def save(request, revision_id, type_id=None):
"""
Save package and modules
@TODO: check how dynamic module loading affects save
"""
revision = get_object_with_related_or_404(PackageRevision, pk=revision_id)
if request.user.pk != revision.author.pk:
log_msg = ("[security] Attempt to save package (%s) by "
"non-owner (%s)" % (revision.pk,
request.user))
log.warning(log_msg)
return HttpResponseForbidden('You are not the author of this Package')
save_revision = False
save_package = False
start_version_name = revision.version_name
start_revision_message = revision.message
response_data = {}
package_full_name = request.POST.get('full_name', False)
jid = request.POST.get('jid', None)
version_name = request.POST.get('version_name', False)
if jid and not validator.is_valid(
'alphanum_plus', jid):
return HttpResponseForbidden(escape(
validator.get_validation_message('alphanum_plus')))
# validate package_full_name and version_name
if version_name and not validator.is_valid(
'alphanum_plus', version_name):
return HttpResponseForbidden(escape(
validator.get_validation_message('alphanum_plus')))
# here we're checking if the *current* full_name is different than the
# revision's full_name
if package_full_name and package_full_name != revision.package.full_name:
try:
revision.set_full_name(package_full_name)
except ValidationError:
return HttpResponseForbidden(escape(
validator.get_validation_message('alphanum_plus_space')))
except IntegrityError:
return HttpResponseForbidden(
'You already have a %s with that name' % escape(
revision.package.get_type_name())
)
else:
save_package = True
save_revision = True
response_data['full_name'] = package_full_name
package_description = request.POST.get('package_description', False)
if package_description:
save_package = True
revision.package.description = package_description
response_data['package_description'] = package_description
extra_json = request.POST.get('package_extra_json')
if extra_json is not None:
# None means it wasn't submitted. We want to accept blank strings.
save_revision = True
try:
revision.set_extra_json(extra_json, save=False)
except JSONDecodeError:
return HttpResponseBadRequest(
'Extra package properties were invalid JSON.')
except IllegalFilenameException, e:
return HttpResponseBadRequest(str(e))
response_data['package_extra_json'] = extra_json
def save(request, id_number, type_id, revision_number=None,
version_name=None):
"""
Save package and modules
@TODO: check how dynamic module loading affects save
"""
revision = get_package_revision(id_number, type_id, revision_number,
version_name)
if request.user.pk != revision.author.pk:
log_msg = ("[security] Attempt to save package (%s) by "
"non-owner (%s)" % (id_number, request.user))
log.warning(log_msg)
return HttpResponseForbidden('You are not the author of this Package')
save_revision = False
save_package = False
start_version_name = revision.version_name
start_revision_message = revision.message
response_data = {}
package_full_name = request.POST.get('full_name', False)
version_name = request.POST.get('version_name', False)
# validate package_full_name and version_name
if version_name and not validator.is_valid(
'alphanum_plus', version_name):
return HttpResponseNotAllowed(escape(
validator.get_validation_message('alphanum_plus')))
# here we're checking if the *current* full_name is different than the
# revision's full_name
if package_full_name and package_full_name != revision.package.full_name:
try:
revision.set_full_name(package_full_name)
except ValidationError:
return HttpResponseNotAllowed(escape(
validator.get_validation_message('alphanum_plus_space')))
except IntegrityError:
return HttpResponseForbidden(
'You already have a %s with that name' % escape(
revision.package.get_type_name())
)
else:
save_package = True
save_revision = True
response_data['full_name'] = package_full_name
package_description = request.POST.get('package_description', False)
if package_description:
save_package = True
revision.package.description = package_description
response_data['package_description'] = package_description
changes = []
for mod in revision.modules.all():
if request.POST.get(mod.filename, False):
code = request.POST[mod.filename]
if mod.code != code:
mod.code = code
changes.append(mod)
for att in revision.attachments.all():
uid = str(att.pk)
if request.POST.get(uid):
att.data = request.POST[uid]
if att.changed():
changes.append(att)
attachments_changed = {}
if save_revision or changes:
try:
revision.save()
except ValidationError, err:
return HttpResponseForbidden(escape(err.__str__()))
def save(request, revision_id, type_id=None):
"""
Save package and modules
@TODO: check how dynamic module loading affects save
"""
revision = get_object_with_related_or_404(PackageRevision, pk=revision_id)
if request.user.pk != revision.author.pk:
log_msg = ("[security] Attempt to save package (%s) by "
"non-owner (%s)" % (revision.pk, request.user))
log.warning(log_msg)
return HttpResponseForbidden('You are not the author of this Package')
save_revision = False
save_package = False
start_version_name = revision.version_name
start_revision_message = revision.message
response_data = {}
package_full_name = request.POST.get('full_name', False)
jid = request.POST.get('jid', None)
version_name = request.POST.get('version_name', False)
if jid and not validator.is_valid('alphanum_plus', jid):
return HttpResponseForbidden(
escape(validator.get_validation_message('alphanum_plus')))
# validate package_full_name and version_name
if version_name and not validator.is_valid('alphanum_plus', version_name):
return HttpResponseForbidden(
escape(validator.get_validation_message('alphanum_plus')))
# here we're checking if the *current* full_name is different than the
# revision's full_name
if package_full_name and package_full_name != revision.package.full_name:
try:
revision.set_full_name(package_full_name)
except ValidationError:
return HttpResponseForbidden(
escape(
validator.get_validation_message('alphanum_plus_space')))
except IntegrityError:
return HttpResponseForbidden(
'You already have a %s with that name' %
escape(revision.package.get_type_name()))
else:
save_package = True
save_revision = True
response_data['full_name'] = package_full_name
package_description = request.POST.get('package_description', False)
if package_description:
save_package = True
revision.package.description = package_description
response_data['package_description'] = package_description
extra_json = request.POST.get('package_extra_json')
if extra_json is not None:
# None means it wasn't submitted. We want to accept blank strings.
save_revision = True
try:
revision.set_extra_json(extra_json, save=False)
except JSONDecodeError:
return HttpResponseBadRequest(
'Extra package properties were invalid JSON.')
