def add_new_screenshot(request): """ Add a new screenshot. :param request: The Django request. :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ user = request.user description = request.POST.get('description', None) reference = request.POST.get('source_reference', None) method = request.POST.get('source_method', None) tlp = request.POST.get('source_tlp', None) tags = request.POST.get('tags', None) source = request.POST.get('source_name', None) oid = request.POST.get('oid', None) otype = request.POST.get('otype', None) screenshot_ids = request.POST.get('screenshot_ids', None) screenshot = request.FILES.get('screenshot', None) acl = get_acl_object(otype) if user.has_access_to(acl.SCREENSHOTS_ADD): result = add_screenshot(description, tags, source, method, reference, tlp, user.username, screenshot, screenshot_ids, oid, otype) else: result = {"success":False, "message":"User does not have permission to add screenshots."} return HttpResponse(json.dumps(result), content_type="application/json")
def remove_location(request, type_, id_): """ Remove an attributed location from a top-level object. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :param type_: CRITs type for the top-level object. :type type_: str :param id_: The ObjectId of the top-level object. :type id_: str :returns: :class:`django.http.HttpResponse` """ if request.method == "POST" and request.is_ajax(): data = request.POST location_name = data.get('key').split('|')[0] location_type = data.get('key').split('|')[1] date = data.get('key').split('|')[2] user = request.user acl = get_acl_object(type_) if user.has_access_to(acl.LOCATIONS_DELETE): result = location_remove(id_, type_, location_name=location_name, location_type=location_type, date=date, user=request.user.username) return HttpResponse(json.dumps(result), content_type="application/json") else: result = {"success":False, "message":"User does not have permission to remove location."} return HttpResponse(json.dumps(result), content_type="application/json") else: return render(request, "error.html", {"error": 'Expected AJAX POST.'})
def remove_comment(request, obj_type, obj_id): """ Remove a comment from a top-level object. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :param obj_type: The TLO Type. :type obj_type: str :param obj_id: The ObjectId of the top-level object. :type obj_id: str :returns: :class:`django.http.HttpResponse` """ if request.method == "POST" and request.is_ajax(): user = request.user date = datetime.datetime.strptime(request.POST['key'], settings.PY_DATETIME_FORMAT) acl = get_acl_object(obj_type) if user.has_access_to(acl.COMMENTS_DELETE): result = comment_remove(obj_id, user.username, date) else: result = {"success":False, "message":"User does not have permission to remove comments."} return HttpResponse(json.dumps(result), content_type="application/json") return render_to_response("error.html", {'error':'Expected AJAX/POST'})
def bulk_add_object(request): """ Bulk add objects. :param request: The Django request. :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ formdict = form_to_dict(AddObjectForm(request.user)) if request.method == "POST" and request.is_ajax(): acl = get_acl_object(request.POST['otype']) user = request.user if user.has_access_to(acl.OBJECTS_ADD): response = parse_bulk_upload(request, parse_row_to_bound_object_form, add_new_handler_object_via_bulk, formdict) else: response = { 'success': False, 'message': 'User does not have permission to add objects' } return HttpResponse(json.dumps(response, default=json_handler), content_type="application/json") else: return render_to_response( 'bulk_add_default.html', { 'formdict': formdict, 'title': "Bulk Add Objects", 'table_name': 'object' }, RequestContext(request))
def service_run(request, name, crits_type, identifier): """ Run a service. """ request.user._setup() if request.method == 'POST': custom_config = request.POST elif request.method == "GET": # Run with no config... custom_config = {} user = request.user acl = get_acl_object(crits_type) if user.has_access_to(acl.SERVICES_EXECUTE): result = run_service(name, crits_type, identifier, user, execute=settings.SERVICE_MODEL, custom_config=custom_config, is_triage_run=False) else: result = {"success":False, "message":"User does not have permission to run services."} if result['success'] == True: return refresh_services(request, crits_type, identifier) else: return HttpResponse(json.dumps(result), content_type="application/json")
def remove_campaign(request, ctype, objectid): """ Remove an attributed Campaign from a top-level object. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :param ctype: CRITs type for the top-level object. :type ctype: str :param objectid: The ObjectId of the top-level object. :type objectid: str :returns: :class:`django.http.HttpResponse` """ user = request.user if request.method == "POST" and request.is_ajax(): data = request.POST acl = get_acl_object(ctype) if user.has_access_to(acl.CAMPAIGNS_DELETE): result = campaign_remove(ctype, objectid, campaign=data.get('key'), analyst=request.user.username) else: result = {'success':False, 'message':'User does not have permission to delete campaign from TLO.'} return HttpResponse(json.dumps(result), content_type="application/json") else: return render_to_response("error.html", {"error": 'Expected AJAX POST.'}, RequestContext(request))
def remove_campaign(request, ctype, objectid): """ Remove an attributed Campaign from a top-level object. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :param ctype: CRITs type for the top-level object. :type ctype: str :param objectid: The ObjectId of the top-level object. :type objectid: str :returns: :class:`django.http.HttpResponse` """ user = request.user if request.method == "POST" and request.is_ajax(): data = request.POST acl = get_acl_object(ctype) if user.has_access_to(acl.CAMPAIGNS_DELETE): result = campaign_remove(ctype, objectid, campaign=data.get('key'), analyst=request.user.username) else: result = { 'success': False, 'message': 'User does not have permission to delete campaign from TLO.' } return HttpResponse(json.dumps(result), content_type="application/json") else: return render(request, "error.html", {"error": 'Expected AJAX POST.'})
def service_run(request, name, crits_type, identifier): """ Run a service. """ request.user._setup() if request.method == 'POST': custom_config = request.POST elif request.method == "GET": # Run with no config... custom_config = {} user = request.user acl = get_acl_object(crits_type) if user.has_access_to(acl.SERVICES_EXECUTE): result = run_service(name, crits_type, identifier, user, execute=settings.SERVICE_MODEL, custom_config=custom_config, is_triage_run=False) else: result = { "success": False, "message": "User does not have permission to run services." } if result['success'] == True: return refresh_services(request, crits_type, identifier) else: return HttpResponse(json.dumps(result), content_type="application/json")
