[Patchew-devel] [PATCH] mod: use REST API to store project config

Paolo Bonzini posted 1 patch 4 years, 10 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/patchew-ci tags/patchew/20190515123554.27035-1-pbonzini@redhat.com
api/views.py                      | 19 -------------------
static/js/config-editor.js        | 31 ++++++++++++++++++++++---------
static/js/patchew.js              |  6 ------
www/templates/project-detail.html |  6 +++---
4 files changed, 25 insertions(+), 37 deletions(-)
[Patchew-devel] [PATCH] mod: use REST API to store project config
Posted by Paolo Bonzini 4 years, 10 months ago
This gets rid of the current_project hack and one more legacy APIView;
it also fixes the lack of CSRF support in the configuration editor.

The conversion from dotted property path to JSON is now done in the client.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 api/views.py                      | 19 -------------------
 static/js/config-editor.js        | 31 ++++++++++++++++++++++---------
 static/js/patchew.js              |  6 ------
 www/templates/project-detail.html |  6 +++---
 4 files changed, 25 insertions(+), 37 deletions(-)

diff --git a/api/views.py b/api/views.py
index 672cdc8..b931fff 100644
--- a/api/views.py
+++ b/api/views.py
@@ -129,25 +129,6 @@ class UpdateProjectHeadView(APILoginRequiredView):
         return ret
 
 
-class SetProjectConfigView(APILoginRequiredView):
-    name = "set-project-config"
-    allowed_groups = ["maintainers"]
-
-    def handle(self, request, project, config):
-        po = Project.objects.get(name=project)
-        if not po.maintained_by(request.user):
-            raise PermissionDenied("Access denied to this project")
-        new_config = {}
-        for k, v in config.items():
-            *path, last = k.split('.')
-            parent = new_config
-            for item in path:
-                parent = parent.setdefault(item, {})
-            parent[last] = v
-        po.config = new_config
-        po.save()
-
-
 def prepare_patch(p):
     r = {"subject": p.subject,
          "message-id": p.message_id,
diff --git a/static/js/config-editor.js b/static/js/config-editor.js
index aae5302..0585eae 100644
--- a/static/js/config-editor.js
+++ b/static/js/config-editor.js
@@ -1,7 +1,3 @@
-function current_project() {
-    return $('h2').text();
-}
-
 function confirm_leaving_page(enable) {
     if (enable) {
         window.onbeforeunload = function() {
@@ -30,7 +26,16 @@ function save_done(btn, succeeded, error) {
 function collect_properties(btn, check_required) {
     properties = {};
     $(btn).parent().parent().find(".project-property").each(function () {
-        path = $(this).data('property-path');
+        path = $(this).data('property-path').split('.').reverse();
+        parent = properties;
+        while (path.length > 1) {
+            key = path.pop();
+            if (!(key in parent))
+                parent[key] = {};
+            parent = parent[key];
+        }
+        key = path[0];
+
         if (check_required && this.required && !this.value) {
             alert($(this).parent().find("label").html() + " is required!");
             $(this).focus();
@@ -54,7 +59,7 @@ function collect_properties(btn, check_required) {
         } else {
             val = this.value;
         }
-        properties[path] = val;
+        parent[key] = val;
     });
     return properties;
 }
@@ -70,9 +75,17 @@ function properties_save(btn) {
     $(btn).addClass("disabled");
     $(btn).text("Saving...");
     $(btn).parent().find(".save-message").remove();
-    patchew_api_do("set-project-config",
-                   { project: current_project(),
-                     config: props })
+    options = {
+        data: JSON.stringify(props),
+        type: 'PUT',
+        dataType: 'json',
+        headers: { 'Content-Type': 'application/json' }
+    };
+    if ($(btn).data('csrf-token') != '') {
+        options['headers']['X-CSRFToken'] = $(btn).data('csrf-token');
+    }
+    console.log(props);
+    $.ajax($(btn).data('href'), options)
         .done(function (data) {
             save_done(btn, true);
         })
diff --git a/static/js/patchew.js b/static/js/patchew.js
index ce45abd..6e88472 100644
--- a/static/js/patchew.js
+++ b/static/js/patchew.js
@@ -1,9 +1,3 @@
-function patchew_api_do(method, data)
-{
-    data = {params: JSON.stringify(data)};
-    console.log(data);
-    return $.post("/api/" + method + "/", data);
-}
 function patchew_toggler_onclick(which)
 {
     tgt = $(which).parent().find(".panel-collapse");
diff --git a/www/templates/project-detail.html b/www/templates/project-detail.html
index 5895314..81307d0 100644
--- a/www/templates/project-detail.html
+++ b/www/templates/project-detail.html
@@ -80,9 +80,9 @@
     {% endfor %}
     {% if request.user.is_authenticated %}
         <div class="form-group">
-            <button type="button" class="btn btn-info" onclick="properties_save(this)">
-                 Save
-             </button>
+            <button type="button" class="btn btn-info" onclick="properties_save(this)"
+                data-csrf-token="{{ csrf_token }}"
+                data-href="/api/v1/projects/{{ project.id }}/config/">Save</button>
         </div>
     {% endif %}
 </div>
-- 
2.21.0

_______________________________________________
Patchew-devel mailing list
Patchew-devel@redhat.com
https://www.redhat.com/mailman/listinfo/patchew-devel