Commit 857aa8f7 authored by BAIRE Anthony's avatar BAIRE Anthony
Browse files

remove calls to QuerySet.create()

(because it bypasses the integrity checks performed by our
 BaseModel.save)

fix #309
fix #345
parent 3412252f
......@@ -70,16 +70,19 @@ def jobs(request):
return JsonResponse({'error': 'Unknown queue'}, status=400)
log.info("Job submit by user %s", user)
job = Job.objects.create(param=request.POST.get('job[param]', ''), queue=queue, webapp=app, user=user)
job = Job(param=request.POST.get('job[param]', ''), queue=queue, webapp=app, user=user)
job.version = app.get_webapp_version().number # TODO: add version selection in the api
upload_data(request.FILES.values(), job)
# run the Job validators
try:
job.full_clean()
job.save()
except ValidationError as e:
return JsonResponse({'error': "Invalid parameters: %s" % e.error_dict}, status=400)
# FIXME: possible infoleak: because we have ATOMIC_REQUESTS=True the
# current id can be reused for another job in case anything fails before
# the end of the request
upload_data(request.FILES.values(), job)
# start the job
job.state = Job.WAITING
job.save()
......
......@@ -657,7 +657,7 @@ class UserAgreement(BaseModel):
@receiver(post_save, sender=User)
def create_user_profile(sender, instance, created, **kwargs):
if created:
AllgoUser.objects.create(user=instance)
AllgoUser(user=instance).save()
@receiver(post_save, sender=User)
......
......@@ -34,6 +34,7 @@ from django.contrib.auth.models import User
from django.contrib.contenttypes.models import ContentType
from django.contrib.messages.views import SuccessMessageMixin
from django.core.exceptions import ObjectDoesNotExist
from django.core.validators import ValidationError
from django.core.urlresolvers import reverse
from django.db import transaction
from django.db.models import Count
......@@ -328,7 +329,7 @@ class WebappCreate(ProviderAccessMixin, SuccessMessageMixin, CreateView):
obj.save()
# set up the docker container for the app
Quota.objects.create(user=self.request.user, webapp=obj)
Quota(user=self.request.user, webapp=obj).save()
# pass on the webapp data to get_successful_url to redirect with the
# correct arguments (for instance the docker_name)
self.webapp = obj
......@@ -465,9 +466,9 @@ class WebappImport(ProviderAccessMixin, SuccessMessageMixin, FormView):
for param in js["parameters"]:
if (param["value"], param["name"], param["detail"]) != (
None, None, None):
WebappParameter.objects.create(webapp=webapp,
WebappParameter(webapp=webapp,
name=param["name"], value=param["value"],
detail=param["detail"])
detail=param["detail"]).save()
self.object = webapp
return super().form_valid(form)
......@@ -686,17 +687,25 @@ class WebappSandboxPanel(UserAccessMixin, TemplateView):
" 'replace version' instead)" % number)
return HttpResponseRedirect(request.path_info)
WebappVersion.objects.create(
webapp=webapp,
number=number,
state=WebappVersion.SANDBOX,
published=True,
description=request.POST["description"],
**extra)
stop_sandbox()
try:
version = WebappVersion(
webapp=webapp,
number=number,
state=WebappVersion.SANDBOX,
published=True,
description=request.POST["description"],
**extra)
version.save()
except ValidationError as e:
if tuple(e.error_dict) != ("number",):
raise
messages.error(request,
"invalid version number (must be a valid docker tag)")
else:
stop_sandbox()
messages.success(request, "committing sandbox %r version %r"
% (webapp.name, number))
messages.success(request, "committing sandbox %r version %r"
% (webapp.name, number))
elif action == "rollback":
if webapp.sandbox_state == Webapp.RUNNING:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment