feat: Enhance security by adding @login_required to multiple views and replacing print statements with logger.debug
Co-authored-by: Copilot <copilot@github.com>
This commit is contained in:
+27
-9
@@ -477,10 +477,16 @@ def create_abnormality(request):
|
||||
)
|
||||
|
||||
|
||||
@csrf_exempt
|
||||
@login_required
|
||||
def get_abnormality_id(request):
|
||||
if request.accepts("application/json")():
|
||||
abnormality_name = request.GET["abnormality_name"]
|
||||
"""Return the primary key for an Abnormality looked up by name (admin popup helper).
|
||||
|
||||
Scope: authenticated users only.
|
||||
Functionality: looks up an Abnormality by exact name and returns its ID as JSON;
|
||||
used by inline admin form popups.
|
||||
"""
|
||||
if request.accepts("application/json"):
|
||||
abnormality_name = request.GET.get("abnormality_name", "")
|
||||
abnormality_id = Abnormality.objects.get(name=abnormality_name).id
|
||||
data = {
|
||||
"abnormality_id": abnormality_id,
|
||||
@@ -503,10 +509,16 @@ def create_examination(request):
|
||||
)
|
||||
|
||||
|
||||
@csrf_exempt
|
||||
@login_required
|
||||
def get_examination_id(request):
|
||||
if request.accepts("application/json")():
|
||||
examination_name = request.GET["examination_name"]
|
||||
"""Return the primary key for an Examination looked up by name (admin popup helper).
|
||||
|
||||
Scope: authenticated users only.
|
||||
Functionality: looks up an Examination by exact name and returns its ID as JSON;
|
||||
used by inline admin form popups.
|
||||
"""
|
||||
if request.accepts("application/json"):
|
||||
examination_name = request.GET.get("examination_name", "")
|
||||
examination_id = Examination.objects.get(name=examination_name).id
|
||||
data = {
|
||||
"examination_id": examination_id,
|
||||
@@ -529,10 +541,16 @@ def create_region(request):
|
||||
)
|
||||
|
||||
|
||||
@csrf_exempt
|
||||
@login_required
|
||||
def get_region_id(request):
|
||||
if request.accepts("application/json")():
|
||||
region_name = request.GET["region_name"]
|
||||
"""Return the primary key for a Region looked up by name (admin popup helper).
|
||||
|
||||
Scope: authenticated users only.
|
||||
Functionality: looks up a Region by exact name and returns its ID as JSON;
|
||||
used by inline admin form popups.
|
||||
"""
|
||||
if request.accepts("application/json"):
|
||||
region_name = request.GET.get("region_name", "")
|
||||
region_id = Region.objects.get(name=region_name).id
|
||||
data = {
|
||||
"region_id": region_id,
|
||||
|
||||
Reference in New Issue
Block a user