Migrated some routes to POST
- delete shelf, import ldap users - delete_kobo token, kobo force full sync - shutdown, reconnect, shutdown
This commit is contained in:
parent
ec73558b03
commit
785726deee
10
cps/admin.py
10
cps/admin.py
|
@ -129,11 +129,11 @@ def admin_forbidden():
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
|
|
||||||
@admi.route("/shutdown")
|
@admi.route("/shutdown", methods=["POST"])
|
||||||
@login_required
|
@login_required
|
||||||
@admin_required
|
@admin_required
|
||||||
def shutdown():
|
def shutdown():
|
||||||
task = int(request.args.get("parameter").strip())
|
task = request.get_json().get('parameter', -1)
|
||||||
showtext = {}
|
showtext = {}
|
||||||
if task in (0, 1): # valid commandos received
|
if task in (0, 1): # valid commandos received
|
||||||
# close all database connections
|
# close all database connections
|
||||||
|
@ -906,7 +906,7 @@ def list_restriction(res_type, user_id):
|
||||||
response.headers["Content-Type"] = "application/json; charset=utf-8"
|
response.headers["Content-Type"] = "application/json; charset=utf-8"
|
||||||
return response
|
return response
|
||||||
|
|
||||||
@admi.route("/ajax/fullsync")
|
@admi.route("/ajax/fullsync", methods=["POST"])
|
||||||
@login_required
|
@login_required
|
||||||
def ajax_fullsync():
|
def ajax_fullsync():
|
||||||
count = ub.session.query(ub.KoboSyncedBooks).filter(current_user.id == ub.KoboSyncedBooks.user_id).delete()
|
count = ub.session.query(ub.KoboSyncedBooks).filter(current_user.id == ub.KoboSyncedBooks.user_id).delete()
|
||||||
|
@ -1626,7 +1626,7 @@ def edit_user(user_id):
|
||||||
page="edituser")
|
page="edituser")
|
||||||
|
|
||||||
|
|
||||||
@admi.route("/admin/resetpassword/<int:user_id>")
|
@admi.route("/admin/resetpassword/<int:user_id>", methods=["POST"])
|
||||||
@login_required
|
@login_required
|
||||||
@admin_required
|
@admin_required
|
||||||
def reset_user_password(user_id):
|
def reset_user_password(user_id):
|
||||||
|
@ -1802,7 +1802,7 @@ def ldap_import_create_user(user, user_data):
|
||||||
return 0, message
|
return 0, message
|
||||||
|
|
||||||
|
|
||||||
@admi.route('/import_ldap_users')
|
@admi.route('/import_ldap_users', methods=["POST"])
|
||||||
@login_required
|
@login_required
|
||||||
@admin_required
|
@admin_required
|
||||||
def import_ldap_users():
|
def import_ldap_users():
|
||||||
|
|
|
@ -26,6 +26,8 @@ import json
|
||||||
from shutil import copyfile
|
from shutil import copyfile
|
||||||
from uuid import uuid4
|
from uuid import uuid4
|
||||||
from markupsafe import escape
|
from markupsafe import escape
|
||||||
|
from functools import wraps
|
||||||
|
|
||||||
try:
|
try:
|
||||||
from lxml.html.clean import clean_html
|
from lxml.html.clean import clean_html
|
||||||
except ImportError:
|
except ImportError:
|
||||||
|
@ -51,13 +53,6 @@ from .tasks.upload import TaskUpload
|
||||||
from .render_template import render_title_template
|
from .render_template import render_title_template
|
||||||
from .usermanagement import login_required_if_no_ano
|
from .usermanagement import login_required_if_no_ano
|
||||||
|
|
||||||
try:
|
|
||||||
from functools import wraps
|
|
||||||
except ImportError:
|
|
||||||
pass # We're not using Python 3
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
