Remove relate to referrer for tag/custom column allow / deny dialog

4 years ago · 7849f2fb4b
parent 2d3ae71a3d
commit 7849f2fb4b
3 changed files with 46 additions and 48 deletions
--- a/cps/admin.py
+++ b/cps/admin.py
@ -250,10 +250,11 @@ def list_domain(allow):
    response.headers["Content-Type"] = "application/json; charset=utf-8"
    return response
-@admi.route("/ajax/editrestriction/<int:res_type>", methods=['POST'])
+@admi.route("/ajax/editrestriction/<int:res_type>", defaults={"user":0}, methods=['POST'])
@admi.route("/ajax/editrestriction/<int:res_type>/<int:user>", methods=['POST'])
@login_required
@admin_required
-def edit_restriction(res_type):
+def edit_restriction(res_type, user):
    element = request.form.to_dict()
    if element['id'].startswith('a'):
        if res_type == 0:  # Tags as template
@ -267,8 +268,8 @@ def edit_restriction(res_type):
            config.config_allowed_column_value = ','.join(elementlist)
            config.save()
        if res_type == 2:  # Tags per user
-            usr_id = os.path.split(request.referrer)[-1]
+            usr_id = user
-            if usr_id.isdigit() == True:
+            if isinstance(usr_id, int):
                usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first()
            else:
                usr = current_user
@ -277,8 +278,8 @@ def edit_restriction(res_type):
            usr.allowed_tags = ','.join(elementlist)
            ub.session.commit()
        if res_type == 3:  # CColumn per user
-            usr_id = os.path.split(request.referrer)[-1]
+            usr_id = user
-            if usr_id.isdigit() == True:
+            if isinstance(usr_id, int):
                usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first()
            else:
                usr = current_user
@ -298,8 +299,8 @@ def edit_restriction(res_type):
            config.config_denied_column_value = ','.join(elementlist)
            config.save()
        if res_type == 2:  # Tags per user
-            usr_id = os.path.split(request.referrer)[-1]
+            usr_id = user
-            if usr_id.isdigit() == True:
+            if isinstance(usr_id, int):
                usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first()
            else:
                usr = current_user
@ -308,8 +309,8 @@ def edit_restriction(res_type):
            usr.denied_tags = ','.join(elementlist)
            ub.session.commit()
        if res_type == 3:  # CColumn per user
-            usr_id = os.path.split(request.referrer)[-1]
+            usr_id = user
-            if usr_id.isdigit() == True:
+            if isinstance(usr_id, int):
                usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first()
            else:
                usr = current_user
@ -335,10 +336,11 @@ def restriction_deletion(element, list_func):
    return ','.join(elementlist)
-@admi.route("/ajax/addrestriction/<int:res_type>", methods=['POST'])
+@admi.route("/ajax/addrestriction/<int:res_type>", defaults={"user_id":0}, methods=['POST'])
@admi.route("/ajax/addrestriction/<int:res_type>/<int:user_id>", methods=['POST'])
@login_required
@admin_required
-def add_restriction(res_type):
+def add_restriction(res_type, user_id):
    element = request.form.to_dict()
    if res_type == 0:  # Tags as template
        if 'submit_allow' in element:
@ -355,9 +357,8 @@ def add_restriction(res_type):
            config.config_denied_column_value = restriction_addition(element, config.list_allowed_column_values)
            config.save()
    if res_type == 2:  # Tags per user
-        usr_id = os.path.split(request.referrer)[-1]
+        if isinstance(user_id, int):
-        if usr_id.isdigit() == True:
+            usr = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first()
            usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first()
        else:
            usr = current_user
        if 'submit_allow' in element:
@ -367,9 +368,8 @@ def add_restriction(res_type):
            usr.denied_tags = restriction_addition(element, usr.list_denied_tags)
            ub.session.commit()
    if res_type == 3:  # CustomC per user
-        usr_id = os.path.split(request.referrer)[-1]
+        if isinstance(user_id, int):
-        if usr_id.isdigit() == True:
+            usr = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first()
            usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first()
