From 8ae05c135035a82307cff14c7377ec3f421aa7b5 Mon Sep 17 00:00:00 2001 From: Mouse Reeve Date: Tue, 10 Nov 2020 21:13:13 -0800 Subject: [PATCH 1/7] Use get_object_or_404 --- bookwyrm/view_actions.py | 32 +++++++------------------------- 1 file changed, 7 insertions(+), 25 deletions(-) diff --git a/bookwyrm/view_actions.py b/bookwyrm/view_actions.py index 0056dbae..3cfe638e 100644 --- a/bookwyrm/view_actions.py +++ b/bookwyrm/view_actions.py @@ -61,10 +61,7 @@ def register(request): if not invite_code: raise PermissionDenied - try: - invite = models.SiteInvite.objects.get(code=invite_code) - except models.SiteInvite.DoesNotExist: - raise PermissionDenied + invite = get_object_or_404(models.SiteInvite, code=invite_code) else: invite = None @@ -234,10 +231,7 @@ def edit_book(request, book_id): if not request.method == 'POST': return redirect('/book/%s' % book_id) - try: - book = models.Edition.objects.get(id=book_id) - except models.Edition.DoesNotExist: - return HttpResponseNotFound() + book = get_object_or_404(models.Edition, id=book_id) form = forms.EditionForm(request.POST, request.FILES, instance=book) if not form.is_valid(): @@ -251,14 +245,10 @@ def edit_book(request, book_id): @login_required def upload_cover(request, book_id): ''' upload a new cover ''' - # TODO: alternate covers? if not request.method == 'POST': return redirect('/book/%s' % request.user.localname) - try: - book = models.Edition.objects.get(id=book_id) - except models.Edition.DoesNotExist: - return HttpResponseNotFound() + book = get_object_or_404(models.Edition, id=book_id) form = forms.CoverForm(request.POST, request.FILES, instance=book) if not form.is_valid(): @@ -442,10 +432,8 @@ def edit_readthrough(request): @login_required def delete_readthrough(request): ''' remove a readthrough ''' - try: - readthrough = models.ReadThrough.objects.get(id=request.POST.get('id')) - except models.ReadThrough.DoesNotExist: - return HttpResponseNotFound() + readthrough = get_object_or_404( + models.ReadThrough, id=request.POST.get('id')) # don't let people edit other people's data if request.user != readthrough.user: @@ -506,10 +494,7 @@ def tag(request): # field which doesn't validate name = request.POST.get('name') book_id = request.POST.get('book') - try: - book = models.Edition.objects.get(id=book_id) - except models.Edition.DoesNotExist: - return HttpResponseNotFound() + book = get_object_or_404(models.Edition, id=book_id) tag_obj, created = models.Tag.objects.get_or_create( name=name, book=book, @@ -569,10 +554,7 @@ def delete_status(request): status_id = request.POST.get('status') if not status_id: return HttpResponseBadRequest() - try: - status = models.Status.objects.get(id=status_id) - except models.Status.DoesNotExist: - return HttpResponseBadRequest() + status = get_object_or_404(models.Status, id=status_id) # don't let people delete other people's statuses if status.user != request.user: From 7f9cc31040902aaed672e7b43f40e9835b90b173 Mon Sep 17 00:00:00 2001 From: Mouse Reeve Date: Tue, 10 Nov 2020 21:34:26 -0800 Subject: [PATCH 2/7] consistent style for urls --- bookwyrm/templates/book.html | 2 +- bookwyrm/templates/edit_book.html | 2 +- bookwyrm/templates/edit_user.html | 2 +- bookwyrm/templates/import.html | 4 ++-- bookwyrm/templates/manage_invites.html | 2 +- bookwyrm/templates/notifications.html | 2 +- bookwyrm/templates/search_results.html | 2 +- .../snippets/follow_request_buttons.html | 4 ++-- bookwyrm/urls.py | 18 +++++++++--------- bookwyrm/view_actions.py | 2 +- 10 files changed, 20 insertions(+), 20 deletions(-) diff --git a/bookwyrm/templates/book.html b/bookwyrm/templates/book.html index 503da72f..47b99483 100644 --- a/bookwyrm/templates/book.html +++ b/bookwyrm/templates/book.html @@ -28,7 +28,7 @@ {% if request.user.is_authenticated and not book.cover %}
-
+ {% csrf_token %}
diff --git a/bookwyrm/templates/edit_book.html b/bookwyrm/templates/edit_book.html index 082848af..bd89ac0a 100644 --- a/bookwyrm/templates/edit_book.html +++ b/bookwyrm/templates/edit_book.html @@ -20,7 +20,7 @@
- + {% csrf_token %}

Data sync diff --git a/bookwyrm/templates/edit_user.html b/bookwyrm/templates/edit_user.html index d50956c2..7e963b5b 100644 --- a/bookwyrm/templates/edit_user.html +++ b/bookwyrm/templates/edit_user.html @@ -6,7 +6,7 @@ {% if form.non_field_errors %}

{{ form.non_field_errors }}

{% endif %} - + {% csrf_token %}

diff --git a/bookwyrm/templates/import.html b/bookwyrm/templates/import.html index ee99a615..c3644812 100644 --- a/bookwyrm/templates/import.html +++ b/bookwyrm/templates/import.html @@ -3,7 +3,7 @@ {% block content %}