editbook = Blueprint('editbook', __name__)
|
editbook = Blueprint('editbook', __name__)
|
||||||
log = logger.create()
|
log = logger.create()
|
||||||
|
@ -237,14 +232,14 @@ def modify_identifiers(input_identifiers, db_identifiers, db_session):
|
||||||
changed = True
|
changed = True
|
||||||
return changed, error
|
return changed, error
|
||||||
|
|
||||||
@editbook.route("/ajax/delete/<int:book_id>")
|
@editbook.route("/ajax/delete/<int:book_id>", methods=["POST"])
|
||||||
@login_required
|
@login_required
|
||||||
def delete_book_from_details(book_id):
|
def delete_book_from_details(book_id):
|
||||||
return Response(delete_book_from_table(book_id, "", True), mimetype='application/json')
|
return Response(delete_book_from_table(book_id, "", True), mimetype='application/json')
|
||||||
|
|
||||||
|
|
||||||
@editbook.route("/delete/<int:book_id>", defaults={'book_format': ""})
|
@editbook.route("/delete/<int:book_id>", defaults={'book_format': ""}, methods=["POST"])
|
||||||
@editbook.route("/delete/<int:book_id>/<string:book_format>")
|
@editbook.route("/delete/<int:book_id>/<string:book_format>", methods=["POST"])
|
||||||
@login_required
|
@login_required
|
||||||
def delete_book_ajax(book_id, book_format):
|
def delete_book_ajax(book_id, book_format):
|
||||||
return delete_book_from_table(book_id, book_format, False)
|
return delete_book_from_table(book_id, book_format, False)
|
||||||
|
@ -1014,7 +1009,7 @@ def move_coverfile(meta, db_book):
|
||||||
category="error")
|
category="error")
|
||||||
|
|
||||||
|
|
||||||
@editbook.route("/upload", methods=["GET", "POST"])
|
@editbook.route("/upload", methods=["POST"])
|
||||||
@login_required_if_no_ano
|
@login_required_if_no_ano
|
||||||
@upload_required
|
@upload_required
|
||||||
def upload():
|
def upload():
|
||||||
|
|
|
@ -62,6 +62,7 @@ particular calls to non-Kobo specific endpoints such as the CalibreWeb book down
|
||||||
from binascii import hexlify
|
from binascii import hexlify
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
from os import urandom
|
from os import urandom
|
||||||
|
from functools import wraps
|
||||||
|
|
||||||
from flask import g, Blueprint, url_for, abort, request
|
from flask import g, Blueprint, url_for, abort, request
|
||||||
from flask_login import login_user, current_user, login_required
|
from flask_login import login_user, current_user, login_required
|
||||||
|
@ -70,11 +71,6 @@ from flask_babel import gettext as _
|
||||||
from . import logger, config, calibre_db, db, helper, ub, lm
|
from . import logger, config, calibre_db, db, helper, ub, lm
|
||||||
from .render_template import render_title_template
|
from .render_template import render_title_template
|
||||||
|
|
||||||
try:
|
|
||||||
from functools import wraps
|
|
||||||
except ImportError:
|
|
||||||
pass # We're not using Python 3
|
|
||||||
|
|
||||||
|
|
||||||
log = logger.create()
|
log = logger.create()
|
||||||
|
|
||||||
|
@ -167,7 +163,7 @@ def generate_auth_token(user_id):
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
@kobo_auth.route("/deleteauthtoken/<int:user_id>")
|
@kobo_auth.route("/deleteauthtoken/<int:user_id>", methods=["POST"])
|
||||||
@login_required
|
@login_required
|
||||||
def delete_auth_token(user_id):
|
def delete_auth_token(user_id):
