Cyclone-Team/gramps
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Working on data security; private, living

Browse Source 
svn: r19780
This commit is contained in:
Doug Blank 2012-06-07 00:49:02 +00:00
parent 0d3bf6bb16
commit 9f6def272f
6 changed files with 62 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/data/templates/view_family_detail.html
View File

@ -35,9 +35,17 @@
</tr> </tr>
<tr> <tr>
<td class="ColumnAttribute">Name:</td> <td class="ColumnAttribute">Name:</td>
{% if user.is_authenticated or father.probably_alive %}
<td class="ColumnValue" id="data">{% render familyform.father user action %}</td> <td class="ColumnValue" id="data">{% render familyform.father user action %}</td>
{% else %}
<td class="ColumnValue" id="data">{{family.father|render_name:user}}</td>
{% endif %}
<td class="ColumnAttribute">Name:</td> <td class="ColumnAttribute">Name:</td>
{% if user.is_authenticated or mother.probably_alive %}
<td class="ColumnValue" id="data">{% render familyform.mother user action %}</td> <td class="ColumnValue" id="data">{% render familyform.mother user action %}</td>
{% else %}
<td class="ColumnValue" id="data">{{family.mother|render_name:user}}</td>
{% endif %}
</tr> </tr>
{% if user.is_authenticated or not familyform.father.probably_alive %} {% if user.is_authenticated or not familyform.father.probably_alive %}
<tr> <tr>

2
src/data/templates/view_name_detail.html
View File

@ -40,7 +40,7 @@
</tr> </tr>
<tr> <tr>
<td class="ColumnAttribute">{{surnameform.surname.label}}:</td> <td class="ColumnAttribute">{{surnameform.surname.label}}:</td>
<td class="ColumnValue" id="data">{% render surnameform.surname user action False "" "get_focus" %}</td> <td class="ColumnValue" id="data">{% render surnameform.surname user action "get_focus" %}</td>
<td class="ColumnAttribute">{{surnameform.prefix.label}}:</td> <td class="ColumnAttribute">{{surnameform.prefix.label}}:</td>
<td class="ColumnValue" id="data">{% render surnameform.prefix user action %}</td> <td class="ColumnValue" id="data">{% render surnameform.prefix user action %}</td>
</tr> </tr>

2
src/data/templates/view_person_detail.html
View File

@ -39,7 +39,7 @@
<tr><td id="rowspace"></td></tr> <tr><td id="rowspace"></td></tr>
<tr> <tr>
<td class="ColumnAttribute">{{nameform.title.label}}:</td> <td class="ColumnAttribute">{{nameform.title.label}}:</td>
<td class="ColumnValue" id="data">{% render nameform.title user action False "" "get_focus" %}</td> <td class="ColumnValue" id="data">{% render nameform.title user action "get_focus" %}</td>
<td class="ColumnAttribute">{{nameform.nick.label}}:</td> <td class="ColumnAttribute">{{nameform.nick.label}}:</td>
<td class="ColumnValue" id="data">{% render nameform.nick user action %}</td> <td class="ColumnValue" id="data">{% render nameform.nick user action %}</td>
<td class="ColumnAttribute">{{nameform.call.label}}:</td> <td class="ColumnAttribute">{{nameform.call.label}}:</td>

