fix model, serializer, restrict access to rest framework browser

Author: n0rdlicht

django/gsmap/models.py

@@ -508,18 +508,24 @@ def title(self):
 
     @property
     def email_domain(self):
-        return self.author_email.split("@")[1]
+        if self.author_email:
+            return self.author_email.split("@")[1]
+        return None
 
     @property
     def email_hash(self):
-        m = hashlib.sha512()
-        m.update(SECRET_KEY.encode('ascii'))
-        m.update(self.author_email.encode('ascii'))
-        return m.hexdigest()
+        if self.author_email:
+            m = hashlib.sha512()
+            m.update(SECRET_KEY.encode('ascii'))
+            m.update(self.author_email.encode('ascii'))
+            return m.hexdigest()
+        return None
 
     @property
     def email_hash_short(self):
-        return self.email_hash[:12]
+        if self.author_email:
+            return self.email_hash[:12]
+        return None
 
     @property
     def description(self):

django/gsmap/serializers.py

@@ -22,7 +22,7 @@ class Meta:
         )
 
     def validate(self, data):
-        if not (data.get("workspace").annotations_open or data.get("workspace").poylgons_open):
+        if not (data.get("workspace").annotations_open or data.get("workspace").polygon_open):
             raise serializers.ValidationError('Rating annotations is not allowed currently for this workspace.')
         if not data.get("author_email"):
             raise serializers.ValidationError('Adding annotations to this workspace requires an email.')

django/gsmap/views.py

@@ -7,7 +7,7 @@
 
 from django.views.generic import DetailView
 
-from rest_framework import generics, parsers
+from rest_framework import generics, parsers, renderers
 from rest_framework.response import Response
 
 from gsmap.models import Workspace, Snapshot, Annotation, Category, Attachement
@@ -17,6 +17,16 @@
 
 SECRET_KEY = os.getenv('DJANGO_SECRET_KEY') or os.getenv('DJANGO_SECRET_KEY_DEV')
 
+class StaffBrowsableMixin(object):
+    def get_renderers(self):
+        """
+        Add Browsable API renderer if user is staff.
+        """
+        rends = self.renderer_classes
+        if self.request.user and self.request.user.is_superuser:
+            rends.append(renderers.BrowsableAPIRenderer)
+        return [renderer() for renderer in rends]
+
 class CustomLoginView(LoginView):
     """
     Customized to include Workspace data in the request cookie
@@ -51,7 +61,7 @@ def logout(request):
     return response
 
 
-class SnapshotFileUploadView(generics.UpdateAPIView):
+class SnapshotFileUploadView(StaffBrowsableMixin, generics.UpdateAPIView):
     permission_classes = [IsUser,]
     queryset = Snapshot.objects.all()
     serializer_class = SnapshotDataUploadSerializer
@@ -72,12 +82,12 @@ def update(self, request, *args, **kwargs):
 
         return Response(serializer.data)
 
-class AnnotationCreateView(generics.CreateAPIView):
+class AnnotationCreateView(StaffBrowsableMixin, generics.CreateAPIView):
     queryset = Annotation.objects.all()
     serializer_class = AnnotationSerializer
     http_method_names = ['post',]
 
-class AnnotationRateUpView(generics.UpdateAPIView):
+class AnnotationRateUpView(StaffBrowsableMixin, generics.UpdateAPIView):
     queryset = Annotation.objects.all()
     serializer_class = AnnotationRateUpSerializer
     lookup_url_kwarg = 'annotation_id'

django/main/settings.py

@@ -86,6 +86,13 @@
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
 ]
 
+REST_FRAMEWORK = {
+    # Only enable JSON renderer by default.
+    'DEFAULT_RENDERER_CLASSES': [
+        'rest_framework.renderers.JSONRenderer',
+    ],
+}
+
 ROOT_URLCONF = 'main.urls'
 
 TEMPLATES = [

etc/nginx/www.local.dev

@@ -23,7 +23,7 @@ server {
     ssl_certificate_key /etc/nginx/conf.d/localhost.key;
 
     location = / {
-        set $lang_sup "de,fr";
+        set $lang_sup "de,fr,it,en";
         set_by_lua_file $lang_accept /etc/nginx/conf.d/lang.lua $lang_sup;
         return $scheme://$host:$server_port/$lang_accept;
     }
@@ -42,15 +42,15 @@ server {
     }
 
     location ~* "^/([0-9a-z]{6})/?$" {
-        set $lang_sup "de,fr";
+        set $lang_sup "de,fr,en";
         set_by_lua_file $lang_accept /etc/nginx/conf.d/lang.lua $lang_sup;
         rewrite_by_lua_block {
             return ngx.redirect("/" .. ngx.var.lang_accept .. ngx.var.request_uri, 302)
         }
     }
 
     location ~* "^/([0-9a-z]{5})/([0-9a-z]{6})/?$" {
-        set $lang_sup "de,fr";
+        set $lang_sup "de,fr,en";
         set_by_lua_file $lang_accept /etc/nginx/conf.d/lang.lua $lang_sup;
         rewrite_by_lua_block {
             return ngx.redirect("/" .. ngx.var.lang_accept .. ngx.var.request_uri, 302)
@@ -67,7 +67,7 @@ server {
         root /var/services/django;
     }
 
-    location ~ "^/(de|fr)/(?<hash>[0-9A-Z]{6})/?$" {
+    location ~ "^/(de|fr|it|en)/(?<hash>[0-9A-Z]{6})/?$" {
         # dev proxy vue
         include "/etc/nginx/conf.d/proxy_conf.inc";
         include "/etc/nginx/conf.d/proxy_meta.inc";
@@ -77,7 +77,7 @@ server {
         #content_by_lua_file "/etc/nginx/conf.d/meta_dist.lua";
     }
 
-    location ~ "^/(de|fr)/([0-9A-Z]{5})/(?<hash>[0-9A-Z]{6})/?$" {
+    location ~ "^/(de|fr|it|en)/([0-9A-Z]{5})/(?<hash>[0-9A-Z]{6})/?$" {
         # dev proxy vue
         include "/etc/nginx/conf.d/proxy_conf.inc";
         include "/etc/nginx/conf.d/proxy_meta.inc";