mirror of
https://github.com/janeczku/calibre-web
synced 2024-12-25 17:40:31 +00:00
commit
23a8a4657d
21
cps/admin.py
21
cps/admin.py
@ -917,11 +917,15 @@ def list_restriction(res_type, user_id):
|
|||||||
|
|
||||||
@admi.route("/ajax/fullsync", methods=["POST"])
|
@admi.route("/ajax/fullsync", methods=["POST"])
|
||||||
@login_required
|
@login_required
|
||||||
def ajax_fullsync():
|
def ajax_self_fullsync():
|
||||||
count = ub.session.query(ub.KoboSyncedBooks).filter(current_user.id == ub.KoboSyncedBooks.user_id).delete()
|
return do_full_kobo_sync(current_user.id)
|
||||||
message = _("{} sync entries deleted").format(count)
|
|
||||||
ub.session_commit(message)
|
|
||||||
return Response(json.dumps([{"type": "success", "message": message}]), mimetype='application/json')
|
@admi.route("/ajax/fullsync/<int:userid>", methods=["POST"])
|
||||||
|
@login_required
|
||||||
|
@admin_required
|
||||||
|
def ajax_fullsync(userid):
|
||||||
|
return do_full_kobo_sync(userid)
|
||||||
|
|
||||||
|
|
||||||
@admi.route("/ajax/pathchooser/")
|
@admi.route("/ajax/pathchooser/")
|
||||||
@ -931,6 +935,13 @@ def ajax_pathchooser():
|
|||||||
return pathchooser()
|
return pathchooser()
|
||||||
|
|
||||||
|
|
||||||
|
def do_full_kobo_sync(userid):
|
||||||
|
count = ub.session.query(ub.KoboSyncedBooks).filter(userid == ub.KoboSyncedBooks.user_id).delete()
|
||||||
|
message = _("{} sync entries deleted").format(count)
|
||||||
|
ub.session_commit(message)
|
||||||
|
return Response(json.dumps([{"type": "success", "message": message}]), mimetype='application/json')
|
||||||
|
|
||||||
|
|
||||||
def check_valid_read_column(column):
|
def check_valid_read_column(column):
|
||||||
if column != "0":
|
if column != "0":
|
||||||
if not calibre_db.session.query(db.CustomColumns).filter(db.CustomColumns.id == column) \
|
if not calibre_db.session.query(db.CustomColumns).filter(db.CustomColumns.id == column) \
|
||||||
|
@ -621,8 +621,12 @@ $(function() {
|
|||||||
"btnfullsync",
|
"btnfullsync",
|
||||||
"GeneralDeleteModal",
|
"GeneralDeleteModal",
|
||||||
$(this).data('value'),
|
$(this).data('value'),
|
||||||
function(value){
|
function(userid) {
|
||||||
|
if (userid) {
|
||||||
|
path = getPath() + "/ajax/fullsync/" + userid
|
||||||
|
} else {
|
||||||
path = getPath() + "/ajax/fullsync"
|
path = getPath() + "/ajax/fullsync"
|
||||||
|
}
|
||||||
$.ajax({
|
$.ajax({
|
||||||
method:"post",
|
method:"post",
|
||||||
url: path,
|
url: path,
|
||||||
|
@ -67,7 +67,7 @@
|
|||||||
<div class="btn btn-danger" id="config_delete_kobo_token" data-value="{{ content.id }}" data-remote="false" {% if not content.remote_auth_token.first() %} style="display: none;" {% endif %}>{{_('Delete')}}</div>
|
<div class="btn btn-danger" id="config_delete_kobo_token" data-value="{{ content.id }}" data-remote="false" {% if not content.remote_auth_token.first() %} style="display: none;" {% endif %}>{{_('Delete')}}</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group col">
|
<div class="form-group col">
|
||||||
<div class="btn btn-default" id="kobo_full_sync" data-value="{{ content.id }}" {% if not content.remote_auth_token.first() %} style="display: none;" {% endif %}>{{_('Force full kobo sync')}}</div>
|
<div class="btn btn-default" id="kobo_full_sync" data-value="{% if current_user.role_admin() %}{{ content.id }}{% else %}0{% endif %}" {% if not content.remote_auth_token.first() %} style="display: none;" {% endif %}>{{_('Force full kobo sync')}}</div>
|
||||||
</div>
|
</div>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
<div class="col-sm-6">
|
<div class="col-sm-6">
|
||||||
|
10
cps/web.py
10
cps/web.py
@ -86,9 +86,13 @@ except ImportError:
|
|||||||
|
|
||||||
@app.after_request
|
@app.after_request
|
||||||
def add_security_headers(resp):
|
def add_security_headers(resp):
|
||||||
csp = "default-src 'self'"
|
default_src = ([host.strip() for host in config.config_trustedhosts.split(',') if host] +
|
||||||
csp += ''.join([' ' + host for host in config.config_trustedhosts.strip().split(',')])
|
["'self'", "'unsafe-inline'", "'unsafe-eval'"])
|
||||||
csp += " 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self'"
|
csp = "default-src " + ' '.join(default_src) + "; "
|
||||||
|
csp += "font-src 'self' data:"
|
||||||
|
if request.endpoint == "web.read_book":
|
||||||
|
csp += " blob:"
|
||||||
|
csp += "; img-src 'self'"
|
||||||
if request.path.startswith("/author/") and config.config_use_goodreads:
|
if request.path.startswith("/author/") and config.config_use_goodreads:
|
||||||
csp += " images.gr-assets.com i.gr-assets.com s.gr-assets.com"
|
csp += " images.gr-assets.com i.gr-assets.com s.gr-assets.com"
|
||||||
csp += " data:"
|
csp += " data:"
|
||||||
|
Loading…
Reference in New Issue
Block a user