Commits

Apostolis Bessas committed 620150c

Decorate all foxlotte ajax views with csrf_exempt.

Comments (0)

Files changed (1)

commonpool/addons/foxlotte/views.py

 from django.db.models import Count, Q
 from django.db.models.aggregates import Count
 from django.db.models.loading import get_model
-from django.http import (HttpResponseRedirect, HttpResponse, Http404, 
+from django.http import (HttpResponseRedirect, HttpResponse, Http404,
                          HttpResponseForbidden, HttpResponseBadRequest)
 from django.shortcuts import render_to_response, get_object_or_404
 from django.template import RequestContext
 
     resources = []
     if resource_slug:
-        resource_list = [get_object_or_404(Resource, slug=resource_slug, 
+        resource_list = [get_object_or_404(Resource, slug=resource_slug,
             project=project)]
     else:
         resource_list = Resource.objects.filter(project=project)
 
     target_language = Language.objects.by_code_or_alias_or_404(lang_code)
 
-    # If it is an attempt to edit the source language, redirect the user to 
+    # If it is an attempt to edit the source language, redirect the user to
     # resource_detail and show him a message explaining the reason.
     if target_language == resources[0].source_language:
         request.user.message_set.create(
     return HttpResponseRedirect(url)
 
 
-# Restrict access only for private projects 
+# Restrict access only for private projects
 # Allow even anonymous access on public projects
 @one_perm_required_or_403(pr_project_private_perm,
     (Project, 'slug__exact', 'project_slug'), anonymous_access=True)
 
 # Restrict access only for private projects since this is used to fetch stuff!
 # Allow even anonymous access on public projects
+@csrf_exempt
 @one_perm_required_or_403(pr_project_private_perm,
     (Project, 'slug__exact', 'project_slug'), anonymous_access=True)
-@csrf_exempt
 def stringset_handling(request, project_slug, lang_code, resource_slug=None,
                      *args, **kwargs):
     """
                 s.id,
                 # 2. SourceEntity object's "string" content
                 s.source_entity.string,
-                # 3. Get all the necessary source strings, including plurals and 
+                # 3. Get all the necessary source strings, including plurals and
                 # similar langs, all in a dictionary (see also below)
                 _get_source_strings(s, source_language, lang_code, more_languages),
-                # 4. Get all the Translation strings mapped with plural rules 
+                # 4. Get all the Translation strings mapped with plural rules
                 # in a single dictionary (see docstring of function)
                 _get_strings(translated_strings, lang_code, s.source_entity),
                 # 5. A number which indicates the number of Suggestion objects
 def _get_source_strings(source_string, source_language, lang_code, more_languages):
     """
     Get all the necessary source strings, including plurals and similar langs.
-    
+
     Returns a dictionary with the keys:
     'source_strings' : {"one":<string>, "two":<string>, ... , "other":<string>}
-    'similar_lang_strings' : 
+    'similar_lang_strings' :
         {"lang1": {"one":<string>, ... , "other":<string>},
          "lang2": {"one":<string>, "two":<string>, ... , "other":<string>}}
     """
     source_strings = { "other":source_string.string }
     # List that will contain all the similar translations
     similar_lang_strings = {}
-    
+
     if source_entity.pluralized:
         # These are the remaining plural forms of the source string.
         plural_strings = Translation.objects.filter(
 def _get_strings(query, target_lang_code, source_entity):
     """
     Helper function for returning all the Translation strings or an empty dict.
-    
+
     Used in the list concatenation above to preserve code sanity.
     Returns a dictionary in the following form:
     {"zero":<string>, "one":<string>, ... , "other":<string>},
-    where the 'zero', 'one', ... are the plural names of the corresponding 
+    where the 'zero', 'one', ... are the plural names of the corresponding
     plural forms.
     """
     # It includes the plural translations, too!
 # 3)global submitters (perms given through access control tab)
 # 4)superusers
 # CAUTION!!! WE RETURN 404 instead of 403 for security reasons
+@csrf_exempt
 @login_required
 def push_translation(request, project_slug, lang_code, *args, **kwargs):
     """
     except Language.DoesNotExist:
         raise Http404
 
-    # This dictionary will hold the results of the save operation and will map 
-    # status code for each translation pushed, to indicate the result on each 
+    # This dictionary will hold the results of the save operation and will map
+    # status code for each translation pushed, to indicate the result on each
     # translation push separately.
     push_response_dict = {}
 
                  'message':_("The resource of this source string is not "
                     "accepting translations.") }
 
-        # If the translated source string is pluralized check that all the 
+        # If the translated source string is pluralized check that all the
         # source language supported rules have been filled in, else return error
         # and donot save the translations.
         if source_string.source_entity.pluralized:
         })
 
 # Override views
+@csrf_exempt
 @one_perm_required_or_403(pr_project_private_perm,
     (Project, 'slug__exact', 'project_slug'), anonymous_access=True)
 def get_overrides_list(request, project_slug=None, resource_slug=None,
     return HttpResponse(json, mimetype='application/json')
 
 
+@csrf_exempt
 @login_required
 def push_override(request, project_slug, resource_slug, lang_code):
     """
                 source_entity__resource__project = project )
             occ = all_jetpack_occ[0]
         except IndexError:
-            # This means that we didn't find any occurrence belonging to the 
+            # This means that we didn't find any occurrence belonging to the
             # Jetpack we want to globally override!
             return HttpResponseBadRequest()
         if not string:
 
     return HttpResponse(status=200)
 
+@csrf_exempt
 @login_required
 def delete_override(request, project_slug, lang_code, override_id):
     """
 # Restrict access only to :
 # 1)project maintainers
 # 2)superusers
+@csrf_exempt
 @one_perm_required_or_403(pr_resource_translations_delete,
                           (Project, "slug__exact", "project_slug"))
 def delete_translation(request, project_slug=None, resource_slug=None,