diff --git a/rdmo/core/views.py b/rdmo/core/views.py index 3ec0ec2a47..d43b017a71 100644 --- a/rdmo/core/views.py +++ b/rdmo/core/views.py @@ -1,3 +1,4 @@ +import hashlib import logging from django.conf import settings @@ -83,6 +84,18 @@ def get(self, request, *args, **kwargs): return super().get(self, request, *args, **kwargs) +class StoreIdViewMixin(View): + + def render_to_response(self, context, **response_kwargs): + response = super().render_to_response(context, **response_kwargs) + response.set_cookie('storeid', self.get_store_id(), samesite='Lax') + return response + + def get_store_id(self): + session_key = self.request.session.session_key or 'anonymous' + return hashlib.sha256(session_key.encode()).hexdigest() + + class RedirectViewMixin(View): def post(self, request, *args, **kwargs): diff --git a/rdmo/management/views.py b/rdmo/management/views.py index c4bbd062a7..82a9bc1a28 100644 --- a/rdmo/management/views.py +++ b/rdmo/management/views.py @@ -1,4 +1,3 @@ -import hashlib import logging from django.contrib.auth.mixins import LoginRequiredMixin @@ -7,22 +6,15 @@ from rules import test_rule from rules.contrib.views import PermissionRequiredMixin as RulesPermissionRequiredMixin -from rdmo.core.views import CSRFViewMixin, PermissionRedirectMixin +from rdmo.core.views import CSRFViewMixin, PermissionRedirectMixin, StoreIdViewMixin logger = logging.getLogger(__name__) class ManagementView(LoginRequiredMixin, PermissionRedirectMixin, RulesPermissionRequiredMixin, - CSRFViewMixin, TemplateView): + CSRFViewMixin, StoreIdViewMixin, TemplateView): template_name = 'management/management.html' def has_permission(self): # Use test_rule from rules for permissions check return test_rule('management.can_view_management', self.request.user, self.request.site) - - def render_to_response(self, context, **response_kwargs): - storeid = hashlib.sha256(self.request.session.session_key.encode()).hexdigest() - - response = super().render_to_response(context, **response_kwargs) - response.set_cookie('storeid', storeid) - return response diff --git a/rdmo/projects/views/project.py b/rdmo/projects/views/project.py index 35402107e0..1485ac52c6 100644 --- a/rdmo/projects/views/project.py +++ b/rdmo/projects/views/project.py @@ -1,4 +1,3 @@ -import hashlib import logging from django.conf import settings @@ -15,7 +14,7 @@ from django.views.generic.edit import FormMixin from rdmo.core.plugins import get_plugin, get_plugins -from rdmo.core.views import CSRFViewMixin, ObjectPermissionMixin, RedirectViewMixin +from rdmo.core.views import CSRFViewMixin, ObjectPermissionMixin, RedirectViewMixin, StoreIdViewMixin from rdmo.questions.models import Catalog from rdmo.questions.utils import get_widgets from rdmo.tasks.models import Task @@ -26,18 +25,10 @@ logger = logging.getLogger(__name__) -class ProjectsView(LoginRequiredMixin, CSRFViewMixin, TemplateView): - template_name = 'projects/projects.html' - # def has_permission(self): - # # Use test_rule from rules for permissions check - # return test_rule('projects.can_view_all_projects', self.request.user, self.request.site) - def render_to_response(self, context, **response_kwargs): - storeid = hashlib.sha256(self.request.session.session_key.encode()).hexdigest() +class ProjectsView(LoginRequiredMixin, CSRFViewMixin, StoreIdViewMixin, TemplateView): + template_name = 'projects/projects.html' - response = super().render_to_response(context, **response_kwargs) - response.set_cookie('storeid', storeid) - return response class ProjectDetailView(ObjectPermissionMixin, DetailView): model = Project