Import Books from GoodReads

- + {% csrf_token %}
{{ import_form.as_p }} @@ -31,7 +31,7 @@ {% endif %}
diff --git a/bookwyrm/templates/manage_invites.html b/bookwyrm/templates/manage_invites.html index 621aa624..14808490 100644 --- a/bookwyrm/templates/manage_invites.html +++ b/bookwyrm/templates/manage_invites.html @@ -27,7 +27,7 @@

Generate New Invite

- + {% csrf_token %}
diff --git a/bookwyrm/templates/notifications.html b/bookwyrm/templates/notifications.html index 124304a9..bc96f307 100644 --- a/bookwyrm/templates/notifications.html +++ b/bookwyrm/templates/notifications.html @@ -44,7 +44,7 @@ boosted your status {% endif %} {% else %} - your import completed. + your import completed. {% endif %}

diff --git a/bookwyrm/templates/search_results.html b/bookwyrm/templates/search_results.html index d35881f1..1f48ee86 100644 --- a/bookwyrm/templates/search_results.html +++ b/bookwyrm/templates/search_results.html @@ -47,7 +47,7 @@
    {% for result in result_set.results %}
  • - + {% csrf_token %}
    {% include 'snippets/search_result_text.html' with result=result link=False %}
    diff --git a/bookwyrm/templates/snippets/follow_request_buttons.html b/bookwyrm/templates/snippets/follow_request_buttons.html index 6e8453fd..e1b80631 100644 --- a/bookwyrm/templates/snippets/follow_request_buttons.html +++ b/bookwyrm/templates/snippets/follow_request_buttons.html @@ -1,11 +1,11 @@ {% load fr_display %} {% if request.user|follow_request_exists:user %} - + {% csrf_token %} -
    + {% csrf_token %} diff --git a/bookwyrm/urls.py b/bookwyrm/urls.py index 1627bb78..1f2f67d8 100644 --- a/bookwyrm/urls.py +++ b/bookwyrm/urls.py @@ -55,7 +55,7 @@ urlpatterns = [ re_path(r'^(?Phome|local|federated)/?$', views.home_tab), re_path(r'^notifications/?', views.notifications_page), re_path(r'import/?$', views.import_page), - re_path(r'import_status/(\d+)/?$', views.import_status), + re_path(r'import-status/(\d+)/?$', views.import_status), re_path(r'user-edit/?$', views.edit_profile_page), # should return a ui view or activitypub json blob as requested @@ -95,12 +95,12 @@ urlpatterns = [ re_path(r'^reset-password/?$', actions.password_reset), re_path(r'^change-password/?$', actions.password_change), - re_path(r'^edit_profile/?$', actions.edit_profile), + re_path(r'^edit-profile/?$', actions.edit_profile), - re_path(r'^import_data/?', actions.import_data), - re_path(r'^resolve_book/?', actions.resolve_book), - re_path(r'^edit_book/(?P\d+)/?', actions.edit_book), - re_path(r'^upload_cover/(?P\d+)/?', actions.upload_cover), + re_path(r'^import-data/?', actions.import_data), + re_path(r'^resolve-book/?', actions.resolve_book), + re_path(r'^edit-book/(?P\d+)/?', actions.edit_book), + re_path(r'^upload-cover/(?P\d+)/?', actions.upload_cover), re_path(r'^edit-readthrough/?', actions.edit_readthrough), re_path(r'^delete-readthrough/?', actions.delete_readthrough), @@ -130,11 +130,11 @@ urlpatterns = [ re_path(r'^follow/?$', actions.follow), re_path(r'^unfollow/?$', actions.unfollow), - re_path(r'^accept_follow_request/?$', actions.accept_follow_request), - re_path(r'^delete_follow_request/?$', actions.delete_follow_request), + re_path(r'^accept-follow-request/?$', actions.accept_follow_request), + re_path(r'^delete-follow-request/?$', actions.delete_follow_request), re_path(r'^clear-notifications/?$', actions.clear_notifications), - re_path(r'^create_invite/?$', actions.create_invite), + re_path(r'^create-invite/?$', actions.create_invite), ] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT) diff --git a/bookwyrm/view_actions.py b/bookwyrm/view_actions.py index 3cfe638e..49ea263e 100644 --- a/bookwyrm/view_actions.py +++ b/bookwyrm/view_actions.py @@ -665,7 +665,7 @@ def import_data(request): except (UnicodeDecodeError, ValueError): return HttpResponseBadRequest('Not a valid csv file') goodreads_import.start_import(job) - return redirect('/import_status/%d' % (job.id,)) + return redirect('/import-status/%d' % (job.id,)) return HttpResponseBadRequest() From 4297e8647df45bf39cb8116c43c809d728e5f281 Mon Sep 17 00:00:00 2001 From: Mouse Reeve Date: Tue, 10 Nov 2020 21:39:24 -0800 Subject: [PATCH 3/7] put status id in path for delete-status --- bookwyrm/templates/snippets/status_body.html | 3 +-- bookwyrm/view_actions.py | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/bookwyrm/templates/snippets/status_body.html b/bookwyrm/templates/snippets/status_body.html index 05e890b9..ca8200f1 100644 --- a/bookwyrm/templates/snippets/status_body.html +++ b/bookwyrm/templates/snippets/status_body.html @@ -82,9 +82,8 @@