.is_valid():
audit = {
'xform': xform.id_string
}
enabled = \
sms_support_form.cleaned_data.get('enable_sms_support')
if enabled:
audit_action = Actions.SMS_SUPPORT_ACTIVATED
audit_message = _(u"SMS Support Activated on")
else:
audit_action = Actions.SMS_SUPPORT_DEACTIVATED
audit_message = _(u"SMS Support Deactivated on")
audit_log(
audit_action, request.user, owner,
audit_message
% {'id_string': xform.id_string}, audit, request)
# stored previous states to be able to rollback form status
# in case we can't save.
pe = xform.allows_sms
pid = xform.sms_id_string
xform.allows_sms = enabled
xform.sms_id_string = \
sms_support_form.cleaned_data.get('sms_id_string')
compat = check_form_sms_compatibility(None,
json.loads(xform.json))
if compat['type'] == 'alert-error':
xform.allows_sms = False
xform.sms_id_string = pid
try:
xform.save()
except IntegrityError:
# unfortunately, there's no feedback mechanism here
xform.allows_sms = pe
xform.sms_id_string = pid
elif request.POST.get('media_url'):
uri = request.POST.get('media_url')
MetaData.media_add_uri(xform, uri)
elif request.FILES.get('media'):
audit = {
'xform': xform.id_string
}
audit_log(
Actions.FORM_UPDATED, request.user, owner,
_("Media added to '%(id_string)s'.") %
{
'id_string': xform.id_string
}, audit, request)
for aFile in request.FILES.getlist("media"):
MetaData.media_upload(xform, aFile)
elif request.POST.get('map_name'):
mapbox_layer = MapboxLayerForm(request.POST)
if mapbox_layer.is_valid():
audit = {
'xform': xform.id_string
}
audit_log(
Actions.FORM_UPDATED, request.user, owner,
_("Map layer added to '%(id_string)s'.") %
{
'id_string': xform.id_string
}, audit, request)
MetaData.mapbox_layer_upload(xform, mapbox_layer.cleaned_data)
elif request.FILES:
audit = {
'xform': xform.id_string
}
audit_log(
Actions.FORM_UPDATED, request.user, owner,
_("Supporting document added to '%(id_string)s'.") %
{
'id_string': xform.id_string
}, audit, request)
MetaData.supporting_docs(xform, request.FILES['doc'])
xform.update()
if request.is_ajax():
return HttpResponse(_(u'Updated succeeded.'))
else:
return HttpResponseRedirect(reverse(show, kwargs={
'username': username,
'id_string': id_string
}))
return HttpResponseForbidden(_(u'Update failed.'))
