ILB
/
sigi
mirror of https://github.com/interlegis/sigi.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Aprimoramento na segurança de views

whois_api
Sesostris Vieira 9 years ago
parent
3ef8e2ea29
commit
b72fadf931
5 changed files with 18 additions and 19 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 21
      sigi/apps/convenios/views.py
  2. 8
      sigi/apps/diagnosticos/views.py
  3. 1
      sigi/apps/eventos/views.py
  4. 1
      sigi/apps/ocorrencias/views.py
  5. 6
      sigi/apps/parlamentares/views.py

21
sigi/apps/convenios/views.py
View File

@ -15,6 +15,7 @@ from sigi.apps.casas.models import CasaLegislativa
from sigi.apps.contatos.models import UnidadeFederativa from sigi.apps.contatos.models import UnidadeFederativa
from sigi.apps.convenios.models import Convenio, Projeto from sigi.apps.convenios.models import Convenio, Projeto
from sigi.apps.convenios.reports import ConvenioPorCMReport, ConvenioPorALReport, ConvenioReportSemAceiteAL, ConvenioReportSemAceiteCM from sigi.apps.convenios.reports import ConvenioPorCMReport, ConvenioPorALReport, ConvenioReportSemAceiteAL, ConvenioReportSemAceiteCM
from django.contrib.auth.decorators import login_required
def query_ordena(qs, o, ot): def query_ordena(qs, o, ot):
@ -80,13 +81,13 @@ def adicionar_convenios_carrinho(request, queryset=None, id=None):
lista.append(id) lista.append(id)
request.session['carrinho_convenios'] = lista request.session['carrinho_convenios'] = lista
@login_required
def excluir_carrinho(request): def excluir_carrinho(request):
if 'carrinho_convenios' in request.session: if 'carrinho_convenios' in request.session:
del request.session['carrinho_convenios'] del request.session['carrinho_convenios']
return HttpResponseRedirect('.') return HttpResponseRedirect('.')
@login_required
def deleta_itens_carrinho(request): def deleta_itens_carrinho(request):
if request.method == 'POST': if request.method == 'POST':
ids_selecionados = request.POST.getlist('_selected_action') ids_selecionados = request.POST.getlist('_selected_action')
@ -102,7 +103,7 @@ def deleta_itens_carrinho(request):
return HttpResponseRedirect('.') return HttpResponseRedirect('.')
@login_required
def visualizar_carrinho(request): def visualizar_carrinho(request):
qs = carrinhoOrGet_for_qs(request) qs = carrinhoOrGet_for_qs(request)
@ -134,7 +135,7 @@ def visualizar_carrinho(request):
} }
) )
@login_required
def report(request, id=None): def report(request, id=None):
if id: if id:
@ -237,20 +238,14 @@ def casas_estado_to_tabela(casas, convenios, regiao):
"sumario": sumario, "sumario": sumario,
} }
@login_required
def report_regiao(request, regiao='NE'): def report_regiao(request, regiao='NE'):
if request.POST: if request.POST:
if 'regiao' in request.POST: if 'regiao' in request.POST:
regiao = request.POST['regiao'] regiao = request.POST['regiao']
REGIAO_CHOICES = { REGIAO_CHOICES = dict(UnidadeFederativa.REGIAO_CHOICES)
'SL': _(u'Sul'),
'SD': _(u'Sudeste'),
'CO': _(u'Centro-Oeste'),
'NE': _(u'Nordeste'),
'NO': _(u'Norte'),
}
projetos = Projeto.objects.all() projetos = Projeto.objects.all()
@ -284,7 +279,7 @@ def report_regiao(request, regiao='NE'):
return response return response
@login_required
def export_csv(request): def export_csv(request):
response = HttpResponse(content_type='text/csv') response = HttpResponse(content_type='text/csv')
response['Content-Disposition'] = 'attachment; filename=convenios.csv' response['Content-Disposition'] = 'attachment; filename=convenios.csv'

