mirror of
https://github.com/janeczku/calibre-web
synced 2024-12-24 17:10:31 +00:00
commit
23a8a4657d
21
cps/admin.py
21
cps/admin.py
@ -917,11 +917,15 @@ def list_restriction(res_type, user_id):
|
||||
|
||||
@admi.route("/ajax/fullsync", methods=["POST"])
|
||||
@login_required
|
||||
def ajax_fullsync():
|
||||
count = ub.session.query(ub.KoboSyncedBooks).filter(current_user.id == ub.KoboSyncedBooks.user_id).delete()
|
||||
message = _("{} sync entries deleted").format(count)
|
||||
ub.session_commit(message)
|
||||
return Response(json.dumps([{"type": "success", "message": message}]), mimetype='application/json')
|
||||
def ajax_self_fullsync():
|
||||
return do_full_kobo_sync(current_user.id)
|
||||
|
||||
|
||||
@admi.route("/ajax/fullsync/<int:userid>", methods=["POST"])
|
||||
@login_required
|
||||
@admin_required
|
||||
def ajax_fullsync(userid):
|
||||
return do_full_kobo_sync(userid)
|
||||
|
||||
|
||||
@admi.route("/ajax/pathchooser/")
|
||||
@ -931,6 +935,13 @@ def ajax_pathchooser():
|
||||
return pathchooser()
|
||||
|
||||
|
||||
def do_full_kobo_sync(userid):
|
||||
count = ub.session.query(ub.KoboSyncedBooks).filter(userid == ub.KoboSyncedBooks.user_id).delete()
|
||||
message = _("{} sync entries deleted").format(count)
|
||||
ub.session_commit(message)
|
||||
return Response(json.dumps([{"type": "success", "message": message}]), mimetype='application/json')
|
||||
|
||||
|
||||
def check_valid_read_column(column):
|
||||
if column != "0":
|
||||
if not calibre_db.session.query(db.CustomColumns).filter(db.CustomColumns.id == column) \
|
||||
|
@ -621,8 +621,12 @@ $(function() {
|
||||
"btnfullsync",
|
||||
"GeneralDeleteModal",
|
||||
$(this).data('value'),
|
||||
function(value){
|
||||
path = getPath() + "/ajax/fullsync"
|
||||
function(userid) {
|
||||
if (userid) {
|
||||
path = getPath() + "/ajax/fullsync/" + userid
|
||||
} else {
|
||||
path = getPath() + "/ajax/fullsync"
|
||||
}
|
||||
$.ajax({
|
||||
method:"post",
|
||||
url: path,
|
||||
|
@ -67,7 +67,7 @@
|
||||
<div class="btn btn-danger" id="config_delete_kobo_token" data-value="{{ content.id }}" data-remote="false" {% if not content.remote_auth_token.first() %} style="display: none;" {% endif %}>{{_('Delete')}}</div>
|
||||
</div>
|
||||
<div class="form-group col">
|
||||
<div class="btn btn-default" id="kobo_full_sync" data-value="{{ content.id }}" {% if not content.remote_auth_token.first() %} style="display: none;" {% endif %}>{{_('Force full kobo sync')}}</div>
|
||||
<div class="btn btn-default" id="kobo_full_sync" data-value="{% if current_user.role_admin() %}{{ content.id }}{% else %}0{% endif %}" {% if not content.remote_auth_token.first() %} style="display: none;" {% endif %}>{{_('Force full kobo sync')}}</div>
|
||||
</div>
|
||||
{% endif %}
|
||||
<div class="col-sm-6">
|
||||
|
10
cps/web.py
10
cps/web.py
@ -86,9 +86,13 @@ except ImportError:
|
||||
|
||||
@app.after_request
|
||||
def add_security_headers(resp):
|
||||
csp = "default-src 'self'"
|
||||
csp += ''.join([' ' + host for host in config.config_trustedhosts.strip().split(',')])
|
||||
csp += " 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self'"
|
||||
default_src = ([host.strip() for host in config.config_trustedhosts.split(',') if host] +
|
||||
["'self'", "'unsafe-inline'", "'unsafe-eval'"])
|
||||
csp = "default-src " + ' '.join(default_src) + "; "
|
||||
csp += "font-src 'self' data:"
|
||||
if request.endpoint == "web.read_book":
|
||||
csp += " blob:"
|
||||
csp += "; img-src 'self'"
|
||||
if request.path.startswith("/author/") and config.config_use_goodreads:
|
||||
csp += " images.gr-assets.com i.gr-assets.com s.gr-assets.com"
|
||||
csp += " data:"
|
||||
|
Loading…
Reference in New Issue
Block a user