entrouvert/wcs
entrouvert
/
wcs
14
1
Fork 0
Code Issues Pull Requests 34 Releases Activity

backoffice: redirect unauthorized custom views to default view (#83573) #839

Merged
fpeters merged 1 commits from wip/83573-unauthorized-custom-view-do-redirect into main 2023-11-17 09:43:32 +01:00
Conversation 0 Commits 1 Files Changed 2 +59 -1
fpeters commented 2023-11-16 10:33:42 +01:00
Owner
Copy Link
No description provided.
fpeters force-pushed wip/83573-unauthorized-custom-view-do-redirect from 09645f065c to d8c35410d4 2023-11-16 10:48:57 +01:00 Compare
fpeters force-pushed wip/83573-unauthorized-custom-view-do-redirect from d8c35410d4 to 21eb5916df 2023-11-16 10:50:34 +01:00 Compare
fpeters force-pushed wip/83573-unauthorized-custom-view-do-redirect from 21eb5916df to 4ef9464328 2023-11-16 11:47:07 +01:00 Compare
fpeters changed title from WIP: backoffice: redirect unauthorized custom views to default view (#83573) to backoffice: redirect unauthorized custom views to default view (#83573) 2023-11-16 12:17:08 +01:00
tnoel requested changes 2023-11-16 14:40:01 +01:00
wcs/backoffice/management.py Outdated
@ -3199,0 +3212,4 @@
),
)
# remove custom view reference from path
url = get_request().get_path_query().replace('/%s/' % component, '/')
tnoel commented 2023-11-16 14:39:28 +01:00
Owner
Copy Link

Ici le component n'est pas forcément de la forme user-whatever, ça me semble un peu plus risqué que dans le cas précédent de faire un remplacement général...?

Ici le component n'est pas forcément de la forme user-whatever, ça me semble un peu plus risqué que dans le cas précédent de faire un remplacement général...?
fpeters commented 2023-11-16 14:57:43 +01:00
Author
Owner
Copy Link

Il y aurait juste le risque d'une vue personnalisée appelée "backoffice", "management" ou "data", mais on n'a rien qui empêcherait ces noms, j'ai donc modifié en :

+                # remove custom view reference from path
+                path_parts = get_request().get_path_query().split('/')
+                del path_parts[4]  # ['', 'backoffice', 'management or data', 'slug', 'view name', '...']
+                return misc.QLookupRedirect('/'.join(path_parts))
Il y aurait juste le risque d'une vue personnalisée appelée "backoffice", "management" ou "data", mais on n'a rien qui empêcherait ces noms, j'ai donc modifié en : ``` + # remove custom view reference from path + path_parts = get_request().get_path_query().split('/') + del path_parts[4] # ['', 'backoffice', 'management or data', 'slug', 'view name', '...'] + return misc.QLookupRedirect('/'.join(path_parts)) ```
fpeters force-pushed wip/83573-unauthorized-custom-view-do-redirect from 4ef9464328 to 3d5adf5ee2 2023-11-16 14:56:23 +01:00 Compare
fpeters requested review from tnoel 2023-11-16 15:46:44 +01:00
tnoel approved these changes 2023-11-17 09:42:41 +01:00
fpeters merged commit 3d5adf5ee2 into main 2023-11-17 09:43:32 +01:00
fpeters deleted branch wip/83573-unauthorized-custom-view-do-redirect 2023-11-17 09:43:32 +01:00
Sign in to join this conversation.
Reviewers
No reviewers
tnoel
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: entrouvert/wcs#839
No description provided.
Delete Branch "wip/83573-unauthorized-custom-view-do-redirect"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?