def edit(request, username, id_string): xform = XForm.objects.get(user__username__iexact=username, id_string__exact=id_string) owner = xform.user if username == request.user.username or\ request.user.has_perm('logger.change_xform', xform): if request.POST.get('media_url'): uri = request.POST.get('media_url') try: SSRFProtect.validate(uri) except SSRFProtectException: return HttpResponseForbidden( t('URL {uri} is forbidden.').format(uri=uri)) MetaData.media_add_uri(xform, uri) elif request.FILES.get('media'): audit = {'xform': xform.id_string} audit_log( Actions.FORM_UPDATED, request.user, owner, t("Media added to '%(id_string)s'.") % {'id_string': xform.id_string}, audit, request) for aFile in request.FILES.getlist("media"): MetaData.media_upload(xform, aFile) xform.update() if request.is_ajax(): return HttpResponse(t('Updated succeeded.')) else: if 'HTTP_REFERER' in request.META and request.META[ 'HTTP_REFERER'].strip(): return HttpResponseRedirect(request.META['HTTP_REFERER']) return HttpResponseRedirect( reverse(show, kwargs={ 'username': username, 'id_string': id_string })) return HttpResponseForbidden(t('Update failed.'))
def edit(request, username, id_string): xform = XForm.objects.get(user__username=username, id_string=id_string) owner = xform.user if username == request.user.username or\ request.user.has_perm('logger.change_xform', xform): if request.POST.get('description'): audit = { 'xform': xform.id_string } audit_log( Actions.FORM_UPDATED, request.user, owner, _("Description for '%(id_string)s' updated from " "'%(old_description)s' to '%(new_description)s'.") % { 'id_string': xform.id_string, 'old_description': xform.description, 'new_description': request.POST['description'] }, audit, request) xform.description = request.POST['description'] elif request.POST.get('title'): audit = { 'xform': xform.id_string } audit_log( Actions.FORM_UPDATED, request.user, owner, _("Title for '%(id_string)s' updated from " "'%(old_title)s' to '%(new_title)s'.") % { 'id_string': xform.id_string, 'old_title': xform.title, 'new_title': request.POST.get('title') }, audit, request) xform.title = request.POST['title'] elif request.POST.get('toggle_shared'): if request.POST['toggle_shared'] == 'data': audit = { 'xform': xform.id_string } audit_log( Actions.FORM_UPDATED, request.user, owner, _("Data sharing updated for '%(id_string)s' from " "'%(old_shared)s' to '%(new_shared)s'.") % { 'id_string': xform.id_string, 'old_shared': _("shared") if xform.shared_data else _("not shared"), 'new_shared': _("shared") if not xform.shared_data else _("not shared") }, audit, request) xform.shared_data = not xform.shared_data elif request.POST['toggle_shared'] == 'form': audit = { 'xform': xform.id_string } audit_log( Actions.FORM_UPDATED, request.user, owner, _("Form sharing for '%(id_string)s' updated " "from '%(old_shared)s' to '%(new_shared)s'.") % { 'id_string': xform.id_string, 'old_shared': _("shared") if xform.shared else _("not shared"), 'new_shared': _("shared") if not xform.shared else _("not shared") }, audit, request) xform.shared = not xform.shared elif request.POST['toggle_shared'] == 'active': audit = { 'xform': xform.id_string } audit_log( Actions.FORM_UPDATED, request.user, owner, _("Active status for '%(id_string)s' updated from " "'%(old_shared)s' to '%(new_shared)s'.") % { 'id_string': xform.id_string, 'old_shared': _("shared") if xform.downloadable else _("not shared"), 'new_shared': _("shared") if not xform.downloadable else _("not shared") }, audit, request) xform.downloadable = not xform.downloadable elif request.POST.get('form-license'): audit = { 'xform': xform.id_string } audit_log( Actions.FORM_UPDATED, request.user, owner, _("Form License for '%(id_string)s' updated to " "'%(form_license)s'.") % { 'id_string': xform.id_string, 'form_license': request.POST['form-license'], }, audit, request) MetaData.form_license(xform, request.POST['form-license']) elif request.POST.get('data-license'): audit = { 'xform': xform.id_string } audit_log( Actions.FORM_UPDATED, request.user, owner, _("Data license for '%(id_string)s' updated to " "'%(data_license)s'.") % { 'id_string': xform.id_string, 'data_license': request.POST['data-license'], }, audit, request) MetaData.data_license(xform, request.POST['data-license']) elif request.POST.get('source') or request.FILES.get('source'): audit = { 'xform': xform.id_string } audit_log( Actions.FORM_UPDATED, request.user, owner, _("Source for '%(id_string)s' updated to '%(source)s'.") % { 'id_string': xform.id_string, 'source': request.POST.get('source'), }, audit, request) MetaData.source(xform, request.POST.get('source'), request.FILES.get('source')) elif request.POST.get('enable_sms_support_trigger') is not None: sms_support_form = ActivateSMSSupportFom(request.POST) if sms_support_form.is_valid(): audit = { 'xform': xform.id_string } enabled = \ sms_support_form.cleaned_data.get('enable_sms_support') if enabled: audit_action = Actions.SMS_SUPPORT_ACTIVATED audit_message = _(u"SMS Support Activated on") else: audit_action = Actions.SMS_SUPPORT_DEACTIVATED audit_message = _(u"SMS Support Deactivated on") audit_log( audit_action, request.user, owner, audit_message % {'id_string': xform.id_string}, audit, request) # stored previous states to be able to rollback form status # in case we can't save. pe = xform.allows_sms pid = xform.sms_id_string xform.allows_sms = enabled xform.sms_id_string = \ sms_support_form.cleaned_data.get('sms_id_string') compat = check_form_sms_compatibility(None, json.loads(xform.json)) if compat['type'] == 'alert-error': xform.allows_sms = False xform.sms_id_string = pid try: xform.save() except IntegrityError: # unfortunately, there's no feedback mechanism here xform.allows_sms = pe xform.sms_id_string = pid elif request.POST.get('media_url'): uri = request.POST.get('media_url') MetaData.media_add_uri(xform, uri) elif request.FILES.get('media'): audit = { 'xform': xform.id_string } audit_log( Actions.FORM_UPDATED, request.user, owner, _("Media added to '%(id_string)s'.") % { 'id_string': xform.id_string }, audit, request) for aFile in request.FILES.getlist("media"): MetaData.media_upload(xform, aFile) elif request.POST.get('map_name'): mapbox_layer = MapboxLayerForm(request.POST) if mapbox_layer.is_valid(): audit = { 'xform': xform.id_string } audit_log( Actions.FORM_UPDATED, request.user, owner, _("Map layer added to '%(id_string)s'.") % { 'id_string': xform.id_string }, audit, request) MetaData.mapbox_layer_upload(xform, mapbox_layer.cleaned_data) elif request.FILES: audit = { 'xform': xform.id_string } audit_log( Actions.FORM_UPDATED, request.user, owner, _("Supporting document added to '%(id_string)s'.") % { 'id_string': xform.id_string }, audit, request) MetaData.supporting_docs(xform, request.FILES['doc']) xform.update() if request.is_ajax(): return HttpResponse(_(u'Updated succeeded.')) else: return HttpResponseRedirect(reverse(show, kwargs={ 'username': username, 'id_string': id_string })) return HttpResponseForbidden(_(u'Update failed.'))