From 24ccc9658d6bd7107056119ff71d049cecea0edb Mon Sep 17 00:00:00 2001
From: Magnus Hagander <magnus@hagander.net>
Date: Sat, 6 Oct 2018 12:57:58 +0200
Subject: [PATCH] Add protection against concurrent modification of wiki pages

Otherwise a second modification can overwrite the first one withuot
seeing it. We already have classes to handle it by storing a hash of the
data, but it was not enabled for the wikipage editing.
---
 postgresqleu/confwiki/forms.py             | 10 ++++++----
 template.jinja/confwiki/wikipage_edit.html |  4 +++-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/postgresqleu/confwiki/forms.py b/postgresqleu/confwiki/forms.py
index 550e445..fa36070 100644
--- a/postgresqleu/confwiki/forms.py
+++ b/postgresqleu/confwiki/forms.py
@@ -2,15 +2,17 @@ from django import forms
 from django.core.exceptions import ValidationError
 from django.db.models import Q
 
+from postgresqleu.util.forms import ConcurrentProtectedModelForm
+
 from postgresqleu.confreg.models import RegistrationType, ConferenceRegistration
 from models import Wikipage, Signup, AttendeeSignup
 
-class WikipageEditForm(forms.ModelForm):
+class WikipageEditForm(ConcurrentProtectedModelForm):
 	class Meta:
 		model = Wikipage
 		fields = ('contents',)
 
-class WikipageAdminEditForm(forms.ModelForm):
+class WikipageAdminEditForm(ConcurrentProtectedModelForm):
 	def __init__(self, *args, **kwargs):
 		super(WikipageAdminEditForm, self).__init__(*args, **kwargs)
 		self.fields['author'].queryset = ConferenceRegistration.objects.filter(conference=self.instance.conference)
@@ -71,7 +73,7 @@ class SignupSubmitForm(forms.Form):
 
 		return self.cleaned_data['choice']
 
-class SignupAdminEditForm(forms.ModelForm):
+class SignupAdminEditForm(ConcurrentProtectedModelForm):
 	def __init__(self, *args, **kwargs):
 		super(SignupAdminEditForm, self).__init__(*args, **kwargs)
 		self.fields['author'].queryset = ConferenceRegistration.objects.filter(conference=self.instance.conference)
@@ -84,7 +86,7 @@ class SignupAdminEditForm(forms.ModelForm):
 		model = Signup
 		exclude = ['conference', ]
 
-class SignupAdminEditSignupForm(forms.ModelForm):
+class SignupAdminEditSignupForm(ConcurrentProtectedModelForm):
 	choice = forms.ChoiceField(required=True)
 	class Meta:
 		model = AttendeeSignup
diff --git a/template.jinja/confwiki/wikipage_edit.html b/template.jinja/confwiki/wikipage_edit.html
index 2a17802..5569c31 100644
--- a/template.jinja/confwiki/wikipage_edit.html
+++ b/template.jinja/confwiki/wikipage_edit.html
@@ -26,9 +26,11 @@ table.pageform textarea {
 <a href="../"><h2>{{page.title}}</h2></a>
 
 <form method="post" action=".">{{ csrf_input }}
+{{form._validator}}
 <table class="pageform">
-<tr>
+<tr{%if form.non_field_errors()%} class="error"{%endif%}>
   <td>
+{%if form.non_field_errors()%}{{form.non_field_errors()}}{%endif%}
     {{form.contents}}
   </td>
 </tr>
-- 
2.39.5