From 2a707f4c3e52d979c8e77ac985bc99f80b4f606e Mon Sep 17 00:00:00 2001 From: Eduardo Calil Date: Mon, 19 Jun 2017 15:04:48 -0300 Subject: [PATCH] Libera iframe para as telas que precisam --- sapl/comissoes/views.py | 12 ++++++++++++ sapl/materia/forms.py | 2 +- sapl/materia/views.py | 3 ++- sapl/parlamentares/views.py | 32 ++++++++++++++++++++++++++++++-- 4 files changed, 45 insertions(+), 4 deletions(-) diff --git a/sapl/comissoes/views.py b/sapl/comissoes/views.py index 0b80245c5..c472249bf 100644 --- a/sapl/comissoes/views.py +++ b/sapl/comissoes/views.py @@ -1,6 +1,7 @@ from django.core.urlresolvers import reverse from django.db.models import F +from django.views.decorators.clickjacking import xframe_options_exempt from django.views.generic import ListView from sapl.crud.base import RP_DETAIL, RP_LIST, Crud, CrudAux, MasterDetailCrud @@ -84,6 +85,17 @@ class ComissaoCrud(Crud): list_field_names = ['nome', 'sigla', 'tipo', 'data_criacao', 'ativa'] ordering = '-ativa', 'sigla' + class ListView(Crud.ListView): + @xframe_options_exempt + def get(self, request, *args, **kwargs): + return super().get(request, *args, **kwargs) + + class DetailView(Crud.DetailView): + @xframe_options_exempt + def get(self, request, *args, **kwargs): + return super().get(request, *args, **kwargs) + + class MateriasTramitacaoListView(ListView): template_name = "comissoes/materias_em_tramitacao.html" diff --git a/sapl/materia/forms.py b/sapl/materia/forms.py index aac86c019..5626a3e88 100644 --- a/sapl/materia/forms.py +++ b/sapl/materia/forms.py @@ -1402,7 +1402,7 @@ class ConfirmarProposicaoForm(ProposicaoForm): protocolo.data = date.today() protocolo.hora = datetime.now().time() - # TODO transformar campo timestamp em auto_now_add + # TODO transformar campo timestamp em auto_now_add protocolo.timestamp = datetime.now() protocolo.tipo_protocolo = '1' diff --git a/sapl/materia/views.py b/sapl/materia/views.py index 8f6d2394d..d9a9e1e91 100644 --- a/sapl/materia/views.py +++ b/sapl/materia/views.py @@ -7,7 +7,8 @@ from crispy_forms.layout import HTML from django.contrib import messages from django.contrib.auth.decorators import permission_required from django.contrib.auth.mixins import PermissionRequiredMixin -from django.core.exceptions import ObjectDoesNotExist, MultipleObjectsReturned +from django.core.exceptions import (ObjectDoesNotExist, + MultipleObjectsReturned) from django.core.urlresolvers import reverse from django.http import HttpResponse, JsonResponse from django.http.response import Http404, HttpResponseRedirect diff --git a/sapl/parlamentares/views.py b/sapl/parlamentares/views.py index 0a1d1ae9c..a4aa223e7 100644 --- a/sapl/parlamentares/views.py +++ b/sapl/parlamentares/views.py @@ -7,6 +7,7 @@ from django.http.response import HttpResponseRedirect from django.templatetags.static import static from django.utils.datastructures import MultiValueDictKeyError from django.utils.translation import ugettext_lazy as _ +from django.views.decorators.clickjacking import xframe_options_exempt from django.views.generic import FormView from sapl.comissoes.models import Participacao @@ -278,6 +279,22 @@ class LegislaturaCrud(CrudAux): class UpdateView(CrudAux.UpdateView): form_class = LegislaturaUpdateForm + class DetailView(CrudAux.DetailView): + def has_permission(self): + return True + + @xframe_options_exempt + def get(self, request, *args, **kwargs): + return super().get(request, *args, **kwargs) + + class ListView(CrudAux.ListView): + def has_permission(self): + return True + + @xframe_options_exempt + def get(self, request, *args, **kwargs): + return super().get(request, *args, **kwargs) + class FiliacaoCrud(MasterDetailCrud): model = Filiacao @@ -312,9 +329,14 @@ class ParlamentarCrud(Crud): def get_template_names(self): return ['crud/detail.html']\ - if self.request.user.has_perm(self.permission(RP_CHANGE))\ + if self.request.user.has_perm(self.permission(RP_CHANGE)) and\ + 'iframe' not in self.request.GET\ else ['parlamentares/parlamentar_perfil_publico.html'] + @xframe_options_exempt + def get(self, request, *args, **kwargs): + return super().get(request, *args, **kwargs) + class UpdateView(Crud.UpdateView): form_class = ParlamentarForm @@ -338,6 +360,10 @@ class ParlamentarCrud(Crud): template_name = "parlamentares/parlamentares_list.html" paginate_by = None + @xframe_options_exempt + def get(self, request, *args, **kwargs): + return super().get(request, *args, **kwargs) + def take_legislatura_id(self): try: return int(self.request.GET['pk']) @@ -438,7 +464,8 @@ class MesaDiretoraView(FormView): def get_template_names(self): return ['parlamentares/composicaomesa_form.html']\ if self.request.user.has_perm( - 'parlamentares.change_composicaomesa')\ + 'parlamentares.change_composicaomesa') and\ + 'iframe' not in self.request.GET\ else ['parlamentares/public_composicaomesa_form.html'] # Essa função avisa quando se pode compor uma Mesa Legislativa @@ -454,6 +481,7 @@ class MesaDiretoraView(FormView): 'legislatura_selecionada': Legislatura.objects.last(), 'cargos_vagos': CargoMesa.objects.all()}) + @xframe_options_exempt def get(self, request, *args, **kwargs): if (not Legislatura.objects.exists() or