8
sigi/apps/diagnosticos/views.py
View File

@ -226,7 +226,7 @@ def categoria_contatos(request, id_diagnostico):
return render_to_response('diagnosticos/diagnosticos_categoria_contatos_form.html', return render_to_response('diagnosticos/diagnosticos_categoria_contatos_form.html',
context) context)
@login_required
def diagnostico_pdf(request, id_diagnostico): def diagnostico_pdf(request, id_diagnostico):
diagnostico = Diagnostico.objects.get(pk=id_diagnostico) diagnostico = Diagnostico.objects.get(pk=id_diagnostico)
categorias = Categoria.objects.all() categorias = Categoria.objects.all()
@ -267,7 +267,7 @@ def diagnostico_pdf(request, id_diagnostico):
return render_to_pdf('diagnosticos/diagnostico_pdf.html', context) return render_to_pdf('diagnosticos/diagnostico_pdf.html', context)
# return render_to_response('diagnosticos/diagnostico_pdf.html', context) # return render_to_response('diagnosticos/diagnostico_pdf.html', context)
@login_required
def graficos(request): def graficos(request):
categorias = Categoria.objects.all() categorias = Categoria.objects.all()
@ -289,7 +289,7 @@ def percentage(fraction, population):
except ValueError: except ValueError:
return '' return ''
@login_required
def grafico_api(request): def grafico_api(request):
colors = cycle(['#7cb5ec', colors = cycle(['#7cb5ec',
@ -333,7 +333,7 @@ def grafico_api(request):
jsonn = simplejson.dumps(list_perguntas, sort_keys=True, indent=4, separators=(',', ': ')) jsonn = simplejson.dumps(list_perguntas, sort_keys=True, indent=4, separators=(',', ': '))
return HttpResponse(jsonn, content_type="application/json") return HttpResponse(jsonn, content_type="application/json")
@login_required
def municipios_diagnosticados(self): def municipios_diagnosticados(self):
municipios = [] municipios = []

1
sigi/apps/eventos/views.py
View File

@ -116,6 +116,7 @@ def calendario(request):
return render(request, 'eventos/calendario.html', data) return render(request, 'eventos/calendario.html', data)
@login_required
def alocacao_equipe(request): def alocacao_equipe(request):
ano_pesquisa = int(request.GET.get('ano', datetime.date.today().year)) ano_pesquisa = int(request.GET.get('ano', datetime.date.today().year))
formato = request.GET.get('fmt', 'html') formato = request.GET.get('fmt', 'html')

1
sigi/apps/ocorrencias/views.py
View File

@ -76,6 +76,7 @@ def painel_ocorrencias(request):
return render(request, 'ocorrencias/painel.html', data) return render(request, 'ocorrencias/painel.html', data)
@login_required
def busca_nominal(request, origin="tudo"): def busca_nominal(request, origin="tudo"):
term = request.GET.get('term', None) term = request.GET.get('term', None)
if term is None: if term is None:

6
sigi/apps/parlamentares/views.py
View File

@ -15,6 +15,7 @@ from sigi.apps.parlamentares.models import Parlamentar
from sigi.apps.parlamentares.reports import ParlamentaresLabels from sigi.apps.parlamentares.reports import ParlamentaresLabels
from geraldo.generators import PDFGenerator from geraldo.generators import PDFGenerator
from django.contrib.auth.decorators import login_required
def adicionar_parlamentar_carrinho(request, queryset=None, id=None): def adicionar_parlamentar_carrinho(request, queryset=None, id=None):
@ -31,6 +32,7 @@ def adicionar_parlamentar_carrinho(request, queryset=None, id=None):
request.session['carrinho_parlamentar'] = lista request.session['carrinho_parlamentar'] = lista
@login_required
@csrf_protect @csrf_protect
def visualizar_carrinho(request): def visualizar_carrinho(request):
@ -104,7 +106,7 @@ def get_for_qs(get, qs):
qs = qs.filter(**kwargs) qs = qs.filter(**kwargs)
return qs return qs
@login_required
def deleta_itens_carrinho(request): def deleta_itens_carrinho(request):
""" """
Deleta itens selecionados do carrinho Deleta itens selecionados do carrinho
@ -123,7 +125,7 @@ def deleta_itens_carrinho(request):
return HttpResponseRedirect('.') return HttpResponseRedirect('.')
@login_required
def labels_report(request, id=None, formato='3x9_etiqueta'): def labels_report(request, id=None, formato='3x9_etiqueta'):
""" TODO: adicionar suporte para resultado de pesquisa do admin. """ TODO: adicionar suporte para resultado de pesquisa do admin.
""" """

Write Preview
Loading…
Cancel
Save