Skip to content
This repository has been archived by the owner on Feb 1, 2019. It is now read-only.

Do not leak admin urls #32

Open
wants to merge 13 commits into
base: master
Choose a base branch
from
121 changes: 121 additions & 0 deletions aldryn_locations/migrations/0006_fix_broken_routelocation_plugin.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
# Generated by Django 2.2.9 on 2020-06-23 18:56
import django.db.models.deletion
from cms import api
from cms.models import CMSPlugin
from cms.models import Placeholder
from django.db import migrations
from django.db import models


def transfer_route_location_plugin_data(apps, schema_editor):

RouteLocationPluginTemp = apps.get_model('aldryn_locations', 'RouteLocationPluginTemp')

for temp_plugin in RouteLocationPluginTemp.objects.all():
old_plugin = CMSPlugin.objects.get(pk=temp_plugin.pk)
placeholder_with_old_plugin = Placeholder.objects.get(pk=old_plugin.placeholder.pk)
page_with_old_plugin = placeholder_with_old_plugin.page

if _is_page_published(page_with_old_plugin):
draft_page = page_with_old_plugin.get_draft_object()
draft_placeholder = draft_page.placeholders.get(slot=placeholder_with_old_plugin.slot)
draft_plugins = draft_placeholder.get_plugins()
draft_parent_map_plugins = list(
filter(
lambda x: (
x.get_bound_plugin().plugin_type == old_plugin.parent.get_bound_plugin().plugin_type and
x.get_bound_plugin().title == old_plugin.parent.get_bound_plugin().title and
_is_numchild_value_broken(x)
),
draft_plugins
)
)

if draft_parent_map_plugins:
# For now we'll take the first available MapPlugin in the placeholder
draft_parent_map_plugin = draft_parent_map_plugins[0]

# Fix the broken numchild field's value
draft_parent_map_plugin.numchild = draft_parent_map_plugin.get_children().count()
draft_parent_map_plugin.save()

api.add_plugin(
placeholder=draft_placeholder,
language=temp_plugin.language,
target=draft_parent_map_plugin,
address=temp_plugin.address,
zipcode=temp_plugin.zipcode,
city=temp_plugin.city,
content=temp_plugin.content,
depth=temp_plugin.depth,
plugin_type=temp_plugin.plugin_type,
creation_date=temp_plugin.creation_date,
changed_date=temp_plugin.changed_date,
lat=temp_plugin.lat,
lng=temp_plugin.lng,
)
else:
print(
"Failed to find the needed Map plugin on the Draft version of Page. "
"Most probably it doesn't exist anymore."
)

api.add_plugin(
placeholder=placeholder_with_old_plugin,
language=temp_plugin.language,
target=old_plugin.parent,
address=temp_plugin.address,
zipcode=temp_plugin.zipcode,
city=temp_plugin.city,
content=temp_plugin.content,
depth=temp_plugin.depth,
plugin_type=temp_plugin.plugin_type,
creation_date=temp_plugin.creation_date,
changed_date=temp_plugin.changed_date,
lat=temp_plugin.lat,
lng=temp_plugin.lng,
)


def _is_numchild_value_broken(plugin):
# The 'numchild' value of broken plugins is greater than actual count of child plugins
return plugin.numchild > plugin.get_children().count()


def _is_page_published(page):
return not page.publisher_is_draft


class Migration(migrations.Migration):

dependencies = [
('cms', '0022_auto_20180620_1551'),
('aldryn_locations', '0005_auto_20180507_1427'),
]

operations = [
migrations.RenameModel(
old_name='RouteLocationPlugin',
new_name='RouteLocationPluginTemp',
),
migrations.CreateModel(
name='RouteLocationPlugin',
fields=[
('cmsplugin_ptr', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, related_name='aldryn_locations_routelocationplugin', serialize=False, to='cms.CMSPlugin')),
('address', models.CharField(max_length=255, verbose_name='address')),
('zipcode', models.CharField(max_length=30, verbose_name='zip code')),
('city', models.CharField(max_length=255, verbose_name='city')),
('content', models.CharField(blank=True, help_text='Displayed in a info window above location marker', max_length=255, verbose_name='Content')),
('lat', models.FloatField(blank=True, help_text='Use latitude & longitude to fine tune the map position.', null=True, verbose_name='latitude')),
('lng', models.FloatField(blank=True, null=True, verbose_name='longitude')),
],
options={
'abstract': False,
},
bases=('cms.cmsplugin',),
),
migrations.RunPython(transfer_route_location_plugin_data),
migrations.DeleteModel(
name='RouteLocationPluginTemp',
),
]
60 changes: 58 additions & 2 deletions aldryn_locations/models.py
Original file line number Diff line number Diff line change
@@ -144,7 +144,7 @@ def clean_size(size):

lat_lng = location.get_lat_lng()
location = (
','.join(lat_lng) if lat_lng else
','.join(map(str, lat_lng)) if lat_lng else
' '.join((location.address, location.zipcode, location.city))
)
query += '&markers={}'.format(urlencode(location))
@@ -219,9 +219,65 @@ def get_location_data_for_map(self):
}


class RouteLocationPlugin(LocationPlugin):
class RouteLocationPlugin(CMSPlugin):
route_planner = True

cmsplugin_ptr = models.OneToOneField(
CMSPlugin,
related_name='%(app_label)s_%(class)s',
parent_link=True,
on_delete=models.CASCADE,
)

address = models.CharField(_("address"), max_length=255)
zipcode = models.CharField(_("zip code"), max_length=30)
city = models.CharField(_("city"), max_length=255)

content = models.CharField(
_('Content'), max_length=255, blank=True,
help_text=_('Displayed in a info window above location marker')
)

lat = models.FloatField(
_('latitude'), null=True, blank=True,
help_text=_('Use latitude & longitude to fine tune the map position.'))

lng = models.FloatField(
_('longitude'), null=True, blank=True)

def __str__(self):
return u'%s, %s %s' % (self.address, self.zipcode, self.city)

def get_content(self):
if not self.content:
return None

fmt = MARKER_CONTENT_FORMAT

if not fmt:
return self.content

return fmt.format(
content=self.content,
address=self.address,
zipcode=self.zipcode,
city=self.city,
lat=self.lat,
lng=self.lng,
)

def get_lat_lng(self):
if self.lat and self.lng:
return self.lat, self.lng

def get_location_data_for_map(self):
return {
'address': u'{}, {} {}'.format(self.address, self.zipcode, self.city),
'latlng': self.get_lat_lng(),
'content': self.get_content(),
'admin': reverse('admin:cms_page_edit_plugin', args=[self.pk]),
}


class PathLocationPlugin(CMSPlugin):
route_planner = False