def bulk_add_object(request): """ Bulk add objects. :param request: The Django request. :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ formdict = form_to_dict(AddObjectForm(request.user)) if request.method == "POST" and request.is_ajax(): acl = get_acl_object(request.POST['otype']) user = request.user if user.has_access_to(acl.OBJECTS_ADD): response = parse_bulk_upload( request, parse_row_to_bound_object_form, add_new_handler_object_via_bulk, formdict) else: response = {'success':False, 'message':'User does not have permission to add objects'} return HttpResponse(json.dumps(response, default=json_handler), content_type="application/json") else: return render_to_response('bulk_add_default.html', {'formdict': formdict, 'title': "Bulk Add Objects", 'table_name': 'object'}, RequestContext(request))
def add_new_screenshot(request): """ Add a new screenshot. :param request: The Django request. :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ user = request.user description = request.POST.get('description', None) reference = request.POST.get('source_reference', None) method = request.POST.get('source_method', None) tlp = request.POST.get('source_tlp', None) tags = request.POST.get('tags', None) source = request.POST.get('source_name', None) oid = request.POST.get('oid', None) otype = request.POST.get('otype', None) screenshot_ids = request.POST.get('screenshot_ids', None) screenshot = request.FILES.get('screenshot', None) acl = get_acl_object(otype) if user.has_access_to(acl.SCREENSHOTS_ADD): result = add_screenshot(description, tags, source, method, reference, tlp, user.username, screenshot, screenshot_ids, oid, otype) else: result = { "success": False, "message": "User does not have permission to add screenshots." } return HttpResponse(json.dumps(result), content_type="application/json")
def update_relationship_type(request): """ Update relationship type. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ if request.method == 'POST' and request.is_ajax(): user = request.user acl = get_acl_object(request.POST['my_type']) if user.has_access_to(acl.RELATIONSHIPS_EDIT): results = update_relationship_types(left_type=request.POST['my_type'], left_id=request.POST['my_value'], right_type=request.POST['reverse_type'], right_id=request.POST['dest_id'], rel_type=request.POST['forward_relationship'], rel_date=request.POST['relationship_date'], new_type=request.POST['new_relationship'], analyst=request.user.username) else: results = {'success':False, 'message':'User does not have permission to update relationship.'} if results['success']: message = "Successfully updated relationship: %s" % results['message'] result = {'success': True, 'message': message} else: message = "Error updating relationship: %s" % results['message'] result = {'success': False, 'message': message} return HttpResponse(json.dumps(result), content_type="application/json") else: error = "Expected AJAX POST" return render(request, "error.html", {"error" : error })
def edit_campaign(request, ctype, objectid): """ Edit an attributed Campaign for a top-level object. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :param ctype: CRITs type for the top-level object. :type ctype: str :param objectid: The ObjectId of the top-level object. :type objectid: str :returns: :class:`django.http.HttpResponse` """ user = request.user if request.method == "POST" and request.is_ajax(): form = CampaignForm(request.POST) acl = get_acl_object(ctype) if user.has_access_to(acl.CAMPAIGNS_EDIT): if form.is_valid(): data = form.cleaned_data campaign = data['name'] confidence = data['confidence'] description = data['description'] related = data['related'] analyst = request.user.username try: date = datetime.datetime.strptime(data['date'], settings.PY_DATETIME_FORMAT) except ValueError: date = datetime.datetime.now() result = campaign_edit(ctype, objectid, campaign, confidence, description, date, related, analyst) if result['success']: return HttpResponse(json.dumps(result), content_type="application/json") else: result.update({'form': form.as_table()}) return HttpResponse(json.dumps(result), content_type="application/json") else: return HttpResponse(json.dumps({'success': False, 'form': form.as_table()}), content_type="application/json") else: result ={'success': False, 'message':'User does not have permission to edit Campaign.'} return HttpResponse(json.dumps(result), content_type="application/json") else: return HttpResponse(json.dumps({'success': False}), content_type="application/json")
def add_new_relationship(request): """ Add a new relationship. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ if request.method == 'POST' and request.is_ajax(): form = ForgeRelationshipForm(request.POST) user = request.user choices = [(c,c) for c in RelationshipTypes.values(sort=True)] form.fields['forward_relationship'].choices = choices if form.is_valid(): cleaned_data = form.cleaned_data # Get user permission to verify the user can forge relationships... # Should we check permission on both the forward and reverse TLO for this? acl = get_acl_object(cleaned_data.get('forward_type')) if user.has_access_to(acl.RELATIONSHIPS_ADD): results = forge_relationship(type_=cleaned_data.get('forward_type'), id_=cleaned_data.get('forward_value'), right_type=cleaned_data.get('reverse_type'), right_id=cleaned_data.get('dest_id'), rel_type=cleaned_data.get('forward_relationship'), rel_date=cleaned_data.get('relationship_date'), user=request.user.username, rel_reason=cleaned_data.get('rel_reason'), rel_confidence=cleaned_data.get('rel_confidence'), get_rels=True) else: results = {"success":False, "message":"User does not have permission to forge relationships"} if results['success'] == True: relationship = {'type': cleaned_data.get('forward_type'), 'value': cleaned_data.get('forward_value')} message = render_to_string('relationships_listing_widget.html', {'relationship': relationship, 'nohide': True, 'relationships': results['relationships']}, RequestContext(request)) result = {'success': True, 'message': message} else: message = "Error adding relationship: %s" % results['message'] result = {'success': False, 'message': message} else: message = "Invalid Form: %s" % form.errors form = form.as_table() result = {'success': False, 'form': form, 'message': message} return HttpResponse(json.dumps(result), content_type="application/json") else: error = "Expected AJAX POST" return render_to_response("error.html", {"error" : error }, RequestContext(request))
