コード例 #1
0
ファイル: views.py プロジェクト: seanmonstar/FlightDeck
def save(request, revision_id, type_id=None):
    """
    Save package and modules
    @TODO: check how dynamic module loading affects save
    """

    revision = get_object_with_related_or_404(PackageRevision, pk=revision_id)
    if request.user.pk != revision.author.pk:
        log_msg = ("[security] Attempt to save package (%s) by "
                   "non-owner (%s)" % (revision.pk,
                       request.user))
        log.warning(log_msg)
        return HttpResponseForbidden('You are not the author of this Package')

    save_revision = False
    save_package = False
    start_version_name = revision.version_name
    start_revision_message = revision.message

    response_data = {}

    package_full_name = request.POST.get('full_name', False)
    jid = request.POST.get('jid', None)
    version_name = request.POST.get('version_name', False)

    if jid and not validator.is_valid(
        'alphanum_plus', jid):
        return HttpResponseForbidden(escape(
            validator.get_validation_message('alphanum_plus')))

    # validate package_full_name and version_name
    if version_name and not validator.is_valid(
        'alphanum_plus', version_name):
        return HttpResponseForbidden(escape(
            validator.get_validation_message('alphanum_plus')))

    # here we're checking if the *current* full_name is different than the
    # revision's full_name
    if package_full_name and package_full_name != revision.package.full_name:
        try:
            revision.set_full_name(package_full_name)
        except ValidationError:
            return HttpResponseForbidden(escape(
                validator.get_validation_message('alphanum_plus_space')))
        except IntegrityError:
            return HttpResponseForbidden(
                'You already have a %s with that name' % escape(
                    revision.package.get_type_name())
                )
        else:
            save_package = True
            save_revision = True
            response_data['full_name'] = package_full_name

    package_description = request.POST.get('package_description', False)
    if package_description:
        save_package = True
        revision.package.description = package_description
        response_data['package_description'] = package_description

    extra_json = request.POST.get('package_extra_json')
    if extra_json is not None:
        # None means it wasn't submitted. We want to accept blank strings.
        save_revision = True
        try:
            revision.set_extra_json(extra_json, save=False)
        except JSONDecodeError:
            return HttpResponseBadRequest(
                    'Extra package properties were invalid JSON.')
        except IllegalFilenameException, e:
            return HttpResponseBadRequest(str(e))
        response_data['package_extra_json'] = extra_json
コード例 #2
0
ファイル: views.py プロジェクト: clouserw/FlightDeck
def save(request, id_number, type_id, revision_number=None,
                 version_name=None):
    """
    Save package and modules
    @TODO: check how dynamic module loading affects save
    """
    revision = get_package_revision(id_number, type_id, revision_number,
                                    version_name)
    if request.user.pk != revision.author.pk:
        log_msg = ("[security] Attempt to save package (%s) by "
                   "non-owner (%s)" % (id_number, request.user))
        log.warning(log_msg)
        return HttpResponseForbidden('You are not the author of this Package')

    save_revision = False
    save_package = False
    start_version_name = revision.version_name
    start_revision_message = revision.message

    response_data = {}

    package_full_name = request.POST.get('full_name', False)
    version_name = request.POST.get('version_name', False)

    # validate package_full_name and version_name

    if version_name and not validator.is_valid(
        'alphanum_plus', version_name):
        return HttpResponseNotAllowed(escape(
            validator.get_validation_message('alphanum_plus')))

    # here we're checking if the *current* full_name is different than the
    # revision's full_name
    if package_full_name and package_full_name != revision.package.full_name:
        try:
            revision.set_full_name(package_full_name)
        except ValidationError:
            return HttpResponseNotAllowed(escape(
                validator.get_validation_message('alphanum_plus_space')))
        except IntegrityError:
            return HttpResponseForbidden(
                'You already have a %s with that name' % escape(
                    revision.package.get_type_name())
                )
        else:
            save_package = True
            save_revision = True
            response_data['full_name'] = package_full_name

    package_description = request.POST.get('package_description', False)
    if package_description:
        save_package = True
        revision.package.description = package_description
        response_data['package_description'] = package_description

    changes = []
    for mod in revision.modules.all():
        if request.POST.get(mod.filename, False):
            code = request.POST[mod.filename]
            if mod.code != code:
                mod.code = code
                changes.append(mod)