        else:
            usr = current_user
        if 'submit_allow' in element:
@ -380,10 +380,11 @@ def add_restriction(res_type):
            ub.session.commit()
    return ""
-@admi.route("/ajax/deleterestriction/<int:res_type>", methods=['POST'])
+@admi.route("/ajax/deleterestriction/<int:res_type>", defaults={"user_id":0}, methods=['POST'])
@admi.route("/ajax/deleterestriction/<int:res_type>/<int:user_id>", methods=['POST'])
@login_required
@admin_required
-def delete_restriction(res_type):
+def delete_restriction(res_type, user_id):
    element = request.form.to_dict()
    if res_type == 0:  # Tags as template
        if element['id'].startswith('a'):
@ -400,9 +401,8 @@ def delete_restriction(res_type):
            config.config_denied_column_value = restriction_deletion(element, config.list_denied_column_values)
            config.save()
    elif res_type == 2:  # Tags per user
-        usr_id = os.path.split(request.referrer)[-1]
+        if isinstance(user_id, int):
-        if usr_id.isdigit() == True:
+            usr = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first()
            usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first()
        else:
            usr = current_user
        if element['id'].startswith('a'):
@ -412,9 +412,8 @@ def delete_restriction(res_type):
            usr.denied_tags = restriction_deletion(element, usr.list_denied_tags)
            ub.session.commit()
    elif res_type == 3:  # Columns per user
-        usr_id = os.path.split(request.referrer)[-1]
+        if isinstance(user_id, int):
-        if usr_id.isdigit() == True:    # select current user if admins are editing their own rights
+            usr = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first()
            usr = ub.session.query(ub.User).filter(ub.User.id == int(usr_id)).first()
        else:
            usr = current_user
        if element['id'].startswith('a'):
@ -425,11 +424,11 @@ def delete_restriction(res_type):
            ub.session.commit()
    return ""
-
+@admi.route("/ajax/listrestriction/<int:res_type>", defaults={"user_id":0})
-@admi.route("/ajax/listrestriction/<int:res_type>")
+@admi.route("/ajax/listrestriction/<int:res_type>/<int:user_id>")
@login_required
@admin_required
-def list_restriction(res_type):
+def list_restriction(res_type, user_id):
    if res_type == 0:   # Tags as template
        restrict = [{'Element': x, 'type':_('Deny'), 'id': 'd'+str(i) }
                    for i,x in enumerate(config.list_denied_tags()) if x != '' ]
@ -443,9 +442,8 @@ def list_restriction(res_type):
                 for i,x in enumerate(config.list_allowed_column_values()) if x != '']
        json_dumps = restrict + allow
    elif res_type == 2:  # Tags per user
-        usr_id = os.path.split(request.referrer)[-1]
+        if isinstance(user_id, int):
-        if usr_id.isdigit() == True:
+            usr = ub.session.query(ub.User).filter(ub.User.id == user_id).first()
            usr = ub.session.query(ub.User).filter(ub.User.id == usr_id).first()
        else:
            usr = current_user
        restrict = [{'Element': x, 'type':_('Deny'), 'id': 'd'+str(i) }
@ -454,9 +452,8 @@ def list_restriction(res_type):
                 for i,x in enumerate(usr.list_allowed_tags()) if x != '']
        json_dumps = restrict + allow
    elif res_type == 3:  # CustomC per user
-        usr_id = os.path.split(request.referrer)[-1]
+        if isinstance(user_id, int):
-        if usr_id.isdigit() == True:
+            usr = ub.session.query(ub.User).filter(ub.User.id==user_id).first()
            usr = ub.session.query(ub.User).filter(ub.User.id==usr_id).first()
        else:
            usr = current_user
        restrict = [{'Element': x, 'type':_('Deny'), 'id': 'd'+str(i) }
--- a/cps/static/js/table.js
+++ b/cps/static/js/table.js
@ -253,14 +253,14 @@ $(function() {
        $("#h3").addClass("hidden");
        $("#h4").addClass("hidden");
    });
-    function startTable(type) {
+    function startTable(type, user_id) {
        var pathname = document.getElementsByTagName("script"), src = pathname[pathname.length - 1].src;
        var path = src.substring(0, src.lastIndexOf("/"));
        $("#restrict-elements-table").bootstrapTable({
            formatNoMatches: function () {
                return "";
            },
-            url: path + "/../../ajax/listrestriction/" + type,
+            url: path + "/../../ajax/listrestriction/" + type + "/" + user_id,