|
||||||
# Invalidate any prevously generated Kobo Auth token for this user.
|
# Invalidate any prevously generated Kobo Auth token for this user.
|
||||||
|
|
|
@ -56,7 +56,7 @@ def check_shelf_view_permissions(cur_shelf):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
|
||||||
@shelf.route("/shelf/add/<int:shelf_id>/<int:book_id>")
|
@shelf.route("/shelf/add/<int:shelf_id>/<int:book_id>", methods=["POST"])
|
||||||
@login_required
|
@login_required
|
||||||
def add_to_shelf(shelf_id, book_id):
|
def add_to_shelf(shelf_id, book_id):
|
||||||
xhr = request.headers.get('X-Requested-With') == 'XMLHttpRequest'
|
xhr = request.headers.get('X-Requested-With') == 'XMLHttpRequest'
|
||||||
|
@ -112,7 +112,7 @@ def add_to_shelf(shelf_id, book_id):
|
||||||
return "", 204
|
return "", 204
|
||||||
|
|
||||||
|
|
||||||
@shelf.route("/shelf/massadd/<int:shelf_id>")
|
@shelf.route("/shelf/massadd/<int:shelf_id>", methods=["POST"])
|
||||||
@login_required
|
@login_required
|
||||||
def search_to_shelf(shelf_id):
|
def search_to_shelf(shelf_id):
|
||||||
shelf = ub.session.query(ub.Shelf).filter(ub.Shelf.id == shelf_id).first()
|
shelf = ub.session.query(ub.Shelf).filter(ub.Shelf.id == shelf_id).first()
|
||||||
|
@ -164,7 +164,7 @@ def search_to_shelf(shelf_id):
|
||||||
return redirect(url_for('web.index'))
|
return redirect(url_for('web.index'))
|
||||||
|
|
||||||
|
|
||||||
@shelf.route("/shelf/remove/<int:shelf_id>/<int:book_id>")
|
@shelf.route("/shelf/remove/<int:shelf_id>/<int:book_id>", methods=["POST"])
|
||||||
@login_required
|
@login_required
|
||||||
def remove_from_shelf(shelf_id, book_id):
|
def remove_from_shelf(shelf_id, book_id):
|
||||||
xhr = request.headers.get('X-Requested-With') == 'XMLHttpRequest'
|
xhr = request.headers.get('X-Requested-With') == 'XMLHttpRequest'
|
||||||
|
@ -323,12 +323,13 @@ def delete_shelf_helper(cur_shelf):
|
||||||
ub.session_commit("successfully deleted Shelf {}".format(cur_shelf.name))
|
ub.session_commit("successfully deleted Shelf {}".format(cur_shelf.name))
|
||||||
|
|
||||||
|
|
||||||
@shelf.route("/shelf/delete/<int:shelf_id>")
|
@shelf.route("/shelf/delete/<int:shelf_id>", methods=["POST"])
|
||||||
@login_required
|
@login_required
|
||||||
def delete_shelf(shelf_id):
|
def delete_shelf(shelf_id):
|
||||||
cur_shelf = ub.session.query(ub.Shelf).filter(ub.Shelf.id == shelf_id).first()
|
cur_shelf = ub.session.query(ub.Shelf).filter(ub.Shelf.id == shelf_id).first()
|
||||||
try:
|
try:
|
||||||
delete_shelf_helper(cur_shelf)
|
delete_shelf_helper(cur_shelf)
|
||||||
|
flash(_("Shelf successfully deleted"), category="success")
|
||||||
except InvalidRequestError:
|
except InvalidRequestError:
|
||||||
ub.session.rollback()
|
ub.session.rollback()
|
||||||
log.error("Settings DB is not Writeable")
|
log.error("Settings DB is not Writeable")
|
||||||
|
|
|
@ -179,7 +179,7 @@ $("#delete_confirm").click(function() {
|
||||||
if (ajaxResponse) {
|
if (ajaxResponse) {
|
||||||
path = getPath() + "/ajax/delete/" + deleteId;
|
path = getPath() + "/ajax/delete/" + deleteId;
|
||||||
$.ajax({
|
$.ajax({
|
||||||
method:"get",
|
method:"post",
|
||||||
url: path,
|
url: path,
|
||||||
timeout: 900,
|
timeout: 900,
|
||||||
success:function(data) {
|
success:function(data) {
|
||||||
|
@ -376,9 +376,11 @@ $(function() {
|
||||||
|
|
||||||
$("#restart").click(function() {
|
$("#restart").click(function() {
|
||||||
$.ajax({
|
$.ajax({
|
||||||
|
method:"post",
|
||||||
|
contentType: "application/json; charset=utf-8",
|
||||||
dataType: "json",
|
dataType: "json",
|
||||||
url: window.location.pathname + "/../../shutdown",
|
url: getPath() + "/shutdown",
|
||||||
data: {"parameter":0},
|
data: JSON.stringify({"parameter":0}),
|
||||||
success: function success() {
|
success: function success() {
|
||||||
$("#spinner").show();
