Mercurial > farol > farol

comparison farol/producttree.py @ 78:264d4579f6bf

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
More input validation
author Benoît Allard <benoit.allard@greenbone.net>
date Thu, 09 Oct 2014 12:15:52 +0200
parents ce49bd1512dd
children c00f20bd90ba
comparison
equal deleted inserted replaced
77:641a2b589613 78:264d4579f6bf
63 @producttree_required 63 @producttree_required
64 def edit_branch(path): 64 def edit_branch(path):
65 path = [int(p) for p in path.split('/')] 65 path = [int(p) for p in path.split('/')]
66 cvrf = get_current() 66 cvrf = get_current()
67 ptree = cvrf._producttree 67 ptree = cvrf._producttree
68 try: 68 try: branch = cvrf._producttree.getBranch(path)
69 branch = cvrf._producttree.getBranch(path) 69 except (ValueError, IndexError): abort(404)
70 except ValueError:
71 abort(404)
72 if request.method != 'POST': 70 if request.method != 'POST':
73 branches = [('', '')] + [(b.getName(), b.getPath(True)) for b in ptree.getNotTerminalBranches(branch)] 71 branches = [('', '')] + [(b.getName(), b.getPath(True)) for b in ptree.getNotTerminalBranches(branch)]
74 return render_template('producttree/edit_branch.j2', branch=branch, branches=branches, types=branch.TYPES) 72 return render_template('producttree/edit_branch.j2', branch=branch, branches=branches, types=branch.TYPES)
75 73
76 pbranch = ptree 74 pbranch = ptree
77 if request.form['parent']: 75 if request.form['parent']:
78 pbranch = ptree.getBranch([int(p) for p in request.form['parent'].split('/')]) 76 try: pbranch = ptree.getBranch([int(p) for p in request.form['parent'].split('/')])
77 except (ValueError, IndexError): abort(404)
79 78
80 if pbranch is not branch.getParent(): 79 if pbranch is not branch.getParent():
81 # We have to 're-link' the element ... 80 # We have to 're-link' the element ...
82 # 1. unlink 81 # 1. unlink
83 branch.unlink() 82 branch.unlink()
100 branches = [('', '')] + [(b.getName(), b.getPath(True)) for b in ptree.getNotTerminalBranches()] 99 branches = [('', '')] + [(b.getName(), b.getPath(True)) for b in ptree.getNotTerminalBranches()]
101 return render_template('producttree/edit_branch.j2', branch=CVRFProductBranch('', '', ptree), action='Add', branches=branches, types=CVRFProductBranch.TYPES) 100 return render_template('producttree/edit_branch.j2', branch=CVRFProductBranch('', '', ptree), action='Add', branches=branches, types=CVRFProductBranch.TYPES)
102 101
103 pbranch = ptree 102 pbranch = ptree
104 if request.form['parent']: 103 if request.form['parent']:
105 pbranch = ptree.getBranch([int(p) for p in request.form['parent'].split('/')]) 104 try: pbranch = ptree.getBranch([int(p) for p in request.form['parent'].split('/')])
105 except (ValueError, IndexError): abort(404)
106 branch = CVRFProductBranch(request.form['type'], request.form['name'], pbranch) 106 branch = CVRFProductBranch(request.form['type'], request.form['name'], pbranch)
107 ptree.addBranch(branch) 107 ptree.addBranch(branch)
108 return redirect(url_for('.view')) 108 return redirect(url_for('.view'))
109 109
110 @producttree.route('/product/<productid>') 110 @producttree.route('/product/<productid>')
141 flash('Cannot set a parent branch and parent relationship', 'danger') 141 flash('Cannot set a parent branch and parent relationship', 'danger')
142 return redirect(url_for('.edit_product', productid=productid)) 142 return redirect(url_for('.edit_product', productid=productid))
143 143
144 oldp = product._parent 144 oldp = product._parent
145 if request.form['parent_branch']: 145 if request.form['parent_branch']:
146 pbranch = ptree.getBranch([int(p) for p in request.form['parent_branch'].split('/')]) 146 try: pbranch = ptree.getBranch([int(p) for p in request.form['parent_branch'].split('/')])
147 except (ValueError, IndexError): abort(404)
147 if pbranch is not oldp: 148 if pbranch is not oldp:
148 # Gonna be funny, needs re-link 149 # Gonna be funny, needs re-link
149 product.unlink() 150 product.unlink()
150 product._parent = pbranch 151 product._parent = pbranch
151 ptree.addProduct(product) 152 ptree.addProduct(product)
183 flash('Cannot set a parent branch and parent relationship', 'danger') 184 flash('Cannot set a parent branch and parent relationship', 'danger')
184 return redirect(url_for('.add_product')) 185 return redirect(url_for('.add_product'))
185 186
186 parent = ptree 187 parent = ptree
187 if request.form['parent_branch']: 188 if request.form['parent_branch']:
188 parent = ptree.getBranch([int(p) for p in request.form['parent_branch'].split('/')]) 189 try: pbranch = ptree.getBranch([int(p) for p in request.form['parent_branch'].split('/')])
190 except (ValueError, IndexError): abort(404)
189 elif request.form['parent_relationship']: 191 elif request.form['parent_relationship']:
190 parent = ptree._relationships[int(request.form['parent_relationship'])] 192 parent = ptree._relationships[int(request.form['parent_relationship'])]
191 193
192 product = CVRFFullProductName(request.form['productid'], request.form['name'], parent, request.form['cpe'] or None) 194 product = CVRFFullProductName(request.form['productid'], request.form['name'], parent, request.form['cpe'] or None)
193 ptree.addProduct(product) 195 ptree.addProduct(product)
http://farol.wald.intevation.org