5
src/webapp/grampsdb/models.py
View File

@ -27,8 +27,6 @@ is loaded by the fixtures/initial_data.json, which is
created by init.py. created by init.py.
""" """
_DEBUG = True
from django.db import models from django.db import models
from django.contrib.contenttypes.models import ContentType from django.contrib.contenttypes.models import ContentType
from django.contrib.contenttypes import generic from django.contrib.contenttypes import generic
@ -55,8 +53,6 @@ def get_type(the_type, data, get_or_create=False):
elif data[0] == the_type._CUSTOM or get_or_create: elif data[0] == the_type._CUSTOM or get_or_create:
(obj, new) = the_type.objects.get_or_create(val=data[0], (obj, new) = the_type.objects.get_or_create(val=data[0],
name=data[1]) name=data[1])
if new and _DEBUG:
print "DEBUG: Made new type:", the_type, data
return obj return obj
else: else:
return the_type.objects.get(val=data[0]) return the_type.objects.get(val=data[0])
@ -690,6 +686,7 @@ class Name(DateObject, SecondaryObject):
self._sanitized = True self._sanitized = True
if self.person.probably_alive: if self.person.probably_alive:
self.first_name = "[Living]" self.first_name = "[Living]"
self.nick = ""
self.call = "" self.call = ""
self.group_as = "" self.group_as = ""
self.title = "" self.title = ""

