def credundelete(request, cred_id):
cred = get_object_or_404(Cred, pk=cred_id)
try:
lastchange = CredAudit.objects.filter(
cred=cred,
audittype__in=[CredAudit.CREDCHANGE, CredAudit.CREDADD],
).latest().time
except CredAudit.DoesNotExist:
lastchange = _("Unknown (Logs deleted)")
# Check user has perms
if not cred.is_accessible_by(request.user):
raise Http404
if request.method == 'POST':
CredAudit(audittype=CredAudit.CREDADD, cred=cred,
user=request.user).save()
cred.is_deleted = False
cred.save()
return HttpResponseRedirect(
reverse('cred.views.list', args=('special', 'trash')))
CredAudit(audittype=CredAudit.CREDVIEW, cred=cred,
user=request.user).save()
return render(
request, 'cred_detail.html', {
'cred': cred,
'lastchange': lastchange,
'action': reverse('cred.views.delete', args=(cred_id, )),
'undelete': True
})
def setUpBasicData(self):
# Make a tag
self.tag = Tag(name='tag')
self.tag.save()
# Make a simple credential
self.cred = Cred(title='secret', username='******', password='******', group=self.group)
self.cred.save()
# Make a cred that'll be tagged
self.tagcred = Cred(title='tagged', password='******', group=self.group)
self.tagcred.save()
self.tagcred.tags.add(self.tag)
self.tagcred.save()
# A cred that attempts script injection
self.injectcred = Cred(
title='<script>document.write("BADTITLE!")</script>Bold!',
username='******',
password='******',
group=self.group
)
self.injectcred.save()
# A cred with markdown
self.markdowncred = Cred(
title='Markdown Cred',
password='******',
group=self.group,
description='# Test',
descriptionmarkdown=True,
)
self.markdowncred.save()
# Add a Unicode credential
self.unicodecred = Cred(
title='Unicode ‑ Cred',
password='******',
group=self.group,
description='Γαζέες καὶ μυρτιὲς δὲν θὰ βρῶ πιὰ στὸ χρυσαφὶ ξέφωτο',
)
self.unicodecred.save()
CredChangeQ.objects.add_to_changeq(self.cred)
self.viewedcred = Cred(title='Viewed', password='******', group=self.group)
self.viewedcred.save()
self.changedcred = Cred(title='Changed', password='******', group=self.group)
self.changedcred.save()
CredAudit(audittype=CredAudit.CREDADD, cred=self.viewedcred, user=self.unobody).save()
CredAudit(audittype=CredAudit.CREDADD, cred=self.changedcred, user=self.unobody).save()
CredAudit(audittype=CredAudit.CREDVIEW, cred=self.viewedcred, user=self.unorm).save()
CredAudit(audittype=CredAudit.CREDVIEW, cred=self.changedcred, user=self.unorm).save()
CredAudit(audittype=CredAudit.CREDCHANGE, cred=self.changedcred, user=self.ustaff).save()
self.logadd = CredAudit(audittype=CredAudit.CREDADD, cred=self.cred, user=self.ustaff)
self.logview = CredAudit(audittype=CredAudit.CREDVIEW, cred=self.cred, user=self.ustaff)
self.logadd.save()
self.logview.save()
def update_detail(self, object_list, bundle):
# Check user has perms
if not bundle.obj.is_owned_by(bundle.request.user):
return False
CredAudit(audittype=CredAudit.CREDCHANGE,
cred=bundle.obj,
user=bundle.request.user).save()
return True
def read_detail(self, object_list, bundle):
# Check user has perms
if not bundle.obj.is_visible_by(bundle.request.user):
return False
# This audit should go somewhere else, is there a detail list function we can override?
CredAudit(audittype=CredAudit.CREDPASSVIEW,
cred=bundle.obj,
user=bundle.request.user).save()
return True
def import_process(request, import_id):
# If there was no session data, return 404
if 'imported_data' not in request.session.keys():
raise Http404
# Get the entry we are concerned with
try:
entry = request.session['imported_data']['entries'][int(import_id)]
except IndexError:
raise Http404
# Get the group
groupid = request.session['imported_data']['group']
try:
group = Group.objects.get(pk=groupid)
except Group.DoesNotExist:
del request.session['imported_data']
raise Http404
if request.method == 'POST':
# Try and import what we have now
# Did the user upload a new attachment
if entry['filename'] and 'attachment' not in request.FILES.keys():
sfile = SimpleUploadedFile(entry['filename'],
bytes(entry['filecontent']))
request.FILES['attachment'] = sfile
# Build the form
form = CredForm(request.user, request.POST, request.FILES)
# Do we have enough data to save?
if form.is_valid():
# Save the credential
form.save()
# Write the audit log
CredAudit(
audittype=CredAudit.CREDADD,
cred=form.instance,
user=request.user,
).save()
# Remove the entry we're importing
del request.session['imported_data']['entries'][int(import_id)]
request.session.save()
# Go back to the overview
return HttpResponseRedirect(reverse('staff.views.import_overview'))
else:
# Init the cred, and create the form
processed = dict(entry)
# Create all the tags
tlist = []
for t in processed['tags']:
(tag, create) = Tag.objects.get_or_create(name=t)
tlist.append(tag)
processed['tags'] = tlist
# Setup the group
processed['group'] = group
# If the icon is empty set it
if 'iconname' not in processed.keys():
processed['iconname'] = 'Key.png'
# Remove the attachment
if processed['filename']:
del processed['filename']
del processed['filecontent']
# Create the form
form = CredForm(request.user, processed, {})
return render(request, 'staff_import_process.html', {
'form': form,
'icons': get_icon_list(),
})
def read_detail(self, object_list, bundle):
# This audit should go somewhere else, is there a detail list function we can override?
CredAudit(audittype=CredAudit.CREDPASSVIEW, cred=bundle.obj, user=bundle.request.user).save()
return True
