From c0b561cb5ad601167f471aa4a50fba0366cd9f77 Mon Sep 17 00:00:00 2001 From: Ozzieisaacs Date: Sat, 1 May 2021 17:10:29 +0200 Subject: [PATCH 1/3] Better input check for custom_columns --- cps/admin.py | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/cps/admin.py b/cps/admin.py index c859eef5..fb01e24e 100644 --- a/cps/admin.py +++ b/cps/admin.py @@ -473,6 +473,21 @@ def update_table_settings(): return "Invalid request", 400 return "" +def check_valid_read_column(column): + if column is not "0": + if not calibre_db.session.query(db.Custom_Columns).filter(db.Custom_Columns.id == column) \ + .filter(and_(db.Custom_Columns.datatype == 'bool', db.Custom_Columns.mark_for_delete == 0)).all(): + return False + return True + +def check_valid_restricted_column(column): + if column is not "0": + if not calibre_db.session.query(db.Custom_Columns).filter(db.Custom_Columns.id == column) \ + .filter(and_(db.Custom_Columns.datatype == 'text', db.Custom_Columns.mark_for_delete == 0)).all(): + return False + return True + + @admi.route("/admin/viewconfig", methods=["POST"]) @login_required @@ -488,12 +503,23 @@ def update_view_configuration(): if _config_string("config_title_regex"): calibre_db.update_title_sort(config) + if not check_valid_read_column(to_save.get("config_read_column", "0")): + flash(_(u"Invalid Read Column"), category="error") + log.debug("Invalid Read column") + return view_configuration() _config_int("config_read_column") + + if not check_valid_restricted_column(to_save.get("config_restricted_column", "0")): + flash(_(u"Invalid Restricted Column"), category="error") + log.debug("Invalid Restricted Column") + return view_configuration() + _config_int("config_restricted_column") + _config_int("config_theme") _config_int("config_random_books") _config_int("config_books_per_page") _config_int("config_authors_max") - _config_int("config_restricted_column") + config.config_default_role = constants.selected_roles(to_save) config.config_default_role &= ~constants.ROLE_ANONYMOUS From b97373bf376befc2dd5aab1e8510b460993797b6 Mon Sep 17 00:00:00 2001 From: Ozzieisaacs Date: Sat, 1 May 2021 18:42:57 +0200 Subject: [PATCH 2/3] Improved error handling for disapearing custom column linked to read status --- cps/admin.py | 4 ++-- cps/static/js/details.js | 16 +++++++++++++++- cps/web.py | 22 +++++++++++++++------- 3 files changed, 32 insertions(+), 10 deletions(-) diff --git a/cps/admin.py b/cps/admin.py index fb01e24e..36599d61 100644 --- a/cps/admin.py +++ b/cps/admin.py @@ -474,14 +474,14 @@ def update_table_settings(): return "" def check_valid_read_column(column): - if column is not "0": + if column != "0": if not calibre_db.session.query(db.Custom_Columns).filter(db.Custom_Columns.id == column) \ .filter(and_(db.Custom_Columns.datatype == 'bool', db.Custom_Columns.mark_for_delete == 0)).all(): return False return True def check_valid_restricted_column(column): - if column is not "0": + if column != "0": if not calibre_db.session.query(db.Custom_Columns).filter(db.Custom_Columns.id == column) \ .filter(and_(db.Custom_Columns.datatype == 'text', db.Custom_Columns.mark_for_delete == 0)).all(): return False diff --git a/cps/static/js/details.js b/cps/static/js/details.js index 395518cb..81c1a395 100644 --- a/cps/static/js/details.js +++ b/cps/static/js/details.js @@ -22,7 +22,21 @@ $(function() { }); $("#have_read_cb").on("change", function() { - $(this).closest("form").submit(); + $.post({ + url: this.closest("form").action, + error: function(response) { + var data = [{type:"danger", message:response.responseText}] + $("#flash_success").remove(); + $("#flash_danger").remove(); + if (!jQuery.isEmptyObject(data)) { + data.forEach(function (item) { + $(".navbar").after('
' + + '
' + item.message + '
' + + '
