From 2d73f541c0a4bd5c7d5e95459e1a07a25d6b21ed Mon Sep 17 00:00:00 2001 From: Ozzie Isaacs Date: Thu, 8 Apr 2021 19:37:08 +0200 Subject: [PATCH] Bugfix sort books list and user list Prevent transferring password hash to client --- cps/admin.py | 13 ++++++++++--- cps/config_sql.py | 2 +- cps/db.py | 4 ++-- cps/gdriveutils.py | 2 +- cps/static/js/table.js | 14 +++++++++----- cps/ub.py | 2 +- cps/web.py | 9 +++++---- 7 files changed, 29 insertions(+), 17 deletions(-) diff --git a/cps/admin.py b/cps/admin.py index 04ddbed1..4038977e 100644 --- a/cps/admin.py +++ b/cps/admin.py @@ -37,7 +37,7 @@ from flask_babel import gettext as _ from sqlalchemy import and_ from sqlalchemy.orm.attributes import flag_modified from sqlalchemy.exc import IntegrityError, OperationalError, InvalidRequestError -from sqlalchemy.sql.expression import func, or_ +from sqlalchemy.sql.expression import func, or_, text from . import constants, logger, helper, services from .cli import filepicker @@ -244,6 +244,13 @@ def list_users(): off = request.args.get("offset") or 0 limit = request.args.get("limit") or 10 search = request.args.get("search") + sort = request.args.get("sort") + order = request.args.get("order") + if sort and order: + order = text(sort + " " + order) + else: + order = ub.User.name.desc() + all_user = ub.session.query(ub.User) if not config.config_anonbrowse: all_user = all_user.filter(ub.User.role.op('&')(constants.ROLE_ANONYMOUS) != constants.ROLE_ANONYMOUS) @@ -252,10 +259,10 @@ def list_users(): users = all_user.filter(or_(func.lower(ub.User.name).ilike("%" + search + "%"), func.lower(ub.User.kindle_mail).ilike("%" + search + "%"), func.lower(ub.User.email).ilike("%" + search + "%")))\ - .offset(off).limit(limit).all() + .order_by(order).offset(off).limit(limit).all() filtered_count = len(users) else: - users = all_user.offset(off).limit(limit).all() + users = all_user.order_by(order).offset(off).limit(limit).all() filtered_count = total_count for user in users: diff --git a/cps/config_sql.py b/cps/config_sql.py index 2ab0e3d6..3e5e4c59 100644 --- a/cps/config_sql.py +++ b/cps/config_sql.py @@ -24,7 +24,7 @@ import sys from sqlalchemy import exc, Column, String, Integer, SmallInteger, Boolean, BLOB, JSON from sqlalchemy.exc import OperationalError try: - # Compability with sqlalchemy 2.0 + # Compatibility with sqlalchemy 2.0 from sqlalchemy.orm import declarative_base except ImportError: from sqlalchemy.ext.declarative import declarative_base diff --git a/cps/db.py b/cps/db.py index 5cb04ed3..b875ded7 100644 --- a/cps/db.py +++ b/cps/db.py @@ -33,7 +33,7 @@ from sqlalchemy.orm.collections import InstrumentedList from sqlalchemy.ext.declarative import DeclarativeMeta from sqlalchemy.exc import OperationalError try: - # Compability with sqlalchemy 2.0 + # Compatibility with sqlalchemy 2.0 from sqlalchemy.orm import declarative_base except ImportError: from sqlalchemy.ext.declarative import declarative_base @@ -393,7 +393,7 @@ class AlchemyEncoder(json.JSONEncoder): if isinstance(o.__class__, DeclarativeMeta): # an SQLAlchemy class fields = {} - for field in [x for x in dir(o) if not x.startswith('_') and x != 'metadata']: + for field in [x for x in dir(o) if not x.startswith('_') and x != 'metadata' and x!="password"]: if field == 'books': continue data = o.__getattribute__(field) diff --git a/cps/gdriveutils.py b/cps/gdriveutils.py index a98d0b66..4c262661 100644 --- a/cps/gdriveutils.py +++ b/cps/gdriveutils.py @@ -29,7 +29,7 @@ from sqlalchemy import Column, UniqueConstraint from sqlalchemy import String, Integer from sqlalchemy.orm import sessionmaker, scoped_session try: - # Compability with sqlalchemy 2.0 + # Compatibility with sqlalchemy 2.0 from sqlalchemy.orm import declarative_base except ImportError: from sqlalchemy.ext.declarative import declarative_base diff --git a/cps/static/js/table.js b/cps/static/js/table.js index b9e6a202..a0503976 100644 --- a/cps/static/js/table.js +++ b/cps/static/js/table.js @@ -460,8 +460,7 @@ $(function() { $("input[data-name='passwd_role'][data-pk='"+guest.data("pk")+"']").prop("disabled", true); $("input[data-name='edit_shelf_role'][data-pk='"+guest.data("pk")+"']").prop("disabled", true); $("input[data-name='sidebar_read_and_unread'][data-pk='"+guest.data("pk")+"']").prop("disabled", true); - // ToDo: Disable delete - + $(".user-remove[data-pk='"+guest.data("pk")+"']").prop("disabled", true); }, // eslint-disable-next-line no-unused-vars @@ -604,7 +603,7 @@ function EbookActions (value, row) { /* Function for deleting books */ function UserActions (value, row) { return [ - "
", + "
", "", "
" ].join(""); @@ -624,9 +623,9 @@ function singleUserFormatter(value, row) { function checkboxFormatter(value, row, index){ if(value & this.column) - return ''; + return ''; else - return ''; + return ''; } function checkboxChange(checkbox, userId, field, field_index) { @@ -733,6 +732,11 @@ function user_handle (userId) { }); } +function checkboxSorter(a, b, c, d) +{ + return a - b +} + function test(){ console.log("hello"); } diff --git a/cps/ub.py b/cps/ub.py index 6cbc0383..a85f7404 100644 --- a/cps/ub.py +++ b/cps/ub.py @@ -44,7 +44,7 @@ from sqlalchemy import String, Integer, SmallInteger, Boolean, DateTime, Float, from sqlalchemy.orm.attributes import flag_modified from sqlalchemy.sql.expression import func try: - # Compability with sqlalchemy 2.0 + # Compatibility with sqlalchemy 2.0 from sqlalchemy.orm import declarative_base except ImportError: from sqlalchemy.ext.declarative import declarative_base diff --git a/cps/web.py b/cps/web.py index e1acdcef..658ff735 100644 --- a/cps/web.py +++ b/cps/web.py @@ -755,11 +755,12 @@ def books_table(): def list_books(): off = request.args.get("offset") or 0 limit = request.args.get("limit") or config.config_books_per_page - # sort = request.args.get("sort") - if request.args.get("order") == 'desc': - order = [db.Books.timestamp.desc()] + sort = request.args.get("sort") + order = request.args.get("order") + if sort and order: + order = [text(sort + " " + order)] else: - order = [db.Books.timestamp.asc()] + order = [db.Books.timestamp.desc()] search = request.args.get("search") total_count = calibre_db.session.query(db.Books).count() if search: