def workbook(request, workbook_id=0): template = 'workbooks/workbook.html' command = request.path.rsplit('/',1)[1] if request.method == "POST" : if command == "create" : workbook_model = Workbook.createDefault(name="Untitled Workbook", description="", user=request.user) elif command == "edit" : workbook_model = Workbook.edit(id=workbook_id, name=request.POST.get('name'), description=request.POST.get('description')) elif command == "copy" : workbook_model = Workbook.copy(id=workbook_id, user=request.user) elif command == "delete" : Workbook.destroy(id=workbook_id) if command == "delete": redirect_url = reverse('workbooks') return redirect(redirect_url) else : redirect_url = reverse('workbook_detail', kwargs={'workbook_id':workbook_model.id}) return redirect(redirect_url) elif request.method == "GET" : if workbook_id: try : ownedWorkbooks = request.user.workbook_set.all().filter(active=True) sharedWorkbooks = Workbook.objects.filter(shared__matched_user=request.user, shared__active=True, active=True) publicWorkbooks = Workbook.objects.all().filter(is_public=True,active=True) workbooks = ownedWorkbooks | sharedWorkbooks | publicWorkbooks workbooks = workbooks.distinct() workbook_model = workbooks.get(id=workbook_id) workbook_model.worksheets = workbook_model.get_deep_worksheets() is_shareable = workbook_model.is_shareable(request) shared = None if workbook_model.owner.id != request.user.id and not workbook_model.is_public: shared = request.user.shared_resource_set.get(workbook__id=workbook_id) plot_types = Analysis.get_types() return render(request, template, {'workbook' : workbook_model, 'datatypes' : get_gene_datatypes(), 'is_shareable': is_shareable, 'shared' : shared, 'plot_types' : plot_types}) except ObjectDoesNotExist: redirect_url = reverse('workbooks') return redirect(redirect_url) else : redirect_url = reverse('workbooks') return redirect(redirect_url)
def workbook(request, workbook_id=0): template = 'workbooks/workbook.html' command = request.path.rsplit('/',1)[1] if request.method == "POST": if command == "create": workbook_model = Workbook.createDefault(name="Untitled Workbook", description="", user=request.user) elif command == "edit": workbook_name = request.POST.get('name') workbook_desc = request.POST.get('description') whitelist = re.compile(WHITELIST_RE, re.UNICODE) match_name = whitelist.search(unicode(workbook_name)) match_desc = whitelist.search(unicode(workbook_desc)) if match_name or match_desc: # XSS risk, log and fail this cohort save matches = "" fields = "" if match_name: match_name = whitelist.findall(unicode(workbook_name)) logger.error('[ERROR] While saving a workbook, saw a malformed name: ' + workbook_name + ', characters: ' + match_name.__str__()) matches = "name contains" fields = "name" if match_desc: match_desc = whitelist.findall(unicode(workbook_desc)) logger.error('[ERROR] While saving a workbook, saw a malformed description: ' + workbook_desc + ', characters: ' + match_desc.__str__()) matches = "name and description contain" if match_name else "description contains" fields += (" and description" if match_name else "description") err_msg = "Your workbook's %s invalid characters; please choose another %s." % (matches, fields,) messages.error(request, err_msg) redirect_url = reverse('workbook_detail', kwargs={'workbook_id':workbook_id}) return redirect(redirect_url) workbook_model = Workbook.edit(id=workbook_id, name=workbook_name, description=workbook_desc) elif command == "copy": workbook_model = Workbook.copy(id=workbook_id, user=request.user) elif command == "delete": Workbook.destroy(id=workbook_id) if command == "delete": redirect_url = reverse('workbooks') else: redirect_url = reverse('workbook_detail', kwargs={'workbook_id':workbook_model.id}) return redirect(redirect_url) elif request.method == "GET" : if workbook_id: try : ownedWorkbooks = request.user.workbook_set.all().filter(active=True) sharedWorkbooks = Workbook.objects.filter(shared__matched_user=request.user, shared__active=True, active=True) publicWorkbooks = Workbook.objects.all().filter(is_public=True,active=True) workbooks = ownedWorkbooks | sharedWorkbooks | publicWorkbooks workbooks = workbooks.distinct() workbook_model = workbooks.get(id=workbook_id) workbook_model.worksheets = workbook_model.get_deep_worksheets() is_shareable = workbook_model.is_shareable(request) shared = None if workbook_model.owner.id != request.user.id and not workbook_model.is_public: shared = request.user.shared_resource_set.get(workbook__id=workbook_id) plot_types = Analysis.get_types() return render(request, template, {'workbook' : workbook_model, 'datatypes' : get_gene_datatypes(), 'is_shareable': is_shareable, 'shared' : shared, 'plot_types' : plot_types}) except ObjectDoesNotExist: redirect_url = reverse('workbooks') return redirect(redirect_url) else : redirect_url = reverse('workbooks') return redirect(redirect_url)
def workbook(request, workbook_id=0): template = 'workbooks/workbook.html' command = request.path.rsplit('/', 1)[1] workbook_model = None try: if request.method == "POST": if command == "create": workbook_model = Workbook.createDefault( name="Untitled Workbook", description="", user=request.user) elif command == "edit": # Truncate incoming name and desc fields in case someone tried to send ones which were too long workbook_name = request.POST.get('name')[0:2000] workbook_desc = request.POST.get('description')[0:2000] workbook_build = request.POST.get('build') blacklist = re.compile(BLACKLIST_RE, re.UNICODE) match_name = blacklist.search(unicode(workbook_name)) match_desc = blacklist.search(unicode(workbook_desc)) if match_name or match_desc: # XSS risk, log and fail this cohort save matches = "" fields = "" if match_name: match_name = blacklist.findall(unicode(workbook_name)) logger.error( '[ERROR] While saving a workbook, saw a malformed name: ' + workbook_name + ', characters: ' + str(match_name)) matches = "name contains" fields = "name" if match_desc: match_desc = blacklist.findall(unicode(workbook_desc)) logger.error( '[ERROR] While saving a workbook, saw a malformed description: ' + workbook_desc + ', characters: ' + str(match_desc)) matches = "name and description contain" if match_name else "description contains" fields += (" and description" if match_name else "description") err_msg = "Your workbook's %s invalid characters; please choose another %s." % ( matches, fields, ) messages.error(request, err_msg) redirect_url = reverse('workbook_detail', kwargs={'workbook_id': workbook_id}) return redirect(redirect_url) workbook_model = Workbook.edit(id=workbook_id, name=workbook_name, description=workbook_desc, build=workbook_build) elif command == "copy": workbook_model = Workbook.copy(id=workbook_id, user=request.user) elif command == "delete": Workbook.destroy(id=workbook_id) if command == "delete": redirect_url = reverse('workbooks') else: redirect_url = reverse( 'workbook_detail', kwargs={'workbook_id': workbook_model.id}) return redirect(redirect_url) elif request.method == "GET": if workbook_id: try: ownedWorkbooks = request.user.workbook_set.filter( active=True) sharedWorkbooks = Workbook.objects.filter( shared__matched_user=request.user, shared__active=True, active=True) publicWorkbooks = Workbook.objects.filter(is_public=True, active=True) workbooks = ownedWorkbooks | sharedWorkbooks | publicWorkbooks workbooks = workbooks.distinct() workbook_model = workbooks.get(id=workbook_id) workbook_model.worksheets = workbook_model.get_deep_worksheets( ) is_shareable = workbook_model.is_shareable(request) shared = None if workbook_model.owner.id != request.user.id and not workbook_model.is_public: shared = request.user.shared_resource_set.get( workbook__id=workbook_id) plot_types = Analysis.get_types() return render( request, template, { 'workbook': workbook_model, 'datatypes': get_gene_datatypes( workbook_model.build), 'is_shareable': is_shareable, 'shared': shared, 'plot_types': plot_types }) except ObjectDoesNotExist: redirect_url = reverse('workbooks') return redirect(redirect_url) else: redirect_url = reverse('workbooks') return redirect(redirect_url) except Exception as e: logger.error("[ERROR] Exception when viewing a workbook: ") logger.exception(e) messages.error( request, "An error was encountered while trying to view this workbook.") finally: redirect_url = reverse('workbooks') return redirect(redirect_url)