dashboard: move tx-confirm token to path parameter

e97539b6 · Őry Máté · 7e6025d5 · e97539b6 · e97539b6
Commit e97539b6 authored Mar 01, 2014 by Őry Máté
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 16 deletions

circle/dashboard/urls.py
+1 -1

circle/dashboard/views.py
+8 -15

No files found.
--- a/circle/dashboard/urls.py
+++ b/circle/dashboard/urls.py
@@ -57,7 +57,7 @@ urlpatterns = patterns(
    url(r'^node/list/$', NodeList.as_view(), name='dashboard.views.node-list'),
    url(r'^node/(?P<pk>\d+)/$', NodeDetailView.as_view(),
        name='dashboard.views.node-detail'),
-    url(r'^tx/$', TransferOwnershipConfirmView.as_view(),
+    url(r'^tx/(?P<key>.*)/?$', TransferOwnershipConfirmView.as_view(),
        name='dashboard.views.vm-transfer-ownership-confirm'),
    url(r'^node/delete/(?P<pk>\d+)/$', NodeDelete.as_view(),
        name="dashboard.views.delete-node"),

--- a/circle/dashboard/views.py
+++ b/circle/dashboard/views.py
@@ -1507,23 +1507,22 @@ class TransferOwnershipView(LoginRequiredMixin, DetailView):


 class TransferOwnershipConfirmView(LoginRequiredMixin, View):
+    """User can accept an ownership offer."""
+
    max_age = 3 * 24 * 3600
-    success_message = _("Ownership successfully transferred.")
+    success_message = _("Ownership successfully transferred to you.")

    @classmethod
    def get_salt(cls):
        return unicode(cls)

-    def get(self, request, *args, **kwargs):
+    def get(self, request, key, *args, **kwargs):
        """Confirm ownership transfer based on token.
        """
+        logger.debug('Confirm dialog for token %s.', key)
        try:
-            key = request.GET['key']
-            logger.debug('Confirm dialog for token %s.', key)
            instance, new_owner = self.get_instance(key, request.user)
-        except KeyError:
-            raise Http404()
-        except PermissionDenied():
+        except PermissionDenied:
            messages.error(request, _('This token is for an other user.'))
            raise
        except SuspiciousOperation:
@@ -1533,16 +1532,10 @@ class TransferOwnershipConfirmView(LoginRequiredMixin, View):
                      "dashboard/confirm/base-transfer-ownership.html",
                      dictionary={'instance': instance, 'key': key})

-    def post(self, request, *args, **kwargs):
+    def post(self, request, key, *args, **kwargs):
        """Really transfer ownership based on token.
        """
-        try:
-            key = request.POST['key']
-            instance, owner = self.get_instance(key, request.user)
-        except KeyError:
-            logger.debug('Posted to %s without key field.',
-                         unicode(self.__class__))
-            raise SuspiciousOperation()
+        instance, owner = self.get_instance(key, request.user)

        old = instance.owner
        with instance_activity(code_suffix='ownership-transferred',