From 1440c6fa0955e542ed2f27838be1f8378dc286a6 Mon Sep 17 00:00:00 2001 From: Etzelia Date: Tue, 16 Oct 2018 22:22:28 -0500 Subject: [PATCH] Added API filtering API filtering can be useful to only allow certain information to be gathered from the API rather than all data Implemented API filtering on IPs and changed internal IP filtering for security purposes --- api/views.py | 2 +- models.py | 34 +++++++++++++++------------------- views.py | 26 +++++++++----------------- 3 files changed, 25 insertions(+), 37 deletions(-) diff --git a/api/views.py b/api/views.py index a2fe855..7d60377 100644 --- a/api/views.py +++ b/api/views.py @@ -385,7 +385,7 @@ class ModelAPI(View): break if model: keywords = clean(model, get) - objects = model.objects.filter(**keywords).values() + objects = model.api.filter(**keywords).values() if getattr(model, 'api', False) else model.objects.filter(**keywords).values() json = [] for value in objects: try: diff --git a/models.py b/models.py index a3d72ae..aef5972 100644 --- a/models.py +++ b/models.py @@ -58,11 +58,6 @@ class UserSettings(models.Model): return self.auth_user.username -class UnansweredManager(models.Manager): - def get_queryset(self): - return super(UnansweredManager, self).get_queryset().filter(accepted=None) - - class Application(models.Model): username = models.CharField("Minecraft Username", max_length=20, unique=True) age = models.PositiveSmallIntegerField() @@ -74,7 +69,6 @@ class Application(models.Model): accepted = models.NullBooleanField() date = models.DateTimeField(auto_now_add=True, blank=True, null=True) objects = models.Manager() - unanswered = UnansweredManager() @property def status(self): @@ -185,16 +179,6 @@ class Player(models.Model): return self.username + " (" + self.uuid + ")" -class UnclaimedManager(models.Manager): - def get_queryset(self): - return super(UnclaimedManager, self).get_queryset().filter(staff=None, resolved=False) - - -class ClaimedManager(models.Manager): - def get_queryset(self): - return super(ClaimedManager, self).get_queryset().filter(staff__isnull=False, resolved=False) - - class Ticket(models.Model): PRIORITY = ( ('L', 'Low'), @@ -217,8 +201,6 @@ class Ticket(models.Model): z = models.CharField(max_length=20, blank=True, null=True) date = models.DateTimeField(auto_now_add=True, null=True, blank=True) objects = models.Manager() - unclaimed = UnclaimedManager() - claimed = ClaimedManager() @property def location(self): @@ -366,10 +348,24 @@ class Warning(models.Model): return "Warning for %s" % username +class IPManager(models.Manager): + def get_queryset(self): + users = User.objects.filter(is_active=True) + filtered = [] + for user in users: + if getattr(user, 'player', False): + ips = IP.objects.filter(player=user.player) + for ip in ips: + filtered.append(ip.ip) + return super(IPManager, self).get_queryset().exclude(ip__in=filtered) + + class IP(models.Model): player = models.ForeignKey(Player, on_delete=models.CASCADE) ip = models.CharField(max_length=30) last_used = models.DateField(null=True, blank=True) + objects = models.Manager() + api = IPManager() class Meta: verbose_name = "IP" @@ -384,7 +380,7 @@ class IP(models.Model): @property def associated(self): - ips = IP.objects.filter(ip=self.ip) + ips = IP.api.filter(ip=self.ip) players = [] for ip in ips: if self.player != ip.player: diff --git a/views.py b/views.py index f5a977a..d2769e9 100644 --- a/views.py +++ b/views.py @@ -33,11 +33,11 @@ class Overview(View): request.user.usersettings = UserSettingsModel(auth_user=request.user) request.user.usersettings.last_ip = user_ip request.user.usersettings.save() - unanswered_apps = AppModel.unanswered.count() + unanswered_apps = AppModel.objects.filter(accepted=None).count() accepted_apps = AppModel.objects.filter(accepted=True).count() denied_apps = AppModel.objects.filter(accepted=False).count() - unclaimed_tickets = TicketModel.unclaimed.count() - claimed_tickets = TicketModel.claimed.count() + unclaimed_tickets = TicketModel.objects.filter(staff=None, resolved=False).count() + claimed_tickets = TicketModel.objects.filter(staff__isnull=False, resolved=False).count() resolved_tickets = TicketModel.objects.filter(resolved=True).count() counts = {'applications': AppModel.objects.count(), 'players': PlayerModel.objects.count(), "ips": IPModel.objects.count(), "tickets": TicketModel.objects.count(), @@ -204,7 +204,7 @@ class PlayerInfo(View): def get(self, request, player_id): player = PlayerModel.objects.get(id=player_id) - ips = IPModel.objects.filter(player=player) + ips = IPModel.api.filter(player=player) tickets = TicketModel.objects.filter(player=player) warnings = WarningModel.objects.filter(player=player) form = {'ips': ips, 'tickets': tickets, 'warnings': warnings} @@ -219,17 +219,9 @@ class Ticket(View): def get(self, request): get = request.GET - if 'claimed' in get: - if get['claimed'].lower() == 'true': - tickets = TicketModel.claimed.all() - elif get['claimed'].lower() == 'false': - tickets = TicketModel.unclaimed.all() - else: - tickets = TicketModel.objects.filter(resolved=True) - else: - tickets1 = TicketModel.objects.filter(resolved=False).order_by('-id') - tickets2 = TicketModel.objects.filter(resolved=True).order_by('-id') - tickets = list(chain(tickets1, tickets2)) + tickets1 = TicketModel.objects.filter(resolved=False).order_by('-id') + tickets2 = TicketModel.objects.filter(resolved=True).order_by('-id') + tickets = list(chain(tickets1, tickets2)) return render(request, 'minecraft_manager/ticket.html', {'current_app': 'ticket', 'tickets': tickets}) @@ -379,8 +371,8 @@ class WarningAdd(View): class IP(View): def get(self, request, ip_id): - ip = IPModel.objects.get(id=ip_id) - ips = IPModel.objects.filter(ip=ip.ip) + ip = IPModel.api.get(id=ip_id) + ips = IPModel.api.filter(ip=ip.ip) return render(request, 'minecraft_manager/ip.html', {'ip': ip, 'ips': ips}) def post(self, request, ip_id):