diff options
| author | Magnus Hagander | 2017-01-11 12:03:52 +0000 |
|---|---|---|
| committer | Magnus Hagander | 2017-01-20 19:57:36 +0000 |
| commit | 742d65e5f348d2c45917333317a62645b462517c (patch) | |
| tree | ddb1a9b6fe2ac7423f7fb87af88691803a405ae3 /postgresqleu/confwiki/models.py | |
| parent | 02738d0bda1d2cb9d8415bda2c308cc5b8256132 (diff) | |
Implement jinja2 based templating for confreg
This implements the ability to render confreg templates (registration,
cfp, schedules etc etc) using jinja2 instead of django templates. The
important difference is that these templates are rendered in a complete
sandbox, so they cannot reach into other parts of the system by
exploiting connected objects or by including templates they are not
supposed to.
Jinja templates are used whenever the "jinjadir" variable is set on a
conference. When it is, the variables for basetemplate, templatemodule,
templateoverride and templatemediabase are all ignored, as their
functionality is either no longer needed or implemented in a different
way using the templates.
For the time being we support both the old (django based) templates and
the new (jinja based) templates. That means that any changes made to the
confreg templates must be done twice. At some point not too far in the
future we should decide to either desupport old conferences that have
the old style templates, or re-render those as static. (For closed
conferences most pages aren't reachable anyway, but things like
schedule and session descriptions are reachable way past the end of
a conference)
Along with the templates come a new command called "deploystatic.py",
which runs outside the django environment. This command can be used for
deployment of static sites based on the jinja templates, similar to how
some conference sites have done it before. Since the templates run in a
sandbox, this should be much more safe than what's been done before, and
therefor access can be granted to more people. This command is made to
run standalone so conference template developers can run it locally
without having to install full support for django.
Diffstat (limited to 'postgresqleu/confwiki/models.py')
| -rw-r--r-- | postgresqleu/confwiki/models.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/postgresqleu/confwiki/models.py b/postgresqleu/confwiki/models.py index a35e0e27..b14734b0 100644 --- a/postgresqleu/confwiki/models.py +++ b/postgresqleu/confwiki/models.py @@ -35,6 +35,7 @@ class Wikipage(models.Model, DiffableModel): viewer_attendee = models.ManyToManyField(ConferenceRegistration, blank=True, related_name='viewer_attendees', verbose_name="Viewer attendees") editor_attendee = models.ManyToManyField(ConferenceRegistration, blank=True, related_name='editor_attendees', verbose_name="Editor attendees") + _unsafe_attributes = ('viewer_regtype', 'editor_regtype', 'viewer_attendee', 'editor_attendee') class Meta: unique_together = [ ('conference', 'url', ) @@ -75,6 +76,8 @@ class WikipageHistory(models.Model): publishedat = models.DateTimeField(null=False, blank=False) contents = models.TextField(null=False, blank=False) + _safe_attributes = ('id', 'author', 'page', 'publishedat', 'contents', ) + class Meta: ordering = ('-publishedat',) unique_together = ( |