def workbook(request, workbook_id=0): template = 'workbooks/workbook.html' command = request.path.rsplit('/',1)[1] if request.method == "POST" : if command == "create" : workbook_model = Workbook.createDefault(name="Untitled Workbook", description="", user=request.user) elif command == "edit" : workbook_model = Workbook.edit(id=workbook_id, name=request.POST.get('name'), description=request.POST.get('description')) elif command == "copy" : workbook_model = Workbook.copy(id=workbook_id, user=request.user) elif command == "delete" : Workbook.destroy(id=workbook_id) if command == "delete": redirect_url = reverse('workbooks') return redirect(redirect_url) else : redirect_url = reverse('workbook_detail', kwargs={'workbook_id':workbook_model.id}) return redirect(redirect_url) elif request.method == "GET" : if workbook_id: try : ownedWorkbooks = request.user.workbook_set.all().filter(active=True) sharedWorkbooks = Workbook.objects.filter(shared__matched_user=request.user, shared__active=True, active=True) publicWorkbooks = Workbook.objects.all().filter(is_public=True,active=True) workbooks = ownedWorkbooks | sharedWorkbooks | publicWorkbooks workbooks = workbooks.distinct() workbook_model = workbooks.get(id=workbook_id) workbook_model.worksheets = workbook_model.get_deep_worksheets() is_shareable = workbook_model.is_shareable(request) shared = None if workbook_model.owner.id != request.user.id and not workbook_model.is_public: shared = request.user.shared_resource_set.get(workbook__id=workbook_id) plot_types = Analysis.get_types() return render(request, template, {'workbook' : workbook_model, 'datatypes' : get_gene_datatypes(), 'is_shareable': is_shareable, 'shared' : shared, 'plot_types' : plot_types}) except ObjectDoesNotExist: redirect_url = reverse('workbooks') return redirect(redirect_url) else : redirect_url = reverse('workbooks') return redirect(redirect_url)
def workbook_create_with_program(request): program_id = request.POST.get('program_id') program_model = Program.objects.get(id=program_id) workbook_model = Workbook.create( name="Untitled Workbook", description= "this is an untitled workbook with all variables of program \"" + program_model.name + "\" added to the first worksheet. Click Edit Details to change your workbook title and description.", user=request.user) worksheet_model = Worksheet.objects.create(name="worksheet 1", description="", workbook=workbook_model) #add every variable within the model for study in program_model.study_set.filter(active=True): for var in study.user_feature_definitions_set.all(): work_var = Worksheet_variable.objects.create( worksheet_id=worksheet_model.id, name=var.feature_name, url_code=var.bq_map_id, feature_id=var.id) work_var.save() redirect_url = reverse('workbook_detail', kwargs={'workbook_id': workbook_model.id}) return redirect(redirect_url)
def workbook_create_with_variables(request): json_data = request.POST.get('json_data') if json_data: data = json.loads(json_data) # TODO: Refactor so that user can create using multiple variable lists var_list_id = data['variable_list_id'][0] else: var_list_id = request.POST.get('variable_list_id') var_list_model = VariableFavorite.objects.get(id=var_list_id) name = request.POST.get('name', var_list_model.name + ' workbook') workbook_model = Workbook.create(name=name, description="this is an untitled workbook with all variables of variable favorite list \"" + var_list_model.name + "\" added to the first worksheet. Click Edit Details to change your workbook title and description.", user=request.user) workbook_model.save() worksheet_model = Worksheet.objects.create(name="worksheet 1", description="", workbook=workbook_model) worksheet_model.save() print workbook_model.id for var in var_list_model.get_variables() : work_var = Worksheet_variable.objects.create(worksheet_id = worksheet_model.id, name = var.name, url_code = var.code, type = var.type, feature_id = var.feature_id) work_var.save() redirect_url = reverse('workbook_detail', kwargs={'workbook_id':workbook_model.id}) if json_data: return JsonResponse({'workbook_id': workbook_model.id, 'worksheet_id': worksheet_model.id}) else: return redirect(redirect_url)
