Skip to content
This repository has been archived by the owner on Feb 22, 2024. It is now read-only.

Commit

Permalink
Merge pull request #101 from vicha-w/sanitise-url
Browse files Browse the repository at this point in the history
This PR has been tested on dev instance. However, dev instance requires migration of Django databases.
  • Loading branch information
vicha-w authored Sep 13, 2023
2 parents 89dfb72 + f5a8d8c commit 9aa7f7d
Show file tree
Hide file tree
Showing 9 changed files with 44 additions and 16 deletions.
1 change: 1 addition & 0 deletions common/static/css/style.css
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
width: 100%;
z-index: 999;
backdrop-filter: blur(10px);
-webkit-backdrop-filter: blur(10px);
background-color: rgba(22, 22, 23, .8);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ <h3>1D histograms</h3>
<div class="row row-cols-1 row-cols-sm-2 row-cols-md-3 g-3">
{% for hist in hist1d %}
<div class="col">
<a class="card" href="{% url 'visualize_histogram:visualize_histogram' runnr=runnr lumisection=lumi_number title=hist.title %}">
<a class="card" href="{% url 'visualize_histogram:visualize_histogram' runnr=runnr lumisection=lumi_number title_sanitised=hist.title_sanitised %}">
<div class="card-img-top" id="histogram-id-{{hist.id}}" style="height: 200px;">
<script>
var trace = {
Expand Down Expand Up @@ -68,7 +68,7 @@ <h3>2D histograms</h3>
<div class="row row-cols-1 row-cols-sm-2 row-cols-md-3 g-3">
{% for hist in hist2d %}
<div class="col">
<a class="card" href="{% url 'visualize_histogram:visualize_histogram' runnr=runnr lumisection=lumi_number title=hist.title %}">
<a class="card" href="{% url 'visualize_histogram:visualize_histogram' runnr=runnr lumisection=lumi_number title_sanitised=hist.title_sanitised %}">
<div class="card-img-top" id="histogram-id-{{hist.id}}" style="height: 200px;">
<script>
var data = [
Expand Down
14 changes: 9 additions & 5 deletions data_taking_objects/views.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import logging

from django.shortcuts import render, redirect
from django.contrib.auth.decorators import login_required

from rest_framework import viewsets

Expand All @@ -12,9 +13,11 @@
from .forms import DiagnosticForm
from visualize_histogram.forms import QuickJumpForm

logger = logging.getLogger(__name__)
from urllib.parse import quote

logger = logging.getLogger(__name__)

@login_required
def runs_view(request):
"""
View for histogram file manager. Lists all available datafiles and their
Expand All @@ -26,7 +29,7 @@ def runs_view(request):
if form.is_valid():
runnr = form.cleaned_data["runnr"]
lumisection = form.cleaned_data["lumisection"]
title = form.cleaned_data["title"]
title = quote(form.cleaned_data["title"], safe='')
return redirect("visualize_histogram:visualize_histogram",
runnr=runnr,
lumisection=lumisection,
Expand All @@ -53,7 +56,7 @@ def runs_view(request):
}
return render(request, "data_taking_objects/runs.html", context)


@login_required
def run_view(request, run_number):

error_message = None
Expand Down Expand Up @@ -84,7 +87,7 @@ def run_view(request, run_number):
}
return render(request, "data_taking_objects/run.html", context)


@login_required
def lumisections_view(request):

error_message = None
Expand All @@ -104,6 +107,7 @@ def lumisections_view(request):
return render(request, "data_taking_objects/lumisections.html", context)


@login_required
def lumisection_view(request, run_number, lumi_number):

error_message = None
Expand Down Expand Up @@ -147,7 +151,7 @@ def lumisection_view(request, run_number, lumi_number):

return render(request, "data_taking_objects/lumisection.html", context)


@login_required
def diagnostic_view(request):

error_message = None
Expand Down
4 changes: 4 additions & 0 deletions histograms/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
from histogram_file_manager.models import HistogramDataFile, HistogramDataFileContents

import histograms.DQMIOReader
from urllib.parse import quote

logger = logging.getLogger(__name__)

Expand Down Expand Up @@ -49,6 +50,9 @@ class HistogramBase(models.Model):
related_name="%(class)s",
)

def title_sanitised(self):
return quote(self.title, safe='')

class Meta:
abstract = True

Expand Down
11 changes: 9 additions & 2 deletions histograms/tables.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
LumisectionHistogram2D,
)
from django.urls import reverse
from urllib.parse import quote

class RunHistogramTable(tables.Table):
run = tables.Column(accessor="run.run_number")
Expand Down Expand Up @@ -49,7 +50,10 @@ def render(self, record):
</div>
</a>
""",
reverse("visualize_histogram:visualize_histogram", args=(record.lumisection.run_id, record.lumisection.ls_number, record.title)),
reverse("visualize_histogram:visualize_histogram",
args=(record.lumisection.run_id,
record.lumisection.ls_number,
quote(record.title, safe=''))),
record.id, record.data, record.id)

