def handle_form(self, id=None, klass=None, skip_validation=False):
if klass: # create
obj = klass()
form = klass.get_form()(request.form)
else: # update
obj = self.klass.objects.get(id=id)
klass = obj.__class__
form = klass.get_form()(request.form, initial=obj._data)
if form.validate():
form.populate_obj(obj)
try:
obj = self.create_obj(obj, skip_validation)
if form.formdata.get("sharing") and hasattr(
klass, "sharing_permissions"):
obj.sharing_permissions(form.formdata["sharing"],
invest_id=obj.id)
except GenericValidationError as e:
# failure - redirect to edit page
form.errors["General Error"] = [e]
return render_template(
"{}/edit.html".format(self.klass.__name__.lower()),
form=form,
obj_type=klass.__name__,
obj=None,
groups=get_user_groups(),
)
except NotUniqueError:
form.errors["Duplicate"] = [
'Entity "{}" is already in the database'.format(obj)
]
return render_template(
"{}/edit.html".format(self.klass.__name__.lower()),
form=form,
obj_type=klass.__name__,
obj=None,
groups=get_user_groups(),
)
# success - redirect to view page
return redirect(
url_for("frontend.{}:get".format(self.__class__.__name__),
id=obj.id))
else:
return render_template(
"{}/edit.html".format(self.klass.__name__.lower()),
form=form,
obj_type=klass.__name__,
obj=obj,
)
def edit(self, id):
obj = self.klass.objects.get(id=id)
#ToDo Group admins support
if hasattr(obj, 'created_by'):
if current_user.username != obj.created_by and not current_user.has_role(
'admin'):
abort(403)
if request.method == "POST":
return self.handle_form(id=id)
form_class = obj.__class__.get_form()
form = form_class(obj=obj)
return render_template("{}/edit.html".format(
self.klass.__name__.lower()),
form=form,
obj_type=self.klass.__name__,
obj=obj,
groups=get_user_groups())
def search(self, query):
fltr = query.get('filter', {})
params = query.get('params', {})
regex = params.pop('regex', False)
ignorecase = params.pop('ignorecase', False)
page = params.pop('page', 1) - 1
rng = params.pop('range', 50)
investigations = get_queryset(self.objectmanager,
fltr,
regex,
ignorecase,
replace=False)
if not current_user.has_role('admin'):
shared_ids = [current_user.id
] + [group.id for group in get_user_groups()]
investigations = investigations.filter(
Q(sharing__size=0) | Q(sharing__in=shared_ids)
| Q(sharing__exists=False))
return list(investigations)[page * rng:(page + 1) * rng]
def inv_import(self):
if request.method == "GET":
return render_template(
"{}/import.html".format(self.klass.__name__.lower()),
groups=get_user_groups())
else:
text = request.form.get('text')
url = request.form.get('url')
sharing = request.form.get('sharing')
if text:
investigation = Investigation(
created_by=current_user.username, import_text=text)
# set sharing permissions
investigation.save()
investigation.sharing_permissions(sharing)
return redirect(
url_for(
'frontend.InvestigationView:import_from',
id=investigation.id))
else:
try:
if url:
import_method = ImportMethod.objects.get(acts_on="url")
results = import_method.run(url)
elif "file" in request.files:
target = AttachedFile.from_upload(request.files['file'])
import_method = ImportMethod.objects.get(
acts_on=target.content_type)
results = import_method.run(target)
else:
flash("You need to provide an input", "danger")
return redirect(request.referrer)
return redirect(
url_for(
'frontend.InvestigationView:import_wait',
id=results.id))
except DoesNotExist:
flash("This file type is not supported.", "danger")
return render_template(
"{}/import.html".format(self.klass.__name__.lower()))