def workbook_create_with_cohort(request): cohort_id = request.POST.get('cohort_id') cohort = Cohort.objects.get(id=cohort_id) workbook_model = Workbook.create(name="Untitled Workbook", description="This workbook was created with cohort \"" + cohort.name + "\" added to the first worksheet. Click Edit Details to change your workbook title and description.", user=request.user) worksheet_model = Worksheet.objects.create(name="worksheet 1", description="", workbook=workbook_model) worksheet_model.add_cohort(cohort=cohort) redirect_url = reverse('workbook_detail', kwargs={'workbook_id':workbook_model.id}) return redirect(redirect_url)
def workbook_create_with_analysis(request): analysis_type = request.POST.get('analysis') allowed_types = Analysis.get_types() redirect_url = reverse('sample_analyses') for type in allowed_types : if analysis_type == type['name'] : workbook_model = Workbook.create(name="Untitled Workbook", description="this is an untitled workbook with a \"" + analysis_type + "\" plot added to the first worksheet. Click Edit Details to change your workbook title and description.", user=request.user) worksheet_model = Worksheet.objects.create(name="worksheet 1", description="", workbook=workbook_model) worksheet_model.set_plot(type=analysis_type) redirect_url = reverse('workbook_detail', kwargs={'workbook_id':workbook_model.id}) break return redirect(redirect_url)
def workbook_create_with_cohort_list(request): cohort_ids = json.loads(request.body)['cohorts'] if len(cohort_ids) > 0 : workbook_model = Workbook.create(name="Untitled Workbook", description="This is a workbook created with cohorts added to the first worksheet. Click Edit Details to change your workbook title and description.", user=request.user) worksheet_model = Worksheet.objects.create(name="worksheet 1", description="", workbook=workbook_model) for id in cohort_ids : cohort = Cohort.objects.get(id=id) worksheet_model.add_cohort(cohort=cohort) result = {'workbook_id' : workbook_model.id, 'worksheet_id' : worksheet_model.id} else : result = {'error' : 'parameters are not correct'} return HttpResponse(json.dumps(result), status=200)
def workbook_create_with_cohort(request): cohort_id = request.POST.get('cohort_id') cohort = Cohort.objects.get(id=cohort_id) workbook_model = Workbook.create( name="Untitled Workbook", description="This workbook was created with cohort \"" + cohort.name + "\" added to the first worksheet. Click Edit Details to change your workbook title and description.", user=request.user) worksheet_model = Worksheet.objects.create(name="worksheet 1", description="", workbook=workbook_model) worksheet_model.add_cohort(cohort=cohort) redirect_url = reverse('workbook_detail', kwargs={'workbook_id': workbook_model.id}) return redirect(redirect_url)
def worksheet_display(request, workbook_id=0, worksheet_id=0): template = 'workbooks/workbook.html' workbook_model = Workbook.deep_get(workbook_id) workbook_model.mark_viewed(request) is_shareable = workbook_model.is_shareable(request) for worksheet in workbook_model.worksheets: if str(worksheet.id) == worksheet_id: display_worksheet = worksheet plot_types = Analysis.get_types() return render(request, template, {'workbook' : workbook_model, 'is_shareable' : is_shareable, 'datatypes' : get_gene_datatypes(), 'display_worksheet' : display_worksheet, 'plot_types' : plot_types})
def workbook_create_with_program(request): program_id = request.POST.get('program_id') program_model = Program.objects.get(id=program_id) workbook_model = Workbook.create(name="Untitled Workbook", description="this is an untitled workbook with all variables of program \"" + program_model.name + "\" added to the first worksheet. Click Edit Details to change your workbook title and description.", user=request.user) worksheet_model = Worksheet.objects.create(name="worksheet 1", description="", workbook=workbook_model) #add every variable within the model for study in program_model.study_set.all().filter(active=True) : for var in study.user_feature_definitions_set.all() : work_var = Worksheet_variable.objects.create(worksheet_id = worksheet_model.id, name = var.feature_name, url_code = var.bq_map_id, feature_id = var.id) work_var.save() redirect_url = reverse('workbook_detail', kwargs={'workbook_id':workbook_model.id}) return redirect(redirect_url)
