From b72fadf931a7ddff714bf7b0bf96c9b3553a9bce Mon Sep 17 00:00:00 2001 From: Sesostris Vieira Date: Tue, 5 Apr 2016 18:24:41 -0300 Subject: [PATCH] =?UTF-8?q?Aprimoramento=20na=20seguran=C3=A7a=20de=20view?= =?UTF-8?q?s?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sigi/apps/convenios/views.py | 21 ++++++++------------- sigi/apps/diagnosticos/views.py | 8 ++++---- sigi/apps/eventos/views.py | 1 + sigi/apps/ocorrencias/views.py | 1 + sigi/apps/parlamentares/views.py | 6 ++++-- 5 files changed, 18 insertions(+), 19 deletions(-) diff --git a/sigi/apps/convenios/views.py b/sigi/apps/convenios/views.py index 44418e9..733dc18 100644 --- a/sigi/apps/convenios/views.py +++ b/sigi/apps/convenios/views.py @@ -15,6 +15,7 @@ from sigi.apps.casas.models import CasaLegislativa from sigi.apps.contatos.models import UnidadeFederativa from sigi.apps.convenios.models import Convenio, Projeto from sigi.apps.convenios.reports import ConvenioPorCMReport, ConvenioPorALReport, ConvenioReportSemAceiteAL, ConvenioReportSemAceiteCM +from django.contrib.auth.decorators import login_required def query_ordena(qs, o, ot): @@ -80,13 +81,13 @@ def adicionar_convenios_carrinho(request, queryset=None, id=None): lista.append(id) request.session['carrinho_convenios'] = lista - +@login_required def excluir_carrinho(request): if 'carrinho_convenios' in request.session: del request.session['carrinho_convenios'] return HttpResponseRedirect('.') - +@login_required def deleta_itens_carrinho(request): if request.method == 'POST': ids_selecionados = request.POST.getlist('_selected_action') @@ -102,7 +103,7 @@ def deleta_itens_carrinho(request): return HttpResponseRedirect('.') - +@login_required def visualizar_carrinho(request): qs = carrinhoOrGet_for_qs(request) @@ -134,7 +135,7 @@ def visualizar_carrinho(request): } ) - +@login_required def report(request, id=None): if id: @@ -237,20 +238,14 @@ def casas_estado_to_tabela(casas, convenios, regiao): "sumario": sumario, } - +@login_required def report_regiao(request, regiao='NE'): if request.POST: if 'regiao' in request.POST: regiao = request.POST['regiao'] - REGIAO_CHOICES = { - 'SL': _(u'Sul'), - 'SD': _(u'Sudeste'), - 'CO': _(u'Centro-Oeste'), - 'NE': _(u'Nordeste'), - 'NO': _(u'Norte'), - } + REGIAO_CHOICES = dict(UnidadeFederativa.REGIAO_CHOICES) projetos = Projeto.objects.all() @@ -284,7 +279,7 @@ def report_regiao(request, regiao='NE'): return response - +@login_required def export_csv(request): response = HttpResponse(content_type='text/csv') response['Content-Disposition'] = 'attachment; filename=convenios.csv' diff --git a/sigi/apps/diagnosticos/views.py b/sigi/apps/diagnosticos/views.py index c6692fa..2807abe 100644 --- a/sigi/apps/diagnosticos/views.py +++ b/sigi/apps/diagnosticos/views.py @@ -226,7 +226,7 @@ def categoria_contatos(request, id_diagnostico): return render_to_response('diagnosticos/diagnosticos_categoria_contatos_form.html', context) - +@login_required def diagnostico_pdf(request, id_diagnostico): diagnostico = Diagnostico.objects.get(pk=id_diagnostico) categorias = Categoria.objects.all() @@ -267,7 +267,7 @@ def diagnostico_pdf(request, id_diagnostico): return render_to_pdf('diagnosticos/diagnostico_pdf.html', context) # return render_to_response('diagnosticos/diagnostico_pdf.html', context) - +@login_required def graficos(request): categorias = Categoria.objects.all() @@ -289,7 +289,7 @@ def percentage(fraction, population): except ValueError: return '' - +@login_required def grafico_api(request): colors = cycle(['#7cb5ec', @@ -333,7 +333,7 @@ def grafico_api(request): jsonn = simplejson.dumps(list_perguntas, sort_keys=True, indent=4, separators=(',', ': ')) return HttpResponse(jsonn, content_type="application/json") - +@login_required def municipios_diagnosticados(self): municipios = [] diff --git a/sigi/apps/eventos/views.py b/sigi/apps/eventos/views.py index 2278aa0..e6ab84b 100644 --- a/sigi/apps/eventos/views.py +++ b/sigi/apps/eventos/views.py @@ -116,6 +116,7 @@ def calendario(request): return render(request, 'eventos/calendario.html', data) +@login_required def alocacao_equipe(request): ano_pesquisa = int(request.GET.get('ano', datetime.date.today().year)) formato = request.GET.get('fmt', 'html') diff --git a/sigi/apps/ocorrencias/views.py b/sigi/apps/ocorrencias/views.py index e1ba206..bc9f168 100644 --- a/sigi/apps/ocorrencias/views.py +++ b/sigi/apps/ocorrencias/views.py @@ -76,6 +76,7 @@ def painel_ocorrencias(request): return render(request, 'ocorrencias/painel.html', data) +@login_required def busca_nominal(request, origin="tudo"): term = request.GET.get('term', None) if term is None: diff --git a/sigi/apps/parlamentares/views.py b/sigi/apps/parlamentares/views.py index 82fef26..33d66e4 100644 --- a/sigi/apps/parlamentares/views.py +++ b/sigi/apps/parlamentares/views.py @@ -15,6 +15,7 @@ from sigi.apps.parlamentares.models import Parlamentar from sigi.apps.parlamentares.reports import ParlamentaresLabels from geraldo.generators import PDFGenerator +from django.contrib.auth.decorators import login_required def adicionar_parlamentar_carrinho(request, queryset=None, id=None): @@ -31,6 +32,7 @@ def adicionar_parlamentar_carrinho(request, queryset=None, id=None): request.session['carrinho_parlamentar'] = lista +@login_required @csrf_protect def visualizar_carrinho(request): @@ -104,7 +106,7 @@ def get_for_qs(get, qs): qs = qs.filter(**kwargs) return qs - +@login_required def deleta_itens_carrinho(request): """ Deleta itens selecionados do carrinho @@ -123,7 +125,7 @@ def deleta_itens_carrinho(request): return HttpResponseRedirect('.') - +@login_required def labels_report(request, id=None, formato='3x9_etiqueta'): """ TODO: adicionar suporte para resultado de pesquisa do admin. """