X-Git-Url: https://git.mdrn.pl/wolnelektury.git/blobdiff_plain/0cae17bec6d31806615fae59a5b3945016285fbe..40a66c8feb465a5d40035272bfd2b95e9027b7dd:/apps/catalogue/views.py?ds=inline diff --git a/apps/catalogue/views.py b/apps/catalogue/views.py index ad9bde747..d8a61e35e 100644 --- a/apps/catalogue/views.py +++ b/apps/catalogue/views.py @@ -71,12 +71,12 @@ def tags_starting_with(request): def main_page(request): if request.user.is_authenticated(): - extra_where = '(NOT catalogue_tag.category = "set" OR catalogue_tag.user_id = %d)' % request.user.id - else: - extra_where = 'NOT catalogue_tag.category = "set"' + shelves = models.Tag.objects.filter(category='set', user=request.user) + new_set_form = forms.NewSetForm() + extra_where = 'NOT catalogue_tag.category = "set"' tags = models.Tag.objects.usage_for_model(models.Book, counts=True, extra={'where': [extra_where]}) fragment_tags = models.Tag.objects.usage_for_model(models.Fragment, counts=True, - extra={'where': ['catalogue_tag.category = "theme"']}) + extra={'where': ['catalogue_tag.category = "theme"'] + [extra_where]}) categories = split_tags(tags) form = forms.SearchForm() @@ -97,20 +97,22 @@ def book_list(request): def tagged_object_list(request, tags=''): + # Prevent DoS attacks on our database + if len(tags.split('/')) > 6: + raise Http404 + try: tags = models.Tag.get_tag_list(tags) except models.Tag.DoesNotExist: raise Http404 model = models.Book + shelf_is_set = (len(tags) == 1 and tags[0].category == 'set') theme_is_set = any(tag.category == 'theme' for tag in tags) if theme_is_set: model = models.Fragment - - if request.user.is_authenticated(): - extra_where = '(NOT catalogue_tag.category = "set" OR catalogue_tag.user_id = %d)' % request.user.id - else: - extra_where = 'NOT catalogue_tag.category = "set"' + + extra_where = 'NOT catalogue_tag.category = "set"' related_tags = models.Tag.objects.related_for_model(tags, model, counts=True, extra={'where': [extra_where]}) categories = split_tags(related_tags) @@ -120,7 +122,7 @@ def tagged_object_list(request, tags=''): queryset_or_model=model, tags=tags, template_name='catalogue/tagged_object_list.html', - extra_context = {'categories': categories }, + extra_context = {'categories': categories, 'shelf_is_set': shelf_is_set }, ) @@ -129,6 +131,7 @@ def book_detail(request, slug): tags = list(book.tags.filter(~Q(category='set'))) categories = split_tags(tags) + form = forms.SearchForm() return render_to_response('catalogue/book_detail.html', locals(), context_instance=RequestContext(request)) @@ -221,7 +224,11 @@ def new_set(request): new_set_form = forms.NewSetForm(request.POST) if new_set_form.is_valid(): new_set = new_set_form.save(request.user) - return HttpResponse(u'
PóÅka %s zostaÅa utworzona
' % new_set) + + if request.is_ajax(): + return HttpResponse(u'PóÅka %s zostaÅa utworzona
' % new_set) + else: + return HttpResponseRedirect('/') return render_to_response('catalogue/book_sets.html', locals(), context_instance=RequestContext(request)) @@ -232,9 +239,13 @@ def new_set(request): def delete_shelf(request, slug): user_set = get_object_or_404(models.Tag, slug=slug, category='set', user=request.user) user_set.delete() - return HttpResponse(u'PóÅka %s zostaÅa usuniÄta
' % user_set.name) - + if request.is_ajax(): + return HttpResponse(u'PóÅka %s zostaÅa usuniÄta
' % user_set.name) + else: + return HttpResponseRedirect('/') + + @login_required def user_shelves(request): shelves = models.Tag.objects.filter(category='set', user=request.user)