    for att in revision.attachments.all():
        uid = str(att.pk)
        if request.POST.get(uid):
            att.data = request.POST[uid]
            if att.changed():
                changes.append(att)

    attachments_changed = {}
    if save_revision or changes:
        try:
            revision.save()
        except ValidationError, err:
            return HttpResponseForbidden(escape(err.__str__()))
コード例 #3
0
ファイル: views.py プロジェクト: sirinartk/FlightDeck
def save(request, revision_id, type_id=None):
    """
    Save package and modules
    @TODO: check how dynamic module loading affects save
    """

    revision = get_object_with_related_or_404(PackageRevision, pk=revision_id)
    if request.user.pk != revision.author.pk:
        log_msg = ("[security] Attempt to save package (%s) by "
                   "non-owner (%s)" % (revision.pk, request.user))
        log.warning(log_msg)
        return HttpResponseForbidden('You are not the author of this Package')

    save_revision = False
    save_package = False
    start_version_name = revision.version_name
    start_revision_message = revision.message

    response_data = {}

    package_full_name = request.POST.get('full_name', False)
    jid = request.POST.get('jid', None)
    version_name = request.POST.get('version_name', False)

    if jid and not validator.is_valid('alphanum_plus', jid):
        return HttpResponseForbidden(
            escape(validator.get_validation_message('alphanum_plus')))

    # validate package_full_name and version_name
    if version_name and not validator.is_valid('alphanum_plus', version_name):
        return HttpResponseForbidden(
            escape(validator.get_validation_message('alphanum_plus')))

    # here we're checking if the *current* full_name is different than the
    # revision's full_name
    if package_full_name and package_full_name != revision.package.full_name:
        try:
            revision.set_full_name(package_full_name)
        except ValidationError:
            return HttpResponseForbidden(
                escape(
                    validator.get_validation_message('alphanum_plus_space')))
        except IntegrityError:
            return HttpResponseForbidden(
                'You already have a %s with that name' %
                escape(revision.package.get_type_name()))
        else:
            save_package = True
            save_revision = True
            response_data['full_name'] = package_full_name

    package_description = request.POST.get('package_description', False)
    if package_description:
        save_package = True
        revision.package.description = package_description
        response_data['package_description'] = package_description

    extra_json = request.POST.get('package_extra_json')
    if extra_json is not None:
        # None means it wasn't submitted. We want to accept blank strings.
        save_revision = True
        try:
            revision.set_extra_json(extra_json, save=False)
        except JSONDecodeError:
            return HttpResponseBadRequest(
                'Extra package properties were invalid JSON.')
        except IllegalFilenameException, e:
            return HttpResponseBadRequest(str(e))
        except KeyNotAllowed, e:
            return HttpResponseForbidden(str(e))
コード例 #4
0
ファイル: views.py プロジェクト: andymckay/FlightDeck
def package_save(r, id_number, type_id, revision_number=None, version_name=None):
    """
    Save package and modules
    @TODO: check how dynamic module loading affects save
    """
    revision = get_package_revision(id_number, type_id, revision_number, version_name)
    if r.user.pk != revision.author.pk:
        log_msg = "Unauthorised attempt to save package. user: %s, package: %s." % (r.user, id_number)
        log = commonware.log.getLogger("f.jetpack")
        log.debug(log_msg)
        return HttpResponseForbidden("You are not the author of this Package")

    should_reload = False
    save_revision = False
    save_package = False
    start_version_name = revision.version_name
    start_revision_message = revision.message
    start_revision_number = revision.revision_number

    response_data = {}

    package_full_name = r.POST.get("full_name", False)
    version_name = r.POST.get("version_name", False)

