Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
gargantext
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
humanities
gargantext
Commits
cd79cf64
Commit
cd79cf64
authored
Oct 05, 2016
by
delanoe
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[SECURITY FIX] BUG 31
parent
2c722270
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
15 additions
and
8 deletions
+15
-8
PUBMED.py
gargantext/util/crawlers/PUBMED.py
+1
-1
projects.py
gargantext/views/pages/projects.py
+5
-4
views.py
graph/views.py
+7
-1
cern.py
moissonneurs/cern.py
+1
-1
pubmed.py
moissonneurs/pubmed.py
+1
-1
No files found.
gargantext/util/crawlers/PUBMED.py
View file @
cd79cf64
...
@@ -251,7 +251,7 @@ def save( request , project_id ) :
...
@@ -251,7 +251,7 @@ def save( request , project_id ) :
user
=
cache
.
User
[
request
.
user
.
id
]
user
=
cache
.
User
[
request
.
user
.
id
]
if
not
user
.
owns
(
project
):
if
not
user
.
owns
(
project
):
r
aise
HttpResponseForbidden
()
r
eturn
HttpResponseForbidden
()
if
request
.
method
==
"POST"
:
if
request
.
method
==
"POST"
:
...
...
gargantext/views/pages/projects.py
View file @
cd79cf64
...
@@ -86,15 +86,16 @@ class NewCorpusForm(forms.Form):
...
@@ -86,15 +86,16 @@ class NewCorpusForm(forms.Form):
@
requires_auth
@
requires_auth
def
project
(
request
,
project_id
):
def
project
(
request
,
project_id
):
# current user
user
=
cache
.
User
[
request
.
user
.
id
]
#
viewed project
#
security check
project
=
session
.
query
(
Node
)
.
filter
(
Node
.
id
==
project_id
)
.
first
()
project
=
session
.
query
(
Node
)
.
filter
(
Node
.
id
==
project_id
)
.
first
()
user
=
cache
.
User
[
request
.
user
.
id
]
if
project
is
None
:
if
project
is
None
:
raise
Http404
()
raise
Http404
()
if
not
user
.
owns
(
project
):
if
not
user
.
owns
(
project
):
raise
HttpResponseForbidden
()
return
HttpResponseForbidden
()
# end of security check
# new corpus
# new corpus
if
request
.
method
==
'POST'
:
if
request
.
method
==
'POST'
:
...
...
graph/views.py
View file @
cd79cf64
...
@@ -7,7 +7,6 @@ from gargantext.settings import *
...
@@ -7,7 +7,6 @@ from gargantext.settings import *
from
datetime
import
datetime
from
datetime
import
datetime
@
requires_auth
@
requires_auth
def
explorer
(
request
,
project_id
,
corpus_id
):
def
explorer
(
request
,
project_id
,
corpus_id
):
'''
'''
...
@@ -20,6 +19,13 @@ def explorer(request, project_id, corpus_id):
...
@@ -20,6 +19,13 @@ def explorer(request, project_id, corpus_id):
# we pass our corpus
# we pass our corpus
corpus
=
cache
.
Node
[
corpus_id
]
corpus
=
cache
.
Node
[
corpus_id
]
# security check
user
=
cache
.
User
[
request
.
user
.
id
]
if
corpus
is
None
:
raise
Http404
()
if
not
user
.
owns
(
corpus
):
return
HttpResponseForbidden
()
# get the maplist_id for modifications
# get the maplist_id for modifications
maplist_id
=
corpus
.
children
(
typename
=
"MAPLIST"
)
.
first
()
.
id
maplist_id
=
corpus
.
children
(
typename
=
"MAPLIST"
)
.
first
()
.
id
...
...
moissonneurs/cern.py
View file @
cd79cf64
...
@@ -58,7 +58,7 @@ def save(request, project_id):
...
@@ -58,7 +58,7 @@ def save(request, project_id):
raise
Http404
()
raise
Http404
()
user
=
cache
.
User
[
request
.
user
.
id
]
user
=
cache
.
User
[
request
.
user
.
id
]
if
not
user
.
owns
(
project
):
if
not
user
.
owns
(
project
):
r
aise
HttpResponseForbidden
()
r
eturn
HttpResponseForbidden
()
# corpus node instanciation as a Django model
# corpus node instanciation as a Django model
corpus
=
Node
(
corpus
=
Node
(
...
...
moissonneurs/pubmed.py
View file @
cd79cf64
...
@@ -86,7 +86,7 @@ def save( request , project_id ) :
...
@@ -86,7 +86,7 @@ def save( request , project_id ) :
user
=
cache
.
User
[
request
.
user
.
id
]
user
=
cache
.
User
[
request
.
user
.
id
]
if
not
user
.
owns
(
project
):
if
not
user
.
owns
(
project
):
r
aise
HttpResponseForbidden
()
r
eturn
HttpResponseForbidden
()
if
request
.
method
==
"POST"
:
if
request
.
method
==
"POST"
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