def workbook_create_with_variables(request): json_data = request.POST.get('json_data') if json_data: data = json.loads(json_data) # TODO: Refactor so that user can create using multiple variable lists var_list_id = data['variable_list_id'][0] else: var_list_id = request.POST.get('variable_list_id') var_list_model = VariableFavorite.objects.get(id=var_list_id) name = request.POST.get('name', var_list_model.name + ' workbook') workbook_model = Workbook.create( name=name, description= "this is an untitled workbook with all variables of variable favorite list \"" + var_list_model.name + "\" added to the first worksheet. Click Edit Details to change your workbook title and description.", user=request.user) workbook_model.save() worksheet_model = Worksheet.objects.create(name="worksheet 1", description="", workbook=workbook_model) worksheet_model.save() print workbook_model.id for var in var_list_model.get_variables(): work_var = Worksheet_variable.objects.create( worksheet_id=worksheet_model.id, name=var.name, url_code=var.code, type=var.type, feature_id=var.feature_id) work_var.save() redirect_url = reverse('workbook_detail', kwargs={'workbook_id': workbook_model.id}) if json_data: return JsonResponse({ 'workbook_id': workbook_model.id, 'worksheet_id': worksheet_model.id }) else: return redirect(redirect_url)
def worksheet_display(request, workbook_id=0, worksheet_id=0): template = 'workbooks/workbook.html' workbook_model = Workbook.deep_get(workbook_id) workbook_model.mark_viewed(request) is_shareable = workbook_model.is_shareable(request) for worksheet in workbook_model.worksheets: if str(worksheet.id) == worksheet_id: display_worksheet = worksheet plot_types = Analysis.get_types() return render( request, template, { 'workbook': workbook_model, 'is_shareable': is_shareable, 'datatypes': get_gene_datatypes(workbook_model.build), 'display_worksheet': display_worksheet, 'plot_types': plot_types })
def workbook_create_with_analysis(request): analysis_type = request.POST.get('analysis') allowed_types = Analysis.get_types() redirect_url = reverse('sample_analyses') for type in allowed_types: if analysis_type == type['name']: workbook_model = Workbook.create( name="Untitled Workbook", description="this is an untitled workbook with a \"" + analysis_type + "\" plot added to the first worksheet. Click Edit Details to change your workbook title and description.", user=request.user) worksheet_model = Worksheet.objects.create(name="worksheet 1", description="", workbook=workbook_model) worksheet_model.set_plot(type=analysis_type) redirect_url = reverse('workbook_detail', kwargs={'workbook_id': workbook_model.id}) break return redirect(redirect_url)
def workbook_create_with_cohort_list(request): cohort_ids = json.loads(request.body)['cohorts'] if len(cohort_ids) > 0: workbook_model = Workbook.create( name="Untitled Workbook", description= "This is a workbook created with cohorts added to the first worksheet. Click Edit Details to change your workbook title and description.", user=request.user) worksheet_model = Worksheet.objects.create(name="worksheet 1", description="", workbook=workbook_model) for id in cohort_ids: cohort = Cohort.objects.get(id=id) worksheet_model.add_cohort(cohort=cohort) result = { 'workbook_id': workbook_model.id, 'worksheet_id': worksheet_model.id } else: result = {'error': 'parameters are not correct'} return HttpResponse(json.dumps(result), status=200)
