Imports: manage model limitation (don't create items not in the list)

1 files changed, 14 insertions, 2 deletions

diff --git a/ishtar_common/models.py b/ishtar_common/models.py
index 6cf5bff7d..c27f9cc29 100644
--- a/ishtar_common/models.py
+++ b/ishtar_common/models.py
@@ -35,7 +35,8 @@ import zipfile
 
 from django.conf import settings
 from django.core.cache import cache
-from django.core.exceptions import ObjectDoesNotExist, ValidationError
+from django.core.exceptions import ObjectDoesNotExist, ValidationError, \
+    SuspiciousOperation
 from django.core.files import File
 from django.core.files.uploadedfile import SimpleUploadedFile
 from django.core.validators import validate_slug
@@ -1723,9 +1724,16 @@ def get_model_fields(model):
 
 
 def import_class(full_path_classname):
+    """
+    Return the model class from the full path
+    TODO: add a white list for more security
+    """
     mods = full_path_classname.split('.')
     if len(mods) == 1:
         mods = ['ishtar_common', 'models', mods[0]]
+    elif 'models' not in mods:
+        raise SuspiciousOperation(
+            u"Try to import a non model from a string")
     module = import_module('.'.join(mods[:-1]))
     return getattr(module, mods[-1])
 
@@ -1820,9 +1828,13 @@ class ImporterType(models.Model):
         UNICITY_KEYS = []
         if self.unicity_keys:
             UNICITY_KEYS = [un.strip() for un in self.unicity_keys.split(';')]
+        MODEL_CREATION_LIMIT = []
+        for modls in self.created_models.all():
+            MODEL_CREATION_LIMIT.append(import_class(modls.klass))
         args = {'OBJECT_CLS': OBJECT_CLS, 'DESC': self.description,
                 'DEFAULTS': DEFAULTS, 'LINE_FORMAT': LINE_FORMAT,
-                'UNICITY_KEYS': UNICITY_KEYS}
+                'UNICITY_KEYS': UNICITY_KEYS,
+                'MODEL_CREATION_LIMIT': MODEL_CREATION_LIMIT}
         name = str(''.join(
             x for x in slugify(self.name).replace('-', ' ').title()
             if not x.isspace()))