From 9fa71b7145cf705431a9199e33b2cba8c981d141 Mon Sep 17 00:00:00 2001
From: Eduardo Calil <dudusaid@gmail.com>
Date: Tue, 20 Jun 2017 13:57:31 -0300
Subject: [PATCH] Fix #1199 Libera iframe para as telas que precisam (#1204)

* Libera iframe para as telas que precisam

* Melhoria na logica de escolha dos templates
---
 sapl/comissoes/views.py     | 12 +++++++++
 sapl/materia/forms.py       |  2 +-
 sapl/materia/views.py       |  3 ++-
 sapl/parlamentares/views.py | 49 +++++++++++++++++++++++++++++++------
 4 files changed, 57 insertions(+), 9 deletions(-)

diff --git a/sapl/comissoes/views.py b/sapl/comissoes/views.py
index 88597fe01..56151d414 100644
--- a/sapl/comissoes/views.py
+++ b/sapl/comissoes/views.py
@@ -1,6 +1,7 @@
 
 from django.core.urlresolvers import reverse
 from django.db.models import F
+from django.views.decorators.clickjacking import xframe_options_exempt
 from django.views.generic import ListView
 
 from sapl.crud.base import RP_DETAIL, RP_LIST, Crud, CrudAux, MasterDetailCrud
@@ -84,6 +85,17 @@ class ComissaoCrud(Crud):
         list_field_names = ['nome', 'sigla', 'tipo', 'data_criacao', 'data_extincao', 'ativa']
         ordering = '-ativa', 'sigla'
 
+    class ListView(Crud.ListView):
+        @xframe_options_exempt
+        def get(self, request, *args, **kwargs):
+            return super().get(request, *args, **kwargs)
+
+    class DetailView(Crud.DetailView):
+        @xframe_options_exempt
+        def get(self, request, *args, **kwargs):
+            return super().get(request, *args, **kwargs)
+
+
 
 class MateriasTramitacaoListView(ListView):
     template_name = "comissoes/materias_em_tramitacao.html"
diff --git a/sapl/materia/forms.py b/sapl/materia/forms.py
index 468426a13..7934d95b5 100644
--- a/sapl/materia/forms.py
+++ b/sapl/materia/forms.py
@@ -1438,7 +1438,7 @@ class ConfirmarProposicaoForm(ProposicaoForm):
         protocolo.data = date.today()
         protocolo.hora = datetime.now().time()
 
-        # TODO transformar campo timestamp  em auto_now_add
+        # TODO transformar campo timestamp em auto_now_add
         protocolo.timestamp = datetime.now()
         protocolo.tipo_protocolo = '1'
 
diff --git a/sapl/materia/views.py b/sapl/materia/views.py
index 8f6d2394d..d9a9e1e91 100644
--- a/sapl/materia/views.py
+++ b/sapl/materia/views.py
@@ -7,7 +7,8 @@ from crispy_forms.layout import HTML
 from django.contrib import messages
 from django.contrib.auth.decorators import permission_required
 from django.contrib.auth.mixins import PermissionRequiredMixin
-from django.core.exceptions import ObjectDoesNotExist, MultipleObjectsReturned
+from django.core.exceptions import (ObjectDoesNotExist,
+                                    MultipleObjectsReturned)
 from django.core.urlresolvers import reverse
 from django.http import HttpResponse, JsonResponse
 from django.http.response import Http404, HttpResponseRedirect
diff --git a/sapl/parlamentares/views.py b/sapl/parlamentares/views.py
index 0a1d1ae9c..bec742c00 100644
--- a/sapl/parlamentares/views.py
+++ b/sapl/parlamentares/views.py
@@ -7,6 +7,7 @@ from django.http.response import HttpResponseRedirect
 from django.templatetags.static import static
 from django.utils.datastructures import MultiValueDictKeyError
 from django.utils.translation import ugettext_lazy as _
+from django.views.decorators.clickjacking import xframe_options_exempt
 from django.views.generic import FormView
 
 from sapl.comissoes.models import Participacao
@@ -278,6 +279,22 @@ class LegislaturaCrud(CrudAux):
     class UpdateView(CrudAux.UpdateView):
         form_class = LegislaturaUpdateForm
 
+    class DetailView(CrudAux.DetailView):
+        def has_permission(self):
+            return True
+
+        @xframe_options_exempt
+        def get(self, request, *args, **kwargs):
+            return super().get(request, *args, **kwargs)
+
+    class ListView(CrudAux.ListView):
+        def has_permission(self):
+            return True
+
+        @xframe_options_exempt
+        def get(self, request, *args, **kwargs):
+            return super().get(request, *args, **kwargs)
+
 
 class FiliacaoCrud(MasterDetailCrud):
     model = Filiacao
@@ -311,9 +328,18 @@ class ParlamentarCrud(Crud):
     class DetailView(Crud.DetailView):
 
         def get_template_names(self):
-            return ['crud/detail.html']\
-                if self.request.user.has_perm(self.permission(RP_CHANGE))\
-                else ['parlamentares/parlamentar_perfil_publico.html']
+            if self.request.user.has_perm(self.permission(RP_CHANGE)):
+                if 'iframe' not in self.request.GET:
+                    if not self.request.session.get('iframe'):
+                        return ['crud/detail.html']
+                elif self.request.GET['iframe'] == '0':
+                    return ['crud/detail.html']
+
+            return ['parlamentares/parlamentar_perfil_publico.html']
+
+        @xframe_options_exempt
+        def get(self, request, *args, **kwargs):
+            return super().get(request, *args, **kwargs)
 
     class UpdateView(Crud.UpdateView):
         form_class = ParlamentarForm
@@ -338,6 +364,10 @@ class ParlamentarCrud(Crud):
         template_name = "parlamentares/parlamentares_list.html"
         paginate_by = None
 
+        @xframe_options_exempt
+        def get(self, request, *args, **kwargs):
+            return super().get(request, *args, **kwargs)
+
         def take_legislatura_id(self):
             try:
                 return int(self.request.GET['pk'])
@@ -436,10 +466,14 @@ class MesaDiretoraView(FormView):
     success_url = reverse_lazy('sapl.parlamentares:mesa_diretora')
 
     def get_template_names(self):
-        return ['parlamentares/composicaomesa_form.html']\
-            if self.request.user.has_perm(
-                'parlamentares.change_composicaomesa')\
-            else ['parlamentares/public_composicaomesa_form.html']
+        if self.request.user.has_perm('parlamentares.change_composicaomesa'):
+            if 'iframe' not in self.request.GET:
+                if not self.request.session.get('iframe'):
+                    return 'parlamentares/composicaomesa_form.html'
+            elif self.request.GET['iframe'] == '0':
+                return 'parlamentares/composicaomesa_form.html'
+
+        return 'parlamentares/public_composicaomesa_form.html'
 
     # Essa função avisa quando se pode compor uma Mesa Legislativa
     def validation(self, request):
@@ -454,6 +488,7 @@ class MesaDiretoraView(FormView):
                 'legislatura_selecionada': Legislatura.objects.last(),
                 'cargos_vagos': CargoMesa.objects.all()})
 
+    @xframe_options_exempt
     def get(self, request, *args, **kwargs):
 
         if (not Legislatura.objects.exists() or