Browse Source

Aprimoramento na segurança de views

whois_api
Sesostris Vieira 9 years ago
parent
commit
b72fadf931
  1. 21
      sigi/apps/convenios/views.py
  2. 8
      sigi/apps/diagnosticos/views.py
  3. 1
      sigi/apps/eventos/views.py
  4. 1
      sigi/apps/ocorrencias/views.py
  5. 6
      sigi/apps/parlamentares/views.py

21
sigi/apps/convenios/views.py

@ -15,6 +15,7 @@ from sigi.apps.casas.models import CasaLegislativa
from sigi.apps.contatos.models import UnidadeFederativa
from sigi.apps.convenios.models import Convenio, Projeto
from sigi.apps.convenios.reports import ConvenioPorCMReport, ConvenioPorALReport, ConvenioReportSemAceiteAL, ConvenioReportSemAceiteCM
from django.contrib.auth.decorators import login_required
def query_ordena(qs, o, ot):
@ -80,13 +81,13 @@ def adicionar_convenios_carrinho(request, queryset=None, id=None):
lista.append(id)
request.session['carrinho_convenios'] = lista
@login_required
def excluir_carrinho(request):
if 'carrinho_convenios' in request.session:
del request.session['carrinho_convenios']
return HttpResponseRedirect('.')
@login_required
def deleta_itens_carrinho(request):
if request.method == 'POST':
ids_selecionados = request.POST.getlist('_selected_action')
@ -102,7 +103,7 @@ def deleta_itens_carrinho(request):
return HttpResponseRedirect('.')
@login_required
def visualizar_carrinho(request):
qs = carrinhoOrGet_for_qs(request)
@ -134,7 +135,7 @@ def visualizar_carrinho(request):
}
)
@login_required
def report(request, id=None):
if id:
@ -237,20 +238,14 @@ def casas_estado_to_tabela(casas, convenios, regiao):
"sumario": sumario,
}
@login_required
def report_regiao(request, regiao='NE'):
if request.POST:
if 'regiao' in request.POST:
regiao = request.POST['regiao']
REGIAO_CHOICES = {
'SL': _(u'Sul'),
'SD': _(u'Sudeste'),
'CO': _(u'Centro-Oeste'),
'NE': _(u'Nordeste'),
'NO': _(u'Norte'),
}
REGIAO_CHOICES = dict(UnidadeFederativa.REGIAO_CHOICES)
projetos = Projeto.objects.all()
@ -284,7 +279,7 @@ def report_regiao(request, regiao='NE'):
return response
@login_required
def export_csv(request):
response = HttpResponse(content_type='text/csv')
response['Content-Disposition'] = 'attachment; filename=convenios.csv'

8
sigi/apps/diagnosticos/views.py

@ -226,7 +226,7 @@ def categoria_contatos(request, id_diagnostico):
return render_to_response('diagnosticos/diagnosticos_categoria_contatos_form.html',
context)
@login_required
def diagnostico_pdf(request, id_diagnostico):
diagnostico = Diagnostico.objects.get(pk=id_diagnostico)
categorias = Categoria.objects.all()
@ -267,7 +267,7 @@ def diagnostico_pdf(request, id_diagnostico):
return render_to_pdf('diagnosticos/diagnostico_pdf.html', context)
# return render_to_response('diagnosticos/diagnostico_pdf.html', context)
@login_required
def graficos(request):
categorias = Categoria.objects.all()
@ -289,7 +289,7 @@ def percentage(fraction, population):
except ValueError:
return ''
@login_required
def grafico_api(request):
colors = cycle(['#7cb5ec',
@ -333,7 +333,7 @@ def grafico_api(request):
jsonn = simplejson.dumps(list_perguntas, sort_keys=True, indent=4, separators=(',', ': '))
return HttpResponse(jsonn, content_type="application/json")
@login_required
def municipios_diagnosticados(self):
municipios = []

1
sigi/apps/eventos/views.py

@ -116,6 +116,7 @@ def calendario(request):
return render(request, 'eventos/calendario.html', data)
@login_required
def alocacao_equipe(request):
ano_pesquisa = int(request.GET.get('ano', datetime.date.today().year))
formato = request.GET.get('fmt', 'html')

1
sigi/apps/ocorrencias/views.py

@ -76,6 +76,7 @@ def painel_ocorrencias(request):
return render(request, 'ocorrencias/painel.html', data)
@login_required
def busca_nominal(request, origin="tudo"):
term = request.GET.get('term', None)
if term is None:

6
sigi/apps/parlamentares/views.py

@ -15,6 +15,7 @@ from sigi.apps.parlamentares.models import Parlamentar
from sigi.apps.parlamentares.reports import ParlamentaresLabels
from geraldo.generators import PDFGenerator
from django.contrib.auth.decorators import login_required
def adicionar_parlamentar_carrinho(request, queryset=None, id=None):
@ -31,6 +32,7 @@ def adicionar_parlamentar_carrinho(request, queryset=None, id=None):
request.session['carrinho_parlamentar'] = lista
@login_required
@csrf_protect
def visualizar_carrinho(request):
@ -104,7 +106,7 @@ def get_for_qs(get, qs):
qs = qs.filter(**kwargs)
return qs
@login_required
def deleta_itens_carrinho(request):
"""
Deleta itens selecionados do carrinho
@ -123,7 +125,7 @@ def deleta_itens_carrinho(request):
return HttpResponseRedirect('.')
@login_required
def labels_report(request, id=None, formato='3x9_etiqueta'):
""" TODO: adicionar suporte para resultado de pesquisa do admin.
"""

Loading…
Cancel
Save