except IllegalFilenameException, e:
return HttpResponseBadRequest(str(e))
except KeyNotAllowed, e:
return HttpResponseForbidden(str(e))
def package_save(r, id_number, type_id, revision_number=None, version_name=None):
"""
Save package and modules
@TODO: check how dynamic module loading affects save
"""
revision = get_package_revision(id_number, type_id, revision_number, version_name)
if r.user.pk != revision.author.pk:
log_msg = "Unauthorised attempt to save package. user: %s, package: %s." % (r.user, id_number)
log = commonware.log.getLogger("f.jetpack")
log.debug(log_msg)
return HttpResponseForbidden("You are not the author of this Package")
should_reload = False
save_revision = False
save_package = False
start_version_name = revision.version_name
start_revision_message = revision.message
start_revision_number = revision.revision_number
response_data = {}
package_full_name = r.POST.get("full_name", False)
version_name = r.POST.get("version_name", False)
# validate package_full_name and version_name
if package_full_name and not validator.is_valid("alphanum_plus_space", package_full_name):
return HttpResponseNotAllowed(escape(validator.get_validation_message("alphanum_plus_space")))
if version_name and not validator.is_valid("alphanum_plus", version_name):
return HttpResponseNotAllowed(escape(validator.get_validation_message("alphanum_plus")))
if package_full_name and package_full_name != revision.package.full_name:
try:
# it was erroring as pk=package.pk
# I changed it to pk=revision.package.pk
# TODO: Check if not redundant as it is in model as well
package = Package.objects.exclude(pk=revision.package.pk).get(
full_name=package_full_name, type=revision.package.type, author__username=r.user.username
)
return HttpResponseForbidden(
"You already have a %s with that name" % escape(revision.package.get_type_name())
)
except:
save_package = True
should_reload = True
revision.package.full_name = package_full_name
revision.package.name = None
package_description = r.POST.get("package_description", False)
if package_description:
save_package = True
revision.package.description = package_description
response_data["package_description"] = package_description
modules = []
for mod in revision.modules.all():
if r.POST.get(mod.filename, False):
code = r.POST[mod.filename]
if mod.code != code:
mod.code = code
modules.append(mod)
if modules:
revision.modules_update(modules)
save_revision = False
if save_revision:
revision.save()
revision_message = r.POST.get("revision_message", False)
if revision_message and revision_message != start_revision_message:
revision.message = revision_message
# save revision message without changeing the revision
super(PackageRevision, revision).save()
response_data["revision_message"] = revision_message
if version_name and version_name != start_version_name and version_name != revision.package.version_name:
save_package = False
try:
revision.set_version(version_name)
except Exception, err:
return HttpResponseForbidden(escape(err.__str__()))
def package_save(r, id_number, type_id, revision_number=None,
version_name=None):
"""
Save package and modules
@TODO: check how dynamic module loading affects save
"""
revision = get_package_revision(id_number, type_id, revision_number,
version_name)
if r.user.pk != revision.author.pk:
log_msg = ("[security] Attempt to save package (%s) by "
"non-owner (%s)" % (id_number, r.user))
log.warning(log_msg)
return HttpResponseForbidden('You are not the author of this Package')
save_revision = False
save_package = False
start_version_name = revision.version_name
start_revision_message = revision.message
response_data = {}
package_full_name = r.POST.get('full_name', False)
version_name = r.POST.get('version_name', False)
# validate package_full_name and version_name
if package_full_name and not validator.is_valid(
'alphanum_plus_space', package_full_name):
return HttpResponseNotAllowed(escape(
validator.get_validation_message('alphanum_plus_space')))
if version_name and not validator.is_valid(
'alphanum_plus', version_name):
return HttpResponseNotAllowed(escape(
validator.get_validation_message('alphanum_plus')))
if package_full_name and package_full_name != revision.package.full_name:
revision.package.full_name = package_full_name
# in FlightDeck, libraries can have the same name, by different authors
try:
Package.objects.get(author=revision.package.author,
name=revision.package.make_name())
return HttpResponseForbidden(
'You already have a %s with that name' % escape(
revision.package.get_type_name())
)
except Package.DoesNotExist:
save_package = True
response_data['full_name'] = package_full_name
package_description = r.POST.get('package_description', False)
if package_description:
save_package = True
revision.package.description = package_description
response_data['package_description'] = package_description
changes = []
for mod in revision.modules.all():
if r.POST.get(mod.filename, False):
code = r.POST[mod.filename]
if mod.code != code:
mod.code = code
changes.append(mod)
for att in revision.attachments.all():
uid = str(att.pk)
if r.POST.get(uid):
att.data = r.POST[uid]
if att.changed():
changes.append(att)
attachments_changed = {}
if save_revision or changes:
revision.save()
if changes:
attachments_changed = simplejson.dumps(
revision.updates(changes, save=False))
revision_message = r.POST.get('revision_message', False)
if revision_message and revision_message != start_revision_message:
revision.message = revision_message
# save revision message without changeing the revision
super(PackageRevision, revision).save()
response_data['revision_message'] = revision_message
if version_name and version_name != start_version_name \
and version_name != revision.package.version_name:
save_package = False
try:
revision.set_version(version_name)
except Exception, err:
return HttpResponseForbidden(escape(err.__str__()))