'); + }); + } + } + }); }); $(function() { diff --git a/cps/web.py b/cps/web.py index 4203a812..0f45d0fe 100644 --- a/cps/web.py +++ b/cps/web.py @@ -185,10 +185,11 @@ def toggle_read(book_id): calibre_db.session.commit() except (KeyError, AttributeError): log.error(u"Custom Column No.%d is not exisiting in calibre database", config.config_read_column) + return "Custom Column No.{} is not exisiting in calibre database".format(config.config_read_column), 400 except (OperationalError, InvalidRequestError) as e: calibre_db.session.rollback() log.error(u"Read status could not set: %e", e) - + return "Read status could not set: {}".format(e), 400 return "" @web.route("/ajax/togglearchived/", methods=['POST']) @@ -1117,12 +1118,19 @@ def adv_search_ratings(q, rating_high, rating_low): def adv_search_read_status(q, read_status): if read_status: if config.config_read_column: - if read_status == "True": - q = q.join(db.cc_classes[config.config_read_column], isouter=True) \ - .filter(db.cc_classes[config.config_read_column].value == True) - else: - q = q.join(db.cc_classes[config.config_read_column], isouter=True) \ - .filter(coalesce(db.cc_classes[config.config_read_column].value, False) != True) + try: + if read_status == "True": + q = q.join(db.cc_classes[config.config_read_column], isouter=True) \ + .filter(db.cc_classes[config.config_read_column].value == True) + else: + q = q.join(db.cc_classes[config.config_read_column], isouter=True) \ + .filter(coalesce(db.cc_classes[config.config_read_column].value, False) != True) + except (KeyError, AttributeError): + log.error(u"Custom Column No.%d is not exisiting in calibre database", config.config_read_column) + flash(_("Custom Column No.%(column)d is not existing in calibre database", + column=config.config_read_column), + category="error") + return q else: if read_status == "True": q = q.join(ub.ReadBook, db.Books.id == ub.ReadBook.book_id, isouter=True) \ From 541c8c4b93c1f19bbe60cb2d800db72e7657a6c3 Mon Sep 17 00:00:00 2001 From: Ozzieisaacs Date: Sat, 1 May 2021 20:52:48 +0200 Subject: [PATCH 3/3] Improved error handling for disapearing custom column linked to visiblility restrictions --- cps/admin.py | 8 ++++---- cps/db.py | 31 +++++++++++++++++++++---------- cps/web.py | 6 +++--- 3 files changed, 28 insertions(+), 17 deletions(-) diff --git a/cps/admin.py b/cps/admin.py index 36599d61..633ee0f2 100644 --- a/cps/admin.py +++ b/cps/admin.py @@ -749,10 +749,10 @@ def add_restriction(res_type, user_id): usr = current_user if 'submit_allow' in element: usr.allowed_tags = restriction_addition(element, usr.list_allowed_tags) - ub.session_commit("Changed allowed tags of user {} to {}".format(usr.name, usr.list_allowed_tags)) + ub.session_commit("Changed allowed tags of user {} to {}".format(usr.name, usr.list_allowed_tags())) elif 'submit_deny' in element: usr.denied_tags = restriction_addition(element, usr.list_denied_tags) - ub.session_commit("Changed denied tags of user {} to {}".format(usr.name, usr.list_denied_tags)) + ub.session_commit("Changed denied tags of user {} to {}".format(usr.name, usr.list_denied_tags())) if res_type == 3: # CustomC per user if isinstance(user_id, int): usr = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first() @@ -761,11 +761,11 @@ def add_restriction(res_type, user_id): if 'submit_allow' in element: usr.allowed_column_value = restriction_addition(element, usr.list_allowed_column_values) ub.session_commit("Changed allowed columns of user {} to {}".format(usr.name, - usr.list_allowed_column_values)) + usr.list_allowed_column_values())) elif 'submit_deny' in element: usr.denied_column_value = restriction_addition(element, usr.list_denied_column_values) ub.session_commit("Changed denied columns of user {} to {}".format(usr.name, - usr.list_denied_column_values)) + usr.list_denied_column_values())) return "" diff --git a/cps/db.py b/cps/db.py index 39adcd4b..66c289dd 100644 --- a/cps/db.py +++ b/cps/db.py @@ -44,6 +44,7 @@ from flask_login import current_user from babel import Locale as LC from babel.core import UnknownLocaleError from flask_babel import gettext as _ +from flask import flash from . import logger, ub, isoLanguages