28
src/webapp/grampsdb/views.py
View File

@ -266,6 +266,7 @@ def view_list(request, view):
Q(place__title__icontains=search)) & Q(place__title__icontains=search)) &
private private
) \ ) \
.distinct() \
.order_by("gramps_id") .order_by("gramps_id")
else: else:
object_list = Event.objects.filter(private).order_by("gramps_id") object_list = Event.objects.filter(private).order_by("gramps_id")
@ -283,6 +284,7 @@ def view_list(request, view):
.filter((Q(father__name__surname__surname__istartswith=surname) & .filter((Q(father__name__surname__surname__istartswith=surname) &
Q(mother__name__surname__surname__istartswith=surname)) Q(mother__name__surname__surname__istartswith=surname))
) \ ) \
.distinct() \
.order_by("gramps_id") .order_by("gramps_id")
else: # no comma else: # no comma
object_list = Family.objects \ object_list = Family.objects \
@ -291,6 +293,7 @@ def view_list(request, view):
Q(father__name__surname__surname__istartswith=search) | Q(father__name__surname__surname__istartswith=search) |
Q(mother__name__surname__surname__istartswith=search) Q(mother__name__surname__surname__istartswith=search)
) \ ) \
.distinct() \
.order_by("gramps_id") .order_by("gramps_id")
else: # no search else: # no search
object_list = Family.objects.all().order_by("gramps_id") object_list = Family.objects.all().order_by("gramps_id")
@ -311,6 +314,7 @@ def view_list(request, view):
Q(mother__private=False) & Q(mother__private=False) &
Q(father__private=False) Q(father__private=False)
) \ ) \
.distinct() \
.order_by("gramps_id") .order_by("gramps_id")
else: else:
object_list = Family.objects \ object_list = Family.objects \
@ -318,6 +322,7 @@ def view_list(request, view):
Q(mother__private=False) & Q(mother__private=False) &
Q(father__private=False) Q(father__private=False)
) \ ) \
.distinct() \
.order_by("gramps_id") .order_by("gramps_id")
view_template = 'view_families.html' view_template = 'view_families.html'
total = Family.objects.all().count() total = Family.objects.all().count()
@ -334,6 +339,7 @@ def view_list(request, view):
.filter(Q(gramps_id__icontains=search) & .filter(Q(gramps_id__icontains=search) &
private private
) \ ) \
.distinct() \
.order_by("gramps_id") .order_by("gramps_id")
else: else:
object_list = Media.objects.filter(private).order_by("gramps_id") object_list = Media.objects.filter(private).order_by("gramps_id")
@ -354,6 +360,7 @@ def view_list(request, view):
Q(text__icontains=search)) & Q(text__icontains=search)) &
private private
) \ ) \
.distinct() \
.order_by("gramps_id") .order_by("gramps_id")
else: else:
object_list = Note.objects.filter(private).order_by("gramps_id") object_list = Note.objects.filter(private).order_by("gramps_id")
@ -367,6 +374,7 @@ def view_list(request, view):
query = build_person_query(request, search, protect=False) query = build_person_query(request, search, protect=False)
object_list = Name.objects \ object_list = Name.objects \
.filter(query) \ .filter(query) \
.distinct() \
.order_by("surname__surname", "first_name") .order_by("surname__surname", "first_name")
else: else:
object_list = Name.objects.all().order_by("surname__surname", "first_name") object_list = Name.objects.all().order_by("surname__surname", "first_name")
@ -377,12 +385,14 @@ def view_list(request, view):
query = build_person_query(request, search, protect=True) query = build_person_query(request, search, protect=True)
object_list = Name.objects \ object_list = Name.objects \
.filter(query) \ .filter(query) \
.distinct() \
.order_by("surname__surname", "private", "person__probably_alive", "first_name") .order_by("surname__surname", "private", "person__probably_alive", "first_name")
else: else:
object_list = Name.objects \ object_list = Name.objects \
.select_related() \ .select_related() \
.filter(Q(private=False) & .filter(Q(private=False) &
Q(person__private=False)) \ Q(person__private=False)) \
.distinct() \
.order_by("surname__surname", "private", "person__probably_alive", "first_name") .order_by("surname__surname", "private", "person__probably_alive", "first_name")
# END NON-AUTHENTICATED users # END NON-AUTHENTICATED users
view_template = 'view_people.html' view_template = 'view_people.html'
@ -402,6 +412,7 @@ def view_list(request, view):
) & ) &
private private
) \ ) \
.distinct() \
.order_by("gramps_id") .order_by("gramps_id")
else: else:
object_list = Place.objects.filter(private).order_by("gramps_id") object_list = Place.objects.filter(private).order_by("gramps_id")
@ -423,6 +434,7 @@ def view_list(request, view):
) & ) &
private private
) \ ) \
.distinct() \
.order_by("gramps_id") .order_by("gramps_id")
else: else:
object_list = Repository.objects.filter(private).order_by("gramps_id") object_list = Repository.objects.filter(private).order_by("gramps_id")
@ -441,6 +453,7 @@ def view_list(request, view):
.filter(Q(gramps_id__icontains=search) & .filter(Q(gramps_id__icontains=search) &
private private
) \ ) \
.distinct() \
.order_by("gramps_id") .order_by("gramps_id")
else: else:
object_list = Citation.objects.filter(private).order_by("gramps_id") object_list = Citation.objects.filter(private).order_by("gramps_id")
@ -459,6 +472,7 @@ def view_list(request, view):
.filter(Q(gramps_id__icontains=search) & .filter(Q(gramps_id__icontains=search) &
private private
) \ ) \
.distinct() \
.order_by("gramps_id") .order_by("gramps_id")
else: else:
object_list = Source.objects.filter(private).order_by("gramps_id") object_list = Source.objects.filter(private).order_by("gramps_id")
@ -470,6 +484,7 @@ def view_list(request, view):
search = request.GET.get("search") search = request.GET.get("search")
object_list = Tag.objects \ object_list = Tag.objects \
.filter(Q(name__icontains=search)) \ .filter(Q(name__icontains=search)) \
.distinct() \
.order_by("name") .order_by("name")
else: else:
object_list = Tag.objects.order_by("name") object_list = Tag.objects.order_by("name")
@ -482,10 +497,12 @@ def view_list(request, view):
if request.user.is_superuser: if request.user.is_superuser:
object_list = Report.objects \ object_list = Report.objects \
.filter(Q(name__icontains=search)) \ .filter(Q(name__icontains=search)) \
.distinct() \
.order_by("name") .order_by("name")
else: else:
object_list = Report.objects \ object_list = Report.objects \
.filter(Q(name__icontains=search) & ~Q(report_type="import")) \ .filter(Q(name__icontains=search) & ~Q(report_type="import")) \
.distinct() \
.order_by("name") .order_by("name")
else: else:
if request.user.is_superuser: if request.user.is_superuser:
@ -682,15 +699,18 @@ def build_person_query(request, search, protect):
query = Q() query = Q()
if protect: if protect:
query &= (Q(private=False) & Q(person__private=False)) query &= (Q(private=False) & Q(person__private=False))
terms = ["surname", "given"]
else:
terms = ["surname"] terms = ["surname"]
else:
terms = ["surname", "given"]
for term in [term.strip() for term in search.split(",")]: for term in [term.strip() for term in search.split(",")]:
if "=" in term: if "=" in term:
field, value = [s.strip() for s in term.split("=")] field, value = [s.strip() for s in term.split("=")]
else: else:
field = terms.pop(0) if terms:
value = term field = terms.pop(0)
value = term
else:
continue
if "." in field and not protect: if "." in field and not protect:
query &= Q(**{field.replace(".", "__"): value}) query &= Q(**{field.replace(".", "__"): value})
elif field == "surname": elif field == "surname":

