You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2013/12/04 17:42:22 UTC
[5/6] git commit: [#5475] ticket:493 Add CsrfForm and use it instead
of SimpleForm where needed
[#5475] ticket:493 Add CsrfForm and use it instead of SimpleForm where needed
Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/3ca3e1a9
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/3ca3e1a9
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/3ca3e1a9
Branch: refs/heads/master
Commit: 3ca3e1a9dd53812c35b86bc03fb75e05a693c2ec
Parents: 9c4b569
Author: Igor Bondarenko <je...@gmail.com>
Authored: Mon Nov 25 16:15:21 2013 +0200
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Wed Dec 4 15:35:12 2013 +0000
----------------------------------------------------------------------
Allura/allura/ext/admin/widgets.py | 10 ++++++----
Allura/allura/lib/widgets/discuss.py | 4 ++--
Allura/allura/lib/widgets/forms.py | 11 +++++++++++
Allura/allura/lib/widgets/subscriptions.py | 3 ++-
ForgeDiscussion/forgediscussion/widgets/forum_widgets.py | 11 +++++++----
5 files changed, 28 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/3ca3e1a9/Allura/allura/ext/admin/widgets.py
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/admin/widgets.py b/Allura/allura/ext/admin/widgets.py
index 85d9237..8eed0be 100644
--- a/Allura/allura/ext/admin/widgets.py
+++ b/Allura/allura/ext/admin/widgets.py
@@ -110,12 +110,14 @@ class PermissionCard(CardField):
return role._id
-class GroupSettings(ew.SimpleForm):
+class GroupSettings(ff.CsrfForm):
submit_text=None
- class hidden_fields(ew_core.NameList):
- _id = ew.HiddenField(
- validator=V.Ming(M.ProjectRole))
+ @property
+ def hidden_fields(self):
+ f = super(GroupSettings, self).hidden_fields
+ f.append(ew.HiddenField(name='_id', validator=V.Ming(M.ProjectRole)))
+ return f
class fields(ew_core.NameList):
name = ew.InputField(label='Name')
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/3ca3e1a9/Allura/allura/lib/widgets/discuss.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/widgets/discuss.py b/Allura/allura/lib/widgets/discuss.py
index eaec991..151a0c2 100644
--- a/Allura/allura/lib/widgets/discuss.py
+++ b/Allura/allura/lib/widgets/discuss.py
@@ -34,7 +34,7 @@ class NullValidator(fev.FancyValidator):
def _from_python(self, value, state): return value
# Discussion forms
-class ModerateThread(ew.SimpleForm):
+class ModerateThread(ff.CsrfForm):
defaults=dict(
ew.SimpleForm.defaults,
submit_text=None)
@@ -453,6 +453,6 @@ class Discussion(HierWidget):
discussion_header=DiscussionHeader(),
edit_post=EditPost(submit_text='New Topic'),
subscription_form=SubscriptionForm())
-
+
def resources(self):
for r in super(Discussion, self).resources(): yield r
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/3ca3e1a9/Allura/allura/lib/widgets/forms.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/widgets/forms.py b/Allura/allura/lib/widgets/forms.py
index 4e1dae4..d99de0f 100644
--- a/Allura/allura/lib/widgets/forms.py
+++ b/Allura/allura/lib/widgets/forms.py
@@ -957,3 +957,14 @@ class MoveTicketForm(ForgeForm):
self.fields.tracker.options = (
[ew.Option(py_value=v, label=l, selected=s)
for v, l, s in sorted(trackers, key=lambda x: x[1])])
+
+
+class CsrfForm(ew.SimpleForm):
+ @property
+ def hidden_fields(self):
+ return [ew.HiddenField(name='_session_id')]
+ def context_for(self, field):
+ ctx = super(CsrfForm, self).context_for(field)
+ if field.name == '_session_id':
+ ctx['value'] = tg.request.cookies['_session_id']
+ return ctx
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/3ca3e1a9/Allura/allura/lib/widgets/subscriptions.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/widgets/subscriptions.py b/Allura/allura/lib/widgets/subscriptions.py
index a0a1bc3..3f68d58 100644
--- a/Allura/allura/lib/widgets/subscriptions.py
+++ b/Allura/allura/lib/widgets/subscriptions.py
@@ -22,6 +22,7 @@ import ew.jinja2_ew as ew
from allura.lib import validators as V
from allura.lib.widgets import form_fields as ffw
+from allura.lib.widgets.forms import CsrfForm
from allura import model as M
from .form_fields import SubmitButton
@@ -44,7 +45,7 @@ class _SubscriptionTable(ew.TableField):
# unsubscribe = SubmitButton()
subscribed = ew.Checkbox(suppress_label=True)
-class SubscriptionForm(ew.SimpleForm):
+class SubscriptionForm(CsrfForm):
defaults=dict(
ew.SimpleForm.defaults,
submit_text='Save')
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/3ca3e1a9/ForgeDiscussion/forgediscussion/widgets/forum_widgets.py
----------------------------------------------------------------------
diff --git a/ForgeDiscussion/forgediscussion/widgets/forum_widgets.py b/ForgeDiscussion/forgediscussion/widgets/forum_widgets.py
index 5df5370..1b04323 100644
--- a/ForgeDiscussion/forgediscussion/widgets/forum_widgets.py
+++ b/ForgeDiscussion/forgediscussion/widgets/forum_widgets.py
@@ -24,6 +24,7 @@ import ew.jinja2_ew as ew
from allura.lib import validators as V
from allura.lib.widgets import discuss as DW
from allura.lib.widgets import form_fields as ffw
+from allura.lib.widgets.forms import CsrfForm
from allura.lib.widgets.subscriptions import SubscribeForm
from forgediscussion import model as M
@@ -46,7 +47,7 @@ class _ForumsTable(ew.TableField):
subscribed=ew.Checkbox(suppress_label=True, show_label=True)
fields.insert(0, _ForumSummary())
-class ForumSubscriptionForm(ew.SimpleForm):
+class ForumSubscriptionForm(CsrfForm):
class fields(ew_core.NameList):
forums=_ForumsTable()
page_list=ffw.PageList()
@@ -95,22 +96,24 @@ class _ForumSelector(ew.SingleSelectField):
def from_python(self, value, state):
return value.shortname
-class ModerateThread(ew.SimpleForm):
+class ModerateThread(CsrfForm):
submit_text='Save Changes'
class fields(ew_core.NameList):
discussion=_ForumSelector(label='New Forum')
flags=ew.CheckboxSet(options=['Sticky', 'Announcement'])
+
class buttons(ew_core.NameList):
delete=ew.SubmitButton(label='Delete Thread')
-class ModeratePost(ew.SimpleForm):
+
+class ModeratePost(CsrfForm):
submit_text=None
fields=[
ew.FieldSet(legend='Promote post to its own thread', fields=[
ew.TextField(name='subject', label='Thread title'),
ew.SubmitButton(name='promote', label='Promote to thread')])]
-class PromoteToThread(ew.SimpleForm):
+class PromoteToThread(CsrfForm):
submit_text=None
fields=[
ew.TextField(name='subject', label='Thread title'),