|
$("#spinner").show();
|
||||||
setTimeout(restartTimer, 3000);
|
setTimeout(restartTimer, 3000);
|
||||||
|
@ -387,9 +389,11 @@ $(function() {
|
||||||
});
|
});
|
||||||
$("#shutdown").click(function() {
|
$("#shutdown").click(function() {
|
||||||
$.ajax({
|
$.ajax({
|
||||||
|
method:"post",
|
||||||
|
contentType: "application/json; charset=utf-8",
|
||||||
dataType: "json",
|
dataType: "json",
|
||||||
url: window.location.pathname + "/../../shutdown",
|
url: getPath() + "/shutdown",
|
||||||
data: {"parameter":1},
|
data: JSON.stringify({"parameter":1}),
|
||||||
success: function success(data) {
|
success: function success(data) {
|
||||||
return alert(data.text);
|
return alert(data.text);
|
||||||
}
|
}
|
||||||
|
@ -447,9 +451,11 @@ $(function() {
|
||||||
$("#DialogContent").html("");
|
$("#DialogContent").html("");
|
||||||
$("#spinner2").show();
|
$("#spinner2").show();
|
||||||
$.ajax({
|
$.ajax({
|
||||||
|
method:"post",
|
||||||
|
contentType: "application/json; charset=utf-8",
|
||||||
dataType: "json",
|
dataType: "json",
|
||||||
url: getPath() + "/shutdown",
|
url: getPath() + "/shutdown",
|
||||||
data: {"parameter":2},
|
data: JSON.stringify({"parameter":2}),
|
||||||
success: function success(data) {
|
success: function success(data) {
|
||||||
$("#spinner2").hide();
|
$("#spinner2").hide();
|
||||||
$("#DialogContent").html(data.text);
|
$("#DialogContent").html(data.text);
|
||||||
|
@ -527,7 +533,7 @@ $(function() {
|
||||||
$(this).data('value'),
|
$(this).data('value'),
|
||||||
function (value) {
|
function (value) {
|
||||||
$.ajax({
|
$.ajax({
|
||||||
method: "get",
|
method: "post",
|
||||||
url: getPath() + "/kobo_auth/deleteauthtoken/" + value,
|
url: getPath() + "/kobo_auth/deleteauthtoken/" + value,
|
||||||
});
|
});
|
||||||
$("#config_delete_kobo_token").hide();
|
$("#config_delete_kobo_token").hide();
|
||||||
|
@ -574,7 +580,7 @@ $(function() {
|
||||||
function(value){
|
function(value){
|
||||||
path = getPath() + "/ajax/fullsync"
|
path = getPath() + "/ajax/fullsync"
|
||||||
$.ajax({
|
$.ajax({
|
||||||
method:"get",
|
method:"post",
|
||||||
url: path,
|
url: path,
|
||||||
timeout: 900,
|
timeout: 900,
|
||||||
success:function(data) {
|
success:function(data) {
|
||||||
|
@ -685,7 +691,7 @@ $(function() {
|
||||||
"GeneralDeleteModal",
|
"GeneralDeleteModal",
|
||||||
$(this).data('value'),
|
$(this).data('value'),
|
||||||
function(value){
|
function(value){
|
||||||
window.location.href = window.location.pathname + "/../../shelf/delete/" + value
|
$("#delete_shelf").closest("form").submit()
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -734,7 +740,8 @@ $(function() {
|
||||||
$("#DialogContent").html("");
|
$("#DialogContent").html("");
|
||||||
$("#spinner2").show();
|
$("#spinner2").show();
|
||||||
$.ajax({
|
$.ajax({
|
||||||
method:"get",
|
method:"post",
|
||||||
|
contentType: "application/json; charset=utf-8",
|
||||||
dataType: "json",
|
dataType: "json",
|
||||||
url: getPath() + "/import_ldap_users",
|
url: getPath() + "/import_ldap_users",
|
||||||
success: function success(data) {
|
success: function success(data) {
|
||||||
|
|
|
@ -2,14 +2,16 @@
|
||||||
{% block body %}
|
{% block body %}
|
||||||
<div class="discover">
|
<div class="discover">
|
||||||
<h2>{{title}}</h2>
|
<h2>{{title}}</h2>
|
||||||
|
<form action="{{url_for('shelf.delete_shelf', shelf_id=shelf.id)}}" method="post">
|
||||||
{% if g.user.role_download() %}
|
{% if g.user.role_download() %}
|
||||||
<a id="shelf_down" href="{{ url_for('shelf.show_simpleshelf', shelf_id=shelf.id) }}" class="btn btn-primary">{{ _('Download') }} </a>
|
<a id="shelf_down" href="{{ url_for('shelf.show_simpleshelf', shelf_id=shelf.id) }}" class="btn btn-primary">{{ _('Download') }} </a>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if g.user.is_authenticated %}