def worksheet_variables(request, workbook_id=0, worksheet_id=0, variable_id=0): command = request.path.rsplit('/', 1)[1] json_response = False workbook_name = "Untitled Workbook" result = {} if request.method == "POST": if command == "delete": Worksheet_variable.destroy(workbook_id=workbook_id, worksheet_id=worksheet_id, id=variable_id, user=request.user) result['message'] = "variables have been deleted from workbook" else: variables = [] #from Edit Page if "variables" in request.body: json_response = True name = json.loads(request.body)['name'] variable_list = json.loads(request.body)['variables'] variable_favorite_result = VariableFavorite.create( name=name, variables=variable_list, user=request.user) model = VariableFavorite.objects.get( id=variable_favorite_result['id']) messages.info( request, 'The variable favorite list \"' + escape(model.name) + '\" was created and added to your worksheet') variables = model.get_variables() #from Details Page or list page if request.POST.get("variable_list_id"): workbook_name = request.POST.get("name") variable_id = request.POST.get("variable_list_id") try: variable_fav = VariableFavorite.objects.get(id=variable_id) variables = variable_fav.get_variables() except ObjectDoesNotExist: result['error'] = "variable favorite does not exist" #from Select Page if "var_favorites" in request.body: variable_fav_list = json.loads(request.body)['var_favorites'] json_response = True for fav in variable_fav_list: try: fav = VariableFavorite.objects.get(id=fav['id']) variables = fav.get_variables() except ObjectDoesNotExist: result['error'] = "variable favorite does not exist" if len(variables) > 0: if workbook_id == 0: workbook_model = Workbook.create( name=workbook_name, description= "This workbook was created with variables added to the first worksheet. Click Edit Details to change your workbook title and description.", user=request.user) worksheet_model = Worksheet.objects.create( name="worksheet 1", description="", workbook=workbook_model) else: workbook_model = Workbook.objects.get(id=workbook_id) workbook_model.save() worksheet_model = Worksheet.objects.get(id=worksheet_id) Worksheet_variable.edit_list(workbook_id=workbook_model.id, worksheet_id=worksheet_model.id, variable_list=variables, user=request.user) result['workbook_id'] = workbook_model.id result['worksheet_id'] = worksheet_model.id else: result['error'] = "no variables to add" else: result['error'] = "method not correct" if json_response: return HttpResponse(json.dumps(result), status=200) else: redirect_url = reverse('worksheet_display', kwargs={ 'workbook_id': workbook_model.id, 'worksheet_id': worksheet_model.id }) return redirect(redirect_url)
def worksheet_genes(request, workbook_id=0, worksheet_id=0, genes_id=0): command = request.path.rsplit('/',1)[1]; json_response = False result = {} if request.method == "POST" : if command == "delete" : Worksheet_gene.destroy(workbook_id=workbook_id, worksheet_id=worksheet_id, id=genes_id, user=request.user) result['message'] = "genes have been deleted from workbook" else : genes = [] workbook_name = 'Untitled Workbook' #from Gene Edit Page if request.POST.get("genes-list") : # Get workbook name if request.POST.get('name'): workbook_name = request.POST.get('name') name = request.POST.get("genes-name") gene_list = request.POST.get("genes-list") gene_list = [x.strip() for x in gene_list.split(' ')] gene_list = list(set(gene_list)) GeneFavorite.create(name=name, gene_list=gene_list, user=request.user) messages.info(request, 'The gene favorite list \"' + name + '\" was created and added to your worksheet') for g in gene_list: genes.append(g) #from Gene Details Page if request.POST.get("gene_list_id") : # Get workbook name if request.POST.get('name'): workbook_name = request.POST.get('name') gene_id = request.POST.get("gene_list_id") try : gene_fav = GeneFavorite.objects.get(id=gene_id) names = gene_fav.get_gene_name_list() for g in names: if g not in genes: genes.append(g) except ObjectDoesNotExist: None #from Gene List Page if "gene_fav_list" in request.body : json_response = True gene_fav_list = json.loads(request.body)['gene_fav_list'] for id in gene_fav_list: try: fav = GeneFavorite.objects.get(id=id) names = fav.get_gene_name_list() for g in names: if g not in genes: genes.append(g) except ObjectDoesNotExist: None if len(genes) > 0: if workbook_id is 0: workbook_model = Workbook.create(name=workbook_name, description="This workbook was created with genes added to the first worksheet. Click Edit Details to change your workbook title and description.", user=request.user) worksheet_model = Worksheet.objects.create(name="worksheet 1", description="", workbook=workbook_model) else : workbook_model = Workbook.objects.get(id=workbook_id) workbook_model.save() worksheet_model = Worksheet.objects.get(id=worksheet_id) Worksheet_gene.edit_list(workbook_id=workbook_model.id, worksheet_id=worksheet_model.id, gene_list=genes, user=request.user) result['genes'] = genes else : result['error'] = "no genes to add" else : result['error'] = "method not correct" if json_response : return HttpResponse(json.dumps(result), status=200) else : redirect_url = reverse('worksheet_display', kwargs={'workbook_id':workbook_model.id, 'worksheet_id': worksheet_model.id}) return redirect(redirect_url)