    # validate package_full_name and version_name
    if package_full_name and not validator.is_valid("alphanum_plus_space", package_full_name):
        return HttpResponseNotAllowed(escape(validator.get_validation_message("alphanum_plus_space")))

    if version_name and not validator.is_valid("alphanum_plus", version_name):
        return HttpResponseNotAllowed(escape(validator.get_validation_message("alphanum_plus")))

    if package_full_name and package_full_name != revision.package.full_name:
        try:
            # it was erroring as pk=package.pk
            # I changed it to pk=revision.package.pk
            # TODO: Check if not redundant as it is in model as well
            package = Package.objects.exclude(pk=revision.package.pk).get(
                full_name=package_full_name, type=revision.package.type, author__username=r.user.username
            )
            return HttpResponseForbidden(
                "You already have a %s with that name" % escape(revision.package.get_type_name())
            )
        except:
            save_package = True
            should_reload = True
            revision.package.full_name = package_full_name
            revision.package.name = None

    package_description = r.POST.get("package_description", False)
    if package_description:
        save_package = True
        revision.package.description = package_description
        response_data["package_description"] = package_description

    modules = []
    for mod in revision.modules.all():
        if r.POST.get(mod.filename, False):
            code = r.POST[mod.filename]
            if mod.code != code:
                mod.code = code
                modules.append(mod)

    if modules:
        revision.modules_update(modules)
        save_revision = False

    if save_revision:
        revision.save()

    revision_message = r.POST.get("revision_message", False)
    if revision_message and revision_message != start_revision_message:
        revision.message = revision_message
        # save revision message without changeing the revision
        super(PackageRevision, revision).save()
        response_data["revision_message"] = revision_message

    if version_name and version_name != start_version_name and version_name != revision.package.version_name:
        save_package = False
        try:
            revision.set_version(version_name)
        except Exception, err:
            return HttpResponseForbidden(escape(err.__str__()))
コード例 #5
0
ファイル: views.py プロジェクト: csuwildcat/FlightDeck
def package_save(r, id_number, type_id, revision_number=None,
                 version_name=None):
    """
    Save package and modules
    @TODO: check how dynamic module loading affects save
    """
    revision = get_package_revision(id_number, type_id, revision_number,
                                    version_name)
    if r.user.pk != revision.author.pk:
        log_msg = ("[security] Attempt to save package (%s) by "
                   "non-owner (%s)" % (id_number, r.user))
        log.warning(log_msg)
        return HttpResponseForbidden('You are not the author of this Package')

    save_revision = False
    save_package = False
    start_version_name = revision.version_name
    start_revision_message = revision.message

    response_data = {}

    package_full_name = r.POST.get('full_name', False)
    version_name = r.POST.get('version_name', False)

    # validate package_full_name and version_name
    if package_full_name and not validator.is_valid(
        'alphanum_plus_space', package_full_name):
        return HttpResponseNotAllowed(escape(
            validator.get_validation_message('alphanum_plus_space')))

    if version_name and not validator.is_valid(
        'alphanum_plus', version_name):
        return HttpResponseNotAllowed(escape(
            validator.get_validation_message('alphanum_plus')))

    if package_full_name and package_full_name != revision.package.full_name:
        revision.package.full_name = package_full_name
        # in FlightDeck, libraries can have the same name, by different authors
        try:
            Package.objects.get(author=revision.package.author,
                                name=revision.package.make_name())
            return HttpResponseForbidden(
                'You already have a %s with that name' % escape(
                    revision.package.get_type_name())
                )
        except Package.DoesNotExist:
            save_package = True
            response_data['full_name'] = package_full_name

    package_description = r.POST.get('package_description', False)
    if package_description:
        save_package = True
        revision.package.description = package_description
        response_data['package_description'] = package_description

    changes = []
    for mod in revision.modules.all():
        if r.POST.get(mod.filename, False):
            code = r.POST[mod.filename]
            if mod.code != code:
                mod.code = code
                changes.append(mod)

    for att in revision.attachments.all():
        uid = str(att.pk)
        if r.POST.get(uid):
            att.data = r.POST[uid]
            if att.changed():
                changes.append(att)

    attachments_changed = {}
    if save_revision or changes:
        revision.save()

    if changes:
        attachments_changed = simplejson.dumps(
                revision.updates(changes, save=False))

    revision_message = r.POST.get('revision_message', False)
    if revision_message and revision_message != start_revision_message:
        revision.message = revision_message
        # save revision message without changeing the revision
        super(PackageRevision, revision).save()
        response_data['revision_message'] = revision_message

    if version_name and version_name != start_version_name \
        and version_name != revision.package.version_name:
        save_package = False
        try:
            revision.set_version(version_name)
        except Exception, err:
            return HttpResponseForbidden(escape(err.__str__()))