VSinerva/csb-project-1
Archived
1
0
Fork 0
Code Activity

Basic site functionality (add, delete, search) withouth added vulns

Browse source
This commit is contained in:
Vili Sinervä 2024-11-24 17:58:53 +02:00
parent d9a41f82bb
commit efee16df40
No known key found for this signature in database
GPG key ID: DF8FEAF54EFAC996
6 changed files with 139 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

26
notes/migrations/0001_initial.py Normal file
View file

@ -0,0 +1,26 @@
# Generated by Django 3.2.13 on 2024-11-24 14:46
from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
initial = True
dependencies = [
migrations.swappable_dependency(settings.AUTH_USER_MODEL),
]
operations = [
migrations.CreateModel(
name='Note',
fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('body', models.TextField()),
('time', models.DateTimeField(auto_now_add=True)),
('owner', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
],
),
]

6
notes/models.py
View file

@ -1,3 +1,7 @@
from django.db import models from django.db import models
from django.contrib.auth.models import User
# Create your models here. class Note(models.Model):
owner = models.ForeignKey(User, on_delete=models.CASCADE)
body = models.TextField()
time = models.DateTimeField(auto_now_add=True)

28
notes/templates/index.html
View file

@ -5,6 +5,32 @@
{% csrf_token %} {% csrf_token %}
<input type="submit" value="Log out"> <input type="submit" value="Log out">
</form> </form>
<h1>Hello, logged in user {{user.username }}!</h1>
<h1>Hello, {{user.username }}!</h1>
<h2>Notes:</h2>
{% for note in notes %}
<h4>{{note.time}}:</h4>
{{note.body}}
<form action="/remove/{{note.id}}/" method="POST">
{% csrf_token %}
<input type="submit" value="Delete">
</form>
{% endfor %}
<h2>Add note: </h2>
<form action="/add/" method="POST">
{% csrf_token %}
<input type="text" id="body" name="body"><br><br>
<input type="submit" value="Add note">
</form>
<h2>Search notes: </h2>
<form action="/search/" method="GET">
<label for="keyword">Search Text:</label><br>
<input type="text" id="keyword" name="keyword"}><br><br>
<input type="submit" value="Search">
</form>
</body> </body>
</html> </html>

30
notes/templates/search.html Normal file
View file

@ -0,0 +1,30 @@
<!DOCTYPE html>
<html lang="en">
<body>
<form action="/accounts/logout/" method="POST">
{% csrf_token %}
<input type="submit" value="Log out">
</form>
<br>
<a href="/">Back to Front Page</a>
<h2>Notes matching search "{{keyword}}":</h2>
{% for note in notes %}
<h4>{{note.time}}:</h4>
{{note.body}}
<form action="/remove/{{note.id}}/" method="POST">
{% csrf_token %}
<input type="submit" value="Delete">
</form>
{% endfor %}
<h2>Search again: </h2>
<form action="/search/" method="GET">
<label for="keyword">Search Text:</label><br>
<input type="text" id="keyword" name="keyword"}><br><br>
<input type="submit" value="Search">
</form>
</body>
</html>

3
notes/urls.py
View file

@ -19,6 +19,9 @@ from notes import views
urlpatterns = [ urlpatterns = [
path('', views.index, name='index'), path('', views.index, name='index'),
path('add/', views.add, name='add'),
path('remove/<int:note_id>/', views.remove, name='remove'),
path('search/', views.search, name='search'),
path('accounts/login/', views.login_view, name='login'), path('accounts/login/', views.login_view, name='login'),
path('accounts/logout/', views.logout_view, name='logout'), path('accounts/logout/', views.logout_view, name='logout'),
] ]

57
notes/views.py
View file

@ -1,23 +1,59 @@
from django.http import HttpResponse from django.http import HttpResponseRedirect
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.contrib.auth import authenticate, login, logout from django.contrib.auth import authenticate, login, logout
from django.shortcuts import render, redirect from django.shortcuts import render, redirect
from django.views.decorators.csrf import csrf_exempt from django.views.decorators.csrf import csrf_exempt
from django.contrib.auth.models import User from django.db import connection
from django.db import transaction, connection
# from notes.models import Note from notes.models import Note
@login_required() @login_required()
def index(request): def index(request):
user = request.user user = request.user
# notes = Note.objects.filter(owner=user) notes = Note.objects.filter(owner=user)
# notes_list = [ { 'time' : note.time, 'body' : note.body } for note in notes ] notes_list = [ { 'time' : note.time, 'body' : note.body, 'id' : note.id } for note in notes ]
# notes_list.sort(key=lambda note: note['time']) notes_list.sort(key=lambda note: note['time'])
return render(request, 'index.html', { 'notes' : notes_list})
@login_required()
def add(request):
if request.method == 'POST':
user = request.user
body = request.POST.get('body')
Note.objects.create(owner=user, body=body)
return redirect("index")
@login_required()
def remove(request, note_id):
if request.method == 'POST':
user = request.user
note = Note.objects.get(pk=note_id)
if user == note.owner:
note.delete()
return HttpResponseRedirect(request.META.get('HTTP_REFERER', 'index'))
@login_required()
def search(request):
if request.method == 'GET':
user = request.user
keyword = request.GET.get('keyword')
notes = Note.objects.filter(owner=user, body__icontains=keyword)
notes_list = [ { 'time' : note.time, 'body' : note.body, 'id' : note.id } for note in notes ]
notes_list.sort(key=lambda note: note['time'])
return render(request, 'search.html', { 'notes' : notes_list, 'keyword' : keyword})
return redirect("index")
# return render(request, 'index.html', { 'notes' : notes_list})
return render(request, 'index.html')
def login_view(request): def login_view(request):
if request.method == 'GET': if request.method == 'GET':
@ -33,9 +69,12 @@ def login_view(request):
return redirect("index") return redirect("index")
else: else:
return render(request, 'login.html', { 'login_failed' : True }) return render(request, 'login.html', { 'login_failed' : True })
return redirect("index") return redirect("index")
def logout_view(request): def logout_view(request):
if request.method == 'POST': if request.method == 'POST':
logout(request) logout(request)
return redirect("index") return redirect("index")