def add_location(request, type_, id_): """ Attribute a location to a top-level object. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :param type_: CRITs type for the top-level object. :type type_: str :param id_: The ObjectId of the top-level object. :type id_: str :returns: :class:`django.http.HttpResponse` """ if request.method == "POST" and request.is_ajax(): form = AddLocationForm(request.POST) result = {} if form.is_valid(): data = form.cleaned_data location_type = data['location_type'] location_name = data['country'] description = data['description'] latitude = data['latitude'] longitude = data['longitude'] user = request.user acl = get_acl_object(type_) if user.has_access_to(acl.LOCATIONS_ADD): result = location_add(id_, type_, location_type, location_name, user, description=description, latitude=latitude, longitude=longitude) else: result = { "success": False, "message": "User does not have permission to add locations." } if result['success']: return HttpResponse(json.dumps(result), content_type="application/json") result['form'] = form.as_table() result['success'] = False return HttpResponse(json.dumps(result), content_type="application/json") else: return HttpResponse(json.dumps({ 'success': False, 'message': "Expected AJAX request." }), content_type="application/json")
def campaign_add(request, ctype, objectid): """ Attribute a Campaign to a top-level object. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :param ctype: CRITs type for the top-level object. :type ctype: str :param objectid: The ObjectId of the top-level object. :type objectid: str :returns: :class:`django.http.HttpResponse` """ user = request.user if request.method == "POST" and request.is_ajax(): form = CampaignForm(request.POST) result = {} acl = get_acl_object(ctype) if user.has_access_to(acl.CAMPAIGNS_ADD): if form.is_valid(): data = form.cleaned_data campaign = data['name'] confidence = data['confidence'] description = data['description'] related = data['related'] analyst = request.user.username result = campaign_addh(campaign, confidence, description, related, analyst, ctype, objectid, update=False) if result['success']: return HttpResponse(json.dumps(result), content_type="application/json") result['form'] = form.as_table() result['success'] = False return HttpResponse(json.dumps(result), content_type="application/json") else: result['success'] = False result[ 'message'] = 'User does not have permission to add campaign to TLO.' return HttpResponse(json.dumps(result), content_type="application/json") else: return HttpResponse(json.dumps({ 'success': False, 'message': "Expected AJAX request." }), content_type="application/json")
def obj_get_list(self, bundle, **kwargs): """ Placeholder for overriding the default tastypie function in the future. """ user = bundle.request.user acl = get_acl_object(bundle.obj._meta['crits_type']) if not acl or (bundle.obj._meta['crits_type'] == 'Screenshot' or user.has_access_to(acl.READ)): return super(CRITsAPIResource, self).obj_get_list(bundle=bundle, **kwargs) else: raise NotImplementedError('You do not have access to this object.')
def campaign_add(request, ctype, objectid): """ Attribute a Campaign to a top-level object. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :param ctype: CRITs type for the top-level object. :type ctype: str :param objectid: The ObjectId of the top-level object. :type objectid: str :returns: :class:`django.http.HttpResponse` """ user = request.user if request.method == "POST" and request.is_ajax(): form = CampaignForm(request.POST) result = {} acl = get_acl_object(ctype) if user.has_access_to(acl.CAMPAIGNS_ADD): if form.is_valid(): data = form.cleaned_data campaign = data['name'] confidence = data['confidence'] description = data['description'] related = data['related'] analyst= request.user.username result = campaign_addh(campaign, confidence, description, related, analyst, ctype, objectid, update=False) if result['success']: return HttpResponse(json.dumps(result), content_type="application/json") result['form'] = form.as_table() result['success'] = False return HttpResponse(json.dumps(result), content_type="application/json") else: result['success'] = False result['message'] = 'User does not have permission to add campaign to TLO.' return HttpResponse(json.dumps(result), content_type="application/json") else: return HttpResponse(json.dumps({'success': False, 'message': "Expected AJAX request."}), content_type="application/json")
def obj_create(self, bundle, **kwargs): """ Handles creating Comments through the API. :param bundle: Bundle containing the information to create the Comment. :type bundle: Tastypie Bundle object. :returns: HttpResponse. """ user = bundle.request.user comment = bundle.data.get('comment', None) obj_type = bundle.data.get('object_type', None) obj_id = bundle.data.get('object_id', None) content = {'return_code': 1, 'type': 'Comment', 'success': False} if not obj_type: content['message'] = 'Must provide an object type.' self.crits_response(content) if not obj_id: content['message'] = 'Must provide an object id.' self.crits_response(content) if not comment: content['message'] = 'Must provide a comment.' self.crits_response(content) data = { 'comment': comment, 'object_type': obj_type, 'object_id': obj_id, 'url_key': obj_id } acl = get_acl_object(obj_type) if user.has_access_to(acl.COMMENTS_ADD): retVal = comment_add(data, obj_type, obj_id, '', {}, user.username) else: message = 'You do not have permission to add comment to type %s.' % obj_type retVal = False content['message'] = message content['success'] = False content['status_code'] = 1 if retVal and "Comment added successfully!" in retVal.content: content['success'] = True content['return_code'] = 0 content['message'] = 'Comment added successfully!' self.crits_response(content)
def add_location(request, type_, id_): """ Attribute a location to a top-level object. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :param type_: CRITs type for the top-level object. :type type_: str :param id_: The ObjectId of the top-level object. :type id_: str :returns: :class:`django.http.HttpResponse` """ if request.method == "POST" and request.is_ajax(): form = AddLocationForm(request.POST) result = {} if form.is_valid(): data = form.cleaned_data location_type = data['location_type'] location_name = data['country'] description = data['description'] latitude = data['latitude'] longitude = data['longitude'] user = request.user acl = get_acl_object(type_) if user.has_access_to(acl.LOCATIONS_ADD): result = location_add(id_, type_, location_type, location_name, user, description=description, latitude=latitude, longitude=longitude) else: result = {"success":False, "message":"User does not have permission to add locations."} if result['success']: return HttpResponse(json.dumps(result), content_type="application/json") result['form'] = form.as_table() result['success'] = False return HttpResponse(json.dumps(result), content_type="application/json") else: return HttpResponse(json.dumps({'success': False, 'message': "Expected AJAX request."}), content_type="application/json")