51
src/webapp/utils.py
View File

@ -76,6 +76,7 @@ util_filters = [
util_tags = [ util_tags = [
'render', 'render',
'render_name',
"get_person_from_handle", "get_person_from_handle",
"event_table", "event_table",
"name_table", "name_table",
@ -821,17 +822,21 @@ def children_table(obj, user, action, url=None, *args):
date_as_text(child.birth, user), date_as_text(child.birth, user),
) )
links.append(('URL', ("/person/%s" % child.handle))) links.append(('URL', ("/person/%s" % child.handle)))
count += 1
else: else:
table.row(str(count), table.row(str(count),
"[%s]" % child.gramps_id, "[%s]" % child.gramps_id,
render_name(child, user), render_name(child, user) if not child.private else "[Private]",
child.gender_type, child.gender_type if not child.private else "[Private]",
"[Private]", "[Private]",
"[Private]", "[Private]",
"[Private]", "[Private]",
) )
links.append(('URL', ("/person/%s" % child.handle))) if not child.private:
count += 1 links.append(('URL', ("/person/%s" % child.handle)))
else:
links.append((None, None))
count += 1
table.links(links) table.links(links)
retval += table.get_html() retval += table.get_html()
if user.is_superuser and url and action == "view": if user.is_superuser and url and action == "view":
@ -872,30 +877,28 @@ def display_date(obj):
else: else:
return "" return ""
def render(formfield, user, action, test=False, truetext="", id=None): def render(formfield, user, action, id=None):
if not user.is_authenticated(): if not user.is_authenticated():
action = "view" action = "view"
if action == "view": # show as text if action == "view": # show as text
if (not user.is_authenticated() and not test) or user.is_authenticated(): fieldname = formfield.name # 'surname'
fieldname = formfield.name # 'surname' try:
item = getattr(formfield.form.model, fieldname)
if (item.__class__.__name__ == 'ManyRelatedManager'):
retval = ", ".join([i.get_link() for i in item.all()])
else:
retval = str(item)
#### Some cleanup:
if retval == "True":
retval = "Yes"
elif retval == "False":
retval = "No"
except:
# name, "prefix"
try: try:
item = getattr(formfield.form.model, fieldname) retval = str(formfield.form.data[fieldname])
if (item.__class__.__name__ == 'ManyRelatedManager'):
retval = ", ".join([i.get_link() for i in item.all()])
else:
retval = str(item)
if retval == "True":
retval = "Yes"
elif retval == "False":
retval = "No"
except: except:
# name, "prefix" retval = "[None]"
try:
retval = str(formfield.form.data[fieldname])
except:
retval = "[None]"
else:
retval = truetext
else: # show as widget else: # show as widget
if id != None: if id != None:
retval = formfield.as_widget(attrs={"id": id}) retval = formfield.as_widget(attrs={"id": id})
@ -903,7 +906,7 @@ def render(formfield, user, action, test=False, truetext="", id=None):
retval = formfield.as_widget() retval = formfield.as_widget()
return retval return retval
def render_name(name, user): def render_name(name, user, action=None):
""" """
Given a Django or Gramps object, render the name and return. This Given a Django or Gramps object, render the name and return. This
function uses authentication, privacy and probably_alive settings. function uses authentication, privacy and probably_alive settings.