|
{% if g.user.is_authenticated %}
|
||||||
{% if (g.user.role_edit_shelfs() and shelf.is_public ) or not shelf.is_public %}
|
{% if (g.user.role_edit_shelfs() and shelf.is_public ) or not shelf.is_public %}
|
||||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||||
<div class="btn btn-danger" id="delete_shelf" data-value="{{ shelf.id }}">{{ _('Delete this Shelf') }}</div>
|
<div class="btn btn-danger" id="delete_shelf" data-value="{{ shelf.id }}">{{ _('Delete this Shelf') }}</div>
|
||||||
<a id="edit_shelf" href="{{ url_for('shelf.edit_shelf', shelf_id=shelf.id) }}" class="btn btn-primary">{{ _('Edit Shelf Properties') }} </a>
|
<a id="edit_shelf" href="{{ url_for('shelf.edit_shelf', shelf_id=shelf.id) }}" class="btn btn-primary">{{ _('Edit Shelf Properties') }} </a>
|
||||||
|
</form>
|
||||||
{% if entries.__len__() %}
|
{% if entries.__len__() %}
|
||||||
<a id="order_shelf" href="{{ url_for('shelf.order_shelf', shelf_id=shelf.id) }}" class="btn btn-primary">{{ _('Arrange books manually') }} </a>
|
<a id="order_shelf" href="{{ url_for('shelf.order_shelf', shelf_id=shelf.id) }}" class="btn btn-primary">{{ _('Arrange books manually') }} </a>
|
||||||
<button id="toggle_order_shelf" type="button" data-alt-text="{{ _('Disable Change order') }}" class="btn btn-primary">{{ _('Enable Change order') }}</button>
|
<button id="toggle_order_shelf" type="button" data-alt-text="{{ _('Disable Change order') }}" class="btn btn-primary">{{ _('Enable Change order') }}</button>
|
||||||
|
@ -84,22 +86,6 @@
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<!--div id="DeleteShelfDialog" class="modal fade" role="dialog">
|
|
||||||
<div class="modal-dialog modal-sm">
|
|
||||||
<div class="modal-content">
|
|
||||||
<div class="modal-header bg-danger text-center">
|
|
||||||
<span>{{_('Are you sure you want to delete this shelf?')}}</span>
|
|
||||||
</div>
|
|
||||||
<div class="modal-body text-center">
|
|
||||||
<span>{{_('Shelf will be deleted for all users')}}</span>
|
|
||||||
<p></p>
|
|
||||||
<a id="confirm" href="{{ url_for('shelf.delete_shelf', shelf_id=shelf.id) }}" class="btn btn-danger">{{_('OK')}}</a>
|
|
||||||
<button type="button" class="btn btn-default" data-dismiss="modal">{{_('Cancel')}}</button>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
</div-->
|
|
||||||
|
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
{% block modal %}
|
{% block modal %}
|
||||||
{{ delete_confirm_modal() }}
|
{{ delete_confirm_modal() }}
|
||||||
|
|
|
@ -1055,7 +1055,8 @@ def get_tasks_status():
|
||||||
return render_title_template('tasks.html', entries=answer, title=_(u"Tasks"), page="tasks")
|
return render_title_template('tasks.html', entries=answer, title=_(u"Tasks"), page="tasks")
|
||||||
|
|
||||||
|
|
||||||
@app.route("/reconnect")
|
# method is available without login and not protected by CSRF to make it easy reachable
|
||||||
|
@app.route("/reconnect", methods=['GET'])
|
||||||
def reconnect():
|
def reconnect():
|
||||||
calibre_db.reconnect_db(config, ub.app_DB_path)
|
calibre_db.reconnect_db(config, ub.app_DB_path)
|
||||||
return json.dumps({})
|
return json.dumps({})
|
||||||
|
@ -1435,7 +1436,7 @@ def download_link(book_id, book_format, anyname):
|
||||||
return get_download_link(book_id, book_format, client)
|
return get_download_link(book_id, book_format, client)
|
||||||
|
|
||||||
|
|
||||||
@web.route('/send/<int:book_id>/<book_format>/<int:convert>')
|
@web.route('/send/<int:book_id>/<book_format>/<int:convert>', methods=["POST"])
|
||||||
@login_required
|
@login_required
|
||||||
@download_required
|
@download_required
|
||||||
def send_to_kindle(book_id, book_format, convert):
|
def send_to_kindle(book_id, book_format, convert):
|
||||||
|
|
Loading…
Reference in New Issue
Block a user