def obj_create(self, bundle, **kwargs): """ Handles creating Comments through the API. :param bundle: Bundle containing the information to create the Comment. :type bundle: Tastypie Bundle object. :returns: HttpResponse. """ user = bundle.request.user comment = bundle.data.get('comment', None) obj_type = bundle.data.get('object_type', None) obj_id = bundle.data.get('object_id', None) content = {'return_code': 1, 'type': 'Comment', 'success': False} if not obj_type: content['message'] = 'Must provide an object type.' self.crits_response(content) if not obj_id: content['message'] = 'Must provide an object id.' self.crits_response(content) if not comment: content['message'] = 'Must provide a comment.' self.crits_response(content) data = {'comment': comment, 'object_type': obj_type, 'object_id': obj_id, 'url_key': obj_id} acl = get_acl_object(obj_type) if user.has_access_to(acl.COMMENTS_ADD): retVal = comment_add(data, obj_type, obj_id, '', {}, user.username) else: message = 'You do not have permission to add comment to type %s.' % obj_type retVal = False content['message'] = message content['success'] = False content['status_code'] = 1 if retVal and "Comment added successfully!" in retVal.content: content['success'] = True content['return_code'] = 0 content['message'] = 'Comment added successfully!' self.crits_response(content)
def break_relationship(request): """ Remove a relationship. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ if request.method == 'POST' and request.is_ajax(): acl = get_acl_object(request.POST['my_type']) user = request.user if user.has_access_to(acl.RELATIONSHIPS_DELETE): results = delete_relationship( left_type=request.POST['my_type'], left_id=request.POST['my_value'], right_type=request.POST['reverse_type'], right_id=request.POST['dest_id'], rel_type=request.POST['forward_relationship'], rel_date=request.POST['relationship_date'], analyst=request.user.username) else: results = { "success": False, "message": "User does not have permission to delete relationship." } if results['success']: relationship = { 'type': request.POST['my_type'], 'value': request.POST['my_value'] } message = render_to_string( 'relationships_listing_widget.html', { 'relationship': relationship, 'nohide': True, 'relationships': results['relationships'] }, request=request) result = {'success': True, 'message': message} else: message = "Error deleting relationship: %s" % results['message'] result = {'success': False, 'message': message} return HttpResponse(json.dumps(result), content_type="application/json") else: error = "Expected AJAX POST" return render(request, "error.html", {"error": error})
def update_relationship_confidence(request): """ Update relationship confidence. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ if request.method == 'POST' and request.is_ajax(): new_confidence = request.POST['new_confidence'] acls = get_acl_object(request.POST['my_type']) user = request.user if new_confidence not in ('unknown', 'low', 'medium', 'high'): result = {'success': False, 'message': 'Unknown confidence level.'} return HttpResponse(json.dumps(result), content_type="application/json") elif not user.has_access_to(acl.RELATIONSHIPS_EDIT): result = { 'success': False, 'message': 'User does not have permission to edit relationship.' } else: result = update_relationship_confidences( left_type=request.POST['my_type'], left_id=request.POST['my_value'], right_type=request.POST['reverse_type'], right_id=request.POST['dest_id'], rel_type=request.POST['forward_relationship'], rel_date=request.POST['relationship_date'], analyst=request.user.username, new_confidence=new_confidence) if result['success']: message = "Successfully updated relationship: %s" % result[ 'message'] result = {'success': True, 'message': message} else: message = "Error updating relationship: %s" % result['message'] result = {'success': False, 'message': message} return HttpResponse(json.dumps(result), content_type="application/json") else: error = "Expected AJAX POST" return render(request, "error.html", {"error": error})
def delete_this_object(request): """ Delete an object. Should be an AJAX POST. :param request: The Django request. :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ error = "" if request.method == 'POST': if request.is_ajax(): type_ = request.POST['coll'] oid = request.POST['oid'] user = request.user result = "" message = "" object_type = request.POST.get('object_type') value = request.POST['value'] acl = get_acl_object(type_) if user.has_access_to(acl.OBJECTS_DELETE): results = delete_object(type_, oid, object_type, value, user.username) else: results = {'success': False, 'message':'User does not have permission to delete objects.'} if results['success']: message = results['message'] result = {'success': True, 'message': message} else: message = "Error deleting object: %s" % results['message'] result = {'success': False, 'message': message} return HttpResponse(json.dumps(result), content_type="application/json") else: error = "Expected AJAX" else: error = "Expected POST" return render_to_response("error.html", {"error" : error }, RequestContext(request))
def add_update_comment(request, method, obj_type, obj_id): """ Add/update a comment for a top-level object. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :param method: If this is a new comment or an update (set to "update"). :type method: str :param obj_type: The type of the top-level object. :type obj_type: str :param obj_id: The ObjectId of the top-level object. :type obj_id: str :returns: :class:`django.http.HttpResponse` """ if request.method == "POST" and request.is_ajax(): form = AddCommentForm(request.POST) if form.is_valid(): cleaned_data = form.cleaned_data subscr = cleaned_data.get('subscribable', False) user = request.user acl = get_acl_object(obj_type) if method == "update": if user.has_access_to(acl.COMMENTS_EDIT): return comment_update(cleaned_data, obj_type, obj_id, subscr, user.username) else: result = {"success":False, "message":"User does not have permission to edit comments."} return HttpResponse(json.dumps(result), content_type="application/json") else: if user.has_access_to(acl.COMMENTS_ADD): return comment_add(cleaned_data, obj_type, obj_id, method, subscr, user.username) else: result = {"success":False, "message":"User does not have permission to add comments."} return HttpResponse(json.dumps(result), content_type="application/json") return HttpResponse(json.dumps({'success':False, 'form':form.as_table()}), content_type="application/json") return render_to_response("error.html", {'error':'Expected AJAX/POST'})
