feat: Enhance security by adding @login_required to multiple views and replacing print statements with logger.debug

Co-authored-by: Copilot <copilot@github.com>
This commit is contained in:
Ross
2026-04-30 21:35:08 +01:00
parent 5d37cad48d
commit 2aff9516ac
13 changed files with 389 additions and 113 deletions
+13 -8
View File
@@ -1,6 +1,7 @@
import json
from django.shortcuts import render, get_object_or_404, redirect
from django import forms
from loguru import logger
# from django.contrib.auth.models import User
from django.contrib.auth.decorators import login_required, user_passes_test
@@ -434,8 +435,7 @@ class LongCreateBase(RevisionMixin, LoginRequiredMixin, CreateView):
.prefetch_related("long")
.filter(pk=62)
) # .values()
print("TEST")
print(queryset)
logger.debug("LongCreateBase context: queryset count={}", queryset.count())
# queryset = LongSeries.objects.all()
if self.request.POST:
context["series_formset"] = SeriesFormSet(
@@ -552,7 +552,7 @@ class LongUpdate(
# restore exam orders
for exam in self.object.exams.all():
if exam in exam_orders and self.object in exam_orders[exam]:
print(exam_orders[exam])
logger.debug("Restoring exam order for exam={}", exam)
exam.exam_questions.set(exam_orders[exam])
exam.save()
@@ -614,10 +614,16 @@ def create_examination(request):
)
@csrf_exempt
@login_required
def get_examination_id(request):
if request.accepts("application/json")():
examination_name = request.GET["examination_name"]
"""Return the primary key for an Examination looked up by name (admin popup helper).
Scope: authenticated users only.
Functionality: looks up an Examination by exact name and returns its ID as JSON;
used by inline admin form popups.
"""
if request.accepts("application/json"):
examination_name = request.GET.get("examination_name", "")
examination_id = Examination.objects.get(name=examination_name).id
data = {
"examination_id": examination_id,
@@ -1001,9 +1007,8 @@ class ExamGroupsUpdate(ExamGroupsUpdateBase):
def question_json_unbased(request, pk):
"""
No (file based) caching is enabled for unbased quesitons
No (file based) caching is enabled for unbased questions.
"""
print("UNBASED")
question = get_object_or_404(Long, pk=pk)
question_json = question.get_question_json(based=False)