            rowStyle: function(row) {
                // console.log('Reihe :' + row + " Index :" + index);
                if (row.id.charAt(0) === "a") {
@ -274,13 +274,13 @@ $(function() {
                    $.ajax ({
                        type: "Post",
                        data: "id=" + row.id + "&type=" + row.type + "&Element=" + encodeURIComponent(row.Element),
-                        url: path + "/../../ajax/deleterestriction/" + type,
+                        url: path + "/../../ajax/deleterestriction/" + type + "/" + user_id,
                        async: true,
                        timeout: 900,
                        success:function() {
                            $.ajax({
                                method:"get",
-                                url: path + "/../../ajax/listrestriction/" + type,
+                                url: path + "/../../ajax/listrestriction/" + type + "/" + user_id,
                                async: true,
                                timeout: 900,
                                success:function(data) {
@ -296,7 +296,7 @@ $(function() {
        $("#restrict-elements-table").removeClass("table-hover");
        $("#restrict-elements-table").on("editable-save.bs.table", function (e, field, row) {
            $.ajax({
-                url: path + "/../../ajax/editrestriction/" + type,
+                url: path + "/../../ajax/editrestriction/" + type + "/" + user_id,
                type: "Post",
                data: row
            });
@ -304,13 +304,13 @@ $(function() {
        $("[id^=submit_]").click(function() {
            $(this)[0].blur();
            $.ajax({
-                url: path + "/../../ajax/addrestriction/" + type,
+                url: path + "/../../ajax/addrestriction/" + type + "/" + user_id,
                type: "Post",
                data: $(this).closest("form").serialize() + "&" + $(this)[0].name + "=",
                success: function () {
                    $.ajax ({
                        method:"get",
-                        url: path + "/../../ajax/listrestriction/" + type,
+                        url: path + "/../../ajax/listrestriction/" + type + "/" + user_id,
                        async: true,
                        timeout: 900,
                        success:function(data) {
@ -323,21 +323,21 @@ $(function() {
        });
    }
    $("#get_column_values").on("click", function() {
-        startTable(1);
+        startTable(1, 0);
        $("#h2").removeClass("hidden");
    });
    $("#get_tags").on("click", function() {
-        startTable(0);
+        startTable(0, 0);
        $("#h1").removeClass("hidden");
    });
    $("#get_user_column_values").on("click", function() {
-        startTable(3);
+        startTable(3, $(this).data('id'));
        $("#h4").removeClass("hidden");
    });
    $("#get_user_tags").on("click", function() {
-        startTable(2);
+        startTable(2,  $(this).data('id'));
        $(this)[0].blur();
        $("#h3").removeClass("hidden");
    });
--- a/cps/templates/user_edit.html
+++ b/cps/templates/user_edit.html
@ -11,6 +11,7 @@
    </div>
    {% endif %}
    <div class="form-group">
      <label for="email">{{_('E-mail Address')}}</label>
      <label for="email">{{_('E-mail Address')}}</label>
      <input type="email" class="form-control" name="email" id="email" value="{{ content.email if content.email != None }}" autocomplete="off">
    </div>
@ -82,8 +83,8 @@
          <label for="Show_detail_random">{{_('Show Random Books in Detail View')}}</label>
      </div>
      {% if ( g.user and g.user.role_admin() and not new_user ) %}
-      <a href="#" id="get_user_tags" class="btn btn-default" data-toggle="modal" data-target="#restrictModal">{{_('Add Allowed/Denied Tags')}}</a>
+      <a href="#" id="get_user_tags" class="btn btn-default" data-id="{{content.id}}" data-toggle="modal" data-target="#restrictModal">{{_('Add Allowed/Denied Tags')}}</a>
-      <a href="#" id="get_user_column_values" class="btn btn-default" data-toggle="modal" data-target="#restrictModal">{{_('Add allowed/Denied Custom Column Values')}}</a>
+      <a href="#" id="get_user_column_values" data-id="{{content.id}}" class="btn btn-default" data-toggle="modal" data-target="#restrictModal">{{_('Add allowed/Denied Custom Column Values')}}</a>
      {% endif %}
    </div>
      <div class="col-sm-6">