def update_relationship_confidence(request): """ Update relationship confidence. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ if request.method == 'POST' and request.is_ajax(): new_confidence = request.POST['new_confidence'] acls = get_acl_object(request.POST['my_type']) user = request.user if new_confidence not in ('unknown', 'low', 'medium', 'high'): result = {'success': False, 'message': 'Unknown confidence level.'} return HttpResponse(json.dumps(result), content_type="application/json") elif not user.has_access_to(acl.RELATIONSHIPS_EDIT): result = {'success': False, 'message': 'User does not have permission to edit relationship.'} else: result = update_relationship_confidences(left_type=request.POST['my_type'], left_id=request.POST['my_value'], right_type=request.POST['reverse_type'], right_id=request.POST['dest_id'], rel_type=request.POST['forward_relationship'], rel_date=request.POST['relationship_date'], analyst=request.user.username, new_confidence=new_confidence) if result['success']: message = "Successfully updated relationship: %s" % result['message'] result = {'success': True, 'message': message} else: message = "Error updating relationship: %s" % result['message'] result = {'success': False, 'message': message} return HttpResponse(json.dumps(result), content_type="application/json") else: error = "Expected AJAX POST" return render_to_response("error.html", {"error" : error }, RequestContext(request))
def edit_location(request, type_, id_): """ Edit a location. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ if request.method == 'POST': location_type = request.POST.get('location_type', None) location_name = request.POST.get('location_name', None) date = request.POST.get('date', None) description = request.POST.get('description', None) latitude = request.POST.get('latitude', None) longitude = request.POST.get('longitude', None) user = request.user acl = get_acl_object(type_) if user.has_access_to(acl.LOCATIONS_EDIT): return HttpResponse(json.dumps( location_edit(type_, id_, location_name, location_type, date, user, description=description, latitude=latitude, longitude=longitude)), content_type="application/json") else: result = { "success": False, "message": "User does not have permission to edit location." } return HttpResponse(json.dumps(result), content_type="application/json") else: error = "Expected POST" return render_to_response("error.html", {"error": error}, RequestContext(request))
def break_relationship(request): """ Remove a relationship. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ if request.method == 'POST' and request.is_ajax(): acl = get_acl_object(request.POST['my_type']) user = request.user if user.has_access_to(acl.RELATIONSHIPS_DELETE): results = delete_relationship(left_type=request.POST['my_type'], left_id=request.POST['my_value'], right_type=request.POST['reverse_type'], right_id=request.POST['dest_id'], rel_type=request.POST['forward_relationship'], rel_date=request.POST['relationship_date'], analyst=request.user.username) else: results = {"success":False, "message":"User does not have permission to delete relationship."} if results['success']: relationship = {'type': request.POST['my_type'], 'value': request.POST['my_value']} message = render_to_string('relationships_listing_widget.html', {'relationship': relationship, 'nohide': True, 'relationships': results['relationships']}, RequestContext(request)) result = {'success': True, 'message': message} else: message = "Error deleting relationship: %s" % results['message'] result = {'success': False, 'message': message} return HttpResponse(json.dumps(result), content_type="application/json") else: error = "Expected AJAX POST" return render_to_response("error.html", {"error" : error }, RequestContext(request))
def update_objects_value(request): """ Update an object's value. Should be an AJAX POST. :param request: The Django request. :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ if request.method == 'POST' and request.is_ajax(): type_ = request.POST['coll'] oid = request.POST['oid'] object_type = request.POST.get('type') value = request.POST['value'] new_value = request.POST['new_value'] user = request.user acl = get_acl_object(type_) if user.has_access_to(acl.OBJECTS_EDIT): results = update_object_value(type_, oid, object_type, value, new_value, user) else: results = {'success':False, 'message':'User does not have permission to modify object.'} if results['success']: message = "Successfully updated object value: %s" % results['message'] result = {'success': True, 'message': message} else: message = "Error updating object value: %s" % results['message'] result = {'success': False, 'message': message} return HttpResponse(json.dumps(result), content_type="application/json") else: error = "Expected AJAX POST" return render_to_response("error.html", {"error" : error }, RequestContext(request))
def edit_location(request, type_, id_): """ Edit a location. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ if request.method == 'POST': location_type = request.POST.get('location_type', None) location_name = request.POST.get('location_name', None) date = request.POST.get('date', None) description = request.POST.get('description', None) latitude = request.POST.get('latitude', None) longitude = request.POST.get('longitude', None) user = request.user acl = get_acl_object(type_) if user.has_access_to(acl.LOCATIONS_EDIT): return HttpResponse(json.dumps(location_edit(type_, id_, location_name, location_type, date, user, description=description, latitude=latitude, longitude=longitude)), content_type="application/json") else: result = {"success":False, "message":"User does not have permission to edit location."} return HttpResponse(json.dumps(result), content_type="application/json") else: error = "Expected POST" return render_to_response("error.html", {"error": error}, RequestContext(request))
def remove_location(request, type_, id_): """ Remove an attributed location from a top-level object. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :param type_: CRITs type for the top-level object. :type type_: str :param id_: The ObjectId of the top-level object. :type id_: str :returns: :class:`django.http.HttpResponse` """ if request.method == "POST" and request.is_ajax(): data = request.POST location_name = data.get('key').split('|')[0] location_type = data.get('key').split('|')[1] date = data.get('key').split('|')[2] user = request.user acl = get_acl_object(type_) if user.has_access_to(acl.LOCATIONS_DELETE): result = location_remove(id_, type_, location_name=location_name, location_type=location_type, date=date, user=request.user.username) return HttpResponse(json.dumps(result), content_type="application/json") else: result = {"success":False, "message":"User does not have permission to remove location."} return HttpResponse(json.dumps(result), content_type="application/json") else: return render_to_response("error.html", {"error": 'Expected AJAX POST.'}, RequestContext(request))
