diff options
Diffstat (limited to 'ishtar_common/views.py')
| -rw-r--r-- | ishtar_common/views.py | 74 |
1 files changed, 73 insertions, 1 deletions
diff --git a/ishtar_common/views.py b/ishtar_common/views.py index d6296e02e..e998bf078 100644 --- a/ishtar_common/views.py +++ b/ishtar_common/views.py @@ -20,6 +20,7 @@ import csv import datetime import importlib +from ipware import get_client_ip from jinja2 import TemplateSyntaxError import json import logging @@ -57,13 +58,14 @@ from django.shortcuts import redirect, render, get_object_or_404 from django.urls import reverse, NoReverseMatch from django.utils import timezone, translation from django.utils.decorators import method_decorator +from django.utils.safestring import mark_safe from django.utils.translation import gettext, gettext_lazy as _ from django.views.generic import ListView, TemplateView, View from django.views.generic.edit import CreateView, DeleteView, FormView, UpdateView from extra_views import ModelFormSetView from markdown import markdown -from . import models +from . import models, models_rest from archaeological_context_records.models import ContextRecord from archaeological_files.models import File from archaeological_finds.models import Find, Treatment, TreatmentFile @@ -1529,6 +1531,76 @@ class ProfileEdit(LoginRequiredMixin, FormView): return HttpResponseRedirect(self.get_success_url()) +class GISTokenListView(IshtarMixin, LoginRequiredMixin, ListView): + template_name = "ishtar/gis_token_list.html" + model = models_rest.UserToken + page_name = _("GIS connections") + + def get_queryset(self): + user = self.request.user + if not user.pk or not user.ishtaruser: + raise Http404() + return self.model.objects.all() + + def get_context_data(self, *args, **kwargs): + data = super().get_context_data(*args, **kwargs) + data["instance"] = self.request.build_absolute_uri().split("//")[1].split("/")[0] + models_rest.UserRequestToken.clean_keys() + q = models_rest.UserRequestToken.objects.filter(user=self.request.user) + if q.count(): + user_request = q.all()[0] + data["user_request"] = user_request + data["expiry"] = mark_safe( + str( + _("This key expires in <span id='expire-seconds'>{}</span> seconds.") + ).format(user_request.expiry) + ) + else: + data["request_form"] = forms.GisRequestForm() + return data + + +def gis_token_delete(request, key, current_right=None): + if not current_right or not request.user.ishtaruser: + raise Http404() + q = models_rest.UserToken.objects.filter(user=request.user, key=key) + # if token not found silently redirect to token list + if q.count(): + q.all()[0].delete() + return redirect("gis-token-list") + + +def gis_generate_request_key(request, current_right=None): + if not current_right or not request.user.ishtaruser: + raise Http404() + form = forms.GisRequestForm(request.POST) + if not form.is_valid(): + errors = form.non_field_errors() + put_session_message( + request.session.session_key, + errors, + "warning", + ) + return redirect("gis-token-list") + if not models_rest.UserRequestToken.objects.filter(user=request.user).count(): + models_rest.UserRequestToken.objects.create( + user=request.user, access_type=form.cleaned_data['access_type'], + name=form.cleaned_data.get("name", ""), + limit_date=form.cleaned_data.get('limit_date', None) + ) + return redirect("gis-token-list") + + +def gis_create_token(request, request_key, app_key): + # prevent brut force of bots? + q = models_rest.UserRequestToken.objects.filter(key=request_key) + if not q.count(): + return HttpResponse(content_type="text/plain") + client_ip, __ = get_client_ip(request) + token = q.all()[0].generate_token(app_key, from_ip=client_ip) + return HttpResponse((token and token.key) or "", content_type="text/plain") + + class DynamicModelView: def get_model(self, kwargs): app = kwargs.get("app").replace("-", "_") |