def credundelete(request, cred_id): cred = get_object_or_404(Cred, pk=cred_id) try: lastchange = CredAudit.objects.filter( cred=cred, audittype__in=[CredAudit.CREDCHANGE, CredAudit.CREDADD], ).latest().time except CredAudit.DoesNotExist: lastchange = _("Unknown (Logs deleted)") # Check user has perms if not cred.is_accessible_by(request.user): raise Http404 if request.method == 'POST': CredAudit(audittype=CredAudit.CREDADD, cred=cred, user=request.user).save() cred.is_deleted = False cred.save() return HttpResponseRedirect( reverse('cred.views.list', args=('special', 'trash'))) CredAudit(audittype=CredAudit.CREDVIEW, cred=cred, user=request.user).save() return render( request, 'cred_detail.html', { 'cred': cred, 'lastchange': lastchange, 'action': reverse('cred.views.delete', args=(cred_id, )), 'undelete': True })
def setUpBasicData(self): # Make a tag self.tag = Tag(name='tag') self.tag.save() # Make a simple credential self.cred = Cred(title='secret', username='******', password='******', group=self.group) self.cred.save() # Make a cred that'll be tagged self.tagcred = Cred(title='tagged', password='******', group=self.group) self.tagcred.save() self.tagcred.tags.add(self.tag) self.tagcred.save() # A cred that attempts script injection self.injectcred = Cred( title='<script>document.write("BADTITLE!")</script>Bold!', username='******', password='******', group=self.group ) self.injectcred.save() # A cred with markdown self.markdowncred = Cred( title='Markdown Cred', password='******', group=self.group, description='# Test', descriptionmarkdown=True, ) self.markdowncred.save() # Add a Unicode credential self.unicodecred = Cred( title='Unicode ‑ Cred', password='******', group=self.group, description='Γαζέες καὶ μυρτιὲς δὲν θὰ βρῶ πιὰ στὸ χρυσαφὶ ξέφωτο', ) self.unicodecred.save() CredChangeQ.objects.add_to_changeq(self.cred) self.viewedcred = Cred(title='Viewed', password='******', group=self.group) self.viewedcred.save() self.changedcred = Cred(title='Changed', password='******', group=self.group) self.changedcred.save() CredAudit(audittype=CredAudit.CREDADD, cred=self.viewedcred, user=self.unobody).save() CredAudit(audittype=CredAudit.CREDADD, cred=self.changedcred, user=self.unobody).save() CredAudit(audittype=CredAudit.CREDVIEW, cred=self.viewedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDVIEW, cred=self.changedcred, user=self.unorm).save() CredAudit(audittype=CredAudit.CREDCHANGE, cred=self.changedcred, user=self.ustaff).save() self.logadd = CredAudit(audittype=CredAudit.CREDADD, cred=self.cred, user=self.ustaff) self.logview = CredAudit(audittype=CredAudit.CREDVIEW, cred=self.cred, user=self.ustaff) self.logadd.save() self.logview.save()
def update_detail(self, object_list, bundle): # Check user has perms if not bundle.obj.is_owned_by(bundle.request.user): return False CredAudit(audittype=CredAudit.CREDCHANGE, cred=bundle.obj, user=bundle.request.user).save() return True
def read_detail(self, object_list, bundle): # Check user has perms if not bundle.obj.is_visible_by(bundle.request.user): return False # This audit should go somewhere else, is there a detail list function we can override? CredAudit(audittype=CredAudit.CREDPASSVIEW, cred=bundle.obj, user=bundle.request.user).save() return True
def import_process(request, import_id): # If there was no session data, return 404 if 'imported_data' not in request.session.keys(): raise Http404 # Get the entry we are concerned with try: entry = request.session['imported_data']['entries'][int(import_id)] except IndexError: raise Http404 # Get the group groupid = request.session['imported_data']['group'] try: group = Group.objects.get(pk=groupid) except Group.DoesNotExist: del request.session['imported_data'] raise Http404 if request.method == 'POST': # Try and import what we have now # Did the user upload a new attachment if entry['filename'] and 'attachment' not in request.FILES.keys(): sfile = SimpleUploadedFile(entry['filename'], bytes(entry['filecontent'])) request.FILES['attachment'] = sfile # Build the form form = CredForm(request.user, request.POST, request.FILES) # Do we have enough data to save? if form.is_valid(): # Save the credential form.save() # Write the audit log CredAudit( audittype=CredAudit.CREDADD, cred=form.instance, user=request.user, ).save() # Remove the entry we're importing del request.session['imported_data']['entries'][int(import_id)] request.session.save() # Go back to the overview return HttpResponseRedirect(reverse('staff.views.import_overview')) else: # Init the cred, and create the form processed = dict(entry) # Create all the tags tlist = [] for t in processed['tags']: (tag, create) = Tag.objects.get_or_create(name=t) tlist.append(tag) processed['tags'] = tlist # Setup the group processed['group'] = group # If the icon is empty set it if 'iconname' not in processed.keys(): processed['iconname'] = 'Key.png' # Remove the attachment if processed['filename']: del processed['filename'] del processed['filecontent'] # Create the form form = CredForm(request.user, processed, {}) return render(request, 'staff_import_process.html', { 'form': form, 'icons': get_icon_list(), })
def read_detail(self, object_list, bundle): # This audit should go somewhere else, is there a detail list function we can override? CredAudit(audittype=CredAudit.CREDPASSVIEW, cred=bundle.obj, user=bundle.request.user).save() return True