def submission_deletion(hashid, submissionid): submission = Submission.query.get(submissionid) form = Form.get_with_hashid(hashid) # check that this request came from user dashboard to prevent XSS and CSRF referrer = referrer_to_baseurl(request.referrer) service = referrer_to_baseurl(settings.SERVICE_URL) if referrer != service: return render_template('error.html', title='Improper Request', text='The request you made is not valid.<br />Please visit your dashboard and try again.'), 400 if form.owner_id != current_user.id: if form not in current_user.forms: #accounts for bug when form isn't assigned owner_id bc it was not created from dashboard return render_template('error.html', title='Wrong user', text='You aren\'t the owner of that form.<br />Please log in as the form owner and try again.' + str(form.id)), 400 if not submission: return render_template('error.html', title='Not a valid submission', text='That submission does not exist.<br />Please check the link and try again.'), 400 elif submission.form_id != form.id: return render_template('error.html', title='Not a valid submissions', text='That submission does not match the form provided.<br />Please check the link and try again.'), 400 else: DB.session.delete(submission) form.counter -= 1 DB.session.add(form) DB.session.commit() flash(u'Submission successfully deleted', 'success') return redirect(url_for('form-submissions', hashid=hashid))
def form_toggle(hashid): form = Form.get_with_hashid(hashid) # check that this request came from user dashboard to prevent XSS and CSRF referrer = referrer_to_baseurl(request.referrer) service = referrer_to_baseurl(settings.SERVICE_URL) if referrer != service: return render_template('error.html', title='Improper Request', text='The request you made is not valid.<br />Please visit your dashboard and try again.'), 400 if form.owner_id != current_user.id: if form not in current_user.forms: #accounts for bug when form isn't assigned owner_id bc it was not created from dashboard return render_template('error.html', title='Wrong user', text='You aren\'t the owner of that form.<br />Please log in as the form owner and try again.'), 400 if not form: return render_template('error.html', title='Not a valid form', text='That form does not exist.<br />Please check the link and try again.'), 400 else: form.disabled = not form.disabled DB.session.add(form) DB.session.commit() if form.disabled: flash('Form successfully disabled', 'success') else: flash('Form successfully enabled', 'success') return redirect(url_for('dashboard'))
def submission_deletion(hashid, submissionid): submission = Submission.query.get(submissionid) form = Form.get_with_hashid(hashid) # check that this request came from user dashboard to prevent XSS and CSRF referrer = referrer_to_baseurl(request.referrer) service = referrer_to_baseurl(settings.SERVICE_URL) if referrer != service: return render_template('error.html', title='Improper Request', text='The request you made is not valid.<br />Please visit your dashboard and try again.'), 400 if form.owner_id != current_user.id: if form not in current_user.forms: #accounts for bug when form isn't assigned owner_id bc it was not created from dashboard return render_template('error.html', title='Wrong user', text='You aren\'t the owner of that form.<br />Please log in as the form owner and try again.' + str(form.id)), 400 if not submission: return render_template('error.html', title='Not a valid submission', text='That submission does not exist.<br />Please check the link and try again.'), 400 elif submission.form_id != form.id: return render_template('error.html', title='Not a valid submissions', text='That submission does not match the form provided.<br />Please check the link and try again.'), 400 else: DB.session.delete(submission) form.counter -= 1 DB.session.add(form) DB.session.commit() flash('Submission successfully deleted', 'success') return redirect(url_for('form-submissions', hashid=hashid))
def form_toggle(hashid): form = Form.get_with_hashid(hashid) # check that this request came from user dashboard to prevent XSS and CSRF referrer = referrer_to_baseurl(request.referrer) service = referrer_to_baseurl(settings.SERVICE_URL) if referrer != service: return render_template('error.html', title='Improper Request', text='The request you made is not valid.<br />Please visit your dashboard and try again.'), 400 if form.owner_id != current_user.id: if form not in current_user.forms: #accounts for bug when form isn't assigned owner_id bc it was not created from dashboard return render_template('error.html', title='Wrong user', text='You aren\'t the owner of that form.<br />Please log in as the form owner and try again.'), 400 if not form: return render_template('error.html', title='Not a valid form', text='That form does not exist.<br />Please check the link and try again.'), 400 else: form.disabled = not form.disabled DB.session.add(form) DB.session.commit() if form.disabled: flash(u'Form successfully disabled', 'success') else: flash(u'Form successfully enabled', 'success') return redirect(url_for('dashboard'))