Show More
| @@ -68,8 +68,8 b' class AdminSessionSettingsView(BaseAppVi' | |||||
| 68 | return self._get_template_context(c) |
|
68 | return self._get_template_context(c) | |
| 69 |
|
69 | |||
| 70 | @LoginRequired() |
|
70 | @LoginRequired() | |
|
|
71 | @HasPermissionAllDecorator('hg.admin') | |||
| 71 | @CSRFRequired() |
|
72 | @CSRFRequired() | |
| 72 | @HasPermissionAllDecorator('hg.admin') |
|
|||
| 73 | @view_config( |
|
73 | @view_config( | |
| 74 | route_name='admin_settings_sessions_cleanup', request_method='POST') |
|
74 | route_name='admin_settings_sessions_cleanup', request_method='POST') | |
| 75 | def settings_sessions_cleanup(self): |
|
75 | def settings_sessions_cleanup(self): | |
| @@ -33,8 +33,8 b' log = logging.getLogger(__name__)' | |||||
| 33 | class SvnConfigAdminSettingsView(BaseAppView): |
|
33 | class SvnConfigAdminSettingsView(BaseAppView): | |
| 34 |
|
34 | |||
| 35 | @LoginRequired() |
|
35 | @LoginRequired() | |
|
|
36 | @HasPermissionAllDecorator('hg.admin') | |||
| 36 | @CSRFRequired() |
|
37 | @CSRFRequired() | |
| 37 | @HasPermissionAllDecorator('hg.admin') |
|
|||
| 38 | @view_config( |
|
38 | @view_config( | |
| 39 | route_name='admin_settings_vcs_svn_generate_cfg', |
|
39 | route_name='admin_settings_vcs_svn_generate_cfg', | |
| 40 | request_method='POST', renderer='json') |
|
40 | request_method='POST', renderer='json') | |
| @@ -251,6 +251,7 b' class AdminUsersView(BaseAppView, DataGr' | |||||
| 251 |
|
251 | |||
| 252 | @LoginRequired() |
|
252 | @LoginRequired() | |
| 253 | @HasPermissionAllDecorator('hg.admin') |
|
253 | @HasPermissionAllDecorator('hg.admin') | |
|
|
254 | @CSRFRequired() | |||
| 254 | @view_config( |
|
255 | @view_config( | |
| 255 | route_name='edit_user_groups_management_updates', request_method='POST') |
|
256 | route_name='edit_user_groups_management_updates', request_method='POST') | |
| 256 | def groups_management_updates(self): |
|
257 | def groups_management_updates(self): | |
| @@ -24,7 +24,8 b' from pyramid.httpexceptions import HTTPF' | |||||
| 24 | from pyramid.view import view_config |
|
24 | from pyramid.view import view_config | |
| 25 |
|
25 | |||
| 26 | from rhodecode.apps._base import RepoAppView |
|
26 | from rhodecode.apps._base import RepoAppView | |
| 27 | from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator |
|
27 | from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator, \ | |
|
|
28 | CSRFRequired | |||
| 28 | from rhodecode.lib import helpers as h |
|
29 | from rhodecode.lib import helpers as h | |
| 29 | from rhodecode.model.meta import Session |
|
30 | from rhodecode.model.meta import Session | |
| 30 | from rhodecode.model.scm import ScmModel |
|
31 | from rhodecode.model.scm import ScmModel | |
| @@ -55,6 +56,7 b' class RepoCachesView(RepoAppView):' | |||||
| 55 |
|
56 | |||
| 56 | @LoginRequired() |
|
57 | @LoginRequired() | |
| 57 | @HasRepoPermissionAnyDecorator('repository.admin') |
|
58 | @HasRepoPermissionAnyDecorator('repository.admin') | |
|
|
59 | @CSRFRequired() | |||
| 58 | @view_config( |
|
60 | @view_config( | |
| 59 | route_name='edit_repo_caches', request_method='POST') |
|
61 | route_name='edit_repo_caches', request_method='POST') | |
| 60 | def repo_caches_purge(self): |
|
62 | def repo_caches_purge(self): | |
| @@ -73,6 +73,7 b' class RepoSettingsView(RepoAppView):' | |||||
| 73 |
|
73 | |||
| 74 | @LoginRequired() |
|
74 | @LoginRequired() | |
| 75 | @HasRepoPermissionAnyDecorator('repository.admin') |
|
75 | @HasRepoPermissionAnyDecorator('repository.admin') | |
|
|
76 | @CSRFRequired() | |||
| 76 | @view_config( |
|
77 | @view_config( | |
| 77 | route_name='edit_repo_advanced_delete', request_method='POST', |
|
78 | route_name='edit_repo_advanced_delete', request_method='POST', | |