class TwoDimensionHistogramColumn(tables.Column):
Expand Down Expand Up @@ -78,7 +82,10 @@ def render(self, record):
</div>
</a>
""",
reverse("visualize_histogram:visualize_histogram", args=(record.lumisection.run_id, record.lumisection.ls_number, record.title)),
reverse("visualize_histogram:visualize_histogram",
args=(record.lumisection.run_id,
record.lumisection.ls_number,
quote(record.title, safe=''))),
record.id, record.data, record.id)

class LumisectionHistogram1DTable(tables.Table):
Expand Down
8 changes: 8 additions & 0 deletions histograms/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@

from django.shortcuts import render
from django.http import JsonResponse
from django.contrib.auth.decorators import login_required

from django_tables2 import RequestConfig

Expand All @@ -27,6 +28,7 @@

# Could be a duplicate of RunHistogramList...
# Just checking a few things
@login_required
def run_histograms_view(request):

error_message = None
Expand All @@ -43,6 +45,7 @@ def run_histograms_view(request):


# TODO refactor
@login_required
def run_histograms_plots_view(request):

error_message = None
Expand Down Expand Up @@ -92,6 +95,7 @@ def run_histograms_plots_view(request):
return render(request, "histograms/run_histograms_plots.html", context)


@login_required
def run_histogram_time_serie_view(request, histogram_name):

error_message = None
Expand Down Expand Up @@ -131,6 +135,7 @@ def run_histogram_time_serie_view(request, histogram_name):
return render(request, "histograms/run_histogram_time_serie.html", context)


@login_required
def altair_chart_view(request):

# chart = {}
Expand All @@ -153,6 +158,7 @@ def altair_chart_view(request):
return JsonResponse(chart_obj, safe=False)


@login_required
def RunHistogramList(request):
"""
View to list the filtered 1D histograms for Runs
Expand All @@ -169,6 +175,7 @@ def RunHistogramList(request):
return render(request, "histograms/listRunHistos1D.html", context)


@login_required
def LumisectionHistogram1DList(request):
"""
View to list the filtered 1D histograms for Lumisections
Expand All @@ -189,6 +196,7 @@ def LumisectionHistogram1DList(request):
return render(request, "histograms/listLumisectionHistos1D.html", context)


@login_required
def LumisectionHistogram2DList(request):
"""
View to list the filtered 2D histograms for Lumisections
Expand Down
1 change: 1 addition & 0 deletions mlp/settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@
"django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware",
"django.middleware.clickjacking.XFrameOptionsMiddleware",
"allauth.account.middleware.AccountMiddleware",
]

ROOT_URLCONF = "mlp.urls"
Expand Down
2 changes: 1 addition & 1 deletion visualize_histogram/urls.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,5 @@
path("", data_taking_objects.views.runs_view, name="visualize_histogram_dummy"),
path("<int:runnr>/", views.redirect_run, name="redirect_run"),
path("<int:runnr>/<int:lumisection>/", views.redirect_lumisection, name="redirect_lumisection"),
path("<int:runnr>/<int:lumisection>/<title>/", views.visualize_histogram, name="visualize_histogram"),
path("<int:runnr>/<int:lumisection>/<title_sanitised>/", views.visualize_histogram, name="visualize_histogram"),
]
15 changes: 9 additions & 6 deletions visualize_histogram/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,12 @@
import data_taking_objects.views

import numpy as np
from urllib.parse import quote, unquote

# Create your views here.

@login_required
def visualize_histogram(request, runnr, lumisection, title):
def visualize_histogram(request, runnr, lumisection, title_sanitised):
"""
View for histogram file manager. Lists all available datafiles and their
parsing status
Expand All @@ -25,29 +26,31 @@ def visualize_histogram(request, runnr, lumisection, title):
runnr = form.cleaned_data["runnr"]
lumisection = form.cleaned_data["lumisection"]
title = form.cleaned_data["title"]
title_sanitised = quote(title, safe='')
return redirect("visualize_histogram:visualize_histogram",
runnr=runnr,
lumisection=lumisection,
title=title
title_sanitised=title_sanitised
)
else:
form = QuickJumpForm(
initial = {
"runnr": runnr,
"lumisection": lumisection,
"title": title
"title": unquote(title_sanitised)
}
)
else:
form = QuickJumpForm(
initial = {
"runnr": runnr,
"lumisection": lumisection,
"title": title
"title": unquote(title_sanitised)
}
)

try:
title = unquote(title_sanitised)
target_lumi = Lumisection.objects.get(run_id = runnr, ls_number = lumisection)
lumi1d_searchresults = LumisectionHistogram1D.objects.filter(title=title, lumisection=target_lumi)
lumi2d_searchresults = LumisectionHistogram2D.objects.filter(title=title, lumisection=target_lumi)
Expand Down Expand Up @@ -108,11 +111,11 @@ def visualize_histogram_dummy(request):
if form.is_valid():
runnr = form.cleaned_data["runnr"]
lumisection = form.cleaned_data["lumisection"]
title = form.cleaned_data["title"]
title_sanitised = quote(form.cleaned_data["title"], safe='')
return redirect("visualize_histogram:visualize_histogram",
runnr=runnr,
lumisection=lumisection,
title=title
title_sanitised=title_sanitised
)
else: form = QuickJumpForm()
else:
Expand Down

0 comments on commit 9aa7f7d

Please sign in to comment.