def update_relationship_type(request): """ Update relationship type. Should be an AJAX POST. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ if request.method == 'POST' and request.is_ajax(): user = request.user acl = get_acl_object(request.POST['my_type']) if user.has_access_to(acl.RELATIONSHIPS_EDIT): results = update_relationship_types(left_type=request.POST['my_type'], left_id=request.POST['my_value'], right_type=request.POST['reverse_type'], right_id=request.POST['dest_id'], rel_type=request.POST['forward_relationship'], rel_date=request.POST['relationship_date'], new_type=request.POST['new_relationship'], analyst=request.user.username) else: results = {'success':False, 'message':'User does not have permission to update relationship.'} if results['success']: message = "Successfully updated relationship: %s" % results['message'] result = {'success': True, 'message': message} else: message = "Error updating relationship: %s" % results['message'] result = {'success': False, 'message': message} return HttpResponse(json.dumps(result), content_type="application/json") else: error = "Expected AJAX POST" return render_to_response("error.html", {"error" : error }, RequestContext(request))
def get_table_data(request=None, obj=None, user=None, searchTerm="", search_type=None, includes=[], excludes=[], maxRows=25, sort={}, pageNumber=1): """ gets the records needed for the table, can be called via ajax on the saved_search.html or the above ConstructTable function """ from crits.core.handlers import get_query, data_query response = {"Result": "ERROR"} obj_type = get_obj_type_from_string(obj) acl = get_acl_object(obj) if not user: user = request.user # Build the query term = "" #if its being called from saved_search.html if not user.has_access_to(acl.READ): resp = {} resp['Result'] = "ERROR" resp['msg'] = "User does not have permission to view object." resp['Records'] = "" elif request and request.is_ajax(): resp = get_query(obj_type, request) #if its calling to get data for the dashbaord elif user and search_type: resp = get_query_without_request(obj_type, user, searchTerm, search_type) else: return HttpResponse(json.dumps(response, default=json_handler), content_type="application/json") if resp['Result'] in ["ERROR", "IGNORE"]: return resp query = resp['query'] term = resp['term'] sortBy = [] if 'direction' in sort: if sort['direction'] == 'asc': sortBy.append(sort['field']) elif sort['direction'] == 'desc': sortBy.append("-" + sort['field']) skip = (int(pageNumber) - 1) * 25 if request: response = data_query(obj_type, user=request.user, query=query, projection=includes, limit=int(maxRows), sort=sortBy, skip=skip) else: response = data_query(obj_type, user=user, query=query, projection=includes, limit=maxRows, sort=sortBy, skip=skip) if response['result'] == "ERROR": return {'Result': "ERROR", 'Message': response['msg']} response['crits_type'] = obj_type # Escape term for rendering in the UI. response['term'] = cgi.escape(term) response['data'] = response['data'].to_dict(excludes, includes) response['Records'] = parseDocObjectsToStrings(response.pop('data'), obj) response['TotalRecordCount'] = response.pop('count') response['Result'] = response.pop('result') if request: return HttpResponse(json.dumps(response, default=json_handler), content_type="application/json") else: return response
def obj_create(self, bundle, **kwargs): """ Handles creating Screenshots through the API. :param bundle: Bundle containing the information to create the Screenshot. :type bundle: Tastypie Bundle object. :returns: HttpResponse. """ user = bundle.request.user type_ = bundle.data.get('upload_type', None) content = {'return_code': 1, 'type': 'Screenshot'} if not type_: content['message'] = 'Must provide an upload type.' self.crits_response(content) if type_ not in ('ids', 'screenshot'): content['message'] = 'Not a valid upload type.' self.crits_response(content) if type_ == 'ids': screenshot_ids = bundle.data.get('screenshot_ids', None) screenshot = None elif type_ == 'screenshot': screenshot = bundle.data.get('filedata', None) screenshot_ids = None if not screenshot: content[ 'message'] = "Upload type of 'screenshot' but no file uploaded." self.crits_response(content) description = bundle.data.get('description', None) tags = bundle.data.get('tags', None) source = bundle.data.get('source', None) method = bundle.data.get('method', None) reference = bundle.data.get('reference', None) tlp = bundle.data.get('tlp', 'amber') oid = bundle.data.get('oid', None) otype = bundle.data.get('otype', None) if not oid or not otype or not source or not (screenshot or screenshot_ids): content['message'] = "You must provide a valid set of information." self.crits_response(content) acl = get_acl_object(otype) if not user.has_access_to(acl.SCREENSHOTS_ADD): content[ 'message'] = 'User does not have permission to create Object.' self.crits_response(content) result = add_screenshot(description, tags, source, method, reference, tlp, user.username, screenshot, screenshot_ids, oid, otype) if result.get('message'): content['message'] = result.get('message') if result.get('id'): url = reverse('api_dispatch_detail', kwargs={ 'resource_name': 'screenshots', 'api_name': 'v1', 'pk': result.get('id') }) content['url'] = url content['id'] = result.get('id') if result['success']: content['return_code'] = 0 self.crits_response(content)
def add_new_object(request): """ Add a new object. :param request: The Django request. :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ if request.method == 'POST': analyst = "%s" % request.user user = request.user result = "" message = "" my_type = request.POST['otype'] acl = get_acl_object(my_type) if user.has_access_to(acl.OBJECTS_ADD): form = AddObjectForm(user, request.POST, request.FILES) if not form.is_valid() and 'value' not in request.FILES: message = "Invalid Form: %s" % form.errors form = form.as_table() response = json.dumps({'message': message, 'form': form, 'success': False}) if request.is_ajax(): return HttpResponse(response, content_type="application/json") else: return render_to_response("file_upload_response.html", {'response':response}, RequestContext(request)) source = request.POST['source_name'] oid = request.POST['oid'] object_type = request.POST['object_type'] method = request.POST['source_method'] reference = request.POST['source_reference'] tlp = request.POST['source_tlp'] add_indicator = request.POST.get('add_indicator', None) data = None # if it was a file upload, handle the file appropriately if 'value' in request.FILES: data = request.FILES['value'] value = request.POST.get('value', None) if isinstance(value, basestring): value = value.strip() results = add_object(my_type, oid, object_type, source, method, reference, tlp, user.username, value=value, file_=data, add_indicator=add_indicator, is_sort_relationships=True) else: results = {'success':False, 'message':'User does not have permission to add object'} if results['success']: subscription = { 'type': my_type, 'id': oid } if results.get('relationships', None): relationship = {'type': my_type, 'value': oid} relationships = results['relationships'] html = render_to_string('objects_listing_widget.html', {'objects': results['objects'], 'relationships': relationships, 'subscription': subscription}, RequestContext(request)) result = {'success': True, 'html': html, 'message': results['message']} rel_msg = render_to_string('relationships_listing_widget.html', {'relationship': relationship, 'nohide': True, 'relationships': relationships}, RequestContext(request)) result['rel_made'] = True result['rel_msg'] = rel_msg else: html = render_to_string('objects_listing_widget.html', {'objects': results['objects'], 'subscription': subscription}, RequestContext(request)) result = {'success': True, 'html': html, 'message': results['message']} else: message = "Error adding object: %s" % results['message'] result = {'success': False, 'message': message} if request.is_ajax(): return HttpResponse(json.dumps(result), content_type="application/json") else: return render_to_response("file_upload_response.html", {'response': json.dumps(result)}, RequestContext(request)) else: error = "Expected POST" return render_to_response("error.html", {"error" : error }, RequestContext(request))
def bulk_add_object_inline(request): """ Bulk add objects inline. :param request: The Django request. :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ formdict = form_to_dict(AddObjectForm(request.user)) if request.method == "POST" and request.is_ajax(): user = request.user acl = get_acl_object(request.POST['otype']) if user.has_access_to(acl.OBJECTS_ADD): response = parse_bulk_upload( request, parse_row_to_bound_object_form, add_new_handler_object_via_bulk, formdict) secondary_data_array = response.get('secondary') if secondary_data_array: latest_secondary_data = secondary_data_array[-1] class_type = class_from_id( latest_secondary_data['type'], latest_secondary_data['id']) subscription = {'type': latest_secondary_data['type'], 'id': latest_secondary_data['id'], 'value': latest_secondary_data['id']} object_listing_html = render_to_string('objects_listing_widget.html', {'objects': class_type.sort_objects(), 'subscription': subscription}, RequestContext(request)) response['html'] = object_listing_html is_relationship_made = False for secondary_data in secondary_data_array: if secondary_data.get('relationships'): is_relationship_made = True break if is_relationship_made == True: rel_html = render_to_string('relationships_listing_widget.html', {'relationship': subscription, 'relationships': class_type.sort_relationships(request.user, meta=True)}, RequestContext(request)) response['rel_msg'] = rel_html response['rel_made'] = True return HttpResponse(json.dumps(response, default=json_handler), content_type="application/json") else: is_prevent_initial_table = request.GET.get('isPreventInitialTable', False) is_use_item_source = request.GET.get('useItemSource', False) if is_use_item_source == True or is_use_item_source == "true": otype = request.GET.get('otype') oid = request.GET.get('oid') # Get the item with the type and ID from the database obj = class_from_id(otype, oid) if obj: source_field_name = get_source_field_for_class(otype) if source_field_name: # If the item has a source, then use the source value # to set as the default source if hasattr(obj, "source"): source_field = get_field_from_label("source", formdict) earliest_source = None earliest_date = None # Get the earliest source, compared by date for source in obj.source: for source_instance in source.instances: if earliest_source == None or source_instance.date < earliest_date: earliest_date = source_instance.date earliest_source = source if earliest_source: source_field['initial'] = earliest_source.name return render_to_response('bulk_add_object_inline.html', {'formdict': formdict, 'title': "Bulk Add Objects", 'is_prevent_initial_table': is_prevent_initial_table, 'table_name': 'object_inline'}, RequestContext(request))
def get_table_data(request=None,obj=None,user=None,searchTerm="", search_type=None, includes=[], excludes=[], maxRows=25, sort={}, pageNumber=1): """ gets the records needed for the table, can be called via ajax on the saved_search.html or the above ConstructTable function """ from crits.core.handlers import get_query, data_query response = {"Result": "ERROR"} obj_type = get_obj_type_from_string(obj) acl = get_acl_object(obj) if not user: user = request.user # Build the query term = "" #if its being called from saved_search.html if not user.has_access_to(acl.READ): resp = {} resp['Result'] = "ERROR" resp['msg'] = "User does not have permission to view object." resp['Records'] = "" elif request and request.is_ajax(): resp = get_query(obj_type, request) #if its calling to get data for the dashbaord elif user and search_type: resp = get_query_without_request(obj_type, user, searchTerm, search_type) else: return HttpResponse(json.dumps(response, default=json_handler), content_type="application/json") if resp['Result'] in ["ERROR", "IGNORE"]: return resp query = resp['query'] term = resp['term'] sortBy = [] if 'direction' in sort: if sort['direction'] == 'asc': sortBy.append(sort['field']) elif sort['direction'] == 'desc': sortBy.append("-"+sort['field']) skip = (int(pageNumber)-1)*25 if request: response = data_query(obj_type, user=request.user, query=query, projection=includes, limit=int(maxRows), sort=sortBy, skip=skip) else: response = data_query(obj_type, user=user, query=query, projection=includes, limit=maxRows, sort=sortBy,skip=skip) if response['result'] == "ERROR": return {'Result': "ERROR", 'Message': response['msg']} response['crits_type'] = obj_type # Escape term for rendering in the UI. response['term'] = cgi.escape(term) response['data'] = response['data'].to_dict(excludes, includes) response['Records'] = parseDocObjectsToStrings(response.pop('data'), obj) response['TotalRecordCount'] = response.pop('count') response['Result'] = response.pop('result') if request: return HttpResponse(json.dumps(response, default=json_handler), content_type="application/json") else: return response