from .pagination import Pagination @@ -122,7 +123,7 @@ class Identifiers(Base): elif format_type == "goodreads": return u"Goodreads" elif format_type == "babelio": - return u"Babelio" + return u"Babelio" elif format_type == "google": return u"Google Books" elif format_type == "kobo": @@ -151,7 +152,7 @@ class Identifiers(Base): elif format_type == "goodreads": return u"https://www.goodreads.com/book/show/{0}".format(self.val) elif format_type == "babelio": - return u"https://www.babelio.com/livres/titre/{0}".format(self.val) + return u"https://www.babelio.com/livres/titre/{0}".format(self.val) elif format_type == "douban": return u"https://book.douban.com/subject/{0}".format(self.val) elif format_type == "google": @@ -606,14 +607,24 @@ class CalibreDB(): neg_content_tags_filter = false() if negtags_list == [''] else Books.tags.any(Tags.name.in_(negtags_list)) pos_content_tags_filter = true() if postags_list == [''] else Books.tags.any(Tags.name.in_(postags_list)) if self.config.config_restricted_column: - pos_cc_list = current_user.allowed_column_value.split(',') - pos_content_cc_filter = true() if pos_cc_list == [''] else \ - getattr(Books, 'custom_column_' + str(self.config.config_restricted_column)). \ - any(cc_classes[self.config.config_restricted_column].value.in_(pos_cc_list)) - neg_cc_list = current_user.denied_column_value.split(',') - neg_content_cc_filter = false() if neg_cc_list == [''] else \ - getattr(Books, 'custom_column_' + str(self.config.config_restricted_column)). \ - any(cc_classes[self.config.config_restricted_column].value.in_(neg_cc_list)) + try: + pos_cc_list = current_user.allowed_column_value.split(',') + pos_content_cc_filter = true() if pos_cc_list == [''] else \ + getattr(Books, 'custom_column_' + str(self.config.config_restricted_column)). \ + any(cc_classes[self.config.config_restricted_column].value.in_(pos_cc_list)) + neg_cc_list = current_user.denied_column_value.split(',') + neg_content_cc_filter = false() if neg_cc_list == [''] else \ + getattr(Books, 'custom_column_' + str(self.config.config_restricted_column)). \ + any(cc_classes[self.config.config_restricted_column].value.in_(neg_cc_list)) + except (KeyError, AttributeError): + pos_content_cc_filter = false() + neg_content_cc_filter = true() + log.error(u"Custom Column No.%d is not existing in calibre database", + self.config.config_restricted_column) + flash(_("Custom Column No.%(column)d is not existing in calibre database", + column=self.config.config_restricted_column), + category="error") + else: pos_content_cc_filter = true() neg_content_cc_filter = false() diff --git a/cps/web.py b/cps/web.py index 0f45d0fe..adf0d51e 100644 --- a/cps/web.py +++ b/cps/web.py @@ -184,8 +184,8 @@ def toggle_read(book_id): calibre_db.session.add(new_cc) calibre_db.session.commit() except (KeyError, AttributeError): - log.error(u"Custom Column No.%d is not exisiting in calibre database", config.config_read_column) - return "Custom Column No.{} is not exisiting in calibre database".format(config.config_read_column), 400 + log.error(u"Custom Column No.%d is not existing in calibre database", config.config_read_column) + return "Custom Column No.{} is not existing in calibre database".format(config.config_read_column), 400 except (OperationalError, InvalidRequestError) as e: calibre_db.session.rollback() log.error(u"Read status could not set: %e", e) @@ -1126,7 +1126,7 @@ def adv_search_read_status(q, read_status): q = q.join(db.cc_classes[config.config_read_column], isouter=True) \ .filter(coalesce(db.cc_classes[config.config_read_column].value, False) != True) except (KeyError, AttributeError): - log.error(u"Custom Column No.%d is not exisiting in calibre database", config.config_read_column) + log.error(u"Custom Column No.%d is not existing in calibre database", config.config_read_column) flash(_("Custom Column No.%(column)d is not existing in calibre database", column=config.config_read_column), category="error")