| 78 | renderer='rhodecode:templates/admin/repos/repo_edit.mako') |
|
79 | renderer='rhodecode:templates/admin/repos/repo_edit.mako') | |
| @@ -25,7 +25,7 b' from rhodecode.apps._base import RepoApp' | |||||
| 25 | from rhodecode.lib import audit_logger |
|
25 | from rhodecode.lib import audit_logger | |
| 26 | from rhodecode.lib import helpers as h |
|
26 | from rhodecode.lib import helpers as h | |
| 27 | from rhodecode.lib.auth import (LoginRequired, HasRepoPermissionAnyDecorator, |
|
27 | from rhodecode.lib.auth import (LoginRequired, HasRepoPermissionAnyDecorator, | |
| 28 | NotAnonymous) |
|
28 | NotAnonymous, CSRFRequired) | |
| 29 | from rhodecode.lib.ext_json import json |
|
29 | from rhodecode.lib.ext_json import json | |
| 30 |
|
30 | |||
| 31 | log = logging.getLogger(__name__) |
|
31 | log = logging.getLogger(__name__) | |
| @@ -55,6 +55,7 b' class StripView(RepoAppView):' | |||||
| 55 |
|
55 | |||
| 56 | @LoginRequired() |
|
56 | @LoginRequired() | |
| 57 | @HasRepoPermissionAnyDecorator('repository.admin') |
|
57 | @HasRepoPermissionAnyDecorator('repository.admin') | |
|
|
58 | @CSRFRequired() | |||
| 58 | @view_config( |
|
59 | @view_config( | |
| 59 | route_name='strip_check', request_method='POST', |
|
60 | route_name='strip_check', request_method='POST', | |
| 60 | renderer='json', xhr=True) |
|
61 | renderer='json', xhr=True) | |
| @@ -80,6 +81,7 b' class StripView(RepoAppView):' | |||||
| 80 |
|
81 | |||
| 81 | @LoginRequired() |
|
82 | @LoginRequired() | |
| 82 | @HasRepoPermissionAnyDecorator('repository.admin') |
|
83 | @HasRepoPermissionAnyDecorator('repository.admin') | |
|
|
84 | @CSRFRequired() | |||
| 83 | @view_config( |
|
85 | @view_config( | |
| 84 | route_name='strip_execute', request_method='POST', |
|
86 | route_name='strip_execute', request_method='POST', | |
| 85 | renderer='json', xhr=True) |
|
87 | renderer='json', xhr=True) | |
| @@ -104,7 +104,9 b' delOld = function(number){' | |||||
| 104 |
|
104 | |||
| 105 | }; |
|
105 | }; | |
| 106 |
|
106 | |||
| 107 |
var result |
|
107 | var resultData = { | |
|
|
108 | 'csrf_token': CSRF_TOKEN | |||
|
|
109 | }; | |||
| 108 |
|
110 | |||
| 109 | checkCommits = function() { |
|
111 | checkCommits = function() { | |
| 110 | var postData = $('form').serialize(); |
|
112 | var postData = $('form').serialize(); | |
| @@ -116,14 +118,16 b' checkCommits = function() {' | |||||
| 116 | btn.addClass('disabled'); |
|
118 | btn.addClass('disabled'); | |
| 117 |
|
119 | |||
| 118 | var success = function (data) { |
|
120 | var success = function (data) { | |
| 119 |
result |
|
121 | resultData = { | |
|
|
122 | 'csrf_token': CSRF_TOKEN | |||
|
|
123 | }; | |||
| 120 | var i = 0; |
|
124 | var i = 0; | |
| 121 | var result = '<ol>'; |
|
125 | var result = '<ol>'; | |
| 122 | $.each(data, function(index, value){ |
|
126 | $.each(data, function(index, value){ | |
| 123 | i= index; |
|
127 | i= index; | |
| 124 | var box = $('#box-'+index); |
|
128 | var box = $('#box-'+index); | |
| 125 | if (value.rev){ |
|
129 | if (value.rev){ | |
| 126 |
result |
|
130 | resultData[index] = JSON.stringify(value); | |
| 127 |
|
131 | |||
| 128 | var verifiedHtml = ( |
|
132 | var verifiedHtml = ( | |
| 129 | '<li style="line-height:1.2em">' + |
|
133 | '<li style="line-height:1.2em">' + | |
| @@ -185,7 +189,7 b' strip = function() {' | |||||
| 185 | $('#results').html(result); |
|
189 | $('#results').html(result); | |
| 186 |
|
190 | |||
| 187 | }; |
|
191 | }; | |
| 188 |
ajaxPOST(url, result |
|
192 | ajaxPOST(url, resultData, success, null); | |
| 189 | var btn = $('#strip_action'); |
|
193 | var btn = $('#strip_action'); | |
| 190 | btn.remove(); |
|
194 | btn.remove(); | |
| 191 |
|
195 | |||
General Comments 0
You need to be logged in to leave comments.
Login now