admin: check object type on import (#5651)
This commit is contained in:
parent
b88c4c6552
commit
5bbb7b6b2d
|
@ -36,7 +36,7 @@ from qommon import tokens
|
|||
from qommon.afterjobs import AfterJob
|
||||
from qommon import emails
|
||||
|
||||
from wcs.formdef import FormDef
|
||||
from wcs.formdef import FormDef, FormdefImportError
|
||||
from wcs.categories import Category
|
||||
from wcs.roles import Role, logged_users_role, get_user_roles
|
||||
from wcs.workflows import Workflow
|
||||
|
@ -768,13 +768,24 @@ class FormDefPage(Directory):
|
|||
form.set_error('file', _('You have to enter a file or a URL.'))
|
||||
raise ValueError()
|
||||
|
||||
error, reason = False, None
|
||||
try:
|
||||
new_formdef = FormDef.import_from_xml(fp, include_id=True)
|
||||
except FormdefImportError, e:
|
||||
error = True
|
||||
reason = _(e)
|
||||
except ValueError:
|
||||
if form.get_widget('url').parse():
|
||||
form.set_error('url', _('Invalid File'))
|
||||
error = True
|
||||
|
||||
if error:
|
||||
if reason:
|
||||
msg = _('Invalid File (%s)') % reason
|
||||
else:
|
||||
form.set_error('file', _('Invalid File'))
|
||||
msg = _('Invalid File')
|
||||
if form.get_widget('url').parse():
|
||||
form.set_error('url', msg)
|
||||
else:
|
||||
form.set_error('file', msg)
|
||||
raise ValueError()
|
||||
|
||||
if form.get_widget('new_formdef').parse():
|
||||
|
@ -1481,12 +1492,23 @@ class FormsDirectory(AccessControlled, Directory):
|
|||
|
||||
try:
|
||||
formdef = FormDef.import_from_xml(fp)
|
||||
except FormdefImportError, e:
|
||||
error = True
|
||||
reason = _(e)
|
||||
except ValueError:
|
||||
if form.get_widget('url').parse():
|
||||
form.set_error('url', _('Invalid File'))
|
||||
error = True
|
||||
|
||||
if error:
|
||||
if reason:
|
||||
msg = _('Invalid File (%s)') % reason
|
||||
else:
|
||||
form.set_error('file', _('Invalid File'))
|
||||
msg = _('Invalid File')
|
||||
if form.get_widget('url').parse():
|
||||
form.set_error('url', msg)
|
||||
else:
|
||||
form.set_error('file', msg)
|
||||
raise ValueError()
|
||||
|
||||
formdef.disabled = True
|
||||
formdef.store()
|
||||
get_session().message = ('info',
|
||||
|
|
|
@ -1003,14 +1003,26 @@ class WorkflowsDirectory(Directory):
|
|||
form.set_error('file', _('You have to enter a file or a URL.'))
|
||||
raise ValueError()
|
||||
|
||||
error, reason = False, None
|
||||
try:
|
||||
workflow = Workflow.import_from_xml(fp)
|
||||
except WorkflowImportError, e:
|
||||
error = True
|
||||
reason = _(e)
|
||||
except ValueError:
|
||||
if form.get_widget('url').parse():
|
||||
form.set_error('url', _('Invalid File'))
|
||||
error = True
|
||||
|
||||
if error:
|
||||
if reason:
|
||||
msg = _('Invalid File (%s)') % reason
|
||||
else:
|
||||
form.set_error('file', _('Invalid File'))
|
||||
msg = _('Invalid File')
|
||||
if form.get_widget('url').parse():
|
||||
form.set_error('url', msg)
|
||||
else:
|
||||
form.set_error('file', msg)
|
||||
raise ValueError()
|
||||
|
||||
initial_workflow_name = workflow.name
|
||||
workflow_names = [x.name for x in Workflow.select()]
|
||||
copy_no = 1
|
||||
|
|
|
@ -34,6 +34,11 @@ from categories import Category
|
|||
from wcs.workflows import Workflow, get_role_translation
|
||||
import fields
|
||||
|
||||
|
||||
class FormdefImportError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class FormField:
|
||||
### only used to unpickle form fields from older (<200603) versions
|
||||
def __setstate__(self, dict):
|
||||
|
@ -557,13 +562,16 @@ class FormDef(StorableObject):
|
|||
charset = get_publisher().site_charset
|
||||
formdef = cls()
|
||||
if tree.find('name') is None or not tree.find('name').text:
|
||||
raise ValueError()
|
||||
raise FormdefImportError(N_('Missing name'))
|
||||
|
||||
# if the tree we get is actually a ElementTree for real, we get its
|
||||
# root element and go on happily.
|
||||
if not ET.iselement(tree):
|
||||
tree = tree.getroot()
|
||||
|
||||
if tree.tag != 'formdef':
|
||||
raise FormdefImportError(N_('Not a form'))
|
||||
|
||||
if include_id and tree.attrib.get('id'):
|
||||
formdef.id = tree.attrib.get('id')
|
||||
for text_attribute in list(cls.TEXT_ATTRIBUTES):
|
||||
|
|
|
@ -46,6 +46,10 @@ def lax_int(s):
|
|||
return -1
|
||||
|
||||
|
||||
class WorkflowImportError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class AttachmentEvolutionPart:
|
||||
orig_filename = None
|
||||
base_filename = None
|
||||
|
@ -290,13 +294,16 @@ class Workflow(StorableObject):
|
|||
charset = get_publisher().site_charset
|
||||
workflow = cls()
|
||||
if tree.find('name') is None or not tree.find('name').text:
|
||||
raise ValueError()
|
||||
raise WorkflowImportError(N_('Missing name'))
|
||||
|
||||
# if the tree we get is actually a ElementTree for real, we get its
|
||||
# root element and go on happily.
|
||||
if not ET.iselement(tree):
|
||||
tree = tree.getroot()
|
||||
|
||||
if tree.tag != 'workflow':
|
||||
raise WorkflowImportError(N_('Not a workflow'))
|
||||
|
||||
if include_id and tree.attrib.get('id'):
|
||||
workflow.id = tree.attrib.get('id')
|
||||
|
||||
|
|
Loading…
Reference in New Issue