view libervia/pages/lists/view/page_meta.py @ 1479:095e94ca6728

pages: disable CSRF token check when service profile is used: CSRF token check doesn't make sense when no user is logged in, and it causes trouble for caching. fix 400
author Goffi <goffi@goffi.org>
date Fri, 22 Oct 2021 16:04:23 +0200
parents 915c7c2f1729
children 595e7fef41f3
line wrap: on
line source

#!/usr/bin/env python3

from sat.tools.common import template_xmlui
from sat.tools.common import data_objects
from sat.tools.common import data_format
from sat.core.log import getLogger
from sat_frontends.bridge.bridge_frontend import BridgeException
from libervia.server.constants import Const as C

log = getLogger(__name__)

name = "lists"
access = C.PAGES_ACCESS_PUBLIC
template = "list/overview.html"


def parse_url(self, request):
    self.getPathArgs(request, ["service", "node"], service="jid")
    data = self.getRData(request)
    service, node = data["service"], data["node"]
    if node is None:
        self.HTTPRedirect(request, self.getPageByName("lists_disco").url)
    if node == "@":
        node = data["node"] = ""
    template_data = request.template_data
    template_data["url_list_items"] = self.getURL(service.full(), node or "@")
    template_data["url_list_new"] = self.getPageByName("list_new").getURL(
        service.full(), node or "@")


async def prepare_render(self, request):
    data = self.getRData(request)
    template_data = request.template_data
    service, node = data["service"], data["node"]
    submitted_node = await self.host.bridgeCall(
        "psSchemaSubmittedNodeGet",
        node or self.host.ns_map["tickets"]
    )
    profile = self.getProfile(request) or C.SERVICE_PROFILE

    self.checkCache(request, C.CACHE_PUBSUB, service=service, node=node, short="tickets")

    try:
        lists_types = self.getPageData(request, "lists_types")
        if lists_types is None:
            lists_types = {}
            self.setPageData(request, "lists_types", lists_types)
        list_type = lists_types[(service, node)]
    except KeyError:
        ns_tickets_type = self.host.ns_map["tickets_type"]
        schema_raw = await self.host.bridgeCall(
            "psSchemaDictGet",
            service.full(),
            submitted_node,
            profile
        )
        schema = data_format.deserialise(schema_raw)
        try:
            list_type_field = next(
                f for f in schema["fields"] if f["type"] == "hidden"
                and f.get("name") == ns_tickets_type
            )
        except StopIteration:
            list_type = lists_types[(service, node)] = None
        else:
            if list_type_field.get("value") is None:
                list_type = None
            else:
                list_type = list_type_field["value"].lower().strip()
            lists_types[(service, node)] = list_type

    data["list_type"] = template_data["list_type"] = list_type

    extra = self.getPubsubExtra(request)
    extra["labels_as_list"] = C.BOOL_TRUE
    self.handleSearch(request, extra)

    list_raw = await self.host.bridgeCall(
        "listGet",
        service.full() if service else "",
        node,
        C.NO_LIMIT,
        [],
        "",
        extra,
        profile,
    )
    if profile != C.SERVICE_PROFILE:
        try:
            affiliations = await self.host.bridgeCall(
                "psNodeAffiliationsGet",
                service.full() if service else "",
                submitted_node,
                profile
            )
        except BridgeException as e:
            log.warning(
                f"Can't get affiliations for node {submitted_node!r} at {service}: {e}"
            )
            template_data["owner"] = False
        else:
            is_owner = affiliations.get(self.getJid(request).userhost()) == 'owner'
            template_data["owner"] = is_owner
            if is_owner:
                self.exposeToScripts(
                    request,
                    affiliations={str(e): str(a) for e, a in affiliations.items()}
                )
    else:
        template_data["owner"] = False

    list_items, metadata = data_format.deserialise(list_raw, type_check=list)
    template_data["list_items"] = [
        template_xmlui.create(self.host, x) for x in list_items
    ]
    view_url = self.getPageByName('list_view').getURL(service.full(), node or '@')
    template_data["on_list_item_click"] = data_objects.OnClick(
        url=f"{view_url}/{{item.id}}"
    )
    self.setPagination(request, metadata)
    self.exposeToScripts(
        request,
        lists_ns=self.host.ns_map["tickets"],
        pubsub_service=service.full(),
        pubsub_node=node,
        list_type=list_type,
    )


async def on_data_post(self, request):
    data = self.getRData(request)
    profile = self.getProfile(request)
    service = data["service"]
    node = data["node"]
    list_type = self.getPostedData(request, ("type",))
    if list_type == "grocery":
        name, quantity = self.getPostedData(request, ("name", "quantity"))
        if not name:
            self.pageError(request, C.HTTP_BAD_REQUEST)
        item_data = {
            "name": [name],
        }
        if quantity:
            item_data["quantity"] = [quantity]
        await self.host.bridgeCall(
            "listSet", service.full(), node, item_data, "", "", "", profile
        )
        return C.POST_NO_CONFIRM
    else:
        raise NotImplementedError(
            f"Can't use quick list item set for list of type {list_type!r}"
        )