def worksheet_variables(request, workbook_id=0, worksheet_id=0, variable_id=0): command = request.path.rsplit('/',1)[1]; json_response = False workbook_name = "Untitled Workbook" result = {} if request.method == "POST" : if command == "delete" : Worksheet_variable.destroy(workbook_id=workbook_id, worksheet_id=worksheet_id, id=variable_id, user=request.user) result['message'] = "variables have been deleted from workbook" else : variables = [] #from Edit Page if "variables" in request.body : json_response = True name = json.loads(request.body)['name'] variable_list = json.loads(request.body)['variables'] variable_favorite_result = VariableFavorite.create(name = name, variables = variable_list, user = request.user) model = VariableFavorite.objects.get(id=variable_favorite_result['id']) messages.info(request, 'The variable favorite list \"' + model.name + '\" was created and added to your worksheet') variables = model.get_variables() #from Details Page or list page if request.POST.get("variable_list_id") : workbook_name = request.POST.get("name") variable_id = request.POST.get("variable_list_id") try : variable_fav = VariableFavorite.objects.get(id=variable_id) variables = variable_fav.get_variables() except ObjectDoesNotExist: result['error'] = "variable favorite does not exist" #from Select Page if "var_favorites" in request.body : variable_fav_list = json.loads(request.body)['var_favorites'] json_response = True for fav in variable_fav_list: try: fav = VariableFavorite.objects.get(id=fav['id']) variables = fav.get_variables() except ObjectDoesNotExist: result['error'] = "variable favorite does not exist" if len(variables) > 0: if workbook_id == 0: workbook_model = Workbook.create(name=workbook_name, description="This workbook was created with variables added to the first worksheet. Click Edit Details to change your workbook title and description.", user=request.user) worksheet_model = Worksheet.objects.create(name="worksheet 1", description="", workbook=workbook_model) else : workbook_model = Workbook.objects.get(id=workbook_id) workbook_model.save() worksheet_model = Worksheet.objects.get(id=worksheet_id) Worksheet_variable.edit_list(workbook_id=workbook_model.id, worksheet_id=worksheet_model.id, variable_list=variables, user=request.user) result['workbook_id'] = workbook_model.id result['worksheet_id'] = worksheet_model.id else : result['error'] = "no variables to add" else : result['error'] = "method not correct" if json_response : return HttpResponse(json.dumps(result), status=200) else : redirect_url = reverse('worksheet_display', kwargs={'workbook_id':workbook_model.id, 'worksheet_id': worksheet_model.id}) return redirect(redirect_url)
def worksheet_genes(request, workbook_id=0, worksheet_id=0, genes_id=0): command = request.path.rsplit('/', 1)[1] json_response = False result = {} if request.method == "POST": if command == "delete": Worksheet_gene.destroy(workbook_id=workbook_id, worksheet_id=worksheet_id, id=genes_id, user=request.user) result['message'] = "genes have been deleted from workbook" else: genes = [] workbook_name = 'Untitled Workbook' #from Gene Edit Page if request.POST.get("genes-list"): # Get workbook name if request.POST.get('name'): workbook_name = request.POST.get('name') name = request.POST.get("genes-name") gene_list = request.POST.get("genes-list") gene_list = [x.strip() for x in gene_list.split(' ')] gene_list = list(set(gene_list)) GeneFave = GeneFavorite.create(name=name, gene_list=gene_list, user=request.user) messages.info( request, 'The gene favorite list \"' + name + '\" was created and added to your