def obj_create(self, bundle, **kwargs): """ Handles creating Screenshots through the API. :param bundle: Bundle containing the information to create the Screenshot. :type bundle: Tastypie Bundle object. :returns: HttpResponse. """ user = bundle.request.user type_ = bundle.data.get('upload_type', None) content = {'return_code': 1, 'type': 'Screenshot'} if not type_: content['message'] = 'Must provide an upload type.' self.crits_response(content) if type_ not in ('ids', 'screenshot'): content['message'] = 'Not a valid upload type.' self.crits_response(content) if type_ == 'ids': screenshot_ids = bundle.data.get('screenshot_ids', None) screenshot = None elif type_ == 'screenshot': screenshot = bundle.data.get('filedata', None) screenshot_ids = None if not screenshot: content['message'] = "Upload type of 'screenshot' but no file uploaded." self.crits_response(content) description = bundle.data.get('description', None) tags = bundle.data.get('tags', None) source = bundle.data.get('source', None) method = bundle.data.get('method', None) reference = bundle.data.get('reference', None) tlp = bundle.data.get('tlp', 'amber') oid = bundle.data.get('oid', None) otype = bundle.data.get('otype', None) if not oid or not otype or not source or not (screenshot or screenshot_ids): content['message'] = "You must provide a valid set of information." self.crits_response(content) acl = get_acl_object(otype) if not user.has_access_to(acl.SCREENSHOTS_ADD): content['message'] = 'User does not have permission to create Object.' self.crits_response(content) result = add_screenshot(description, tags, source, method, reference, tlp, user.username, screenshot, screenshot_ids, oid, otype) if result.get('message'): content['message'] = result.get('message') if result.get('id'): url = reverse('api_dispatch_detail', kwargs={'resource_name': 'screenshots', 'api_name': 'v1', 'pk': result.get('id')}) content['url'] = url content['id'] = result.get('id') if result['success']: content['return_code'] = 0 self.crits_response(content)
def add_new_object(request): """ Add a new object. :param request: The Django request. :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ if request.method == 'POST': analyst = "%s" % request.user user = request.user result = "" message = "" my_type = request.POST['otype'] acl = get_acl_object(my_type) if user.has_access_to(acl.OBJECTS_ADD): form = AddObjectForm(user, request.POST, request.FILES) if not form.is_valid() and 'value' not in request.FILES: message = "Invalid Form: %s" % form.errors form = form.as_table() response = json.dumps({ 'message': message, 'form': form, 'success': False }) if request.is_ajax(): return HttpResponse(response, content_type="application/json") else: return render_to_response("file_upload_response.html", {'response': response}, RequestContext(request)) source = request.POST['source_name'] oid = request.POST['oid'] object_type = request.POST['object_type'] method = request.POST['source_method'] reference = request.POST['source_reference'] tlp = request.POST['source_tlp'] add_indicator = request.POST.get('add_indicator', None) data = None # if it was a file upload, handle the file appropriately if 'value' in request.FILES: data = request.FILES['value'] value = request.POST.get('value', None) if isinstance(value, basestring): value = value.strip() results = add_object(my_type, oid, object_type, source, method, reference, tlp, user.username, value=value, file_=data, add_indicator=add_indicator, is_sort_relationships=True) else: results = { 'success': False, 'message': 'User does not have permission to add object' } if results['success']: subscription = {'type': my_type, 'id': oid} if results.get('relationships', None): relationship = {'type': my_type, 'value': oid} relationships = results['relationships'] html = render_to_string( 'objects_listing_widget.html', { 'objects': results['objects'], 'relationships': relationships, 'subscription': subscription }, RequestContext(request)) result = { 'success': True, 'html': html, 'message': results['message'] } rel_msg = render_to_string( 'relationships_listing_widget.html', { 'relationship': relationship, 'nohide': True, 'relationships': relationships }, RequestContext(request)) result['rel_made'] = True result['rel_msg'] = rel_msg else: html = render_to_string('objects_listing_widget.html', { 'objects': results['objects'], 'subscription': subscription }, RequestContext(request)) result = { 'success': True, 'html': html, 'message': results['message'] } else: message = "Error adding object: %s" % results['message'] result = {'success': False, 'message': message} if request.is_ajax(): return HttpResponse(json.dumps(result), content_type="application/json") else: return render_to_response("file_upload_response.html", {'response': json.dumps(result)}, RequestContext(request)) else: error = "Expected POST" return render_to_response("error.html", {"error": error}, RequestContext(request))
def bulk_add_object_inline(request): """ Bulk add objects inline. :param request: The Django request. :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ formdict = form_to_dict(AddObjectForm(request.user)) if request.method == "POST" and request.is_ajax(): user = request.user acl = get_acl_object(request.POST['otype']) if user.has_access_to(acl.OBJECTS_ADD): response = parse_bulk_upload(request, parse_row_to_bound_object_form, add_new_handler_object_via_bulk, formdict) secondary_data_array = response.get('secondary') if secondary_data_array: latest_secondary_data = secondary_data_array[-1] class_type = class_from_id(latest_secondary_data['type'], latest_secondary_data['id']) subscription = { 'type': latest_secondary_data['type'], 'id': latest_secondary_data['id'], 'value': latest_secondary_data['id'] } object_listing_html = render_to_string( 'objects_listing_widget.html', { 'objects': class_type.sort_objects(), 'subscription': subscription }, RequestContext(request)) response['html'] = object_listing_html is_relationship_made = False for secondary_data in secondary_data_array: if secondary_data.get('relationships'): is_relationship_made = True break if is_relationship_made == True: rel_html = render_to_string( 'relationships_listing_widget.html', { 'relationship': subscription, 'relationships': class_type.sort_relationships(request.user, meta=True) }, RequestContext(request)) response['rel_msg'] = rel_html response['rel_made'] = True return HttpResponse(json.dumps(response, default=json_handler), content_type="application/json") else: is_prevent_initial_table = request.GET.get('isPreventInitialTable', False) is_use_item_source = request.GET.get('useItemSource', False) if is_use_item_source == True or is_use_item_source == "true": otype = request.GET.get('otype') oid = request.GET.get('oid') # Get the item with the type and ID from the database obj = class_from_id(otype, oid) if obj: source_field_name = get_source_field_for_class(otype) if source_field_name: # If the item has a source, then use the source value # to set as the default source if hasattr(obj, "source"): source_field = get_field_from_label("source", formdict) earliest_source = None earliest_date = None # Get the earliest source, compared by date for source in obj.source: for source_instance in source.instances: if earliest_source == None or source_instance.date < earliest_date: earliest_date = source_instance.date earliest_source = source if earliest_source: source_field['initial'] = earliest_source.name return render_to_response( 'bulk_add_object_inline.html', { 'formdict': formdict, 'title': "Bulk Add Objects", 'is_prevent_initial_table': is_prevent_initial_table, 'table_name': 'object_inline' }, RequestContext(request))