worksheet') # Refetch the created gene list, because it will have the names correctly formatted for g in GeneFavorite.objects.get( id=GeneFave['id']).get_genes_list(): genes.append(g) #from Gene Details Page if request.POST.get("gene_list_id"): # Get workbook name if request.POST.get('name'): workbook_name = request.POST.get('name') gene_id = request.POST.get("gene_list_id") try: gene_fav = GeneFavorite.objects.get(id=gene_id) names = gene_fav.get_gene_name_list() for g in names: if g not in genes: genes.append(g) except ObjectDoesNotExist: None #from Gene List Page if "gene_fav_list" in request.body: json_response = True gene_fav_list = json.loads(request.body)['gene_fav_list'] for id in gene_fav_list: try: fav = GeneFavorite.objects.get(id=id) names = fav.get_gene_name_list() for g in names: if g not in genes: genes.append(g) except ObjectDoesNotExist: None if len(genes) > 0: if workbook_id is 0: workbook_model = Workbook.create( name=workbook_name, description= "This workbook was created with genes added to the first worksheet. Click Edit Details to change your workbook title and description.", user=request.user) worksheet_model = Worksheet.objects.create( name="worksheet 1", description="", workbook=workbook_model) else: workbook_model = Workbook.objects.get(id=workbook_id) workbook_model.save() worksheet_model = Worksheet.objects.get(id=worksheet_id) Worksheet_gene.edit_list(workbook_id=workbook_model.id, worksheet_id=worksheet_model.id, gene_list=genes, user=request.user) result['genes'] = genes else: result['error'] = "no genes to add" else: result['error'] = "method not correct" if json_response: return HttpResponse(json.dumps(result), status=200) else: redirect_url = reverse('worksheet_display', kwargs={ 'workbook_id': workbook_model.id, 'worksheet_id': worksheet_model.id }) return redirect(redirect_url)
def workbook(request, workbook_id=0): template = 'workbooks/workbook.html' command = request.path.rsplit('/',1)[1] if request.method == "POST": if command == "create": workbook_model = Workbook.createDefault(name="Untitled Workbook", description="", user=request.user) elif command == "edit": workbook_name = request.POST.get('name') workbook_desc = request.POST.get('description') whitelist = re.compile(WHITELIST_RE, re.UNICODE) match_name = whitelist.search(unicode(workbook_name)) match_desc = whitelist.search(unicode(workbook_desc)) if match_name or match_desc: # XSS risk, log and fail this cohort save matches = "" fields = "" if match_name: match_name = whitelist.findall(unicode(workbook_name)) logger.error('[ERROR] While saving a workbook, saw a malformed name: ' + workbook_name + ', characters: ' + match_name.__str__()) matches = "name contains" fields = "name" if match_desc: match_desc = whitelist.findall(unicode(workbook_desc)) logger.error('[ERROR] While saving a workbook, saw a malformed description: ' + workbook_desc + ', characters: ' + match_desc.__str__()) matches = "name and description contain" if match_name else "description contains" fields += (" and description" if match_name else "description") err_msg = "Your workbook's %s invalid characters; please choose another %s." % (matches, fields,) messages.error(request, err_msg) redirect_url = reverse('workbook_detail', kwargs={'workbook_id':workbook_id}) return redirect(redirect_url) workbook_model = Workbook.edit(id=workbook_id, name=workbook_name, description=workbook_desc) elif command == "copy": workbook_model = Workbook.copy(id=workbook_id, user=request.user) elif command == "delete": Workbook.destroy(id=workbook_id) if command == "delete": redirect_url = reverse('workbooks') else: redirect_url = reverse('workbook_detail', kwargs={'workbook_id':workbook_model.id}) return redirect(redirect_url) elif request.method == "GET" : if workbook_id: try : ownedWorkbooks = request.user.workbook_set.all().filter(active=True) sharedWorkbooks = Workbook.objects.filter(shared__matched_user=request.user, shared__active=True, active=True) publicWorkbooks = Workbook.objects.all().filter(is_public=True,active=True) workbooks = ownedWorkbooks | sharedWorkbooks | publicWorkbooks workbooks = workbooks.distinct() workbook_model = workbooks.get(id=workbook_id) workbook_model.worksheets = workbook_model.get_deep_worksheets() is_shareable = workbook_model.is_shareable(request) shared = None if workbook_model.owner.id != request.user.id and not workbook_model.is_public: shared = request.user.shared_resource_set.get(workbook__id=workbook_id) plot_types = Analysis.get_types() return render(request, template, {'workbook' : workbook_model, 'datatypes' : get_gene_datatypes(), 'is_shareable': is_shareable, 'shared' : shared, 'plot_types' : plot_types}) except ObjectDoesNotExist: redirect_url = reverse('workbooks') return redirect(redirect_url) else : redirect_url = reverse('workbooks') return redirect(redirect_url)
def workbook(request, workbook_id=0): template = 'workbooks/workbook.html' command = request.path.rsplit('/', 1)[1] workbook_model = None try: if request.method == "POST": if command == "create": workbook_model = Workbook.createDefault( name="Untitled Workbook", description="", user=request.user) elif command == "edit": # Truncate incoming name and desc fields in case someone tried to send ones which were too long workbook_name = request.POST.get('name')[0:2000] workbook_desc = request.POST.get('description')[0:2000] workbook_build = request.POST.get('build') blacklist = re.compile(BLACKLIST_RE, re.UNICODE) match_name = blacklist.search(unicode(workbook_name)) match_desc = blacklist.search(unicode(workbook_desc)) if match_name or match_desc: # XSS risk, log and fail this cohort save matches = "" fields = "" if match_name: match_name = blacklist.findall(unicode(workbook_name)) logger.error( '[ERROR] While saving a workbook, saw a malformed name: ' + workbook_name + ', characters: ' + str(match_name)) matches = "name contains" fields = "name" if match_desc: match_desc = blacklist.findall(unicode(workbook_desc)) logger.error( '[ERROR] While saving a workbook, saw a malformed description: ' + workbook_desc + ', characters: ' + str(match_desc)) matches = "name and description contain" if match_name else "description contains" fields += (" and description" if match_name else "description") err_msg = "Your workbook's %s invalid characters; please choose another %s." % ( matches, fields, ) messages.error(request, err_msg) redirect_url = reverse('workbook_detail', kwargs={'workbook_id': workbook_id}) return redirect(redirect_url) workbook_model = Workbook.edit(id=workbook_id, name=workbook_name, description=workbook_desc, build=workbook_build) elif command == "copy": workbook_model = Workbook.copy(id=workbook_id, user=request.user) elif command == "delete": Workbook.destroy(id=workbook_id) if command == "delete": redirect_url = reverse('workbooks') else: redirect_url = reverse( 'workbook_detail', kwargs={'workbook_id': workbook_model.id}) return redirect(redirect_url) elif request.method == "GET": if workbook_id: try: ownedWorkbooks = request.user.workbook_set.filter( active=True) sharedWorkbooks = Workbook.objects.filter( shared__matched_user=request.user, shared__active=True, active=True) publicWorkbooks = Workbook.objects.filter(is_public=True, active=True) workbooks = ownedWorkbooks | sharedWorkbooks | publicWorkbooks workbooks = workbooks.distinct() workbook_model = workbooks.get(id=workbook_id) workbook_model.worksheets = workbook_model.get_deep_worksheets( ) is_shareable = workbook_model.is_shareable(request) shared = None if workbook_model.owner.id != request.user.id and not workbook_model.is_public: shared = request.user.shared_resource_set.get( workbook__id=workbook_id) plot_types = Analysis.get_types() return render( request, template, { 'workbook': workbook_model, 'datatypes': get_gene_datatypes( workbook_model.build), 'is_shareable': is_shareable, 'shared': shared, 'plot_types': plot_types }) except ObjectDoesNotExist: redirect_url = reverse('workbooks') return redirect(redirect_url) else: redirect_url = reverse('workbooks') return redirect(redirect_url) except Exception as e: logger.error("[ERROR] Exception when viewing a workbook: ") logger.exception(e) messages.error( request, "An error was encountered while trying to view this workbook.") finally: redirect_url = reverse('workbooks') return redirect(redirect_url)